X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_api.c;h=c4284b914780eb5ec7c0d3089a3d56d1087b8257;hb=717de096c4d715eab6b783aaa28f26a9114925da;hp=6fb4f556c5003d25e3f8d956a9a1d1b61924bc34;hpb=8e1039a8231cd1d817a24256c421b9fc512f45fa;p=vpp.git

diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index 6fb4f556c50..c4284b91478 100644
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -194,8 +194,7 @@ static void vl_api_ipsec_sad_add_del_entry_t_handler
   sa.spi = ntohl (mp->spi);
   sa.protocol = mp->protocol;
   /* check for unsupported crypto-alg */
-  if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
-      mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG)
+  if (mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG)
     {
       clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg,
 		    mp->crypto_algorithm);
@@ -220,6 +219,7 @@ static void vl_api_ipsec_sad_add_del_entry_t_handler
   sa.use_esn = mp->use_extended_sequence_number;
   sa.is_tunnel = mp->is_tunnel;
   sa.is_tunnel_ip6 = mp->is_tunnel_ipv6;
+  sa.udp_encap = mp->udp_encap;
   if (sa.is_tunnel_ip6)
     {
       clib_memcpy (&sa.tunnel_src_addr, mp->tunnel_src_address, 16);
@@ -457,6 +457,7 @@ send_ipsec_sa_details (ipsec_sa_t * sa, vl_api_registration_t * reg,
   if (sa->use_anti_replay)
     mp->replay_window = clib_host_to_net_u64 (sa->replay_window);
   mp->total_data_size = clib_host_to_net_u64 (sa->total_data_size);
+  mp->udp_encap = sa->udp_encap;
 
   vl_api_send_msg (reg, (u8 *) mp);
 }
@@ -526,7 +527,7 @@ vl_api_ipsec_tunnel_if_set_key_t_handler (vl_api_ipsec_tunnel_if_set_key_t *
     case IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO:
     case IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO:
       if (mp->alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
-	  mp->alg > IPSEC_CRYPTO_N_ALG)
+	  mp->alg >= IPSEC_CRYPTO_N_ALG)
 	{
 	  rv = VNET_API_ERROR_UNIMPLEMENTED;
 	  goto out;
@@ -534,7 +535,7 @@ vl_api_ipsec_tunnel_if_set_key_t_handler (vl_api_ipsec_tunnel_if_set_key_t *
       break;
     case IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG:
     case IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG:
-      if (mp->alg > IPSEC_INTEG_N_ALG)
+      if (mp->alg >= IPSEC_INTEG_N_ALG)
 	{
 	  rv = VNET_API_ERROR_UNIMPLEMENTED;
 	  goto out;