diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/vnet/ipsec/esp.h | 51 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec.h | 54 |
2 files changed, 54 insertions, 51 deletions
diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h index 50c4d395ff9..00472654554 100644 --- a/src/vnet/ipsec/esp.h +++ b/src/vnet/ipsec/esp.h @@ -18,10 +18,6 @@ #include <vnet/ip/ip.h> #include <vnet/ipsec/ipsec.h> -#include <openssl/hmac.h> -#include <openssl/rand.h> -#include <openssl/evp.h> - typedef struct { u32 spi; @@ -57,53 +53,6 @@ typedef CLIB_PACKED (struct { }) ip6_and_esp_header_t; /* *INDENT-ON* */ -typedef struct -{ - const EVP_CIPHER *type; - u8 iv_size; - u8 block_size; -} ipsec_proto_main_crypto_alg_t; - -typedef struct -{ - const EVP_MD *md; - u8 trunc_size; -} ipsec_proto_main_integ_alg_t; - -typedef struct -{ - CLIB_CACHE_LINE_ALIGN_MARK (cacheline0); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L - EVP_CIPHER_CTX *encrypt_ctx; -#else - EVP_CIPHER_CTX encrypt_ctx; -#endif - CLIB_CACHE_LINE_ALIGN_MARK (cacheline1); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L - EVP_CIPHER_CTX *decrypt_ctx; -#else - EVP_CIPHER_CTX decrypt_ctx; -#endif - CLIB_CACHE_LINE_ALIGN_MARK (cacheline2); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L - HMAC_CTX *hmac_ctx; -#else - HMAC_CTX hmac_ctx; -#endif - ipsec_crypto_alg_t last_encrypt_alg; - ipsec_crypto_alg_t last_decrypt_alg; - ipsec_integ_alg_t last_integ_alg; -} ipsec_proto_main_per_thread_data_t; - -typedef struct -{ - ipsec_proto_main_crypto_alg_t *ipsec_proto_main_crypto_algs; - ipsec_proto_main_integ_alg_t *ipsec_proto_main_integ_algs; - ipsec_proto_main_per_thread_data_t *per_thread_data; -} ipsec_proto_main_t; - -extern ipsec_proto_main_t ipsec_proto_main; - #define ESP_WINDOW_SIZE (64) #define ESP_SEQ_MAX (4294967295UL) diff --git a/src/vnet/ipsec/ipsec.h b/src/vnet/ipsec/ipsec.h index ced71194f39..d40767001b8 100644 --- a/src/vnet/ipsec/ipsec.h +++ b/src/vnet/ipsec/ipsec.h @@ -18,6 +18,13 @@ #include <vnet/ip/ip.h> #include <vnet/feature/feature.h> +#include <openssl/hmac.h> +#include <openssl/rand.h> +#include <openssl/evp.h> + +#include <vppinfra/types.h> +#include <vppinfra/cache.h> + #define IPSEC_FLAG_IPSEC_GRE_TUNNEL (1 << 0) #define foreach_ipsec_output_next \ @@ -292,6 +299,53 @@ typedef struct typedef struct { + const EVP_CIPHER *type; + u8 iv_size; + u8 block_size; +} ipsec_proto_main_crypto_alg_t; + +typedef struct +{ + const EVP_MD *md; + u8 trunc_size; +} ipsec_proto_main_integ_alg_t; + +typedef struct +{ + CLIB_CACHE_LINE_ALIGN_MARK (cacheline0); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + EVP_CIPHER_CTX *encrypt_ctx; +#else + EVP_CIPHER_CTX encrypt_ctx; +#endif + CLIB_CACHE_LINE_ALIGN_MARK (cacheline1); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + EVP_CIPHER_CTX *decrypt_ctx; +#else + EVP_CIPHER_CTX decrypt_ctx; +#endif + CLIB_CACHE_LINE_ALIGN_MARK (cacheline2); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX *hmac_ctx; +#else + HMAC_CTX hmac_ctx; +#endif + ipsec_crypto_alg_t last_encrypt_alg; + ipsec_crypto_alg_t last_decrypt_alg; + ipsec_integ_alg_t last_integ_alg; +} ipsec_proto_main_per_thread_data_t; + +typedef struct +{ + ipsec_proto_main_crypto_alg_t *ipsec_proto_main_crypto_algs; + ipsec_proto_main_integ_alg_t *ipsec_proto_main_integ_algs; + ipsec_proto_main_per_thread_data_t *per_thread_data; +} ipsec_proto_main_t; + +extern ipsec_proto_main_t ipsec_proto_main; + +typedef struct +{ /* pool of tunnel instances */ ipsec_spd_t *spds; ipsec_sa_t *sad; |