Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9736acf3 authored by Steffen Klassert's avatar Steffen Klassert Committed by David S. Miller
Browse files

xfrm: Add basic infrastructure to support IPsec extended sequence numbers 



This patch adds the struct xfrm_replay_state_esn which will be
used to support IPsec extended sequence numbers and anti replay windows
bigger than 32 packets. Also we add a function that returns the actual
size of the xfrm_replay_state_esn, a xfrm netlink atribute and a xfrm state
flag for the use of extended sequence numbers.

Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
Acked-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent a5079d08

include/linux/xfrm.h

+12 −0
Original line number Original line Diff line number Diff line
@@ -84,6 +84,16 @@ struct xfrm_replay_state { 
	__u32	bitmap;

	__u32	bitmap;

};

};





struct xfrm_replay_state_esn {

	unsigned int	bmp_len;

	__u32		oseq;

	__u32		seq;

	__u32		oseq_hi;

	__u32		seq_hi;

	__u32		replay_window;

	__u32		bmp[0];

};



struct xfrm_algo {

struct xfrm_algo {

	char		alg_name[64];

	char		alg_name[64];

	unsigned int	alg_key_len;    /* in bits */

	unsigned int	alg_key_len;    /* in bits */
@@ -284,6 +294,7 @@ enum xfrm_attr_type_t { 
	XFRMA_ALG_AUTH_TRUNC,	/* struct xfrm_algo_auth */

	XFRMA_ALG_AUTH_TRUNC,	/* struct xfrm_algo_auth */

	XFRMA_MARK,		/* struct xfrm_mark */

	XFRMA_MARK,		/* struct xfrm_mark */

	XFRMA_TFCPAD,		/* __u32 */

	XFRMA_TFCPAD,		/* __u32 */

	XFRMA_REPLAY_ESN_VAL,	/* struct xfrm_replay_esn */

	__XFRMA_MAX

	__XFRMA_MAX





#define XFRMA_MAX (__XFRMA_MAX - 1)

#define XFRMA_MAX (__XFRMA_MAX - 1)
@@ -351,6 +362,7 @@ struct xfrm_usersa_info { 
#define XFRM_STATE_ICMP		16

#define XFRM_STATE_ICMP		16

#define XFRM_STATE_AF_UNSPEC	32

#define XFRM_STATE_AF_UNSPEC	32

#define XFRM_STATE_ALIGN4	64

#define XFRM_STATE_ALIGN4	64

#define XFRM_STATE_ESN		128

};

};





struct xfrm_usersa_id {

struct xfrm_usersa_id {

include/net/xfrm.h

+7 −0
Original line number Original line Diff line number Diff line
@@ -186,9 +186,11 @@ struct xfrm_state { 




	/* State for replay detection */

	/* State for replay detection */

	struct xfrm_replay_state replay;

	struct xfrm_replay_state replay;

	struct xfrm_replay_state_esn *replay_esn;





	/* Replay detection state at the time we sent the last notification */

	/* Replay detection state at the time we sent the last notification */

	struct xfrm_replay_state preplay;

	struct xfrm_replay_state preplay;

	struct xfrm_replay_state_esn *preplay_esn;





	/* internal flag that only holds state for delayed aevent at the

	/* internal flag that only holds state for delayed aevent at the

	 * moment

	 * moment
@@ -1569,6 +1571,11 @@ static inline int xfrm_alg_auth_len(const struct xfrm_algo_auth *alg) 
	return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);

	return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);

}

}





static inline int xfrm_replay_state_esn_len(struct xfrm_replay_state_esn *replay_esn)

{

	return sizeof(*replay_esn) + replay_esn->bmp_len * sizeof(__u32);

}



#ifdef CONFIG_XFRM_MIGRATE

#ifdef CONFIG_XFRM_MIGRATE

static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig)

static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig)

{

{