#define __IPSEC_SPD_SA_H__
#include <vlib/vlib.h>
+#include <vnet/crypto/crypto.h>
#include <vnet/ip/ip.h>
#include <vnet/fib/fib_node.h>
u8 crypto_iv_size;
u8 crypto_block_size;
u8 integ_icv_size;
+ u32 encrypt_thread_index;
+ u32 decrypt_thread_index;
u32 spi;
u32 seq;
u32 seq_hi;
vnet_crypto_key_index_t crypto_key_index;
vnet_crypto_key_index_t integ_key_index;
- vnet_crypto_op_id_t crypto_enc_op_id:16;
- vnet_crypto_op_id_t crypto_dec_op_id:16;
- vnet_crypto_op_id_t integ_op_id:16;
+
+ /* Union data shared by sync and async ops, updated when mode is
+ * changed. */
+ union
+ {
+ struct
+ {
+ vnet_crypto_op_id_t crypto_enc_op_id:16;
+ vnet_crypto_op_id_t crypto_dec_op_id:16;
+ vnet_crypto_op_id_t integ_op_id:16;
+ };
+
+ struct
+ {
+ vnet_crypto_async_op_id_t crypto_async_enc_op_id:16;
+ vnet_crypto_async_op_id_t crypto_async_dec_op_id:16;
+ vnet_crypto_key_index_t linked_key_index;
+ };
+
+ u64 crypto_op_data;
+ };
/* data accessed by dataplane code should be above this comment */
CLIB_CACHE_LINE_ALIGN_MARK (cacheline1);
/* Salt used in GCM modes - stored in network byte order */
u32 salt;
u64 gcm_iv_counter;
+
+ union
+ {
+ struct
+ {
+ vnet_crypto_op_id_t crypto_enc_op_id:16;
+ vnet_crypto_op_id_t crypto_dec_op_id:16;
+ vnet_crypto_op_id_t integ_op_id:16;
+ };
+ u64 data;
+ } sync_op_data;
+
+ union
+ {
+ struct
+ {
+ vnet_crypto_async_op_id_t crypto_async_enc_op_id:16;
+ vnet_crypto_async_op_id_t crypto_async_dec_op_id:16;
+ vnet_crypto_key_index_t linked_key_index;
+ };
+ u64 data;
+ } async_op_data;
} ipsec_sa_t;
STATIC_ASSERT_OFFSET_OF (ipsec_sa_t, cacheline1, CLIB_CACHE_LINE_BYTES);
u32 salt,
const ip46_address_t * tunnel_src_addr,
const ip46_address_t * tunnel_dst_addr,
- u32 * sa_index);
+ u32 * sa_index, u16 dst_port);
extern index_t ipsec_sa_find_and_lock (u32 id);
extern int ipsec_sa_unlock_id (u32 id);
extern void ipsec_sa_unlock (index_t sai);
va_list * args);
extern uword unformat_ipsec_key (unformat_input_t * input, va_list * args);
+#define IPSEC_UDP_PORT_NONE ((u16)~0)
+
/*
* Anti Replay definitions
*/
}
}
+
+/*
+ * Makes choice for thread_id should be assigned.
+ * if input ~0, gets random worker_id based on unix_time_now_nsec
+*/
+always_inline u32
+ipsec_sa_assign_thread (u32 thread_id)
+{
+ return ((thread_id) ? thread_id
+ : (unix_time_now_nsec () % vlib_num_workers ()) + 1);
+}
+
#endif /* __IPSEC_SPD_SA_H__ */
/*