examples/ipsec-secgw: fix bypass rule processing

For outbound ports BYPASS rule is erroneously treated as PROTECT one
with SA idx zero.

Fixes: 2a5106af132b ("examples/ipsec-secgw: fix corner case for SPI value")
Cc: stable@dpdk.org
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index a0faddf..b45b87b 100644 (file)
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -510,11 +510,13 @@ outbound_sp(struct sp_ctx *sp, struct traffic_type *ip,
                sa_idx = ip->res[i] & PROTECT_MASK;
                if (ip->res[i] & DISCARD)
                        rte_pktmbuf_free(m);
+               else if (ip->res[i] & BYPASS)
+                       ip->pkts[j++] = m;
                else if (sa_idx < IPSEC_SA_MAX_ENTRIES) {
                        ipsec->res[ipsec->num] = sa_idx;
                        ipsec->pkts[ipsec->num++] = m;
-               } else /* BYPASS */
-                       ip->pkts[j++] = m;
+               } else /* invalid SA idx */
+                       rte_pktmbuf_free(m);
        }
        ip->num = j;
 }