IPSEC; dpdk backend for tunnel interface encryption

[vpp.git] / src / vnet / ipsec / ipsec_sa.h

diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h
index f87e12e..bde0958 100644 (file)
--- a/src/vnet/ipsec/ipsec_sa.h
+++ b/src/vnet/ipsec/ipsec_sa.h
@@ -125,9 +125,11 @@ typedef struct
   u32 last_seq_hi;
   u64 replay_window;
 
-  vnet_crypto_op_id_t crypto_enc_op_id;
-  vnet_crypto_op_id_t crypto_dec_op_id;
-  vnet_crypto_op_id_t integ_op_id;
+  vnet_crypto_key_index_t crypto_key_index;
+  vnet_crypto_key_index_t integ_key_index;
+  vnet_crypto_op_id_t crypto_enc_op_id:16;
+  vnet_crypto_op_id_t crypto_dec_op_id:16;
+  vnet_crypto_op_id_t integ_op_id:16;
 
   dpo_id_t dpo[IPSEC_N_PROTOCOLS];
 
@@ -149,9 +151,11 @@ typedef struct
 
   ipsec_crypto_alg_t crypto_alg;
   ipsec_key_t crypto_key;
+  vnet_crypto_alg_t crypto_calg;
 
   ipsec_integ_alg_t integ_alg;
   ipsec_key_t integ_key;
+  vnet_crypto_alg_t integ_calg;
 
   ip46_address_t tunnel_src_addr;
   ip46_address_t tunnel_dst_addr;
@@ -160,9 +164,9 @@ typedef struct
   u32 sibling;
 
   u32 tx_fib_index;
-  u32 salt;
 
-  /* runtime */
+  /* Salt used in GCM modes - stored in network byte order */
+  u32 salt;
 } ipsec_sa_t;
 
 STATIC_ASSERT_OFFSET_OF (ipsec_sa_t, cacheline1, CLIB_CACHE_LINE_BYTES);
@@ -203,7 +207,6 @@ extern int ipsec_sa_add (u32 id,
                         const ip46_address_t * tunnel_dst_addr,
                         u32 * sa_index);
 extern u32 ipsec_sa_del (u32 id);
-extern void ipsec_sa_stack (ipsec_sa_t * sa);
 extern void ipsec_sa_set_crypto_alg (ipsec_sa_t * sa,
                                     ipsec_crypto_alg_t crypto_alg);
 extern void ipsec_sa_set_integ_alg (ipsec_sa_t * sa,