From 65a27279af2bead3be65ab0cb2a0bc2b79e00f42 Mon Sep 17 00:00:00 2001 From: Szymon Sliwa Date: Wed, 9 May 2018 14:28:08 +0200 Subject: Change the way IP header pointer is calculated in esp_decrypt nodes The pointer to IP header was derived from l3_hdr_offset, which would be ok, if l3_hdr_offset was valid. But it does not have to be, so it was a bad solution. Now the previous nodes mark whether it is a IPv6 or IPv4 packet tyle, and in esp_decrypt we count get ip header pointer by substracting the size of the ip header from the pointer to esp header (which lies in front of the ip header). Change-Id: I6d425b90931053711e8ce9126811b77ae6002a16 Signed-off-by: Szymon Sliwa --- src/vnet/ipsec/ipsec_input.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/vnet/ipsec/ipsec_input.c') diff --git a/src/vnet/ipsec/ipsec_input.c b/src/vnet/ipsec/ipsec_input.c index 08269d0244e..d61755597ba 100644 --- a/src/vnet/ipsec/ipsec_input.c +++ b/src/vnet/ipsec/ipsec_input.c @@ -207,6 +207,8 @@ ipsec_input_ip4_node_fn (vlib_main_t * vm, n_left_to_next -= 1; b0 = vlib_get_buffer (vm, bi0); + b0->flags |= VNET_BUFFER_F_IS_IP4; + b0->flags &= ~VNET_BUFFER_F_IS_IP6; c0 = vnet_feature_next_with_data (vnet_buffer (b0)->sw_if_index [VLIB_RX], &next0, b0, @@ -389,6 +391,8 @@ VLIB_NODE_FUNCTION_MULTIARCH (ipsec_input_ip4_node, ipsec_input_ip4_node_fn) n_left_to_next -= 1; b0 = vlib_get_buffer (vm, bi0); + b0->flags |= VNET_BUFFER_F_IS_IP6; + b0->flags &= ~VNET_BUFFER_F_IS_IP4; c0 = vnet_feature_next_with_data (vnet_buffer (b0)->sw_if_index [VLIB_RX], &next0, b0, -- cgit 1.2.3-korg