1#ifndef _NET_XFRM_H
2#define _NET_XFRM_H
3
4#include <linux/compiler.h>
5#include <linux/xfrm.h>
6#include <linux/spinlock.h>
7#include <linux/list.h>
8#include <linux/skbuff.h>
9#include <linux/socket.h>
10#include <linux/pfkeyv2.h>
11#include <linux/ipsec.h>
12#include <linux/in6.h>
13#include <linux/mutex.h>
14#include <linux/audit.h>
15
16#include <net/sock.h>
17#include <net/dst.h>
18#include <net/ip.h>
19#include <net/route.h>
20#include <net/ipv6.h>
21#include <net/ip6_fib.h>
22#ifdef CONFIG_XFRM_STATISTICS
23#include <net/snmp.h>
24#endif
25
26#define XFRM_PROTO_ESP 50
27#define XFRM_PROTO_AH 51
28#define XFRM_PROTO_COMP 108
29#define XFRM_PROTO_IPIP 4
30#define XFRM_PROTO_IPV6 41
31#define XFRM_PROTO_ROUTING IPPROTO_ROUTING
32#define XFRM_PROTO_DSTOPTS IPPROTO_DSTOPTS
33
34#define XFRM_ALIGN8(len) (((len) + 7) & ~7)
35#define MODULE_ALIAS_XFRM_MODE(family, encap) \
36 MODULE_ALIAS("xfrm-mode-" __stringify(family) "-" __stringify(encap))
37#define MODULE_ALIAS_XFRM_TYPE(family, proto) \
38 MODULE_ALIAS("xfrm-type-" __stringify(family) "-" __stringify(proto))
39
40#ifdef CONFIG_XFRM_STATISTICS
41#define XFRM_INC_STATS(net, field) SNMP_INC_STATS((net)->mib.xfrm_statistics, field)
42#define XFRM_INC_STATS_BH(net, field) SNMP_INC_STATS_BH((net)->mib.xfrm_statistics, field)
43#define XFRM_INC_STATS_USER(net, field) SNMP_INC_STATS_USER((net)-mib.xfrm_statistics, field)
44#else
45#define XFRM_INC_STATS(net, field) ((void)(net))
46#define XFRM_INC_STATS_BH(net, field) ((void)(net))
47#define XFRM_INC_STATS_USER(net, field) ((void)(net))
48#endif
49
50extern struct mutex xfrm_cfg_mutex;
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113struct xfrm_state_walk {
114 struct list_head all;
115 u8 state;
116 union {
117 u8 dying;
118 u8 proto;
119 };
120 u32 seq;
121};
122
123
124struct xfrm_state
125{
126#ifdef CONFIG_NET_NS
127 struct net *xs_net;
128#endif
129 union {
130 struct hlist_node gclist;
131 struct hlist_node bydst;
132 };
133 struct hlist_node bysrc;
134 struct hlist_node byspi;
135
136 atomic_t refcnt;
137 spinlock_t lock;
138
139 struct xfrm_id id;
140 struct xfrm_selector sel;
141
142 u32 genid;
143
144
145 struct xfrm_state_walk km;
146
147
148 struct {
149 u32 reqid;
150 u8 mode;
151 u8 replay_window;
152 u8 aalgo, ealgo, calgo;
153 u8 flags;
154 u16 family;
155 xfrm_address_t saddr;
156 int header_len;
157 int trailer_len;
158 } props;
159
160 struct xfrm_lifetime_cfg lft;
161
162
163 struct xfrm_algo *aalg;
164 struct xfrm_algo *ealg;
165 struct xfrm_algo *calg;
166 struct xfrm_algo_aead *aead;
167
168
169 struct xfrm_encap_tmpl *encap;
170
171
172 xfrm_address_t *coaddr;
173
174
175 struct xfrm_state *tunnel;
176
177
178 atomic_t tunnel_users;
179
180
181 struct xfrm_replay_state replay;
182
183
184 struct xfrm_replay_state preplay;
185
186
187
188
189 u32 xflags;
190
191
192 u32 replay_maxage;
193 u32 replay_maxdiff;
194
195
196 struct timer_list rtimer;
197
198
199 struct xfrm_stats stats;
200
201 struct xfrm_lifetime_cur curlft;
202 struct timer_list timer;
203
204
205 unsigned long lastused;
206
207
208
209 const struct xfrm_type *type;
210 struct xfrm_mode *inner_mode;
211 struct xfrm_mode *inner_mode_iaf;
212 struct xfrm_mode *outer_mode;
213
214
215 struct xfrm_sec_ctx *security;
216
217
218
219 void *data;
220};
221
222static inline struct net *xs_net(struct xfrm_state *x)
223{
224 return read_pnet(&x->xs_net);
225}
226
227
228#define XFRM_TIME_DEFER 1
229
230enum {
231 XFRM_STATE_VOID,
232 XFRM_STATE_ACQ,
233 XFRM_STATE_VALID,
234 XFRM_STATE_ERROR,
235 XFRM_STATE_EXPIRED,
236 XFRM_STATE_DEAD
237};
238
239
240struct km_event
241{
242 union {
243 u32 hard;
244 u32 proto;
245 u32 byid;
246 u32 aevent;
247 u32 type;
248 } data;
249
250 u32 seq;
251 u32 pid;
252 u32 event;
253 struct net *net;
254};
255
256struct net_device;
257struct xfrm_type;
258struct xfrm_dst;
259struct xfrm_policy_afinfo {
260 unsigned short family;
261 struct dst_ops *dst_ops;
262 void (*garbage_collect)(struct net *net);
263 struct dst_entry *(*dst_lookup)(struct net *net, int tos,
264 xfrm_address_t *saddr,
265 xfrm_address_t *daddr);
266 int (*get_saddr)(struct net *net, xfrm_address_t *saddr, xfrm_address_t *daddr);
267 struct dst_entry *(*find_bundle)(struct flowi *fl, struct xfrm_policy *policy);
268 void (*decode_session)(struct sk_buff *skb,
269 struct flowi *fl,
270 int reverse);
271 int (*get_tos)(struct flowi *fl);
272 int (*init_path)(struct xfrm_dst *path,
273 struct dst_entry *dst,
274 int nfheader_len);
275 int (*fill_dst)(struct xfrm_dst *xdst,
276 struct net_device *dev);
277};
278
279extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
280extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo);
281extern void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c);
282extern void km_state_notify(struct xfrm_state *x, struct km_event *c);
283
284struct xfrm_tmpl;
285extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
