diff options
Diffstat (limited to 'include/net/xfrm.h')
| -rw-r--r-- | include/net/xfrm.h | 86 |
1 files changed, 59 insertions, 27 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 6d85861ab990..a7df3275b860 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
| @@ -140,6 +140,7 @@ struct xfrm_state { | |||
| 140 | 140 | ||
| 141 | struct xfrm_id id; | 141 | struct xfrm_id id; |
| 142 | struct xfrm_selector sel; | 142 | struct xfrm_selector sel; |
| 143 | struct xfrm_mark mark; | ||
| 143 | 144 | ||
| 144 | u32 genid; | 145 | u32 genid; |
| 145 | 146 | ||
| @@ -317,8 +318,8 @@ extern void xfrm_state_delete_tunnel(struct xfrm_state *x); | |||
| 317 | struct xfrm_type { | 318 | struct xfrm_type { |
| 318 | char *description; | 319 | char *description; |
| 319 | struct module *owner; | 320 | struct module *owner; |
| 320 | __u8 proto; | 321 | u8 proto; |
| 321 | __u8 flags; | 322 | u8 flags; |
| 322 | #define XFRM_TYPE_NON_FRAGMENT 1 | 323 | #define XFRM_TYPE_NON_FRAGMENT 1 |
| 323 | #define XFRM_TYPE_REPLAY_PROT 2 | 324 | #define XFRM_TYPE_REPLAY_PROT 2 |
| 324 | #define XFRM_TYPE_LOCAL_COADDR 4 | 325 | #define XFRM_TYPE_LOCAL_COADDR 4 |
| @@ -434,24 +435,24 @@ struct xfrm_tmpl { | |||
| 434 | 435 | ||
| 435 | unsigned short encap_family; | 436 | unsigned short encap_family; |
| 436 | 437 | ||
| 437 | __u32 reqid; | 438 | u32 reqid; |
| 438 | 439 | ||
| 439 | /* Mode: transport, tunnel etc. */ | 440 | /* Mode: transport, tunnel etc. */ |
| 440 | __u8 mode; | 441 | u8 mode; |
| 441 | 442 | ||
| 442 | /* Sharing mode: unique, this session only, this user only etc. */ | 443 | /* Sharing mode: unique, this session only, this user only etc. */ |
| 443 | __u8 share; | 444 | u8 share; |
| 444 | 445 | ||
| 445 | /* May skip this transfomration if no SA is found */ | 446 | /* May skip this transfomration if no SA is found */ |
| 446 | __u8 optional; | 447 | u8 optional; |
| 447 | 448 | ||
| 448 | /* Skip aalgos/ealgos/calgos checks. */ | 449 | /* Skip aalgos/ealgos/calgos checks. */ |
| 449 | __u8 allalgs; | 450 | u8 allalgs; |
| 450 | 451 | ||
| 451 | /* Bit mask of algos allowed for acquisition */ | 452 | /* Bit mask of algos allowed for acquisition */ |
| 452 | __u32 aalgos; | 453 | u32 aalgos; |
| 453 | __u32 ealgos; | 454 | u32 ealgos; |
| 454 | __u32 calgos; | 455 | u32 calgos; |
| 455 | }; | 456 | }; |
| 456 | 457 | ||
| 457 | #define XFRM_MAX_DEPTH 6 | 458 | #define XFRM_MAX_DEPTH 6 |
| @@ -481,6 +482,7 @@ struct xfrm_policy { | |||
| 481 | 482 | ||
| 482 | u32 priority; | 483 | u32 priority; |
| 483 | u32 index; | 484 | u32 index; |
| 485 | struct xfrm_mark mark; | ||
| 484 | struct xfrm_selector selector; | 486 | struct xfrm_selector selector; |
| 485 | struct xfrm_lifetime_cfg lft; | 487 | struct xfrm_lifetime_cfg lft; |
| 486 | struct xfrm_lifetime_cur curlft; | 488 | struct xfrm_lifetime_cur curlft; |
| @@ -770,7 +772,7 @@ static __inline__ int addr_match(void *token1, void *token2, int prefixlen) | |||
| 770 | int pdw; | 772 | int pdw; |
| 771 | int pbi; | 773 | int pbi; |
| 772 | 774 | ||
| 773 | pdw = prefixlen >> 5; /* num of whole __u32 in prefix */ | 775 | pdw = prefixlen >> 5; /* num of whole u32 in prefix */ |
| 774 | pbi = prefixlen & 0x1f; /* num of bits in incomplete u32 in prefix */ | 776 | pbi = prefixlen & 0x1f; /* num of bits in incomplete u32 in prefix */ |
| 775 | 777 | ||
| 776 | if (pdw) | 778 | if (pdw) |
| @@ -1259,7 +1261,7 @@ struct xfrm_algo_desc { | |||
| 1259 | /* XFRM tunnel handlers. */ | 1261 | /* XFRM tunnel handlers. */ |
| 1260 | struct xfrm_tunnel { | 1262 | struct xfrm_tunnel { |
| 1261 | int (*handler)(struct sk_buff *skb); | 1263 | int (*handler)(struct sk_buff *skb); |
| 1262 | int (*err_handler)(struct sk_buff *skb, __u32 info); | 1264 | int (*err_handler)(struct sk_buff *skb, u32 info); |
| 1263 | 1265 | ||
| 1264 | struct xfrm_tunnel *next; | 1266 | struct xfrm_tunnel *next; |
| 1265 | int priority; | 1267 | int priority; |
| @@ -1317,7 +1319,7 @@ extern struct xfrm_state *xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t | |||
| 1317 | struct flowi *fl, struct xfrm_tmpl *tmpl, | 1319 | struct flowi *fl, struct xfrm_tmpl *tmpl, |
