xfrm: Add basic infrastructure to support IPsec extended sequence numbers
This patch adds the struct xfrm_replay_state_esn which will be used to support IPsec extended sequence numbers and anti replay windows bigger than 32 packets. Also we add a function that returns the actual size of the xfrm_replay_state_esn, a xfrm netlink atribute and a xfrm state flag for the use of extended sequence numbers. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>wifi-calibration
parent
a5079d084f
commit
9736acf395
|
@ -84,6 +84,16 @@ struct xfrm_replay_state {
|
||||||
__u32 bitmap;
|
__u32 bitmap;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct xfrm_replay_state_esn {
|
||||||
|
unsigned int bmp_len;
|
||||||
|
__u32 oseq;
|
||||||
|
__u32 seq;
|
||||||
|
__u32 oseq_hi;
|
||||||
|
__u32 seq_hi;
|
||||||
|
__u32 replay_window;
|
||||||
|
__u32 bmp[0];
|
||||||
|
};
|
||||||
|
|
||||||
struct xfrm_algo {
|
struct xfrm_algo {
|
||||||
char alg_name[64];
|
char alg_name[64];
|
||||||
unsigned int alg_key_len; /* in bits */
|
unsigned int alg_key_len; /* in bits */
|
||||||
|
@ -284,6 +294,7 @@ enum xfrm_attr_type_t {
|
||||||
XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */
|
XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */
|
||||||
XFRMA_MARK, /* struct xfrm_mark */
|
XFRMA_MARK, /* struct xfrm_mark */
|
||||||
XFRMA_TFCPAD, /* __u32 */
|
XFRMA_TFCPAD, /* __u32 */
|
||||||
|
XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_esn */
|
||||||
__XFRMA_MAX
|
__XFRMA_MAX
|
||||||
|
|
||||||
#define XFRMA_MAX (__XFRMA_MAX - 1)
|
#define XFRMA_MAX (__XFRMA_MAX - 1)
|
||||||
|
@ -351,6 +362,7 @@ struct xfrm_usersa_info {
|
||||||
#define XFRM_STATE_ICMP 16
|
#define XFRM_STATE_ICMP 16
|
||||||
#define XFRM_STATE_AF_UNSPEC 32
|
#define XFRM_STATE_AF_UNSPEC 32
|
||||||
#define XFRM_STATE_ALIGN4 64
|
#define XFRM_STATE_ALIGN4 64
|
||||||
|
#define XFRM_STATE_ESN 128
|
||||||
};
|
};
|
||||||
|
|
||||||
struct xfrm_usersa_id {
|
struct xfrm_usersa_id {
|
||||||
|
|
|
@ -186,9 +186,11 @@ struct xfrm_state {
|
||||||
|
|
||||||
/* State for replay detection */
|
/* State for replay detection */
|
||||||
struct xfrm_replay_state replay;
|
struct xfrm_replay_state replay;
|
||||||
|
struct xfrm_replay_state_esn *replay_esn;
|
||||||
|
|
||||||
/* Replay detection state at the time we sent the last notification */
|
/* Replay detection state at the time we sent the last notification */
|
||||||
struct xfrm_replay_state preplay;
|
struct xfrm_replay_state preplay;
|
||||||
|
struct xfrm_replay_state_esn *preplay_esn;
|
||||||
|
|
||||||
/* internal flag that only holds state for delayed aevent at the
|
/* internal flag that only holds state for delayed aevent at the
|
||||||
* moment
|
* moment
|
||||||
|
@ -1569,6 +1571,11 @@ static inline int xfrm_alg_auth_len(const struct xfrm_algo_auth *alg)
|
||||||
return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
|
return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static inline int xfrm_replay_state_esn_len(struct xfrm_replay_state_esn *replay_esn)
|
||||||
|
{
|
||||||
|
return sizeof(*replay_esn) + replay_esn->bmp_len * sizeof(__u32);
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_XFRM_MIGRATE
|
#ifdef CONFIG_XFRM_MIGRATE
|
||||||
static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig)
|
static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue