session/tcp: filtering improvements - make allow action explicit (-3) - add session lookup is_filtered return flag that is set if lookup hit a deny filter - change tcp logic to drop filtered packets when punting is enabled Change-Id: Ic38f294424663a4e108439b7571511f46f8e0be1 Signed-off-by: Florin Coras <fcoras@cisco.com>

commit: dff48db0782444125f68cab14d91e7bb4109286a [log] [tgz]
author: Florin Coras <fcoras@cisco.com> Sun Nov 19 18:06:58 2017 -0800
committer: Dave Wallace <dwallacelf@gmail.com> Mon Nov 20 16:15:34 2017 +0000
tree: 1c30045b625d7161a53512395b591f98d3196854
parent: 45b485099d8bdf5985e9869bc8221852073f9369 [diff] [blame]
diff --git a/src/vnet/session/session_lookup.h b/src/vnet/session/session_lookup.h
index 00ef19f..1bdf6d1 100644
--- a/src/vnet/session/session_lookup.h
+++ b/src/vnet/session/session_lookup.h

@@ -32,7 +32,8 @@
 						       ip4_address_t * rmt,
 						       u16 lcl_port,
 						       u16 rmt_port, u8 proto,
-						       u32 thread_index);
+						       u32 thread_index,
+						       u8 * is_filtered);
 transport_connection_t *session_lookup_connection4 (u32 fib_index,
 						    ip4_address_t * lcl,
 						    ip4_address_t * rmt,
@@ -43,7 +44,8 @@
 						       ip6_address_t * rmt,
 						       u16 lcl_port,
 						       u16 rmt_port, u8 proto,
-						       u32 thread_index);
+						       u32 thread_index,
+						       u8 * is_filtered);
 transport_connection_t *session_lookup_connection6 (u32 fib_index,
 						    ip6_address_t * lcl,
 						    ip6_address_t * rmt,
commit	dff48db0782444125f68cab14d91e7bb4109286a	[log] [tgz]
author	Florin Coras <fcoras@cisco.com>	Sun Nov 19 18:06:58 2017 -0800
committer	Dave Wallace <dwallacelf@gmail.com>	Mon Nov 20 16:15:34 2017 +0000
tree	1c30045b625d7161a53512395b591f98d3196854
parent	45b485099d8bdf5985e9869bc8221852073f9369 [diff] [blame]