aboutsummaryrefslogtreecommitdiffstats
path: root/include/net/xfrm.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r--include/net/xfrm.h213
1 files changed, 129 insertions, 84 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index b9f385da758e..42a8c32a10e2 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -36,6 +36,7 @@
36#define XFRM_PROTO_ROUTING IPPROTO_ROUTING 36#define XFRM_PROTO_ROUTING IPPROTO_ROUTING
37#define XFRM_PROTO_DSTOPTS IPPROTO_DSTOPTS 37#define XFRM_PROTO_DSTOPTS IPPROTO_DSTOPTS
38 38
39#define XFRM_ALIGN4(len) (((len) + 3) & ~3)
39#define XFRM_ALIGN8(len) (((len) + 7) & ~7) 40#define XFRM_ALIGN8(len) (((len) + 7) & ~7)
40#define MODULE_ALIAS_XFRM_MODE(family, encap) \ 41#define MODULE_ALIAS_XFRM_MODE(family, encap) \
41 MODULE_ALIAS("xfrm-mode-" __stringify(family) "-" __stringify(encap)) 42 MODULE_ALIAS("xfrm-mode-" __stringify(family) "-" __stringify(encap))
@@ -185,9 +186,14 @@ struct xfrm_state {
185 186
186 /* State for replay detection */ 187 /* State for replay detection */
187 struct xfrm_replay_state replay; 188 struct xfrm_replay_state replay;
189 struct xfrm_replay_state_esn *replay_esn;
188 190
189 /* Replay detection state at the time we sent the last notification */ 191 /* Replay detection state at the time we sent the last notification */
190 struct xfrm_replay_state preplay; 192 struct xfrm_replay_state preplay;
193 struct xfrm_replay_state_esn *preplay_esn;
194
195 /* The functions for replay detection. */
196 struct xfrm_replay *repl;
191 197
192 /* internal flag that only holds state for delayed aevent at the 198 /* internal flag that only holds state for delayed aevent at the
193 * moment 199 * moment
@@ -258,6 +264,15 @@ struct km_event {
258 struct net *net; 264 struct net *net;
259}; 265};
260 266
267struct xfrm_replay {
268 void (*advance)(struct xfrm_state *x, __be32 net_seq);
269 int (*check)(struct xfrm_state *x,
270 struct sk_buff *skb,
271 __be32 net_seq);
272 void (*notify)(struct xfrm_state *x, int event);
273 int (*overflow)(struct xfrm_state *x, struct sk_buff *skb);
274};
275
261struct net_device; 276struct net_device;
262struct xfrm_type; 277struct xfrm_type;
263struct xfrm_dst; 278struct xfrm_dst;
@@ -266,25 +281,26 @@ struct xfrm_policy_afinfo {
266 struct dst_ops *dst_ops; 281 struct dst_ops *dst_ops;
267 void (*garbage_collect)(struct net *net); 282 void (*garbage_collect)(struct net *net);
268 struct dst_entry *(*dst_lookup)(struct net *net, int tos, 283 struct dst_entry *(*dst_lookup)(struct net *net, int tos,
269 xfrm_address_t *saddr, 284 const xfrm_address_t *saddr,
270 xfrm_address_t *daddr); 285 const xfrm_address_t *daddr);
271 int (*get_saddr)(struct net *net, xfrm_address_t *saddr, xfrm_address_t *daddr); 286 int (*get_saddr)(struct net *net, xfrm_address_t *saddr, xfrm_address_t *daddr);
272 void (*decode_session)(struct sk_buff *skb, 287 void (*decode_session)(struct sk_buff *skb,
273 struct flowi *fl, 288 struct flowi *fl,
274 int reverse); 289 int reverse);
275 int (*get_tos)(struct flowi *fl); 290 int (*get_tos)(const struct flowi *fl);
276 int (*init_path)(struct xfrm_dst *path, 291 int (*init_path)(struct xfrm_dst *path,
277 struct dst_entry *dst, 292 struct dst_entry *dst,
278 int nfheader_len); 293 int nfheader_len);
279 int (*fill_dst)(struct xfrm_dst *xdst, 294 int (*fill_dst)(struct xfrm_dst *xdst,
280 struct net_device *dev, 295 struct net_device *dev,
281 struct flowi *fl); 296 const struct flowi *fl);
297 struct dst_entry *(*blackhole_route)(struct net *net, struct dst_entry *orig);
282}; 298};
283 299
284extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo); 300extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
285extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo); 301extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo);
286extern void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c); 302extern void km_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c);
287extern void km_state_notify(struct xfrm_state *x, struct km_event *c); 303extern void km_state_notify(struct xfrm_state *x, const struct km_event *c);
288 304
289struct xfrm_tmpl; 305struct xfrm_tmpl;
290extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); 306extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
@@ -299,9 +315,12 @@ struct xfrm_state_afinfo {
299 const struct xfrm_type *type_map[IPPROTO_MAX]; 315 const struct xfrm_type *type_map[IPPROTO_MAX];
300 struct xfrm_mode *mode_map[XFRM_MODE_MAX]; 316 struct xfrm_mode *mode_map[XFRM_MODE_MAX];
301 int (*init_flags)(struct xfrm_state *x); 317 int (*init_flags)(struct xfrm_state *x);
302 void (*init_tempsel)(struct xfrm_selector *sel, struct flowi *fl); 318 void (*init_tempsel)(struct xfrm_selector *sel,
303 void (*init_temprop)(struct xfrm_state *x, struct xfrm_tmpl *tmpl, 319 const struct flowi *fl);
304 xfrm_address_t *daddr, xfrm_address_t *saddr); 320 void (*init_temprop)(struct xfrm_state *x,
321 const struct xfrm_tmpl *tmpl,
322 const xfrm_address_t *daddr,
323 const xfrm_address_t *saddr);
305 int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n); 324 int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n);
306 int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n); 325 int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n);
307 int (*output)(struct sk_buff *skb); 326 int (*output)(struct sk_buff *skb);
@@ -332,7 +351,8 @@ struct xfrm_type {
332 void (*destructor)(struct xfrm_state *); 351 void (*destructor)(struct xfrm_state *);
333 int (*input)(struct xfrm_state *, struct sk_buff *skb); 352 int (*input)(struct xfrm_state *, struct sk_buff *skb);
334 int (*output)(struct xfrm_state *, struct sk_buff *pskb); 353 int (*output)(struct xfrm_state *, struct sk_buff *pskb);
335 int (*reject)(struct xfrm_state *, struct sk_buff *, struct flowi *); 354 int (*reject)(struct xfrm_state *, struct sk_buff *,
355 const struct flowi *);
336 int (*hdr_offset)(struct xfrm_state *, struct sk_buff *, u8 **); 356 int (*hdr_offset)(struct xfrm_state *, struct sk_buff *, u8 **);
337 /* Estimate maximal size of result of transformation of a dgram */ 357 /* Estimate maximal size of result of transformation of a dgram */
338 u32 (*get_mtu)(struct xfrm_state *, int size); 358 u32 (*get_mtu)(struct xfrm_state *, int size);
@@ -501,7 +521,7 @@ struct xfrm_policy {
501 struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; 521 struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH];
502}; 522};
503 523
504static inline struct net *xp_net(struct xfrm_policy *xp) 524static inline struct net *xp_net(const struct xfrm_policy *xp)
505{ 525{
506 return read_pnet(&xp->xp_net); 526 return read_pnet(&xp->xp_net);
507} 527}
@@ -545,13 +565,17 @@ struct xfrm_migrate {
545struct xfrm_mgr { 565struct xfrm_mgr {
546 struct list_head list; 566 struct list_head list;
547 char *id; 567 char *id;
548 int (*notify)(struct xfrm_state *x, struct km_event *c); 568 int (*notify)(struct xfrm_state *x, const struct km_event *c);
549 int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir); 569 int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir);
550 struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir); 570 struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir);
