dpdk: fix ipsec coverity warning

Type: fix
Fixes: 5025d40a1134272ab57c3c3f10311e31a65cd63c

Update the expression for a conditional block which should be executed
when an encrypted packet will be sent via IPv6. Coverity was
complaining that a NULL pointer could be dereferenced. It is unclear
whether that ever would have actually happened, but the updated
expression should quell the warning and should more accurately detect
whether the block for IPv6 should be executed.

Change-Id: I731cad1f982e8f55bd44e6e05e98eff96f1957bb
Signed-off-by: Matthew Smith <mgsmith@netgate.com>

diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index 5fa84fb..4d57909 100644 (file)
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -475,13 +475,13 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
          f0->pad_length = pad_bytes;
          f0->next_header = next_hdr_type;
 
-         if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa0))
+         if (oh6_0)
            {
              u16 len = b0->current_length - sizeof (ip6_header_t);
              oh6_0->ip6.payload_length =
                clib_host_to_net_u16 (len - rewrite_len);
            }
-         else
+         else if (oh0)
            {
              oh0->ip4.length =
                clib_host_to_net_u16 (b0->current_length - rewrite_len);
@@ -494,6 +494,8 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
                                          ip4_header_bytes (&ouh0->ip4));
                }
            }
+         else                  /* should never happen */
+           clib_warning ("No outer header found for ESP packet");
 
          b0->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID;