summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/esp.h
diff options
context:
space:
mode:
authorXiaoming Jiang <jiangxiaoming@outlook.com>2023-05-05 02:28:20 +0000
committerFan Zhang <fanzhang.oss@gmail.com>2023-05-29 09:52:59 +0000
commit0c1454c1f3abfdbcf9ceb9cdbd4e3596a94d6a0f (patch)
treed9e38dbe078193cc845d764544ac31fcef091f9e /src/vnet/ipsec/esp.h
parent1000125395e3bf4be5a9026650074e8fedbeb24b (diff)
ipsec: fix ipsec_set_next_index set with wrong sa index when async frame commit failed
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: Ib4c61906a9cbb3eea1214394d164ecffb38fd36d
Diffstat (limited to 'src/vnet/ipsec/esp.h')
-rw-r--r--src/vnet/ipsec/esp.h62
1 files changed, 37 insertions, 25 deletions
diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h
index 311882af08e..72abb9f0dbd 100644
--- a/src/vnet/ipsec/esp.h
+++ b/src/vnet/ipsec/esp.h
@@ -211,31 +211,6 @@ esp_decrypt_set_next_index (vlib_buffer_t *b, vlib_node_runtime_t *node,
drop_next, sa_index);
}
-/* when submitting a frame is failed, drop all buffers in the frame */
-always_inline u32
-esp_async_recycle_failed_submit (vlib_main_t *vm, vnet_crypto_async_frame_t *f,
- vlib_node_runtime_t *node, u32 err,
- u32 ipsec_sa_err, u16 index, u32 *from,
- u16 *nexts, u16 drop_next_index)
-{
- vlib_buffer_t *b;
- u32 n_drop = f->n_elts;
- u32 *bi = f->buffer_indices;
-
- while (n_drop--)
- {
- from[index] = bi[0];
- b = vlib_get_buffer (vm, bi[0]);
- ipsec_set_next_index (b, node, vm->thread_index, err, ipsec_sa_err,
- index, nexts, drop_next_index,
- vnet_buffer (b)->ipsec.sad_index);
- bi++;
- index++;
- }
-
- return (f->n_elts);
-}
-
/**
* The post data structure to for esp_encrypt/decrypt_inline to write to
* vib_buffer_t opaque unused field, and for post nodes to pick up after
@@ -310,6 +285,43 @@ typedef struct
extern esp_async_post_next_t esp_encrypt_async_next;
extern esp_async_post_next_t esp_decrypt_async_next;
+/* when submitting a frame is failed, drop all buffers in the frame */
+always_inline u32
+esp_async_recycle_failed_submit (vlib_main_t *vm, vnet_crypto_async_frame_t *f,
+ vlib_node_runtime_t *node, u32 err,
+ u32 ipsec_sa_err, u16 index, u32 *from,
+ u16 *nexts, u16 drop_next_index,
+ bool is_encrypt)
+{
+ vlib_buffer_t *b;
+ u32 n_drop = f->n_elts;
+ u32 *bi = f->buffer_indices;
+
+ while (n_drop--)
+ {
+ u32 sa_index;
+
+ from[index] = bi[0];
+ b = vlib_get_buffer (vm, bi[0]);
+
+ if (is_encrypt)
+ {
+ sa_index = vnet_buffer (b)->ipsec.sad_index;
+ }
+ else
+ {
+ sa_index = esp_post_data (b)->decrypt_data.sa_index;
+ }
+
+ ipsec_set_next_index (b, node, vm->thread_index, err, ipsec_sa_err,
+ index, nexts, drop_next_index, sa_index);
+ bi++;
+ index++;
+ }
+
+ return (f->n_elts);
+}
+
#endif /* __ESP_H__ */
/*