aboutsummaryrefslogtreecommitdiffstats
path: root/include/net/xfrm.h
diff options
context:
space:
mode:
authorGlenn Elliott <gelliott@cs.unc.edu>2012-03-04 19:47:13 -0500
committerGlenn Elliott <gelliott@cs.unc.edu>2012-03-04 19:47:13 -0500
commitc71c03bda1e86c9d5198c5d83f712e695c4f2a1e (patch)
treeecb166cb3e2b7e2adb3b5e292245fefd23381ac8 /include/net/xfrm.h
parentea53c912f8a86a8567697115b6a0d8152beee5c8 (diff)
parent6a00f206debf8a5c8899055726ad127dbeeed098 (diff)
Merge branch 'mpi-master' into wip-k-fmlpwip-k-fmlp
Conflicts: litmus/sched_cedf.c
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r--include/net/xfrm.h264
1 files changed, 174 insertions, 90 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 4f53532d4c2f..b203e14d26b7 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -36,6 +36,7 @@
36#define XFRM_PROTO_ROUTING IPPROTO_ROUTING 36#define XFRM_PROTO_ROUTING IPPROTO_ROUTING
37#define XFRM_PROTO_DSTOPTS IPPROTO_DSTOPTS 37#define XFRM_PROTO_DSTOPTS IPPROTO_DSTOPTS
38 38
39#define XFRM_ALIGN4(len) (((len) + 3) & ~3)
39#define XFRM_ALIGN8(len) (((len) + 7) & ~7) 40#define XFRM_ALIGN8(len) (((len) + 7) & ~7)
40#define MODULE_ALIAS_XFRM_MODE(family, encap) \ 41#define MODULE_ALIAS_XFRM_MODE(family, encap) \
41 MODULE_ALIAS("xfrm-mode-" __stringify(family) "-" __stringify(encap)) 42 MODULE_ALIAS("xfrm-mode-" __stringify(family) "-" __stringify(encap))
@@ -143,6 +144,7 @@ struct xfrm_state {
143 struct xfrm_id id; 144 struct xfrm_id id;
144 struct xfrm_selector sel; 145 struct xfrm_selector sel;
145 struct xfrm_mark mark; 146 struct xfrm_mark mark;
147 u32 tfcpad;
146 148
147 u32 genid; 149 u32 genid;
148 150
@@ -184,9 +186,14 @@ struct xfrm_state {
184 186
185 /* State for replay detection */ 187 /* State for replay detection */
186 struct xfrm_replay_state replay; 188 struct xfrm_replay_state replay;
189 struct xfrm_replay_state_esn *replay_esn;
187 190
188 /* Replay detection state at the time we sent the last notification */ 191 /* Replay detection state at the time we sent the last notification */
189 struct xfrm_replay_state preplay; 192 struct xfrm_replay_state preplay;
193 struct xfrm_replay_state_esn *preplay_esn;
194
195 /* The functions for replay detection. */
196 struct xfrm_replay *repl;
190 197
191 /* internal flag that only holds state for delayed aevent at the 198 /* internal flag that only holds state for delayed aevent at the
192 * moment 199 * moment
@@ -257,6 +264,15 @@ struct km_event {
257 struct net *net; 264 struct net *net;
258}; 265};
259 266
267struct xfrm_replay {
268 void (*advance)(struct xfrm_state *x, __be32 net_seq);
269 int (*check)(struct xfrm_state *x,
270 struct sk_buff *skb,
271 __be32 net_seq);
272 void (*notify)(struct xfrm_state *x, int event);
273 int (*overflow)(struct xfrm_state *x, struct sk_buff *skb);
274};
275
260struct net_device; 276struct net_device;
261struct xfrm_type; 277struct xfrm_type;
262struct xfrm_dst; 278struct xfrm_dst;
@@ -265,25 +281,26 @@ struct xfrm_policy_afinfo {
265 struct dst_ops *dst_ops; 281 struct dst_ops *dst_ops;
266 void (*garbage_collect)(struct net *net); 282 void (*garbage_collect)(struct net *net);
267 struct dst_entry *(*dst_lookup)(struct net *net, int tos, 283 struct dst_entry *(*dst_lookup)(struct net *net, int tos,
268 xfrm_address_t *saddr, 284 const xfrm_address_t *saddr,
269 xfrm_address_t *daddr); 285 const xfrm_address_t *daddr);
270 int (*get_saddr)(struct net *net, xfrm_address_t *saddr, xfrm_address_t *daddr); 286 int (*get_saddr)(struct net *net, xfrm_address_t *saddr, xfrm_address_t *daddr);
271 void (*decode_session)(struct sk_buff *skb, 287 void (*decode_session)(struct sk_buff *skb,
272 struct flowi *fl, 288 struct flowi *fl,
273 int reverse); 289 int reverse);
274 int (*get_tos)(struct flowi *fl); 290 int (*get_tos)(const struct flowi *fl);
275 int (*init_path)(struct xfrm_dst *path, 291 int (*init_path)(struct xfrm_dst *path,
276 struct dst_entry *dst, 292 struct dst_entry *dst,
277 int nfheader_len); 293 int nfheader_len);
278 int (*fill_dst)(struct xfrm_dst *xdst, 294 int (*fill_dst)(struct xfrm_dst *xdst,
279 struct net_device *dev, 295 struct net_device *dev,
280 struct flowi *fl); 296 const struct flowi *fl);
297 struct dst_entry *(*blackhole_route)(struct net *net, struct dst_entry *orig);
281}; 298};
282 299
283extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo); 300extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
284extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo); 301extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo);
285extern void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c); 302extern void km_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c);
286extern void km_state_notify(struct xfrm_state *x, struct km_event *c); 303extern void km_state_notify(struct xfrm_state *x, const struct km_event *c);
287 304
288struct xfrm_tmpl; 305struct xfrm_tmpl;
289extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); 306extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
@@ -298,12 +315,16 @@ struct xfrm_state_afinfo {
298 const struct xfrm_type *type_map[IPPROTO_MAX]; 315 const struct xfrm_type *type_map[IPPROTO_MAX];
299 struct xfrm_mode *mode_map[XFRM_MODE_MAX]; 316 struct xfrm_mode *mode_map[XFRM_MODE_MAX];
300 int (*init_flags)(struct xfrm_state *x); 317 int (*init_flags)(struct xfrm_state *x);
301 void (*init_tempsel)(struct xfrm_selector *sel, struct flowi *fl); 318 void (*init_tempsel)(struct xfrm_selector *sel,
302 void (*init_temprop)(struct xfrm_state *x, struct xfrm_tmpl *tmpl, 319 const struct flowi *fl);
303 xfrm_address_t *daddr, xfrm_address_t *saddr); 320 void (*init_temprop)(struct xfrm_state *x,
321 const struct xfrm_tmpl *tmpl,
322 const xfrm_address_t *daddr,
323 const xfrm_address_t *saddr);
304 int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n); 324 int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n);
305 int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n); 325 int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n);
306 int (*output)(struct sk_buff *skb); 326 int (*output)(struct sk_buff *skb);
327 int (*output_finish)(struct sk_buff *skb);
307 int (*extract_input)(struct xfrm_state *x, 328 int (*extract_input)(struct xfrm_state *x,
308 struct sk_buff *skb); 329 struct sk_buff *skb);
309 int (*extract_output)(struct xfrm_state *x, 330 int (*extract_output)(struct xfrm_state *x,
@@ -331,7 +352,8 @@ struct xfrm_type {
331 void (*destructor)(struct xfrm_state *); 352 void (*destructor)(struct xfrm_state *);
332 int (*input)(struct xfrm_state *, struct sk_buff *skb); 353 int (*input)(struct xfrm_state *, struct sk_buff *skb);
333 int (*output)(struct xfrm_state *, struct sk_buff *pskb); 354 int (*output)(struct xfrm_state *, struct sk_buff *pskb);
334 int (*reject)(struct xfrm_state *, struct sk_buff *, struct flowi *); 355 int (*reject)(struct xfrm_state *, struct sk_buff *,
356 const struct flowi *);
335 int (*hdr_offset)(struct xfrm_state *, struct sk_buff *, u8 **); 357 int (*hdr_offset)(struct xfrm_state *, struct sk_buff *, u8 **);
336 /* Estimate maximal size of result of transformation of a dgram */ 358 /* Estimate maximal size of result of transformation of a dgram */
337 u32 (*get_mtu)(struct xfrm_state *, int size); 359 u32 (*get_mtu)(struct xfrm_state *, int size);
@@ -500,7 +522,7 @@ struct xfrm_policy {
500 struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; 522 struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH];
501}; 523};
502 524
503static inline struct net *xp_net(struct xfrm_policy *xp) 525static inline struct net *xp_net(const struct xfrm_policy *xp)
504{ 526{
505 return read_pnet(&xp->xp_net); 527 return read_pnet(&xp->xp_net);
506} 528}
@@ -544,13 +566,17 @@ struct xfrm_migrate {
544struct xfrm_mgr { 566struct xfrm_mgr {
545 struct list_head list; 567 struct list_head list;
546 char *id; 568 char *id;
547 int (*notify)(struct xfrm_state *x, struct km_event *c); 569 int (*notify)(struct xfrm_state *x, const struct km_event *c);
548 int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir); 570 int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir);
549 struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir); 571 struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir);
550 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport); 572 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
551 int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c); 573 int (*notify_policy)(struct xfrm_policy *x, int dir, const struct km_event *c);
552 int (*report)(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr); 574 int (*report)(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
