dpdk: fix udp-encap for esp in transport mode

Now UDP encapsulation doesn't work in transport mode because:
 - the encrypt node misses filling of UDP header and it gets sent with
   all zeros;
 - the decrypt node misses filling of new IP header and it contains
   garbage data.

With this commit, fill UDP header during encryption and fill IP header
during decryption.

Change-Id: I87a7bd594f0e312b16d3e5eb19e568b4e3164d36
Type: fix
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>

diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c
index 3152516..ae35ab5 100644 (file)
--- a/src/plugins/dpdk/ipsec/esp_decrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_decrypt.c
@@ -616,16 +616,14 @@ dpdk_esp_decrypt_post_inline (vlib_main_t * vm,
              if ((ih4->ip_version_and_header_length & 0xF0) == 0x40)
                {
                  u16 ih4_len = ip4_header_bytes (ih4);
-                 vlib_buffer_advance (b0, -ih4_len - udp_encap_adv);
+                 vlib_buffer_advance (b0, -ih4_len);
                  next0 = ESP_DECRYPT_NEXT_IP4_INPUT;
-                 if (!ipsec_sa_is_set_UDP_ENCAP (sa0))
-                   {
-                     oh4 = vlib_buffer_get_current (b0);
-                     memmove (oh4, ih4, ih4_len);
-                     oh4->protocol = f0->next_header;
-                     oh4->length = clib_host_to_net_u16 (b0->current_length);
-                     oh4->checksum = ip4_header_checksum (oh4);
-                   }
+
+                 oh4 = vlib_buffer_get_current (b0);
+                 memmove (oh4, ih4, ih4_len);
+                 oh4->protocol = f0->next_header;
+                 oh4->length = clib_host_to_net_u16 (b0->current_length);
+                 oh4->checksum = ip4_header_checksum (oh4);
                }
              else if ((ih4->ip_version_and_header_length & 0xF0) == 0x60)
                {

diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index c024f97..73f2081 100644 (file)
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -428,6 +428,7 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
              u8 *src = ((u8 *) ih0) - rewrite_len;
              u8 *dst = vlib_buffer_get_current (b0);
              oh0 = vlib_buffer_get_current (b0) + rewrite_len;
+             ouh0 = vlib_buffer_get_current (b0) + rewrite_len;
 
              if (is_ip6)
                {
@@ -577,7 +578,7 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
              tr->crypto_alg = sa0->crypto_alg;
              tr->integ_alg = sa0->integ_alg;
              u8 *p = vlib_buffer_get_current (b0);
-             if (!ipsec_sa_is_set_IS_TUNNEL (sa0))
+             if (!ipsec_sa_is_set_IS_TUNNEL (sa0) && !is_tun)
                p += vnet_buffer (b0)->ip.save_rewrite_length;
              clib_memcpy_fast (tr->packet_data, p, sizeof (tr->packet_data));
            }