551 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport); 571 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
552 int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c); 572 int (*notify_policy)(struct xfrm_policy *x, int dir, const struct km_event *c);
553 int (*report)(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr); 573 int (*report)(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
554 int (*migrate)(struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles, struct xfrm_kmaddress *k); 574 int (*migrate)(const struct xfrm_selector *sel,
575 u8 dir, u8 type,
576 const struct xfrm_migrate *m,
577 int num_bundles,
578 const struct xfrm_kmaddress *k);
555}; 579};
556 580
557extern int xfrm_register_km(struct xfrm_mgr *km); 581extern int xfrm_register_km(struct xfrm_mgr *km);
@@ -570,8 +594,14 @@ struct xfrm_skb_cb {
570 594
571 /* Sequence number for replay protection. */ 595 /* Sequence number for replay protection. */
572 union { 596 union {
573 u64 output; 597 struct {
574 __be32 input; 598 __u32 low;
599 __u32 hi;
600 } output;
601 struct {
602 __be32 low;
603 __be32 hi;
604 } input;
575 } seq; 605 } seq;
576}; 606};
577 607
@@ -675,6 +705,8 @@ extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
675 u32 auid, u32 ses, u32 secid); 705 u32 auid, u32 ses, u32 secid);
676extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x, 706extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
677 struct sk_buff *skb); 707 struct sk_buff *skb);
708extern void xfrm_audit_state_replay(struct xfrm_state *x,
709 struct sk_buff *skb, __be32 net_seq);
678extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family); 710extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
679extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family, 711extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
680 __be32 net_spi, __be32 net_seq); 712 __be32 net_spi, __be32 net_seq);
@@ -707,6 +739,11 @@ static inline void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
707{ 739{
708} 740}
709 741
742static inline void xfrm_audit_state_replay(struct xfrm_state *x,
743 struct sk_buff *skb, __be32 net_seq)
744{
745}
746
710static inline void xfrm_audit_state_notfound_simple(struct sk_buff *skb, 747static inline void xfrm_audit_state_notfound_simple(struct sk_buff *skb,
711 u16 family) 748 u16 family)
712{ 749{
@@ -762,10 +799,11 @@ static inline void xfrm_state_hold(struct xfrm_state *x)
762 atomic_inc(&x->refcnt); 799 atomic_inc(&x->refcnt);
763} 800}
764 801
765static __inline__ int addr_match(void *token1, void *token2, int prefixlen) 802static inline bool addr_match(const void *token1, const void *token2,
803 int prefixlen)
766{ 804{
767 __be32 *a1 = token1; 805 const __be32 *a1 = token1;
768 __be32 *a2 = token2; 806 const __be32 *a2 = token2;
769 int pdw; 807 int pdw;
770 int pbi; 808 int pbi;
771 809
@@ -774,7 +812,7 @@ static __inline__ int addr_match(void *token1, void *token2, int prefixlen)
774 812
775 if (pdw) 813 if (pdw)
776 if (memcmp(a1, a2, pdw << 2)) 814 if (memcmp(a1, a2, pdw << 2))
777 return 0; 815 return false;
778 816
779 if (pbi) { 817 if (pbi) {
780 __be32 mask; 818 __be32 mask;
@@ -782,32 +820,32 @@ static __inline__ int addr_match(void *token1, void *token2, int prefixlen)
782 mask = htonl((0xffffffff) << (32 - pbi)); 820 mask = htonl((0xffffffff) << (32 - pbi));
783 821
784 if ((a1[pdw] ^ a2[pdw]) & mask) 822 if ((a1[pdw] ^ a2[pdw]) & mask)
785 return 0; 823 return false;
786 } 824 }
787 825
788 return 1; 826 return true;
789} 827}
790 828
