[v2,1/1] examples/ipsec-secgw: resolve segfault for IPsec packets
Checks
Commit Message
launching ipsec-segw application in event vector mode
after traffic has started results in segfault because
we are receiving few IPSEC packet and application is trying
to decrypt IPSEC packets using lookaside protocol.
This contradicts inline event mode.This patch fixes the same
by freeing IPSEC packets and processing only plain packets.
Fixes: 1d5078c6cf19 ("examples/ipsec-secgw: support event vector in lookaside mode")
Signed-off-by: Rakesh Kudurumalla <rkudurumalla@marvell.com>
---
V2: Add fixes tag
examples/ipsec-secgw/ipsec_worker.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
Comments
> Subject: [PATCH v2 1/1] examples/ipsec-secgw: resolve segfault for IPsec packets
>
> launching ipsec-segw application in event vector mode
> after traffic has started results in segfault because
> we are receiving few IPSEC packet and application is trying
> to decrypt IPSEC packets using lookaside protocol.
> This contradicts inline event mode.This patch fixes the same
> by freeing IPSEC packets and processing only plain packets.
>
> Fixes: 1d5078c6cf19 ("examples/ipsec-secgw: support event vector in lookaside
> mode")
Cc: stable@dpdk.org
>
> Signed-off-by: Rakesh Kudurumalla <rkudurumalla@marvell.com>
Applied to dpdk-next-crypto
Thanks.
@@ -700,6 +700,9 @@ ipsec_ev_inbound_route_pkts(struct rte_event_vector *vec,
struct rte_ipsec_session *sess;
struct rte_mbuf *pkt;
struct ipsec_sa *sa;
+ uint8_t mask = (1UL << RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) |
+ (1UL << RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL);
+
j = ipsec_ev_route_ip_pkts(vec, rt, t);
@@ -707,7 +710,7 @@ ipsec_ev_inbound_route_pkts(struct rte_event_vector *vec,
for (i = 0; i < t->ipsec.num; i++) {
pkt = t->ipsec.pkts[i];
sa = ipsec_mask_saptr(t->ipsec.saptr[i]);
- if (unlikely(sa == NULL)) {
+ if (unlikely(sa == NULL) || ((1UL << sa->sessions[0].type) & mask)) {
free_pkts(&pkt, 1);
continue;
}