diff options
Diffstat (limited to 'src/vnet/ipsec/ipsec_output.c')
-rw-r--r-- | src/vnet/ipsec/ipsec_output.c | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/src/vnet/ipsec/ipsec_output.c b/src/vnet/ipsec/ipsec_output.c index 83ab629453d..a2553764192 100644 --- a/src/vnet/ipsec/ipsec_output.c +++ b/src/vnet/ipsec/ipsec_output.c @@ -82,16 +82,16 @@ ipsec_output_policy_match (ipsec_spd_t * spd, u8 pr, u32 la, u32 ra, u16 lp, if (PREDICT_FALSE (p->protocol && (p->protocol != pr))) continue; - if (ra < p->raddr.start.ip4.as_u32) + if (ra < clib_net_to_host_u32 (p->raddr.start.ip4.as_u32)) continue; - if (ra > p->raddr.stop.ip4.as_u32) + if (ra > clib_net_to_host_u32 (p->raddr.stop.ip4.as_u32)) continue; - if (la < p->laddr.start.ip4.as_u32) + if (la < clib_net_to_host_u32 (p->laddr.start.ip4.as_u32)) continue; - if (la > p->laddr.stop.ip4.as_u32) + if (la > clib_net_to_host_u32 (p->laddr.stop.ip4.as_u32)) continue; if (PREDICT_FALSE @@ -239,8 +239,10 @@ ipsec_output_inline (vlib_main_t * vm, vlib_node_runtime_t * node, p0 = ipsec6_output_policy_match (spd0, &ip6_0->src_address, &ip6_0->dst_address, - udp0->src_port, - udp0->dst_port, ip6_0->protocol); + clib_net_to_host_u16 + (udp0->src_port), + clib_net_to_host_u16 + (udp0->dst_port), ip6_0->protocol); } else { @@ -256,9 +258,14 @@ ipsec_output_inline (vlib_main_t * vm, vlib_node_runtime_t * node, #endif p0 = ipsec_output_policy_match (spd0, ip0->protocol, - ip0->src_address.as_u32, - ip0->dst_address.as_u32, - udp0->src_port, udp0->dst_port); + clib_net_to_host_u32 + (ip0->src_address.as_u32), + clib_net_to_host_u32 + (ip0->dst_address.as_u32), + clib_net_to_host_u16 + (udp0->src_port), + clib_net_to_host_u16 + (udp0->dst_port)); } tcp0 = (void *) udp0; |