summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/plugins/dpdk/ipsec/esp_decrypt.c16
-rw-r--r--src/plugins/dpdk/ipsec/esp_encrypt.c3
2 files changed, 9 insertions, 10 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c
index 315251694ba..ae35ab5aaae 100644
--- a/src/plugins/dpdk/ipsec/esp_decrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_decrypt.c
@@ -616,16 +616,14 @@ dpdk_esp_decrypt_post_inline (vlib_main_t * vm,
if ((ih4->ip_version_and_header_length & 0xF0) == 0x40)
{
u16 ih4_len = ip4_header_bytes (ih4);
- vlib_buffer_advance (b0, -ih4_len - udp_encap_adv);
+ vlib_buffer_advance (b0, -ih4_len);
next0 = ESP_DECRYPT_NEXT_IP4_INPUT;
- if (!ipsec_sa_is_set_UDP_ENCAP (sa0))
- {
- oh4 = vlib_buffer_get_current (b0);
- memmove (oh4, ih4, ih4_len);
- oh4->protocol = f0->next_header;
- oh4->length = clib_host_to_net_u16 (b0->current_length);
- oh4->checksum = ip4_header_checksum (oh4);
- }
+
+ oh4 = vlib_buffer_get_current (b0);
+ memmove (oh4, ih4, ih4_len);
+ oh4->protocol = f0->next_header;
+ oh4->length = clib_host_to_net_u16 (b0->current_length);
+ oh4->checksum = ip4_header_checksum (oh4);
}
else if ((ih4->ip_version_and_header_length & 0xF0) == 0x60)
{
diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index c024f97e1e2..73f2081152d 100644
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -428,6 +428,7 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
u8 *src = ((u8 *) ih0) - rewrite_len;
u8 *dst = vlib_buffer_get_current (b0);
oh0 = vlib_buffer_get_current (b0) + rewrite_len;
+ ouh0 = vlib_buffer_get_current (b0) + rewrite_len;
if (is_ip6)
{
@@ -577,7 +578,7 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
tr->crypto_alg = sa0->crypto_alg;
tr->integ_alg = sa0->integ_alg;
u8 *p = vlib_buffer_get_current (b0);
- if (!ipsec_sa_is_set_IS_TUNNEL (sa0))
+ if (!ipsec_sa_is_set_IS_TUNNEL (sa0) && !is_tun)
p += vnet_buffer (b0)->ip.save_rewrite_length;
clib_memcpy_fast (tr->packet_data, p, sizeof (tr->packet_data));
}