ipsec: fix crypto ops in esp decrypt

When both chained and non-chained buffers are processed in the same
vector, make sure the non-chained buffers are processed as non-chained
crypto ops.

Type: fix

Change-Id: I19fc02c25a0d5e2e8a1342e2b88bbae3fe92862f
Signed-off-by: Benoît Ganne <bganne@cisco.com>

diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 8c4a9e2..c13657d 100644 (file)
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -1035,8 +1035,8 @@ esp_decrypt_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
   const u8 esp_sz = sizeof (esp_header_t);
   ipsec_sa_t *sa0 = 0;
   vnet_crypto_op_t _op, *op = &_op;
-  vnet_crypto_op_t **crypto_ops = &ptd->crypto_ops;
-  vnet_crypto_op_t **integ_ops = &ptd->integ_ops;
+  vnet_crypto_op_t **crypto_ops;
+  vnet_crypto_op_t **integ_ops;
   int is_async = im->async_mode;
   vnet_crypto_async_op_id_t async_op = ~0;
   vnet_crypto_async_frame_t *async_frames[VNET_CRYPTO_ASYNC_OP_N_IDS];
@@ -1155,6 +1155,11 @@ esp_decrypt_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
          crypto_ops = &ptd->chained_crypto_ops;
          integ_ops = &ptd->chained_integ_ops;
        }
+      else
+       {
+         crypto_ops = &ptd->crypto_ops;
+         integ_ops = &ptd->integ_ops;
+       }
 
       pd->current_length = b[0]->current_length;