aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec
diff options
context:
space:
mode:
authorjackiechen1985 <xiaobo.chen@tieto.com>2018-12-06 03:10:31 +0800
committerNeale Ranns <nranns@cisco.com>2018-12-07 10:23:40 +0000
commit9f6957d1a5b23d4bee9390da20537db6e93b3433 (patch)
treeabd3b745dab2f90dda072bda6009cb2fd160973b /src/vnet/ipsec
parent920fd77e9c78860b42dc9250a85288152de007d7 (diff)
Fix VPP-1515 IPSec receive packet error in transport mode with udp encap
Change-Id: Ife66395b89e1e9f9206666e5f0fd441b3c241bb2 Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r--src/vnet/ipsec/esp_decrypt.c16
-rw-r--r--src/vnet/ipsec/esp_encrypt.c2
2 files changed, 14 insertions, 4 deletions
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 68cb825f23b..3f463505e01 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -277,9 +277,19 @@ esp_decrypt_inline (vlib_main_t * vm,
}
else
{
- ih4 =
- (ip4_header_t *) ((u8 *) esp0 -
- sizeof (ip4_header_t));
+ if (sa0->udp_encap)
+ {
+ ih4 =
+ (ip4_header_t *) ((u8 *) esp0 -
+ sizeof (udp_header_t) -
+ sizeof (ip4_header_t));
+ }
+ else
+ {
+ ih4 =
+ (ip4_header_t *) ((u8 *) esp0 -
+ sizeof (ip4_header_t));
+ }
oh4 = vlib_buffer_get_current (o_b0);
ip_hdr_size = sizeof (ip4_header_t);
}
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index 4f2d7707395..88eda91bf7f 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -311,7 +311,7 @@ esp_encrypt_inline (vlib_main_t * vm,
vnet_buffer (o_b0)->sw_if_index[VLIB_TX] =
vnet_buffer (i_b0)->sw_if_index[VLIB_TX];
}
- vlib_buffer_advance (i_b0, ip_udp_hdr_size);
+ vlib_buffer_advance (i_b0, sizeof (ip4_header_t));
}
ASSERT (sa0->crypto_alg < IPSEC_CRYPTO_N_ALG);