Change-Id: I4e43606884ebad9a84abda779b82417192727ef3
Signed-off-by: Damjan Marion <damarion@cisco.com>
{
o_b0->flags |= VLIB_BUFFER_IS_TRACED;
o_b0->trace_index = i_b0->trace_index;
{
o_b0->flags |= VLIB_BUFFER_IS_TRACED;
o_b0->trace_index = i_b0->trace_index;
+ esp_decrypt_trace_t *tr =
+ vlib_add_trace (vm, node, o_b0, sizeof (*tr));
+ tr->crypto_alg = sa0->crypto_alg;
+ tr->integ_alg = sa0->integ_alg;
- esp_decrypt_trace_t *tr =
- vlib_add_trace (vm, node, o_b0, sizeof (*tr));
- tr->crypto_alg = sa0->crypto_alg;
- tr->integ_alg = sa0->integ_alg;
}
vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
}
vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
from_frame->n_vectors);
free_buffers_and_exit:
from_frame->n_vectors);
free_buffers_and_exit:
- vlib_buffer_free (vm, recycle, vec_len (recycle));
+ if (recycle)
+ vlib_buffer_free (vm, recycle, vec_len (recycle));
vec_free (recycle);
return from_frame->n_vectors;
}
vec_free (recycle);
return from_frame->n_vectors;
}
ip_proto = ih0->ip4.protocol;
}
ip_proto = ih0->ip4.protocol;
}
- if (PREDICT_TRUE (sa0->is_tunnel && !sa0->is_tunnel_ip6))
+ if (PREDICT_TRUE
+ (!is_ipv6 && sa0->is_tunnel && !sa0->is_tunnel_ip6))
{
oh0->ip4.src_address.as_u32 = sa0->tunnel_src_addr.ip4.as_u32;
oh0->ip4.dst_address.as_u32 = sa0->tunnel_dst_addr.ip4.as_u32;
{
oh0->ip4.src_address.as_u32 = sa0->tunnel_src_addr.ip4.as_u32;
oh0->ip4.dst_address.as_u32 = sa0->tunnel_dst_addr.ip4.as_u32;
next0 = ESP_ENCRYPT_NEXT_IP4_INPUT;
vnet_buffer (o_b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
}
next0 = ESP_ENCRYPT_NEXT_IP4_INPUT;
vnet_buffer (o_b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
}
- else if (sa0->is_tunnel && sa0->is_tunnel_ip6)
+ else if (is_ipv6 && sa0->is_tunnel && sa0->is_tunnel_ip6)
{
oh6_0->ip6.src_address.as_u64[0] =
sa0->tunnel_src_addr.ip6.as_u64[0];
{
oh6_0->ip6.src_address.as_u64[0] =
sa0->tunnel_src_addr.ip6.as_u64[0];
{
o_b0->flags |= VLIB_BUFFER_IS_TRACED;
o_b0->trace_index = i_b0->trace_index;
{
o_b0->flags |= VLIB_BUFFER_IS_TRACED;
o_b0->trace_index = i_b0->trace_index;
+ esp_encrypt_trace_t *tr =
+ vlib_add_trace (vm, node, o_b0, sizeof (*tr));
+ tr->spi = sa0->spi;
+ tr->seq = sa0->seq - 1;
+ tr->crypto_alg = sa0->crypto_alg;
+ tr->integ_alg = sa0->integ_alg;
- esp_encrypt_trace_t *tr =
- vlib_add_trace (vm, node, o_b0, sizeof (*tr));
- tr->spi = sa0->spi;
- tr->seq = sa0->seq - 1;
- tr->crypto_alg = sa0->crypto_alg;
- tr->integ_alg = sa0->integ_alg;
}
vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
}
vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
from_frame->n_vectors);
free_buffers_and_exit:
from_frame->n_vectors);
free_buffers_and_exit:
- vlib_buffer_free (vm, recycle, vec_len (recycle));
+ if (recycle)
+ vlib_buffer_free (vm, recycle, vec_len (recycle));
vec_free (recycle);
return from_frame->n_vectors;
}
vec_free (recycle);
return from_frame->n_vectors;
}
udp_header_t *udp0;
ike_header_t *ike0;
ikev2_sa_t *sa0 = 0;
udp_header_t *udp0;
ike_header_t *ike0;
ikev2_sa_t *sa0 = 0;
+ ikev2_sa_t sa; /* temporary store for SA */
if (ike0->exchange == IKEV2_EXCHANGE_SA_INIT)
{
if (ike0->exchange == IKEV2_EXCHANGE_SA_INIT)
{
- ikev2_sa_t sa; /* temporary store for SA */
sa0 = &sa;
memset (sa0, 0, sizeof (*sa0));
sa0 = &sa;
memset (sa0, 0, sizeof (*sa0));
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
int is_add = ~0;
if (!unformat_user (input, unformat_line_input, line_input))
int is_add = ~0;
if (!unformat_user (input, unformat_line_input, line_input))
unformat_free (line_input);
unformat_free (line_input);
+ if (spd_id == ~0)
+ return clib_error_return (0, "please specify SPD ID");
+
ipsec_add_del_spd (vm, spd_id, is_add);
return 0;
ipsec_add_del_spd (vm, spd_id, is_add);
return 0;
ipsec_policy_t *p;
u32 *i;
ipsec_policy_t *p;
u32 *i;
+ if (!spd)
+ return 0;
+
vec_foreach (i, spd->ipv4_outbound_policies)
{
p = pool_elt_at_index (spd->policies, *i);
vec_foreach (i, spd->ipv4_outbound_policies)
{
p = pool_elt_at_index (spd->policies, *i);
ipsec_policy_t *p;
u32 *i;
ipsec_policy_t *p;
u32 *i;
+ if (!spd)
+ return 0;
+
vec_foreach (i, spd->ipv6_outbound_policies)
{
p = pool_elt_at_index (spd->policies, *i);
vec_foreach (i, spd->ipv6_outbound_policies)
{
p = pool_elt_at_index (spd->policies, *i);
from += 1;
n_left_from -= 1;
from += 1;
n_left_from -= 1;
- if (PREDICT_FALSE ((last_next_node_index != next_node_index)))
+ if (PREDICT_FALSE ((last_next_node_index != next_node_index) || f == 0))
{
/* if this is not 1st frame */
if (f)
{
/* if this is not 1st frame */
if (f)