aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Willi <martin@strongswan.org>2010-12-07 23:37:49 -0500
committerDavid S. Miller <davem@davemloft.net>2010-12-10 17:43:58 -0500
commit35d2856b4693e8de5d616307b56cef296b839157 (patch)
treead267bf9f3312b2d64bec8b4912178577a8cb71e
parent957fca95e3521e471aac4c2e4cfbc21f399bdd84 (diff)
xfrm: Add Traffic Flow Confidentiality padding XFRM attribute
The XFRMA_TFCPAD attribute for XFRM state installation configures Traffic Flow Confidentiality by padding ESP packets to a specified length. Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat
-rw-r--r--include/linux/xfrm.h1
-rw-r--r--include/net/xfrm.h1
-rw-r--r--net/xfrm/xfrm_user.c19
3 files changed, 19 insertions, 2 deletions
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index b971e3848493..930fdd2de79c 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -283,6 +283,7 @@ enum xfrm_attr_type_t {
283 XFRMA_KMADDRESS, /* struct xfrm_user_kmaddress */ 283 XFRMA_KMADDRESS, /* struct xfrm_user_kmaddress */
284 XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */ 284 XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */
285 XFRMA_MARK, /* struct xfrm_mark */ 285 XFRMA_MARK, /* struct xfrm_mark */
286 XFRMA_TFCPAD, /* __u32 */
286 __XFRMA_MAX 287 __XFRMA_MAX
287 288
288#define XFRMA_MAX (__XFRMA_MAX - 1) 289#define XFRMA_MAX (__XFRMA_MAX - 1)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 7fa5b005893e..b9f385da758e 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -143,6 +143,7 @@ struct xfrm_state {
143 struct xfrm_id id; 143 struct xfrm_id id;
144 struct xfrm_selector sel; 144 struct xfrm_selector sel;
145 struct xfrm_mark mark; 145 struct xfrm_mark mark;
146 u32 tfcpad;
146 147
147 u32 genid; 148 u32 genid;
148 149
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 8bae6b22c846..8eb889510916 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -148,7 +148,8 @@ static int verify_newsa_info(struct xfrm_usersa_info *p,
148 !attrs[XFRMA_ALG_AUTH_TRUNC]) || 148 !attrs[XFRMA_ALG_AUTH_TRUNC]) ||
149 attrs[XFRMA_ALG_AEAD] || 149 attrs[XFRMA_ALG_AEAD] ||
150 attrs[XFRMA_ALG_CRYPT] || 150 attrs[XFRMA_ALG_CRYPT] ||
151 attrs[XFRMA_ALG_COMP]) 151 attrs[XFRMA_ALG_COMP] ||
152 attrs[XFRMA_TFCPAD])
152 goto out; 153 goto out;
153 break; 154 break;
154 155
@@ -165,6 +166,9 @@ static int verify_newsa_info(struct xfrm_usersa_info *p,
165 attrs[XFRMA_ALG_CRYPT]) && 166 attrs[XFRMA_ALG_CRYPT]) &&
166 attrs[XFRMA_ALG_AEAD]) 167 attrs[XFRMA_ALG_AEAD])
167 goto out; 168 goto out;
169 if (attrs[XFRMA_TFCPAD] &&
170 p->mode != XFRM_MODE_TUNNEL)
171 goto out;
168 break; 172 break;
169 173
170 case IPPROTO_COMP: 174 case IPPROTO_COMP:
@@ -172,7 +176,8 @@ static int verify_newsa_info(struct xfrm_usersa_info *p,
172 attrs[XFRMA_ALG_AEAD] || 176 attrs[XFRMA_ALG_AEAD] ||
173 attrs[XFRMA_ALG_AUTH] || 177 attrs[XFRMA_ALG_AUTH] ||
174 attrs[XFRMA_ALG_AUTH_TRUNC] || 178 attrs[XFRMA_ALG_AUTH_TRUNC] ||
175 attrs[XFRMA_ALG_CRYPT]) 179 attrs[XFRMA_ALG_CRYPT] ||
180 attrs[XFRMA_TFCPAD])
176 goto out; 181 goto out;
177 break; 182 break;
178 183
@@ -186,6 +191,7 @@ static int verify_newsa_info(struct xfrm_usersa_info *p,
186 attrs[XFRMA_ALG_CRYPT] || 191 attrs[XFRMA_ALG_CRYPT] ||
187 attrs[XFRMA_ENCAP] || 192 attrs[XFRMA_ENCAP] ||
188 attrs[XFRMA_SEC_CTX] || 193 attrs[XFRMA_SEC_CTX] ||
194 attrs[XFRMA_TFCPAD] ||
189 !attrs[XFRMA_COADDR]) 195 !attrs[XFRMA_COADDR])
190 goto out; 196 goto out;
191 break; 197 break;
@@ -439,6 +445,9 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
439 goto error; 445 goto error;
440 } 446 }
441 447
448 if (attrs[XFRMA_TFCPAD])
449 x->tfcpad = nla_get_u32(attrs[XFRMA_TFCPAD]);
450
442 if (attrs[XFRMA_COADDR]) { 451 if (attrs[XFRMA_COADDR]) {
443 x->coaddr = kmemdup(nla_data(attrs[XFRMA_COADDR]), 452 x->coaddr = kmemdup(nla_data(attrs[XFRMA_COADDR]),
444 sizeof(*x->coaddr), GFP_KERNEL); 453 sizeof(*x->coaddr), GFP_KERNEL);
@@ -688,6 +697,9 @@ static int copy_to_user_state_extra(struct xfrm_state *x,
688 if (x->encap) 697 if (x->encap)
689 NLA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 698 NLA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap);
690 699
700 if (x->tfcpad)
701 NLA_PUT_U32(skb, XFRMA_TFCPAD, x->tfcpad);
702
691 if (xfrm_mark_put(skb, &x->mark)) 703 if (xfrm_mark_put(skb, &x->mark))
692 goto nla_put_failure; 704 goto nla_put_failure;
693 705
@@ -2122,6 +2134,7 @@ static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = {
2122 [XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) }, 2134 [XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) },
2123 [XFRMA_KMADDRESS] = { .len = sizeof(struct xfrm_user_kmaddress) }, 2135 [XFRMA_KMADDRESS] = { .len = sizeof(struct xfrm_user_kmaddress) },
2124 [XFRMA_MARK] = { .len = sizeof(struct xfrm_mark) }, 2136 [XFRMA_MARK] = { .len = sizeof(struct xfrm_mark) },
2137 [XFRMA_TFCPAD] = { .type = NLA_U32 },
2125}; 2138};
2126 2139
2127static struct xfrm_link { 2140static struct xfrm_link {
@@ -2301,6 +2314,8 @@ static inline size_t xfrm_sa_len(struct xfrm_state *x)
2301 l += nla_total_size(sizeof(*x->calg)); 2314 l += nla_total_size(sizeof(*x->calg));
2302 if (x->encap) 2315 if (x->encap)
2303 l += nla_total_size(sizeof(*x->encap)); 2316 l += nla_total_size(sizeof(*x->encap));
2317 if (x->tfcpad)
2318 l += nla_total_size(sizeof(x->tfcpad));
2304 if (x->security) 2319 if (x->security)
2305 l += nla_total_size(sizeof(struct xfrm_user_sec_ctx) + 2320 l += nla_total_size(sizeof(struct xfrm_user_sec_ctx) +
2306 x->security->ctx_len); 2321 x->security->ctx_len);
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-24 02:38:00 -0400