Blame view
include/net/xfrm.h
49.3 KB
1da177e4c Linux-2.6.12-rc2 |
1 2 |
#ifndef _NET_XFRM_H #define _NET_XFRM_H |
aabc9761b [IPSEC]: Store id... |
3 |
#include <linux/compiler.h> |
1da177e4c Linux-2.6.12-rc2 |
4 5 6 7 |
#include <linux/xfrm.h> #include <linux/spinlock.h> #include <linux/list.h> #include <linux/skbuff.h> |
14c850212 [INET_SOCK]: Move... |
8 |
#include <linux/socket.h> |
1da177e4c Linux-2.6.12-rc2 |
9 |
#include <linux/pfkeyv2.h> |
5794708f1 [XFRM]: Introduce... |
10 |
#include <linux/ipsec.h> |
1da177e4c Linux-2.6.12-rc2 |
11 |
#include <linux/in6.h> |
4a3e2f711 [NET] sem2mutex: ... |
12 |
#include <linux/mutex.h> |
ab5f5e8b1 [XFRM]: xfrm audi... |
13 |
#include <linux/audit.h> |
5a0e3ad6a include cleanup: ... |
14 |
#include <linux/slab.h> |
1da177e4c Linux-2.6.12-rc2 |
15 16 17 |
#include <net/sock.h> #include <net/dst.h> |
436a0a402 [IPSEC]: Move out... |
18 |
#include <net/ip.h> |
1da177e4c Linux-2.6.12-rc2 |
19 20 21 |
#include <net/route.h> #include <net/ipv6.h> #include <net/ip6_fib.h> |
fe1a5f031 flow: virtualize ... |
22 |
#include <net/flow.h> |
9e0d57fd6 xfrm: SAD entries... |
23 24 |
#include <linux/interrupt.h> |
558f82ef6 [XFRM]: Define pa... |
25 26 27 |
#ifdef CONFIG_XFRM_STATISTICS #include <net/snmp.h> #endif |
1da177e4c Linux-2.6.12-rc2 |
28 |
|
d3d6dd3ad [XFRM]: Add modul... |
29 30 31 32 33 34 35 |
#define XFRM_PROTO_ESP 50 #define XFRM_PROTO_AH 51 #define XFRM_PROTO_COMP 108 #define XFRM_PROTO_IPIP 4 #define XFRM_PROTO_IPV6 41 #define XFRM_PROTO_ROUTING IPPROTO_ROUTING #define XFRM_PROTO_DSTOPTS IPPROTO_DSTOPTS |
fa9921e46 ipsec: allow to a... |
36 |
#define XFRM_ALIGN4(len) (((len) + 3) & ~3) |
1da177e4c Linux-2.6.12-rc2 |
37 |
#define XFRM_ALIGN8(len) (((len) + 7) & ~7) |
b59f45d0b [IPSEC] xfrm: Abs... |
38 39 |
#define MODULE_ALIAS_XFRM_MODE(family, encap) \ MODULE_ALIAS("xfrm-mode-" __stringify(family) "-" __stringify(encap)) |
d3d6dd3ad [XFRM]: Add modul... |
40 41 |
#define MODULE_ALIAS_XFRM_TYPE(family, proto) \ MODULE_ALIAS("xfrm-type-" __stringify(family) "-" __stringify(proto)) |
1da177e4c Linux-2.6.12-rc2 |
42 |
|
558f82ef6 [XFRM]: Define pa... |
43 |
#ifdef CONFIG_XFRM_STATISTICS |
59c9940ed netns xfrm: per-n... |
44 |
#define XFRM_INC_STATS(net, field) SNMP_INC_STATS((net)->mib.xfrm_statistics, field) |
558f82ef6 [XFRM]: Define pa... |
45 |
#else |
59c9940ed netns xfrm: per-n... |
46 |
#define XFRM_INC_STATS(net, field) ((void)(net)) |
558f82ef6 [XFRM]: Define pa... |
47 |
#endif |
1da177e4c Linux-2.6.12-rc2 |
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 |
/* Organization of SPD aka "XFRM rules" ------------------------------------ Basic objects: - policy rule, struct xfrm_policy (=SPD entry) - bundle of transformations, struct dst_entry == struct xfrm_dst (=SA bundle) - instance of a transformer, struct xfrm_state (=SA) - template to clone xfrm_state, struct xfrm_tmpl SPD is plain linear list of xfrm_policy rules, ordered by priority. (To be compatible with existing pfkeyv2 implementations, many rules with priority of 0x7fffffff are allowed to exist and such rules are ordered in an unpredictable way, thanks to bsd folks.) Lookup is plain linear search until the first match with selector. If "action" is "block", then we prohibit the flow, otherwise: if "xfrms_nr" is zero, the flow passes untransformed. Otherwise, policy entry has list of up to XFRM_MAX_DEPTH transformations, described by templates xfrm_tmpl. Each template is resolved to a complete xfrm_state (see below) and we pack bundle of transformations to a dst_entry returned to requestor. dst -. xfrm .-> xfrm_state #1 |---. child .-> dst -. xfrm .-> xfrm_state #2 |---. child .-> dst -. xfrm .-> xfrm_state #3 |---. child .-> NULL Bundles are cached at xrfm_policy struct (field ->bundles). Resolution of xrfm_tmpl ----------------------- Template contains: 1. ->mode Mode: transport or tunnel 2. ->id.proto Protocol: AH/ESP/IPCOMP 3. ->id.daddr Remote tunnel endpoint, ignored for transport mode. Q: allow to resolve security gateway? 4. ->id.spi If not zero, static SPI. 5. ->saddr Local tunnel endpoint, ignored for transport mode. 6. ->algos List of allowed algos. Plain bitmask now. Q: ealgos, aalgos, calgos. What a mess... 7. ->share Sharing mode. Q: how to implement private sharing mode? To add struct sock* to flow id? Having this template we search through SAD searching for entries with appropriate mode/proto/algo, permitted by selector. If no appropriate entry found, it is requested from key manager. PROBLEMS: Q: How to find all the bundles referring to a physical path for PMTU discovery? Seems, dst should contain list of all parents... and enter to infinite locking hierarchy disaster. No! It is easier, we will not search for them, let them find us. We add genid to each dst plus pointer to genid of raw IP route, pmtu disc will update pmtu on raw IP route and increase its genid. dst_check() will see this for top level and trigger resyncing metrics. Plus, it will be made via sk->sk_dst_cache. Solved. */ |
12a169e7d ipsec: Put dumper... |
109 110 111 |
struct xfrm_state_walk { struct list_head all; u8 state; |
d3623099d ipsec: add suppor... |
112 113 |
u8 dying; u8 proto; |
12a169e7d ipsec: Put dumper... |
114 |
u32 seq; |
870a2df4c xfrm: rename stru... |
115 |
struct xfrm_address_filter *filter; |
12a169e7d ipsec: Put dumper... |
116 |
}; |
1da177e4c Linux-2.6.12-rc2 |
117 |
/* Full description of state of transformer. */ |
fd2c3ef76 net: cleanup incl... |
118 |
struct xfrm_state { |
0c5c9fb55 net: Introduce po... |
119 |
possible_net_t xs_net; |
abb81c4f3 ipsec: Use RCU-li... |
120 |
union { |
12a169e7d ipsec: Put dumper... |
121 |
struct hlist_node gclist; |
abb81c4f3 ipsec: Use RCU-li... |
122 123 |
struct hlist_node bydst; }; |
8f126e37c [XFRM]: Convert x... |
124 125 |
struct hlist_node bysrc; struct hlist_node byspi; |
1da177e4c Linux-2.6.12-rc2 |
126 127 128 129 130 131 |
atomic_t refcnt; spinlock_t lock; struct xfrm_id id; struct xfrm_selector sel; |
bf825f81b xfrm: introduce b... |
132 |
struct xfrm_mark mark; |
35d2856b4 xfrm: Add Traffic... |
133 |
u32 tfcpad; |
1da177e4c Linux-2.6.12-rc2 |
134 |
|
9d4a706d8 [XFRM]: Add gener... |
135 |
u32 genid; |
12a169e7d ipsec: Put dumper... |
136 137 |
/* Key manager bits */ struct xfrm_state_walk km; |
1da177e4c Linux-2.6.12-rc2 |
138 139 140 141 142 143 144 145 146 147 148 149 |
/* Parameters of this state. */ struct { u32 reqid; u8 mode; u8 replay_window; u8 aalgo, ealgo, calgo; u8 flags; u16 family; xfrm_address_t saddr; int header_len; int trailer_len; |
a947b0a93 xfrm: allow to av... |
150 |
u32 extra_flags; |
1da177e4c Linux-2.6.12-rc2 |
151 152 153 154 155 |
} props; struct xfrm_lifetime_cfg lft; /* Data for transformer */ |
4447bb33f xfrm: Store aalg ... |
156 |
struct xfrm_algo_auth *aalg; |
1da177e4c Linux-2.6.12-rc2 |
157 158 |
struct xfrm_algo *ealg; struct xfrm_algo *calg; |
1a6509d99 [IPSEC]: Add supp... |
159 |
struct xfrm_algo_aead *aead; |
69b0137f6 ipsec: Add IV gen... |
160 |
const char *geniv; |
1da177e4c Linux-2.6.12-rc2 |
161 162 163 |
/* Data for encapsulator */ struct xfrm_encap_tmpl *encap; |
060f02a3b [XFRM] STATE: Int... |
164 165 |
/* Data for care-of address */ xfrm_address_t *coaddr; |
1da177e4c Linux-2.6.12-rc2 |
166 167 168 169 170 171 172 173 |
/* IPComp needs an IPIP tunnel for handling uncompressed packets */ struct xfrm_state *tunnel; /* If a tunnel, number of users + 1 */ atomic_t tunnel_users; /* State for replay detection */ struct xfrm_replay_state replay; |
9736acf39 xfrm: Add basic i... |
174 |
struct xfrm_replay_state_esn *replay_esn; |
1da177e4c Linux-2.6.12-rc2 |
175 |
|
f8cd54884 [IPSEC]: Sync ser... |
176 177 |
/* Replay detection state at the time we sent the last notification */ struct xfrm_replay_state preplay; |
9736acf39 xfrm: Add basic i... |
178 |
struct xfrm_replay_state_esn *preplay_esn; |
f8cd54884 [IPSEC]: Sync ser... |
179 |
|
9fdc4883d xfrm: Move IPsec ... |
180 |
/* The functions for replay detection. */ |
e45a8a9e6 xfrm: constify xf... |
181 |
const struct xfrm_replay *repl; |
9fdc4883d xfrm: Move IPsec ... |
182 |
|
2717096ab [XFRM]: Fix aeven... |
183 184 185 186 |
/* internal flag that only holds state for delayed aevent at the * moment */ u32 xflags; |
f8cd54884 [IPSEC]: Sync ser... |
187 188 189 190 191 192 |
/* Replay detection notification settings */ u32 replay_maxage; u32 replay_maxdiff; /* Replay detection notification timer */ struct timer_list rtimer; |
1da177e4c Linux-2.6.12-rc2 |
193 194 195 196 |
/* Statistics */ struct xfrm_stats stats; struct xfrm_lifetime_cur curlft; |
9e0d57fd6 xfrm: SAD entries... |
197 |
struct tasklet_hrtimer mtimer; |
1da177e4c Linux-2.6.12-rc2 |
198 |
|
e3c0d0475 Fix unexpected SA... |
199 200 |
/* used to fix curlft->add_time when changing date */ long saved_tmo; |
9afaca057 [XFRM] IPV6: Upda... |
201 |
/* Last used time */ |
d26f39840 [IPSEC]: Make x->... |
202 |
unsigned long lastused; |
9afaca057 [XFRM] IPV6: Upda... |
203 |
|
1da177e4c Linux-2.6.12-rc2 |
204 205 |
/* Reference to data common to all the instances of this * transformer. */ |
533cb5b0a [XFRM]: constify ... |
206 |
const struct xfrm_type *type; |
13996378e [IPSEC]: Rename m... |
207 |
struct xfrm_mode *inner_mode; |
df9dcb458 [IPSEC]: Fix inte... |
208 |
struct xfrm_mode *inner_mode_iaf; |
13996378e [IPSEC]: Rename m... |
209 |
struct xfrm_mode *outer_mode; |
1da177e4c Linux-2.6.12-rc2 |
210 |
|
df71837d5 [LSM-IPSec]: Secu... |
211 212 |
/* Security context */ struct xfrm_sec_ctx *security; |
1da177e4c Linux-2.6.12-rc2 |
213 214 215 216 |
/* Private data of this transformer, format is opaque, * interpreted by xfrm_type methods. */ void *data; }; |
