- struct pipeline_acl *p_acl = arg;
-
- p_acl->counters->pkts_received =
- p_acl->counters->pkts_received + n_pkts;
- if (ACL_DEBUG)
- printf("pkt_work_acl_key pkts_received: %" PRIu64
- " n_pkts: %u\n", p_acl->counters->pkts_received, n_pkts);
-
- uint64_t lookup_hit_mask = 0;
- uint64_t lookup_hit_mask_ipv4 = 0;
- uint64_t lookup_hit_mask_ipv6 = 0;
- uint64_t lookup_miss_mask = 0;
- uint64_t conntrack_mask = 0;
- uint64_t connexist_mask = 0;
- uint32_t dest_address = 0;
- arp_pkts_mask = 0;
- int dest_if = 0;
- int status;
- uint64_t pkts_drop_mask, pkts_mask = RTE_LEN2MASK(n_pkts, uint64_t);
- uint64_t keep_mask = pkts_mask;
- uint16_t port;
- uint32_t ret;
-
- p_acl->in_port_time_stamp = rte_get_tsc_cycles();
-
- if (acl_ipv4_enabled) {
- if (ACL_DEBUG)
- printf("ACL IPV4 Lookup Mask Before = %p\n",
- (void *)pkts_mask);
- status =
- rte_table_acl_ops.f_lookup(acl_rule_table_ipv4_active, pkts,
- pkts_mask, &lookup_hit_mask_ipv4,
- (void **)
- p_acl->acl_entries_ipv4);
- if (ACL_DEBUG)
- printf("ACL IPV4 Lookup Mask After = %p\n",
- (void *)lookup_hit_mask_ipv4);
- }
-
- if (acl_ipv6_enabled) {
- if (ACL_DEBUG)
- printf("ACL IPV6 Lookup Mask Before = %p\n",
- (void *)pkts_mask);
- status =
- rte_table_acl_ops.f_lookup(acl_rule_table_ipv6_active, pkts,
- pkts_mask, &lookup_hit_mask_ipv6,
- (void **)
- p_acl->acl_entries_ipv6);
- if (ACL_DEBUG)
- printf("ACL IPV6 Lookup Mask After = %p\n",
- (void *)lookup_hit_mask_ipv6);
- }
-
- /* Merge lookup results since we process both IPv4 and IPv6 below */
- lookup_hit_mask = lookup_hit_mask_ipv4 | lookup_hit_mask_ipv6;
- if (ACL_DEBUG)
- printf("ACL Lookup Mask After = %p\n", (void *)lookup_hit_mask);
-
- lookup_miss_mask = pkts_mask & (~lookup_hit_mask);
- pkts_mask = lookup_hit_mask;
- p_acl->counters->pkts_drop += __builtin_popcountll(lookup_miss_mask);
- if (ACL_DEBUG)
- printf("pkt_work_acl_key pkts_drop: %" PRIu64 " n_pkts: %u\n",
- p_acl->counters->pkts_drop,
- __builtin_popcountll(lookup_miss_mask));
-
- uint64_t pkts_to_process = lookup_hit_mask;
- /* bitmap of packets left to process for ARP */
-
- for (; pkts_to_process;) {
- uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_process);
- uint64_t pkt_mask = 1LLU << pos;
- /* bitmask representing only this packet */
-
- pkts_to_process &= ~pkt_mask;
- /* remove this packet from remaining list */
- struct rte_mbuf *pkt = pkts[pos];
-
- if (enable_hwlb)
- if (!check_arp_icmp(pkt, pkt_mask, p_acl)) {
- pkts_mask &= ~(1LLU << pos);
- continue;
- }
-
- uint8_t hdr_chk =
- RTE_MBUF_METADATA_UINT8(pkt, MBUF_HDR_ROOM + ETH_HDR_SIZE);
- hdr_chk = hdr_chk >> IP_VERSION_CHECK;
-
- if (hdr_chk == IPv4_HDR_VERSION) {
-
- struct acl_table_entry *entry =
- (struct acl_table_entry *)
- p_acl->acl_entries_ipv4[pos];
- uint16_t phy_port = entry->head.port_id;
- uint32_t action_id = entry->action_id;
-
- if (ACL_DEBUG)
- printf("action_id = %u\n", action_id);
-
- uint32_t dscp_offset =
- MBUF_HDR_ROOM + ETH_HDR_SIZE + IP_HDR_DSCP_OFST;
-
- if (action_array_active[action_id].action_bitmap &
- acl_action_count) {
- action_counter_table
