#include <vnet/ipsec/ipsec.h>
#include <vnet/ipsec/esp.h>
+ipsec_proto_main_t ipsec_proto_main;
#define foreach_esp_encrypt_next \
_(DROP, "error-drop") \
esp_encrypt_aes_cbc (ipsec_crypto_alg_t alg,
u8 * in, u8 * out, size_t in_len, u8 * key, u8 * iv)
{
- esp_main_t *em = &esp_main;
- u32 cpu_index = os_get_cpu_number ();
- EVP_CIPHER_CTX *ctx = &(em->per_thread_data[cpu_index].encrypt_ctx);
+ ipsec_proto_main_t *em = &ipsec_proto_main;
+ u32 thread_index = vlib_get_thread_index ();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ EVP_CIPHER_CTX *ctx = em->per_thread_data[thread_index].encrypt_ctx;
+#else
+ EVP_CIPHER_CTX *ctx = &(em->per_thread_data[thread_index].encrypt_ctx);
+#endif
const EVP_CIPHER *cipher = NULL;
int out_len;
ASSERT (alg < IPSEC_CRYPTO_N_ALG);
- if (PREDICT_FALSE (em->esp_crypto_algs[alg].type == IPSEC_CRYPTO_ALG_NONE))
+ if (PREDICT_FALSE
+ (em->ipsec_proto_main_crypto_algs[alg].type == IPSEC_CRYPTO_ALG_NONE))
return;
- if (PREDICT_FALSE (alg != em->per_thread_data[cpu_index].last_encrypt_alg))
+ if (PREDICT_FALSE
+ (alg != em->per_thread_data[thread_index].last_encrypt_alg))
{
- cipher = em->esp_crypto_algs[alg].type;
- em->per_thread_data[cpu_index].last_encrypt_alg = alg;
+ cipher = em->ipsec_proto_main_crypto_algs[alg].type;
+ em->per_thread_data[thread_index].last_encrypt_alg = alg;
}
EVP_EncryptInit_ex (ctx, cipher, NULL, key, iv);
n_left_from = from_frame->n_vectors;
ipsec_main_t *im = &ipsec_main;
u32 *recycle = 0;
- u32 cpu_index = os_get_cpu_number ();
+ u32 thread_index = vlib_get_thread_index ();
ipsec_alloc_empty_buffers (vm, im);
- u32 *empty_buffers = im->empty_buffers[cpu_index];
+ u32 *empty_buffers = im->empty_buffers[thread_index];
if (PREDICT_FALSE (vec_len (empty_buffers) < n_left_from))
{
goto trace;
}
+ sa0->total_data_size += i_b0->current_length;
+
/* grab free buffer */
last_empty_buffer = vec_len (empty_buffers) - 1;
o_bi0 = empty_buffers[last_empty_buffer];