aboutsummaryrefslogtreecommitdiffstats
path: root/include/net/xfrm.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r--include/net/xfrm.h85
1 files changed, 59 insertions, 26 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 60c27706e7b9..d74e080ba6c9 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -140,6 +140,7 @@ struct xfrm_state {
140 140
141 struct xfrm_id id; 141 struct xfrm_id id;
142 struct xfrm_selector sel; 142 struct xfrm_selector sel;
143 struct xfrm_mark mark;
143 144
144 u32 genid; 145 u32 genid;
145 146
@@ -274,7 +275,8 @@ struct xfrm_policy_afinfo {
274 struct dst_entry *dst, 275 struct dst_entry *dst,
275 int nfheader_len); 276 int nfheader_len);
276 int (*fill_dst)(struct xfrm_dst *xdst, 277 int (*fill_dst)(struct xfrm_dst *xdst,
277 struct net_device *dev); 278 struct net_device *dev,
279 struct flowi *fl);
278}; 280};
279 281
280extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo); 282extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
@@ -317,8 +319,8 @@ extern void xfrm_state_delete_tunnel(struct xfrm_state *x);
317struct xfrm_type { 319struct xfrm_type {
318 char *description; 320 char *description;
319 struct module *owner; 321 struct module *owner;
320 __u8 proto; 322 u8 proto;
321 __u8 flags; 323 u8 flags;
322#define XFRM_TYPE_NON_FRAGMENT 1 324#define XFRM_TYPE_NON_FRAGMENT 1
323#define XFRM_TYPE_REPLAY_PROT 2 325#define XFRM_TYPE_REPLAY_PROT 2
324#define XFRM_TYPE_LOCAL_COADDR 4 326#define XFRM_TYPE_LOCAL_COADDR 4
@@ -434,24 +436,24 @@ struct xfrm_tmpl {
434 436
435 unsigned short encap_family; 437 unsigned short encap_family;
436 438
437 __u32 reqid; 439 u32 reqid;
438 440
439/* Mode: transport, tunnel etc. */ 441/* Mode: transport, tunnel etc. */
440 __u8 mode; 442 u8 mode;
441 443
442/* Sharing mode: unique, this session only, this user only etc. */ 444/* Sharing mode: unique, this session only, this user only etc. */
443 __u8 share; 445 u8 share;
444 446
445/* May skip this transfomration if no SA is found */ 447/* May skip this transfomration if no SA is found */
446 __u8 optional; 448 u8 optional;
447 449
448/* Skip aalgos/ealgos/calgos checks. */ 450/* Skip aalgos/ealgos/calgos checks. */
449 __u8 allalgs; 451 u8 allalgs;
450 452
451/* Bit mask of algos allowed for acquisition */ 453/* Bit mask of algos allowed for acquisition */
452 __u32 aalgos; 454 u32 aalgos;
453 __u32 ealgos; 455 u32 ealgos;
454 __u32 calgos; 456 u32 calgos;
455}; 457};
456 458
457#define XFRM_MAX_DEPTH 6 459#define XFRM_MAX_DEPTH 6
@@ -481,6 +483,7 @@ struct xfrm_policy {
481 483
482 u32 priority; 484 u32 priority;
483 u32 index; 485 u32 index;
486 struct xfrm_mark mark;
484 struct xfrm_selector selector; 487 struct xfrm_selector selector;
485 struct xfrm_lifetime_cfg lft; 488 struct xfrm_lifetime_cfg lft;
486 struct xfrm_lifetime_cur curlft; 489 struct xfrm_lifetime_cur curlft;
@@ -770,7 +773,7 @@ static __inline__ int addr_match(void *token1, void *token2, int prefixlen)
770 int pdw; 773 int pdw;
771 int pbi; 774 int pbi;
772 775
773 pdw = prefixlen >> 5; /* num of whole __u32 in prefix */ 776 pdw = prefixlen >> 5; /* num of whole u32 in prefix */
774 pbi = prefixlen & 0x1f; /* num of bits in incomplete u32 in prefix */ 777 pbi = prefixlen & 0x1f; /* num of bits in incomplete u32 in prefix */
775 778
776 if (pdw) 779 if (pdw)
@@ -1259,7 +1262,7 @@ struct xfrm_algo_desc {
1259/* XFRM tunnel handlers. */ 1262/* XFRM tunnel handlers. */
1260struct xfrm_tunnel { 1263struct xfrm_tunnel {
1261 int (*handler)(struct sk_buff *skb); 1264 int (*handler)(struct sk_buff *skb);
1262 int (*err_handler)(struct sk_buff *skb, __u32 info); 1265 int (*err_handler)(struct sk_buff *skb, u32 info);
