For outbound ports BYPASS rule is erroneously treated as PROTECT one
with SA idx zero.
Fixes: 2a5106af132b ("examples/ipsec-secgw: fix corner case for SPI value")
Signed-off-by: Konstantin Ananyev <konstantin.anan...@intel.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c
b/examples/ipsec-secgw/ipsec-secgw.c
index a5da8b280..fafb41161 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -510,11 +510,13 @@ outbound_sp(struct sp_ctx *sp, struct traffic_type *ip,
sa_idx = ip->res[i] & PROTECT_MASK;
if (ip->res[i] & DISCARD)
rte_pktmbuf_free(m);
+ else if (ip->res[i] & BYPASS)
+ ip->pkts[j++] = m;
else if (sa_idx < IPSEC_SA_MAX_ENTRIES) {
ipsec->res[ipsec->num] = sa_idx;
ipsec->pkts[ipsec->num++] = m;
- } else /* BYPASS */
- ip->pkts[j++] = m;
+ } else /* invalid SA idx */
+ rte_pktmbuf_free(m);
}
ip->num = j;
}
--
2.13.6
