summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec.h
diff options
context:
space:
mode:
authorSergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>2017-08-26 15:22:05 +0100
committerDamjan Marion <dmarion.lists@gmail.com>2017-10-05 09:54:34 +0000
commitdb93cd971320301eb21403caabada7a3ec6a4cce (patch)
tree01c57f4f476a97805411a74d665eedb72331f91e /src/vnet/ipsec/ipsec.h
parent7939f904600018aeed9d8cc9d19ca37c7e96f3d1 (diff)
dpdk/ipsec: rework plus improved cli commands
This patch reworks the DPDK ipsec implementation including the cryptodev management as well as replacing new cli commands for better usability. For the data path: - The dpdk-esp-encrypt-post node is not necessary anymore. - IPv4 packets in the decrypt path are sent to ip4-input-no-checksum instead of ip4-input. The DPDK cryptodev cli commands are replaced by the following new commands: - show dpdk crypto devices - show dpdk crypto placement [verbose] - set dpdk crypto placement (<device> <thread> | auto) - clear dpdk crypto placement <device> [<thread>] - show dpdk crypto pools Change-Id: I47324517ede82d3e6e0e9f9c71c1a3433714b27b Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec.h')
-rw-r--r--src/vnet/ipsec/ipsec.h15
1 files changed, 11 insertions, 4 deletions
diff --git a/src/vnet/ipsec/ipsec.h b/src/vnet/ipsec/ipsec.h
index 1eff1c3a0be..f11bc56cb9a 100644
--- a/src/vnet/ipsec/ipsec.h
+++ b/src/vnet/ipsec/ipsec.h
@@ -15,6 +15,9 @@
#ifndef __IPSEC_H__
#define __IPSEC_H__
+#include <vnet/ip/ip.h>
+#include <vnet/feature/feature.h>
+
#define IPSEC_FLAG_IPSEC_GRE_TUNNEL (1 << 0)
@@ -63,7 +66,12 @@ typedef enum
_(1, AES_CBC_128, "aes-cbc-128") \
_(2, AES_CBC_192, "aes-cbc-192") \
_(3, AES_CBC_256, "aes-cbc-256") \
- _(4, AES_GCM_128, "aes-gcm-128")
+ _(4, AES_CTR_128, "aes-ctr-128") \
+ _(5, AES_CTR_192, "aes-ctr-192") \
+ _(6, AES_CTR_256, "aes-ctr-256") \
+ _(7, AES_GCM_128, "aes-gcm-128") \
+ _(8, AES_GCM_192, "aes-gcm-192") \
+ _(9, AES_GCM_256, "aes-gcm-256")
typedef enum
{
@@ -80,8 +88,7 @@ typedef enum
_(3, SHA_256_96, "sha-256-96") /* draft-ietf-ipsec-ciph-sha-256-00 */ \
_(4, SHA_256_128, "sha-256-128") /* RFC4868 */ \
_(5, SHA_384_192, "sha-384-192") /* RFC4868 */ \
- _(6, SHA_512_256, "sha-512-256") /* RFC4868 */ \
- _(7, AES_GCM_128, "aes-gcm-128") /* RFC4106 */
+ _(6, SHA_512_256, "sha-512-256") /* RFC4868 */
typedef enum
{
@@ -236,7 +243,7 @@ typedef struct
typedef struct
{
- i32 (*add_del_sa_sess_cb) (u32 sa_index, u8 is_add);
+ clib_error_t *(*add_del_sa_sess_cb) (u32 sa_index, u8 is_add);
clib_error_t *(*check_support_cb) (ipsec_sa_t * sa);
} ipsec_main_callbacks_t;