- ob[0]->flags |= VLIB_BUFFER_IS_TRACED;
- ob[0]->trace_index = ib[0]->trace_index;
- esp_decrypt_trace_t *tr =
- vlib_add_trace (vm, node, ob[0], sizeof (*tr));
- tr->crypto_alg = sa0->crypto_alg;
- tr->integ_alg = sa0->integ_alg;
+ ip6_header_t *ip6 = (ip6_header_t *) ip;
+ u16 len = clib_net_to_host_u16 (ip6->payload_length);
+ len -= adv + tail;
+ ip6->payload_length = clib_host_to_net_u16 (len);
+ ip6->protocol = f->next_header;
+ next[0] = ESP_DECRYPT_NEXT_IP6_INPUT;
+ }
+ else
+ {
+ ip4_header_t *ip4 = (ip4_header_t *) ip;
+ ip_csum_t sum = ip4->checksum;
+ u16 len = clib_net_to_host_u16 (ip4->length);
+ len = clib_host_to_net_u16 (len - adv - tail - udp_sz);
+ sum = ip_csum_update (sum, ip4->protocol, f->next_header,
+ ip4_header_t, protocol);
+ sum = ip_csum_update (sum, ip4->length, len,
+ ip4_header_t, length);
+ ip4->checksum = ip_csum_fold (sum);
+ ip4->protocol = f->next_header;
+ ip4->length = len;
+ next[0] = ESP_DECRYPT_NEXT_IP4_INPUT;
+ }
+ }
+ else
+ {
+ if (PREDICT_TRUE (f->next_header == IP_PROTOCOL_IP_IN_IP))
+ {
+ next[0] = ESP_DECRYPT_NEXT_IP4_INPUT;
+ b[0]->current_data = pd->current_data + adv;
+ b[0]->current_length = pd->current_length + adv - tail;
+ }
+ else if (f->next_header == IP_PROTOCOL_IPV6)
+ {
+ next[0] = ESP_DECRYPT_NEXT_IP6_INPUT;
+ b[0]->current_data = pd->current_data + adv;
+ b[0]->current_length = pd->current_length + adv - tail;
+ }
+ else
+ {
+ next[0] = ESP_DECRYPT_NEXT_DROP;
+ b[0]->error = node->errors[ESP_DECRYPT_ERROR_DECRYPTION_FAILED];