Blame - include/net/xfrm.h - SHIFTPHONES/mainline/linux

blob: fdb41e8bb626117b57a926b62bc3da45895da574 [file] [log] [blame]

Greg Kroah-Hartman	b244131	2017-11-01 15:07:57 +0100	[diff] [blame]	1	/* SPDX-License-Identifier: GPL-2.0 */
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	2	#ifndef _NET_XFRM_H
				3	#define _NET_XFRM_H
				4
Herbert Xu	aabc976	2005-05-03 16:27:10 -0700	[diff] [blame]	5	#include <linux/compiler.h>
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	6	#include <linux/xfrm.h>
				7	#include <linux/spinlock.h>
				8	#include <linux/list.h>
				9	#include <linux/skbuff.h>
Arnaldo Carvalho de Melo	14c8502	2005-12-27 02:43:12 -0200	[diff] [blame]	10	#include <linux/socket.h>
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	11	#include <linux/pfkeyv2.h>
Masahide NAKAMURA	5794708	2006-09-22 15:06:24 -0700	[diff] [blame]	12	#include <linux/ipsec.h>
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	13	#include <linux/in6.h>
Arjan van de Ven	4a3e2f7	2006-03-20 22:33:17 -0800	[diff] [blame]	14	#include <linux/mutex.h>
Joy Latten	ab5f5e8	2007-09-17 11:51:22 -0700	[diff] [blame]	15	#include <linux/audit.h>
Tejun Heo	5a0e3ad	2010-03-24 17:04:11 +0900	[diff] [blame]	16	#include <linux/slab.h>
Reshetova, Elena	88755e9c	2017-07-04 15:53:21 +0300	[diff] [blame]	17	#include <linux/refcount.h>
Christoph Hellwig	c6d1b26	2020-07-23 08:08:51 +0200	[diff] [blame]	18	#include <linux/sockptr.h>
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	19
				20	#include <net/sock.h>
				21	#include <net/dst.h>
Herbert Xu	436a0a4	2007-10-08 17:25:53 -0700	[diff] [blame]	22	#include <net/ip.h>
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	23	#include <net/route.h>
				24	#include <net/ipv6.h>
				25	#include <net/ip6_fib.h>
Timo Teräs	fe1a5f0	2010-04-07 00:30:04 +0000	[diff] [blame]	26	#include <net/flow.h>
Steffen Klassert	f203b76	2018-06-12 14:07:12 +0200	[diff] [blame]	27	#include <net/gro_cells.h>
Yury Polyanskiy	9e0d57f	2009-11-08 20:58:41 -0800	[diff] [blame]	28
				29	#include <linux/interrupt.h>
				30
Masahide NAKAMURA	558f82e	2007-12-20 20:42:57 -0800	[diff] [blame]	31	#ifdef CONFIG_XFRM_STATISTICS
				32	#include <net/snmp.h>
				33	#endif
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	34
Masahide NAKAMURA	d3d6dd3	2007-06-26 23:57:49 -0700	[diff] [blame]	35	#define XFRM_PROTO_ESP 50
				36	#define XFRM_PROTO_AH 51
				37	#define XFRM_PROTO_COMP 108
				38	#define XFRM_PROTO_IPIP 4
				39	#define XFRM_PROTO_IPV6 41
				40	#define XFRM_PROTO_ROUTING IPPROTO_ROUTING
				41	#define XFRM_PROTO_DSTOPTS IPPROTO_DSTOPTS
				42
Nicolas Dichtel	fa9921e	2011-02-02 06:29:02 +0000	[diff] [blame]	43	#define XFRM_ALIGN4(len) (((len) + 3) & ~3)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	44	#define XFRM_ALIGN8(len) (((len) + 7) & ~7)
Herbert Xu	b59f45d	2006-05-27 23:05:54 -0700	[diff] [blame]	45	#define MODULE_ALIAS_XFRM_MODE(family, encap) \
				46	MODULE_ALIAS("xfrm-mode-" __stringify(family) "-" __stringify(encap))
Masahide NAKAMURA	d3d6dd3	2007-06-26 23:57:49 -0700	[diff] [blame]	47	#define MODULE_ALIAS_XFRM_TYPE(family, proto) \
				48	MODULE_ALIAS("xfrm-type-" __stringify(family) "-" __stringify(proto))
Ilan Tayari	ffdb521	2017-08-01 12:49:08 +0300	[diff] [blame]	49	#define MODULE_ALIAS_XFRM_OFFLOAD_TYPE(family, proto) \
				50	MODULE_ALIAS("xfrm-offload-" __stringify(family) "-" __stringify(proto))
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	51
Masahide NAKAMURA	558f82e	2007-12-20 20:42:57 -0800	[diff] [blame]	52	#ifdef CONFIG_XFRM_STATISTICS
Alexey Dobriyan	59c9940	2008-11-25 17:59:52 -0800	[diff] [blame]	53	#define XFRM_INC_STATS(net, field) SNMP_INC_STATS((net)->mib.xfrm_statistics, field)
Masahide NAKAMURA	558f82e	2007-12-20 20:42:57 -0800	[diff] [blame]	54	#else
Alexey Dobriyan	59c9940	2008-11-25 17:59:52 -0800	[diff] [blame]	55	#define XFRM_INC_STATS(net, field) ((void)(net))
Masahide NAKAMURA	558f82e	2007-12-20 20:42:57 -0800	[diff] [blame]	56	#endif
				57
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	58
				59	/* Organization of SPD aka "XFRM rules"
				60	------------------------------------
				61
				62	Basic objects:
				63	- policy rule, struct xfrm_policy (=SPD entry)
				64	- bundle of transformations, struct dst_entry == struct xfrm_dst (=SA bundle)
				65	- instance of a transformer, struct xfrm_state (=SA)
				66	- template to clone xfrm_state, struct xfrm_tmpl
				67
				68	SPD is plain linear list of xfrm_policy rules, ordered by priority.
				69	(To be compatible with existing pfkeyv2 implementations,
				70	many rules with priority of 0x7fffffff are allowed to exist and
				71	such rules are ordered in an unpredictable way, thanks to bsd folks.)
				72
				73	Lookup is plain linear search until the first match with selector.
				74
				75	If "action" is "block", then we prohibit the flow, otherwise:
				76	if "xfrms_nr" is zero, the flow passes untransformed. Otherwise,
				77	policy entry has list of up to XFRM_MAX_DEPTH transformations,
				78	described by templates xfrm_tmpl. Each template is resolved
				79	to a complete xfrm_state (see below) and we pack bundle of transformations
				80	to a dst_entry returned to requestor.
				81
				82	dst -. xfrm .-> xfrm_state #1
				83	\|---. child .-> dst -. xfrm .-> xfrm_state #2
				84	\|---. child .-> dst -. xfrm .-> xfrm_state #3
				85	\|---. child .-> NULL
				86
				87	Bundles are cached at xrfm_policy struct (field ->bundles).
				88
				89
				90	Resolution of xrfm_tmpl
				91	-----------------------
				92	Template contains:
				93	1. ->mode Mode: transport or tunnel
				94	2. ->id.proto Protocol: AH/ESP/IPCOMP
				95	3. ->id.daddr Remote tunnel endpoint, ignored for transport mode.
				96	Q: allow to resolve security gateway?
				97	4. ->id.spi If not zero, static SPI.
				98	5. ->saddr Local tunnel endpoint, ignored for transport mode.
				99	6. ->algos List of allowed algos. Plain bitmask now.
				100	Q: ealgos, aalgos, calgos. What a mess...
				101	7. ->share Sharing mode.
				102	Q: how to implement private sharing mode? To add struct sock* to
				103	flow id?
				104
				105	Having this template we search through SAD searching for entries
				106	with appropriate mode/proto/algo, permitted by selector.
				107	If no appropriate entry found, it is requested from key manager.
				108
				109	PROBLEMS:
				110	Q: How to find all the bundles referring to a physical path for
				111	PMTU discovery? Seems, dst should contain list of all parents...
				112	and enter to infinite locking hierarchy disaster.
				113	No! It is easier, we will not search for them, let them find us.
				114	We add genid to each dst plus pointer to genid of raw IP route,
				115	pmtu disc will update pmtu on raw IP route and increase its genid.
				116	dst_check() will see this for top level and trigger resyncing
				117	metrics. Plus, it will be made via sk->sk_dst_cache. Solved.
				118	*/
				119
Herbert Xu	12a169e	2008-10-01 07:03:24 -0700	[diff] [blame]	120	struct xfrm_state_walk {
				121	struct list_head all;
				122	u8 state;
Nicolas Dichtel	d362309	2014-02-14 15:30:36 +0100	[diff] [blame]	123	u8 dying;
				124	u8 proto;
Herbert Xu	12a169e	2008-10-01 07:03:24 -0700	[diff] [blame]	125	u32 seq;
Nicolas Dichtel	870a2df	2014-03-06 18:24:29 +0100	[diff] [blame]	126	struct xfrm_address_filter *filter;
Herbert Xu	12a169e	2008-10-01 07:03:24 -0700	[diff] [blame]	127	};
				128
Steffen Klassert	d77e38e	2017-04-14 10:06:10 +0200	[diff] [blame]	129	struct xfrm_state_offload {
				130	struct net_device *dev;
Eric Dumazet	e1b539b	2021-12-09 07:44:51 -0800	[diff] [blame]	131	netdevice_tracker dev_tracker;
Jarod Wilson	bdfd2d1	2020-06-23 16:40:01 -0400	[diff] [blame]	132	struct net_device *real_dev;
Steffen Klassert	d77e38e	2017-04-14 10:06:10 +0200	[diff] [blame]	133	unsigned long offload_handle;
				134	unsigned int num_exthdrs;
				135	u8 flags;
				136	};
				137
Florian Westphal	c9500d7	2019-03-29 21:16:32 +0100	[diff] [blame]	138	struct xfrm_mode {
				139	u8 encap;
				140	u8 family;
				141	u8 flags;
				142	};
				143
				144	/* Flags for xfrm_mode. */
				145	enum {
				146	XFRM_MODE_FLAG_TUNNEL = 1,
				147	};
				148
Florian Westphal	cfc61c5	2021-06-18 15:51:56 +0200	[diff] [blame]	149	enum xfrm_replay_mode {
				150	XFRM_REPLAY_MODE_LEGACY,
				151	XFRM_REPLAY_MODE_BMP,
				152	XFRM_REPLAY_MODE_ESN,
				153	};
				154
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	155	/* Full description of state of transformer. */
Eric Dumazet	fd2c3ef	2009-11-03 03:26:03 +0000	[diff] [blame]	156	struct xfrm_state {
Eric W. Biederman	0c5c9fb	2015-03-11 23:06:44 -0500	[diff] [blame]	157	possible_net_t xs_net;
Herbert Xu	abb81c4	2008-09-09 19:58:29 -0700	[diff] [blame]	158	union {
Herbert Xu	12a169e	2008-10-01 07:03:24 -0700	[diff] [blame]	159	struct hlist_node gclist;
Herbert Xu	abb81c4	2008-09-09 19:58:29 -0700	[diff] [blame]	160	struct hlist_node bydst;
				161	};
David S. Miller	8f126e3	2006-08-24 02:45:07 -0700	[diff] [blame]	162	struct hlist_node bysrc;
				163	struct hlist_node byspi;
Sabrina Dubroca	fe9f1d8	2021-04-25 21:47:12 +0200	[diff] [blame]	164	struct hlist_node byseq;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	165
Reshetova, Elena	88755e9c	2017-07-04 15:53:21 +0300	[diff] [blame]	166	refcount_t refcnt;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	167	spinlock_t lock;
				168
				169	struct xfrm_id id;
				170	struct xfrm_selector sel;
Jamal Hadi Salim	bf825f8	2010-02-22 11:32:54 +0000	[diff] [blame]	171	struct xfrm_mark mark;
Steffen Klassert	7e65264	2018-06-12 14:07:07 +0200	[diff] [blame]	172	u32 if_id;
Martin Willi	35d2856	2010-12-08 04:37:49 +0000	[diff] [blame]	173	u32 tfcpad;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	174
David S. Miller	9d4a706	2006-08-24 03:18:09 -0700	[diff] [blame]	175	u32 genid;
				176
Herbert Xu	12a169e	2008-10-01 07:03:24 -0700	[diff] [blame]	177	/* Key manager bits */
				178	struct xfrm_state_walk km;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	179
				180	/* Parameters of this state. */
				181	struct {
				182	u32 reqid;
				183	u8 mode;
				184	u8 replay_window;
				185	u8 aalgo, ealgo, calgo;
				186	u8 flags;
				187	u16 family;
				188	xfrm_address_t saddr;
				189	int header_len;
				190	int trailer_len;
Nicolas Dichtel	a947b0a	2013-02-22 10:54:54 +0100	[diff] [blame]	191	u32 extra_flags;
Steffen Klassert	9b42c1f	2018-06-12 12:44:26 +0200	[diff] [blame]	192	struct xfrm_mark smark;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	193	} props;
				194
				195	struct xfrm_lifetime_cfg lft;
				196
				197	/* Data for transformer */
Martin Willi	4447bb3	2009-11-25 00:29:52 +0000	[diff] [blame]	198	struct xfrm_algo_auth *aalg;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	199	struct xfrm_algo *ealg;
				200	struct xfrm_algo *calg;
Herbert Xu	1a6509d	2008-01-28 19:37:29 -0800	[diff] [blame]	201	struct xfrm_algo_aead *aead;
Herbert Xu	69b0137	2015-05-27 16:03:45 +0800	[diff] [blame]	202	const char *geniv;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	203
Antony Antony	4e484b3	2021-12-22 14:11:18 +0100	[diff] [blame]	204	/* mapping change rate limiting */
				205	__be16 new_mapping_sport;
				206	u32 new_mapping; /* seconds */
				207	u32 mapping_maxage; /* seconds for input SA */
				208
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	209	/* Data for encapsulator */
				210	struct xfrm_encap_tmpl *encap;
Sabrina Dubroca	e27cca9	2019-11-25 14:49:02 +0100	[diff] [blame]	211	struct sock __rcu *encap_sk;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	212
Noriaki TAKAMIYA	060f02a	2006-08-23 18:18:55 -0700	[diff] [blame]	213	/* Data for care-of address */
				214	xfrm_address_t *coaddr;
				215
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	216	/* IPComp needs an IPIP tunnel for handling uncompressed packets */
				217	struct xfrm_state *tunnel;
				218
				219	/* If a tunnel, number of users + 1 */
				220	atomic_t tunnel_users;
				221
				222	/* State for replay detection */
				223	struct xfrm_replay_state replay;
Steffen Klassert	9736acf	2011-03-08 00:05:43 +0000	[diff] [blame]	224	struct xfrm_replay_state_esn *replay_esn;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	225
Jamal Hadi Salim	f8cd548	2006-03-20 19:15:11 -0800	[diff] [blame]	226	/* Replay detection state at the time we sent the last notification */
				227	struct xfrm_replay_state preplay;
Steffen Klassert	9736acf	2011-03-08 00:05:43 +0000	[diff] [blame]	228	struct xfrm_replay_state_esn *preplay_esn;
Jamal Hadi Salim	f8cd548	2006-03-20 19:15:11 -0800	[diff] [blame]	229
Florian Westphal	cfc61c5	2021-06-18 15:51:56 +0200	[diff] [blame]	230	/* replay detection mode */
				231	enum xfrm_replay_mode repl_mode;
Jamal Hadi Salim	2717096	2006-04-14 15:03:05 -0700	[diff] [blame]	232	/* internal flag that only holds state for delayed aevent at the
				233	* moment
				234	*/
				235	u32 xflags;
