diff options
| author | Steffen Klassert <steffen.klassert@secunet.com> | 2021-09-17 09:58:24 +0300 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2021-09-17 10:02:30 +0300 |
| commit | 047a749d231e4faccaf5f473cf73dc5732425f81 (patch) | |
| tree | 56f3ae60c2f50b6dc0d00c0bf3b7b148147b3fce /include | |
| parent | 844f7eaaed9267ae17d33778efe65548cc940205 (diff) | |
| parent | 88d0adb5f13b1c52fbb7d755f6f79db18c2f0c2c (diff) | |
| download | linux-047a749d231e4faccaf5f473cf73dc5732425f81.tar.xz | |
Merge branch 'xfrm: fix uapi for the default policy'
Nicolas Dichtel says:
====================
This feature has just been merged after the last release, thus it's still
time to fix the uapi.
As stated in the thread, the uapi is based on some magic values (from the
userland POV).
Here is a proposal to simplify this uapi and make it clear how to use it.
The other problem was the notification: changing the default policy may
radically change the packets flows.
v2 -> v3: rebase on top of ipsec tree
v1 -> v2: fix warnings reported by the kernel test robot
====================
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/uapi/linux/xfrm.h | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h index 26f456b1f33e..eda0426ec4c2 100644 --- a/include/uapi/linux/xfrm.h +++ b/include/uapi/linux/xfrm.h @@ -514,9 +514,12 @@ struct xfrm_user_offload { #define XFRM_OFFLOAD_INBOUND 2 struct xfrm_userpolicy_default { -#define XFRM_USERPOLICY_DIRMASK_MAX (sizeof(__u8) * 8) - __u8 dirmask; - __u8 action; +#define XFRM_USERPOLICY_UNSPEC 0 +#define XFRM_USERPOLICY_BLOCK 1 +#define XFRM_USERPOLICY_ACCEPT 2 + __u8 in; + __u8 fwd; + __u8 out; }; #ifndef __KERNEL__ |