[dpdk-dev,v2,5/9] examples/ipsec-secgw: fix no sa found case
Commit Message
The application only checks that an SA shoudln't be NULL through ASSERT
(only when debugging is enabled) without properly dealing with the case
of not having an SA for the processed packet.
If no SA is found, drop the packet.
Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
examples/ipsec-secgw/ipsec.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
Comments
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio Gonzalez
> Monroy
> Sent: Wednesday, May 18, 2016 1:42 PM
> To: dev@dpdk.org
> Cc: Mcnamara, John
> Subject: [dpdk-dev] [PATCH v2 5/9] examples/ipsec-secgw: fix no sa found
> case
>
> The application only checks that an SA shoudln't be NULL through ASSERT
Typo here: "a SA should not be"
> (only when debugging is enabled) without properly dealing with the case
> of not having an SA for the processed packet.
>
> If no SA is found, drop the packet.
>
> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
>
> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
@@ -110,6 +110,11 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
struct ipsec_sa *sa;
for (i = 0; i < nb_pkts; i++) {
+ if (unlikely(sas[i] == NULL)) {
+ rte_pktmbuf_free(pkts[i]);
+ continue;
+ }
+
rte_prefetch0(sas[i]);
rte_prefetch0(pkts[i]);
@@ -117,8 +122,6 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
sa = sas[i];
priv->sa = sa;
- RTE_ASSERT(sa != NULL);
-
priv->cop.type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;
rte_prefetch0(&priv->sym_cop);