				236
Jamal Hadi Salim	f8cd548	2006-03-20 19:15:11 -0800	[diff] [blame]	237	/* Replay detection notification settings */
				238	u32 replay_maxage;
				239	u32 replay_maxdiff;
				240
				241	/* Replay detection notification timer */
				242	struct timer_list rtimer;
				243
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	244	/* Statistics */
				245	struct xfrm_stats stats;
				246
				247	struct xfrm_lifetime_cur curlft;
Thomas Gleixner	671422b	2019-03-01 23:48:20 +0100	[diff] [blame]	248	struct hrtimer mtimer;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	249
Steffen Klassert	d77e38e	2017-04-14 10:06:10 +0200	[diff] [blame]	250	struct xfrm_state_offload xso;
				251
Fan Du	e3c0d04	2012-07-30 21:43:54 +0000	[diff] [blame]	252	/* used to fix curlft->add_time when changing date */
				253	long saved_tmo;
				254
Masahide NAKAMURA	9afaca0	2006-08-23 18:20:16 -0700	[diff] [blame]	255	/* Last used time */
Arnd Bergmann	03dc7a3	2018-07-11 12:19:14 +0200	[diff] [blame]	256	time64_t lastused;
Masahide NAKAMURA	9afaca0	2006-08-23 18:20:16 -0700	[diff] [blame]	257
Steffen Klassert	cac2661	2017-01-17 10:22:57 +0100	[diff] [blame]	258	struct page_frag xfrag;
				259
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	260	/* Reference to data common to all the instances of this
				261	* transformer. */
Eric Dumazet	533cb5b	2008-01-30 19:11:50 -0800	[diff] [blame]	262	const struct xfrm_type *type;
Florian Westphal	c9500d7	2019-03-29 21:16:32 +0100	[diff] [blame]	263	struct xfrm_mode inner_mode;
				264	struct xfrm_mode inner_mode_iaf;
				265	struct xfrm_mode outer_mode;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	266
Steffen Klassert	9d389d7	2017-04-14 10:05:44 +0200	[diff] [blame]	267	const struct xfrm_type_offload *type_offload;
				268
Trent Jaeger	df71837	2005-12-13 23:12:27 -0800	[diff] [blame]	269	/* Security context */
				270	struct xfrm_sec_ctx *security;
				271
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	272	/* Private data of this transformer, format is opaque,
				273	* interpreted by xfrm_type methods. */
				274	void *data;
				275	};
				276
Alexey Dobriyan	673c09b	2008-11-25 17:15:16 -0800	[diff] [blame]	277	static inline struct net xs_net(struct xfrm_state x)
				278	{
				279	return read_pnet(&x->xs_net);
				280	}
				281
Jamal Hadi Salim	2717096	2006-04-14 15:03:05 -0700	[diff] [blame]	282	/* xflags - make enum if more show up */
				283	#define XFRM_TIME_DEFER 1
Fan Du	e3c0d04	2012-07-30 21:43:54 +0000	[diff] [blame]	284	#define XFRM_SOFT_EXPIRE 2
Jamal Hadi Salim	2717096	2006-04-14 15:03:05 -0700	[diff] [blame]	285
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	286	enum {
				287	XFRM_STATE_VOID,
				288	XFRM_STATE_ACQ,
				289	XFRM_STATE_VALID,
				290	XFRM_STATE_ERROR,
				291	XFRM_STATE_EXPIRED,
				292	XFRM_STATE_DEAD
				293	};
				294
Jamal Hadi Salim	26b15da	2005-06-18 22:42:13 -0700	[diff] [blame]	295	/* callback structure passed from either netlink or pfkey */
Eric Dumazet	fd2c3ef	2009-11-03 03:26:03 +0000	[diff] [blame]	296	struct km_event {
Herbert Xu	bf08867f9	2005-06-18 22:44:00 -0700	[diff] [blame]	297	union {
				298	u32 hard;
				299	u32 proto;
				300	u32 byid;
Jamal Hadi Salim	f8cd548	2006-03-20 19:15:11 -0800	[diff] [blame]	301	u32 aevent;
Masahide NAKAMURA	f7b6983	2006-08-23 22:49:28 -0700	[diff] [blame]	302	u32 type;
Herbert Xu	bf08867f9	2005-06-18 22:44:00 -0700	[diff] [blame]	303	} data;
				304
Jamal Hadi Salim	26b15da	2005-06-18 22:42:13 -0700	[diff] [blame]	305	u32 seq;
Eric W. Biederman	15e4730	2012-09-07 20:12:54 +0000	[diff] [blame]	306	u32 portid;
Jamal Hadi Salim	26b15da	2005-06-18 22:42:13 -0700	[diff] [blame]	307	u32 event;
Alexey Dobriyan	7067802	2008-11-25 17:50:36 -0800	[diff] [blame]	308	struct net *net;
Jamal Hadi Salim	26b15da	2005-06-18 22:42:13 -0700	[diff] [blame]	309	};
				310
Steffen Klassert	f203b76	2018-06-12 14:07:12 +0200	[diff] [blame]	311	struct xfrm_if_cb {
Martin Willi	025c65e	2019-03-26 13:20:43 +0100	[diff] [blame]	312	struct xfrm_if (decode_session)(struct sk_buff *skb,
				313	unsigned short family);
Steffen Klassert	f203b76	2018-06-12 14:07:12 +0200	[diff] [blame]	314	};
				315
				316	void xfrm_if_register_cb(const struct xfrm_if_cb *ifcb);
				317	void xfrm_if_unregister_cb(void);
				318
Herbert Xu	25ee328	2007-12-11 09:32:34 -0800	[diff] [blame]	319	struct net_device;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	320	struct xfrm_type;
				321	struct xfrm_dst;
				322	struct xfrm_policy_afinfo {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	323	struct dst_ops *dst_ops;
David Ahern	42a7b32	2015-08-10 16:58:11 -0600	[diff] [blame]	324	struct dst_entry (dst_lookup)(struct net *net,
				325	int tos, int oif,
David S. Miller	5e6b930	2011-02-24 00:14:45 -0500	[diff] [blame]	326	const xfrm_address_t *saddr,
Lorenzo Colitti	077fbac	2017-08-11 02:11:33 +0900	[diff] [blame]	327	const xfrm_address_t *daddr,
				328	u32 mark);
David Ahern	42a7b32	2015-08-10 16:58:11 -0600	[diff] [blame]	329	int (get_saddr)(struct net net, int oif,
				330	xfrm_address_t *saddr,
Lorenzo Colitti	077fbac	2017-08-11 02:11:33 +0900	[diff] [blame]	331	xfrm_address_t *daddr,
				332	u32 mark);
Herbert Xu	25ee328	2007-12-11 09:32:34 -0800	[diff] [blame]	333	int (fill_dst)(struct xfrm_dst xdst,
Herbert Xu	87c1e12	2010-03-02 02:51:56 +0000	[diff] [blame]	334	struct net_device *dev,
David S. Miller	0c7b3ee	2011-02-22 17:48:57 -0800	[diff] [blame]	335	const struct flowi *fl);
David S. Miller	2774c13	2011-03-01 14:59:04 -0800	[diff] [blame]	336	struct dst_entry (blackhole_route)(struct net net, struct dst_entry orig);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	337	};
				338
Florian Westphal	a2817d8	2017-02-07 15:00:17 +0100	[diff] [blame]	339	int xfrm_policy_register_afinfo(const struct xfrm_policy_afinfo *afinfo, int family);
				340	void xfrm_policy_unregister_afinfo(const struct xfrm_policy_afinfo *afinfo);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	341	void km_policy_notify(struct xfrm_policy *xp, int dir,
				342	const struct km_event *c);
				343	void km_state_notify(struct xfrm_state x, const struct km_event c);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	344
				345	struct xfrm_tmpl;
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	346	int km_query(struct xfrm_state x, struct xfrm_tmpl t,
				347	struct xfrm_policy *pol);
				348	void km_state_expired(struct xfrm_state *x, int hard, u32 portid);
				349	int __xfrm_state_delete(struct xfrm_state *x);
Jamal Hadi Salim	53bc6b4d	2006-03-20 19:17:03 -0800	[diff] [blame]	350
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	351	struct xfrm_state_afinfo {
Florian Westphal	4c203b0	2019-05-03 17:46:18 +0200	[diff] [blame]	352	u8 family;
				353	u8 proto;
Florian Westphal	4f518e8	2019-05-03 17:46:19 +0200	[diff] [blame]	354
				355	const struct xfrm_type_offload *type_offload_esp;
				356
				357	const struct xfrm_type *type_esp;
				358	const struct xfrm_type *type_ipip;
				359	const struct xfrm_type *type_ipip6;
				360	const struct xfrm_type *type_comp;
				361	const struct xfrm_type *type_ah;
				362	const struct xfrm_type *type_routing;
				363	const struct xfrm_type *type_dstopts;
Steffen Klassert	9d389d7	2017-04-14 10:05:44 +0200	[diff] [blame]	364
Eric W. Biederman	ede2059	2015-10-07 16:48:47 -0500	[diff] [blame]	365	int (output)(struct net net, struct sock sk, struct sk_buff skb);
Herbert Xu	716062f	2007-11-13 21:44:23 -0800	[diff] [blame]	366	int (transport_finish)(struct sk_buff skb,
				367	int async);
Hannes Frederic Sowa	628e341	2013-08-14 13:05:23 +0200	[diff] [blame]	368	void (local_error)(struct sk_buff skb, u32 mtu);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	369	};
				370
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	371	int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo);
				372	int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo);
				373	struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
Florian Westphal	711059b	2017-01-09 14:20:48 +0100	[diff] [blame]	374	struct xfrm_state_afinfo *xfrm_state_afinfo_get_rcu(unsigned int family);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	375
Steffen Klassert	2f32b51	2014-03-14 07:28:07 +0100	[diff] [blame]	376	struct xfrm_input_afinfo {
Xin Long	1475ee0	2020-07-06 20:01:29 +0800	[diff] [blame]	377	u8 family;
				378	bool is_ipip;
Steffen Klassert	2f32b51	2014-03-14 07:28:07 +0100	[diff] [blame]	379	int (callback)(struct sk_buff skb, u8 protocol,
				380	int err);
				381	};
				382
Florian Westphal	960fdfd	2017-02-07 14:52:30 +0100	[diff] [blame]	383	int xfrm_input_register_afinfo(const struct xfrm_input_afinfo *afinfo);
				384	int xfrm_input_unregister_afinfo(const struct xfrm_input_afinfo *afinfo);
Steffen Klassert	2f32b51	2014-03-14 07:28:07 +0100	[diff] [blame]	385
Steffen Klassert	b48c05a	2018-04-16 07:50:09 +0200	[diff] [blame]	386	void xfrm_flush_gc(void);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	387	void xfrm_state_delete_tunnel(struct xfrm_state *x);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	388
Eric Dumazet	fd2c3ef	2009-11-03 03:26:03 +0000	[diff] [blame]	389	struct xfrm_type {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	390	struct module *owner;
jamal	a633746	2010-02-09 13:21:17 +0000	[diff] [blame]	391	u8 proto;
				392	u8 flags;
Masahide NAKAMURA	1b5c229	2006-08-23 18:11:50 -0700	[diff] [blame]	393	#define XFRM_TYPE_NON_FRAGMENT 1
Herbert Xu	436a0a4	2007-10-08 17:25:53 -0700	[diff] [blame]	394	#define XFRM_TYPE_REPLAY_PROT 2
Herbert Xu	f04e7e8	2007-11-13 21:36:51 -0800	[diff] [blame]	395	#define XFRM_TYPE_LOCAL_COADDR 4
				396	#define XFRM_TYPE_REMOTE_COADDR 8
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	397
Herbert Xu	72cb696	2005-06-20 13:18:08 -0700	[diff] [blame]	398	int (init_state)(struct xfrm_state x);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	399	void (destructor)(struct xfrm_state );
Herbert Xu	e695633	2006-04-01 00:52:46 -0800	[diff] [blame]	400	int (input)(struct xfrm_state , struct sk_buff *skb);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	401	int (output)(struct xfrm_state , struct sk_buff *pskb);
David S. Miller	8f029de	2011-02-22 17:59:59 -0800	[diff] [blame]	402	int (reject)(struct xfrm_state , struct sk_buff *,
				403	const struct flowi *);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	404	};
				405
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	406	int xfrm_register_type(const struct xfrm_type *type, unsigned short family);
Florian Westphal	4f518e8	2019-05-03 17:46:19 +0200	[diff] [blame]	407	void xfrm_unregister_type(const struct xfrm_type *type, unsigned short family);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	408
Steffen Klassert	9d389d7	2017-04-14 10:05:44 +0200	[diff] [blame]	409	struct xfrm_type_offload {
Steffen Klassert	9d389d7	2017-04-14 10:05:44 +0200	[diff] [blame]	410	struct module *owner;
				411	u8 proto;
				412	void (encap)(struct xfrm_state , struct sk_buff *pskb);
				413	int (input_tail)(struct xfrm_state x, struct sk_buff *skb);
				414	int (xmit)(struct xfrm_state , struct sk_buff *pskb, netdev_features_t features);
				415	};
				416
				417	int xfrm_register_type_offload(const struct xfrm_type_offload *type, unsigned short family);
Florian Westphal	4f518e8	2019-05-03 17:46:19 +0200	[diff] [blame]	418	void xfrm_unregister_type_offload(const struct xfrm_type_offload *type, unsigned short family);
Steffen Klassert	9d389d7	2017-04-14 10:05:44 +0200	[diff] [blame]	419
Kazunori MIYAZAWA	df9dcb4	2008-03-24 14:51:51 -0700	[diff] [blame]	420	static inline int xfrm_af2proto(unsigned int family)
				421	{
				422	switch(family) {
				423	case AF_INET:
				424	return IPPROTO_IPIP;
				425	case AF_INET6:
				426	return IPPROTO_IPV6;
				427	default:
				428	return 0;
				429	}
				430	}
				431
Florian Westphal	4c145dc	2019-03-29 21:16:31 +0100	[diff] [blame]	432	static inline const struct xfrm_mode xfrm_ip2inner_mode(struct xfrm_state x, int ipproto)
Kazunori MIYAZAWA	df9dcb4	2008-03-24 14:51:51 -0700	[diff] [blame]	433	{
				434	if ((ipproto == IPPROTO_IPIP && x->props.family == AF_INET) \|\|
				435	(ipproto == IPPROTO_IPV6 && x->props.family == AF_INET6))
Florian Westphal	c9500d7	2019-03-29 21:16:32 +0100	[diff] [blame]	436	return &x->inner_mode;
Kazunori MIYAZAWA	df9dcb4	2008-03-24 14:51:51 -0700	[diff] [blame]	437	else
Florian Westphal	c9500d7	2019-03-29 21:16:32 +0100	[diff] [blame]	438	return &x->inner_mode_iaf;
Kazunori MIYAZAWA	df9dcb4	2008-03-24 14:51:51 -0700	[diff] [blame]	439	}
				440
Eric Dumazet	fd2c3ef	2009-11-03 03:26:03 +0000	[diff] [blame]	441	struct xfrm_tmpl {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	442	/* id in template is interpreted as:
				443	* daddr - destination of tunnel, may be zero for transport mode.
				444	* spi - zero to acquire spi. Not zero if spi is static, then
				445	* daddr must be fixed too.
