ikev2: respect punting only for ipv4

IPSec punting to IKEv2 is valid only for NAT-T in IPv4. Fix coverity CID 214915. Type: fix Change-Id: I6f2db38abf179565316f50c5d47c78acce3a0d01 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit d9ed0b67866fa6b8a5f449fdb8da8d6aacb5f225)
author: Benoît Ganne <bganne@cisco.com> 2020-11-12 10:29:23 +0100
committer: Andrew Yourtchenko <ayourtch@gmail.com> 2020-11-26 15:02:41 +0000
commit: 186f018f68ad0b0e9026e1150b576e4fa7000987 (patch)
tree: 66cd4734c68f2705aea0f9654cad2f6eb9ef878f
parent: 49de3282a3101dcc89e417d3c80a5af91d72a158 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index d64ea6a88cd..a2640f03bdb 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -2816,7 +2816,13 @@ ikev2_node_internal (vlib_main_t * vm,
       int ip_hdr_sz = 0;
       int is_req = 0, has_non_esp_marker = 0;
 
-      if (b0->punt_reason == ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0])
+      ASSERT (0 == b0->punt_reason
+	      || (is_ip4
+		  && b0->punt_reason ==
+		  ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0]));
+
+      if (is_ip4
+	  && b0->punt_reason == ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0])
 	{
 	  u8 *ptr = vlib_buffer_get_current (b0);
 	  ip40 = (ip4_header_t *) ptr;
author	Benoît Ganne <bganne@cisco.com>	2020-11-12 10:29:23 +0100
committer	Andrew Yourtchenko <ayourtch@gmail.com>	2020-11-26 15:02:41 +0000
commit	186f018f68ad0b0e9026e1150b576e4fa7000987 (patch)
tree	66cd4734c68f2705aea0f9654cad2f6eb9ef878f
parent	49de3282a3101dcc89e417d3c80a5af91d72a158 (diff)