aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
Diffstat (limited to 'include/net')
-rw-r--r--include/net/act_api.h136
-rw-r--r--include/net/act_generic.h142
-rw-r--r--include/net/addrconf.h13
-rw-r--r--include/net/ah.h30
-rw-r--r--include/net/cipso_ipv4.h246
-rw-r--r--include/net/dn_fib.h18
-rw-r--r--include/net/dst.h1
-rw-r--r--include/net/esp.h36
-rw-r--r--include/net/fib_rules.h97
-rw-r--r--include/net/flow.h16
-rw-r--r--include/net/genetlink.h7
-rw-r--r--include/net/if_inet6.h1
-rw-r--r--include/net/inet_connection_sock.h3
-rw-r--r--include/net/inet_hashtables.h48
-rw-r--r--include/net/inet_sock.h6
-rw-r--r--include/net/ip6_fib.h113
-rw-r--r--include/net/ip6_route.h43
-rw-r--r--include/net/ip_fib.h104
-rw-r--r--include/net/ipcomp.h5
-rw-r--r--include/net/ipv6.h5
-rw-r--r--include/net/mip6.h61
-rw-r--r--include/net/neighbour.h42
-rw-r--r--include/net/netlabel.h292
-rw-r--r--include/net/netlink.h124
-rw-r--r--include/net/nexthop.h33
-rw-r--r--include/net/pkt_act.h273
-rw-r--r--include/net/request_sock.h1
-rw-r--r--include/net/route.h3
-rw-r--r--include/net/sctp/constants.h17
-rw-r--r--include/net/sctp/sctp.h68
-rw-r--r--include/net/sctp/structs.h15
-rw-r--r--include/net/snmp.h6
-rw-r--r--include/net/sock.h48
-rw-r--r--include/net/tc_act/tc_defact.h13
-rw-r--r--include/net/tc_act/tc_gact.h18
-rw-r--r--include/net/tc_act/tc_ipt.h15
-rw-r--r--include/net/tc_act/tc_mirred.h17
-rw-r--r--include/net/tc_act/tc_pedit.h15
-rw-r--r--include/net/udp.h18
-rw-r--r--include/net/xfrm.h212
40 files changed, 1449 insertions, 912 deletions
diff --git a/include/net/act_api.h b/include/net/act_api.h
index 11e9eaf79f5a..8b06c2f3657f 100644
--- a/include/net/act_api.h
+++ b/include/net/act_api.h
@@ -8,70 +8,110 @@
8#include <net/sch_generic.h> 8#include <net/sch_generic.h>
9#include <net/pkt_sched.h> 9#include <net/pkt_sched.h>
10 10
11#define tca_gen(name) \ 11struct tcf_common {
12struct tcf_##name *next; \ 12 struct tcf_common *tcfc_next;
13 u32 index; \ 13 u32 tcfc_index;
14 int refcnt; \ 14 int tcfc_refcnt;
15 int bindcnt; \ 15 int tcfc_bindcnt;
16 u32 capab; \ 16 u32 tcfc_capab;
17 int action; \ 17 int tcfc_action;
18 struct tcf_t tm; \ 18 struct tcf_t tcfc_tm;
19 struct gnet_stats_basic bstats; \ 19 struct gnet_stats_basic tcfc_bstats;
20 struct gnet_stats_queue qstats; \ 20 struct gnet_stats_queue tcfc_qstats;
21 struct gnet_stats_rate_est rate_est; \ 21 struct gnet_stats_rate_est tcfc_rate_est;
22 spinlock_t *stats_lock; \ 22 spinlock_t *tcfc_stats_lock;
23 spinlock_t lock 23 spinlock_t tcfc_lock;
24 24};
25struct tcf_police 25#define tcf_next common.tcfc_next
26{ 26#define tcf_index common.tcfc_index
27 tca_gen(police); 27#define tcf_refcnt common.tcfc_refcnt
28 int result; 28#define tcf_bindcnt common.tcfc_bindcnt
29 u32 ewma_rate; 29#define tcf_capab common.tcfc_capab
30 u32 burst; 30#define tcf_action common.tcfc_action
31 u32 mtu; 31#define tcf_tm common.tcfc_tm
32 u32 toks; 32#define tcf_bstats common.tcfc_bstats
33 u32 ptoks; 33#define tcf_qstats common.tcfc_qstats
34 psched_time_t t_c; 34#define tcf_rate_est common.tcfc_rate_est
35 struct qdisc_rate_table *R_tab; 35#define tcf_stats_lock common.tcfc_stats_lock
36 struct qdisc_rate_table *P_tab; 36#define tcf_lock common.tcfc_lock
37
38struct tcf_police {
39 struct tcf_common common;
40 int tcfp_result;
41 u32 tcfp_ewma_rate;
42 u32 tcfp_burst;
43 u32 tcfp_mtu;
44 u32 tcfp_toks;
45 u32 tcfp_ptoks;
46 psched_time_t tcfp_t_c;
47 struct qdisc_rate_table *tcfp_R_tab;
48 struct qdisc_rate_table *tcfp_P_tab;
37}; 49};
50#define to_police(pc) \
51 container_of(pc, struct tcf_police, common)
52
53struct tcf_hashinfo {
54 struct tcf_common **htab;
55 unsigned int hmask;
56 rwlock_t *lock;
57};
58
59static inline unsigned int tcf_hash(u32 index, unsigned int hmask)
60{
61 return index & hmask;
62}
38 63
39#ifdef CONFIG_NET_CLS_ACT 64#ifdef CONFIG_NET_CLS_ACT
40 65
41#define ACT_P_CREATED 1 66#define ACT_P_CREATED 1
42#define ACT_P_DELETED 1 67#define ACT_P_DELETED 1
43 68
44struct tcf_act_hdr 69struct tcf_act_hdr {
45{ 70 struct tcf_common common;
46 tca_gen(act_hdr);
47}; 71};
48 72
49struct tc_action 73struct tc_action {
50{ 74 void *priv;
51 void *priv; 75 struct tc_action_ops *ops;
52 struct tc_action_ops *ops; 76 __u32 type; /* for backward compat(TCA_OLD_COMPAT) */
53 __u32 type; /* for backward compat(TCA_OLD_COMPAT) */ 77 __u32 order;
54 __u32 order; 78 struct tc_action *next;
55 struct tc_action *next;
56}; 79};
57 80
58#define TCA_CAP_NONE 0 81#define TCA_CAP_NONE 0
59struct tc_action_ops 82struct tc_action_ops {
60{
61 struct tc_action_ops *next; 83 struct tc_action_ops *next;
84 struct tcf_hashinfo *hinfo;
62 char kind[IFNAMSIZ]; 85 char kind[IFNAMSIZ];
63 __u32 type; /* TBD to match kind */ 86 __u32 type; /* TBD to match kind */
64 __u32 capab; /* capabilities includes 4 bit version */ 87 __u32 capab; /* capabilities includes 4 bit version */
65 struct module *owner; 88 struct module *owner;
66 int (*act)(struct sk_buff *, struct tc_action *, struct tcf_result *); 89 int (*act)(struct sk_buff *, struct tc_action *, struct tcf_result *);
67 int (*get_stats)(struct sk_buff *, struct tc_action *); 90 int (*get_stats)(struct sk_buff *, struct tc_action *);
68 int (*dump)(struct sk_buff *, struct tc_action *,int , int); 91 int (*dump)(struct sk_buff *, struct tc_action *, int, int);
69 int (*cleanup)(struct tc_action *, int bind); 92 int (*cleanup)(struct tc_action *, int bind);
70 int (*lookup)(struct tc_action *, u32 ); 93 int (*lookup)(struct tc_action *, u32);
71 int (*init)(struct rtattr *,struct rtattr *,struct tc_action *, int , int ); 94 int (*init)(struct rtattr *, struct rtattr *, struct tc_action *, int , int);
72 int (*walk)(struct sk_buff *, struct netlink_callback *, int , struct tc_action *); 95 int (*walk)(struct sk_buff *, struct netlink_callback *, int, struct tc_action *);
73}; 96};
74 97
98extern struct tcf_common *tcf_hash_lookup(u32 index,
99 struct tcf_hashinfo *hinfo);
100extern void tcf_hash_destroy(struct tcf_common *p, struct tcf_hashinfo *hinfo);
101extern int tcf_hash_release(struct tcf_common *p, int bind,
102 struct tcf_hashinfo *hinfo);
103extern int tcf_generic_walker(struct sk_buff *skb, struct netlink_callback *cb,
104 int type, struct tc_action *a);
105extern u32 tcf_hash_new_index(u32 *idx_gen, struct tcf_hashinfo *hinfo);
106extern int tcf_hash_search(struct tc_action *a, u32 index);
107extern struct tcf_common *tcf_hash_check(u32 index, struct tc_action *a,
108 int bind, struct tcf_hashinfo *hinfo);
109extern struct tcf_common *tcf_hash_create(u32 index, struct rtattr *est,
110 struct tc_action *a, int size,
111 int bind, u32 *idx_gen,
112 struct tcf_hashinfo *hinfo);
113extern void tcf_hash_insert(struct tcf_common *p, struct tcf_hashinfo *hinfo);
114
75extern int tcf_register_action(struct tc_action_ops *a); 115extern int tcf_register_action(struct tc_action_ops *a);
76extern int tcf_unregister_action(struct tc_action_ops *a); 116extern int tcf_unregister_action(struct tc_action_ops *a);
77extern void tcf_action_destroy(struct tc_action *a, int bind); 117extern void tcf_action_destroy(struct tc_action *a, int bind);
@@ -96,17 +136,17 @@ tcf_police_release(struct tcf_police *p, int bind)
96 int ret = 0; 136 int ret = 0;
97#ifdef CONFIG_NET_CLS_ACT 137#ifdef CONFIG_NET_CLS_ACT
98 if (p) { 138 if (p) {
99 if (bind) { 139 if (bind)
100 p->bindcnt--; 140 p->tcf_bindcnt--;
101 } 141
102 p->refcnt--; 142 p->tcf_refcnt--;
103 if (p->refcnt <= 0 && !p->bindcnt) { 143 if (p->tcf_refcnt <= 0 && !p->tcf_bindcnt) {
104 tcf_police_destroy(p); 144 tcf_police_destroy(p);
105 ret = 1; 145 ret = 1;
106 } 146 }
107 } 147 }
108#else 148#else
109 if (p && --p->refcnt == 0) 149 if (p && --p->tcf_refcnt == 0)
110 tcf_police_destroy(p); 150 tcf_police_destroy(p);
111 151
112#endif /* CONFIG_NET_CLS_ACT */ 152#endif /* CONFIG_NET_CLS_ACT */
diff --git a/include/net/act_generic.h b/include/net/act_generic.h
deleted file mode 100644
index c9daa7e52300..000000000000
--- a/include/net/act_generic.h
+++ /dev/null
@@ -1,142 +0,0 @@
1/*
2 * include/net/act_generic.h
3 *
4*/
5#ifndef _NET_ACT_GENERIC_H
6#define _NET_ACT_GENERIC_H
7static inline int tcf_defact_release(struct tcf_defact *p, int bind)
8{
9 int ret = 0;
10 if (p) {
11 if (bind) {
12 p->bindcnt--;
13 }
14 p->refcnt--;
15 if (p->bindcnt <= 0 && p->refcnt <= 0) {
16 kfree(p->defdata);
17 tcf_hash_destroy(p);
18 ret = 1;
19 }
20 }
21 return ret;
22}
23
24static inline int
25alloc_defdata(struct tcf_defact *p, u32 datalen, void *defdata)
26{
27 p->defdata = kmalloc(datalen, GFP_KERNEL);
28 if (p->defdata == NULL)
29 return -ENOMEM;
30 p->datalen = datalen;
31 memcpy(p->defdata, defdata, datalen);
32 return 0;
33}
34
35static inline int
36realloc_defdata(struct tcf_defact *p, u32 datalen, void *defdata)
37{
38 /* safer to be just brute force for now */
39 kfree(p->defdata);
40 return alloc_defdata(p, datalen, defdata);
41}
42
43static inline int
44tcf_defact_init(struct rtattr *rta, struct rtattr *est,
45 struct tc_action *a, int ovr, int bind)
46{
47 struct rtattr *tb[TCA_DEF_MAX];
48 struct tc_defact *parm;
49 struct tcf_defact *p;
50 void *defdata;
51 u32 datalen = 0;
52 int ret = 0;
53
54 if (rta == NULL || rtattr_parse_nested(tb, TCA_DEF_MAX, rta) < 0)
55 return -EINVAL;
56
57 if (tb[TCA_DEF_PARMS - 1] == NULL ||
58 RTA_PAYLOAD(tb[TCA_DEF_PARMS - 1]) < sizeof(*parm))
59 return -EINVAL;
60
61 parm = RTA_DATA(tb[TCA_DEF_PARMS - 1]);
62 defdata = RTA_DATA(tb[TCA_DEF_DATA - 1]);
63 if (defdata == NULL)
64 return -EINVAL;
65
66 datalen = RTA_PAYLOAD(tb[TCA_DEF_DATA - 1]);
67 if (datalen <= 0)
68 return -EINVAL;
69
70 p = tcf_hash_check(parm->index, a, ovr, bind);
71 if (p == NULL) {
72 p = tcf_hash_create(parm->index, est, a, sizeof(*p), ovr, bind);
73 if (p == NULL)
74 return -ENOMEM;
75
76 ret = alloc_defdata(p, datalen, defdata);
77 if (ret < 0) {
78 kfree(p);
79 return ret;
80 }
81 ret = ACT_P_CREATED;
82 } else {
83 if (!ovr) {
84 tcf_defact_release(p, bind);
85 return -EEXIST;
86 }
87 realloc_defdata(p, datalen, defdata);
88 }
89
90 spin_lock_bh(&p->lock);
91 p->action = parm->action;
92 spin_unlock_bh(&p->lock);
93 if (ret == ACT_P_CREATED)
94 tcf_hash_insert(p);
95 return ret;
96}
97
98static inline int tcf_defact_cleanup(struct tc_action *a, int bind)
99{
100 struct tcf_defact *p = PRIV(a, defact);
101
102 if (p != NULL)
103 return tcf_defact_release(p, bind);
104 return 0;
105}
106
107static inline int
108tcf_defact_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref)
109{
110 unsigned char *b = skb->tail;
111 struct tc_defact opt;
112 struct tcf_defact *p = PRIV(a, defact);
113 struct tcf_t t;
114
115 opt.index = p->index;
116 opt.refcnt = p->refcnt - ref;
117 opt.bindcnt = p->bindcnt - bind;
118 opt.action = p->action;
119 RTA_PUT(skb, TCA_DEF_PARMS, sizeof(opt), &opt);
120 RTA_PUT(skb, TCA_DEF_DATA, p->datalen, p->defdata);
121 t.install = jiffies_to_clock_t(jiffies - p->tm.install);
122 t.lastuse = jiffies_to_clock_t(jiffies - p->tm.lastuse);
123 t.expires = jiffies_to_clock_t(p->tm.expires);
124 RTA_PUT(skb, TCA_DEF_TM, sizeof(t), &t);
125 return skb->len;
126
127rtattr_failure:
128 skb_trim(skb, b - skb->data);
129 return -1;
130}
131
132#define tca_use_default_ops \
133 .dump = tcf_defact_dump, \
134 .cleanup = tcf_defact_cleanup, \
135 .init = tcf_defact_init, \
136 .walk = tcf_generic_walker, \
137
138#define tca_use_default_defines(name) \
139 static u32 idx_gen; \
140 static struct tcf_defact *tcf_##name_ht[MY_TAB_SIZE]; \
141 static DEFINE_RWLOCK(##name_lock);
142#endif /* _NET_ACT_GENERIC_H */
diff --git a/include/net/addrconf.h b/include/net/addrconf.h
index 3d71251b3eca..44f1b673f916 100644
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
@@ -61,6 +61,9 @@ extern int addrconf_set_dstaddr(void __user *arg);
61extern int ipv6_chk_addr(struct in6_addr *addr, 61extern int ipv6_chk_addr(struct in6_addr *addr,
62 struct net_device *dev, 62 struct net_device *dev,
63 int strict); 63 int strict);
64#ifdef CONFIG_IPV6_MIP6
65extern int ipv6_chk_home_addr(struct in6_addr *addr);
66#endif
64extern struct inet6_ifaddr * ipv6_get_ifaddr(struct in6_addr *addr, 67extern struct inet6_ifaddr * ipv6_get_ifaddr(struct in6_addr *addr,
65 struct net_device *dev, 68 struct net_device *dev,
66 int strict); 69 int strict);
@@ -126,20 +129,18 @@ extern int unregister_inet6addr_notifier(struct notifier_block *nb);
126static inline struct inet6_dev * 129static inline struct inet6_dev *
127__in6_dev_get(struct net_device *dev) 130__in6_dev_get(struct net_device *dev)
128{ 131{
129 return (struct inet6_dev *)dev->ip6_ptr; 132 return rcu_dereference(dev->ip6_ptr);
130} 133}
131 134
132extern rwlock_t addrconf_lock;
133
134static inline struct inet6_dev * 135static inline struct inet6_dev *
135in6_dev_get(struct net_device *dev) 136in6_dev_get(struct net_device *dev)
136{ 137{
137 struct inet6_dev *idev = NULL; 138 struct inet6_dev *idev = NULL;
138 read_lock(&addrconf_lock); 139 rcu_read_lock();
139 idev = dev->ip6_ptr; 140 idev = __in6_dev_get(dev);
140 if (idev) 141 if (idev)
141 atomic_inc(&idev->refcnt); 142 atomic_inc(&idev->refcnt);
142 read_unlock(&addrconf_lock); 143 rcu_read_unlock();
143 return idev; 144 return idev;
144} 145}
145 146
diff --git a/include/net/ah.h b/include/net/ah.h
index ceff00afae09..8f257c159902 100644
--- a/include/net/ah.h
+++ b/include/net/ah.h
@@ -1,6 +1,7 @@
1#ifndef _NET_AH_H 1#ifndef _NET_AH_H
2#define _NET_AH_H 2#define _NET_AH_H
3 3
4#include <linux/crypto.h>
4#include <net/xfrm.h> 5#include <net/xfrm.h>
5 6
6/* This is the maximum truncated ICV length that we know of. */ 7/* This is the maximum truncated ICV length that we know of. */
@@ -14,22 +15,29 @@ struct ah_data
14 int icv_full_len; 15 int icv_full_len;
15 int icv_trunc_len; 16 int icv_trunc_len;
16 17
17 void (*icv)(struct ah_data*, 18 struct crypto_hash *tfm;
18 struct sk_buff *skb, u8 *icv);
19
20 struct crypto_tfm *tfm;
21}; 19};
22 20
23static inline void 21static inline int ah_mac_digest(struct ah_data *ahp, struct sk_buff *skb,
24ah_hmac_digest(struct ah_data *ahp, struct sk_buff *skb, u8 *auth_data) 22 u8 *auth_data)
25{ 23{
26 struct crypto_tfm *tfm = ahp->tfm; 24 struct hash_desc desc;
25 int err;
26
27 desc.tfm = ahp->tfm;
28 desc.flags = 0;
27 29
28 memset(auth_data, 0, ahp->icv_trunc_len); 30 memset(auth_data, 0, ahp->icv_trunc_len);
29 crypto_hmac_init(tfm, ahp->key, &ahp->key_len); 31 err = crypto_hash_init(&desc);
30 skb_icv_walk(skb, tfm, 0, skb->len, crypto_hmac_update); 32 if (unlikely(err))
31 crypto_hmac_final(tfm, ahp->key, &ahp->key_len, ahp->work_icv); 33 goto out;
32 memcpy(auth_data, ahp->work_icv, ahp->icv_trunc_len); 34 err = skb_icv_walk(skb, &desc, 0, skb->len, crypto_hash_update);
35 if (unlikely(err))
36 goto out;
37 err = crypto_hash_final(&desc, ahp->work_icv);
38
39out:
40 return err;
33} 41}
34 42
35#endif 43#endif
diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h
new file mode 100644
index 000000000000..59406e0dc5b2
--- /dev/null
+++ b/include/net/cipso_ipv4.h
@@ -0,0 +1,246 @@
1/*
2 * CIPSO - Commercial IP Security Option
3 *
4 * This is an implementation of the CIPSO 2.2 protocol as specified in
5 * draft-ietf-cipso-ipsecurity-01.txt with additional tag types as found in
6 * FIPS-188, copies of both documents can be found in the Documentation
7 * directory. While CIPSO never became a full IETF RFC standard many vendors
8 * have chosen to adopt the protocol and over the years it has become a
9 * de-facto standard for labeled networking.
