From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id D72DF1B138; Fri, 28 Dec 2018 16:34:13 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Dec 2018 07:34:13 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,410,1539673200"; d="scan'208";a="112646596" Received: from sivswdev08.ir.intel.com (HELO localhost.localdomain) ([10.237.217.47]) by fmsmga008.fm.intel.com with ESMTP; 28 Dec 2018 07:34:12 -0800 From: Konstantin Ananyev To: dev@dpdk.org Cc: akhil.goyal@nxp.com, Konstantin Ananyev , stable@dpdk.org Date: Fri, 28 Dec 2018 15:33:52 +0000 Message-Id: <1546011238-22318-5-git-send-email-konstantin.ananyev@intel.com> X-Mailer: git-send-email 1.7.0.7 In-Reply-To: <1544805623-18150-2-git-send-email-konstantin.ananyev@intel.com> References: <1544805623-18150-2-git-send-email-konstantin.ananyev@intel.com> To: dev@dpdk.org Subject: [dpdk-dev] [PATCH v5 04/10] examples/ipsec-secgw: fix outbound codepath for single SA X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Dec 2018 15:34:14 -0000 Looking at process_pkts_outbound_nosp() there seems few issues: - accessing mbuf after it was freed - invoking ipsec_outbound() for ipv4 packets only - copying number of packets, but not the mbuf pointers itself that patch provides fixes for that issues. Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6") Cc: stable@dpdk.org Signed-off-by: Konstantin Ananyev Acked-by: Radu Nicolau --- examples/ipsec-secgw/ipsec-secgw.c | 33 +++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index 797bd6435..cc812d502 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -629,32 +629,45 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, struct ipsec_traffic *traffic) { struct rte_mbuf *m; - uint32_t nb_pkts_out, i; + uint32_t nb_pkts_out, i, n; struct ip *ip; /* Drop any IPsec traffic from protected ports */ for (i = 0; i < traffic->ipsec.num; i++) rte_pktmbuf_free(traffic->ipsec.pkts[i]); - traffic->ipsec.num = 0; + n = 0; - for (i = 0; i < traffic->ip4.num; i++) - traffic->ip4.res[i] = single_sa_idx; + for (i = 0; i < traffic->ip4.num; i++) { + traffic->ipsec.pkts[n] = traffic->ip4.pkts[i]; + traffic->ipsec.res[n++] = single_sa_idx; + } - for (i = 0; i < traffic->ip6.num; i++) - traffic->ip6.res[i] = single_sa_idx; + for (i = 0; i < traffic->ip6.num; i++) { + traffic->ipsec.pkts[n] = traffic->ip6.pkts[i]; + traffic->ipsec.res[n++] = single_sa_idx; + } + + traffic->ip4.num = 0; + traffic->ip6.num = 0; + traffic->ipsec.num = n; - nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ip4.pkts, - traffic->ip4.res, traffic->ip4.num, + nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ipsec.pkts, + traffic->ipsec.res, traffic->ipsec.num, MAX_PKT_BURST); /* They all sue the same SA (ip4 or ip6 tunnel) */ m = traffic->ipsec.pkts[i]; ip = rte_pktmbuf_mtod(m, struct ip *); - if (ip->ip_v == IPVERSION) + if (ip->ip_v == IPVERSION) { traffic->ip4.num = nb_pkts_out; - else + for (i = 0; i < nb_pkts_out; i++) + traffic->ip4.pkts[i] = traffic->ipsec.pkts[i]; + } else { traffic->ip6.num = nb_pkts_out; + for (i = 0; i < nb_pkts_out; i++) + traffic->ip6.pkts[i] = traffic->ipsec.pkts[i]; + } } static inline int32_t -- 2.17.1