Hi, Piotr
The follow is example fixed code.
ipsec_fp_get_policy_5tuple (ipsec_policy_t *policy, ipsec_fp_5tuple_t *tuple,
bool inbound)
{
memset (tuple, 0, sizeof (*tuple));
tuple->is_ipv6 = policy->is_ipv6;
if (tuple->is_ipv6)
{
tuple->ip6_laddr =
Hi, Piotr
My question is that the src and dst entry in fp_5tuple in function
ipsec_fp_ip4_add_policy are diffrent from src and dst entry in fp_5tuple
in function ipsec4_input_node. So inboud match will be not match failed.
You see in IKE code kernel_vpp_ipsec.c , the mp->entry.local
Hi Guangming
I am not sure if I understand your question. There was a bug, in implementation
of fast path for inbound traffic, where I've messed up translation of src and
dst to the local and remote address, but it has been fixed with
commit 1d9780a43fe54a55c7540f3528b8703ede0a5871
Author: Piot