10 *
11 * Author: Paul Moore <paul.moore@hp.com>
12 *
13 */
14
15/*
16 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
17 *
18 * This program is free software; you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License as published by
20 * the Free Software Foundation; either version 2 of the License, or
21 * (at your option) any later version.
22 *
23 * This program is distributed in the hope that it will be useful,
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
26 * the GNU General Public License for more details.
27 *
28 * You should have received a copy of the GNU General Public License
29 * along with this program; if not, write to the Free Software
30 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
31 *
32 */
33
34#ifndef _CIPSO_IPV4_H
35#define _CIPSO_IPV4_H
36
37#include <linux/types.h>
38#include <linux/rcupdate.h>
39#include <linux/list.h>
40#include <linux/net.h>
41#include <linux/skbuff.h>
42#include <net/netlabel.h>
43
44/* known doi values */
45#define CIPSO_V4_DOI_UNKNOWN 0x00000000
46
47/* tag types */
48#define CIPSO_V4_TAG_INVALID 0
49#define CIPSO_V4_TAG_RBITMAP 1
50#define CIPSO_V4_TAG_ENUM 2
51#define CIPSO_V4_TAG_RANGE 5
52#define CIPSO_V4_TAG_PBITMAP 6
53#define CIPSO_V4_TAG_FREEFORM 7
54
55/* doi mapping types */
56#define CIPSO_V4_MAP_UNKNOWN 0
57#define CIPSO_V4_MAP_STD 1
58#define CIPSO_V4_MAP_PASS 2
59
60/* limits */
61#define CIPSO_V4_MAX_REM_LVLS 256
62#define CIPSO_V4_INV_LVL 0x80000000
63#define CIPSO_V4_MAX_LOC_LVLS (CIPSO_V4_INV_LVL - 1)
64#define CIPSO_V4_MAX_REM_CATS 65536
65#define CIPSO_V4_INV_CAT 0x80000000
66#define CIPSO_V4_MAX_LOC_CATS (CIPSO_V4_INV_CAT - 1)
67
68/*
69 * CIPSO DOI definitions
70 */
71
72/* DOI definition struct */
73#define CIPSO_V4_TAG_MAXCNT 5
74struct cipso_v4_doi {
75 u32 doi;
76 u32 type;
77 union {
78 struct cipso_v4_std_map_tbl *std;
79 } map;
80 u8 tags[CIPSO_V4_TAG_MAXCNT];
81
82 u32 valid;
83 struct list_head list;
84 struct rcu_head rcu;
85 struct list_head dom_list;
86};
87
88/* Standard CIPSO mapping table */
89/* NOTE: the highest order bit (i.e. 0x80000000) is an 'invalid' flag, if the
90 * bit is set then consider that value as unspecified, meaning the
91 * mapping for that particular level/category is invalid */
92struct cipso_v4_std_map_tbl {
93 struct {
94 u32 *cipso;
95 u32 *local;
96 u32 cipso_size;
97 u32 local_size;
98 } lvl;
99 struct {
100 u32 *cipso;
101 u32 *local;
102 u32 cipso_size;
103 u32 local_size;
104 } cat;
105};
106
107/*
108 * Sysctl Variables
109 */
110
111#ifdef CONFIG_NETLABEL
112extern int cipso_v4_cache_enabled;
113extern int cipso_v4_cache_bucketsize;
114extern int cipso_v4_rbm_optfmt;
115extern int cipso_v4_rbm_strictvalid;
116#endif
117
118/*
119 * Helper Functions
120 */
121
122#define CIPSO_V4_OPTEXIST(x) (IPCB(x)->opt.cipso != 0)
123#define CIPSO_V4_OPTPTR(x) ((x)->nh.raw + IPCB(x)->opt.cipso)
124
125/*
126 * DOI List Functions
127 */
128
129#ifdef CONFIG_NETLABEL
130int cipso_v4_doi_add(struct cipso_v4_doi *doi_def);
131int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head * head));
132struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi);
133struct sk_buff *cipso_v4_doi_dump_all(size_t headroom);
134struct sk_buff *cipso_v4_doi_dump(u32 doi, size_t headroom);
135int cipso_v4_doi_domhsh_add(struct cipso_v4_doi *doi_def, const char *domain);
136int cipso_v4_doi_domhsh_remove(struct cipso_v4_doi *doi_def,
137 const char *domain);
138#else
139static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)
140{
141 return -ENOSYS;
142}
143
144static inline int cipso_v4_doi_remove(u32 doi,
145 void (*callback) (struct rcu_head * head))
146{
147 return 0;
148}
149
150static inline struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi)
151{
152 return NULL;
153}
154
155static inline struct sk_buff *cipso_v4_doi_dump_all(size_t headroom)
156{
157 return NULL;
158}
159
160static inline struct sk_buff *cipso_v4_doi_dump(u32 doi, size_t headroom)
161{
162 return NULL;
163}
164
165static inline int cipso_v4_doi_domhsh_add(struct cipso_v4_doi *doi_def,
166 const char *domain)
167{
168 return -ENOSYS;
169}
170
171static inline int cipso_v4_doi_domhsh_remove(struct cipso_v4_doi *doi_def,
172 const char *domain)
173{
174 return 0;
175}
176#endif /* CONFIG_NETLABEL */
177
178/*
179 * Label Mapping Cache Functions
180 */
181
182#ifdef CONFIG_NETLABEL
183void cipso_v4_cache_invalidate(void);
184int cipso_v4_cache_add(const struct sk_buff *skb,
185 const struct netlbl_lsm_secattr *secattr);
186#else
187static inline void cipso_v4_cache_invalidate(void)
188{
189 return;
190}
191
192static inline int cipso_v4_cache_add(const struct sk_buff *skb,
193 const struct netlbl_lsm_secattr *secattr)
194{
195 return 0;
196}
197#endif /* CONFIG_NETLABEL */
198
199/*
200 * Protocol Handling Functions
201 */
202
203#ifdef CONFIG_NETLABEL
204void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway);
205int cipso_v4_socket_setattr(const struct socket *sock,
206 const struct cipso_v4_doi *doi_def,
207 const struct netlbl_lsm_secattr *secattr);
208int cipso_v4_socket_getattr(const struct socket *sock,
209 struct netlbl_lsm_secattr *secattr);
210int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
211 struct netlbl_lsm_secattr *secattr);
212int cipso_v4_validate(unsigned char **option);
213#else
214static inline void cipso_v4_error(struct sk_buff *skb,
215 int error,
216 u32 gateway)
217{
218 return;
219}
220
221static inline int cipso_v4_socket_setattr(const struct socket *sock,
222 const struct cipso_v4_doi *doi_def,
223 const struct netlbl_lsm_secattr *secattr)
224{
225 return -ENOSYS;
226}
227
228static inline int cipso_v4_socket_getattr(const struct socket *sock,
229 struct netlbl_lsm_secattr *secattr)
230{
231 return -ENOSYS;
232}
233
234static inline int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
235 struct netlbl_lsm_secattr *secattr)
236{
237 return -ENOSYS;
238}
239
240static inline int cipso_v4_validate(unsigned char **option)
241{
242 return -ENOSYS;
243}
244#endif /* CONFIG_NETLABEL */
245
246#endif /* _CIPSO_IPV4_H */
diff --git a/include/net/dn_fib.h b/include/net/dn_fib.h
index a15dcf0d5c1e..f01626cbbed6 100644
--- a/include/net/dn_fib.h
+++ b/include/net/dn_fib.h
@@ -22,7 +22,7 @@ struct dn_kern_rta
22}; 22};
23 23
24struct dn_fib_res { 24struct dn_fib_res {
25 struct dn_fib_rule *r; 25 struct fib_rule *r;
26 struct dn_fib_info *fi; 26 struct dn_fib_info *fi;
27 unsigned char prefixlen; 27 unsigned char prefixlen;
28 unsigned char nh_sel; 28 unsigned char nh_sel;
@@ -94,7 +94,8 @@ struct dn_fib_node {
94 94
95 95
96struct dn_fib_table { 96struct dn_fib_table {
97 int n; 97 struct hlist_node hlist;
98 u32 n;
98 99
99 int (*insert)(struct dn_fib_table *t, struct rtmsg *r, 100 int (*insert)(struct dn_fib_table *t, struct rtmsg *r,
100 struct dn_kern_rta *rta, struct nlmsghdr *n, 101 struct dn_kern_rta *rta, struct nlmsghdr *n,
@@ -130,14 +131,11 @@ extern __le16 dn_fib_get_attr16(struct rtattr *attr, int attrlen, int type);
130extern void dn_fib_flush(void); 131extern void dn_fib_flush(void);
131extern void dn_fib_select_multipath(const struct flowi *fl, 132extern void dn_fib_select_multipath(const struct flowi *fl,
132 struct dn_fib_res *res); 133 struct dn_fib_res *res);
133extern int dn_fib_sync_down(__le16 local, struct net_device *dev,
134 int force);
135extern int dn_fib_sync_up(struct net_device *dev);
136 134
137/* 135/*
138 * dn_tables.c 136 * dn_tables.c
139 */ 137 */
140extern struct dn_fib_table *dn_fib_get_table(int n, int creat); 138extern struct dn_fib_table *dn_fib_get_table(u32 n, int creat);
141extern struct dn_fib_table *dn_fib_empty_table(void); 139extern struct dn_fib_table *dn_fib_empty_table(void);
142extern void dn_fib_table_init(void); 140extern void dn_fib_table_init(void);
143extern void dn_fib_table_cleanup(void); 141extern void dn_fib_table_cleanup(void);
@@ -147,10 +145,8 @@ extern void dn_fib_table_cleanup(void);
147 */ 145 */
148extern void dn_fib_rules_init(void); 146extern void dn_fib_rules_init(void);
149extern void dn_fib_rules_cleanup(void); 147extern void dn_fib_rules_cleanup(void);
150extern void dn_fib_rule_put(struct dn_fib_rule *);
151extern __le16 dn_fib_rules_policy(__le16 saddr, struct dn_fib_res *res, unsigned *flags);
152extern unsigned dnet_addr_type(__le16 addr); 148extern unsigned dnet_addr_type(__le16 addr);
153extern int dn_fib_lookup(const struct flowi *fl, struct dn_fib_res *res); 149extern int dn_fib_lookup(struct flowi *fl, struct dn_fib_res *res);
154 150
155/* 151/*
156 * rtnetlink interface 152 * rtnetlink interface
@@ -176,11 +172,9 @@ static inline void dn_fib_res_put(struct dn_fib_res *res)
176 if (res->fi) 172 if (res->fi)
177 dn_fib_info_put(res->fi); 173 dn_fib_info_put(res->fi);
178 if (res->r) 174 if (res->r)
179 dn_fib_rule_put(res->r); 175 fib_rule_put(res->r);
180} 176}
181 177
182extern struct dn_fib_table *dn_fib_tables[];
183
184#else /* Endnode */ 178#else /* Endnode */
185 179
186#define dn_fib_init() do { } while(0) 180#define dn_fib_init() do { } while(0)
diff --git a/include/net/dst.h b/include/net/dst.h
index 36d54fc248b0..a8d825f90305 100644
--- a/include/net/dst.h
+++ b/include/net/dst.h
@@ -54,6 +54,7 @@ struct dst_entry
54 unsigned long expires; 54 unsigned long expires;
55 55
56 unsigned short header_len; /* more space at head required */ 56 unsigned short header_len; /* more space at head required */
57 unsigned short nfheader_len; /* more non-fragment space at head required */
57 unsigned short trailer_len; /* space to reserve at tail */ 58 unsigned short trailer_len; /* space to reserve at tail */
58 59
59 u32 metrics[RTAX_MAX]; 60 u32 metrics[RTAX_MAX];
diff --git a/include/net/esp.h b/include/net/esp.h
index 90cd94fad7d9..713d039f4af7 100644
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -1,6 +1,7 @@
1#ifndef _NET_ESP_H 1#ifndef _NET_ESP_H
2#define _NET_ESP_H 2#define _NET_ESP_H
3 3
4#include <linux/crypto.h>
4#include <net/xfrm.h> 5#include <net/xfrm.h>
5#include <asm/scatterlist.h> 6#include <asm/scatterlist.h>
6 7
@@ -14,14 +15,15 @@ struct esp_data
14 struct { 15 struct {
15 u8 *key; /* Key */ 16 u8 *key; /* Key */
16 int key_len; /* Key length */ 17 int key_len; /* Key length */
17 u8 *ivec; /* ivec buffer */ 18 int padlen; /* 0..255 */
18 /* ivlen is offset from enc_data, where encrypted data start. 19 /* ivlen is offset from enc_data, where encrypted data start.
19 * It is logically different of crypto_tfm_alg_ivsize(tfm). 20 * It is logically different of crypto_tfm_alg_ivsize(tfm).
20 * We assume that it is either zero (no ivec), or 21 * We assume that it is either zero (no ivec), or
21 * >= crypto_tfm_alg_ivsize(tfm). */ 22 * >= crypto_tfm_alg_ivsize(tfm). */
22 int ivlen; 23 int ivlen;
23 int padlen; /* 0..255 */ 24 int ivinitted;
24 struct crypto_tfm *tfm; /* crypto handle */ 25 u8 *ivec; /* ivec buffer */
26 struct crypto_blkcipher *tfm; /* crypto handle */
25 } conf; 27 } conf;
26 28
27 /* Integrity. It is active when icv_full_len != 0 */ 29 /* Integrity. It is active when icv_full_len != 0 */
@@ -34,7 +36,7 @@ struct esp_data
34 void (*icv)(struct esp_data*, 36 void (*icv)(struct esp_data*,
35 struct sk_buff *skb, 37 struct sk_buff *skb,
36 int offset, int len, u8 *icv); 38 int offset, int len, u8 *icv);
37 struct crypto_tfm *tfm; 39 struct crypto_hash *tfm;
38 } auth; 40 } auth;
39}; 41};
40 42
@@ -42,18 +44,22 @@ extern int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset,
42extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer); 44extern int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer);
43extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len); 45extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len);
44 46
45static inline void 47static inline int esp_mac_digest(struct esp_data *esp, struct sk_buff *skb,
46esp_hmac_digest(struct esp_data *esp, struct sk_buff *skb, int offset, 48 int offset, int len)
47 int len, u8 *auth_data)
48{ 49{
49 struct crypto_tfm *tfm = esp->auth.tfm; 50 struct hash_desc desc;
50 char *icv = esp->auth.work_icv; 51 int err;
51 52
52 memset(auth_data, 0, esp->auth.icv_trunc_len); 53 desc.tfm = esp->auth.tfm;
53 crypto_hmac_init(tfm, esp->auth.key, &esp->auth.key_len); 54 desc.flags = 0;
54 skb_icv_walk(skb, tfm, offset, len, crypto_hmac_update); 55
55 crypto_hmac_final(tfm, esp->auth.key, &esp->auth.key_len, icv); 56 err = crypto_hash_init(&desc);
56 memcpy(auth_data, icv, esp->auth.icv_trunc_len); 57 if (unlikely(err))
58 return err;
59 err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update);
60 if (unlikely(err))
61 return err;
62 return crypto_hash_final(&desc, esp->auth.work_icv);
57} 63}
58 64
59#endif 65#endif
diff --git a/include/net/fib_rules.h b/include/net/fib_rules.h
new file mode 100644
index 000000000000..8e2f473d3e82
--- /dev/null
+++ b/include/net/fib_rules.h
@@ -0,0 +1,97 @@
1#ifndef __NET_FIB_RULES_H
2#define __NET_FIB_RULES_H
3
4#include <linux/types.h>
5#include <linux/netdevice.h>
6#include <linux/fib_rules.h>
7#include <net/flow.h>
8#include <net/netlink.h>
9
10struct fib_rule
11{
12 struct list_head list;
13 atomic_t refcnt;
14 int ifindex;
15 char ifname[IFNAMSIZ];
16 u32 pref;
17 u32 flags;
18 u32 table;
19 u8 action;
20 struct rcu_head rcu;
21};
22
23struct fib_lookup_arg
24{
25 void *lookup_ptr;
26 void *result;
27 struct fib_rule *rule;
28};
29
30struct fib_rules_ops
31{
32 int family;
33 struct list_head list;
34 int rule_size;
35
36 int (*action)(struct fib_rule *,
37 struct flowi *, int,
38 struct fib_lookup_arg *);
39 int (*match)(struct fib_rule *,
40 struct flowi *, int);
41 int (*configure)(struct fib_rule *,
42 struct sk_buff *,
43 struct nlmsghdr *,
44 struct fib_rule_hdr *,
45 struct nlattr **);
46 int (*compare)(struct fib_rule *,
47 struct fib_rule_hdr *,
48 struct nlattr **);
49 int (*fill)(struct fib_rule *, struct sk_buff *,
50 struct nlmsghdr *,
51 struct fib_rule_hdr *);
52 u32 (*default_pref)(void);
53
54 int nlgroup;
55 struct nla_policy *policy;
56 struct list_head *rules_list;
57 struct module *owner;
58};
59
60static inline void fib_rule_get(struct fib_rule *rule)
61{
62 atomic_inc(&rule->refcnt);
63}
64
65static inline void fib_rule_put_rcu(struct rcu_head *head)
66{
67 struct fib_rule *rule = container_of(head, struct fib_rule, rcu);
68 kfree(rule);
69}
70
71static inline void fib_rule_put(struct fib_rule *rule)
72{
73 if (atomic_dec_and_test(&rule->refcnt))
74 call_rcu(&rule->rcu, fib_rule_put_rcu);
75}
76
77static inline u32 frh_get_table(struct fib_rule_hdr *frh, struct nlattr **nla)
78{
79 if (nla[FRA_TABLE])
80 return nla_get_u32(nla[FRA_TABLE]);
81 return frh->table;
82}
83
84extern int fib_rules_register(struct fib_rules_ops *);
85extern int fib_rules_unregister(struct fib_rules_ops *);
86
87extern int fib_rules_lookup(struct fib_rules_ops *,
88 struct flowi *, int flags,
89 struct fib_lookup_arg *);
90
91extern int fib_nl_newrule(struct sk_buff *,
92 struct nlmsghdr *, void *);
93extern int fib_nl_delrule(struct sk_buff *,
94 struct nlmsghdr *, void *);
95extern int fib_rules_dump(struct sk_buff *,
96 struct netlink_callback *, int);
97#endif
diff --git a/include/net/flow.h b/include/net/flow.h
index 04d89f763451..3ca210ec1379 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
@@ -26,6 +26,7 @@ struct flowi {
26 struct { 26 struct {
27 struct in6_addr daddr; 27 struct in6_addr daddr;
28 struct in6_addr saddr; 28 struct in6_addr saddr;
29 __u32 fwmark;
29 __u32 flowlabel; 30 __u32 flowlabel;
30 } ip6_u; 31 } ip6_u;
31 32
@@ -42,6 +43,7 @@ struct flowi {
42#define fld_scope nl_u.dn_u.scope 43#define fld_scope nl_u.dn_u.scope
43#define fl6_dst nl_u.ip6_u.daddr 44#define fl6_dst nl_u.ip6_u.daddr
44#define fl6_src nl_u.ip6_u.saddr 45#define fl6_src nl_u.ip6_u.saddr
46#define fl6_fwmark nl_u.ip6_u.fwmark
45#define fl6_flowlabel nl_u.ip6_u.flowlabel 47#define fl6_flowlabel nl_u.ip6_u.flowlabel
46#define fl4_dst nl_u.ip4_u.daddr 48#define fl4_dst nl_u.ip4_u.daddr
47#define fl4_src nl_u.ip4_u.saddr 49#define fl4_src nl_u.ip4_u.saddr
@@ -72,12 +74,22 @@ struct flowi {
72 } dnports; 74 } dnports;
73 75
74 __u32 spi; 76 __u32 spi;
77
78#ifdef CONFIG_IPV6_MIP6
79 struct {
80 __u8 type;
81 } mht;
82#endif
75 } uli_u; 83 } uli_u;
76#define fl_ip_sport uli_u.ports.sport 84#define fl_ip_sport uli_u.ports.sport
77#define fl_ip_dport uli_u.ports.dport 85#define fl_ip_dport uli_u.ports.dport
78#define fl_icmp_type uli_u.icmpt.type 86#define fl_icmp_type uli_u.icmpt.type
79#define fl_icmp_code uli_u.icmpt.code 87#define fl_icmp_code uli_u.icmpt.code
80#define fl_ipsec_spi uli_u.spi 88#define fl_ipsec_spi uli_u.spi
89#ifdef CONFIG_IPV6_MIP6
90#define fl_mh_type uli_u.mht.type
91#endif
92 __u32 secid; /* used by xfrm; see secid.txt */