- [p_acl->action_counter_index]
- [action_id].packetCount++;
- action_counter_table
- [p_acl->action_counter_index]
- [action_id].byteCount +=
- rte_pktmbuf_pkt_len(pkt);
- if (ACL_DEBUG)
- printf("Action Count Packet Count: %"
- PRIu64 " Byte Count: %" PRIu64
- "\n",
- action_counter_table
- [p_acl->action_counter_index]
- [action_id].packetCount,
- action_counter_table
- [p_acl->action_counter_index]
- [action_id].byteCount);
- }
-
- if (action_array_active[action_id].action_bitmap &
- acl_action_packet_drop) {
-
- /* Drop packet by changing the mask */
- if (ACL_DEBUG)
- printf("ACL before drop pkt_mask "
- " %lu, pkt_num %d\n",
- pkts_mask, pos);
- pkts_mask &= ~(1LLU << pos);
- if (ACL_DEBUG)
- printf("ACL after drop pkt_mask "
- "%lu, pkt_num %d\n",
- pkts_mask, pos);
- p_acl->counters->pkts_drop++;
- }
-
- if (action_array_active[action_id].action_bitmap &
- acl_action_fwd) {
- phy_port =
- action_array_active[action_id].fwd_port;
- entry->head.port_id = phy_port;
- if (ACL_DEBUG)
- printf("Action FWD Port ID: %u\n",
- phy_port);
- }
-
- if (action_array_active[action_id].action_bitmap &
- acl_action_nat) {
- phy_port =
- action_array_active[action_id].nat_port;
- entry->head.port_id = phy_port;
- if (ACL_DEBUG)
- printf("Action NAT Port ID: %u\n",
- phy_port);
- }
-
- if (action_array_active[action_id].action_bitmap &
- acl_action_dscp) {
-
- /* Set DSCP priority */
- uint8_t *dscp = RTE_MBUF_METADATA_UINT8_PTR(pkt,
- dscp_offset);
- *dscp =
- action_array_active[action_id].dscp_priority
- << 2;
- if (ACL_DEBUG)
- printf
- ("Action DSCP DSCP Priority: %u\n",
- *dscp);
- }
-
- if (action_array_active[action_id].action_bitmap &
- acl_action_packet_accept) {
- if (ACL_DEBUG)
- printf("Action Accept\n");
-
- if (action_array_active[action_id].action_bitmap
- & acl_action_conntrack) {
-
- /* Set conntrack bit for this pkt */
- conntrack_mask |= pkt_mask;
- if (ACL_DEBUG)
- printf("ACL Conntrack enabled: "
- "%p pkt_mask: %p\n",
- (void *)conntrack_mask,
- (void *)pkt_mask);
- }
-
- if (action_array_active[action_id].action_bitmap
- & acl_action_connexist) {
-
- /* Set conntrack bit for this pkt */
- conntrack_mask |= pkt_mask;
-
- /* Set connexist bit for this pkt for public -> private */
- /* Private -> public packet will open the connection */
- if (action_array_active
- [action_id].private_public ==
- acl_public_private)
- connexist_mask |= pkt_mask;
-
- if (ACL_DEBUG)
- printf("ACL Connexist enabled "
- "conntrack: %p connexist: %p pkt_mask: %p\n",
- (void *)conntrack_mask,
- (void *)connexist_mask,
- (void *)pkt_mask);
- }
- }
- }
-
- if (hdr_chk == IPv6_HDR_VERSION) {
-
- struct acl_table_entry *entry =
- (struct acl_table_entry *)
- p_acl->acl_entries_ipv6[pos];
- uint16_t phy_port = entry->head.port_id;
- uint32_t action_id = entry->action_id;
-
- if (ACL_DEBUG)
- printf("action_id = %u\n", action_id);
-
- if (action_array_active[action_id].action_bitmap &
- acl_action_count) {
- action_counter_table
- [p_acl->action_counter_index]
- [action_id].packetCount++;
- action_counter_table
- [p_acl->action_counter_index]
