aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
Diffstat (limited to 'include/net')
-rw-r--r--include/net/flow.h7
-rw-r--r--include/net/xfrm.h27
2 files changed, 29 insertions, 5 deletions
diff --git a/include/net/flow.h b/include/net/flow.h
index 9a5c94b1a0ec..ec7eb86eb203 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
@@ -84,11 +84,12 @@ struct flowi {
84#define FLOW_DIR_OUT 1 84#define FLOW_DIR_OUT 1
85#define FLOW_DIR_FWD 2 85#define FLOW_DIR_FWD 2
86 86
87typedef void (*flow_resolve_t)(struct flowi *key, u16 family, u8 dir, 87struct sock;
88typedef void (*flow_resolve_t)(struct flowi *key, u32 sk_sid, u16 family, u8 dir,
88 void **objp, atomic_t **obj_refp); 89 void **objp, atomic_t **obj_refp);
89 90
90extern void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir, 91extern void *flow_cache_lookup(struct flowi *key, u32 sk_sid, u16 family, u8 dir,
91 flow_resolve_t resolver); 92 flow_resolve_t resolver);
92extern void flow_cache_flush(void); 93extern void flow_cache_flush(void);
93extern atomic_t flow_cache_genid; 94extern atomic_t flow_cache_genid;
94 95
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 1cdb87912137..487abca3ca6f 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -144,6 +144,9 @@ struct xfrm_state
144 * transformer. */ 144 * transformer. */
145 struct xfrm_type *type; 145 struct xfrm_type *type;
146 146
147 /* Security context */
148 struct xfrm_sec_ctx *security;
149
147 /* Private data of this transformer, format is opaque, 150 /* Private data of this transformer, format is opaque,
148 * interpreted by xfrm_type methods. */ 151 * interpreted by xfrm_type methods. */
149 void *data; 152 void *data;
@@ -298,6 +301,7 @@ struct xfrm_policy
298 __u8 flags; 301 __u8 flags;
299 __u8 dead; 302 __u8 dead;
300 __u8 xfrm_nr; 303 __u8 xfrm_nr;
304 struct xfrm_sec_ctx *security;
301 struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; 305 struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH];
302}; 306};
303 307
@@ -510,6 +514,25 @@ xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl,
510 return 0; 514 return 0;
511} 515}
512 516
517#ifdef CONFIG_SECURITY_NETWORK_XFRM
518/* If neither has a context --> match
519 * Otherwise, both must have a context and the sids, doi, alg must match
520 */
521static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2)
522{
523 return ((!s1 && !s2) ||
524 (s1 && s2 &&
525 (s1->ctx_sid == s2->ctx_sid) &&
526 (s1->ctx_doi == s2->ctx_doi) &&
527 (s1->ctx_alg == s2->ctx_alg)));
528}
529#else
530static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2)
531{
532 return 1;
533}
534#endif
535
513/* A struct encoding bundle of transformations to apply to some set of flow. 536/* A struct encoding bundle of transformations to apply to some set of flow.
514 * 537 *
515 * dst->child points to the next element of bundle. 538 * dst->child points to the next element of bundle.
@@ -878,8 +901,8 @@ static inline int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsig
878struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp); 901struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp);
879extern int xfrm_policy_walk(int (*func)(struct xfrm_policy *, int, int, void*), void *); 902extern int xfrm_policy_walk(int (*func)(struct xfrm_policy *, int, int, void*), void *);
880int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); 903int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);
881struct xfrm_policy *xfrm_policy_bysel(int dir, struct xfrm_selector *sel, 904struct xfrm_policy *xfrm_policy_bysel_ctx(int dir, struct xfrm_selector *sel,
882 int delete); 905 struct xfrm_sec_ctx *ctx, int delete);
883struct xfrm_policy *xfrm_policy_byid(int dir, u32 id, int delete); 906struct xfrm_policy *xfrm_policy_byid(int dir, u32 id, int delete);
884void xfrm_policy_flush(void); 907void xfrm_policy_flush(void);
885u32 xfrm_get_acqseq(void); 908u32 xfrm_get_acqseq(void);
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-31 03:00:38 -0400