summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/plugins/dpdk/ipsec/esp_decrypt.c8
-rw-r--r--src/vnet/ipsec/esp_decrypt.c10
-rw-r--r--src/vnet/ipsec/ipsec_input.c4
3 files changed, 18 insertions, 4 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c
index 85bfb64f1f5..06909b3d347 100644
--- a/src/plugins/dpdk/ipsec/esp_decrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_decrypt.c
@@ -476,7 +476,13 @@ dpdk_esp_decrypt_post_node_fn (vlib_main_t * vm,
esp_replay_advance(sa0, seq);
}
- ih4 = (ip4_header_t *) (b0->data + vnet_buffer(b0)->l3_hdr_offset);
+ if (b0->flags & VNET_BUFFER_F_IS_IP4)
+ ih4 =
+ (ip4_header_t *) ((u8 *) esp0 - sizeof (ip4_header_t));
+ else
+ ih4 =
+ (ip4_header_t *) ((u8 *) esp0 - sizeof (ip6_header_t));
+
vlib_buffer_advance (b0, sizeof (esp_header_t) + iv_size);
b0->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID;
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 62b12dbbdf6..a0eeed464da 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -269,9 +269,13 @@ esp_decrypt_node_fn (vlib_main_t * vm,
{
tunnel_mode = 0;
- ih4 =
- (ip4_header_t *) ((u8 *) i_b0->data +
- vnet_buffer (i_b0)->l3_hdr_offset);
+ if (i_b0->flags & VNET_BUFFER_F_IS_IP4)
+ ih4 =
+ (ip4_header_t *) ((u8 *) esp0 - sizeof (ip4_header_t));
+ else
+ ih4 =
+ (ip4_header_t *) ((u8 *) esp0 - sizeof (ip6_header_t));
+
if (PREDICT_TRUE
((ih4->ip_version_and_header_length & 0xF0) != 0x40))
{
diff --git a/src/vnet/ipsec/ipsec_input.c b/src/vnet/ipsec/ipsec_input.c
index 08269d0244e..d61755597ba 100644
--- a/src/vnet/ipsec/ipsec_input.c
+++ b/src/vnet/ipsec/ipsec_input.c
@@ -207,6 +207,8 @@ ipsec_input_ip4_node_fn (vlib_main_t * vm,
n_left_to_next -= 1;
b0 = vlib_get_buffer (vm, bi0);
+ b0->flags |= VNET_BUFFER_F_IS_IP4;
+ b0->flags &= ~VNET_BUFFER_F_IS_IP6;
c0 =
vnet_feature_next_with_data (vnet_buffer (b0)->sw_if_index
[VLIB_RX], &next0, b0,
@@ -389,6 +391,8 @@ VLIB_NODE_FUNCTION_MULTIARCH (ipsec_input_ip4_node, ipsec_input_ip4_node_fn)
n_left_to_next -= 1;
b0 = vlib_get_buffer (vm, bi0);
+ b0->flags |= VNET_BUFFER_F_IS_IP6;
+ b0->flags &= ~VNET_BUFFER_F_IS_IP4;
c0 =
vnet_feature_next_with_data (vnet_buffer (b0)->sw_if_index
[VLIB_RX], &next0, b0,