Code Review / vpp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: cd64f73)
dpdk-ipsec: don't leak buffers on crypto alloc failure 66/28666/4
authorChristian Hopps <chopps@labn.net>
Tue, 14 Jul 2020 12:39:30 +0000 (08:39 -0400)
committerDamjan Marion <dmarion@me.com>
Tue, 8 Sep 2020 17:12:22 +0000 (17:12 +0000)
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I4dee2ea723631e1bd95b33a74b9431d984565aef

src/plugins/dpdk/ipsec/esp_decrypt.c patch | blob | history
src/plugins/dpdk/ipsec/esp_encrypt.c patch | blob | history

diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c
index d781710..dcf7fda 100644 (file)
--- a/src/plugins/dpdk/ipsec/esp_decrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_decrypt.c
@@ -45,7 +45,7 @@ typedef enum
  _(REPLAY, "SA replayed packet")                \
  _(NOT_IP, "Not IP packet (dropped)")           \
  _(ENQ_FAIL, "Enqueue decrypt failed (queue full)")     \
- _(DISCARD, "Not enough crypto operations, discarding frame")  \
+ _(DISCARD, "Not enough crypto operations")      \
  _(BAD_LEN, "Invalid ciphertext length")         \
  _(SESSION, "Failed to get crypto session")      \
  _(NOSUP, "Cipher/Auth not supported")
@@ -121,11 +121,12 @@ dpdk_esp_decrypt_inline (vlib_main_t * vm,
     {
       if (is_ip6)
        vlib_node_increment_counter (vm, dpdk_esp6_decrypt_node.index,
-                                    ESP_DECRYPT_ERROR_DISCARD, 1);
+                                    ESP_DECRYPT_ERROR_DISCARD, n_left_from);
       else
        vlib_node_increment_counter (vm, dpdk_esp4_decrypt_node.index,
-                                    ESP_DECRYPT_ERROR_DISCARD, 1);
+                                    ESP_DECRYPT_ERROR_DISCARD, n_left_from);
       /* Discard whole frame */
+      vlib_buffer_free (vm, from, n_left_from);
       return n_left_from;
     }
 
diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index e78cb2d..d6a55ec 100644 (file)
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -46,7 +46,7 @@ typedef enum
  _(RX_PKTS, "ESP pkts received")                    \
  _(SEQ_CYCLED, "Sequence number cycled")            \
  _(ENQ_FAIL, "Enqueue encrypt failed (queue full)")     \
- _(DISCARD, "Not enough crypto operations, discarding frame")  \
+ _(DISCARD, "Not enough crypto operations")         \
  _(SESSION, "Failed to get crypto session")         \
  _(NOSUP, "Cipher/Auth not supported")
 
@@ -141,11 +141,12 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
     {
       if (is_ip6)
        vlib_node_increment_counter (vm, dpdk_esp6_encrypt_node.index,
-                                    ESP_ENCRYPT_ERROR_DISCARD, 1);
+                                    ESP_ENCRYPT_ERROR_DISCARD, n_left_from);
       else
        vlib_node_increment_counter (vm, dpdk_esp4_encrypt_node.index,
-                                    ESP_ENCRYPT_ERROR_DISCARD, 1);
+                                    ESP_ENCRYPT_ERROR_DISCARD, n_left_from);
       /* Discard whole frame */
+      vlib_buffer_free (vm, from, n_left_from);
       return n_left_from;
     }
 
Vector Packet Processing