				446	* proto - AH/ESP/IPCOMP
				447	*/
				448	struct xfrm_id id;
				449
				450	/* Source address of tunnel. Ignored, if it is not a tunnel. */
				451	xfrm_address_t saddr;
				452
Miika Komu	76b3f05	2006-11-30 16:40:43 -0800	[diff] [blame]	453	unsigned short encap_family;
				454
jamal	a633746	2010-02-09 13:21:17 +0000	[diff] [blame]	455	u32 reqid;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	456
Masahide NAKAMURA	7e49e6d	2006-09-22 15:05:15 -0700	[diff] [blame]	457	/* Mode: transport, tunnel etc. */
jamal	a633746	2010-02-09 13:21:17 +0000	[diff] [blame]	458	u8 mode;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	459
				460	/* Sharing mode: unique, this session only, this user only etc. */
jamal	a633746	2010-02-09 13:21:17 +0000	[diff] [blame]	461	u8 share;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	462
				463	/* May skip this transfomration if no SA is found */
jamal	a633746	2010-02-09 13:21:17 +0000	[diff] [blame]	464	u8 optional;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	465
Herbert Xu	c5d18e9	2008-04-22 00:46:42 -0700	[diff] [blame]	466	/* Skip aalgos/ealgos/calgos checks. */
jamal	a633746	2010-02-09 13:21:17 +0000	[diff] [blame]	467	u8 allalgs;
Herbert Xu	c5d18e9	2008-04-22 00:46:42 -0700	[diff] [blame]	468
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	469	/* Bit mask of algos allowed for acquisition */
jamal	a633746	2010-02-09 13:21:17 +0000	[diff] [blame]	470	u32 aalgos;
				471	u32 ealgos;
				472	u32 calgos;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	473	};
				474
Masahide NAKAMURA	622dc82	2006-08-23 17:52:01 -0700	[diff] [blame]	475	#define XFRM_MAX_DEPTH 6
Steffen Klassert	54ef207	2017-02-15 09:39:54 +0100	[diff] [blame]	476	#define XFRM_MAX_OFFLOAD_DEPTH 1
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	477
Herbert Xu	12a169e	2008-10-01 07:03:24 -0700	[diff] [blame]	478	struct xfrm_policy_walk_entry {
				479	struct list_head all;
				480	u8 dead;
				481	};
				482
				483	struct xfrm_policy_walk {
				484	struct xfrm_policy_walk_entry walk;
				485	u8 type;
				486	u32 seq;
				487	};
				488
Steffen Klassert	a0073fe	2013-02-05 12:52:55 +0100	[diff] [blame]	489	struct xfrm_policy_queue {
				490	struct sk_buff_head hold_queue;
				491	struct timer_list hold_timer;
				492	unsigned long timeout;
				493	};
				494
Eric Dumazet	fd2c3ef	2009-11-03 03:26:03 +0000	[diff] [blame]	495	struct xfrm_policy {
Eric W. Biederman	0c5c9fb	2015-03-11 23:06:44 -0500	[diff] [blame]	496	possible_net_t xp_net;
David S. Miller	2518c7c	2006-08-24 04:45:07 -0700	[diff] [blame]	497	struct hlist_node bydst;
				498	struct hlist_node byidx;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	499
				500	/* This lock only affects elements except for entry. */
				501	rwlock_t lock;
Reshetova, Elena	850a621	2017-07-04 15:53:22 +0300	[diff] [blame]	502	refcount_t refcnt;
Florian Westphal	6be3b0d	2018-11-07 23:00:37 +0100	[diff] [blame]	503	u32 pos;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	504	struct timer_list timer;
				505
Timo Teräs	80c802f	2010-04-07 00:30:05 +0000	[diff] [blame]	506	atomic_t genid;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	507	u32 priority;
				508	u32 index;
Steffen Klassert	7e65264	2018-06-12 14:07:07 +0200	[diff] [blame]	509	u32 if_id;
Jamal Hadi Salim	bf825f8	2010-02-22 11:32:54 +0000	[diff] [blame]	510	struct xfrm_mark mark;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	511	struct xfrm_selector selector;
				512	struct xfrm_lifetime_cfg lft;
				513	struct xfrm_lifetime_cur curlft;
Herbert Xu	12a169e	2008-10-01 07:03:24 -0700	[diff] [blame]	514	struct xfrm_policy_walk_entry walk;
Steffen Klassert	a0073fe	2013-02-05 12:52:55 +0100	[diff] [blame]	515	struct xfrm_policy_queue polq;
Florian Westphal	9cf545e	2018-11-07 23:00:38 +0100	[diff] [blame]	516	bool bydst_reinsert;
Arnaldo Carvalho de Melo	46ca5f5	2006-11-27 17:58:59 -0200	[diff] [blame]	517	u8 type;
				518	u8 action;
				519	u8 flags;
Arnaldo Carvalho de Melo	46ca5f5	2006-11-27 17:58:59 -0200	[diff] [blame]	520	u8 xfrm_nr;
Herbert Xu	12a169e	2008-10-01 07:03:24 -0700	[diff] [blame]	521	u16 family;
Trent Jaeger	df71837	2005-12-13 23:12:27 -0800	[diff] [blame]	522	struct xfrm_sec_ctx *security;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	523	struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH];
Florian Westphal	24969fa	2018-11-07 23:00:35 +0100	[diff] [blame]	524	struct hlist_node bydst_inexact_list;
Eric Dumazet	56f0473	2015-12-08 07:22:01 -0800	[diff] [blame]	525	struct rcu_head rcu;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	526	};
				527
David S. Miller	63eb23f	2011-02-24 01:25:19 -0500	[diff] [blame]	528	static inline struct net xp_net(const struct xfrm_policy xp)
Alexey Dobriyan	0331b1f	2008-11-25 17:21:45 -0800	[diff] [blame]	529	{
				530	return read_pnet(&xp->xp_net);
				531	}
				532
Arnaud Ebalard	13c1d18	2008-10-05 13:33:42 -0700	[diff] [blame]	533	struct xfrm_kmaddress {
				534	xfrm_address_t local;
				535	xfrm_address_t remote;
				536	u32 reserved;
				537	u16 family;
				538	};
				539
Shinta Sugimoto	80c9aba	2007-02-08 13:11:42 -0800	[diff] [blame]	540	struct xfrm_migrate {
				541	xfrm_address_t old_daddr;
				542	xfrm_address_t old_saddr;
				543	xfrm_address_t new_daddr;
				544	xfrm_address_t new_saddr;
				545	u8 proto;
				546	u8 mode;
				547	u16 reserved;
				548	u32 reqid;
				549	u16 old_family;
				550	u16 new_family;
				551	};
				552
Jamal Hadi Salim	f8cd548	2006-03-20 19:15:11 -0800	[diff] [blame]	553	#define XFRM_KM_TIMEOUT 30
Jamal Hadi Salim	f8cd548	2006-03-20 19:15:11 -0800	[diff] [blame]	554	/* what happened */
				555	#define XFRM_REPLAY_UPDATE XFRM_AE_CR
				556	#define XFRM_REPLAY_TIMEOUT XFRM_AE_CE
				557
				558	/* default aevent timeout in units of 100ms */
				559	#define XFRM_AE_ETIME 10
				560	/* Async Event timer multiplier */
				561	#define XFRM_AE_ETH_M 10
				562	/* default seq threshold size */
				563	#define XFRM_AE_SEQT_SIZE 2
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	564
Eric Dumazet	fd2c3ef	2009-11-03 03:26:03 +0000	[diff] [blame]	565	struct xfrm_mgr {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	566	struct list_head list;
David S. Miller	214e005	2011-02-24 00:02:38 -0500	[diff] [blame]	567	int (notify)(struct xfrm_state x, const struct km_event *c);
Fan Du	65e0736	2012-08-15 10:13:47 +0800	[diff] [blame]	568	int (acquire)(struct xfrm_state x, struct xfrm_tmpl , struct xfrm_policy xp);
Venkat Yekkirala	cb969f0	2006-07-24 23:32:20 -0700	[diff] [blame]	569	struct xfrm_policy (compile_policy)(struct sock sk, int opt, u8 data, int len, int *dir);
Al Viro	5d36b18	2006-11-08 00:24:06 -0800	[diff] [blame]	570	int (new_mapping)(struct xfrm_state x, xfrm_address_t *ipaddr, __be16 sport);
David S. Miller	214e005	2011-02-24 00:02:38 -0500	[diff] [blame]	571	int (notify_policy)(struct xfrm_policy x, int dir, const struct km_event *c);
Alexey Dobriyan	db983c1	2008-11-25 17:51:01 -0800	[diff] [blame]	572	int (report)(struct net net, u8 proto, struct xfrm_selector sel, xfrm_address_t addr);
David S. Miller	183cad1	2011-02-24 00:28:01 -0500	[diff] [blame]	573	int (migrate)(const struct xfrm_selector sel,
				574	u8 dir, u8 type,
				575	const struct xfrm_migrate *m,
				576	int num_bundles,
Antony Antony	8bafd73	2017-06-06 12:12:14 +0200	[diff] [blame]	577	const struct xfrm_kmaddress *k,
				578	const struct xfrm_encap_tmpl *encap);
Horia Geanta	0f24558	2014-02-12 16:20:06 +0200	[diff] [blame]	579	bool (is_alive)(const struct km_event c);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	580	};
				581
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	582	int xfrm_register_km(struct xfrm_mgr *km);
				583	int xfrm_unregister_km(struct xfrm_mgr *km);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	584
Steffen Klassert	70be6c9	2014-02-21 08:41:09 +0100	[diff] [blame]	585	struct xfrm_tunnel_skb_cb {
				586	union {
				587	struct inet_skb_parm h4;
				588	struct inet6_skb_parm h6;
				589	} header;
				590
				591	union {
				592	struct ip_tunnel *ip4;
				593	struct ip6_tnl *ip6;
				594	} tunnel;
				595	};
				596
				597	#define XFRM_TUNNEL_SKB_CB(__skb) ((struct xfrm_tunnel_skb_cb *)&((__skb)->cb[0]))
				598
Herbert Xu	436a0a4	2007-10-08 17:25:53 -0700	[diff] [blame]	599	/*
				600	* This structure is used for the duration where packets are being
				601	* transformed by IPsec. As soon as the packet leaves IPsec the
				602	* area beyond the generic IP part may be overwritten.
				603	*/
				604	struct xfrm_skb_cb {
Steffen Klassert	70be6c9	2014-02-21 08:41:09 +0100	[diff] [blame]	605	struct xfrm_tunnel_skb_cb header;
Herbert Xu	436a0a4	2007-10-08 17:25:53 -0700	[diff] [blame]	606
				607	/* Sequence number for replay protection. */
Herbert Xu	b318e0e	2008-02-12 22:50:35 -0800	[diff] [blame]	608	union {
Steffen Klassert	1ce3644	2011-03-08 00:06:31 +0000	[diff] [blame]	609	struct {
				610	__u32 low;
				611	__u32 hi;
				612	} output;
				613	struct {
				614	__be32 low;
				615	__be32 hi;
				616	} input;
Herbert Xu	b318e0e	2008-02-12 22:50:35 -0800	[diff] [blame]	617	} seq;
Herbert Xu	436a0a4	2007-10-08 17:25:53 -0700	[diff] [blame]	618	};
				619
				620	#define XFRM_SKB_CB(__skb) ((struct xfrm_skb_cb *)&((__skb)->cb[0]))
				621
Herbert Xu	36cf9ac	2007-11-13 21:40:52 -0800	[diff] [blame]	622	/*
				623	* This structure is used by the afinfo prepare_input/prepare_output functions
				624	* to transmit header information to the mode input/output functions.
				625	*/
				626	struct xfrm_mode_skb_cb {
Steffen Klassert	70be6c9	2014-02-21 08:41:09 +0100	[diff] [blame]	627	struct xfrm_tunnel_skb_cb header;
Herbert Xu	36cf9ac	2007-11-13 21:40:52 -0800	[diff] [blame]	628
				629	/* Copied from header for IPv4, always set to zero and DF for IPv6. */
				630	__be16 id;
				631	__be16 frag_off;
				632
Herbert Xu	732c8bd	2008-03-26 16:51:09 -0700	[diff] [blame]	633	/* IP header length (excluding options or extension headers). */
				634	u8 ihl;
				635
Herbert Xu	36cf9ac	2007-11-13 21:40:52 -0800	[diff] [blame]	636	/* TOS for IPv4, class for IPv6. */
				637	u8 tos;
				638
				639	/* TTL for IPv4, hop limitfor IPv6. */
				640	u8 ttl;
				641
				642	/* Protocol for IPv4, NH for IPv6. */
				643	u8 protocol;
				644
Herbert Xu	732c8bd	2008-03-26 16:51:09 -0700	[diff] [blame]	645	/* Option length for IPv4, zero for IPv6. */
				646	u8 optlen;
				647
Herbert Xu	36cf9ac	2007-11-13 21:40:52 -0800	[diff] [blame]	648	/* Used by IPv6 only, zero for IPv4. */
				649	u8 flow_lbl[3];
				650	};
				651
				652	#define XFRM_MODE_SKB_CB(__skb) ((struct xfrm_mode_skb_cb *)&((__skb)->cb[0]))
				653
Herbert Xu	716062f	2007-11-13 21:44:23 -0800	[diff] [blame]	654	/*
				655	* This structure is used by the input processing to locate the SPI and
				656	* related information.
				657	*/
				658	struct xfrm_spi_skb_cb {
Steffen Klassert	70be6c9	2014-02-21 08:41:09 +0100	[diff] [blame]	659	struct xfrm_tunnel_skb_cb header;
Herbert Xu	716062f	2007-11-13 21:44:23 -0800	[diff] [blame]	660
Herbert Xu	716062f	2007-11-13 21:44:23 -0800	[diff] [blame]	661	unsigned int daddroff;
Herbert Xu	2fcb45b	2007-12-03 22:54:12 -0800	[diff] [blame]	662	unsigned int family;
Steffen Klassert	7785bba	2017-02-15 09:40:00 +0100	[diff] [blame]	663	__be32 seq;
Herbert Xu	716062f	2007-11-13 21:44:23 -0800	[diff] [blame]	664	};
				665
				666	#define XFRM_SPI_SKB_CB(__skb) ((struct xfrm_spi_skb_cb *)&((__skb)->cb[0]))
				667
Joy Latten	c9204d9	2006-11-30 15:50:43 -0600	[diff] [blame]	668	#ifdef CONFIG_AUDITSYSCALL
Paul Moore	afeb14b	2007-12-21 14:58:11 -0800	[diff] [blame]	669	static inline struct audit_buffer xfrm_audit_start(const char op)
Joy Latten	ab5f5e8	2007-09-17 11:51:22 -0700	[diff] [blame]	670	{
				671	struct audit_buffer *audit_buf = NULL;
Paul Moore	afeb14b	2007-12-21 14:58:11 -0800	[diff] [blame]	672
Richard Guy Briggs	f785959	2018-06-05 19:20:39 -0400	[diff] [blame]	673	if (audit_enabled == AUDIT_OFF)
Paul Moore	afeb14b	2007-12-21 14:58:11 -0800	[diff] [blame]	674	return NULL;
Richard Guy Briggs	cdfb6b3	2018-05-12 21:58:20 -0400	[diff] [blame]	675	audit_buf = audit_log_start(audit_context(), GFP_ATOMIC,
Paul Moore	afeb14b	2007-12-21 14:58:11 -0800	[diff] [blame]	676	AUDIT_MAC_IPSEC_EVENT);
				677	if (audit_buf == NULL)
				678	return NULL;
				679	audit_log_format(audit_buf, "op=%s", op);
				680	return audit_buf;
				681	}
				682
Tetsuo Handa	2e71029	2014-04-22 21:48:30 +0900	[diff] [blame]	683	static inline void xfrm_audit_helper_usrinfo(bool task_valid,
Paul Moore	afeb14b	2007-12-21 14:58:11 -0800	[diff] [blame]	684	struct audit_buffer *audit_buf)
				685	{
Tetsuo Handa	2e71029	2014-04-22 21:48:30 +0900	[diff] [blame]	686	const unsigned int auid = from_kuid(&init_user_ns, task_valid ?
				687	audit_get_loginuid(current) :
				688	INVALID_UID);
				689	const unsigned int ses = task_valid ? audit_get_sessionid(current) :
Richard Guy Briggs	f0b7521	2018-05-12 21:58:19 -0400	[diff] [blame]	690	AUDIT_SID_UNSET;
Tetsuo Handa	2e71029	2014-04-22 21:48:30 +0900	[diff] [blame]	691
				692	audit_log_format(audit_buf, " auid=%u ses=%u", auid, ses);
Tetsuo Handa	f1370cc	2014-04-18 16:23:46 +0900	[diff] [blame]	693	audit_log_task_context(audit_buf);
Joy Latten	ab5f5e8	2007-09-17 11:51:22 -0700	[diff] [blame]	694	}
				695
Tetsuo Handa	2e71029	2014-04-22 21:48:30 +0900	[diff] [blame]	696	void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, bool task_valid);
				697	void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
				698	bool task_valid);
				699	void xfrm_audit_state_add(struct xfrm_state *x, int result, bool task_valid);
				700	void xfrm_audit_state_delete(struct xfrm_state *x, int result, bool task_valid);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	701	void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
				702	struct sk_buff *skb);
				703	void xfrm_audit_state_replay(struct xfrm_state x, struct sk_buff skb,
				704	__be32 net_seq);
				705	void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
				706	void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family, __be32 net_spi,
				707	__be32 net_seq);
				708	void xfrm_audit_state_icvfail(struct xfrm_state x, struct sk_buff skb,
				709	u8 proto);
Joy Latten	c9204d9	2006-11-30 15:50:43 -0600	[diff] [blame]	710	#else
Marcin Slusarz	41fef0e	2008-05-03 21:03:01 -0700	[diff] [blame]	711
				712	static inline void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
Tetsuo Handa	2e71029	2014-04-22 21:48:30 +0900	[diff] [blame]	713	bool task_valid)
Marcin Slusarz	41fef0e	2008-05-03 21:03:01 -0700	[diff] [blame]	714	{
				715	}
				716
				717	static inline void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
Tetsuo Handa	2e71029	2014-04-22 21:48:30 +0900	[diff] [blame]	718	bool task_valid)
Marcin Slusarz	41fef0e	2008-05-03 21:03:01 -0700	[diff] [blame]	719	{
				720	}
				721
				722	static inline void xfrm_audit_state_add(struct xfrm_state *x, int result,
Tetsuo Handa	2e71029	2014-04-22 21:48:30 +0900	[diff] [blame]	723	bool task_valid)
