summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r--src/vnet/ipsec/ipsec_input.c14
-rw-r--r--src/vnet/ipsec/ipsec_spd_fp_lookup.h12
2 files changed, 13 insertions, 13 deletions
diff --git a/src/vnet/ipsec/ipsec_input.c b/src/vnet/ipsec/ipsec_input.c
index 62723d4ffa8..4412ff331ea 100644
--- a/src/vnet/ipsec/ipsec_input.c
+++ b/src/vnet/ipsec/ipsec_input.c
@@ -153,24 +153,24 @@ ipsec4_input_spd_find_flow_cache_entry (ipsec_main_t *im, u32 sa, u32 da,
}
always_inline void
-ipsec_fp_in_5tuple_from_ip4_range (ipsec_fp_5tuple_t *tuple, u32 la, u32 ra,
+ipsec_fp_in_5tuple_from_ip4_range (ipsec_fp_5tuple_t *tuple, u32 sa, u32 da,
u32 spi, u8 action)
{
clib_memset (tuple->l3_zero_pad, 0, sizeof (tuple->l3_zero_pad));
- tuple->laddr.as_u32 = la;
- tuple->raddr.as_u32 = ra;
+ tuple->laddr.as_u32 = da;
+ tuple->raddr.as_u32 = sa;
tuple->spi = spi;
tuple->action = action;
tuple->is_ipv6 = 0;
}
always_inline void
-ipsec_fp_in_5tuple_from_ip6_range (ipsec_fp_5tuple_t *tuple, ip6_address_t *la,
- ip6_address_t *ra, u32 spi, u8 action)
+ipsec_fp_in_5tuple_from_ip6_range (ipsec_fp_5tuple_t *tuple, ip6_address_t *sa,
+ ip6_address_t *da, u32 spi, u8 action)
{
- clib_memcpy (&tuple->ip6_laddr, la, sizeof (ip6_address_t));
- clib_memcpy (&tuple->ip6_raddr, ra, sizeof (ip6_address_t));
+ clib_memcpy (&tuple->ip6_laddr, da, sizeof (ip6_address_t));
+ clib_memcpy (&tuple->ip6_raddr, sa, sizeof (ip6_address_t));
tuple->spi = spi;
tuple->action = action;
diff --git a/src/vnet/ipsec/ipsec_spd_fp_lookup.h b/src/vnet/ipsec/ipsec_spd_fp_lookup.h
index a372ac77a50..71260855317 100644
--- a/src/vnet/ipsec/ipsec_spd_fp_lookup.h
+++ b/src/vnet/ipsec/ipsec_spd_fp_lookup.h
@@ -97,8 +97,8 @@ static_always_inline int
single_rule_in_match_5tuple (ipsec_policy_t *policy, ipsec_fp_5tuple_t *match)
{
- u32 sa = clib_net_to_host_u32 (match->laddr.as_u32);
- u32 da = clib_net_to_host_u32 (match->raddr.as_u32);
+ u32 da = clib_net_to_host_u32 (match->laddr.as_u32);
+ u32 sa = clib_net_to_host_u32 (match->raddr.as_u32);
if (policy->policy == IPSEC_POLICY_ACTION_PROTECT)
{
@@ -118,16 +118,16 @@ single_rule_in_match_5tuple (ipsec_policy_t *policy, ipsec_fp_5tuple_t *match)
}
else
{
- if (da < clib_net_to_host_u32 (policy->raddr.start.ip4.as_u32))
+ if (sa < clib_net_to_host_u32 (policy->raddr.start.ip4.as_u32))
return (0);
- if (da > clib_net_to_host_u32 (policy->raddr.stop.ip4.as_u32))
+ if (sa > clib_net_to_host_u32 (policy->raddr.stop.ip4.as_u32))
return (0);
- if (sa < clib_net_to_host_u32 (policy->laddr.start.ip4.as_u32))
+ if (da < clib_net_to_host_u32 (policy->laddr.start.ip4.as_u32))
return (0);
- if (sa > clib_net_to_host_u32 (policy->laddr.stop.ip4.as_u32))
+ if (da > clib_net_to_host_u32 (policy->laddr.stop.ip4.as_u32))
return (0);
}
return (1);