diff options
author | Benoît Ganne <bganne@cisco.com> | 2020-11-12 10:29:23 +0100 |
---|---|---|
committer | Matthew Smith <mgsmith@netgate.com> | 2020-11-19 21:32:54 +0000 |
commit | d9ed0b67866fa6b8a5f449fdb8da8d6aacb5f225 (patch) | |
tree | a97519d5713b05957cd55e720795622638e2e2d6 | |
parent | 83f37fc3bde149cc8cde7413691da1442dbf8f09 (diff) |
ikev2: respect punting only for ipv4
IPSec punting to IKEv2 is valid only for NAT-T in IPv4.
Fix coverity CID 214915.
Type: fix
Change-Id: I6f2db38abf179565316f50c5d47c78acce3a0d01
Signed-off-by: Benoît Ganne <bganne@cisco.com>
-rw-r--r-- | src/plugins/ikev2/ikev2.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c index 17d2347baad..47b2e9e9ac1 100644 --- a/src/plugins/ikev2/ikev2.c +++ b/src/plugins/ikev2/ikev2.c @@ -2817,7 +2817,13 @@ ikev2_node_internal (vlib_main_t * vm, int ip_hdr_sz = 0; int is_req = 0, has_non_esp_marker = 0; - if (b0->punt_reason == ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0]) + ASSERT (0 == b0->punt_reason + || (is_ip4 + && b0->punt_reason == + ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0])); + + if (is_ip4 + && b0->punt_reason == ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0]) { u8 *ptr = vlib_buffer_get_current (b0); ip40 = (ip4_header_t *) ptr; |