diff options
Diffstat (limited to 'include/net/xfrm.h')
| -rw-r--r-- | include/net/xfrm.h | 40 |
1 files changed, 25 insertions, 15 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 63445ede48bb..24c8886fd969 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
| @@ -501,6 +501,12 @@ struct xfrm_policy_walk { | |||
| 501 | u32 seq; | 501 | u32 seq; |
| 502 | }; | 502 | }; |
| 503 | 503 | ||
| 504 | struct xfrm_policy_queue { | ||
| 505 | struct sk_buff_head hold_queue; | ||
| 506 | struct timer_list hold_timer; | ||
| 507 | unsigned long timeout; | ||
| 508 | }; | ||
| 509 | |||
| 504 | struct xfrm_policy { | 510 | struct xfrm_policy { |
| 505 | #ifdef CONFIG_NET_NS | 511 | #ifdef CONFIG_NET_NS |
| 506 | struct net *xp_net; | 512 | struct net *xp_net; |
| @@ -522,6 +528,7 @@ struct xfrm_policy { | |||
| 522 | struct xfrm_lifetime_cfg lft; | 528 | struct xfrm_lifetime_cfg lft; |
| 523 | struct xfrm_lifetime_cur curlft; | 529 | struct xfrm_lifetime_cur curlft; |
| 524 | struct xfrm_policy_walk_entry walk; | 530 | struct xfrm_policy_walk_entry walk; |
| 531 | struct xfrm_policy_queue polq; | ||
| 525 | u8 type; | 532 | u8 type; |
| 526 | u8 action; | 533 | u8 action; |
| 527 | u8 flags; | 534 | u8 flags; |
| @@ -557,10 +564,6 @@ struct xfrm_migrate { | |||
| 557 | }; | 564 | }; |
| 558 | 565 | ||
| 559 | #define XFRM_KM_TIMEOUT 30 | 566 | #define XFRM_KM_TIMEOUT 30 |
| 560 | /* which seqno */ | ||
| 561 | #define XFRM_REPLAY_SEQ 1 | ||
| 562 | #define XFRM_REPLAY_OSEQ 2 | ||
| 563 | #define XFRM_REPLAY_SEQ_MASK 3 | ||
| 564 | /* what happened */ | 567 | /* what happened */ |
| 565 | #define XFRM_REPLAY_UPDATE XFRM_AE_CR | 568 | #define XFRM_REPLAY_UPDATE XFRM_AE_CR |
| 566 | #define XFRM_REPLAY_TIMEOUT XFRM_AE_CE | 569 | #define XFRM_REPLAY_TIMEOUT XFRM_AE_CE |
| @@ -1036,7 +1039,7 @@ static inline int | |||
| 1036 | __xfrm6_state_addr_cmp(const struct xfrm_tmpl *tmpl, const struct xfrm_state *x) | 1039 | __xfrm6_state_addr_cmp(const struct xfrm_tmpl *tmpl, const struct xfrm_state *x) |
| 1037 | { | 1040 | { |
| 1038 | return (!ipv6_addr_any((struct in6_addr*)&tmpl->saddr) && | 1041 | return (!ipv6_addr_any((struct in6_addr*)&tmpl->saddr) && |
| 1039 | ipv6_addr_cmp((struct in6_addr *)&tmpl->saddr, (struct in6_addr*)&x->props.saddr)); | 1042 | !ipv6_addr_equal((struct in6_addr *)&tmpl->saddr, (struct in6_addr*)&x->props.saddr)); |
| 1040 | } | 1043 | } |
| 1041 | 1044 | ||
| 1042 | static inline int | 1045 | static inline int |
| @@ -1247,8 +1250,8 @@ static __inline__ int | |||
| 1247 | __xfrm6_state_addr_check(const struct xfrm_state *x, | 1250 | __xfrm6_state_addr_check(const struct xfrm_state *x, |
| 1248 | const xfrm_address_t *daddr, const xfrm_address_t *saddr) | 1251 | const xfrm_address_t *daddr, const xfrm_address_t *saddr) |
| 1249 | { | 1252 | { |
| 1250 | if (!ipv6_addr_cmp((struct in6_addr *)daddr, (struct in6_addr *)&x->id.daddr) && | 1253 | if (ipv6_addr_equal((struct in6_addr *)daddr, (struct in6_addr *)&x->id.daddr) && |
| 1251 | (!ipv6_addr_cmp((struct in6_addr *)saddr, (struct in6_addr *)&x->props.saddr)|| | 1254 | (ipv6_addr_equal((struct in6_addr *)saddr, (struct in6_addr *)&x->props.saddr) || |
