diff options
author | Deepak S <deepak.s@linux.intel.com> | 2017-07-14 06:20:42 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@opnfv.org> | 2017-07-14 06:20:42 +0000 |
commit | 7da9fd5f44d3d65872e4da7feaf2cedea7f8d214 (patch) | |
tree | 7df268ce0ba802bc52bfb6e873c9063495c4e12b /VNFs/vFW | |
parent | 156e2f1781bf3d30ecd54df4c22b23944c85eed1 (diff) | |
parent | 8b92d721853117a67574ed3f3950cc1ae27a887a (diff) |
Merge changes Iefe947a9,I49ae9b19
* changes:
vFW: ARPICMP packets shouldn't be processed by vFW
vFW: Remove TTL decrementing in firewall acting as gateway
Diffstat (limited to 'VNFs/vFW')
-rw-r--r-- | VNFs/vFW/pipeline/pipeline_vfw_be.c | 50 |
1 files changed, 24 insertions, 26 deletions
diff --git a/VNFs/vFW/pipeline/pipeline_vfw_be.c b/VNFs/vFW/pipeline/pipeline_vfw_be.c index 70057b41..97508a77 100644 --- a/VNFs/vFW/pipeline/pipeline_vfw_be.c +++ b/VNFs/vFW/pipeline/pipeline_vfw_be.c @@ -599,9 +599,18 @@ rte_vfw_ipv4_packet_filter_and_process(struct rte_mbuf **pkts, /* remove this packet from remaining list */ pkts_to_process &= ~pkt_mask; - if (enable_hwlb) - if (!check_arp_icmp(pkt, vfw_pipe)) - discard = 1; + if (enable_hwlb) { + if (!check_arp_icmp(pkt, vfw_pipe)) { + /* make next packet data the current */ + pkts_to_process = next_pkts_to_process; + pos = next_pos; + pkt = next_pkt; + ihdr4 = next_iphdr; + pkt_mask = 1LLU << pos; + valid_packets &= ~pkt_mask; + continue; + } + } uint32_t packet_length = rte_pktmbuf_pkt_len(pkt); @@ -637,14 +646,6 @@ rte_vfw_ipv4_packet_filter_and_process(struct rte_mbuf **pkts, vfw_pipe->counters->pkts_drop_fragmented++; } - /* - * Behave like a router, and decrement the TTL of an - * IP packet. If this causes the TTL to become zero, - * the packet will be discarded. Unlike a router, - * no ICMP code 11 (Time * Exceeded) message will be - * sent back to the packet originator. - */ - if (unlikely(ttl <= 1)) { /* * about to decrement to zero (or is somehow @@ -670,18 +671,6 @@ rte_vfw_ipv4_packet_filter_and_process(struct rte_mbuf **pkts, if (unlikely(discard)) { valid_packets &= ~pkt_mask; - } else { - ihdr4->time_to_live = ttl - 1; - - /* update header checksum, from rfc 1141 */ - uint32_t sum; - uint16_t checksum = rte_bswap16( - ihdr4->hdr_checksum); - /* increment checksum high byte */ - sum = checksum + 0x100; - /* add carry */ - checksum = (sum + (sum >> BIT_CARRY)); - ihdr4->hdr_checksum = rte_bswap16(checksum); } /* make next packet data the current */ @@ -769,9 +758,18 @@ rte_vfw_ipv6_packet_filter_and_process(struct rte_mbuf **pkts, /* remove this packet from remaining list */ pkts_to_process &= ~pkt_mask; - if (enable_hwlb) - if (!check_arp_icmp(pkt, vfw_pipe)) - discard = 1; + if (enable_hwlb) { + if (!check_arp_icmp(pkt, vfw_pipe)) { + /* make next packet data the current */ + pkts_to_process = next_pkts_to_process; + pos = next_pos; + pkt = next_pkt; + ihdr6 = next_iphdr; + pkt_mask = 1LLU << pos; + valid_packets &= ~pkt_mask; + continue; + } + } uint32_t packet_length = rte_pktmbuf_pkt_len(pkt); |