Fix VPP-1515 IPSec receive packet error in transport mode with udp encap

Change-Id: Ife66395b89e1e9f9206666e5f0fd441b3c241bb2
Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>

diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 68cb825..3f46350 100644 (file)
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -277,9 +277,19 @@ esp_decrypt_inline (vlib_main_t * vm,
                    }
                  else
                    {
-                     ih4 =
-                       (ip4_header_t *) ((u8 *) esp0 -
-                                         sizeof (ip4_header_t));
+                     if (sa0->udp_encap)
+                       {
+                         ih4 =
+                           (ip4_header_t *) ((u8 *) esp0 -
+                                             sizeof (udp_header_t) -
+                                             sizeof (ip4_header_t));
+                       }
+                     else
+                       {
+                         ih4 =
+                           (ip4_header_t *) ((u8 *) esp0 -
+                                             sizeof (ip4_header_t));
+                       }
                      oh4 = vlib_buffer_get_current (o_b0);
                      ip_hdr_size = sizeof (ip4_header_t);
                    }

diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index 4f2d770..88eda91 100644 (file)
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -311,7 +311,7 @@ esp_encrypt_inline (vlib_main_t * vm,
                  vnet_buffer (o_b0)->sw_if_index[VLIB_TX] =
                    vnet_buffer (i_b0)->sw_if_index[VLIB_TX];
                }
-             vlib_buffer_advance (i_b0, ip_udp_hdr_size);
+             vlib_buffer_advance (i_b0, sizeof (ip4_header_t));
            }
 
          ASSERT (sa0->crypto_alg < IPSEC_CRYPTO_N_ALG);