aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/acl
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2017-11-15 16:58:51 +0100
committerDamjan Marion <dmarion.lists@gmail.com>2017-11-17 08:37:46 +0000
commit9385aa096ca2f216ae220cbca4f6554e606baeb7 (patch)
treea549413f6515dccc45effed928865d5fe30223d4 /src/plugins/acl
parentdcf55ce28d558ddeb1fd93904b54dbb843430a0f (diff)
acl-plugin: use ip.save_rewrite_length to calculate IP header offset on L3 egress path
L3 egress path does not set the ethernet flags reflecting the count of VLANs, but rather has the offset explicitly, so use that. Change-Id: Id3f6562dcd52ca24137c305f1a1c88c1f125da78 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/plugins/acl')
-rw-r--r--src/plugins/acl/fa_node.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/src/plugins/acl/fa_node.c b/src/plugins/acl/fa_node.c
index f1e7426e4a7..9c3db8d81fd 100644
--- a/src/plugins/acl/fa_node.c
+++ b/src/plugins/acl/fa_node.c
@@ -354,16 +354,24 @@ static void
acl_fill_5tuple (acl_main_t * am, vlib_buffer_t * b0, int is_ip6,
int is_input, int is_l2_path, fa_5tuple_t * p5tuple_pkt)
{
- int l3_offset = ethernet_buffer_header_size(b0);
+ int l3_offset;
int l4_offset;
u16 ports[2];
u16 proto;
+
/* IP4 and IP6 protocol numbers of ICMP */
static u8 icmp_protos[] = { IP_PROTOCOL_ICMP, IP_PROTOCOL_ICMP6 };
- if (is_input && !(is_l2_path))
+ if (is_l2_path)
{
- l3_offset = 0;
+ l3_offset = ethernet_buffer_header_size(b0);
+ }
+ else
+ {
+ if (is_input)
+ l3_offset = 0;
+ else
+ l3_offset = vnet_buffer(b0)->ip.save_rewrite_length;
}
/* key[0..3] contains src/dst address and is cleared/set below */