summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Smith <mgsmith@netgate.com>2019-08-16 11:30:02 -0500
committerAndrew Yourtchenko <ayourtch@gmail.com>2019-09-21 08:29:14 +0000
commitc51d2afbb1d5c3b97a899e6841cffbffde118f9e (patch)
tree20c9b78f25da55b4257edae2c9ec0dd277db40e4
parent1348197c864f47b69d6ca99cadeaeab3fc6f19b6 (diff)
dpdk: fix ipsec coverity warning
Type: fix Fixes: 5025d40a1134272ab57c3c3f10311e31a65cd63c Update the expression for a conditional block which should be executed when an encrypted packet will be sent via IPv6. Coverity was complaining that a NULL pointer could be dereferenced. It is unclear whether that ever would have actually happened, but the updated expression should quell the warning and should more accurately detect whether the block for IPv6 should be executed. Change-Id: I731cad1f982e8f55bd44e6e05e98eff96f1957bb Signed-off-by: Matthew Smith <mgsmith@netgate.com> (cherry picked from commit c458f5c09a21cc905aa1b53eda30736e52426418)
-rw-r--r--src/plugins/dpdk/ipsec/esp_encrypt.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index 5fa84fbf31a..4d57909fbed 100644
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -475,13 +475,13 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
f0->pad_length = pad_bytes;
f0->next_header = next_hdr_type;
- if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa0))
+ if (oh6_0)
{
u16 len = b0->current_length - sizeof (ip6_header_t);
oh6_0->ip6.payload_length =
clib_host_to_net_u16 (len - rewrite_len);
}
- else
+ else if (oh0)
{
oh0->ip4.length =
clib_host_to_net_u16 (b0->current_length - rewrite_len);
@@ -494,6 +494,8 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
ip4_header_bytes (&ouh0->ip4));
}
}
+ else /* should never happen */
+ clib_warning ("No outer header found for ESP packet");
b0->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID;