X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec.c;h=31fc513c6284e063ba75385ea9640c2eccfe2261;hb=4fd5a9d3e6abdf61f266da8400a299fe5b0eb0ed;hp=fdd18c2f8fa7ad158bd2d8ff2263d42d7359c0b2;hpb=461caa5f98202ac758076ad96b82c57251f2f19a;p=vpp.git

diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index fdd18c2f8fa..31fc513c628 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -99,9 +99,9 @@ ipsec_add_del_spd (vlib_main_t * vm, u32 spd_id, int is_add)
 
   p = hash_get (im->spd_index_by_spd_id, spd_id);
   if (p && is_add)
-    return VNET_API_ERROR_INVALID_VALUE;
+    return VNET_API_ERROR_ENTRY_ALREADY_EXISTS;
   if (!p && !is_add)
-    return VNET_API_ERROR_INVALID_VALUE;
+    return VNET_API_ERROR_NO_SUCH_ENTRY;
 
   if (!is_add)			/* delete */
     {
@@ -441,9 +441,9 @@ ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add)
 
   p = hash_get (im->sa_index_by_sa_id, new_sa->id);
   if (p && is_add)
-    return VNET_API_ERROR_SYSCALL_ERROR_1;	/* already exists */
+    return VNET_API_ERROR_ENTRY_ALREADY_EXISTS;
   if (!p && !is_add)
-    return VNET_API_ERROR_SYSCALL_ERROR_1;
+    return VNET_API_ERROR_NO_SUCH_ENTRY;
 
   if (!is_add)			/* delete */
     {
@@ -533,12 +533,22 @@ ipsec_rand_seed (void)
 }
 
 static clib_error_t *
-ipsec_check_support (ipsec_sa_t * sa)
+ipsec_check_ah_support (ipsec_sa_t * sa)
 {
-  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128)
-    return clib_error_return (0, "unsupported aes-gcm-128 crypto-alg");
   if (sa->integ_alg == IPSEC_INTEG_ALG_NONE)
     return clib_error_return (0, "unsupported none integ-alg");
+  return 0;
+}
+
+static clib_error_t *
+ipsec_check_esp_support (ipsec_sa_t * sa)
+{
+  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128)
+    return clib_error_return (0, "unsupported aes-gcm-128 crypto-alg");
+  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_192)
+    return clib_error_return (0, "unsupported aes-gcm-192 crypto-alg");
+  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_256)
+    return clib_error_return (0, "unsupported aes-gcm-256 crypto-alg");
 
   return 0;
 }
@@ -730,7 +740,7 @@ ipsec_init (vlib_main_t * vm)
 				       "ah4-decrypt",
 				       "ah6-encrypt",
 				       "ah6-decrypt",
-				       ipsec_check_support,
+				       ipsec_check_ah_support,
 				       NULL);
 
   im->ah_default_backend = idx;
@@ -743,7 +753,7 @@ ipsec_init (vlib_main_t * vm)
 				    "esp4-decrypt",
 				    "esp6-encrypt",
 				    "esp6-decrypt",
-				    ipsec_check_support, NULL);
+				    ipsec_check_esp_support, NULL);
   im->esp_default_backend = idx;
 
   rv = ipsec_select_esp_backend (im, idx);