[dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: fix bypass rule processing for outbound port

Konstantin Ananyev konstantin.ananyev at intel.com
Tue Jun 5 16:16:02 CEST 2018

Previous message: [dpdk-dev] [PATCH v2] net/pcap: rx_iface_in stream type support
Next message: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For outbound ports BYPASS rule is erroneously treated as PROTECT one
with SA idx zero.

Fixes: 2a5106af132b ("examples/ipsec-secgw: fix corner case for SPI value")

Signed-off-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index a5da8b280..fafb41161 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -510,11 +510,13 @@ outbound_sp(struct sp_ctx *sp, struct traffic_type *ip,
 		sa_idx = ip->res[i] & PROTECT_MASK;
 		if (ip->res[i] & DISCARD)
 			rte_pktmbuf_free(m);
+		else if (ip->res[i] & BYPASS)
+			ip->pkts[j++] = m;
 		else if (sa_idx < IPSEC_SA_MAX_ENTRIES) {
 			ipsec->res[ipsec->num] = sa_idx;
 			ipsec->pkts[ipsec->num++] = m;
-		} else /* BYPASS */
-			ip->pkts[j++] = m;
+		} else /* invalid SA idx */
+			rte_pktmbuf_free(m);
 	}
 	ip->num = j;
 }
-- 
2.13.6

Previous message: [dpdk-dev] [PATCH v2] net/pcap: rx_iface_in stream type support
Next message: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list