4 #include <linux/compiler.h>
5 #include <linux/xfrm.h>
6 #include <linux/spinlock.h>
7 #include <linux/list.h>
8 #include <linux/skbuff.h>
9 #include <linux/socket.h>
10 #include <linux/pfkeyv2.h>
11 #include <linux/ipsec.h>
12 #include <linux/in6.h>
13 #include <linux/mutex.h>
14 #include <linux/audit.h>
15 #include <linux/slab.h>
20 #include <net/route.h>
22 #include <net/ip6_fib.h>
25 #include <linux/interrupt.h>
27 #ifdef CONFIG_XFRM_STATISTICS
31 #define XFRM_PROTO_ESP 50
32 #define XFRM_PROTO_AH 51
33 #define XFRM_PROTO_COMP 108
34 #define XFRM_PROTO_IPIP 4
35 #define XFRM_PROTO_IPV6 41
36 #define XFRM_PROTO_ROUTING IPPROTO_ROUTING
37 #define XFRM_PROTO_DSTOPTS IPPROTO_DSTOPTS
39 #define XFRM_ALIGN4(len) (((len) + 3) & ~3)
40 #define XFRM_ALIGN8(len) (((len) + 7) & ~7)
41 #define MODULE_ALIAS_XFRM_MODE(family, encap) \
42 MODULE_ALIAS("xfrm-mode-" __stringify(family) "-" __stringify(encap))
43 #define MODULE_ALIAS_XFRM_TYPE(family, proto) \
44 MODULE_ALIAS("xfrm-type-" __stringify(family) "-" __stringify(proto))
46 #ifdef CONFIG_XFRM_STATISTICS
47 #define XFRM_INC_STATS(net, field) SNMP_INC_STATS((net)->mib.xfrm_statistics, field)
48 #define XFRM_INC_STATS_BH(net, field) SNMP_INC_STATS_BH((net)->mib.xfrm_statistics, field)
49 #define XFRM_INC_STATS_USER(net, field) SNMP_INC_STATS_USER((net)-mib.xfrm_statistics, field)
51 #define XFRM_INC_STATS(net, field) ((void)(net))
52 #define XFRM_INC_STATS_BH(net, field) ((void)(net))
53 #define XFRM_INC_STATS_USER(net, field) ((void)(net))
56 extern struct mutex xfrm_cfg_mutex;
58 /* Organization of SPD aka "XFRM rules"
59 ------------------------------------
62 - policy rule, struct xfrm_policy (=SPD entry)
63 - bundle of transformations, struct dst_entry == struct xfrm_dst (=SA bundle)
64 - instance of a transformer, struct xfrm_state (=SA)
65 - template to clone xfrm_state, struct xfrm_tmpl
67 SPD is plain linear list of xfrm_policy rules, ordered by priority.
68 (To be compatible with existing pfkeyv2 implementations,
69 many rules with priority of 0x7fffffff are allowed to exist and
70 such rules are ordered in an unpredictable way, thanks to bsd folks.)
72 Lookup is plain linear search until the first match with selector.
74 If "action" is "block", then we prohibit the flow, otherwise:
75 if "xfrms_nr" is zero, the flow passes untransformed. Otherwise,
76 policy entry has list of up to XFRM_MAX_DEPTH transformations,
77 described by templates xfrm_tmpl. Each template is resolved
78 to a complete xfrm_state (see below) and we pack bundle of transformations
79 to a dst_entry returned to requestor.
81 dst -. xfrm .-> xfrm_state #1
82 |---. child .-> dst -. xfrm .-> xfrm_state #2
83 |---. child .-> dst -. xfrm .-> xfrm_state #3
86 Bundles are cached at xrfm_policy struct (field ->bundles).
89 Resolution of xrfm_tmpl
90 -----------------------
92 1. ->mode Mode: transport or tunnel
93 2. ->id.proto Protocol: AH/ESP/IPCOMP
94 3. ->id.daddr Remote tunnel endpoint, ignored for transport mode.
95 Q: allow to resolve security gateway?
96 4. ->id.spi If not zero, static SPI.
97 5. ->saddr Local tunnel endpoint, ignored for transport mode.
98 6. ->algos List of allowed algos. Plain bitmask now.
99 Q: ealgos, aalgos, calgos. What a mess...
100 7. ->share Sharing mode.
101 Q: how to implement private sharing mode? To add struct sock* to
104 Having this template we search through SAD searching for entries
105 with appropriate mode/proto/algo, permitted by selector.
106 If no appropriate entry found, it is requested from key manager.
109 Q: How to find all the bundles referring to a physical path for
110 PMTU discovery? Seems, dst should contain list of all parents...
111 and enter to infinite locking hierarchy disaster.
112 No! It is easier, we will not search for them, let them find us.
113 We add genid to each dst plus pointer to genid of raw IP route,
114 pmtu disc will update pmtu on raw IP route and increase its genid.
115 dst_check() will see this for top level and trigger resyncing
116 metrics. Plus, it will be made via sk->sk_dst_cache. Solved.