| 1318 | struct xfrm_policy *pol, int *err, | 1320 | struct xfrm_policy *pol, int *err, |
| 1319 | unsigned short family); | 1321 | unsigned short family); |
| 1320 | extern struct xfrm_state * xfrm_stateonly_find(struct net *net, | 1322 | extern struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark, |
| 1321 | xfrm_address_t *daddr, | 1323 | xfrm_address_t *daddr, |
| 1322 | xfrm_address_t *saddr, | 1324 | xfrm_address_t *saddr, |
| 1323 | unsigned short family, | 1325 | unsigned short family, |
| @@ -1326,8 +1328,14 @@ extern int xfrm_state_check_expire(struct xfrm_state *x); | |||
| 1326 | extern void xfrm_state_insert(struct xfrm_state *x); | 1328 | extern void xfrm_state_insert(struct xfrm_state *x); |
| 1327 | extern int xfrm_state_add(struct xfrm_state *x); | 1329 | extern int xfrm_state_add(struct xfrm_state *x); |
| 1328 | extern int xfrm_state_update(struct xfrm_state *x); | 1330 | extern int xfrm_state_update(struct xfrm_state *x); |
| 1329 | extern struct xfrm_state *xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family); | 1331 | extern struct xfrm_state *xfrm_state_lookup(struct net *net, u32 mark, |
| 1330 | extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family); | 1332 | xfrm_address_t *daddr, __be32 spi, |
| 1333 | u8 proto, unsigned short family); | ||
| 1334 | extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, u32 mark, | ||
| 1335 | xfrm_address_t *daddr, | ||
| 1336 | xfrm_address_t *saddr, | ||
| 1337 | u8 proto, | ||
| 1338 | unsigned short family); | ||
| 1331 | #ifdef CONFIG_XFRM_SUB_POLICY | 1339 | #ifdef CONFIG_XFRM_SUB_POLICY |
| 1332 | extern int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, | 1340 | extern int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, |
| 1333 | int n, unsigned short family); | 1341 | int n, unsigned short family); |
| @@ -1364,11 +1372,12 @@ struct xfrmk_spdinfo { | |||
| 1364 | u32 spdhmcnt; | 1372 | u32 spdhmcnt; |
| 1365 | }; | 1373 | }; |
| 1366 | 1374 | ||
| 1367 | extern struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 seq); | 1375 | extern struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark, |
| 1376 | u32 seq); | ||
| 1368 | extern int xfrm_state_delete(struct xfrm_state *x); | 1377 | extern int xfrm_state_delete(struct xfrm_state *x); |
| 1369 | extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info); | 1378 | extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info); |
| 1370 | extern void xfrm_sad_getinfo(struct xfrmk_sadinfo *si); | 1379 | extern void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si); |
| 1371 | extern void xfrm_spd_getinfo(struct xfrmk_spdinfo *si); | 1380 | extern void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si); |
| 1372 | extern int xfrm_replay_check(struct xfrm_state *x, | 1381 | extern int xfrm_replay_check(struct xfrm_state *x, |
| 1373 | struct sk_buff *skb, __be32 seq); | 1382 | struct sk_buff *skb, __be32 seq); |
| 1374 | extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq); | 1383 | extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq); |
| @@ -1408,9 +1417,9 @@ extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr, | |||
| 1408 | xfrm_address_t *saddr, u8 proto); | 1417 | xfrm_address_t *saddr, u8 proto); |
| 1409 | extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family); | 1418 | extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family); |
| 1410 | extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family); | 1419 | extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family); |
| 1411 | extern __be32 xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr); | 1420 | extern __be32 xfrm6_tunnel_alloc_spi(struct net *net, xfrm_address_t *saddr); |
| 1412 | extern void xfrm6_tunnel_free_spi(xfrm_address_t *saddr); | 1421 | extern void xfrm6_tunnel_free_spi(struct net *net, xfrm_address_t *saddr); |
| 1413 | extern __be32 xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr); | 1422 | extern __be32 xfrm6_tunnel_spi_lookup(struct net *net, xfrm_address_t *saddr); |
| 1414 | extern int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb); | 1423 | extern int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb); |
