Code Review / vpp.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: be16020) | patch
ipsec: fix support check when using AES-GCM 89/16589/2
authorMatthew Smith <mgsmith@netgate.com>
Fri, 21 Dec 2018 17:53:16 +0000 (11:53 -0600)
committerDave Barach <openvpp@barachs.net>
Wed, 2 Jan 2019 12:21:40 +0000 (12:21 +0000)
commit461caa5f98202ac758076ad96b82c57251f2f19a
tree3677672c7e16f5e1d5494072028bb2503dc40027tree | snapshot
parentbe16020c5034bc69df25a8ecd7081aec9898d93ccommit | diff
ipsec: fix support check when using AES-GCM

When adding an IPsec SA, ipsec_check_support_cb() is called. This
invokes a callback for AH and a callback for ESP to check if the
algorithms are supported.

When using AES-GCM on an ESP SA with the DPDK IPsec backend selected,
the AH callback fails. The DPDK IPsec backend has no AH support,
so the callback for the default OpenSSL backend is invoked. This
checks whether the crypto algorithm is AES-GCM and returns failure.

Only invoke the callback to check support for the IPsec protocol
of the SA - either AH or ESP rather than doing both.

Change-Id: Ic10be6a17b580d06ffb7e82ef5866e53a4f8b525
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
src/vnet/ipsec/ipsec.c diff | blob | history
Vector Packet Processing