- p0 = ipsec_output_policy_match(spd0, ip0->protocol,
- clib_net_to_host_u32(ip0->src_address.as_u32),
- clib_net_to_host_u32(ip0->dst_address.as_u32),
- clib_net_to_host_u16(udp0->src_port),
- clib_net_to_host_u16(udp0->dst_port));
- }
-
- if (PREDICT_TRUE(p0 != NULL))
- {
- if (p0->policy == IPSEC_POLICY_ACTION_PROTECT)
- {
- nc_protect++;
- next_node_index = im->esp_encrypt_node_index;
- vnet_buffer(b0)->output_features.ipsec_sad_index = p0->sa_index;
- vlib_buffer_advance(b0, sizeof(ethernet_header_t));
- p0->counter.packets++;
- if (is_ipv6)
- {
- p0->counter.bytes += clib_net_to_host_u16(ip6_0->payload_length);
- p0->counter.bytes += sizeof(ip6_header_t);
- }
- else
- {
- p0->counter.bytes += clib_net_to_host_u16(ip0->length);
- }
- }
- else if (p0->policy == IPSEC_POLICY_ACTION_BYPASS)
- {
- nc_bypass++;
- next_node_index = get_next_output_feature_node_index(vnm, b0);
- p0->counter.packets++;
- if (is_ipv6)
- {
- p0->counter.bytes += clib_net_to_host_u16(ip6_0->payload_length);
- p0->counter.bytes += sizeof(ip6_header_t);
- }
- else
- {
- p0->counter.bytes += clib_net_to_host_u16(ip0->length);
- }
- }
- else
- {
- nc_discard++;
- p0->counter.packets++;
- if (is_ipv6)
- {
- p0->counter.bytes += clib_net_to_host_u16(ip6_0->payload_length);
- p0->counter.bytes += sizeof(ip6_header_t);
- }
- else
- {
- p0->counter.bytes += clib_net_to_host_u16(ip0->length);
- }
- next_node_index = im->error_drop_node_index;
- }
- }
+ p0 = ipsec_output_policy_match (spd0, ip0->protocol,
+ clib_net_to_host_u32 (ip0->
+ src_address.
+ as_u32),
+ clib_net_to_host_u32 (ip0->
+ dst_address.
+ as_u32),
+ clib_net_to_host_u16 (udp0->
+ src_port),
+ clib_net_to_host_u16 (udp0->
+ dst_port));
+ }
+
+ if (PREDICT_TRUE (p0 != NULL))
+ {
+ if (p0->policy == IPSEC_POLICY_ACTION_PROTECT)
+ {
+ nc_protect++;
+ next_node_index = im->esp_encrypt_node_index;
+ vnet_buffer (b0)->output_features.ipsec_sad_index =
+ p0->sa_index;
+ vlib_buffer_advance (b0, sizeof (ethernet_header_t));
+ p0->counter.packets++;
+ if (is_ipv6)
+ {
+ p0->counter.bytes +=
+ clib_net_to_host_u16 (ip6_0->payload_length);
+ p0->counter.bytes += sizeof (ip6_header_t);
+ }
+ else
+ {
+ p0->counter.bytes += clib_net_to_host_u16 (ip0->length);
+ }
+ }
+ else if (p0->policy == IPSEC_POLICY_ACTION_BYPASS)
+ {
+ nc_bypass++;
+ next_node_index = get_next_output_feature_node_index (vnm, b0);
+ p0->counter.packets++;
+ if (is_ipv6)
+ {
+ p0->counter.bytes +=
+ clib_net_to_host_u16 (ip6_0->payload_length);
+ p0->counter.bytes += sizeof (ip6_header_t);
+ }
+ else
+ {
+ p0->counter.bytes += clib_net_to_host_u16 (ip0->length);
+ }
+ }
+ else
+ {
+ nc_discard++;
+ p0->counter.packets++;
+ if (is_ipv6)
+ {
+ p0->counter.bytes +=
+ clib_net_to_host_u16 (ip6_0->payload_length);
+ p0->counter.bytes += sizeof (ip6_header_t);
+ }
+ else
+ {
+ p0->counter.bytes += clib_net_to_host_u16 (ip0->length);
+ }
+ next_node_index = im->error_drop_node_index;
+ }
+ }