-typedef struct
-{
- const EVP_CIPHER *type;
-} esp_crypto_alg_t;
-
-typedef struct
-{
- const EVP_MD *md;
- u8 trunc_size;
-} esp_integ_alg_t;
-
-typedef struct
-{
- CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
- EVP_CIPHER_CTX encrypt_ctx;
- CLIB_CACHE_LINE_ALIGN_MARK (cacheline1);
- EVP_CIPHER_CTX decrypt_ctx;
- CLIB_CACHE_LINE_ALIGN_MARK (cacheline2);
- HMAC_CTX hmac_ctx;
- ipsec_crypto_alg_t last_encrypt_alg;
- ipsec_crypto_alg_t last_decrypt_alg;
- ipsec_integ_alg_t last_integ_alg;
-} esp_main_per_thread_data_t;
-
-typedef struct
-{
- esp_crypto_alg_t *esp_crypto_algs;
- esp_integ_alg_t *esp_integ_algs;
- esp_main_per_thread_data_t *per_thread_data;
-} esp_main_t;
-
-esp_main_t esp_main;
-
-#define ESP_WINDOW_SIZE (64)
-#define ESP_SEQ_MAX (4294967295UL)
-
-
-always_inline int
-esp_replay_check (ipsec_sa_t * sa, u32 seq)
-{
- u32 diff;
-
- if (PREDICT_TRUE (seq > sa->last_seq))
- return 0;
-
- diff = sa->last_seq - seq;
-
- if (ESP_WINDOW_SIZE > diff)
- return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
- else
- return 1;
-
- return 0;
-}
-
-always_inline int
-esp_replay_check_esn (ipsec_sa_t * sa, u32 seq)