791static __inline__ 829static __inline__
792__be16 xfrm_flowi_sport(struct flowi *fl) 830__be16 xfrm_flowi_sport(const struct flowi *fl, const union flowi_uli *uli)
793{ 831{
794 __be16 port; 832 __be16 port;
795 switch(fl->proto) { 833 switch(fl->flowi_proto) {
796 case IPPROTO_TCP: 834 case IPPROTO_TCP:
797 case IPPROTO_UDP: 835 case IPPROTO_UDP:
798 case IPPROTO_UDPLITE: 836 case IPPROTO_UDPLITE:
799 case IPPROTO_SCTP: 837 case IPPROTO_SCTP:
800 port = fl->fl_ip_sport; 838 port = uli->ports.sport;
801 break; 839 break;
802 case IPPROTO_ICMP: 840 case IPPROTO_ICMP:
803 case IPPROTO_ICMPV6: 841 case IPPROTO_ICMPV6:
804 port = htons(fl->fl_icmp_type); 842 port = htons(uli->icmpt.type);
805 break; 843 break;
806 case IPPROTO_MH: 844 case IPPROTO_MH:
807 port = htons(fl->fl_mh_type); 845 port = htons(uli->mht.type);
808 break; 846 break;
809 case IPPROTO_GRE: 847 case IPPROTO_GRE:
810 port = htons(ntohl(fl->fl_gre_key) >> 16); 848 port = htons(ntohl(uli->gre_key) >> 16);
811 break; 849 break;
812 default: 850 default:
813 port = 0; /*XXX*/ 851 port = 0; /*XXX*/
@@ -816,22 +854,22 @@ __be16 xfrm_flowi_sport(struct flowi *fl)
816} 854}
817 855
818static __inline__ 856static __inline__
819__be16 xfrm_flowi_dport(struct flowi *fl) 857__be16 xfrm_flowi_dport(const struct flowi *fl, const union flowi_uli *uli)
820{ 858{
821 __be16 port; 859 __be16 port;
822 switch(fl->proto) { 860 switch(fl->flowi_proto) {
823 case IPPROTO_TCP: 861 case IPPROTO_TCP:
824 case IPPROTO_UDP: 862 case IPPROTO_UDP:
825 case IPPROTO_UDPLITE: 863 case IPPROTO_UDPLITE:
826 case IPPROTO_SCTP: 864 case IPPROTO_SCTP:
827 port = fl->fl_ip_dport; 865 port = uli->ports.dport;
828 break; 866 break;
829 case IPPROTO_ICMP: 867 case IPPROTO_ICMP:
830 case IPPROTO_ICMPV6: 868 case IPPROTO_ICMPV6:
831 port = htons(fl->fl_icmp_code); 869 port = htons(uli->icmpt.code);
832 break; 870 break;
833 case IPPROTO_GRE: 871 case IPPROTO_GRE:
834 port = htons(ntohl(fl->fl_gre_key) & 0xffff); 872 port = htons(ntohl(uli->gre_key) & 0xffff);
835 break; 873 break;
836 default: 874 default:
837 port = 0; /*XXX*/ 875 port = 0; /*XXX*/
@@ -839,7 +877,8 @@ __be16 xfrm_flowi_dport(struct flowi *fl)
839 return port; 877 return port;
840} 878}
841 879
842extern int xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl, 880extern int xfrm_selector_match(const struct xfrm_selector *sel,
881 const struct flowi *fl,
843 unsigned short family); 882 unsigned short family);
844 883
845#ifdef CONFIG_SECURITY_NETWORK_XFRM 884#ifdef CONFIG_SECURITY_NETWORK_XFRM
@@ -947,7 +986,7 @@ secpath_reset(struct sk_buff *skb)
947} 986}
948 987
949static inline int 988static inline int
950xfrm_addr_any(xfrm_address_t *addr, unsigned short family) 989xfrm_addr_any(const xfrm_address_t *addr, unsigned short family)
951{ 990{
952 switch (family) { 991 switch (family) {
953 case AF_INET: 992 case AF_INET:
@@ -959,21 +998,21 @@ xfrm_addr_any(xfrm_address_t *addr, unsigned short family)
959} 998}
960 999
961static inline int 1000static inline int
962__xfrm4_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x) 1001__xfrm4_state_addr_cmp(const struct xfrm_tmpl *tmpl, const struct xfrm_state *x)
963{ 1002{
964 return (tmpl->saddr.a4 && 1003 return (tmpl->saddr.a4 &&
965 tmpl->saddr.a4 != x->props.saddr.a4); 1004 tmpl->saddr.a4 != x->props.saddr.a4);
966} 1005}
967 1006
968static inline int 1007static inline int
969__xfrm6_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x) 1008__xfrm6_state_addr_cmp(const struct xfrm_tmpl *tmpl, const struct xfrm_state *x)
970{ 1009{
