xfrm: Add a new lookup key to match xfrm interfaces.

	struct xfrm_id		id;

	struct xfrm_selector	sel;

	struct xfrm_mark	mark;

	u32			if_id;

	u32			tfcpad;

	u32			genid;

	atomic_t		genid;

	u32			priority;

	u32			index;

	u32			if_id;

	struct xfrm_mark	mark;

	struct xfrm_selector	selector;

	struct xfrm_lifetime_cfg lft;

				   struct xfrm_tmpl *tmpl,

				   struct xfrm_policy *pol, int *err,

				   unsigned short family);

struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark,

struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark, u32 if_id,

				       xfrm_address_t *daddr,

				       xfrm_address_t *saddr,

				       unsigned short family,

		     void *);

void xfrm_policy_walk_done(struct xfrm_policy_walk *walk, struct net *net);

int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);

struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark,

struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, u32 if_id,

					  u8 type, int dir,

					  struct xfrm_selector *sel,

					  struct xfrm_sec_ctx *ctx, int delete,

					  int *err);

struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir,

				     u32 id, int delete, int *err);

struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u32 if_id, u8,

				     int dir, u32 id, int delete, int *err);

int xfrm_policy_flush(struct net *net, u8 type, bool task_valid);

void xfrm_policy_hash_rebuild(struct net *net);

u32 xfrm_get_acqseq(void);

int verify_spi_info(u8 proto, u32 min, u32 max);

int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);

struct xfrm_state *xfrm_find_acq(struct net *net, const struct xfrm_mark *mark,

				 u8 mode, u32 reqid, u8 proto,

				 u8 mode, u32 reqid, u32 if_id, u8 proto,

				 const xfrm_address_t *daddr,

				 const xfrm_address_t *saddr, int create,

				 unsigned short family);

	return (m->v & m->m) | (mark & ~m->m);

}

static inline int xfrm_if_id_put(struct sk_buff *skb, __u32 if_id)

{

	int ret = 0;

	if (if_id)

		ret = nla_put_u32(skb, XFRMA_IF_ID, if_id);

	return ret;

}

static inline int xfrm_tunnel_check(struct sk_buff *skb, struct xfrm_state *x,

				    unsigned int family)

{

	XFRMA_OFFLOAD_DEV,	/* struct xfrm_state_offload */

	XFRMA_SET_MARK,		/* __u32 */

	XFRMA_SET_MARK_MASK,	/* __u32 */

	XFRMA_IF_ID,		/* __u32 */

	__XFRMA_MAX

#define XFRMA_OUTPUT_MARK XFRMA_SET_MARK	/* Compatibility */

			x = xfrm_state_lookup_byspi(pn->net, htonl(pkt_dev->spi), AF_INET);

		} else {

			/* slow path: we dont already have xfrm_state */

			x = xfrm_stateonly_find(pn->net, DUMMY_MARK,

			x = xfrm_stateonly_find(pn->net, DUMMY_MARK, 0,

						(xfrm_address_t *)&pkt_dev->cur_daddr,

						(xfrm_address_t *)&pkt_dev->cur_saddr,

						AF_INET,

	}

	if (!x)

		x = xfrm_find_acq(net, &dummy_mark, mode, reqid, proto, xdaddr, xsaddr, 1, family);

		x = xfrm_find_acq(net, &dummy_mark, mode, reqid, 0, proto, xdaddr, xsaddr, 1, family);

	if (x == NULL)

		return -ENOENT;

			return err;

	}

	xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN,

	xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, 0, XFRM_POLICY_TYPE_MAIN,

				   pol->sadb_x_policy_dir - 1, &sel, pol_ctx,

				   1, &err);

	security_xfrm_policy_free(pol_ctx);

		return -EINVAL;

	delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);

	xp = xfrm_policy_byid(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN,

	xp = xfrm_policy_byid(net, DUMMY_MARK, 0, XFRM_POLICY_TYPE_MAIN,

			      dir, pol->sadb_x_policy_id, delete, &err);

	if (xp == NULL)

		return -ENOENT;

	newpos = NULL;

	hlist_for_each_entry(pol, chain, bydst) {

		if (pol->type == policy->type &&

		    pol->if_id == policy->if_id &&

		    !selector_cmp(&pol->selector, &policy->selector) &&

		    xfrm_policy_mark_match(policy, pol) &&

		    xfrm_sec_ctx_match(pol->security, policy->security) &&

}

EXPORT_SYMBOL(xfrm_policy_insert);

struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, u8 type,

					  int dir, struct xfrm_selector *sel,

struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, u32 if_id,

					  u8 type, int dir,

					  struct xfrm_selector *sel,

					  struct xfrm_sec_ctx *ctx, int delete,

					  int *err)

{

	ret = NULL;

	hlist_for_each_entry(pol, chain, bydst) {

		if (pol->type == type &&

		    pol->if_id == if_id &&

		    (mark & pol->mark.m) == pol->mark.v &&

		    !selector_cmp(sel, &pol->selector) &&

		    xfrm_sec_ctx_match(ctx, pol->security)) {

}

EXPORT_SYMBOL(xfrm_policy_bysel_ctx);

struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8 type,

				     int dir, u32 id, int delete, int *err)

struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u32 if_id,

				     u8 type, int dir, u32 id, int delete,

				     int *err)

{

	struct xfrm_policy *pol, *ret;

	struct hlist_head *chain;

	ret = NULL;

	hlist_for_each_entry(pol, chain, byidx) {

		if (pol->type == type && pol->index == id &&

		    pol->if_id == if_id &&

		    (mark & pol->mark.m) == pol->mark.v) {

			xfrm_pol_hold(pol);

			if (delete) {

	bool match;

	if (pol->family != family ||

	    pol->if_id != fl->flowi_xfrm.if_id ||

	    (fl->flowi_mark & pol->mark.m) != pol->mark.v ||

	    pol->type != type)

		return ret;

		match = xfrm_selector_match(&pol->selector, fl, family);

		if (match) {

			if ((sk->sk_mark & pol->mark.m) != pol->mark.v) {

			if ((sk->sk_mark & pol->mark.m) != pol->mark.v ||

			    pol->if_id != fl->flowi_xfrm.if_id) {

				pol = NULL;

				goto out;

			}

		newp->lft = old->lft;

		newp->curlft = old->curlft;

		newp->mark = old->mark;

		newp->if_id = old->if_id;

		newp->action = old->action;

		newp->flags = old->flags;

		newp->xfrm_nr = old->xfrm_nr;