From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by dpdk.org (Postfix) with ESMTP id 9F54D1B1B9 for ; Wed, 24 Jan 2018 16:42:20 +0100 (CET) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 56D2F2241B; Wed, 24 Jan 2018 10:42:20 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute1.internal (MEProxy); Wed, 24 Jan 2018 10:42:20 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fridaylinux.org; h=cc:date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=WYnUz8lfH414JcnAh JB0FNKGa7TFZm1qOXu8GfDtteI=; b=n4rQv6YbixariWdhkG7wV9vuJGzgAGnDG 7Ydo5+kc2BIzTLHTn/sXZz6HCfPqqMzKi8gM1t5RHuKgrjJnK5E50j1DVPDX965x bG5evTlMlL4YNFTKae5UZC7IdZKTv0V5D+rSHdlg8NMVw7gIqkBXfGNkjByElYhu 9DbBjPRQxFkD9j3yflHGPGJuOwywryJ20zFxnQEYFNiSyrLUchcG1wmGvsgTLaE6 ZrwUmBTntasPad5jp9mb2bbrpCYnS/mnDfePXl1CJ9oEeu3GOhbs3DYq2rUfpjfb RdLkoI9gIbSiTEuyyKWb1gxoo9Whb/aej1jYNMxEcq5fxEgiq6XPA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=WYnUz8lfH414JcnAhJB0FNKGa7TFZm1qOXu8GfDtteI=; b=BCyyXL2t ZdcoOkOZyrElckcbrjRoiBph3spCL+6TpkoQyBDuYCj/j5Z1qrODPS+D2iyFETmg ytfTq4PnJmPMuMVS05Z7MfDefb7/NkW2NVq91iuA9iFs76RxWTWhZeGWU0CuzrVU XBqK0AmHkGw/dU5MiFe2/2KHOugG6tJZpErgQVdDJ56LFipiSs1eMbhCKXvLgSLY mjWPKyshrRpoGwpGk6pGPH+sf61xtsnnLwOYUIFPaAD0t9J0IT5O1vxZtjq0Fekn lasA33VSkctWoLDn5Arajq9QeyuQPiQDLo5spuiUCxCzVrHbCHxD1dlDQR3Wrkvr M83tzjX1nSD2AQ== X-ME-Sender: Received: from localhost.localdomain (unknown [115.150.27.206]) by mail.messagingengine.com (Postfix) with ESMTPA id 35A397E3DB; Wed, 24 Jan 2018 10:42:17 -0500 (EST) From: Yuanhan Liu To: Akhil Goyal Cc: Radu Nicolau , dpdk stable Date: Wed, 24 Jan 2018 23:33:32 +0800 Message-Id: <1516808026-25523-144-git-send-email-yliu@fridaylinux.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516808026-25523-1-git-send-email-yliu@fridaylinux.org> References: <1516808026-25523-1-git-send-email-yliu@fridaylinux.org> Subject: [dpdk-stable] patch 'examples/ipsec-secgw: fix corner case for SPI value' has been queued to LTS release 17.11.1 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jan 2018 15:42:20 -0000 Hi, FYI, your patch has been queued to LTS release 17.11.1 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 01/26/18. So please shout if anyone has objections. Thanks. --yliu --- >>From 0e03d0be1860f53fbfa0540084accaffbc134c2c Mon Sep 17 00:00:00 2001 From: Akhil Goyal Date: Thu, 11 Jan 2018 17:25:36 +0530 Subject: [PATCH] examples/ipsec-secgw: fix corner case for SPI value [ upstream commit 2a5106af132b6cd740769714cb5096ee3654469e ] IPSec application is using index 0 of SA table as error, with current value of IPSEC_SA_MAX_ENTRIES(128) it can not support SA with spi = 128, as it uses sa_idx = 0 in the SA table. With this patch, sa_idx = 0 can also be used. PS: spi = 0 is an invalid SPI and application throws error for it. Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application") Signed-off-by: Akhil Goyal Acked-by: Radu Nicolau --- examples/ipsec-secgw/ipsec-secgw.c | 7 ++++--- examples/ipsec-secgw/sa.c | 2 ++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index 2a406ab..b5ec70a 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -407,7 +407,8 @@ inbound_sp_sa(struct sp_ctx *sp, struct sa_ctx *sa, struct traffic_type *ip, } /* Only check SPI match for processed IPSec packets */ sa_idx = ip->res[i] & PROTECT_MASK; - if (sa_idx == 0 || !inbound_sa_check(sa, m, sa_idx)) { + if (sa_idx >= IPSEC_SA_MAX_ENTRIES || + !inbound_sa_check(sa, m, sa_idx)) { rte_pktmbuf_free(m); continue; } @@ -472,9 +473,9 @@ outbound_sp(struct sp_ctx *sp, struct traffic_type *ip, for (i = 0; i < ip->num; i++) { m = ip->pkts[i]; sa_idx = ip->res[i] & PROTECT_MASK; - if ((ip->res[i] == 0) || (ip->res[i] & DISCARD)) + if (ip->res[i] & DISCARD) rte_pktmbuf_free(m); - else if (sa_idx != 0) { + else if (sa_idx < IPSEC_SA_MAX_ENTRIES) { ipsec->res[ipsec->num] = sa_idx; ipsec->pkts[ipsec->num++] = m; } else /* BYPASS */ diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 4c448e5..b9f4a21 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -269,6 +269,8 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, APP_CHECK_TOKEN_IS_NUM(tokens, 1, status); if (status->status < 0) return; + if (atoi(tokens[1]) == INVALID_SPI) + return; rule->spi = atoi(tokens[1]); for (ti = 2; ti < n_tokens; ti++) { -- 2.7.4