aboutsummaryrefslogtreecommitdiffstats
path: root/include/net/xfrm.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r--include/net/xfrm.h110
1 files changed, 69 insertions, 41 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 11c890ad8ebb..2e9f5c0018ae 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -38,22 +38,15 @@
38 MODULE_ALIAS("xfrm-type-" __stringify(family) "-" __stringify(proto)) 38 MODULE_ALIAS("xfrm-type-" __stringify(family) "-" __stringify(proto))
39 39
40#ifdef CONFIG_XFRM_STATISTICS 40#ifdef CONFIG_XFRM_STATISTICS
41DECLARE_SNMP_STAT(struct linux_xfrm_mib, xfrm_statistics); 41#define XFRM_INC_STATS(net, field) SNMP_INC_STATS((net)->mib.xfrm_statistics, field)
42#define XFRM_INC_STATS(field) SNMP_INC_STATS(xfrm_statistics, field) 42#define XFRM_INC_STATS_BH(net, field) SNMP_INC_STATS_BH((net)->mib.xfrm_statistics, field)
43#define XFRM_INC_STATS_BH(field) SNMP_INC_STATS_BH(xfrm_statistics, field) 43#define XFRM_INC_STATS_USER(net, field) SNMP_INC_STATS_USER((net)-mib.xfrm_statistics, field)
44#define XFRM_INC_STATS_USER(field) SNMP_INC_STATS_USER(xfrm_statistics, field)
45#else 44#else
46#define XFRM_INC_STATS(field) 45#define XFRM_INC_STATS(net, field) ((void)(net))
47#define XFRM_INC_STATS_BH(field) 46#define XFRM_INC_STATS_BH(net, field) ((void)(net))
48#define XFRM_INC_STATS_USER(field) 47#define XFRM_INC_STATS_USER(net, field) ((void)(net))
49#endif 48#endif
50 49
51extern struct sock *xfrm_nl;
52extern u32 sysctl_xfrm_aevent_etime;
53extern u32 sysctl_xfrm_aevent_rseqth;
54extern int sysctl_xfrm_larval_drop;
55extern u32 sysctl_xfrm_acq_expires;
56
57extern struct mutex xfrm_cfg_mutex; 50extern struct mutex xfrm_cfg_mutex;
58 51
59/* Organization of SPD aka "XFRM rules" 52/* Organization of SPD aka "XFRM rules"
@@ -130,6 +123,9 @@ struct xfrm_state_walk {
130/* Full description of state of transformer. */ 123/* Full description of state of transformer. */
131struct xfrm_state 124struct xfrm_state
132{ 125{
126#ifdef CONFIG_NET_NS
127 struct net *xs_net;
128#endif
133 union { 129 union {
134 struct hlist_node gclist; 130 struct hlist_node gclist;
135 struct hlist_node bydst; 131 struct hlist_node bydst;
@@ -223,6 +219,11 @@ struct xfrm_state
223 void *data; 219 void *data;
224}; 220};
225 221
222static inline struct net *xs_net(struct xfrm_state *x)
223{
224 return read_pnet(&x->xs_net);
225}
226
226/* xflags - make enum if more show up */ 227/* xflags - make enum if more show up */
227#define XFRM_TIME_DEFER 1 228#define XFRM_TIME_DEFER 1
228 229
@@ -249,6 +250,7 @@ struct km_event
249 u32 seq; 250 u32 seq;
250 u32 pid; 251 u32 pid;
251 u32 event; 252 u32 event;
253 struct net *net;
252}; 254};
253 255
254struct net_device; 256struct net_device;
@@ -257,10 +259,11 @@ struct xfrm_dst;
257struct xfrm_policy_afinfo { 259struct xfrm_policy_afinfo {
258 unsigned short family; 260 unsigned short family;
259 struct dst_ops *dst_ops; 261 struct dst_ops *dst_ops;
260 void (*garbage_collect)(void); 262 void (*garbage_collect)(struct net *net);
261 struct dst_entry *(*dst_lookup)(int tos, xfrm_address_t *saddr, 263 struct dst_entry *(*dst_lookup)(struct net *net, int tos,
264 xfrm_address_t *saddr,
262 xfrm_address_t *daddr); 265 xfrm_address_t *daddr);
263 int (*get_saddr)(xfrm_address_t *saddr, xfrm_address_t *daddr); 266 int (*get_saddr)(struct net *net, xfrm_address_t *saddr, xfrm_address_t *daddr);
264 struct dst_entry *(*find_bundle)(struct flowi *fl, struct xfrm_policy *policy); 267 struct dst_entry *(*find_bundle)(struct flowi *fl, struct xfrm_policy *policy);
265 void (*decode_session)(struct sk_buff *skb, 268 void (*decode_session)(struct sk_buff *skb,
266 struct flowi *fl, 269 struct flowi *fl,
@@ -467,7 +470,9 @@ struct xfrm_policy_walk {
467 470
468struct xfrm_policy 471struct xfrm_policy
469{ 472{
470 struct xfrm_policy *next; 473#ifdef CONFIG_NET_NS
474 struct net *xp_net;
475#endif
471 struct hlist_node bydst; 476 struct hlist_node bydst;
472 struct hlist_node byidx; 477 struct hlist_node byidx;
473 478
@@ -492,6 +497,11 @@ struct xfrm_policy
492 struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; 497 struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH];
493}; 498};
494 499
