examples/ipsec-secgw: fix no SA found case

The application only ASSERTS that an SA is not NULL (only when debugging
is enabled) without properly dealing with the case of not having an SA
for the processed packet.

Behavior should be such as if no SA is found, drop the packet.

Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 90a9a86..ccc840f 100644 (file)
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -110,6 +110,11 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
        struct ipsec_sa *sa;
 
        for (i = 0; i < nb_pkts; i++) {
+               if (unlikely(sas[i] == NULL)) {
+                       rte_pktmbuf_free(pkts[i]);
+                       continue;
+               }
+
                rte_prefetch0(sas[i]);
                rte_prefetch0(pkts[i]);
 
@@ -117,8 +122,6 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
                sa = sas[i];
                priv->sa = sa;
 
-               RTE_ASSERT(sa != NULL);
-
                priv->cop.type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;
 
                rte_prefetch0(&priv->sym_cop);