Code Review
/
deb_dpdk.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Merge branch 'upstream-16.11-stable' into 16.11.x
[deb_dpdk.git]
/
examples
/
ipsec-secgw
/
ipsec-secgw.c
diff --git
a/examples/ipsec-secgw/ipsec-secgw.c
b/examples/ipsec-secgw/ipsec-secgw.c
index
9cccd8a
..
3c1ea16
100644
(file)
--- a/
examples/ipsec-secgw/ipsec-secgw.c
+++ b/
examples/ipsec-secgw/ipsec-secgw.c
@@
-409,7
+409,8
@@
inbound_sp_sa(struct sp_ctx *sp, struct sa_ctx *sa, struct traffic_type *ip,
}
/* Only check SPI match for processed IPSec packets */
sa_idx = ip->res[i] & PROTECT_MASK;
}
/* Only check SPI match for processed IPSec packets */
sa_idx = ip->res[i] & PROTECT_MASK;
- if (sa_idx == 0 || !inbound_sa_check(sa, m, sa_idx)) {
+ if (sa_idx >= IPSEC_SA_MAX_ENTRIES ||
+ !inbound_sa_check(sa, m, sa_idx)) {
rte_pktmbuf_free(m);
continue;
}
rte_pktmbuf_free(m);
continue;
}
@@
-474,9
+475,9
@@
outbound_sp(struct sp_ctx *sp, struct traffic_type *ip,
for (i = 0; i < ip->num; i++) {
m = ip->pkts[i];
sa_idx = ip->res[i] & PROTECT_MASK;
for (i = 0; i < ip->num; i++) {
m = ip->pkts[i];
sa_idx = ip->res[i] & PROTECT_MASK;
- if (
(ip->res[i] == 0) || (ip->res[i] & DISCARD)
)
+ if (
ip->res[i] & DISCARD
)
rte_pktmbuf_free(m);
rte_pktmbuf_free(m);
- else if (sa_idx
!= 0
) {
+ else if (sa_idx
< IPSEC_SA_MAX_ENTRIES
) {
ipsec->res[ipsec->num] = sa_idx;
ipsec->pkts[ipsec->num++] = m;
} else /* BYPASS */
ipsec->res[ipsec->num] = sa_idx;
ipsec->pkts[ipsec->num++] = m;
} else /* BYPASS */