X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_if.c;h=b1c05346dd0359407c7d4526d6efb9eea5ab1366;hb=d709cbcb1ef80633af657c5427608831e5bbd919;hp=41089b6c2ab2a60525c08a1ec8906026843e49e0;hpb=1ba5bc8d888d0164dd6e38857cbed09ab7ce1d8b;p=vpp.git

diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index 41089b6c2ab..b1c05346dd0 100644
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -343,7 +343,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
 			 &args->local_ip, &t->input_sa_index);
 
       if (rv)
-	return VNET_API_ERROR_UNIMPLEMENTED;
+	return VNET_API_ERROR_INVALID_SRC_ADDRESS;
 
       ipsec_mk_key (&crypto_key,
 		    args->local_crypto_key, args->local_crypto_key_len);
@@ -363,7 +363,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
 			 &args->remote_ip, &t->output_sa_index);
 
       if (rv)
-	return VNET_API_ERROR_UNIMPLEMENTED;
+	return VNET_API_ERROR_INVALID_DST_ADDRESS;
 
       /* copy the key */
       if (is_ip6)
@@ -466,7 +466,7 @@ ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm,
   osa = p[0];
   sa = pool_elt_at_index (im->sad, p[0]);
 
-  if (sa->is_tunnel)
+  if (ipsec_sa_is_set_IS_TUNNEL (sa))
     {
       key.remote_ip = sa->tunnel_dst_addr.ip4.as_u32;
       key.spi = clib_host_to_net_u32 (sa->spi);
@@ -599,13 +599,14 @@ ipsec_set_interface_sa (vnet_main_t * vnm, u32 hw_if_index, u32 sa_id,
       old_sa_index = t->input_sa_index;
       old_sa = pool_elt_at_index (im->sad, old_sa_index);
 
-      if (sa->is_tunnel_ip6 ^ old_sa->is_tunnel_ip6)
+      if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa) ^
+	  ipsec_sa_is_set_IS_TUNNEL_V6 (old_sa))
 	{
 	  clib_warning ("IPsec interface SA endpoints type can't be changed");
 	  return VNET_API_ERROR_INVALID_VALUE;
 	}
 
-      if (sa->is_tunnel_ip6)
+      if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa))
 	{
 	  ipsec6_tunnel_key_t key;
 
@@ -651,7 +652,8 @@ ipsec_set_interface_sa (vnet_main_t * vnm, u32 hw_if_index, u32 sa_id,
       old_sa_index = t->output_sa_index;
       old_sa = pool_elt_at_index (im->sad, old_sa_index);
 
-      if (sa->is_tunnel_ip6 ^ old_sa->is_tunnel_ip6)
+      if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa) ^
+	  ipsec_sa_is_set_IS_TUNNEL_V6 (old_sa))
 	{
 	  clib_warning ("IPsec interface SA endpoints type can't be changed");
 	  return VNET_API_ERROR_INVALID_VALUE;