Marcin Slusarz	41fef0e	2008-05-03 21:03:01 -0700	[diff] [blame]	724	{
				725	}
				726
				727	static inline void xfrm_audit_state_delete(struct xfrm_state *x, int result,
Tetsuo Handa	2e71029	2014-04-22 21:48:30 +0900	[diff] [blame]	728	bool task_valid)
Marcin Slusarz	41fef0e	2008-05-03 21:03:01 -0700	[diff] [blame]	729	{
				730	}
				731
				732	static inline void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
				733	struct sk_buff *skb)
				734	{
				735	}
				736
Steffen Klassert	9fdc488	2011-03-08 00:08:32 +0000	[diff] [blame]	737	static inline void xfrm_audit_state_replay(struct xfrm_state *x,
				738	struct sk_buff *skb, __be32 net_seq)
				739	{
				740	}
				741
Marcin Slusarz	41fef0e	2008-05-03 21:03:01 -0700	[diff] [blame]	742	static inline void xfrm_audit_state_notfound_simple(struct sk_buff *skb,
				743	u16 family)
				744	{
				745	}
				746
				747	static inline void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
				748	__be32 net_spi, __be32 net_seq)
				749	{
				750	}
				751
				752	static inline void xfrm_audit_state_icvfail(struct xfrm_state *x,
				753	struct sk_buff *skb, u8 proto)
				754	{
				755	}
Joy Latten	c9204d9	2006-11-30 15:50:43 -0600	[diff] [blame]	756	#endif /* CONFIG_AUDITSYSCALL */
Joy Latten	161a09e	2006-11-27 13:11:54 -0600	[diff] [blame]	757
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	758	static inline void xfrm_pol_hold(struct xfrm_policy *policy)
				759	{
				760	if (likely(policy != NULL))
Reshetova, Elena	850a621	2017-07-04 15:53:22 +0300	[diff] [blame]	761	refcount_inc(&policy->refcnt);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	762	}
				763
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	764	void xfrm_policy_destroy(struct xfrm_policy *policy);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	765
				766	static inline void xfrm_pol_put(struct xfrm_policy *policy)
				767	{
Reshetova, Elena	850a621	2017-07-04 15:53:22 +0300	[diff] [blame]	768	if (refcount_dec_and_test(&policy->refcnt))
WANG Cong	64c31b3	2008-01-07 22:34:29 -0800	[diff] [blame]	769	xfrm_policy_destroy(policy);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	770	}
				771
Masahide NAKAMURA	4e81bb8	2006-08-23 22:43:30 -0700	[diff] [blame]	772	static inline void xfrm_pols_put(struct xfrm_policy **pols, int npols)
				773	{
				774	int i;
				775	for (i = npols - 1; i >= 0; --i)
				776	xfrm_pol_put(pols[i]);
				777	}
Masahide NAKAMURA	4e81bb8	2006-08-23 22:43:30 -0700	[diff] [blame]	778
Cong Wang	f75a280	2019-01-31 13:05:49 -0800	[diff] [blame]	779	void __xfrm_state_destroy(struct xfrm_state *, bool);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	780
Herbert Xu	21380b8	2006-02-22 14:47:13 -0800	[diff] [blame]	781	static inline void __xfrm_state_put(struct xfrm_state *x)
				782	{
Reshetova, Elena	88755e9c	2017-07-04 15:53:21 +0300	[diff] [blame]	783	refcount_dec(&x->refcnt);
Herbert Xu	21380b8	2006-02-22 14:47:13 -0800	[diff] [blame]	784	}
				785
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	786	static inline void xfrm_state_put(struct xfrm_state *x)
				787	{
Reshetova, Elena	88755e9c	2017-07-04 15:53:21 +0300	[diff] [blame]	788	if (refcount_dec_and_test(&x->refcnt))
Cong Wang	f75a280	2019-01-31 13:05:49 -0800	[diff] [blame]	789	__xfrm_state_destroy(x, false);
				790	}
				791
				792	static inline void xfrm_state_put_sync(struct xfrm_state *x)
				793	{
				794	if (refcount_dec_and_test(&x->refcnt))
				795	__xfrm_state_destroy(x, true);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	796	}
				797
				798	static inline void xfrm_state_hold(struct xfrm_state *x)
				799	{
Reshetova, Elena	88755e9c	2017-07-04 15:53:21 +0300	[diff] [blame]	800	refcount_inc(&x->refcnt);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	801	}
				802
David S. Miller	1744a8f	2011-02-22 18:02:12 -0800	[diff] [blame]	803	static inline bool addr_match(const void token1, const void token2,
Alexey Dobriyan	e1b0048	2017-03-24 02:07:50 +0300	[diff] [blame]	804	unsigned int prefixlen)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	805	{
David S. Miller	1744a8f	2011-02-22 18:02:12 -0800	[diff] [blame]	806	const __be32 *a1 = token1;
				807	const __be32 *a2 = token2;
Alexey Dobriyan	e1b0048	2017-03-24 02:07:50 +0300	[diff] [blame]	808	unsigned int pdw;
				809	unsigned int pbi;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	810
jamal	a633746	2010-02-09 13:21:17 +0000	[diff] [blame]	811	pdw = prefixlen >> 5; /* num of whole u32 in prefix */
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	812	pbi = prefixlen & 0x1f; /* num of bits in incomplete u32 in prefix */
				813
				814	if (pdw)
				815	if (memcmp(a1, a2, pdw << 2))
David S. Miller	1744a8f	2011-02-22 18:02:12 -0800	[diff] [blame]	816	return false;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	817
				818	if (pbi) {
Al Viro	5f19343	2006-09-27 18:46:32 -0700	[diff] [blame]	819	__be32 mask;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	820
				821	mask = htonl((0xffffffff) << (32 - pbi));
				822
				823	if ((a1[pdw] ^ a2[pdw]) & mask)
David S. Miller	1744a8f	2011-02-22 18:02:12 -0800	[diff] [blame]	824	return false;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	825	}
				826
David S. Miller	1744a8f	2011-02-22 18:02:12 -0800	[diff] [blame]	827	return true;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	828	}
				829
Alexey Dobriyan	26bff94	2011-11-22 06:46:02 +0000	[diff] [blame]	830	static inline bool addr4_match(__be32 a1, __be32 a2, u8 prefixlen)
				831	{
				832	/* C99 6.5.7 (3): u32 << 32 is undefined behaviour */
Alexey Dobriyan	6c786bc	2017-03-25 19:41:17 +0300	[diff] [blame]	833	if (sizeof(long) == 4 && prefixlen == 0)
Alexey Dobriyan	26bff94	2011-11-22 06:46:02 +0000	[diff] [blame]	834	return true;
Alexey Dobriyan	6c786bc	2017-03-25 19:41:17 +0300	[diff] [blame]	835	return !((a1 ^ a2) & htonl(~0UL << (32 - prefixlen)));
Alexey Dobriyan	26bff94	2011-11-22 06:46:02 +0000	[diff] [blame]	836	}
				837
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	838	static __inline__
David S. Miller	6281dcc	2011-03-12 00:43:55 -0500	[diff] [blame]	839	__be16 xfrm_flowi_sport(const struct flowi fl, const union flowi_uli uli)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	840	{
Al Viro	f9d07e41f8	2006-09-27 18:45:50 -0700	[diff] [blame]	841	__be16 port;
David S. Miller	1d28f42	2011-03-12 00:29:39 -0500	[diff] [blame]	842	switch(fl->flowi_proto) {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	843	case IPPROTO_TCP:
				844	case IPPROTO_UDP:
Gerrit Renker	ba4e58e	2006-11-27 11:10:57 -0800	[diff] [blame]	845	case IPPROTO_UDPLITE:
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	846	case IPPROTO_SCTP:
David S. Miller	6281dcc	2011-03-12 00:43:55 -0500	[diff] [blame]	847	port = uli->ports.sport;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	848	break;
				849	case IPPROTO_ICMP:
				850	case IPPROTO_ICMPV6:
David S. Miller	6281dcc	2011-03-12 00:43:55 -0500	[diff] [blame]	851	port = htons(uli->icmpt.type);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	852	break;
Masahide NAKAMURA	2ce4272	2006-08-23 20:39:03 -0700	[diff] [blame]	853	case IPPROTO_MH:
David S. Miller	6281dcc	2011-03-12 00:43:55 -0500	[diff] [blame]	854	port = htons(uli->mht.type);
Masahide NAKAMURA	2ce4272	2006-08-23 20:39:03 -0700	[diff] [blame]	855	break;
Timo Teräs	cc9ff19	2010-11-03 04:41:38 +0000	[diff] [blame]	856	case IPPROTO_GRE:
David S. Miller	6281dcc	2011-03-12 00:43:55 -0500	[diff] [blame]	857	port = htons(ntohl(uli->gre_key) >> 16);
Timo Teräs	cc9ff19	2010-11-03 04:41:38 +0000	[diff] [blame]	858	break;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	859	default:
				860	port = 0; /XXX/
				861	}
				862	return port;
				863	}
				864
				865	static __inline__
David S. Miller	6281dcc	2011-03-12 00:43:55 -0500	[diff] [blame]	866	__be16 xfrm_flowi_dport(const struct flowi fl, const union flowi_uli uli)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	867	{
Al Viro	f9d07e41f8	2006-09-27 18:45:50 -0700	[diff] [blame]	868	__be16 port;
David S. Miller	1d28f42	2011-03-12 00:29:39 -0500	[diff] [blame]	869	switch(fl->flowi_proto) {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	870	case IPPROTO_TCP:
				871	case IPPROTO_UDP:
Gerrit Renker	ba4e58e	2006-11-27 11:10:57 -0800	[diff] [blame]	872	case IPPROTO_UDPLITE:
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	873	case IPPROTO_SCTP:
David S. Miller	6281dcc	2011-03-12 00:43:55 -0500	[diff] [blame]	874	port = uli->ports.dport;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	875	break;
				876	case IPPROTO_ICMP:
				877	case IPPROTO_ICMPV6:
David S. Miller	6281dcc	2011-03-12 00:43:55 -0500	[diff] [blame]	878	port = htons(uli->icmpt.code);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	879	break;
Timo Teräs	cc9ff19	2010-11-03 04:41:38 +0000	[diff] [blame]	880	case IPPROTO_GRE:
David S. Miller	6281dcc	2011-03-12 00:43:55 -0500	[diff] [blame]	881	port = htons(ntohl(uli->gre_key) & 0xffff);
Timo Teräs	cc9ff19	2010-11-03 04:41:38 +0000	[diff] [blame]	882	break;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	883	default:
				884	port = 0; /XXX/
				885	}
				886	return port;
				887	}
				888
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	889	bool xfrm_selector_match(const struct xfrm_selector *sel,
				890	const struct flowi *fl, unsigned short family);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	891
Trent Jaeger	df71837	2005-12-13 23:12:27 -0800	[diff] [blame]	892	#ifdef CONFIG_SECURITY_NETWORK_XFRM
				893	/* If neither has a context --> match
				894	* Otherwise, both must have a context and the sids, doi, alg must match
				895	*/
David S. Miller	bc9b35a	2012-05-15 15:04:57 -0400	[diff] [blame]	896	static inline bool xfrm_sec_ctx_match(struct xfrm_sec_ctx s1, struct xfrm_sec_ctx s2)
Trent Jaeger	df71837	2005-12-13 23:12:27 -0800	[diff] [blame]	897	{
				898	return ((!s1 && !s2) \|\|
				899	(s1 && s2 &&
				900	(s1->ctx_sid == s2->ctx_sid) &&
				901	(s1->ctx_doi == s2->ctx_doi) &&
				902	(s1->ctx_alg == s2->ctx_alg)));
				903	}
				904	#else
David S. Miller	bc9b35a	2012-05-15 15:04:57 -0400	[diff] [blame]	905	static inline bool xfrm_sec_ctx_match(struct xfrm_sec_ctx s1, struct xfrm_sec_ctx s2)
Trent Jaeger	df71837	2005-12-13 23:12:27 -0800	[diff] [blame]	906	{
David S. Miller	bc9b35a	2012-05-15 15:04:57 -0400	[diff] [blame]	907	return true;
Trent Jaeger	df71837	2005-12-13 23:12:27 -0800	[diff] [blame]	908	}
				909	#endif
				910
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	911	/* A struct encoding bundle of transformations to apply to some set of flow.
				912	*
David Miller	b6ca8bd	2017-11-28 15:45:44 -0500	[diff] [blame]	913	* xdst->child points to the next element of bundle.
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	914	* dst->xfrm points to an instanse of transformer.
				915	*
				916	* Due to unfortunate limitations of current routing cache, which we
				917	* have no time to fix, it mirrors struct rtable and bound to the same
				918	* routing key, including saddr,daddr. However, we can have many of
				919	* bundles differing by session id. All the bundles grow from a parent
				920	* policy rule.
				921	*/
Eric Dumazet	fd2c3ef	2009-11-03 03:26:03 +0000	[diff] [blame]	922	struct xfrm_dst {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	923	union {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	924	struct dst_entry dst;
				925	struct rtable rt;
				926	struct rt6_info rt6;
				927	} u;
				928	struct dst_entry *route;
David Miller	b6ca8bd	2017-11-28 15:45:44 -0500	[diff] [blame]	929	struct dst_entry *child;
David Miller	0f6c480	2017-11-28 15:40:46 -0500	[diff] [blame]	930	struct dst_entry *path;
Timo Teräs	80c802f	2010-04-07 00:30:05 +0000	[diff] [blame]	931	struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
				932	int num_pols, num_xfrms;
Timo Teräs	80c802f	2010-04-07 00:30:05 +0000	[diff] [blame]	933	u32 xfrm_genid;
				934	u32 policy_genid;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	935	u32 route_mtu_cached;
				936	u32 child_mtu_cached;
Hideaki YOSHIFUJI	92d63de	2005-05-26 12:58:04 -0700	[diff] [blame]	937	u32 route_cookie;
				938	u32 path_cookie;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	939	};
				940
David Miller	0f6c480	2017-11-28 15:40:46 -0500	[diff] [blame]	941	static inline struct dst_entry xfrm_dst_path(const struct dst_entry dst)
				942	{
				943	#ifdef CONFIG_XFRM
Steffen Klassert	101dde4	2020-07-17 10:34:27 +0200	[diff] [blame]	944	if (dst->xfrm \|\| (dst->flags & DST_XFRM_QUEUE)) {
David Miller	0f6c480	2017-11-28 15:40:46 -0500	[diff] [blame]	945	const struct xfrm_dst xdst = (const struct xfrm_dst ) dst;
				946
				947	return xdst->path;
				948	}
				949	#endif
				950	return (struct dst_entry *) dst;
				951	}
				952
David Miller	b92cf4a	2017-11-28 15:40:22 -0500	[diff] [blame]	953	static inline struct dst_entry xfrm_dst_child(const struct dst_entry dst)
				954	{
				955	#ifdef CONFIG_XFRM
Steffen Klassert	101dde4	2020-07-17 10:34:27 +0200	[diff] [blame]	956	if (dst->xfrm \|\| (dst->flags & DST_XFRM_QUEUE)) {
David Miller	b6ca8bd	2017-11-28 15:45:44 -0500	[diff] [blame]	957	struct xfrm_dst xdst = (struct xfrm_dst ) dst;
				958	return xdst->child;
				959	}
David Miller	b92cf4a	2017-11-28 15:40:22 -0500	[diff] [blame]	960	#endif
				961	return NULL;
				962	}
				963
Alexey Dobriyan	def8b4f	2008-10-28 13:24:06 -0700	[diff] [blame]	964	#ifdef CONFIG_XFRM
David Miller	45b018be	2017-11-28 15:40:28 -0500	[diff] [blame]	965	static inline void xfrm_dst_set_child(struct xfrm_dst xdst, struct dst_entry child)
				966	{
David Miller	b6ca8bd	2017-11-28 15:45:44 -0500	[diff] [blame]	967	xdst->child = child;
David Miller	45b018be	2017-11-28 15:40:28 -0500	[diff] [blame]	968	}
				969
Herbert Xu	aabc976	2005-05-03 16:27:10 -0700	[diff] [blame]	970	static inline void xfrm_dst_destroy(struct xfrm_dst *xdst)
				971	{
Timo Teräs	80c802f	2010-04-07 00:30:05 +0000	[diff] [blame]	972	xfrm_pols_put(xdst->pols, xdst->num_pols);
Herbert Xu	aabc976	2005-05-03 16:27:10 -0700	[diff] [blame]	973	dst_release(xdst->route);
				974	if (likely(xdst->u.dst.xfrm))
				975	xfrm_state_put(xdst->u.dst.xfrm);
				976	}
Alexey Dobriyan	def8b4f	2008-10-28 13:24:06 -0700	[diff] [blame]	977	#endif
Herbert Xu	aabc976	2005-05-03 16:27:10 -0700	[diff] [blame]	978
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	979	void xfrm_dst_ifdown(struct dst_entry dst, struct net_device dev);
Herbert Xu	aabc976	2005-05-03 16:27:10 -0700	[diff] [blame]	980
Steffen Klassert	f203b76	2018-06-12 14:07:12 +0200	[diff] [blame]	981	struct xfrm_if_parms {
Steffen Klassert	f203b76	2018-06-12 14:07:12 +0200	[diff] [blame]	982	int link; /* ifindex of underlying L2 interface */
				983	u32 if_id; /* interface identifyer */
				984	};
				985
				986	struct xfrm_if {
				987	struct xfrm_if __rcu next; / next interface in list */
				988	struct net_device dev; / virtual device associated with interface */
