diff options
Diffstat (limited to 'include/net/xfrm.h')
| -rw-r--r-- | include/net/xfrm.h | 62 |
1 files changed, 58 insertions, 4 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 8d362c49b8a9..61b7504fc2ba 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
| @@ -11,6 +11,7 @@ | |||
| 11 | #include <linux/crypto.h> | 11 | #include <linux/crypto.h> |
| 12 | #include <linux/pfkeyv2.h> | 12 | #include <linux/pfkeyv2.h> |
| 13 | #include <linux/in6.h> | 13 | #include <linux/in6.h> |
| 14 | #include <linux/mutex.h> | ||
| 14 | 15 | ||
| 15 | #include <net/sock.h> | 16 | #include <net/sock.h> |
| 16 | #include <net/dst.h> | 17 | #include <net/dst.h> |
| @@ -20,7 +21,11 @@ | |||
| 20 | 21 | ||
| 21 | #define XFRM_ALIGN8(len) (((len) + 7) & ~7) | 22 | #define XFRM_ALIGN8(len) (((len) + 7) & ~7) |
| 22 | 23 | ||
| 23 | extern struct semaphore xfrm_cfg_sem; | 24 | extern struct sock *xfrm_nl; |
| 25 | extern u32 sysctl_xfrm_aevent_etime; | ||
| 26 | extern u32 sysctl_xfrm_aevent_rseqth; | ||
| 27 | |||
| 28 | extern struct mutex xfrm_cfg_mutex; | ||
| 24 | 29 | ||
| 25 | /* Organization of SPD aka "XFRM rules" | 30 | /* Organization of SPD aka "XFRM rules" |
| 26 | ------------------------------------ | 31 | ------------------------------------ |
| @@ -135,6 +140,16 @@ struct xfrm_state | |||
| 135 | /* State for replay detection */ | 140 | /* State for replay detection */ |
| 136 | struct xfrm_replay_state replay; | 141 | struct xfrm_replay_state replay; |
| 137 | 142 | ||
| 143 | /* Replay detection state at the time we sent the last notification */ | ||
| 144 | struct xfrm_replay_state preplay; | ||
| 145 | |||
| 146 | /* Replay detection notification settings */ | ||
| 147 | u32 replay_maxage; | ||
| 148 | u32 replay_maxdiff; | ||
| 149 | |||
| 150 | /* Replay detection notification timer */ | ||
| 151 | struct timer_list rtimer; | ||
| 152 | |||
| 138 | /* Statistics */ | 153 | /* Statistics */ |
| 139 | struct xfrm_stats stats; | 154 | struct xfrm_stats stats; |
| 140 | 155 | ||
| @@ -169,6 +184,7 @@ struct km_event | |||
| 169 | u32 hard; | 184 | u32 hard; |
| 170 | u32 proto; | 185 | u32 proto; |
| 171 | u32 byid; | 186 | u32 byid; |
| 187 | u32 aevent; | ||
| 172 | } data; | 188 | } data; |
| 173 | 189 | ||
| 174 | u32 seq; | 190 | u32 seq; |
| @@ -199,10 +215,13 @@ extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo); | |||
| 199 | extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo); | 215 | extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo); |
| 200 | extern void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c); | 216 | extern void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c); |
| 201 | extern void km_state_notify(struct xfrm_state *x, struct km_event *c); | 217 | extern void km_state_notify(struct xfrm_state *x, struct km_event *c); |
| 202 | |||
| 203 | #define XFRM_ACQ_EXPIRES 30 | 218 | #define XFRM_ACQ_EXPIRES 30 |
| 204 | 219 | ||
| 205 | struct xfrm_tmpl; | 220 | struct xfrm_tmpl; |
| 221 | extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); | ||
| 222 | extern void km_state_expired(struct xfrm_state *x, int hard, u32 pid); | ||
| 223 | extern int __xfrm_state_delete(struct xfrm_state *x); | ||
| 224 | |||
| 206 | struct xfrm_state_afinfo { | 225 | struct xfrm_state_afinfo { |
| 207 | unsigned short family; | 226 | unsigned short family; |
| 208 | rwlock_t lock; | 227 | rwlock_t lock; |
| @@ -305,7 +324,21 @@ struct xfrm_policy | |||