673c09be4 netns xfrm: add s... |
217 218 219 220 |
static inline struct net *xs_net(struct xfrm_state *x) { return read_pnet(&x->xs_net); } |
2717096ab [XFRM]: Fix aeven... |
221 222 |
/* xflags - make enum if more show up */ #define XFRM_TIME_DEFER 1 |
e3c0d0475 Fix unexpected SA... |
223 |
#define XFRM_SOFT_EXPIRE 2 |
2717096ab [XFRM]: Fix aeven... |
224 |
|
1da177e4c Linux-2.6.12-rc2 |
225 226 227 228 229 230 231 232 |
enum { XFRM_STATE_VOID, XFRM_STATE_ACQ, XFRM_STATE_VALID, XFRM_STATE_ERROR, XFRM_STATE_EXPIRED, XFRM_STATE_DEAD }; |
26b15dad9 [IPSEC] Add compl... |
233 |
/* callback structure passed from either netlink or pfkey */ |
fd2c3ef76 net: cleanup incl... |
234 |
struct km_event { |
bf08867f9 [IPSEC] Turn km_e... |
235 236 237 238 |
union { u32 hard; u32 proto; u32 byid; |
f8cd54884 [IPSEC]: Sync ser... |
239 |
u32 aevent; |
f7b6983f0 [XFRM] POLICY: Su... |
240 |
u32 type; |
bf08867f9 [IPSEC] Turn km_e... |
241 |
} data; |
26b15dad9 [IPSEC] Add compl... |
242 |
u32 seq; |
15e473046 netlink: Rename p... |
243 |
u32 portid; |
26b15dad9 [IPSEC] Add compl... |
244 |
u32 event; |
7067802e2 netns xfrm: pass ... |
245 |
struct net *net; |
26b15dad9 [IPSEC] Add compl... |
246 |
}; |
9fdc4883d xfrm: Move IPsec ... |
247 248 249 250 251 |
struct xfrm_replay { void (*advance)(struct xfrm_state *x, __be32 net_seq); int (*check)(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq); |
3b59df46a xfrm: Workaround ... |
252 253 254 |
int (*recheck)(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq); |
9fdc4883d xfrm: Move IPsec ... |
255 256 257 |
void (*notify)(struct xfrm_state *x, int event); int (*overflow)(struct xfrm_state *x, struct sk_buff *skb); }; |
25ee3286d [IPSEC]: Merge co... |
258 |
struct net_device; |
1da177e4c Linux-2.6.12-rc2 |
259 260 261 262 |
struct xfrm_type; struct xfrm_dst; struct xfrm_policy_afinfo { unsigned short family; |
1da177e4c Linux-2.6.12-rc2 |
263 |
struct dst_ops *dst_ops; |
ddcfd7968 netns xfrm: dst g... |
264 |
void (*garbage_collect)(struct net *net); |
42a7b32b7 xfrm: Add oif to ... |
265 266 |
struct dst_entry *(*dst_lookup)(struct net *net, int tos, int oif, |
5e6b930f2 xfrm: Const'ify a... |
267 268 |
const xfrm_address_t *saddr, const xfrm_address_t *daddr); |
42a7b32b7 xfrm: Add oif to ... |
269 270 271 |
int (*get_saddr)(struct net *net, int oif, xfrm_address_t *saddr, xfrm_address_t *daddr); |
1da177e4c Linux-2.6.12-rc2 |
272 |
void (*decode_session)(struct sk_buff *skb, |
d5422efe6 [IPSEC]: Added xf... |
273 274 |
struct flowi *fl, int reverse); |
05d840257 xfrm: Mark flowi ... |
275 |
int (*get_tos)(const struct flowi *fl); |
a1b051405 [XFRM] IPv6: Fix ... |
276 277 278 |
int (*init_path)(struct xfrm_dst *path, struct dst_entry *dst, int nfheader_len); |
25ee3286d [IPSEC]: Merge co... |
279 |
int (*fill_dst)(struct xfrm_dst *xdst, |
87c1e12b5 ipsec: Fix bogus ... |
280 |
struct net_device *dev, |
0c7b3eefb xfrm: Mark flowi ... |
281 |
const struct flowi *fl); |
2774c131b xfrm: Handle blac... |
282 |
struct dst_entry *(*blackhole_route)(struct net *net, struct dst_entry *orig); |
1da177e4c Linux-2.6.12-rc2 |
283 |
}; |
d511337a1 xfrm.h: Remove ex... |
284 285 286 287 288 |
int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo); int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo); void km_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c); void km_state_notify(struct xfrm_state *x, const struct km_event *c); |
1da177e4c Linux-2.6.12-rc2 |
289 290 |
struct xfrm_tmpl; |
d511337a1 xfrm.h: Remove ex... |
291 292 293 294 |
int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); void km_state_expired(struct xfrm_state *x, int hard, u32 portid); int __xfrm_state_delete(struct xfrm_state *x); |
53bc6b4d2 [IPSEC]: Sync ser... |
295 |
|
1da177e4c Linux-2.6.12-rc2 |
296 |
struct xfrm_state_afinfo { |
17c2a42a2 [IPSEC]: Store af... |
297 |
unsigned int family; |
36cf9acf9 [IPSEC]: Separate... |
298 |
unsigned int proto; |
8e3d716cc xfrm: ->eth_proto... |
299 |
__be16 eth_proto; |
17c2a42a2 [IPSEC]: Store af... |
300 |
struct module *owner; |
533cb5b0a [XFRM]: constify ... |
301 |
const struct xfrm_type *type_map[IPPROTO_MAX]; |
aa5d62cc8 [IPSEC]: Move typ... |
302 |
struct xfrm_mode *mode_map[XFRM_MODE_MAX]; |
d094cd83c [IPSEC]: Add xfrm... |
303 |
int (*init_flags)(struct xfrm_state *x); |
73e5ebb20 xfrm: Mark flowi ... |
304 305 |
void (*init_tempsel)(struct xfrm_selector *sel, const struct flowi *fl); |
19bd62441 xfrm: Const'ify t... |
306 307 308 309 |
void (*init_temprop)(struct xfrm_state *x, const struct xfrm_tmpl *tmpl, const xfrm_address_t *daddr, const xfrm_address_t *saddr); |
41a49cc3c [XFRM]: Add sorti... |
310 311 |
int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n); int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n); |
ede2059db dst: Pass net int... |
312 |
int (*output)(struct net *net, struct sock *sk, struct sk_buff *skb); |
7026b1ddb netfilter: Pass s... |
313 |
int (*output_finish)(struct sock *sk, struct sk_buff *skb); |
227620e29 [IPSEC]: Separate... |
314 315 |
int (*extract_input)(struct xfrm_state *x, struct sk_buff *skb); |
36cf9acf9 [IPSEC]: Separate... |
316 317 |
int (*extract_output)(struct xfrm_state *x, struct sk_buff *skb); |
716062fd4 [IPSEC]: Merge mo... |
318 319 |
int (*transport_finish)(struct sk_buff *skb, int async); |
628e341f3 xfrm: make local ... |
320 |
void (*local_error)(struct sk_buff *skb, u32 mtu); |
1da177e4c Linux-2.6.12-rc2 |
321 |
}; |
d511337a1 xfrm.h: Remove ex... |
322 323 324 325 |
int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo); int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo); struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family); void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo); |
1da177e4c Linux-2.6.12-rc2 |
326 |
|
2f32b51b6 xfrm: Introduce x... |
327 328 329 330 331 332 333 334 335 |
struct xfrm_input_afinfo { unsigned int family; struct module *owner; int (*callback)(struct sk_buff *skb, u8 protocol, int err); }; int xfrm_input_register_afinfo(struct xfrm_input_afinfo *afinfo); int xfrm_input_unregister_afinfo(struct xfrm_input_afinfo *afinfo); |
d511337a1 xfrm.h: Remove ex... |
336 |
void xfrm_state_delete_tunnel(struct xfrm_state *x); |
1da177e4c Linux-2.6.12-rc2 |
337 |
|
fd2c3ef76 net: cleanup incl... |
338 |
struct xfrm_type { |
1da177e4c Linux-2.6.12-rc2 |
339 340 |
char *description; struct module *owner; |
a63374631 xfrm: use proper ... |
341 342 |
u8 proto; u8 flags; |
1b5c22998 [XFRM] STATE: Sup... |
343 |
#define XFRM_TYPE_NON_FRAGMENT 1 |
436a0a402 [IPSEC]: Move out... |
344 |
#define XFRM_TYPE_REPLAY_PROT 2 |
f04e7e8d7 [IPSEC]: Replace ... |
345 346 |
#define XFRM_TYPE_LOCAL_COADDR 4 #define XFRM_TYPE_REMOTE_COADDR 8 |
1da177e4c Linux-2.6.12-rc2 |
347 |
|
72cb6962a [IPSEC]: Add xfrm... |
348 |
int (*init_state)(struct xfrm_state *x); |
1da177e4c Linux-2.6.12-rc2 |
349 |
void (*destructor)(struct xfrm_state *); |
e695633e2 [IPSEC]: Kill unu... |
350 |
int (*input)(struct xfrm_state *, struct sk_buff *skb); |
1da177e4c Linux-2.6.12-rc2 |
351 |
int (*output)(struct xfrm_state *, struct sk_buff *pskb); |
8f029de28 xfrm: Mark flowi ... |
352 353 |
int (*reject)(struct xfrm_state *, struct sk_buff *, const struct flowi *); |
aee5adb43 [XFRM] STATE: Add... |
354 |
int (*hdr_offset)(struct xfrm_state *, struct sk_buff *, u8 **); |
1da177e4c Linux-2.6.12-rc2 |
355 |
/* Estimate maximal size of result of transformation of a dgram */ |
c5c252389 [XFRM]: Optimize ... |
356 |
u32 (*get_mtu)(struct xfrm_state *, int size); |
1da177e4c Linux-2.6.12-rc2 |
357 |
}; |
d511337a1 xfrm.h: Remove ex... |
358 359 |
int xfrm_register_type(const struct xfrm_type *type, unsigned short family); int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family); |
1da177e4c Linux-2.6.12-rc2 |
360 |
|
b59f45d0b [IPSEC] xfrm: Abs... |
361 |
struct xfrm_mode { |
227620e29 [IPSEC]: Separate... |
362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 |
/* * Remove encapsulation header. * * The IP header will be moved over the top of the encapsulation * header. * * On entry, the transport header shall point to where the IP header * should be and the network header shall be set to where the IP * header currently is. skb->data shall point to the start of the * payload. */ int (*input2)(struct xfrm_state *x, struct sk_buff *skb); /* * This is the actual input entry point. * * For transport mode and equivalent this would be identical to * input2 (which does not need to be set). While tunnel mode * and equivalent would set this to the tunnel encapsulation function * xfrm4_prepare_input that would in turn call input2. */ |
b59f45d0b [IPSEC] xfrm: Abs... |
383 |
int (*input)(struct xfrm_state *x, struct sk_buff *skb); |
37fedd3aa [IPSEC]: Use IPv6... |
384 385 386 387 388 389 390 391 392 393 394 395 |
/* * Add encapsulation header. * * On exit, the transport header will be set to the start of the * encapsulation header to be filled in by x->type->output and * the mac header will be set to the nextheader (protocol for * IPv4) field of the extension header directly preceding the * encapsulation header, or in its absence, that of the top IP * header. The value of the network header will always point * to the top IP header while skb->data will point to the payload. */ |
36cf9acf9 [IPSEC]: Separate... |
396 397 398 399 400 401 402 403 404 405 406 407 |
int (*output2)(struct xfrm_state *x,struct sk_buff *skb); /* * This is the actual output entry point. * * For transport mode and equivalent this would be identical to * output2 (which does not need to be set). While tunnel mode * and equivalent would set this to a tunnel encapsulation function * (xfrm4_prepare_output or xfrm6_prepare_output) that would in turn * call output2. */ int (*output)(struct xfrm_state *x, struct sk_buff *skb); |