1263 1266
1264 struct xfrm_tunnel *next; 1267 struct xfrm_tunnel *next;
1265 int priority; 1268 int priority;
@@ -1317,7 +1320,7 @@ extern struct xfrm_state *xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t
1317 struct flowi *fl, struct xfrm_tmpl *tmpl, 1320 struct flowi *fl, struct xfrm_tmpl *tmpl,
1318 struct xfrm_policy *pol, int *err, 1321 struct xfrm_policy *pol, int *err,
1319 unsigned short family); 1322 unsigned short family);
1320extern struct xfrm_state * xfrm_stateonly_find(struct net *net, 1323extern struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark,
1321 xfrm_address_t *daddr, 1324 xfrm_address_t *daddr,
1322 xfrm_address_t *saddr, 1325 xfrm_address_t *saddr,
1323 unsigned short family, 1326 unsigned short family,
@@ -1326,8 +1329,14 @@ extern int xfrm_state_check_expire(struct xfrm_state *x);
1326extern void xfrm_state_insert(struct xfrm_state *x); 1329extern void xfrm_state_insert(struct xfrm_state *x);
1327extern int xfrm_state_add(struct xfrm_state *x); 1330extern int xfrm_state_add(struct xfrm_state *x);
1328extern int xfrm_state_update(struct xfrm_state *x); 1331extern int xfrm_state_update(struct xfrm_state *x);
1329extern struct xfrm_state *xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family); 1332extern struct xfrm_state *xfrm_state_lookup(struct net *net, u32 mark,
1330extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family); 1333 xfrm_address_t *daddr, __be32 spi,
1334 u8 proto, unsigned short family);
1335extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, u32 mark,
1336 xfrm_address_t *daddr,
1337 xfrm_address_t *saddr,
1338 u8 proto,
1339 unsigned short family);
1331#ifdef CONFIG_XFRM_SUB_POLICY 1340#ifdef CONFIG_XFRM_SUB_POLICY
1332extern int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, 1341extern int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
1333 int n, unsigned short family); 1342 int n, unsigned short family);
@@ -1364,7 +1373,8 @@ struct xfrmk_spdinfo {
1364 u32 spdhmcnt; 1373 u32 spdhmcnt;
1365}; 1374};
1366 1375
1367extern struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 seq); 1376extern struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark,
1377 u32 seq);
1368extern int xfrm_state_delete(struct xfrm_state *x); 1378extern int xfrm_state_delete(struct xfrm_state *x);
1369extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info); 1379extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info);
1370extern void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si); 1380extern void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si);
@@ -1408,9 +1418,9 @@ extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
1408 xfrm_address_t *saddr, u8 proto); 1418 xfrm_address_t *saddr, u8 proto);
1409extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family); 1419extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family);
1410extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family); 1420extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family);
1411extern __be32 xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr); 1421extern __be32 xfrm6_tunnel_alloc_spi(struct net *net, xfrm_address_t *saddr);
1412extern void xfrm6_tunnel_free_spi(xfrm_address_t *saddr); 1422extern void xfrm6_tunnel_free_spi(struct net *net, xfrm_address_t *saddr);
1413extern __be32 xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr); 1423extern __be32 xfrm6_tunnel_spi_lookup(struct net *net, xfrm_address_t *saddr);
1414extern int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb); 1424extern int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb);