- [action_id].byteCount +=
- rte_pktmbuf_pkt_len(pkt);
- if (ACL_DEBUG)
- printf("Action Count Packet Count: %"
- PRIu64 " Byte Count: %" PRIu64
- "\n",
- action_counter_table
- [p_acl->action_counter_index]
- [action_id].packetCount,
- action_counter_table
- [p_acl->action_counter_index]
- [action_id].byteCount);
- }
-
- if (action_array_active[action_id].action_bitmap &
- acl_action_packet_drop) {
- /* Drop packet by changing the mask */
- if (ACL_DEBUG)
- printf("ACL before drop pkt_mask "
- "%lu, pkt_num %d\n",
- pkts_mask, pos);
- pkts_mask &= ~(1LLU << pos);
- if (ACL_DEBUG)
- printf("ACL after drop pkt_mask "
- "%lu, pkt_num %d\n",
- pkts_mask, pos);
- p_acl->counters->pkts_drop++;
-
- }
-
- if (action_array_active[action_id].action_bitmap &
- acl_action_fwd) {
- phy_port =
- action_array_active[action_id].fwd_port;
- entry->head.port_id = phy_port;
- if (ACL_DEBUG)
- printf("Action FWD Port ID: %u\n",
- phy_port);
- }
-
- if (action_array_active[action_id].action_bitmap &
- acl_action_nat) {
- phy_port =
- action_array_active[action_id].nat_port;
- entry->head.port_id = phy_port;
- if (ACL_DEBUG)
- printf("Action NAT Port ID: %u\n",
- phy_port);
- }
-
- if (action_array_active[action_id].action_bitmap &
- acl_action_dscp) {
-
- /* Set DSCP priority */
- uint32_t dscp_offset =
- MBUF_HDR_ROOM + ETH_HDR_SIZE +
- IP_HDR_DSCP_OFST_IPV6;
- uint16_t *dscp =
- RTE_MBUF_METADATA_UINT16_PTR(pkt,
- dscp_offset);
- uint16_t dscp_value =
- (rte_bswap16
- (RTE_MBUF_METADATA_UINT16
- (pkt, dscp_offset)) & 0XF00F);
- uint8_t dscp_store =
- action_array_active[action_id].dscp_priority
- << 2;
- uint16_t dscp_temp = dscp_store;
-
- dscp_temp = dscp_temp << 4;
- *dscp = rte_bswap16(dscp_temp | dscp_value);
- if (ACL_DEBUG)
- printf
- ("Action DSCP DSCP Priority: %u\n",
- *dscp);
- }
-
- if (action_array_active[action_id].action_bitmap &
- acl_action_packet_accept) {
- if (ACL_DEBUG)
- printf("Action Accept\n");
-
- if (action_array_active[action_id].action_bitmap
- & acl_action_conntrack) {
-
- /* Set conntrack bit for this pkt */
- conntrack_mask |= pkt_mask;
- if (ACL_DEBUG)
- printf("ACL Conntrack enabled: "
- " %p pkt_mask: %p\n",
- (void *)conntrack_mask,
- (void *)pkt_mask);
- }
-
- if (action_array_active[action_id].action_bitmap
- & acl_action_connexist) {
-
- /* Set conntrack bit for this pkt */
- conntrack_mask |= pkt_mask;
-
- /* Set connexist bit for this pkt for public -> private */
- /* Private -> public packet will open the connection */
- if (action_array_active
- [action_id].private_public ==
- acl_public_private)
- connexist_mask |= pkt_mask;
-
- if (ACL_DEBUG)
- printf("ACL Connexist enabled "
- "conntrack: %p connexist: %p pkt_mask: %p\n",
- (void *)conntrack_mask,
- (void *)connexist_mask,
- (void *)pkt_mask);
- }
- }
- }
- }
-
- /* Only call connection tracker if required */
- if (conntrack_mask > 0) {
- if (ACL_DEBUG)
- printf
- ("ACL Call Conntrack Before = %p Connexist = %p\n",
- (void *)conntrack_mask, (void *)connexist_mask);
- conntrack_mask =
- rte_ct_cnxn_tracker_batch_lookup_with_new_cnxn_control
