Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
ipsec: Allow SAs with NULL auth &crypto on IPSec interface
[vpp.git]
/
src
/
vnet
/
ipsec
/
ipsec_tun.c
diff --git
a/src/vnet/ipsec/ipsec_tun.c
b/src/vnet/ipsec/ipsec_tun.c
index
e2e1a3e
..
4a84201
100644
(file)
--- a/
src/vnet/ipsec/ipsec_tun.c
+++ b/
src/vnet/ipsec/ipsec_tun.c
@@
-147,8
+147,9
@@
ipsec_tun_protect_get_adj_next (vnet_link_t linkt,
sa = ipsec_sa_get (itp->itp_out_sa);
im = &ipsec_main;
sa = ipsec_sa_get (itp->itp_out_sa);
im = &ipsec_main;
- if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE &&
- sa->integ_alg == IPSEC_INTEG_ALG_NONE)
+ if ((sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE &&
+ sa->integ_alg == IPSEC_INTEG_ALG_NONE) &&
+ !(itp->itp_flags & IPSEC_PROTECT_ITF))
next = (is_ip4 ?
im->esp4_no_crypto_tun_node_index :
im->esp6_no_crypto_tun_node_index);
next = (is_ip4 ?
im->esp4_no_crypto_tun_node_index :
im->esp6_no_crypto_tun_node_index);