summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec
diff options
context:
space:
mode:
authorSzymon Sliwa <szs@semihalf.com>2018-03-19 15:14:31 +0000
committerDamjan Marion <dmarion.lists@gmail.com>2018-04-18 05:18:30 +0000
commit8640dbdb7292d8d206aab3a90551d93798c9c50c (patch)
tree4d78aa516c758e462579c3d0131135aa172754f0 /src/vnet/ipsec
parent07a38572caa2c2d2d8658420a7c3df8e7f9d0e74 (diff)
Fix the ip header offset counting in vnet/ipsec
IP header is set as data + sizeof(ethernet_header_t), what does not need to be true. The solution is to use l3_hdr_offset. Change-Id: I5d9f41599ba8d8eb14ce2d9d523f82ea6e0fd10d Signed-off-by: Szymon Sliwa <szs@semihalf.com>
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r--src/vnet/ipsec/esp_decrypt.c9
1 files changed, 4 insertions, 5 deletions
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index a769e6bd51a..62b12dbbdf6 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -268,9 +268,10 @@ esp_decrypt_node_fn (vlib_main_t * vm,
if (PREDICT_FALSE (!sa0->is_tunnel && !sa0->is_tunnel_ip6))
{
tunnel_mode = 0;
+
ih4 =
- (ip4_header_t *) (i_b0->data +
- sizeof (ethernet_header_t));
+ (ip4_header_t *) ((u8 *) i_b0->data +
+ vnet_buffer (i_b0)->l3_hdr_offset);
if (PREDICT_TRUE
((ih4->ip_version_and_header_length & 0xF0) != 0x40))
{
@@ -280,9 +281,7 @@ esp_decrypt_node_fn (vlib_main_t * vm,
{
transport_ip6 = 1;
ip_hdr_size = sizeof (ip6_header_t);
- ih6 =
- (ip6_header_t *) (i_b0->data +
- sizeof (ethernet_header_t));
+ ih6 = (ip6_header_t *) ih4;
oh6 = vlib_buffer_get_current (o_b0);
}
else