- (p_acl->cnxn_tracker, pkts, conntrack_mask, connexist_mask);
- if (ACL_DEBUG)
- printf("ACL Call Conntrack After = %p\n",
- (void *)conntrack_mask);
-
- /* Only change pkt mask for pkts that have conntrack enabled */
- /* Need to loop through packets to check if conntrack enabled */
- pkts_to_process = pkts_mask;
- for (; pkts_to_process;) {
- uint32_t action_id = 0;
- uint8_t pos =
- (uint8_t) __builtin_ctzll(pkts_to_process);
- uint64_t pkt_mask = 1LLU << pos;
- /* bitmask representing only this packet */
-
- pkts_to_process &= ~pkt_mask;
- /* remove this packet from remaining list */
- struct rte_mbuf *pkt = pkts[pos];
-
- uint8_t hdr_chk = RTE_MBUF_METADATA_UINT8(pkt,
- MBUF_HDR_ROOM
- +
- ETH_HDR_SIZE);
-
- hdr_chk = hdr_chk >> IP_VERSION_CHECK;
- if (hdr_chk == IPv4_HDR_VERSION) {
- struct acl_table_entry *entry =
- (struct acl_table_entry *)
- p_acl->acl_entries_ipv4[pos];
- action_id = entry->action_id;
- } else {
- struct acl_table_entry *entry =
- (struct acl_table_entry *)
- p_acl->acl_entries_ipv6[pos];
- action_id = entry->action_id;
- }
-
- if ((action_array_active[action_id].action_bitmap &
- acl_action_conntrack)
- || (action_array_active[action_id].action_bitmap &
- acl_action_connexist)) {
-
- if (conntrack_mask & pkt_mask) {
- if (ACL_DEBUG)
- printf("ACL Conntrack Accept "
- "packet = %p\n",
- (void *)pkt_mask);
- } else {
- /* Drop packet by changing the mask */
- if (ACL_DEBUG)
- printf("ACL Conntrack Drop "
- "packet = %p\n",
- (void *)pkt_mask);
- pkts_mask &= ~pkt_mask;
- p_acl->counters->pkts_drop++;
- }
- }
- }
- }
-
- pkts_to_process = pkts_mask;
- /* bitmap of packets left to process for ARP */
-
- for (; pkts_to_process;) {
- uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_process);
- uint64_t pkt_mask = 1LLU << pos;
- /* bitmask representing only this packet */
-
- pkts_to_process &= ~pkt_mask;
- /* remove this packet from remaining list */
- struct rte_mbuf *pkt = pkts[pos];
-
- uint8_t hdr_chk =
- RTE_MBUF_METADATA_UINT8(pkt, MBUF_HDR_ROOM + ETH_HDR_SIZE);
- hdr_chk = hdr_chk >> IP_VERSION_CHECK;
-
- if (hdr_chk == IPv4_HDR_VERSION) {
-
- struct acl_table_entry *entry =
- (struct acl_table_entry *)
- p_acl->acl_entries_ipv4[pos];
- uint16_t phy_port = pkt->port;
- uint32_t *port_out_id =
- RTE_MBUF_METADATA_UINT32_PTR(pkt,
- META_DATA_OFFSET +
- offsetof(struct
- mbuf_acl_meta_data,
- output_port));
- if (ACL_DEBUG)
- printf
- ("phy_port = %i, links_map[phy_port] = %i\n",
- phy_port, p_acl->links_map[phy_port]);
-
- /* header room + eth hdr size + dst_adr offset in ip header */
- uint32_t dst_addr_offset =
- MBUF_HDR_ROOM + ETH_HDR_SIZE + IP_HDR_DST_ADR_OFST;
- uint32_t *dst_addr =
- RTE_MBUF_METADATA_UINT32_PTR(pkt, dst_addr_offset);
- uint8_t *eth_dest =
- RTE_MBUF_METADATA_UINT8_PTR(pkt, MBUF_HDR_ROOM);
- uint8_t *eth_src =
- RTE_MBUF_METADATA_UINT8_PTR(pkt, MBUF_HDR_ROOM + 6);
- struct ether_addr hw_addr;
- uint32_t dest_address = rte_bswap32(*dst_addr);
- uint32_t *nhip = RTE_MBUF_METADATA_UINT32_PTR(pkt,
- META_DATA_OFFSET
- +
- offsetof
- (struct