b59f45d0b [IPSEC] xfrm: Abs... |
408 |
|
17c2a42a2 [IPSEC]: Store af... |
409 |
struct xfrm_state_afinfo *afinfo; |
b59f45d0b [IPSEC] xfrm: Abs... |
410 411 |
struct module *owner; unsigned int encap; |
1bfcb10f6 [IPSEC]: Add miss... |
412 413 414 415 416 417 |
int flags; }; /* Flags for xfrm_mode. */ enum { XFRM_MODE_FLAG_TUNNEL = 1, |
b59f45d0b [IPSEC] xfrm: Abs... |
418 |
}; |
d511337a1 xfrm.h: Remove ex... |
419 420 |
int xfrm_register_mode(struct xfrm_mode *mode, int family); int xfrm_unregister_mode(struct xfrm_mode *mode, int family); |
b59f45d0b [IPSEC] xfrm: Abs... |
421 |
|
df9dcb458 [IPSEC]: Fix inte... |
422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 |
static inline int xfrm_af2proto(unsigned int family) { switch(family) { case AF_INET: return IPPROTO_IPIP; case AF_INET6: return IPPROTO_IPV6; default: return 0; } } static inline struct xfrm_mode *xfrm_ip2inner_mode(struct xfrm_state *x, int ipproto) { if ((ipproto == IPPROTO_IPIP && x->props.family == AF_INET) || (ipproto == IPPROTO_IPV6 && x->props.family == AF_INET6)) return x->inner_mode; else return x->inner_mode_iaf; } |
fd2c3ef76 net: cleanup incl... |
442 |
struct xfrm_tmpl { |
1da177e4c Linux-2.6.12-rc2 |
443 444 445 446 447 448 449 450 451 452 |
/* id in template is interpreted as: * daddr - destination of tunnel, may be zero for transport mode. * spi - zero to acquire spi. Not zero if spi is static, then * daddr must be fixed too. * proto - AH/ESP/IPCOMP */ struct xfrm_id id; /* Source address of tunnel. Ignored, if it is not a tunnel. */ xfrm_address_t saddr; |
76b3f055f [IPSEC]: Add enca... |
453 |
unsigned short encap_family; |
a63374631 xfrm: use proper ... |
454 |
u32 reqid; |
1da177e4c Linux-2.6.12-rc2 |
455 |
|
7e49e6de3 [XFRM]: Add XFRM_... |
456 |
/* Mode: transport, tunnel etc. */ |
a63374631 xfrm: use proper ... |
457 |
u8 mode; |
1da177e4c Linux-2.6.12-rc2 |
458 459 |
/* Sharing mode: unique, this session only, this user only etc. */ |
a63374631 xfrm: use proper ... |
460 |
u8 share; |
1da177e4c Linux-2.6.12-rc2 |
461 462 |
/* May skip this transfomration if no SA is found */ |
a63374631 xfrm: use proper ... |
463 |
u8 optional; |
1da177e4c Linux-2.6.12-rc2 |
464 |
|
c5d18e984 [IPSEC]: Fix catc... |
465 |
/* Skip aalgos/ealgos/calgos checks. */ |
a63374631 xfrm: use proper ... |
466 |
u8 allalgs; |
c5d18e984 [IPSEC]: Fix catc... |
467 |
|
1da177e4c Linux-2.6.12-rc2 |
468 |
/* Bit mask of algos allowed for acquisition */ |
a63374631 xfrm: use proper ... |
469 470 471 |
u32 aalgos; u32 ealgos; u32 calgos; |
1da177e4c Linux-2.6.12-rc2 |
472 |
}; |
622dc8281 [XFRM]: Expand XF... |
473 |
#define XFRM_MAX_DEPTH 6 |
1da177e4c Linux-2.6.12-rc2 |
474 |
|
12a169e7d ipsec: Put dumper... |
475 476 477 478 479 480 481 482 483 484 |
struct xfrm_policy_walk_entry { struct list_head all; u8 dead; }; struct xfrm_policy_walk { struct xfrm_policy_walk_entry walk; u8 type; u32 seq; }; |
a0073fe18 xfrm: Add a state... |
485 486 487 488 489 |
struct xfrm_policy_queue { struct sk_buff_head hold_queue; struct timer_list hold_timer; unsigned long timeout; }; |
fd2c3ef76 net: cleanup incl... |
490 |
struct xfrm_policy { |
0c5c9fb55 net: Introduce po... |
491 |
possible_net_t xp_net; |
2518c7c2b [XFRM]: Hash poli... |
492 493 |
struct hlist_node bydst; struct hlist_node byidx; |
1da177e4c Linux-2.6.12-rc2 |
494 495 496 497 498 |
/* This lock only affects elements except for entry. */ rwlock_t lock; atomic_t refcnt; struct timer_list timer; |
fe1a5f031 flow: virtualize ... |
499 |
struct flow_cache_object flo; |
80c802f30 xfrm: cache bundl... |
500 |
atomic_t genid; |
1da177e4c Linux-2.6.12-rc2 |
501 502 |
u32 priority; u32 index; |
bf825f81b xfrm: introduce b... |
503 |
struct xfrm_mark mark; |
1da177e4c Linux-2.6.12-rc2 |
504 505 506 |
struct xfrm_selector selector; struct xfrm_lifetime_cfg lft; struct xfrm_lifetime_cur curlft; |
12a169e7d ipsec: Put dumper... |
507 |
struct xfrm_policy_walk_entry walk; |
a0073fe18 xfrm: Add a state... |
508 |
struct xfrm_policy_queue polq; |
46ca5f5dc [XFRM]: Pack stru... |
509 510 511 |
u8 type; u8 action; u8 flags; |
46ca5f5dc [XFRM]: Pack stru... |
512 |
u8 xfrm_nr; |
12a169e7d ipsec: Put dumper... |
513 |
u16 family; |
df71837d5 [LSM-IPSec]: Secu... |
514 |
struct xfrm_sec_ctx *security; |
1da177e4c Linux-2.6.12-rc2 |
515 |
struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; |
56f047305 xfrm: add rcu gra... |
516 |
struct rcu_head rcu; |
1da177e4c Linux-2.6.12-rc2 |
517 |
}; |
63eb23f5d xfrm: Const'ify p... |
518 |
static inline struct net *xp_net(const struct xfrm_policy *xp) |
0331b1f38 netns xfrm: add s... |
519 520 521 |
{ return read_pnet(&xp->xp_net); } |
13c1d1893 xfrm: MIGRATE enh... |
522 523 524 525 526 527 |
struct xfrm_kmaddress { xfrm_address_t local; xfrm_address_t remote; u32 reserved; u16 family; }; |
80c9abaab [XFRM]: Extension... |
528 529 530 531 532 533 534 535 536 537 538 539 |
struct xfrm_migrate { xfrm_address_t old_daddr; xfrm_address_t old_saddr; xfrm_address_t new_daddr; xfrm_address_t new_saddr; u8 proto; u8 mode; u16 reserved; u32 reqid; u16 old_family; u16 new_family; }; |
f8cd54884 [IPSEC]: Sync ser... |
540 |
#define XFRM_KM_TIMEOUT 30 |
f8cd54884 [IPSEC]: Sync ser... |
541 542 543 544 545 546 547 548 549 550 |
/* what happened */ #define XFRM_REPLAY_UPDATE XFRM_AE_CR #define XFRM_REPLAY_TIMEOUT XFRM_AE_CE /* default aevent timeout in units of 100ms */ #define XFRM_AE_ETIME 10 /* Async Event timer multiplier */ #define XFRM_AE_ETH_M 10 /* default seq threshold size */ #define XFRM_AE_SEQT_SIZE 2 |
1da177e4c Linux-2.6.12-rc2 |
551 |
|
fd2c3ef76 net: cleanup incl... |
552 |
struct xfrm_mgr { |
1da177e4c Linux-2.6.12-rc2 |
553 554 |
struct list_head list; char *id; |
214e005bc xfrm: Pass km_eve... |
555 |
int (*notify)(struct xfrm_state *x, const struct km_event *c); |
65e0736bc xfrm: remove redu... |
556 |
int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp); |
cb969f072 [MLSXFRM]: Defaul... |
557 |
struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir); |
5d36b1803 [XFRM]: annotate ... |
558 |
int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport); |
214e005bc xfrm: Pass km_eve... |
559 |
int (*notify_policy)(struct xfrm_policy *x, int dir, const struct km_event *c); |
db983c114 netns xfrm: KM re... |
560 |
int (*report)(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr); |
183cad127 xfrm: Const'ify p... |
561 562 563 564 565 |
int (*migrate)(const struct xfrm_selector *sel, u8 dir, u8 type, const struct xfrm_migrate *m, int num_bundles, const struct xfrm_kmaddress *k); |
0f24558e9 xfrm: avoid creat... |
566 |
bool (*is_alive)(const struct km_event *c); |
1da177e4c Linux-2.6.12-rc2 |
567 |
}; |
d511337a1 xfrm.h: Remove ex... |
568 569 |
int xfrm_register_km(struct xfrm_mgr *km); int xfrm_unregister_km(struct xfrm_mgr *km); |
1da177e4c Linux-2.6.12-rc2 |
570 |
|
70be6c91c xfrm: Add xfrm_tu... |
571 572 573 574 575 576 577 578 579 580 581 582 583 |
struct xfrm_tunnel_skb_cb { union { struct inet_skb_parm h4; struct inet6_skb_parm h6; } header; union { struct ip_tunnel *ip4; struct ip6_tnl *ip6; } tunnel; }; #define XFRM_TUNNEL_SKB_CB(__skb) ((struct xfrm_tunnel_skb_cb *)&((__skb)->cb[0])) |
436a0a402 [IPSEC]: Move out... |
584 585 586 587 588 589 |
/* * This structure is used for the duration where packets are being * transformed by IPsec. As soon as the packet leaves IPsec the * area beyond the generic IP part may be overwritten. */ struct xfrm_skb_cb { |
70be6c91c xfrm: Add xfrm_tu... |
590 |
struct xfrm_tunnel_skb_cb header; |
436a0a402 [IPSEC]: Move out... |
591 592 |
/* Sequence number for replay protection. */ |
b318e0e4e [IPSEC]: Fix bogu... |
593 |
union { |
1ce3644ad xfrm: Use separat... |
594 595 596 597 598 599 600 601 |
struct { __u32 low; __u32 hi; } output; struct { __be32 low; __be32 hi; } input; |
b318e0e4e [IPSEC]: Fix bogu... |
602 |
} seq; |
436a0a402 [IPSEC]: Move out... |
603 604 605 |
}; #define XFRM_SKB_CB(__skb) ((struct xfrm_skb_cb *)&((__skb)->cb[0])) |
36cf9acf9 [IPSEC]: Separate... |
606 607 608 609 610 |
/* * This structure is used by the afinfo prepare_input/prepare_output functions * to transmit header information to the mode input/output functions. */ struct xfrm_mode_skb_cb { |
70be6c91c xfrm: Add xfrm_tu... |
611 |
struct xfrm_tunnel_skb_cb header; |
36cf9acf9 [IPSEC]: Separate... |
612 613 614 615 |
/* Copied from header for IPv4, always set to zero and DF for IPv6. */ __be16 id; __be16 frag_off; |
732c8bd59 [IPSEC]: Fix BEET... |
616 617 |
/* IP header length (excluding options or extension headers). */ u8 ihl; |
36cf9acf9 [IPSEC]: Separate... |
618 619 620 621 622 623 624 625 |
/* TOS for IPv4, class for IPv6. */ u8 tos; /* TTL for IPv4, hop limitfor IPv6. */ u8 ttl; /* Protocol for IPv4, NH for IPv6. */ u8 protocol; |
732c8bd59 [IPSEC]: Fix BEET... |
626 627 |
/* Option length for IPv4, zero for IPv6. */ u8 optlen; |
36cf9acf9 [IPSEC]: Separate... |
628 629 630 631 632 |
/* Used by IPv6 only, zero for IPv4. */ u8 flow_lbl[3]; }; #define XFRM_MODE_SKB_CB(__skb) ((struct xfrm_mode_skb_cb *)&((__skb)->cb[0])) |
716062fd4 [IPSEC]: Merge mo... |
633 634 635 636 637 |
/* * This structure is used by the input processing to locate the SPI and * related information. */ struct xfrm_spi_skb_cb { |
70be6c91c xfrm: Add xfrm_tu... |
638 |
struct xfrm_tunnel_skb_cb header; |
716062fd4 [IPSEC]: Merge mo... |
639 |
|
716062fd4 [IPSEC]: Merge mo... |
640 |
unsigned int daddroff; |
2fcb45b6b [IPSEC]: Use the ... |
641 |
unsigned int family; |