81} __attribute__((__aligned__(BITS_PER_LONG/8))); 93} __attribute__((__aligned__(BITS_PER_LONG/8)));
82 94
83#define FLOW_DIR_IN 0 95#define FLOW_DIR_IN 0
@@ -85,10 +97,10 @@ struct flowi {
85#define FLOW_DIR_FWD 2 97#define FLOW_DIR_FWD 2
86 98
87struct sock; 99struct sock;
88typedef void (*flow_resolve_t)(struct flowi *key, u32 sk_sid, u16 family, u8 dir, 100typedef void (*flow_resolve_t)(struct flowi *key, u16 family, u8 dir,
89 void **objp, atomic_t **obj_refp); 101 void **objp, atomic_t **obj_refp);
90 102
91extern void *flow_cache_lookup(struct flowi *key, u32 sk_sid, u16 family, u8 dir, 103extern void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir,
92 flow_resolve_t resolver); 104 flow_resolve_t resolver);
93extern void flow_cache_flush(void); 105extern void flow_cache_flush(void);
94extern atomic_t flow_cache_genid; 106extern atomic_t flow_cache_genid;
diff --git a/include/net/genetlink.h b/include/net/genetlink.h
index 8c2287264266..4a38d85e4e25 100644
--- a/include/net/genetlink.h
+++ b/include/net/genetlink.h
@@ -27,8 +27,6 @@ struct genl_family
27 struct list_head family_list; /* private */ 27 struct list_head family_list; /* private */
28}; 28};
29 29
30#define GENL_ADMIN_PERM 0x01
31
32/** 30/**
33 * struct genl_info - receiving information 31 * struct genl_info - receiving information
34 * @snd_seq: sending sequence number 32 * @snd_seq: sending sequence number
@@ -133,11 +131,12 @@ static inline int genlmsg_cancel(struct sk_buff *skb, void *hdr)
133 * @skb: netlink message as socket buffer 131 * @skb: netlink message as socket buffer
134 * @pid: own netlink pid to avoid sending to yourself 132 * @pid: own netlink pid to avoid sending to yourself
135 * @group: multicast group id 133 * @group: multicast group id
134 * @flags: allocation flags
136 */ 135 */
137static inline int genlmsg_multicast(struct sk_buff *skb, u32 pid, 136static inline int genlmsg_multicast(struct sk_buff *skb, u32 pid,
138 unsigned int group) 137 unsigned int group, gfp_t flags)
139{ 138{
140 return nlmsg_multicast(genl_sock, skb, pid, group); 139 return nlmsg_multicast(genl_sock, skb, pid, group, flags);
141} 140}
142 141
143/** 142/**
diff --git a/include/net/if_inet6.h b/include/net/if_inet6.h
index e459e1a0ae4a..34489c13c119 100644
--- a/include/net/if_inet6.h
+++ b/include/net/if_inet6.h
@@ -189,6 +189,7 @@ struct inet6_dev
189 struct ipv6_devconf cnf; 189 struct ipv6_devconf cnf;
190 struct ipv6_devstat stats; 190 struct ipv6_devstat stats;
191 unsigned long tstamp; /* ipv6InterfaceTable update timestamp */ 191 unsigned long tstamp; /* ipv6InterfaceTable update timestamp */
192 struct rcu_head rcu;
192}; 193};
193 194
194extern struct ipv6_devconf ipv6_devconf; 195extern struct ipv6_devconf ipv6_devconf;
diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h
index 9bf73fe50948..de4e83b6da4b 100644
--- a/include/net/inet_connection_sock.h
+++ b/include/net/inet_connection_sock.h
@@ -147,7 +147,8 @@ extern struct sock *inet_csk_clone(struct sock *sk,
147enum inet_csk_ack_state_t { 147enum inet_csk_ack_state_t {
148 ICSK_ACK_SCHED = 1, 148 ICSK_ACK_SCHED = 1,
149 ICSK_ACK_TIMER = 2, 149 ICSK_ACK_TIMER = 2,
150 ICSK_ACK_PUSHED = 4 150 ICSK_ACK_PUSHED = 4,
151 ICSK_ACK_PUSHED2 = 8
151}; 152};
152 153
153extern void inet_csk_init_xmit_timers(struct sock *sk, 154extern void inet_csk_init_xmit_timers(struct sock *sk,
diff --git a/include/net/inet_hashtables.h b/include/net/inet_hashtables.h
index 98e0bb3014fe..b4491c9e2a5a 100644
--- a/include/net/inet_hashtables.h
+++ b/include/net/inet_hashtables.h
@@ -271,38 +271,15 @@ static inline int inet_iif(const struct sk_buff *skb)
271 return ((struct rtable *)skb->dst)->rt_iif; 271 return ((struct rtable *)skb->dst)->rt_iif;
272} 272}
273 273
274extern struct sock *__inet_lookup_listener(const struct hlist_head *head, 274extern struct sock *__inet_lookup_listener(struct inet_hashinfo *hashinfo,
275 const u32 daddr, 275 const u32 daddr,
276 const unsigned short hnum, 276 const unsigned short hnum,
277 const int dif); 277 const int dif);
278 278
279/* Optimize the common listener case. */ 279static inline struct sock *inet_lookup_listener(struct inet_hashinfo *hashinfo,
280static inline struct sock * 280 u32 daddr, u16 dport, int dif)
281 inet_lookup_listener(struct inet_hashinfo *hashinfo,
282 const u32 daddr,
283 const unsigned short hnum, const int dif)
284{ 281{
285 struct sock *sk = NULL; 282 return __inet_lookup_listener(hashinfo, daddr, ntohs(dport), dif);
286 const struct hlist_head *head;
287
288 read_lock(&hashinfo->lhash_lock);
289 head = &hashinfo->listening_hash[inet_lhashfn(hnum)];
290 if (!hlist_empty(head)) {
291 const struct inet_sock *inet = inet_sk((sk = __sk_head(head)));
292
293 if (inet->num == hnum && !sk->sk_node.next &&
294 (!inet->rcv_saddr || inet->rcv_saddr == daddr) &&
295 (sk->sk_family == PF_INET || !ipv6_only_sock(sk)) &&
296 !sk->sk_bound_dev_if)
297 goto sherry_cache;
298 sk = __inet_lookup_listener(head, daddr, hnum, dif);
299 }
300 if (sk) {
301sherry_cache:
302 sock_hold(sk);
303 }
304 read_unlock(&hashinfo->lhash_lock);
305 return sk;
306} 283}
307 284
308/* Socket demux engine toys. */ 285/* Socket demux engine toys. */
@@ -391,14 +368,25 @@ hit:
391 goto out; 368 goto out;
392} 369}
393 370
371static inline struct sock *
372 inet_lookup_established(struct inet_hashinfo *hashinfo,
373 const u32 saddr, const u16 sport,
374 const u32 daddr, const u16 dport,
375 const int dif)
376{
377 return __inet_lookup_established(hashinfo, saddr, sport, daddr,
378 ntohs(dport), dif);
379}
380
394static inline struct sock *__inet_lookup(struct inet_hashinfo *hashinfo, 381static inline struct sock *__inet_lookup(struct inet_hashinfo *hashinfo,
395 const u32 saddr, const u16 sport, 382 const u32 saddr, const u16 sport,
396 const u32 daddr, const u16 hnum, 383 const u32 daddr, const u16 dport,
397 const int dif) 384 const int dif)
398{ 385{
386 u16 hnum = ntohs(dport);
399 struct sock *sk = __inet_lookup_established(hashinfo, saddr, sport, daddr, 387 struct sock *sk = __inet_lookup_established(hashinfo, saddr, sport, daddr,
400 hnum, dif); 388 hnum, dif);
401 return sk ? : inet_lookup_listener(hashinfo, daddr, hnum, dif); 389 return sk ? : __inet_lookup_listener(hashinfo, daddr, hnum, dif);
402} 390}
403 391
404static inline struct sock *inet_lookup(struct inet_hashinfo *hashinfo, 392static inline struct sock *inet_lookup(struct inet_hashinfo *hashinfo,
@@ -409,7 +397,7 @@ static inline struct sock *inet_lookup(struct inet_hashinfo *hashinfo,
409 struct sock *sk; 397 struct sock *sk;
410 398
411 local_bh_disable(); 399 local_bh_disable();
412 sk = __inet_lookup(hashinfo, saddr, sport, daddr, ntohs(dport), dif); 400 sk = __inet_lookup(hashinfo, saddr, sport, daddr, dport, dif);
413 local_bh_enable(); 401 local_bh_enable();
414 402
415 return sk; 403 return sk;
diff --git a/include/net/inet_sock.h b/include/net/inet_sock.h
index 1f4a9a60d4cc..f6242710f2ff 100644
--- a/include/net/inet_sock.h
+++ b/include/net/inet_sock.h
@@ -27,7 +27,6 @@
27/** struct ip_options - IP Options 27/** struct ip_options - IP Options
28 * 28 *
29 * @faddr - Saved first hop address 29 * @faddr - Saved first hop address
30 * @is_setbyuser - Set by setsockopt?
31 * @is_data - Options in __data, rather than skb 30 * @is_data - Options in __data, rather than skb
32 * @is_strictroute - Strict source route 31 * @is_strictroute - Strict source route
33 * @srr_is_hit - Packet destination addr was our one 32 * @srr_is_hit - Packet destination addr was our one
@@ -42,8 +41,7 @@ struct ip_options {
42 unsigned char srr; 41 unsigned char srr;
43 unsigned char rr; 42 unsigned char rr;
44 unsigned char ts; 43 unsigned char ts;
45 unsigned char is_setbyuser:1, 44 unsigned char is_data:1,
46 is_data:1,
47 is_strictroute:1, 45 is_strictroute:1,
48 srr_is_hit:1, 46 srr_is_hit:1,
49 is_changed:1, 47 is_changed:1,
@@ -51,7 +49,7 @@ struct ip_options {
51 ts_needtime:1, 49 ts_needtime:1,
52 ts_needaddr:1; 50 ts_needaddr:1;
53 unsigned char router_alert; 51 unsigned char router_alert;
54 unsigned char __pad1; 52 unsigned char cipso;
55 unsigned char __pad2; 53 unsigned char __pad2;
56 unsigned char __data[0]; 54 unsigned char __data[0];
57}; 55};
diff --git a/include/net/ip6_fib.h b/include/net/ip6_fib.h
index a66e9de16a6c..e4438de3bd6b 100644
--- a/include/net/ip6_fib.h
+++ b/include/net/ip6_fib.h
@@ -16,14 +16,35 @@
16#ifdef __KERNEL__ 16#ifdef __KERNEL__
17 17
18#include <linux/ipv6_route.h> 18#include <linux/ipv6_route.h>
19
20#include <net/dst.h>
21#include <net/flow.h>
22#include <linux/rtnetlink.h> 19#include <linux/rtnetlink.h>
23#include <linux/spinlock.h> 20#include <linux/spinlock.h>
21#include <net/dst.h>
22#include <net/flow.h>
23#include <net/netlink.h>
24 24
25struct rt6_info; 25struct rt6_info;
26 26
27struct fib6_config
28{
29 u32 fc_table;
30 u32 fc_metric;
31 int fc_dst_len;
32 int fc_src_len;
33 int fc_ifindex;
34 u32 fc_flags;
35 u32 fc_protocol;
36
37 struct in6_addr fc_dst;
38 struct in6_addr fc_src;
39 struct in6_addr fc_gateway;
40
41 unsigned long fc_expires;
42 struct nlattr *fc_mx;
43 int fc_mx_len;
44
45 struct nl_info fc_nlinfo;
46};
47
27struct fib6_node 48struct fib6_node
28{ 49{
29 struct fib6_node *parent; 50 struct fib6_node *parent;
@@ -39,6 +60,11 @@ struct fib6_node
39 __u32 fn_sernum; 60 __u32 fn_sernum;
40}; 61};
41 62
63#ifndef CONFIG_IPV6_SUBTREES
64#define FIB6_SUBTREE(fn) NULL
65#else
66#define FIB6_SUBTREE(fn) ((fn)->subtree)
67#endif
42 68
43/* 69/*
44 * routing information 70 * routing information
@@ -51,6 +77,8 @@ struct rt6key
51 int plen; 77 int plen;
52}; 78};
53 79
80struct fib6_table;
81
54struct rt6_info 82struct rt6_info
55{ 83{
56 union { 84 union {
@@ -71,6 +99,7 @@ struct rt6_info
71 u32 rt6i_flags; 99 u32 rt6i_flags;
72 u32 rt6i_metric; 100 u32 rt6i_metric;
73 atomic_t rt6i_ref; 101 atomic_t rt6i_ref;
102 struct fib6_table *rt6i_table;
74 103
75 struct rt6key rt6i_dst; 104 struct rt6key rt6i_dst;
76 struct rt6key rt6i_src; 105 struct rt6key rt6i_src;
@@ -89,28 +118,6 @@ struct fib6_walker_t
89 void *args; 118 void *args;
90}; 119};
91 120
92extern struct fib6_walker_t fib6_walker_list;
93extern rwlock_t fib6_walker_lock;
94
95static inline void fib6_walker_link(struct fib6_walker_t *w)
96{
97 write_lock_bh(&fib6_walker_lock);
98 w->next = fib6_walker_list.next;
99 w->prev = &fib6_walker_list;
100 w->next->prev = w;
101 w->prev->next = w;
102 write_unlock_bh(&fib6_walker_lock);
103}
104
105static inline void fib6_walker_unlink(struct fib6_walker_t *w)
106{
107 write_lock_bh(&fib6_walker_lock);
108 w->next->prev = w->prev;
109 w->prev->next = w->next;
110 w->prev = w->next = w;
111 write_unlock_bh(&fib6_walker_lock);
112}
113
114struct rt6_statistics { 121struct rt6_statistics {
115 __u32 fib_nodes; 122 __u32 fib_nodes;
116 __u32 fib_route_nodes; 123 __u32 fib_route_nodes;
@@ -143,12 +150,41 @@ struct rt6_statistics {
143 150
144typedef void (*f_pnode)(struct fib6_node *fn, void *); 151typedef void (*f_pnode)(struct fib6_node *fn, void *);
145 152
146extern struct fib6_node ip6_routing_table; 153struct fib6_table {
154 struct hlist_node tb6_hlist;
155 u32 tb6_id;
156 rwlock_t tb6_lock;
157 struct fib6_node tb6_root;
158};
159
160#define RT6_TABLE_UNSPEC RT_TABLE_UNSPEC
161#define RT6_TABLE_MAIN RT_TABLE_MAIN
162#define RT6_TABLE_DFLT RT6_TABLE_MAIN
163#define RT6_TABLE_INFO RT6_TABLE_MAIN
164#define RT6_TABLE_PREFIX RT6_TABLE_MAIN
165
166#ifdef CONFIG_IPV6_MULTIPLE_TABLES
167#define FIB6_TABLE_MIN 1
168#define FIB6_TABLE_MAX RT_TABLE_MAX
169#define RT6_TABLE_LOCAL RT_TABLE_LOCAL
170#else
171#define FIB6_TABLE_MIN RT_TABLE_MAIN
172#define FIB6_TABLE_MAX FIB6_TABLE_MIN
173#define RT6_TABLE_LOCAL RT6_TABLE_MAIN
174#endif
175
176typedef struct rt6_info *(*pol_lookup_t)(struct fib6_table *,
177 struct flowi *, int);
147 178
148/* 179/*
149 * exported functions 180 * exported functions
150 */ 181 */
151 182
183extern struct fib6_table * fib6_get_table(u32 id);
184extern struct fib6_table * fib6_new_table(u32 id);
185extern struct dst_entry * fib6_rule_lookup(struct flowi *fl, int flags,
186 pol_lookup_t lookup);
187
152extern struct fib6_node *fib6_lookup(struct fib6_node *root, 188extern struct fib6_node *fib6_lookup(struct fib6_node *root,
153 struct in6_addr *daddr, 189 struct in6_addr *daddr,
154 struct in6_addr *saddr); 190 struct in6_addr *saddr);
@@ -157,32 +193,29 @@ struct fib6_node *fib6_locate(struct fib6_node *root,
157 struct in6_addr *daddr, int dst_len, 193 struct in6_addr *daddr, int dst_len,
158 struct in6_addr *saddr, int src_len); 194 struct in6_addr *saddr, int src_len);
159 195
160extern void fib6_clean_tree(struct fib6_node *root, 196extern void fib6_clean_all(int (*func)(struct rt6_info *, void *arg),
161 int (*func)(struct rt6_info *, void *arg), 197 int prune, void *arg);
162 int prune, void *arg);
163
164extern int fib6_walk(struct fib6_walker_t *w);
165extern int fib6_walk_continue(struct fib6_walker_t *w);
166 198
167extern int fib6_add(struct fib6_node *root, 199extern int fib6_add(struct fib6_node *root,
168 struct rt6_info *rt, 200 struct rt6_info *rt,
169 struct nlmsghdr *nlh, 201 struct nl_info *info);
170 void *rtattr,
171 struct netlink_skb_parms *req);
172 202
173extern int fib6_del(struct rt6_info *rt, 203extern int fib6_del(struct rt6_info *rt,
174 struct nlmsghdr *nlh, 204 struct nl_info *info);
175 void *rtattr,
176 struct netlink_skb_parms *req);
177 205
178extern void inet6_rt_notify(int event, struct rt6_info *rt, 206extern void inet6_rt_notify(int event, struct rt6_info *rt,
179 struct nlmsghdr *nlh, 207 struct nl_info *info);
180 struct netlink_skb_parms *req);
181 208
182extern void fib6_run_gc(unsigned long dummy); 209extern void fib6_run_gc(unsigned long dummy);
183 210
184extern void fib6_gc_cleanup(void); 211extern void fib6_gc_cleanup(void);
185 212
186extern void fib6_init(void); 213extern void fib6_init(void);
214
215extern void fib6_rules_init(void);
216extern void fib6_rules_cleanup(void);
217extern int fib6_rules_dump(struct sk_buff *,
218 struct netlink_callback *);
219
187#endif 220#endif
188#endif 221#endif
diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h
index 96b0e66406ec..6ca6b71dfe0f 100644
--- a/include/net/ip6_route.h
+++ b/include/net/ip6_route.h
@@ -32,6 +32,10 @@ struct route_info {
32#include <linux/ip.h> 32#include <linux/ip.h>
33#include <linux/ipv6.h> 33#include <linux/ipv6.h>
34 34
35#define RT6_LOOKUP_F_IFACE 0x1
36#define RT6_LOOKUP_F_REACHABLE 0x2
37#define RT6_LOOKUP_F_HAS_SADDR 0x4
38
35struct pol_chain { 39struct pol_chain {
36 int type; 40 int type;
37 int priority; 41 int priority;
@@ -41,6 +45,11 @@ struct pol_chain {
41 45
42extern struct rt6_info ip6_null_entry; 46extern struct rt6_info ip6_null_entry;
43 47
48#ifdef CONFIG_IPV6_MULTIPLE_TABLES
49extern struct rt6_info ip6_prohibit_entry;
50extern struct rt6_info ip6_blk_hole_entry;
51#endif
52
44extern int ip6_rt_gc_interval; 53extern int ip6_rt_gc_interval;
45 54
46extern void ip6_route_input(struct sk_buff *skb); 55extern void ip6_route_input(struct sk_buff *skb);
@@ -48,25 +57,14 @@ extern void ip6_route_input(struct sk_buff *skb);
48extern struct dst_entry * ip6_route_output(struct sock *sk, 57extern struct dst_entry * ip6_route_output(struct sock *sk,
49 struct flowi *fl); 58 struct flowi *fl);
50 59
51extern int ip6_route_me_harder(struct sk_buff *skb);
52
53extern void ip6_route_init(void); 60extern void ip6_route_init(void);
54extern void ip6_route_cleanup(void); 61extern void ip6_route_cleanup(void);
55 62
56extern int ipv6_route_ioctl(unsigned int cmd, void __user *arg); 63extern int ipv6_route_ioctl(unsigned int cmd, void __user *arg);
57 64
58extern int ip6_route_add(struct in6_rtmsg *rtmsg, 65extern int ip6_route_add(struct fib6_config *cfg);
59 struct nlmsghdr *, 66extern int ip6_ins_rt(struct rt6_info *);
60 void *rtattr, 67extern int ip6_del_rt(struct rt6_info *);
61 struct netlink_skb_parms *req);
62extern int ip6_ins_rt(struct rt6_info *,
63 struct nlmsghdr *,
64 void *rtattr,
65 struct netlink_skb_parms *req);
66extern int ip6_del_rt(struct rt6_info *,
67 struct nlmsghdr *,
68 void *rtattr,
69 struct netlink_skb_parms *req);
70 68
71extern int ip6_rt_addr_add(struct in6_addr *addr, 69extern int ip6_rt_addr_add(struct in6_addr *addr,
72 struct net_device *dev, 70 struct net_device *dev,
@@ -114,6 +112,7 @@ extern int rt6_route_rcv(struct net_device *dev,
114 struct in6_addr *gwaddr); 112 struct in6_addr *gwaddr);
115 113
116extern void rt6_redirect(struct in6_addr *dest, 114extern void rt6_redirect(struct in6_addr *dest,
115 struct in6_addr *src,
117 struct in6_addr *saddr, 116 struct in6_addr *saddr,
118 struct neighbour *neigh, 117 struct neighbour *neigh,
