#include <vnet/vnet_msg_enum.h>
-#if IPSEC > 0
+#if WITH_LIBSSL > 0
#include <vnet/ipsec/ipsec.h>
#include <vnet/ipsec/ikev2.h>
#endif /* IPSEC */
static void vl_api_ipsec_spd_add_del_t_handler
(vl_api_ipsec_spd_add_del_t * mp)
{
-#if IPSEC == 0
+#if WITH_LIBSSL == 0
clib_warning ("unimplemented");
#else
VALIDATE_SW_IF_INDEX (mp);
-#if IPSEC > 0
+#if WITH_LIBSSL > 0
rv = ipsec_set_interface_spd (vm, sw_if_index, spd_id, mp->is_add);
#else
rv = VNET_API_ERROR_UNIMPLEMENTED;
vl_api_ipsec_spd_add_del_entry_reply_t *rmp;
int rv;
-#if IPSEC > 0
+#if WITH_LIBSSL > 0
ipsec_policy_t p;
memset (&p, 0, sizeof (p));
vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
vl_api_ipsec_sad_add_del_entry_reply_t *rmp;
int rv;
-#if IPSEC > 0
+#if WITH_LIBSSL > 0
+ ipsec_main_t *im = &ipsec_main;
ipsec_sa_t sa;
memset (&sa, 0, sizeof (sa));
sa.crypto_key_len = mp->crypto_key_length;
clib_memcpy (&sa.crypto_key, mp->crypto_key, sizeof (sa.crypto_key));
/* check for unsupported integ-alg */
-#if DPDK_CRYPTO==1
if (mp->integrity_algorithm < IPSEC_INTEG_ALG_NONE ||
-#else
- if (mp->integrity_algorithm < IPSEC_INTEG_ALG_SHA1_96 ||
-#endif
mp->integrity_algorithm >= IPSEC_INTEG_N_ALG)
{
clib_warning ("unsupported integ-alg: '%U'", format_ipsec_integ_alg,
goto out;
}
-#if DPDK_CRYPTO==1
- /*Special cases, aes-gcm-128 encryption */
- if (mp->crypto_algorithm == IPSEC_CRYPTO_ALG_AES_GCM_128)
- {
- if (mp->integrity_algorithm != IPSEC_INTEG_ALG_NONE
- && mp->integrity_algorithm != IPSEC_INTEG_ALG_AES_GCM_128)
- {
- clib_warning
- ("unsupported: aes-gcm-128 crypto-alg needs none as integ-alg");
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
- }
- else /*set integ-alg internally to aes-gcm-128 */
- mp->integrity_algorithm = IPSEC_INTEG_ALG_AES_GCM_128;
- }
- else if (mp->integrity_algorithm == IPSEC_INTEG_ALG_AES_GCM_128)
- {
- clib_warning ("unsupported integ-alg: aes-gcm-128");
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
- }
- else if (mp->integrity_algorithm == IPSEC_INTEG_ALG_NONE)
- {
- clib_warning ("unsupported integ-alg: none");
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
- }
-#endif
-
sa.integ_alg = mp->integrity_algorithm;
sa.integ_key_len = mp->integrity_key_length;
clib_memcpy (&sa.integ_key, mp->integrity_key, sizeof (sa.integ_key));
clib_memcpy (&sa.tunnel_dst_addr.ip4.data, mp->tunnel_dst_address, 4);
}
+ ASSERT (im->cb.check_support_cb);
+ clib_error_t *err = im->cb.check_support_cb (&sa);
+ if (err)
+ {
+ clib_warning ("%s", err->what);
+ rv = VNET_API_ERROR_UNIMPLEMENTED;
+ goto out;
+ }
+
rv = ipsec_add_del_sa (vm, &sa, mp->is_add);
#else
rv = VNET_API_ERROR_UNIMPLEMENTED;
ipsec_spd_t *spd;
uword *p;
u32 spd_index;
-#if IPSEC > 0
+#if WITH_LIBSSL > 0
q = vl_api_client_index_to_input_queue (mp->client_index);
if (q == 0)
return;
vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
vl_api_ipsec_sa_set_key_reply_t *rmp;
int rv;
-#if IPSEC > 0
+#if WITH_LIBSSL > 0
ipsec_sa_t sa;
sa.id = ntohl (mp->sa_id);
sa.crypto_key_len = mp->crypto_key_length;
vl_api_ikev2_profile_add_del_reply_t *rmp;
int rv = 0;
-#if IPSEC > 0
+#if WITH_LIBSSL > 0
vlib_main_t *vm = vlib_get_main ();
clib_error_t *error;
u8 *tmp = format (0, "%s", mp->name);
vl_api_ikev2_profile_set_auth_reply_t *rmp;
int rv = 0;
-#if IPSEC > 0
+#if WITH_LIBSSL > 0
vlib_main_t *vm = vlib_get_main ();
clib_error_t *error;
u8 *tmp = format (0, "%s", mp->name);
vl_api_ikev2_profile_add_del_reply_t *rmp;
int rv = 0;
-#if IPSEC > 0
+#if WITH_LIBSSL > 0
vlib_main_t *vm = vlib_get_main ();
clib_error_t *error;
u8 *tmp = format (0, "%s", mp->name);
vl_api_ikev2_profile_set_ts_reply_t *rmp;
int rv = 0;
-#if IPSEC > 0
+#if WITH_LIBSSL > 0
vlib_main_t *vm = vlib_get_main ();
clib_error_t *error;
u8 *tmp = format (0, "%s", mp->name);
vl_api_ikev2_profile_set_ts_reply_t *rmp;
int rv = 0;
-#if IPSEC > 0
+#if WITH_LIBSSL > 0
vlib_main_t *vm = vlib_get_main ();
clib_error_t *error;