-api_ipsec_interface_add_del_spd (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_interface_add_del_spd_t *mp;
- u32 sw_if_index;
- u8 sw_if_index_set = 0;
- u32 spd_id = (u32) ~ 0;
- u8 is_add = 1;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "del"))
- is_add = 0;
- else if (unformat (i, "spd_id %d", &spd_id))
- ;
- else
- if (unformat (i, "%U", api_unformat_sw_if_index, vam, &sw_if_index))
- sw_if_index_set = 1;
- else if (unformat (i, "sw_if_index %d", &sw_if_index))
- sw_if_index_set = 1;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
-
- }
-
- if (spd_id == (u32) ~ 0)
- {
- errmsg ("spd_id must be set");
- return -99;
- }
-
- if (sw_if_index_set == 0)
- {
- errmsg ("missing interface name or sw_if_index");
- return -99;
- }
-
- M (IPSEC_INTERFACE_ADD_DEL_SPD, mp);
-
- mp->spd_id = ntohl (spd_id);
- mp->sw_if_index = ntohl (sw_if_index);
- mp->is_add = is_add;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ipsec_spd_add_del_entry (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_spd_add_del_entry_t *mp;
- u8 is_add = 1, is_outbound = 0, is_ipv6 = 0, is_ip_any = 1;
- u32 spd_id = 0, sa_id = 0, protocol = 0, policy = 0;
- i32 priority = 0;
- u32 rport_start = 0, rport_stop = (u32) ~ 0;
- u32 lport_start = 0, lport_stop = (u32) ~ 0;
- ip4_address_t laddr4_start, laddr4_stop, raddr4_start, raddr4_stop;
- ip6_address_t laddr6_start, laddr6_stop, raddr6_start, raddr6_stop;
- int ret;
-
- laddr4_start.as_u32 = raddr4_start.as_u32 = 0;
- laddr4_stop.as_u32 = raddr4_stop.as_u32 = (u32) ~ 0;
- laddr6_start.as_u64[0] = raddr6_start.as_u64[0] = 0;
- laddr6_start.as_u64[1] = raddr6_start.as_u64[1] = 0;
- laddr6_stop.as_u64[0] = raddr6_stop.as_u64[0] = (u64) ~ 0;
- laddr6_stop.as_u64[1] = raddr6_stop.as_u64[1] = (u64) ~ 0;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "del"))
- is_add = 0;
- if (unformat (i, "outbound"))
- is_outbound = 1;
- if (unformat (i, "inbound"))
- is_outbound = 0;
- else if (unformat (i, "spd_id %d", &spd_id))
- ;
- else if (unformat (i, "sa_id %d", &sa_id))
- ;
- else if (unformat (i, "priority %d", &priority))
- ;
- else if (unformat (i, "protocol %d", &protocol))
- ;
- else if (unformat (i, "lport_start %d", &lport_start))
- ;
- else if (unformat (i, "lport_stop %d", &lport_stop))
- ;
- else if (unformat (i, "rport_start %d", &rport_start))
- ;
- else if (unformat (i, "rport_stop %d", &rport_stop))
- ;
- else
- if (unformat
- (i, "laddr_start %U", unformat_ip4_address, &laddr4_start))
- {
- is_ipv6 = 0;
- is_ip_any = 0;
- }
- else
- if (unformat (i, "laddr_stop %U", unformat_ip4_address, &laddr4_stop))
- {
- is_ipv6 = 0;
- is_ip_any = 0;
- }
- else
- if (unformat
- (i, "raddr_start %U", unformat_ip4_address, &raddr4_start))
- {
- is_ipv6 = 0;
- is_ip_any = 0;
- }
- else
- if (unformat (i, "raddr_stop %U", unformat_ip4_address, &raddr4_stop))
- {
- is_ipv6 = 0;
- is_ip_any = 0;
- }
- else
- if (unformat
- (i, "laddr_start %U", unformat_ip6_address, &laddr6_start))
- {
- is_ipv6 = 1;
- is_ip_any = 0;
- }
- else
- if (unformat (i, "laddr_stop %U", unformat_ip6_address, &laddr6_stop))
- {
- is_ipv6 = 1;
- is_ip_any = 0;
- }
- else
- if (unformat
- (i, "raddr_start %U", unformat_ip6_address, &raddr6_start))
- {
- is_ipv6 = 1;
- is_ip_any = 0;
- }
- else
- if (unformat (i, "raddr_stop %U", unformat_ip6_address, &raddr6_stop))
- {
- is_ipv6 = 1;
- is_ip_any = 0;
- }
- else
- if (unformat (i, "action %U", unformat_ipsec_policy_action, &policy))
- {
- if (policy == IPSEC_POLICY_ACTION_RESOLVE)
