aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/plugins/odp/ipsec/esp_decrypt.c30
-rw-r--r--src/plugins/odp/ipsec/esp_encrypt.c10
2 files changed, 26 insertions, 14 deletions
diff --git a/src/plugins/odp/ipsec/esp_decrypt.c b/src/plugins/odp/ipsec/esp_decrypt.c
index 69cfc3e7..9086f33a 100644
--- a/src/plugins/odp/ipsec/esp_decrypt.c
+++ b/src/plugins/odp/ipsec/esp_decrypt.c
@@ -278,8 +278,7 @@ esp_decrypt_node_fn (vlib_main_t * vm,
}
crypto_op_params.cipher_range.offset =
- (u32) ((u8 *) vlib_buffer_get_current (b0) - (u8 *) b0) -
- sizeof (vlib_buffer_t) + sizeof (esp_header_t) + IV_SIZE;
+ (u32) b0->current_data + sizeof (esp_header_t) + IV_SIZE;
crypto_op_params.cipher_range.length = BLOCK_SIZE * blocks;
crypto_op_params.override_iv_ptr =
(u8 *) vlib_buffer_get_current (b0) + sizeof (esp_header_t);
@@ -303,30 +302,39 @@ esp_decrypt_node_fn (vlib_main_t * vm,
old_ip_hdr =
*((ip4_header_t *) ((uintptr_t) vlib_buffer_get_current (b0) -
- ip_hdr_size));
-
- vlib_buffer_advance (b0, sizeof (esp_header_t) + IV_SIZE);
+ sizeof (ip4_header_t)));
b0->current_data =
sizeof (esp_header_t) + IV_SIZE + sizeof (ethernet_header_t);
- b0->current_length = (blocks * 16) - 2 + ip_hdr_size;
+ b0->current_length = (blocks * BLOCK_SIZE) - 2;
+ if (tunnel_mode)
+ b0->current_data += sizeof (ip4_header_t);
+ else
+ b0->current_length += sizeof (ip4_header_t);
+
b0->flags = VLIB_BUFFER_TOTAL_LENGTH_VALID;
f0 =
(esp_footer_t *) ((u8 *) vlib_buffer_get_current (b0) +
b0->current_length);
b0->current_length -= f0->pad_length;
- odp_packet_pull_head (crypto_op_params.pkt,
- sizeof (esp_header_t) + IV_SIZE);
+ if (tunnel_mode)
+ {
+ odp_packet_pull_head (crypto_op_params.pkt,
+ sizeof (esp_header_t) + IV_SIZE +
+ ip_hdr_size);
+ }
+ else
+ {
+ odp_packet_pull_head (crypto_op_params.pkt,
+ sizeof (esp_header_t) + IV_SIZE);
+ }
odp_packet_pull_tail (crypto_op_params.pkt,
f0->pad_length + icv_size);
/* tunnel mode */
if (PREDICT_TRUE (tunnel_mode))
{
- // TODO not supported
- assert (0);
-
if (PREDICT_TRUE (f0->next_header == IP_PROTOCOL_IP_IN_IP))
{
next0 = ESP_DECRYPT_NEXT_IP4_INPUT;
diff --git a/src/plugins/odp/ipsec/esp_encrypt.c b/src/plugins/odp/ipsec/esp_encrypt.c
index 8a7d3f68..65c4c60f 100644
--- a/src/plugins/odp/ipsec/esp_encrypt.c
+++ b/src/plugins/odp/ipsec/esp_encrypt.c
@@ -264,9 +264,6 @@ esp_encrypt_node_fn (vlib_main_t * vm,
if (PREDICT_TRUE
(!is_ipv6 && sa0->is_tunnel && !sa0->is_tunnel_ip6))
{
- // TODO not supported
- assert (0);
-
oh0->ip4.src_address.as_u32 = sa0->tunnel_src_addr.ip4.as_u32;
oh0->ip4.dst_address.as_u32 = sa0->tunnel_dst_addr.ip4.as_u32;
@@ -349,12 +346,14 @@ esp_encrypt_node_fn (vlib_main_t * vm,
int odp_offset_to_esp = ip_hdr_size,
odp_offset_to_payload =
sizeof (esp_header_t) + IV_SIZE + ip_hdr_size;
+
crypto_op_params.cipher_range.offset = odp_offset_to_payload;
crypto_op_params.cipher_range.length = BLOCK_SIZE * blocks;
crypto_op_params.auth_range.offset = odp_offset_to_esp;
crypto_op_params.auth_range.length =
b0->current_length - ip_hdr_size;
+
crypto_op_params.hash_result_offset =
odp_offset_to_payload + BLOCK_SIZE * blocks;
@@ -398,6 +397,11 @@ esp_encrypt_node_fn (vlib_main_t * vm,
b0->current_data -= sizeof (ethernet_header_t) + ip_hdr_size;
b0->current_length += sizeof (ethernet_header_t);
}
+ else
+ {
+ b0->current_data =
+ (i16) - push_head_by + sizeof (ethernet_header_t);
+ }
trace:
if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))