119 struct xfrm_state_walk {
120 struct list_head all;
129 /* Full description of state of transformer. */
135 struct hlist_node gclist;
136 struct hlist_node bydst;
138 struct hlist_node bysrc;
139 struct hlist_node byspi;
145 struct xfrm_selector sel;
146 struct xfrm_mark mark;
151 /* Key manager bits */
152 struct xfrm_state_walk km;
154 /* Parameters of this state. */
159 u8 aalgo, ealgo, calgo;
162 xfrm_address_t saddr;
167 struct xfrm_lifetime_cfg lft;
169 /* Data for transformer */
170 struct xfrm_algo_auth *aalg;
171 struct xfrm_algo *ealg;
172 struct xfrm_algo *calg;
173 struct xfrm_algo_aead *aead;
175 /* Data for encapsulator */
176 struct xfrm_encap_tmpl *encap;
178 /* Data for care-of address */
179 xfrm_address_t *coaddr;
181 /* IPComp needs an IPIP tunnel for handling uncompressed packets */
182 struct xfrm_state *tunnel;
184 /* If a tunnel, number of users + 1 */
185 atomic_t tunnel_users;
187 /* State for replay detection */
188 struct xfrm_replay_state replay;
190 /* Replay detection state at the time we sent the last notification */
191 struct xfrm_replay_state preplay;
193 /* internal flag that only holds state for delayed aevent at the
198 /* Replay detection notification settings */
202 /* Replay detection notification timer */
203 struct timer_list rtimer;
206 struct xfrm_stats stats;
208 struct xfrm_lifetime_cur curlft;
209 struct tasklet_hrtimer mtimer;
212 unsigned long lastused;
214 /* Reference to data common to all the instances of this
216 const struct xfrm_type *type;
217 struct xfrm_mode *inner_mode;
218 struct xfrm_mode *inner_mode_iaf;
219 struct xfrm_mode *outer_mode;
221 /* Security context */
222 struct xfrm_sec_ctx *security;
224 /* Private data of this transformer, format is opaque,
225 * interpreted by xfrm_type methods. */
229 static inline struct net *xs_net(struct xfrm_state *x)
231 return read_pnet(&x->xs_net);
234 /* xflags - make enum if more show up */
235 #define XFRM_TIME_DEFER 1
246 /* callback structure passed from either netlink or pfkey */
265 struct xfrm_policy_afinfo {
266 unsigned short family;
267 struct dst_ops *dst_ops;
268 void (*garbage_collect)(struct net *net);
269 struct dst_entry *(*dst_lookup)(struct net *net, int tos,
270 xfrm_address_t *saddr,
271 xfrm_address_t *daddr);
272 int (*get_saddr)(struct net *net, xfrm_address_t *saddr, xfrm_address_t *daddr);
273 void (*decode_session)(struct sk_buff *skb,
276 int (*get_tos)(const struct flowi *fl);
277 int (*init_path)(struct xfrm_dst *path,
278 struct dst_entry *dst,
280 int (*fill_dst)(struct xfrm_dst *xdst,
281 struct net_device *dev,
282 const struct flowi *fl);
285 extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
286 extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo);
287 extern void km_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c);
288 extern void km_state_notify(struct xfrm_state *x, const struct km_event *c);
291 extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
292 extern void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
293 extern int __xfrm_state_delete(struct xfrm_state *x);
295 struct xfrm_state_afinfo {
299 struct module *owner;
300 const struct xfrm_type *type_map[IPPROTO_MAX];
301 struct xfrm_mode *mode_map[XFRM_MODE_MAX];
302 int (*init_flags)(struct xfrm_state *x);
303 void (*init_tempsel)(struct xfrm_selector *sel,
304 const struct flowi *fl);
305 void (*init_temprop)(struct xfrm_state *x,
306 const struct xfrm_tmpl *tmpl,
307 const xfrm_address_t *daddr,
308 const xfrm_address_t *saddr);
309 int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n);
310 int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n);
311 int (*output)(struct sk_buff *skb);
312 int (*extract_input)(struct xfrm_state *x,
313 struct sk_buff *skb);
314 int (*extract_output)(struct xfrm_state *x,
315 struct sk_buff *skb);
316 int (*transport_finish)(struct sk_buff *skb,
320 extern int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo);
321 extern int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo);
323 extern void xfrm_state_delete_tunnel(struct xfrm_state *x);
327 struct module *owner;
330 #define XFRM_TYPE_NON_FRAGMENT 1
331 #define XFRM_TYPE_REPLAY_PROT 2
332 #define XFRM_TYPE_LOCAL_COADDR 4
333 #define XFRM_TYPE_REMOTE_COADDR 8
335 int (*init_state)(struct xfrm_state *x);
336 void (*destructor)(struct xfrm_state *);
337 int (*input)(struct xfrm_state *, struct sk_buff *skb);
338 int (*output)(struct xfrm_state *, struct sk_buff *pskb);
339 int (*reject)(struct xfrm_state *, struct sk_buff *,
340 const struct flowi *);
341 int (*hdr_offset)(struct xfrm_state *, struct sk_buff *, u8 **);
342 /* Estimate maximal size of result of transformation of a dgram */
343 u32 (*get_mtu)(struct xfrm_state *, int size);
346 extern int xfrm_register_type(const struct xfrm_type *type, unsigned short family);
347 extern int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family);
351 * Remove encapsulation header.