Steffen Klassert	f203b76	2018-06-12 14:07:12 +0200	[diff] [blame]	989	struct net net; / netns for packet i/o */
				990	struct xfrm_if_parms p; /* interface parms */
				991
				992	struct gro_cells gro_cells;
				993	};
				994
Steffen Klassert	54ef207	2017-02-15 09:39:54 +0100	[diff] [blame]	995	struct xfrm_offload {
				996	/* Output sequence number for replay protection on offloading. */
				997	struct {
				998	__u32 low;
				999	__u32 hi;
				1000	} seq;
				1001
				1002	__u32 flags;
				1003	#define SA_DELETE_REQ 1
				1004	#define CRYPTO_DONE 2
				1005	#define CRYPTO_NEXT_DONE 4
				1006	#define CRYPTO_FALLBACK 8
				1007	#define XFRM_GSO_SEGMENT 16
				1008	#define XFRM_GRO 32
Yossi Kuperman	47ebcc0	2017-08-30 11:30:39 +0300	[diff] [blame]	1009	#define XFRM_ESP_NO_TRAILER 64
Steffen Klassert	f53c723	2017-12-20 10:41:36 +0100	[diff] [blame]	1010	#define XFRM_DEV_RESUME 128
Huy Nguyen	94579ac	2020-06-01 16:39:37 -0500	[diff] [blame]	1011	#define XFRM_XMIT 256
Steffen Klassert	54ef207	2017-02-15 09:39:54 +0100	[diff] [blame]	1012
				1013	__u32 status;
				1014	#define CRYPTO_SUCCESS 1
				1015	#define CRYPTO_GENERIC_ERROR 2
				1016	#define CRYPTO_TRANSPORT_AH_AUTH_FAILED 4
				1017	#define CRYPTO_TRANSPORT_ESP_AUTH_FAILED 8
				1018	#define CRYPTO_TUNNEL_AH_AUTH_FAILED 16
				1019	#define CRYPTO_TUNNEL_ESP_AUTH_FAILED 32
				1020	#define CRYPTO_INVALID_PACKET_SYNTAX 64
				1021	#define CRYPTO_INVALID_PROTOCOL 128
				1022
				1023	__u8 proto;
Huy Nguyen	fa45352	2021-06-14 17:33:48 +0300	[diff] [blame]	1024	__u8 inner_ipproto;
Steffen Klassert	54ef207	2017-02-15 09:39:54 +0100	[diff] [blame]	1025	};
				1026
Eric Dumazet	fd2c3ef	2009-11-03 03:26:03 +0000	[diff] [blame]	1027	struct sec_path {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1028	int len;
Steffen Klassert	54ef207	2017-02-15 09:39:54 +0100	[diff] [blame]	1029	int olen;
				1030
Herbert Xu	dbe5b4a	2006-04-01 00:54:16 -0800	[diff] [blame]	1031	struct xfrm_state *xvec[XFRM_MAX_DEPTH];
Steffen Klassert	54ef207	2017-02-15 09:39:54 +0100	[diff] [blame]	1032	struct xfrm_offload ovec[XFRM_MAX_OFFLOAD_DEPTH];
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1033	};
				1034
Florian Westphal	0ca64da	2018-12-18 17:15:18 +0100	[diff] [blame]	1035	struct sec_path secpath_set(struct sk_buff skb);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1036
				1037	static inline void
				1038	secpath_reset(struct sk_buff *skb)
				1039	{
				1040	#ifdef CONFIG_XFRM
Florian Westphal	4165079	2018-12-18 17:15:27 +0100	[diff] [blame]	1041	skb_ext_del(skb, SKB_EXT_SEC_PATH);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1042	#endif
				1043	}
				1044
				1045	static inline int
David S. Miller	6cc3296	2011-02-24 00:19:59 -0500	[diff] [blame]	1046	xfrm_addr_any(const xfrm_address_t *addr, unsigned short family)
Patrick McHardy	a1e59ab	2006-09-19 12:57:34 -0700	[diff] [blame]	1047	{
				1048	switch (family) {
				1049	case AF_INET:
				1050	return addr->a4 == 0;
				1051	case AF_INET6:
Jiri Benc	15e318b	2015-03-29 16:59:24 +0200	[diff] [blame]	1052	return ipv6_addr_any(&addr->in6);
Patrick McHardy	a1e59ab	2006-09-19 12:57:34 -0700	[diff] [blame]	1053	}
				1054	return 0;
				1055	}
				1056
				1057	static inline int
David S. Miller	21eddb5	2011-02-24 01:35:16 -0500	[diff] [blame]	1058	__xfrm4_state_addr_cmp(const struct xfrm_tmpl tmpl, const struct xfrm_state x)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1059	{
				1060	return (tmpl->saddr.a4 &&
				1061	tmpl->saddr.a4 != x->props.saddr.a4);
				1062	}
				1063
				1064	static inline int
David S. Miller	21eddb5	2011-02-24 01:35:16 -0500	[diff] [blame]	1065	__xfrm6_state_addr_cmp(const struct xfrm_tmpl tmpl, const struct xfrm_state x)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1066	{
				1067	return (!ipv6_addr_any((struct in6_addr*)&tmpl->saddr) &&
YOSHIFUJI Hideaki / 吉藤英明	ff88b30	2013-01-29 12:48:31 +0000	[diff] [blame]	1068	!ipv6_addr_equal((struct in6_addr )&tmpl->saddr, (struct in6_addr)&x->props.saddr));
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1069	}
				1070
				1071	static inline int
David S. Miller	21eddb5	2011-02-24 01:35:16 -0500	[diff] [blame]	1072	xfrm_state_addr_cmp(const struct xfrm_tmpl tmpl, const struct xfrm_state x, unsigned short family)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1073	{
				1074	switch (family) {
				1075	case AF_INET:
				1076	return __xfrm4_state_addr_cmp(tmpl, x);
				1077	case AF_INET6:
				1078	return __xfrm6_state_addr_cmp(tmpl, x);
				1079	}
				1080	return !0;
				1081	}
				1082
				1083	#ifdef CONFIG_XFRM
Steffen Klassert	2d151d3	2021-07-18 09:11:06 +0200	[diff] [blame]	1084	static inline bool
				1085	xfrm_default_allow(struct net *net, int dir)
				1086	{
				1087	u8 def = net->xfrm.policy_default;
				1088
				1089	switch (dir) {
				1090	case XFRM_POLICY_IN:
				1091	return def & XFRM_POL_DEFAULT_IN ? false : true;
				1092	case XFRM_POLICY_OUT:
				1093	return def & XFRM_POL_DEFAULT_OUT ? false : true;
				1094	case XFRM_POLICY_FWD:
				1095	return def & XFRM_POL_DEFAULT_FWD ? false : true;
				1096	}
				1097	return false;
				1098	}
				1099
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1100	int __xfrm_policy_check(struct sock , int dir, struct sk_buff skb,
				1101	unsigned short family);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1102
Herbert Xu	d5422ef	2007-12-12 10:44:16 -0800	[diff] [blame]	1103	static inline int __xfrm_policy_check2(struct sock *sk, int dir,
				1104	struct sk_buff *skb,
				1105	unsigned int family, int reverse)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1106	{
Alexey Dobriyan	f6e1e25	2008-11-25 17:35:44 -0800	[diff] [blame]	1107	struct net *net = dev_net(skb->dev);
Herbert Xu	d5422ef	2007-12-12 10:44:16 -0800	[diff] [blame]	1108	int ndir = dir \| (reverse ? XFRM_POLICY_MASK + 1 : 0);
				1109
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1110	if (sk && sk->sk_policy[XFRM_POLICY_IN])
Herbert Xu	d5422ef	2007-12-12 10:44:16 -0800	[diff] [blame]	1111	return __xfrm_policy_check(sk, ndir, skb, family);
Masahide NAKAMURA	4e81bb8	2006-08-23 22:43:30 -0700	[diff] [blame]	1112
Steffen Klassert	2d151d3	2021-07-18 09:11:06 +0200	[diff] [blame]	1113	if (xfrm_default_allow(net, dir))
				1114	return (!net->xfrm.policy_count[dir] && !secpath_exists(skb)) \|\|
				1115	(skb_dst(skb) && (skb_dst(skb)->flags & DST_NOPOLICY)) \|\|
				1116	__xfrm_policy_check(sk, ndir, skb, family);
				1117	else
				1118	return (skb_dst(skb) && (skb_dst(skb)->flags & DST_NOPOLICY)) \|\|
				1119	__xfrm_policy_check(sk, ndir, skb, family);
Herbert Xu	d5422ef	2007-12-12 10:44:16 -0800	[diff] [blame]	1120	}
				1121
				1122	static inline int xfrm_policy_check(struct sock sk, int dir, struct sk_buff skb, unsigned short family)
				1123	{
				1124	return __xfrm_policy_check2(sk, dir, skb, family, 0);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1125	}
				1126
				1127	static inline int xfrm4_policy_check(struct sock sk, int dir, struct sk_buff skb)
				1128	{
				1129	return xfrm_policy_check(sk, dir, skb, AF_INET);
				1130	}
				1131
				1132	static inline int xfrm6_policy_check(struct sock sk, int dir, struct sk_buff skb)
				1133	{
				1134	return xfrm_policy_check(sk, dir, skb, AF_INET6);
				1135	}
				1136
Herbert Xu	d5422ef	2007-12-12 10:44:16 -0800	[diff] [blame]	1137	static inline int xfrm4_policy_check_reverse(struct sock *sk, int dir,
				1138	struct sk_buff *skb)
				1139	{
				1140	return __xfrm_policy_check2(sk, dir, skb, AF_INET, 1);
				1141	}
				1142
				1143	static inline int xfrm6_policy_check_reverse(struct sock *sk, int dir,
				1144	struct sk_buff *skb)
				1145	{
				1146	return __xfrm_policy_check2(sk, dir, skb, AF_INET6, 1);
				1147	}
				1148
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1149	int __xfrm_decode_session(struct sk_buff skb, struct flowi fl,
				1150	unsigned int family, int reverse);
Herbert Xu	d5422ef	2007-12-12 10:44:16 -0800	[diff] [blame]	1151
				1152	static inline int xfrm_decode_session(struct sk_buff skb, struct flowi fl,
				1153	unsigned int family)
				1154	{
				1155	return __xfrm_decode_session(skb, fl, family, 0);
				1156	}
				1157
				1158	static inline int xfrm_decode_session_reverse(struct sk_buff *skb,
				1159	struct flowi *fl,
				1160	unsigned int family)
				1161	{
				1162	return __xfrm_decode_session(skb, fl, family, 1);
				1163	}
				1164
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1165	int __xfrm_route_forward(struct sk_buff *skb, unsigned short family);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1166
				1167	static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family)
				1168	{
Alexey Dobriyan	99a6665	2008-11-25 17:36:13 -0800	[diff] [blame]	1169	struct net *net = dev_net(skb->dev);
				1170
Nicolas Dichtel	ec3bb89	2021-11-22 11:33:13 +0100	[diff] [blame]	1171	if (xfrm_default_allow(net, XFRM_POLICY_OUT))
Steffen Klassert	2d151d3	2021-07-18 09:11:06 +0200	[diff] [blame]	1172	return !net->xfrm.policy_count[XFRM_POLICY_OUT] \|\|
				1173	(skb_dst(skb)->flags & DST_NOXFRM) \|\|
				1174	__xfrm_route_forward(skb, family);
				1175	else
				1176	return (skb_dst(skb)->flags & DST_NOXFRM) \|\|
				1177	__xfrm_route_forward(skb, family);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1178	}
				1179
				1180	static inline int xfrm4_route_forward(struct sk_buff *skb)
				1181	{
				1182	return xfrm_route_forward(skb, AF_INET);
				1183	}
				1184
				1185	static inline int xfrm6_route_forward(struct sk_buff *skb)
				1186	{
				1187	return xfrm_route_forward(skb, AF_INET6);
				1188	}
				1189
Eric Dumazet	d188ba8	2015-12-08 07:22:02 -0800	[diff] [blame]	1190	int __xfrm_sk_clone_policy(struct sock sk, const struct sock osk);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1191
Eric Dumazet	d188ba8	2015-12-08 07:22:02 -0800	[diff] [blame]	1192	static inline int xfrm_sk_clone_policy(struct sock sk, const struct sock osk)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1193	{
Eric Dumazet	d188ba8	2015-12-08 07:22:02 -0800	[diff] [blame]	1194	sk->sk_policy[0] = NULL;
				1195	sk->sk_policy[1] = NULL;
				1196	if (unlikely(osk->sk_policy[0] \|\| osk->sk_policy[1]))
				1197	return __xfrm_sk_clone_policy(sk, osk);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1198	return 0;
				1199	}
				1200
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1201	int xfrm_policy_delete(struct xfrm_policy *pol, int dir);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1202
				1203	static inline void xfrm_sk_free_policy(struct sock *sk)
				1204	{
Eric Dumazet	d188ba8	2015-12-08 07:22:02 -0800	[diff] [blame]	1205	struct xfrm_policy *pol;
				1206
				1207	pol = rcu_dereference_protected(sk->sk_policy[0], 1);
				1208	if (unlikely(pol != NULL)) {
				1209	xfrm_policy_delete(pol, XFRM_POLICY_MAX);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1210	sk->sk_policy[0] = NULL;
				1211	}
Eric Dumazet	d188ba8	2015-12-08 07:22:02 -0800	[diff] [blame]	1212	pol = rcu_dereference_protected(sk->sk_policy[1], 1);
				1213	if (unlikely(pol != NULL)) {
				1214	xfrm_policy_delete(pol, XFRM_POLICY_MAX+1);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1215	sk->sk_policy[1] = NULL;
				1216	}
				1217	}
				1218
				1219	#else
				1220
				1221	static inline void xfrm_sk_free_policy(struct sock *sk) {}
Eric Dumazet	d188ba8	2015-12-08 07:22:02 -0800	[diff] [blame]	1222	static inline int xfrm_sk_clone_policy(struct sock sk, const struct sock osk) { return 0; }
Stephen Hemminger	82695b3	2018-02-27 15:48:21 -0800	[diff] [blame]	1223	static inline int xfrm6_route_forward(struct sk_buff *skb) { return 1; }
				1224	static inline int xfrm4_route_forward(struct sk_buff *skb) { return 1; }
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1225	static inline int xfrm6_policy_check(struct sock sk, int dir, struct sk_buff skb)
Stephen Hemminger	82695b3	2018-02-27 15:48:21 -0800	[diff] [blame]	1226	{
				1227	return 1;
				1228	}
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1229	static inline int xfrm4_policy_check(struct sock sk, int dir, struct sk_buff skb)
				1230	{
				1231	return 1;
				1232	}
				1233	static inline int xfrm_policy_check(struct sock sk, int dir, struct sk_buff skb, unsigned short family)
				1234	{
				1235	return 1;
				1236	}
Herbert Xu	d5422ef	2007-12-12 10:44:16 -0800	[diff] [blame]	1237	static inline int xfrm_decode_session_reverse(struct sk_buff *skb,
				1238	struct flowi *fl,
				1239	unsigned int family)
				1240	{
				1241	return -ENOSYS;
				1242	}
				1243	static inline int xfrm4_policy_check_reverse(struct sock *sk, int dir,
				1244	struct sk_buff *skb)
				1245	{
				1246	return 1;
				1247	}
				1248	static inline int xfrm6_policy_check_reverse(struct sock *sk, int dir,
				1249	struct sk_buff *skb)
				1250	{
				1251	return 1;
				1252	}
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1253	#endif
				1254
				1255	static __inline__
David S. Miller	e8a4e37	2011-02-22 17:42:56 -0800	[diff] [blame]	1256	xfrm_address_t xfrm_flowi_daddr(const struct flowi fl, unsigned short family)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1257	{
				1258	switch (family){
				1259	case AF_INET:
David S. Miller	7e1dc7b	2011-03-12 02:42:11 -0500	[diff] [blame]	1260	return (xfrm_address_t *)&fl->u.ip4.daddr;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1261	case AF_INET6:
David S. Miller	7e1dc7b	2011-03-12 02:42:11 -0500	[diff] [blame]	1262	return (xfrm_address_t *)&fl->u.ip6.daddr;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1263	}
				1264	return NULL;
				1265	}
				1266
				1267	static __inline__
David S. Miller	e8a4e37	2011-02-22 17:42:56 -0800	[diff] [blame]	1268	xfrm_address_t xfrm_flowi_saddr(const struct flowi fl, unsigned short family)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1269	{
				1270	switch (family){
				1271	case AF_INET:
David S. Miller	7e1dc7b	2011-03-12 02:42:11 -0500	[diff] [blame]	1272	return (xfrm_address_t *)&fl->u.ip4.saddr;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1273	case AF_INET6:
David S. Miller	7e1dc7b	2011-03-12 02:42:11 -0500	[diff] [blame]	1274	return (xfrm_address_t *)&fl->u.ip6.saddr;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1275	}
				1276	return NULL;
				1277	}
				1278
YOSHIFUJI Hideaki	9bb182a	2008-02-22 14:48:22 +0900	[diff] [blame]	1279	static __inline__
David S. Miller	e8a4e37	2011-02-22 17:42:56 -0800	[diff] [blame]	1280	void xfrm_flowi_addr_get(const struct flowi *fl,
YOSHIFUJI Hideaki	9bb182a	2008-02-22 14:48:22 +0900	[diff] [blame]	1281	xfrm_address_t saddr, xfrm_address_t daddr,
				1282	unsigned short family)
				1283	{
				1284	switch(family) {
				1285	case AF_INET:
David S. Miller	7e1dc7b	2011-03-12 02:42:11 -0500	[diff] [blame]	1286	memcpy(&saddr->a4, &fl->u.ip4.saddr, sizeof(saddr->a4));
				1287	memcpy(&daddr->a4, &fl->u.ip4.daddr, sizeof(daddr->a4));
YOSHIFUJI Hideaki	9bb182a	2008-02-22 14:48:22 +0900	[diff] [blame]	1288	break;
				1289	case AF_INET6:
Jiri Benc	15e318b	2015-03-29 16:59:24 +0200	[diff] [blame]	1290	saddr->in6 = fl->u.ip6.saddr;