553 int (*migrate)(struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles, struct xfrm_kmaddress *k); 575 int (*migrate)(const struct xfrm_selector *sel,
576 u8 dir, u8 type,
577 const struct xfrm_migrate *m,
578 int num_bundles,
579 const struct xfrm_kmaddress *k);
554}; 580};
555 581
556extern int xfrm_register_km(struct xfrm_mgr *km); 582extern int xfrm_register_km(struct xfrm_mgr *km);
@@ -569,8 +595,14 @@ struct xfrm_skb_cb {
569 595
570 /* Sequence number for replay protection. */ 596 /* Sequence number for replay protection. */
571 union { 597 union {
572 u64 output; 598 struct {
573 __be32 input; 599 __u32 low;
600 __u32 hi;
601 } output;
602 struct {
603 __be32 low;
604 __be32 hi;
605 } input;
574 } seq; 606 } seq;
575}; 607};
576 608
@@ -674,6 +706,8 @@ extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
674 u32 auid, u32 ses, u32 secid); 706 u32 auid, u32 ses, u32 secid);
675extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x, 707extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
676 struct sk_buff *skb); 708 struct sk_buff *skb);
709extern void xfrm_audit_state_replay(struct xfrm_state *x,
710 struct sk_buff *skb, __be32 net_seq);
677extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family); 711extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
678extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family, 712extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
679 __be32 net_spi, __be32 net_seq); 713 __be32 net_spi, __be32 net_seq);
@@ -706,6 +740,11 @@ static inline void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
706{ 740{
707} 741}
708 742
743static inline void xfrm_audit_state_replay(struct xfrm_state *x,
744 struct sk_buff *skb, __be32 net_seq)
745{
746}
747
709static inline void xfrm_audit_state_notfound_simple(struct sk_buff *skb, 748static inline void xfrm_audit_state_notfound_simple(struct sk_buff *skb,
710 u16 family) 749 u16 family)
711{ 750{
@@ -761,10 +800,11 @@ static inline void xfrm_state_hold(struct xfrm_state *x)
761 atomic_inc(&x->refcnt); 800 atomic_inc(&x->refcnt);
762} 801}
763 802
764static __inline__ int addr_match(void *token1, void *token2, int prefixlen) 803static inline bool addr_match(const void *token1, const void *token2,
804 int prefixlen)
765{ 805{
766 __be32 *a1 = token1; 806 const __be32 *a1 = token1;
767 __be32 *a2 = token2; 807 const __be32 *a2 = token2;
768 int pdw; 808 int pdw;
769 int pbi; 809 int pbi;
770 810
@@ -773,7 +813,7 @@ static __inline__ int addr_match(void *token1, void *token2, int prefixlen)
773 813
774 if (pdw) 814 if (pdw)
775 if (memcmp(a1, a2, pdw << 2)) 815 if (memcmp(a1, a2, pdw << 2))
776 return 0; 816 return false;
777 817
778 if (pbi) { 818 if (pbi) {
779 __be32 mask; 819 __be32 mask;
@@ -781,29 +821,32 @@ static __inline__ int addr_match(void *token1, void *token2, int prefixlen)
781 mask = htonl((0xffffffff) << (32 - pbi)); 821 mask = htonl((0xffffffff) << (32 - pbi));
782 822
783 if ((a1[pdw] ^ a2[pdw]) & mask) 823 if ((a1[pdw] ^ a2[pdw]) & mask)
784 return 0; 824 return false;
785 } 825 }
786 826
787 return 1; 827 return true;
788} 828}
789 829
790static __inline__ 830static __inline__
791__be16 xfrm_flowi_sport(struct flowi *fl) 831__be16 xfrm_flowi_sport(const struct flowi *fl, const union flowi_uli *uli)
792{ 832{
793 __be16 port; 833 __be16 port;
794 switch(fl->proto) { 834 switch(fl->flowi_proto) {
795 case IPPROTO_TCP: 835 case IPPROTO_TCP:
796 case IPPROTO_UDP: 836 case IPPROTO_UDP:
797 case IPPROTO_UDPLITE: 837 case IPPROTO_UDPLITE:
798 case IPPROTO_SCTP: 838 case IPPROTO_SCTP:
799 port = fl->fl_ip_sport; 839 port = uli->ports.sport;
800 break; 840 break;
801 case IPPROTO_ICMP: 841 case IPPROTO_ICMP:
802 case IPPROTO_ICMPV6: 842 case IPPROTO_ICMPV6:
803 port = htons(fl->fl_icmp_type); 843 port = htons(uli->icmpt.type);
804 break; 844 break;
805 case IPPROTO_MH: 845 case IPPROTO_MH:
806 port = htons(fl->fl_mh_type); 846 port = htons(uli->mht.type);
847 break;
848 case IPPROTO_GRE:
849 port = htons(ntohl(uli->gre_key) >> 16);
807 break; 850 break;
808 default: 851 default:
809 port = 0; /*XXX*/ 852 port = 0; /*XXX*/
@@ -812,19 +855,22 @@ __be16 xfrm_flowi_sport(struct flowi *fl)
812} 855}
813 856
814static __inline__ 857static __inline__
815__be16 xfrm_flowi_dport(struct flowi *fl) 858__be16 xfrm_flowi_dport(const struct flowi *fl, const union flowi_uli *uli)
