diff options
author | Benoît Ganne <bganne@cisco.com> | 2023-01-03 18:35:04 +0100 |
---|---|---|
committer | Neale Ranns <neale@graphiant.com> | 2023-02-06 03:35:48 +0000 |
commit | ab412cdc07e19a872037e4034caa522398c4be07 (patch) | |
tree | ca3567b62b86fa890b0b89135c6ad51987898c94 | |
parent | af2e88d964ff8bd8eca30c182ab00e178213c1d4 (diff) |
ipsec: fix async crypto linked keys memory leak
Type: fix
Change-Id: I7bd2696541c8b3824837e187de096fdde19b2c44
Signed-off-by: Benoît Ganne <bganne@cisco.com>
-rw-r--r-- | src/vnet/ipsec/ipsec_sa.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c index 295323b8f7e..12f8eceb343 100644 --- a/src/vnet/ipsec/ipsec_sa.c +++ b/src/vnet/ipsec/ipsec_sa.c @@ -484,7 +484,12 @@ ipsec_sa_del (ipsec_sa_t * sa) (void) ipsec_call_add_del_callbacks (im, sa, sa_index, 0); if (ipsec_sa_is_set_IS_ASYNC (sa)) - vnet_crypto_request_async_mode (0); + { + vnet_crypto_request_async_mode (0); + if (!ipsec_sa_is_set_IS_AEAD (sa)) + vnet_crypto_key_del (vm, sa->async_op_data.linked_key_index); + } + if (ipsec_sa_is_set_UDP_ENCAP (sa) && ipsec_sa_is_set_IS_INBOUND (sa)) ipsec_unregister_udp_port (clib_net_to_host_u16 (sa->udp_hdr.dst_port), !ipsec_sa_is_set_IS_TUNNEL_V6 (sa)); |