Return error if SPI from the flow spec doesn't match
the one from the crypto session.
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: sta...@dpdk.org
Signed-off-by: Radu Nicolau <radu.nico...@intel.com>
---
drivers/net/iavf/iavf_ipsec_crypto.c | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c
b/drivers/net/iavf/iavf_ipsec_crypto.c
index afd7f8f467..4c5c403a46 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.c
+++ b/drivers/net/iavf/iavf_ipsec_crypto.c
@@ -697,19 +697,11 @@ iavf_ipsec_crypto_action_valid(struct rte_eth_dev *ethdev,
if (unlikely(sess == NULL || sess->adapter != adapter))
return false;
- /* SPI value must be non-zero */
- if (spi == 0)
+ /* SPI value must be non-zero and must match flow SPI*/
+ if (spi == 0 || (htonl(sess->sa.spi) != spi))
return false;
- /* Session SPI must patch flow SPI*/
- else if (sess->sa.spi == spi) {
- return true;
- /**
- * TODO: We should add a way of tracking valid hw SA indices to
- * make validation less brittle
- */
- }
- return true;
+ return true;
}
/**
--
2.25.1
