From 9f6957d1a5b23d4bee9390da20537db6e93b3433 Mon Sep 17 00:00:00 2001
From: jackiechen1985 <xiaobo.chen@tieto.com>
Date: Thu, 6 Dec 2018 03:10:31 +0800
Subject: [PATCH] Fix VPP-1515 IPSec receive packet error in transport mode
 with udp encap

Change-Id: Ife66395b89e1e9f9206666e5f0fd441b3c241bb2
Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
---
 src/vnet/ipsec/esp_decrypt.c | 16 +++++++++++++---
 src/vnet/ipsec/esp_encrypt.c |  2 +-
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 68cb825f23b..3f463505e01 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -277,9 +277,19 @@ esp_decrypt_inline (vlib_main_t * vm,
 		    }
 		  else
 		    {
-		      ih4 =
-			(ip4_header_t *) ((u8 *) esp0 -
-					  sizeof (ip4_header_t));
+		      if (sa0->udp_encap)
+			{
+			  ih4 =
+			    (ip4_header_t *) ((u8 *) esp0 -
+					      sizeof (udp_header_t) -
+					      sizeof (ip4_header_t));
+			}
+		      else
+			{
+			  ih4 =
+			    (ip4_header_t *) ((u8 *) esp0 -
+					      sizeof (ip4_header_t));
+			}
 		      oh4 = vlib_buffer_get_current (o_b0);
 		      ip_hdr_size = sizeof (ip4_header_t);
 		    }
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index 4f2d7707395..88eda91bf7f 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -311,7 +311,7 @@ esp_encrypt_inline (vlib_main_t * vm,
 		  vnet_buffer (o_b0)->sw_if_index[VLIB_TX] =
 		    vnet_buffer (i_b0)->sw_if_index[VLIB_TX];
 		}
-	      vlib_buffer_advance (i_b0, ip_udp_hdr_size);
+	      vlib_buffer_advance (i_b0, sizeof (ip4_header_t));
 	    }
 
 	  ASSERT (sa0->crypto_alg < IPSEC_CRYPTO_N_ALG);
-- 
2.16.6