aboutsummaryrefslogtreecommitdiffstats
path: root/include/net/xfrm.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r--include/net/xfrm.h66
1 files changed, 19 insertions, 47 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 737fdb2ee8a4..15ec19dcf9c8 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -310,6 +310,8 @@ struct xfrm_tmpl
310/* Source address of tunnel. Ignored, if it is not a tunnel. */ 310/* Source address of tunnel. Ignored, if it is not a tunnel. */
311 xfrm_address_t saddr; 311 xfrm_address_t saddr;
312 312
313 unsigned short encap_family;
314
313 __u32 reqid; 315 __u32 reqid;
314 316
315/* Mode: transport, tunnel etc. */ 317/* Mode: transport, tunnel etc. */
@@ -340,18 +342,19 @@ struct xfrm_policy
340 atomic_t refcnt; 342 atomic_t refcnt;
341 struct timer_list timer; 343 struct timer_list timer;
342 344
343 u8 type;
344 u32 priority; 345 u32 priority;
345 u32 index; 346 u32 index;
346 struct xfrm_selector selector; 347 struct xfrm_selector selector;
347 struct xfrm_lifetime_cfg lft; 348 struct xfrm_lifetime_cfg lft;
348 struct xfrm_lifetime_cur curlft; 349 struct xfrm_lifetime_cur curlft;
349 struct dst_entry *bundles; 350 struct dst_entry *bundles;
350 __u16 family; 351 u16 family;
351 __u8 action; 352 u8 type;
352 __u8 flags; 353 u8 action;
353 __u8 dead; 354 u8 flags;
354 __u8 xfrm_nr; 355 u8 dead;
356 u8 xfrm_nr;
357 /* XXX 1 byte hole, try to pack */
355 struct xfrm_sec_ctx *security; 358 struct xfrm_sec_ctx *security;
356 struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; 359 struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH];
357}; 360};
@@ -379,7 +382,7 @@ struct xfrm_mgr
379 int (*notify)(struct xfrm_state *x, struct km_event *c); 382 int (*notify)(struct xfrm_state *x, struct km_event *c);
380 int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir); 383 int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir);
381 struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir); 384 struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir);
382 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport); 385 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
383 int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c); 386 int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c);
384 int (*report)(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr); 387 int (*report)(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
385}; 388};
@@ -468,6 +471,7 @@ __be16 xfrm_flowi_sport(struct flowi *fl)
468 switch(fl->proto) { 471 switch(fl->proto) {
469 case IPPROTO_TCP: 472 case IPPROTO_TCP:
470 case IPPROTO_UDP: 473 case IPPROTO_UDP:
474 case IPPROTO_UDPLITE:
471 case IPPROTO_SCTP: 475 case IPPROTO_SCTP:
472 port = fl->fl_ip_sport; 476 port = fl->fl_ip_sport;
473 break; 477 break;
@@ -493,6 +497,7 @@ __be16 xfrm_flowi_dport(struct flowi *fl)
493 switch(fl->proto) { 497 switch(fl->proto) {
494 case IPPROTO_TCP: 498 case IPPROTO_TCP:
495 case IPPROTO_UDP: 499 case IPPROTO_UDP:
500 case IPPROTO_UDPLITE:
496 case IPPROTO_SCTP: 501 case IPPROTO_SCTP:
497 port = fl->fl_ip_dport; 502 port = fl->fl_ip_dport;
498 break; 503 break;
@@ -506,40 +511,8 @@ __be16 xfrm_flowi_dport(struct flowi *fl)
506 return port; 511 return port;
507} 512}
508 513
509static inline int 514extern int xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl,
510__xfrm4_selector_match(struct xfrm_selector *sel, struct flowi *fl) 515 unsigned short family);
511{
512 return addr_match(&fl->fl4_dst, &sel->daddr, sel->prefixlen_d) &&
513 addr_match(&fl->fl4_src, &sel->saddr, sel->prefixlen_s) &&
514 !((xfrm_flowi_dport(fl) ^ sel->dport) & sel->dport_mask) &&
515 !((xfrm_flowi_sport(fl) ^ sel->sport) & sel->sport_mask) &&
516 (fl->proto == sel->proto || !sel->proto) &&
517 (fl->oif == sel->ifindex || !sel->ifindex);
