+ ASSERT (0);
+ return (VNET_API_ERROR_UNIMPLEMENTED);
+}
+
+static void
+ipsec_key_decode (const vl_api_key_t * key, ipsec_key_t * out)
+{
+ ipsec_mk_key (out, key->data, key->length);
+}
+
+static void
+ipsec_key_encode (const ipsec_key_t * in, vl_api_key_t * out)
+{
+ out->length = in->len;
+ clib_memcpy (out->data, in->data, out->length);
+}
+
+static ipsec_sa_flags_t
+ipsec_sa_flags_decode (vl_api_ipsec_sad_flags_t in)
+{
+ ipsec_sa_flags_t flags = IPSEC_SA_FLAG_NONE;
+ in = clib_net_to_host_u32 (in);
+
+#define _(v,f,s) if (in & IPSEC_API_SAD_FLAG_##f) \
+ flags |= IPSEC_SA_FLAG_##f;
+ foreach_ipsec_sa_flags
+#undef _
+ return (flags);
+}
+
+static vl_api_ipsec_sad_flags_t
+ipsec_sad_flags_encode (const ipsec_sa_t * sa)
+{
+ vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE;
+
+ if (sa->use_esn)
+ flags |= IPSEC_API_SAD_FLAG_USE_EXTENDED_SEQ_NUM;
+ if (sa->use_anti_replay)
+ flags |= IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY;
+ if (sa->is_tunnel)
+ flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
+ if (sa->is_tunnel_ip6)
+ flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
+ if (sa->udp_encap)
+ flags |= IPSEC_API_SAD_FLAG_UDP_ENCAP;
+
+ return clib_host_to_net_u32 (flags);
+}
+
+static void vl_api_ipsec_sad_entry_add_del_t_handler
+ (vl_api_ipsec_sad_entry_add_del_t * mp)
+{
+ vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
+ vl_api_ipsec_sad_entry_add_del_reply_t *rmp;
+ ip46_address_t tun_src = { }, tun_dst =
+ {
+ };
+ ipsec_key_t crypto_key, integ_key;
+ ipsec_crypto_alg_t crypto_alg;
+ ipsec_integ_alg_t integ_alg;
+ ipsec_protocol_t proto;
+ ipsec_sa_flags_t flags;
+ u32 id, spi, sa_index = ~0;
+ int rv;
+
+#if WITH_LIBSSL > 0
+
+ id = ntohl (mp->entry.sad_id);
+ spi = ntohl (mp->entry.spi);
+
+ rv = ipsec_proto_decode (mp->entry.protocol, &proto);
+
+ if (rv)
+ goto out;
+
+ rv = ipsec_crypto_algo_decode (mp->entry.crypto_algorithm, &crypto_alg);
+
+ if (rv)
+ goto out;
+
+ rv = ipsec_integ_algo_decode (mp->entry.integrity_algorithm, &integ_alg);
+
+ if (rv)
+ goto out;
+
+ ipsec_key_decode (&mp->entry.crypto_key, &crypto_key);
+ ipsec_key_decode (&mp->entry.integrity_key, &integ_key);
+
+ flags = ipsec_sa_flags_decode (mp->entry.flags);
+
+ ip_address_decode (&mp->entry.tunnel_src, &tun_src);
+ ip_address_decode (&mp->entry.tunnel_dst, &tun_dst);
+
+
+ if (mp->is_add)
+ rv = ipsec_sa_add (id, spi, proto,
+ crypto_alg, &crypto_key,
+ integ_alg, &integ_key, flags,
+ 0, &tun_src, &tun_dst, &sa_index);
+ else
+ rv = ipsec_sa_del (id);