xfrm: make user policy API complete

>From a userland POV, this API was based on some magic values: - dirmask and action were bitfields but meaning of bits (XFRM_POL_DEFAULT_*) are not exported; - action is confusing, if a bit is set, does it mean drop or accept? Let's try to simplify this uapi by using explicit field and macros. Fixes: 2d151d39073a ("xfrm: Add possibility to set the default to block if we have no policy") Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Nicolas Dichtel <nicolas.dichtel@6wind.com> 2021-09-14 17:46:33 +0300
committer: Steffen Klassert <steffen.klassert@secunet.com> 2021-09-15 14:41:36 +0300
commit: f8d858e607b2a36808ac6d4218f5f5203d7a7d63 (patch)
tree: 2eb79880f5771da0fd0375be55743750ff75e05c /include/uapi
parent: 844f7eaaed9267ae17d33778efe65548cc940205 (diff)
download: linux-f8d858e607b2a36808ac6d4218f5f5203d7a7d63.tar.xz
1 files changed, 6 insertions, 3 deletions
diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h
index 26f456b1f33e..eda0426ec4c2 100644
--- a/include/uapi/linux/xfrm.h
+++ b/include/uapi/linux/xfrm.h
@@ -514,9 +514,12 @@ struct xfrm_user_offload {
 #define XFRM_OFFLOAD_INBOUND	2
 
 struct xfrm_userpolicy_default {
-#define XFRM_USERPOLICY_DIRMASK_MAX	(sizeof(__u8) * 8)
-	__u8				dirmask;
-	__u8				action;
+#define XFRM_USERPOLICY_UNSPEC	0
+#define XFRM_USERPOLICY_BLOCK	1
+#define XFRM_USERPOLICY_ACCEPT	2
+	__u8				in;
+	__u8				fwd;
+	__u8				out;
 };
 
 #ifndef __KERNEL__
author	Nicolas Dichtel <nicolas.dichtel@6wind.com>	2021-09-14 17:46:33 +0300
committer	Steffen Klassert <steffen.klassert@secunet.com>	2021-09-15 14:41:36 +0300
commit	f8d858e607b2a36808ac6d4218f5f5203d7a7d63 (patch)
tree	2eb79880f5771da0fd0375be55743750ff75e05c /include/uapi
parent	844f7eaaed9267ae17d33778efe65548cc940205 (diff)
download	linux-f8d858e607b2a36808ac6d4218f5f5203d7a7d63.tar.xz