816{ 859{
817 __be16 port; 860 __be16 port;
818 switch(fl->proto) { 861 switch(fl->flowi_proto) {
819 case IPPROTO_TCP: 862 case IPPROTO_TCP:
820 case IPPROTO_UDP: 863 case IPPROTO_UDP:
821 case IPPROTO_UDPLITE: 864 case IPPROTO_UDPLITE:
822 case IPPROTO_SCTP: 865 case IPPROTO_SCTP:
823 port = fl->fl_ip_dport; 866 port = uli->ports.dport;
824 break; 867 break;
825 case IPPROTO_ICMP: 868 case IPPROTO_ICMP:
826 case IPPROTO_ICMPV6: 869 case IPPROTO_ICMPV6:
827 port = htons(fl->fl_icmp_code); 870 port = htons(uli->icmpt.code);
871 break;
872 case IPPROTO_GRE:
873 port = htons(ntohl(uli->gre_key) & 0xffff);
828 break; 874 break;
829 default: 875 default:
830 port = 0; /*XXX*/ 876 port = 0; /*XXX*/
@@ -832,7 +878,8 @@ __be16 xfrm_flowi_dport(struct flowi *fl)
832 return port; 878 return port;
833} 879}
834 880
835extern int xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl, 881extern int xfrm_selector_match(const struct xfrm_selector *sel,
882 const struct flowi *fl,
836 unsigned short family); 883 unsigned short family);
837 884
838#ifdef CONFIG_SECURITY_NETWORK_XFRM 885#ifdef CONFIG_SECURITY_NETWORK_XFRM
@@ -911,6 +958,15 @@ struct sec_path {
911 struct xfrm_state *xvec[XFRM_MAX_DEPTH]; 958 struct xfrm_state *xvec[XFRM_MAX_DEPTH];
912}; 959};
913 960
961static inline int secpath_exists(struct sk_buff *skb)
962{
963#ifdef CONFIG_XFRM
964 return skb->sp != NULL;
965#else
966 return 0;
967#endif
968}
969
914static inline struct sec_path * 970static inline struct sec_path *
915secpath_get(struct sec_path *sp) 971secpath_get(struct sec_path *sp)
916{ 972{
@@ -940,7 +996,7 @@ secpath_reset(struct sk_buff *skb)
940} 996}
941 997
942static inline int 998static inline int
943xfrm_addr_any(xfrm_address_t *addr, unsigned short family) 999xfrm_addr_any(const xfrm_address_t *addr, unsigned short family)
944{ 1000{
945 switch (family) { 1001 switch (family) {
946 case AF_INET: 1002 case AF_INET:
@@ -952,21 +1008,21 @@ xfrm_addr_any(xfrm_address_t *addr, unsigned short family)
952} 1008}
953 1009
954static inline int 1010static inline int
955__xfrm4_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x) 1011__xfrm4_state_addr_cmp(const struct xfrm_tmpl *tmpl, const struct xfrm_state *x)
956{ 1012{
957 return (tmpl->saddr.a4 && 1013 return (tmpl->saddr.a4 &&
958 tmpl->saddr.a4 != x->props.saddr.a4); 1014 tmpl->saddr.a4 != x->props.saddr.a4);
959} 1015}
960 1016
961static inline int 1017static inline int
962__xfrm6_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x) 1018__xfrm6_state_addr_cmp(const struct xfrm_tmpl *tmpl, const struct xfrm_state *x)
963{ 1019{
964 return (!ipv6_addr_any((struct in6_addr*)&tmpl->saddr) && 1020 return (!ipv6_addr_any((struct in6_addr*)&tmpl->saddr) &&
965 ipv6_addr_cmp((struct in6_addr *)&tmpl->saddr, (struct in6_addr*)&x->props.saddr)); 1021 ipv6_addr_cmp((struct in6_addr *)&tmpl->saddr, (struct in6_addr*)&x->props.saddr));
966} 1022}
967 1023
968static inline int 1024static inline int
969xfrm_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x, unsigned short family) 1025xfrm_state_addr_cmp(const struct xfrm_tmpl *tmpl, const struct xfrm_state *x, unsigned short family)
970{ 1026{
971 switch (family) { 1027 switch (family) {
972 case AF_INET: 1028 case AF_INET:
@@ -1119,49 +1175,49 @@ static inline int xfrm6_policy_check_reverse(struct sock *sk, int dir,
1119#endif 1175#endif
1120 1176
1121static __inline__ 1177static __inline__
1122xfrm_address_t *xfrm_flowi_daddr(struct flowi *fl, unsigned short family) 1178xfrm_address_t *xfrm_flowi_daddr(const struct flowi *fl, unsigned short family)
1123{ 1179{
1124 switch (family){ 1180 switch (family){
1125 case AF_INET: 1181 case AF_INET:
1126 return (xfrm_address_t *)&fl->fl4_dst; 1182 return (xfrm_address_t *)&fl->u.ip4.daddr;
1127 case AF_INET6: 1183 case AF_INET6:
1128 return (xfrm_address_t *)&fl->fl6_dst; 1184 return (xfrm_address_t *)&fl->u.ip6.daddr;
1129 } 1185 }
1130 return NULL; 1186 return NULL;
1131} 1187}
1132 1188
1133static __inline__ 1189static __inline__
1134xfrm_address_t *xfrm_flowi_saddr(struct flowi *fl, unsigned short family) 1190xfrm_address_t *xfrm_flowi_saddr(const struct flowi *fl, unsigned short family)
1135{ 1191{
1136 switch (family){ 1192 switch (family){
1137 case AF_INET: 1193 case AF_INET:
1138 return (xfrm_address_t *)&fl->fl4_src; 1194 return (xfrm_address_t *)&fl->u.ip4.saddr;
