- u32 bi0;
- vlib_buffer_t *b0;
- u32 next0 = IKEV2_NEXT_ERROR_DROP;
- ip4_header_t *ip40;
- udp_header_t *udp0;
- ike_header_t *ike0;
- ikev2_sa_t *sa0 = 0;
- ikev2_sa_t sa; /* temporary store for SA */
- u32 rlen, slen = 0;
- int is_req = 0, has_non_esp_marker = 0;
-
- /* speculatively enqueue b0 to the current next frame */
- bi0 = from[0];
- to_next[0] = bi0;
- from += 1;
- to_next += 1;
- n_left_from -= 1;
- n_left_to_next -= 1;
-
- b0 = vlib_get_buffer (vm, bi0);
-
- if (b0->punt_reason == ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0])
- {
- u8 *ptr = vlib_buffer_get_current (b0);
- ip40 = (ip4_header_t *) ptr;
- ptr += sizeof (*ip40);
- udp0 = (udp_header_t *) ptr;
- ptr += sizeof (*udp0);
- ike0 = (ike_header_t *) ptr;
- }
- else
- {
- ike0 = vlib_buffer_get_current (b0);
- vlib_buffer_advance (b0, -sizeof (*udp0));
- udp0 = vlib_buffer_get_current (b0);
- vlib_buffer_advance (b0, -sizeof (*ip40));
- ip40 = vlib_buffer_get_current (b0);
- }
-
- rlen = b0->current_length - sizeof (*ip40) - sizeof (*udp0);
-
- /* check for non-esp marker */
- if (*((u32 *) ike0) == 0)
- {
- ike0 =
- (ike_header_t *) ((u8 *) ike0 +
- sizeof (ikev2_non_esp_marker));
- rlen -= sizeof (ikev2_non_esp_marker);
- has_non_esp_marker = 1;
- }
-
- if (clib_net_to_host_u32 (ike0->length) != rlen)
- {
- vlib_node_increment_counter (vm, ikev2_node.index,
- IKEV2_ERROR_BAD_LENGTH, 1);
- goto dispatch0;
- }
-
- if (ike0->version != IKE_VERSION_2)
- {
- vlib_node_increment_counter (vm, ikev2_node.index,
- IKEV2_ERROR_NOT_IKEV2, 1);
- goto dispatch0;
- }
-
- if (ike0->exchange == IKEV2_EXCHANGE_SA_INIT)
- {
- sa0 = &sa;
- clib_memset (sa0, 0, sizeof (*sa0));
-
- if (ike0->flags & IKEV2_HDR_FLAG_INITIATOR)
- {
- if (ike0->rspi == 0)
- {
- sa0->raddr.as_u32 = ip40->dst_address.as_u32;
- sa0->iaddr.as_u32 = ip40->src_address.as_u32;
- sa0->dst_port = clib_net_to_host_u16 (udp0->src_port);
-
- slen =
- ikev2_retransmit_sa_init (ike0, sa0->iaddr,
- sa0->raddr, rlen);
- if (slen)
- {
- vlib_node_increment_counter (vm, ikev2_node.index,
- ~0 ==
- slen ?
- IKEV2_ERROR_IKE_SA_INIT_IGNORE
- :
- IKEV2_ERROR_IKE_SA_INIT_RETRANSMIT,
- 1);
- goto dispatch0;
- }
+ u8 *ptr = vlib_buffer_get_current (b0);
+ ip40 = (ip4_header_t *) ptr;
+ ptr += sizeof (*ip40);
+ udp0 = (udp_header_t *) ptr;
+ ptr += sizeof (*udp0);
+ ike0 = (ike_header_t *) ptr;
+ }
+ else
+ {
+ ike0 = vlib_buffer_get_current (b0);
+ vlib_buffer_advance (b0, -sizeof (*udp0));
+ udp0 = vlib_buffer_get_current (b0);
+ vlib_buffer_advance (b0, -sizeof (*ip40));
+ ip40 = vlib_buffer_get_current (b0);
+ }