ACL plugin rejects ICMP messages (VPP-624)

Change-Id: I95113a277b94cce5ff332fcf9f57ec6f385acec0
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>

1 files changed, 19 insertions, 21 deletions

diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 3fe084b4..b6af7380 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -208,10 +208,10 @@ acl_add_list (u32 count, vl_api_acl_rule_t rules[],
       r->src_prefixlen = rules[i].src_ip_prefix_len;
       r->dst_prefixlen = rules[i].dst_ip_prefix_len;
       r->proto = rules[i].proto;
-      r->src_port_or_type_first = rules[i].srcport_or_icmptype_first;
-      r->src_port_or_type_last = rules[i].srcport_or_icmptype_last;
-      r->dst_port_or_code_first = rules[i].dstport_or_icmpcode_first;
-      r->dst_port_or_code_last = rules[i].dstport_or_icmpcode_last;
+      r->src_port_or_type_first = ntohs ( rules[i].srcport_or_icmptype_first );
+      r->src_port_or_type_last = ntohs ( rules[i].srcport_or_icmptype_last );
+      r->dst_port_or_code_first = ntohs ( rules[i].dstport_or_icmpcode_first );
+      r->dst_port_or_code_last = ntohs ( rules[i].dstport_or_icmpcode_last );
       r->tcp_flags_value = rules[i].tcp_flags_value;
       r->tcp_flags_mask = rules[i].tcp_flags_mask;
     }
@@ -839,8 +839,8 @@ acl_packet_match (acl_main_t * am, u32 acl_index, vlib_buffer_t * b0,
   int is_ip6;
   int is_ip4;
   u8 proto;
-  u16 src_port;
-  u16 dst_port;
+  u16 src_port = 0;
+  u16 dst_port = 0;
   u8 tcp_flags = 0;
   int i;
   acl_list_t *a;
@@ -866,15 +866,13 @@ acl_packet_match (acl_main_t * am, u32 acl_index, vlib_buffer_t * b0,
 	{
 	  *trace_bitmap |= 0x00000001;
 	  /* type */
-	  src_port = *(u8 *) get_ptr_to_offset (b0, 34);
+	  src_port = ((u16) (*(u8 *) get_ptr_to_offset (b0, 34)));
 	  /* code */
-	  dst_port = *(u8 *) get_ptr_to_offset (b0, 35);
-	}
-      else
-	{
+	  dst_port = ((u16) (*(u8 *) get_ptr_to_offset (b0, 35)));
+	} else {
 	  /* assume TCP/UDP */
-	  src_port = (*(u16 *) get_ptr_to_offset (b0, 34));
-	  dst_port = (*(u16 *) get_ptr_to_offset (b0, 36));
+	  src_port = ntohs ((u16) (*(u16 *) get_ptr_to_offset (b0, 34)));
+	  dst_port = ntohs ((u16) (*(u16 *) get_ptr_to_offset (b0, 36)));
 	  /* UDP gets ability to check on an oddball data byte as a bonus */
 	  tcp_flags = *(u8 *) get_ptr_to_offset (b0, 14 + 20 + 13);
 	}
@@ -888,15 +886,15 @@ acl_packet_match (acl_main_t * am, u32 acl_index, vlib_buffer_t * b0,
 	{
 	  *trace_bitmap |= 0x00000002;
 	  /* type */
-	  src_port = *(u8 *) get_ptr_to_offset (b0, 54);
+	  src_port = (u16) (*(u8 *) get_ptr_to_offset (b0, 54));
 	  /* code */
-	  dst_port = *(u8 *) get_ptr_to_offset (b0, 55);
+	  dst_port = (u16) (*(u8 *) get_ptr_to_offset (b0, 55));
 	}
       else
 	{
 	  /* assume TCP/UDP */
-	  src_port = (*(u16 *) get_ptr_to_offset (b0, 54));
-	  dst_port = (*(u16 *) get_ptr_to_offset (b0, 56));
+	  src_port = ntohs ((u16) (*(u16 *) get_ptr_to_offset (b0, 54)));
+	  dst_port = ntohs ((u16) (*(u16 *) get_ptr_to_offset (b0, 56)));
 	  tcp_flags = *(u8 *) get_ptr_to_offset (b0, 14 + 40 + 13);
 	}
     }
@@ -1485,10 +1483,10 @@ copy_acl_rule_to_api_rule (vl_api_acl_rule_t * api_rule, acl_rule_t * r)
   api_rule->src_ip_prefix_len = r->src_prefixlen;
   api_rule->dst_ip_prefix_len = r->dst_prefixlen;
   api_rule->proto = r->proto;
-  api_rule->srcport_or_icmptype_first = r->src_port_or_type_first;
-  api_rule->srcport_or_icmptype_last = r->src_port_or_type_last;
-  api_rule->dstport_or_icmpcode_first = r->dst_port_or_code_first;
-  api_rule->dstport_or_icmpcode_last = r->dst_port_or_code_last;
+  api_rule->srcport_or_icmptype_first = htons (r->src_port_or_type_first);
+  api_rule->srcport_or_icmptype_last = htons (r->src_port_or_type_last);
+  api_rule->dstport_or_icmpcode_first = htons (r->dst_port_or_code_first);
+  api_rule->dstport_or_icmpcode_last = htons (r->dst_port_or_code_last);
   api_rule->tcp_flags_mask = r->tcp_flags_mask;
   api_rule->tcp_flags_value = r->tcp_flags_value;
 }