summaryrefslogtreecommitdiffstats
path: root/src/vnet
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-06-14 01:13:25 -0700
committerDamjan Marion <dmarion@me.com>2019-06-14 11:19:01 +0000
commita6bee0a11a07e4e1e4ac67e5041e9ad197766ba2 (patch)
tree260e9b7809b61d3e8efc043d2ac9a78013589b48 /src/vnet
parentf5b017615d25b8fb8760fa6b9b7e4249d93c6564 (diff)
ipsec: Correctly rewind the buffer to the IP header when punting UDP encapped SPI-0 packets
Type: fix Fixes: b71fa75d48 Change-Id: I2d81b373f7659e702759939c096b315afa36f621 Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet')
-rw-r--r--src/vnet/ipsec/ipsec_if_in.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/vnet/ipsec/ipsec_if_in.c b/src/vnet/ipsec/ipsec_if_in.c
index b585c3d4dcf..9565078b3b9 100644
--- a/src/vnet/ipsec/ipsec_if_in.c
+++ b/src/vnet/ipsec/ipsec_if_in.c
@@ -440,7 +440,7 @@ ipsec_if_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
ip6_header_t *ip60;
esp_header_t *esp0;
u32 len0;
- u16 buf_adv0;
+ u16 buf_adv0, buf_rewind0;
u32 tid0;
ipsec_tunnel_if_t *t0;
ipsec4_tunnel_key_t key40;
@@ -464,11 +464,12 @@ ipsec_if_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
(esp_header_t *) ((u8 *) ip40 + ip4_header_bytes (ip40) +
sizeof (udp_header_t));
buf_adv0 = 0;
+ buf_rewind0 = ip4_header_bytes (ip40) + sizeof (udp_header_t);
}
else
{
esp0 = (esp_header_t *) ((u8 *) ip40 + ip4_header_bytes (ip40));
- buf_adv0 = ip4_header_bytes (ip40);
+ buf_rewind0 = buf_adv0 = ip4_header_bytes (ip40);
}
}
@@ -527,7 +528,8 @@ ipsec_if_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
else
{
next[0] =
- ipsec_ip4_if_no_tunnel (node, b[0], esp0, ip40, buf_adv0);
+ ipsec_ip4_if_no_tunnel (node, b[0], esp0, ip40,
+ buf_rewind0);
n_no_tunnel++;
goto trace00;
}