ipsec: fix check support functions

Change-Id: If94c57fbb07a7376a9f2873e1489c00b28152620 Signed-off-by: Klement Sekera <ksekera@cisco.com> (cherry picked from commit 4fd5a9d3e6abdf61f266da8400a299fe5b0eb0ed)
2019-01-30 11:11:23 +01:00
parent b659e28219
commit 827d4e568b
2 changed files with 17 additions and 5 deletions
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@ -533,12 +533,22 @@ ipsec_rand_seed (void)
 }

 static clib_error_t *
-ipsec_check_support (ipsec_sa_t * sa)
+ipsec_check_ah_support (ipsec_sa_t * sa)
+{
+  if (sa->integ_alg == IPSEC_INTEG_ALG_NONE)
+    return clib_error_return (0, "unsupported none integ-alg");
+  return 0;
+}
+
+static clib_error_t *
+ipsec_check_esp_support (ipsec_sa_t * sa)
 {
  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128)
    return clib_error_return (0, "unsupported aes-gcm-128 crypto-alg");
-  if (sa->integ_alg == IPSEC_INTEG_ALG_NONE)
-    return clib_error_return (0, "unsupported none integ-alg");
+  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_192)
+    return clib_error_return (0, "unsupported aes-gcm-192 crypto-alg");
+  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_256)
+    return clib_error_return (0, "unsupported aes-gcm-256 crypto-alg");

  return 0;
 }
@ -730,7 +740,7 @@ ipsec_init (vlib_main_t * vm)
 				       "ah4-decrypt",
 				       "ah6-encrypt",
 				       "ah6-decrypt",
-				       ipsec_check_support,
+				       ipsec_check_ah_support,
 				       NULL);

  im->ah_default_backend = idx;
@ -743,7 +753,7 @@ ipsec_init (vlib_main_t * vm)
 				    "esp4-decrypt",
 				    "esp6-encrypt",
 				    "esp6-decrypt",
-				    ipsec_check_support, NULL);
+				    ipsec_check_esp_support, NULL);
  im->esp_default_backend = idx;

  rv = ipsec_select_esp_backend (im, idx);
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@ -299,6 +299,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
      pool_get (im->sad, sa);
      clib_memset (sa, 0, sizeof (*sa));
      t->input_sa_index = sa - im->sad;
+      sa->protocol = IPSEC_PROTOCOL_ESP;
      sa->spi = args->remote_spi;
      sa->tunnel_src_addr.ip4.as_u32 = args->remote_ip.as_u32;
      sa->tunnel_dst_addr.ip4.as_u32 = args->local_ip.as_u32;
@ -325,6 +326,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
      pool_get (im->sad, sa);
      clib_memset (sa, 0, sizeof (*sa));
      t->output_sa_index = sa - im->sad;
+      sa->protocol = IPSEC_PROTOCOL_ESP;
      sa->spi = args->local_spi;
      sa->tunnel_src_addr.ip4.as_u32 = args->local_ip.as_u32;
      sa->tunnel_dst_addr.ip4.as_u32 = args->remote_ip.as_u32;