}) ip4_and_esp_header_t;
/* *INDENT-ON* */
+/* *INDENT-OFF* */
+typedef CLIB_PACKED (struct {
+ ip4_header_t ip4;
+ udp_header_t udp;
+ esp_header_t esp;
+}) ip4_and_udp_and_esp_header_t;
+/* *INDENT-ON* */
+
/* *INDENT-OFF* */
typedef CLIB_PACKED (struct {
ip6_header_t ip6;
typedef struct
{
const EVP_CIPHER *type;
+ u8 iv_size;
+ u8 block_size;
} ipsec_proto_main_crypto_alg_t;
typedef struct
ipsec_proto_main_t *em = &ipsec_proto_main;
vlib_thread_main_t *tm = vlib_get_thread_main ();
- memset (em, 0, sizeof (em[0]));
+ clib_memset (em, 0, sizeof (em[0]));
vec_validate (em->ipsec_proto_main_crypto_algs, IPSEC_CRYPTO_N_ALG - 1);
em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_128].type =
EVP_aes_192_cbc ();
em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_256].type =
EVP_aes_256_cbc ();
+ em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_128].iv_size = 16;
+ em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_192].iv_size = 16;
+ em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_256].iv_size = 16;
+ em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_128].block_size =
+ 16;
+ em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_192].block_size =
+ 16;
+ em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_256].block_size =
+ 16;
+ em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_DES_CBC].type =
+ EVP_des_cbc ();
+ em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_3DES_CBC].type =
+ EVP_des_ede3_cbc ();
+ em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_DES_CBC].block_size = 8;
+ em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_3DES_CBC].block_size = 8;
+ em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_DES_CBC].iv_size = 8;
+ em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_3DES_CBC].iv_size = 8;
vec_validate (em->ipsec_proto_main_integ_algs, IPSEC_INTEG_N_ALG - 1);
ipsec_proto_main_integ_alg_t *i;
CLIB_CACHE_LINE_BYTES);
int thread_id;
- for (thread_id = 0; thread_id < tm->n_vlib_mains - 1; thread_id++)
+ for (thread_id = 0; thread_id < tm->n_vlib_mains; thread_id++)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
em->per_thread_data[thread_id].encrypt_ctx = EVP_CIPHER_CTX_new ();