p.is_ipv6 = (itype == IP46_TYPE_IP6);
p.protocol = mp->entry.protocol;
- p.rport.start = ntohs (mp->entry.remote_port_start);
- p.rport.stop = ntohs (mp->entry.remote_port_stop);
- p.lport.start = ntohs (mp->entry.local_port_start);
- p.lport.stop = ntohs (mp->entry.local_port_stop);
+ /* leave the ports in network order */
+ p.rport.start = mp->entry.remote_port_start;
+ p.rport.stop = mp->entry.remote_port_stop;
+ p.lport.start = mp->entry.local_port_start;
+ p.lport.stop = mp->entry.local_port_stop;
rv = ipsec_spd_action_decode (mp->entry.policy, &p.policy);
*out = IPSEC_PROTOCOL_AH;
return (0);
}
- return (VNET_API_ERROR_UNIMPLEMENTED);
+ return (VNET_API_ERROR_INVALID_PROTOCOL);
}
static vl_api_ipsec_proto_t
foreach_ipsec_crypto_alg
#undef _
}
- return (VNET_API_ERROR_UNIMPLEMENTED);
+ return (VNET_API_ERROR_INVALID_ALGORITHM);
}
static vl_api_ipsec_crypto_alg_t
foreach_ipsec_integ_alg
#undef _
}
- return (VNET_API_ERROR_UNIMPLEMENTED);
+ return (VNET_API_ERROR_INVALID_ALGORITHM);
}
static vl_api_ipsec_integ_alg_t
{
vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE;
- if (sa->use_esn)
+ if (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa))
flags |= IPSEC_API_SAD_FLAG_USE_EXTENDED_SEQ_NUM;
- if (sa->use_anti_replay)
+ if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
flags |= IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY;
- if (sa->is_tunnel)
+ if (ipsec_sa_is_set_IS_TUNNEL (sa))
flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
- if (sa->is_tunnel_ip6)
+ if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa))
flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
- if (sa->udp_encap)
+ if (ipsec_sa_is_set_UDP_ENCAP (sa))
flags |= IPSEC_API_SAD_FLAG_UDP_ENCAP;
return clib_host_to_net_u32 (flags);
&mp->entry.remote_address_start);
ip_address_encode (&p->raddr.stop, IP46_TYPE_ANY,
&mp->entry.remote_address_stop);
- mp->entry.local_port_start = htons (p->lport.start);
- mp->entry.local_port_stop = htons (p->lport.stop);
- mp->entry.remote_port_start = htons (p->rport.start);
- mp->entry.remote_port_stop = htons (p->rport.stop);
+ mp->entry.local_port_start = p->lport.start;
+ mp->entry.local_port_stop = p->lport.stop;
+ mp->entry.remote_port_start = p->rport.start;
+ mp->entry.remote_port_stop = p->rport.stop;
mp->entry.protocol = p->protocol;
mp->entry.policy = ipsec_spd_action_encode (p->policy);
mp->entry.sa_id = htonl (p->sa_id);
ipsec_main_t *im = &ipsec_main;
vnet_main_t *vnm = im->vnet_main;
u32 sw_if_index = ~0;
+ ip46_type_t itype;
int rv;
#if WITH_LIBSSL > 0
tun.remote_integ_key_len = mp->remote_integ_key_len;
tun.udp_encap = mp->udp_encap;
tun.tx_table_id = ntohl (mp->tx_table_id);
- memcpy (&tun.local_ip.ip4, mp->local_ip, 4);
- memcpy (&tun.remote_ip.ip4, mp->remote_ip, 4);
+ itype = ip_address_decode (&mp->local_ip, &tun.local_ip);
+ itype = ip_address_decode (&mp->remote_ip, &tun.remote_ip);
+ tun.is_ip6 = (IP46_TYPE_IP6 == itype);
memcpy (&tun.local_crypto_key, &mp->local_crypto_key,
mp->local_crypto_key_len);
memcpy (&tun.remote_crypto_key, &mp->remote_crypto_key,
mp->entry.flags = ipsec_sad_flags_encode (sa);
- if (sa->is_tunnel)
+ if (ipsec_sa_is_set_IS_TUNNEL (sa))
{
ip_address_encode (&sa->tunnel_src_addr, IP46_TYPE_ANY,
&mp->entry.tunnel_src);
mp->salt = clib_host_to_net_u32 (sa->salt);
mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq));
- if (sa->use_esn)
+ if (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa))
{
mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->last_seq_hi));
}
- if (sa->use_anti_replay)
+ if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
mp->replay_window = clib_host_to_net_u64 (sa->replay_window);
vl_api_send_msg (reg, (u8 *) mp);
if (mp->alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
mp->alg >= IPSEC_CRYPTO_N_ALG)
{
- rv = VNET_API_ERROR_UNIMPLEMENTED;
+ rv = VNET_API_ERROR_INVALID_ALGORITHM;
goto out;
}
break;
case IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG:
if (mp->alg >= IPSEC_INTEG_N_ALG)
{
- rv = VNET_API_ERROR_UNIMPLEMENTED;
+ rv = VNET_API_ERROR_INVALID_ALGORITHM;
goto out;
}
break;