ipsec: change wildcard value for any protocol of spd policy

[vpp.git] / src / vnet / ipsec / ipsec_output.c

diff --git a/src/vnet/ipsec/ipsec_output.c b/src/vnet/ipsec/ipsec_output.c
index 84927de..760d092 100644 (file)
--- a/src/vnet/ipsec/ipsec_output.c
+++ b/src/vnet/ipsec/ipsec_output.c
@@ -158,7 +158,8 @@ ipsec_output_policy_match (ipsec_spd_t *spd, u8 pr, u32 la, u32 ra, u16 lp,
   vec_foreach (i, spd->policies[IPSEC_SPD_POLICY_IP4_OUTBOUND])
   {
     p = pool_elt_at_index (im->policies, *i);
-    if (PREDICT_FALSE (p->protocol && (p->protocol != pr)))
+    if (PREDICT_FALSE ((p->protocol != IPSEC_POLICY_PROTOCOL_ANY) &&
+                      (p->protocol != pr)))
       continue;
 
     if (ra < clib_net_to_host_u32 (p->raddr.start.ip4.as_u32))
@@ -232,7 +233,8 @@ ipsec6_output_policy_match (ipsec_spd_t * spd,
   vec_foreach (i, spd->policies[IPSEC_SPD_POLICY_IP6_OUTBOUND])
   {
     p = pool_elt_at_index (im->policies, *i);
-    if (PREDICT_FALSE (p->protocol && (p->protocol != pr)))
+    if (PREDICT_FALSE ((p->protocol != IPSEC_POLICY_PROTOCOL_ANY) &&
+                      (p->protocol != pr)))
       continue;
 
     if (!ip6_addr_match_range (ra, &p->raddr.start.ip6, &p->raddr.stop.ip6))
@@ -278,7 +280,7 @@ ipsec_output_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
   ipsec_spd_t *spd0 = 0;
   int bogus;
   u64 nc_protect = 0, nc_bypass = 0, nc_discard = 0, nc_nomatch = 0;
-  u8 flow_cache_enabled = im->flow_cache_flag;
+  u8 flow_cache_enabled = im->output_flow_cache_flag;
 
   from = vlib_frame_vector_args (from_frame);
   n_left_from = from_frame->n_vectors;