353 * The IP header will be moved over the top of the encapsulation
356 * On entry, the transport header shall point to where the IP header
357 * should be and the network header shall be set to where the IP
358 * header currently is. skb->data shall point to the start of the
361 int (*input2)(struct xfrm_state *x, struct sk_buff *skb);
364 * This is the actual input entry point.
366 * For transport mode and equivalent this would be identical to
367 * input2 (which does not need to be set). While tunnel mode
368 * and equivalent would set this to the tunnel encapsulation function
369 * xfrm4_prepare_input that would in turn call input2.
371 int (*input)(struct xfrm_state *x, struct sk_buff *skb);
374 * Add encapsulation header.
376 * On exit, the transport header will be set to the start of the
377 * encapsulation header to be filled in by x->type->output and
378 * the mac header will be set to the nextheader (protocol for
379 * IPv4) field of the extension header directly preceding the
380 * encapsulation header, or in its absence, that of the top IP
381 * header. The value of the network header will always point
382 * to the top IP header while skb->data will point to the payload.
384 int (*output2)(struct xfrm_state *x,struct sk_buff *skb);
387 * This is the actual output entry point.
389 * For transport mode and equivalent this would be identical to
390 * output2 (which does not need to be set). While tunnel mode
391 * and equivalent would set this to a tunnel encapsulation function
392 * (xfrm4_prepare_output or xfrm6_prepare_output) that would in turn
395 int (*output)(struct xfrm_state *x, struct sk_buff *skb);
397 struct xfrm_state_afinfo *afinfo;
398 struct module *owner;
403 /* Flags for xfrm_mode. */
405 XFRM_MODE_FLAG_TUNNEL = 1,
408 extern int xfrm_register_mode(struct xfrm_mode *mode, int family);
409 extern int xfrm_unregister_mode(struct xfrm_mode *mode, int family);
411 static inline int xfrm_af2proto(unsigned int family)
423 static inline struct xfrm_mode *xfrm_ip2inner_mode(struct xfrm_state *x, int ipproto)
425 if ((ipproto == IPPROTO_IPIP && x->props.family == AF_INET) ||
426 (ipproto == IPPROTO_IPV6 && x->props.family == AF_INET6))
427 return x->inner_mode;
429 return x->inner_mode_iaf;
433 /* id in template is interpreted as:
434 * daddr - destination of tunnel, may be zero for transport mode.
435 * spi - zero to acquire spi. Not zero if spi is static, then
436 * daddr must be fixed too.
437 * proto - AH/ESP/IPCOMP
441 /* Source address of tunnel. Ignored, if it is not a tunnel. */
442 xfrm_address_t saddr;
444 unsigned short encap_family;
448 /* Mode: transport, tunnel etc. */
451 /* Sharing mode: unique, this session only, this user only etc. */
454 /* May skip this transfomration if no SA is found */
457 /* Skip aalgos/ealgos/calgos checks. */
460 /* Bit mask of algos allowed for acquisition */
466 #define XFRM_MAX_DEPTH 6
468 struct xfrm_policy_walk_entry {
469 struct list_head all;
473 struct xfrm_policy_walk {
474 struct xfrm_policy_walk_entry walk;
483 struct hlist_node bydst;
484 struct hlist_node byidx;
486 /* This lock only affects elements except for entry. */
489 struct timer_list timer;
491 struct flow_cache_object flo;
495 struct xfrm_mark mark;
496 struct xfrm_selector selector;
497 struct xfrm_lifetime_cfg lft;
498 struct xfrm_lifetime_cur curlft;
499 struct xfrm_policy_walk_entry walk;
505 struct xfrm_sec_ctx *security;
506 struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH];
509 static inline struct net *xp_net(struct xfrm_policy *xp)
511 return read_pnet(&xp->xp_net);
514 struct xfrm_kmaddress {
515 xfrm_address_t local;
516 xfrm_address_t remote;
521 struct xfrm_migrate {
522 xfrm_address_t old_daddr;
523 xfrm_address_t old_saddr;
524 xfrm_address_t new_daddr;
525 xfrm_address_t new_saddr;
534 #define XFRM_KM_TIMEOUT 30
536 #define XFRM_REPLAY_SEQ 1
537 #define XFRM_REPLAY_OSEQ 2
538 #define XFRM_REPLAY_SEQ_MASK 3
540 #define XFRM_REPLAY_UPDATE XFRM_AE_CR
541 #define XFRM_REPLAY_TIMEOUT XFRM_AE_CE
543 /* default aevent timeout in units of 100ms */
544 #define XFRM_AE_ETIME 10
545 /* Async Event timer multiplier */
546 #define XFRM_AE_ETH_M 10
547 /* default seq threshold size */
548 #define XFRM_AE_SEQT_SIZE 2
551 struct list_head list;
553 int (*notify)(struct xfrm_state *x, const struct km_event *c);
554 int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir);
555 struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir);
556 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
557 int (*notify_policy)(struct xfrm_policy *x, int dir, const struct km_event *c);
558 int (*report)(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
559 int (*migrate)(struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles, struct xfrm_kmaddress *k);
562 extern int xfrm_register_km(struct xfrm_mgr *km);
563 extern int xfrm_unregister_km(struct xfrm_mgr *km);
566 * This structure is used for the duration where packets are being
567 * transformed by IPsec. As soon as the packet leaves IPsec the
568 * area beyond the generic IP part may be overwritten.
