1/* SPDX-License-Identifier: GPL-2.0 */ 2#ifndef __NETNS_XFRM_H 3#define __NETNS_XFRM_H 4 5#include <linux/list.h> 6#include <linux/wait.h> 7#include <linux/workqueue.h> 8#include <linux/xfrm.h> 9#include <net/dst_ops.h> 10 11struct ctl_table_header; 12 13struct xfrm_policy_hash { 14 struct hlist_head __rcu *table; 15 unsigned int hmask; 16 u8 dbits4; 17 u8 sbits4; 18 u8 dbits6; 19 u8 sbits6; 20}; 21 22struct xfrm_policy_hthresh { 23 struct work_struct work; 24 seqlock_t lock; 25 u8 lbits4; 26 u8 rbits4; 27 u8 lbits6; 28 u8 rbits6; 29}; 30 31struct netns_xfrm { 32 struct list_head state_all; 33 /* 34 * Hash table to find appropriate SA towards given target (endpoint of 35 * tunnel or destination of transport mode) allowed by selector. 36 * 37 * Main use is finding SA after policy selected tunnel or transport 38 * mode. Also, it can be used by ah/esp icmp error handler to find 39 * offending SA. 40 */ 41 struct hlist_head __rcu *state_bydst; 42 struct hlist_head __rcu *state_bysrc; 43 struct hlist_head __rcu *state_byspi; 44 unsigned int state_hmask; 45 unsigned int state_num; 46 struct work_struct state_hash_work; 47 48 struct list_head policy_all; 49 struct hlist_head *policy_byidx; 50 unsigned int policy_idx_hmask; 51 struct hlist_head policy_inexact[XFRM_POLICY_MAX]; 52 struct xfrm_policy_hash policy_bydst[XFRM_POLICY_MAX]; 53 unsigned int policy_count[XFRM_POLICY_MAX * 2]; 54 struct work_struct policy_hash_work; 55 struct xfrm_policy_hthresh policy_hthresh; 56 57 58 struct sock *nlsk; 59 struct sock *nlsk_stash; 60 61 u32 sysctl_aevent_etime; 62 u32 sysctl_aevent_rseqth; 63 int sysctl_larval_drop; 64 u32 sysctl_acq_expires; 65#ifdef CONFIG_SYSCTL 66 struct ctl_table_header *sysctl_hdr; 67#endif 68 69 struct dst_ops xfrm4_dst_ops; 70#if IS_ENABLED(CONFIG_IPV6) 71 struct dst_ops xfrm6_dst_ops; 72#endif 73 spinlock_t xfrm_state_lock; 74 spinlock_t xfrm_policy_lock; 75 struct mutex xfrm_cfg_mutex; 76}; 77 78#endif 79