aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/vnet/ipsec/esp_decrypt.c16
-rw-r--r--src/vnet/ipsec/esp_encrypt.c2
2 files changed, 14 insertions, 4 deletions
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 68cb825f23b..3f463505e01 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -277,9 +277,19 @@ esp_decrypt_inline (vlib_main_t * vm,
}
else
{
- ih4 =
- (ip4_header_t *) ((u8 *) esp0 -
- sizeof (ip4_header_t));
+ if (sa0->udp_encap)
+ {
+ ih4 =
+ (ip4_header_t *) ((u8 *) esp0 -
+ sizeof (udp_header_t) -
+ sizeof (ip4_header_t));
+ }
+ else
+ {
+ ih4 =
+ (ip4_header_t *) ((u8 *) esp0 -
+ sizeof (ip4_header_t));
+ }
oh4 = vlib_buffer_get_current (o_b0);
ip_hdr_size = sizeof (ip4_header_t);
}
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index 4f2d7707395..88eda91bf7f 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -311,7 +311,7 @@ esp_encrypt_inline (vlib_main_t * vm,
vnet_buffer (o_b0)->sw_if_index[VLIB_TX] =
vnet_buffer (i_b0)->sw_if_index[VLIB_TX];
}
- vlib_buffer_advance (i_b0, ip_udp_hdr_size);
+ vlib_buffer_advance (i_b0, sizeof (ip4_header_t));
}
ASSERT (sa0->crypto_alg < IPSEC_CRYPTO_N_ALG);