[PATCH] examples/ipsec-secgw: fix cmp_sa_key bug

supeng2087 Wed, 22 Nov 2023 00:18:31 -0800

From: supeng <sup...@cmss.chinamobile.com>

Inbound direction, sad_lookup function will call cmp_sa_key to compare packet 
outer ip info with local sa.  Local sa src ip should equal packet dst ip,  
Local sa dst ip should  equal src ip.
---
 examples/ipsec-secgw/sad.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)


diff --git a/examples/ipsec-secgw/sad.h b/examples/ipsec-secgw/sad.h
index 3224b6252c..e1fa8a26f6 100644
--- a/examples/ipsec-secgw/sad.h
+++ b/examples/ipsec-secgw/sad.h
@@ -33,12 +33,12 @@ cmp_sa_key(struct ipsec_sa *sa, int is_v4, struct 
rte_ipv4_hdr *ipv4,
        if ((sa_type == TRANSPORT) ||
                        /* IPv4 check */
                        (is_v4 && (sa_type == IP4_TUNNEL) &&
-                       (sa->src.ip.ip4 == ipv4->src_addr) &&
-                       (sa->dst.ip.ip4 == ipv4->dst_addr)) ||
+                       (sa->src.ip.ip4 == ipv4->dst_addr) &&
+                       (sa->dst.ip.ip4 == ipv4->src_addr)) ||
                        /* IPv6 check */
                        (!is_v4 && (sa_type == IP6_TUNNEL) &&
-                       (!memcmp(sa->src.ip.ip6.ip6, ipv6->src_addr, 16)) &&
-                       (!memcmp(sa->dst.ip.ip6.ip6, ipv6->dst_addr, 16))))
+                       (!memcmp(sa->src.ip.ip6.ip6, ipv6->dst_addr, 16)) &&
+                       (!memcmp(sa->dst.ip.ip6.ip6, ipv6->src_addr, 16))))
                return 1;
 
        return 0;
-- 
2.34.1

[PATCH] examples/ipsec-secgw: fix cmp_sa_key bug

Reply via email to