examples/ipsec-secgw: add check for unprotected port mask
Checks
Commit Message
Usage of unprotected port mask without any configured SA inbound, will
cause use of uninitialized SA context, so disallow such configuration.
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 3 +++
1 file changed, 3 insertions(+)
Comments
> ----------------------------------------------------------------------
> Usage of unprotected port mask without any configured SA inbound, will cause
> use of uninitialized SA context, so disallow such configuration.
>
> Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
>
> ---
> examples/ipsec-secgw/ipsec-secgw.c | 3 +++
> 1 file changed, 3 insertions(+)
>
Acked-by: Anoob Joseph <anoobj@marvell.com>
> > Usage of unprotected port mask without any configured SA inbound, will
> cause
> > use of uninitialized SA context, so disallow such configuration.
> >
> > Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
> >
> > ---
> > examples/ipsec-secgw/ipsec-secgw.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
>
> Acked-by: Anoob Joseph <anoobj@marvell.com>
Applied to dpdk-next-crypto
Thanks.
@@ -3321,6 +3321,9 @@ main(int32_t argc, char **argv)
rte_exit(EXIT_FAILURE, "Invalid unprotected portmask 0x%x\n",
unprotected_port_mask);
+ if (unprotected_port_mask && !nb_sa_in)
+ rte_exit(EXIT_FAILURE, "Cannot use unprotected portmask without configured SA inbound\n");
+
if (check_poll_mode_params(eh_conf) < 0)
rte_exit(EXIT_FAILURE, "check_poll_mode_params failed\n");