From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by dpdk.org (Postfix) with ESMTP id 1F5571B31D for ; Fri, 26 Jan 2018 14:16:59 +0100 (CET) Received: by mail-wm0-f67.google.com with SMTP id r78so21199230wme.0 for ; Fri, 26 Jan 2018 05:16:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=VtWju2K+f9uDrDJsAWB+W0LqF9BNBmRu49wlX4YQPmA=; b=JDsqdlGT+i0+es5QJI+AN162PFFEuwZ5X+cva2nBuiOWvnQ9fyjpZvls9Caw9IIhl4 TPhX50eZda4IH42s1v+FO4qp8Az2DxSmbSKXpVG7yqcK3wOFx2qatXdZRGC6LJoomFgy FEjDhISaMpJ/00UUx2KjMxrQTXmD3yrB3Lv4kKC9Jk6oietVihgXk4dYFPPoXVUCQ89n y3sWML7nfAm02gxmk6zzf/DT83jhgAi1GnZ9hOqQVM/cyMm/NuCweZLRqF7Tk5sIHpOz MSkqXAEftSXKNOOkQOwsyTwxePwvR0WqBYrA+fd4TRX2rufx/CvarrXzEK7JAYNmrb4F qAvw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=VtWju2K+f9uDrDJsAWB+W0LqF9BNBmRu49wlX4YQPmA=; b=ewGHilpRes+MChgxSnQrRNf/v5YPXS4Kk11j3xWaQl16Ydjyuu7IHD+HHKPOYkWYrA HmxtG3rF7Go9/HGPNfyufwkdgzQ1uwzLjskuUhiBbfHPB8UkSBlU3vuJ2PZIBKBgoD82 KYlik+lY25fyFf+gNRkHhOlYvW2RZvIqGx9M0iXiO+yRSXkLSXKgcPWjxyoBMgbZ1AQ8 SilqnNUhBz1iDPaYZ8QHeJTFfyOlPuSWCuntDyYSoFOeQXuQv54rE2dYHgS18lZU72AZ crWdogEbJI4dhW5xEYdKZO/2IAdxOardbq1axHx8c2VeIhvu0k8mERMpGHVa1BsKLA+3 5fkw== X-Gm-Message-State: AKwxytdG9Vu77eGnvziqRylCpKv2cZUrJFyiaQYcp/aWLJul1M9Vm0qE C5/DesmiMX70iooJqeV9cwo= X-Google-Smtp-Source: AH8x226TdRGTJex5CT2VeAFlBP0b8AzdXlwrKpo6Hl2Ls3Gqn3KbsY0uyOnSca/bLE1z4w8YMi9yfA== X-Received: by 10.28.1.210 with SMTP id 201mr10067242wmb.120.1516972618843; Fri, 26 Jan 2018 05:16:58 -0800 (PST) Received: from localhost ([2a00:23c5:bef3:400:9531:588b:44ae:bec4]) by smtp.gmail.com with ESMTPSA id f13sm6992448wre.84.2018.01.26.05.16.58 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 26 Jan 2018 05:16:58 -0800 (PST) From: luca.boccassi@gmail.com To: Akhil Goyal Cc: Radu Nicolau , dpdk stable Date: Fri, 26 Jan 2018 13:13:29 +0000 Message-Id: <20180126131332.15346-59-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.14.2 In-Reply-To: <20180126131332.15346-1-luca.boccassi@gmail.com> References: <20180126131332.15346-1-luca.boccassi@gmail.com> Subject: [dpdk-stable] patch 'examples/ipsec-secgw: fix corner case for SPI value' has been queued to LTS release 16.11.5 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jan 2018 13:16:59 -0000 Hi, FYI, your patch has been queued to LTS release 16.11.5 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 01/28/18. So please shout if anyone has objections. Thanks. Luca Boccassi --- >>From 2a55bf3ff700e901b9d337f4c7e74808077bed09 Mon Sep 17 00:00:00 2001 From: Akhil Goyal Date: Thu, 11 Jan 2018 17:25:36 +0530 Subject: [PATCH] examples/ipsec-secgw: fix corner case for SPI value [ upstream commit 2a5106af132b6cd740769714cb5096ee3654469e ] IPSec application is using index 0 of SA table as error, with current value of IPSEC_SA_MAX_ENTRIES(128) it can not support SA with spi = 128, as it uses sa_idx = 0 in the SA table. With this patch, sa_idx = 0 can also be used. PS: spi = 0 is an invalid SPI and application throws error for it. Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application") Signed-off-by: Akhil Goyal Acked-by: Radu Nicolau --- examples/ipsec-secgw/ipsec-secgw.c | 7 ++++--- examples/ipsec-secgw/sa.c | 2 ++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index 9cccd8a0b..3c1ea16d5 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -409,7 +409,8 @@ inbound_sp_sa(struct sp_ctx *sp, struct sa_ctx *sa, struct traffic_type *ip, } /* Only check SPI match for processed IPSec packets */ sa_idx = ip->res[i] & PROTECT_MASK; - if (sa_idx == 0 || !inbound_sa_check(sa, m, sa_idx)) { + if (sa_idx >= IPSEC_SA_MAX_ENTRIES || + !inbound_sa_check(sa, m, sa_idx)) { rte_pktmbuf_free(m); continue; } @@ -474,9 +475,9 @@ outbound_sp(struct sp_ctx *sp, struct traffic_type *ip, for (i = 0; i < ip->num; i++) { m = ip->pkts[i]; sa_idx = ip->res[i] & PROTECT_MASK; - if ((ip->res[i] == 0) || (ip->res[i] & DISCARD)) + if (ip->res[i] & DISCARD) rte_pktmbuf_free(m); - else if (sa_idx != 0) { + else if (sa_idx < IPSEC_SA_MAX_ENTRIES) { ipsec->res[ipsec->num] = sa_idx; ipsec->pkts[ipsec->num++] = m; } else /* BYPASS */ diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 8c4406cf8..513959c6e 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -232,6 +232,8 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, APP_CHECK_TOKEN_IS_NUM(tokens, 1, status); if (status->status < 0) return; + if (atoi(tokens[1]) == INVALID_SPI) + return; rule->spi = atoi(tokens[1]); for (ti = 2; ti < n_tokens; ti++) { -- 2.14.2