diff options
Diffstat (limited to 'include/net/xfrm.h')
| -rw-r--r-- | include/net/xfrm.h | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 1cdb87912137..487abca3ca6f 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
| @@ -144,6 +144,9 @@ struct xfrm_state | |||
| 144 | * transformer. */ | 144 | * transformer. */ |
| 145 | struct xfrm_type *type; | 145 | struct xfrm_type *type; |
| 146 | 146 | ||
| 147 | /* Security context */ | ||
| 148 | struct xfrm_sec_ctx *security; | ||
| 149 | |||
| 147 | /* Private data of this transformer, format is opaque, | 150 | /* Private data of this transformer, format is opaque, |
| 148 | * interpreted by xfrm_type methods. */ | 151 | * interpreted by xfrm_type methods. */ |
| 149 | void *data; | 152 | void *data; |
| @@ -298,6 +301,7 @@ struct xfrm_policy | |||
| 298 | __u8 flags; | 301 | __u8 flags; |
| 299 | __u8 dead; | 302 | __u8 dead; |
| 300 | __u8 xfrm_nr; | 303 | __u8 xfrm_nr; |
| 304 | struct xfrm_sec_ctx *security; | ||
| 301 | struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; | 305 | struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; |
| 302 | }; | 306 | }; |
| 303 | 307 | ||
| @@ -510,6 +514,25 @@ xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl, | |||
| 510 | return 0; | 514 | return 0; |
| 511 | } | 515 | } |
| 512 | 516 | ||
| 517 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | ||
| 518 | /* If neither has a context --> match | ||
| 519 | * Otherwise, both must have a context and the sids, doi, alg must match | ||
| 520 | */ | ||
| 521 | static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2) | ||
| 522 | { | ||
| 523 | return ((!s1 && !s2) || | ||
| 524 | (s1 && s2 && | ||
| 525 | (s1->ctx_sid == s2->ctx_sid) && | ||
| 526 | (s1->ctx_doi == s2->ctx_doi) && | ||
| 527 | (s1->ctx_alg == s2->ctx_alg))); | ||
| 528 | } | ||
| 529 | #else | ||
| 530 | static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2) | ||
| 531 | { | ||
| 532 | return 1; | ||
| 533 | } | ||
| 534 | #endif | ||
| 535 | |||
| 513 | /* A struct encoding bundle of transformations to apply to some set of flow. | 536 | /* A struct encoding bundle of transformations to apply to some set of flow. |
| 514 | * | 537 | * |
| 515 | * dst->child points to the next element of bundle. | 538 | * dst->child points to the next element of bundle. |
| @@ -878,8 +901,8 @@ static inline int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsig | |||
| 878 | struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp); | 901 | struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp); |
| 879 | extern int xfrm_policy_walk(int (*func)(struct xfrm_policy *, int, int, void*), void *); | 902 | extern int xfrm_policy_walk(int (*func)(struct xfrm_policy *, int, int, void*), void *); |
| 880 | int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); | 903 | int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); |
| 881 | struct xfrm_policy *xfrm_policy_bysel(int dir, struct xfrm_selector *sel, | 904 | struct xfrm_policy *xfrm_policy_bysel_ctx(int dir, struct xfrm_selector *sel, |
| 882 | int delete); | 905 | struct xfrm_sec_ctx *ctx, int delete); |
| 883 | struct xfrm_policy *xfrm_policy_byid(int dir, u32 id, int delete); | 906 | struct xfrm_policy *xfrm_policy_byid(int dir, u32 id, int delete); |
| 884 | void xfrm_policy_flush(void); | 907 | void xfrm_policy_flush(void); |
| 885 | u32 xfrm_get_acqseq(void); | 908 | u32 xfrm_get_acqseq(void); |