716062fd4 [IPSEC]: Merge mo... |
642 643 644 |
}; #define XFRM_SPI_SKB_CB(__skb) ((struct xfrm_spi_skb_cb *)&((__skb)->cb[0])) |
c9204d9ca audit: disable ip... |
645 |
#ifdef CONFIG_AUDITSYSCALL |
afeb14b49 [XFRM]: RFC4303 c... |
646 |
static inline struct audit_buffer *xfrm_audit_start(const char *op) |
ab5f5e8b1 [XFRM]: xfrm audi... |
647 648 |
{ struct audit_buffer *audit_buf = NULL; |
ab5f5e8b1 [XFRM]: xfrm audi... |
649 |
|
afeb14b49 [XFRM]: RFC4303 c... |
650 651 |
if (audit_enabled == 0) return NULL; |
ab5f5e8b1 [XFRM]: xfrm audi... |
652 |
audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, |
afeb14b49 [XFRM]: RFC4303 c... |
653 |
AUDIT_MAC_IPSEC_EVENT); |
ab5f5e8b1 [XFRM]: xfrm audi... |
654 655 |
if (audit_buf == NULL) return NULL; |
afeb14b49 [XFRM]: RFC4303 c... |
656 657 658 |
audit_log_format(audit_buf, "op=%s", op); return audit_buf; } |
ab5f5e8b1 [XFRM]: xfrm audi... |
659 |
|
2e71029e2 xfrm: Remove usel... |
660 |
static inline void xfrm_audit_helper_usrinfo(bool task_valid, |
afeb14b49 [XFRM]: RFC4303 c... |
661 662 |
struct audit_buffer *audit_buf) { |
2e71029e2 xfrm: Remove usel... |
663 664 665 666 667 668 669 |
const unsigned int auid = from_kuid(&init_user_ns, task_valid ? audit_get_loginuid(current) : INVALID_UID); const unsigned int ses = task_valid ? audit_get_sessionid(current) : (unsigned int) -1; audit_log_format(audit_buf, " auid=%u ses=%u", auid, ses); |
f1370cc4a xfrm: Remove usel... |
670 |
audit_log_task_context(audit_buf); |
ab5f5e8b1 [XFRM]: xfrm audi... |
671 |
} |
2e71029e2 xfrm: Remove usel... |
672 673 674 675 676 |
void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, bool task_valid); void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, bool task_valid); void xfrm_audit_state_add(struct xfrm_state *x, int result, bool task_valid); void xfrm_audit_state_delete(struct xfrm_state *x, int result, bool task_valid); |
d511337a1 xfrm.h: Remove ex... |
677 678 679 680 681 682 683 684 685 |
void xfrm_audit_state_replay_overflow(struct xfrm_state *x, struct sk_buff *skb); void xfrm_audit_state_replay(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq); void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family); void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family, __be32 net_spi, __be32 net_seq); void xfrm_audit_state_icvfail(struct xfrm_state *x, struct sk_buff *skb, u8 proto); |
c9204d9ca audit: disable ip... |
686 |
#else |
41fef0ee7 xfrm: convert emp... |
687 688 |
static inline void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, |
2e71029e2 xfrm: Remove usel... |
689 |
bool task_valid) |
41fef0ee7 xfrm: convert emp... |
690 691 692 693 |
{ } static inline void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, |
2e71029e2 xfrm: Remove usel... |
694 |
bool task_valid) |
41fef0ee7 xfrm: convert emp... |
695 696 697 698 |
{ } static inline void xfrm_audit_state_add(struct xfrm_state *x, int result, |
2e71029e2 xfrm: Remove usel... |
699 |
bool task_valid) |
41fef0ee7 xfrm: convert emp... |
700 701 702 703 |
{ } static inline void xfrm_audit_state_delete(struct xfrm_state *x, int result, |
2e71029e2 xfrm: Remove usel... |
704 |
bool task_valid) |
41fef0ee7 xfrm: convert emp... |
705 706 707 708 709 710 711 |
{ } static inline void xfrm_audit_state_replay_overflow(struct xfrm_state *x, struct sk_buff *skb) { } |
9fdc4883d xfrm: Move IPsec ... |
712 713 714 715 |
static inline void xfrm_audit_state_replay(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq) { } |
41fef0ee7 xfrm: convert emp... |
716 717 718 719 720 721 722 723 724 725 726 727 728 729 |
static inline void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family) { } static inline void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family, __be32 net_spi, __be32 net_seq) { } static inline void xfrm_audit_state_icvfail(struct xfrm_state *x, struct sk_buff *skb, u8 proto) { } |
c9204d9ca audit: disable ip... |
730 |
#endif /* CONFIG_AUDITSYSCALL */ |
161a09e73 audit: Add auditi... |
731 |
|
1da177e4c Linux-2.6.12-rc2 |
732 733 734 735 736 |
static inline void xfrm_pol_hold(struct xfrm_policy *policy) { if (likely(policy != NULL)) atomic_inc(&policy->refcnt); } |
d511337a1 xfrm.h: Remove ex... |
737 |
void xfrm_policy_destroy(struct xfrm_policy *policy); |
1da177e4c Linux-2.6.12-rc2 |
738 739 740 741 |
static inline void xfrm_pol_put(struct xfrm_policy *policy) { if (atomic_dec_and_test(&policy->refcnt)) |
64c31b3f7 [XFRM] xfrm_polic... |
742 |
xfrm_policy_destroy(policy); |
1da177e4c Linux-2.6.12-rc2 |
743 |
} |
4e81bb833 [XFRM] POLICY: su... |
744 745 746 747 748 749 |
static inline void xfrm_pols_put(struct xfrm_policy **pols, int npols) { int i; for (i = npols - 1; i >= 0; --i) xfrm_pol_put(pols[i]); } |
4e81bb833 [XFRM] POLICY: su... |
750 |
|
d511337a1 xfrm.h: Remove ex... |
751 |
void __xfrm_state_destroy(struct xfrm_state *); |
1da177e4c Linux-2.6.12-rc2 |
752 |
|
21380b81e [XFRM]: Eliminate... |
753 754 755 756 |
static inline void __xfrm_state_put(struct xfrm_state *x) { atomic_dec(&x->refcnt); } |
1da177e4c Linux-2.6.12-rc2 |
757 758 759 760 761 762 763 764 765 766 |
static inline void xfrm_state_put(struct xfrm_state *x) { if (atomic_dec_and_test(&x->refcnt)) __xfrm_state_destroy(x); } static inline void xfrm_state_hold(struct xfrm_state *x) { atomic_inc(&x->refcnt); } |
1744a8fe0 xfrm: Mark token ... |
767 768 |
static inline bool addr_match(const void *token1, const void *token2, int prefixlen) |
1da177e4c Linux-2.6.12-rc2 |
769 |
{ |
1744a8fe0 xfrm: Mark token ... |
770 771 |
const __be32 *a1 = token1; const __be32 *a2 = token2; |
1da177e4c Linux-2.6.12-rc2 |
772 773 |
int pdw; int pbi; |
a63374631 xfrm: use proper ... |
774 |
pdw = prefixlen >> 5; /* num of whole u32 in prefix */ |
1da177e4c Linux-2.6.12-rc2 |
775 776 777 778 |
pbi = prefixlen & 0x1f; /* num of bits in incomplete u32 in prefix */ if (pdw) if (memcmp(a1, a2, pdw << 2)) |
1744a8fe0 xfrm: Mark token ... |
779 |
return false; |
1da177e4c Linux-2.6.12-rc2 |
780 781 |
if (pbi) { |
5f19343fb [XFRM]: addr_matc... |
782 |
__be32 mask; |
1da177e4c Linux-2.6.12-rc2 |
783 784 785 786 |
mask = htonl((0xffffffff) << (32 - pbi)); if ((a1[pdw] ^ a2[pdw]) & mask) |
1744a8fe0 xfrm: Mark token ... |
787 |
return false; |
1da177e4c Linux-2.6.12-rc2 |
788 |
} |
1744a8fe0 xfrm: Mark token ... |
789 |
return true; |
1da177e4c Linux-2.6.12-rc2 |
790 |
} |
26bff940d xfrm: optimize ip... |
791 792 793 794 795 796 797 |
static inline bool addr4_match(__be32 a1, __be32 a2, u8 prefixlen) { /* C99 6.5.7 (3): u32 << 32 is undefined behaviour */ if (prefixlen == 0) return true; return !((a1 ^ a2) & htonl(0xFFFFFFFFu << (32 - prefixlen))); } |
1da177e4c Linux-2.6.12-rc2 |
798 |
static __inline__ |
6281dcc94 net: Make flowi p... |
799 |
__be16 xfrm_flowi_sport(const struct flowi *fl, const union flowi_uli *uli) |
1da177e4c Linux-2.6.12-rc2 |
800 |
{ |
f9d07e41f [XFRM]: xfrm_flow... |
801 |
__be16 port; |
1d28f42c1 net: Put flowi_* ... |
802 |
switch(fl->flowi_proto) { |
1da177e4c Linux-2.6.12-rc2 |
803 804 |
case IPPROTO_TCP: case IPPROTO_UDP: |
ba4e58eca [NET]: Supporting... |
805 |
case IPPROTO_UDPLITE: |
1da177e4c Linux-2.6.12-rc2 |
806 |
case IPPROTO_SCTP: |
6281dcc94 net: Make flowi p... |
807 |
port = uli->ports.sport; |
1da177e4c Linux-2.6.12-rc2 |
808 809 810 |
break; case IPPROTO_ICMP: case IPPROTO_ICMPV6: |
6281dcc94 net: Make flowi p... |
811 |
port = htons(uli->icmpt.type); |
1da177e4c Linux-2.6.12-rc2 |
812 |
break; |
2ce4272a6 [IPV6] MIP6: Tran... |
813 |
case IPPROTO_MH: |
6281dcc94 net: Make flowi p... |
814 |
port = htons(uli->mht.type); |
2ce4272a6 [IPV6] MIP6: Tran... |
815 |
break; |
cc9ff19da xfrm: use gre key... |
816 |
case IPPROTO_GRE: |
6281dcc94 net: Make flowi p... |
817 |
port = htons(ntohl(uli->gre_key) >> 16); |
cc9ff19da xfrm: use gre key... |
818 |
break; |
1da177e4c Linux-2.6.12-rc2 |
819 820 821 822 823 824 825 |
default: port = 0; /*XXX*/ } return port; } static __inline__ |
6281dcc94 net: Make flowi p... |
826 |
__be16 xfrm_flowi_dport(const struct flowi *fl, const union flowi_uli *uli) |
1da177e4c Linux-2.6.12-rc2 |
827 |
{ |
f9d07e41f [XFRM]: xfrm_flow... |
828 |
__be16 port; |
1d28f42c1 net: Put flowi_* ... |
829 |
switch(fl->flowi_proto) { |
1da177e4c Linux-2.6.12-rc2 |
830 831 |
case IPPROTO_TCP: case IPPROTO_UDP: |
ba4e58eca [NET]: Supporting... |
832 |
case IPPROTO_UDPLITE: |
1da177e4c Linux-2.6.12-rc2 |
833 |
case IPPROTO_SCTP: |
6281dcc94 net: Make flowi p... |
834 |
port = uli->ports.dport; |
1da177e4c Linux-2.6.12-rc2 |
835 836 837 |
break; case IPPROTO_ICMP: case IPPROTO_ICMPV6: |
6281dcc94 net: Make flowi p... |
838 |
port = htons(uli->icmpt.code); |
1da177e4c Linux-2.6.12-rc2 |
839 |
break; |
cc9ff19da xfrm: use gre key... |
840 |
case IPPROTO_GRE: |
6281dcc94 net: Make flowi p... |
841 |
port = htons(ntohl(uli->gre_key) & 0xffff); |
cc9ff19da xfrm: use gre key... |
842 |
break; |
1da177e4c Linux-2.6.12-rc2 |
843 844 845 846 847 |
default: port = 0; /*XXX*/ } return port; } |
d511337a1 xfrm.h: Remove ex... |
848 849 |
bool xfrm_selector_match(const struct xfrm_selector *sel, const struct flowi *fl, unsigned short family); |
1da177e4c Linux-2.6.12-rc2 |
850 |
|
df71837d5 [LSM-IPSec]: Secu... |
851 852 853 854 |
#ifdef CONFIG_SECURITY_NETWORK_XFRM /* If neither has a context --> match * Otherwise, both must have a context and the sids, doi, alg must match */ |
bc9b35ad4 xfrm: Convert sev... |
855 |
static inline bool xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2) |
df71837d5 [LSM-IPSec]: Secu... |
856 857 858 859 860 861 862 863 |
{ return ((!s1 && !s2) || (s1 && s2 && (s1->ctx_sid == s2->ctx_sid) && (s1->ctx_doi == s2->ctx_doi) && (s1->ctx_alg == s2->ctx_alg))); } #else |
