diff options
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r-- | src/vnet/ipsec/ah_decrypt.c | 6 | ||||
-rw-r--r-- | src/vnet/ipsec/ah_encrypt.c | 3 | ||||
-rw-r--r-- | src/vnet/ipsec/esp_decrypt.c | 2 | ||||
-rw-r--r-- | src/vnet/ipsec/esp_encrypt.c | 4 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec.c | 5 |
5 files changed, 7 insertions, 13 deletions
diff --git a/src/vnet/ipsec/ah_decrypt.c b/src/vnet/ipsec/ah_decrypt.c index 28589127d25..0fc4f48571d 100644 --- a/src/vnet/ipsec/ah_decrypt.c +++ b/src/vnet/ipsec/ah_decrypt.c @@ -87,7 +87,7 @@ ah_decrypt_inline (vlib_main_t * vm, ipsec_proto_main_t *em = &ipsec_proto_main; from = vlib_frame_vector_args (from_frame); n_left_from = from_frame->n_vectors; - int icv_size = 0; + int icv_size; next_index = node->cached_next_index; thread_index = vm->thread_index; @@ -178,9 +178,7 @@ ah_decrypt_inline (vlib_main_t * vm, if (PREDICT_TRUE (sa0->integ_alg != IPSEC_INTEG_ALG_NONE)) { u8 sig[64]; - u8 digest[64]; - clib_memset (sig, 0, sizeof (sig)); - clib_memset (digest, 0, sizeof (digest)); + u8 digest[icv_size]; u8 *icv = ah0->auth_data; memcpy (digest, icv, icv_size); clib_memset (icv, 0, icv_size); diff --git a/src/vnet/ipsec/ah_encrypt.c b/src/vnet/ipsec/ah_encrypt.c index 5f6a0991be3..2e561deb8b6 100644 --- a/src/vnet/ipsec/ah_encrypt.c +++ b/src/vnet/ipsec/ah_encrypt.c @@ -261,7 +261,7 @@ ah_encrypt_inline (vlib_main_t * vm, } u8 sig[64]; - clib_memset (sig, 0, sizeof (sig)); + u8 *digest = vlib_buffer_get_current (i_b0) + ip_hdr_size + sizeof (ah_header_t); @@ -296,7 +296,6 @@ ah_encrypt_inline (vlib_main_t * vm, trace: if (PREDICT_FALSE (i_b0->flags & VLIB_BUFFER_IS_TRACED)) { - i_b0->flags |= VLIB_BUFFER_IS_TRACED; ah_encrypt_trace_t *tr = vlib_add_trace (vm, node, i_b0, sizeof (*tr)); tr->spi = sa0->spi; diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c index 2548ed401d9..0cb5c154895 100644 --- a/src/vnet/ipsec/esp_decrypt.c +++ b/src/vnet/ipsec/esp_decrypt.c @@ -25,7 +25,7 @@ #define foreach_esp_decrypt_next \ _(DROP, "error-drop") \ -_(IP4_INPUT, "ip4-input") \ +_(IP4_INPUT, "ip4-input-no-checksum") \ _(IP6_INPUT, "ip6-input") \ _(IPSEC_GRE_INPUT, "ipsec-gre-input") diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c index ffa02115858..1e0bd7facf5 100644 --- a/src/vnet/ipsec/esp_encrypt.c +++ b/src/vnet/ipsec/esp_encrypt.c @@ -23,10 +23,6 @@ #include <vnet/ipsec/ipsec.h> #include <vnet/ipsec/esp.h> -#ifndef CLIB_MARCH_VARIANT -ipsec_proto_main_t ipsec_proto_main; -#endif /* CLIB_MARCH_VARIANT */ - #define foreach_esp_encrypt_next \ _(DROP, "error-drop") \ _(IP4_LOOKUP, "ip4-lookup") \ diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c index a512d0094a6..a1d8f09691b 100644 --- a/src/vnet/ipsec/ipsec.c +++ b/src/vnet/ipsec/ipsec.c @@ -26,6 +26,7 @@ #include <vnet/ipsec/ah.h> ipsec_main_t ipsec_main; +ipsec_proto_main_t ipsec_proto_main; static void ipsec_rand_seed (void) @@ -136,7 +137,7 @@ ipsec_register_ah_backend (vlib_main_t * vm, ipsec_main_t * im, { ipsec_ah_backend_t *b; pool_get (im->ah_backends, b); - b->name = format (NULL, "%s", name); + b->name = format (0, "%s%c", name, 0); ipsec_add_node (vm, ah4_encrypt_node_name, "ipsec4-output-feature", &b->ah4_encrypt_node_index, &b->ah4_encrypt_next_index); @@ -164,7 +165,7 @@ ipsec_register_esp_backend (vlib_main_t * vm, ipsec_main_t * im, { ipsec_esp_backend_t *b; pool_get (im->esp_backends, b); - b->name = format (NULL, "%s", name); + b->name = format (0, "%s%c", name, 0); ipsec_add_node (vm, esp4_encrypt_node_name, "ipsec4-output-feature", &b->esp4_encrypt_node_index, &b->esp4_encrypt_next_index); |