From b43a81319b2411bbdb96bd349cd3cdfd66714777 Mon Sep 17 00:00:00 2001 From: Tomasz Duszynski Date: Fri, 13 Oct 2017 10:04:36 +0200 Subject: [PATCH] examples/ipsec-secgw: fix IPv6 payload length IPv6 payload length header field should contain only the number of bytes following the IPv6 header and not the entire packet size. Fixes: f159e70b0922 ("examples/ipsec-secgw: support transport mode") Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6") Cc: stable@dpdk.org Signed-off-by: Tomasz Duszynski Acked-by: Sergio Gonzalez Monroy --- examples/ipsec-secgw/esp.c | 6 ++++-- examples/ipsec-secgw/ipip.h | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c index 56ad7a010d..063e63fb0e 100644 --- a/examples/ipsec-secgw/esp.c +++ b/examples/ipsec-secgw/esp.c @@ -211,7 +211,8 @@ esp_inbound_post(struct rte_mbuf *m, struct ipsec_sa *sa, /* XXX No option headers supported */ memmove(ip6, ip, sizeof(struct ip6_hdr)); ip6->ip6_nxt = *nexthdr; - ip6->ip6_plen = htons(rte_pktmbuf_data_len(m)); + ip6->ip6_plen = htons(rte_pktmbuf_data_len(m) - + sizeof(struct ip6_hdr)); } } else ipip_inbound(m, sizeof(struct esp_hdr) + sa->iv_len); @@ -313,7 +314,8 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, } else { ip6 = (struct ip6_hdr *)new_ip; ip6->ip6_nxt = IPPROTO_ESP; - ip6->ip6_plen = htons(rte_pktmbuf_data_len(m)); + ip6->ip6_plen = htons(rte_pktmbuf_data_len(m) - + sizeof(struct ip6_hdr)); } } diff --git a/examples/ipsec-secgw/ipip.h b/examples/ipsec-secgw/ipip.h index ff1dccdb8f..93393d527f 100644 --- a/examples/ipsec-secgw/ipip.h +++ b/examples/ipsec-secgw/ipip.h @@ -72,7 +72,8 @@ ipip_outbound(struct rte_mbuf *m, uint32_t offset, uint32_t is_ipv6, /* Per RFC4301 5.1.2.1 */ outip6->ip6_flow = htonl(IP6_VERSION << 28 | ds_ecn << 20); - outip6->ip6_plen = htons(rte_pktmbuf_data_len(m)); + outip6->ip6_plen = htons(rte_pktmbuf_data_len(m) - + sizeof(struct ip6_hdr)); outip6->ip6_nxt = IPPROTO_ESP; outip6->ip6_hops = IPDEFTTL; -- 2.20.1