summaryrefslogtreecommitdiffstats
path: root/src/plugins/dpdk/ipsec/esp_encrypt.c
diff options
context:
space:
mode:
authorAlexander Chernavin <achernavin@netgate.com>2020-04-03 10:18:44 -0400
committerMatthew Smith <mgsmith@netgate.com>2020-04-17 15:05:25 +0000
commit82fc98fa4578dbbfb156effb11dea6a4e2d0b898 (patch)
treea3a6777c42023a2495fd7bd5880113cc154555b9 /src/plugins/dpdk/ipsec/esp_encrypt.c
parentd50ff7fba167035b10def282b5ec166fa7899948 (diff)
dpdk: fix udp-encap for esp in transport mode
Now UDP encapsulation doesn't work in transport mode because: - the encrypt node misses filling of UDP header and it gets sent with all zeros; - the decrypt node misses filling of new IP header and it contains garbage data. With this commit, fill UDP header during encryption and fill IP header during decryption. Change-Id: I87a7bd594f0e312b16d3e5eb19e568b4e3164d36 Type: fix Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Diffstat (limited to 'src/plugins/dpdk/ipsec/esp_encrypt.c')
-rw-r--r--src/plugins/dpdk/ipsec/esp_encrypt.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index c024f97e1e2..73f2081152d 100644
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -428,6 +428,7 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
u8 *src = ((u8 *) ih0) - rewrite_len;
u8 *dst = vlib_buffer_get_current (b0);
oh0 = vlib_buffer_get_current (b0) + rewrite_len;
+ ouh0 = vlib_buffer_get_current (b0) + rewrite_len;
if (is_ip6)
{
@@ -577,7 +578,7 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
tr->crypto_alg = sa0->crypto_alg;
tr->integ_alg = sa0->integ_alg;
u8 *p = vlib_buffer_get_current (b0);
- if (!ipsec_sa_is_set_IS_TUNNEL (sa0))
+ if (!ipsec_sa_is_set_IS_TUNNEL (sa0) && !is_tun)
p += vnet_buffer (b0)->ip.save_rewrite_length;
clib_memcpy_fast (tr->packet_data, p, sizeof (tr->packet_data));
}