&sa.crypto_alg))
{
if (sa.crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
- sa.crypto_alg > IPSEC_CRYPTO_ALG_AES_CBC_256)
+ sa.crypto_alg >= IPSEC_CRYPTO_N_ALG)
return clib_error_return (0, "unsupported crypto-alg: '%U'",
format_ipsec_crypto_alg, sa.crypto_alg);
}
else if (unformat (line_input, "integ-alg %U", unformat_ipsec_integ_alg,
&sa.integ_alg))
{
+#if DPDK_CRYPTO==1
+ if (sa.integ_alg < IPSEC_INTEG_ALG_NONE ||
+#else
if (sa.integ_alg < IPSEC_INTEG_ALG_SHA1_96 ||
- sa.integ_alg > IPSEC_INTEG_ALG_SHA_512_256)
+#endif
+ sa.integ_alg >= IPSEC_INTEG_N_ALG)
return clib_error_return (0, "unsupported integ-alg: '%U'",
format_ipsec_integ_alg, sa.integ_alg);
}
format_unformat_error, line_input);
}
+#if DPDK_CRYPTO==1
+ /*Special cases, aes-gcm-128 encryption */
+ if (sa.crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128)
+ {
+ if (sa.integ_alg != IPSEC_INTEG_ALG_NONE
+ && sa.integ_alg != IPSEC_INTEG_ALG_AES_GCM_128)
+ return clib_error_return (0,
+ "unsupported: aes-gcm-128 crypto-alg needs none as integ-alg");
+ else /*set integ-alg internally to aes-gcm-128 */
+ sa.integ_alg = IPSEC_INTEG_ALG_AES_GCM_128;
+ }
+ else if (sa.integ_alg == IPSEC_INTEG_ALG_AES_GCM_128)
+ return clib_error_return (0, "unsupported integ-alg: aes-gcm-128");
+ else if (sa.integ_alg == IPSEC_INTEG_ALG_NONE)
+ return clib_error_return (0, "unsupported integ-alg: none");
+#endif
+
unformat_free (line_input);
if (sa.crypto_key_len > sizeof (sa.crypto_key))
vlib_cli_output (vm, "tunnel interfaces");
/* *INDENT-OFF* */
pool_foreach (t, im->tunnel_interfaces, ({
+ if (t->hw_if_index == ~0)
+ continue;
hi = vnet_get_hw_interface (im->vnet_main, t->hw_if_index);
vlib_cli_output(vm, " %s seq", hi->name);
sa = pool_elt_at_index(im->sad, t->output_sa_index);
};
/* *INDENT-ON* */
-
clib_error_t *
ipsec_cli_init (vlib_main_t * vm)
{