diff options
author | Neale Ranns <nranns@cisco.com> | 2020-04-15 11:53:36 +0000 |
---|---|---|
committer | Florin Coras <florin.coras@gmail.com> | 2020-04-15 14:55:42 +0000 |
commit | 92d0eacefbc4991e3e42010b6b0cb625eddcfe40 (patch) | |
tree | fe691641573afd6a149169849d52b45a9ef2add3 | |
parent | 1e8d949781a44846dabbf56e1aab80bbf4cc8d59 (diff) |
urpf: Allow locally generated packets on TX
Type: fix
Change-Id: I87d301aec20b9f5b34997b394493c796188fce14
Signed-off-by: Neale Ranns <nranns@cisco.com>
-rw-r--r-- | src/plugins/urpf/urpf_dp.h | 11 | ||||
-rw-r--r-- | src/vnet/ip/ip6_forward.c | 4 |
2 files changed, 9 insertions, 6 deletions
diff --git a/src/plugins/urpf/urpf_dp.h b/src/plugins/urpf/urpf_dp.h index 3d3f19cfb1d..bfe1f659171 100644 --- a/src/plugins/urpf/urpf_dp.h +++ b/src/plugins/urpf/urpf_dp.h @@ -178,7 +178,7 @@ urpf_inline (vlib_main_t * vm, { /* for RX the check is: would this source adddress be forwarded * out of the interface on which it was recieved, if yes allow. - * For TX it's; would this source addres be forwarded out of the + * For TX it's; would this source address be forwarded out of the * interface through which it is being sent, if yes drop. */ int res0, res1; @@ -197,6 +197,10 @@ urpf_inline (vlib_main_t * vm, { pass0 |= !res0 && fib_urpf_check_size (lb0->lb_urpf); pass1 |= !res1 && fib_urpf_check_size (lb1->lb_urpf); + + /* allow locally generated */ + pass0 |= b[0]->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED; + pass1 |= b[1]->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED; } } else @@ -290,7 +294,10 @@ urpf_inline (vlib_main_t * vm, if (VLIB_RX == dir) pass0 |= res0; else - pass0 |= !res0 && fib_urpf_check_size (lb0->lb_urpf); + { + pass0 |= !res0 && fib_urpf_check_size (lb0->lb_urpf); + pass0 |= b[0]->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED; + } } else pass0 |= fib_urpf_check_size (lb0->lb_urpf); diff --git a/src/vnet/ip/ip6_forward.c b/src/vnet/ip/ip6_forward.c index 9c195e68802..91a93ee6cf0 100644 --- a/src/vnet/ip/ip6_forward.c +++ b/src/vnet/ip/ip6_forward.c @@ -1952,10 +1952,6 @@ ip6_rewrite_inline_with_gso (vlib_main_t * vm, 0); } } - else - { - p0->flags &= ~VNET_BUFFER_F_LOCALLY_ORIGINATED; - } if (is_midchain) { |