From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <yliu@fridaylinux.org>
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com
 [66.111.4.28]) by dpdk.org (Postfix) with ESMTP id 9F54D1B1B9
 for <stable@dpdk.org>; Wed, 24 Jan 2018 16:42:20 +0100 (CET)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
 by mailout.nyi.internal (Postfix) with ESMTP id 56D2F2241B;
 Wed, 24 Jan 2018 10:42:20 -0500 (EST)
Received: from frontend1 ([10.202.2.160])
 by compute1.internal (MEProxy); Wed, 24 Jan 2018 10:42:20 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fridaylinux.org;
 h=cc:date:from:in-reply-to:message-id:references:subject:to
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=WYnUz8lfH414JcnAh
 JB0FNKGa7TFZm1qOXu8GfDtteI=; b=n4rQv6YbixariWdhkG7wV9vuJGzgAGnDG
 7Ydo5+kc2BIzTLHTn/sXZz6HCfPqqMzKi8gM1t5RHuKgrjJnK5E50j1DVPDX965x
 bG5evTlMlL4YNFTKae5UZC7IdZKTv0V5D+rSHdlg8NMVw7gIqkBXfGNkjByElYhu
 9DbBjPRQxFkD9j3yflHGPGJuOwywryJ20zFxnQEYFNiSyrLUchcG1wmGvsgTLaE6
 ZrwUmBTntasPad5jp9mb2bbrpCYnS/mnDfePXl1CJ9oEeu3GOhbs3DYq2rUfpjfb
 RdLkoI9gIbSiTEuyyKWb1gxoo9Whb/aej1jYNMxEcq5fxEgiq6XPA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:date:from:in-reply-to:message-id
 :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=
 fm1; bh=WYnUz8lfH414JcnAhJB0FNKGa7TFZm1qOXu8GfDtteI=; b=BCyyXL2t
 ZdcoOkOZyrElckcbrjRoiBph3spCL+6TpkoQyBDuYCj/j5Z1qrODPS+D2iyFETmg
 ytfTq4PnJmPMuMVS05Z7MfDefb7/NkW2NVq91iuA9iFs76RxWTWhZeGWU0CuzrVU
 XBqK0AmHkGw/dU5MiFe2/2KHOugG6tJZpErgQVdDJ56LFipiSs1eMbhCKXvLgSLY
 mjWPKyshrRpoGwpGk6pGPH+sf61xtsnnLwOYUIFPaAD0t9J0IT5O1vxZtjq0Fekn
 lasA33VSkctWoLDn5Arajq9QeyuQPiQDLo5spuiUCxCzVrHbCHxD1dlDQR3Wrkvr
 M83tzjX1nSD2AQ==
X-ME-Sender: <xms:XKloWjOfhysrbQq6lGI0WPgogDNfKdnHWSv9hENXBmer3J7DqhYo8A>
Received: from localhost.localdomain (unknown [115.150.27.206])
 by mail.messagingengine.com (Postfix) with ESMTPA id 35A397E3DB;
 Wed, 24 Jan 2018 10:42:17 -0500 (EST)
From: Yuanhan Liu <yliu@fridaylinux.org>
To: Akhil Goyal <akhil.goyal@nxp.com>
Cc: Radu Nicolau <radu.nicolau@intel.com>,
	dpdk stable <stable@dpdk.org>
Date: Wed, 24 Jan 2018 23:33:32 +0800
Message-Id: <1516808026-25523-144-git-send-email-yliu@fridaylinux.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1516808026-25523-1-git-send-email-yliu@fridaylinux.org>
References: <1516808026-25523-1-git-send-email-yliu@fridaylinux.org>
Subject: [dpdk-stable] patch 'examples/ipsec-secgw: fix corner case for SPI
	value' has been queued to LTS release 17.11.1
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2018 15:42:20 -0000

Hi,

FYI, your patch has been queued to LTS release 17.11.1

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 01/26/18. So please
shout if anyone has objections.

Thanks.

	--yliu

---
>>From 0e03d0be1860f53fbfa0540084accaffbc134c2c Mon Sep 17 00:00:00 2001
From: Akhil Goyal <akhil.goyal@nxp.com>
Date: Thu, 11 Jan 2018 17:25:36 +0530
Subject: [PATCH] examples/ipsec-secgw: fix corner case for SPI value

[ upstream commit 2a5106af132b6cd740769714cb5096ee3654469e ]

IPSec application is using index 0 of SA table as error,
with current value of IPSEC_SA_MAX_ENTRIES(128) it can
not support SA with spi = 128, as it uses sa_idx = 0
in the SA table.

With this patch, sa_idx = 0 can also be used.

PS: spi = 0 is an invalid SPI and application throws error
for it.

Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 7 ++++---
 examples/ipsec-secgw/sa.c          | 2 ++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 2a406ab..b5ec70a 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -407,7 +407,8 @@ inbound_sp_sa(struct sp_ctx *sp, struct sa_ctx *sa, struct traffic_type *ip,
 		}
 		/* Only check SPI match for processed IPSec packets */
 		sa_idx = ip->res[i] & PROTECT_MASK;
-		if (sa_idx == 0 || !inbound_sa_check(sa, m, sa_idx)) {
+		if (sa_idx >= IPSEC_SA_MAX_ENTRIES ||
+				!inbound_sa_check(sa, m, sa_idx)) {
 			rte_pktmbuf_free(m);
 			continue;
 		}
@@ -472,9 +473,9 @@ outbound_sp(struct sp_ctx *sp, struct traffic_type *ip,
 	for (i = 0; i < ip->num; i++) {
 		m = ip->pkts[i];
 		sa_idx = ip->res[i] & PROTECT_MASK;
-		if ((ip->res[i] == 0) || (ip->res[i] & DISCARD))
+		if (ip->res[i] & DISCARD)
 			rte_pktmbuf_free(m);
-		else if (sa_idx != 0) {
+		else if (sa_idx < IPSEC_SA_MAX_ENTRIES) {
 			ipsec->res[ipsec->num] = sa_idx;
 			ipsec->pkts[ipsec->num++] = m;
 		} else /* BYPASS */
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 4c448e5..b9f4a21 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -269,6 +269,8 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 	APP_CHECK_TOKEN_IS_NUM(tokens, 1, status);
 	if (status->status < 0)
 		return;
+	if (atoi(tokens[1]) == INVALID_SPI)
+		return;
 	rule->spi = atoi(tokens[1]);
 
 	for (ti = 2; ti < n_tokens; ti++) {
-- 
2.7.4