diff options
| author | Jamal Hadi Salim <hadi@cyberus.ca> | 2006-03-20 22:16:40 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2006-03-20 22:16:40 -0500 |
| commit | 980ebd25794f0f87ac32844e2c73e9e81f0a72ba (patch) | |
| tree | da52df6e31bd4b2527c223ca2585e0d792bf3ea2 /net/xfrm/xfrm_state.c | |
| parent | d51d081d65048a7a6f9956a7809c3bb504f3b95d (diff) | |
[IPSEC]: Sync series - acquire insert
This introduces a feature similar to the one described in RFC 2367:
"
... the application needing an SA sends a PF_KEY
SADB_ACQUIRE message down to the Key Engine, which then either
returns an error or sends a similar SADB_ACQUIRE message up to one or
more key management applications capable of creating such SAs.
...
...
The third is where an application-layer consumer of security
associations (e.g. an OSPFv2 or RIPv2 daemon) needs a security
association.
Send an SADB_ACQUIRE message from a user process to the kernel.
<base, address(SD), (address(P),) (identity(SD),) (sensitivity,)
proposal>
The kernel returns an SADB_ACQUIRE message to registered
sockets.
<base, address(SD), (address(P),) (identity(SD),) (sensitivity,)
proposal>
The user-level consumer waits for an SADB_UPDATE or SADB_ADD
message for its particular type, and then can use that
association by using SADB_GET messages.
"
An app such as OSPF could then use ipsec KM to get keys
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_state.c')
| -rw-r--r-- | net/xfrm/xfrm_state.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 8eaee499cad5..a613b5c7d409 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
| @@ -57,7 +57,7 @@ static int __xfrm_state_delete(struct xfrm_state *x); | |||
| 57 | static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family); | 57 | static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family); |
| 58 | static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo); | 58 | static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo); |
| 59 | 59 | ||
| 60 | static int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); | 60 | int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); |
| 61 | static void km_state_expired(struct xfrm_state *x, int hard); | 61 | static void km_state_expired(struct xfrm_state *x, int hard); |
| 62 | 62 | ||
| 63 | static void xfrm_state_gc_destroy(struct xfrm_state *x) | 63 | static void xfrm_state_gc_destroy(struct xfrm_state *x) |
| @@ -925,7 +925,7 @@ void km_state_expired(struct xfrm_state *x, int hard) | |||
| 925 | * We send to all registered managers regardless of failure | 925 | * We send to all registered managers regardless of failure |
| 926 | * We are happy with one success | 926 | * We are happy with one success |
| 927 | */ | 927 | */ |
| 928 | static int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol) | 928 | int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol) |
| 929 | { | 929 | { |
| 930 | int err = -EINVAL, acqret; | 930 | int err = -EINVAL, acqret; |
| 931 | struct xfrm_mgr *km; | 931 | struct xfrm_mgr *km; |
| @@ -939,6 +939,7 @@ static int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_polic | |||
| 939 | read_unlock(&xfrm_km_lock); | 939 | read_unlock(&xfrm_km_lock); |
| 940 | return err; | 940 | return err; |
| 941 | } | 941 | } |
| 942 | EXPORT_SYMBOL(km_query); | ||
| 942 | 943 | ||
| 943 | int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport) | 944 | int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport) |
| 944 | { | 945 | { |