| 305 | struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; | 324 | struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; |
| 306 | }; | 325 | }; |
| 307 | 326 | ||
| 308 | #define XFRM_KM_TIMEOUT 30 | 327 | #define XFRM_KM_TIMEOUT 30 |
| 328 | /* which seqno */ | ||
| 329 | #define XFRM_REPLAY_SEQ 1 | ||
| 330 | #define XFRM_REPLAY_OSEQ 2 | ||
| 331 | #define XFRM_REPLAY_SEQ_MASK 3 | ||
| 332 | /* what happened */ | ||
| 333 | #define XFRM_REPLAY_UPDATE XFRM_AE_CR | ||
| 334 | #define XFRM_REPLAY_TIMEOUT XFRM_AE_CE | ||
| 335 | |||
| 336 | /* default aevent timeout in units of 100ms */ | ||
| 337 | #define XFRM_AE_ETIME 10 | ||
| 338 | /* Async Event timer multiplier */ | ||
| 339 | #define XFRM_AE_ETH_M 10 | ||
| 340 | /* default seq threshold size */ | ||
| 341 | #define XFRM_AE_SEQT_SIZE 2 | ||
| 309 | 342 | ||
| 310 | struct xfrm_mgr | 343 | struct xfrm_mgr |
| 311 | { | 344 | { |
| @@ -865,6 +898,7 @@ extern int xfrm_state_delete(struct xfrm_state *x); | |||
| 865 | extern void xfrm_state_flush(u8 proto); | 898 | extern void xfrm_state_flush(u8 proto); |
| 866 | extern int xfrm_replay_check(struct xfrm_state *x, u32 seq); | 899 | extern int xfrm_replay_check(struct xfrm_state *x, u32 seq); |
| 867 | extern void xfrm_replay_advance(struct xfrm_state *x, u32 seq); | 900 | extern void xfrm_replay_advance(struct xfrm_state *x, u32 seq); |
| 901 | extern void xfrm_replay_notify(struct xfrm_state *x, int event); | ||
| 868 | extern int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb); | 902 | extern int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb); |
| 869 | extern int xfrm_state_mtu(struct xfrm_state *x, int mtu); | 903 | extern int xfrm_state_mtu(struct xfrm_state *x, int mtu); |
| 870 | extern int xfrm_init_state(struct xfrm_state *x); | 904 | extern int xfrm_init_state(struct xfrm_state *x); |
| @@ -924,7 +958,7 @@ extern void xfrm_init_pmtu(struct dst_entry *dst); | |||
| 924 | 958 | ||
| 925 | extern wait_queue_head_t km_waitq; | 959 | extern wait_queue_head_t km_waitq; |
| 926 | extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport); | 960 | extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport); |
| 927 | extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard); | 961 | extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid); |
| 928 | 962 | ||
| 929 | extern void xfrm_input_init(void); | 963 | extern void xfrm_input_init(void); |
| 930 | extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, u32 *spi, u32 *seq); | 964 | extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, u32 *spi, u32 *seq); |
| @@ -965,4 +999,24 @@ static inline int xfrm_policy_id2dir(u32 index) | |||
| 965 | return index & 7; | 999 | return index & 7; |
| 966 | } | 1000 | } |
| 967 | 1001 | ||
| 1002 | static inline int xfrm_aevent_is_on(void) | ||
| 1003 | { | ||
| 1004 | struct sock *nlsk; | ||
| 1005 | int ret = 0; | ||
| 1006 | |||
| 1007 | rcu_read_lock(); | ||
| 1008 | nlsk = rcu_dereference(xfrm_nl); | ||
| 1009 | if (nlsk) | ||
| 1010 | ret = netlink_has_listeners(nlsk, XFRMNLGRP_AEVENTS); | ||
| 1011 | rcu_read_unlock(); | ||
| 1012 | return ret; | ||
| 1013 | } | ||
| 1014 | |||
| 1015 | static inline void xfrm_aevent_doreplay(struct xfrm_state *x) | ||
| 1016 | { | ||
| 1017 | if (xfrm_aevent_is_on()) | ||
| 1018 | xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); | ||
| 1019 | } | ||
| 1020 | |||
| 1021 | |||
| 968 | #endif /* _NET_XFRM_H */ | 1022 | #endif /* _NET_XFRM_H */ |