Fix bug in dpdk_crypto_session_disposal()

The expression to determine whether to delete a session
from the disposal list only evaluates true if some,
but not all, of the sessions in the list were freed.
When all sessions in the list are freed, it evaluates
false and the sessions are left in the list to be freed
again later, which can result in a session pool element
that was reallocated to a different SA being freed,
breaking crypto for the newer SA.

Add an 'else' that handles the case where all sessions
were freed.

Change-Id: I3ae54d5b3bfc3658bf406caa50646924baaae589
Signed-off-by: Matthew Smith <mgsmith@netgate.com>

diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c
index dbb069c..9be7b3b 100644 (file)
--- a/src/plugins/dpdk/ipsec/ipsec.c
+++ b/src/plugins/dpdk/ipsec/ipsec.c
@@ -467,6 +467,8 @@ dpdk_crypto_session_disposal (crypto_session_disposal_t * v, u64 ts)
 
   if (s < vec_end (v))
     vec_delete (v, s - v, 0);
+  else
+    vec_reset_length (v);
 
   return 0;
 }