Commit 35d2856b4693e8de5d616307b56cef296b839157
Committed by
David S. Miller
1 parent
957fca95e3
Exists in
master
and in
4 other branches
xfrm: Add Traffic Flow Confidentiality padding XFRM attribute
The XFRMA_TFCPAD attribute for XFRM state installation configures Traffic Flow Confidentiality by padding ESP packets to a specified length. Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 3 changed files with 19 additions and 2 deletions Side-by-side Diff
include/linux/xfrm.h
include/net/xfrm.h
net/xfrm/xfrm_user.c
... | ... | @@ -148,7 +148,8 @@ |
148 | 148 | !attrs[XFRMA_ALG_AUTH_TRUNC]) || |
149 | 149 | attrs[XFRMA_ALG_AEAD] || |
150 | 150 | attrs[XFRMA_ALG_CRYPT] || |
151 | - attrs[XFRMA_ALG_COMP]) | |
151 | + attrs[XFRMA_ALG_COMP] || | |
152 | + attrs[XFRMA_TFCPAD]) | |
152 | 153 | goto out; |
153 | 154 | break; |
154 | 155 | |
... | ... | @@ -165,6 +166,9 @@ |
165 | 166 | attrs[XFRMA_ALG_CRYPT]) && |
166 | 167 | attrs[XFRMA_ALG_AEAD]) |
167 | 168 | goto out; |
169 | + if (attrs[XFRMA_TFCPAD] && | |
170 | + p->mode != XFRM_MODE_TUNNEL) | |
171 | + goto out; | |
168 | 172 | break; |
169 | 173 | |
170 | 174 | case IPPROTO_COMP: |
... | ... | @@ -172,7 +176,8 @@ |
172 | 176 | attrs[XFRMA_ALG_AEAD] || |
173 | 177 | attrs[XFRMA_ALG_AUTH] || |
174 | 178 | attrs[XFRMA_ALG_AUTH_TRUNC] || |
175 | - attrs[XFRMA_ALG_CRYPT]) | |
179 | + attrs[XFRMA_ALG_CRYPT] || | |
180 | + attrs[XFRMA_TFCPAD]) | |
176 | 181 | goto out; |
177 | 182 | break; |
178 | 183 | |
... | ... | @@ -186,6 +191,7 @@ |
186 | 191 | attrs[XFRMA_ALG_CRYPT] || |
187 | 192 | attrs[XFRMA_ENCAP] || |
188 | 193 | attrs[XFRMA_SEC_CTX] || |
194 | + attrs[XFRMA_TFCPAD] || | |
189 | 195 | !attrs[XFRMA_COADDR]) |
190 | 196 | goto out; |
191 | 197 | break; |
... | ... | @@ -439,6 +445,9 @@ |
439 | 445 | goto error; |
440 | 446 | } |
441 | 447 | |
448 | + if (attrs[XFRMA_TFCPAD]) | |
449 | + x->tfcpad = nla_get_u32(attrs[XFRMA_TFCPAD]); | |
450 | + | |
442 | 451 | if (attrs[XFRMA_COADDR]) { |
443 | 452 | x->coaddr = kmemdup(nla_data(attrs[XFRMA_COADDR]), |
444 | 453 | sizeof(*x->coaddr), GFP_KERNEL); |
... | ... | @@ -688,6 +697,9 @@ |
688 | 697 | if (x->encap) |
689 | 698 | NLA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); |
690 | 699 | |
700 | + if (x->tfcpad) | |
701 | + NLA_PUT_U32(skb, XFRMA_TFCPAD, x->tfcpad); | |
702 | + | |
691 | 703 | if (xfrm_mark_put(skb, &x->mark)) |
692 | 704 | goto nla_put_failure; |
693 | 705 | |
... | ... | @@ -2122,6 +2134,7 @@ |
2122 | 2134 | [XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) }, |
2123 | 2135 | [XFRMA_KMADDRESS] = { .len = sizeof(struct xfrm_user_kmaddress) }, |
2124 | 2136 | [XFRMA_MARK] = { .len = sizeof(struct xfrm_mark) }, |
2137 | + [XFRMA_TFCPAD] = { .type = NLA_U32 }, | |
2125 | 2138 | }; |
2126 | 2139 | |
2127 | 2140 | static struct xfrm_link { |
... | ... | @@ -2301,6 +2314,8 @@ |
2301 | 2314 | l += nla_total_size(sizeof(*x->calg)); |
2302 | 2315 | if (x->encap) |
2303 | 2316 | l += nla_total_size(sizeof(*x->encap)); |
2317 | + if (x->tfcpad) | |
2318 | + l += nla_total_size(sizeof(x->tfcpad)); | |
2304 | 2319 | if (x->security) |
2305 | 2320 | l += nla_total_size(sizeof(struct xfrm_user_sec_ctx) + |
2306 | 2321 | x->security->ctx_len); |