aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/dpdk/ipsec/esp_decrypt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/dpdk/ipsec/esp_decrypt.c')
-rw-r--r--src/plugins/dpdk/ipsec/esp_decrypt.c31
1 files changed, 20 insertions, 11 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c
index 06909b3d347..8327e743d47 100644
--- a/src/plugins/dpdk/ipsec/esp_decrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_decrypt.c
@@ -439,6 +439,7 @@ dpdk_esp_decrypt_post_node_fn (vlib_main_t * vm,
crypto_alg_t *cipher_alg, *auth_alg;
esp_header_t *esp0;
u8 trunc_size, is_aead;
+ u16 udp_encap_adv = 0;
next0 = ESP_DECRYPT_NEXT_DROP;
@@ -476,9 +477,15 @@ dpdk_esp_decrypt_post_node_fn (vlib_main_t * vm,
esp_replay_advance(sa0, seq);
}
+ /* if UDP encapsulation is used adjust the address of the IP header */
+ if (sa0->udp_encap && (b0->flags & VNET_BUFFER_F_IS_IP4))
+ {
+ udp_encap_adv = sizeof (udp_header_t);
+ }
+
if (b0->flags & VNET_BUFFER_F_IS_IP4)
- ih4 =
- (ip4_header_t *) ((u8 *) esp0 - sizeof (ip4_header_t));
+ ih4 = (ip4_header_t *)
+ ((u8 *) esp0 - udp_encap_adv - sizeof (ip4_header_t));
else
ih4 =
(ip4_header_t *) ((u8 *) esp0 - sizeof (ip6_header_t));
@@ -519,15 +526,17 @@ dpdk_esp_decrypt_post_node_fn (vlib_main_t * vm,
{
if ((ih4->ip_version_and_header_length & 0xF0) == 0x40)
{
- u16 ih4_len = ip4_header_bytes (ih4);
- vlib_buffer_advance (b0, - ih4_len);
- oh4 = vlib_buffer_get_current (b0);
- memmove(oh4, ih4, ih4_len);
-
- next0 = ESP_DECRYPT_NEXT_IP4_INPUT;
- oh4->protocol = f0->next_header;
- oh4->length = clib_host_to_net_u16 (b0->current_length);
- oh4->checksum = ip4_header_checksum(oh4);
+ u16 ih4_len = ip4_header_bytes (ih4);
+ vlib_buffer_advance (b0, - ih4_len - udp_encap_adv);
+ next0 = ESP_DECRYPT_NEXT_IP4_INPUT;
+ if (!sa0->udp_encap)
+ {
+ oh4 = vlib_buffer_get_current (b0);
+ memmove(oh4, ih4, ih4_len);
+ oh4->protocol = f0->next_header;
+ oh4->length = clib_host_to_net_u16 (b0->current_length);
+ oh4->checksum = ip4_header_checksum(oh4);
+ }
}
else if ((ih4->ip_version_and_header_length & 0xF0) == 0x60)
{