286extern void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
287extern int __xfrm_state_delete(struct xfrm_state *x);
288
289struct xfrm_state_afinfo {
290 unsigned int family;
291 unsigned int proto;
292 __be16 eth_proto;
293 struct module *owner;
294 const struct xfrm_type *type_map[IPPROTO_MAX];
295 struct xfrm_mode *mode_map[XFRM_MODE_MAX];
296 int (*init_flags)(struct xfrm_state *x);
297 void (*init_tempsel)(struct xfrm_state *x, struct flowi *fl,
298 struct xfrm_tmpl *tmpl,
299 xfrm_address_t *daddr, xfrm_address_t *saddr);
300 int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n);
301 int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n);
302 int (*output)(struct sk_buff *skb);
303 int (*extract_input)(struct xfrm_state *x,
304 struct sk_buff *skb);
305 int (*extract_output)(struct xfrm_state *x,
306 struct sk_buff *skb);
307 int (*transport_finish)(struct sk_buff *skb,
308 int async);
309};
310
311extern int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo);
312extern int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo);
313
314extern void xfrm_state_delete_tunnel(struct xfrm_state *x);
315
316struct xfrm_type
317{
318 char *description;
319 struct module *owner;
320 __u8 proto;
321 __u8 flags;
322#define XFRM_TYPE_NON_FRAGMENT 1
323#define XFRM_TYPE_REPLAY_PROT 2
324#define XFRM_TYPE_LOCAL_COADDR 4
325#define XFRM_TYPE_REMOTE_COADDR 8
326
327 int (*init_state)(struct xfrm_state *x);
328 void (*destructor)(struct xfrm_state *);
329 int (*input)(struct xfrm_state *, struct sk_buff *skb);
330 int (*output)(struct xfrm_state *, struct sk_buff *pskb);
331 int (*reject)(struct xfrm_state *, struct sk_buff *, struct flowi *);
332 int (*hdr_offset)(struct xfrm_state *, struct sk_buff *, u8 **);
333
334 u32 (*get_mtu)(struct xfrm_state *, int size);
335};
336
337extern int xfrm_register_type(const struct xfrm_type *type, unsigned short family);
338extern int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family);
339
340struct xfrm_mode {
341
342
343
344
345
346
347
348
349
350
351
352 int (*input2)(struct xfrm_state *x, struct sk_buff *skb);
353
354
355
356
357
358
359
360
361
362 int (*input)(struct xfrm_state *x, struct sk_buff *skb);
363
364
365
366
367
368
369
370
371
372
373
374
375 int (*output2)(struct xfrm_state *x,struct sk_buff *skb);
376
377
378
379
380
381
382
383
384
385
386 int (*output)(struct xfrm_state *x, struct sk_buff *skb);
387
388 struct xfrm_state_afinfo *afinfo;
389 struct module *owner;
390 unsigned int encap;
391 int flags;
392};
393
394
395enum {
396 XFRM_MODE_FLAG_TUNNEL = 1,
397};
398
399extern int xfrm_register_mode(struct xfrm_mode *mode, int family);
400extern int xfrm_unregister_mode(struct xfrm_mode *mode, int family);
401
402static inline int xfrm_af2proto(unsigned int family)
403{
404 switch(family) {
405 case AF_INET:
406 return IPPROTO_IPIP;
407 case AF_INET6:
408 return IPPROTO_IPV6;
409 default:
410 return 0;
411 }
412}
413
414static inline struct xfrm_mode *xfrm_ip2inner_mode(struct xfrm_state *x, int ipproto)
415{
416 if ((ipproto == IPPROTO_IPIP && x->props.family == AF_INET) ||
417 (ipproto == IPPROTO_IPV6 && x->props.family == AF_INET6))
418 return x->inner_mode;
419 else
420 return x->inner_mode_iaf;
421}
422
423struct xfrm_tmpl
424{
425
426
427
428
429
430
431 struct xfrm_id id;
432
433
434 xfrm_address_t saddr;
435
436 unsigned short encap_family;
437
438 __u32 reqid;
439
440
441 __u8 mode;
442
443
444 __u8 share;
445
446
447 __u8 optional;
448
449
450 __u8 allalgs;
451
452
453 __u32 aalgos;
454 __u32 ealgos;
455 __u32 calgos;
456};
457
458#define XFRM_MAX_DEPTH 6
459
460struct xfrm_policy_walk_entry {
461 struct list_head all;
462 u8 dead;
463};
464
465struct xfrm_policy_walk {
466 struct xfrm_policy_walk_entry walk;
467 u8 type;
468 u32 seq;
469};
470
471struct xfrm_policy
472{
473#ifdef CONFIG_NET_NS
474 struct net *xp_net;
475#endif
476 struct hlist_node bydst;
477 struct hlist_node byidx;
478
479
480 rwlock_t lock;
481 atomic_t refcnt;
482 struct timer_list timer;
483
484 u32 priority;
485 u32 index;
486 struct xfrm_selector selector;
487 struct xfrm_lifetime_cfg lft;
488 struct xfrm_lifetime_cur curlft;
489 struct dst_entry *bundles;
490 struct xfrm_policy_walk_entry walk;
491 u8 type;
492 u8 action;
493 u8 flags;
494 u8 xfrm_nr;
495 u16 family;
496 struct xfrm_sec_ctx *security;
497 struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH];
498};
499
500static inline struct net *xp_net(struct xfrm_policy *xp)
501{
502 return read_pnet(&xp->xp_net);
503}
504
505struct xfrm_kmaddress {
506 xfrm_address_t local;
507 xfrm_address_t remote;
508 u32 reserved;
509 u16 family;
510};
511
512struct xfrm_migrate {
513 xfrm_address_t old_daddr;
514 xfrm_address_t old_saddr;
515 xfrm_address_t new_daddr;
516 xfrm_address_t new_saddr;
517 u8 proto;
518 u8 mode;
519 u16 reserved;
520 u32 reqid;
521 u16 old_family;
