Bill Fischofer(Bill-Fischofer-Linaro) replied on github web page:

platform/linux-generic/odp_ipsec.c
@@ -817,20 +819,30 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
                                                  _ODP_IPV6HDR_LEN);
                else
                        ipv6hdr->hop_limit -= ipsec_sa->dec_ttl;
-       } else {
+       } else if (state.ip_next_hdr != _ODP_IPPROTO_NO_NEXT) {
                status->error.proto = 1;
                goto err;
        }
 
-       parse_param.proto = state.is_ipv4 ? ODP_PROTO_IPV4 :
-                           state.is_ipv6 ? ODP_PROTO_IPV6 :
-                                           ODP_PROTO_NONE;
-       parse_param.last_layer = ipsec_config.inbound.parse_level;
-       parse_param.chksums = ipsec_config.inbound.chksums;
+       if (_ODP_IPPROTO_NO_NEXT == state.ip_next_hdr &&


Comment:
Nit: could use `odp_unlikely()` here.

> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> This change requires an API change as the spec says relevant offsets must be 
> in the range `0..odp_packet_len(pkt) - 1` .  Same comment for the L3 and L4 
> changes in this patch.
> 
> In theory the validation tests should test these bounds, but as with most 
> parts of the API violations simply result in undefined behavior, so this is 
> an "honor system". Still, we can't violate the spec here without changing the 
> spec.


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> Unless it has been parsed, `odp_packet_l3_offset()` is initialized to 
>> `ODP_PACKET_OFFSET_INVALID`, so this seems an undue burden. The original 
>> wording seems cleaner from an application perspective.


https://github.com/Linaro/odp/pull/494#discussion_r169838864
updated_at 2018-02-22 02:28:33

Reply via email to