if (PREDICT_FALSE (p->protocol && (p->protocol != pr)))
continue;
- if (la < clib_net_to_host_u32 (p->laddr.start.ip4.as_u32))
+ if (ra < clib_net_to_host_u32 (p->raddr.start.ip4.as_u32))
continue;
- if (la > clib_net_to_host_u32 (p->laddr.stop.ip4.as_u32))
+ if (ra > clib_net_to_host_u32 (p->raddr.stop.ip4.as_u32))
continue;
- if (ra < clib_net_to_host_u32 (p->raddr.start.ip4.as_u32))
+ if (la < clib_net_to_host_u32 (p->laddr.start.ip4.as_u32))
continue;
- if (ra > clib_net_to_host_u32 (p->raddr.stop.ip4.as_u32))
+ if (la > clib_net_to_host_u32 (p->laddr.stop.ip4.as_u32))
continue;
- if (PREDICT_FALSE ((pr != IP_PROTOCOL_TCP) && (pr != IP_PROTOCOL_UDP)))
+ if (PREDICT_FALSE
+ ((pr != IP_PROTOCOL_TCP) && (pr != IP_PROTOCOL_UDP)
+ && (pr != IP_PROTOCOL_SCTP)))
return p;
if (lp < p->lport.start)
if (!ip6_addr_match_range (la, &p->laddr.start.ip6, &p->laddr.stop.ip6))
continue;
- if (PREDICT_FALSE ((pr != IP_PROTOCOL_TCP) && (pr != IP_PROTOCOL_UDP)))
+ if (PREDICT_FALSE
+ ((pr != IP_PROTOCOL_TCP) && (pr != IP_PROTOCOL_UDP)
+ && (pr != IP_PROTOCOL_SCTP)))
return p;
if (lp < p->lport.start)
{
if (p0->policy == IPSEC_POLICY_ACTION_PROTECT)
{
+ ipsec_sa_t *sa = 0;
nc_protect++;
- next_node_index = im->esp_encrypt_node_index;
+ sa = pool_elt_at_index (im->sad, p0->sa_index);
+ if (sa->protocol == IPSEC_PROTOCOL_ESP)
+ next_node_index = im->esp_encrypt_node_index;
+ else
+ next_node_index = im->ah_encrypt_node_index;
vnet_buffer (b0)->ipsec.sad_index = p0->sa_index;
vlib_buffer_advance (b0, iph_offset);
p0->counter.packets++;