ip: add support for buffer offload metadata in ip midchain

[vpp.git] / src / vnet / ipsec / ipsec_spd_fp_lookup.h

diff --git a/src/vnet/ipsec/ipsec_spd_fp_lookup.h b/src/vnet/ipsec/ipsec_spd_fp_lookup.h
index a372ac7..2bbd7c6 100644 (file)
--- a/src/vnet/ipsec/ipsec_spd_fp_lookup.h
+++ b/src/vnet/ipsec/ipsec_spd_fp_lookup.h
@@ -97,8 +97,8 @@ static_always_inline int
 single_rule_in_match_5tuple (ipsec_policy_t *policy, ipsec_fp_5tuple_t *match)
 {
 
-  u32 sa = clib_net_to_host_u32 (match->laddr.as_u32);
-  u32 da = clib_net_to_host_u32 (match->raddr.as_u32);
+  u32 da = clib_net_to_host_u32 (match->laddr.as_u32);
+  u32 sa = clib_net_to_host_u32 (match->raddr.as_u32);
 
   if (policy->policy == IPSEC_POLICY_ACTION_PROTECT)
     {
@@ -118,16 +118,16 @@ single_rule_in_match_5tuple (ipsec_policy_t *policy, ipsec_fp_5tuple_t *match)
     }
   else
     {
-      if (da < clib_net_to_host_u32 (policy->raddr.start.ip4.as_u32))
+      if (sa < clib_net_to_host_u32 (policy->raddr.start.ip4.as_u32))
        return (0);
 
-      if (da > clib_net_to_host_u32 (policy->raddr.stop.ip4.as_u32))
+      if (sa > clib_net_to_host_u32 (policy->raddr.stop.ip4.as_u32))
        return (0);
 
-      if (sa < clib_net_to_host_u32 (policy->laddr.start.ip4.as_u32))
+      if (da < clib_net_to_host_u32 (policy->laddr.start.ip4.as_u32))
        return (0);
 
-      if (sa > clib_net_to_host_u32 (policy->laddr.stop.ip4.as_u32))
+      if (da > clib_net_to_host_u32 (policy->laddr.stop.ip4.as_u32))
        return (0);
     }
   return (1);
@@ -196,13 +196,16 @@ ipsec_fp_in_ip6_policy_match_n (void *spd_fp, ipsec_fp_5tuple_t *tuples,
                    {
                      policy = im->policies + *policy_id;
 
-                     if ((last_priority[i] < policy->priority) &&
-                         (single_rule_in_match_5tuple (policy, match)))
+                     if (single_rule_in_match_5tuple (policy, match))
                        {
-                         last_priority[i] = policy->priority;
-                         if (policies[i] == 0)
-                           counter++;
-                         policies[i] = policy;
+                         if (last_priority[i] < policy->priority)
+                           {
+                             last_priority[i] = policy->priority;
+                             if (policies[i] == 0)
+                               counter++;
+                             policies[i] = policy;
+                           }
+                         break;
                        }
                    }
                }
@@ -291,13 +294,16 @@ ipsec_fp_in_ip4_policy_match_n (void *spd_fp, ipsec_fp_5tuple_t *tuples,
                    {
                      policy = im->policies + *policy_id;
 
-                     if ((last_priority[i] < policy->priority) &&
-                         (single_rule_in_match_5tuple (policy, match)))
+                     if (single_rule_in_match_5tuple (policy, match))
                        {
-                         last_priority[i] = policy->priority;
-                         if (policies[i] == 0)
-                           counter++;
-                         policies[i] = policy;
+                         if (last_priority[i] < policy->priority)
+                           {
+                             last_priority[i] = policy->priority;
+                             if (policies[i] == 0)
+                               counter++;
+                             policies[i] = policy;
+                           }
+                         break;
                        }
                    }
                }
@@ -418,6 +424,7 @@ ipsec_fp_out_ip6_policy_match_n (void *spd_fp, ipsec_fp_5tuple_t *tuples,
                              policies[i] = policy;
                              ids[i] = *policy_id;
                            }
+                         break;
                        }
                    }
                }
@@ -511,14 +518,17 @@ ipsec_fp_out_ip4_policy_match_n (void *spd_fp, ipsec_fp_5tuple_t *tuples,
                    {
                      policy = im->policies + *policy_id;
 
-                     if ((last_priority[i] < policy->priority) &&
-                         (single_rule_out_match_5tuple (policy, match)))
+                     if (single_rule_out_match_5tuple (policy, match))
                        {
-                         last_priority[i] = policy->priority;
-                         if (policies[i] == 0)
-                           counter++;
-                         policies[i] = policy;
-                         ids[i] = *policy_id;
+                         if (last_priority[i] < policy->priority)
+                           {
+                             last_priority[i] = policy->priority;
+                             if (policies[i] == 0)
+                               counter++;
+                             policies[i] = policy;
+                             ids[i] = *policy_id;
+                           }
+                         break;
                        }
                    }
                }