971 return (!ipv6_addr_any((struct in6_addr*)&tmpl->saddr) && 1010 return (!ipv6_addr_any((struct in6_addr*)&tmpl->saddr) &&
972 ipv6_addr_cmp((struct in6_addr *)&tmpl->saddr, (struct in6_addr*)&x->props.saddr)); 1011 ipv6_addr_cmp((struct in6_addr *)&tmpl->saddr, (struct in6_addr*)&x->props.saddr));
973} 1012}
974 1013
975static inline int 1014static inline int
976xfrm_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x, unsigned short family) 1015xfrm_state_addr_cmp(const struct xfrm_tmpl *tmpl, const struct xfrm_state *x, unsigned short family)
977{ 1016{
978 switch (family) { 1017 switch (family) {
979 case AF_INET: 1018 case AF_INET:
@@ -1126,49 +1165,49 @@ static inline int xfrm6_policy_check_reverse(struct sock *sk, int dir,
1126#endif 1165#endif
1127 1166
1128static __inline__ 1167static __inline__
1129xfrm_address_t *xfrm_flowi_daddr(struct flowi *fl, unsigned short family) 1168xfrm_address_t *xfrm_flowi_daddr(const struct flowi *fl, unsigned short family)
1130{ 1169{
1131 switch (family){ 1170 switch (family){
1132 case AF_INET: 1171 case AF_INET:
1133 return (xfrm_address_t *)&fl->fl4_dst; 1172 return (xfrm_address_t *)&fl->u.ip4.daddr;
1134 case AF_INET6: 1173 case AF_INET6:
1135 return (xfrm_address_t *)&fl->fl6_dst; 1174 return (xfrm_address_t *)&fl->u.ip6.daddr;
1136 } 1175 }
1137 return NULL; 1176 return NULL;
1138} 1177}
1139 1178
1140static __inline__ 1179static __inline__
1141xfrm_address_t *xfrm_flowi_saddr(struct flowi *fl, unsigned short family) 1180xfrm_address_t *xfrm_flowi_saddr(const struct flowi *fl, unsigned short family)
1142{ 1181{
1143 switch (family){ 1182 switch (family){
1144 case AF_INET: 1183 case AF_INET:
1145 return (xfrm_address_t *)&fl->fl4_src; 1184 return (xfrm_address_t *)&fl->u.ip4.saddr;
1146 case AF_INET6: 1185 case AF_INET6:
1147 return (xfrm_address_t *)&fl->fl6_src; 1186 return (xfrm_address_t *)&fl->u.ip6.saddr;
1148 } 1187 }
1149 return NULL; 1188 return NULL;
1150} 1189}
1151 1190
1152static __inline__ 1191static __inline__
1153void xfrm_flowi_addr_get(struct flowi *fl, 1192void xfrm_flowi_addr_get(const struct flowi *fl,
1154 xfrm_address_t *saddr, xfrm_address_t *daddr, 1193 xfrm_address_t *saddr, xfrm_address_t *daddr,
1155 unsigned short family) 1194 unsigned short family)
1156{ 1195{
1157 switch(family) { 1196 switch(family) {
1158 case AF_INET: 1197 case AF_INET:
1159 memcpy(&saddr->a4, &fl->fl4_src, sizeof(saddr->a4)); 1198 memcpy(&saddr->a4, &fl->u.ip4.saddr, sizeof(saddr->a4));
1160 memcpy(&daddr->a4, &fl->fl4_dst, sizeof(daddr->a4)); 1199 memcpy(&daddr->a4, &fl->u.ip4.daddr, sizeof(daddr->a4));
1161 break; 1200 break;
1162 case AF_INET6: 1201 case AF_INET6:
1163 ipv6_addr_copy((struct in6_addr *)&saddr->a6, &fl->fl6_src); 1202 ipv6_addr_copy((struct in6_addr *)&saddr->a6, &fl->u.ip6.saddr);
1164 ipv6_addr_copy((struct in6_addr *)&daddr->a6, &fl->fl6_dst); 1203 ipv6_addr_copy((struct in6_addr *)&daddr->a6, &fl->u.ip6.daddr);
1165 break; 1204 break;
1166 } 1205 }
1167} 1206}
1168 1207
1169static __inline__ int 1208static __inline__ int
1170__xfrm4_state_addr_check(struct xfrm_state *x, 1209__xfrm4_state_addr_check(const struct xfrm_state *x,
1171 xfrm_address_t *daddr, xfrm_address_t *saddr) 1210 const xfrm_address_t *daddr, const xfrm_address_t *saddr)
1172{ 1211{
1173 if (daddr->a4 == x->id.daddr.a4 && 1212 if (daddr->a4 == x->id.daddr.a4 &&
1174 (saddr->a4 == x->props.saddr.a4 || !saddr->a4 || !x->props.saddr.a4)) 1213 (saddr->a4 == x->props.saddr.a4 || !saddr->a4 || !x->props.saddr.a4))
@@ -1177,8 +1216,8 @@ __xfrm4_state_addr_check(struct xfrm_state *x,
1177} 1216}
1178 1217
1179static __inline__ int 1218static __inline__ int
