ipsec: rewind missing from dual loop
Type: fix
Fixes: a6bee0a1
Change-Id: I1959e28b82825d7928d471d3dfa827ea4cdd74b7
Signed-off-by: Giles Heron <giheron@cisco.com>
Signed-off-by: Neale Ranns <nranns@cisco.com>
diff --git a/src/vnet/ipsec/ipsec_if_in.c b/src/vnet/ipsec/ipsec_if_in.c
index 4e93725..76dbca2 100644
--- a/src/vnet/ipsec/ipsec_if_in.c
+++ b/src/vnet/ipsec/ipsec_if_in.c
@@ -149,6 +149,7 @@
esp_header_t *esp0, *esp1;
u32 len0, len1;
u16 buf_adv0, buf_adv1;
+ u16 buf_rewind0, buf_rewind1;
u32 tid0, tid1;
ipsec_tunnel_if_t *t0, *t1;
ipsec4_tunnel_key_t key40, key41;
@@ -185,11 +186,12 @@
(esp_header_t *) ((u8 *) ip40 + ip4_header_bytes (ip40) +
sizeof (udp_header_t));
buf_adv0 = 0;
+ buf_rewind0 = ip4_header_bytes (ip40) + sizeof (udp_header_t);
}
else
{
esp0 = (esp_header_t *) ((u8 *) ip40 + ip4_header_bytes (ip40));
- buf_adv0 = ip4_header_bytes (ip40);
+ buf_rewind0 = buf_adv0 = ip4_header_bytes (ip40);
}
/* NAT UDP port 4500 case, don't advance any more */
if (ip41->protocol == IP_PROTOCOL_UDP)
@@ -198,11 +200,12 @@
(esp_header_t *) ((u8 *) ip41 + ip4_header_bytes (ip41) +
sizeof (udp_header_t));
buf_adv1 = 0;
+ buf_rewind1 = ip4_header_bytes (ip40) + sizeof (udp_header_t);
}
else
{
esp1 = (esp_header_t *) ((u8 *) ip41 + ip4_header_bytes (ip41));
- buf_adv1 = ip4_header_bytes (ip41);
+ buf_rewind1 = buf_adv1 = ip4_header_bytes (ip41);
}
}
@@ -262,7 +265,8 @@
else
{
next[0] =
- ipsec_ip4_if_no_tunnel (node, b[0], esp0, ip40, buf_adv0);
+ ipsec_ip4_if_no_tunnel (node, b[0], esp0, ip40,
+ buf_rewind0);
n_no_tunnel++;
goto pkt1;
}
@@ -358,7 +362,8 @@
else
{
next[1] =
- ipsec_ip4_if_no_tunnel (node, b[1], esp1, ip41, buf_adv1);
+ ipsec_ip4_if_no_tunnel (node, b[1], esp1, ip41,
+ buf_rewind1);
n_no_tunnel++;
goto trace1;
}