From 430ac939d115b59e3f7f704645c6f88878223e1b Mon Sep 17 00:00:00 2001
From: “mukeshyadav1984” <mukyadav@cisco.com>
Date: Thu, 23 Nov 2017 02:39:33 -0800
Subject: IPSec AH protocol enhancement in VPP native core
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Change-Id: Iec5804d768485f4015bbf732d8d19ef2f24e6939
Signed-off-by: “mukeshyadav1984” <mukyadav@cisco.com>
---
 src/vnet/ipsec/ipsec_output.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src/vnet/ipsec/ipsec_output.c')

diff --git a/src/vnet/ipsec/ipsec_output.c b/src/vnet/ipsec/ipsec_output.c
index 1b8070d651a..e86292c0d17 100644
--- a/src/vnet/ipsec/ipsec_output.c
+++ b/src/vnet/ipsec/ipsec_output.c
@@ -270,8 +270,15 @@ ipsec_output_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 	{
 	  if (p0->policy == IPSEC_POLICY_ACTION_PROTECT)
 	    {
+	      u32 sa_index = 0;
+	      ipsec_sa_t *sa = 0;
 	      nc_protect++;
-	      next_node_index = im->esp_encrypt_node_index;
+	      sa_index = ipsec_get_sa_index_by_sa_id (p0->sa_id);
+	      sa = pool_elt_at_index (im->sad, sa_index);
+	      if (sa->protocol == IPSEC_PROTOCOL_ESP)
+		next_node_index = im->esp_encrypt_node_index;
+	      else
+		next_node_index = im->ah_encrypt_node_index;
 	      vnet_buffer (b0)->ipsec.sad_index = p0->sa_index;
 	      vlib_buffer_advance (b0, iph_offset);
 	      p0->counter.packets++;
-- 
cgit 1.2.3-korg