1180__xfrm6_state_addr_check(struct xfrm_state *x, 1219__xfrm6_state_addr_check(const struct xfrm_state *x,
1181 xfrm_address_t *daddr, xfrm_address_t *saddr) 1220 const xfrm_address_t *daddr, const xfrm_address_t *saddr)
1182{ 1221{
1183 if (!ipv6_addr_cmp((struct in6_addr *)daddr, (struct in6_addr *)&x->id.daddr) && 1222 if (!ipv6_addr_cmp((struct in6_addr *)daddr, (struct in6_addr *)&x->id.daddr) &&
1184 (!ipv6_addr_cmp((struct in6_addr *)saddr, (struct in6_addr *)&x->props.saddr)|| 1223 (!ipv6_addr_cmp((struct in6_addr *)saddr, (struct in6_addr *)&x->props.saddr)||
@@ -1189,8 +1228,8 @@ __xfrm6_state_addr_check(struct xfrm_state *x,
1189} 1228}
1190 1229
1191static __inline__ int 1230static __inline__ int
1192xfrm_state_addr_check(struct xfrm_state *x, 1231xfrm_state_addr_check(const struct xfrm_state *x,
1193 xfrm_address_t *daddr, xfrm_address_t *saddr, 1232 const xfrm_address_t *daddr, const xfrm_address_t *saddr,
1194 unsigned short family) 1233 unsigned short family)
1195{ 1234{
1196 switch (family) { 1235 switch (family) {
@@ -1203,23 +1242,23 @@ xfrm_state_addr_check(struct xfrm_state *x,
1203} 1242}
1204 1243
1205static __inline__ int 1244static __inline__ int
1206xfrm_state_addr_flow_check(struct xfrm_state *x, struct flowi *fl, 1245xfrm_state_addr_flow_check(const struct xfrm_state *x, const struct flowi *fl,
1207 unsigned short family) 1246 unsigned short family)
1208{ 1247{
1209 switch (family) { 1248 switch (family) {
1210 case AF_INET: 1249 case AF_INET:
1211 return __xfrm4_state_addr_check(x, 1250 return __xfrm4_state_addr_check(x,
1212 (xfrm_address_t *)&fl->fl4_dst, 1251 (const xfrm_address_t *)&fl->u.ip4.daddr,
1213 (xfrm_address_t *)&fl->fl4_src); 1252 (const xfrm_address_t *)&fl->u.ip4.saddr);
1214 case AF_INET6: 1253 case AF_INET6:
1215 return __xfrm6_state_addr_check(x, 1254 return __xfrm6_state_addr_check(x,
1216 (xfrm_address_t *)&fl->fl6_dst, 1255 (const xfrm_address_t *)&fl->u.ip6.daddr,
1217 (xfrm_address_t *)&fl->fl6_src); 1256 (const xfrm_address_t *)&fl->u.ip6.saddr);
1218 } 1257 }
1219 return 0; 1258 return 0;
1220} 1259}
1221 1260
1222static inline int xfrm_state_kern(struct xfrm_state *x) 1261static inline int xfrm_state_kern(const struct xfrm_state *x)
1223{ 1262{
1224 return atomic_read(&x->tunnel_users); 1263 return atomic_read(&x->tunnel_users);
1225} 1264}
@@ -1323,8 +1362,10 @@ extern int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
1323 int (*func)(struct xfrm_state *, int, void*), void *); 1362 int (*func)(struct xfrm_state *, int, void*), void *);
1324extern void xfrm_state_walk_done(struct xfrm_state_walk *walk); 1363extern void xfrm_state_walk_done(struct xfrm_state_walk *walk);
1325extern struct xfrm_state *xfrm_state_alloc(struct net *net); 1364extern struct xfrm_state *xfrm_state_alloc(struct net *net);
1326extern struct xfrm_state *xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 1365extern struct xfrm_state *xfrm_state_find(const xfrm_address_t *daddr,
1327 struct flowi *fl, struct xfrm_tmpl *tmpl, 1366 const xfrm_address_t *saddr,
1367 const struct flowi *fl,
1368 struct xfrm_tmpl *tmpl,
1328 struct xfrm_policy *pol, int *err, 1369 struct xfrm_policy *pol, int *err,
1329 unsigned short family); 1370 unsigned short family);
1330extern struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark, 1371extern struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark,
@@ -1337,11 +1378,11 @@ extern void xfrm_state_insert(struct xfrm_state *x);
1337extern int xfrm_state_add(struct xfrm_state *x); 1378extern int xfrm_state_add(struct xfrm_state *x);
