summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r--src/vnet/ipsec/ah_decrypt.c6
-rw-r--r--src/vnet/ipsec/ah_encrypt.c3
-rw-r--r--src/vnet/ipsec/esp_decrypt.c2
-rw-r--r--src/vnet/ipsec/esp_encrypt.c4
-rw-r--r--src/vnet/ipsec/ipsec.c5
5 files changed, 7 insertions, 13 deletions
diff --git a/src/vnet/ipsec/ah_decrypt.c b/src/vnet/ipsec/ah_decrypt.c
index 28589127d25..0fc4f48571d 100644
--- a/src/vnet/ipsec/ah_decrypt.c
+++ b/src/vnet/ipsec/ah_decrypt.c
@@ -87,7 +87,7 @@ ah_decrypt_inline (vlib_main_t * vm,
ipsec_proto_main_t *em = &ipsec_proto_main;
from = vlib_frame_vector_args (from_frame);
n_left_from = from_frame->n_vectors;
- int icv_size = 0;
+ int icv_size;
next_index = node->cached_next_index;
thread_index = vm->thread_index;
@@ -178,9 +178,7 @@ ah_decrypt_inline (vlib_main_t * vm,
if (PREDICT_TRUE (sa0->integ_alg != IPSEC_INTEG_ALG_NONE))
{
u8 sig[64];
- u8 digest[64];
- clib_memset (sig, 0, sizeof (sig));
- clib_memset (digest, 0, sizeof (digest));
+ u8 digest[icv_size];
u8 *icv = ah0->auth_data;
memcpy (digest, icv, icv_size);
clib_memset (icv, 0, icv_size);
diff --git a/src/vnet/ipsec/ah_encrypt.c b/src/vnet/ipsec/ah_encrypt.c
index 5f6a0991be3..2e561deb8b6 100644
--- a/src/vnet/ipsec/ah_encrypt.c
+++ b/src/vnet/ipsec/ah_encrypt.c
@@ -261,7 +261,7 @@ ah_encrypt_inline (vlib_main_t * vm,
}
u8 sig[64];
- clib_memset (sig, 0, sizeof (sig));
+
u8 *digest =
vlib_buffer_get_current (i_b0) + ip_hdr_size +
sizeof (ah_header_t);
@@ -296,7 +296,6 @@ ah_encrypt_inline (vlib_main_t * vm,
trace:
if (PREDICT_FALSE (i_b0->flags & VLIB_BUFFER_IS_TRACED))
{
- i_b0->flags |= VLIB_BUFFER_IS_TRACED;
ah_encrypt_trace_t *tr =
vlib_add_trace (vm, node, i_b0, sizeof (*tr));
tr->spi = sa0->spi;
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 2548ed401d9..0cb5c154895 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -25,7 +25,7 @@
#define foreach_esp_decrypt_next \
_(DROP, "error-drop") \
-_(IP4_INPUT, "ip4-input") \
+_(IP4_INPUT, "ip4-input-no-checksum") \
_(IP6_INPUT, "ip6-input") \
_(IPSEC_GRE_INPUT, "ipsec-gre-input")
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index ffa02115858..1e0bd7facf5 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -23,10 +23,6 @@
#include <vnet/ipsec/ipsec.h>
#include <vnet/ipsec/esp.h>
-#ifndef CLIB_MARCH_VARIANT
-ipsec_proto_main_t ipsec_proto_main;
-#endif /* CLIB_MARCH_VARIANT */
-
#define foreach_esp_encrypt_next \
_(DROP, "error-drop") \
_(IP4_LOOKUP, "ip4-lookup") \
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index a512d0094a6..a1d8f09691b 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -26,6 +26,7 @@
#include <vnet/ipsec/ah.h>
ipsec_main_t ipsec_main;
+ipsec_proto_main_t ipsec_proto_main;
static void
ipsec_rand_seed (void)
@@ -136,7 +137,7 @@ ipsec_register_ah_backend (vlib_main_t * vm, ipsec_main_t * im,
{
ipsec_ah_backend_t *b;
pool_get (im->ah_backends, b);
- b->name = format (NULL, "%s", name);
+ b->name = format (0, "%s%c", name, 0);
ipsec_add_node (vm, ah4_encrypt_node_name, "ipsec4-output-feature",
&b->ah4_encrypt_node_index, &b->ah4_encrypt_next_index);
@@ -164,7 +165,7 @@ ipsec_register_esp_backend (vlib_main_t * vm, ipsec_main_t * im,
{
ipsec_esp_backend_t *b;
pool_get (im->esp_backends, b);
- b->name = format (NULL, "%s", name);
+ b->name = format (0, "%s%c", name, 0);
ipsec_add_node (vm, esp4_encrypt_node_name, "ipsec4-output-feature",
&b->esp4_encrypt_node_index, &b->esp4_encrypt_next_index);