[PATCH 1/1] examples/ipsec-secgw: resolve segfault for IPsec packets

[Akhil Goyal]

> Subject: [PATCH 1/1] examples/ipsec-secgw: resolve segfault for IPsec packets
> 
> launching ipsec-segw application in event vector mode
> after traffic has started results in segfault because
> we are receiving few IPSEC packet and application is trying
> to decrypt IPSEC packets using lookaside protocol.
> This contradicts inline event mode.This patch fixes the same
> by freeing IPSEC packets and processing only plain packets.

Please add a Fixme tag and cc stable at dpdk.org

> 
> Signed-off-by: Rakesh Kudurumalla <rkudurumalla at marvell.com>
> ---
>  examples/ipsec-secgw/ipsec_worker.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-
> secgw/ipsec_worker.c
> index e0690fc8d9..04609964cd 100644
> --- a/examples/ipsec-secgw/ipsec_worker.c
> +++ b/examples/ipsec-secgw/ipsec_worker.c
> @@ -700,6 +700,9 @@ ipsec_ev_inbound_route_pkts(struct rte_event_vector
> *vec,
>  	struct rte_ipsec_session *sess;
>  	struct rte_mbuf *pkt;
>  	struct ipsec_sa *sa;
> +	uint8_t mask = (1UL << RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO)
> |
> +		       (1UL << RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL);
> +
> 
>  	j = ipsec_ev_route_ip_pkts(vec, rt, t);
> 
> @@ -707,7 +710,7 @@ ipsec_ev_inbound_route_pkts(struct rte_event_vector
> *vec,
>  	for (i = 0; i < t->ipsec.num; i++) {
>  		pkt = t->ipsec.pkts[i];
>  		sa = ipsec_mask_saptr(t->ipsec.saptr[i]);
> -		if (unlikely(sa == NULL)) {
> +		if (unlikely(sa == NULL) || ((1UL << sa->sessions[0].type) &
> mask)) {
>  			free_pkts(&pkt, 1);
>  			continue;
>  		}
> --
> 2.25.1