diff options
author | Jamal Hadi Salim <hadi@cyberus.ca> | 2006-03-20 22:15:11 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-03-20 22:15:11 -0500 |
commit | f8cd54884e675dfaf0c86cc7c088adb6ca9d7638 (patch) | |
tree | 7850e8ebebf1f8543c96acdd7c197003b3b4d54c /include | |
parent | f5539eb8caa52a9198079df767cc1bb5494e69e3 (diff) |
[IPSEC]: Sync series - core changes
This patch provides the core functionality needed for sync events
for ipsec. Derived work of Krisztian KOVACS <hidden@balabit.hu>
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/sysctl.h | 2 | ||||
-rw-r--r-- | include/linux/xfrm.h | 30 | ||||
-rw-r--r-- | include/net/xfrm.h | 44 |
3 files changed, 75 insertions, 1 deletions
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h index 6e8880ea49e7..b686548f32e0 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h | |||
@@ -261,6 +261,8 @@ enum | |||
261 | NET_CORE_DEV_WEIGHT=17, | 261 | NET_CORE_DEV_WEIGHT=17, |
262 | NET_CORE_SOMAXCONN=18, | 262 | NET_CORE_SOMAXCONN=18, |
263 | NET_CORE_BUDGET=19, | 263 | NET_CORE_BUDGET=19, |
264 | NET_CORE_AEVENT_ETIME=20, | ||
265 | NET_CORE_AEVENT_RSEQTH=21, | ||
264 | }; | 266 | }; |
265 | 267 | ||
266 | /* /proc/sys/net/ethernet */ | 268 | /* /proc/sys/net/ethernet */ |
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h index 82fbb758e28f..b54a12940ef6 100644 --- a/include/linux/xfrm.h +++ b/include/linux/xfrm.h | |||
@@ -156,6 +156,10 @@ enum { | |||
156 | XFRM_MSG_FLUSHPOLICY, | 156 | XFRM_MSG_FLUSHPOLICY, |
157 | #define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY | 157 | #define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY |
158 | 158 | ||
159 | XFRM_MSG_NEWAE, | ||
160 | #define XFRM_MSG_NEWAE XFRM_MSG_NEWAE | ||
161 | XFRM_MSG_GETAE, | ||
162 | #define XFRM_MSG_GETAE XFRM_MSG_GETAE | ||
159 | __XFRM_MSG_MAX | 163 | __XFRM_MSG_MAX |
160 | }; | 164 | }; |
161 | #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) | 165 | #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) |
@@ -194,6 +198,21 @@ struct xfrm_encap_tmpl { | |||
194 | xfrm_address_t encap_oa; | 198 | xfrm_address_t encap_oa; |
195 | }; | 199 | }; |
196 | 200 | ||
201 | /* AEVENT flags */ | ||
202 | enum xfrm_ae_ftype_t { | ||
203 | XFRM_AE_UNSPEC, | ||
204 | XFRM_AE_RTHR=1, /* replay threshold*/ | ||
205 | XFRM_AE_RVAL=2, /* replay value */ | ||
206 | XFRM_AE_LVAL=4, /* lifetime value */ | ||
207 | XFRM_AE_ETHR=8, /* expiry timer threshold */ | ||
208 | XFRM_AE_CR=16, /* Event cause is replay update */ | ||
209 | XFRM_AE_CE=32, /* Event cause is timer expiry */ | ||
210 | XFRM_AE_CU=64, /* Event cause is policy update */ | ||
211 | __XFRM_AE_MAX | ||
212 | |||
213 | #define XFRM_AE_MAX (__XFRM_AE_MAX - 1) | ||
214 | }; | ||
215 | |||
197 | /* Netlink message attributes. */ | 216 | /* Netlink message attributes. */ |
198 | enum xfrm_attr_type_t { | 217 | enum xfrm_attr_type_t { |
199 | XFRMA_UNSPEC, | 218 | XFRMA_UNSPEC, |
@@ -205,6 +224,10 @@ enum xfrm_attr_type_t { | |||
205 | XFRMA_SA, | 224 | XFRMA_SA, |
206 | XFRMA_POLICY, | 225 | XFRMA_POLICY, |
207 | XFRMA_SEC_CTX, /* struct xfrm_sec_ctx */ | 226 | XFRMA_SEC_CTX, /* struct xfrm_sec_ctx */ |
227 | XFRMA_LTIME_VAL, | ||
228 | XFRMA_REPLAY_VAL, | ||
229 | XFRMA_REPLAY_THRESH, | ||
230 | XFRMA_ETIMER_THRESH, | ||
208 | __XFRMA_MAX | 231 | __XFRMA_MAX |
209 | 232 | ||
210 | #define XFRMA_MAX (__XFRMA_MAX - 1) | 233 | #define XFRMA_MAX (__XFRMA_MAX - 1) |
@@ -235,6 +258,11 @@ struct xfrm_usersa_id { | |||
235 | __u8 proto; | 258 | __u8 proto; |
236 | }; | 259 | }; |
237 | 260 | ||
261 | struct xfrm_aevent_id { | ||
262 | __u32 flags; | ||
263 | struct xfrm_usersa_id sa_id; | ||
264 | }; | ||
265 | |||
238 | struct xfrm_userspi_info { | 266 | struct xfrm_userspi_info { |
239 | struct xfrm_usersa_info info; | 267 | struct xfrm_usersa_info info; |
240 | __u32 min; | 268 | __u32 min; |
@@ -306,6 +334,8 @@ enum xfrm_nlgroups { | |||
306 | #define XFRMNLGRP_SA XFRMNLGRP_SA | 334 | #define XFRMNLGRP_SA XFRMNLGRP_SA |
307 | XFRMNLGRP_POLICY, | 335 | XFRMNLGRP_POLICY, |
308 | #define XFRMNLGRP_POLICY XFRMNLGRP_POLICY | 336 | #define XFRMNLGRP_POLICY XFRMNLGRP_POLICY |
337 | XFRMNLGRP_AEVENTS, | ||
338 | #define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS | ||