500static inline struct net *xp_net(struct xfrm_policy *xp)
501{
502 return read_pnet(&xp->xp_net);
503}
504
495struct xfrm_kmaddress { 505struct xfrm_kmaddress {
496 xfrm_address_t local; 506 xfrm_address_t local;
497 xfrm_address_t remote; 507 xfrm_address_t remote;
@@ -537,15 +547,13 @@ struct xfrm_mgr
537 struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir); 547 struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir);
538 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport); 548 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
539 int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c); 549 int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c);
540 int (*report)(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr); 550 int (*report)(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
541 int (*migrate)(struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles, struct xfrm_kmaddress *k); 551 int (*migrate)(struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles, struct xfrm_kmaddress *k);
542}; 552};
543 553
544extern int xfrm_register_km(struct xfrm_mgr *km); 554extern int xfrm_register_km(struct xfrm_mgr *km);
545extern int xfrm_unregister_km(struct xfrm_mgr *km); 555extern int xfrm_unregister_km(struct xfrm_mgr *km);
546 556
547extern unsigned int xfrm_policy_count[XFRM_POLICY_MAX*2];
548
549/* 557/*
550 * This structure is used for the duration where packets are being 558 * This structure is used for the duration where packets are being
551 * transformed by IPsec. As soon as the packet leaves IPsec the 559 * transformed by IPsec. As soon as the packet leaves IPsec the
@@ -882,6 +890,7 @@ struct xfrm_dst
882 u32 path_cookie; 890 u32 path_cookie;
883}; 891};
884 892
893#ifdef CONFIG_XFRM
885static inline void xfrm_dst_destroy(struct xfrm_dst *xdst) 894static inline void xfrm_dst_destroy(struct xfrm_dst *xdst)
886{ 895{
887 dst_release(xdst->route); 896 dst_release(xdst->route);
@@ -894,6 +903,7 @@ static inline void xfrm_dst_destroy(struct xfrm_dst *xdst)
894 xdst->partner = NULL; 903 xdst->partner = NULL;
895#endif 904#endif
896} 905}
906#endif
897 907
898extern void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev); 908extern void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev);
899 909
@@ -977,12 +987,13 @@ static inline int __xfrm_policy_check2(struct sock *sk, int dir,
977 struct sk_buff *skb, 987 struct sk_buff *skb,
978 unsigned int family, int reverse) 988 unsigned int family, int reverse)
979{ 989{
990 struct net *net = dev_net(skb->dev);
980 int ndir = dir | (reverse ? XFRM_POLICY_MASK + 1 : 0); 991 int ndir = dir | (reverse ? XFRM_POLICY_MASK + 1 : 0);
981 992
982 if (sk && sk->sk_policy[XFRM_POLICY_IN]) 993 if (sk && sk->sk_policy[XFRM_POLICY_IN])
983 return __xfrm_policy_check(sk, ndir, skb, family); 994 return __xfrm_policy_check(sk, ndir, skb, family);
984 995
985 return (!xfrm_policy_count[dir] && !skb->sp) || 996 return (!net->xfrm.policy_count[dir] && !skb->sp) ||
986 (skb->dst->flags & DST_NOPOLICY) || 997 (skb->dst->flags & DST_NOPOLICY) ||
987 __xfrm_policy_check(sk, ndir, skb, family); 998 __xfrm_policy_check(sk, ndir, skb, family);
988} 999}
@@ -1034,7 +1045,9 @@ extern int __xfrm_route_forward(struct sk_buff *skb, unsigned short family);
1034 1045
1035static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family) 1046static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family)
1036{ 1047{
1037 return !xfrm_policy_count[XFRM_POLICY_OUT] || 1048 struct net *net = dev_net(skb->dev);
1049
1050 return !net->xfrm.policy_count[XFRM_POLICY_OUT] ||
1038 (skb->dst->flags & DST_NOXFRM) || 1051 (skb->dst->flags & DST_NOXFRM) ||
1039 __xfrm_route_forward(skb, family); 1052 __xfrm_route_forward(skb, family);
1040} 1053}
@@ -1268,7 +1281,8 @@ struct xfrm6_tunnel {
1268 1281
1269extern void xfrm_init(void); 1282extern void xfrm_init(void);
1270extern void xfrm4_init(void); 1283extern void xfrm4_init(void);
1271extern void xfrm_state_init(void); 1284extern int xfrm_state_init(struct net *net);
1285extern void xfrm_state_fini(struct net *net);
1272extern void xfrm4_state_init(void); 1286extern void xfrm4_state_init(void);
1273#ifdef CONFIG_XFRM 1287#ifdef CONFIG_XFRM
