X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=vnet%2Fvnet%2Fipsec%2Fipsec_cli.c;fp=vnet%2Fvnet%2Fipsec%2Fipsec_cli.c;h=7ab85d4aefb67a452f835aba90344fbc11be5b78;hb=6929ea9225cf229ed59a480ceefb972b85971e50;hp=8920924d04e6962ad6a71270f0ce9c6dc4ac4b29;hpb=2fee4c8fadd31979bd3e72c51d276773d17798d1;p=vpp.git

diff --git a/vnet/vnet/ipsec/ipsec_cli.c b/vnet/vnet/ipsec/ipsec_cli.c
index 8920924d04e..7ab85d4aefb 100644
--- a/vnet/vnet/ipsec/ipsec_cli.c
+++ b/vnet/vnet/ipsec/ipsec_cli.c
@@ -99,7 +99,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
 	     &sa.crypto_alg))
 	{
 	  if (sa.crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
-	      sa.crypto_alg > IPSEC_CRYPTO_ALG_AES_CBC_256)
+	      sa.crypto_alg >= IPSEC_CRYPTO_N_ALG)
 	    return clib_error_return (0, "unsupported crypto-alg: '%U'",
 				      format_ipsec_crypto_alg, sa.crypto_alg);
 	}
@@ -109,8 +109,12 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
       else if (unformat (line_input, "integ-alg %U", unformat_ipsec_integ_alg,
 			 &sa.integ_alg))
 	{
+#if DPDK_CRYPTO==1
+	  if (sa.integ_alg < IPSEC_INTEG_ALG_NONE ||
+#else
 	  if (sa.integ_alg < IPSEC_INTEG_ALG_SHA1_96 ||
-	      sa.integ_alg > IPSEC_INTEG_ALG_SHA_512_256)
+#endif
+	      sa.integ_alg >= IPSEC_INTEG_N_ALG)
 	    return clib_error_return (0, "unsupported integ-alg: '%U'",
 				      format_ipsec_integ_alg, sa.integ_alg);
 	}
@@ -137,6 +141,23 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
 				  format_unformat_error, line_input);
     }
 
+#if DPDK_CRYPTO==1
+  /*Special cases, aes-gcm-128 encryption */
+  if (sa.crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128)
+    {
+      if (sa.integ_alg != IPSEC_INTEG_ALG_NONE
+	  && sa.integ_alg != IPSEC_INTEG_ALG_AES_GCM_128)
+	return clib_error_return (0,
+				  "unsupported: aes-gcm-128 crypto-alg needs none as integ-alg");
+      else			/*set integ-alg internally to aes-gcm-128 */
+	sa.integ_alg = IPSEC_INTEG_ALG_AES_GCM_128;
+    }
+  else if (sa.integ_alg == IPSEC_INTEG_ALG_AES_GCM_128)
+    return clib_error_return (0, "unsupported integ-alg: aes-gcm-128");
+  else if (sa.integ_alg == IPSEC_INTEG_ALG_NONE)
+    return clib_error_return (0, "unsupported integ-alg: none");
+#endif
+
   unformat_free (line_input);
 
   if (sa.crypto_key_len > sizeof (sa.crypto_key))