[dpdk-dev] examples/ipsec-secgw: wrong spi read from packet
Commit Message
In ipsec-secgw wrong SPI number is read from incoming ESP packet.
The problem exist inside function inbound_sa_lookup().
The SPI is read from mbuf where the information is stored in big-endian.
In low-endian environment the value is erroneous.
Fixed by add conversion rte_be_to_cpu_32().
Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
---
examples/ipsec-secgw/sa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
On 07/06/2016 13:17, Slawomir Mrozowicz wrote:
> In ipsec-secgw wrong SPI number is read from incoming ESP packet.
> The problem exist inside function inbound_sa_lookup().
> The SPI is read from mbuf where the information is stored in big-endian.
> In low-endian environment the value is erroneous.
> Fixed by add conversion rte_be_to_cpu_32().
>
> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
>
> Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
> ---
This is a bug, but I don't think it is the right fix.
Anyway, the code has change with the last patch set [1] and the bug is
not present anymore.
[1] http://dpdk.org/ml/archives/dev/2016-May/039270.html
Sergio
@@ -416,8 +416,8 @@ inbound_sa_lookup(struct sa_ctx *sa_ctx, struct rte_mbuf *pkts[],
uint32_t *src, spi;
for (i = 0; i < nb_pkts; i++) {
- spi = rte_pktmbuf_mtod_offset(pkts[i], struct esp_hdr *,
- sizeof(struct ip))->spi;
+ spi = rte_be_to_cpu_32(rte_pktmbuf_mtod_offset(pkts[i],
+ struct esp_hdr *, sizeof(struct ip))->spi);
if (spi == INVALID_SPI)
continue;