From 8640dbdb7292d8d206aab3a90551d93798c9c50c Mon Sep 17 00:00:00 2001
From: Szymon Sliwa <szs@semihalf.com>
Date: Mon, 19 Mar 2018 15:14:31 +0000
Subject: [PATCH] Fix the ip header offset counting in vnet/ipsec

IP header is set as data + sizeof(ethernet_header_t),
what does not need to be true. The solution is to use
l3_hdr_offset.

Change-Id: I5d9f41599ba8d8eb14ce2d9d523f82ea6e0fd10d
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
---
 src/vnet/ipsec/esp_decrypt.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index a769e6bd51a..62b12dbbdf6 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -268,9 +268,10 @@ esp_decrypt_node_fn (vlib_main_t * vm,
 	      if (PREDICT_FALSE (!sa0->is_tunnel && !sa0->is_tunnel_ip6))
 		{
 		  tunnel_mode = 0;
+
 		  ih4 =
-		    (ip4_header_t *) (i_b0->data +
-				      sizeof (ethernet_header_t));
+		    (ip4_header_t *) ((u8 *) i_b0->data +
+				      vnet_buffer (i_b0)->l3_hdr_offset);
 		  if (PREDICT_TRUE
 		      ((ih4->ip_version_and_header_length & 0xF0) != 0x40))
 		    {
@@ -280,9 +281,7 @@ esp_decrypt_node_fn (vlib_main_t * vm,
 			{
 			  transport_ip6 = 1;
 			  ip_hdr_size = sizeof (ip6_header_t);
-			  ih6 =
-			    (ip6_header_t *) (i_b0->data +
-					      sizeof (ethernet_header_t));
+			  ih6 = (ip6_header_t *) ih4;
 			  oh6 = vlib_buffer_get_current (o_b0);
 			}
 		      else
-- 
2.16.6