diff options
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r-- | src/vnet/ipsec/ipsec_input.c | 14 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_spd_fp_lookup.h | 12 |
2 files changed, 13 insertions, 13 deletions
diff --git a/src/vnet/ipsec/ipsec_input.c b/src/vnet/ipsec/ipsec_input.c index 62723d4ffa8..4412ff331ea 100644 --- a/src/vnet/ipsec/ipsec_input.c +++ b/src/vnet/ipsec/ipsec_input.c @@ -153,24 +153,24 @@ ipsec4_input_spd_find_flow_cache_entry (ipsec_main_t *im, u32 sa, u32 da, } always_inline void -ipsec_fp_in_5tuple_from_ip4_range (ipsec_fp_5tuple_t *tuple, u32 la, u32 ra, +ipsec_fp_in_5tuple_from_ip4_range (ipsec_fp_5tuple_t *tuple, u32 sa, u32 da, u32 spi, u8 action) { clib_memset (tuple->l3_zero_pad, 0, sizeof (tuple->l3_zero_pad)); - tuple->laddr.as_u32 = la; - tuple->raddr.as_u32 = ra; + tuple->laddr.as_u32 = da; + tuple->raddr.as_u32 = sa; tuple->spi = spi; tuple->action = action; tuple->is_ipv6 = 0; } always_inline void -ipsec_fp_in_5tuple_from_ip6_range (ipsec_fp_5tuple_t *tuple, ip6_address_t *la, - ip6_address_t *ra, u32 spi, u8 action) +ipsec_fp_in_5tuple_from_ip6_range (ipsec_fp_5tuple_t *tuple, ip6_address_t *sa, + ip6_address_t *da, u32 spi, u8 action) { - clib_memcpy (&tuple->ip6_laddr, la, sizeof (ip6_address_t)); - clib_memcpy (&tuple->ip6_raddr, ra, sizeof (ip6_address_t)); + clib_memcpy (&tuple->ip6_laddr, da, sizeof (ip6_address_t)); + clib_memcpy (&tuple->ip6_raddr, sa, sizeof (ip6_address_t)); tuple->spi = spi; tuple->action = action; diff --git a/src/vnet/ipsec/ipsec_spd_fp_lookup.h b/src/vnet/ipsec/ipsec_spd_fp_lookup.h index a372ac77a50..71260855317 100644 --- a/src/vnet/ipsec/ipsec_spd_fp_lookup.h +++ b/src/vnet/ipsec/ipsec_spd_fp_lookup.h @@ -97,8 +97,8 @@ static_always_inline int single_rule_in_match_5tuple (ipsec_policy_t *policy, ipsec_fp_5tuple_t *match) { - u32 sa = clib_net_to_host_u32 (match->laddr.as_u32); - u32 da = clib_net_to_host_u32 (match->raddr.as_u32); + u32 da = clib_net_to_host_u32 (match->laddr.as_u32); + u32 sa = clib_net_to_host_u32 (match->raddr.as_u32); if (policy->policy == IPSEC_POLICY_ACTION_PROTECT) { @@ -118,16 +118,16 @@ single_rule_in_match_5tuple (ipsec_policy_t *policy, ipsec_fp_5tuple_t *match) } else { - if (da < clib_net_to_host_u32 (policy->raddr.start.ip4.as_u32)) + if (sa < clib_net_to_host_u32 (policy->raddr.start.ip4.as_u32)) return (0); - if (da > clib_net_to_host_u32 (policy->raddr.stop.ip4.as_u32)) + if (sa > clib_net_to_host_u32 (policy->raddr.stop.ip4.as_u32)) return (0); - if (sa < clib_net_to_host_u32 (policy->laddr.start.ip4.as_u32)) + if (da < clib_net_to_host_u32 (policy->laddr.start.ip4.as_u32)) return (0); - if (sa > clib_net_to_host_u32 (policy->laddr.stop.ip4.as_u32)) + if (da > clib_net_to_host_u32 (policy->laddr.stop.ip4.as_u32)) return (0); } return (1); |