1139 case AF_INET6: 1195 case AF_INET6:
1140 return (xfrm_address_t *)&fl->fl6_src; 1196 return (xfrm_address_t *)&fl->u.ip6.saddr;
1141 } 1197 }
1142 return NULL; 1198 return NULL;
1143} 1199}
1144 1200
1145static __inline__ 1201static __inline__
1146void xfrm_flowi_addr_get(struct flowi *fl, 1202void xfrm_flowi_addr_get(const struct flowi *fl,
1147 xfrm_address_t *saddr, xfrm_address_t *daddr, 1203 xfrm_address_t *saddr, xfrm_address_t *daddr,
1148 unsigned short family) 1204 unsigned short family)
1149{ 1205{
1150 switch(family) { 1206 switch(family) {
1151 case AF_INET: 1207 case AF_INET:
1152 memcpy(&saddr->a4, &fl->fl4_src, sizeof(saddr->a4)); 1208 memcpy(&saddr->a4, &fl->u.ip4.saddr, sizeof(saddr->a4));
1153 memcpy(&daddr->a4, &fl->fl4_dst, sizeof(daddr->a4)); 1209 memcpy(&daddr->a4, &fl->u.ip4.daddr, sizeof(daddr->a4));
1154 break; 1210 break;
1155 case AF_INET6: 1211 case AF_INET6:
1156 ipv6_addr_copy((struct in6_addr *)&saddr->a6, &fl->fl6_src); 1212 ipv6_addr_copy((struct in6_addr *)&saddr->a6, &fl->u.ip6.saddr);
1157 ipv6_addr_copy((struct in6_addr *)&daddr->a6, &fl->fl6_dst); 1213 ipv6_addr_copy((struct in6_addr *)&daddr->a6, &fl->u.ip6.daddr);
1158 break; 1214 break;
1159 } 1215 }
1160} 1216}
1161 1217
1162static __inline__ int 1218static __inline__ int
1163__xfrm4_state_addr_check(struct xfrm_state *x, 1219__xfrm4_state_addr_check(const struct xfrm_state *x,
1164 xfrm_address_t *daddr, xfrm_address_t *saddr) 1220 const xfrm_address_t *daddr, const xfrm_address_t *saddr)
1165{ 1221{
1166 if (daddr->a4 == x->id.daddr.a4 && 1222 if (daddr->a4 == x->id.daddr.a4 &&
1167 (saddr->a4 == x->props.saddr.a4 || !saddr->a4 || !x->props.saddr.a4)) 1223 (saddr->a4 == x->props.saddr.a4 || !saddr->a4 || !x->props.saddr.a4))
@@ -1170,8 +1226,8 @@ __xfrm4_state_addr_check(struct xfrm_state *x,
1170} 1226}
1171 1227
1172static __inline__ int 1228static __inline__ int
1173__xfrm6_state_addr_check(struct xfrm_state *x, 1229__xfrm6_state_addr_check(const struct xfrm_state *x,
1174 xfrm_address_t *daddr, xfrm_address_t *saddr) 1230 const xfrm_address_t *daddr, const xfrm_address_t *saddr)
1175{ 1231{
1176 if (!ipv6_addr_cmp((struct in6_addr *)daddr, (struct in6_addr *)&x->id.daddr) && 1232 if (!ipv6_addr_cmp((struct in6_addr *)daddr, (struct in6_addr *)&x->id.daddr) &&
1177 (!ipv6_addr_cmp((struct in6_addr *)saddr, (struct in6_addr *)&x->props.saddr)|| 1233 (!ipv6_addr_cmp((struct in6_addr *)saddr, (struct in6_addr *)&x->props.saddr)||
@@ -1182,8 +1238,8 @@ __xfrm6_state_addr_check(struct xfrm_state *x,
1182} 1238}
1183 1239
1184static __inline__ int 1240static __inline__ int
1185xfrm_state_addr_check(struct xfrm_state *x, 1241xfrm_state_addr_check(const struct xfrm_state *x,
1186 xfrm_address_t *daddr, xfrm_address_t *saddr, 1242 const xfrm_address_t *daddr, const xfrm_address_t *saddr,
1187 unsigned short family) 1243 unsigned short family)
1188{ 1244{
1189 switch (family) { 1245 switch (family) {
@@ -1196,23 +1252,23 @@ xfrm_state_addr_check(struct xfrm_state *x,
1196} 1252}
1197 1253
1198static __inline__ int 1254static __inline__ int
1199xfrm_state_addr_flow_check(struct xfrm_state *x, struct flowi *fl, 1255xfrm_state_addr_flow_check(const struct xfrm_state *x, const struct flowi *fl,
1200 unsigned short family) 1256 unsigned short family)
1201{ 1257{
1202 switch (family) { 1258 switch (family) {
1203 case AF_INET: 1259 case AF_INET:
1204 return __xfrm4_state_addr_check(x, 1260 return __xfrm4_state_addr_check(x,
1205 (xfrm_address_t *)&fl->fl4_dst, 1261 (const xfrm_address_t *)&fl->u.ip4.daddr,
1206 (xfrm_address_t *)&fl->fl4_src); 1262 (const xfrm_address_t *)&fl->u.ip4.saddr);
1207 case AF_INET6: 1263 case AF_INET6:
1208 return __xfrm6_state_addr_check(x, 1264 return __xfrm6_state_addr_check(x,
1209 (xfrm_address_t *)&fl->fl6_dst, 1265 (const xfrm_address_t *)&fl->u.ip6.daddr,
1210 (xfrm_address_t *)&fl->fl6_src); 1266 (const xfrm_address_t *)&fl->u.ip6.saddr);
1211 } 1267 }
1212 return 0; 1268 return 0;
1213} 1269}
1214 1270
1215static inline int xfrm_state_kern(struct xfrm_state *x) 1271static inline int xfrm_state_kern(const struct xfrm_state *x)
1216{ 1272{
1217 return atomic_read(&x->tunnel_users); 1273 return atomic_read(&x->tunnel_users);
1218} 1274}
@@ -1264,7 +1320,7 @@ struct xfrm_tunnel {
1264 int (*handler)(struct sk_buff *skb); 1320 int (*handler)(struct sk_buff *skb);
