ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ikev2: respect punting only for ipv4

Browse Source 
IPSec punting to IKEv2 is valid only for NAT-T in IPv4.
Fix coverity CID 214915.

Type: fix

Change-Id: I6f2db38abf179565316f50c5d47c78acce3a0d01
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit d9ed0b6786)
This commit is contained in:
Benoît Ganne
2020-11-12 10:29:23 +01:00
committed by Andrew Yourtchenko
parent 49de3282a3
commit 186f018f68
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/plugins/ikev2/ikev2.c
View File

@@ -2816,7 +2816,13 @@ ikev2_node_internal (vlib_main_t * vm,
int ip_hdr_sz = 0; int ip_hdr_sz = 0;
int is_req = 0, has_non_esp_marker = 0; int is_req = 0, has_non_esp_marker = 0;
if (b0->punt_reason == ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0]) ASSERT (0 == b0->punt_reason
|| (is_ip4
&& b0->punt_reason ==
ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0]));
if (is_ip4
&& b0->punt_reason == ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0])
{ {
u8 *ptr = vlib_buffer_get_current (b0); u8 *ptr = vlib_buffer_get_current (b0);
ip40 = (ip4_header_t *) ptr; ip40 = (ip4_header_t *) ptr;