Code Review / vpp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: a5a9efd)
ikev2: fix lookup in wrong ip table 97/30597/2
authorFilip Tehlar <ftehlar@cisco.com>
Mon, 4 Jan 2021 14:03:53 +0000 (14:03 +0000)
committerBeno�t Ganne <bganne@cisco.com>
Fri, 8 Jan 2021 13:05:32 +0000 (13:05 +0000)
In responder mode we need to remember interface index from which IKE
session was initiated. Otherwise when sending keep alive packets to the
initiator, the default ip table is always used for lookup instead of the
one associated with the interface.

Type: fix

Change-Id: Iade3fc3a490b7ae83c3f6e9014d1f4204e476ac1
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
src/plugins/ikev2/ikev2.c patch | blob | history

diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index 7aaf4f3..8d06bd3 100644 (file)
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -716,9 +716,8 @@ ikev2_check_payload_length (const ike_payload_header_t * ikep, int rlen,
 }
 
 static int
-ikev2_process_sa_init_req (vlib_main_t * vm,
-                          ikev2_sa_t * sa, ike_header_t * ike,
-                          udp_header_t * udp, u32 len)
+ikev2_process_sa_init_req (vlib_main_t *vm, ikev2_sa_t *sa, ike_header_t *ike,
+                          udp_header_t *udp, u32 len, u32 sw_if_index)
 {
   u8 nonce[IKEV2_NONCE_SIZE];
   int p = 0;
@@ -733,6 +732,7 @@ ikev2_process_sa_init_req (vlib_main_t * vm,
                       ip_addr_version (&sa->iaddr) == AF_IP4);
 
   sa->ispi = clib_net_to_host_u64 (ike->ispi);
+  sa->sw_if_index = sw_if_index;
 
   /* store whole IKE payload - needed for PSK auth */
   vec_reset_length (sa->last_sa_init_req_packet_data);
@@ -2958,7 +2958,9 @@ ikev2_node_internal (vlib_main_t * vm,
                      goto dispatch0;
                    }
 
-                 res = ikev2_process_sa_init_req (vm, sa0, ike0, udp0, rlen);
+                 res = ikev2_process_sa_init_req (
+                   vm, sa0, ike0, udp0, rlen,
+                   vnet_buffer (b0)->sw_if_index[VLIB_RX]);
                  if (!res)
                    vlib_node_increment_counter (vm, node->node_index,
                                                 IKEV2_ERROR_MALFORMED_PACKET,
Vector Packet Processing