diff options
author | Andrew Yourtchenko <ayourtch@gmail.com> | 2017-11-15 16:58:51 +0100 |
---|---|---|
committer | Damjan Marion <dmarion.lists@gmail.com> | 2017-11-17 08:37:46 +0000 |
commit | 9385aa096ca2f216ae220cbca4f6554e606baeb7 (patch) | |
tree | a549413f6515dccc45effed928865d5fe30223d4 /src/plugins/acl | |
parent | dcf55ce28d558ddeb1fd93904b54dbb843430a0f (diff) |
acl-plugin: use ip.save_rewrite_length to calculate IP header offset on L3 egress path
L3 egress path does not set the ethernet flags reflecting the count of VLANs,
but rather has the offset explicitly, so use that.
Change-Id: Id3f6562dcd52ca24137c305f1a1c88c1f125da78
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/plugins/acl')
-rw-r--r-- | src/plugins/acl/fa_node.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/src/plugins/acl/fa_node.c b/src/plugins/acl/fa_node.c index f1e7426e4a7..9c3db8d81fd 100644 --- a/src/plugins/acl/fa_node.c +++ b/src/plugins/acl/fa_node.c @@ -354,16 +354,24 @@ static void acl_fill_5tuple (acl_main_t * am, vlib_buffer_t * b0, int is_ip6, int is_input, int is_l2_path, fa_5tuple_t * p5tuple_pkt) { - int l3_offset = ethernet_buffer_header_size(b0); + int l3_offset; int l4_offset; u16 ports[2]; u16 proto; + /* IP4 and IP6 protocol numbers of ICMP */ static u8 icmp_protos[] = { IP_PROTOCOL_ICMP, IP_PROTOCOL_ICMP6 }; - if (is_input && !(is_l2_path)) + if (is_l2_path) { - l3_offset = 0; + l3_offset = ethernet_buffer_header_size(b0); + } + else + { + if (is_input) + l3_offset = 0; + else + l3_offset = vnet_buffer(b0)->ip.save_rewrite_length; } /* key[0..3] contains src/dst address and is cleared/set below */ |