> Ipsec-secgw example application fails to initialize when using default
> configuration file (ep0.cfg) in library mode (librte_ipsec enabled).
>
> The reason is that two of SP rules in ep0.cfg, one for IPv4 and one
> for IPv6, are using the same SPI number. When SA rules are initialized,
> their SPI number is checked against SPIs stored in SPD. For library
> mode, it is not allowed for the same SA to handle both IPv4 and IPv6.
>
> Solution is to split SAD into two separate parts - one for IPv4 and one
> for IPv6. Usage of SAs stays the same. Only change is to pass correct
> SAD (IPv4 or IPv6) in places where previously combined database was
> passed.
>
> Split of SA entries is done at initialization stage. Most of given SA
> entries are checked against SPD. If matching entry is in IPv4 SPD, SA
> rule is added to IPv4 SAD (respectively for IPv6). Different splitting
> method is used only when SA entry is for tunnel in inbound direction.
> In that case if IPv4 tunnel should be used, SA entry is added to IPv4
> SAD (respectively for IPv6). Reasoning is that inner IP version can
> be different than outer IP version for tunneled traffic.
>
> Bugzilla ID: 239
> Fixes: 5a032a71c6d3 ("examples/ipsec-secgw: make app to use IPsec library")
>
> Reported-by: Lukasz Bartosik <lbarto...@marvell.com>
> Signed-off-by: Mariusz Drost <mariuszx.dr...@intel.com>
Acked-by: Konstantin Ananyev <konstantin.anan...@intel.com>
Tested-by: Konstantin Ananyev <konstantin.anan...@intel.com>
> --
> 2.17.1
