summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2020-04-15 11:53:36 +0000
committerFlorin Coras <florin.coras@gmail.com>2020-04-15 14:55:42 +0000
commit92d0eacefbc4991e3e42010b6b0cb625eddcfe40 (patch)
treefe691641573afd6a149169849d52b45a9ef2add3
parent1e8d949781a44846dabbf56e1aab80bbf4cc8d59 (diff)
urpf: Allow locally generated packets on TX
Type: fix Change-Id: I87d301aec20b9f5b34997b394493c796188fce14 Signed-off-by: Neale Ranns <nranns@cisco.com>
-rw-r--r--src/plugins/urpf/urpf_dp.h11
-rw-r--r--src/vnet/ip/ip6_forward.c4
2 files changed, 9 insertions, 6 deletions
diff --git a/src/plugins/urpf/urpf_dp.h b/src/plugins/urpf/urpf_dp.h
index 3d3f19cfb1d..bfe1f659171 100644
--- a/src/plugins/urpf/urpf_dp.h
+++ b/src/plugins/urpf/urpf_dp.h
@@ -178,7 +178,7 @@ urpf_inline (vlib_main_t * vm,
{
/* for RX the check is: would this source adddress be forwarded
* out of the interface on which it was recieved, if yes allow.
- * For TX it's; would this source addres be forwarded out of the
+ * For TX it's; would this source address be forwarded out of the
* interface through which it is being sent, if yes drop.
*/
int res0, res1;
@@ -197,6 +197,10 @@ urpf_inline (vlib_main_t * vm,
{
pass0 |= !res0 && fib_urpf_check_size (lb0->lb_urpf);
pass1 |= !res1 && fib_urpf_check_size (lb1->lb_urpf);
+
+ /* allow locally generated */
+ pass0 |= b[0]->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED;
+ pass1 |= b[1]->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED;
}
}
else
@@ -290,7 +294,10 @@ urpf_inline (vlib_main_t * vm,
if (VLIB_RX == dir)
pass0 |= res0;
else
- pass0 |= !res0 && fib_urpf_check_size (lb0->lb_urpf);
+ {
+ pass0 |= !res0 && fib_urpf_check_size (lb0->lb_urpf);
+ pass0 |= b[0]->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED;
+ }
}
else
pass0 |= fib_urpf_check_size (lb0->lb_urpf);
diff --git a/src/vnet/ip/ip6_forward.c b/src/vnet/ip/ip6_forward.c
index 9c195e68802..91a93ee6cf0 100644
--- a/src/vnet/ip/ip6_forward.c
+++ b/src/vnet/ip/ip6_forward.c
@@ -1952,10 +1952,6 @@ ip6_rewrite_inline_with_gso (vlib_main_t * vm,
0);
}
}
- else
- {
- p0->flags &= ~VNET_BUFFER_F_LOCALLY_ORIGINATED;
- }
if (is_midchain)
{