ipsec: allow null cipher with dpdk esp

The NULL cipher is a (valid) non-AEAD choice for ESP encrypt path.
Allow it.

Type: fix
Signed-off-by: Christian E. Hopps <chopps@chopps.org>
Change-Id: I6d8b66223a0ffb0952c2dd6fa898a8a2289fef7a

diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index 4d57909..1d29841 100644 (file)
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -511,7 +511,8 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
          u64 digest_paddr =
            mb0->buf_physaddr + digest - ((u8 *) mb0->buf_addr);
 
-         if (!is_aead && cipher_alg->alg == RTE_CRYPTO_CIPHER_AES_CBC)
+         if (!is_aead && (cipher_alg->alg == RTE_CRYPTO_CIPHER_AES_CBC ||
+                          cipher_alg->alg == RTE_CRYPTO_CIPHER_NULL))
            {
              cipher_off = sizeof (esp_header_t);
              cipher_len = iv_size + pad_payload_len;