1338extern int xfrm_state_update(struct xfrm_state *x); 1379extern int xfrm_state_update(struct xfrm_state *x);
1339extern struct xfrm_state *xfrm_state_lookup(struct net *net, u32 mark, 1380extern struct xfrm_state *xfrm_state_lookup(struct net *net, u32 mark,
1340 xfrm_address_t *daddr, __be32 spi, 1381 const xfrm_address_t *daddr, __be32 spi,
1341 u8 proto, unsigned short family); 1382 u8 proto, unsigned short family);
1342extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, u32 mark, 1383extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, u32 mark,
1343 xfrm_address_t *daddr, 1384 const xfrm_address_t *daddr,
1344 xfrm_address_t *saddr, 1385 const xfrm_address_t *saddr,
1345 u8 proto, 1386 u8 proto,
1346 unsigned short family); 1387 unsigned short family);
1347#ifdef CONFIG_XFRM_SUB_POLICY 1388#ifdef CONFIG_XFRM_SUB_POLICY
@@ -1386,10 +1427,8 @@ extern int xfrm_state_delete(struct xfrm_state *x);
1386extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info); 1427extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info);
1387extern void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si); 1428extern void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si);
1388extern void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si); 1429extern void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si);
1389extern int xfrm_replay_check(struct xfrm_state *x, 1430extern u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq);
1390 struct sk_buff *skb, __be32 seq); 1431extern int xfrm_init_replay(struct xfrm_state *x);
1391extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq);
1392extern void xfrm_replay_notify(struct xfrm_state *x, int event);
1393extern int xfrm_state_mtu(struct xfrm_state *x, int mtu); 1432extern int xfrm_state_mtu(struct xfrm_state *x, int mtu);
1394extern int xfrm_init_state(struct xfrm_state *x); 1433extern int xfrm_init_state(struct xfrm_state *x);
1395extern int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb); 1434extern int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb);
@@ -1468,19 +1507,19 @@ u32 xfrm_get_acqseq(void);
1468extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi); 1507extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
1469struct xfrm_state *xfrm_find_acq(struct net *net, struct xfrm_mark *mark, 1508struct xfrm_state *xfrm_find_acq(struct net *net, struct xfrm_mark *mark,
1470 u8 mode, u32 reqid, u8 proto, 1509 u8 mode, u32 reqid, u8 proto,
1471 xfrm_address_t *daddr, 1510 const xfrm_address_t *daddr,
1472 xfrm_address_t *saddr, int create, 1511 const xfrm_address_t *saddr, int create,
1473 unsigned short family); 1512 unsigned short family);
1474extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol); 1513extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
1475 1514
1476#ifdef CONFIG_XFRM_MIGRATE 1515#ifdef CONFIG_XFRM_MIGRATE
1477extern int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1516extern int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
1478 struct xfrm_migrate *m, int num_bundles, 1517 const struct xfrm_migrate *m, int num_bundles,
1479 struct xfrm_kmaddress *k); 1518 const struct xfrm_kmaddress *k);
1480extern struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m); 1519extern struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m);
1481extern struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x, 1520extern struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1482 struct xfrm_migrate *m); 1521 struct xfrm_migrate *m);
1483extern int xfrm_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1522extern int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