522 u16 new_family;
523};
524
525#define XFRM_KM_TIMEOUT 30
526
527#define XFRM_REPLAY_SEQ 1
528#define XFRM_REPLAY_OSEQ 2
529#define XFRM_REPLAY_SEQ_MASK 3
530
531#define XFRM_REPLAY_UPDATE XFRM_AE_CR
532#define XFRM_REPLAY_TIMEOUT XFRM_AE_CE
533
534
535#define XFRM_AE_ETIME 10
536
537#define XFRM_AE_ETH_M 10
538
539#define XFRM_AE_SEQT_SIZE 2
540
541struct xfrm_mgr
542{
543 struct list_head list;
544 char *id;
545 int (*notify)(struct xfrm_state *x, struct km_event *c);
546 int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir);
547 struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir);
548 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
549 int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c);
550 int (*report)(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
551 int (*migrate)(struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles, struct xfrm_kmaddress *k);
552};
553
554extern int xfrm_register_km(struct xfrm_mgr *km);
555extern int xfrm_unregister_km(struct xfrm_mgr *km);
556
557
558
559
560
561
562struct xfrm_skb_cb {
563 union {
564 struct inet_skb_parm h4;
565 struct inet6_skb_parm h6;
566 } header;
567
568
569 union {
570 u64 output;
571 __be32 input;
572 } seq;
573};
574
575#define XFRM_SKB_CB(__skb) ((struct xfrm_skb_cb *)&((__skb)->cb[0]))
576
577
578
579
580
581struct xfrm_mode_skb_cb {
582 union {
583 struct inet_skb_parm h4;
584 struct inet6_skb_parm h6;
585 } header;
586
587
588 __be16 id;
589 __be16 frag_off;
590
591
592 u8 ihl;
593
594
595 u8 tos;
596
597
598 u8 ttl;
599
600
601 u8 protocol;
602
603
604 u8 optlen;
605
606
607 u8 flow_lbl[3];
608};
609
610#define XFRM_MODE_SKB_CB(__skb) ((struct xfrm_mode_skb_cb *)&((__skb)->cb[0]))
611
612
613
614
615
616struct xfrm_spi_skb_cb {
617 union {
618 struct inet_skb_parm h4;
619 struct inet6_skb_parm h6;
620 } header;
621
622 unsigned int daddroff;
623 unsigned int family;
624};
625
626#define XFRM_SPI_SKB_CB(__skb) ((struct xfrm_spi_skb_cb *)&((__skb)->cb[0]))
627
628
629struct xfrm_audit
630{
631 u32 secid;
632 uid_t loginuid;
633 u32 sessionid;
634};
635
636#ifdef CONFIG_AUDITSYSCALL
637static inline struct audit_buffer *xfrm_audit_start(const char *op)
638{
639 struct audit_buffer *audit_buf = NULL;
640
641 if (audit_enabled == 0)
642 return NULL;
643 audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC,
644 AUDIT_MAC_IPSEC_EVENT);
645 if (audit_buf == NULL)
646 return NULL;
647 audit_log_format(audit_buf, "op=%s", op);
648 return audit_buf;
649}
650
651static inline void xfrm_audit_helper_usrinfo(uid_t auid, u32 ses, u32 secid,
652 struct audit_buffer *audit_buf)
653{
654 char *secctx;
655 u32 secctx_len;
656
657 audit_log_format(audit_buf, " auid=%u ses=%u", auid, ses);
658 if (secid != 0 &&
659 security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) {
660 audit_log_format(audit_buf, " subj=%s", secctx);
661 security_release_secctx(secctx, secctx_len);
662 } else
663 audit_log_task_context(audit_buf);
664}
665
666extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
667 u32 auid, u32 ses, u32 secid);
668extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
669 u32 auid, u32 ses, u32 secid);
670extern void xfrm_audit_state_add(struct xfrm_state *x, int result,
671 u32 auid, u32 ses, u32 secid);
672extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
673 u32 auid, u32 ses, u32 secid);
674extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
675 struct sk_buff *skb);
676extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
677extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
678 __be32 net_spi, __be32 net_seq);
679extern void xfrm_audit_state_icvfail(struct xfrm_state *x,
680 struct sk_buff *skb, u8 proto);
681#else
682
683static inline void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
684 u32 auid, u32 ses, u32 secid)
685{
686}
687
688static inline void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
689 u32 auid, u32 ses, u32 secid)
690{
691}
692
693static inline void xfrm_audit_state_add(struct xfrm_state *x, int result,
694 u32 auid, u32 ses, u32 secid)
695{
696}
697
698static inline void xfrm_audit_state_delete(struct xfrm_state *x, int result,
699 u32 auid, u32 ses, u32 secid)
700{
701}
702
703static inline void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
704 struct sk_buff *skb)
705{
706}
707
708static inline void xfrm_audit_state_notfound_simple(struct sk_buff *skb,
709 u16 family)
710{
711}
712
713static inline void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
714 __be32 net_spi, __be32 net_seq)
715{
716}
717
718static inline void xfrm_audit_state_icvfail(struct xfrm_state *x,
719 struct sk_buff *skb, u8 proto)
720{
721}
722#endif
723
724static inline void xfrm_pol_hold(struct xfrm_policy *policy)
725{
726 if (likely(policy != NULL))
727 atomic_inc(&policy->refcnt);
728}
729
730extern void xfrm_policy_destroy(struct xfrm_policy *policy);
731