bc9b35ad4 xfrm: Convert sev... |
864 |
static inline bool xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2) |
df71837d5 [LSM-IPSec]: Secu... |
865 |
{ |
bc9b35ad4 xfrm: Convert sev... |
866 |
return true; |
df71837d5 [LSM-IPSec]: Secu... |
867 868 |
} #endif |
1da177e4c Linux-2.6.12-rc2 |
869 870 871 872 873 874 875 876 877 878 879 |
/* A struct encoding bundle of transformations to apply to some set of flow. * * dst->child points to the next element of bundle. * dst->xfrm points to an instanse of transformer. * * Due to unfortunate limitations of current routing cache, which we * have no time to fix, it mirrors struct rtable and bound to the same * routing key, including saddr,daddr. However, we can have many of * bundles differing by session id. All the bundles grow from a parent * policy rule. */ |
fd2c3ef76 net: cleanup incl... |
880 |
struct xfrm_dst { |
1da177e4c Linux-2.6.12-rc2 |
881 |
union { |
1da177e4c Linux-2.6.12-rc2 |
882 883 884 885 886 |
struct dst_entry dst; struct rtable rt; struct rt6_info rt6; } u; struct dst_entry *route; |
80c802f30 xfrm: cache bundl... |
887 888 889 |
struct flow_cache_object flo; struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX]; int num_pols, num_xfrms; |
157bfc250 [XFRM]: Restrict ... |
890 891 892 893 |
#ifdef CONFIG_XFRM_SUB_POLICY struct flowi *origin; struct xfrm_selector *partner; #endif |
80c802f30 xfrm: cache bundl... |
894 895 |
u32 xfrm_genid; u32 policy_genid; |
1da177e4c Linux-2.6.12-rc2 |
896 897 |
u32 route_mtu_cached; u32 child_mtu_cached; |
92d63decc From: Kazunori Mi... |
898 899 |
u32 route_cookie; u32 path_cookie; |
1da177e4c Linux-2.6.12-rc2 |
900 |
}; |
def8b4faf net: reduce struc... |
901 |
#ifdef CONFIG_XFRM |
aabc9761b [IPSEC]: Store id... |
902 903 |
static inline void xfrm_dst_destroy(struct xfrm_dst *xdst) { |
80c802f30 xfrm: cache bundl... |
904 |
xfrm_pols_put(xdst->pols, xdst->num_pols); |
aabc9761b [IPSEC]: Store id... |
905 906 907 |
dst_release(xdst->route); if (likely(xdst->u.dst.xfrm)) xfrm_state_put(xdst->u.dst.xfrm); |
157bfc250 [XFRM]: Restrict ... |
908 909 910 911 912 913 |
#ifdef CONFIG_XFRM_SUB_POLICY kfree(xdst->origin); xdst->origin = NULL; kfree(xdst->partner); xdst->partner = NULL; #endif |
aabc9761b [IPSEC]: Store id... |
914 |
} |
def8b4faf net: reduce struc... |
915 |
#endif |
aabc9761b [IPSEC]: Store id... |
916 |
|
d511337a1 xfrm.h: Remove ex... |
917 |
void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev); |
aabc9761b [IPSEC]: Store id... |
918 |
|
fd2c3ef76 net: cleanup incl... |
919 |
struct sec_path { |
1da177e4c Linux-2.6.12-rc2 |
920 921 |
atomic_t refcnt; int len; |
dbe5b4aaa [IPSEC]: Kill unu... |
922 |
struct xfrm_state *xvec[XFRM_MAX_DEPTH]; |
1da177e4c Linux-2.6.12-rc2 |
923 |
}; |
990078afb Disable rp_filter... |
924 925 926 927 928 929 930 931 |
static inline int secpath_exists(struct sk_buff *skb) { #ifdef CONFIG_XFRM return skb->sp != NULL; #else return 0; #endif } |
1da177e4c Linux-2.6.12-rc2 |
932 933 934 935 936 937 938 |
static inline struct sec_path * secpath_get(struct sec_path *sp) { if (sp) atomic_inc(&sp->refcnt); return sp; } |
d511337a1 xfrm.h: Remove ex... |
939 |
void __secpath_destroy(struct sec_path *sp); |
1da177e4c Linux-2.6.12-rc2 |
940 941 942 943 944 945 946 |
static inline void secpath_put(struct sec_path *sp) { if (sp && atomic_dec_and_test(&sp->refcnt)) __secpath_destroy(sp); } |
d511337a1 xfrm.h: Remove ex... |
947 |
struct sec_path *secpath_dup(struct sec_path *src); |
1da177e4c Linux-2.6.12-rc2 |
948 949 950 951 952 953 954 955 956 957 958 |
static inline void secpath_reset(struct sk_buff *skb) { #ifdef CONFIG_XFRM secpath_put(skb->sp); skb->sp = NULL; #endif } static inline int |
6cc329610 xfrm: Const'ify a... |
959 |
xfrm_addr_any(const xfrm_address_t *addr, unsigned short family) |
a1e59abf8 [XFRM]: Fix wildc... |
960 961 962 963 964 |
{ switch (family) { case AF_INET: return addr->a4 == 0; case AF_INET6: |
15e318bdc xfrm: simplify xf... |
965 |
return ipv6_addr_any(&addr->in6); |
a1e59abf8 [XFRM]: Fix wildc... |
966 967 968 969 970 |
} return 0; } static inline int |
21eddb5c1 xfrm: Const'ify x... |
971 |
__xfrm4_state_addr_cmp(const struct xfrm_tmpl *tmpl, const struct xfrm_state *x) |
1da177e4c Linux-2.6.12-rc2 |
972 973 974 975 976 977 |
{ return (tmpl->saddr.a4 && tmpl->saddr.a4 != x->props.saddr.a4); } static inline int |
21eddb5c1 xfrm: Const'ify x... |
978 |
__xfrm6_state_addr_cmp(const struct xfrm_tmpl *tmpl, const struct xfrm_state *x) |
1da177e4c Linux-2.6.12-rc2 |
979 980 |
{ return (!ipv6_addr_any((struct in6_addr*)&tmpl->saddr) && |
ff88b30c7 xfrm: Use ipv6_ad... |
981 |
!ipv6_addr_equal((struct in6_addr *)&tmpl->saddr, (struct in6_addr*)&x->props.saddr)); |
1da177e4c Linux-2.6.12-rc2 |
982 983 984 |
} static inline int |
21eddb5c1 xfrm: Const'ify x... |
985 |
xfrm_state_addr_cmp(const struct xfrm_tmpl *tmpl, const struct xfrm_state *x, unsigned short family) |
1da177e4c Linux-2.6.12-rc2 |
986 987 988 989 990 991 992 993 994 995 996 |
{ switch (family) { case AF_INET: return __xfrm4_state_addr_cmp(tmpl, x); case AF_INET6: return __xfrm6_state_addr_cmp(tmpl, x); } return !0; } #ifdef CONFIG_XFRM |
d511337a1 xfrm.h: Remove ex... |
997 998 |
int __xfrm_policy_check(struct sock *, int dir, struct sk_buff *skb, unsigned short family); |
1da177e4c Linux-2.6.12-rc2 |
999 |
|
d5422efe6 [IPSEC]: Added xf... |
1000 1001 1002 |
static inline int __xfrm_policy_check2(struct sock *sk, int dir, struct sk_buff *skb, unsigned int family, int reverse) |
1da177e4c Linux-2.6.12-rc2 |
1003 |
{ |
f6e1e25d7 netns xfrm: xfrm_... |
1004 |
struct net *net = dev_net(skb->dev); |
d5422efe6 [IPSEC]: Added xf... |
1005 |
int ndir = dir | (reverse ? XFRM_POLICY_MASK + 1 : 0); |
1da177e4c Linux-2.6.12-rc2 |
1006 |
if (sk && sk->sk_policy[XFRM_POLICY_IN]) |
d5422efe6 [IPSEC]: Added xf... |
1007 |
return __xfrm_policy_check(sk, ndir, skb, family); |
4e81bb833 [XFRM] POLICY: su... |
1008 |
|
f6e1e25d7 netns xfrm: xfrm_... |
1009 |
return (!net->xfrm.policy_count[dir] && !skb->sp) || |
adf30907d net: skb->dst acc... |
1010 |
(skb_dst(skb)->flags & DST_NOPOLICY) || |
d5422efe6 [IPSEC]: Added xf... |
1011 1012 1013 1014 1015 1016 |
__xfrm_policy_check(sk, ndir, skb, family); } static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family) { return __xfrm_policy_check2(sk, dir, skb, family, 0); |
1da177e4c Linux-2.6.12-rc2 |
1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 |
} static inline int xfrm4_policy_check(struct sock *sk, int dir, struct sk_buff *skb) { return xfrm_policy_check(sk, dir, skb, AF_INET); } static inline int xfrm6_policy_check(struct sock *sk, int dir, struct sk_buff *skb) { return xfrm_policy_check(sk, dir, skb, AF_INET6); } |
d5422efe6 [IPSEC]: Added xf... |
1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 |
static inline int xfrm4_policy_check_reverse(struct sock *sk, int dir, struct sk_buff *skb) { return __xfrm_policy_check2(sk, dir, skb, AF_INET, 1); } static inline int xfrm6_policy_check_reverse(struct sock *sk, int dir, struct sk_buff *skb) { return __xfrm_policy_check2(sk, dir, skb, AF_INET6, 1); } |
d511337a1 xfrm.h: Remove ex... |
1039 1040 |
int __xfrm_decode_session(struct sk_buff *skb, struct flowi *fl, unsigned int family, int reverse); |
d5422efe6 [IPSEC]: Added xf... |
1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 |
static inline int xfrm_decode_session(struct sk_buff *skb, struct flowi *fl, unsigned int family) { return __xfrm_decode_session(skb, fl, family, 0); } static inline int xfrm_decode_session_reverse(struct sk_buff *skb, struct flowi *fl, unsigned int family) { return __xfrm_decode_session(skb, fl, family, 1); } |
d511337a1 xfrm.h: Remove ex... |
1054 |
int __xfrm_route_forward(struct sk_buff *skb, unsigned short family); |
1da177e4c Linux-2.6.12-rc2 |
1055 1056 1057 |
static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family) { |
99a66657b netns xfrm: xfrm_... |
1058 1059 1060 |
struct net *net = dev_net(skb->dev); return !net->xfrm.policy_count[XFRM_POLICY_OUT] || |
adf30907d net: skb->dst acc... |
1061 |
(skb_dst(skb)->flags & DST_NOXFRM) || |
1da177e4c Linux-2.6.12-rc2 |
1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 |
__xfrm_route_forward(skb, family); } static inline int xfrm4_route_forward(struct sk_buff *skb) { return xfrm_route_forward(skb, AF_INET); } static inline int xfrm6_route_forward(struct sk_buff *skb) { return xfrm_route_forward(skb, AF_INET6); } |
d188ba86d xfrm: add rcu pro... |
1074 |
int __xfrm_sk_clone_policy(struct sock *sk, const struct sock *osk); |
1da177e4c Linux-2.6.12-rc2 |
1075 |
|
d188ba86d xfrm: add rcu pro... |
1076 |
static inline int xfrm_sk_clone_policy(struct sock *sk, const struct sock *osk) |
1da177e4c Linux-2.6.12-rc2 |
1077 |
{ |
d188ba86d xfrm: add rcu pro... |
1078 1079 1080 1081 |
sk->sk_policy[0] = NULL; sk->sk_policy[1] = NULL; if (unlikely(osk->sk_policy[0] || osk->sk_policy[1])) return __xfrm_sk_clone_policy(sk, osk); |
1da177e4c Linux-2.6.12-rc2 |
1082 1083 |
return 0; } |
d511337a1 xfrm.h: Remove ex... |
1084 |
int xfrm_policy_delete(struct xfrm_policy *pol, int dir); |
1da177e4c Linux-2.6.12-rc2 |
1085 1086 1087 |
static inline void xfrm_sk_free_policy(struct sock *sk) { |
d188ba86d xfrm: add rcu pro... |
1088 1089 1090 1091 1092 |
struct xfrm_policy *pol; pol = rcu_dereference_protected(sk->sk_policy[0], 1); if (unlikely(pol != NULL)) { xfrm_policy_delete(pol, XFRM_POLICY_MAX); |
1da177e4c Linux-2.6.12-rc2 |
1093 1094 |
sk->sk_policy[0] = NULL; } |
d188ba86d xfrm: add rcu pro... |
1095 1096 1097 |
pol = rcu_dereference_protected(sk->sk_policy[1], 1); if (unlikely(pol != NULL)) { xfrm_policy_delete(pol, XFRM_POLICY_MAX+1); |