518}
519
520static inline int
521__xfrm6_selector_match(struct xfrm_selector *sel, struct flowi *fl)
522{
523 return addr_match(&fl->fl6_dst, &sel->daddr, sel->prefixlen_d) &&
524 addr_match(&fl->fl6_src, &sel->saddr, sel->prefixlen_s) &&
525 !((xfrm_flowi_dport(fl) ^ sel->dport) & sel->dport_mask) &&
526 !((xfrm_flowi_sport(fl) ^ sel->sport) & sel->sport_mask) &&
527 (fl->proto == sel->proto || !sel->proto) &&
528 (fl->oif == sel->ifindex || !sel->ifindex);
529}
530
531static inline int
532xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl,
533 unsigned short family)
534{
535 switch (family) {
536 case AF_INET:
537 return __xfrm4_selector_match(sel, fl);
538 case AF_INET6:
539 return __xfrm6_selector_match(sel, fl);
540 }
541 return 0;
542}
543 516
544#ifdef CONFIG_SECURITY_NETWORK_XFRM 517#ifdef CONFIG_SECURITY_NETWORK_XFRM
545/* If neither has a context --> match 518/* If neither has a context --> match
@@ -887,8 +860,7 @@ struct xfrm_tunnel {
887struct xfrm6_tunnel { 860struct xfrm6_tunnel {
888 int (*handler)(struct sk_buff *skb); 861 int (*handler)(struct sk_buff *skb);
889 int (*err_handler)(struct sk_buff *skb, struct inet6_skb_parm *opt, 862 int (*err_handler)(struct sk_buff *skb, struct inet6_skb_parm *opt,
890 int type, int code, int offset, __u32 info); 863 int type, int code, int offset, __be32 info);
891
892 struct xfrm6_tunnel *next; 864 struct xfrm6_tunnel *next;
893 int priority; 865 int priority;
894}; 866};
@@ -951,9 +923,9 @@ extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
951 xfrm_address_t *saddr, u8 proto); 923 xfrm_address_t *saddr, u8 proto);
952extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler); 924extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler);
953extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler); 925extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler);
954extern u32 xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr); 926extern __be32 xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr);
955extern void xfrm6_tunnel_free_spi(xfrm_address_t *saddr); 927extern void xfrm6_tunnel_free_spi(xfrm_address_t *saddr);
956extern u32 xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr); 928extern __be32 xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr);
957extern int xfrm6_output(struct sk_buff *skb); 929extern int xfrm6_output(struct sk_buff *skb);
958extern int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb, 930extern int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
959 u8 **prevhdr); 931 u8 **prevhdr);
@@ -1000,7 +972,7 @@ extern int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *xdst,
1000extern void xfrm_init_pmtu(struct dst_entry *dst); 972extern void xfrm_init_pmtu(struct dst_entry *dst);
1001 973
1002extern wait_queue_head_t km_waitq; 974extern wait_queue_head_t km_waitq;
1003extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport); 975extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
1004extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid); 976extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid);
1005extern int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr); 977extern int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
1006 978
@@ -1033,7 +1005,7 @@ static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b,
1033 switch (family) { 1005 switch (family) {
1034 default: 1006 default:
1035 case AF_INET: 1007 case AF_INET:
1036 return a->a4 - b->a4; 1008 return (__force __u32)a->a4 - (__force __u32)b->a4;
1037 case AF_INET6: 1009 case AF_INET6:
1038 return ipv6_addr_cmp((struct in6_addr *)a, 1010 return ipv6_addr_cmp((struct in6_addr *)a,
1039 (struct in6_addr *)b); 1011 (struct in6_addr *)b);
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-24 07:22:49 -0500