[PATCH] examples/ipsec-secgw: add check for unprotected port mask
Volodymyr Fialko
vfialko at marvell.com
Wed Feb 9 12:52:13 CET 2022
Usage of unprotected port mask without any configured SA inbound, will
cause use of uninitialized SA context, so disallow such configuration.
Signed-off-by: Volodymyr Fialko <vfialko at marvell.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index a643eb3aa7..602e170c96 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -3321,6 +3321,9 @@ main(int32_t argc, char **argv)
rte_exit(EXIT_FAILURE, "Invalid unprotected portmask 0x%x\n",
unprotected_port_mask);
+ if (unprotected_port_mask && !nb_sa_in)
+ rte_exit(EXIT_FAILURE, "Cannot use unprotected portmask without configured SA inbound\n");
+
if (check_poll_mode_params(eh_conf) < 0)
rte_exit(EXIT_FAILURE, "check_poll_mode_params failed\n");
--
2.25.1
More information about the dev
mailing list