aboutsummaryrefslogtreecommitdiff
path: root/include/net/xfrm.h
diff options
context:
space:
mode:
authorJamal Hadi Salim <hadi@cyberus.ca>2006-03-20 19:15:11 -0800
committerDavid S. Miller <davem@davemloft.net>2006-03-20 19:15:11 -0800
commitf8cd54884e675dfaf0c86cc7c088adb6ca9d7638 (patch)
tree7850e8ebebf1f8543c96acdd7c197003b3b4d54c /include/net/xfrm.h
parentf5539eb8caa52a9198079df767cc1bb5494e69e3 (diff)
[IPSEC]: Sync series - core changes
This patch provides the core functionality needed for sync events for ipsec. Derived work of Krisztian KOVACS <hidden@balabit.hu> Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r--include/net/xfrm.h44
1 files changed, 43 insertions, 1 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 8d362c49b8a..bc005e62e43 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -20,6 +20,10 @@
#define XFRM_ALIGN8(len) (((len) + 7) & ~7)
+extern struct sock *xfrm_nl;
+extern u32 sysctl_xfrm_aevent_etime;
+extern u32 sysctl_xfrm_aevent_rseqth;
+
extern struct semaphore xfrm_cfg_sem;
/* Organization of SPD aka "XFRM rules"
@@ -135,6 +139,16 @@ struct xfrm_state
/* State for replay detection */
struct xfrm_replay_state replay;
+ /* Replay detection state at the time we sent the last notification */
+ struct xfrm_replay_state preplay;
+
+ /* Replay detection notification settings */
+ u32 replay_maxage;
+ u32 replay_maxdiff;
+
+ /* Replay detection notification timer */
+ struct timer_list rtimer;
+
/* Statistics */
struct xfrm_stats stats;
@@ -169,6 +183,7 @@ struct km_event
u32 hard;
u32 proto;
u32 byid;
+ u32 aevent;
} data;
u32 seq;
@@ -305,7 +320,21 @@ struct xfrm_policy
struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH];
};
-#define XFRM_KM_TIMEOUT 30
+#define XFRM_KM_TIMEOUT 30
+/* which seqno */
+#define XFRM_REPLAY_SEQ 1
+#define XFRM_REPLAY_OSEQ 2
+#define XFRM_REPLAY_SEQ_MASK 3
+/* what happened */
+#define XFRM_REPLAY_UPDATE XFRM_AE_CR
+#define XFRM_REPLAY_TIMEOUT XFRM_AE_CE
+
+/* default aevent timeout in units of 100ms */
+#define XFRM_AE_ETIME 10
+/* Async Event timer multiplier */
+#define XFRM_AE_ETH_M 10
+/* default seq threshold size */
+#define XFRM_AE_SEQT_SIZE 2
struct xfrm_mgr
{
@@ -865,6 +894,7 @@ extern int xfrm_state_delete(struct xfrm_state *x);
extern void xfrm_state_flush(u8 proto);
extern int xfrm_replay_check(struct xfrm_state *x, u32 seq);
extern void xfrm_replay_advance(struct xfrm_state *x, u32 seq);
+extern void xfrm_replay_notify(struct xfrm_state *x, int event);
extern int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb);
extern int xfrm_state_mtu(struct xfrm_state *x, int mtu);
extern int xfrm_init_state(struct xfrm_state *x);
@@ -965,4 +995,16 @@ static inline int xfrm_policy_id2dir(u32 index)
return index & 7;
}
+static inline int xfrm_aevent_is_on(void)
+{
+ return netlink_has_listeners(xfrm_nl,XFRMNLGRP_AEVENTS);
+}
+
+static inline void xfrm_aevent_doreplay(struct xfrm_state *x)
+{
+ if (xfrm_aevent_is_on())
+ xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
+}
+
+
#endif /* _NET_XFRM_H */