diff options
author | vinay tripathi <vinayx.tripathi@intel.com> | 2023-06-06 12:57:55 +0530 |
---|---|---|
committer | vinay Tripathi <vinayx.tripathi@intel.com> | 2023-10-31 11:41:54 +0000 |
commit | 2d7988d719d1f3cab9ac4a0762786c4b07443671 (patch) | |
tree | 8b149e722029f810d6ae860662b765519186b82c /src/vnet/policer | |
parent | bc5f5305997e3b8f624b64bcc2d68687f31d515a (diff) |
ipsec: separate UDP and UDP-encapsulated ESP packet processing
This fix differentiates UDP and UDP-encapsulated ESP packets processing.
While UDP-encapsulated ESP traffic is processed as IPsec traffic, UDP as
other plain-text protocols is NOT dispatched against SPD policies.
Key logic is taken from RFC 3948, and is based on the fact
that the checksum of UDP packet encapsulating ESP packet must be zero.
Type: fix
Signed-off-by: vinay tripathi <vinayx.tripathi@intel.com>
Change-Id: Ib1b4d240eea8e89f2daf17ec833905f26cdb31bd
Diffstat (limited to 'src/vnet/policer')
0 files changed, 0 insertions, 0 deletions