ipsec: Fix NULL encryption algorithm

[vpp.git] / src / vnet / ipsec / ipsec_if.c

diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index 43997bc..f7f8ec7 100644 (file)
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -238,7 +238,8 @@ ipsec_tunnel_feature_set (ipsec_main_t * im, ipsec_tunnel_if_t * t, u8 enable)
   ipsec_sa_t *sa;
 
   sa = ipsec_sa_get (t->output_sa_index);
-  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE)
+  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE &&
+      sa->integ_alg == IPSEC_INTEG_ALG_NONE)
     {
       esp4_feature_index = im->esp4_no_crypto_tun_feature_index;
       esp6_feature_index = im->esp6_no_crypto_tun_feature_index;
@@ -375,14 +376,8 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
        hash_set_mem_alloc (&im->ipsec6_if_pool_index_by_key, &key6,
                            t - im->tunnel_interfaces);
       else
-       {
-         hash_set (im->ipsec4_if_pool_index_by_key, key4.as_u64,
-                   t - im->tunnel_interfaces);
-         if (1 == hash_elts (im->ipsec4_if_pool_index_by_key))
-           udp_register_dst_port (vlib_get_main (),
-                                  UDP_DST_PORT_ipsec,
-                                  ipsec4_if_input_node.index, 1);
-       }
+       hash_set (im->ipsec4_if_pool_index_by_key, key4.as_u64,
+                 t - im->tunnel_interfaces);
 
       hw_if_index = vnet_register_interface (vnm, ipsec_device_class.index,
                                             t - im->tunnel_interfaces,
@@ -433,11 +428,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
       if (is_ip6)
        hash_unset_mem_free (&im->ipsec6_if_pool_index_by_key, &key6);
       else
-       {
-         hash_unset (im->ipsec4_if_pool_index_by_key, key4.as_u64);
-         if (0 == hash_elts (im->ipsec4_if_pool_index_by_key))
-           udp_unregister_dst_port (vlib_get_main (), UDP_DST_PORT_ipsec, 1);
-       }
+       hash_unset (im->ipsec4_if_pool_index_by_key, key4.as_u64);
       hash_unset (im->ipsec_if_real_dev_by_show_dev, t->show_instance);
 
       im->ipsec_if_by_sw_if_index[t->sw_if_index] = ~0;
@@ -588,6 +579,8 @@ ipsec_tunnel_if_init (vlib_main_t * vm)
   ipsec_add_feature ("ip6-output", "esp6-no-crypto",
                     &im->esp6_no_crypto_tun_feature_index);
 
+  udp_register_dst_port (vlib_get_main (),
+                        UDP_DST_PORT_ipsec, ipsec4_if_input_node.index, 1);
   return 0;
 }