732static inline void xfrm_pol_put(struct xfrm_policy *policy)
733{
734 if (atomic_dec_and_test(&policy->refcnt))
735 xfrm_policy_destroy(policy);
736}
737
738#ifdef CONFIG_XFRM_SUB_POLICY
739static inline void xfrm_pols_put(struct xfrm_policy **pols, int npols)
740{
741 int i;
742 for (i = npols - 1; i >= 0; --i)
743 xfrm_pol_put(pols[i]);
744}
745#else
746static inline void xfrm_pols_put(struct xfrm_policy **pols, int npols)
747{
748 xfrm_pol_put(pols[0]);
749}
750#endif
751
752extern void __xfrm_state_destroy(struct xfrm_state *);
753
754static inline void __xfrm_state_put(struct xfrm_state *x)
755{
756 atomic_dec(&x->refcnt);
757}
758
759static inline void xfrm_state_put(struct xfrm_state *x)
760{
761 if (atomic_dec_and_test(&x->refcnt))
762 __xfrm_state_destroy(x);
763}
764
765static inline void xfrm_state_hold(struct xfrm_state *x)
766{
767 atomic_inc(&x->refcnt);
768}
769
770static __inline__ int addr_match(void *token1, void *token2, int prefixlen)
771{
772 __be32 *a1 = token1;
773 __be32 *a2 = token2;
774 int pdw;
775 int pbi;
776
777 pdw = prefixlen >> 5;
778 pbi = prefixlen & 0x1f;
779
780 if (pdw)
781 if (memcmp(a1, a2, pdw << 2))
782 return 0;
783
784 if (pbi) {
785 __be32 mask;
786
787 mask = htonl((0xffffffff) << (32 - pbi));
788
789 if ((a1[pdw] ^ a2[pdw]) & mask)
790 return 0;
791 }
792
793 return 1;
794}
795
796static __inline__
797__be16 xfrm_flowi_sport(struct flowi *fl)
798{
799 __be16 port;
800 switch(fl->proto) {
801 case IPPROTO_TCP:
802 case IPPROTO_UDP:
803 case IPPROTO_UDPLITE:
804 case IPPROTO_SCTP:
805 port = fl->fl_ip_sport;
806 break;
807 case IPPROTO_ICMP:
808 case IPPROTO_ICMPV6:
809 port = htons(fl->fl_icmp_type);
810 break;
811 case IPPROTO_MH:
812 port = htons(fl->fl_mh_type);
813 break;
814 default:
815 port = 0;
816 }
817 return port;
818}
819
820static __inline__
821__be16 xfrm_flowi_dport(struct flowi *fl)
822{
823 __be16 port;
824 switch(fl->proto) {
825 case IPPROTO_TCP:
826 case IPPROTO_UDP:
827 case IPPROTO_UDPLITE:
828 case IPPROTO_SCTP:
829 port = fl->fl_ip_dport;
830 break;
831 case IPPROTO_ICMP:
832 case IPPROTO_ICMPV6:
833 port = htons(fl->fl_icmp_code);
834 break;
835 default:
836 port = 0;
837 }
838 return port;
839}
840
841extern int xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl,
842 unsigned short family);
843
844#ifdef CONFIG_SECURITY_NETWORK_XFRM
845
846
847
848static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2)
849{
850 return ((!s1 && !s2) ||
851 (s1 && s2 &&
852 (s1->ctx_sid == s2->ctx_sid) &&
853 (s1->ctx_doi == s2->ctx_doi) &&
854 (s1->ctx_alg == s2->ctx_alg)));
855}
856#else
857static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2)
858{
859 return 1;
860}
861#endif
862
863
864
865
866
867
868
869
870
871
872
873
874struct xfrm_dst
875{
876 union {
877 struct dst_entry dst;
878 struct rtable rt;
879 struct rt6_info rt6;
880 } u;
881 struct dst_entry *route;
882#ifdef CONFIG_XFRM_SUB_POLICY
883 struct flowi *origin;
884 struct xfrm_selector *partner;
885#endif
886 u32 genid;
887 u32 route_mtu_cached;
888 u32 child_mtu_cached;
889 u32 route_cookie;
890 u32 path_cookie;
891};
892
893#ifdef CONFIG_XFRM
894static inline void xfrm_dst_destroy(struct xfrm_dst *xdst)
895{
896 dst_release(xdst->route);
897 if (likely(xdst->u.dst.xfrm))
898 xfrm_state_put(xdst->u.dst.xfrm);
899#ifdef CONFIG_XFRM_SUB_POLICY
900 kfree(xdst->origin);
901 xdst->origin = NULL;
902 kfree(xdst->partner);
903 xdst->partner = NULL;
904#endif
905}
906#endif
907
908extern void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev);
909
910struct sec_path
911{
912 atomic_t refcnt;
913 int len;
914 struct xfrm_state *xvec[XFRM_MAX_DEPTH];
915};
916
917static inline struct sec_path *
918secpath_get(struct sec_path *sp)
919{
920 if (sp)
921 atomic_inc(&sp->refcnt);
922 return sp;
923}
924
925extern void __secpath_destroy(struct sec_path *sp);
926
927static inline void
928secpath_put(struct sec_path *sp)
929{
930 if (sp && atomic_dec_and_test(&sp->refcnt))
931 __secpath_destroy(sp);
932}
933
934extern struct sec_path *secpath_dup(struct sec_path *src);
935
936static inline void
937secpath_reset(struct sk_buff *skb)
938{
939#ifdef CONFIG_XFRM
940 secpath_put(skb->sp);
941 skb->sp = NULL;
942#endif
943}
944
945static inline int
946xfrm_addr_any(xfrm_address_t *addr, unsigned short family)
947{
948 switch (family) {
949 case AF_INET:
950 return addr->a4 == 0;
951 case AF_INET6:
952 return ipv6_addr_any((struct in6_addr *)&addr->a6);
953 }
954 return 0;
955}
956
957static inline int
958__xfrm4_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x)
959{
960 return (tmpl->saddr.a4 &&
961 tmpl->saddr.a4 != x->props.saddr.a4);
962}
963
964static inline int
965__xfrm6_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x)
966{
967 return (!ipv6_addr_any((struct in6_addr*)&tmpl->saddr) &&
968 ipv6_addr_cmp((struct in6_addr *)&tmpl->saddr, (struct in6_addr*)&x->props.saddr));
969}
970