1265 int (*err_handler)(struct sk_buff *skb, u32 info); 1321 int (*err_handler)(struct sk_buff *skb, u32 info);
1266 1322
1267 struct xfrm_tunnel *next; 1323 struct xfrm_tunnel __rcu *next;
1268 int priority; 1324 int priority;
1269}; 1325};
1270 1326
@@ -1272,7 +1328,7 @@ struct xfrm6_tunnel {
1272 int (*handler)(struct sk_buff *skb); 1328 int (*handler)(struct sk_buff *skb);
1273 int (*err_handler)(struct sk_buff *skb, struct inet6_skb_parm *opt, 1329 int (*err_handler)(struct sk_buff *skb, struct inet6_skb_parm *opt,
1274 u8 type, u8 code, int offset, __be32 info); 1330 u8 type, u8 code, int offset, __be32 info);
1275 struct xfrm6_tunnel *next; 1331 struct xfrm6_tunnel __rcu *next;
1276 int priority; 1332 int priority;
1277}; 1333};
1278 1334
@@ -1316,8 +1372,10 @@ extern int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
1316 int (*func)(struct xfrm_state *, int, void*), void *); 1372 int (*func)(struct xfrm_state *, int, void*), void *);
1317extern void xfrm_state_walk_done(struct xfrm_state_walk *walk); 1373extern void xfrm_state_walk_done(struct xfrm_state_walk *walk);
1318extern struct xfrm_state *xfrm_state_alloc(struct net *net); 1374extern struct xfrm_state *xfrm_state_alloc(struct net *net);
1319extern struct xfrm_state *xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 1375extern struct xfrm_state *xfrm_state_find(const xfrm_address_t *daddr,
1320 struct flowi *fl, struct xfrm_tmpl *tmpl, 1376 const xfrm_address_t *saddr,
1377 const struct flowi *fl,
1378 struct xfrm_tmpl *tmpl,
1321 struct xfrm_policy *pol, int *err, 1379 struct xfrm_policy *pol, int *err,
1322 unsigned short family); 1380 unsigned short family);
1323extern struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark, 1381extern struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark,
@@ -1330,11 +1388,11 @@ extern void xfrm_state_insert(struct xfrm_state *x);
1330extern int xfrm_state_add(struct xfrm_state *x); 1388extern int xfrm_state_add(struct xfrm_state *x);
1331extern int xfrm_state_update(struct xfrm_state *x); 1389extern int xfrm_state_update(struct xfrm_state *x);
1332extern struct xfrm_state *xfrm_state_lookup(struct net *net, u32 mark, 1390extern struct xfrm_state *xfrm_state_lookup(struct net *net, u32 mark,
1333 xfrm_address_t *daddr, __be32 spi, 1391 const xfrm_address_t *daddr, __be32 spi,
1334 u8 proto, unsigned short family); 1392 u8 proto, unsigned short family);
1335extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, u32 mark, 1393extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, u32 mark,
1336 xfrm_address_t *daddr, 1394 const xfrm_address_t *daddr,
1337 xfrm_address_t *saddr, 1395 const xfrm_address_t *saddr,
1338 u8 proto, 1396 u8 proto,
1339 unsigned short family); 1397 unsigned short family);
1340#ifdef CONFIG_XFRM_SUB_POLICY 1398#ifdef CONFIG_XFRM_SUB_POLICY
@@ -1379,11 +1437,10 @@ extern int xfrm_state_delete(struct xfrm_state *x);
1379extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info); 1437extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info);
1380extern void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si); 1438extern void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si);
1381extern void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si); 1439extern void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si);
1382extern int xfrm_replay_check(struct xfrm_state *x, 1440extern u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq);
1383 struct sk_buff *skb, __be32 seq); 1441extern int xfrm_init_replay(struct xfrm_state *x);
1384extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq);
1385extern void xfrm_replay_notify(struct xfrm_state *x, int event);
1386extern int xfrm_state_mtu(struct xfrm_state *x, int mtu); 1442extern int xfrm_state_mtu(struct xfrm_state *x, int mtu);
1443extern int __xfrm_init_state(struct xfrm_state *x, bool init_replay);
1387extern int xfrm_init_state(struct xfrm_state *x); 1444extern int xfrm_init_state(struct xfrm_state *x);
1388extern int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb); 1445extern int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb);
1389extern int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, 1446extern int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi,