				1291	daddr->in6 = fl->u.ip6.daddr;
YOSHIFUJI Hideaki	9bb182a	2008-02-22 14:48:22 +0900	[diff] [blame]	1292	break;
				1293	}
				1294	}
				1295
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1296	static __inline__ int
David S. Miller	f884806	2011-02-24 01:42:28 -0500	[diff] [blame]	1297	__xfrm4_state_addr_check(const struct xfrm_state *x,
				1298	const xfrm_address_t daddr, const xfrm_address_t saddr)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1299	{
				1300	if (daddr->a4 == x->id.daddr.a4 &&
				1301	(saddr->a4 == x->props.saddr.a4 \|\| !saddr->a4 \|\| !x->props.saddr.a4))
				1302	return 1;
				1303	return 0;
				1304	}
				1305
				1306	static __inline__ int
David S. Miller	f884806	2011-02-24 01:42:28 -0500	[diff] [blame]	1307	__xfrm6_state_addr_check(const struct xfrm_state *x,
				1308	const xfrm_address_t daddr, const xfrm_address_t saddr)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1309	{
YOSHIFUJI Hideaki / 吉藤英明	ff88b30	2013-01-29 12:48:31 +0000	[diff] [blame]	1310	if (ipv6_addr_equal((struct in6_addr )daddr, (struct in6_addr )&x->id.daddr) &&
				1311	(ipv6_addr_equal((struct in6_addr )saddr, (struct in6_addr )&x->props.saddr) \|\|
Stephen Hemminger	82695b3	2018-02-27 15:48:21 -0800	[diff] [blame]	1312	ipv6_addr_any((struct in6_addr *)saddr) \|\|
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1313	ipv6_addr_any((struct in6_addr *)&x->props.saddr)))
				1314	return 1;
				1315	return 0;
				1316	}
				1317
				1318	static __inline__ int
David S. Miller	f884806	2011-02-24 01:42:28 -0500	[diff] [blame]	1319	xfrm_state_addr_check(const struct xfrm_state *x,
				1320	const xfrm_address_t daddr, const xfrm_address_t saddr,
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1321	unsigned short family)
				1322	{
				1323	switch (family) {
				1324	case AF_INET:
				1325	return __xfrm4_state_addr_check(x, daddr, saddr);
				1326	case AF_INET6:
				1327	return __xfrm6_state_addr_check(x, daddr, saddr);
				1328	}
				1329	return 0;
				1330	}
				1331
Masahide NAKAMURA	e53820d	2006-08-23 19:12:01 -0700	[diff] [blame]	1332	static __inline__ int
David S. Miller	f884806	2011-02-24 01:42:28 -0500	[diff] [blame]	1333	xfrm_state_addr_flow_check(const struct xfrm_state x, const struct flowi fl,
Masahide NAKAMURA	e53820d	2006-08-23 19:12:01 -0700	[diff] [blame]	1334	unsigned short family)
				1335	{
				1336	switch (family) {
				1337	case AF_INET:
				1338	return __xfrm4_state_addr_check(x,
David S. Miller	7e1dc7b	2011-03-12 02:42:11 -0500	[diff] [blame]	1339	(const xfrm_address_t *)&fl->u.ip4.daddr,
				1340	(const xfrm_address_t *)&fl->u.ip4.saddr);
Masahide NAKAMURA	e53820d	2006-08-23 19:12:01 -0700	[diff] [blame]	1341	case AF_INET6:
				1342	return __xfrm6_state_addr_check(x,
David S. Miller	7e1dc7b	2011-03-12 02:42:11 -0500	[diff] [blame]	1343	(const xfrm_address_t *)&fl->u.ip6.daddr,
				1344	(const xfrm_address_t *)&fl->u.ip6.saddr);
Masahide NAKAMURA	e53820d	2006-08-23 19:12:01 -0700	[diff] [blame]	1345	}
				1346	return 0;
				1347	}
				1348
David S. Miller	f884806	2011-02-24 01:42:28 -0500	[diff] [blame]	1349	static inline int xfrm_state_kern(const struct xfrm_state *x)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1350	{
				1351	return atomic_read(&x->tunnel_users);
				1352	}
				1353
Cong Wang	dbb2483	2019-03-22 16:26:19 -0700	[diff] [blame]	1354	static inline bool xfrm_id_proto_valid(u8 proto)
				1355	{
				1356	switch (proto) {
				1357	case IPPROTO_AH:
				1358	case IPPROTO_ESP:
				1359	case IPPROTO_COMP:
				1360	#if IS_ENABLED(CONFIG_IPV6)
				1361	case IPPROTO_ROUTING:
				1362	case IPPROTO_DSTOPTS:
				1363	#endif
				1364	return true;
				1365	default:
				1366	return false;
				1367	}
				1368	}
				1369
				1370	/* IPSEC_PROTO_ANY only matches 3 IPsec protocols, 0 could match all. */
Masahide NAKAMURA	5794708	2006-09-22 15:06:24 -0700	[diff] [blame]	1371	static inline int xfrm_id_proto_match(u8 proto, u8 userproto)
				1372	{
Masahide NAKAMURA	dc00a52	2006-08-23 17:49:52 -0700	[diff] [blame]	1373	return (!userproto \|\| proto == userproto \|\|
				1374	(userproto == IPSEC_PROTO_ANY && (proto == IPPROTO_AH \|\|
				1375	proto == IPPROTO_ESP \|\|
				1376	proto == IPPROTO_COMP)));
Masahide NAKAMURA	5794708	2006-09-22 15:06:24 -0700	[diff] [blame]	1377	}
				1378
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1379	/*
				1380	* xfrm algorithm information
				1381	*/
Herbert Xu	1a6509d	2008-01-28 19:37:29 -0800	[diff] [blame]	1382	struct xfrm_algo_aead_info {
Herbert Xu	165ecc6	2015-05-27 16:03:44 +0800	[diff] [blame]	1383	char *geniv;
Herbert Xu	1a6509d	2008-01-28 19:37:29 -0800	[diff] [blame]	1384	u16 icv_truncbits;
				1385	};
				1386
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1387	struct xfrm_algo_auth_info {
				1388	u16 icv_truncbits;
				1389	u16 icv_fullbits;
				1390	};
				1391
				1392	struct xfrm_algo_encr_info {
Herbert Xu	165ecc6	2015-05-27 16:03:44 +0800	[diff] [blame]	1393	char *geniv;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1394	u16 blockbits;
				1395	u16 defkeybits;
				1396	};
				1397
				1398	struct xfrm_algo_comp_info {
				1399	u16 threshold;
				1400	};
				1401
				1402	struct xfrm_algo_desc {
				1403	char *name;
Herbert Xu	04ff126	2006-08-13 08:50:00 +1000	[diff] [blame]	1404	char *compat;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1405	u8 available:1;
Jussi Kivilinna	7e50f84	2013-01-31 12:40:38 +0200	[diff] [blame]	1406	u8 pfkey_supported:1;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1407	union {
Herbert Xu	1a6509d	2008-01-28 19:37:29 -0800	[diff] [blame]	1408	struct xfrm_algo_aead_info aead;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1409	struct xfrm_algo_auth_info auth;
				1410	struct xfrm_algo_encr_info encr;
				1411	struct xfrm_algo_comp_info comp;
				1412	} uinfo;
				1413	struct sadb_alg desc;
				1414	};
				1415
Steffen Klassert	3328715	2014-02-21 08:41:08 +0100	[diff] [blame]	1416	/* XFRM protocol handlers. */
				1417	struct xfrm4_protocol {
				1418	int (handler)(struct sk_buff skb);
				1419	int (input_handler)(struct sk_buff skb, int nexthdr, __be32 spi,
				1420	int encap_type);
				1421	int (cb_handler)(struct sk_buff skb, int err);
				1422	int (err_handler)(struct sk_buff skb, u32 info);
				1423
				1424	struct xfrm4_protocol __rcu *next;
				1425	int priority;
				1426	};
				1427
Steffen Klassert	7e14ea1	2014-03-14 07:28:07 +0100	[diff] [blame]	1428	struct xfrm6_protocol {
				1429	int (handler)(struct sk_buff skb);
Sabrina Dubroca	0146dca	2020-04-27 17:59:34 +0200	[diff] [blame]	1430	int (input_handler)(struct sk_buff skb, int nexthdr, __be32 spi,
				1431	int encap_type);
Steffen Klassert	7e14ea1	2014-03-14 07:28:07 +0100	[diff] [blame]	1432	int (cb_handler)(struct sk_buff skb, int err);
				1433	int (err_handler)(struct sk_buff skb, struct inet6_skb_parm *opt,
				1434	u8 type, u8 code, int offset, __be32 info);
				1435
				1436	struct xfrm6_protocol __rcu *next;
				1437	int priority;
				1438	};
				1439
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1440	/* XFRM tunnel handlers. */
				1441	struct xfrm_tunnel {
				1442	int (handler)(struct sk_buff skb);
Xin Long	6df2db5	2020-07-06 20:01:30 +0800	[diff] [blame]	1443	int (cb_handler)(struct sk_buff skb, int err);
jamal	a633746	2010-02-09 13:21:17 +0000	[diff] [blame]	1444	int (err_handler)(struct sk_buff skb, u32 info);
Herbert Xu	d2acc34	2006-03-28 01:12:13 -0800	[diff] [blame]	1445
Eric Dumazet	b33eab0	2010-10-25 21:01:26 +0000	[diff] [blame]	1446	struct xfrm_tunnel __rcu *next;
Herbert Xu	d2acc34	2006-03-28 01:12:13 -0800	[diff] [blame]	1447	int priority;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1448	};
				1449
				1450	struct xfrm6_tunnel {
Herbert Xu	d2acc34	2006-03-28 01:12:13 -0800	[diff] [blame]	1451	int (handler)(struct sk_buff skb);
Xin Long	86afc70	2020-07-06 20:01:31 +0800	[diff] [blame]	1452	int (cb_handler)(struct sk_buff skb, int err);
Herbert Xu	d2acc34	2006-03-28 01:12:13 -0800	[diff] [blame]	1453	int (err_handler)(struct sk_buff skb, struct inet6_skb_parm *opt,
Brian Haley	d5fdd6b	2009-06-23 04:31:07 -0700	[diff] [blame]	1454	u8 type, u8 code, int offset, __be32 info);
Eric Dumazet	6f0bcf1	2010-10-24 21:33:16 +0000	[diff] [blame]	1455	struct xfrm6_tunnel __rcu *next;
Herbert Xu	d2acc34	2006-03-28 01:12:13 -0800	[diff] [blame]	1456	int priority;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1457	};
				1458
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1459	void xfrm_init(void);
				1460	void xfrm4_init(void);
				1461	int xfrm_state_init(struct net *net);
				1462	void xfrm_state_fini(struct net *net);
				1463	void xfrm4_state_init(void);
Steffen Klassert	2f32b51	2014-03-14 07:28:07 +0100	[diff] [blame]	1464	void xfrm4_protocol_init(void);
Daniel Lezcano	c35b7e7	2007-12-08 00:14:11 -0800	[diff] [blame]	1465	#ifdef CONFIG_XFRM
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1466	int xfrm6_init(void);
				1467	void xfrm6_fini(void);
				1468	int xfrm6_state_init(void);
				1469	void xfrm6_state_fini(void);
Steffen Klassert	7e14ea1	2014-03-14 07:28:07 +0100	[diff] [blame]	1470	int xfrm6_protocol_init(void);
				1471	void xfrm6_protocol_fini(void);
Daniel Lezcano	c35b7e7	2007-12-08 00:14:11 -0800	[diff] [blame]	1472	#else
				1473	static inline int xfrm6_init(void)
				1474	{
				1475	return 0;
				1476	}
				1477	static inline void xfrm6_fini(void)
				1478	{
				1479	;
				1480	}
				1481	#endif
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1482
Masahide NAKAMURA	558f82e	2007-12-20 20:42:57 -0800	[diff] [blame]	1483	#ifdef CONFIG_XFRM_STATISTICS
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1484	int xfrm_proc_init(struct net *net);
				1485	void xfrm_proc_fini(struct net *net);
Masahide NAKAMURA	558f82e	2007-12-20 20:42:57 -0800	[diff] [blame]	1486	#endif
				1487
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1488	int xfrm_sysctl_init(struct net *net);
Alexey Dobriyan	b27aead	2008-11-25 18:00:48 -0800	[diff] [blame]	1489	#ifdef CONFIG_SYSCTL
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1490	void xfrm_sysctl_fini(struct net *net);
Alexey Dobriyan	b27aead	2008-11-25 18:00:48 -0800	[diff] [blame]	1491	#else
				1492	static inline void xfrm_sysctl_fini(struct net *net)
				1493	{
				1494	}
				1495	#endif
				1496
Nicolas Dichtel	d362309	2014-02-14 15:30:36 +0100	[diff] [blame]	1497	void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto,
Nicolas Dichtel	870a2df	2014-03-06 18:24:29 +0100	[diff] [blame]	1498	struct xfrm_address_filter *filter);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1499	int xfrm_state_walk(struct net net, struct xfrm_state_walk walk,
				1500	int (func)(struct xfrm_state , int, void), void );
Fan Du	283bc9f	2013-11-07 17:47:50 +0800	[diff] [blame]	1501	void xfrm_state_walk_done(struct xfrm_state_walk walk, struct net net);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1502	struct xfrm_state xfrm_state_alloc(struct net net);
Mathias Krause	4a135e5	2018-11-21 21:09:23 +0100	[diff] [blame]	1503	void xfrm_state_free(struct xfrm_state *x);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1504	struct xfrm_state xfrm_state_find(const xfrm_address_t daddr,
				1505	const xfrm_address_t *saddr,
				1506	const struct flowi *fl,
				1507	struct xfrm_tmpl *tmpl,
				1508	struct xfrm_policy pol, int err,
Benedict Wong	bc56b33	2018-07-19 10:50:44 -0700	[diff] [blame]	1509	unsigned short family, u32 if_id);
Steffen Klassert	7e65264	2018-06-12 14:07:07 +0200	[diff] [blame]	1510	struct xfrm_state xfrm_stateonly_find(struct net net, u32 mark, u32 if_id,
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1511	xfrm_address_t *daddr,
				1512	xfrm_address_t *saddr,
				1513	unsigned short family,
				1514	u8 mode, u8 proto, u32 reqid);
Fan Du	c454997	2014-01-03 11:18:32 +0800	[diff] [blame]	1515	struct xfrm_state xfrm_state_lookup_byspi(struct net net, __be32 spi,
				1516	unsigned short family);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1517	int xfrm_state_check_expire(struct xfrm_state *x);
				1518	void xfrm_state_insert(struct xfrm_state *x);
				1519	int xfrm_state_add(struct xfrm_state *x);
				1520	int xfrm_state_update(struct xfrm_state *x);
				1521	struct xfrm_state xfrm_state_lookup(struct net net, u32 mark,
				1522	const xfrm_address_t *daddr, __be32 spi,
				1523	u8 proto, unsigned short family);
				1524	struct xfrm_state xfrm_state_lookup_byaddr(struct net net, u32 mark,
				1525	const xfrm_address_t *daddr,
				1526	const xfrm_address_t *saddr,
				1527	u8 proto,
				1528	unsigned short family);
Masahide NAKAMURA	41a49cc	2006-08-23 22:48:31 -0700	[diff] [blame]	1529	#ifdef CONFIG_XFRM_SUB_POLICY
Florian Westphal	3aaf391	2019-05-03 17:46:17 +0200	[diff] [blame]	1530	void xfrm_tmpl_sort(struct xfrm_tmpl dst, struct xfrm_tmpl src, int n,
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1531	unsigned short family);
Florian Westphal	3aaf391	2019-05-03 17:46:17 +0200	[diff] [blame]	1532	void xfrm_state_sort(struct xfrm_state dst, struct xfrm_state src, int n,
				1533	unsigned short family);
Masahide NAKAMURA	41a49cc	2006-08-23 22:48:31 -0700	[diff] [blame]	1534	#else
Florian Westphal	3aaf391	2019-05-03 17:46:17 +0200	[diff] [blame]	1535	static inline void xfrm_tmpl_sort(struct xfrm_tmpl d, struct xfrm_tmpl s,
Masahide NAKAMURA	41a49cc	2006-08-23 22:48:31 -0700	[diff] [blame]	1536	int n, unsigned short family)
				1537	{
Florian Westphal	3aaf391	2019-05-03 17:46:17 +0200	[diff] [blame]	1538	}
				1539
				1540	static inline void xfrm_state_sort(struct xfrm_state d, struct xfrm_state s,
				1541	int n, unsigned short family)
				1542	{
Masahide NAKAMURA	41a49cc	2006-08-23 22:48:31 -0700	[diff] [blame]	1543	}
				1544	#endif
Jamal Hadi Salim	af11e31	2007-05-04 12:55:13 -0700	[diff] [blame]	1545
				1546	struct xfrmk_sadinfo {
				1547	u32 sadhcnt; /* current hash bkts */
				1548	u32 sadhmcnt; /* max allowed hash bkts */
				1549	u32 sadcnt; /* current running count */
				1550	};
				1551
Jamal Hadi Salim	5a6d341	2007-05-04 12:55:39 -0700	[diff] [blame]	1552	struct xfrmk_spdinfo {
				1553	u32 incnt;
				1554	u32 outcnt;
				1555	u32 fwdcnt;
				1556	u32 inscnt;
				1557	u32 outscnt;
				1558	u32 fwdscnt;
				1559	u32 spdhcnt;
				1560	u32 spdhmcnt;
				1561	};
				1562
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1563	struct xfrm_state xfrm_find_acq_byseq(struct net net, u32 mark, u32 seq);
				1564	int xfrm_state_delete(struct xfrm_state *x);
Cong Wang	f75a280	2019-01-31 13:05:49 -0800	[diff] [blame]	1565	int xfrm_state_flush(struct net *net, u8 proto, bool task_valid, bool sync);
Steffen Klassert	d77e38e	2017-04-14 10:06:10 +0200	[diff] [blame]	1566	int xfrm_dev_state_flush(struct net net, struct net_device dev, bool task_valid);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1567	void xfrm_sad_getinfo(struct net net, struct xfrmk_sadinfo si);
				1568	void xfrm_spd_getinfo(struct net net, struct xfrmk_spdinfo si);
				1569	u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq);
