The pointer to IP header was derived from l3_hdr_offset,
which would be ok, if l3_hdr_offset was valid. But it does not
have to be, so it was a bad solution. Now the previous nodes
mark whether it is a IPv6 or IPv4 packet tyle, and in esp_decrypt
we count get ip header pointer by substracting the size
of the ip header from the pointer to esp header (which lies
in front of the ip header).
Change-Id: I6d425b90931053711e8ce9126811b77ae6002a16
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
esp_replay_advance(sa0, seq);
}
- ih4 = (ip4_header_t *) (b0->data + vnet_buffer(b0)->l3_hdr_offset);
+ if (b0->flags & VNET_BUFFER_F_IS_IP4)
+ ih4 =
+ (ip4_header_t *) ((u8 *) esp0 - sizeof (ip4_header_t));
+ else
+ ih4 =
+ (ip4_header_t *) ((u8 *) esp0 - sizeof (ip6_header_t));
+
vlib_buffer_advance (b0, sizeof (esp_header_t) + iv_size);
b0->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID;
{
tunnel_mode = 0;
- ih4 =
- (ip4_header_t *) ((u8 *) i_b0->data +
- vnet_buffer (i_b0)->l3_hdr_offset);
+ if (i_b0->flags & VNET_BUFFER_F_IS_IP4)
+ ih4 =
+ (ip4_header_t *) ((u8 *) esp0 - sizeof (ip4_header_t));
+ else
+ ih4 =
+ (ip4_header_t *) ((u8 *) esp0 - sizeof (ip6_header_t));
+
if (PREDICT_TRUE
((ih4->ip_version_and_header_length & 0xF0) != 0x40))
{
n_left_to_next -= 1;
b0 = vlib_get_buffer (vm, bi0);
+ b0->flags |= VNET_BUFFER_F_IS_IP4;
+ b0->flags &= ~VNET_BUFFER_F_IS_IP6;
c0 =
vnet_feature_next_with_data (vnet_buffer (b0)->sw_if_index
[VLIB_RX], &next0, b0,
n_left_to_next -= 1;
b0 = vlib_get_buffer (vm, bi0);
+ b0->flags |= VNET_BUFFER_F_IS_IP6;
+ b0->flags &= ~VNET_BUFFER_F_IS_IP4;
c0 =
vnet_feature_next_with_data (vnet_buffer (b0)->sw_if_index
[VLIB_RX], &next0, b0,