ipsec_proto_main_t *em = &ipsec_proto_main;
from = vlib_frame_vector_args (from_frame);
n_left_from = from_frame->n_vectors;
- int icv_size = 0;
+ int icv_size;
next_index = node->cached_next_index;
thread_index = vm->thread_index;
if (PREDICT_TRUE (sa0->integ_alg != IPSEC_INTEG_ALG_NONE))
{
u8 sig[64];
- u8 digest[64];
- clib_memset (sig, 0, sizeof (sig));
- clib_memset (digest, 0, sizeof (digest));
+ u8 digest[icv_size];
u8 *icv = ah0->auth_data;
memcpy (digest, icv, icv_size);
clib_memset (icv, 0, icv_size);
}
u8 sig[64];
- clib_memset (sig, 0, sizeof (sig));
+
u8 *digest =
vlib_buffer_get_current (i_b0) + ip_hdr_size +
sizeof (ah_header_t);
trace:
if (PREDICT_FALSE (i_b0->flags & VLIB_BUFFER_IS_TRACED))
{
- i_b0->flags |= VLIB_BUFFER_IS_TRACED;
ah_encrypt_trace_t *tr =
vlib_add_trace (vm, node, i_b0, sizeof (*tr));
tr->spi = sa0->spi;
#define foreach_esp_decrypt_next \
_(DROP, "error-drop") \
-_(IP4_INPUT, "ip4-input") \
+_(IP4_INPUT, "ip4-input-no-checksum") \
_(IP6_INPUT, "ip6-input") \
_(IPSEC_GRE_INPUT, "ipsec-gre-input")
#include <vnet/ipsec/ipsec.h>
#include <vnet/ipsec/esp.h>
-#ifndef CLIB_MARCH_VARIANT
-ipsec_proto_main_t ipsec_proto_main;
-#endif /* CLIB_MARCH_VARIANT */
-
#define foreach_esp_encrypt_next \
_(DROP, "error-drop") \
_(IP4_LOOKUP, "ip4-lookup") \
#include <vnet/ipsec/ah.h>
ipsec_main_t ipsec_main;
+ipsec_proto_main_t ipsec_proto_main;
static void
ipsec_rand_seed (void)
{
ipsec_ah_backend_t *b;
pool_get (im->ah_backends, b);
- b->name = format (NULL, "%s", name);
+ b->name = format (0, "%s%c", name, 0);
ipsec_add_node (vm, ah4_encrypt_node_name, "ipsec4-output-feature",
&b->ah4_encrypt_node_index, &b->ah4_encrypt_next_index);
{
ipsec_esp_backend_t *b;
pool_get (im->esp_backends, b);
- b->name = format (NULL, "%s", name);
+ b->name = format (0, "%s%c", name, 0);
ipsec_add_node (vm, esp4_encrypt_node_name, "ipsec4-output-feature",
&b->esp4_encrypt_node_index, &b->esp4_encrypt_next_index);
Code Review / vpp.git / commitdiff