IPSec AH protocol enhancement in VPP native core

Change-Id: Iec5804d768485f4015bbf732d8d19ef2f24e6939 Signed-off-by: “mukeshyadav1984” <mukyadav@cisco.com>
author: “mukeshyadav1984” <mukyadav@cisco.com> 2017-11-23 02:39:33 -0800
committer: Damjan Marion <dmarion.lists@gmail.com> 2017-11-28 12:26:30 +0000
commit: 430ac939d115b59e3f7f704645c6f88878223e1b (patch)
tree: ca5bbc6e7ab3c60316ed602f9a637ff423203f96 /src/vnet/ipsec/ipsec_output.c
parent: b3eeb6a5dd17627f56f5a9f299950c96f952e7a1 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/src/vnet/ipsec/ipsec_output.c b/src/vnet/ipsec/ipsec_output.c
index 1b8070d651a..e86292c0d17 100644
--- a/src/vnet/ipsec/ipsec_output.c
+++ b/src/vnet/ipsec/ipsec_output.c
@@ -270,8 +270,15 @@ ipsec_output_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 	{
 	  if (p0->policy == IPSEC_POLICY_ACTION_PROTECT)
 	    {
+	      u32 sa_index = 0;
+	      ipsec_sa_t *sa = 0;
 	      nc_protect++;
-	      next_node_index = im->esp_encrypt_node_index;
+	      sa_index = ipsec_get_sa_index_by_sa_id (p0->sa_id);
+	      sa = pool_elt_at_index (im->sad, sa_index);
+	      if (sa->protocol == IPSEC_PROTOCOL_ESP)
+		next_node_index = im->esp_encrypt_node_index;
+	      else
+		next_node_index = im->ah_encrypt_node_index;
 	      vnet_buffer (b0)->ipsec.sad_index = p0->sa_index;
 	      vlib_buffer_advance (b0, iph_offset);
 	      p0->counter.packets++;
author	“mukeshyadav1984” <mukyadav@cisco.com>	2017-11-23 02:39:33 -0800
committer	Damjan Marion <dmarion.lists@gmail.com>	2017-11-28 12:26:30 +0000
commit	430ac939d115b59e3f7f704645c6f88878223e1b (patch)
tree	ca5bbc6e7ab3c60316ed602f9a637ff423203f96 /src/vnet/ipsec/ipsec_output.c
parent	b3eeb6a5dd17627f56f5a9f299950c96f952e7a1 (diff)