[PATCH] examples/ipsec-secgw: add check for unprotected port mask

Volodymyr Fialko vfialko at marvell.com
Wed Feb 9 12:52:13 CET 2022

Previous message (by thread): [EXT] [PATCH v2] doc: update FIPS docs
Next message (by thread): [EXT] [PATCH] examples/ipsec-secgw: add check for unprotected port mask
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Usage of unprotected port mask without any configured SA inbound, will
cause use of uninitialized SA context, so disallow such configuration.

Signed-off-by: Volodymyr Fialko <vfialko at marvell.com>

---
 examples/ipsec-secgw/ipsec-secgw.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index a643eb3aa7..602e170c96 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -3321,6 +3321,9 @@ main(int32_t argc, char **argv)
 		rte_exit(EXIT_FAILURE, "Invalid unprotected portmask 0x%x\n",
 				unprotected_port_mask);
 
+	if (unprotected_port_mask && !nb_sa_in)
+		rte_exit(EXIT_FAILURE, "Cannot use unprotected portmask without configured SA inbound\n");
+
 	if (check_poll_mode_params(eh_conf) < 0)
 		rte_exit(EXIT_FAILURE, "check_poll_mode_params failed\n");
 
-- 
2.25.1

Previous message (by thread): [EXT] [PATCH v2] doc: update FIPS docs
Next message (by thread): [EXT] [PATCH] examples/ipsec-secgw: add check for unprotected port mask
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list