572 struct inet_skb_parm h4;
573 struct inet6_skb_parm h6;
576 /* Sequence number for replay protection. */
583 #define XFRM_SKB_CB(__skb) ((struct xfrm_skb_cb *)&((__skb)->cb[0]))
586 * This structure is used by the afinfo prepare_input/prepare_output functions
587 * to transmit header information to the mode input/output functions.
589 struct xfrm_mode_skb_cb {
591 struct inet_skb_parm h4;
592 struct inet6_skb_parm h6;
595 /* Copied from header for IPv4, always set to zero and DF for IPv6. */
599 /* IP header length (excluding options or extension headers). */
602 /* TOS for IPv4, class for IPv6. */
605 /* TTL for IPv4, hop limitfor IPv6. */
608 /* Protocol for IPv4, NH for IPv6. */
611 /* Option length for IPv4, zero for IPv6. */
614 /* Used by IPv6 only, zero for IPv4. */
618 #define XFRM_MODE_SKB_CB(__skb) ((struct xfrm_mode_skb_cb *)&((__skb)->cb[0]))
621 * This structure is used by the input processing to locate the SPI and
622 * related information.
624 struct xfrm_spi_skb_cb {
626 struct inet_skb_parm h4;
627 struct inet6_skb_parm h6;
630 unsigned int daddroff;
634 #define XFRM_SPI_SKB_CB(__skb) ((struct xfrm_spi_skb_cb *)&((__skb)->cb[0]))
636 /* Audit Information */
643 #ifdef CONFIG_AUDITSYSCALL
644 static inline struct audit_buffer *xfrm_audit_start(const char *op)
646 struct audit_buffer *audit_buf = NULL;
648 if (audit_enabled == 0)
650 audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC,
651 AUDIT_MAC_IPSEC_EVENT);
652 if (audit_buf == NULL)
654 audit_log_format(audit_buf, "op=%s", op);
658 static inline void xfrm_audit_helper_usrinfo(uid_t auid, u32 ses, u32 secid,
659 struct audit_buffer *audit_buf)
664 audit_log_format(audit_buf, " auid=%u ses=%u", auid, ses);
666 security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) {
667 audit_log_format(audit_buf, " subj=%s", secctx);
668 security_release_secctx(secctx, secctx_len);
670 audit_log_task_context(audit_buf);
673 extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
674 u32 auid, u32 ses, u32 secid);
675 extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
676 u32 auid, u32 ses, u32 secid);
677 extern void xfrm_audit_state_add(struct xfrm_state *x, int result,
678 u32 auid, u32 ses, u32 secid);
679 extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
680 u32 auid, u32 ses, u32 secid);
681 extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
682 struct sk_buff *skb);
683 extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
684 extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
685 __be32 net_spi, __be32 net_seq);
686 extern void xfrm_audit_state_icvfail(struct xfrm_state *x,
687 struct sk_buff *skb, u8 proto);
690 static inline void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
691 u32 auid, u32 ses, u32 secid)
695 static inline void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
696 u32 auid, u32 ses, u32 secid)
700 static inline void xfrm_audit_state_add(struct xfrm_state *x, int result,
701 u32 auid, u32 ses, u32 secid)
705 static inline void xfrm_audit_state_delete(struct xfrm_state *x, int result,
706 u32 auid, u32 ses, u32 secid)
710 static inline void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
715 static inline void xfrm_audit_state_notfound_simple(struct sk_buff *skb,
720 static inline void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
721 __be32 net_spi, __be32 net_seq)
725 static inline void xfrm_audit_state_icvfail(struct xfrm_state *x,
726 struct sk_buff *skb, u8 proto)
729 #endif /* CONFIG_AUDITSYSCALL */
731 static inline void xfrm_pol_hold(struct xfrm_policy *policy)
733 if (likely(policy != NULL))
734 atomic_inc(&policy->refcnt);
737 extern void xfrm_policy_destroy(struct xfrm_policy *policy);
739 static inline void xfrm_pol_put(struct xfrm_policy *policy)
741 if (atomic_dec_and_test(&policy->refcnt))
742 xfrm_policy_destroy(policy);
745 static inline void xfrm_pols_put(struct xfrm_policy **pols, int npols)
748 for (i = npols - 1; i >= 0; --i)
749 xfrm_pol_put(pols[i]);
752 extern void __xfrm_state_destroy(struct xfrm_state *);
754 static inline void __xfrm_state_put(struct xfrm_state *x)
756 atomic_dec(&x->refcnt);
759 static inline void xfrm_state_put(struct xfrm_state *x)
761 if (atomic_dec_and_test(&x->refcnt))
762 __xfrm_state_destroy(x);
765 static inline void xfrm_state_hold(struct xfrm_state *x)
767 atomic_inc(&x->refcnt);
770 static inline bool addr_match(const void *token1, const void *token2,
773 const __be32 *a1 = token1;
774 const __be32 *a2 = token2;
778 pdw = prefixlen >> 5; /* num of whole u32 in prefix */
779 pbi = prefixlen & 0x1f; /* num of bits in incomplete u32 in prefix */
782 if (memcmp(a1, a2, pdw << 2))
788 mask = htonl((0xffffffff) << (32 - pbi));
790 if ((a1[pdw] ^ a2[pdw]) & mask)
