ikev2: per thread usage of openssl context

[vpp.git] / src / plugins / ikev2 / ikev2_priv.h

diff --git a/src/plugins/ikev2/ikev2_priv.h b/src/plugins/ikev2/ikev2_priv.h
index 1cae47b..b018a64 100644 (file)
--- a/src/plugins/ikev2/ikev2_priv.h
+++ b/src/plugins/ikev2/ikev2_priv.h
@@ -344,7 +344,6 @@ typedef struct
 typedef struct
 {
   u8 *name;
-  u8 is_enabled;
 
   ikev2_auth_t auth;
   ikev2_id_t loc_id;
@@ -358,6 +357,7 @@ typedef struct
   u64 lifetime_maxdata;
   u32 lifetime_jitter;
   u32 handover;
+  u16 ipsec_over_udp_port;
 
   u32 tun_itf;
   u8 udp_encap;
@@ -419,18 +419,28 @@ typedef struct
 
   u8 is_initiator;
   u32 last_init_msg_id;
-  u8 is_profile_index_set;
   u32 profile_index;
   u8 is_tun_itf_set;
   u32 tun_itf;
   u8 udp_encap;
+  u16 ipsec_over_udp_port;
 
   f64 old_id_expiration;
   u32 current_remote_id_mask;
   u32 old_remote_id;
   u8 old_remote_id_present;
+  u8 init_response_received;
 
   ikev2_child_sa_t *childs;
+
+  u8 liveness_retries;
+  f64 liveness_period_check;
+
+  u16 dst_port;
+  u32 sw_if_index;
+
+  /* is NAT traversal mode */
+  u8 natt;
 } ikev2_sa_t;
 
 
@@ -443,6 +453,13 @@ typedef struct
 
   /* hash */
   uword *sa_by_rspi;
+
+  EVP_CIPHER_CTX *evp_ctx;
+  HMAC_CTX *hmac_ctx;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  HMAC_CTX _hmac_ctx;
+  EVP_CIPHER_CTX _evp_ctx;
+#endif
 } ikev2_main_per_thread_data_t;
 
 typedef struct
@@ -481,6 +498,15 @@ typedef struct
 
   /* logging level */
   ikev2_log_level_t log_level;
+
+  /* custom ipsec-over-udp ports managed by ike */
+  uword *udp_ports;
+
+  /* how often a liveness check will be performed */
+  u32 liveness_period;
+
+  /* max number of retries before considering peer dead */
+  u32 liveness_max_retries;
 } ikev2_main_t;
 
 extern ikev2_main_t ikev2_main;