acl-plugin: use ip.save_rewrite_length to calculate IP header offset on L3 egress path
L3 egress path does not set the ethernet flags reflecting the count of VLANs,
but rather has the offset explicitly, so use that.
Change-Id: Id3f6562dcd52ca24137c305f1a1c88c1f125da78
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
diff --git a/src/plugins/acl/fa_node.c b/src/plugins/acl/fa_node.c
index f1e7426..9c3db8d 100644
--- a/src/plugins/acl/fa_node.c
+++ b/src/plugins/acl/fa_node.c
@@ -354,16 +354,24 @@
acl_fill_5tuple (acl_main_t * am, vlib_buffer_t * b0, int is_ip6,
int is_input, int is_l2_path, fa_5tuple_t * p5tuple_pkt)
{
- int l3_offset = ethernet_buffer_header_size(b0);
+ int l3_offset;
int l4_offset;
u16 ports[2];
u16 proto;
+
/* IP4 and IP6 protocol numbers of ICMP */
static u8 icmp_protos[] = { IP_PROTOCOL_ICMP, IP_PROTOCOL_ICMP6 };
- if (is_input && !(is_l2_path))
+ if (is_l2_path)
{
- l3_offset = 0;
+ l3_offset = ethernet_buffer_header_size(b0);
+ }
+ else
+ {
+ if (is_input)
+ l3_offset = 0;
+ else
+ l3_offset = vnet_buffer(b0)->ip.save_rewrite_length;
}
/* key[0..3] contains src/dst address and is cleared/set below */