				1570	int xfrm_init_replay(struct xfrm_state *x);
Sabrina Dubroca	b515d26	2021-04-16 11:27:59 +0200	[diff] [blame]	1571	u32 __xfrm_state_mtu(struct xfrm_state *x, int mtu);
Florian Westphal	c7b37c7	2019-06-24 22:04:48 +0200	[diff] [blame]	1572	u32 xfrm_state_mtu(struct xfrm_state *x, int mtu);
Ilan Tayari	ffdb521	2017-08-01 12:49:08 +0300	[diff] [blame]	1573	int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1574	int xfrm_init_state(struct xfrm_state *x);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1575	int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type);
				1576	int xfrm_input_resume(struct sk_buff *skb, int nexthdr);
Sabrina Dubroca	7b38019	2019-11-25 14:48:58 +0100	[diff] [blame]	1577	int xfrm_trans_queue_net(struct net net, struct sk_buff skb,
				1578	int (finish)(struct net , struct sock *,
				1579	struct sk_buff *));
Herbert Xu	acf568e	2017-12-15 16:40:44 +1100	[diff] [blame]	1580	int xfrm_trans_queue(struct sk_buff *skb,
				1581	int (finish)(struct net , struct sock *,
				1582	struct sk_buff *));
Evan Nimmo	9ab1265	2021-03-02 08:00:04 +1300	[diff] [blame]	1583	int xfrm_output_resume(struct sock sk, struct sk_buff skb, int err);
David Miller	7026b1d	2015-04-05 22:19:04 -0400	[diff] [blame]	1584	int xfrm_output(struct sock sk, struct sk_buff skb);
Florian Westphal	0c620e9	2019-03-29 21:16:25 +0100	[diff] [blame]	1585
				1586	#if IS_ENABLED(CONFIG_NET_PKTGEN)
				1587	int pktgen_xfrm_outer_mode_output(struct xfrm_state x, struct sk_buff skb);
				1588	#endif
				1589
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1590	void xfrm_local_error(struct sk_buff *skb, int mtu);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1591	int xfrm4_extract_input(struct xfrm_state x, struct sk_buff skb);
				1592	int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
				1593	int encap_type);
				1594	int xfrm4_transport_finish(struct sk_buff *skb, int async);
				1595	int xfrm4_rcv(struct sk_buff *skb);
Herbert Xu	c4541b4	2007-10-17 21:28:53 -0700	[diff] [blame]	1596
				1597	static inline int xfrm4_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi)
				1598	{
Steffen Klassert	70be6c9	2014-02-21 08:41:09 +0100	[diff] [blame]	1599	XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
Steffen Klassert	3328715	2014-02-21 08:41:08 +0100	[diff] [blame]	1600	XFRM_SPI_SKB_CB(skb)->family = AF_INET;
				1601	XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
				1602	return xfrm_input(skb, nexthdr, spi, 0);
Herbert Xu	c4541b4	2007-10-17 21:28:53 -0700	[diff] [blame]	1603	}
				1604
Eric W. Biederman	ede2059	2015-10-07 16:48:47 -0500	[diff] [blame]	1605	int xfrm4_output(struct net net, struct sock sk, struct sk_buff *skb);
Steffen Klassert	3328715	2014-02-21 08:41:08 +0100	[diff] [blame]	1606	int xfrm4_protocol_register(struct xfrm4_protocol *handler, unsigned char protocol);
				1607	int xfrm4_protocol_deregister(struct xfrm4_protocol *handler, unsigned char protocol);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1608	int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family);
				1609	int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1610	void xfrm4_local_error(struct sk_buff *skb, u32 mtu);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1611	int xfrm6_extract_input(struct xfrm_state x, struct sk_buff skb);
Nicolas Dichtel	63c4378	2016-09-19 16:17:57 +0200	[diff] [blame]	1612	int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi,
				1613	struct ip6_tnl *t);
Sabrina Dubroca	0146dca	2020-04-27 17:59:34 +0200	[diff] [blame]	1614	int xfrm6_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
				1615	int encap_type);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1616	int xfrm6_transport_finish(struct sk_buff *skb, int async);
Nicolas Dichtel	63c4378	2016-09-19 16:17:57 +0200	[diff] [blame]	1617	int xfrm6_rcv_tnl(struct sk_buff skb, struct ip6_tnl t);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1618	int xfrm6_rcv(struct sk_buff *skb);
				1619	int xfrm6_input_addr(struct sk_buff skb, xfrm_address_t daddr,
				1620	xfrm_address_t *saddr, u8 proto);
David S. Miller	7b77d16	2013-09-30 15:11:00 -0400	[diff] [blame]	1621	void xfrm6_local_error(struct sk_buff *skb, u32 mtu);
Steffen Klassert	7e14ea1	2014-03-14 07:28:07 +0100	[diff] [blame]	1622	int xfrm6_protocol_register(struct xfrm6_protocol *handler, unsigned char protocol);
				1623	int xfrm6_protocol_deregister(struct xfrm6_protocol *handler, unsigned char protocol);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1624	int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family);
David S. Miller	7b77d16	2013-09-30 15:11:00 -0400	[diff] [blame]	1625	int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1626	__be32 xfrm6_tunnel_alloc_spi(struct net net, xfrm_address_t saddr);
				1627	__be32 xfrm6_tunnel_spi_lookup(struct net net, const xfrm_address_t saddr);
Eric W. Biederman	ede2059	2015-10-07 16:48:47 -0500	[diff] [blame]	1628	int xfrm6_output(struct net net, struct sock sk, struct sk_buff *skb);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1629
				1630	#ifdef CONFIG_XFRM
Florian Westphal	3e50ddd	2020-05-04 10:06:06 +0200	[diff] [blame]	1631	void xfrm6_local_rxpmtu(struct sk_buff *skb, u32 mtu);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1632	int xfrm4_udp_encap_rcv(struct sock sk, struct sk_buff skb);
Sabrina Dubroca	0146dca	2020-04-27 17:59:34 +0200	[diff] [blame]	1633	int xfrm6_udp_encap_rcv(struct sock sk, struct sk_buff skb);
Christoph Hellwig	c6d1b26	2020-07-23 08:08:51 +0200	[diff] [blame]	1634	int xfrm_user_policy(struct sock *sk, int optname, sockptr_t optval,
				1635	int optlen);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1636	#else
Christoph Hellwig	c6d1b26	2020-07-23 08:08:51 +0200	[diff] [blame]	1637	static inline int xfrm_user_policy(struct sock *sk, int optname,
				1638	sockptr_t optval, int optlen)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1639	{
				1640	return -ENOPROTOOPT;
Stephen Hemminger	82695b3	2018-02-27 15:48:21 -0800	[diff] [blame]	1641	}
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1642	#endif
				1643
Steffen Klassert	d77e38e	2017-04-14 10:06:10 +0200	[diff] [blame]	1644	struct dst_entry __xfrm_dst_lookup(struct net net, int tos, int oif,
				1645	const xfrm_address_t *saddr,
				1646	const xfrm_address_t *daddr,
Lorenzo Colitti	077fbac	2017-08-11 02:11:33 +0900	[diff] [blame]	1647	int family, u32 mark);
Steffen Klassert	d77e38e	2017-04-14 10:06:10 +0200	[diff] [blame]	1648
Alexey Dobriyan	0331b1f	2008-11-25 17:21:45 -0800	[diff] [blame]	1649	struct xfrm_policy xfrm_policy_alloc(struct net net, gfp_t gfp);
Timo Teras	4c563f7	2008-02-28 21:31:08 -0800	[diff] [blame]	1650
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1651	void xfrm_policy_walk_init(struct xfrm_policy_walk *walk, u8 type);
				1652	int xfrm_policy_walk(struct net net, struct xfrm_policy_walk walk,
				1653	int (func)(struct xfrm_policy , int, int, void*),
				1654	void *);
Fan Du	283bc9f	2013-11-07 17:47:50 +0800	[diff] [blame]	1655	void xfrm_policy_walk_done(struct xfrm_policy_walk walk, struct net net);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1656	int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);
Xin Long	4f47e8ab	2020-06-22 16:40:29 +0800	[diff] [blame]	1657	struct xfrm_policy xfrm_policy_bysel_ctx(struct net net,
				1658	const struct xfrm_mark *mark,
				1659	u32 if_id, u8 type, int dir,
Masahide NAKAMURA	4e81bb8	2006-08-23 22:43:30 -0700	[diff] [blame]	1660	struct xfrm_selector *sel,
Eric Paris	ef41aaa	2007-03-07 15:37:58 -0800	[diff] [blame]	1661	struct xfrm_sec_ctx *ctx, int delete,
				1662	int *err);
Xin Long	4f47e8ab	2020-06-22 16:40:29 +0800	[diff] [blame]	1663	struct xfrm_policy xfrm_policy_byid(struct net net,
				1664	const struct xfrm_mark *mark, u32 if_id,
				1665	u8 type, int dir, u32 id, int delete,
				1666	int *err);
Tetsuo Handa	2e71029	2014-04-22 21:48:30 +0900	[diff] [blame]	1667	int xfrm_policy_flush(struct net *net, u8 type, bool task_valid);
Christophe Gouault	880a6fa	2014-08-29 16:16:05 +0200	[diff] [blame]	1668	void xfrm_policy_hash_rebuild(struct net *net);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1669	u32 xfrm_get_acqseq(void);
Fan Du	776e9dd	2013-12-16 18:47:49 +0800	[diff] [blame]	1670	int verify_spi_info(u8 proto, u32 min, u32 max);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1671	int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
Mathias Krause	e473fcb	2013-06-26 23:56:58 +0200	[diff] [blame]	1672	struct xfrm_state xfrm_find_acq(struct net net, const struct xfrm_mark *mark,
Steffen Klassert	7e65264	2018-06-12 14:07:07 +0200	[diff] [blame]	1673	u8 mode, u32 reqid, u32 if_id, u8 proto,
David S. Miller	a70486f	2011-02-27 23:17:24 -0800	[diff] [blame]	1674	const xfrm_address_t *daddr,
				1675	const xfrm_address_t *saddr, int create,
Jamal Hadi Salim	bd55775	2010-02-22 16:20:22 -0800	[diff] [blame]	1676	unsigned short family);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1677	int xfrm_sk_policy_insert(struct sock sk, int dir, struct xfrm_policy pol);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1678
Shinta Sugimoto	80c9aba	2007-02-08 13:11:42 -0800	[diff] [blame]	1679	#ifdef CONFIG_XFRM_MIGRATE
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1680	int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
				1681	const struct xfrm_migrate *m, int num_bundles,
Antony Antony	8bafd73	2017-06-06 12:12:14 +0200	[diff] [blame]	1682	const struct xfrm_kmaddress *k,
				1683	const struct xfrm_encap_tmpl *encap);
Fan Du	283bc9f	2013-11-07 17:47:50 +0800	[diff] [blame]	1684	struct xfrm_state xfrm_migrate_state_find(struct xfrm_migrate m, struct net *net);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1685	struct xfrm_state xfrm_state_migrate(struct xfrm_state x,
Antony Antony	4ab47d4	2017-06-06 12:12:13 +0200	[diff] [blame]	1686	struct xfrm_migrate *m,
				1687	struct xfrm_encap_tmpl *encap);
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1688	int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
				1689	struct xfrm_migrate *m, int num_bundles,
Antony Antony	4ab47d4	2017-06-06 12:12:13 +0200	[diff] [blame]	1690	struct xfrm_kmaddress k, struct net net,
				1691	struct xfrm_encap_tmpl *encap);
Shinta Sugimoto	80c9aba	2007-02-08 13:11:42 -0800	[diff] [blame]	1692	#endif
				1693
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1694	int km_new_mapping(struct xfrm_state x, xfrm_address_t ipaddr, __be16 sport);
				1695	void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 portid);
				1696	int km_report(struct net net, u8 proto, struct xfrm_selector sel,
				1697	xfrm_address_t *addr);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1698
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1699	void xfrm_input_init(void);
				1700	int xfrm_parse_spi(struct sk_buff skb, u8 nexthdr, __be32 spi, __be32 *seq);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1701
Joe Perches	d511337	2013-09-23 11:33:53 -0700	[diff] [blame]	1702	void xfrm_probe_algs(void);
				1703	int xfrm_count_pfkey_auth_supported(void);
				1704	int xfrm_count_pfkey_enc_supported(void);
				1705	struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx);
				1706	struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx);
				1707	struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id);
				1708	struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id);
				1709	struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id);
				1710	struct xfrm_algo_desc xfrm_aalg_get_byname(const char name, int probe);
				1711	struct xfrm_algo_desc xfrm_ealg_get_byname(const char name, int probe);
				1712	struct xfrm_algo_desc xfrm_calg_get_byname(const char name, int probe);
				1713	struct xfrm_algo_desc xfrm_aead_get_byname(const char name, int icv_len,
				1714	int probe);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1715
YOSHIFUJI Hideaki / 吉藤英明	ff88b30	2013-01-29 12:48:31 +0000	[diff] [blame]	1716	static inline bool xfrm6_addr_equal(const xfrm_address_t *a,
				1717	const xfrm_address_t *b)
				1718	{
				1719	return ipv6_addr_equal((const struct in6_addr *)a,
				1720	(const struct in6_addr *)b);
				1721	}
				1722
YOSHIFUJI Hideaki / 吉藤英明	70e94e6	2013-01-29 12:48:50 +0000	[diff] [blame]	1723	static inline bool xfrm_addr_equal(const xfrm_address_t *a,
				1724	const xfrm_address_t *b,
				1725	sa_family_t family)
				1726	{
				1727	switch (family) {
				1728	default:
				1729	case AF_INET:
				1730	return ((__force u32)a->a4 ^ (__force u32)b->a4) == 0;
				1731	case AF_INET6:
				1732	return xfrm6_addr_equal(a, b);
				1733	}
				1734	}
				1735
Herbert Xu	77d8d7a	2005-10-05 12:15:12 -0700	[diff] [blame]	1736	static inline int xfrm_policy_id2dir(u32 index)
				1737	{
				1738	return index & 7;
				1739	}
				1740
Alexey Dobriyan	a6483b7	2008-11-25 17:38:20 -0800	[diff] [blame]	1741	#ifdef CONFIG_XFRM
Florian Westphal	c7f8778	2021-06-18 15:51:57 +0200	[diff] [blame]	1742	void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq);
Florian Westphal	adfc2fd	2021-06-18 15:51:59 +0200	[diff] [blame]	1743	int xfrm_replay_check(struct xfrm_state x, struct sk_buff skb, __be32 net_seq);
Florian Westphal	cfc61c5	2021-06-18 15:51:56 +0200	[diff] [blame]	1744	void xfrm_replay_notify(struct xfrm_state *x, int event);
Florian Westphal	b5a1d1f	2021-06-18 15:52:00 +0200	[diff] [blame]	1745	int xfrm_replay_overflow(struct xfrm_state x, struct sk_buff skb);
Florian Westphal	25cfb8b	2021-06-18 15:51:58 +0200	[diff] [blame]	1746	int xfrm_replay_recheck(struct xfrm_state x, struct sk_buff skb, __be32 net_seq);
Florian Westphal	cfc61c5	2021-06-18 15:51:56 +0200	[diff] [blame]	1747
Alexey Dobriyan	a6483b7	2008-11-25 17:38:20 -0800	[diff] [blame]	1748	static inline int xfrm_aevent_is_on(struct net *net)
Jamal Hadi Salim	f8cd548	2006-03-20 19:15:11 -0800	[diff] [blame]	1749	{
Patrick McHardy	be33690	2006-03-20 22:40:54 -0800	[diff] [blame]	1750	struct sock *nlsk;
				1751	int ret = 0;
				1752
				1753	rcu_read_lock();
Alexey Dobriyan	a6483b7	2008-11-25 17:38:20 -0800	[diff] [blame]	1754	nlsk = rcu_dereference(net->xfrm.nlsk);
Patrick McHardy	be33690	2006-03-20 22:40:54 -0800	[diff] [blame]	1755	if (nlsk)
				1756	ret = netlink_has_listeners(nlsk, XFRMNLGRP_AEVENTS);
				1757	rcu_read_unlock();
				1758	return ret;
Jamal Hadi Salim	f8cd548	2006-03-20 19:15:11 -0800	[diff] [blame]	1759	}
Horia Geanta	0f24558	2014-02-12 16:20:06 +0200	[diff] [blame]	1760
				1761	static inline int xfrm_acquire_is_on(struct net *net)
				1762	{
				1763	struct sock *nlsk;
				1764	int ret = 0;
				1765
				1766	rcu_read_lock();
				1767	nlsk = rcu_dereference(net->xfrm.nlsk);
				1768	if (nlsk)
				1769	ret = netlink_has_listeners(nlsk, XFRMNLGRP_ACQUIRE);
				1770	rcu_read_unlock();
				1771
				1772	return ret;
				1773	}
Alexey Dobriyan	a6483b7	2008-11-25 17:38:20 -0800	[diff] [blame]	1774	#endif
Jamal Hadi Salim	f8cd548	2006-03-20 19:15:11 -0800	[diff] [blame]	1775
