summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec_cli.c
diff options
context:
space:
mode:
author“mukeshyadav1984” <mukyadav@cisco.com>2017-11-23 02:39:33 -0800
committerDamjan Marion <dmarion.lists@gmail.com>2017-11-28 12:26:30 +0000
commit430ac939d115b59e3f7f704645c6f88878223e1b (patch)
treeca5bbc6e7ab3c60316ed602f9a637ff423203f96 /src/vnet/ipsec/ipsec_cli.c
parentb3eeb6a5dd17627f56f5a9f299950c96f952e7a1 (diff)
IPSec AH protocol enhancement in VPP native core
Change-Id: Iec5804d768485f4015bbf732d8d19ef2f24e6939 Signed-off-by: “mukeshyadav1984” <mukyadav@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec_cli.c')
-rw-r--r--src/vnet/ipsec/ipsec_cli.c19
1 files changed, 16 insertions, 3 deletions
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index 0e034402b5c..711403ff81a 100644
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -96,9 +96,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
sa.protocol = IPSEC_PROTOCOL_ESP;
else if (unformat (line_input, "ah"))
{
- //sa.protocol = IPSEC_PROTOCOL_AH;
- error = clib_error_return (0, "unsupported security protocol 'AH'");
- goto done;
+ sa.protocol = IPSEC_PROTOCOL_AH;
}
else
if (unformat (line_input, "crypto-key %U", unformat_hex_string, &ck))
@@ -339,6 +337,21 @@ ipsec_policy_add_del_command_fn (vlib_main_t * vm,
}
}
+ /* Check if SA is for IPv6/AH which is not supported. Return error if TRUE. */
+ if (p.sa_id)
+ {
+ uword *p1;
+ ipsec_main_t *im = &ipsec_main;
+ ipsec_sa_t *sa = 0;
+ p1 = hash_get (im->sa_index_by_sa_id, p.sa_id);
+ sa = pool_elt_at_index (im->sad, p1[0]);
+ if (sa && sa->protocol == IPSEC_PROTOCOL_AH && is_add && p.is_ipv6)
+ {
+ error = clib_error_return (0, "AH not supported for IPV6: '%U'",
+ format_unformat_error, line_input);
+ goto done;
+ }
+ }
ipsec_add_del_policy (vm, &p, is_add);
if (is_ip_any)
{