When sending an encrypted packet which size after encapsulation exceeds
MTU, ipsec-secgw application tries to fragment it. If --reassemble
option has not been set it results with a segmantation fault, because
fragmentation buckets have not been initialized.
Fix crashing by adding extra check: if --ressemble option has not been
set and packet exceeds MTU after encapsulation - drop it.
Fixes: b01d1cd213 ("examples/ipsec-secgw: support fragmentation and reassembly")
Cc: sta...@dpdk.org
Signed-off-by: Marcin Smoczynski <marcinx.smoczyn...@intel.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c
b/examples/ipsec-secgw/ipsec-secgw.c
index 0d1fd6af6..91c602436 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -548,8 +548,10 @@ send_single_packet(struct rte_mbuf *m, uint16_t port,
uint8_t proto)
len++;
/* need to fragment the packet */
- } else
+ } else if (frag_tbl_sz > 0)
len = send_fragment_packet(qconf, m, port, proto);
+ else
+ rte_pktmbuf_free(m);
/* enough pkts to be sent */
if (unlikely(len == MAX_PKT_BURST)) {
--
2.17.1
