Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
ipsec: fix udp-encap in transport mode
[vpp.git]
/
src
/
vnet
/
ipsec
/
esp_encrypt.c
diff --git
a/src/vnet/ipsec/esp_encrypt.c
b/src/vnet/ipsec/esp_encrypt.c
index
e06babd
..
4793fdd
100644
(file)
--- a/
src/vnet/ipsec/esp_encrypt.c
+++ b/
src/vnet/ipsec/esp_encrypt.c
@@
-463,6
+463,7
@@
esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
u8 *l2_hdr, l2_len, *ip_hdr, ip_len;
ip6_ext_header_t *ext_hdr;
udp_header_t *udp = 0;
u8 *l2_hdr, l2_len, *ip_hdr, ip_len;
ip6_ext_header_t *ext_hdr;
udp_header_t *udp = 0;
+ u16 udp_len = 0;
u8 *old_ip_hdr = vlib_buffer_get_current (b[0]);
ip_len = is_ip6 ?
u8 *old_ip_hdr = vlib_buffer_get_current (b[0]);
ip_len = is_ip6 ?
@@
-537,7
+538,7
@@
esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
if (udp)
{
esp_update_ip4_hdr (ip4, len, /* is_transport */ 1, 1);
if (udp)
{
esp_update_ip4_hdr (ip4, len, /* is_transport */ 1, 1);
-
esp_fill_udp_hdr (sa0, udp, len - ip_len)
;
+
udp_len = len - ip_len
;
}
else
esp_update_ip4_hdr (ip4, len, /* is_transport */ 1, 0);
}
else
esp_update_ip4_hdr (ip4, len, /* is_transport */ 1, 0);
@@
-545,6
+546,11
@@
esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
clib_memcpy_le64 (ip_hdr, old_ip_hdr, ip_len);
clib_memcpy_le64 (ip_hdr, old_ip_hdr, ip_len);
+ if (udp)
+ {
+ esp_fill_udp_hdr (sa0, udp, udp_len);
+ }
+
if (!is_tun)
next[0] = ESP_ENCRYPT_NEXT_INTERFACE_OUTPUT;
}
if (!is_tun)
next[0] = ESP_ENCRYPT_NEXT_INTERFACE_OUTPUT;
}