diff options
Diffstat (limited to 'src/plugins/dpdk/ipsec/esp_decrypt.c')
-rw-r--r-- | src/plugins/dpdk/ipsec/esp_decrypt.c | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c index 06909b3d347..8327e743d47 100644 --- a/src/plugins/dpdk/ipsec/esp_decrypt.c +++ b/src/plugins/dpdk/ipsec/esp_decrypt.c @@ -439,6 +439,7 @@ dpdk_esp_decrypt_post_node_fn (vlib_main_t * vm, crypto_alg_t *cipher_alg, *auth_alg; esp_header_t *esp0; u8 trunc_size, is_aead; + u16 udp_encap_adv = 0; next0 = ESP_DECRYPT_NEXT_DROP; @@ -476,9 +477,15 @@ dpdk_esp_decrypt_post_node_fn (vlib_main_t * vm, esp_replay_advance(sa0, seq); } + /* if UDP encapsulation is used adjust the address of the IP header */ + if (sa0->udp_encap && (b0->flags & VNET_BUFFER_F_IS_IP4)) + { + udp_encap_adv = sizeof (udp_header_t); + } + if (b0->flags & VNET_BUFFER_F_IS_IP4) - ih4 = - (ip4_header_t *) ((u8 *) esp0 - sizeof (ip4_header_t)); + ih4 = (ip4_header_t *) + ((u8 *) esp0 - udp_encap_adv - sizeof (ip4_header_t)); else ih4 = (ip4_header_t *) ((u8 *) esp0 - sizeof (ip6_header_t)); @@ -519,15 +526,17 @@ dpdk_esp_decrypt_post_node_fn (vlib_main_t * vm, { if ((ih4->ip_version_and_header_length & 0xF0) == 0x40) { - u16 ih4_len = ip4_header_bytes (ih4); - vlib_buffer_advance (b0, - ih4_len); - oh4 = vlib_buffer_get_current (b0); - memmove(oh4, ih4, ih4_len); - - next0 = ESP_DECRYPT_NEXT_IP4_INPUT; - oh4->protocol = f0->next_header; - oh4->length = clib_host_to_net_u16 (b0->current_length); - oh4->checksum = ip4_header_checksum(oh4); + u16 ih4_len = ip4_header_bytes (ih4); + vlib_buffer_advance (b0, - ih4_len - udp_encap_adv); + next0 = ESP_DECRYPT_NEXT_IP4_INPUT; + if (!sa0->udp_encap) + { + oh4 = vlib_buffer_get_current (b0); + memmove(oh4, ih4, ih4_len); + oh4->protocol = f0->next_header; + oh4->length = clib_host_to_net_u16 (b0->current_length); + oh4->checksum = ip4_header_checksum(oh4); + } } else if ((ih4->ip_version_and_header_length & 0xF0) == 0x60) { |