From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id 98C111B972 for ; Tue, 5 Jun 2018 16:16:13 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Jun 2018 07:16:11 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,479,1520924400"; d="scan'208";a="53985927" Received: from sivswdev02.ir.intel.com (HELO localhost.localdomain) ([10.237.217.46]) by fmsmga002.fm.intel.com with ESMTP; 05 Jun 2018 07:16:10 -0700 From: Konstantin Ananyev To: dev@dpdk.org Cc: Konstantin Ananyev Date: Tue, 5 Jun 2018 15:16:02 +0100 Message-Id: <1528208163-31560-1-git-send-email-konstantin.ananyev@intel.com> X-Mailer: git-send-email 1.7.0.7 To: dev@dpdk.org cc: radu.nicolau@intel.com Subject: [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: fix bypass rule processing for outbound port X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jun 2018 14:16:14 -0000 For outbound ports BYPASS rule is erroneously treated as PROTECT one with SA idx zero. Fixes: 2a5106af132b ("examples/ipsec-secgw: fix corner case for SPI value") Signed-off-by: Konstantin Ananyev --- examples/ipsec-secgw/ipsec-secgw.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index a5da8b280..fafb41161 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -510,11 +510,13 @@ outbound_sp(struct sp_ctx *sp, struct traffic_type *ip, sa_idx = ip->res[i] & PROTECT_MASK; if (ip->res[i] & DISCARD) rte_pktmbuf_free(m); + else if (ip->res[i] & BYPASS) + ip->pkts[j++] = m; else if (sa_idx < IPSEC_SA_MAX_ENTRIES) { ipsec->res[ipsec->num] = sa_idx; ipsec->pkts[ipsec->num++] = m; - } else /* BYPASS */ - ip->pkts[j++] = m; + } else /* invalid SA idx */ + rte_pktmbuf_free(m); } ip->num = j; } -- 2.13.6