[dpdk-dev,1/2] examples/ipsec-secgw: fix bypass rule processing for outbound port
Checks
Commit Message
For outbound ports BYPASS rule is erroneously treated as PROTECT one
with SA idx zero.
Fixes: 2a5106af132b ("examples/ipsec-secgw: fix corner case for SPI value")
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Comments
On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:
> For outbound ports BYPASS rule is erroneously treated as PROTECT one
> with SA idx zero.
>
> Fixes: 2a5106af132b ("examples/ipsec-secgw: fix corner case for SPI value")
>
> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> ---
>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Akhil Goyal
> Sent: Thursday, June 21, 2018 2:26 PM
> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> Subject: Re: [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: fix bypass rule
> processing for outbound port
>
> On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:
>
> > For outbound ports BYPASS rule is erroneously treated as PROTECT one
> > with SA idx zero.
> >
> > Fixes: 2a5106af132b ("examples/ipsec-secgw: fix corner case for SPI
> > value")
> >
> > Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> > ---
> >
> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Applied this patch to dpdk-next-crypto.
The other patch of the series is still under discussion, so it will need to target RC3.
Thanks,
Pablo
@@ -510,11 +510,13 @@ outbound_sp(struct sp_ctx *sp, struct traffic_type *ip,
sa_idx = ip->res[i] & PROTECT_MASK;
if (ip->res[i] & DISCARD)
rte_pktmbuf_free(m);
+ else if (ip->res[i] & BYPASS)
+ ip->pkts[j++] = m;
else if (sa_idx < IPSEC_SA_MAX_ENTRIES) {
ipsec->res[ipsec->num] = sa_idx;
ipsec->pkts[ipsec->num++] = m;
- } else /* BYPASS */
- ip->pkts[j++] = m;
+ } else /* invalid SA idx */
+ rte_pktmbuf_free(m);
}
ip->num = j;
}