#define __IPSEC_H__
#include <vnet/ip/ip.h>
+#include <vnet/crypto/crypto.h>
#include <vnet/feature/feature.h>
-#include <openssl/hmac.h>
-#include <openssl/rand.h>
-#include <openssl/evp.h>
-
#include <vppinfra/types.h>
#include <vppinfra/cache.h>
typedef struct
{
- const EVP_CIPHER *type;
+ vnet_crypto_op_type_t enc_op_type;
+ vnet_crypto_op_type_t dec_op_type;
u8 iv_size;
u8 block_size;
-} ipsec_proto_main_crypto_alg_t;
+} ipsec_main_crypto_alg_t;
typedef struct
{
- const EVP_MD *md;
+ vnet_crypto_op_type_t op_type;
u8 trunc_size;
-} ipsec_proto_main_integ_alg_t;
-
-typedef struct
-{
- CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- EVP_CIPHER_CTX *encrypt_ctx;
-#else
- EVP_CIPHER_CTX encrypt_ctx;
-#endif
- CLIB_CACHE_LINE_ALIGN_MARK (cacheline1);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- EVP_CIPHER_CTX *decrypt_ctx;
-#else
- EVP_CIPHER_CTX decrypt_ctx;
-#endif
- CLIB_CACHE_LINE_ALIGN_MARK (cacheline2);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- HMAC_CTX *hmac_ctx;
-#else
- HMAC_CTX hmac_ctx;
-#endif
- ipsec_crypto_alg_t last_encrypt_alg;
- ipsec_crypto_alg_t last_decrypt_alg;
- ipsec_integ_alg_t last_integ_alg;
-} ipsec_proto_main_per_thread_data_t;
+} ipsec_main_integ_alg_t;
typedef struct
{
- ipsec_proto_main_crypto_alg_t *ipsec_proto_main_crypto_algs;
- ipsec_proto_main_integ_alg_t *ipsec_proto_main_integ_algs;
- ipsec_proto_main_per_thread_data_t *per_thread_data;
-} ipsec_proto_main_t;
-
-extern ipsec_proto_main_t ipsec_proto_main;
+ vnet_crypto_op_t *crypto_ops;
+ vnet_crypto_op_t *integ_ops;
+} ipsec_per_thread_data_t;
typedef struct
{
/* pool of tunnel interfaces */
ipsec_tunnel_if_t *tunnel_interfaces;
- u32 **empty_buffers;
-
uword *tunnel_index_by_key;
/* convenience */
uword *spd_index_by_spd_id;
uword *spd_index_by_sw_if_index;
uword *sa_index_by_sa_id;
- uword *ipsec_if_pool_index_by_key;
+ uword *ipsec4_if_pool_index_by_key;
+ uword *ipsec6_if_pool_index_by_key;
uword *ipsec_if_real_dev_by_show_dev;
/* node indices */
u32 ah_default_backend;
/* index of default esp backend */
u32 esp_default_backend;
+
+ /* crypto alg data */
+ ipsec_main_crypto_alg_t *crypto_algs;
+
+ /* crypto integ data */
+ ipsec_main_integ_alg_t *integ_algs;
+
+ /* per-thread data */
+ ipsec_per_thread_data_t *ptd;
} ipsec_main_t;
extern ipsec_main_t ipsec_main;
extern vlib_node_registration_t esp6_decrypt_node;
extern vlib_node_registration_t ah6_encrypt_node;
extern vlib_node_registration_t ah6_decrypt_node;
-extern vlib_node_registration_t ipsec_if_input_node;
+extern vlib_node_registration_t ipsec4_if_input_node;
+extern vlib_node_registration_t ipsec6_if_input_node;
/*
* functions
* inline functions
*/
-always_inline void
-ipsec_alloc_empty_buffers (vlib_main_t * vm, ipsec_main_t * im)
-{
- u32 thread_index = vm->thread_index;
- uword l = vec_len (im->empty_buffers[thread_index]);
- uword n_alloc = 0;
-
- if (PREDICT_FALSE (l < VLIB_FRAME_SIZE))
- {
- if (!im->empty_buffers[thread_index])
- {
- vec_alloc (im->empty_buffers[thread_index], 2 * VLIB_FRAME_SIZE);
- }
-
- n_alloc = vlib_buffer_alloc (vm, im->empty_buffers[thread_index] + l,
- 2 * VLIB_FRAME_SIZE - l);
-
- _vec_len (im->empty_buffers[thread_index]) = l + n_alloc;
- }
-}
-
static_always_inline u32
get_next_output_feature_node_index (vlib_buffer_t * b,
vlib_node_runtime_t * nr)