From: Sergio Gonzalez Monroy Date: Tue, 6 Sep 2016 13:06:06 +0000 (+0100) Subject: IPsec speculative enqueue in exception path, fixes VPP-384 X-Git-Tag: v17.01-rc0~249 X-Git-Url: https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commitdiff_plain;h=73c0110502b82bd6f421024c7e821c54f5daa4b9 IPsec speculative enqueue in exception path, fixes VPP-384 Enqueue buffers into next frame before validating them. Change-Id: I466518bc6f304678136a2c3d37f136ce878eef05 Signed-off-by: Sergio Gonzalez Monroy --- diff --git a/vnet/vnet/ipsec/esp_decrypt.c b/vnet/vnet/ipsec/esp_decrypt.c index 6c7f27f078c..df9ec929b4f 100644 --- a/vnet/vnet/ipsec/esp_decrypt.c +++ b/vnet/vnet/ipsec/esp_decrypt.c @@ -305,6 +305,8 @@ esp_decrypt_node_fn (vlib_main_t * vm, vlib_node_increment_counter (vm, esp_decrypt_node.index, ESP_DECRYPT_ERROR_REPLAY, 1); o_bi0 = i_bi0; + to_next[0] = o_bi0; + to_next += 1; goto trace; } } @@ -329,6 +331,8 @@ esp_decrypt_node_fn (vlib_main_t * vm, ESP_DECRYPT_ERROR_INTEG_ERROR, 1); o_bi0 = i_bi0; + to_next[0] = o_bi0; + to_next += 1; goto trace; } } @@ -344,6 +348,8 @@ esp_decrypt_node_fn (vlib_main_t * vm, /* grab free buffer */ uword last_empty_buffer = vec_len (empty_buffers) - 1; o_bi0 = empty_buffers[last_empty_buffer]; + to_next[0] = o_bi0; + to_next += 1; o_b0 = vlib_get_buffer (vm, o_bi0); vlib_prefetch_buffer_with_index (vm, empty_buffers[last_empty_buffer - @@ -481,9 +487,6 @@ esp_decrypt_node_fn (vlib_main_t * vm, IPSEC_FLAG_IPSEC_GRE_TUNNEL)) next0 = ESP_DECRYPT_NEXT_IPSEC_GRE_INPUT; - to_next[0] = o_bi0; - to_next += 1; - vnet_buffer (o_b0)->sw_if_index[VLIB_TX] = (u32) ~ 0; } diff --git a/vnet/vnet/ipsec/esp_encrypt.c b/vnet/vnet/ipsec/esp_encrypt.c index 0516d43f09b..193c0849b71 100644 --- a/vnet/vnet/ipsec/esp_encrypt.c +++ b/vnet/vnet/ipsec/esp_encrypt.c @@ -202,6 +202,8 @@ esp_encrypt_node_fn (vlib_main_t * vm, ESP_ENCRYPT_ERROR_SEQ_CYCLED, 1); //TODO: rekey SA o_bi0 = i_bi0; + to_next[0] = o_bi0; + to_next += 1; goto trace; }