| 1415 | extern int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb); | 1424 | extern int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb); |
| 1416 | extern int xfrm6_output(struct sk_buff *skb); | 1425 | extern int xfrm6_output(struct sk_buff *skb); |
| @@ -1441,17 +1450,20 @@ extern int xfrm_policy_walk(struct net *net, struct xfrm_policy_walk *walk, | |||
| 1441 | int (*func)(struct xfrm_policy *, int, int, void*), void *); | 1450 | int (*func)(struct xfrm_policy *, int, int, void*), void *); |
| 1442 | extern void xfrm_policy_walk_done(struct xfrm_policy_walk *walk); | 1451 | extern void xfrm_policy_walk_done(struct xfrm_policy_walk *walk); |
| 1443 | int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); | 1452 | int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); |
| 1444 | struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u8 type, int dir, | 1453 | struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, |
| 1454 | u8 type, int dir, | ||
| 1445 | struct xfrm_selector *sel, | 1455 | struct xfrm_selector *sel, |
| 1446 | struct xfrm_sec_ctx *ctx, int delete, | 1456 | struct xfrm_sec_ctx *ctx, int delete, |
| 1447 | int *err); | 1457 | int *err); |
| 1448 | struct xfrm_policy *xfrm_policy_byid(struct net *net, u8, int dir, u32 id, int delete, int *err); | 1458 | struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir, u32 id, int delete, int *err); |
| 1449 | int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info); | 1459 | int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info); |
| 1450 | u32 xfrm_get_acqseq(void); | 1460 | u32 xfrm_get_acqseq(void); |
| 1451 | extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi); | 1461 | extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi); |
| 1452 | struct xfrm_state * xfrm_find_acq(struct net *net, u8 mode, u32 reqid, u8 proto, | 1462 | struct xfrm_state *xfrm_find_acq(struct net *net, struct xfrm_mark *mark, |
| 1453 | xfrm_address_t *daddr, xfrm_address_t *saddr, | 1463 | u8 mode, u32 reqid, u8 proto, |
| 1454 | int create, unsigned short family); | 1464 | xfrm_address_t *daddr, |
| 1465 | xfrm_address_t *saddr, int create, | ||
| 1466 | unsigned short family); | ||
| 1455 | extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol); | 1467 | extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol); |
| 1456 | extern int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *xdst, | 1468 | extern int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *xdst, |
| 1457 | struct flowi *fl, int family, int strict); | 1469 | struct flowi *fl, int family, int strict); |
| @@ -1500,7 +1512,7 @@ static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b, | |||
| 1500 | switch (family) { | 1512 | switch (family) { |
| 1501 | default: | 1513 | default: |
| 1502 | case AF_INET: | 1514 | case AF_INET: |
| 1503 | return (__force __u32)a->a4 - (__force __u32)b->a4; | 1515 | return (__force u32)a->a4 - (__force u32)b->a4; |
| 1504 | case AF_INET6: | 1516 | case AF_INET6: |
| 1505 | return ipv6_addr_cmp((struct in6_addr *)a, | 1517 | return ipv6_addr_cmp((struct in6_addr *)a, |
| 1506 | (struct in6_addr *)b); | 1518 | (struct in6_addr *)b); |
| @@ -1570,4 +1582,24 @@ static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb) | |||
| 1570 | } | 1582 | } |
| 1571 | #endif | 1583 | #endif |
| 1572 | 1584 | ||
| 1585 | static inline int xfrm_mark_get(struct nlattr **attrs, struct xfrm_mark *m) | ||
| 1586 | { | ||
| 1587 | if (attrs[XFRMA_MARK]) | ||
| 1588 | memcpy(m, nla_data(attrs[XFRMA_MARK]), sizeof(m)); | ||
| 1589 | else | ||
| 1590 | m->v = m->m = 0; | ||
| 1591 | |||
| 1592 | return m->v & m->m; | ||
| 1593 | } | ||
| 1594 | |||
| 1595 | static inline int xfrm_mark_put(struct sk_buff *skb, struct xfrm_mark *m) | ||
| 1596 | { | ||
| 1597 | if (m->m | m->v) | ||
| 1598 | NLA_PUT(skb, XFRMA_MARK, sizeof(struct xfrm_mark), m); | ||
| 1599 | return 0; | ||
| 1600 | |||
| 1601 | nla_put_failure: | ||
| 1602 | return -1; | ||
| 1603 | } | ||
| 1604 | |||
| 1573 | #endif /* _NET_XFRM_H */ | 1605 | #endif /* _NET_XFRM_H */ |