single_rule_in_match_5tuple (ipsec_policy_t *policy, ipsec_fp_5tuple_t *match)
{
- u32 sa = clib_net_to_host_u32 (match->laddr.as_u32);
- u32 da = clib_net_to_host_u32 (match->raddr.as_u32);
+ u32 da = clib_net_to_host_u32 (match->laddr.as_u32);
+ u32 sa = clib_net_to_host_u32 (match->raddr.as_u32);
if (policy->policy == IPSEC_POLICY_ACTION_PROTECT)
{
}
else
{
- if (da < clib_net_to_host_u32 (policy->raddr.start.ip4.as_u32))
+ if (sa < clib_net_to_host_u32 (policy->raddr.start.ip4.as_u32))
return (0);
- if (da > clib_net_to_host_u32 (policy->raddr.stop.ip4.as_u32))
+ if (sa > clib_net_to_host_u32 (policy->raddr.stop.ip4.as_u32))
return (0);
- if (sa < clib_net_to_host_u32 (policy->laddr.start.ip4.as_u32))
+ if (da < clib_net_to_host_u32 (policy->laddr.start.ip4.as_u32))
return (0);
- if (sa > clib_net_to_host_u32 (policy->laddr.stop.ip4.as_u32))
+ if (da > clib_net_to_host_u32 (policy->laddr.stop.ip4.as_u32))
return (0);
}
return (1);
{
policy = im->policies + *policy_id;
- if ((last_priority[i] < policy->priority) &&
- (single_rule_in_match_5tuple (policy, match)))
+ if (single_rule_in_match_5tuple (policy, match))
{
- last_priority[i] = policy->priority;
- if (policies[i] == 0)
- counter++;
- policies[i] = policy;
+ if (last_priority[i] < policy->priority)
+ {
+ last_priority[i] = policy->priority;
+ if (policies[i] == 0)
+ counter++;
+ policies[i] = policy;
+ }
+ break;
}
}
}
{
policy = im->policies + *policy_id;
- if ((last_priority[i] < policy->priority) &&
- (single_rule_in_match_5tuple (policy, match)))
+ if (single_rule_in_match_5tuple (policy, match))
{
- last_priority[i] = policy->priority;
- if (policies[i] == 0)
- counter++;
- policies[i] = policy;
+ if (last_priority[i] < policy->priority)
+ {
+ last_priority[i] = policy->priority;
+ if (policies[i] == 0)
+ counter++;
+ policies[i] = policy;
+ }
+ break;
}
}
}
policies[i] = policy;
ids[i] = *policy_id;
}
+ break;
}
}
}
{
policy = im->policies + *policy_id;
- if ((last_priority[i] < policy->priority) &&
- (single_rule_out_match_5tuple (policy, match)))
+ if (single_rule_out_match_5tuple (policy, match))
{
- last_priority[i] = policy->priority;
- if (policies[i] == 0)
- counter++;
- policies[i] = policy;
- ids[i] = *policy_id;
+ if (last_priority[i] < policy->priority)
+ {
+ last_priority[i] = policy->priority;
+ if (policies[i] == 0)
+ counter++;
+ policies[i] = policy;
+ ids[i] = *policy_id;
+ }
+ break;
}
}
}