119 u8 *lladdr, 118 u8 *lladdr,
@@ -131,6 +130,13 @@ extern int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *a
131extern int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg); 130extern int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
132extern int inet6_rtm_getroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg); 131extern int inet6_rtm_getroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
133 132
133struct rt6_rtnl_dump_arg
134{
135 struct sk_buff *skb;
136 struct netlink_callback *cb;
137};
138
139extern int rt6_dump_route(struct rt6_info *rt, void *p_arg);
134extern void rt6_ifdown(struct net_device *dev); 140extern void rt6_ifdown(struct net_device *dev);
135extern void rt6_mtu_change(struct net_device *dev, unsigned mtu); 141extern void rt6_mtu_change(struct net_device *dev, unsigned mtu);
136 142
@@ -140,21 +146,24 @@ extern rwlock_t rt6_lock;
140 * Store a destination cache entry in a socket 146 * Store a destination cache entry in a socket
141 */ 147 */
142static inline void __ip6_dst_store(struct sock *sk, struct dst_entry *dst, 148static inline void __ip6_dst_store(struct sock *sk, struct dst_entry *dst,
143 struct in6_addr *daddr) 149 struct in6_addr *daddr, struct in6_addr *saddr)
144{ 150{
145 struct ipv6_pinfo *np = inet6_sk(sk); 151 struct ipv6_pinfo *np = inet6_sk(sk);
146 struct rt6_info *rt = (struct rt6_info *) dst; 152 struct rt6_info *rt = (struct rt6_info *) dst;
147 153
148 sk_setup_caps(sk, dst); 154 sk_setup_caps(sk, dst);
149 np->daddr_cache = daddr; 155 np->daddr_cache = daddr;
156#ifdef CONFIG_IPV6_SUBTREES
157 np->saddr_cache = saddr;
158#endif
150 np->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0; 159 np->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0;
151} 160}
152 161
153static inline void ip6_dst_store(struct sock *sk, struct dst_entry *dst, 162static inline void ip6_dst_store(struct sock *sk, struct dst_entry *dst,
154 struct in6_addr *daddr) 163 struct in6_addr *daddr, struct in6_addr *saddr)
155{ 164{
156 write_lock(&sk->sk_dst_lock); 165 write_lock(&sk->sk_dst_lock);
157 __ip6_dst_store(sk, dst, daddr); 166 __ip6_dst_store(sk, dst, daddr, saddr);
158 write_unlock(&sk->sk_dst_lock); 167 write_unlock(&sk->sk_dst_lock);
159} 168}
160 169
diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h
index a095d1dec7a4..fcc159a4ac17 100644
--- a/include/net/ip_fib.h
+++ b/include/net/ip_fib.h
@@ -18,26 +18,34 @@
18 18
19#include <net/flow.h> 19#include <net/flow.h>
20#include <linux/seq_file.h> 20#include <linux/seq_file.h>
21 21#include <net/fib_rules.h>
22/* WARNING: The ordering of these elements must match ordering 22
23 * of RTA_* rtnetlink attribute numbers. 23struct fib_config {
24 */ 24 u8 fc_family;
25struct kern_rta { 25 u8 fc_dst_len;
26 void *rta_dst; 26 u8 fc_src_len;
27 void *rta_src; 27 u8 fc_tos;
28 int *rta_iif; 28 u8 fc_protocol;
29 int *rta_oif; 29 u8 fc_scope;
30 void *rta_gw; 30 u8 fc_type;
31 u32 *rta_priority; 31 /* 1 byte unused */
32 void *rta_prefsrc; 32 u32 fc_table;
33 struct rtattr *rta_mx; 33 u32 fc_dst;
34 struct rtattr *rta_mp; 34 u32 fc_src;
35 unsigned char *rta_protoinfo; 35 u32 fc_gw;
36 u32 *rta_flow; 36 int fc_oif;
37 struct rta_cacheinfo *rta_ci; 37 u32 fc_flags;
38 struct rta_session *rta_sess; 38 u32 fc_priority;
39 u32 *rta_mp_alg; 39 u32 fc_prefsrc;
40}; 40 struct nlattr *fc_mx;
41 struct rtnexthop *fc_mp;
42 int fc_mx_len;
43 int fc_mp_len;
44 u32 fc_flow;
45 u32 fc_mp_alg;
46 u32 fc_nlflags;
47 struct nl_info fc_nlinfo;
48 };
41 49
42struct fib_info; 50struct fib_info;
43 51
@@ -149,15 +157,12 @@ struct fib_result_nl {
149#endif /* CONFIG_IP_ROUTE_MULTIPATH_WRANDOM */ 157#endif /* CONFIG_IP_ROUTE_MULTIPATH_WRANDOM */
150 158
151struct fib_table { 159struct fib_table {
152 unsigned char tb_id; 160 struct hlist_node tb_hlist;
161 u32 tb_id;
153 unsigned tb_stamp; 162 unsigned tb_stamp;
154 int (*tb_lookup)(struct fib_table *tb, const struct flowi *flp, struct fib_result *res); 163 int (*tb_lookup)(struct fib_table *tb, const struct flowi *flp, struct fib_result *res);
155 int (*tb_insert)(struct fib_table *table, struct rtmsg *r, 164 int (*tb_insert)(struct fib_table *, struct fib_config *);
156 struct kern_rta *rta, struct nlmsghdr *n, 165 int (*tb_delete)(struct fib_table *, struct fib_config *);
157 struct netlink_skb_parms *req);
158 int (*tb_delete)(struct fib_table *table, struct rtmsg *r,
159 struct kern_rta *rta, struct nlmsghdr *n,
160 struct netlink_skb_parms *req);
161 int (*tb_dump)(struct fib_table *table, struct sk_buff *skb, 166 int (*tb_dump)(struct fib_table *table, struct sk_buff *skb,
162 struct netlink_callback *cb); 167 struct netlink_callback *cb);
163 int (*tb_flush)(struct fib_table *table); 168 int (*tb_flush)(struct fib_table *table);
@@ -172,14 +177,14 @@ struct fib_table {
172extern struct fib_table *ip_fib_local_table; 177extern struct fib_table *ip_fib_local_table;
173extern struct fib_table *ip_fib_main_table; 178extern struct fib_table *ip_fib_main_table;
174 179
175static inline struct fib_table *fib_get_table(int id) 180static inline struct fib_table *fib_get_table(u32 id)
176{ 181{
177 if (id != RT_TABLE_LOCAL) 182 if (id != RT_TABLE_LOCAL)
178 return ip_fib_main_table; 183 return ip_fib_main_table;
179 return ip_fib_local_table; 184 return ip_fib_local_table;
180} 185}
181 186
182static inline struct fib_table *fib_new_table(int id) 187static inline struct fib_table *fib_new_table(u32 id)
183{ 188{
184 return fib_get_table(id); 189 return fib_get_table(id);
185} 190}
@@ -199,35 +204,19 @@ static inline void fib_select_default(const struct flowi *flp, struct fib_result
199} 204}
200 205
201#else /* CONFIG_IP_MULTIPLE_TABLES */ 206#else /* CONFIG_IP_MULTIPLE_TABLES */
202#define ip_fib_local_table (fib_tables[RT_TABLE_LOCAL]) 207#define ip_fib_local_table fib_get_table(RT_TABLE_LOCAL)
203#define ip_fib_main_table (fib_tables[RT_TABLE_MAIN]) 208#define ip_fib_main_table fib_get_table(RT_TABLE_MAIN)
204
205extern struct fib_table * fib_tables[RT_TABLE_MAX+1];
206extern int fib_lookup(const struct flowi *flp, struct fib_result *res);
207extern struct fib_table *__fib_new_table(int id);
208extern void fib_rule_put(struct fib_rule *r);
209 209
210static inline struct fib_table *fib_get_table(int id) 210extern int fib_lookup(struct flowi *flp, struct fib_result *res);
211{
212 if (id == 0)
213 id = RT_TABLE_MAIN;
214
215 return fib_tables[id];
216}
217
218static inline struct fib_table *fib_new_table(int id)
219{
220 if (id == 0)
221 id = RT_TABLE_MAIN;
222
223 return fib_tables[id] ? : __fib_new_table(id);
224}
225 211
212extern struct fib_table *fib_new_table(u32 id);
213extern struct fib_table *fib_get_table(u32 id);
226extern void fib_select_default(const struct flowi *flp, struct fib_result *res); 214extern void fib_select_default(const struct flowi *flp, struct fib_result *res);
227 215
228#endif /* CONFIG_IP_MULTIPLE_TABLES */ 216#endif /* CONFIG_IP_MULTIPLE_TABLES */
229 217
230/* Exported by fib_frontend.c */ 218/* Exported by fib_frontend.c */
219extern struct nla_policy rtm_ipv4_policy[];
231extern void ip_fib_init(void); 220extern void ip_fib_init(void);
232extern int inet_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg); 221extern int inet_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
233extern int inet_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg); 222extern int inet_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
@@ -243,23 +232,20 @@ struct rtentry;
243extern int ip_fib_check_default(u32 gw, struct net_device *dev); 232extern int ip_fib_check_default(u32 gw, struct net_device *dev);
244extern int fib_sync_down(u32 local, struct net_device *dev, int force); 233extern int fib_sync_down(u32 local, struct net_device *dev, int force);
245extern int fib_sync_up(struct net_device *dev); 234extern int fib_sync_up(struct net_device *dev);
246extern int fib_convert_rtentry(int cmd, struct nlmsghdr *nl, struct rtmsg *rtm,
247 struct kern_rta *rta, struct rtentry *r);
248extern u32 __fib_res_prefsrc(struct fib_result *res); 235extern u32 __fib_res_prefsrc(struct fib_result *res);
249 236
250/* Exported by fib_hash.c */ 237/* Exported by fib_hash.c */
251extern struct fib_table *fib_hash_init(int id); 238extern struct fib_table *fib_hash_init(u32 id);
252 239
253#ifdef CONFIG_IP_MULTIPLE_TABLES 240#ifdef CONFIG_IP_MULTIPLE_TABLES
254/* Exported by fib_rules.c */ 241extern int fib4_rules_dump(struct sk_buff *skb, struct netlink_callback *cb);
242
243extern void __init fib4_rules_init(void);
255 244
256extern int inet_rtm_delrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
257extern int inet_rtm_newrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
258extern int inet_dump_rules(struct sk_buff *skb, struct netlink_callback *cb);
259#ifdef CONFIG_NET_CLS_ROUTE 245#ifdef CONFIG_NET_CLS_ROUTE
260extern u32 fib_rules_tclass(struct fib_result *res); 246extern u32 fib_rules_tclass(struct fib_result *res);
261#endif 247#endif
262extern void fib_rules_init(void); 248
263#endif 249#endif
264 250
265static inline void fib_combine_itag(u32 *itag, struct fib_result *res) 251static inline void fib_combine_itag(u32 *itag, struct fib_result *res)
diff --git a/include/net/ipcomp.h b/include/net/ipcomp.h
index e651a57ecdd5..87c1af3e5e82 100644
--- a/include/net/ipcomp.h
+++ b/include/net/ipcomp.h
@@ -1,11 +1,14 @@
1#ifndef _NET_IPCOMP_H 1#ifndef _NET_IPCOMP_H
2#define _NET_IPCOMP_H 2#define _NET_IPCOMP_H
3 3
4#include <linux/crypto.h>
5#include <linux/types.h>
6
4#define IPCOMP_SCRATCH_SIZE 65400 7#define IPCOMP_SCRATCH_SIZE 65400
5 8
6struct ipcomp_data { 9struct ipcomp_data {
7 u16 threshold; 10 u16 threshold;
8 struct crypto_tfm **tfms; 11 struct crypto_comp **tfms;
9}; 12};
10 13
11#endif 14#endif
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index ece7e8a84ffd..72bf47b2a4e0 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -40,6 +40,7 @@
40#define NEXTHDR_ICMP 58 /* ICMP for IPv6. */ 40#define NEXTHDR_ICMP 58 /* ICMP for IPv6. */
41#define NEXTHDR_NONE 59 /* No next header */ 41#define NEXTHDR_NONE 59 /* No next header */
42#define NEXTHDR_DEST 60 /* Destination options header. */ 42#define NEXTHDR_DEST 60 /* Destination options header. */
43#define NEXTHDR_MOBILITY 135 /* Mobility header. */
43 44
44#define NEXTHDR_MAX 255 45#define NEXTHDR_MAX 255
45 46
@@ -229,7 +230,7 @@ extern int ip6_ra_control(struct sock *sk, int sel,
229 void (*destructor)(struct sock *)); 230 void (*destructor)(struct sock *));
230 231
231 232
232extern int ipv6_parse_hopopts(struct sk_buff *skb); 233extern int ipv6_parse_hopopts(struct sk_buff **skbp);
233 234
234extern struct ipv6_txoptions * ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt); 235extern struct ipv6_txoptions * ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt);
235extern struct ipv6_txoptions * ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt, 236extern struct ipv6_txoptions * ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt,
@@ -506,6 +507,8 @@ extern int ipv6_skip_exthdr(const struct sk_buff *, int start,
506 507
507extern int ipv6_ext_hdr(u8 nexthdr); 508extern int ipv6_ext_hdr(u8 nexthdr);
508 509
510extern int ipv6_find_tlv(struct sk_buff *skb, int offset, int type);
511
509extern struct ipv6_txoptions * ipv6_invert_rthdr(struct sock *sk, 512extern struct ipv6_txoptions * ipv6_invert_rthdr(struct sock *sk,
510 struct ipv6_rt_hdr *hdr); 513 struct ipv6_rt_hdr *hdr);
511 514
diff --git a/include/net/mip6.h b/include/net/mip6.h
new file mode 100644
index 000000000000..68263c6d9996
--- /dev/null
+++ b/include/net/mip6.h
@@ -0,0 +1,61 @@
1/*
2 * Copyright (C)2003-2006 Helsinki University of Technology
3 * Copyright (C)2003-2006 USAGI/WIDE Project
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 */
19/*
20 * Authors:
21 * Noriaki TAKAMIYA @USAGI
22 * Masahide NAKAMURA @USAGI
23 * YOSHIFUJI Hideaki @USAGI
24 */
25#ifndef _NET_MIP6_H
26#define _NET_MIP6_H
27
28#include <linux/skbuff.h>
29#include <net/sock.h>
30
31#define MIP6_OPT_PAD_1 0
32#define MIP6_OPT_PAD_N 1
33
34/*
35 * Mobility Header
36 */
37struct ip6_mh {
38 __u8 ip6mh_proto;
39 __u8 ip6mh_hdrlen;
40 __u8 ip6mh_type;
41 __u8 ip6mh_reserved;
42 __u16 ip6mh_cksum;
43 /* Followed by type specific messages */
44 __u8 data[0];
45} __attribute__ ((__packed__));
46
47#define IP6_MH_TYPE_BRR 0 /* Binding Refresh Request */
48#define IP6_MH_TYPE_HOTI 1 /* HOTI Message */
49#define IP6_MH_TYPE_COTI 2 /* COTI Message */
50#define IP6_MH_TYPE_HOT 3 /* HOT Message */
51#define IP6_MH_TYPE_COT 4 /* COT Message */
52#define IP6_MH_TYPE_BU 5 /* Binding Update */
53#define IP6_MH_TYPE_BACK 6 /* Binding ACK */
54#define IP6_MH_TYPE_BERROR 7 /* Binding Error */
55#define IP6_MH_TYPE_MAX IP6_MH_TYPE_BERROR
56
57extern int mip6_init(void);
58extern void mip6_fini(void);
59extern int mip6_mh_filter(struct sock *sk, struct sk_buff *skb);
60
61#endif
diff --git a/include/net/neighbour.h b/include/net/neighbour.h
index 4901ee446879..c8aacbd2e333 100644
--- a/include/net/neighbour.h
+++ b/include/net/neighbour.h
@@ -1,6 +1,8 @@
1#ifndef _NET_NEIGHBOUR_H 1#ifndef _NET_NEIGHBOUR_H
2#define _NET_NEIGHBOUR_H 2#define _NET_NEIGHBOUR_H
3 3
4#include <linux/neighbour.h>
5
4/* 6/*
5 * Generic neighbour manipulation 7 * Generic neighbour manipulation
6 * 8 *
@@ -14,40 +16,6 @@
14 * - Add neighbour cache statistics like rtstat 16 * - Add neighbour cache statistics like rtstat
15 */ 17 */
16 18
17/* The following flags & states are exported to user space,
18 so that they should be moved to include/linux/ directory.
19 */
20
21/*
22 * Neighbor Cache Entry Flags
23 */
24
25#define NTF_PROXY 0x08 /* == ATF_PUBL */
26#define NTF_ROUTER 0x80
27
28/*
29 * Neighbor Cache Entry States.
30 */
31
32#define NUD_INCOMPLETE 0x01
33#define NUD_REACHABLE 0x02
34#define NUD_STALE 0x04
35#define NUD_DELAY 0x08
36#define NUD_PROBE 0x10
37#define NUD_FAILED 0x20
38
39/* Dummy states */
40#define NUD_NOARP 0x40
41#define NUD_PERMANENT 0x80
42#define NUD_NONE 0x00
43
44/* NUD_NOARP & NUD_PERMANENT are pseudostates, they never change
45 and make no address resolution or NUD.
46 NUD_PERMANENT is also cannot be deleted by garbage collectors.
47 */
48
49#ifdef __KERNEL__
50
51#include <asm/atomic.h> 19#include <asm/atomic.h>
52#include <linux/netdevice.h> 20#include <linux/netdevice.h>
53#include <linux/skbuff.h> 21#include <linux/skbuff.h>
@@ -133,7 +101,7 @@ struct neighbour
133 __u8 dead; 101 __u8 dead;
134 atomic_t probes; 102 atomic_t probes;
135 rwlock_t lock; 103 rwlock_t lock;
136 unsigned char ha[(MAX_ADDR_LEN+sizeof(unsigned long)-1)&~(sizeof(unsigned long)-1)]; 104 unsigned char ha[ALIGN(MAX_ADDR_LEN, sizeof(unsigned long))];
137 struct hh_cache *hh; 105 struct hh_cache *hh;
138 atomic_t refcnt; 106 atomic_t refcnt;
139 int (*output)(struct sk_buff *skb); 107 int (*output)(struct sk_buff *skb);
@@ -158,6 +126,7 @@ struct pneigh_entry
158{ 126{
159 struct pneigh_entry *next; 127 struct pneigh_entry *next;
160 struct net_device *dev; 128 struct net_device *dev;
129 u8 flags;
161 u8 key[0]; 130 u8 key[0];
162}; 131};
163 132
@@ -374,6 +343,3 @@ struct neighbour_cb {
374#define NEIGH_CB(skb) ((struct neighbour_cb *)(skb)->cb) 343#define NEIGH_CB(skb) ((struct neighbour_cb *)(skb)->cb)
375 344
376#endif 345#endif
377#endif
378
379
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
new file mode 100644
index 000000000000..fc2b72fc7e07
--- /dev/null
+++ b/include/net/netlabel.h
@@ -0,0 +1,292 @@
1/*
2 * NetLabel System
3 *
4 * The NetLabel system manages static and dynamic label mappings for network
5 * protocols such as CIPSO and RIPSO.
6 *
7 * Author: Paul Moore <paul.moore@hp.com>
8 *
9 */
10
11/*
12 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
13 *
14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
18 *
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
22 * the GNU General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with this program; if not, write to the Free Software
26 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27 *
28 */
29
30#ifndef _NETLABEL_H
31#define _NETLABEL_H
32
33#include <linux/types.h>
34#include <linux/net.h>
35#include <linux/skbuff.h>
36#include <net/netlink.h>
37
38/*
39 * NetLabel - A management interface for maintaining network packet label
40 * mapping tables for explicit packet labling protocols.
41 *
42 * Network protocols such as CIPSO and RIPSO require a label translation layer
43 * to convert the label on the packet into something meaningful on the host
44 * machine. In the current Linux implementation these mapping tables live
45 * inside the kernel; NetLabel provides a mechanism for user space applications
46 * to manage these mapping tables.
