ipsec_sa_flags_t flags = IPSEC_SA_FLAG_NONE;
in = clib_net_to_host_u32 (in);
-#define _(v,f,s) if (in & IPSEC_API_SAD_FLAG_##f) \
- flags |= IPSEC_SA_FLAG_##f;
- foreach_ipsec_sa_flags
-#undef _
- return (flags);
+ if (in & IPSEC_API_SAD_FLAG_USE_ESN)
+ flags |= IPSEC_SA_FLAG_USE_ESN;
+ if (in & IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)
+ flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY;
+ if (in & IPSEC_API_SAD_FLAG_IS_TUNNEL)
+ flags |= IPSEC_SA_FLAG_IS_TUNNEL;
+ if (in & IPSEC_API_SAD_FLAG_IS_TUNNEL_V6)
+ flags |= IPSEC_SA_FLAG_IS_TUNNEL_V6;
+ if (in & IPSEC_API_SAD_FLAG_UDP_ENCAP)
+ flags |= IPSEC_SA_FLAG_UDP_ENCAP;
+
+ return (flags);
}
static vl_api_ipsec_sad_flags_t
{
vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE;
- if (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa))
- flags |= IPSEC_API_SAD_FLAG_USE_EXTENDED_SEQ_NUM;
+ if (ipsec_sa_is_set_USE_ESN (sa))
+ flags |= IPSEC_API_SAD_FLAG_USE_ESN;
if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
flags |= IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY;
if (ipsec_sa_is_set_IS_TUNNEL (sa))
ip_address_decode (&mp->entry.tunnel_src, &tun_src);
ip_address_decode (&mp->entry.tunnel_dst, &tun_dst);
-
if (mp->is_add)
rv = ipsec_sa_add (id, spi, proto,
crypto_alg, &crypto_key,
integ_alg, &integ_key, flags,
- 0, &tun_src, &tun_dst, &sa_index);
+ 0, mp->entry.salt, &tun_src, &tun_dst, &sa_index);
else
rv = ipsec_sa_del (id);
tun.remote_integ_key_len = mp->remote_integ_key_len;
tun.udp_encap = mp->udp_encap;
tun.tx_table_id = ntohl (mp->tx_table_id);
+ tun.salt = mp->salt;
itype = ip_address_decode (&mp->local_ip, &tun.local_ip);
itype = ip_address_decode (&mp->remote_ip, &tun.remote_ip);
tun.is_ip6 = (IP46_TYPE_IP6 == itype);
mp->salt = clib_host_to_net_u32 (sa->salt);
mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq));
- if (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa))
+ if (ipsec_sa_is_set_USE_ESN (sa))
{
mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->last_seq_hi));