Change the way IP header pointer is calculated in esp_decrypt nodes

The pointer to IP header was derived from l3_hdr_offset,
which would be ok, if l3_hdr_offset was valid. But it does not
have to be, so it was a bad solution. Now the previous nodes
mark whether it is a IPv6 or IPv4 packet tyle, and in esp_decrypt
we count get ip header pointer by substracting the size
of the ip header from the pointer to esp header (which lies
in front of the ip header).

Change-Id: I6d425b90931053711e8ce9126811b77ae6002a16
Signed-off-by: Szymon Sliwa <szs@semihalf.com>

1 files changed, 7 insertions, 3 deletions

diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 62b12dbbdf6..a0eeed464da 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -269,9 +269,13 @@ esp_decrypt_node_fn (vlib_main_t * vm,
 		{
 		  tunnel_mode = 0;
 
-		  ih4 =
-		    (ip4_header_t *) ((u8 *) i_b0->data +
-				      vnet_buffer (i_b0)->l3_hdr_offset);
+		  if (i_b0->flags & VNET_BUFFER_F_IS_IP4)
+		    ih4 =
+		      (ip4_header_t *) ((u8 *) esp0 - sizeof (ip4_header_t));
+		  else
+		    ih4 =
+		      (ip4_header_t *) ((u8 *) esp0 - sizeof (ip6_header_t));
+
 		  if (PREDICT_TRUE
 		      ((ih4->ip_version_and_header_length & 0xF0) != 0x40))
 		    {