- mbuf_acl_meta_data,
- nhip));
- uint32_t packet_length = rte_pktmbuf_pkt_len(pkt);
- *nhip = 0;
- struct arp_entry_data *ret_arp_data = NULL;
- ret_arp_data = get_dest_mac_addr_port
- (dest_address, &dest_if, (struct ether_addr *) eth_dest);
- *port_out_id = p_acl->port_out_id[dest_if];
- if (arp_cache_dest_mac_present(dest_if)) {
- ether_addr_copy(get_link_hw_addr(dest_if),
- (struct ether_addr *)eth_src);
- update_nhip_access(dest_if);
- if (unlikely(ret_arp_data && ret_arp_data->num_pkts)) {
- printf("sending buffered packets\n");
- arp_send_buffered_pkts(ret_arp_data,
- (struct ether_addr *)eth_dest, *port_out_id);
-
- }
- p_acl->counters->tpkts_processed++;
- p_acl->counters->bytes_processed +=
- packet_length;
- } else {
- if (unlikely(ret_arp_data == NULL)) {
- if (ACL_DEBUG)
- printf("%s: NHIP Not Found, "
- "outport_id: %d\n", __func__,
- *port_out_id);
-
- /* Drop the pkt */
- pkts_mask &= ~(1LLU << pos);
- if (ACL_DEBUG)
- printf("ACL after drop pkt_mask "
- "%lu, pkt_num %d\n",
- pkts_mask, pos);
- p_acl->counters->pkts_drop++;
- continue;
- }
+ struct pipeline_acl *p_acl = arg;
+
+ p_acl->counters->pkts_received =
+ p_acl->counters->pkts_received + n_pkts;
+ if (ACL_DEBUG)
+ printf("pkt_work_acl_key pkts_received: %" PRIu64
+ " n_pkts: %u\n", p_acl->counters->pkts_received, n_pkts);
+
+ uint64_t lookup_hit_mask = 0;
+ uint64_t lookup_hit_mask_ipv4 = 0;
+ uint64_t lookup_hit_mask_ipv6 = 0;
+ uint64_t lookup_miss_mask = 0;
+ uint64_t conntrack_mask = 0;
+ uint64_t connexist_mask = 0;
+ uint32_t dest_address = 0;
+ arp_pkts_mask = 0;
+ int status;
+ uint64_t pkts_drop_mask, pkts_mask = RTE_LEN2MASK(n_pkts, uint64_t);
+ uint64_t keep_mask = pkts_mask;
+ uint16_t port;
+ uint32_t ret;
+
+ p_acl->in_port_time_stamp = rte_get_tsc_cycles();
+
+ if (acl_ipv4_enabled) {
+ if (ACL_DEBUG)
+ printf("ACL IPV4 Lookup Mask Before = %p\n",
+ (void *)pkts_mask);
+ status =
+ rte_table_acl_ops.f_lookup(acl_rule_table_ipv4_active, pkts,
+ pkts_mask, &lookup_hit_mask_ipv4,
+ (void **)
+ p_acl->acl_entries_ipv4);
+ if (ACL_DEBUG)
+ printf("ACL IPV4 Lookup Mask After = %p\n",
+ (void *)lookup_hit_mask_ipv4);
+ }
+
+ if (acl_ipv6_enabled) {
+ if (ACL_DEBUG)
+ printf("ACL IPV6 Lookup Mask Before = %p\n",
+ (void *)pkts_mask);
+ status =
+ rte_table_acl_ops.f_lookup(acl_rule_table_ipv6_active, pkts,
+ pkts_mask, &lookup_hit_mask_ipv6,
+ (void **)
+ p_acl->acl_entries_ipv6);
+ if (ACL_DEBUG)
+ printf("ACL IPV6 Lookup Mask After = %p\n",
+ (void *)lookup_hit_mask_ipv6);
+ }
+
+ /* Merge lookup results since we process both IPv4 and IPv6 below */
+ lookup_hit_mask = lookup_hit_mask_ipv4 | lookup_hit_mask_ipv6;
+ if (ACL_DEBUG)
+ printf("ACL Lookup Mask After = %p\n", (void *)lookup_hit_mask);
+
+ lookup_miss_mask = pkts_mask & (~lookup_hit_mask);
+ pkts_mask = lookup_hit_mask;
+ p_acl->counters->pkts_drop += __builtin_popcountll(lookup_miss_mask);
+ if (ACL_DEBUG)
+ printf("pkt_work_acl_key pkts_drop: %" PRIu64 " n_pkts: %u\n",
+ p_acl->counters->pkts_drop,
+ __builtin_popcountll(lookup_miss_mask));
+
+ uint64_t pkts_to_process = lookup_hit_mask;