798 __be16 xfrm_flowi_sport(const struct flowi *fl)
804 case IPPROTO_UDPLITE:
806 port = fl->fl_ip_sport;
810 port = htons(fl->fl_icmp_type);
813 port = htons(fl->fl_mh_type);
816 port = htons(ntohl(fl->fl_gre_key) >> 16);
825 __be16 xfrm_flowi_dport(const struct flowi *fl)
831 case IPPROTO_UDPLITE:
833 port = fl->fl_ip_dport;
837 port = htons(fl->fl_icmp_code);
840 port = htons(ntohl(fl->fl_gre_key) & 0xffff);
848 extern int xfrm_selector_match(struct xfrm_selector *sel,
849 const struct flowi *fl,
850 unsigned short family);
852 #ifdef CONFIG_SECURITY_NETWORK_XFRM
853 /* If neither has a context --> match
854 * Otherwise, both must have a context and the sids, doi, alg must match
856 static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2)
858 return ((!s1 && !s2) ||
860 (s1->ctx_sid == s2->ctx_sid) &&
861 (s1->ctx_doi == s2->ctx_doi) &&
862 (s1->ctx_alg == s2->ctx_alg)));
865 static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2)
871 /* A struct encoding bundle of transformations to apply to some set of flow.
873 * dst->child points to the next element of bundle.
874 * dst->xfrm points to an instanse of transformer.
876 * Due to unfortunate limitations of current routing cache, which we
877 * have no time to fix, it mirrors struct rtable and bound to the same
878 * routing key, including saddr,daddr. However, we can have many of
879 * bundles differing by session id. All the bundles grow from a parent
884 struct dst_entry dst;
888 struct dst_entry *route;
889 struct flow_cache_object flo;
890 struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
891 int num_pols, num_xfrms;
892 #ifdef CONFIG_XFRM_SUB_POLICY
893 struct flowi *origin;
894 struct xfrm_selector *partner;
898 u32 route_mtu_cached;
899 u32 child_mtu_cached;
905 static inline void xfrm_dst_destroy(struct xfrm_dst *xdst)
907 xfrm_pols_put(xdst->pols, xdst->num_pols);
908 dst_release(xdst->route);
909 if (likely(xdst->u.dst.xfrm))
910 xfrm_state_put(xdst->u.dst.xfrm);
911 #ifdef CONFIG_XFRM_SUB_POLICY
914 kfree(xdst->partner);
915 xdst->partner = NULL;
920 extern void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev);
925 struct xfrm_state *xvec[XFRM_MAX_DEPTH];
928 static inline struct sec_path *
929 secpath_get(struct sec_path *sp)
932 atomic_inc(&sp->refcnt);
936 extern void __secpath_destroy(struct sec_path *sp);
939 secpath_put(struct sec_path *sp)
941 if (sp && atomic_dec_and_test(&sp->refcnt))
942 __secpath_destroy(sp);
945 extern struct sec_path *secpath_dup(struct sec_path *src);
948 secpath_reset(struct sk_buff *skb)
951 secpath_put(skb->sp);
957 xfrm_addr_any(xfrm_address_t *addr, unsigned short family)
961 return addr->a4 == 0;
963 return ipv6_addr_any((struct in6_addr *)&addr->a6);
969 __xfrm4_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x)
971 return (tmpl->saddr.a4 &&
972 tmpl->saddr.a4 != x->props.saddr.a4);
976 __xfrm6_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x)
978 return (!ipv6_addr_any((struct in6_addr*)&tmpl->saddr) &&
979 ipv6_addr_cmp((struct in6_addr *)&tmpl->saddr, (struct in6_addr*)&x->props.saddr));
983 xfrm_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x, unsigned short family)
987 return __xfrm4_state_addr_cmp(tmpl, x);
989 return __xfrm6_state_addr_cmp(tmpl, x);
995 extern int __xfrm_policy_check(struct sock *, int dir, struct sk_buff *skb, unsigned short family);
997 static inline int __xfrm_policy_check2(struct sock *sk, int dir,
999 unsigned int family, int reverse)
1001 struct net *net = dev_net(skb->dev);
1002 int ndir = dir | (reverse ? XFRM_POLICY_MASK + 1 : 0);
1004 if (sk && sk->sk_policy[XFRM_POLICY_IN])
1005 return __xfrm_policy_check(sk, ndir, skb, family);
1007 return (!net->xfrm.policy_count[dir] && !skb->sp) ||
1008 (skb_dst(skb)->flags & DST_NOPOLICY) ||
1009 __xfrm_policy_check(sk, ndir, skb, family);
1012 static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family)
1014 return __xfrm_policy_check2(sk, dir, skb, family, 0);
1017 static inline int xfrm4_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
1019 return xfrm_policy_check(sk, dir, skb, AF_INET);
1022 static inline int xfrm6_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
1024 return xfrm_policy_check(sk, dir, skb, AF_INET6);
1027 static inline int xfrm4_policy_check_reverse(struct sock *sk, int dir,
1028 struct sk_buff *skb)
1030 return __xfrm_policy_check2(sk, dir, skb, AF_INET, 1);
1033 static inline int xfrm6_policy_check_reverse(struct sock *sk, int dir,
1034 struct sk_buff *skb)
1036 return __xfrm_policy_check2(sk, dir, skb, AF_INET6, 1);
1039 extern int __xfrm_decode_session(struct sk_buff *skb, struct flowi *fl,
1040 unsigned int family, int reverse);
1042 static inline int xfrm_decode_session(struct sk_buff *skb, struct flowi *fl,
