From 9fdfcf32741551a0eaf11a27d822a9d8f0607832 Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Thu, 18 Apr 2019 17:18:12 -0700 Subject: IPSEC: ESP IPv6 transport mode payload length incorrect (VPP-1653) Change-Id: I8977100d7a22b50260858bd1ea9db419b53284ff Signed-off-by: Neale Ranns --- src/vnet/ipsec/esp_encrypt.c | 4 +++- test/template_ipsec.py | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c index e319a9628f4..f1153d92e8c 100644 --- a/src/vnet/ipsec/esp_encrypt.c +++ b/src/vnet/ipsec/esp_encrypt.c @@ -402,7 +402,9 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node, ip6_header_t *ip6 = (ip6_header_t *) (ip_hdr); *next_hdr_ptr = ip6->protocol; ip6->protocol = IP_PROTOCOL_IPSEC_ESP; - ip6->payload_length = payload_len + hdr_len - l2_len - ip_len; + ip6->payload_length = + clib_host_to_net_u16 (payload_len + hdr_len - l2_len - + ip_len); } else { diff --git a/test/template_ipsec.py b/test/template_ipsec.py index efe49f1a01f..b954af1c824 100644 --- a/test/template_ipsec.py +++ b/test/template_ipsec.py @@ -451,6 +451,8 @@ class IpsecTra6(object): recv_pkts = self.send_and_expect(self.tra_if, send_pkts, self.tra_if) for rx in recv_pkts: + self.assertEqual(len(rx) - len(Ether()) - len(IPv6()), + rx[IPv6].plen) try: decrypted = p.vpp_tra_sa.decrypt(rx[IPv6]) self.assert_packet_checksums_valid(decrypted) @@ -648,6 +650,8 @@ class IpsecTun6(object): count=count) recv_pkts = self.send_and_expect(self.pg1, send_pkts, self.tun_if) for recv_pkt in recv_pkts: + self.assertEqual(len(recv_pkt) - len(Ether()) - len(IPv6()), + recv_pkt[IPv6].plen) try: decrypt_pkt = p.vpp_tun_sa.decrypt(recv_pkt[IPv6]) if not decrypt_pkt.haslayer(IPv6): -- cgit 1.2.3-korg