diff options
author | Neale Ranns <nranns@cisco.com> | 2019-06-14 01:13:25 -0700 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2019-06-14 11:19:01 +0000 |
commit | a6bee0a11a07e4e1e4ac67e5041e9ad197766ba2 (patch) | |
tree | 260e9b7809b61d3e8efc043d2ac9a78013589b48 /src/vnet | |
parent | f5b017615d25b8fb8760fa6b9b7e4249d93c6564 (diff) |
ipsec: Correctly rewind the buffer to the IP header when punting UDP encapped SPI-0 packets
Type: fix
Fixes: b71fa75d48
Change-Id: I2d81b373f7659e702759939c096b315afa36f621
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet')
-rw-r--r-- | src/vnet/ipsec/ipsec_if_in.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/vnet/ipsec/ipsec_if_in.c b/src/vnet/ipsec/ipsec_if_in.c index b585c3d4dcf..9565078b3b9 100644 --- a/src/vnet/ipsec/ipsec_if_in.c +++ b/src/vnet/ipsec/ipsec_if_in.c @@ -440,7 +440,7 @@ ipsec_if_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node, ip6_header_t *ip60; esp_header_t *esp0; u32 len0; - u16 buf_adv0; + u16 buf_adv0, buf_rewind0; u32 tid0; ipsec_tunnel_if_t *t0; ipsec4_tunnel_key_t key40; @@ -464,11 +464,12 @@ ipsec_if_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node, (esp_header_t *) ((u8 *) ip40 + ip4_header_bytes (ip40) + sizeof (udp_header_t)); buf_adv0 = 0; + buf_rewind0 = ip4_header_bytes (ip40) + sizeof (udp_header_t); } else { esp0 = (esp_header_t *) ((u8 *) ip40 + ip4_header_bytes (ip40)); - buf_adv0 = ip4_header_bytes (ip40); + buf_rewind0 = buf_adv0 = ip4_header_bytes (ip40); } } @@ -527,7 +528,8 @@ ipsec_if_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node, else { next[0] = - ipsec_ip4_if_no_tunnel (node, b[0], esp0, ip40, buf_adv0); + ipsec_ip4_if_no_tunnel (node, b[0], esp0, ip40, + buf_rewind0); n_no_tunnel++; goto trace00; } |