From 9ec846c2684b69f47505d73ea9f873b793a11558 Mon Sep 17 00:00:00 2001
From: Neale Ranns <neale@graphiant.com>
Date: Tue, 9 Feb 2021 14:04:02 +0000
Subject: ipsec: Use the new tunnel API types to add flow label and TTL copy
 support

Type: feature

attmpet 2. this includes changes in ah_encrypt that don't use
uninitialised memory when doing tunnel mode fixups.

Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie3cb776f5c415c93b8a5ee22f22586fd0181110d
---
 src/vnet/ipsec/ipsec_input.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/vnet/ipsec/ipsec_input.c')

diff --git a/src/vnet/ipsec/ipsec_input.c b/src/vnet/ipsec/ipsec_input.c
index aa7627d9b4b..2ebc6c5a10c 100644
--- a/src/vnet/ipsec/ipsec_input.c
+++ b/src/vnet/ipsec/ipsec_input.c
@@ -118,10 +118,10 @@ ipsec_input_protect_policy_match (ipsec_spd_t * spd, u32 sa, u32 da, u32 spi)
 
     if (ipsec_sa_is_set_IS_TUNNEL (s))
       {
-	if (da != clib_net_to_host_u32 (s->tunnel_dst_addr.ip4.as_u32))
+	if (da != clib_net_to_host_u32 (s->tunnel.t_dst.ip.ip4.as_u32))
 	  continue;
 
-	if (sa != clib_net_to_host_u32 (s->tunnel_src_addr.ip4.as_u32))
+	if (sa != clib_net_to_host_u32 (s->tunnel.t_src.ip.ip4.as_u32))
 	  continue;
 
 	return p;
@@ -174,10 +174,10 @@ ipsec6_input_protect_policy_match (ipsec_spd_t * spd,
 
     if (ipsec_sa_is_set_IS_TUNNEL (s))
       {
-	if (!ip6_address_is_equal (sa, &s->tunnel_src_addr.ip6))
+	if (!ip6_address_is_equal (sa, &s->tunnel.t_src.ip.ip6))
 	  continue;
 
-	if (!ip6_address_is_equal (da, &s->tunnel_dst_addr.ip6))
+	if (!ip6_address_is_equal (da, &s->tunnel.t_dst.ip.ip6))
 	  continue;
 
 	return p;
-- 
cgit 1.2.3-korg