1da177e4c Linux-2.6.12-rc2 |
1098 1099 1100 |
sk->sk_policy[1] = NULL; } } |
d511337a1 xfrm.h: Remove ex... |
1101 |
void xfrm_garbage_collect(struct net *net); |
e4c172164 xfrm: force a gar... |
1102 |
|
1da177e4c Linux-2.6.12-rc2 |
1103 1104 1105 |
#else static inline void xfrm_sk_free_policy(struct sock *sk) {} |
d188ba86d xfrm: add rcu pro... |
1106 |
static inline int xfrm_sk_clone_policy(struct sock *sk, const struct sock *osk) { return 0; } |
1da177e4c Linux-2.6.12-rc2 |
1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 |
static inline int xfrm6_route_forward(struct sk_buff *skb) { return 1; } static inline int xfrm4_route_forward(struct sk_buff *skb) { return 1; } static inline int xfrm6_policy_check(struct sock *sk, int dir, struct sk_buff *skb) { return 1; } static inline int xfrm4_policy_check(struct sock *sk, int dir, struct sk_buff *skb) { return 1; } static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family) { return 1; } |
d5422efe6 [IPSEC]: Added xf... |
1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 |
static inline int xfrm_decode_session_reverse(struct sk_buff *skb, struct flowi *fl, unsigned int family) { return -ENOSYS; } static inline int xfrm4_policy_check_reverse(struct sock *sk, int dir, struct sk_buff *skb) { return 1; } static inline int xfrm6_policy_check_reverse(struct sock *sk, int dir, struct sk_buff *skb) { return 1; } |
e4c172164 xfrm: force a gar... |
1137 1138 1139 |
static inline void xfrm_garbage_collect(struct net *net) { } |
1da177e4c Linux-2.6.12-rc2 |
1140 1141 1142 |
#endif static __inline__ |
e8a4e3771 xfrm: Mark flowi ... |
1143 |
xfrm_address_t *xfrm_flowi_daddr(const struct flowi *fl, unsigned short family) |
1da177e4c Linux-2.6.12-rc2 |
1144 1145 1146 |
{ switch (family){ case AF_INET: |
7e1dc7b6f net: Use flowi4 a... |
1147 |
return (xfrm_address_t *)&fl->u.ip4.daddr; |
1da177e4c Linux-2.6.12-rc2 |
1148 |
case AF_INET6: |
7e1dc7b6f net: Use flowi4 a... |
1149 |
return (xfrm_address_t *)&fl->u.ip6.daddr; |
1da177e4c Linux-2.6.12-rc2 |
1150 1151 1152 1153 1154 |
} return NULL; } static __inline__ |
e8a4e3771 xfrm: Mark flowi ... |
1155 |
xfrm_address_t *xfrm_flowi_saddr(const struct flowi *fl, unsigned short family) |
1da177e4c Linux-2.6.12-rc2 |
1156 1157 1158 |
{ switch (family){ case AF_INET: |
7e1dc7b6f net: Use flowi4 a... |
1159 |
return (xfrm_address_t *)&fl->u.ip4.saddr; |
1da177e4c Linux-2.6.12-rc2 |
1160 |
case AF_INET6: |
7e1dc7b6f net: Use flowi4 a... |
1161 |
return (xfrm_address_t *)&fl->u.ip6.saddr; |
1da177e4c Linux-2.6.12-rc2 |
1162 1163 1164 |
} return NULL; } |
9bb182a70 [XFRM] MIP6: Fix ... |
1165 |
static __inline__ |
e8a4e3771 xfrm: Mark flowi ... |
1166 |
void xfrm_flowi_addr_get(const struct flowi *fl, |
9bb182a70 [XFRM] MIP6: Fix ... |
1167 1168 1169 1170 1171 |
xfrm_address_t *saddr, xfrm_address_t *daddr, unsigned short family) { switch(family) { case AF_INET: |
7e1dc7b6f net: Use flowi4 a... |
1172 1173 |
memcpy(&saddr->a4, &fl->u.ip4.saddr, sizeof(saddr->a4)); memcpy(&daddr->a4, &fl->u.ip4.daddr, sizeof(daddr->a4)); |
9bb182a70 [XFRM] MIP6: Fix ... |
1174 1175 |
break; case AF_INET6: |
15e318bdc xfrm: simplify xf... |
1176 1177 |
saddr->in6 = fl->u.ip6.saddr; daddr->in6 = fl->u.ip6.daddr; |
9bb182a70 [XFRM] MIP6: Fix ... |
1178 1179 1180 |
break; } } |
1da177e4c Linux-2.6.12-rc2 |
1181 |
static __inline__ int |
f8848067c xfrm: Const'ify p... |
1182 1183 |
__xfrm4_state_addr_check(const struct xfrm_state *x, const xfrm_address_t *daddr, const xfrm_address_t *saddr) |
1da177e4c Linux-2.6.12-rc2 |
1184 1185 1186 1187 1188 1189 1190 1191 |
{ if (daddr->a4 == x->id.daddr.a4 && (saddr->a4 == x->props.saddr.a4 || !saddr->a4 || !x->props.saddr.a4)) return 1; return 0; } static __inline__ int |
f8848067c xfrm: Const'ify p... |
1192 1193 |
__xfrm6_state_addr_check(const struct xfrm_state *x, const xfrm_address_t *daddr, const xfrm_address_t *saddr) |
1da177e4c Linux-2.6.12-rc2 |
1194 |
{ |
ff88b30c7 xfrm: Use ipv6_ad... |
1195 1196 |
if (ipv6_addr_equal((struct in6_addr *)daddr, (struct in6_addr *)&x->id.daddr) && (ipv6_addr_equal((struct in6_addr *)saddr, (struct in6_addr *)&x->props.saddr) || |
1da177e4c Linux-2.6.12-rc2 |
1197 1198 1199 1200 1201 1202 1203 |
ipv6_addr_any((struct in6_addr *)saddr) || ipv6_addr_any((struct in6_addr *)&x->props.saddr))) return 1; return 0; } static __inline__ int |
f8848067c xfrm: Const'ify p... |
1204 1205 |
xfrm_state_addr_check(const struct xfrm_state *x, const xfrm_address_t *daddr, const xfrm_address_t *saddr, |
1da177e4c Linux-2.6.12-rc2 |
1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 |
unsigned short family) { switch (family) { case AF_INET: return __xfrm4_state_addr_check(x, daddr, saddr); case AF_INET6: return __xfrm6_state_addr_check(x, daddr, saddr); } return 0; } |
e53820de0 [XFRM] IPV6: Rest... |
1216 |
static __inline__ int |
f8848067c xfrm: Const'ify p... |
1217 |
xfrm_state_addr_flow_check(const struct xfrm_state *x, const struct flowi *fl, |
e53820de0 [XFRM] IPV6: Rest... |
1218 1219 1220 1221 1222 |
unsigned short family) { switch (family) { case AF_INET: return __xfrm4_state_addr_check(x, |
7e1dc7b6f net: Use flowi4 a... |
1223 1224 |
(const xfrm_address_t *)&fl->u.ip4.daddr, (const xfrm_address_t *)&fl->u.ip4.saddr); |
e53820de0 [XFRM] IPV6: Rest... |
1225 1226 |
case AF_INET6: return __xfrm6_state_addr_check(x, |
7e1dc7b6f net: Use flowi4 a... |
1227 1228 |
(const xfrm_address_t *)&fl->u.ip6.daddr, (const xfrm_address_t *)&fl->u.ip6.saddr); |
e53820de0 [XFRM] IPV6: Rest... |
1229 1230 1231 |
} return 0; } |
f8848067c xfrm: Const'ify p... |
1232 |
static inline int xfrm_state_kern(const struct xfrm_state *x) |
1da177e4c Linux-2.6.12-rc2 |
1233 1234 1235 |
{ return atomic_read(&x->tunnel_users); } |
5794708f1 [XFRM]: Introduce... |
1236 1237 |
static inline int xfrm_id_proto_match(u8 proto, u8 userproto) { |
dc00a5256 [XFRM] STATE: All... |
1238 1239 1240 1241 |
return (!userproto || proto == userproto || (userproto == IPSEC_PROTO_ANY && (proto == IPPROTO_AH || proto == IPPROTO_ESP || proto == IPPROTO_COMP))); |
5794708f1 [XFRM]: Introduce... |
1242 |
} |
1da177e4c Linux-2.6.12-rc2 |
1243 1244 1245 |
/* * xfrm algorithm information */ |
1a6509d99 [IPSEC]: Add supp... |
1246 |
struct xfrm_algo_aead_info { |
165ecc637 xfrm: Add IV gene... |
1247 |
char *geniv; |
1a6509d99 [IPSEC]: Add supp... |
1248 1249 |
u16 icv_truncbits; }; |
1da177e4c Linux-2.6.12-rc2 |
1250 1251 1252 1253 1254 1255 |
struct xfrm_algo_auth_info { u16 icv_truncbits; u16 icv_fullbits; }; struct xfrm_algo_encr_info { |
165ecc637 xfrm: Add IV gene... |
1256 |
char *geniv; |
1da177e4c Linux-2.6.12-rc2 |
1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 |
u16 blockbits; u16 defkeybits; }; struct xfrm_algo_comp_info { u16 threshold; }; struct xfrm_algo_desc { char *name; |
04ff12609 [IPSEC]: Add comp... |
1267 |
char *compat; |
1da177e4c Linux-2.6.12-rc2 |
1268 |
u8 available:1; |
7e50f84c9 pf_key/xfrm_algo:... |
1269 |
u8 pfkey_supported:1; |
1da177e4c Linux-2.6.12-rc2 |
1270 |
union { |
1a6509d99 [IPSEC]: Add supp... |
1271 |
struct xfrm_algo_aead_info aead; |
1da177e4c Linux-2.6.12-rc2 |
1272 1273 1274 1275 1276 1277 |
struct xfrm_algo_auth_info auth; struct xfrm_algo_encr_info encr; struct xfrm_algo_comp_info comp; } uinfo; struct sadb_alg desc; }; |
3328715e6 xfrm4: Add IPsec ... |
1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 |
/* XFRM protocol handlers. */ struct xfrm4_protocol { int (*handler)(struct sk_buff *skb); int (*input_handler)(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type); int (*cb_handler)(struct sk_buff *skb, int err); int (*err_handler)(struct sk_buff *skb, u32 info); struct xfrm4_protocol __rcu *next; int priority; }; |
7e14ea152 xfrm6: Add IPsec ... |
1289 |
struct xfrm6_protocol { |
1da177e4c Linux-2.6.12-rc2 |
1290 |
int (*handler)(struct sk_buff *skb); |
7e14ea152 xfrm6: Add IPsec ... |
1291 1292 1293 |
int (*cb_handler)(struct sk_buff *skb, int err); int (*err_handler)(struct sk_buff *skb, struct inet6_skb_parm *opt, u8 type, u8 code, int offset, __be32 info); |
d2acc3479 [INET]: Introduce... |
1294 |
|
7e14ea152 xfrm6: Add IPsec ... |
1295 |
struct xfrm6_protocol __rcu *next; |
d2acc3479 [INET]: Introduce... |
1296 |
int priority; |
1da177e4c Linux-2.6.12-rc2 |
1297 |
}; |
1da177e4c Linux-2.6.12-rc2 |
1298 1299 |
/* XFRM tunnel handlers. */ struct xfrm_tunnel { |
aba826958 {ipv4,xfrm}: Intr... |
1300 |
int (*handler)(struct sk_buff *skb); |
a63374631 xfrm: use proper ... |
1301 |
int (*err_handler)(struct sk_buff *skb, u32 info); |
d2acc3479 [INET]: Introduce... |
1302 |
|
b33eab084 tunnels: add __rc... |
1303 |
struct xfrm_tunnel __rcu *next; |
aba826958 {ipv4,xfrm}: Intr... |
1304 1305 |
int priority; }; |
1da177e4c Linux-2.6.12-rc2 |
1306 |
struct xfrm6_tunnel { |
d2acc3479 [INET]: Introduce... |
1307 1308 |
int (*handler)(struct sk_buff *skb); int (*err_handler)(struct sk_buff *skb, struct inet6_skb_parm *opt, |
d5fdd6bab ipv6: Use correct... |
1309 |
u8 type, u8 code, int offset, __be32 info); |
6f0bcf152 tunnels: add _rcu... |
1310 |
struct xfrm6_tunnel __rcu *next; |
d2acc3479 [INET]: Introduce... |
1311 |
int priority; |
1da177e4c Linux-2.6.12-rc2 |
1312 |
}; |
d511337a1 xfrm.h: Remove ex... |
1313 1314 1315 1316 1317 |
void xfrm_init(void); void xfrm4_init(void); int xfrm_state_init(struct net *net); void xfrm_state_fini(struct net *net); void xfrm4_state_init(void); |
2f32b51b6 xfrm: Introduce x... |
1318 |
void xfrm4_protocol_init(void); |
c35b7e72c [IPV6]: remove if... |
1319 |
#ifdef CONFIG_XFRM |
d511337a1 xfrm.h: Remove ex... |
1320 1321 1322 1323 |
