[PATCH] examples/ipsec-secgw: fix cmp_sa_key bug

supeng2087 supeng2087 at aliyun.com
Wed Nov 22 08:58:40 CET 2023

Previous message (by thread): [PATCH] examples/ipsec-secgw: fix cmp_sa_key bug
Next message (by thread): [PATCH] examples/ipsec-secgw: fix cmp_sa_key bug
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: supeng <supeng at cmss.chinamobile.com>

Inbound direction, sad_lookup function will call cmp_sa_key to compare packet outer ip info with local sa.  Local sa src ip should equal packet dst ip,  Local sa dst ip should  equal src ip.
---
 examples/ipsec-secgw/sad.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/examples/ipsec-secgw/sad.h b/examples/ipsec-secgw/sad.h
index 3224b6252c..e1fa8a26f6 100644
--- a/examples/ipsec-secgw/sad.h
+++ b/examples/ipsec-secgw/sad.h
@@ -33,12 +33,12 @@ cmp_sa_key(struct ipsec_sa *sa, int is_v4, struct rte_ipv4_hdr *ipv4,
 	if ((sa_type == TRANSPORT) ||
 			/* IPv4 check */
 			(is_v4 && (sa_type == IP4_TUNNEL) &&
-			(sa->src.ip.ip4 == ipv4->src_addr) &&
-			(sa->dst.ip.ip4 == ipv4->dst_addr)) ||
+			(sa->src.ip.ip4 == ipv4->dst_addr) &&
+			(sa->dst.ip.ip4 == ipv4->src_addr)) ||
 			/* IPv6 check */
 			(!is_v4 && (sa_type == IP6_TUNNEL) &&
-			(!memcmp(sa->src.ip.ip6.ip6, ipv6->src_addr, 16)) &&
-			(!memcmp(sa->dst.ip.ip6.ip6, ipv6->dst_addr, 16))))
+			(!memcmp(sa->src.ip.ip6.ip6, ipv6->dst_addr, 16)) &&
+			(!memcmp(sa->dst.ip.ip6.ip6, ipv6->src_addr, 16))))
 		return 1;
 
 	return 0;
-- 
2.34.1

Previous message (by thread): [PATCH] examples/ipsec-secgw: fix cmp_sa_key bug
Next message (by thread): [PATCH] examples/ipsec-secgw: fix cmp_sa_key bug
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list