1274extern int xfrm6_init(void); 1288extern int xfrm6_init(void);
@@ -1287,19 +1301,30 @@ static inline void xfrm6_fini(void)
1287#endif 1301#endif
1288 1302
1289#ifdef CONFIG_XFRM_STATISTICS 1303#ifdef CONFIG_XFRM_STATISTICS
1290extern int xfrm_proc_init(void); 1304extern int xfrm_proc_init(struct net *net);
1305extern void xfrm_proc_fini(struct net *net);
1306#endif
1307
1308extern int xfrm_sysctl_init(struct net *net);
1309#ifdef CONFIG_SYSCTL
1310extern void xfrm_sysctl_fini(struct net *net);
1311#else
1312static inline void xfrm_sysctl_fini(struct net *net)
1313{
1314}
1291#endif 1315#endif
1292 1316
1293extern void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto); 1317extern void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto);
1294extern int xfrm_state_walk(struct xfrm_state_walk *walk, 1318extern int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
1295 int (*func)(struct xfrm_state *, int, void*), void *); 1319 int (*func)(struct xfrm_state *, int, void*), void *);
1296extern void xfrm_state_walk_done(struct xfrm_state_walk *walk); 1320extern void xfrm_state_walk_done(struct xfrm_state_walk *walk);
1297extern struct xfrm_state *xfrm_state_alloc(void); 1321extern struct xfrm_state *xfrm_state_alloc(struct net *net);
1298extern struct xfrm_state *xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 1322extern struct xfrm_state *xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
1299 struct flowi *fl, struct xfrm_tmpl *tmpl, 1323 struct flowi *fl, struct xfrm_tmpl *tmpl,
1300 struct xfrm_policy *pol, int *err, 1324 struct xfrm_policy *pol, int *err,
1301 unsigned short family); 1325 unsigned short family);
1302extern struct xfrm_state * xfrm_stateonly_find(xfrm_address_t *daddr, 1326extern struct xfrm_state * xfrm_stateonly_find(struct net *net,
1327 xfrm_address_t *daddr,
1303 xfrm_address_t *saddr, 1328 xfrm_address_t *saddr,
1304 unsigned short family, 1329 unsigned short family,
1305 u8 mode, u8 proto, u32 reqid); 1330 u8 mode, u8 proto, u32 reqid);
@@ -1307,8 +1332,8 @@ extern int xfrm_state_check_expire(struct xfrm_state *x);
1307extern void xfrm_state_insert(struct xfrm_state *x); 1332extern void xfrm_state_insert(struct xfrm_state *x);
1308extern int xfrm_state_add(struct xfrm_state *x); 1333extern int xfrm_state_add(struct xfrm_state *x);
1309extern int xfrm_state_update(struct xfrm_state *x); 1334extern int xfrm_state_update(struct xfrm_state *x);
1310extern struct xfrm_state *xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family); 1335extern struct xfrm_state *xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family);
1311extern struct xfrm_state *xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family); 1336extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family);
1312#ifdef CONFIG_XFRM_SUB_POLICY 1337#ifdef CONFIG_XFRM_SUB_POLICY
1313extern int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, 1338extern int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
1314 int n, unsigned short family); 1339 int n, unsigned short family);
@@ -1345,9 +1370,9 @@ struct xfrmk_spdinfo {
1345 u32 spdhmcnt; 1370 u32 spdhmcnt;
1346}; 1371};
1347 1372
1348extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq); 1373extern struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 seq);
1349extern int xfrm_state_delete(struct xfrm_state *x); 1374extern int xfrm_state_delete(struct xfrm_state *x);
1350extern int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info); 1375extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info);
1351extern void xfrm_sad_getinfo(struct xfrmk_sadinfo *si); 1376extern void xfrm_sad_getinfo(struct xfrmk_sadinfo *si);
1352extern void xfrm_spd_getinfo(struct xfrmk_spdinfo *si); 1377extern void xfrm_spd_getinfo(struct xfrmk_spdinfo *si);
1353extern int xfrm_replay_check(struct xfrm_state *x, 1378extern int xfrm_replay_check(struct xfrm_state *x,
@@ -1415,22 +1440,22 @@ static inline int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb)
1415} 1440}
1416#endif 1441#endif
1417 1442
1418struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp); 1443struct xfrm_policy *xfrm_policy_alloc(struct net *net, gfp_t gfp);
1419 1444
