From c1fe6dbfcec2b17dd5fd115dcdec2ea573c4de0d Mon Sep 17 00:00:00 2001 From: Konstantin Ananyev Date: Tue, 5 Jun 2018 15:16:02 +0100 Subject: [PATCH] examples/ipsec-secgw: fix bypass rule processing For outbound ports BYPASS rule is erroneously treated as PROTECT one with SA idx zero. Fixes: 2a5106af132b ("examples/ipsec-secgw: fix corner case for SPI value") Cc: stable@dpdk.org Signed-off-by: Konstantin Ananyev Acked-by: Akhil Goyal --- examples/ipsec-secgw/ipsec-secgw.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index a0faddfacf..b45b87bded 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -510,11 +510,13 @@ outbound_sp(struct sp_ctx *sp, struct traffic_type *ip, sa_idx = ip->res[i] & PROTECT_MASK; if (ip->res[i] & DISCARD) rte_pktmbuf_free(m); + else if (ip->res[i] & BYPASS) + ip->pkts[j++] = m; else if (sa_idx < IPSEC_SA_MAX_ENTRIES) { ipsec->res[ipsec->num] = sa_idx; ipsec->pkts[ipsec->num++] = m; - } else /* BYPASS */ - ip->pkts[j++] = m; + } else /* invalid SA idx */ + rte_pktmbuf_free(m); } ip->num = j; } -- 2.20.1