- {
- clib_warning ("unsupported action: 'resolve'");
- return -99;
- }
- }
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
-
- }
-
- M (IPSEC_SPD_ADD_DEL_ENTRY, mp);
-
- mp->spd_id = ntohl (spd_id);
- mp->priority = ntohl (priority);
- mp->is_outbound = is_outbound;
-
- mp->is_ipv6 = is_ipv6;
- if (is_ipv6 || is_ip_any)
- {
- clib_memcpy (mp->remote_address_start, &raddr6_start,
- sizeof (ip6_address_t));
- clib_memcpy (mp->remote_address_stop, &raddr6_stop,
- sizeof (ip6_address_t));
- clib_memcpy (mp->local_address_start, &laddr6_start,
- sizeof (ip6_address_t));
- clib_memcpy (mp->local_address_stop, &laddr6_stop,
- sizeof (ip6_address_t));
- }
- else
- {
- clib_memcpy (mp->remote_address_start, &raddr4_start,
- sizeof (ip4_address_t));
- clib_memcpy (mp->remote_address_stop, &raddr4_stop,
- sizeof (ip4_address_t));
- clib_memcpy (mp->local_address_start, &laddr4_start,
- sizeof (ip4_address_t));
- clib_memcpy (mp->local_address_stop, &laddr4_stop,
- sizeof (ip4_address_t));
- }
- mp->protocol = (u8) protocol;
- mp->local_port_start = ntohs ((u16) lport_start);
- mp->local_port_stop = ntohs ((u16) lport_stop);
- mp->remote_port_start = ntohs ((u16) rport_start);
- mp->remote_port_stop = ntohs ((u16) rport_stop);
- mp->policy = (u8) policy;
- mp->sa_id = ntohl (sa_id);
- mp->is_add = is_add;
- mp->is_ip_any = is_ip_any;
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ipsec_sad_add_del_entry (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_sad_add_del_entry_t *mp;
- u32 sad_id = 0, spi = 0;
- u8 *ck = 0, *ik = 0;
- u8 is_add = 1;
-
- u8 protocol = IPSEC_PROTOCOL_AH;
- u8 is_tunnel = 0, is_tunnel_ipv6 = 0;
- u32 crypto_alg = 0, integ_alg = 0;
- ip4_address_t tun_src4;
- ip4_address_t tun_dst4;
- ip6_address_t tun_src6;
- ip6_address_t tun_dst6;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "del"))
- is_add = 0;
- else if (unformat (i, "sad_id %d", &sad_id))
- ;
- else if (unformat (i, "spi %d", &spi))
- ;
- else if (unformat (i, "esp"))
- protocol = IPSEC_PROTOCOL_ESP;
- else if (unformat (i, "tunnel_src %U", unformat_ip4_address, &tun_src4))
- {
- is_tunnel = 1;
- is_tunnel_ipv6 = 0;
- }
- else if (unformat (i, "tunnel_dst %U", unformat_ip4_address, &tun_dst4))
- {
- is_tunnel = 1;
- is_tunnel_ipv6 = 0;
- }
- else if (unformat (i, "tunnel_src %U", unformat_ip6_address, &tun_src6))
- {
- is_tunnel = 1;
- is_tunnel_ipv6 = 1;
- }
- else if (unformat (i, "tunnel_dst %U", unformat_ip6_address, &tun_dst6))
- {
- is_tunnel = 1;
- is_tunnel_ipv6 = 1;
- }
- else
- if (unformat
- (i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg))
- {
- if (crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
- crypto_alg >= IPSEC_CRYPTO_N_ALG)
- {
- clib_warning ("unsupported crypto-alg: '%U'",
- format_ipsec_crypto_alg, crypto_alg);
- return -99;
- }
- }
- else if (unformat (i, "crypto_key %U", unformat_hex_string, &ck))
- ;
- else
- if (unformat
- (i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg))
- {
- if (integ_alg < IPSEC_INTEG_ALG_SHA1_96 ||
- integ_alg >= IPSEC_INTEG_N_ALG)
- {
- clib_warning ("unsupported integ-alg: '%U'",
- format_ipsec_integ_alg, integ_alg);
- return -99;
- }
- }
- else if (unformat (i, "integ_key %U", unformat_hex_string, &ik))
- ;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
-
- }
-
- M (IPSEC_SAD_ADD_DEL_ENTRY, mp);
-
- mp->sad_id = ntohl (sad_id);
- mp->is_add = is_add;
- mp->protocol = protocol;
- mp->spi = ntohl (spi);
- mp->is_tunnel = is_tunnel;
