X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec.h;h=f11bc56cb9a293d4130f167b24a53e6d90f158eb;hb=2096063b0856808326cbd2c1c8a3a786c98ea896;hp=6726dba08ae6c5c3fe69d9e6b0ddb3d66ad022d7;hpb=d04b60bfa940e21ab4676a1cb3c15989748be40a;p=vpp.git

diff --git a/src/vnet/ipsec/ipsec.h b/src/vnet/ipsec/ipsec.h
index 6726dba08ae..f11bc56cb9a 100644
--- a/src/vnet/ipsec/ipsec.h
+++ b/src/vnet/ipsec/ipsec.h
@@ -15,6 +15,9 @@
 #ifndef __IPSEC_H__
 #define __IPSEC_H__
 
+#include <vnet/ip/ip.h>
+#include <vnet/feature/feature.h>
+
 #define IPSEC_FLAG_IPSEC_GRE_TUNNEL (1 << 0)
 
 
@@ -63,7 +66,12 @@ typedef enum
   _(1, AES_CBC_128, "aes-cbc-128")  \
   _(2, AES_CBC_192, "aes-cbc-192")  \
   _(3, AES_CBC_256, "aes-cbc-256")  \
-  _(4, AES_GCM_128, "aes-gcm-128")
+  _(4, AES_CTR_128, "aes-ctr-128")  \
+  _(5, AES_CTR_192, "aes-ctr-192")  \
+  _(6, AES_CTR_256, "aes-ctr-256")  \
+  _(7, AES_GCM_128, "aes-gcm-128")  \
+  _(8, AES_GCM_192, "aes-gcm-192")  \
+  _(9, AES_GCM_256, "aes-gcm-256")
 
 typedef enum
 {
@@ -80,8 +88,7 @@ typedef enum
   _(3, SHA_256_96, "sha-256-96")   /* draft-ietf-ipsec-ciph-sha-256-00 */ \
   _(4, SHA_256_128, "sha-256-128") /* RFC4868 */                          \
   _(5, SHA_384_192, "sha-384-192") /* RFC4868 */                          \
-  _(6, SHA_512_256, "sha-512-256") /* RFC4868 */                          \
-  _(7, AES_GCM_128, "aes-gcm-128")	/* RFC4106 */
+  _(6, SHA_512_256, "sha-512-256")	/* RFC4868 */
 
 typedef enum
 {
@@ -127,6 +134,9 @@ typedef struct
   u32 last_seq;
   u32 last_seq_hi;
   u64 replay_window;
+
+  /*lifetime data */
+  u64 total_data_size;
 } ipsec_sa_t;
 
 typedef struct
@@ -233,7 +243,7 @@ typedef struct
 
 typedef struct
 {
-  i32 (*add_del_sa_sess_cb) (u32 sa_index, u8 is_add);
+  clib_error_t *(*add_del_sa_sess_cb) (u32 sa_index, u8 is_add);
   clib_error_t *(*check_support_cb) (ipsec_sa_t * sa);
 } ipsec_main_callbacks_t;
 
@@ -305,7 +315,9 @@ uword unformat_ipsec_policy_action (unformat_input_t * input, va_list * args);
 uword unformat_ipsec_crypto_alg (unformat_input_t * input, va_list * args);
 uword unformat_ipsec_integ_alg (unformat_input_t * input, va_list * args);
 
-/*u32 ipsec_add_del_tunnel_if (vnet_main_t * vnm, ipsec_add_del_tunnel_args_t * args); */
+int ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
+				      ipsec_add_del_tunnel_args_t * args,
+				      u32 * sw_if_index);
 int ipsec_add_del_tunnel_if (ipsec_add_del_tunnel_args_t * args);
 int ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm,
 				    ipsec_add_del_ipsec_gre_tunnel_args_t *
@@ -321,21 +333,21 @@ int ipsec_set_interface_key (vnet_main_t * vnm, u32 hw_if_index,
 always_inline void
 ipsec_alloc_empty_buffers (vlib_main_t * vm, ipsec_main_t * im)
 {
-  u32 cpu_index = os_get_cpu_number ();
-  uword l = vec_len (im->empty_buffers[cpu_index]);
+  u32 thread_index = vlib_get_thread_index ();
+  uword l = vec_len (im->empty_buffers[thread_index]);
   uword n_alloc = 0;
 
   if (PREDICT_FALSE (l < VLIB_FRAME_SIZE))
     {
-      if (!im->empty_buffers[cpu_index])
+      if (!im->empty_buffers[thread_index])
 	{
-	  vec_alloc (im->empty_buffers[cpu_index], 2 * VLIB_FRAME_SIZE);
+	  vec_alloc (im->empty_buffers[thread_index], 2 * VLIB_FRAME_SIZE);
 	}
 
-      n_alloc = vlib_buffer_alloc (vm, im->empty_buffers[cpu_index] + l,
+      n_alloc = vlib_buffer_alloc (vm, im->empty_buffers[thread_index] + l,
 				   2 * VLIB_FRAME_SIZE - l);
 
-      _vec_len (im->empty_buffers[cpu_index]) = l + n_alloc;
+      _vec_len (im->empty_buffers[thread_index]) = l + n_alloc;
     }
 }