int xfrm6_init(void); void xfrm6_fini(void); int xfrm6_state_init(void); void xfrm6_state_fini(void); |
7e14ea152 xfrm6: Add IPsec ... |
1324 1325 |
int xfrm6_protocol_init(void); void xfrm6_protocol_fini(void); |
c35b7e72c [IPV6]: remove if... |
1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 |
#else static inline int xfrm6_init(void) { return 0; } static inline void xfrm6_fini(void) { ; } #endif |
1da177e4c Linux-2.6.12-rc2 |
1336 |
|
558f82ef6 [XFRM]: Define pa... |
1337 |
#ifdef CONFIG_XFRM_STATISTICS |
d511337a1 xfrm.h: Remove ex... |
1338 1339 |
int xfrm_proc_init(struct net *net); void xfrm_proc_fini(struct net *net); |
558f82ef6 [XFRM]: Define pa... |
1340 |
#endif |
d511337a1 xfrm.h: Remove ex... |
1341 |
int xfrm_sysctl_init(struct net *net); |
b27aeadb5 netns xfrm: per-n... |
1342 |
#ifdef CONFIG_SYSCTL |
d511337a1 xfrm.h: Remove ex... |
1343 |
void xfrm_sysctl_fini(struct net *net); |
b27aeadb5 netns xfrm: per-n... |
1344 1345 1346 1347 1348 |
#else static inline void xfrm_sysctl_fini(struct net *net) { } #endif |
d3623099d ipsec: add suppor... |
1349 |
void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto, |
870a2df4c xfrm: rename stru... |
1350 |
struct xfrm_address_filter *filter); |
d511337a1 xfrm.h: Remove ex... |
1351 1352 |
int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk, int (*func)(struct xfrm_state *, int, void*), void *); |
283bc9f35 xfrm: Namespacify... |
1353 |
void xfrm_state_walk_done(struct xfrm_state_walk *walk, struct net *net); |
d511337a1 xfrm.h: Remove ex... |
1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 |
struct xfrm_state *xfrm_state_alloc(struct net *net); struct xfrm_state *xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr, const struct flowi *fl, struct xfrm_tmpl *tmpl, struct xfrm_policy *pol, int *err, unsigned short family); struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark, xfrm_address_t *daddr, xfrm_address_t *saddr, unsigned short family, u8 mode, u8 proto, u32 reqid); |
c454997e6 {pktgen, xfrm} In... |
1366 1367 |
struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi, unsigned short family); |
d511337a1 xfrm.h: Remove ex... |
1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 |
int xfrm_state_check_expire(struct xfrm_state *x); void xfrm_state_insert(struct xfrm_state *x); int xfrm_state_add(struct xfrm_state *x); int xfrm_state_update(struct xfrm_state *x); struct xfrm_state *xfrm_state_lookup(struct net *net, u32 mark, const xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family); struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, u32 mark, const xfrm_address_t *daddr, const xfrm_address_t *saddr, u8 proto, unsigned short family); |
41a49cc3c [XFRM]: Add sorti... |
1380 |
#ifdef CONFIG_XFRM_SUB_POLICY |
d511337a1 xfrm.h: Remove ex... |
1381 |
int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n, |
283bc9f35 xfrm: Namespacify... |
1382 |
unsigned short family, struct net *net); |
d511337a1 xfrm.h: Remove ex... |
1383 1384 |
int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n, unsigned short family); |
41a49cc3c [XFRM]: Add sorti... |
1385 1386 |
#else static inline int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, |
283bc9f35 xfrm: Namespacify... |
1387 |
int n, unsigned short family, struct net *net) |
41a49cc3c [XFRM]: Add sorti... |
1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 |
{ return -ENOSYS; } static inline int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n, unsigned short family) { return -ENOSYS; } #endif |
af11e3160 [XFRM] SAD info T... |
1398 1399 1400 1401 1402 1403 |
struct xfrmk_sadinfo { u32 sadhcnt; /* current hash bkts */ u32 sadhmcnt; /* max allowed hash bkts */ u32 sadcnt; /* current running count */ }; |
5a6d34162 [XFRM] SPD info T... |
1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 |
struct xfrmk_spdinfo { u32 incnt; u32 outcnt; u32 fwdcnt; u32 inscnt; u32 outscnt; u32 fwdscnt; u32 spdhcnt; u32 spdhmcnt; }; |
d511337a1 xfrm.h: Remove ex... |
1414 1415 |
struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq); int xfrm_state_delete(struct xfrm_state *x); |
2e71029e2 xfrm: Remove usel... |
1416 |
int xfrm_state_flush(struct net *net, u8 proto, bool task_valid); |
d511337a1 xfrm.h: Remove ex... |
1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 |
void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si); void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si); u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq); int xfrm_init_replay(struct xfrm_state *x); int xfrm_state_mtu(struct xfrm_state *x, int mtu); int __xfrm_init_state(struct xfrm_state *x, bool init_replay); int xfrm_init_state(struct xfrm_state *x); int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb); int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type); int xfrm_input_resume(struct sk_buff *skb, int nexthdr); int xfrm_output_resume(struct sk_buff *skb, int err); |
7026b1ddb netfilter: Pass s... |
1428 |
int xfrm_output(struct sock *sk, struct sk_buff *skb); |
d511337a1 xfrm.h: Remove ex... |
1429 1430 1431 1432 1433 1434 1435 1436 |
int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb); void xfrm_local_error(struct sk_buff *skb, int mtu); int xfrm4_extract_header(struct sk_buff *skb); int xfrm4_extract_input(struct xfrm_state *x, struct sk_buff *skb); int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type); int xfrm4_transport_finish(struct sk_buff *skb, int async); int xfrm4_rcv(struct sk_buff *skb); |
c4541b41c [IPSEC]: Move tun... |
1437 1438 1439 |
static inline int xfrm4_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi) { |
70be6c91c xfrm: Add xfrm_tu... |
1440 |
XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; |
3328715e6 xfrm4: Add IPsec ... |
1441 1442 1443 |
XFRM_SPI_SKB_CB(skb)->family = AF_INET; XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr); return xfrm_input(skb, nexthdr, spi, 0); |
c4541b41c [IPSEC]: Move tun... |
1444 |
} |
d511337a1 xfrm.h: Remove ex... |
1445 1446 |
int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb); int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb); |
ede2059db dst: Pass net int... |
1447 |
int xfrm4_output(struct net *net, struct sock *sk, struct sk_buff *skb); |
7026b1ddb netfilter: Pass s... |
1448 |
int xfrm4_output_finish(struct sock *sk, struct sk_buff *skb); |
3328715e6 xfrm4: Add IPsec ... |
1449 1450 1451 |
int xfrm4_rcv_cb(struct sk_buff *skb, u8 protocol, int err); int xfrm4_protocol_register(struct xfrm4_protocol *handler, unsigned char protocol); int xfrm4_protocol_deregister(struct xfrm4_protocol *handler, unsigned char protocol); |
d511337a1 xfrm.h: Remove ex... |
1452 1453 |
int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family); int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family); |
d511337a1 xfrm.h: Remove ex... |
1454 1455 1456 |
void xfrm4_local_error(struct sk_buff *skb, u32 mtu); int xfrm6_extract_header(struct sk_buff *skb); int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb); |
63c43787d vti6: fix input path |
1457 1458 |
int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi, struct ip6_tnl *t); |
d511337a1 xfrm.h: Remove ex... |
1459 |
int xfrm6_transport_finish(struct sk_buff *skb, int async); |
63c43787d vti6: fix input path |
1460 |
int xfrm6_rcv_tnl(struct sk_buff *skb, struct ip6_tnl *t); |
d511337a1 xfrm.h: Remove ex... |
1461 1462 1463 |
int xfrm6_rcv(struct sk_buff *skb); int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto); |
7b77d161c Merge branch 'mas... |
1464 |
void xfrm6_local_error(struct sk_buff *skb, u32 mtu); |
7e14ea152 xfrm6: Add IPsec ... |
1465 1466 1467 |
int xfrm6_rcv_cb(struct sk_buff *skb, u8 protocol, int err); int xfrm6_protocol_register(struct xfrm6_protocol *handler, unsigned char protocol); int xfrm6_protocol_deregister(struct xfrm6_protocol *handler, unsigned char protocol); |
d511337a1 xfrm.h: Remove ex... |
1468 |
int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family); |
7b77d161c Merge branch 'mas... |
1469 |
int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family); |
d511337a1 xfrm.h: Remove ex... |
1470 1471 1472 1473 |
__be32 xfrm6_tunnel_alloc_spi(struct net *net, xfrm_address_t *saddr); __be32 xfrm6_tunnel_spi_lookup(struct net *net, const xfrm_address_t *saddr); int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb); int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb); |
ede2059db dst: Pass net int... |
1474 |
int xfrm6_output(struct net *net, struct sock *sk, struct sk_buff *skb); |
7026b1ddb netfilter: Pass s... |
1475 |
int xfrm6_output_finish(struct sock *sk, struct sk_buff *skb); |
d511337a1 xfrm.h: Remove ex... |
1476 1477 |
int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb, u8 **prevhdr); |
1da177e4c Linux-2.6.12-rc2 |
1478 1479 |
#ifdef CONFIG_XFRM |
d511337a1 xfrm.h: Remove ex... |
1480 1481 1482 |
int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb); int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen); |
1da177e4c Linux-2.6.12-rc2 |
1483 1484 1485 1486 1487 |
#else static inline int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen) { return -ENOPROTOOPT; } |
067b207b2 [UDP]: Cleanup UD... |
1488 |
static inline int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb) |
1da177e4c Linux-2.6.12-rc2 |
1489 1490 1491 1492 1493 |
{ /* should not happen */ kfree_skb(skb); return 0; } |
1da177e4c Linux-2.6.12-rc2 |
1494 |
#endif |
0331b1f38 netns xfrm: add s... |
1495 |
struct xfrm_policy *xfrm_policy_alloc(struct net *net, gfp_t gfp); |
4c563f766 [XFRM]: Speed up ... |
1496 |
|
d511337a1 xfrm.h: Remove ex... |
1497 1498 1499 1500 |
