> -----Original Message----- > From: Akhil Goyal [mailto:akhil.go...@nxp.com] > Sent: Friday, December 21, 2018 2:26 PM > To: Ananyev, Konstantin <konstantin.anan...@intel.com>; dev@dpdk.org > Cc: Nicolau, Radu <radu.nico...@intel.com> > Subject: Re: [dpdk-dev] [PATCH v4 4/9] examples/ipsec-secgw: fix outbound > codepath for single SA > > > > On 12/14/2018 10:10 PM, Konstantin Ananyev wrote: > > Looking at process_pkts_outbound_nosp() there seems few issues: > > - accessing mbuf after it was freed > > - invoking ipsec_outbound() for ipv4 packets only > > - copying number of packets, but not the mbuf pointers itself > > > > that patch provides fixes for that issues. > > > > Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6") > > > > Signed-off-by: Konstantin Ananyev <konstantin.anan...@intel.com> > > Acked-by: Radu Nicolau <radu.nico...@intel.com> > > --- > > examples/ipsec-secgw/ipsec-secgw.c | 32 ++++++++++++++++++++---------- > > 1 file changed, 22 insertions(+), 10 deletions(-) > > > > diff --git a/examples/ipsec-secgw/ipsec-secgw.c > > b/examples/ipsec-secgw/ipsec-secgw.c > > index 62443172a..d1da2d5ce 100644 > > --- a/examples/ipsec-secgw/ipsec-secgw.c > > +++ b/examples/ipsec-secgw/ipsec-secgw.c > > @@ -616,32 +616,44 @@ process_pkts_outbound_nosp(struct ipsec_ctx > > *ipsec_ctx, > > struct ipsec_traffic *traffic) > > { > > struct rte_mbuf *m; > > - uint32_t nb_pkts_out, i; > > + uint32_t nb_pkts_out, i, n; > > struct ip *ip; > > > > /* Drop any IPsec traffic from protected ports */ > > for (i = 0; i < traffic->ipsec.num; i++) > > rte_pktmbuf_free(traffic->ipsec.pkts[i]); > > > > - traffic->ipsec.num = 0; > > + n = 0; > > > > - for (i = 0; i < traffic->ip4.num; i++) > > - traffic->ip4.res[i] = single_sa_idx; > > + for (i = 0; i < traffic->ip4.num; i++) { > > + traffic->ipsec.pkts[n] = traffic->ip4.pkts[i]; > > + traffic->ipsec.res[n++] = single_sa_idx; > > + } > > > > - for (i = 0; i < traffic->ip6.num; i++) > > - traffic->ip6.res[i] = single_sa_idx; > > + for (i = 0; i < traffic->ip6.num; i++) { > > + traffic->ipsec.pkts[n] = traffic->ip6.pkts[i]; > > + traffic->ipsec.res[n++] = single_sa_idx; > > + } > > + > > + traffic->ip4.num = 0; > > + traffic->ip6.num = 0; > > + traffic->ipsec.num = n; > > > > - nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ip4.pkts, > > - traffic->ip4.res, traffic->ip4.num, > > + nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ipsec.pkts, > > + traffic->ipsec.res, traffic->ipsec.num, > > MAX_PKT_BURST); > > > > /* They all sue the same SA (ip4 or ip6 tunnel) */ > > m = traffic->ipsec.pkts[i]; > > ip = rte_pktmbuf_mtod(m, struct ip *); > > - if (ip->ip_v == IPVERSION) > > + if (ip->ip_v == IPVERSION) { > > traffic->ip4.num = nb_pkts_out; > > - else > > + for (i = 0; i < nb_pkts_out; i++) > > + traffic->ip4.pkts[i] = traffic->ipsec.pkts[i]; > > + } else { > > traffic->ip6.num = nb_pkts_out; > > + traffic->ip6.pkts[i] = traffic->ipsec.pkts[i]; > you don't need a for loop here?? > > + }
Yep, missed that. Will update. > > } > > > > static inline int32_t