47 *
48 * NetLabel makes use of the Generic NETLINK mechanism as a transport layer to
49 * send messages between kernel and user space. The general format of a
50 * NetLabel message is shown below:
51 *
52 * +-----------------+-------------------+--------- --- -- -
53 * | struct nlmsghdr | struct genlmsghdr | payload
54 * +-----------------+-------------------+--------- --- -- -
55 *
56 * The 'nlmsghdr' and 'genlmsghdr' structs should be dealt with like normal.
57 * The payload is dependent on the subsystem specified in the
58 * 'nlmsghdr->nlmsg_type' and should be defined below, supporting functions
59 * should be defined in the corresponding net/netlabel/netlabel_<subsys>.h|c
60 * file. All of the fields in the NetLabel payload are NETLINK attributes, the
61 * length of each field is the length of the NETLINK attribute payload, see
62 * include/net/netlink.h for more information on NETLINK attributes.
63 *
64 */
65
66/*
67 * NetLabel NETLINK protocol
68 */
69
70#define NETLBL_PROTO_VERSION 1
71
72/* NetLabel NETLINK types/families */
73#define NETLBL_NLTYPE_NONE 0
74#define NETLBL_NLTYPE_MGMT 1
75#define NETLBL_NLTYPE_MGMT_NAME "NLBL_MGMT"
76#define NETLBL_NLTYPE_RIPSO 2
77#define NETLBL_NLTYPE_RIPSO_NAME "NLBL_RIPSO"
78#define NETLBL_NLTYPE_CIPSOV4 3
79#define NETLBL_NLTYPE_CIPSOV4_NAME "NLBL_CIPSOv4"
80#define NETLBL_NLTYPE_CIPSOV6 4
81#define NETLBL_NLTYPE_CIPSOV6_NAME "NLBL_CIPSOv6"
82#define NETLBL_NLTYPE_UNLABELED 5
83#define NETLBL_NLTYPE_UNLABELED_NAME "NLBL_UNLBL"
84
85/* NetLabel return codes */
86#define NETLBL_E_OK 0
87
88/*
89 * Helper functions
90 */
91
92#define NETLBL_LEN_U8 nla_total_size(sizeof(u8))
93#define NETLBL_LEN_U16 nla_total_size(sizeof(u16))
94#define NETLBL_LEN_U32 nla_total_size(sizeof(u32))
95
96/**
97 * netlbl_netlink_alloc_skb - Allocate a NETLINK message buffer
98 * @head: the amount of headroom in bytes
99 * @body: the desired size (minus headroom) in bytes
100 * @gfp_flags: the alloc flags to pass to alloc_skb()
101 *
102 * Description:
103 * Allocate a NETLINK message buffer based on the sizes given in @head and
104 * @body. If @head is greater than zero skb_reserve() is called to reserve
105 * @head bytes at the start of the buffer. Returns a valid sk_buff pointer on
106 * success, NULL on failure.
107 *
108 */
109static inline struct sk_buff *netlbl_netlink_alloc_skb(size_t head,
110 size_t body,
111 int gfp_flags)
112{
113 struct sk_buff *skb;
114
115 skb = alloc_skb(NLMSG_ALIGN(head + body), gfp_flags);
116 if (skb == NULL)
117 return NULL;
118 if (head > 0) {
119 skb_reserve(skb, head);
120 if (skb_tailroom(skb) < body) {
121 kfree_skb(skb);
122 return NULL;
123 }
124 }
125
126 return skb;
127}
128
129/*
130 * NetLabel - Kernel API for accessing the network packet label mappings.
131 *
132 * The following functions are provided for use by other kernel modules,
133 * specifically kernel LSM modules, to provide a consistent, transparent API
134 * for dealing with explicit packet labeling protocols such as CIPSO and
135 * RIPSO. The functions defined here are implemented in the
136 * net/netlabel/netlabel_kapi.c file.
137 *
138 */
139
140/* Domain mapping definition struct */
141struct netlbl_dom_map;
142
143/* Domain mapping operations */
144int netlbl_domhsh_remove(const char *domain);
145
146/* LSM security attributes */
147struct netlbl_lsm_cache {
148 void (*free) (const void *data);
149 void *data;
150};
151struct netlbl_lsm_secattr {
152 char *domain;
153
154 u32 mls_lvl;
155 u32 mls_lvl_vld;
156 unsigned char *mls_cat;
157 size_t mls_cat_len;
158
159 struct netlbl_lsm_cache cache;
160};
161
162/*
163 * LSM security attribute operations
164 */
165
166
167/**
168 * netlbl_secattr_init - Initialize a netlbl_lsm_secattr struct
169 * @secattr: the struct to initialize
170 *
171 * Description:
172 * Initialize an already allocated netlbl_lsm_secattr struct. Returns zero on
173 * success, negative values on error.
174 *
175 */
176static inline int netlbl_secattr_init(struct netlbl_lsm_secattr *secattr)
177{
178 memset(secattr, 0, sizeof(*secattr));
179 return 0;
180}
181
182/**
183 * netlbl_secattr_destroy - Clears a netlbl_lsm_secattr struct
184 * @secattr: the struct to clear
185 * @clear_cache: cache clear flag
186 *
187 * Description:
188 * Destroys the @secattr struct, including freeing all of the internal buffers.
189 * If @clear_cache is true then free the cache fields, otherwise leave them
190 * intact. The struct must be reset with a call to netlbl_secattr_init()
191 * before reuse.
192 *
193 */
194static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr,
195 u32 clear_cache)
196{
197 if (clear_cache && secattr->cache.data != NULL && secattr->cache.free)
198 secattr->cache.free(secattr->cache.data);
199 kfree(secattr->domain);
200 kfree(secattr->mls_cat);
201}
202
203/**
204 * netlbl_secattr_alloc - Allocate and initialize a netlbl_lsm_secattr struct
205 * @flags: the memory allocation flags
206 *
207 * Description:
208 * Allocate and initialize a netlbl_lsm_secattr struct. Returns a valid
209 * pointer on success, or NULL on failure.
210 *
211 */
212static inline struct netlbl_lsm_secattr *netlbl_secattr_alloc(int flags)
213{
214 return kzalloc(sizeof(struct netlbl_lsm_secattr), flags);
215}
216
217/**
218 * netlbl_secattr_free - Frees a netlbl_lsm_secattr struct
219 * @secattr: the struct to free
220 * @clear_cache: cache clear flag
221 *
222 * Description:
223 * Frees @secattr including all of the internal buffers. If @clear_cache is
224 * true then free the cache fields, otherwise leave them intact.
225 *
226 */
227static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr,
228 u32 clear_cache)
229{
230 netlbl_secattr_destroy(secattr, clear_cache);
231 kfree(secattr);
232}
233
234/*
235 * LSM protocol operations
236 */
237
238#ifdef CONFIG_NETLABEL
239int netlbl_socket_setattr(const struct socket *sock,
240 const struct netlbl_lsm_secattr *secattr);
241int netlbl_socket_getattr(const struct socket *sock,
242 struct netlbl_lsm_secattr *secattr);
243int netlbl_skbuff_getattr(const struct sk_buff *skb,
244 struct netlbl_lsm_secattr *secattr);
245void netlbl_skbuff_err(struct sk_buff *skb, int error);
246#else
247static inline int netlbl_socket_setattr(const struct socket *sock,
248 const struct netlbl_lsm_secattr *secattr)
249{
250 return -ENOSYS;
251}
252
253static inline int netlbl_socket_getattr(const struct socket *sock,
254 struct netlbl_lsm_secattr *secattr)
255{
256 return -ENOSYS;
257}
258
259static inline int netlbl_skbuff_getattr(const struct sk_buff *skb,
260 struct netlbl_lsm_secattr *secattr)
261{
262 return -ENOSYS;
263}
264
265static inline void netlbl_skbuff_err(struct sk_buff *skb, int error)
266{
267 return;
268}
269#endif /* CONFIG_NETLABEL */
270
271/*
272 * LSM label mapping cache operations
273 */
274
275#ifdef CONFIG_NETLABEL
276void netlbl_cache_invalidate(void);
277int netlbl_cache_add(const struct sk_buff *skb,
278 const struct netlbl_lsm_secattr *secattr);
279#else
280static inline void netlbl_cache_invalidate(void)
281{
282 return;
283}
284
285static inline int netlbl_cache_add(const struct sk_buff *skb,
286 const struct netlbl_lsm_secattr *secattr)
287{
288 return 0;
289}
290#endif /* CONFIG_NETLABEL */
291
292#endif /* _NETLABEL_H */
diff --git a/include/net/netlink.h b/include/net/netlink.h
index 640c26a90cf1..11dc2e7f679a 100644
--- a/include/net/netlink.h
+++ b/include/net/netlink.h
@@ -35,12 +35,15 @@
35 * nlmsg_put() add a netlink message to an skb 35 * nlmsg_put() add a netlink message to an skb
36 * nlmsg_put_answer() callback based nlmsg_put() 36 * nlmsg_put_answer() callback based nlmsg_put()
37 * nlmsg_end() finanlize netlink message 37 * nlmsg_end() finanlize netlink message
38 * nlmsg_get_pos() return current position in message
39 * nlmsg_trim() trim part of message
38 * nlmsg_cancel() cancel message construction 40 * nlmsg_cancel() cancel message construction
39 * nlmsg_free() free a netlink message 41 * nlmsg_free() free a netlink message
40 * 42 *
41 * Message Sending: 43 * Message Sending:
42 * nlmsg_multicast() multicast message to several groups 44 * nlmsg_multicast() multicast message to several groups
43 * nlmsg_unicast() unicast a message to a single socket 45 * nlmsg_unicast() unicast a message to a single socket
46 * nlmsg_notify() send notification message
44 * 47 *
45 * Message Length Calculations: 48 * Message Length Calculations:
46 * nlmsg_msg_size(payload) length of message w/o padding 49 * nlmsg_msg_size(payload) length of message w/o padding
@@ -62,6 +65,9 @@
62 * nlmsg_validate() validate netlink message incl. attrs 65 * nlmsg_validate() validate netlink message incl. attrs
63 * nlmsg_for_each_attr() loop over all attributes 66 * nlmsg_for_each_attr() loop over all attributes
64 * 67 *
68 * Misc:
69 * nlmsg_report() report back to application?
70 *
65 * ------------------------------------------------------------------------ 71 * ------------------------------------------------------------------------
66 * Attributes Interface 72 * Attributes Interface
67 * ------------------------------------------------------------------------ 73 * ------------------------------------------------------------------------
@@ -80,8 +86,10 @@
80 * struct nlattr netlink attribtue header 86 * struct nlattr netlink attribtue header
81 * 87 *
82 * Attribute Construction: 88 * Attribute Construction:
83 * nla_reserve(skb, type, len) reserve skb tailroom for an attribute 89 * nla_reserve(skb, type, len) reserve room for an attribute
90 * nla_reserve_nohdr(skb, len) reserve room for an attribute w/o hdr
84 * nla_put(skb, type, len, data) add attribute to skb 91 * nla_put(skb, type, len, data) add attribute to skb
92 * nla_put_nohdr(skb, len, data) add attribute w/o hdr
85 * 93 *
86 * Attribute Construction for Basic Types: 94 * Attribute Construction for Basic Types:
87 * nla_put_u8(skb, type, value) add u8 attribute to skb 95 * nla_put_u8(skb, type, value) add u8 attribute to skb
@@ -139,6 +147,7 @@
139 * nla_next(nla, remaining) get next netlink attribute 147 * nla_next(nla, remaining) get next netlink attribute
140 * nla_validate() validate a stream of attributes 148 * nla_validate() validate a stream of attributes
141 * nla_find() find attribute in stream of attributes 149 * nla_find() find attribute in stream of attributes
150 * nla_find_nested() find attribute in nested attributes
142 * nla_parse() parse and validate stream of attrs 151 * nla_parse() parse and validate stream of attrs
143 * nla_parse_nested() parse nested attribuets 152 * nla_parse_nested() parse nested attribuets
144 * nla_for_each_attr() loop over all attributes 153 * nla_for_each_attr() loop over all attributes
@@ -158,6 +167,7 @@ enum {
158 NLA_FLAG, 167 NLA_FLAG,
159 NLA_MSECS, 168 NLA_MSECS,
160 NLA_NESTED, 169 NLA_NESTED,
170 NLA_NUL_STRING,
161 __NLA_TYPE_MAX, 171 __NLA_TYPE_MAX,
162}; 172};
163 173
@@ -166,21 +176,37 @@ enum {
166/** 176/**
167 * struct nla_policy - attribute validation policy 177 * struct nla_policy - attribute validation policy
168 * @type: Type of attribute or NLA_UNSPEC 178 * @type: Type of attribute or NLA_UNSPEC
169 * @minlen: Minimal length of payload required to be available 179 * @len: Type specific length of payload
170 * 180 *
171 * Policies are defined as arrays of this struct, the array must be 181 * Policies are defined as arrays of this struct, the array must be
172 * accessible by attribute type up to the highest identifier to be expected. 182 * accessible by attribute type up to the highest identifier to be expected.
173 * 183 *
184 * Meaning of `len' field:
185 * NLA_STRING Maximum length of string
186 * NLA_NUL_STRING Maximum length of string (excluding NUL)
187 * NLA_FLAG Unused
188 * All other Exact length of attribute payload
189 *
174 * Example: 190 * Example:
175 * static struct nla_policy my_policy[ATTR_MAX+1] __read_mostly = { 191 * static struct nla_policy my_policy[ATTR_MAX+1] __read_mostly = {
176 * [ATTR_FOO] = { .type = NLA_U16 }, 192 * [ATTR_FOO] = { .type = NLA_U16 },
177 * [ATTR_BAR] = { .type = NLA_STRING }, 193 * [ATTR_BAR] = { .type = NLA_STRING, len = BARSIZ },
178 * [ATTR_BAZ] = { .minlen = sizeof(struct mystruct) }, 194 * [ATTR_BAZ] = { .len = sizeof(struct mystruct) },
179 * }; 195 * };
180 */ 196 */
181struct nla_policy { 197struct nla_policy {
182 u16 type; 198 u16 type;
183 u16 minlen; 199 u16 len;
200};
201
202/**
203 * struct nl_info - netlink source information
204 * @nlh: Netlink message header of original request
205 * @pid: Netlink PID of requesting application
206 */
207struct nl_info {
208 struct nlmsghdr *nlh;
209 u32 pid;
184}; 210};
185 211
186extern void netlink_run_queue(struct sock *sk, unsigned int *qlen, 212extern void netlink_run_queue(struct sock *sk, unsigned int *qlen,
@@ -188,6 +214,9 @@ extern void netlink_run_queue(struct sock *sk, unsigned int *qlen,
188 struct nlmsghdr *, int *)); 214 struct nlmsghdr *, int *));
189extern void netlink_queue_skip(struct nlmsghdr *nlh, 215extern void netlink_queue_skip(struct nlmsghdr *nlh,
190 struct sk_buff *skb); 216 struct sk_buff *skb);
217extern int nlmsg_notify(struct sock *sk, struct sk_buff *skb,
218 u32 pid, unsigned int group, int report,
219 gfp_t flags);
191 220
192extern int nla_validate(struct nlattr *head, int len, int maxtype, 221extern int nla_validate(struct nlattr *head, int len, int maxtype,
193 struct nla_policy *policy); 222 struct nla_policy *policy);
@@ -203,12 +232,18 @@ extern int nla_memcmp(const struct nlattr *nla, const void *data,
203extern int nla_strcmp(const struct nlattr *nla, const char *str); 232extern int nla_strcmp(const struct nlattr *nla, const char *str);
204extern struct nlattr * __nla_reserve(struct sk_buff *skb, int attrtype, 233extern struct nlattr * __nla_reserve(struct sk_buff *skb, int attrtype,
205 int attrlen); 234 int attrlen);
235extern void * __nla_reserve_nohdr(struct sk_buff *skb, int attrlen);
206extern struct nlattr * nla_reserve(struct sk_buff *skb, int attrtype, 236extern struct nlattr * nla_reserve(struct sk_buff *skb, int attrtype,
207 int attrlen); 237 int attrlen);
238extern void * nla_reserve_nohdr(struct sk_buff *skb, int attrlen);
208extern void __nla_put(struct sk_buff *skb, int attrtype, 239extern void __nla_put(struct sk_buff *skb, int attrtype,
209 int attrlen, const void *data); 240 int attrlen, const void *data);
241extern void __nla_put_nohdr(struct sk_buff *skb, int attrlen,
242 const void *data);
210extern int nla_put(struct sk_buff *skb, int attrtype, 243extern int nla_put(struct sk_buff *skb, int attrtype,
211 int attrlen, const void *data); 244 int attrlen, const void *data);
245extern int nla_put_nohdr(struct sk_buff *skb, int attrlen,
246 const void *data);
212 247
213/************************************************************************** 248/**************************************************************************
214 * Netlink Messages 249 * Netlink Messages
@@ -364,6 +399,17 @@ static inline int nlmsg_validate(struct nlmsghdr *nlh, int hdrlen, int maxtype,
364} 399}
365 400
366/** 401/**
402 * nlmsg_report - need to report back to application?
403 * @nlh: netlink message header
404 *
405 * Returns 1 if a report back to the application is requested.
406 */
407static inline int nlmsg_report(struct nlmsghdr *nlh)
408{
409 return !!(nlh->nlmsg_flags & NLM_F_ECHO);
410}
411
412/**
367 * nlmsg_for_each_attr - iterate over a stream of attributes 413 * nlmsg_for_each_attr - iterate over a stream of attributes
368 * @pos: loop counter, set to current attribute 414 * @pos: loop counter, set to current attribute
369 * @nlh: netlink message header 415 * @nlh: netlink message header
@@ -453,12 +499,13 @@ static inline struct nlmsghdr *nlmsg_put_answer(struct sk_buff *skb,
453/** 499/**
454 * nlmsg_new - Allocate a new netlink message 500 * nlmsg_new - Allocate a new netlink message
455 * @size: maximum size of message 501 * @size: maximum size of message
502 * @flags: the type of memory to allocate.
456 * 503 *
457 * Use NLMSG_GOODSIZE if size isn't know and you need a good default size. 504 * Use NLMSG_GOODSIZE if size isn't know and you need a good default size.
458 */ 505 */
459static inline struct sk_buff *nlmsg_new(int size) 506static inline struct sk_buff *nlmsg_new(int size, gfp_t flags)
460{ 507{
461 return alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 508 return alloc_skb(size, flags);
462} 509}
463 510
464/** 511/**
@@ -480,6 +527,32 @@ static inline int nlmsg_end(struct sk_buff *skb, struct nlmsghdr *nlh)
480} 527}
481 528
482/** 529/**
530 * nlmsg_get_pos - return current position in netlink message
531 * @skb: socket buffer the message is stored in
532 *
533 * Returns a pointer to the current tail of the message.
534 */
535static inline void *nlmsg_get_pos(struct sk_buff *skb)
536{
537 return skb->tail;
538}
539
540/**
541 * nlmsg_trim - Trim message to a mark
542 * @skb: socket buffer the message is stored in
543 * @mark: mark to trim to
544 *
545 * Trims the message to the provided mark. Returns -1.
546 */
547static inline int nlmsg_trim(struct sk_buff *skb, void *mark)
548{
549 if (mark)
550 skb_trim(skb, (unsigned char *) mark - skb->data);
551
552 return -1;
553}
554
555/**
483 * nlmsg_cancel - Cancel construction of a netlink message 556 * nlmsg_cancel - Cancel construction of a netlink message
484 * @skb: socket buffer the message is stored in 557 * @skb: socket buffer the message is stored in
485 * @nlh: netlink message header 558 * @nlh: netlink message header
@@ -489,9 +562,7 @@ static inline int nlmsg_end(struct sk_buff *skb, struct nlmsghdr *nlh)
489 */ 562 */
490static inline int nlmsg_cancel(struct sk_buff *skb, struct nlmsghdr *nlh) 563static inline int nlmsg_cancel(struct sk_buff *skb, struct nlmsghdr *nlh)
491{ 564{
492 skb_trim(skb, (unsigned char *) nlh - skb->data); 565 return nlmsg_trim(skb, nlh);
493
494 return -1;
495} 566}
496 567
497/** 568/**
@@ -509,15 +580,16 @@ static inline void nlmsg_free(struct sk_buff *skb)
509 * @skb: netlink message as socket buffer 580 * @skb: netlink message as socket buffer
510 * @pid: own netlink pid to avoid sending to yourself 581 * @pid: own netlink pid to avoid sending to yourself
511 * @group: multicast group id 582 * @group: multicast group id
583 * @flags: allocation flags
512 */ 584 */
513static inline int nlmsg_multicast(struct sock *sk, struct sk_buff *skb, 585static inline int nlmsg_multicast(struct sock *sk, struct sk_buff *skb,
514 u32 pid, unsigned int group) 586 u32 pid, unsigned int group, gfp_t flags)
515{ 587{
516 int err; 588 int err;
517 589
518 NETLINK_CB(skb).dst_group = group; 590 NETLINK_CB(skb).dst_group = group;
519 591
520 err = netlink_broadcast(sk, skb, pid, group, GFP_KERNEL); 592 err = netlink_broadcast(sk, skb, pid, group, flags);
521 if (err > 0) 593 if (err > 0)
522 err = 0; 594 err = 0;
523 595
@@ -631,6 +703,18 @@ static inline struct nlattr *nla_next(const struct nlattr *nla, int *remaining)
631} 703}
632 704
633/** 705/**
706 * nla_find_nested - find attribute in a set of nested attributes
707 * @nla: attribute containing the nested attributes
708 * @attrtype: type of attribute to look for
709 *
710 * Returns the first attribute which matches the specified type.
