IPSec punting to IKEv2 is valid only for NAT-T in IPv4.
Fix coverity CID 214915.
Type: fix
Change-Id: I6f2db38abf179565316f50c5d47c78acce3a0d01
Signed-off-by: Benoît Ganne <bganne@cisco.com>
int ip_hdr_sz = 0;
int is_req = 0, has_non_esp_marker = 0;
- if (b0->punt_reason == ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0])
+ ASSERT (0 == b0->punt_reason
+ || (is_ip4
+ && b0->punt_reason ==
+ ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0]));
+
+ if (is_ip4
+ && b0->punt_reason == ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0])
{
u8 *ptr = vlib_buffer_get_current (b0);
ip40 = (ip4_header_t *) ptr;