971static inline int
972xfrm_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x, unsigned short family)
973{
974 switch (family) {
975 case AF_INET:
976 return __xfrm4_state_addr_cmp(tmpl, x);
977 case AF_INET6:
978 return __xfrm6_state_addr_cmp(tmpl, x);
979 }
980 return !0;
981}
982
983#ifdef CONFIG_XFRM
984extern int __xfrm_policy_check(struct sock *, int dir, struct sk_buff *skb, unsigned short family);
985
986static inline int __xfrm_policy_check2(struct sock *sk, int dir,
987 struct sk_buff *skb,
988 unsigned int family, int reverse)
989{
990 struct net *net = dev_net(skb->dev);
991 int ndir = dir | (reverse ? XFRM_POLICY_MASK + 1 : 0);
992
993 if (sk && sk->sk_policy[XFRM_POLICY_IN])
994 return __xfrm_policy_check(sk, ndir, skb, family);
995
996 return (!net->xfrm.policy_count[dir] && !skb->sp) ||
997 (skb_dst(skb)->flags & DST_NOPOLICY) ||
998 __xfrm_policy_check(sk, ndir, skb, family);
999}
1000
1001static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family)
1002{
1003 return __xfrm_policy_check2(sk, dir, skb, family, 0);
1004}
1005
1006static inline int xfrm4_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
1007{
1008 return xfrm_policy_check(sk, dir, skb, AF_INET);
1009}
1010
1011static inline int xfrm6_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
1012{
1013 return xfrm_policy_check(sk, dir, skb, AF_INET6);
1014}
1015
1016static inline int xfrm4_policy_check_reverse(struct sock *sk, int dir,
1017 struct sk_buff *skb)
1018{
1019 return __xfrm_policy_check2(sk, dir, skb, AF_INET, 1);
1020}
1021
1022static inline int xfrm6_policy_check_reverse(struct sock *sk, int dir,
1023 struct sk_buff *skb)
1024{
1025 return __xfrm_policy_check2(sk, dir, skb, AF_INET6, 1);
1026}
1027
1028extern int __xfrm_decode_session(struct sk_buff *skb, struct flowi *fl,
1029 unsigned int family, int reverse);
1030
1031static inline int xfrm_decode_session(struct sk_buff *skb, struct flowi *fl,
1032 unsigned int family)
1033{
1034 return __xfrm_decode_session(skb, fl, family, 0);
1035}
1036
1037static inline int xfrm_decode_session_reverse(struct sk_buff *skb,
1038 struct flowi *fl,
1039 unsigned int family)
1040{
1041 return __xfrm_decode_session(skb, fl, family, 1);
1042}
1043
1044extern int __xfrm_route_forward(struct sk_buff *skb, unsigned short family);
1045
1046static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family)
1047{
1048 struct net *net = dev_net(skb->dev);
1049
1050 return !net->xfrm.policy_count[XFRM_POLICY_OUT] ||
1051 (skb_dst(skb)->flags & DST_NOXFRM) ||
1052 __xfrm_route_forward(skb, family);
1053}
1054
1055static inline int xfrm4_route_forward(struct sk_buff *skb)
1056{
1057 return xfrm_route_forward(skb, AF_INET);
1058}
1059
1060static inline int xfrm6_route_forward(struct sk_buff *skb)
1061{
1062 return xfrm_route_forward(skb, AF_INET6);
1063}
1064
1065extern int __xfrm_sk_clone_policy(struct sock *sk);
1066
1067static inline int xfrm_sk_clone_policy(struct sock *sk)
1068{
1069 if (unlikely(sk->sk_policy[0] || sk->sk_policy[1]))
1070 return __xfrm_sk_clone_policy(sk);
1071 return 0;
1072}
1073
1074extern int xfrm_policy_delete(struct xfrm_policy *pol, int dir);
1075
1076static inline void xfrm_sk_free_policy(struct sock *sk)
1077{
1078 if (unlikely(sk->sk_policy[0] != NULL)) {
1079 xfrm_policy_delete(sk->sk_policy[0], XFRM_POLICY_MAX);
1080 sk->sk_policy[0] = NULL;
1081 }
1082 if (unlikely(sk->sk_policy[1] != NULL)) {
1083 xfrm_policy_delete(sk->sk_policy[1], XFRM_POLICY_MAX+1);
1084 sk->sk_policy[1] = NULL;
1085 }
1086}
1087
1088#else
1089
1090static inline void xfrm_sk_free_policy(struct sock *sk) {}
1091static inline int xfrm_sk_clone_policy(struct sock *sk) { return 0; }
1092static inline int xfrm6_route_forward(struct sk_buff *skb) { return 1; }
1093static inline int xfrm4_route_forward(struct sk_buff *skb) { return 1; }
1094static inline int xfrm6_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
1095{
1096 return 1;
1097}
1098static inline int xfrm4_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
1099{
1100 return 1;
1101}
1102static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family)
1103{
1104 return 1;
1105}
1106static inline int xfrm_decode_session_reverse(struct sk_buff *skb,
1107 struct flowi *fl,
1108 unsigned int family)
1109{
1110 return -ENOSYS;
1111}
1112static inline int xfrm4_policy_check_reverse(struct sock *sk, int dir,
1113 struct sk_buff *skb)
1114{
1115 return 1;
1116}
1117static inline int xfrm6_policy_check_reverse(struct sock *sk, int dir,
1118 struct sk_buff *skb)
1119{
1120 return 1;
1121}
1122#endif
1123
1124static __inline__
1125xfrm_address_t *xfrm_flowi_daddr(struct flowi *fl, unsigned short family)
1126{
1127 switch (family){
1128 case AF_INET:
1129 return (xfrm_address_t *)&fl->fl4_dst;
1130 case AF_INET6:
1131 return (xfrm_address_t *)&fl->fl6_dst;
1132 }
1133 return NULL;
1134}
1135
1136static __inline__