void xfrm_policy_walk_init(struct xfrm_policy_walk *walk, u8 type); int xfrm_policy_walk(struct net *net, struct xfrm_policy_walk *walk, int (*func)(struct xfrm_policy *, int, int, void*), void *); |
283bc9f35 xfrm: Namespacify... |
1501 |
void xfrm_policy_walk_done(struct xfrm_policy_walk *walk, struct net *net); |
1da177e4c Linux-2.6.12-rc2 |
1502 |
int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); |
8ca2e93b5 xfrm: SP lookups ... |
1503 1504 |
struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, u8 type, int dir, |
4e81bb833 [XFRM] POLICY: su... |
1505 |
struct xfrm_selector *sel, |
ef41aaa0b [IPSEC]: xfrm_pol... |
1506 1507 |
struct xfrm_sec_ctx *ctx, int delete, int *err); |
d511337a1 xfrm.h: Remove ex... |
1508 1509 |
struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir, u32 id, int delete, int *err); |
2e71029e2 xfrm: Remove usel... |
1510 |
int xfrm_policy_flush(struct net *net, u8 type, bool task_valid); |
880a6fab8 xfrm: configure p... |
1511 |
void xfrm_policy_hash_rebuild(struct net *net); |
1da177e4c Linux-2.6.12-rc2 |
1512 |
u32 xfrm_get_acqseq(void); |
776e9dd90 xfrm: export veri... |
1513 |
int verify_spi_info(u8 proto, u32 min, u32 max); |
d511337a1 xfrm.h: Remove ex... |
1514 |
int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi); |
e473fcb47 xfrm: constify ma... |
1515 |
struct xfrm_state *xfrm_find_acq(struct net *net, const struct xfrm_mark *mark, |
bd55775c8 xfrm: SA lookups ... |
1516 |
u8 mode, u32 reqid, u8 proto, |
a70486f0e xfrm: Pass const ... |
1517 1518 |
const xfrm_address_t *daddr, const xfrm_address_t *saddr, int create, |
bd55775c8 xfrm: SA lookups ... |
1519 |
unsigned short family); |
d511337a1 xfrm.h: Remove ex... |
1520 |
int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol); |
1da177e4c Linux-2.6.12-rc2 |
1521 |
|
80c9abaab [XFRM]: Extension... |
1522 |
#ifdef CONFIG_XFRM_MIGRATE |
d511337a1 xfrm.h: Remove ex... |
1523 1524 1525 |
int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, const struct xfrm_migrate *m, int num_bundles, const struct xfrm_kmaddress *k); |
283bc9f35 xfrm: Namespacify... |
1526 |
struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net); |
d511337a1 xfrm.h: Remove ex... |
1527 1528 1529 1530 |
struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, struct xfrm_migrate *m); int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles, |
8d549c4f5 xfrm: Using the r... |
1531 |
struct xfrm_kmaddress *k, struct net *net); |
80c9abaab [XFRM]: Extension... |
1532 |
#endif |
d511337a1 xfrm.h: Remove ex... |
1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 |
int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport); void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 portid); int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr); void xfrm_input_init(void); int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq); void xfrm_probe_algs(void); int xfrm_count_pfkey_auth_supported(void); int xfrm_count_pfkey_enc_supported(void); struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx); struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx); struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id); struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id); struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id); struct xfrm_algo_desc *xfrm_aalg_get_byname(const char *name, int probe); struct xfrm_algo_desc *xfrm_ealg_get_byname(const char *name, int probe); struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe); struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len, int probe); |
1da177e4c Linux-2.6.12-rc2 |
1554 |
|
70e94e66a xfrm: Convert xfr... |
1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 |
static inline bool xfrm6_addr_equal(const xfrm_address_t *a, const xfrm_address_t *b) { return ipv6_addr_equal((const struct in6_addr *)a, (const struct in6_addr *)b); } static inline bool xfrm_addr_equal(const xfrm_address_t *a, const xfrm_address_t *b, sa_family_t family) |
1da177e4c Linux-2.6.12-rc2 |
1565 1566 1567 1568 |
{ switch (family) { default: case AF_INET: |
70e94e66a xfrm: Convert xfr... |
1569 |
return ((__force u32)a->a4 ^ (__force u32)b->a4) == 0; |
1da177e4c Linux-2.6.12-rc2 |
1570 |
case AF_INET6: |
70e94e66a xfrm: Convert xfr... |
1571 |
return xfrm6_addr_equal(a, b); |
1da177e4c Linux-2.6.12-rc2 |
1572 1573 |
} } |
77d8d7a68 [IPSEC]: Document... |
1574 1575 1576 1577 |
static inline int xfrm_policy_id2dir(u32 index) { return index & 7; } |
a6483b790 netns xfrm: per-n... |
1578 1579 |
#ifdef CONFIG_XFRM static inline int xfrm_aevent_is_on(struct net *net) |
f8cd54884 [IPSEC]: Sync ser... |
1580 |
{ |
be33690d8 [XFRM]: Fix aeven... |
1581 1582 1583 1584 |
struct sock *nlsk; int ret = 0; rcu_read_lock(); |
a6483b790 netns xfrm: per-n... |
1585 |
nlsk = rcu_dereference(net->xfrm.nlsk); |
be33690d8 [XFRM]: Fix aeven... |
1586 1587 1588 1589 |
if (nlsk) ret = netlink_has_listeners(nlsk, XFRMNLGRP_AEVENTS); rcu_read_unlock(); return ret; |
f8cd54884 [IPSEC]: Sync ser... |
1590 |
} |
0f24558e9 xfrm: avoid creat... |
1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 |
static inline int xfrm_acquire_is_on(struct net *net) { struct sock *nlsk; int ret = 0; rcu_read_lock(); nlsk = rcu_dereference(net->xfrm.nlsk); if (nlsk) ret = netlink_has_listeners(nlsk, XFRMNLGRP_ACQUIRE); rcu_read_unlock(); return ret; } |
a6483b790 netns xfrm: per-n... |
1605 |
#endif |
f8cd54884 [IPSEC]: Sync ser... |
1606 |
|
ee5c23176 xfrm: Clone state... |
1607 1608 1609 1610 |
static inline int aead_len(struct xfrm_algo_aead *alg) { return sizeof(*alg) + ((alg->alg_key_len + 7) / 8); } |
851586218 xfrm: Pass const ... |
1611 |
static inline int xfrm_alg_len(const struct xfrm_algo *alg) |
0f99be0d1 [XFRM]: xfrm_algo... |
1612 1613 1614 |
{ return sizeof(*alg) + ((alg->alg_key_len + 7) / 8); } |
851586218 xfrm: Pass const ... |
1615 |
static inline int xfrm_alg_auth_len(const struct xfrm_algo_auth *alg) |
4447bb33f xfrm: Store aalg ... |
1616 1617 1618 |
{ return sizeof(*alg) + ((alg->alg_key_len + 7) / 8); } |
9736acf39 xfrm: Add basic i... |
1619 1620 1621 1622 |
static inline int xfrm_replay_state_esn_len(struct xfrm_replay_state_esn *replay_esn) { return sizeof(*replay_esn) + replay_esn->bmp_len * sizeof(__u32); } |
80c9abaab [XFRM]: Extension... |
1623 |
#ifdef CONFIG_XFRM_MIGRATE |
af2f464e3 xfrm: Assign esn ... |
1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 |
static inline int xfrm_replay_clone(struct xfrm_state *x, struct xfrm_state *orig) { x->replay_esn = kzalloc(xfrm_replay_state_esn_len(orig->replay_esn), GFP_KERNEL); if (!x->replay_esn) return -ENOMEM; x->replay_esn->bmp_len = orig->replay_esn->bmp_len; x->replay_esn->replay_window = orig->replay_esn->replay_window; x->preplay_esn = kmemdup(x->replay_esn, xfrm_replay_state_esn_len(x->replay_esn), GFP_KERNEL); if (!x->preplay_esn) { kfree(x->replay_esn); return -ENOMEM; } return 0; } |
ee5c23176 xfrm: Clone state... |
1645 1646 1647 1648 |
static inline struct xfrm_algo_aead *xfrm_algo_aead_clone(struct xfrm_algo_aead *orig) { return kmemdup(orig, aead_len(orig), GFP_KERNEL); } |
80c9abaab [XFRM]: Extension... |
1649 1650 |
static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig) { |
0f99be0d1 [XFRM]: xfrm_algo... |
1651 |
return kmemdup(orig, xfrm_alg_len(orig), GFP_KERNEL); |
80c9abaab [XFRM]: Extension... |
1652 |
} |
4447bb33f xfrm: Store aalg ... |
1653 1654 1655 1656 |
static inline struct xfrm_algo_auth *xfrm_algo_auth_clone(struct xfrm_algo_auth *orig) { return kmemdup(orig, xfrm_alg_auth_len(orig), GFP_KERNEL); } |
80c9abaab [XFRM]: Extension... |
1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 |
static inline void xfrm_states_put(struct xfrm_state **states, int n) { int i; for (i = 0; i < n; i++) xfrm_state_put(*(states + i)); } static inline void xfrm_states_delete(struct xfrm_state **states, int n) { int i; for (i = 0; i < n; i++) xfrm_state_delete(*(states + i)); } #endif |
f8cd54884 [IPSEC]: Sync ser... |
1671 |
|
def8b4faf net: reduce struc... |
1672 |
#ifdef CONFIG_XFRM |
005011211 [IPSEC]: Add xfrm... |
1673 1674 1675 1676 |
static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb) { return skb->sp->xvec[skb->sp->len - 1]; } |
def8b4faf net: reduce struc... |
1677 |
#endif |
005011211 [IPSEC]: Add xfrm... |
1678 |
|
bf825f81b xfrm: introduce b... |
1679 1680 1681 |
static inline int xfrm_mark_get(struct nlattr **attrs, struct xfrm_mark *m) { if (attrs[XFRMA_MARK]) |
4efd7e833 xfrm: fix XFRMA_M... |
1682 |
memcpy(m, nla_data(attrs[XFRMA_MARK]), sizeof(struct xfrm_mark)); |
bf825f81b xfrm: introduce b... |
1683 1684 1685 1686 1687 |
else m->v = m->m = 0; return m->v & m->m; } |
e3dfa389f xfrm: Pass const ... |
1688 |
static inline int xfrm_mark_put(struct sk_buff *skb, const struct xfrm_mark *m) |
bf825f81b xfrm: introduce b... |
1689 |
{ |
1d1e34ddd xfrm_user: Propag... |
1690 |
int ret = 0; |
bf825f81b xfrm: introduce b... |
1691 |
|
1d1e34ddd xfrm_user: Propag... |
1692 1693 1694 |
if (m->m | m->v) ret = nla_put(skb, XFRMA_MARK, sizeof(struct xfrm_mark), m); return ret; |
bf825f81b xfrm: introduce b... |
1695 |
} |
70be6c91c xfrm: Add xfrm_tu... |
1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 |
static inline int xfrm_tunnel_check(struct sk_buff *skb, struct xfrm_state *x, unsigned int family) { bool tunnel = false; switch(family) { case AF_INET: if (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4) tunnel = true; break; case AF_INET6: if (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6) tunnel = true; break; } if (tunnel && !(x->outer_mode->flags & XFRM_MODE_FLAG_TUNNEL)) return -EINVAL; return 0; } |
1da177e4c Linux-2.6.12-rc2 |
1716 |
#endif /* _NET_XFRM_H */ |