*out = IPSEC_PROTOCOL_AH;
return (0);
}
- return (VNET_API_ERROR_UNIMPLEMENTED);
+ return (VNET_API_ERROR_INVALID_PROTOCOL);
}
static vl_api_ipsec_proto_t
foreach_ipsec_crypto_alg
#undef _
}
- return (VNET_API_ERROR_UNIMPLEMENTED);
+ return (VNET_API_ERROR_INVALID_ALGORITHM);
}
static vl_api_ipsec_crypto_alg_t
foreach_ipsec_integ_alg
#undef _
}
- return (VNET_API_ERROR_UNIMPLEMENTED);
+ return (VNET_API_ERROR_INVALID_ALGORITHM);
}
static vl_api_ipsec_integ_alg_t
ipsec_sa_flags_t flags = IPSEC_SA_FLAG_NONE;
in = clib_net_to_host_u32 (in);
-#define _(v,f,s) if (in & IPSEC_API_SAD_FLAG_##f) \
- flags |= IPSEC_SA_FLAG_##f;
- foreach_ipsec_sa_flags
-#undef _
- return (flags);
+ if (in & IPSEC_API_SAD_FLAG_USE_ESN)
+ flags |= IPSEC_SA_FLAG_USE_ESN;
+ if (in & IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)
+ flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY;
+ if (in & IPSEC_API_SAD_FLAG_IS_TUNNEL)
+ flags |= IPSEC_SA_FLAG_IS_TUNNEL;
+ if (in & IPSEC_API_SAD_FLAG_IS_TUNNEL_V6)
+ flags |= IPSEC_SA_FLAG_IS_TUNNEL_V6;
+ if (in & IPSEC_API_SAD_FLAG_UDP_ENCAP)
+ flags |= IPSEC_SA_FLAG_UDP_ENCAP;
+
+ return (flags);
}
static vl_api_ipsec_sad_flags_t
{
vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE;
- if (sa->use_esn)
- flags |= IPSEC_API_SAD_FLAG_USE_EXTENDED_SEQ_NUM;
- if (sa->use_anti_replay)
+ if (ipsec_sa_is_set_USE_ESN (sa))
+ flags |= IPSEC_API_SAD_FLAG_USE_ESN;
+ if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
flags |= IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY;
- if (sa->is_tunnel)
+ if (ipsec_sa_is_set_IS_TUNNEL (sa))
flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
- if (sa->is_tunnel_ip6)
+ if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa))
flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
- if (sa->udp_encap)
+ if (ipsec_sa_is_set_UDP_ENCAP (sa))
flags |= IPSEC_API_SAD_FLAG_UDP_ENCAP;
return clib_host_to_net_u32 (flags);
ip_address_decode (&mp->entry.tunnel_src, &tun_src);
ip_address_decode (&mp->entry.tunnel_dst, &tun_dst);
-
if (mp->is_add)
rv = ipsec_sa_add (id, spi, proto,
crypto_alg, &crypto_key,
integ_alg, &integ_key, flags,
- 0, &tun_src, &tun_dst, &sa_index);
+ 0, mp->entry.salt, &tun_src, &tun_dst, &sa_index);
else
rv = ipsec_sa_del (id);
tun.remote_integ_key_len = mp->remote_integ_key_len;
tun.udp_encap = mp->udp_encap;
tun.tx_table_id = ntohl (mp->tx_table_id);
+ tun.salt = mp->salt;
itype = ip_address_decode (&mp->local_ip, &tun.local_ip);
itype = ip_address_decode (&mp->remote_ip, &tun.remote_ip);
tun.is_ip6 = (IP46_TYPE_IP6 == itype);
mp->entry.flags = ipsec_sad_flags_encode (sa);
- if (sa->is_tunnel)
+ if (ipsec_sa_is_set_IS_TUNNEL (sa))
{
ip_address_encode (&sa->tunnel_src_addr, IP46_TYPE_ANY,
&mp->entry.tunnel_src);
mp->salt = clib_host_to_net_u32 (sa->salt);
mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq));
- if (sa->use_esn)
+ if (ipsec_sa_is_set_USE_ESN (sa))
{
mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->last_seq_hi));
}
- if (sa->use_anti_replay)
+ if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
mp->replay_window = clib_host_to_net_u64 (sa->replay_window);
vl_api_send_msg (reg, (u8 *) mp);
if (mp->alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
mp->alg >= IPSEC_CRYPTO_N_ALG)
{
- rv = VNET_API_ERROR_UNIMPLEMENTED;
+ rv = VNET_API_ERROR_INVALID_ALGORITHM;
goto out;
}
break;
case IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG:
if (mp->alg >= IPSEC_INTEG_N_ALG)
{
- rv = VNET_API_ERROR_UNIMPLEMENTED;
+ rv = VNET_API_ERROR_INVALID_ALGORITHM;
goto out;
}
break;