1137xfrm_address_t *xfrm_flowi_saddr(struct flowi *fl, unsigned short family)
1138{
1139 switch (family){
1140 case AF_INET:
1141 return (xfrm_address_t *)&fl->fl4_src;
1142 case AF_INET6:
1143 return (xfrm_address_t *)&fl->fl6_src;
1144 }
1145 return NULL;
1146}
1147
1148static __inline__
1149void xfrm_flowi_addr_get(struct flowi *fl,
1150 xfrm_address_t *saddr, xfrm_address_t *daddr,
1151 unsigned short family)
1152{
1153 switch(family) {
1154 case AF_INET:
1155 memcpy(&saddr->a4, &fl->fl4_src, sizeof(saddr->a4));
1156 memcpy(&daddr->a4, &fl->fl4_dst, sizeof(daddr->a4));
1157 break;
1158 case AF_INET6:
1159 ipv6_addr_copy((struct in6_addr *)&saddr->a6, &fl->fl6_src);
1160 ipv6_addr_copy((struct in6_addr *)&daddr->a6, &fl->fl6_dst);
1161 break;
1162 }
1163}
1164
1165static __inline__ int
1166__xfrm4_state_addr_check(struct xfrm_state *x,
1167 xfrm_address_t *daddr, xfrm_address_t *saddr)
1168{
1169 if (daddr->a4 == x->id.daddr.a4 &&
1170 (saddr->a4 == x->props.saddr.a4 || !saddr->a4 || !x->props.saddr.a4))
1171 return 1;
1172 return 0;
1173}
1174
1175static __inline__ int
1176__xfrm6_state_addr_check(struct xfrm_state *x,
1177 xfrm_address_t *daddr, xfrm_address_t *saddr)
1178{
1179 if (!ipv6_addr_cmp((struct in6_addr *)daddr, (struct in6_addr *)&x->id.daddr) &&
1180 (!ipv6_addr_cmp((struct in6_addr *)saddr, (struct in6_addr *)&x->props.saddr)||
1181 ipv6_addr_any((struct in6_addr *)saddr) ||
1182 ipv6_addr_any((struct in6_addr *)&x->props.saddr)))
1183 return 1;
1184 return 0;
1185}
1186
1187static __inline__ int
1188xfrm_state_addr_check(struct xfrm_state *x,
1189 xfrm_address_t *daddr, xfrm_address_t *saddr,
1190 unsigned short family)
1191{
1192 switch (family) {
1193 case AF_INET:
1194 return __xfrm4_state_addr_check(x, daddr, saddr);
1195 case AF_INET6:
1196 return __xfrm6_state_addr_check(x, daddr, saddr);
1197 }
1198 return 0;
1199}
1200
1201static __inline__ int
1202xfrm_state_addr_flow_check(struct xfrm_state *x, struct flowi *fl,
1203 unsigned short family)
1204{
1205 switch (family) {
1206 case AF_INET:
1207 return __xfrm4_state_addr_check(x,
1208 (xfrm_address_t *)&fl->fl4_dst,
1209 (xfrm_address_t *)&fl->fl4_src);
1210 case AF_INET6:
1211 return __xfrm6_state_addr_check(x,
1212 (xfrm_address_t *)&fl->fl6_dst,
1213 (xfrm_address_t *)&fl->fl6_src);
1214 }
1215 return 0;
1216}
1217
1218static inline int xfrm_state_kern(struct xfrm_state *x)
1219{
1220 return atomic_read(&x->tunnel_users);
1221}
1222
1223static inline int xfrm_id_proto_match(u8 proto, u8 userproto)
1224{
1225 return (!userproto || proto == userproto ||
1226 (userproto == IPSEC_PROTO_ANY && (proto == IPPROTO_AH ||
1227 proto == IPPROTO_ESP ||
1228 proto == IPPROTO_COMP)));
1229}
1230
1231
1232
1233
1234struct xfrm_algo_aead_info {
1235 u16 icv_truncbits;
1236};
1237
1238struct xfrm_algo_auth_info {
1239 u16 icv_truncbits;
1240 u16 icv_fullbits;
1241};
1242
1243struct xfrm_algo_encr_info {
1244 u16 blockbits;
1245 u16 defkeybits;
1246};
1247
1248struct xfrm_algo_comp_info {
1249 u16 threshold;
1250};
1251
1252struct xfrm_algo_desc {
1253 char *name;
1254 char *compat;
1255 u8 available:1;
1256 union {
1257 struct xfrm_algo_aead_info aead;
1258 struct xfrm_algo_auth_info auth;
1259 struct xfrm_algo_encr_info encr;
1260 struct xfrm_algo_comp_info comp;
1261 } uinfo;
1262 struct sadb_alg desc;
1263};
1264
1265
1266struct xfrm_tunnel {
1267 int (*handler)(struct sk_buff *skb);
1268 int (*err_handler)(struct sk_buff *skb, __u32 info);
1269
1270 struct xfrm_tunnel *next;
1271 int priority;
1272};
1273
1274struct xfrm6_tunnel {
1275 int (*handler)(struct sk_buff *skb);
1276 int (*err_handler)(struct sk_buff *skb, struct inet6_skb_parm *opt,
1277 u8 type, u8 code, int offset, __be32 info);
1278 struct xfrm6_tunnel *next;
1279 int priority;
1280};
1281
1282extern void xfrm_init(void);
1283extern void xfrm4_init(int rt_hash_size);
1284extern int xfrm_state_init(struct net *net);
1285extern void xfrm_state_fini(struct net *net);
1286extern void xfrm4_state_init(void);
1287#ifdef CONFIG_XFRM
1288extern int xfrm6_init(void);
1289extern void xfrm6_fini(void);
1290extern int xfrm6_state_init(void);
1291extern void xfrm6_state_fini(void);
1292#else
1293static inline int xfrm6_init(void)
1294{
1295 return 0;
1296}
1297static inline void xfrm6_fini(void)
1298{
1299 ;
1300}
1301#endif
1302
1303#ifdef CONFIG_XFRM_STATISTICS
1304extern int xfrm_proc_init(struct net *net);
1305extern void xfrm_proc_fini(struct net *net);
1306#endif
1307
1308extern int xfrm_sysctl_init(struct net *net);
1309#ifdef CONFIG_SYSCTL
1310extern void xfrm_sysctl_fini(struct net *net);
1311#else
1312static inline void xfrm_sysctl_fini(struct net *net)
1313{
1314}
1315#endif
1316
1317extern void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto);
1318extern int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
1319 int (*func)(struct xfrm_state *, int, void*), void *);