1043 unsigned int family)
1045 return __xfrm_decode_session(skb, fl, family, 0);
1048 static inline int xfrm_decode_session_reverse(struct sk_buff *skb,
1050 unsigned int family)
1052 return __xfrm_decode_session(skb, fl, family, 1);
1055 extern int __xfrm_route_forward(struct sk_buff *skb, unsigned short family);
1057 static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family)
1059 struct net *net = dev_net(skb->dev);
1061 return !net->xfrm.policy_count[XFRM_POLICY_OUT] ||
1062 (skb_dst(skb)->flags & DST_NOXFRM) ||
1063 __xfrm_route_forward(skb, family);
1066 static inline int xfrm4_route_forward(struct sk_buff *skb)
1068 return xfrm_route_forward(skb, AF_INET);
1071 static inline int xfrm6_route_forward(struct sk_buff *skb)
1073 return xfrm_route_forward(skb, AF_INET6);
1076 extern int __xfrm_sk_clone_policy(struct sock *sk);
1078 static inline int xfrm_sk_clone_policy(struct sock *sk)
1080 if (unlikely(sk->sk_policy[0] || sk->sk_policy[1]))
1081 return __xfrm_sk_clone_policy(sk);
1085 extern int xfrm_policy_delete(struct xfrm_policy *pol, int dir);
1087 static inline void xfrm_sk_free_policy(struct sock *sk)
1089 if (unlikely(sk->sk_policy[0] != NULL)) {
1090 xfrm_policy_delete(sk->sk_policy[0], XFRM_POLICY_MAX);
1091 sk->sk_policy[0] = NULL;
1093 if (unlikely(sk->sk_policy[1] != NULL)) {
1094 xfrm_policy_delete(sk->sk_policy[1], XFRM_POLICY_MAX+1);
1095 sk->sk_policy[1] = NULL;
1101 static inline void xfrm_sk_free_policy(struct sock *sk) {}
1102 static inline int xfrm_sk_clone_policy(struct sock *sk) { return 0; }
1103 static inline int xfrm6_route_forward(struct sk_buff *skb) { return 1; }
1104 static inline int xfrm4_route_forward(struct sk_buff *skb) { return 1; }
1105 static inline int xfrm6_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
1109 static inline int xfrm4_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
1113 static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family)
1117 static inline int xfrm_decode_session_reverse(struct sk_buff *skb,
1119 unsigned int family)
1123 static inline int xfrm4_policy_check_reverse(struct sock *sk, int dir,
1124 struct sk_buff *skb)
1128 static inline int xfrm6_policy_check_reverse(struct sock *sk, int dir,
1129 struct sk_buff *skb)
1136 xfrm_address_t *xfrm_flowi_daddr(const struct flowi *fl, unsigned short family)
1140 return (xfrm_address_t *)&fl->fl4_dst;
1142 return (xfrm_address_t *)&fl->fl6_dst;
1148 xfrm_address_t *xfrm_flowi_saddr(const struct flowi *fl, unsigned short family)
1152 return (xfrm_address_t *)&fl->fl4_src;
1154 return (xfrm_address_t *)&fl->fl6_src;
1160 void xfrm_flowi_addr_get(const struct flowi *fl,
1161 xfrm_address_t *saddr, xfrm_address_t *daddr,
1162 unsigned short family)
1166 memcpy(&saddr->a4, &fl->fl4_src, sizeof(saddr->a4));
1167 memcpy(&daddr->a4, &fl->fl4_dst, sizeof(daddr->a4));
1170 ipv6_addr_copy((struct in6_addr *)&saddr->a6, &fl->fl6_src);
1171 ipv6_addr_copy((struct in6_addr *)&daddr->a6, &fl->fl6_dst);
1176 static __inline__ int
1177 __xfrm4_state_addr_check(struct xfrm_state *x,
1178 xfrm_address_t *daddr, xfrm_address_t *saddr)
1180 if (daddr->a4 == x->id.daddr.a4 &&
1181 (saddr->a4 == x->props.saddr.a4 || !saddr->a4 || !x->props.saddr.a4))
1186 static __inline__ int
1187 __xfrm6_state_addr_check(struct xfrm_state *x,
1188 xfrm_address_t *daddr, xfrm_address_t *saddr)
1190 if (!ipv6_addr_cmp((struct in6_addr *)daddr, (struct in6_addr *)&x->id.daddr) &&
1191 (!ipv6_addr_cmp((struct in6_addr *)saddr, (struct in6_addr *)&x->props.saddr)||
1192 ipv6_addr_any((struct in6_addr *)saddr) ||
1193 ipv6_addr_any((struct in6_addr *)&x->props.saddr)))
1198 static __inline__ int
1199 xfrm_state_addr_check(struct xfrm_state *x,
1200 xfrm_address_t *daddr, xfrm_address_t *saddr,
1201 unsigned short family)
1205 return __xfrm4_state_addr_check(x, daddr, saddr);
1207 return __xfrm6_state_addr_check(x, daddr, saddr);
1212 static __inline__ int
1213 xfrm_state_addr_flow_check(struct xfrm_state *x, const struct flowi *fl,
1214 unsigned short family)
1218 return __xfrm4_state_addr_check(x,
1219 (xfrm_address_t *)&fl->fl4_dst,
1220 (xfrm_address_t *)&fl->fl4_src);
1222 return __xfrm6_state_addr_check(x,
1223 (xfrm_address_t *)&fl->fl6_dst,
1224 (xfrm_address_t *)&fl->fl6_src);
1229 static inline int xfrm_state_kern(struct xfrm_state *x)
1231 return atomic_read(&x->tunnel_users);
1234 static inline int xfrm_id_proto_match(u8 proto, u8 userproto)
1236 return (!userproto || proto == userproto ||
1237 (userproto == IPSEC_PROTO_ANY && (proto == IPPROTO_AH ||
1238 proto == IPPROTO_ESP ||
1239 proto == IPPROTO_COMP)));
1243 * xfrm algorithm information
1245 struct xfrm_algo_aead_info {
1249 struct xfrm_algo_auth_info {
1254 struct xfrm_algo_encr_info {
1259 struct xfrm_algo_comp_info {
