aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r--src/vnet/ipsec/esp.h51
-rw-r--r--src/vnet/ipsec/ipsec.h54
2 files changed, 54 insertions, 51 deletions
diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h
index 50c4d395ff9..00472654554 100644
--- a/src/vnet/ipsec/esp.h
+++ b/src/vnet/ipsec/esp.h
@@ -18,10 +18,6 @@
#include <vnet/ip/ip.h>
#include <vnet/ipsec/ipsec.h>
-#include <openssl/hmac.h>
-#include <openssl/rand.h>
-#include <openssl/evp.h>
-
typedef struct
{
u32 spi;
@@ -57,53 +53,6 @@ typedef CLIB_PACKED (struct {
}) ip6_and_esp_header_t;
/* *INDENT-ON* */
-typedef struct
-{
- const EVP_CIPHER *type;
- u8 iv_size;
- u8 block_size;
-} ipsec_proto_main_crypto_alg_t;
-
-typedef struct
-{
- const EVP_MD *md;
- u8 trunc_size;
-} ipsec_proto_main_integ_alg_t;
-
-typedef struct
-{
- CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- EVP_CIPHER_CTX *encrypt_ctx;
-#else
- EVP_CIPHER_CTX encrypt_ctx;
-#endif
- CLIB_CACHE_LINE_ALIGN_MARK (cacheline1);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- EVP_CIPHER_CTX *decrypt_ctx;
-#else
- EVP_CIPHER_CTX decrypt_ctx;
-#endif
- CLIB_CACHE_LINE_ALIGN_MARK (cacheline2);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- HMAC_CTX *hmac_ctx;
-#else
- HMAC_CTX hmac_ctx;
-#endif
- ipsec_crypto_alg_t last_encrypt_alg;
- ipsec_crypto_alg_t last_decrypt_alg;
- ipsec_integ_alg_t last_integ_alg;
-} ipsec_proto_main_per_thread_data_t;
-
-typedef struct
-{
- ipsec_proto_main_crypto_alg_t *ipsec_proto_main_crypto_algs;
- ipsec_proto_main_integ_alg_t *ipsec_proto_main_integ_algs;
- ipsec_proto_main_per_thread_data_t *per_thread_data;
-} ipsec_proto_main_t;
-
-extern ipsec_proto_main_t ipsec_proto_main;
-
#define ESP_WINDOW_SIZE (64)
#define ESP_SEQ_MAX (4294967295UL)
diff --git a/src/vnet/ipsec/ipsec.h b/src/vnet/ipsec/ipsec.h
index ced71194f39..d40767001b8 100644
--- a/src/vnet/ipsec/ipsec.h
+++ b/src/vnet/ipsec/ipsec.h
@@ -18,6 +18,13 @@
#include <vnet/ip/ip.h>
#include <vnet/feature/feature.h>
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+
+#include <vppinfra/types.h>
+#include <vppinfra/cache.h>
+
#define IPSEC_FLAG_IPSEC_GRE_TUNNEL (1 << 0)
#define foreach_ipsec_output_next \
@@ -292,6 +299,53 @@ typedef struct
typedef struct
{
+ const EVP_CIPHER *type;
+ u8 iv_size;
+ u8 block_size;
+} ipsec_proto_main_crypto_alg_t;
+
+typedef struct
+{
+ const EVP_MD *md;
+ u8 trunc_size;
+} ipsec_proto_main_integ_alg_t;
+
+typedef struct
+{
+ CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ EVP_CIPHER_CTX *encrypt_ctx;
+#else
+ EVP_CIPHER_CTX encrypt_ctx;
+#endif
+ CLIB_CACHE_LINE_ALIGN_MARK (cacheline1);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ EVP_CIPHER_CTX *decrypt_ctx;
+#else
+ EVP_CIPHER_CTX decrypt_ctx;
+#endif
+ CLIB_CACHE_LINE_ALIGN_MARK (cacheline2);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ HMAC_CTX *hmac_ctx;
+#else
+ HMAC_CTX hmac_ctx;
+#endif
+ ipsec_crypto_alg_t last_encrypt_alg;
+ ipsec_crypto_alg_t last_decrypt_alg;
+ ipsec_integ_alg_t last_integ_alg;
+} ipsec_proto_main_per_thread_data_t;
+
+typedef struct
+{
+ ipsec_proto_main_crypto_alg_t *ipsec_proto_main_crypto_algs;
+ ipsec_proto_main_integ_alg_t *ipsec_proto_main_integ_algs;
+ ipsec_proto_main_per_thread_data_t *per_thread_data;
+} ipsec_proto_main_t;
+
+extern ipsec_proto_main_t ipsec_proto_main;
+
+typedef struct
+{
/* pool of tunnel instances */
ipsec_spd_t *spds;
ipsec_sa_t *sad;