1320extern void xfrm_state_walk_done(struct xfrm_state_walk *walk);
1321extern struct xfrm_state *xfrm_state_alloc(struct net *net);
1322extern struct xfrm_state *xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
1323 struct flowi *fl, struct xfrm_tmpl *tmpl,
1324 struct xfrm_policy *pol, int *err,
1325 unsigned short family);
1326extern struct xfrm_state * xfrm_stateonly_find(struct net *net,
1327 xfrm_address_t *daddr,
1328 xfrm_address_t *saddr,
1329 unsigned short family,
1330 u8 mode, u8 proto, u32 reqid);
1331extern int xfrm_state_check_expire(struct xfrm_state *x);
1332extern void xfrm_state_insert(struct xfrm_state *x);
1333extern int xfrm_state_add(struct xfrm_state *x);
1334extern int xfrm_state_update(struct xfrm_state *x);
1335extern struct xfrm_state *xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family);
1336extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family);
1337#ifdef CONFIG_XFRM_SUB_POLICY
1338extern int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
1339 int n, unsigned short family);
1340extern int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src,
1341 int n, unsigned short family);
1342#else
1343static inline int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
1344 int n, unsigned short family)
1345{
1346 return -ENOSYS;
1347}
1348
1349static inline int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src,
1350 int n, unsigned short family)
1351{
1352 return -ENOSYS;
1353}
1354#endif
1355
1356struct xfrmk_sadinfo {
1357 u32 sadhcnt;
1358 u32 sadhmcnt;
1359 u32 sadcnt;
1360};
1361
1362struct xfrmk_spdinfo {
1363 u32 incnt;
1364 u32 outcnt;
1365 u32 fwdcnt;
1366 u32 inscnt;
1367 u32 outscnt;
1368 u32 fwdscnt;
1369 u32 spdhcnt;
1370 u32 spdhmcnt;
1371};
1372
1373extern struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 seq);
1374extern int xfrm_state_delete(struct xfrm_state *x);
1375extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info);
1376extern void xfrm_sad_getinfo(struct xfrmk_sadinfo *si);
1377extern void xfrm_spd_getinfo(struct xfrmk_spdinfo *si);
1378extern int xfrm_replay_check(struct xfrm_state *x,
1379 struct sk_buff *skb, __be32 seq);
1380extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq);
1381extern void xfrm_replay_notify(struct xfrm_state *x, int event);
1382extern int xfrm_state_mtu(struct xfrm_state *x, int mtu);
1383extern int xfrm_init_state(struct xfrm_state *x);
1384extern int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb);
1385extern int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi,
1386 int encap_type);
1387extern int xfrm_input_resume(struct sk_buff *skb, int nexthdr);
1388extern int xfrm_output_resume(struct sk_buff *skb, int err);
1389extern int xfrm_output(struct sk_buff *skb);
1390extern int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb);
1391extern int xfrm4_extract_header(struct sk_buff *skb);
1392extern int xfrm4_extract_input(struct xfrm_state *x, struct sk_buff *skb);
1393extern int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
1394 int encap_type);
1395extern int xfrm4_transport_finish(struct sk_buff *skb, int async);
1396extern int xfrm4_rcv(struct sk_buff *skb);
1397
1398static inline int xfrm4_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi)
1399{
1400 return xfrm4_rcv_encap(skb, nexthdr, spi, 0);
1401}
1402
1403extern int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb);
1404extern int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
1405extern int xfrm4_output(struct sk_buff *skb);
1406extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family);
1407extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family);
1408extern int xfrm6_extract_header(struct sk_buff *skb);
1409extern int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb);
1410extern int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi);
1411extern int xfrm6_transport_finish(struct sk_buff *skb, int async);
1412extern int xfrm6_rcv(struct sk_buff *skb);
1413extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
1414 xfrm_address_t *saddr, u8 proto);
1415extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family);
1416extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family);
1417extern __be32 xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr);
1418extern void xfrm6_tunnel_free_spi(xfrm_address_t *saddr);
1419extern __be32 xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr);
1420extern int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb);
1421extern int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
1422extern int xfrm6_output(struct sk_buff *skb);
1423extern int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
1424 u8 **prevhdr);
1425
1426#ifdef CONFIG_XFRM
1427extern int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb);
1428extern int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen);
1429#else
1430static inline int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1431{
