summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ah_encrypt.c
diff options
context:
space:
mode:
authorKlement Sekera <ksekera@cisco.com>2019-06-19 11:26:34 +0000
committerNeale Ranns <nranns@cisco.com>2019-06-19 14:03:47 +0000
commit4515545eef4783c7c475cb6531f9f5bbee506afa (patch)
tree73ca9484b87fefa5b230a94d9a7e7d8cfa81b30a /src/vnet/ipsec/ah_encrypt.c
parentdac1edbbbf8f42117f182b37618022167454f868 (diff)
ipsec: fix l2 header handling in ah encrypt
Use proper length for copying l2 layer in ah encrypt code. Previously code assumed that there is alywas just one ethernet header preceding IP header, which might not be true always. Change-Id: I176fd93b25cf1b9d9c2dc4e420ad48a94d5f4fb8 Ticket: VPP-1539 Type: fix Fixes: N/A Signed-off-by: Klement Sekera <ksekera@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/ah_encrypt.c')
-rw-r--r--src/vnet/ipsec/ah_encrypt.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/src/vnet/ipsec/ah_encrypt.c b/src/vnet/ipsec/ah_encrypt.c
index d12ca6704f0..1be4b3af7b7 100644
--- a/src/vnet/ipsec/ah_encrypt.c
+++ b/src/vnet/ipsec/ah_encrypt.c
@@ -216,12 +216,12 @@ ah_encrypt_inline (vlib_main_t * vm,
/* transport mode save the eth header before it is overwritten */
if (PREDICT_FALSE (!ipsec_sa_is_set_IS_TUNNEL (sa0)))
{
- ethernet_header_t *ieh0 = (ethernet_header_t *)
- ((u8 *) vlib_buffer_get_current (b[0]) -
- sizeof (ethernet_header_t));
- ethernet_header_t *oeh0 =
- (ethernet_header_t *) ((u8 *) ieh0 + (adv - icv_size));
- clib_memcpy_fast (oeh0, ieh0, sizeof (ethernet_header_t));
+ const u32 l2_len = vnet_buffer (b[0])->ip.save_rewrite_length;
+ u8 *l2_hdr_in = (u8 *) vlib_buffer_get_current (b[0]) - l2_len;
+
+ u8 *l2_hdr_out = l2_hdr_in + adv - icv_size;
+
+ clib_memcpy_le32 (l2_hdr_out, l2_hdr_in, l2_len);
}
vlib_buffer_advance (b[0], adv - icv_size);