1415extern int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb); 1425extern int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
1416extern int xfrm6_output(struct sk_buff *skb); 1426extern int xfrm6_output(struct sk_buff *skb);
@@ -1441,17 +1451,20 @@ extern int xfrm_policy_walk(struct net *net, struct xfrm_policy_walk *walk,
1441 int (*func)(struct xfrm_policy *, int, int, void*), void *); 1451 int (*func)(struct xfrm_policy *, int, int, void*), void *);
1442extern void xfrm_policy_walk_done(struct xfrm_policy_walk *walk); 1452extern void xfrm_policy_walk_done(struct xfrm_policy_walk *walk);
1443int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); 1453int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);
1444struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u8 type, int dir, 1454struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark,
1455 u8 type, int dir,
1445 struct xfrm_selector *sel, 1456 struct xfrm_selector *sel,
1446 struct xfrm_sec_ctx *ctx, int delete, 1457 struct xfrm_sec_ctx *ctx, int delete,
1447 int *err); 1458 int *err);
1448struct xfrm_policy *xfrm_policy_byid(struct net *net, u8, int dir, u32 id, int delete, int *err); 1459struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir, u32 id, int delete, int *err);
1449int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info); 1460int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info);
1450u32 xfrm_get_acqseq(void); 1461u32 xfrm_get_acqseq(void);
1451extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi); 1462extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
1452struct xfrm_state * xfrm_find_acq(struct net *net, u8 mode, u32 reqid, u8 proto, 1463struct xfrm_state *xfrm_find_acq(struct net *net, struct xfrm_mark *mark,
1453 xfrm_address_t *daddr, xfrm_address_t *saddr, 1464 u8 mode, u32 reqid, u8 proto,
1454 int create, unsigned short family); 1465 xfrm_address_t *daddr,
1466 xfrm_address_t *saddr, int create,
1467 unsigned short family);
1455extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol); 1468extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
1456extern int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *xdst, 1469extern int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *xdst,
1457 struct flowi *fl, int family, int strict); 1470 struct flowi *fl, int family, int strict);
@@ -1500,7 +1513,7 @@ static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b,
1500 switch (family) { 1513 switch (family) {
1501 default: 1514 default:
1502 case AF_INET: 1515 case AF_INET:
1503 return (__force __u32)a->a4 - (__force __u32)b->a4; 1516 return (__force u32)a->a4 - (__force u32)b->a4;
1504 case AF_INET6: 1517 case AF_INET6:
1505 return ipv6_addr_cmp((struct in6_addr *)a, 1518 return ipv6_addr_cmp((struct in6_addr *)a,
1506 (struct in6_addr *)b); 1519 (struct in6_addr *)b);
@@ -1570,4 +1583,24 @@ static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb)
1570} 1583}
1571#endif 1584#endif
1572 1585
1586static inline int xfrm_mark_get(struct nlattr **attrs, struct xfrm_mark *m)
1587{
1588 if (attrs[XFRMA_MARK])
1589 memcpy(m, nla_data(attrs[XFRMA_MARK]), sizeof(m));
1590 else
1591 m->v = m->m = 0;
1592
1593 return m->v & m->m;
1594}
1595
1596static inline int xfrm_mark_put(struct sk_buff *skb, struct xfrm_mark *m)
1597{
1598 if (m->m | m->v)
1599 NLA_PUT(skb, XFRMA_MARK, sizeof(struct xfrm_mark), m);
1600 return 0;
1601
1602nla_put_failure:
1603 return -1;
1604}
1605
1573#endif /* _NET_XFRM_H */ 1606#endif /* _NET_XFRM_H */
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-21 09:41:20 -0500