@@ -1407,6 +1464,7 @@ static inline int xfrm4_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi)
1407extern int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb); 1464extern int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb);
1408extern int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb); 1465extern int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
1409extern int xfrm4_output(struct sk_buff *skb); 1466extern int xfrm4_output(struct sk_buff *skb);
1467extern int xfrm4_output_finish(struct sk_buff *skb);
1410extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family); 1468extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family);
1411extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family); 1469extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family);
1412extern int xfrm6_extract_header(struct sk_buff *skb); 1470extern int xfrm6_extract_header(struct sk_buff *skb);
@@ -1419,11 +1477,11 @@ extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
1419extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family); 1477extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family);
1420extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family); 1478extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family);
1421extern __be32 xfrm6_tunnel_alloc_spi(struct net *net, xfrm_address_t *saddr); 1479extern __be32 xfrm6_tunnel_alloc_spi(struct net *net, xfrm_address_t *saddr);
1422extern void xfrm6_tunnel_free_spi(struct net *net, xfrm_address_t *saddr); 1480extern __be32 xfrm6_tunnel_spi_lookup(struct net *net, const xfrm_address_t *saddr);
1423extern __be32 xfrm6_tunnel_spi_lookup(struct net *net, xfrm_address_t *saddr);
1424extern int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb); 1481extern int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb);
1425extern int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb); 1482extern int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
1426extern int xfrm6_output(struct sk_buff *skb); 1483extern int xfrm6_output(struct sk_buff *skb);
1484extern int xfrm6_output_finish(struct sk_buff *skb);
1427extern int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb, 1485extern int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
1428 u8 **prevhdr); 1486 u8 **prevhdr);
1429 1487
@@ -1462,21 +1520,19 @@ u32 xfrm_get_acqseq(void);
1462extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi); 1520extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
1463struct xfrm_state *xfrm_find_acq(struct net *net, struct xfrm_mark *mark, 1521struct xfrm_state *xfrm_find_acq(struct net *net, struct xfrm_mark *mark,
1464 u8 mode, u32 reqid, u8 proto, 1522 u8 mode, u32 reqid, u8 proto,
1465 xfrm_address_t *daddr, 1523 const xfrm_address_t *daddr,
1466 xfrm_address_t *saddr, int create, 1524 const xfrm_address_t *saddr, int create,
1467 unsigned short family); 1525 unsigned short family);
1468extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol); 1526extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
1469extern int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *xdst,
1470 struct flowi *fl, int family, int strict);
1471 1527
1472#ifdef CONFIG_XFRM_MIGRATE 1528#ifdef CONFIG_XFRM_MIGRATE
1473extern int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1529extern int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
1474 struct xfrm_migrate *m, int num_bundles, 1530 const struct xfrm_migrate *m, int num_bundles,
1475 struct xfrm_kmaddress *k); 1531 const struct xfrm_kmaddress *k);
1476extern struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m); 1532extern struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m);
1477extern struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x, 1533extern struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1478 struct xfrm_migrate *m); 1534 struct xfrm_migrate *m);
1479extern int xfrm_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1535extern int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
1480 struct xfrm_migrate *m, int num_bundles, 1536 struct xfrm_migrate *m, int num_bundles,
1481 struct xfrm_kmaddress *k); 1537 struct xfrm_kmaddress *k);
1482#endif 1538#endif
@@ -1496,10 +1552,10 @@ extern struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx);
1496extern struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id); 1552extern struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id);