- mp->is_tunnel_ipv6 = is_tunnel_ipv6;
- mp->crypto_algorithm = crypto_alg;
- mp->integrity_algorithm = integ_alg;
- mp->crypto_key_length = vec_len (ck);
- mp->integrity_key_length = vec_len (ik);
-
- if (mp->crypto_key_length > sizeof (mp->crypto_key))
- mp->crypto_key_length = sizeof (mp->crypto_key);
-
- if (mp->integrity_key_length > sizeof (mp->integrity_key))
- mp->integrity_key_length = sizeof (mp->integrity_key);
-
- if (ck)
- clib_memcpy (mp->crypto_key, ck, mp->crypto_key_length);
- if (ik)
- clib_memcpy (mp->integrity_key, ik, mp->integrity_key_length);
-
- if (is_tunnel)
- {
- if (is_tunnel_ipv6)
- {
- clib_memcpy (mp->tunnel_src_address, &tun_src6,
- sizeof (ip6_address_t));
- clib_memcpy (mp->tunnel_dst_address, &tun_dst6,
- sizeof (ip6_address_t));
- }
- else
- {
- clib_memcpy (mp->tunnel_src_address, &tun_src4,
- sizeof (ip4_address_t));
- clib_memcpy (mp->tunnel_dst_address, &tun_dst4,
- sizeof (ip4_address_t));
- }
- }
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ipsec_sa_set_key (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_sa_set_key_t *mp;
- u32 sa_id;
- u8 *ck = 0, *ik = 0;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "sa_id %d", &sa_id))
- ;
- else if (unformat (i, "crypto_key %U", unformat_hex_string, &ck))
- ;
- else if (unformat (i, "integ_key %U", unformat_hex_string, &ik))
- ;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- M (IPSEC_SA_SET_KEY, mp);
-
- mp->sa_id = ntohl (sa_id);
- mp->crypto_key_length = vec_len (ck);
- mp->integrity_key_length = vec_len (ik);
-
- if (mp->crypto_key_length > sizeof (mp->crypto_key))
- mp->crypto_key_length = sizeof (mp->crypto_key);
-
- if (mp->integrity_key_length > sizeof (mp->integrity_key))
- mp->integrity_key_length = sizeof (mp->integrity_key);
-
- if (ck)
- clib_memcpy (mp->crypto_key, ck, mp->crypto_key_length);
- if (ik)
- clib_memcpy (mp->integrity_key, ik, mp->integrity_key_length);
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ipsec_tunnel_if_add_del (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_tunnel_if_add_del_t *mp;
- u32 local_spi = 0, remote_spi = 0;
- u32 crypto_alg = 0, integ_alg = 0;
- u8 *lck = NULL, *rck = NULL;
- u8 *lik = NULL, *rik = NULL;
- ip4_address_t local_ip = { {0} };
- ip4_address_t remote_ip = { {0} };
- u8 is_add = 1;
- u8 esn = 0;
- u8 anti_replay = 0;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "del"))
- is_add = 0;
- else if (unformat (i, "esn"))
- esn = 1;
- else if (unformat (i, "anti_replay"))
- anti_replay = 1;
- else if (unformat (i, "local_spi %d", &local_spi))
- ;
- else if (unformat (i, "remote_spi %d", &remote_spi))
- ;
- else if (unformat (i, "local_ip %U", unformat_ip4_address, &local_ip))
- ;
- else if (unformat (i, "remote_ip %U", unformat_ip4_address, &remote_ip))
- ;
- else if (unformat (i, "local_crypto_key %U", unformat_hex_string, &lck))
- ;
- else
- if (unformat (i, "remote_crypto_key %U", unformat_hex_string, &rck))
- ;
- else if (unformat (i, "local_integ_key %U", unformat_hex_string, &lik))
- ;
- else if (unformat (i, "remote_integ_key %U", unformat_hex_string, &rik))
- ;
- else
- if (unformat
- (i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg))
- {
- if (crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
- crypto_alg >= IPSEC_CRYPTO_N_ALG)
- {
- errmsg ("unsupported crypto-alg: '%U'\n",
- format_ipsec_crypto_alg, crypto_alg);
- return -99;
- }
- }
- else
- if (unformat
- (i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg))
