diff options
author | Jamal Hadi Salim <hadi@cyberus.ca> | 2006-03-20 22:15:11 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-03-20 22:15:11 -0500 |
commit | f8cd54884e675dfaf0c86cc7c088adb6ca9d7638 (patch) | |
tree | 7850e8ebebf1f8543c96acdd7c197003b3b4d54c /include/net | |
parent | f5539eb8caa52a9198079df767cc1bb5494e69e3 (diff) |
[IPSEC]: Sync series - core changes
This patch provides the core functionality needed for sync events
for ipsec. Derived work of Krisztian KOVACS <hidden@balabit.hu>
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/xfrm.h | 44 |
1 files changed, 43 insertions, 1 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 8d362c49b8a9..bc005e62e434 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -20,6 +20,10 @@ | |||
20 | 20 | ||
21 | #define XFRM_ALIGN8(len) (((len) + 7) & ~7) | 21 | #define XFRM_ALIGN8(len) (((len) + 7) & ~7) |
22 | 22 | ||
23 | extern struct sock *xfrm_nl; | ||
24 | extern u32 sysctl_xfrm_aevent_etime; | ||
25 | extern u32 sysctl_xfrm_aevent_rseqth; | ||
26 | |||
23 | extern struct semaphore xfrm_cfg_sem; | 27 | extern struct semaphore xfrm_cfg_sem; |
24 | 28 | ||
25 | /* Organization of SPD aka "XFRM rules" | 29 | /* Organization of SPD aka "XFRM rules" |
@@ -135,6 +139,16 @@ struct xfrm_state | |||
135 | /* State for replay detection */ | 139 | /* State for replay detection */ |
136 | struct xfrm_replay_state replay; | 140 | struct xfrm_replay_state replay; |
137 | 141 | ||
142 | /* Replay detection state at the time we sent the last notification */ | ||
143 | struct xfrm_replay_state preplay; | ||
144 | |||
145 | /* Replay detection notification settings */ | ||
146 | u32 replay_maxage; | ||
147 | u32 replay_maxdiff; | ||
148 | |||
149 | /* Replay detection notification timer */ | ||
150 | struct timer_list rtimer; | ||
151 | |||
138 | /* Statistics */ | 152 | /* Statistics */ |
139 | struct xfrm_stats stats; | 153 | struct xfrm_stats stats; |
140 | 154 | ||
@@ -169,6 +183,7 @@ struct km_event | |||
169 | u32 hard; | 183 | u32 hard; |
170 | u32 proto; | 184 | u32 proto; |
171 | u32 byid; | 185 | u32 byid; |
186 | u32 aevent; | ||
172 | } data; | 187 | } data; |
173 | 188 | ||
174 | u32 seq; | 189 | u32 seq; |
@@ -305,7 +320,21 @@ struct xfrm_policy | |||
305 | struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; | 320 | struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; |
306 | }; | 321 | }; |
307 | 322 | ||
308 | #define XFRM_KM_TIMEOUT 30 | 323 | #define XFRM_KM_TIMEOUT 30 |
324 | /* which seqno */ | ||
325 | #define XFRM_REPLAY_SEQ 1 | ||
326 | #define XFRM_REPLAY_OSEQ 2 | ||
327 | #define XFRM_REPLAY_SEQ_MASK 3 | ||
328 | /* what happened */ | ||
329 | #define XFRM_REPLAY_UPDATE XFRM_AE_CR | ||
330 | #define XFRM_REPLAY_TIMEOUT XFRM_AE_CE | ||
331 | |||
332 | /* default aevent timeout in units of 100ms */ | ||
333 | #define XFRM_AE_ETIME 10 | ||
334 | /* Async Event timer multiplier */ | ||
335 | #define XFRM_AE_ETH_M 10 | ||
336 | /* default seq threshold size */ | ||
337 | #define XFRM_AE_SEQT_SIZE 2 | ||
309 | 338 | ||
310 | struct xfrm_mgr | 339 | struct xfrm_mgr |
311 | { | 340 | { |
@@ -865,6 +894,7 @@ extern int xfrm_state_delete(struct xfrm_state *x); | |||
865 | extern void xfrm_state_flush(u8 proto); | 894 | extern void xfrm_state_flush(u8 proto); |
866 | extern int xfrm_replay_check(struct xfrm_state *x, u32 seq); | 895 | extern int xfrm_replay_check(struct xfrm_state *x, u32 seq); |
867 | extern void xfrm_replay_advance(struct xfrm_state *x, u32 seq); | 896 | extern void xfrm_replay_advance(struct xfrm_state *x, u32 seq); |
897 | extern void xfrm_replay_notify(struct xfrm_state *x, int event); | ||
868 | extern int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb); | 898 | extern int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb); |
869 | extern int xfrm_state_mtu(struct xfrm_state *x, int mtu); | 899 | extern int xfrm_state_mtu(struct xfrm_state *x, int mtu); |
870 | extern int xfrm_init_state(struct xfrm_state *x); | 900 | extern int xfrm_init_state(struct xfrm_state *x); |
@@ -965,4 +995,16 @@ static inline int xfrm_policy_id2dir(u32 index) | |||
965 | return index & 7; | 995 | return index & 7; |
966 | } | 996 | } |
967 | 997 | ||
998 | static inline int xfrm_aevent_is_on(void) | ||
999 | { | ||
1000 | return netlink_has_listeners(xfrm_nl,XFRMNLGRP_AEVENTS); | ||
1001 | } | ||
1002 | |||
1003 | static inline void xfrm_aevent_doreplay(struct xfrm_state *x) | ||
1004 | { | ||
1005 | if (xfrm_aevent_is_on()) | ||
1006 | xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); | ||
1007 | } | ||
1008 | |||
1009 | |||
968 | #endif /* _NET_XFRM_H */ | 1010 | #endif /* _NET_XFRM_H */ |