Code Review / vpp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
hs-test: optimize size of docker image
[vpp.git] / src / plugins / urpf / urpf_dp.h
diff --git a/src/plugins/urpf/urpf_dp.h b/src/plugins/urpf/urpf_dp.h
index 3d3f19c..816d8b7 100644 (file)
--- a/src/plugins/urpf/urpf_dp.h
+++ b/src/plugins/urpf/urpf_dp.h
@@ -128,6 +128,11 @@ urpf_inline (vlib_main_t * vm,
          h1 += vnet_buffer (b[1])->ip.save_rewrite_length;
        }
 
+      fib_index0 =
+       urpf_cfgs[af][dir][vnet_buffer (b[0])->sw_if_index[dir]].fib_index;
+      fib_index1 =
+       urpf_cfgs[af][dir][vnet_buffer (b[1])->sw_if_index[dir]].fib_index;
+
       if (AF_IP4 == af)
        {
          const ip4_header_t *ip0, *ip1;
@@ -135,11 +140,6 @@ urpf_inline (vlib_main_t * vm,
          ip0 = (ip4_header_t *) h0;
          ip1 = (ip4_header_t *) h1;
 
-         fib_index0 = ip4_main.fib_index_by_sw_if_index
-           [vnet_buffer (b[0])->sw_if_index[dir]];
-         fib_index1 = ip4_main.fib_index_by_sw_if_index
-           [vnet_buffer (b[1])->sw_if_index[dir]];
-
          ip4_fib_forwarding_lookup_x2 (fib_index0,
                                        fib_index1,
                                        &ip0->src_address,
@@ -155,11 +155,6 @@ urpf_inline (vlib_main_t * vm,
        {
          const ip6_header_t *ip0, *ip1;
 
-         fib_index0 = ip6_main.fib_index_by_sw_if_index
-           [vnet_buffer (b[0])->sw_if_index[dir]];
-         fib_index1 = ip6_main.fib_index_by_sw_if_index
-           [vnet_buffer (b[1])->sw_if_index[dir]];
-
          ip0 = (ip6_header_t *) h0;
          ip1 = (ip6_header_t *) h1;
 
@@ -178,7 +173,7 @@ urpf_inline (vlib_main_t * vm,
        {
          /* for RX the check is: would this source adddress be forwarded
           * out of the interface on which it was recieved, if yes allow.
-          * For TX it's; would this source addres be forwarded out of the
+          * For TX it's; would this source address be forwarded out of the
           * interface through which it is being sent, if yes drop.
           */
          int res0, res1;
@@ -197,6 +192,10 @@ urpf_inline (vlib_main_t * vm,
            {
              pass0 |= !res0 && fib_urpf_check_size (lb0->lb_urpf);
              pass1 |= !res1 && fib_urpf_check_size (lb1->lb_urpf);
+
+             /* allow locally generated */
+             pass0 |= b[0]->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED;
+             pass1 |= b[1]->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED;
            }
        }
       else
@@ -251,12 +250,13 @@ urpf_inline (vlib_main_t * vm,
       if (VLIB_TX == dir)
        h0 += vnet_buffer (b[0])->ip.save_rewrite_length;
 
+      fib_index0 =
+       urpf_cfgs[af][dir][vnet_buffer (b[0])->sw_if_index[dir]].fib_index;
+
       if (AF_IP4 == af)
        {
          const ip4_header_t *ip0;
 
-         fib_index0 = ip4_main.fib_index_by_sw_if_index
-           [vnet_buffer (b[0])->sw_if_index[dir]];
          ip0 = (ip4_header_t *) h0;
 
          lb_index0 = ip4_fib_forwarding_lookup (fib_index0,
@@ -271,8 +271,6 @@ urpf_inline (vlib_main_t * vm,
          const ip6_header_t *ip0;
 
          ip0 = (ip6_header_t *) h0;
-         fib_index0 = ip6_main.fib_index_by_sw_if_index
-           [vnet_buffer (b[0])->sw_if_index[dir]];
 
          lb_index0 = ip6_fib_table_fwding_lookup (fib_index0,
                                                   &ip0->src_address);
@@ -290,7 +288,10 @@ urpf_inline (vlib_main_t * vm,
          if (VLIB_RX == dir)
            pass0 |= res0;
          else
-           pass0 |= !res0 && fib_urpf_check_size (lb0->lb_urpf);
+           {
+             pass0 |= !res0 && fib_urpf_check_size (lb0->lb_urpf);
+             pass0 |= b[0]->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED;
+           }
        }
       else
        pass0 |= fib_urpf_check_size (lb0->lb_urpf);
Vector Packet Processing