- {
- if (integ_alg < IPSEC_INTEG_ALG_SHA1_96 ||
- integ_alg >= IPSEC_INTEG_N_ALG)
- {
- errmsg ("unsupported integ-alg: '%U'\n",
- format_ipsec_integ_alg, integ_alg);
- return -99;
- }
- }
- else
- {
- errmsg ("parse error '%U'\n", format_unformat_error, i);
- return -99;
- }
- }
-
- M (IPSEC_TUNNEL_IF_ADD_DEL, mp);
-
- mp->is_add = is_add;
- mp->esn = esn;
- mp->anti_replay = anti_replay;
-
- clib_memcpy (mp->local_ip, &local_ip, sizeof (ip4_address_t));
- clib_memcpy (mp->remote_ip, &remote_ip, sizeof (ip4_address_t));
-
- mp->local_spi = htonl (local_spi);
- mp->remote_spi = htonl (remote_spi);
- mp->crypto_alg = (u8) crypto_alg;
-
- mp->local_crypto_key_len = 0;
- if (lck)
- {
- mp->local_crypto_key_len = vec_len (lck);
- if (mp->local_crypto_key_len > sizeof (mp->local_crypto_key))
- mp->local_crypto_key_len = sizeof (mp->local_crypto_key);
- clib_memcpy (mp->local_crypto_key, lck, mp->local_crypto_key_len);
- }
-
- mp->remote_crypto_key_len = 0;
- if (rck)
- {
- mp->remote_crypto_key_len = vec_len (rck);
- if (mp->remote_crypto_key_len > sizeof (mp->remote_crypto_key))
- mp->remote_crypto_key_len = sizeof (mp->remote_crypto_key);
- clib_memcpy (mp->remote_crypto_key, rck, mp->remote_crypto_key_len);
- }
-
- mp->integ_alg = (u8) integ_alg;
-
- mp->local_integ_key_len = 0;
- if (lik)
- {
- mp->local_integ_key_len = vec_len (lik);
- if (mp->local_integ_key_len > sizeof (mp->local_integ_key))
- mp->local_integ_key_len = sizeof (mp->local_integ_key);
- clib_memcpy (mp->local_integ_key, lik, mp->local_integ_key_len);
- }
-
- mp->remote_integ_key_len = 0;
- if (rik)
- {
- mp->remote_integ_key_len = vec_len (rik);
- if (mp->remote_integ_key_len > sizeof (mp->remote_integ_key))
- mp->remote_integ_key_len = sizeof (mp->remote_integ_key);
- clib_memcpy (mp->remote_integ_key, rik, mp->remote_integ_key_len);
- }
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static void
-vl_api_ipsec_sa_details_t_handler (vl_api_ipsec_sa_details_t * mp)
-{
- vat_main_t *vam = &vat_main;
-
- print (vam->ofp, "sa_id %u sw_if_index %u spi %u proto %u crypto_alg %u "
- "crypto_key %U integ_alg %u integ_key %U use_esn %u "
- "use_anti_replay %u is_tunnel %u is_tunnel_ip6 %u "
- "tunnel_src_addr %U tunnel_dst_addr %U "
- "salt %u seq_outbound %lu last_seq_inbound %lu "
- "replay_window %lu total_data_size %lu\n",
- ntohl (mp->sa_id), ntohl (mp->sw_if_index), ntohl (mp->spi),
- mp->protocol,
- mp->crypto_alg, format_hex_bytes, mp->crypto_key, mp->crypto_key_len,
- mp->integ_alg, format_hex_bytes, mp->integ_key, mp->integ_key_len,
- mp->use_esn, mp->use_anti_replay, mp->is_tunnel, mp->is_tunnel_ip6,
- (mp->is_tunnel_ip6) ? format_ip6_address : format_ip4_address,
- mp->tunnel_src_addr,
- (mp->is_tunnel_ip6) ? format_ip6_address : format_ip4_address,
- mp->tunnel_dst_addr,
- ntohl (mp->salt),
- clib_net_to_host_u64 (mp->seq_outbound),
- clib_net_to_host_u64 (mp->last_seq_inbound),
- clib_net_to_host_u64 (mp->replay_window),
- clib_net_to_host_u64 (mp->total_data_size));
-}
-
-#define vl_api_ipsec_sa_details_t_endian vl_noop_handler
-#define vl_api_ipsec_sa_details_t_print vl_noop_handler
-
-static void vl_api_ipsec_sa_details_t_handler_json
- (vl_api_ipsec_sa_details_t * mp)
-{
- vat_main_t *vam = &vat_main;
- vat_json_node_t *node = NULL;
- struct in_addr src_ip4, dst_ip4;
- struct in6_addr src_ip6, dst_ip6;
-
- if (VAT_JSON_ARRAY != vam->json_tree.type)
- {
- ASSERT (VAT_JSON_NONE == vam->json_tree.type);
