ikev2: respect punting only for ipv4

IPSec punting to IKEv2 is valid only for NAT-T in IPv4.
Fix coverity CID 214915.

Type: fix

Change-Id: I6f2db38abf179565316f50c5d47c78acce3a0d01
Signed-off-by: Benoît Ganne <bganne@cisco.com>

diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index 17d2347..47b2e9e 100644 (file)
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -2817,7 +2817,13 @@ ikev2_node_internal (vlib_main_t * vm,
       int ip_hdr_sz = 0;
       int is_req = 0, has_non_esp_marker = 0;
 
-      if (b0->punt_reason == ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0])
+      ASSERT (0 == b0->punt_reason
+             || (is_ip4
+                 && b0->punt_reason ==
+                 ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0]));
+
+      if (is_ip4
+         && b0->punt_reason == ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0])
        {
          u8 *ptr = vlib_buffer_get_current (b0);
          ip40 = (ip4_header_t *) ptr;