From a4157aec1c7718226f0d4cee51c7a3feb57e6fc4 Mon Sep 17 00:00:00 2001 From: Frédéric Perrin Date: Fri, 14 Jul 2023 11:13:42 +0100 Subject: ipsec: clear L4-cksum flags when decap'ing packets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Type: fix Signed-off-by: Frédéric Perrin Change-Id: I45191b7316c88038bcd57d62aeb07bb109cf4a4d --- src/vnet/ipsec/ah_decrypt.c | 2 ++ src/vnet/ipsec/esp_decrypt.c | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'src/vnet/ipsec') diff --git a/src/vnet/ipsec/ah_decrypt.c b/src/vnet/ipsec/ah_decrypt.c index f20f620eb3c..5f98693204a 100644 --- a/src/vnet/ipsec/ah_decrypt.c +++ b/src/vnet/ipsec/ah_decrypt.c @@ -325,6 +325,8 @@ ah_decrypt_inline (vlib_main_t * vm, + pd->icv_padding_len; vlib_buffer_advance (b[0], pd->ip_hdr_size + ah_hdr_len); b[0]->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID; + b[0]->flags &= ~(VNET_BUFFER_F_L4_CHECKSUM_COMPUTED | + VNET_BUFFER_F_L4_CHECKSUM_CORRECT); if (PREDICT_TRUE (ipsec_sa_is_set_IS_TUNNEL (sa0))) { /* tunnel mode */ diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c index 2c1efa2f4be..74410a8add1 100644 --- a/src/vnet/ipsec/esp_decrypt.c +++ b/src/vnet/ipsec/esp_decrypt.c @@ -840,7 +840,9 @@ esp_decrypt_post_crypto (vlib_main_t *vm, vlib_node_runtime_t *node, u16 adv = pd->iv_sz + esp_sz; u16 tail = sizeof (esp_footer_t) + pad_length + icv_sz; u16 tail_orig = sizeof (esp_footer_t) + pad_length + pd->icv_sz; - b->flags &= ~VLIB_BUFFER_TOTAL_LENGTH_VALID; + b->flags &= + ~(VLIB_BUFFER_TOTAL_LENGTH_VALID | VNET_BUFFER_F_L4_CHECKSUM_COMPUTED | + VNET_BUFFER_F_L4_CHECKSUM_CORRECT); if ((pd->flags & tun_flags) == 0 && !is_tun) /* transport mode */ { -- cgit 1.2.3-korg