ipsec: IPSec protection for multi-point tunnel interfaces
Type: feature
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Iaba2ab11bfaa1c8db4023434e3043ac39500f938
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index 2c4da5d..7df537a 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -23,6 +23,7 @@
#include <vnet/crypto/crypto.h>
#include <vnet/ipsec/ipsec.h>
+#include <vnet/ipsec/ipsec_tun.h>
#include <vnet/ipsec/esp.h>
#define foreach_esp_encrypt_next \
@@ -319,13 +320,13 @@
if (is_tun)
{
/* we are on a ipsec tunnel's feature arc */
- u32 next0;
+ u32 next0 = 0;
config_index = b[0]->current_config_index;
- sa_index0 = *(u32 *) vnet_feature_next_with_data (&next0, b[0],
- sizeof
- (sa_index0));
- vnet_buffer (b[0])->ipsec.sad_index = sa_index0;
+ vnet_feature_next (&next0, b[0]);
next[0] = next0;
+ vnet_buffer (b[0])->ipsec.sad_index =
+ sa_index0 = ipsec_tun_protect_get_sa_out
+ (vnet_buffer (b[0])->ip.adj_index[VLIB_TX]);
}
else
sa_index0 = vnet_buffer (b[0])->ipsec.sad_index;