309 | __XFRMNLGRP_MAX | 339 | __XFRMNLGRP_MAX |
310 | }; | 340 | }; |
311 | #define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1) | 341 | #define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1) |
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 8d362c49b8a9..bc005e62e434 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -20,6 +20,10 @@ | |||
20 | 20 | ||
21 | #define XFRM_ALIGN8(len) (((len) + 7) & ~7) | 21 | #define XFRM_ALIGN8(len) (((len) + 7) & ~7) |
22 | 22 | ||
23 | extern struct sock *xfrm_nl; | ||
24 | extern u32 sysctl_xfrm_aevent_etime; | ||
25 | extern u32 sysctl_xfrm_aevent_rseqth; | ||
26 | |||
23 | extern struct semaphore xfrm_cfg_sem; | 27 | extern struct semaphore xfrm_cfg_sem; |
24 | 28 | ||
25 | /* Organization of SPD aka "XFRM rules" | 29 | /* Organization of SPD aka "XFRM rules" |
@@ -135,6 +139,16 @@ struct xfrm_state | |||
135 | /* State for replay detection */ | 139 | /* State for replay detection */ |
136 | struct xfrm_replay_state replay; | 140 | struct xfrm_replay_state replay; |
137 | 141 | ||
142 | /* Replay detection state at the time we sent the last notification */ | ||
143 | struct xfrm_replay_state preplay; | ||
144 | |||
145 | /* Replay detection notification settings */ | ||
146 | u32 replay_maxage; | ||
147 | u32 replay_maxdiff; | ||
148 | |||
149 | /* Replay detection notification timer */ | ||
150 | struct timer_list rtimer; | ||
151 | |||
138 | /* Statistics */ | 152 | /* Statistics */ |
139 | struct xfrm_stats stats; | 153 | struct xfrm_stats stats; |
140 | 154 | ||
@@ -169,6 +183,7 @@ struct km_event | |||
169 | u32 hard; | 183 | u32 hard; |
170 | u32 proto; | 184 | u32 proto; |
171 | u32 byid; | 185 | u32 byid; |
186 | u32 aevent; | ||
172 | } data; | 187 | } data; |
173 | 188 | ||
174 | u32 seq; | 189 | u32 seq; |
@@ -305,7 +320,21 @@ struct xfrm_policy | |||
305 | struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; | 320 | struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; |
306 | }; | 321 | }; |
307 | 322 | ||
308 | #define XFRM_KM_TIMEOUT 30 | 323 | #define XFRM_KM_TIMEOUT 30 |
324 | /* which seqno */ | ||
325 | #define XFRM_REPLAY_SEQ 1 | ||
326 | #define XFRM_REPLAY_OSEQ 2 | ||
327 | #define XFRM_REPLAY_SEQ_MASK 3 | ||
328 | /* what happened */ | ||
329 | #define XFRM_REPLAY_UPDATE XFRM_AE_CR | ||
330 | #define XFRM_REPLAY_TIMEOUT XFRM_AE_CE | ||
331 | |||
332 | /* default aevent timeout in units of 100ms */ | ||
333 | #define XFRM_AE_ETIME 10 | ||
334 | /* Async Event timer multiplier */ | ||
335 | #define XFRM_AE_ETH_M 10 | ||
336 | /* default seq threshold size */ | ||
337 | #define XFRM_AE_SEQT_SIZE 2 | ||
309 | 338 | ||
310 | struct xfrm_mgr | 339 | struct xfrm_mgr |
311 | { | 340 | { |
@@ -865,6 +894,7 @@ extern int xfrm_state_delete(struct xfrm_state *x); | |||
865 | extern void xfrm_state_flush(u8 proto); | 894 | extern void xfrm_state_flush(u8 proto); |
866 | extern int xfrm_replay_check(struct xfrm_state *x, u32 seq); | 895 | extern int xfrm_replay_check(struct xfrm_state *x, u32 seq); |
867 | extern void xfrm_replay_advance(struct xfrm_state *x, u32 seq); | 896 | extern void xfrm_replay_advance(struct xfrm_state *x, u32 seq); |
897 | extern void xfrm_replay_notify(struct xfrm_state *x, int event); | ||
868 | extern int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb); | 898 | extern int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb); |
869 | extern int xfrm_state_mtu(struct xfrm_state *x, int mtu); | 899 | extern int xfrm_state_mtu(struct xfrm_state *x, int mtu); |
870 | extern int xfrm_init_state(struct xfrm_state *x); | 900 | extern int xfrm_init_state(struct xfrm_state *x); |
@@ -965,4 +995,16 @@ static inline int xfrm_policy_id2dir(u32 index) | |||
965 | return index & 7; | 995 | return index & 7; |
966 | } | 996 | } |
967 | 997 | ||
998 | static inline int xfrm_aevent_is_on(void) | ||
999 | { | ||
1000 | return netlink_has_listeners(xfrm_nl,XFRMNLGRP_AEVENTS); | ||
1001 | } | ||
1002 | |||
1003 | static inline void xfrm_aevent_doreplay(struct xfrm_state *x) | ||
1004 | { | ||
1005 | if (xfrm_aevent_is_on()) | ||
1006 | xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); | ||
1007 | } | ||
1008 | |||
1009 | |||
968 | #endif /* _NET_XFRM_H */ | 1010 | #endif /* _NET_XFRM_H */ |