1484 struct xfrm_migrate *m, int num_bundles, 1523 struct xfrm_migrate *m, int num_bundles,
1485 struct xfrm_kmaddress *k); 1524 struct xfrm_kmaddress *k);
1486#endif 1525#endif
@@ -1500,10 +1539,10 @@ extern struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx);
1500extern struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id); 1539extern struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id);
1501extern struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id); 1540extern struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id);
1502extern struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id); 1541extern struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id);
1503extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe); 1542extern struct xfrm_algo_desc *xfrm_aalg_get_byname(const char *name, int probe);
1504extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe); 1543extern struct xfrm_algo_desc *xfrm_ealg_get_byname(const char *name, int probe);
1505extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe); 1544extern struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe);
1506extern struct xfrm_algo_desc *xfrm_aead_get_byname(char *name, int icv_len, 1545extern struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len,
1507 int probe); 1546 int probe);
1508 1547
1509struct hash_desc; 1548struct hash_desc;
@@ -1511,7 +1550,8 @@ struct scatterlist;
1511typedef int (icv_update_fn_t)(struct hash_desc *, struct scatterlist *, 1550typedef int (icv_update_fn_t)(struct hash_desc *, struct scatterlist *,
1512 unsigned int); 1551 unsigned int);
1513 1552
1514static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b, 1553static inline int xfrm_addr_cmp(const xfrm_address_t *a,
1554 const xfrm_address_t *b,
1515 int family) 1555 int family)
1516{ 1556{
1517 switch (family) { 1557 switch (family) {
@@ -1544,16 +1584,21 @@ static inline int xfrm_aevent_is_on(struct net *net)
1544} 1584}
1545#endif 1585#endif
1546 1586
1547static inline int xfrm_alg_len(struct xfrm_algo *alg) 1587static inline int xfrm_alg_len(const struct xfrm_algo *alg)
1548{ 1588{
1549 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8); 1589 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
1550} 1590}
1551 1591
1552static inline int xfrm_alg_auth_len(struct xfrm_algo_auth *alg) 1592static inline int xfrm_alg_auth_len(const struct xfrm_algo_auth *alg)
1553{ 1593{
1554 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8); 1594 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
1555} 1595}
1556 1596
1597static inline int xfrm_replay_state_esn_len(struct xfrm_replay_state_esn *replay_esn)
1598{
1599 return sizeof(*replay_esn) + replay_esn->bmp_len * sizeof(__u32);
1600}
1601
1557#ifdef CONFIG_XFRM_MIGRATE 1602#ifdef CONFIG_XFRM_MIGRATE
1558static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig) 1603static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig)
1559{ 1604{
@@ -1597,7 +1642,7 @@ static inline int xfrm_mark_get(struct nlattr **attrs, struct xfrm_mark *m)
1597 return m->v & m->m; 1642 return m->v & m->m;
1598} 1643}
1599 1644
1600static inline int xfrm_mark_put(struct sk_buff *skb, struct xfrm_mark *m) 1645static inline int xfrm_mark_put(struct sk_buff *skb, const struct xfrm_mark *m)
1601{ 1646{
1602 if (m->m | m->v) 1647 if (m->m | m->v)
1603 NLA_PUT(skb, XFRMA_MARK, sizeof(struct xfrm_mark), m); 1648 NLA_PUT(skb, XFRMA_MARK, sizeof(struct xfrm_mark), m);
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-23 17:03:14 -0500