1432 return -ENOPROTOOPT;
1433}
1434
1435static inline int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb)
1436{
1437
1438 kfree_skb(skb);
1439 return 0;
1440}
1441#endif
1442
1443struct xfrm_policy *xfrm_policy_alloc(struct net *net, gfp_t gfp);
1444
1445extern void xfrm_policy_walk_init(struct xfrm_policy_walk *walk, u8 type);
1446extern int xfrm_policy_walk(struct net *net, struct xfrm_policy_walk *walk,
1447 int (*func)(struct xfrm_policy *, int, int, void*), void *);
1448extern void xfrm_policy_walk_done(struct xfrm_policy_walk *walk);
1449int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);
1450struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u8 type, int dir,
1451 struct xfrm_selector *sel,
1452 struct xfrm_sec_ctx *ctx, int delete,
1453 int *err);
1454struct xfrm_policy *xfrm_policy_byid(struct net *net, u8, int dir, u32 id, int delete, int *err);
1455int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info);
1456u32 xfrm_get_acqseq(void);
1457extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
1458struct xfrm_state * xfrm_find_acq(struct net *net, u8 mode, u32 reqid, u8 proto,
1459 xfrm_address_t *daddr, xfrm_address_t *saddr,
1460 int create, unsigned short family);
1461extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
1462extern int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *xdst,
1463 struct flowi *fl, int family, int strict);
1464
1465#ifdef CONFIG_XFRM_MIGRATE
1466extern int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1467 struct xfrm_migrate *m, int num_bundles,
1468 struct xfrm_kmaddress *k);
1469extern struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m);
1470extern struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1471 struct xfrm_migrate *m);
1472extern int xfrm_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1473 struct xfrm_migrate *m, int num_bundles,
1474 struct xfrm_kmaddress *k);
1475#endif
1476
1477extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
1478extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid);
1479extern int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
1480
1481extern void xfrm_input_init(void);
1482extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq);
1483
1484extern void xfrm_probe_algs(void);
1485extern int xfrm_count_auth_supported(void);
1486extern int xfrm_count_enc_supported(void);
1487extern struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx);
1488extern struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx);
1489extern struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id);
1490extern struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id);
1491extern struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id);
1492extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe);
1493extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe);
1494extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe);
1495extern struct xfrm_algo_desc *xfrm_aead_get_byname(char *name, int icv_len,
1496 int probe);
1497
1498struct hash_desc;
1499struct scatterlist;
1500typedef int (icv_update_fn_t)(struct hash_desc *, struct scatterlist *,
1501 unsigned int);
1502
1503extern int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *tfm,
1504 int offset, int len, icv_update_fn_t icv_update);
1505
1506static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b,
1507 int family)
1508{
1509 switch (family) {
1510 default:
1511 case AF_INET:
1512 return (__force __u32)a->a4 - (__force __u32)b->a4;
1513 case AF_INET6:
1514 return ipv6_addr_cmp((struct in6_addr *)a,
1515 (struct in6_addr *)b);
1516 }
1517}
1518
1519static inline int xfrm_policy_id2dir(u32 index)
1520{
1521 return index & 7;
1522}
1523
1524#ifdef CONFIG_XFRM
1525static inline int xfrm_aevent_is_on(struct net *net)
1526{
1527 struct sock *nlsk;
1528 int ret = 0;
1529
1530 rcu_read_lock();
1531 nlsk = rcu_dereference(net->xfrm.nlsk);
1532 if (nlsk)
1533 ret = netlink_has_listeners(nlsk, XFRMNLGRP_AEVENTS);
1534 rcu_read_unlock();
1535 return ret;
1536}
1537#endif
1538
1539static inline int xfrm_alg_len(struct xfrm_algo *alg)
1540{
1541 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
1542}
1543
1544#ifdef CONFIG_XFRM_MIGRATE
1545static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig)
1546{
1547 return kmemdup(orig, xfrm_alg_len(orig), GFP_KERNEL);
1548}
1549
1550static inline void xfrm_states_put(struct xfrm_state **states, int n)
1551{
1552 int i;
1553 for (i = 0; i < n; i++)
1554 xfrm_state_put(*(states + i));
1555}
1556
1557static inline void xfrm_states_delete(struct xfrm_state **states, int n)
1558{
1559 int i;
1560 for (i = 0; i < n; i++)
1561 xfrm_state_delete(*(states + i));
1562}
1563#endif
1564
1565#ifdef CONFIG_XFRM
1566static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb)
1567{
1568 return skb->sp->xvec[skb->sp->len - 1];
1569}
1570#endif
1571
1572#endif
1573