ip-packet: Fix removal of TFC padding for IPv6

The IPv6 length field denotes the payload length after the 40 bytes header.

Fixes: 293515f95cf5 ("libipsec: remove extra RFC4303 TFC padding appended to inner payload")

1 files changed, 1 insertions, 1 deletions

diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c
index 806526292..0998efa9d 100644
--- a/src/libipsec/ip_packet.c
+++ b/src/libipsec/ip_packet.c
@@ -247,7 +247,7 @@ ip_packet_t *ip_packet_create(chunk_t packet)
 			}
 			ip = (struct ip6_hdr*)packet.ptr;
 			/* remove any RFC 4303 TFC extra padding */
-			packet.len = min(packet.len, untoh16(&ip->ip6_plen));
+			packet.len = min(packet.len, 40 + untoh16(&ip->ip6_plen));
 			/* we only handle packets without extension headers, just skip the
 			 * basic IPv6 header */
 			payload = chunk_skip(packet, 40);