summaryrefslogtreecommitdiffstats
path: root/vnet/vnet/ip/ip_input_acl.c
diff options
context:
space:
mode:
Diffstat (limited to 'vnet/vnet/ip/ip_input_acl.c')
-rw-r--r--vnet/vnet/ip/ip_input_acl.c38
1 files changed, 34 insertions, 4 deletions
diff --git a/vnet/vnet/ip/ip_input_acl.c b/vnet/vnet/ip/ip_input_acl.c
index 6331cf4fa6b..93a580ce47c 100644
--- a/vnet/vnet/ip/ip_input_acl.c
+++ b/vnet/vnet/ip/ip_input_acl.c
@@ -115,11 +115,9 @@ ip_inacl_inline (vlib_main_t * vm,
bi0 = from[0];
b0 = vlib_get_buffer (vm, bi0);
- h0 = b0->data;
bi1 = from[1];
b1 = vlib_get_buffer (vm, bi1);
- h1 = b1->data;
sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
table_index0 = am->classify_table_index_by_sw_if_index[tid][sw_if_index0];
@@ -131,11 +129,21 @@ ip_inacl_inline (vlib_main_t * vm,
t1 = pool_elt_at_index (vcm->tables, table_index1);
+ if (t0->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA)
+ h0 = (void *)vlib_buffer_get_current (b0) + t0->current_data_offset;
+ else
+ h0 = b0->data;
+
vnet_buffer(b0)->l2_classify.hash =
vnet_classify_hash_packet (t0, (u8 *) h0);
vnet_classify_prefetch_bucket (t0, vnet_buffer(b0)->l2_classify.hash);
+ if (t1->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA)
+ h1 = (void *)vlib_buffer_get_current (b1) + t1->current_data_offset;
+ else
+ h1 = b1->data;
+
vnet_buffer(b1)->l2_classify.hash =
vnet_classify_hash_packet (t1, (u8 *) h1);
@@ -160,12 +168,17 @@ ip_inacl_inline (vlib_main_t * vm,
bi0 = from[0];
b0 = vlib_get_buffer (vm, bi0);
- h0 = b0->data;
sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
table_index0 = am->classify_table_index_by_sw_if_index[tid][sw_if_index0];
t0 = pool_elt_at_index (vcm->tables, table_index0);
+
+ if (t0->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA)
+ h0 = (void *)vlib_buffer_get_current (b0) + t0->current_data_offset;
+ else
+ h0 = b0->data;
+
vnet_buffer(b0)->l2_classify.hash =
vnet_classify_hash_packet (t0, (u8 *) h0);
@@ -227,7 +240,6 @@ ip_inacl_inline (vlib_main_t * vm,
n_left_to_next -= 1;
b0 = vlib_get_buffer (vm, bi0);
- h0 = b0->data;
table_index0 = vnet_buffer(b0)->l2_classify.table_index;
e0 = 0;
t0 = 0;
@@ -243,6 +255,11 @@ ip_inacl_inline (vlib_main_t * vm,
hash0 = vnet_buffer(b0)->l2_classify.hash;
t0 = pool_elt_at_index (vcm->tables, table_index0);
+ if (t0->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA)
+ h0 = (void *)vlib_buffer_get_current (b0) + t0->current_data_offset;
+ else
+ h0 = b0->data;
+
e0 = vnet_classify_find_entry (t0, (u8 *) h0, hash0,
now);
if (e0)
@@ -263,6 +280,10 @@ ip_inacl_inline (vlib_main_t * vm,
error0 = (next0 == ACL_NEXT_INDEX_DENY)?
IP6_ERROR_INACL_SESSION_DENY:IP6_ERROR_NONE;
b0->error = error_node->errors[error0];
+
+ if (e0->action == CLASSIFY_ACTION_SET_IP4_FIB_INDEX ||
+ e0->action == CLASSIFY_ACTION_SET_IP6_FIB_INDEX)
+ vnet_buffer (b0)->sw_if_index[VLIB_TX] = e0->metadata;
}
else
{
@@ -288,6 +309,11 @@ ip_inacl_inline (vlib_main_t * vm,
break;
}
+ if (t0->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA)
+ h0 = (void *)vlib_buffer_get_current (b0) + t0->current_data_offset;
+ else
+ h0 = b0->data;
+
hash0 = vnet_classify_hash_packet (t0, (u8 *) h0);
e0 = vnet_classify_find_entry
(t0, (u8 *) h0, hash0, now);
@@ -308,6 +334,10 @@ ip_inacl_inline (vlib_main_t * vm,
error0 = (next0 == ACL_NEXT_INDEX_DENY)?
IP6_ERROR_INACL_SESSION_DENY:IP6_ERROR_NONE;
b0->error = error_node->errors[error0];
+
+ if (e0->action == CLASSIFY_ACTION_SET_IP4_FIB_INDEX ||
+ e0->action == CLASSIFY_ACTION_SET_IP6_FIB_INDEX)
+ vnet_buffer (b0)->sw_if_index[VLIB_TX] = e0->metadata;
break;
}
}