1263 struct xfrm_algo_desc {
1268 struct xfrm_algo_aead_info aead;
1269 struct xfrm_algo_auth_info auth;
1270 struct xfrm_algo_encr_info encr;
1271 struct xfrm_algo_comp_info comp;
1273 struct sadb_alg desc;
1276 /* XFRM tunnel handlers. */
1277 struct xfrm_tunnel {
1278 int (*handler)(struct sk_buff *skb);
1279 int (*err_handler)(struct sk_buff *skb, u32 info);
1281 struct xfrm_tunnel __rcu *next;
1285 struct xfrm6_tunnel {
1286 int (*handler)(struct sk_buff *skb);
1287 int (*err_handler)(struct sk_buff *skb, struct inet6_skb_parm *opt,
1288 u8 type, u8 code, int offset, __be32 info);
1289 struct xfrm6_tunnel __rcu *next;
1293 extern void xfrm_init(void);
1294 extern void xfrm4_init(int rt_hash_size);
1295 extern int xfrm_state_init(struct net *net);
1296 extern void xfrm_state_fini(struct net *net);
1297 extern void xfrm4_state_init(void);
1299 extern int xfrm6_init(void);
1300 extern void xfrm6_fini(void);
1301 extern int xfrm6_state_init(void);
1302 extern void xfrm6_state_fini(void);
1304 static inline int xfrm6_init(void)
1308 static inline void xfrm6_fini(void)
1314 #ifdef CONFIG_XFRM_STATISTICS
1315 extern int xfrm_proc_init(struct net *net);
1316 extern void xfrm_proc_fini(struct net *net);
1319 extern int xfrm_sysctl_init(struct net *net);
1320 #ifdef CONFIG_SYSCTL
1321 extern void xfrm_sysctl_fini(struct net *net);
1323 static inline void xfrm_sysctl_fini(struct net *net)
1328 extern void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto);
1329 extern int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
1330 int (*func)(struct xfrm_state *, int, void*), void *);
1331 extern void xfrm_state_walk_done(struct xfrm_state_walk *walk);
1332 extern struct xfrm_state *xfrm_state_alloc(struct net *net);
1333 extern struct xfrm_state *xfrm_state_find(xfrm_address_t *daddr,
1334 xfrm_address_t *saddr,
1335 const struct flowi *fl,
1336 struct xfrm_tmpl *tmpl,
1337 struct xfrm_policy *pol, int *err,
1338 unsigned short family);
1339 extern struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark,
1340 xfrm_address_t *daddr,
1341 xfrm_address_t *saddr,
1342 unsigned short family,
1343 u8 mode, u8 proto, u32 reqid);
1344 extern int xfrm_state_check_expire(struct xfrm_state *x);
1345 extern void xfrm_state_insert(struct xfrm_state *x);
1346 extern int xfrm_state_add(struct xfrm_state *x);
1347 extern int xfrm_state_update(struct xfrm_state *x);
1348 extern struct xfrm_state *xfrm_state_lookup(struct net *net, u32 mark,
1349 xfrm_address_t *daddr, __be32 spi,
1350 u8 proto, unsigned short family);
1351 extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, u32 mark,
1352 xfrm_address_t *daddr,
1353 xfrm_address_t *saddr,
1355 unsigned short family);
1356 #ifdef CONFIG_XFRM_SUB_POLICY
1357 extern int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
1358 int n, unsigned short family);
1359 extern int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src,
1360 int n, unsigned short family);
1362 static inline int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
1363 int n, unsigned short family)
1368 static inline int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src,
1369 int n, unsigned short family)
1375 struct xfrmk_sadinfo {
1376 u32 sadhcnt; /* current hash bkts */
1377 u32 sadhmcnt; /* max allowed hash bkts */
1378 u32 sadcnt; /* current running count */
1381 struct xfrmk_spdinfo {
1392 extern struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark,
1394 extern int xfrm_state_delete(struct xfrm_state *x);
1395 extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info);
1396 extern void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si);
1397 extern void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si);
1398 extern int xfrm_replay_check(struct xfrm_state *x,
1399 struct sk_buff *skb, __be32 seq);
1400 extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq);
1401 extern void xfrm_replay_notify(struct xfrm_state *x, int event);
1402 extern int xfrm_state_mtu(struct xfrm_state *x, int mtu);
1403 extern int xfrm_init_state(struct xfrm_state *x);
1404 extern int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb);
1405 extern int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi,
1407 extern int xfrm_input_resume(struct sk_buff *skb, int nexthdr);
1408 extern int xfrm_output_resume(struct sk_buff *skb, int err);
1409 extern int xfrm_output(struct sk_buff *skb);
1410 extern int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb);
1411 extern int xfrm4_extract_header(struct sk_buff *skb);
1412 extern int xfrm4_extract_input(struct xfrm_state *x, struct sk_buff *skb);
1413 extern int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
1415 extern int xfrm4_transport_finish(struct sk_buff *skb, int async);
