diff options
author | Klement Sekera <ksekera@cisco.com> | 2019-01-30 11:11:23 +0100 |
---|---|---|
committer | Andrew Yourtchenko <ayourtch@gmail.com> | 2019-01-30 20:36:33 +0000 |
commit | 827d4e568b7fc91f5c14dbce9a1a568c57a01c9c (patch) | |
tree | 1c88a284de9514762bc04dad6ab006e86dd814e2 /src/vnet/ipsec | |
parent | b659e2821993b4b4aad21074be9eb16657139e9c (diff) |
ipsec: fix check support functions
Change-Id: If94c57fbb07a7376a9f2873e1489c00b28152620
Signed-off-by: Klement Sekera <ksekera@cisco.com>
(cherry picked from commit 4fd5a9d3e6abdf61f266da8400a299fe5b0eb0ed)
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r-- | src/vnet/ipsec/ipsec.c | 20 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_if.c | 2 |
2 files changed, 17 insertions, 5 deletions
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c index fdd18c2f8fa..7b79af2d902 100644 --- a/src/vnet/ipsec/ipsec.c +++ b/src/vnet/ipsec/ipsec.c @@ -533,12 +533,22 @@ ipsec_rand_seed (void) } static clib_error_t * -ipsec_check_support (ipsec_sa_t * sa) +ipsec_check_ah_support (ipsec_sa_t * sa) { - if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) - return clib_error_return (0, "unsupported aes-gcm-128 crypto-alg"); if (sa->integ_alg == IPSEC_INTEG_ALG_NONE) return clib_error_return (0, "unsupported none integ-alg"); + return 0; +} + +static clib_error_t * +ipsec_check_esp_support (ipsec_sa_t * sa) +{ + if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) + return clib_error_return (0, "unsupported aes-gcm-128 crypto-alg"); + if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_192) + return clib_error_return (0, "unsupported aes-gcm-192 crypto-alg"); + if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_256) + return clib_error_return (0, "unsupported aes-gcm-256 crypto-alg"); return 0; } @@ -730,7 +740,7 @@ ipsec_init (vlib_main_t * vm) "ah4-decrypt", "ah6-encrypt", "ah6-decrypt", - ipsec_check_support, + ipsec_check_ah_support, NULL); im->ah_default_backend = idx; @@ -743,7 +753,7 @@ ipsec_init (vlib_main_t * vm) "esp4-decrypt", "esp6-encrypt", "esp6-decrypt", - ipsec_check_support, NULL); + ipsec_check_esp_support, NULL); im->esp_default_backend = idx; rv = ipsec_select_esp_backend (im, idx); diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c index e8b1a4e041a..0dfb6909e42 100644 --- a/src/vnet/ipsec/ipsec_if.c +++ b/src/vnet/ipsec/ipsec_if.c @@ -299,6 +299,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, pool_get (im->sad, sa); clib_memset (sa, 0, sizeof (*sa)); t->input_sa_index = sa - im->sad; + sa->protocol = IPSEC_PROTOCOL_ESP; sa->spi = args->remote_spi; sa->tunnel_src_addr.ip4.as_u32 = args->remote_ip.as_u32; sa->tunnel_dst_addr.ip4.as_u32 = args->local_ip.as_u32; @@ -325,6 +326,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, pool_get (im->sad, sa); clib_memset (sa, 0, sizeof (*sa)); t->output_sa_index = sa - im->sad; + sa->protocol = IPSEC_PROTOCOL_ESP; sa->spi = args->local_spi; sa->tunnel_src_addr.ip4.as_u32 = args->local_ip.as_u32; sa->tunnel_dst_addr.ip4.as_u32 = args->remote_ip.as_u32; |