summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPierre Pfister <ppfister@cisco.com>2018-11-26 09:29:00 +0100
committerDamjan Marion <dmarion@me.com>2018-11-26 19:53:18 +0000
commit6221927e9bad39c2856e844f8bc38947cb447f73 (patch)
tree74679586c0c01819b4ec5ba60a796baa3b69c72d
parenta25def7807fb46bd48462be3ec5c598fc79e2a13 (diff)
Fix IPSec CLI key parsing
strncpy stops copying when a byte set to 0 is read. The fix is to use mempcy instead. This patch also adds spd id to ipsec input trace. Change-Id: Ibed071d3607fa76c3f6ee065f94128f1aca9b2e2 Signed-off-by: Pierre Pfister <ppfister@cisco.com>
-rw-r--r--src/vnet/ipsec/ipsec_cli.c4
-rw-r--r--src/vnet/ipsec/ipsec_input.c11
2 files changed, 11 insertions, 4 deletions
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index ee7dd404a87..9c64822c37f 100644
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -167,10 +167,10 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
sa.integ_key_len = sizeof (sa.integ_key);
if (ck)
- strncpy ((char *) sa.crypto_key, (char *) ck, sa.crypto_key_len);
+ memcpy (sa.crypto_key, ck, sa.crypto_key_len);
if (ik)
- strncpy ((char *) sa.integ_key, (char *) ik, sa.integ_key_len);
+ memcpy (sa.integ_key, ik, sa.integ_key_len);
if (is_add)
{
diff --git a/src/vnet/ipsec/ipsec_input.c b/src/vnet/ipsec/ipsec_input.c
index 19c3b5bcef1..ef4113a1c09 100644
--- a/src/vnet/ipsec/ipsec_input.c
+++ b/src/vnet/ipsec/ipsec_input.c
@@ -44,6 +44,7 @@ static char *ipsec_input_error_strings[] = {
typedef struct
{
+ u32 spd;
u32 sa_id;
u32 spi;
u32 seq;
@@ -65,11 +66,14 @@ format_ipsec_input_trace (u8 * s, va_list * args)
if (t->sa_id != 0)
{
- s = format (s, "esp: sa_id %u spi %u seq %u", t->sa_id, t->spi, t->seq);
+ s =
+ format (s, "esp: sa_id %u spd %u spi %u seq %u", t->sa_id, t->spd,
+ t->spi, t->seq);
}
else
{
- s = format (s, "esp: no sa spi %u seq %u", t->spi, t->seq);
+ s =
+ format (s, "esp: no sa spd %u spi %u seq %u", t->spd, t->spi, t->seq);
}
return s;
}
@@ -269,6 +273,7 @@ VLIB_NODE_FN (ipsec4_input_node) (vlib_main_t * vm,
tr->sa_id = p0->sa_id;
tr->spi = clib_host_to_net_u32 (esp0->spi);
tr->seq = clib_host_to_net_u32 (esp0->seq);
+ tr->spd = spd0->id;
}
}
@@ -309,6 +314,7 @@ VLIB_NODE_FN (ipsec4_input_node) (vlib_main_t * vm,
tr->sa_id = p0->sa_id;
tr->spi = clib_host_to_net_u32 (ah0->spi);
tr->seq = clib_host_to_net_u32 (ah0->seq_no);
+ tr->spd = spd0->id;
}
}
}
@@ -457,6 +463,7 @@ VLIB_NODE_FN (ipsec6_input_node) (vlib_main_t * vm,
tr->sa_id = p0->sa_id;
tr->spi = clib_host_to_net_u32 (esp0->spi);
tr->seq = clib_host_to_net_u32 (esp0->seq);
+ tr->spd = spd0->id;
}
}