+ ah_decrypt_set_next_index (b[0], node, vm->thread_index,
+ AH_DECRYPT_ERROR_DECRYPTION_FAILED, 0,
+ next, AH_DECRYPT_NEXT_DROP,
+ pd->sa_index);
+ goto trace;
+ }
+ }
+ else
+ { /* transport mode */
+ if (is_ip6)
+ {
+ vlib_buffer_advance (b[0], -sizeof (ip6_header_t));
+ oh6 = vlib_buffer_get_current (b[0]);
+ if (ah_hdr_len >= sizeof (ip6_header_t))
+ clib_memcpy (oh6, b[0]->data + pd->current_data,
+ sizeof (ip6_header_t));
+ else
+ memmove (oh6, b[0]->data + pd->current_data,
+ sizeof (ip6_header_t));
+
+ next[0] = AH_DECRYPT_NEXT_IP6_INPUT;
+ oh6->protocol = pd->nexthdr;
+ oh6->hop_limit = pd->hop_limit;
+ oh6->ip_version_traffic_class_and_flow_label =
+ pd->ip_version_traffic_class_and_flow_label;
+ oh6->payload_length =
+ clib_host_to_net_u16 (vlib_buffer_length_in_chain
+ (vm, b[0]) - sizeof (ip6_header_t));
+ }
+ else
+ {
+ vlib_buffer_advance (b[0], -sizeof (ip4_header_t));
+ oh4 = vlib_buffer_get_current (b[0]);
+ if (ah_hdr_len >= sizeof (ip4_header_t))
+ clib_memcpy (oh4, b[0]->data + pd->current_data,
+ sizeof (ip4_header_t));
+ else
+ memmove (oh4, b[0]->data + pd->current_data,
+ sizeof (ip4_header_t));
+
+ next[0] = AH_DECRYPT_NEXT_IP4_INPUT;
+ oh4->ip_version_and_header_length = 0x45;
+ oh4->fragment_id = 0;
+ oh4->flags_and_fragment_offset = 0;
+ oh4->protocol = pd->nexthdr_cached;
+ oh4->length =
+ clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b[0]));
+ oh4->ttl = pd->ttl;
+ oh4->tos = pd->tos;
+ oh4->checksum = ip4_header_checksum (oh4);