| 1252 | ipv6_addr_any((struct in6_addr *)saddr) || | 1255 | ipv6_addr_any((struct in6_addr *)saddr) || |
| 1253 | ipv6_addr_any((struct in6_addr *)&x->props.saddr))) | 1256 | ipv6_addr_any((struct in6_addr *)&x->props.saddr))) |
| 1254 | return 1; | 1257 | return 1; |
| @@ -1324,6 +1327,7 @@ struct xfrm_algo_desc { | |||
| 1324 | char *name; | 1327 | char *name; |
| 1325 | char *compat; | 1328 | char *compat; |
| 1326 | u8 available:1; | 1329 | u8 available:1; |
| 1330 | u8 pfkey_supported:1; | ||
| 1327 | union { | 1331 | union { |
| 1328 | struct xfrm_algo_aead_info aead; | 1332 | struct xfrm_algo_aead_info aead; |
| 1329 | struct xfrm_algo_auth_info auth; | 1333 | struct xfrm_algo_auth_info auth; |
| @@ -1565,8 +1569,8 @@ extern void xfrm_input_init(void); | |||
| 1565 | extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq); | 1569 | extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq); |
| 1566 | 1570 | ||
| 1567 | extern void xfrm_probe_algs(void); | 1571 | extern void xfrm_probe_algs(void); |
| 1568 | extern int xfrm_count_auth_supported(void); | 1572 | extern int xfrm_count_pfkey_auth_supported(void); |
| 1569 | extern int xfrm_count_enc_supported(void); | 1573 | extern int xfrm_count_pfkey_enc_supported(void); |
| 1570 | extern struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx); | 1574 | extern struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx); |
| 1571 | extern struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx); | 1575 | extern struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx); |
| 1572 | extern struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id); | 1576 | extern struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id); |
| @@ -1578,17 +1582,23 @@ extern struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe); | |||
| 1578 | extern struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len, | 1582 | extern struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len, |
| 1579 | int probe); | 1583 | int probe); |
| 1580 | 1584 | ||
| 1581 | static inline int xfrm_addr_cmp(const xfrm_address_t *a, | 1585 | static inline bool xfrm6_addr_equal(const xfrm_address_t *a, |
| 1582 | const xfrm_address_t *b, | 1586 | const xfrm_address_t *b) |
| 1583 | int family) | 1587 | { |
| 1588 | return ipv6_addr_equal((const struct in6_addr *)a, | ||
| 1589 | (const struct in6_addr *)b); | ||
| 1590 | } | ||
| 1591 | |||
| 1592 | static inline bool xfrm_addr_equal(const xfrm_address_t *a, | ||
| 1593 | const xfrm_address_t *b, | ||
| 1594 | sa_family_t family) | ||
| 1584 | { | 1595 | { |
| 1585 | switch (family) { | 1596 | switch (family) { |
| 1586 | default: | 1597 | default: |
| 1587 | case AF_INET: | 1598 | case AF_INET: |
| 1588 | return (__force u32)a->a4 - (__force u32)b->a4; | 1599 | return ((__force u32)a->a4 ^ (__force u32)b->a4) == 0; |
| 1589 | case AF_INET6: | 1600 | case AF_INET6: |
| 1590 | return ipv6_addr_cmp((const struct in6_addr *)a, | 1601 | return xfrm6_addr_equal(a, b); |
| 1591 | (const struct in6_addr *)b); | ||
| 1592 | } | 1602 | } |
| 1593 | } | 1603 | } |
| 1594 | 1604 | ||