sa.spi = ntohl (mp->spi);
sa.protocol = mp->protocol;
/* check for unsupported crypto-alg */
- if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_NONE ||
- mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG)
+ if (mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG)
{
clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg,
mp->crypto_algorithm);
goto out;
}
- rv = ipsec_add_del_sa (vm, &sa, mp->is_add);
+ rv = ipsec_add_del_sa (vm, &sa, mp->is_add, mp->udp_encap);
#else
rv = VNET_API_ERROR_UNIMPLEMENTED;
goto out;
if (sa->use_anti_replay)
mp->replay_window = clib_host_to_net_u64 (sa->replay_window);
mp->total_data_size = clib_host_to_net_u64 (sa->total_data_size);
+ mp->udp_encap = sa->udp_encap;
vl_api_send_msg (reg, (u8 *) mp);
}
case IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO:
case IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO:
if (mp->alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
- mp->alg > IPSEC_CRYPTO_N_ALG)
+ mp->alg >= IPSEC_CRYPTO_N_ALG)
{
rv = VNET_API_ERROR_UNIMPLEMENTED;
goto out;
break;
case IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG:
case IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG:
- if (mp->alg > IPSEC_INTEG_N_ALG)
+ if (mp->alg >= IPSEC_INTEG_N_ALG)
{
rv = VNET_API_ERROR_UNIMPLEMENTED;
goto out;