diff options
| -rw-r--r-- | vnet/vnet/ipsec/ipsec_output.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/vnet/vnet/ipsec/ipsec_output.c b/vnet/vnet/ipsec/ipsec_output.c index c27e8e6a0a5..ee21b777af4 100644 --- a/vnet/vnet/ipsec/ipsec_output.c +++ b/vnet/vnet/ipsec/ipsec_output.c @@ -225,14 +225,14 @@ ipsec_output_node_fn (vlib_main_t * vm, ip6_header_t *ip6_0 = 0; udp_header_t *udp0; u8 is_ipv6 = 0; + u32 iph_offset = 0; bi0 = from[0]; b0 = vlib_get_buffer (vm, bi0); sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_TX]; - - - ip0 = (ip4_header_t *) ((u8 *) vlib_buffer_get_current (b0) + - sizeof (ethernet_header_t)); + iph_offset = vnet_buffer (b0)->ip.save_rewrite_length; + ip0 = (ip4_header_t *) ((u8 *) vlib_buffer_get_current (b0) + + iph_offset); /* just forward non ipv4 packets */ if (PREDICT_FALSE ((ip0->ip_version_and_header_length & 0xF0) != 0x40)) @@ -242,8 +242,8 @@ ipsec_output_node_fn (vlib_main_t * vm, ((ip0->ip_version_and_header_length & 0xF0) == 0x60)) { is_ipv6 = 1; - ip6_0 = (ip6_header_t *) ((u8 *) vlib_buffer_get_current (b0) + - sizeof (ethernet_header_t)); + ip6_0 = (ip6_header_t *) ((u8 *) vlib_buffer_get_current (b0) + + iph_offset); } else { @@ -315,7 +315,7 @@ ipsec_output_node_fn (vlib_main_t * vm, next_node_index = im->esp_encrypt_node_index; vnet_buffer (b0)->output_features.ipsec_sad_index = p0->sa_index; - vlib_buffer_advance (b0, sizeof (ethernet_header_t)); + vlib_buffer_advance (b0, iph_offset); p0->counter.packets++; if (is_ipv6) { |