typedef clib_error_t *(*add_del_sa_sess_cb_t) (u32 sa_index, u8 is_add);
typedef clib_error_t *(*check_support_cb_t) (ipsec_sa_t * sa);
+typedef clib_error_t *(*enable_disable_cb_t) (int is_enable);
typedef struct
{
add_del_sa_sess_cb_t add_del_sa_sess_cb;
/* check support function */
check_support_cb_t check_support_cb;
+ /* enable or disable function */
+ enable_disable_cb_t enable_disable_cb;
u32 esp4_encrypt_node_index;
u32 esp4_decrypt_node_index;
u32 esp4_encrypt_next_index;
u32 esp6_decrypt_node_index;
u32 esp6_encrypt_next_index;
u32 esp6_decrypt_next_index;
- u32 esp4_encrypt_tun_feature_index;
- u32 esp6_encrypt_tun_feature_index;
+ u32 esp4_decrypt_tun_node_index;
+ u32 esp4_decrypt_tun_next_index;
+ u32 esp6_decrypt_tun_node_index;
+ u32 esp6_decrypt_tun_next_index;
+ u32 esp44_encrypt_tun_feature_index;
+ u32 esp46_encrypt_tun_feature_index;
+ u32 esp66_encrypt_tun_feature_index;
+ u32 esp64_encrypt_tun_feature_index;
} ipsec_esp_backend_t;
typedef struct
typedef struct
{
+ CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
vnet_crypto_op_t *crypto_ops;
vnet_crypto_op_t *integ_ops;
+ vnet_crypto_op_t *chained_crypto_ops;
+ vnet_crypto_op_t *chained_integ_ops;
+ vnet_crypto_op_chunk_t *chunks;
} ipsec_per_thread_data_t;
typedef struct
u32 error_drop_node_index;
u32 esp4_encrypt_node_index;
u32 esp4_decrypt_node_index;
+ u32 esp4_decrypt_tun_node_index;
u32 ah4_encrypt_node_index;
u32 ah4_decrypt_node_index;
u32 esp6_encrypt_node_index;
u32 esp6_decrypt_node_index;
+ u32 esp6_decrypt_tun_node_index;
u32 ah6_encrypt_node_index;
u32 ah6_decrypt_node_index;
/* next node indices */
u32 esp4_encrypt_next_index;
u32 esp4_decrypt_next_index;
+ u32 esp4_decrypt_tun_next_index;
u32 ah4_encrypt_next_index;
u32 ah4_decrypt_next_index;
u32 esp6_encrypt_next_index;
u32 esp6_decrypt_next_index;
+ u32 esp6_decrypt_tun_next_index;
u32 ah6_encrypt_next_index;
u32 ah6_decrypt_next_index;
/* tun encrypt arcs and feature nodes */
- u32 esp4_encrypt_tun_feature_index;
- u32 esp6_encrypt_tun_feature_index;
+ u32 esp44_encrypt_tun_feature_index;
+ u32 esp64_encrypt_tun_feature_index;
+ u32 esp46_encrypt_tun_feature_index;
+ u32 esp66_encrypt_tun_feature_index;
/* tun nodes to drop packets when no crypto alg set on outbound SA */
u32 esp4_no_crypto_tun_feature_index;
u32 esp6_enc_tun_fq_index;
u32 esp4_dec_tun_fq_index;
u32 esp6_dec_tun_fq_index;
+
+ u8 async_mode;
} ipsec_main_t;
typedef enum ipsec_format_flags_t_
const char *esp4_encrypt_node_name,
const char *esp4_encrypt_tun_node_name,
const char *esp4_decrypt_node_name,
+ const char *esp4_decrypt_tun_node_name,
const char *esp6_encrypt_node_name,
const char *esp6_encrypt_tun_node_name,
const char *esp6_decrypt_node_name,
+ const char *esp6_decrypt_tun_node_name,
check_support_cb_t esp_check_support_cb,
- add_del_sa_sess_cb_t esp_add_del_sa_sess_cb);
+ add_del_sa_sess_cb_t esp_add_del_sa_sess_cb,
+ enable_disable_cb_t enable_disable_cb);
int ipsec_select_ah_backend (ipsec_main_t * im, u32 ah_backend_idx);
int ipsec_select_esp_backend (ipsec_main_t * im, u32 esp_backend_idx);
void ipsec_add_feature (const char *arc_name, const char *node_name,
u32 * out_feature_index);
+void ipsec_set_async_mode (u32 is_enabled);
#endif /* __IPSEC_H__ */