summaryrefslogtreecommitdiffstats
path: root/src/vnet/ip
diff options
context:
space:
mode:
authorGregory Thiemonge <gregory.thiemonge@enea.com>2018-03-16 07:40:50 +0000
committerDamjan Marion <dmarion@me.com>2018-10-25 10:28:52 +0000
commit3935fc8527c340535a00108b78f3de064df50a7f (patch)
treedea0240fc4d857f43e410a9b2271f1032b9a357f /src/vnet/ip
parent1bc560463b96930b067452c8908c6bb6adf0e129 (diff)
ACL: Fix next_table_index classifiers consistancy
Fixed consistancy between the first classifier match and the next_table_index classifier matches: - CLASSIFY_ACTION_SET_METADATA was applied only for the first classifier, but it was not applied for the other classifiers - Actions should be performed only for input ACLs - Payload should point at the IP header for output ACLs Change-Id: Ifbd7791756320ae3198520c41902f5e99e3d40b4 Signed-off-by: Gregory Thiemonge <gregory.thiemonge@enea.com>
Diffstat (limited to 'src/vnet/ip')
-rw-r--r--src/vnet/ip/ip_in_out_acl.c22
1 files changed, 17 insertions, 5 deletions
diff --git a/src/vnet/ip/ip_in_out_acl.c b/src/vnet/ip/ip_in_out_acl.c
index b50f5b1ff67..699f69eda78 100644
--- a/src/vnet/ip/ip_in_out_acl.c
+++ b/src/vnet/ip/ip_in_out_acl.c
@@ -401,6 +401,10 @@ ip_in_out_acl_inline (vlib_main_t * vm,
else
h0 = b0->data;
+ /* advance the match pointer so the matching happens on IP header */
+ if (is_output)
+ h0 += vnet_buffer (b0)->l2_classify.pad.l2_len;
+
hash0 = vnet_classify_hash_packet (t0, (u8 *) h0);
e0 = vnet_classify_find_entry
(t0, (u8 *) h0, hash0, now);
@@ -424,11 +428,19 @@ ip_in_out_acl_inline (vlib_main_t * vm,
IP6_ERROR_INACL_SESSION_DENY) : IP6_ERROR_NONE;
b0->error = error_node->errors[error0];
- if (e0->action == CLASSIFY_ACTION_SET_IP4_FIB_INDEX
- || e0->action ==
- CLASSIFY_ACTION_SET_IP6_FIB_INDEX)
- vnet_buffer (b0)->sw_if_index[VLIB_TX] =
- e0->metadata;
+ if (!is_output)
+ {
+ if (e0->action ==
+ CLASSIFY_ACTION_SET_IP4_FIB_INDEX
+ || e0->action ==
+ CLASSIFY_ACTION_SET_IP6_FIB_INDEX)
+ vnet_buffer (b0)->sw_if_index[VLIB_TX] =
+ e0->metadata;
+ else if (e0->action ==
+ CLASSIFY_ACTION_SET_METADATA)
+ vnet_buffer (b0)->ip.adj_index[VLIB_TX] =
+ e0->metadata;
+ }
break;
}
}