diff options
author | Srujana Challa <schalla@marvell.com> | 2023-05-05 17:46:50 +0530 |
---|---|---|
committer | Matias Elo <matias.elo@nokia.com> | 2023-05-17 09:57:49 +0300 |
commit | 822056b616886ce3516b62c6b17b8d36a95dd9f7 (patch) | |
tree | 6439b6abf96dac53c029f346063be91d4bc674e0 /test | |
parent | 2118ba7c9587cc997eee612bf4fe962d21595c46 (diff) |
validation: ipsec: disable anti-replay with null authentication
Set antireplay_ws to zero to disable anti-replay service when
an inbound SA without integrity protection is created.
The anti-replay service is not used in IPsec without integrity
protection and therefore some ODP implementations may not support
SAs that have null auth algorithm but anti-replay enabled.
This change also enables a future API change that would require
zero antireplay_ws with null authentication.
Signed-off-by: Srujana Challa <schalla@marvell.com>
Reviewed-by: Janne Peltonen <janne.peltonen@nokia.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/validation/api/ipsec/ipsec.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 7169bcd17..87ca465fb 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -395,7 +395,10 @@ void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, param->dir = dir; if (dir == ODP_IPSEC_DIR_INBOUND) { param->inbound.lookup_mode = ODP_IPSEC_LOOKUP_SPI; - param->inbound.antireplay_ws = capa.max_antireplay_ws; + if (auth_alg == ODP_AUTH_ALG_NULL) + param->inbound.antireplay_ws = 0; + else + param->inbound.antireplay_ws = capa.max_antireplay_ws; } param->proto = proto; |