X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fesp_encrypt.c;h=cf485482c0e5f3e30072edea01c24e8714d55195;hb=c87b66c86201458c0475d50c6e93f1497f9eec2e;hp=d7cda052c92525bef5ef908ee1c1d44da1ca77b6;hpb=097fa66b986f06281f603767d321ab13ab6c88c3;p=vpp.git

diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index d7cda052c92..cf485482c0e 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -408,12 +408,18 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 	  ip_hdr = payload - hdr_len;
 
 	  /* L2 header */
-	  l2_len = vnet_buffer (b[0])->ip.save_rewrite_length;
-	  hdr_len += l2_len;
-	  l2_hdr = payload - hdr_len;
+	  if (!is_tun)
+	    {
+	      l2_len = vnet_buffer (b[0])->ip.save_rewrite_length;
+	      hdr_len += l2_len;
+	      l2_hdr = payload - hdr_len;
+
+	      /* copy l2 and ip header */
+	      clib_memcpy_le32 (l2_hdr, old_ip_hdr - l2_len, l2_len);
+	    }
+	  else
+	    l2_len = 0;
 
-	  /* copy l2 and ip header */
-	  clib_memcpy_le32 (l2_hdr, old_ip_hdr - l2_len, l2_len);
 	  clib_memcpy_le64 (ip_hdr, old_ip_hdr, ip_len);
 
 	  if (is_ip6)
@@ -440,7 +446,8 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 		esp_update_ip4_hdr (ip4, len, /* is_transport */ 1, 0);
 	    }
 
-	  next[0] = ESP_ENCRYPT_NEXT_INTERFACE_OUTPUT;
+	  if (!is_tun)
+	    next[0] = ESP_ENCRYPT_NEXT_INTERFACE_OUTPUT;
 	}
 
       esp->spi = spi;
@@ -618,6 +625,13 @@ VNET_FEATURE_INIT (esp4_encrypt_tun_feat_node, static) =
   .node_name = "esp4-encrypt-tun",
   .runs_before = VNET_FEATURES ("adj-midchain-tx"),
 };
+
+VNET_FEATURE_INIT (esp4_ethernet_encrypt_tun_feat_node, static) =
+{
+  .arc_name = "ethernet-output",
+  .node_name = "esp4-encrypt-tun",
+  .runs_before = VNET_FEATURES ("adj-midchain-tx", "adj-midchain-tx-no-count"),
+};
 /* *INDENT-ON* */
 
 VLIB_NODE_FN (esp6_encrypt_tun_node) (vlib_main_t * vm,