aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorChristian Hopps <chopps@labn.net>2020-07-14 08:39:30 -0400
committerDamjan Marion <dmarion@me.com>2020-09-08 17:12:22 +0000
commitf6cb04460465d48a155aa3363106a82d160c7328 (patch)
tree4614e7d364d975ec224b12ec188b9f692fcce32d /src/plugins
parentcd64f7395128084c4b92268f0a1dc1ec0bc08f86 (diff)
dpdk-ipsec: don't leak buffers on crypto alloc failure
Type: fix Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: I4dee2ea723631e1bd95b33a74b9431d984565aef
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/dpdk/ipsec/esp_decrypt.c7
-rw-r--r--src/plugins/dpdk/ipsec/esp_encrypt.c7
2 files changed, 8 insertions, 6 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c
index d7817100e4c..dcf7fda915c 100644
--- a/src/plugins/dpdk/ipsec/esp_decrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_decrypt.c
@@ -45,7 +45,7 @@ typedef enum
_(REPLAY, "SA replayed packet") \
_(NOT_IP, "Not IP packet (dropped)") \
_(ENQ_FAIL, "Enqueue decrypt failed (queue full)") \
- _(DISCARD, "Not enough crypto operations, discarding frame") \
+ _(DISCARD, "Not enough crypto operations") \
_(BAD_LEN, "Invalid ciphertext length") \
_(SESSION, "Failed to get crypto session") \
_(NOSUP, "Cipher/Auth not supported")
@@ -121,11 +121,12 @@ dpdk_esp_decrypt_inline (vlib_main_t * vm,
{
if (is_ip6)
vlib_node_increment_counter (vm, dpdk_esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_DISCARD, 1);
+ ESP_DECRYPT_ERROR_DISCARD, n_left_from);
else
vlib_node_increment_counter (vm, dpdk_esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_DISCARD, 1);
+ ESP_DECRYPT_ERROR_DISCARD, n_left_from);
/* Discard whole frame */
+ vlib_buffer_free (vm, from, n_left_from);
return n_left_from;
}
diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index e78cb2d88d4..d6a55ecfc25 100644
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -46,7 +46,7 @@ typedef enum
_(RX_PKTS, "ESP pkts received") \
_(SEQ_CYCLED, "Sequence number cycled") \
_(ENQ_FAIL, "Enqueue encrypt failed (queue full)") \
- _(DISCARD, "Not enough crypto operations, discarding frame") \
+ _(DISCARD, "Not enough crypto operations") \
_(SESSION, "Failed to get crypto session") \
_(NOSUP, "Cipher/Auth not supported")
@@ -141,11 +141,12 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
{
if (is_ip6)
vlib_node_increment_counter (vm, dpdk_esp6_encrypt_node.index,
- ESP_ENCRYPT_ERROR_DISCARD, 1);
+ ESP_ENCRYPT_ERROR_DISCARD, n_left_from);
else
vlib_node_increment_counter (vm, dpdk_esp4_encrypt_node.index,
- ESP_ENCRYPT_ERROR_DISCARD, 1);
+ ESP_ENCRYPT_ERROR_DISCARD, n_left_from);
/* Discard whole frame */
+ vlib_buffer_free (vm, from, n_left_from);
return n_left_from;
}