+ /* bitmap of packets left to process for ARP */
+
+ for (; pkts_to_process;) {
+ uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_process);
+ uint64_t pkt_mask = 1LLU << pos;
+ /* bitmask representing only this packet */
+
+ pkts_to_process &= ~pkt_mask;
+ /* remove this packet from remaining list */
+ struct rte_mbuf *pkt = pkts[pos];
+
+ if (enable_hwlb)
+ if (!check_arp_icmp(pkt, pkt_mask, p_acl)) {
+ pkts_mask &= ~(1LLU << pos);
+ continue;
+ }
+
+ uint8_t hdr_chk =
+ RTE_MBUF_METADATA_UINT8(pkt, MBUF_HDR_ROOM + ETH_HDR_SIZE);
+ hdr_chk = hdr_chk >> IP_VERSION_CHECK;
+
+ if (hdr_chk == IPv4_HDR_VERSION) {
+
+ struct acl_table_entry *entry =
+ (struct acl_table_entry *)
+ p_acl->acl_entries_ipv4[pos];
+ uint16_t phy_port = entry->head.port_id;
+ uint32_t action_id = entry->action_id;
+
+ if (ACL_DEBUG)
+ printf("action_id = %u\n", action_id);
+
+ uint32_t dscp_offset =
+ MBUF_HDR_ROOM + ETH_HDR_SIZE + IP_HDR_DSCP_OFST;
+
+ if (action_array_active[action_id].action_bitmap &
+ acl_action_count) {
+ action_counter_table
+ [p_acl->action_counter_index]
+ [action_id].packetCount++;
+ action_counter_table
+ [p_acl->action_counter_index]
+ [action_id].byteCount +=
+ rte_pktmbuf_pkt_len(pkt);
+ if (ACL_DEBUG)
+ printf("Action Count Packet Count: %"
+ PRIu64 " Byte Count: %" PRIu64
+ "\n",
+ action_counter_table
+ [p_acl->action_counter_index]
+ [action_id].packetCount,
+ action_counter_table
+ [p_acl->action_counter_index]
+ [action_id].byteCount);
+ }
+
+ if (action_array_active[action_id].action_bitmap &
+ acl_action_packet_drop) {
+
+ /* Drop packet by changing the mask */
+ if (ACL_DEBUG)
+ printf("ACL before drop pkt_mask "
+ " %lu, pkt_num %d\n",
+ pkts_mask, pos);
+ pkts_mask &= ~(1LLU << pos);
+ if (ACL_DEBUG)
+ printf("ACL after drop pkt_mask "
+ "%lu, pkt_num %d\n",
+ pkts_mask, pos);
+ p_acl->counters->pkts_drop++;
+ }
+
+ if (action_array_active[action_id].action_bitmap &
+ acl_action_fwd) {
+ phy_port =
+ action_array_active[action_id].fwd_port;
+ entry->head.port_id = phy_port;
+ if (ACL_DEBUG)
+ printf("Action FWD Port ID: %u\n",
+ phy_port);
+ }
+
+ if (action_array_active[action_id].action_bitmap &
+ acl_action_nat) {
+ phy_port =
+ action_array_active[action_id].nat_port;
+ entry->head.port_id = phy_port;
+ if (ACL_DEBUG)
+ printf("Action NAT Port ID: %u\n",
+ phy_port);
+ }
+
+ if (action_array_active[action_id].action_bitmap &
+ acl_action_dscp) {
+
+ /* Set DSCP priority */
+ uint8_t *dscp = RTE_MBUF_METADATA_UINT8_PTR(pkt,
+ dscp_offset);
+ *dscp =
+ action_array_active[action_id].dscp_priority
+ << 2;
+ if (ACL_DEBUG)
+ printf
+ ("Action DSCP DSCP Priority: %u\n",
+ *dscp);
+ }
+
+ if (action_array_active[action_id].action_bitmap &
+ acl_action_packet_accept) {
+ if (ACL_DEBUG)
+ printf("Action Accept\n");
+
+ if (action_array_active[action_id].action_bitmap
+ & acl_action_conntrack) {
+
+ /* Set conntrack bit for this pkt */
+ conntrack_mask |= pkt_mask;
+ if (ACL_DEBUG)
+ printf("ACL Conntrack enabled: "
+ "%p pkt_mask: %p\n",
+ (void *)conntrack_mask,
+ (void *)pkt_mask);
+ }