p = hash_get (im->spd_index_by_spd_id, spd_id);
if (p && is_add)
- return VNET_API_ERROR_INVALID_VALUE;
+ return VNET_API_ERROR_ENTRY_ALREADY_EXISTS;
if (!p && !is_add)
- return VNET_API_ERROR_INVALID_VALUE;
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
if (!is_add) /* delete */
{
p = hash_get (im->sa_index_by_sa_id, new_sa->id);
if (p && is_add)
- return VNET_API_ERROR_SYSCALL_ERROR_1; /* already exists */
+ return VNET_API_ERROR_ENTRY_ALREADY_EXISTS;
if (!p && !is_add)
- return VNET_API_ERROR_SYSCALL_ERROR_1;
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
if (!is_add) /* delete */
{
}
static clib_error_t *
-ipsec_check_support (ipsec_sa_t * sa)
+ipsec_check_ah_support (ipsec_sa_t * sa)
{
- if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128)
- return clib_error_return (0, "unsupported aes-gcm-128 crypto-alg");
if (sa->integ_alg == IPSEC_INTEG_ALG_NONE)
return clib_error_return (0, "unsupported none integ-alg");
+ return 0;
+}
+
+static clib_error_t *
+ipsec_check_esp_support (ipsec_sa_t * sa)
+{
+ if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128)
+ return clib_error_return (0, "unsupported aes-gcm-128 crypto-alg");
+ if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_192)
+ return clib_error_return (0, "unsupported aes-gcm-192 crypto-alg");
+ if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_256)
+ return clib_error_return (0, "unsupported aes-gcm-256 crypto-alg");
return 0;
}
"ah4-decrypt",
"ah6-encrypt",
"ah6-decrypt",
- ipsec_check_support,
+ ipsec_check_ah_support,
NULL);
im->ah_default_backend = idx;
"esp4-decrypt",
"esp6-encrypt",
"esp6-decrypt",
- ipsec_check_support, NULL);
+ ipsec_check_esp_support, NULL);
im->esp_default_backend = idx;
rv = ipsec_select_esp_backend (im, idx);