diff options
author | Matus Fabian <matfabia@cisco.com> | 2016-08-10 01:55:36 -0700 |
---|---|---|
committer | Keith Burns <alagalah@gmail.com> | 2016-08-17 23:21:46 +0000 |
commit | 694265d4f10dc86bd27bfd29a2b7c49440aeb6b5 (patch) | |
tree | 48dac360be791a6de945b4eaf1eca495ef08ef0a /vnet/vnet/ipsec/ipsec_input.c | |
parent | 0c25d1f2a872e693d22b81f1d9cd48cc46b10cc1 (diff) |
VPP-202: L2-GRE over IPSecv16.12-rc0
GRE encapsulate layer 2 traffic and IPSec encrypt what is encapsulated by GRE.
The whole point of L2-GRE over IPSec is to tunnel layer 2 over GRE and IPSec by
bridging the physical interface with IPSec-GRE tunnel interface.
Change-Id: Ia4cf9ed407bf663770e0d8905c0ad44ce73bd23b
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Diffstat (limited to 'vnet/vnet/ipsec/ipsec_input.c')
-rw-r--r-- | vnet/vnet/ipsec/ipsec_input.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/vnet/vnet/ipsec/ipsec_input.c b/vnet/vnet/ipsec/ipsec_input.c index 2bc4e2b4999..8364e226ae1 100644 --- a/vnet/vnet/ipsec/ipsec_input.c +++ b/vnet/vnet/ipsec/ipsec_input.c @@ -239,11 +239,11 @@ ipsec_input_ip4_node_fn (vlib_main_t * vm, ipsec_policy_t *p0; p0 = ipsec_input_protect_policy_match (spd0, clib_net_to_host_u32 - (ip0->src_address. - as_u32), + (ip0-> + src_address.as_u32), clib_net_to_host_u32 - (ip0->dst_address. - as_u32), + (ip0-> + dst_address.as_u32), clib_net_to_host_u32 (esp0->spi)); @@ -253,6 +253,7 @@ ipsec_input_ip4_node_fn (vlib_main_t * vm, p0->counter.bytes += clib_net_to_host_u16 (ip0->length); vnet_buffer (b0)->output_features.ipsec_sad_index = p0->sa_index; + vnet_buffer (b0)->output_features.ipsec_flags = 0; next0 = IPSEC_INPUT_NEXT_ESP_DECRYPT; vlib_buffer_advance (b0, ip4_header_bytes (ip0)); goto trace0; @@ -382,6 +383,7 @@ VLIB_NODE_FUNCTION_MULTIARCH (ipsec_input_ip4_node, ipsec_input_ip4_node_fn) p0->counter.bytes += header_size; vnet_buffer (b0)->output_features.ipsec_sad_index = p0->sa_index; + vnet_buffer (b0)->output_features.ipsec_flags = 0; next0 = IPSEC_INPUT_NEXT_ESP_DECRYPT; vlib_buffer_advance (b0, header_size); goto trace0; |