diff options
author | Nicolas Dichtel <nicolas.dichtel@6wind.com> | 2021-09-14 17:46:33 +0300 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2021-09-15 14:41:36 +0300 |
commit | f8d858e607b2a36808ac6d4218f5f5203d7a7d63 (patch) | |
tree | 2eb79880f5771da0fd0375be55743750ff75e05c /include/uapi/linux | |
parent | 844f7eaaed9267ae17d33778efe65548cc940205 (diff) | |
download | linux-f8d858e607b2a36808ac6d4218f5f5203d7a7d63.tar.xz |
xfrm: make user policy API complete
>From a userland POV, this API was based on some magic values:
- dirmask and action were bitfields but meaning of bits
(XFRM_POL_DEFAULT_*) are not exported;
- action is confusing, if a bit is set, does it mean drop or accept?
Let's try to simplify this uapi by using explicit field and macros.
Fixes: 2d151d39073a ("xfrm: Add possibility to set the default to block if we have no policy")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'include/uapi/linux')
-rw-r--r-- | include/uapi/linux/xfrm.h | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h index 26f456b1f33e..eda0426ec4c2 100644 --- a/include/uapi/linux/xfrm.h +++ b/include/uapi/linux/xfrm.h @@ -514,9 +514,12 @@ struct xfrm_user_offload { #define XFRM_OFFLOAD_INBOUND 2 struct xfrm_userpolicy_default { -#define XFRM_USERPOLICY_DIRMASK_MAX (sizeof(__u8) * 8) - __u8 dirmask; - __u8 action; +#define XFRM_USERPOLICY_UNSPEC 0 +#define XFRM_USERPOLICY_BLOCK 1 +#define XFRM_USERPOLICY_ACCEPT 2 + __u8 in; + __u8 fwd; + __u8 out; }; #ifndef __KERNEL__ |