1420extern void xfrm_policy_walk_init(struct xfrm_policy_walk *walk, u8 type); 1445extern void xfrm_policy_walk_init(struct xfrm_policy_walk *walk, u8 type);
1421extern int xfrm_policy_walk(struct xfrm_policy_walk *walk, 1446extern int xfrm_policy_walk(struct net *net, struct xfrm_policy_walk *walk,
1422 int (*func)(struct xfrm_policy *, int, int, void*), void *); 1447 int (*func)(struct xfrm_policy *, int, int, void*), void *);
1423extern void xfrm_policy_walk_done(struct xfrm_policy_walk *walk); 1448extern void xfrm_policy_walk_done(struct xfrm_policy_walk *walk);
1424int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); 1449int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);
1425struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, 1450struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u8 type, int dir,
1426 struct xfrm_selector *sel, 1451 struct xfrm_selector *sel,
1427 struct xfrm_sec_ctx *ctx, int delete, 1452 struct xfrm_sec_ctx *ctx, int delete,
1428 int *err); 1453 int *err);
1429struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete, int *err); 1454struct xfrm_policy *xfrm_policy_byid(struct net *net, u8, int dir, u32 id, int delete, int *err);
1430int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info); 1455int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info);
1431u32 xfrm_get_acqseq(void); 1456u32 xfrm_get_acqseq(void);
1432extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi); 1457extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
1433struct xfrm_state * xfrm_find_acq(u8 mode, u32 reqid, u8 proto, 1458struct xfrm_state * xfrm_find_acq(struct net *net, u8 mode, u32 reqid, u8 proto,
1434 xfrm_address_t *daddr, xfrm_address_t *saddr, 1459 xfrm_address_t *daddr, xfrm_address_t *saddr,
1435 int create, unsigned short family); 1460 int create, unsigned short family);
1436extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol); 1461extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
@@ -1449,10 +1474,9 @@ extern int xfrm_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1449 struct xfrm_kmaddress *k); 1474 struct xfrm_kmaddress *k);
1450#endif 1475#endif
1451 1476
1452extern wait_queue_head_t km_waitq;
1453extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport); 1477extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
1454extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid); 1478extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid);
1455extern int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr); 1479extern int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
1456 1480
1457extern void xfrm_input_init(void); 1481extern void xfrm_input_init(void);
1458extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq); 1482extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq);
@@ -1497,18 +1521,20 @@ static inline int xfrm_policy_id2dir(u32 index)
1497 return index & 7; 1521 return index & 7;
1498} 1522}
1499 1523
1500static inline int xfrm_aevent_is_on(void) 1524#ifdef CONFIG_XFRM
1525static inline int xfrm_aevent_is_on(struct net *net)
1501{ 1526{
1502 struct sock *nlsk; 1527 struct sock *nlsk;
1503 int ret = 0; 1528 int ret = 0;
1504 1529
1505 rcu_read_lock(); 1530 rcu_read_lock();
1506 nlsk = rcu_dereference(xfrm_nl); 1531 nlsk = rcu_dereference(net->xfrm.nlsk);
1507 if (nlsk) 1532 if (nlsk)
1508 ret = netlink_has_listeners(nlsk, XFRMNLGRP_AEVENTS); 1533 ret = netlink_has_listeners(nlsk, XFRMNLGRP_AEVENTS);
1509 rcu_read_unlock(); 1534 rcu_read_unlock();
1510 return ret; 1535 return ret;
1511} 1536}
1537#endif
1512 1538
1513static inline int xfrm_alg_len(struct xfrm_algo *alg) 1539static inline int xfrm_alg_len(struct xfrm_algo *alg)
1514{ 1540{
@@ -1536,9 +1562,11 @@ static inline void xfrm_states_delete(struct xfrm_state **states, int n)
1536} 1562}
1537#endif 1563#endif
1538 1564
1565#ifdef CONFIG_XFRM
1539static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb) 1566static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb)
1540{ 1567{
1541 return skb->sp->xvec[skb->sp->len - 1]; 1568 return skb->sp->xvec[skb->sp->len - 1];
1542} 1569}
1570#endif
1543 1571
1544#endif /* _NET_XFRM_H */ 1572#endif /* _NET_XFRM_H */
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-29 19:50:33 -0500