711 */
712static inline struct nlattr *nla_find_nested(struct nlattr *nla, int attrtype)
713{
714 return nla_find(nla_data(nla), nla_len(nla), attrtype);
715}
716
717/**
634 * nla_parse_nested - parse nested attributes 718 * nla_parse_nested - parse nested attributes
635 * @tb: destination array with maxtype+1 elements 719 * @tb: destination array with maxtype+1 elements
636 * @maxtype: maximum attribute type to be expected 720 * @maxtype: maximum attribute type to be expected
@@ -751,7 +835,7 @@ static inline int nla_put_msecs(struct sk_buff *skb, int attrtype,
751#define NLA_PUT_STRING(skb, attrtype, value) \ 835#define NLA_PUT_STRING(skb, attrtype, value) \
752 NLA_PUT(skb, attrtype, strlen(value) + 1, value) 836 NLA_PUT(skb, attrtype, strlen(value) + 1, value)
753 837
754#define NLA_PUT_FLAG(skb, attrtype, value) \ 838#define NLA_PUT_FLAG(skb, attrtype) \
755 NLA_PUT(skb, attrtype, 0, NULL) 839 NLA_PUT(skb, attrtype, 0, NULL)
756 840
757#define NLA_PUT_MSECS(skb, attrtype, jiffies) \ 841#define NLA_PUT_MSECS(skb, attrtype, jiffies) \
@@ -862,10 +946,7 @@ static inline int nla_nest_end(struct sk_buff *skb, struct nlattr *start)
862 */ 946 */
863static inline int nla_nest_cancel(struct sk_buff *skb, struct nlattr *start) 947static inline int nla_nest_cancel(struct sk_buff *skb, struct nlattr *start)
864{ 948{
865 if (start) 949 return nlmsg_trim(skb, start);
866 skb_trim(skb, (unsigned char *) start - skb->data);
867
868 return -1;
869} 950}
870 951
871/** 952/**
@@ -880,4 +961,13 @@ static inline int nla_nest_cancel(struct sk_buff *skb, struct nlattr *start)
880 nla_ok(pos, rem); \ 961 nla_ok(pos, rem); \
881 pos = nla_next(pos, &(rem))) 962 pos = nla_next(pos, &(rem)))
882 963
964/**
965 * nla_for_each_nested - iterate over nested attributes
966 * @pos: loop counter, set to current attribute
967 * @nla: attribute containing the nested attributes
968 * @rem: initialized to len, holds bytes currently remaining in stream
969 */
970#define nla_for_each_nested(pos, nla, rem) \
971 nla_for_each_attr(pos, nla_data(nla), nla_len(nla), rem)
972
883#endif 973#endif
diff --git a/include/net/nexthop.h b/include/net/nexthop.h
new file mode 100644
index 000000000000..3334dbfa5aa4
--- /dev/null
+++ b/include/net/nexthop.h
@@ -0,0 +1,33 @@
1#ifndef __NET_NEXTHOP_H
2#define __NET_NEXTHOP_H
3
4#include <linux/rtnetlink.h>
5#include <net/netlink.h>
6
7static inline int rtnh_ok(const struct rtnexthop *rtnh, int remaining)
8{
9 return remaining >= sizeof(*rtnh) &&
10 rtnh->rtnh_len >= sizeof(*rtnh) &&
11 rtnh->rtnh_len <= remaining;
12}
13
14static inline struct rtnexthop *rtnh_next(const struct rtnexthop *rtnh,
15 int *remaining)
16{
17 int totlen = NLA_ALIGN(rtnh->rtnh_len);
18
19 *remaining -= totlen;
20 return (struct rtnexthop *) ((char *) rtnh + totlen);
21}
22
23static inline struct nlattr *rtnh_attrs(const struct rtnexthop *rtnh)
24{
25 return (struct nlattr *) ((char *) rtnh + NLA_ALIGN(sizeof(*rtnh)));
26}
27
28static inline int rtnh_attrlen(const struct rtnexthop *rtnh)
29{
30 return rtnh->rtnh_len - NLA_ALIGN(sizeof(*rtnh));
31}
32
33#endif
diff --git a/include/net/pkt_act.h b/include/net/pkt_act.h
deleted file mode 100644
index cf5e4d2e4c21..000000000000
--- a/include/net/pkt_act.h
+++ /dev/null
@@ -1,273 +0,0 @@
1#ifndef __NET_PKT_ACT_H
2#define __NET_PKT_ACT_H
3
4#include <asm/uaccess.h>
5#include <asm/system.h>
6#include <linux/bitops.h>
7#include <linux/types.h>
8#include <linux/kernel.h>
9#include <linux/sched.h>
10#include <linux/string.h>
11#include <linux/mm.h>
12#include <linux/socket.h>
13#include <linux/sockios.h>
14#include <linux/in.h>
15#include <linux/errno.h>
16#include <linux/interrupt.h>
17#include <linux/skbuff.h>
18#include <linux/rtnetlink.h>
19#include <linux/module.h>
20#include <linux/init.h>
21#include <linux/proc_fs.h>
22#include <net/sock.h>
23#include <net/pkt_sched.h>
24
25#define tca_st(val) (struct tcf_##val *)
26#define PRIV(a,name) ( tca_st(name) (a)->priv)
27
28#if 0 /* control */
29#define DPRINTK(format,args...) printk(KERN_DEBUG format,##args)
30#else
31#define DPRINTK(format,args...)
32#endif
33
34#if 0 /* data */
35#define D2PRINTK(format,args...) printk(KERN_DEBUG format,##args)
36#else
37#define D2PRINTK(format,args...)
38#endif
39
40static __inline__ unsigned
41tcf_hash(u32 index)
42{
43 return index & MY_TAB_MASK;
44}
45
46/* probably move this from being inline
47 * and put into act_generic
48*/
49static inline void
50tcf_hash_destroy(struct tcf_st *p)
51{
52 unsigned h = tcf_hash(p->index);
53 struct tcf_st **p1p;
54
55 for (p1p = &tcf_ht[h]; *p1p; p1p = &(*p1p)->next) {
56 if (*p1p == p) {
57 write_lock_bh(&tcf_t_lock);
58 *p1p = p->next;
59 write_unlock_bh(&tcf_t_lock);
60#ifdef CONFIG_NET_ESTIMATOR
61 gen_kill_estimator(&p->bstats, &p->rate_est);
62#endif
63 kfree(p);
64 return;
65 }
66 }
67 BUG_TRAP(0);
68}
69
70static inline int
71tcf_hash_release(struct tcf_st *p, int bind )
72{
73 int ret = 0;
74 if (p) {
75 if (bind) {
76 p->bindcnt--;
77 }
78 p->refcnt--;
79 if(p->bindcnt <=0 && p->refcnt <= 0) {
80 tcf_hash_destroy(p);
81 ret = 1;
82 }
83 }
84 return ret;
85}
86
87static __inline__ int
88tcf_dump_walker(struct sk_buff *skb, struct netlink_callback *cb,
89 struct tc_action *a)
90{
91 struct tcf_st *p;
92 int err =0, index = -1,i= 0, s_i = 0, n_i = 0;
93 struct rtattr *r ;
94
95 read_lock(&tcf_t_lock);
96
97 s_i = cb->args[0];
98
99 for (i = 0; i < MY_TAB_SIZE; i++) {
100 p = tcf_ht[tcf_hash(i)];
101
102 for (; p; p = p->next) {
103 index++;
104 if (index < s_i)
105 continue;
106 a->priv = p;
107 a->order = n_i;
108 r = (struct rtattr*) skb->tail;
109 RTA_PUT(skb, a->order, 0, NULL);
110 err = tcf_action_dump_1(skb, a, 0, 0);
111 if (0 > err) {
112 index--;
113 skb_trim(skb, (u8*)r - skb->data);
114 goto done;
115 }
116 r->rta_len = skb->tail - (u8*)r;
117 n_i++;
118 if (n_i >= TCA_ACT_MAX_PRIO) {
119 goto done;
120 }
121 }
122 }
123done:
124 read_unlock(&tcf_t_lock);
125 if (n_i)
126 cb->args[0] += n_i;
127 return n_i;
128
129rtattr_failure:
130 skb_trim(skb, (u8*)r - skb->data);
131 goto done;
132}
133
134static __inline__ int
135tcf_del_walker(struct sk_buff *skb, struct tc_action *a)
136{
137 struct tcf_st *p, *s_p;
138 struct rtattr *r ;
139 int i= 0, n_i = 0;
140
141 r = (struct rtattr*) skb->tail;
142 RTA_PUT(skb, a->order, 0, NULL);
143 RTA_PUT(skb, TCA_KIND, IFNAMSIZ, a->ops->kind);
144 for (i = 0; i < MY_TAB_SIZE; i++) {
145 p = tcf_ht[tcf_hash(i)];
146
147 while (p != NULL) {
148 s_p = p->next;
149 if (ACT_P_DELETED == tcf_hash_release(p, 0)) {
150 module_put(a->ops->owner);
151 }
152 n_i++;
153 p = s_p;
154 }
155 }
156 RTA_PUT(skb, TCA_FCNT, 4, &n_i);
157 r->rta_len = skb->tail - (u8*)r;
158
159 return n_i;
160rtattr_failure:
161 skb_trim(skb, (u8*)r - skb->data);
162 return -EINVAL;
163}
164
165static __inline__ int
166tcf_generic_walker(struct sk_buff *skb, struct netlink_callback *cb, int type,
167 struct tc_action *a)
168{
169 if (type == RTM_DELACTION) {
170 return tcf_del_walker(skb,a);
171 } else if (type == RTM_GETACTION) {
172 return tcf_dump_walker(skb,cb,a);
173 } else {
174 printk("tcf_generic_walker: unknown action %d\n",type);
175 return -EINVAL;
176 }
177}
178
179static __inline__ struct tcf_st *
180tcf_hash_lookup(u32 index)
181{
182 struct tcf_st *p;
183
184 read_lock(&tcf_t_lock);
185 for (p = tcf_ht[tcf_hash(index)]; p; p = p->next) {
186 if (p->index == index)
187 break;
188 }
189 read_unlock(&tcf_t_lock);
190 return p;
191}
192
193static __inline__ u32
194tcf_hash_new_index(void)
195{
196 do {
197 if (++idx_gen == 0)
198 idx_gen = 1;
199 } while (tcf_hash_lookup(idx_gen));
200
201 return idx_gen;
202}
203
204
205static inline int
206tcf_hash_search(struct tc_action *a, u32 index)
207{
208 struct tcf_st *p = tcf_hash_lookup(index);
209
210 if (p != NULL) {
211 a->priv = p;
212 return 1;
213 }
214 return 0;
215}
216
217#ifdef CONFIG_NET_ACT_INIT
218static inline struct tcf_st *
219tcf_hash_check(u32 index, struct tc_action *a, int ovr, int bind)
220{
221 struct tcf_st *p = NULL;
222 if (index && (p = tcf_hash_lookup(index)) != NULL) {
223 if (bind) {
224 p->bindcnt++;
225 p->refcnt++;
226 }
227 a->priv = p;
228 }
229 return p;
230}
231
232static inline struct tcf_st *
233tcf_hash_create(u32 index, struct rtattr *est, struct tc_action *a, int size, int ovr, int bind)
234{
235 struct tcf_st *p = NULL;
236
237 p = kmalloc(size, GFP_KERNEL);
238 if (p == NULL)
239 return p;
240
241 memset(p, 0, size);
242 p->refcnt = 1;
243
244 if (bind) {
245 p->bindcnt = 1;
246 }
247
248 spin_lock_init(&p->lock);
249 p->stats_lock = &p->lock;
250 p->index = index ? : tcf_hash_new_index();
251 p->tm.install = jiffies;
252 p->tm.lastuse = jiffies;
253#ifdef CONFIG_NET_ESTIMATOR
254 if (est)
255 gen_new_estimator(&p->bstats, &p->rate_est, p->stats_lock, est);
256#endif
257 a->priv = (void *) p;
258 return p;
259}
260
261static inline void tcf_hash_insert(struct tcf_st *p)
262{
263 unsigned h = tcf_hash(p->index);
264
265 write_lock_bh(&tcf_t_lock);
266 p->next = tcf_ht[h];
267 tcf_ht[h] = p;
268 write_unlock_bh(&tcf_t_lock);
269}
270
271#endif
272
273#endif
diff --git a/include/net/request_sock.h b/include/net/request_sock.h
index c5d7f920c352..8e165ca16bd8 100644
--- a/include/net/request_sock.h
+++ b/include/net/request_sock.h
@@ -53,6 +53,7 @@ struct request_sock {
53 unsigned long expires; 53 unsigned long expires;
54 struct request_sock_ops *rsk_ops; 54 struct request_sock_ops *rsk_ops;
55 struct sock *sk; 55 struct sock *sk;
56 u32 secid;
56}; 57};
57 58
58static inline struct request_sock *reqsk_alloc(struct request_sock_ops *ops) 59static inline struct request_sock *reqsk_alloc(struct request_sock_ops *ops)
diff --git a/include/net/route.h b/include/net/route.h
index c4a068692dcc..7f93ac0e0899 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -32,6 +32,7 @@
32#include <linux/route.h> 32#include <linux/route.h>
33#include <linux/ip.h> 33#include <linux/ip.h>
34#include <linux/cache.h> 34#include <linux/cache.h>
35#include <linux/security.h>
35 36
36#ifndef __KERNEL__ 37#ifndef __KERNEL__
37#warning This file is not supposed to be used outside of kernel. 38#warning This file is not supposed to be used outside of kernel.
@@ -166,6 +167,7 @@ static inline int ip_route_connect(struct rtable **rp, u32 dst,
166 ip_rt_put(*rp); 167 ip_rt_put(*rp);
167 *rp = NULL; 168 *rp = NULL;
168 } 169 }
170 security_sk_classify_flow(sk, &fl);
169 return ip_route_output_flow(rp, &fl, sk, 0); 171 return ip_route_output_flow(rp, &fl, sk, 0);
170} 172}
171 173
@@ -182,6 +184,7 @@ static inline int ip_route_newports(struct rtable **rp, u8 protocol,
182 fl.proto = protocol; 184 fl.proto = protocol;
183 ip_rt_put(*rp); 185 ip_rt_put(*rp);
184 *rp = NULL; 186 *rp = NULL;
187 security_sk_classify_flow(sk, &fl);
185 return ip_route_output_flow(rp, &fl, sk, 0); 188 return ip_route_output_flow(rp, &fl, sk, 0);
186 } 189 }
187 return 0; 190 return 0;
diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h
index c51541ee0247..6c632e26f72d 100644
--- a/include/net/sctp/constants.h
+++ b/include/net/sctp/constants.h
@@ -264,10 +264,10 @@ enum { SCTP_MAX_DUP_TSNS = 16 };
264enum { SCTP_MAX_GABS = 16 }; 264enum { SCTP_MAX_GABS = 16 };
265 265
266/* Heartbeat interval - 30 secs */ 266/* Heartbeat interval - 30 secs */
267#define SCTP_DEFAULT_TIMEOUT_HEARTBEAT (30 * HZ) 267#define SCTP_DEFAULT_TIMEOUT_HEARTBEAT (30*1000)
268 268
269/* Delayed sack timer - 200ms */ 269/* Delayed sack timer - 200ms */
270#define SCTP_DEFAULT_TIMEOUT_SACK ((200 * HZ) / 1000) 270#define SCTP_DEFAULT_TIMEOUT_SACK (200)
271 271
272/* RTO.Initial - 3 seconds 272/* RTO.Initial - 3 seconds
273 * RTO.Min - 1 second 273 * RTO.Min - 1 second
@@ -275,9 +275,9 @@ enum { SCTP_MAX_GABS = 16 };
275 * RTO.Alpha - 1/8 275 * RTO.Alpha - 1/8
276 * RTO.Beta - 1/4 276 * RTO.Beta - 1/4
277 */ 277 */
278#define SCTP_RTO_INITIAL (3 * HZ) 278#define SCTP_RTO_INITIAL (3 * 1000)
279#define SCTP_RTO_MIN (1 * HZ) 279#define SCTP_RTO_MIN (1 * 1000)
280#define SCTP_RTO_MAX (60 * HZ) 280#define SCTP_RTO_MAX (60 * 1000)
281 281
282#define SCTP_RTO_ALPHA 3 /* 1/8 when converted to right shifts. */ 282#define SCTP_RTO_ALPHA 3 /* 1/8 when converted to right shifts. */
283#define SCTP_RTO_BETA 2 /* 1/4 when converted to right shifts. */ 283#define SCTP_RTO_BETA 2 /* 1/4 when converted to right shifts. */
@@ -290,8 +290,7 @@ enum { SCTP_MAX_GABS = 16 };
290#define SCTP_DEF_MAX_INIT 6 290#define SCTP_DEF_MAX_INIT 6
291#define SCTP_DEF_MAX_SEND 10 291#define SCTP_DEF_MAX_SEND 10
292 292
293#define SCTP_DEFAULT_COOKIE_LIFE_SEC 60 /* seconds */ 293#define SCTP_DEFAULT_COOKIE_LIFE (60 * 1000) /* 60 seconds */
294#define SCTP_DEFAULT_COOKIE_LIFE_USEC 0 /* microseconds */
295 294
296#define SCTP_DEFAULT_MINWINDOW 1500 /* default minimum rwnd size */ 295#define SCTP_DEFAULT_MINWINDOW 1500 /* default minimum rwnd size */
297#define SCTP_DEFAULT_MAXWINDOW 65535 /* default rwnd size */ 296#define SCTP_DEFAULT_MAXWINDOW 65535 /* default rwnd size */
@@ -312,9 +311,9 @@ enum { SCTP_MAX_GABS = 16 };
312 */ 311 */
313 312
314#if defined (CONFIG_SCTP_HMAC_MD5) 313#if defined (CONFIG_SCTP_HMAC_MD5)
315#define SCTP_COOKIE_HMAC_ALG "md5" 314#define SCTP_COOKIE_HMAC_ALG "hmac(md5)"
316#elif defined (CONFIG_SCTP_HMAC_SHA1) 315#elif defined (CONFIG_SCTP_HMAC_SHA1)
317#define SCTP_COOKIE_HMAC_ALG "sha1" 316#define SCTP_COOKIE_HMAC_ALG "hmac(sha1)"
318#else 317#else
319#define SCTP_COOKIE_HMAC_ALG NULL 318#define SCTP_COOKIE_HMAC_ALG NULL
320#endif 319#endif
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
index 92eae0e0f3f1..ee68a3124076 100644
--- a/include/net/sctp/sctp.h
+++ b/include/net/sctp/sctp.h
@@ -128,6 +128,8 @@ extern int sctp_copy_local_addr_list(struct sctp_bind_addr *,
128 int flags); 128 int flags);
129extern struct sctp_pf *sctp_get_pf_specific(sa_family_t family); 129extern struct sctp_pf *sctp_get_pf_specific(sa_family_t family);
130extern int sctp_register_pf(struct sctp_pf *, sa_family_t); 130extern int sctp_register_pf(struct sctp_pf *, sa_family_t);
131int sctp_inetaddr_event(struct notifier_block *this, unsigned long ev,
132 void *ptr);
131 133
132/* 134/*
133 * sctp/socket.c 135 * sctp/socket.c
@@ -178,6 +180,17 @@ void sctp_backlog_migrate(struct sctp_association *assoc,
178 struct sock *oldsk, struct sock *newsk); 180 struct sock *oldsk, struct sock *newsk);
179 181
180/* 182/*
183 * sctp/proc.c
184 */
185int sctp_snmp_proc_init(void);
186void sctp_snmp_proc_exit(void);
187int sctp_eps_proc_init(void);
188void sctp_eps_proc_exit(void);
189int sctp_assocs_proc_init(void);
190void sctp_assocs_proc_exit(void);
191
192
193/*
181 * Section: Macros, externs, and inlines 194 * Section: Macros, externs, and inlines
182 */ 195 */
183 196
@@ -216,6 +229,50 @@ DECLARE_SNMP_STAT(struct sctp_mib, sctp_statistics);
216 229
217#endif /* !TEST_FRAME */ 230#endif /* !TEST_FRAME */
218 231
232/* sctp mib definitions */
233enum
234{
235 SCTP_MIB_NUM = 0,
236 SCTP_MIB_CURRESTAB, /* CurrEstab */
237 SCTP_MIB_ACTIVEESTABS, /* ActiveEstabs */
238 SCTP_MIB_PASSIVEESTABS, /* PassiveEstabs */
239 SCTP_MIB_ABORTEDS, /* Aborteds */
240 SCTP_MIB_SHUTDOWNS, /* Shutdowns */
241 SCTP_MIB_OUTOFBLUES, /* OutOfBlues */
242 SCTP_MIB_CHECKSUMERRORS, /* ChecksumErrors */
243 SCTP_MIB_OUTCTRLCHUNKS, /* OutCtrlChunks */
244 SCTP_MIB_OUTORDERCHUNKS, /* OutOrderChunks */
245 SCTP_MIB_OUTUNORDERCHUNKS, /* OutUnorderChunks */
246 SCTP_MIB_INCTRLCHUNKS, /* InCtrlChunks */
247 SCTP_MIB_INORDERCHUNKS, /* InOrderChunks */
248 SCTP_MIB_INUNORDERCHUNKS, /* InUnorderChunks */
249 SCTP_MIB_FRAGUSRMSGS, /* FragUsrMsgs */
250 SCTP_MIB_REASMUSRMSGS, /* ReasmUsrMsgs */
251 SCTP_MIB_OUTSCTPPACKS, /* OutSCTPPacks */
252 SCTP_MIB_INSCTPPACKS, /* InSCTPPacks */
253 SCTP_MIB_T1_INIT_EXPIREDS,
254 SCTP_MIB_T1_COOKIE_EXPIREDS,
255 SCTP_MIB_T2_SHUTDOWN_EXPIREDS,
256 SCTP_MIB_T3_RTX_EXPIREDS,
257 SCTP_MIB_T4_RTO_EXPIREDS,
258 SCTP_MIB_T5_SHUTDOWN_GUARD_EXPIREDS,
259 SCTP_MIB_DELAY_SACK_EXPIREDS,
260 SCTP_MIB_AUTOCLOSE_EXPIREDS,
261 SCTP_MIB_T3_RETRANSMITS,
262 SCTP_MIB_PMTUD_RETRANSMITS,
263 SCTP_MIB_FAST_RETRANSMITS,
264 SCTP_MIB_IN_PKT_SOFTIRQ,
265 SCTP_MIB_IN_PKT_BACKLOG,
266 SCTP_MIB_IN_PKT_DISCARDS,
267 SCTP_MIB_IN_DATA_CHUNK_DISCARDS,
268 __SCTP_MIB_MAX
269};
270
271#define SCTP_MIB_MAX __SCTP_MIB_MAX
272struct sctp_mib {
273 unsigned long mibs[SCTP_MIB_MAX];
274} __SNMP_MIB_ALIGN__;
275
219 276
220/* Print debugging messages. */ 277/* Print debugging messages. */
221#if SCTP_DEBUG 278#if SCTP_DEBUG
@@ -330,17 +387,6 @@ static inline void sctp_v6_exit(void) { return; }
330 387
331#endif /* #if defined(CONFIG_IPV6) */ 388#endif /* #if defined(CONFIG_IPV6) */
332 389
333/* Some wrappers, in case crypto not available. */
334#if defined (CONFIG_CRYPTO_HMAC)
335#define sctp_crypto_alloc_tfm crypto_alloc_tfm
336#define sctp_crypto_free_tfm crypto_free_tfm
337#define sctp_crypto_hmac crypto_hmac
338#else
339#define sctp_crypto_alloc_tfm(x...) NULL
340#define sctp_crypto_free_tfm(x...)
