sa.spi = ntohl (mp->spi);
sa.protocol = mp->protocol;
/* check for unsupported crypto-alg */
- if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
- mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG)
+ if (mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG)
{
clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg,
mp->crypto_algorithm);
sa.use_esn = mp->use_extended_sequence_number;
sa.is_tunnel = mp->is_tunnel;
sa.is_tunnel_ip6 = mp->is_tunnel_ipv6;
+ sa.udp_encap = mp->udp_encap;
if (sa.is_tunnel_ip6)
{
clib_memcpy (&sa.tunnel_src_addr, mp->tunnel_src_address, 16);
if (sa->use_anti_replay)
mp->replay_window = clib_host_to_net_u64 (sa->replay_window);
mp->total_data_size = clib_host_to_net_u64 (sa->total_data_size);
+ mp->udp_encap = sa->udp_encap;
vl_api_send_msg (reg, (u8 *) mp);
}
case IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO:
case IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO:
if (mp->alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
- mp->alg > IPSEC_CRYPTO_N_ALG)
+ mp->alg >= IPSEC_CRYPTO_N_ALG)
{
rv = VNET_API_ERROR_UNIMPLEMENTED;
goto out;
break;
case IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG:
case IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG:
- if (mp->alg > IPSEC_INTEG_N_ALG)
+ if (mp->alg >= IPSEC_INTEG_N_ALG)
{
rv = VNET_API_ERROR_UNIMPLEMENTED;
goto out;
Code Review / vpp.git / blobdiff