ipsec: Targeted unit testing
Type: fix
1 - big packets; chained buffers and those without enoguh space to add
ESP header
2 - IPv6 extension headers in packets that are encrypted/decrypted
3 - Interface protection with SAs that have null algorithms
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ie330861fb06a9b248d9dcd5c730e21326ac8e973
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index 0f4f282..1075fe4 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -188,9 +188,13 @@
&b->esp6_decrypt_node_index, &b->esp6_decrypt_next_index);
ipsec_add_feature ("ip4-output", esp4_encrypt_node_tun_name,
- &b->esp4_encrypt_tun_feature_index);
+ &b->esp44_encrypt_tun_feature_index);
+ ipsec_add_feature ("ip4-output", esp6_encrypt_node_tun_name,
+ &b->esp46_encrypt_tun_feature_index);
ipsec_add_feature ("ip6-output", esp6_encrypt_node_tun_name,
- &b->esp6_encrypt_tun_feature_index);
+ &b->esp66_encrypt_tun_feature_index);
+ ipsec_add_feature ("ip6-output", esp4_encrypt_node_tun_name,
+ &b->esp64_encrypt_tun_feature_index);
b->check_support_cb = esp_check_support_cb;
b->add_del_sa_sess_cb = esp_add_del_sa_sess_cb;
@@ -252,8 +256,10 @@
im->esp6_encrypt_next_index = b->esp6_encrypt_next_index;
im->esp6_decrypt_next_index = b->esp6_decrypt_next_index;
- im->esp4_encrypt_tun_feature_index = b->esp4_encrypt_tun_feature_index;
- im->esp6_encrypt_tun_feature_index = b->esp6_encrypt_tun_feature_index;
+ im->esp44_encrypt_tun_feature_index = b->esp44_encrypt_tun_feature_index;
+ im->esp64_encrypt_tun_feature_index = b->esp64_encrypt_tun_feature_index;
+ im->esp46_encrypt_tun_feature_index = b->esp46_encrypt_tun_feature_index;
+ im->esp66_encrypt_tun_feature_index = b->esp66_encrypt_tun_feature_index;
return 0;
}