summaryrefslogtreecommitdiff
path: root/include/net/xfrm.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r--include/net/xfrm.h42
1 files changed, 26 insertions, 16 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 6f0ba01afe73..24c8886fd969 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -501,6 +501,12 @@ struct xfrm_policy_walk {
u32 seq;
};
+struct xfrm_policy_queue {
+ struct sk_buff_head hold_queue;
+ struct timer_list hold_timer;
+ unsigned long timeout;
+};
+
struct xfrm_policy {
#ifdef CONFIG_NET_NS
struct net *xp_net;
@@ -522,6 +528,7 @@ struct xfrm_policy {
struct xfrm_lifetime_cfg lft;
struct xfrm_lifetime_cur curlft;
struct xfrm_policy_walk_entry walk;
+ struct xfrm_policy_queue polq;
u8 type;
u8 action;
u8 flags;
@@ -557,10 +564,6 @@ struct xfrm_migrate {
};
#define XFRM_KM_TIMEOUT 30
-/* which seqno */
-#define XFRM_REPLAY_SEQ 1
-#define XFRM_REPLAY_OSEQ 2
-#define XFRM_REPLAY_SEQ_MASK 3
/* what happened */
#define XFRM_REPLAY_UPDATE XFRM_AE_CR
#define XFRM_REPLAY_TIMEOUT XFRM_AE_CE
@@ -1036,7 +1039,7 @@ static inline int
__xfrm6_state_addr_cmp(const struct xfrm_tmpl *tmpl, const struct xfrm_state *x)
{
return (!ipv6_addr_any((struct in6_addr*)&tmpl->saddr) &&
- ipv6_addr_cmp((struct in6_addr *)&tmpl->saddr, (struct in6_addr*)&x->props.saddr));
+ !ipv6_addr_equal((struct in6_addr *)&tmpl->saddr, (struct in6_addr*)&x->props.saddr));
}
static inline int
@@ -1247,8 +1250,8 @@ static __inline__ int
__xfrm6_state_addr_check(const struct xfrm_state *x,
const xfrm_address_t *daddr, const xfrm_address_t *saddr)
{
- if (!ipv6_addr_cmp((struct in6_addr *)daddr, (struct in6_addr *)&x->id.daddr) &&
- (!ipv6_addr_cmp((struct in6_addr *)saddr, (struct in6_addr *)&x->props.saddr)||
+ if (ipv6_addr_equal((struct in6_addr *)daddr, (struct in6_addr *)&x->id.daddr) &&
+ (ipv6_addr_equal((struct in6_addr *)saddr, (struct in6_addr *)&x->props.saddr) ||
ipv6_addr_any((struct in6_addr *)saddr) ||
ipv6_addr_any((struct in6_addr *)&x->props.saddr)))
return 1;
@@ -1324,6 +1327,7 @@ struct xfrm_algo_desc {
char *name;
char *compat;
u8 available:1;
+ u8 pfkey_supported:1;
union {
struct xfrm_algo_aead_info aead;
struct xfrm_algo_auth_info auth;
@@ -1351,7 +1355,7 @@ struct xfrm6_tunnel {
};
extern void xfrm_init(void);
-extern void xfrm4_init(int rt_hash_size);
+extern void xfrm4_init(void);
extern int xfrm_state_init(struct net *net);
extern void xfrm_state_fini(struct net *net);
extern void xfrm4_state_init(void);
@@ -1565,8 +1569,8 @@ extern void xfrm_input_init(void);
extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq);
extern void xfrm_probe_algs(void);
-extern int xfrm_count_auth_supported(void);
-extern int xfrm_count_enc_supported(void);
+extern int xfrm_count_pfkey_auth_supported(void);
+extern int xfrm_count_pfkey_enc_supported(void);
extern struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx);
extern struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx);
extern struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id);
@@ -1578,17 +1582,23 @@ extern struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe);
extern struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len,
int probe);
-static inline int xfrm_addr_cmp(const xfrm_address_t *a,
- const xfrm_address_t *b,
- int family)
+static inline bool xfrm6_addr_equal(const xfrm_address_t *a,
+ const xfrm_address_t *b)
+{
+ return ipv6_addr_equal((const struct in6_addr *)a,
+ (const struct in6_addr *)b);
+}
+
+static inline bool xfrm_addr_equal(const xfrm_address_t *a,
+ const xfrm_address_t *b,
+ sa_family_t family)
{
switch (family) {
default:
case AF_INET:
- return (__force u32)a->a4 - (__force u32)b->a4;
+ return ((__force u32)a->a4 ^ (__force u32)b->a4) == 0;
case AF_INET6:
- return ipv6_addr_cmp((const struct in6_addr *)a,
- (const struct in6_addr *)b);
+ return xfrm6_addr_equal(a, b);
}
}