* [dpdk-dev] [PATCH] examples/ipsec-secgw: fix corner case for spi value
@ 2018-01-11 11:55 Akhil Goyal
2018-01-16 11:01 ` Nicolau, Radu
0 siblings, 1 reply; 3+ messages in thread
From: Akhil Goyal @ 2018-01-11 11:55 UTC (permalink / raw)
To: dev
Cc: pablo.de.lara.guarch, hemant.agrawal, sergio.gonzalez.monroy,
radu.nicolau, Akhil Goyal
application is using index 0 of SA table as error,
with current value of IPSEC_SA_MAX_ENTRIES(128) it can
not support SA with spi = 128, as it uses sa_idx = 0
in the SA table.
With this patch, sa_idx = 0 can also be used.
PS: spi = 0 is an invalid SPI and application throws error
for it.
Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 7 ++++---
examples/ipsec-secgw/sa.c | 2 ++
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index d6f7b36..4d50e72 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -420,7 +420,8 @@ inbound_sp_sa(struct sp_ctx *sp, struct sa_ctx *sa, struct traffic_type *ip,
}
sa_idx = ip->res[i] & PROTECT_MASK;
- if (sa_idx == 0 || !inbound_sa_check(sa, m, sa_idx)) {
+ if (sa_idx >= IPSEC_SA_MAX_ENTRIES ||
+ !inbound_sa_check(sa, m, sa_idx)) {
rte_pktmbuf_free(m);
continue;
}
@@ -485,9 +486,9 @@ outbound_sp(struct sp_ctx *sp, struct traffic_type *ip,
for (i = 0; i < ip->num; i++) {
m = ip->pkts[i];
sa_idx = ip->res[i] & PROTECT_MASK;
- if ((ip->res[i] == 0) || (ip->res[i] & DISCARD))
+ if (ip->res[i] & DISCARD)
rte_pktmbuf_free(m);
- else if (sa_idx != 0) {
+ else if (sa_idx < IPSEC_SA_MAX_ENTRIES) {
ipsec->res[ipsec->num] = sa_idx;
ipsec->pkts[ipsec->num++] = m;
} else /* BYPASS */
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 1ae4e2a..25ceea1 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -240,6 +240,8 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
APP_CHECK_TOKEN_IS_NUM(tokens, 1, status);
if (status->status < 0)
return;
+ if (atoi(tokens[1]) == INVALID_SPI)
+ return;
rule->spi = atoi(tokens[1]);
for (ti = 2; ti < n_tokens; ti++) {
--
2.9.3
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix corner case for spi value
2018-01-11 11:55 [dpdk-dev] [PATCH] examples/ipsec-secgw: fix corner case for spi value Akhil Goyal
@ 2018-01-16 11:01 ` Nicolau, Radu
2018-01-17 16:54 ` De Lara Guarch, Pablo
0 siblings, 1 reply; 3+ messages in thread
From: Nicolau, Radu @ 2018-01-16 11:01 UTC (permalink / raw)
To: Akhil Goyal, dev
Cc: De Lara Guarch, Pablo, hemant.agrawal, Gonzalez Monroy, Sergio
> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Thursday, January 11, 2018 11:56 AM
> To: dev@dpdk.org
> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> hemant.agrawal@nxp.com; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>; Nicolau, Radu
> <radu.nicolau@intel.com>; Akhil Goyal <akhil.goyal@nxp.com>
> Subject: [PATCH] examples/ipsec-secgw: fix corner case for spi value
>
> application is using index 0 of SA table as error, with current value of
> IPSEC_SA_MAX_ENTRIES(128) it can not support SA with spi = 128, as it uses
> sa_idx = 0 in the SA table.
>
> With this patch, sa_idx = 0 can also be used.
>
> PS: spi = 0 is an invalid SPI and application throws error for it.
>
> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
>
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix corner case for spi value
2018-01-16 11:01 ` Nicolau, Radu
@ 2018-01-17 16:54 ` De Lara Guarch, Pablo
0 siblings, 0 replies; 3+ messages in thread
From: De Lara Guarch, Pablo @ 2018-01-17 16:54 UTC (permalink / raw)
To: Nicolau, Radu, Akhil Goyal, dev
Cc: hemant.agrawal, Gonzalez Monroy, Sergio, stable
> -----Original Message-----
> From: Nicolau, Radu
> Sent: Tuesday, January 16, 2018 11:02 AM
> To: Akhil Goyal <akhil.goyal@nxp.com>; dev@dpdk.org
> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> hemant.agrawal@nxp.com; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>
> Subject: RE: [PATCH] examples/ipsec-secgw: fix corner case for spi value
>
>
>
> > -----Original Message-----
> > From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> > Sent: Thursday, January 11, 2018 11:56 AM
> > To: dev@dpdk.org
> > Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> > hemant.agrawal@nxp.com; Gonzalez Monroy, Sergio
> > <sergio.gonzalez.monroy@intel.com>; Nicolau, Radu
> > <radu.nicolau@intel.com>; Akhil Goyal <akhil.goyal@nxp.com>
> > Subject: [PATCH] examples/ipsec-secgw: fix corner case for spi value
> >
> > application is using index 0 of SA table as error, with current value
> > of
> > IPSEC_SA_MAX_ENTRIES(128) it can not support SA with spi = 128, as it
> > uses sa_idx = 0 in the SA table.
> >
> > With this patch, sa_idx = 0 can also be used.
> >
> > PS: spi = 0 is an invalid SPI and application throws error for it.
> >
> > Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample
> > application")
> >
> > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> > ---
> Acked-by: Radu Nicolau <radu.nicolau@intel.com>
CC'ing stable ML.
Applied to dpdk-next-crypto.
Thanks,
Pablo
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-01-17 16:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-11 11:55 [dpdk-dev] [PATCH] examples/ipsec-secgw: fix corner case for spi value Akhil Goyal
2018-01-16 11:01 ` Nicolau, Radu
2018-01-17 16:54 ` De Lara Guarch, Pablo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).