summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ah_encrypt.c
diff options
context:
space:
mode:
authorKlement Sekera <ksekera@cisco.com>2018-05-16 10:52:45 +0200
committerFlorin Coras <florin.coras@gmail.com>2018-06-21 14:50:10 +0000
commita98346f664aae148d26a8e158008b773d73db96f (patch)
tree2a850b1925f3dd70817fb0e41324baef71fd7a05 /src/vnet/ipsec/ah_encrypt.c
parent56ba844d6a8b8f58b18fe51bf22707b0c37d3a87 (diff)
ipsec: VPP-1316 calculate IP/TCP/UDP inner checksums
Calculate IP/TCP/UDP checksums in software before adding authentication. Change-Id: I3e121cb00aeba667764f39ade8d62170f18f8b6b Signed-off-by: Klement Sekera <ksekera@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/ah_encrypt.c')
-rw-r--r--src/vnet/ipsec/ah_encrypt.c22
1 files changed, 10 insertions, 12 deletions
diff --git a/src/vnet/ipsec/ah_encrypt.c b/src/vnet/ipsec/ah_encrypt.c
index 6619d872013..898c0f27547 100644
--- a/src/vnet/ipsec/ah_encrypt.c
+++ b/src/vnet/ipsec/ah_encrypt.c
@@ -263,19 +263,17 @@ ah_encrypt_node_fn (vlib_main_t * vm,
u8 sig[64];
memset (sig, 0, sizeof (sig));
- u8 *digest = NULL;
- {
- digest = vlib_buffer_get_current (i_b0) + ip_hdr_size + icv_size;
- memset (digest, 0, icv_size);
- }
+ u8 *digest =
+ vlib_buffer_get_current (i_b0) + ip_hdr_size + icv_size;
+ memset (digest, 0, icv_size);
- hmac_calc (sa0->integ_alg, sa0->integ_key,
- sa0->integ_key_len,
- (u8 *) vlib_buffer_get_current (i_b0),
- i_b0->current_length, sig, sa0->use_esn, sa0->seq_hi);
-
- memcpy (digest, (char *) &sig[0], 12);
+ unsigned size = hmac_calc (sa0->integ_alg, sa0->integ_key,
+ sa0->integ_key_len,
+ vlib_buffer_get_current (i_b0),
+ i_b0->current_length, sig, sa0->use_esn,
+ sa0->seq_hi);
+ memcpy (digest, sig, size);
if (PREDICT_FALSE (is_ipv6))
{
}
@@ -287,7 +285,7 @@ ah_encrypt_node_fn (vlib_main_t * vm,
}
if (transport_mode)
- vlib_buffer_advance (i_b0, -sizeof (ethernet_header_t));;
+ vlib_buffer_advance (i_b0, -sizeof (ethernet_header_t));
trace:
if (PREDICT_FALSE (i_b0->flags & VLIB_BUFFER_IS_TRACED))