341#define sctp_crypto_hmac(x...)
342#endif
343
344 390
345/* Map an association to an assoc_id. */ 391/* Map an association to an assoc_id. */
346static inline sctp_assoc_t sctp_assoc2id(const struct sctp_association *asoc) 392static inline sctp_assoc_t sctp_assoc2id(const struct sctp_association *asoc)
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index e5aa7ff1f5b5..c6d93bb0dcd2 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -87,6 +87,7 @@ struct sctp_bind_addr;
87struct sctp_ulpq; 87struct sctp_ulpq;
88struct sctp_ep_common; 88struct sctp_ep_common;
89struct sctp_ssnmap; 89struct sctp_ssnmap;
90struct crypto_hash;
90 91
91 92
92#include <net/sctp/tsnmap.h> 93#include <net/sctp/tsnmap.h>
@@ -127,9 +128,9 @@ extern struct sctp_globals {
127 * RTO.Alpha - 1/8 (3 when converted to right shifts.) 128 * RTO.Alpha - 1/8 (3 when converted to right shifts.)
128 * RTO.Beta - 1/4 (2 when converted to right shifts.) 129 * RTO.Beta - 1/4 (2 when converted to right shifts.)
129 */ 130 */
130 unsigned long rto_initial; 131 unsigned int rto_initial;
131 unsigned long rto_min; 132 unsigned int rto_min;
132 unsigned long rto_max; 133 unsigned int rto_max;
133 134
134 /* Note: rto_alpha and rto_beta are really defined as inverse 135 /* Note: rto_alpha and rto_beta are really defined as inverse
135 * powers of two to facilitate integer operations. 136 * powers of two to facilitate integer operations.
@@ -144,13 +145,13 @@ extern struct sctp_globals {
144 int cookie_preserve_enable; 145 int cookie_preserve_enable;
145 146
146 /* Valid.Cookie.Life - 60 seconds */ 147 /* Valid.Cookie.Life - 60 seconds */
147 unsigned long valid_cookie_life; 148 unsigned int valid_cookie_life;
148 149
149 /* Delayed SACK timeout 200ms default*/ 150 /* Delayed SACK timeout 200ms default*/
150 unsigned long sack_timeout; 151 unsigned int sack_timeout;
151 152
152 /* HB.interval - 30 seconds */ 153 /* HB.interval - 30 seconds */
153 unsigned long hb_interval; 154 unsigned int hb_interval;
154 155
155 /* Association.Max.Retrans - 10 attempts 156 /* Association.Max.Retrans - 10 attempts
156 * Path.Max.Retrans - 5 attempts (per destination address) 157 * Path.Max.Retrans - 5 attempts (per destination address)
@@ -264,7 +265,7 @@ struct sctp_sock {
264 struct sctp_pf *pf; 265 struct sctp_pf *pf;
265 266
266 /* Access to HMAC transform. */ 267 /* Access to HMAC transform. */
267 struct crypto_tfm *hmac; 268 struct crypto_hash *hmac;
268 269
269 /* What is our base endpointer? */ 270 /* What is our base endpointer? */
270 struct sctp_endpoint *ep; 271 struct sctp_endpoint *ep;
diff --git a/include/net/snmp.h b/include/net/snmp.h
index a36bed8ea210..464970e39ec0 100644
--- a/include/net/snmp.h
+++ b/include/net/snmp.h
@@ -100,12 +100,6 @@ struct udp_mib {
100 unsigned long mibs[UDP_MIB_MAX]; 100 unsigned long mibs[UDP_MIB_MAX];
101} __SNMP_MIB_ALIGN__; 101} __SNMP_MIB_ALIGN__;
102 102
103/* SCTP */
104#define SCTP_MIB_MAX __SCTP_MIB_MAX
105struct sctp_mib {
106 unsigned long mibs[SCTP_MIB_MAX];
107} __SNMP_MIB_ALIGN__;
108
109/* Linux */ 103/* Linux */
110#define LINUX_MIB_MAX __LINUX_MIB_MAX 104#define LINUX_MIB_MAX __LINUX_MIB_MAX
111struct linux_mib { 105struct linux_mib {
diff --git a/include/net/sock.h b/include/net/sock.h
index 324b3ea233d6..edd4d73ce7f5 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -862,30 +862,24 @@ extern void sock_init_data(struct socket *sock, struct sock *sk);
862 * 862 *
863 */ 863 */
864 864
865static inline int sk_filter(struct sock *sk, struct sk_buff *skb, int needlock) 865static inline int sk_filter(struct sock *sk, struct sk_buff *skb)
866{ 866{
867 int err; 867 int err;
868 struct sk_filter *filter;
868 869
869 err = security_sock_rcv_skb(sk, skb); 870 err = security_sock_rcv_skb(sk, skb);
870 if (err) 871 if (err)
871 return err; 872 return err;
872 873
873 if (sk->sk_filter) { 874 rcu_read_lock_bh();
874 struct sk_filter *filter; 875 filter = sk->sk_filter;
875 876 if (filter) {
876 if (needlock) 877 unsigned int pkt_len = sk_run_filter(skb, filter->insns,
877 bh_lock_sock(sk); 878 filter->len);
878 879 err = pkt_len ? pskb_trim(skb, pkt_len) : -EPERM;
879 filter = sk->sk_filter;
880 if (filter) {
881 unsigned int pkt_len = sk_run_filter(skb, filter->insns,
882 filter->len);
883 err = pkt_len ? pskb_trim(skb, pkt_len) : -EPERM;
884 }
885
886 if (needlock)
887 bh_unlock_sock(sk);
888 } 880 }
881 rcu_read_unlock_bh();
882
889 return err; 883 return err;
890} 884}
891 885
@@ -897,6 +891,12 @@ static inline int sk_filter(struct sock *sk, struct sk_buff *skb, int needlock)
897 * Remove a filter from a socket and release its resources. 891 * Remove a filter from a socket and release its resources.
898 */ 892 */
899 893
894static inline void sk_filter_rcu_free(struct rcu_head *rcu)
895{
896 struct sk_filter *fp = container_of(rcu, struct sk_filter, rcu);
897 kfree(fp);
898}
899
900static inline void sk_filter_release(struct sock *sk, struct sk_filter *fp) 900static inline void sk_filter_release(struct sock *sk, struct sk_filter *fp)
901{ 901{
902 unsigned int size = sk_filter_len(fp); 902 unsigned int size = sk_filter_len(fp);
@@ -904,7 +904,7 @@ static inline void sk_filter_release(struct sock *sk, struct sk_filter *fp)
904 atomic_sub(size, &sk->sk_omem_alloc); 904 atomic_sub(size, &sk->sk_omem_alloc);
905 905
906 if (atomic_dec_and_test(&fp->refcnt)) 906 if (atomic_dec_and_test(&fp->refcnt))
907 kfree(fp); 907 call_rcu_bh(&fp->rcu, sk_filter_rcu_free);
908} 908}
909 909
910static inline void sk_filter_charge(struct sock *sk, struct sk_filter *fp) 910static inline void sk_filter_charge(struct sock *sk, struct sk_filter *fp)
@@ -969,9 +969,23 @@ static inline void sock_graft(struct sock *sk, struct socket *parent)
969 sk->sk_sleep = &parent->wait; 969 sk->sk_sleep = &parent->wait;
970 parent->sk = sk; 970 parent->sk = sk;
971 sk->sk_socket = parent; 971 sk->sk_socket = parent;
972 security_sock_graft(sk, parent);
972 write_unlock_bh(&sk->sk_callback_lock); 973 write_unlock_bh(&sk->sk_callback_lock);
973} 974}
974 975
976static inline void sock_copy(struct sock *nsk, const struct sock *osk)
977{
978#ifdef CONFIG_SECURITY_NETWORK
979 void *sptr = nsk->sk_security;
980#endif
981
982 memcpy(nsk, osk, osk->sk_prot->obj_size);
983#ifdef CONFIG_SECURITY_NETWORK
984 nsk->sk_security = sptr;
985 security_sk_clone(osk, nsk);
986#endif
987}
988
975extern int sock_i_uid(struct sock *sk); 989extern int sock_i_uid(struct sock *sk);
976extern unsigned long sock_i_ino(struct sock *sk); 990extern unsigned long sock_i_ino(struct sock *sk);
977 991
diff --git a/include/net/tc_act/tc_defact.h b/include/net/tc_act/tc_defact.h
index 463aa671f95d..65f024b80958 100644
--- a/include/net/tc_act/tc_defact.h
+++ b/include/net/tc_act/tc_defact.h
@@ -3,11 +3,12 @@
3 3
4#include <net/act_api.h> 4#include <net/act_api.h>
5 5
6struct tcf_defact 6struct tcf_defact {
7{ 7 struct tcf_common common;
8 tca_gen(defact); 8 u32 tcfd_datalen;
9 u32 datalen; 9 void *tcfd_defdata;
10 void *defdata;
11}; 10};
11#define to_defact(pc) \
12 container_of(pc, struct tcf_defact, common)
12 13
13#endif 14#endif /* __NET_TC_DEF_H */
diff --git a/include/net/tc_act/tc_gact.h b/include/net/tc_act/tc_gact.h
index 59f0d9628ad1..9e3f6767b80e 100644
--- a/include/net/tc_act/tc_gact.h
+++ b/include/net/tc_act/tc_gact.h
@@ -3,15 +3,15 @@
3 3
4#include <net/act_api.h> 4#include <net/act_api.h>
5 5
6struct tcf_gact 6struct tcf_gact {
7{ 7 struct tcf_common common;
8 tca_gen(gact);
9#ifdef CONFIG_GACT_PROB 8#ifdef CONFIG_GACT_PROB
10 u16 ptype; 9 u16 tcfg_ptype;
11 u16 pval; 10 u16 tcfg_pval;
12 int paction; 11 int tcfg_paction;
13#endif 12#endif
14
15}; 13};
16 14#define to_gact(pc) \
17#endif 15 container_of(pc, struct tcf_gact, common)
16
17#endif /* __NET_TC_GACT_H */
diff --git a/include/net/tc_act/tc_ipt.h b/include/net/tc_act/tc_ipt.h
index cb37ad08427f..f7d25dfcc4b7 100644
--- a/include/net/tc_act/tc_ipt.h
+++ b/include/net/tc_act/tc_ipt.h
@@ -5,12 +5,13 @@
5 5
6struct xt_entry_target; 6struct xt_entry_target;
7 7
8struct tcf_ipt 8struct tcf_ipt {
9{ 9 struct tcf_common common;
10 tca_gen(ipt); 10 u32 tcfi_hook;
11 u32 hook; 11 char *tcfi_tname;
12 char *tname; 12 struct xt_entry_target *tcfi_t;
13 struct xt_entry_target *t;
14}; 13};
14#define to_ipt(pc) \
15 container_of(pc, struct tcf_ipt, common)
15 16
16#endif 17#endif /* __NET_TC_IPT_H */
diff --git a/include/net/tc_act/tc_mirred.h b/include/net/tc_act/tc_mirred.h
index b5c32f65c12c..ceac661cdfd5 100644
--- a/include/net/tc_act/tc_mirred.h
+++ b/include/net/tc_act/tc_mirred.h
@@ -3,13 +3,14 @@
3 3
4#include <net/act_api.h> 4#include <net/act_api.h>
5 5
6struct tcf_mirred 6struct tcf_mirred {
7{ 7 struct tcf_common common;
8 tca_gen(mirred); 8 int tcfm_eaction;
9 int eaction; 9 int tcfm_ifindex;
10 int ifindex; 10 int tcfm_ok_push;
11 int ok_push; 11 struct net_device *tcfm_dev;
12 struct net_device *dev;
13}; 12};
13#define to_mirred(pc) \
14 container_of(pc, struct tcf_mirred, common)
14 15
15#endif 16#endif /* __NET_TC_MIR_H */
diff --git a/include/net/tc_act/tc_pedit.h b/include/net/tc_act/tc_pedit.h
index eb21689d759d..e6f6e15956f5 100644
--- a/include/net/tc_act/tc_pedit.h
+++ b/include/net/tc_act/tc_pedit.h
@@ -3,12 +3,13 @@
3 3
4#include <net/act_api.h> 4#include <net/act_api.h>
5 5
6struct tcf_pedit 6struct tcf_pedit {
7{ 7 struct tcf_common common;
8 tca_gen(pedit); 8 unsigned char tcfp_nkeys;
9 unsigned char nkeys; 9 unsigned char tcfp_flags;
10 unsigned char flags; 10 struct tc_pedit_key *tcfp_keys;
11 struct tc_pedit_key *keys;
12}; 11};
12#define to_pedit(pc) \
13 container_of(pc, struct tcf_pedit, common)
13 14
14#endif 15#endif /* __NET_TC_PED_H */
diff --git a/include/net/udp.h b/include/net/udp.h
index 766fba1369ce..db0c05f67546 100644
--- a/include/net/udp.h
+++ b/include/net/udp.h
@@ -30,25 +30,9 @@
30 30
31#define UDP_HTABLE_SIZE 128 31#define UDP_HTABLE_SIZE 128
32 32
33/* udp.c: This needs to be shared by v4 and v6 because the lookup
34 * and hashing code needs to work with different AF's yet
35 * the port space is shared.
