}
static clib_error_t *
-ipsec_check_support (ipsec_sa_t * sa)
+ipsec_check_ah_support (ipsec_sa_t * sa)
{
- if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128)
- return clib_error_return (0, "unsupported aes-gcm-128 crypto-alg");
if (sa->integ_alg == IPSEC_INTEG_ALG_NONE)
return clib_error_return (0, "unsupported none integ-alg");
+ return 0;
+}
+
+static clib_error_t *
+ipsec_check_esp_support (ipsec_sa_t * sa)
+{
+ if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128)
+ return clib_error_return (0, "unsupported aes-gcm-128 crypto-alg");
+ if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_192)
+ return clib_error_return (0, "unsupported aes-gcm-192 crypto-alg");
+ if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_256)
+ return clib_error_return (0, "unsupported aes-gcm-256 crypto-alg");
return 0;
}
"ah4-decrypt",
"ah6-encrypt",
"ah6-decrypt",
- ipsec_check_support,
+ ipsec_check_ah_support,
NULL);
im->ah_default_backend = idx;
"esp4-decrypt",
"esp6-encrypt",
"esp6-decrypt",
- ipsec_check_support, NULL);
+ ipsec_check_esp_support, NULL);
im->esp_default_backend = idx;
rv = ipsec_select_esp_backend (im, idx);
pool_get (im->sad, sa);
clib_memset (sa, 0, sizeof (*sa));
t->input_sa_index = sa - im->sad;
+ sa->protocol = IPSEC_PROTOCOL_ESP;
sa->spi = args->remote_spi;
sa->tunnel_src_addr.ip4.as_u32 = args->remote_ip.as_u32;
sa->tunnel_dst_addr.ip4.as_u32 = args->local_ip.as_u32;
pool_get (im->sad, sa);
clib_memset (sa, 0, sizeof (*sa));
t->output_sa_index = sa - im->sad;
+ sa->protocol = IPSEC_PROTOCOL_ESP;
sa->spi = args->local_spi;
sa->tunnel_src_addr.ip4.as_u32 = args->local_ip.as_u32;
sa->tunnel_dst_addr.ip4.as_u32 = args->remote_ip.as_u32;