1497extern struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id); 1553extern struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id);
1498extern struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id); 1554extern struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id);
1499extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe); 1555extern struct xfrm_algo_desc *xfrm_aalg_get_byname(const char *name, int probe);
1500extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe); 1556extern struct xfrm_algo_desc *xfrm_ealg_get_byname(const char *name, int probe);
1501extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe); 1557extern struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe);
1502extern struct xfrm_algo_desc *xfrm_aead_get_byname(char *name, int icv_len, 1558extern struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len,
1503 int probe); 1559 int probe);
1504 1560
1505struct hash_desc; 1561struct hash_desc;
@@ -1507,7 +1563,8 @@ struct scatterlist;
1507typedef int (icv_update_fn_t)(struct hash_desc *, struct scatterlist *, 1563typedef int (icv_update_fn_t)(struct hash_desc *, struct scatterlist *,
1508 unsigned int); 1564 unsigned int);
1509 1565
1510static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b, 1566static inline int xfrm_addr_cmp(const xfrm_address_t *a,
1567 const xfrm_address_t *b,
1511 int family) 1568 int family)
1512{ 1569{
1513 switch (family) { 1570 switch (family) {
@@ -1515,8 +1572,8 @@ static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b,
1515 case AF_INET: 1572 case AF_INET:
1516 return (__force u32)a->a4 - (__force u32)b->a4; 1573 return (__force u32)a->a4 - (__force u32)b->a4;
1517 case AF_INET6: 1574 case AF_INET6:
1518 return ipv6_addr_cmp((struct in6_addr *)a, 1575 return ipv6_addr_cmp((const struct in6_addr *)a,
1519 (struct in6_addr *)b); 1576 (const struct in6_addr *)b);
1520 } 1577 }
1521} 1578}
1522 1579
@@ -1540,17 +1597,44 @@ static inline int xfrm_aevent_is_on(struct net *net)
1540} 1597}
1541#endif 1598#endif
1542 1599
1543static inline int xfrm_alg_len(struct xfrm_algo *alg) 1600static inline int xfrm_alg_len(const struct xfrm_algo *alg)
1544{ 1601{
1545 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8); 1602 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
1546} 1603}
1547 1604
1548static inline int xfrm_alg_auth_len(struct xfrm_algo_auth *alg) 1605static inline int xfrm_alg_auth_len(const struct xfrm_algo_auth *alg)
1549{ 1606{
1550 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8); 1607 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
1551} 1608}
1552 1609
1610static inline int xfrm_replay_state_esn_len(struct xfrm_replay_state_esn *replay_esn)
1611{
1612 return sizeof(*replay_esn) + replay_esn->bmp_len * sizeof(__u32);
1613}
1614
1553#ifdef CONFIG_XFRM_MIGRATE 1615#ifdef CONFIG_XFRM_MIGRATE
1616static inline int xfrm_replay_clone(struct xfrm_state *x,
1617 struct xfrm_state *orig)
1618{
1619 x->replay_esn = kzalloc(xfrm_replay_state_esn_len(orig->replay_esn),
1620 GFP_KERNEL);
1621 if (!x->replay_esn)
1622 return -ENOMEM;
1623
1624 x->replay_esn->bmp_len = orig->replay_esn->bmp_len;
1625 x->replay_esn->replay_window = orig->replay_esn->replay_window;
1626
1627 x->preplay_esn = kmemdup(x->replay_esn,
1628 xfrm_replay_state_esn_len(x->replay_esn),
1629 GFP_KERNEL);
1630 if (!x->preplay_esn) {
1631 kfree(x->replay_esn);
1632 return -ENOMEM;
1633 }
1634
1635 return 0;
1636}
1637
1554static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig) 1638static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig)
1555{ 1639{
1556 return kmemdup(orig, xfrm_alg_len(orig), GFP_KERNEL); 1640 return kmemdup(orig, xfrm_alg_len(orig), GFP_KERNEL);
@@ -1593,7 +1677,7 @@ static inline int xfrm_mark_get(struct nlattr **attrs, struct xfrm_mark *m)
1593 return m->v & m->m; 1677 return m->v & m->m;
1594} 1678}
1595 1679
1596static inline int xfrm_mark_put(struct sk_buff *skb, struct xfrm_mark *m) 1680static inline int xfrm_mark_put(struct sk_buff *skb, const struct xfrm_mark *m)
1597{ 1681{
1598 if (m->m | m->v) 1682 if (m->m | m->v)
1599 NLA_PUT(skb, XFRMA_MARK, sizeof(struct xfrm_mark), m); 1683 NLA_PUT(skb, XFRMA_MARK, sizeof(struct xfrm_mark), m);
generated by cgit v1.2.2 (git 2.25.0) at 2025-07-03 07:53:11 -0400