36 */
37extern struct hlist_head udp_hash[UDP_HTABLE_SIZE]; 33extern struct hlist_head udp_hash[UDP_HTABLE_SIZE];
38extern rwlock_t udp_hash_lock; 34extern rwlock_t udp_hash_lock;
39 35
40extern int udp_port_rover;
41
42static inline int udp_lport_inuse(u16 num)
43{
44 struct sock *sk;
45 struct hlist_node *node;
46
47 sk_for_each(sk, node, &udp_hash[num & (UDP_HTABLE_SIZE - 1)])
48 if (inet_sk(sk)->num == num)
49 return 1;
50 return 0;
51}
52 36
53/* Note: this must match 'valbool' in sock_setsockopt */ 37/* Note: this must match 'valbool' in sock_setsockopt */
54#define UDP_CSUM_NOXMIT 1 38#define UDP_CSUM_NOXMIT 1
@@ -63,6 +47,8 @@ extern struct proto udp_prot;
63 47
64struct sk_buff; 48struct sk_buff;
65 49
50extern int udp_get_port(struct sock *sk, unsigned short snum,
51 int (*saddr_cmp)(const struct sock *, const struct sock *));
66extern void udp_err(struct sk_buff *, u32); 52extern void udp_err(struct sk_buff *, u32);
67 53
68extern int udp_sendmsg(struct kiocb *iocb, struct sock *sk, 54extern int udp_sendmsg(struct kiocb *iocb, struct sock *sk,
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 9c5ee9f20b65..11e0b1d6bd47 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -8,8 +8,8 @@
8#include <linux/list.h> 8#include <linux/list.h>
9#include <linux/skbuff.h> 9#include <linux/skbuff.h>
10#include <linux/socket.h> 10#include <linux/socket.h>
11#include <linux/crypto.h>
12#include <linux/pfkeyv2.h> 11#include <linux/pfkeyv2.h>
12#include <linux/ipsec.h>
13#include <linux/in6.h> 13#include <linux/in6.h>
14#include <linux/mutex.h> 14#include <linux/mutex.h>
15 15
@@ -94,8 +94,9 @@ extern struct mutex xfrm_cfg_mutex;
94struct xfrm_state 94struct xfrm_state
95{ 95{
96 /* Note: bydst is re-used during gc */ 96 /* Note: bydst is re-used during gc */
97 struct list_head bydst; 97 struct hlist_node bydst;
98 struct list_head byspi; 98 struct hlist_node bysrc;
99 struct hlist_node byspi;
99 100
100 atomic_t refcnt; 101 atomic_t refcnt;
101 spinlock_t lock; 102 spinlock_t lock;
@@ -103,6 +104,8 @@ struct xfrm_state
103 struct xfrm_id id; 104 struct xfrm_id id;
104 struct xfrm_selector sel; 105 struct xfrm_selector sel;
105 106
107 u32 genid;
108
106 /* Key manger bits */ 109 /* Key manger bits */
107 struct { 110 struct {
108 u8 state; 111 u8 state;
@@ -133,6 +136,9 @@ struct xfrm_state
133 /* Data for encapsulator */ 136 /* Data for encapsulator */
134 struct xfrm_encap_tmpl *encap; 137 struct xfrm_encap_tmpl *encap;
135 138
139 /* Data for care-of address */
140 xfrm_address_t *coaddr;
141
136 /* IPComp needs an IPIP tunnel for handling uncompressed packets */ 142 /* IPComp needs an IPIP tunnel for handling uncompressed packets */
137 struct xfrm_state *tunnel; 143 struct xfrm_state *tunnel;
138 144
@@ -163,6 +169,9 @@ struct xfrm_state
163 struct xfrm_lifetime_cur curlft; 169 struct xfrm_lifetime_cur curlft;
164 struct timer_list timer; 170 struct timer_list timer;
165 171
172 /* Last used time */
173 u64 lastused;
174
166 /* Reference to data common to all the instances of this 175 /* Reference to data common to all the instances of this
167 * transformer. */ 176 * transformer. */
168 struct xfrm_type *type; 177 struct xfrm_type *type;
@@ -196,6 +205,7 @@ struct km_event
196 u32 proto; 205 u32 proto;
197 u32 byid; 206 u32 byid;
198 u32 aevent; 207 u32 aevent;
208 u32 type;
199 } data; 209 } data;
200 210
201 u32 seq; 211 u32 seq;
@@ -212,6 +222,7 @@ struct xfrm_policy_afinfo {
212 struct dst_ops *dst_ops; 222 struct dst_ops *dst_ops;
213 void (*garbage_collect)(void); 223 void (*garbage_collect)(void);
214 int (*dst_lookup)(struct xfrm_dst **dst, struct flowi *fl); 224 int (*dst_lookup)(struct xfrm_dst **dst, struct flowi *fl);
225 int (*get_saddr)(xfrm_address_t *saddr, xfrm_address_t *daddr);
215 struct dst_entry *(*find_bundle)(struct flowi *fl, struct xfrm_policy *policy); 226 struct dst_entry *(*find_bundle)(struct flowi *fl, struct xfrm_policy *policy);
216 int (*bundle_create)(struct xfrm_policy *policy, 227 int (*bundle_create)(struct xfrm_policy *policy,
217 struct xfrm_state **xfrm, 228 struct xfrm_state **xfrm,
@@ -235,16 +246,12 @@ extern int __xfrm_state_delete(struct xfrm_state *x);
235 246
236struct xfrm_state_afinfo { 247struct xfrm_state_afinfo {
237 unsigned short family; 248 unsigned short family;
238 struct list_head *state_bydst;
239 struct list_head *state_byspi;
240 int (*init_flags)(struct xfrm_state *x); 249 int (*init_flags)(struct xfrm_state *x);
241 void (*init_tempsel)(struct xfrm_state *x, struct flowi *fl, 250 void (*init_tempsel)(struct xfrm_state *x, struct flowi *fl,
242 struct xfrm_tmpl *tmpl, 251 struct xfrm_tmpl *tmpl,
243 xfrm_address_t *daddr, xfrm_address_t *saddr); 252 xfrm_address_t *daddr, xfrm_address_t *saddr);
244 struct xfrm_state *(*state_lookup)(xfrm_address_t *daddr, u32 spi, u8 proto); 253 int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n);
245 struct xfrm_state *(*find_acq)(u8 mode, u32 reqid, u8 proto, 254 int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n);
246 xfrm_address_t *daddr, xfrm_address_t *saddr,
247 int create);
248}; 255};
249 256
250extern int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo); 257extern int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo);
@@ -257,11 +264,17 @@ struct xfrm_type
257 char *description; 264 char *description;
258 struct module *owner; 265 struct module *owner;
259 __u8 proto; 266 __u8 proto;
267 __u8 flags;
268#define XFRM_TYPE_NON_FRAGMENT 1
260 269
261 int (*init_state)(struct xfrm_state *x); 270 int (*init_state)(struct xfrm_state *x);
262 void (*destructor)(struct xfrm_state *); 271 void (*destructor)(struct xfrm_state *);
263 int (*input)(struct xfrm_state *, struct sk_buff *skb); 272 int (*input)(struct xfrm_state *, struct sk_buff *skb);
264 int (*output)(struct xfrm_state *, struct sk_buff *pskb); 273 int (*output)(struct xfrm_state *, struct sk_buff *pskb);
274 int (*reject)(struct xfrm_state *, struct sk_buff *, struct flowi *);
275 int (*hdr_offset)(struct xfrm_state *, struct sk_buff *, u8 **);
276 xfrm_address_t *(*local_addr)(struct xfrm_state *, xfrm_address_t *);
277 xfrm_address_t *(*remote_addr)(struct xfrm_state *, xfrm_address_t *);
265 /* Estimate maximal size of result of transformation of a dgram */ 278 /* Estimate maximal size of result of transformation of a dgram */
266 u32 (*get_max_size)(struct xfrm_state *, int size); 279 u32 (*get_max_size)(struct xfrm_state *, int size);
267}; 280};
@@ -273,7 +286,7 @@ extern void xfrm_put_type(struct xfrm_type *type);
273 286
274struct xfrm_mode { 287struct xfrm_mode {
275 int (*input)(struct xfrm_state *x, struct sk_buff *skb); 288 int (*input)(struct xfrm_state *x, struct sk_buff *skb);
276 int (*output)(struct sk_buff *skb); 289 int (*output)(struct xfrm_state *x,struct sk_buff *skb);
277 290
278 struct module *owner; 291 struct module *owner;
279 unsigned int encap; 292 unsigned int encap;
@@ -299,7 +312,7 @@ struct xfrm_tmpl
299 312
300 __u32 reqid; 313 __u32 reqid;
301 314
302/* Mode: transport/tunnel */ 315/* Mode: transport, tunnel etc. */
303 __u8 mode; 316 __u8 mode;
304 317
305/* Sharing mode: unique, this session only, this user only etc. */ 318/* Sharing mode: unique, this session only, this user only etc. */
@@ -314,18 +327,20 @@ struct xfrm_tmpl
314 __u32 calgos; 327 __u32 calgos;
315}; 328};
316 329
317#define XFRM_MAX_DEPTH 4 330#define XFRM_MAX_DEPTH 6
318 331
319struct xfrm_policy 332struct xfrm_policy
320{ 333{
321 struct xfrm_policy *next; 334 struct xfrm_policy *next;
322 struct list_head list; 335 struct hlist_node bydst;
336 struct hlist_node byidx;
323 337
324 /* This lock only affects elements except for entry. */ 338 /* This lock only affects elements except for entry. */
325 rwlock_t lock; 339 rwlock_t lock;
326 atomic_t refcnt; 340 atomic_t refcnt;
327 struct timer_list timer; 341 struct timer_list timer;
328 342
343 u8 type;
329 u32 priority; 344 u32 priority;
330 u32 index; 345 u32 index;
331 struct xfrm_selector selector; 346 struct xfrm_selector selector;
@@ -363,16 +378,16 @@ struct xfrm_mgr
363 char *id; 378 char *id;
364 int (*notify)(struct xfrm_state *x, struct km_event *c); 379 int (*notify)(struct xfrm_state *x, struct km_event *c);
365 int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir); 380 int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir);
366 struct xfrm_policy *(*compile_policy)(u16 family, int opt, u8 *data, int len, int *dir); 381 struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir);
367 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport); 382 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport);
368 int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c); 383 int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c);
384 int (*report)(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
369}; 385};
370 386
371extern int xfrm_register_km(struct xfrm_mgr *km); 387extern int xfrm_register_km(struct xfrm_mgr *km);
372extern int xfrm_unregister_km(struct xfrm_mgr *km); 388extern int xfrm_unregister_km(struct xfrm_mgr *km);
373 389
374 390extern unsigned int xfrm_policy_count[XFRM_POLICY_MAX*2];
375extern struct xfrm_policy *xfrm_policy_list[XFRM_POLICY_MAX*2];
376 391
377static inline void xfrm_pol_hold(struct xfrm_policy *policy) 392static inline void xfrm_pol_hold(struct xfrm_policy *policy)
378{ 393{
@@ -388,67 +403,19 @@ static inline void xfrm_pol_put(struct xfrm_policy *policy)
388 __xfrm_policy_destroy(policy); 403 __xfrm_policy_destroy(policy);
389} 404}
390 405
391#define XFRM_DST_HSIZE 1024 406#ifdef CONFIG_XFRM_SUB_POLICY
392 407static inline void xfrm_pols_put(struct xfrm_policy **pols, int npols)
393static __inline__
394unsigned __xfrm4_dst_hash(xfrm_address_t *addr)
395{
396 unsigned h;
397 h = ntohl(addr->a4);
398 h = (h ^ (h>>16)) % XFRM_DST_HSIZE;
399 return h;
400}
401
402static __inline__
403unsigned __xfrm6_dst_hash(xfrm_address_t *addr)
404{
405 unsigned h;
406 h = ntohl(addr->a6[2]^addr->a6[3]);
407 h = (h ^ (h>>16)) % XFRM_DST_HSIZE;
408 return h;
409}
410
411static __inline__
412unsigned xfrm_dst_hash(xfrm_address_t *addr, unsigned short family)
413{
414 switch (family) {
415 case AF_INET:
416 return __xfrm4_dst_hash(addr);
417 case AF_INET6:
418 return __xfrm6_dst_hash(addr);
419 }
420 return 0;
421}
422
423static __inline__
424unsigned __xfrm4_spi_hash(xfrm_address_t *addr, u32 spi, u8 proto)
425{ 408{
426 unsigned h; 409 int i;
427 h = ntohl(addr->a4^spi^proto); 410 for (i = npols - 1; i >= 0; --i)
428 h = (h ^ (h>>10) ^ (h>>20)) % XFRM_DST_HSIZE; 411 xfrm_pol_put(pols[i]);
429 return h;
430} 412}
431 413#else
432static __inline__ 414static inline void xfrm_pols_put(struct xfrm_policy **pols, int npols)
433unsigned __xfrm6_spi_hash(xfrm_address_t *addr, u32 spi, u8 proto)
434{
435 unsigned h;
436 h = ntohl(addr->a6[2]^addr->a6[3]^spi^proto);
437 h = (h ^ (h>>10) ^ (h>>20)) % XFRM_DST_HSIZE;
438 return h;
439}
440
441static __inline__
442unsigned xfrm_spi_hash(xfrm_address_t *addr, u32 spi, u8 proto, unsigned short family)
443{ 415{
444 switch (family) { 416 xfrm_pol_put(pols[0]);
445 case AF_INET:
446 return __xfrm4_spi_hash(addr, spi, proto);
447 case AF_INET6:
448 return __xfrm6_spi_hash(addr, spi, proto);
449 }
450 return 0; /*XXX*/
451} 417}
418#endif
452 419
453extern void __xfrm_state_destroy(struct xfrm_state *); 420extern void __xfrm_state_destroy(struct xfrm_state *);
454 421
@@ -508,6 +475,11 @@ u16 xfrm_flowi_sport(struct flowi *fl)
508 case IPPROTO_ICMPV6: 475 case IPPROTO_ICMPV6:
509 port = htons(fl->fl_icmp_type); 476 port = htons(fl->fl_icmp_type);
510 break; 477 break;
478#ifdef CONFIG_IPV6_MIP6
479 case IPPROTO_MH:
480 port = htons(fl->fl_mh_type);
481 break;
482#endif
511 default: 483 default:
512 port = 0; /*XXX*/ 484 port = 0; /*XXX*/
513 } 485 }
@@ -608,6 +580,7 @@ struct xfrm_dst
608 struct rt6_info rt6; 580 struct rt6_info rt6;
609 } u; 581 } u;
610 struct dst_entry *route; 582 struct dst_entry *route;
583 u32 genid;
611 u32 route_mtu_cached; 584 u32 route_mtu_cached;
612 u32 child_mtu_cached; 585 u32 child_mtu_cached;
613 u32 route_cookie; 586 u32 route_cookie;
@@ -659,6 +632,18 @@ secpath_reset(struct sk_buff *skb)
659} 632}
660 633
661static inline int 634static inline int
635xfrm_addr_any(xfrm_address_t *addr, unsigned short family)
636{
637 switch (family) {
638 case AF_INET:
639 return addr->a4 == 0;
640 case AF_INET6:
641 return ipv6_addr_any((struct in6_addr *)&addr->a6);
642 }
643 return 0;
644}
645
646static inline int
662__xfrm4_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x) 647__xfrm4_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x)
663{ 648{
664 return (tmpl->saddr.a4 && 649 return (tmpl->saddr.a4 &&
@@ -692,8 +677,8 @@ static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *sk
692{ 677{
693 if (sk && sk->sk_policy[XFRM_POLICY_IN]) 678 if (sk && sk->sk_policy[XFRM_POLICY_IN])
694 return __xfrm_policy_check(sk, dir, skb, family); 679 return __xfrm_policy_check(sk, dir, skb, family);
695 680
696 return (!xfrm_policy_list[dir] && !skb->sp) || 681 return (!xfrm_policy_count[dir] && !skb->sp) ||
697 (skb->dst->flags & DST_NOPOLICY) || 682 (skb->dst->flags & DST_NOPOLICY) ||
698 __xfrm_policy_check(sk, dir, skb, family); 683 __xfrm_policy_check(sk, dir, skb, family);
699} 684}
@@ -713,7 +698,7 @@ extern int __xfrm_route_forward(struct sk_buff *skb, unsigned short family);
713 698
714static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family) 699static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family)
715{ 700{
716 return !xfrm_policy_list[XFRM_POLICY_OUT] || 701 return !xfrm_policy_count[XFRM_POLICY_OUT] ||
717 (skb->dst->flags & DST_NOXFRM) || 702 (skb->dst->flags & DST_NOXFRM) ||
718 __xfrm_route_forward(skb, family); 703 __xfrm_route_forward(skb, family);
719} 704}
@@ -831,11 +816,36 @@ xfrm_state_addr_check(struct xfrm_state *x,
831 return 0; 816 return 0;
832} 817}
833 818
819static __inline__ int
820xfrm_state_addr_flow_check(struct xfrm_state *x, struct flowi *fl,
821 unsigned short family)
822{
823 switch (family) {
824 case AF_INET:
825 return __xfrm4_state_addr_check(x,
826 (xfrm_address_t *)&fl->fl4_dst,
827 (xfrm_address_t *)&fl->fl4_src);
828 case AF_INET6:
829 return __xfrm6_state_addr_check(x,
830 (xfrm_address_t *)&fl->fl6_dst,
831 (xfrm_address_t *)&fl->fl6_src);
832 }
833 return 0;
834}
835
834static inline int xfrm_state_kern(struct xfrm_state *x) 836static inline int xfrm_state_kern(struct xfrm_state *x)
835{ 837{
836 return atomic_read(&x->tunnel_users); 838 return atomic_read(&x->tunnel_users);
837} 839}
838 840
841static inline int xfrm_id_proto_match(u8 proto, u8 userproto)
842{
843 return (!userproto || proto == userproto ||
844 (userproto == IPSEC_PROTO_ANY && (proto == IPPROTO_AH ||
845 proto == IPPROTO_ESP ||
846 proto == IPPROTO_COMP)));
847}
848
839/* 849/*
840 * xfrm algorithm information 850 * xfrm algorithm information
841 */ 851 */
@@ -855,6 +865,7 @@ struct xfrm_algo_comp_info {
855 865
856struct xfrm_algo_desc { 866struct xfrm_algo_desc {
857 char *name; 867 char *name;
868 char *compat;
858 u8 available:1; 869 u8 available:1;
859 union { 870 union {
860 struct xfrm_algo_auth_info auth; 871 struct xfrm_algo_auth_info auth;
@@ -902,6 +913,25 @@ extern void xfrm_state_insert(struct xfrm_state *x);
902extern int xfrm_state_add(struct xfrm_state *x); 913extern int xfrm_state_add(struct xfrm_state *x);
903extern int xfrm_state_update(struct xfrm_state *x); 914extern int xfrm_state_update(struct xfrm_state *x);
904extern struct xfrm_state *xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto, unsigned short family); 915extern struct xfrm_state *xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto, unsigned short family);
916extern struct xfrm_state *xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family);
917#ifdef CONFIG_XFRM_SUB_POLICY
918extern int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
919 int n, unsigned short family);
920extern int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src,
921 int n, unsigned short family);
922#else
923static inline int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
924 int n, unsigned short family)
925{
926 return -ENOSYS;
927}
928
929static inline int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src,
930 int n, unsigned short family)
931{
932 return -ENOSYS;
933}
934#endif
905extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq); 935extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq);
906extern int xfrm_state_delete(struct xfrm_state *x); 936extern int xfrm_state_delete(struct xfrm_state *x);
907extern void xfrm_state_flush(u8 proto); 937extern void xfrm_state_flush(u8 proto);
@@ -917,12 +947,16 @@ extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler);
917extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler); 947extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler);
918extern int xfrm6_rcv_spi(struct sk_buff *skb, u32 spi); 948extern int xfrm6_rcv_spi(struct sk_buff *skb, u32 spi);
919extern int xfrm6_rcv(struct sk_buff **pskb); 949extern int xfrm6_rcv(struct sk_buff **pskb);
950extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
951 xfrm_address_t *saddr, u8 proto);
920extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler); 952extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler);
921extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler); 953extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler);
922extern u32 xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr); 954extern u32 xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr);
923extern void xfrm6_tunnel_free_spi(xfrm_address_t *saddr); 955extern void xfrm6_tunnel_free_spi(xfrm_address_t *saddr);
924extern u32 xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr); 956extern u32 xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr);
925extern int xfrm6_output(struct sk_buff *skb); 957extern int xfrm6_output(struct sk_buff *skb);
958extern int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
959 u8 **prevhdr);
926 960
927#ifdef CONFIG_XFRM 961#ifdef CONFIG_XFRM
928extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type); 962extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type);
@@ -947,27 +981,27 @@ static inline int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsig
947#endif 981#endif
948 982
949struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp); 983struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp);
950extern int xfrm_policy_walk(int (*func)(struct xfrm_policy *, int, int, void*), void *); 984extern int xfrm_policy_walk(u8 type, int (*func)(struct xfrm_policy *, int, int, void*), void *);
951int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); 985int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);
952struct xfrm_policy *xfrm_policy_bysel_ctx(int dir, struct xfrm_selector *sel, 986struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
987 struct xfrm_selector *sel,
953 struct xfrm_sec_ctx *ctx, int delete); 988 struct xfrm_sec_ctx *ctx, int delete);
954struct xfrm_policy *xfrm_policy_byid(int dir, u32 id, int delete); 989struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete);
955void xfrm_policy_flush(void); 990void xfrm_policy_flush(u8 type);
956u32 xfrm_get_acqseq(void); 991u32 xfrm_get_acqseq(void);
957void xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi); 992void xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
958struct xfrm_state * xfrm_find_acq(u8 mode, u32 reqid, u8 proto, 993struct xfrm_state * xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
959 xfrm_address_t *daddr, xfrm_address_t *saddr, 994 xfrm_address_t *daddr, xfrm_address_t *saddr,
960 int create, unsigned short family); 995 int create, unsigned short family);
961extern void xfrm_policy_flush(void); 996extern void xfrm_policy_flush(u8 type);
962extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol); 997extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
963extern int xfrm_flush_bundles(void); 998extern int xfrm_bundle_ok(struct xfrm_dst *xdst, struct flowi *fl, int family, int strict);
964extern void xfrm_flush_all_bundles(void);
965extern int xfrm_bundle_ok(struct xfrm_dst *xdst, struct flowi *fl, int family);
966extern void xfrm_init_pmtu(struct dst_entry *dst); 999extern void xfrm_init_pmtu(struct dst_entry *dst);
967 1000
968extern wait_queue_head_t km_waitq; 1001extern wait_queue_head_t km_waitq;
969extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport); 1002extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport);
970extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid); 1003extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid);
1004extern int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
971 1005
972extern void xfrm_input_init(void); 1006extern void xfrm_input_init(void);
973extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, u32 *spi, u32 *seq); 1007extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, u32 *spi, u32 *seq);
@@ -984,11 +1018,13 @@ extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe);
984extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe); 1018extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe);
985extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe); 1019extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe);
986 1020
987struct crypto_tfm; 1021struct hash_desc;
988typedef void (icv_update_fn_t)(struct crypto_tfm *, struct scatterlist *, unsigned int); 1022struct scatterlist;
1023typedef int (icv_update_fn_t)(struct hash_desc *, struct scatterlist *,
1024 unsigned int);
989 1025
990extern void skb_icv_walk(const struct sk_buff *skb, struct crypto_tfm *tfm, 1026extern int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *tfm,
991 int offset, int len, icv_update_fn_t icv_update); 1027 int offset, int len, icv_update_fn_t icv_update);
992 1028
993static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b, 1029static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b,
994 int family) 1030 int family)
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-21 05:44:48 -0500