Code Review / vpp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 1e8d949)
urpf: Allow locally generated packets on TX 20/26520/3
authorNeale Ranns <nranns@cisco.com>
Wed, 15 Apr 2020 11:53:36 +0000 (11:53 +0000)
committerFlorin Coras <florin.coras@gmail.com>
Wed, 15 Apr 2020 14:55:42 +0000 (14:55 +0000)
Type: fix

Change-Id: I87d301aec20b9f5b34997b394493c796188fce14
Signed-off-by: Neale Ranns <nranns@cisco.com>
src/plugins/urpf/urpf_dp.h patch | blob | history
src/vnet/ip/ip6_forward.c patch | blob | history

diff --git a/src/plugins/urpf/urpf_dp.h b/src/plugins/urpf/urpf_dp.h
index 3d3f19c..bfe1f65 100644 (file)
--- a/src/plugins/urpf/urpf_dp.h
+++ b/src/plugins/urpf/urpf_dp.h
@@ -178,7 +178,7 @@ urpf_inline (vlib_main_t * vm,
        {
          /* for RX the check is: would this source adddress be forwarded
           * out of the interface on which it was recieved, if yes allow.
-          * For TX it's; would this source addres be forwarded out of the
+          * For TX it's; would this source address be forwarded out of the
           * interface through which it is being sent, if yes drop.
           */
          int res0, res1;
@@ -197,6 +197,10 @@ urpf_inline (vlib_main_t * vm,
            {
              pass0 |= !res0 && fib_urpf_check_size (lb0->lb_urpf);
              pass1 |= !res1 && fib_urpf_check_size (lb1->lb_urpf);
+
+             /* allow locally generated */
+             pass0 |= b[0]->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED;
+             pass1 |= b[1]->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED;
            }
        }
       else
@@ -290,7 +294,10 @@ urpf_inline (vlib_main_t * vm,
          if (VLIB_RX == dir)
            pass0 |= res0;
          else
-           pass0 |= !res0 && fib_urpf_check_size (lb0->lb_urpf);
+           {
+             pass0 |= !res0 && fib_urpf_check_size (lb0->lb_urpf);
+             pass0 |= b[0]->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED;
+           }
        }
       else
        pass0 |= fib_urpf_check_size (lb0->lb_urpf);
diff --git a/src/vnet/ip/ip6_forward.c b/src/vnet/ip/ip6_forward.c
index 9c195e6..91a93ee 100644 (file)
--- a/src/vnet/ip/ip6_forward.c
+++ b/src/vnet/ip/ip6_forward.c
@@ -1952,10 +1952,6 @@ ip6_rewrite_inline_with_gso (vlib_main_t * vm,
                                               0);
                }
            }
-         else
-           {
-             p0->flags &= ~VNET_BUFFER_F_LOCALLY_ORIGINATED;
-           }
 
          if (is_midchain)
            {
Vector Packet Processing