IPSEC: ESP IPv6 transport mode payload length incorrect (VPP-1653)

Change-Id: I8977100d7a22b50260858bd1ea9db419b53284ff Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-18 17:18:12 -07:00
parent d35abc4c67
commit d207fd7e25
2 changed files with 7 additions and 1 deletions
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@ -402,7 +402,9 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 	      ip6_header_t *ip6 = (ip6_header_t *) (ip_hdr);
 	      *next_hdr_ptr = ip6->protocol;
 	      ip6->protocol = IP_PROTOCOL_IPSEC_ESP;
-	      ip6->payload_length = payload_len + hdr_len - l2_len - ip_len;
+	      ip6->payload_length =
+		clib_host_to_net_u16 (payload_len + hdr_len - l2_len -
+				      ip_len);
 	    }
 	  else
 	    {
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@ -463,6 +463,8 @@ class IpsecTra6(object):
            recv_pkts = self.send_and_expect(self.tra_if, send_pkts,
                                             self.tra_if)
            for rx in recv_pkts:
+                self.assertEqual(len(rx) - len(Ether()) - len(IPv6()),
+                                 rx[IPv6].plen)
                try:
                    decrypted = p.vpp_tra_sa.decrypt(rx[IPv6])
                    self.assert_packet_checksums_valid(decrypted)
@ -660,6 +662,8 @@ class IpsecTun6(object):
                                       count=count)
            recv_pkts = self.send_and_expect(self.pg1, send_pkts, self.tun_if)
            for recv_pkt in recv_pkts:
+                self.assertEqual(len(recv_pkt) - len(Ether()) - len(IPv6()),
+                                 recv_pkt[IPv6].plen)
                try:
                    decrypt_pkt = p.vpp_tun_sa.decrypt(recv_pkt[IPv6])
                    if not decrypt_pkt.haslayer(IPv6):