ipv6 payload length header field should contain only the number of bytes
following the ipv6 header and not the entire packet size.
Fixes: f159e70b0922 ("examples/ipsec-secgw: support transport mode")
Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")
Signed-off-by: Tomasz Duszynski <t...@semihalf.com>
---
examples/ipsec-secgw/esp.c | 6 ++++--
examples/ipsec-secgw/ipip.h | 3 ++-
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 70bb81f..2897840 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -211,7 +211,8 @@ esp_inbound_post(struct rte_mbuf *m, struct ipsec_sa *sa,
/* XXX No option headers supported */
memmove(ip6, ip, sizeof(struct ip6_hdr));
ip6->ip6_nxt = *nexthdr;
- ip6->ip6_plen = htons(rte_pktmbuf_data_len(m));
+ ip6->ip6_plen = htons(rte_pktmbuf_data_len(m) -
+ sizeof(struct ip6_hdr));
}
} else
ipip_inbound(m, sizeof(struct esp_hdr) + sa->iv_len);
@@ -313,7 +314,8 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
} else {
ip6 = (struct ip6_hdr *)new_ip;
ip6->ip6_nxt = IPPROTO_ESP;
- ip6->ip6_plen = htons(rte_pktmbuf_data_len(m));
+ ip6->ip6_plen = htons(rte_pktmbuf_data_len(m) -
+ sizeof(struct ip6_hdr));
}
}
diff --git a/examples/ipsec-secgw/ipip.h b/examples/ipsec-secgw/ipip.h
index ff1dccd..93393d5 100644
--- a/examples/ipsec-secgw/ipip.h
+++ b/examples/ipsec-secgw/ipip.h
@@ -72,7 +72,8 @@ ipip_outbound(struct rte_mbuf *m, uint32_t offset, uint32_t
is_ipv6,
/* Per RFC4301 5.1.2.1 */
outip6->ip6_flow = htonl(IP6_VERSION << 28 | ds_ecn << 20);
- outip6->ip6_plen = htons(rte_pktmbuf_data_len(m));
+ outip6->ip6_plen = htons(rte_pktmbuf_data_len(m) -
+ sizeof(struct ip6_hdr));
outip6->ip6_nxt = IPPROTO_ESP;
outip6->ip6_hops = IPDEFTTL;
--
2.7.4
