IPSEC: API modernisation

[vpp.git] / src / vnet / ipsec / ipsec.h

diff --git a/src/vnet/ipsec/ipsec.h b/src/vnet/ipsec/ipsec.h
index ced7119..93369fe 100644 (file)
--- a/src/vnet/ipsec/ipsec.h
+++ b/src/vnet/ipsec/ipsec.h
@@ -18,6 +18,13 @@
 #include <vnet/ip/ip.h>
 #include <vnet/feature/feature.h>
 
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+
+#include <vppinfra/types.h>
+#include <vppinfra/cache.h>
+
 #define IPSEC_FLAG_IPSEC_GRE_TUNNEL (1 << 0)
 
 #define foreach_ipsec_output_next  \
@@ -61,9 +68,11 @@ typedef enum
 #define _(v, f, s) IPSEC_POLICY_ACTION_##f = v,
   foreach_ipsec_policy_action
 #undef _
-    IPSEC_POLICY_N_ACTION,
 } ipsec_policy_action_t;
 
+#define IPSEC_POLICY_N_ACTION (IPSEC_POLICY_ACTION_PROTECT + 1)
+
+
 #define foreach_ipsec_crypto_alg    \
   _ (0, NONE, "none")               \
   _ (1, AES_CBC_128, "aes-cbc-128") \
@@ -132,6 +141,7 @@ typedef struct
   ip46_address_t tunnel_src_addr;
   ip46_address_t tunnel_dst_addr;
 
+  u32 tx_fib_index;
   u32 salt;
 
   /* runtime */
@@ -176,6 +186,7 @@ typedef struct
   u8 renumber;
   u32 show_instance;
   u8 udp_encap;
+  u32 tx_table_id;
 } ipsec_add_del_tunnel_args_t;
 
 typedef struct
@@ -211,7 +222,7 @@ typedef struct
   port_range_t rport;
 
   // Policy
-  u8 policy;
+  ipsec_policy_action_t policy;
   u32 sa_id;
   u32 sa_index;
 
@@ -290,6 +301,53 @@ typedef struct
   u32 esp6_decrypt_next_index;
 } ipsec_esp_backend_t;
 
+typedef struct
+{
+  const EVP_CIPHER *type;
+  u8 iv_size;
+  u8 block_size;
+} ipsec_proto_main_crypto_alg_t;
+
+typedef struct
+{
+  const EVP_MD *md;
+  u8 trunc_size;
+} ipsec_proto_main_integ_alg_t;
+
+typedef struct
+{
+  CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  EVP_CIPHER_CTX *encrypt_ctx;
+#else
+  EVP_CIPHER_CTX encrypt_ctx;
+#endif
+    CLIB_CACHE_LINE_ALIGN_MARK (cacheline1);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  EVP_CIPHER_CTX *decrypt_ctx;
+#else
+  EVP_CIPHER_CTX decrypt_ctx;
+#endif
+    CLIB_CACHE_LINE_ALIGN_MARK (cacheline2);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  HMAC_CTX *hmac_ctx;
+#else
+  HMAC_CTX hmac_ctx;
+#endif
+  ipsec_crypto_alg_t last_encrypt_alg;
+  ipsec_crypto_alg_t last_decrypt_alg;
+  ipsec_integ_alg_t last_integ_alg;
+} ipsec_proto_main_per_thread_data_t;
+
+typedef struct
+{
+  ipsec_proto_main_crypto_alg_t *ipsec_proto_main_crypto_algs;
+  ipsec_proto_main_integ_alg_t *ipsec_proto_main_integ_algs;
+  ipsec_proto_main_per_thread_data_t *per_thread_data;
+} ipsec_proto_main_t;
+
+extern ipsec_proto_main_t ipsec_proto_main;
+
 typedef struct
 {
   /* pool of tunnel instances */