summaryrefslogtreecommitdiffstats
path: root/src/vnet/interface.c
diff options
context:
space:
mode:
authorMatthew Smith <mgsmith@netgate.com>2018-07-05 14:45:58 -0500
committerDamjan Marion <dmarion@me.com>2018-07-08 11:22:17 +0000
commit0e36bbfd1b058b4febe895bad3d254851194ad6c (patch)
treef9da50cd132b03071fac16f36d5ee37aae142b90 /src/vnet/interface.c
parent7b13e0df704b5262a4602c51126a4f12ff00ca35 (diff)
Fix IPsec intf tx node setup at intf creation
When using a DPDK cryptodev with IPsec, sending outbound packets results in a crash on division by zero if using an algorithm not supported by the OpenSSL ESP nodes. This includes AES-GCM and MD5. At IPsec intf creation time, the next node at slot IPSEC_OUTPUT_NEXT_ESP_ENCRYPT for ipsec_if_tx_node_fn is set to the node named esp-encrypt. This is the OpenSSL ESP encrypt function. If DPDK cryptodevs are configured, dpdk-esp-encrypt is the correct next node. Change to setting the next node according to the value in ipsec_main.esp_encrypt_node_index. That value is set to esp-encrypt by default. If DPDK cryptodevs are configured it gets set to dpdk-esp-encrypt. Change-Id: I83896c76b975d74aead247a162c85eccca9575a8 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Diffstat (limited to 'src/vnet/interface.c')
0 files changed, 0 insertions, 0 deletions