diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/dpdk/ipsec/esp_decrypt.c | 8 | ||||
-rw-r--r-- | src/vnet/ipsec/esp_decrypt.c | 10 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_input.c | 4 |
3 files changed, 18 insertions, 4 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c index 85bfb64f1f5..06909b3d347 100644 --- a/src/plugins/dpdk/ipsec/esp_decrypt.c +++ b/src/plugins/dpdk/ipsec/esp_decrypt.c @@ -476,7 +476,13 @@ dpdk_esp_decrypt_post_node_fn (vlib_main_t * vm, esp_replay_advance(sa0, seq); } - ih4 = (ip4_header_t *) (b0->data + vnet_buffer(b0)->l3_hdr_offset); + if (b0->flags & VNET_BUFFER_F_IS_IP4) + ih4 = + (ip4_header_t *) ((u8 *) esp0 - sizeof (ip4_header_t)); + else + ih4 = + (ip4_header_t *) ((u8 *) esp0 - sizeof (ip6_header_t)); + vlib_buffer_advance (b0, sizeof (esp_header_t) + iv_size); b0->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID; diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c index 62b12dbbdf6..a0eeed464da 100644 --- a/src/vnet/ipsec/esp_decrypt.c +++ b/src/vnet/ipsec/esp_decrypt.c @@ -269,9 +269,13 @@ esp_decrypt_node_fn (vlib_main_t * vm, { tunnel_mode = 0; - ih4 = - (ip4_header_t *) ((u8 *) i_b0->data + - vnet_buffer (i_b0)->l3_hdr_offset); + if (i_b0->flags & VNET_BUFFER_F_IS_IP4) + ih4 = + (ip4_header_t *) ((u8 *) esp0 - sizeof (ip4_header_t)); + else + ih4 = + (ip4_header_t *) ((u8 *) esp0 - sizeof (ip6_header_t)); + if (PREDICT_TRUE ((ih4->ip_version_and_header_length & 0xF0) != 0x40)) { diff --git a/src/vnet/ipsec/ipsec_input.c b/src/vnet/ipsec/ipsec_input.c index 08269d0244e..d61755597ba 100644 --- a/src/vnet/ipsec/ipsec_input.c +++ b/src/vnet/ipsec/ipsec_input.c @@ -207,6 +207,8 @@ ipsec_input_ip4_node_fn (vlib_main_t * vm, n_left_to_next -= 1; b0 = vlib_get_buffer (vm, bi0); + b0->flags |= VNET_BUFFER_F_IS_IP4; + b0->flags &= ~VNET_BUFFER_F_IS_IP6; c0 = vnet_feature_next_with_data (vnet_buffer (b0)->sw_if_index [VLIB_RX], &next0, b0, @@ -389,6 +391,8 @@ VLIB_NODE_FUNCTION_MULTIARCH (ipsec_input_ip4_node, ipsec_input_ip4_node_fn) n_left_to_next -= 1; b0 = vlib_get_buffer (vm, bi0); + b0->flags |= VNET_BUFFER_F_IS_IP6; + b0->flags &= ~VNET_BUFFER_F_IS_IP4; c0 = vnet_feature_next_with_data (vnet_buffer (b0)->sw_if_index [VLIB_RX], &next0, b0, |