diff options
-rw-r--r-- | src/payload.c | 12 | ||||
-rw-r--r-- | tests/py/bridge/vlan.t | 2 | ||||
-rw-r--r-- | tests/py/bridge/vlan.t.payload | 10 | ||||
-rw-r--r-- | tests/py/bridge/vlan.t.payload.netdev | 12 |
4 files changed, 36 insertions, 0 deletions
diff --git a/src/payload.c b/src/payload.c index abd5339c..3576400b 100644 --- a/src/payload.c +++ b/src/payload.c @@ -529,6 +529,18 @@ static bool payload_may_dependency_kill(struct payload_dep_ctx *ctx, dep->left->payload.desc == &proto_ip6) && expr->payload.base == PROTO_BASE_TRANSPORT_HDR) return false; + /* Do not kill + * ether type vlan and vlan type ip and ip protocol icmp + * into + * ip protocol icmp + * as this lacks ether type vlan. + * More generally speaking, do not kill protocol type + * for stacked protocols if we only have protcol type matches. + */ + if (dep->left->etype == EXPR_PAYLOAD && dep->op == OP_EQ && + expr->flags & EXPR_F_PROTOCOL && + expr->payload.base == dep->left->payload.base) + return false; break; } diff --git a/tests/py/bridge/vlan.t b/tests/py/bridge/vlan.t index 526d7cc9..7a52a502 100644 --- a/tests/py/bridge/vlan.t +++ b/tests/py/bridge/vlan.t @@ -32,6 +32,8 @@ ether type vlan vlan id 1 ip saddr 10.0.0.0/23 udp dport 53;ok;vlan id 1 ip sadd vlan id { 1, 2, 4, 100, 4095 } vlan pcp 1-3;ok vlan id { 1, 2, 4, 100, 4096 };fail +ether type vlan ip protocol 1 accept;ok + # illegal dependencies ether type ip vlan id 1;fail ether type ip vlan id 1 ip saddr 10.0.0.1;fail diff --git a/tests/py/bridge/vlan.t.payload b/tests/py/bridge/vlan.t.payload index cb0e812f..bb8925e3 100644 --- a/tests/py/bridge/vlan.t.payload +++ b/tests/py/bridge/vlan.t.payload @@ -199,3 +199,13 @@ bridge test-bridge input [ cmp gte reg 1 0x00000020 ] [ cmp lte reg 1 0x00000060 ] +# ether type vlan ip protocol 1 accept +bridge test-bridge input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 16 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ immediate reg 0 accept ] + diff --git a/tests/py/bridge/vlan.t.payload.netdev b/tests/py/bridge/vlan.t.payload.netdev index c57955ec..0a3f90a5 100644 --- a/tests/py/bridge/vlan.t.payload.netdev +++ b/tests/py/bridge/vlan.t.payload.netdev @@ -233,3 +233,15 @@ netdev test-netdev ingress [ cmp gte reg 1 0x00000020 ] [ cmp lte reg 1 0x00000060 ] +# ether type vlan ip protocol 1 accept +netdev test-netdev ingress + [ meta load iiftype => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ payload load 2b @ link header + 16 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ immediate reg 0 accept ] + |