diff options
Diffstat (limited to 'src/vnet/ipsec/esp_encrypt.c')
| -rw-r--r-- | src/vnet/ipsec/esp_encrypt.c | 39 |
1 files changed, 33 insertions, 6 deletions
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c index f5461684166..ed49cdc97eb 100644 --- a/src/vnet/ipsec/esp_encrypt.c +++ b/src/vnet/ipsec/esp_encrypt.c @@ -24,6 +24,7 @@ #include <vnet/ipsec/ipsec.h> #include <vnet/ipsec/ipsec_tun.h> #include <vnet/ipsec/esp.h> +#include <vnet/tunnel/tunnel_dp.h> #define foreach_esp_encrypt_next \ _(DROP4, "ip4-drop") \ @@ -743,9 +744,22 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node, u16 len = sizeof (ip6_header_t); hdr_len += len; ip6 = (ip6_header_t *) (payload - hdr_len); - clib_memcpy_fast (ip6, &sa0->ip6_hdr, len); - *next_hdr_ptr = (is_ip6 ? - IP_PROTOCOL_IPV6 : IP_PROTOCOL_IP_IN_IP); + clib_memcpy_fast (ip6, &sa0->ip6_hdr, sizeof (ip6_header_t)); + + if (is_ip6) + { + *next_hdr_ptr = IP_PROTOCOL_IPV6; + tunnel_encap_fixup_6o6 (sa0->tunnel_flags, + (const ip6_header_t *) payload, + ip6); + } + else + { + *next_hdr_ptr = IP_PROTOCOL_IP_IN_IP; + tunnel_encap_fixup_4o6 (sa0->tunnel_flags, + (const ip4_header_t *) payload, + ip6); + } len = payload_len_total + hdr_len - len; ip6->payload_length = clib_net_to_host_u16 (len); } @@ -755,9 +769,22 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node, u16 len = sizeof (ip4_header_t); hdr_len += len; ip4 = (ip4_header_t *) (payload - hdr_len); - clib_memcpy_fast (ip4, &sa0->ip4_hdr, len); - *next_hdr_ptr = (is_ip6 ? - IP_PROTOCOL_IPV6 : IP_PROTOCOL_IP_IN_IP); + clib_memcpy_fast (ip4, &sa0->ip4_hdr, sizeof (ip4_header_t)); + + if (is_ip6) + { + *next_hdr_ptr = IP_PROTOCOL_IPV6; + tunnel_encap_fixup_6o4_w_chksum (sa0->tunnel_flags, + (const ip6_header_t *) + payload, ip4); + } + else + { + *next_hdr_ptr = IP_PROTOCOL_IP_IN_IP; + tunnel_encap_fixup_4o4_w_chksum (sa0->tunnel_flags, + (const ip4_header_t *) + payload, ip4); + } len = payload_len_total + hdr_len; esp_update_ip4_hdr (ip4, len, /* is_transport */ 0, 0); } |