- vat_json_init_array (&vam->json_tree);
- }
- node = vat_json_array_add (&vam->json_tree);
-
- vat_json_init_object (node);
- vat_json_object_add_uint (node, "sa_id", ntohl (mp->sa_id));
- vat_json_object_add_uint (node, "sw_if_index", ntohl (mp->sw_if_index));
- vat_json_object_add_uint (node, "spi", ntohl (mp->spi));
- vat_json_object_add_uint (node, "proto", mp->protocol);
- vat_json_object_add_uint (node, "crypto_alg", mp->crypto_alg);
- vat_json_object_add_uint (node, "integ_alg", mp->integ_alg);
- vat_json_object_add_uint (node, "use_esn", mp->use_esn);
- vat_json_object_add_uint (node, "use_anti_replay", mp->use_anti_replay);
- vat_json_object_add_uint (node, "is_tunnel", mp->is_tunnel);
- vat_json_object_add_uint (node, "is_tunnel_ip6", mp->is_tunnel_ip6);
- vat_json_object_add_bytes (node, "crypto_key", mp->crypto_key,
- mp->crypto_key_len);
- vat_json_object_add_bytes (node, "integ_key", mp->integ_key,
- mp->integ_key_len);
- if (mp->is_tunnel_ip6)
- {
- clib_memcpy (&src_ip6, mp->tunnel_src_addr, sizeof (src_ip6));
- vat_json_object_add_ip6 (node, "tunnel_src_addr", src_ip6);
- clib_memcpy (&dst_ip6, mp->tunnel_dst_addr, sizeof (dst_ip6));
- vat_json_object_add_ip6 (node, "tunnel_dst_addr", dst_ip6);
- }
- else
- {
- clib_memcpy (&src_ip4, mp->tunnel_src_addr, sizeof (src_ip4));
- vat_json_object_add_ip4 (node, "tunnel_src_addr", src_ip4);
- clib_memcpy (&dst_ip4, mp->tunnel_dst_addr, sizeof (dst_ip4));
- vat_json_object_add_ip4 (node, "tunnel_dst_addr", dst_ip4);
- }
- vat_json_object_add_uint (node, "replay_window",
- clib_net_to_host_u64 (mp->replay_window));
- vat_json_object_add_uint (node, "total_data_size",
- clib_net_to_host_u64 (mp->total_data_size));
-
-}
-
-static int
-api_ipsec_sa_dump (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_sa_dump_t *mp;
- vl_api_control_ping_t *mp_ping;
- u32 sa_id = ~0;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "sa_id %d", &sa_id))
- ;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- M (IPSEC_SA_DUMP, mp);
-
- mp->sa_id = ntohl (sa_id);
-
- S (mp);
-
- /* Use a control ping for synchronization */
- M (CONTROL_PING, mp_ping);
- S (mp_ping);
-
- W (ret);
- return ret;
-}
-
-static int
-api_ipsec_tunnel_if_set_key (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_tunnel_if_set_key_t *mp;
- u32 sw_if_index = ~0;
- u8 key_type = IPSEC_IF_SET_KEY_TYPE_NONE;
- u8 *key = 0;
- u32 alg = ~0;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "%U", api_unformat_sw_if_index, vam, &sw_if_index))
- ;
- else
- if (unformat (i, "local crypto %U", unformat_ipsec_crypto_alg, &alg))
- key_type = IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO;
- else
- if (unformat (i, "remote crypto %U", unformat_ipsec_crypto_alg, &alg))
- key_type = IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO;
- else if (unformat (i, "local integ %U", unformat_ipsec_integ_alg, &alg))
- key_type = IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG;
- else
- if (unformat (i, "remote integ %U", unformat_ipsec_integ_alg, &alg))
- key_type = IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG;
- else if (unformat (i, "%U", unformat_hex_string, &key))
- ;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- if (sw_if_index == ~0)
- {
- errmsg ("interface must be specified");
- return -99;
- }
-
- if (key_type == IPSEC_IF_SET_KEY_TYPE_NONE)
- {
- errmsg ("key type must be specified");
- return -99;
- }
-
- if (alg == ~0)
- {
- errmsg ("algorithm must be specified");
- return -99;
- }