Alexey Dobriyan	373b8ee	2017-09-21 23:45:43 +0300	[diff] [blame]	1776	static inline unsigned int aead_len(struct xfrm_algo_aead *alg)
Steffen Klassert	ee5c231	2014-02-19 13:33:24 +0100	[diff] [blame]	1777	{
				1778	return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
				1779	}
				1780
Alexey Dobriyan	06cd22f	2017-09-21 23:46:30 +0300	[diff] [blame]	1781	static inline unsigned int xfrm_alg_len(const struct xfrm_algo *alg)
Eric Dumazet	0f99be0	2008-01-08 23:39:06 -0800	[diff] [blame]	1782	{
				1783	return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
				1784	}
				1785
Alexey Dobriyan	1bd963a	2017-09-21 23:47:09 +0300	[diff] [blame]	1786	static inline unsigned int xfrm_alg_auth_len(const struct xfrm_algo_auth *alg)
Martin Willi	4447bb3	2009-11-25 00:29:52 +0000	[diff] [blame]	1787	{
				1788	return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
				1789	}
				1790
Alexey Dobriyan	5e708e4	2017-09-21 23:47:50 +0300	[diff] [blame]	1791	static inline unsigned int xfrm_replay_state_esn_len(struct xfrm_replay_state_esn *replay_esn)
Steffen Klassert	9736acf	2011-03-08 00:05:43 +0000	[diff] [blame]	1792	{
				1793	return sizeof(replay_esn) + replay_esn->bmp_len sizeof(__u32);
				1794	}
				1795
Shinta Sugimoto	80c9aba	2007-02-08 13:11:42 -0800	[diff] [blame]	1796	#ifdef CONFIG_XFRM_MIGRATE
Steffen Klassert	af2f464	2011-03-28 19:46:39 +0000	[diff] [blame]	1797	static inline int xfrm_replay_clone(struct xfrm_state *x,
				1798	struct xfrm_state *orig)
				1799	{
Antony Antony	91a46c6	2020-09-04 08:49:55 +0200	[diff] [blame]	1800
				1801	x->replay_esn = kmemdup(orig->replay_esn,
				1802	xfrm_replay_state_esn_len(orig->replay_esn),
Steffen Klassert	af2f464	2011-03-28 19:46:39 +0000	[diff] [blame]	1803	GFP_KERNEL);
				1804	if (!x->replay_esn)
				1805	return -ENOMEM;
Antony Antony	91a46c6	2020-09-04 08:49:55 +0200	[diff] [blame]	1806	x->preplay_esn = kmemdup(orig->preplay_esn,
				1807	xfrm_replay_state_esn_len(orig->preplay_esn),
Steffen Klassert	af2f464	2011-03-28 19:46:39 +0000	[diff] [blame]	1808	GFP_KERNEL);
Antony Antony	91a46c6	2020-09-04 08:49:55 +0200	[diff] [blame]	1809	if (!x->preplay_esn)
Steffen Klassert	af2f464	2011-03-28 19:46:39 +0000	[diff] [blame]	1810	return -ENOMEM;
Steffen Klassert	af2f464	2011-03-28 19:46:39 +0000	[diff] [blame]	1811
				1812	return 0;
				1813	}
				1814
Steffen Klassert	ee5c231	2014-02-19 13:33:24 +0100	[diff] [blame]	1815	static inline struct xfrm_algo_aead xfrm_algo_aead_clone(struct xfrm_algo_aead orig)
				1816	{
				1817	return kmemdup(orig, aead_len(orig), GFP_KERNEL);
				1818	}
				1819
				1820
Shinta Sugimoto	80c9aba	2007-02-08 13:11:42 -0800	[diff] [blame]	1821	static inline struct xfrm_algo xfrm_algo_clone(struct xfrm_algo orig)
				1822	{
Eric Dumazet	0f99be0	2008-01-08 23:39:06 -0800	[diff] [blame]	1823	return kmemdup(orig, xfrm_alg_len(orig), GFP_KERNEL);
Shinta Sugimoto	80c9aba	2007-02-08 13:11:42 -0800	[diff] [blame]	1824	}
				1825
Martin Willi	4447bb3	2009-11-25 00:29:52 +0000	[diff] [blame]	1826	static inline struct xfrm_algo_auth xfrm_algo_auth_clone(struct xfrm_algo_auth orig)
				1827	{
				1828	return kmemdup(orig, xfrm_alg_auth_len(orig), GFP_KERNEL);
				1829	}
				1830
Shinta Sugimoto	80c9aba	2007-02-08 13:11:42 -0800	[diff] [blame]	1831	static inline void xfrm_states_put(struct xfrm_state **states, int n)
				1832	{
				1833	int i;
				1834	for (i = 0; i < n; i++)
				1835	xfrm_state_put(*(states + i));
				1836	}
				1837
				1838	static inline void xfrm_states_delete(struct xfrm_state **states, int n)
				1839	{
				1840	int i;
				1841	for (i = 0; i < n; i++)
				1842	xfrm_state_delete(*(states + i));
				1843	}
				1844	#endif
Jamal Hadi Salim	f8cd548	2006-03-20 19:15:11 -0800	[diff] [blame]	1845
Alexey Dobriyan	def8b4f	2008-10-28 13:24:06 -0700	[diff] [blame]	1846	#ifdef CONFIG_XFRM
Herbert Xu	0050112	2007-12-11 01:53:43 -0800	[diff] [blame]	1847	static inline struct xfrm_state xfrm_input_state(struct sk_buff skb)
				1848	{
Florian Westphal	2294be0f	2018-12-18 17:15:20 +0100	[diff] [blame]	1849	struct sec_path *sp = skb_sec_path(skb);
				1850
				1851	return sp->xvec[sp->len - 1];
Herbert Xu	0050112	2007-12-11 01:53:43 -0800	[diff] [blame]	1852	}
Steffen Klassert	f53c723	2017-12-20 10:41:36 +0100	[diff] [blame]	1853	#endif
				1854
Steffen Klassert	54ef207	2017-02-15 09:39:54 +0100	[diff] [blame]	1855	static inline struct xfrm_offload xfrm_offload(struct sk_buff skb)
				1856	{
Steffen Klassert	f53c723	2017-12-20 10:41:36 +0100	[diff] [blame]	1857	#ifdef CONFIG_XFRM
Florian Westphal	2294be0f	2018-12-18 17:15:20 +0100	[diff] [blame]	1858	struct sec_path *sp = skb_sec_path(skb);
Steffen Klassert	54ef207	2017-02-15 09:39:54 +0100	[diff] [blame]	1859
				1860	if (!sp \|\| !sp->olen \|\| sp->len != sp->olen)
				1861	return NULL;
				1862
				1863	return &sp->ovec[sp->olen - 1];
Steffen Klassert	f53c723	2017-12-20 10:41:36 +0100	[diff] [blame]	1864	#else
				1865	return NULL;
Alexey Dobriyan	def8b4f	2008-10-28 13:24:06 -0700	[diff] [blame]	1866	#endif
Steffen Klassert	f53c723	2017-12-20 10:41:36 +0100	[diff] [blame]	1867	}
Herbert Xu	0050112	2007-12-11 01:53:43 -0800	[diff] [blame]	1868
Kirill Tkhai	e9a441b	2018-03-29 17:03:25 +0300	[diff] [blame]	1869	void __init xfrm_dev_init(void);
Hangbin Liu	b81f884a	2017-06-01 14:57:56 +0800	[diff] [blame]	1870
				1871	#ifdef CONFIG_XFRM_OFFLOAD
Steffen Klassert	f53c723	2017-12-20 10:41:36 +0100	[diff] [blame]	1872	void xfrm_dev_resume(struct sk_buff *skb);
				1873	void xfrm_dev_backlog(struct softnet_data *sd);
				1874	struct sk_buff validate_xmit_xfrm(struct sk_buff skb, netdev_features_t features, bool *again);
Steffen Klassert	d77e38e	2017-04-14 10:06:10 +0200	[diff] [blame]	1875	int xfrm_dev_state_add(struct net net, struct xfrm_state x,
				1876	struct xfrm_user_offload *xuo);
				1877	bool xfrm_dev_offload_ok(struct sk_buff skb, struct xfrm_state x);
				1878
Yossef Efraim	50bd870	2018-01-14 11:39:10 +0200	[diff] [blame]	1879	static inline void xfrm_dev_state_advance_esn(struct xfrm_state *x)
				1880	{
				1881	struct xfrm_state_offload *xso = &x->xso;
				1882
				1883	if (xso->dev && xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn)
				1884	xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn(x);
				1885	}
				1886
Steffen Klassert	f70f250	2017-08-01 12:49:10 +0300	[diff] [blame]	1887	static inline bool xfrm_dst_offload_ok(struct dst_entry *dst)
				1888	{
				1889	struct xfrm_state *x = dst->xfrm;
David Miller	b6ca8bd	2017-11-28 15:45:44 -0500	[diff] [blame]	1890	struct xfrm_dst *xdst;
Steffen Klassert	f70f250	2017-08-01 12:49:10 +0300	[diff] [blame]	1891
				1892	if (!x \|\| !x->type_offload)
				1893	return false;
				1894
David Miller	b6ca8bd	2017-11-28 15:45:44 -0500	[diff] [blame]	1895	xdst = (struct xfrm_dst *) dst;
Steffen Klassert	2271d51	2017-12-20 10:41:48 +0100	[diff] [blame]	1896	if (!x->xso.offload_handle && !xdst->child->xfrm)
				1897	return true;
David Miller	0f6c480	2017-11-28 15:40:46 -0500	[diff] [blame]	1898	if (x->xso.offload_handle && (x->xso.dev == xfrm_dst_path(dst)->dev) &&
David Miller	b6ca8bd	2017-11-28 15:45:44 -0500	[diff] [blame]	1899	!xdst->child->xfrm)
Steffen Klassert	f70f250	2017-08-01 12:49:10 +0300	[diff] [blame]	1900	return true;
				1901
				1902	return false;
				1903	}
				1904
Steffen Klassert	d77e38e	2017-04-14 10:06:10 +0200	[diff] [blame]	1905	static inline void xfrm_dev_state_delete(struct xfrm_state *x)
				1906	{
				1907	struct xfrm_state_offload *xso = &x->xso;
				1908
				1909	if (xso->dev)
				1910	xso->dev->xfrmdev_ops->xdo_dev_state_delete(x);
				1911	}
				1912
				1913	static inline void xfrm_dev_state_free(struct xfrm_state *x)
				1914	{
				1915	struct xfrm_state_offload *xso = &x->xso;
Colin Ian King	7799046	2018-12-06 17:52:28 +0000	[diff] [blame]	1916	struct net_device *dev = xso->dev;
Steffen Klassert	d77e38e	2017-04-14 10:06:10 +0200	[diff] [blame]	1917
				1918	if (dev && dev->xfrmdev_ops) {
Shannon Nelson	7f05b46	2017-12-19 15:35:47 -0800	[diff] [blame]	1919	if (dev->xfrmdev_ops->xdo_dev_state_free)
				1920	dev->xfrmdev_ops->xdo_dev_state_free(x);
Steffen Klassert	d77e38e	2017-04-14 10:06:10 +0200	[diff] [blame]	1921	xso->dev = NULL;
Eric Dumazet	e1b539b	2021-12-09 07:44:51 -0800	[diff] [blame]	1922	dev_put_track(dev, &xso->dev_tracker);
Steffen Klassert	d77e38e	2017-04-14 10:06:10 +0200	[diff] [blame]	1923	}
				1924	}
				1925	#else
Steffen Klassert	f53c723	2017-12-20 10:41:36 +0100	[diff] [blame]	1926	static inline void xfrm_dev_resume(struct sk_buff *skb)
				1927	{
				1928	}
				1929
				1930	static inline void xfrm_dev_backlog(struct softnet_data *sd)
				1931	{
				1932	}
				1933
				1934	static inline struct sk_buff validate_xmit_xfrm(struct sk_buff skb, netdev_features_t features, bool *again)
Steffen Klassert	f6e2711	2017-04-14 10:07:28 +0200	[diff] [blame]	1935	{
Steffen Klassert	3dca3f3	2017-12-20 10:41:31 +0100	[diff] [blame]	1936	return skb;
Steffen Klassert	f6e2711	2017-04-14 10:07:28 +0200	[diff] [blame]	1937	}
				1938
Steffen Klassert	d77e38e	2017-04-14 10:06:10 +0200	[diff] [blame]	1939	static inline int xfrm_dev_state_add(struct net net, struct xfrm_state x, struct xfrm_user_offload *xuo)
				1940	{
				1941	return 0;
				1942	}
				1943
				1944	static inline void xfrm_dev_state_delete(struct xfrm_state *x)
				1945	{
				1946	}
				1947
				1948	static inline void xfrm_dev_state_free(struct xfrm_state *x)
				1949	{
				1950	}
				1951
				1952	static inline bool xfrm_dev_offload_ok(struct sk_buff skb, struct xfrm_state x)
				1953	{
				1954	return false;
				1955	}
Steffen Klassert	f70f250	2017-08-01 12:49:10 +0300	[diff] [blame]	1956
Yossef Efraim	50bd870	2018-01-14 11:39:10 +0200	[diff] [blame]	1957	static inline void xfrm_dev_state_advance_esn(struct xfrm_state *x)
				1958	{
				1959	}
				1960
Steffen Klassert	f70f250	2017-08-01 12:49:10 +0300	[diff] [blame]	1961	static inline bool xfrm_dst_offload_ok(struct dst_entry *dst)
				1962	{
				1963	return false;
				1964	}
Steffen Klassert	d77e38e	2017-04-14 10:06:10 +0200	[diff] [blame]	1965	#endif
				1966
Jamal Hadi Salim	bf825f8	2010-02-22 11:32:54 +0000	[diff] [blame]	1967	static inline int xfrm_mark_get(struct nlattr *attrs, struct xfrm_mark m)
				1968	{
				1969	if (attrs[XFRMA_MARK])
Andreas Steffen	4efd7e8	2010-06-30 10:41:15 -0700	[diff] [blame]	1970	memcpy(m, nla_data(attrs[XFRMA_MARK]), sizeof(struct xfrm_mark));
Jamal Hadi Salim	bf825f8	2010-02-22 11:32:54 +0000	[diff] [blame]	1971	else
				1972	m->v = m->m = 0;
				1973
				1974	return m->v & m->m;
				1975	}
				1976
David S. Miller	e3dfa38	2011-02-27 23:20:19 -0800	[diff] [blame]	1977	static inline int xfrm_mark_put(struct sk_buff skb, const struct xfrm_mark m)
Jamal Hadi Salim	bf825f8	2010-02-22 11:32:54 +0000	[diff] [blame]	1978	{
David S. Miller	1d1e34d	2012-06-27 21:57:03 -0700	[diff] [blame]	1979	int ret = 0;
Jamal Hadi Salim	bf825f8	2010-02-22 11:32:54 +0000	[diff] [blame]	1980
David S. Miller	1d1e34d	2012-06-27 21:57:03 -0700	[diff] [blame]	1981	if (m->m \| m->v)
				1982	ret = nla_put(skb, XFRMA_MARK, sizeof(struct xfrm_mark), m);
				1983	return ret;
Jamal Hadi Salim	bf825f8	2010-02-22 11:32:54 +0000	[diff] [blame]	1984	}
				1985
Steffen Klassert	9b42c1f	2018-06-12 12:44:26 +0200	[diff] [blame]	1986	static inline __u32 xfrm_smark_get(__u32 mark, struct xfrm_state *x)
				1987	{
				1988	struct xfrm_mark *m = &x->props.smark;
				1989
				1990	return (m->v & m->m) \| (mark & ~m->m);
				1991	}
				1992
Steffen Klassert	7e65264	2018-06-12 14:07:07 +0200	[diff] [blame]	1993	static inline int xfrm_if_id_put(struct sk_buff *skb, __u32 if_id)
				1994	{
				1995	int ret = 0;
				1996
				1997	if (if_id)
				1998	ret = nla_put_u32(skb, XFRMA_IF_ID, if_id);
				1999	return ret;
				2000	}
				2001
Steffen Klassert	70be6c9	2014-02-21 08:41:09 +0100	[diff] [blame]	2002	static inline int xfrm_tunnel_check(struct sk_buff skb, struct xfrm_state x,
				2003	unsigned int family)
				2004	{
				2005	bool tunnel = false;
				2006
				2007	switch(family) {
				2008	case AF_INET:
				2009	if (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4)
				2010	tunnel = true;
				2011	break;
				2012	case AF_INET6:
				2013	if (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6)
				2014	tunnel = true;
				2015	break;
				2016	}
Florian Westphal	c9500d7	2019-03-29 21:16:32 +0100	[diff] [blame]	2017	if (tunnel && !(x->outer_mode.flags & XFRM_MODE_FLAG_TUNNEL))
Steffen Klassert	70be6c9	2014-02-21 08:41:09 +0100	[diff] [blame]	2018	return -EINVAL;
				2019
				2020	return 0;
				2021	}
Florian Westphal	ede64dd	2020-05-04 10:06:07 +0200	[diff] [blame]	2022
Dmitry Safonov	5461fc0	2020-09-21 15:36:52 +0100	[diff] [blame]	2023	extern const int xfrm_msg_min[XFRM_NR_MSGTYPES];
Dmitry Safonov	5106f4a	2020-09-21 15:36:55 +0100	[diff] [blame]	2024	extern const struct nla_policy xfrma_policy[XFRMA_MAX+1];
Dmitry Safonov	5461fc0	2020-09-21 15:36:52 +0100	[diff] [blame]	2025
Dmitry Safonov	c9e7c76	2020-09-21 15:36:51 +0100	[diff] [blame]	2026	struct xfrm_translator {
Dmitry Safonov	5461fc0	2020-09-21 15:36:52 +0100	[diff] [blame]	2027	/* Allocate frag_list and put compat translation there */
				2028	int (alloc_compat)(struct sk_buff skb, const struct nlmsghdr *src);
				2029
Dmitry Safonov	5106f4a	2020-09-21 15:36:55 +0100	[diff] [blame]	2030	/* Allocate nlmsg with 64-bit translaton of received 32-bit message */
				2031	struct nlmsghdr (rcv_msg_compat)(const struct nlmsghdr *nlh,
				2032	int maxtype, const struct nla_policy *policy,
				2033	struct netlink_ext_ack *extack);
				2034
Dmitry Safonov	96392ee	2020-09-21 15:36:56 +0100	[diff] [blame]	2035	/* Translate 32-bit user_policy from sockptr */
				2036	int (xlate_user_policy_sockptr)(u8 *pdata32, int optlen);
				2037
Dmitry Safonov	c9e7c76	2020-09-21 15:36:51 +0100	[diff] [blame]	2038	struct module *owner;
				2039	};
				2040
				2041	#if IS_ENABLED(CONFIG_XFRM_USER_COMPAT)
				2042	extern int xfrm_register_translator(struct xfrm_translator *xtr);
				2043	extern int xfrm_unregister_translator(struct xfrm_translator *xtr);
				2044	extern struct xfrm_translator *xfrm_get_translator(void);
				2045	extern void xfrm_put_translator(struct xfrm_translator *xtr);
				2046	#else
				2047	static inline struct xfrm_translator *xfrm_get_translator(void)
				2048	{
				2049	return NULL;
				2050	}
				2051	static inline void xfrm_put_translator(struct xfrm_translator *xtr)
				2052	{
				2053	}
				2054	#endif
				2055
Florian Westphal	ede64dd	2020-05-04 10:06:07 +0200	[diff] [blame]	2056	#if IS_ENABLED(CONFIG_IPV6)
				2057	static inline bool xfrm6_local_dontfrag(const struct sock *sk)
				2058	{
				2059	int proto;
				2060
				2061	if (!sk \|\| sk->sk_family != AF_INET6)
				2062	return false;
				2063
				2064	proto = sk->sk_protocol;
				2065	if (proto == IPPROTO_UDP \|\| proto == IPPROTO_RAW)
				2066	return inet6_sk(sk)->dontfrag;
				2067
				2068	return false;
				2069	}
				2070	#endif
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	2071	#endif /* _NET_XFRM_H */