Skip to content

Commit

Permalink
ikev2: respect punting only for ipv4
Browse files Browse the repository at this point in the history 
IPSec punting to IKEv2 is valid only for NAT-T in IPv4.
Fix coverity CID 214915.

Type: fix

Change-Id: I6f2db38abf179565316f50c5d47c78acce3a0d01
Signed-off-by: Benoît Ganne <[email protected]>
  • Loading branch information
@bganne @mgsmith1000
bganne authored and mgsmith1000 committed Nov 19, 2020
1 parent 83f37fc commit d9ed0b6
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion src/plugins/ikev2/ikev2.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2817,7 +2817,13 @@ ikev2_node_internal (vlib_main_t * vm,
int ip_hdr_sz = 0;
int is_req = 0, has_non_esp_marker = 0;

if (b0->punt_reason == ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0])
ASSERT (0 == b0->punt_reason
|| (is_ip4
&& b0->punt_reason ==
ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0]));

if (is_ip4
&& b0->punt_reason == ipsec_punt_reason[IPSEC_PUNT_IP4_SPI_UDP_0])
{
u8 *ptr = vlib_buffer_get_current (b0);
ip40 = (ip4_header_t *) ptr;
Expand Down

0 comments on commit d9ed0b6

Please sign in to comment.