aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorShinta Sugimoto <shinta.sugimoto@ericsson.com>2007-02-08 16:11:42 -0500
committerDavid S. Miller <davem@davemloft.net>2007-02-08 16:11:42 -0500
commit80c9abaabf4283f7cf4a0b3597cd302506635b7f (patch)
tree7dd4270a22e039c827114d182c2071a84826f563 /include
parent9934e81c8c4981342dab3e386aff5d4499bea0d2 (diff)
[XFRM]: Extension for dynamic update of endpoint address(es)
Extend the XFRM framework so that endpoint address(es) in the XFRM databases could be dynamically updated according to a request (MIGRATE message) from user application. Target XFRM policy is first identified by the selector in the MIGRATE message. Next, the endpoint addresses of the matching templates and XFRM states are updated according to the MIGRATE message. Signed-off-by: Shinta Sugimoto <shinta.sugimoto@ericsson.com> Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r--include/linux/xfrm.h19
-rw-r--r--include/net/xfrm.h44
2 files changed, 63 insertions, 0 deletions
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 9529ea1ae392..15ca89e9961b 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -178,6 +178,9 @@ enum {
178 XFRM_MSG_REPORT, 178 XFRM_MSG_REPORT,
179#define XFRM_MSG_REPORT XFRM_MSG_REPORT 179#define XFRM_MSG_REPORT XFRM_MSG_REPORT
180 180
181 XFRM_MSG_MIGRATE,
182#define XFRM_MSG_MIGRATE XFRM_MSG_MIGRATE
183
181 __XFRM_MSG_MAX 184 __XFRM_MSG_MAX
182}; 185};
183#define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) 186#define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1)
@@ -256,6 +259,7 @@ enum xfrm_attr_type_t {
256 XFRMA_COADDR, /* xfrm_address_t */ 259 XFRMA_COADDR, /* xfrm_address_t */
257 XFRMA_LASTUSED, 260 XFRMA_LASTUSED,
258 XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */ 261 XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */
262 XFRMA_MIGRATE,
259 __XFRMA_MAX 263 __XFRMA_MAX
260 264
261#define XFRMA_MAX (__XFRMA_MAX - 1) 265#define XFRMA_MAX (__XFRMA_MAX - 1)
@@ -351,6 +355,19 @@ struct xfrm_user_report {
351 struct xfrm_selector sel; 355 struct xfrm_selector sel;
352}; 356};
353 357
358struct xfrm_user_migrate {
359 xfrm_address_t old_daddr;
360 xfrm_address_t old_saddr;
361 xfrm_address_t new_daddr;
362 xfrm_address_t new_saddr;
363 __u8 proto;
364 __u8 mode;
365 __u16 reserved;
366 __u32 reqid;
367 __u16 old_family;
368 __u16 new_family;
369};
370
354#ifndef __KERNEL__ 371#ifndef __KERNEL__
355/* backwards compatibility for userspace */ 372/* backwards compatibility for userspace */
356#define XFRMGRP_ACQUIRE 1 373#define XFRMGRP_ACQUIRE 1
@@ -375,6 +392,8 @@ enum xfrm_nlgroups {
375#define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS 392#define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS
376 XFRMNLGRP_REPORT, 393 XFRMNLGRP_REPORT,
377#define XFRMNLGRP_REPORT XFRMNLGRP_REPORT 394#define XFRMNLGRP_REPORT XFRMNLGRP_REPORT
395 XFRMNLGRP_MIGRATE,
396#define XFRMNLGRP_MIGRATE XFRMNLGRP_MIGRATE
378 __XFRMNLGRP_MAX 397 __XFRMNLGRP_MAX
379}; 398};
380#define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1) 399#define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index bf91d632901d..16924cb772c9 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -362,6 +362,19 @@ struct xfrm_policy
362 struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; 362 struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH];
363}; 363};
364 364
365struct xfrm_migrate {
366 xfrm_address_t old_daddr;
367 xfrm_address_t old_saddr;
368 xfrm_address_t new_daddr;
369 xfrm_address_t new_saddr;
370 u8 proto;
371 u8 mode;
372 u16 reserved;
373 u32 reqid;
374 u16 old_family;
375 u16 new_family;
376};
377
365#define XFRM_KM_TIMEOUT 30 378#define XFRM_KM_TIMEOUT 30
366/* which seqno */ 379/* which seqno */
367#define XFRM_REPLAY_SEQ 1 380#define XFRM_REPLAY_SEQ 1
@@ -388,6 +401,7 @@ struct xfrm_mgr
388 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport); 401 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
389 int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c); 402 int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c);
390 int (*report)(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr); 403 int (*report)(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
404 int (*migrate)(struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles);
391}; 405};
392 406
393extern int xfrm_register_km(struct xfrm_mgr *km); 407extern int xfrm_register_km(struct xfrm_mgr *km);
@@ -988,6 +1002,16 @@ extern int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *xdst,
988 struct flowi *fl, int family, int strict); 1002 struct flowi *fl, int family, int strict);
989extern void xfrm_init_pmtu(struct dst_entry *dst); 1003extern void xfrm_init_pmtu(struct dst_entry *dst);
990 1004
1005#ifdef CONFIG_XFRM_MIGRATE
1006extern int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1007 struct xfrm_migrate *m, int num_bundles);
1008extern struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m);
1009extern struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1010 struct xfrm_migrate *m);
1011extern int xfrm_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1012 struct xfrm_migrate *m, int num_bundles);
1013#endif
1014
991extern wait_queue_head_t km_waitq; 1015extern wait_queue_head_t km_waitq;
992extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport); 1016extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
993extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid); 1017extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid);
@@ -1053,5 +1077,25 @@ static inline void xfrm_aevent_doreplay(struct xfrm_state *x)
1053 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); 1077 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1054} 1078}
1055 1079
1080#ifdef CONFIG_XFRM_MIGRATE
1081static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig)
1082{
1083 return (struct xfrm_algo *)kmemdup(orig, sizeof(*orig) + orig->alg_key_len, GFP_KERNEL);
1084}
1085
1086static inline void xfrm_states_put(struct xfrm_state **states, int n)
1087{
1088 int i;
1089 for (i = 0; i < n; i++)
1090 xfrm_state_put(*(states + i));
1091}
1092
1093static inline void xfrm_states_delete(struct xfrm_state **states, int n)
1094{
1095 int i;
1096 for (i = 0; i < n; i++)
1097 xfrm_state_delete(*(states + i));
1098}
1099#endif
1056 1100
1057#endif /* _NET_XFRM_H */ 1101#endif /* _NET_XFRM_H */