From 726de49600fb35ca00d460cb5e2ec400979a6546 Mon Sep 17 00:00:00 2001 From: Anand B Jyoti Date: Wed, 12 Jul 2017 04:25:16 +0530 Subject: vFW: Remove TTL decrementing in firewall acting as gateway JIRA: SAMPLEVNF-51 vFW is not functioning as a router and hence TTL decrement is not required. Remove this TTL decrementing in vFW. Change-Id: I49ae9b19a473eec0b8072f8a556dca299d89ef74 Signed-off-by: Anand B Jyoti --- VNFs/vFW/pipeline/pipeline_vfw_be.c | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'VNFs/vFW/pipeline') diff --git a/VNFs/vFW/pipeline/pipeline_vfw_be.c b/VNFs/vFW/pipeline/pipeline_vfw_be.c index 70057b41..7c532ed3 100644 --- a/VNFs/vFW/pipeline/pipeline_vfw_be.c +++ b/VNFs/vFW/pipeline/pipeline_vfw_be.c @@ -637,14 +637,6 @@ rte_vfw_ipv4_packet_filter_and_process(struct rte_mbuf **pkts, vfw_pipe->counters->pkts_drop_fragmented++; } - /* - * Behave like a router, and decrement the TTL of an - * IP packet. If this causes the TTL to become zero, - * the packet will be discarded. Unlike a router, - * no ICMP code 11 (Time * Exceeded) message will be - * sent back to the packet originator. - */ - if (unlikely(ttl <= 1)) { /* * about to decrement to zero (or is somehow @@ -670,18 +662,6 @@ rte_vfw_ipv4_packet_filter_and_process(struct rte_mbuf **pkts, if (unlikely(discard)) { valid_packets &= ~pkt_mask; - } else { - ihdr4->time_to_live = ttl - 1; - - /* update header checksum, from rfc 1141 */ - uint32_t sum; - uint16_t checksum = rte_bswap16( - ihdr4->hdr_checksum); - /* increment checksum high byte */ - sum = checksum + 0x100; - /* add carry */ - checksum = (sum + (sum >> BIT_CARRY)); - ihdr4->hdr_checksum = rte_bswap16(checksum); } /* make next packet data the current */ -- cgit 1.2.3-korg From 8b92d721853117a67574ed3f3950cc1ae27a887a Mon Sep 17 00:00:00 2001 From: Anand B Jyoti Date: Wed, 12 Jul 2017 08:12:31 +0530 Subject: vFW: ARPICMP packets shouldn't be processed by vFW JIRA: SAMPLEVNF-52 The stats counters are wrong when ARPICMP pkts are received by VFW pipeline in case of HWLB mode as the vFW is trying to process these pkts. The ARPICMP pkts shouldn't be processed by VFW pipeline, as these packets are processed by ARPICMP pipeline in case of HWLB. Change-Id: Iefe947a9f63fd4943f37900582656a9a4f957f5d Signed-off-by: Anand B Jyoti --- VNFs/vFW/pipeline/pipeline_vfw_be.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) (limited to 'VNFs/vFW/pipeline') diff --git a/VNFs/vFW/pipeline/pipeline_vfw_be.c b/VNFs/vFW/pipeline/pipeline_vfw_be.c index 7c532ed3..97508a77 100644 --- a/VNFs/vFW/pipeline/pipeline_vfw_be.c +++ b/VNFs/vFW/pipeline/pipeline_vfw_be.c @@ -599,9 +599,18 @@ rte_vfw_ipv4_packet_filter_and_process(struct rte_mbuf **pkts, /* remove this packet from remaining list */ pkts_to_process &= ~pkt_mask; - if (enable_hwlb) - if (!check_arp_icmp(pkt, vfw_pipe)) - discard = 1; + if (enable_hwlb) { + if (!check_arp_icmp(pkt, vfw_pipe)) { + /* make next packet data the current */ + pkts_to_process = next_pkts_to_process; + pos = next_pos; + pkt = next_pkt; + ihdr4 = next_iphdr; + pkt_mask = 1LLU << pos; + valid_packets &= ~pkt_mask; + continue; + } + } uint32_t packet_length = rte_pktmbuf_pkt_len(pkt); @@ -749,9 +758,18 @@ rte_vfw_ipv6_packet_filter_and_process(struct rte_mbuf **pkts, /* remove this packet from remaining list */ pkts_to_process &= ~pkt_mask; - if (enable_hwlb) - if (!check_arp_icmp(pkt, vfw_pipe)) - discard = 1; + if (enable_hwlb) { + if (!check_arp_icmp(pkt, vfw_pipe)) { + /* make next packet data the current */ + pkts_to_process = next_pkts_to_process; + pos = next_pos; + pkt = next_pkt; + ihdr6 = next_iphdr; + pkt_mask = 1LLU << pos; + valid_packets &= ~pkt_mask; + continue; + } + } uint32_t packet_length = rte_pktmbuf_pkt_len(pkt); -- cgit 1.2.3-korg