diff options
author | PiotrX Kleski <piotrx.kleski@intel.com> | 2020-12-11 15:10:31 +0000 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2020-12-18 14:24:32 +0000 |
commit | a9585fd2060e3c8cff89b7f83d8ee10a669c9649 (patch) | |
tree | e1b7ba8b4fbb8be88d3fc1227e9a6a46218b9f6c /src/plugins/nat/nat44_api.c | |
parent | e3e16172070e16e48d88b3e61dd2f3c539655513 (diff) |
ipsec: fixed esp_decrypt pkt len after icv moved
Type: fix
This change makes esp_move_icv() update pd->current_length if the first
buffer's length is updated.
In case that ICV is split over two buffers, esp_move_icv() copies ICV
to last buffer, it also updates the before_last buffer's current_length.
However, in esp_decrypt_post_crypto(), pd->current_lenght is used to update
first buffer lenght, but pd is not updated in esp_move_icv()
and the total pkt lenght ends up incorrect.
This only happens in tunnel mode when ICV is split between 1st and 2nd buffers.
Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Change-Id: Ic39d87454ec0d022c050775acb64c5c25ccf7f13
Diffstat (limited to 'src/plugins/nat/nat44_api.c')
0 files changed, 0 insertions, 0 deletions