[dpdk-stable] patch 'examples/ipsec-secgw: fix bypass rule processing' has been queued to LTS release 17.11.4
Yongseok Koh
yskoh at mellanox.com
Fri Jul 27 04:29:50 CEST 2018
Hi,
FYI, your patch has been queued to LTS release 17.11.4
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 07/28/18. So please
shout if anyone has objections.
Thanks.
Yongseok
---
>From 908d3bae6e1663f81255fab8966e71cc64bdff9a Mon Sep 17 00:00:00 2001
From: Konstantin Ananyev <konstantin.ananyev at intel.com>
Date: Tue, 5 Jun 2018 15:16:02 +0100
Subject: [PATCH] examples/ipsec-secgw: fix bypass rule processing
[ upstream commit c1fe6dbfcec2b17dd5fd115dcdec2ea573c4de0d ]
For outbound ports BYPASS rule is erroneously treated as PROTECT one
with SA idx zero.
Fixes: 2a5106af132b ("examples/ipsec-secgw: fix corner case for SPI value")
Signed-off-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index d7f26e777..46af3f05f 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -476,11 +476,13 @@ outbound_sp(struct sp_ctx *sp, struct traffic_type *ip,
sa_idx = ip->res[i] & PROTECT_MASK;
if (ip->res[i] & DISCARD)
rte_pktmbuf_free(m);
+ else if (ip->res[i] & BYPASS)
+ ip->pkts[j++] = m;
else if (sa_idx < IPSEC_SA_MAX_ENTRIES) {
ipsec->res[ipsec->num] = sa_idx;
ipsec->pkts[ipsec->num++] = m;
- } else /* BYPASS */
- ip->pkts[j++] = m;
+ } else /* invalid SA idx */
+ rte_pktmbuf_free(m);
}
ip->num = j;
}
--
2.11.0
More information about the stable
mailing list