1416 extern int xfrm4_rcv(struct sk_buff *skb);
1418 static inline int xfrm4_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi)
1420 return xfrm4_rcv_encap(skb, nexthdr, spi, 0);
1423 extern int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb);
1424 extern int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
1425 extern int xfrm4_output(struct sk_buff *skb);
1426 extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family);
1427 extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family);
1428 extern int xfrm6_extract_header(struct sk_buff *skb);
1429 extern int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb);
1430 extern int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi);
1431 extern int xfrm6_transport_finish(struct sk_buff *skb, int async);
1432 extern int xfrm6_rcv(struct sk_buff *skb);
1433 extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
1434 xfrm_address_t *saddr, u8 proto);
1435 extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family);
1436 extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family);
1437 extern __be32 xfrm6_tunnel_alloc_spi(struct net *net, xfrm_address_t *saddr);
1438 extern __be32 xfrm6_tunnel_spi_lookup(struct net *net, xfrm_address_t *saddr);
1439 extern int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb);
1440 extern int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
1441 extern int xfrm6_output(struct sk_buff *skb);
1442 extern int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
1446 extern int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb);
1447 extern int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen);
1449 static inline int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1451 return -ENOPROTOOPT;
1454 static inline int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb)
1456 /* should not happen */
1462 struct xfrm_policy *xfrm_policy_alloc(struct net *net, gfp_t gfp);
1464 extern void xfrm_policy_walk_init(struct xfrm_policy_walk *walk, u8 type);
1465 extern int xfrm_policy_walk(struct net *net, struct xfrm_policy_walk *walk,
1466 int (*func)(struct xfrm_policy *, int, int, void*), void *);
1467 extern void xfrm_policy_walk_done(struct xfrm_policy_walk *walk);
1468 int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);
1469 struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark,
1471 struct xfrm_selector *sel,
1472 struct xfrm_sec_ctx *ctx, int delete,
1474 struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir, u32 id, int delete, int *err);
1475 int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info);
1476 u32 xfrm_get_acqseq(void);
1477 extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
1478 struct xfrm_state *xfrm_find_acq(struct net *net, struct xfrm_mark *mark,
1479 u8 mode, u32 reqid, u8 proto,
1480 xfrm_address_t *daddr,
1481 xfrm_address_t *saddr, int create,
1482 unsigned short family);
1483 extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
1485 #ifdef CONFIG_XFRM_MIGRATE
1486 extern int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1487 struct xfrm_migrate *m, int num_bundles,
1488 struct xfrm_kmaddress *k);
1489 extern struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m);
1490 extern struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1491 struct xfrm_migrate *m);
1492 extern int xfrm_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1493 struct xfrm_migrate *m, int num_bundles,
1494 struct xfrm_kmaddress *k);
1497 extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
1498 extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid);
1499 extern int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
1501 extern void xfrm_input_init(void);
1502 extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq);
1504 extern void xfrm_probe_algs(void);
1505 extern int xfrm_count_auth_supported(void);
1506 extern int xfrm_count_enc_supported(void);
1507 extern struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx);
1508 extern struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx);
1509 extern struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id);
1510 extern struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id);
1511 extern struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id);
1512 extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe);
1513 extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe);
1514 extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe);
1515 extern struct xfrm_algo_desc *xfrm_aead_get_byname(char *name, int icv_len,
1520 typedef int (icv_update_fn_t)(struct hash_desc *, struct scatterlist *,
1523 static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b,
1529 return (__force u32)a->a4 - (__force u32)b->a4;
1531 return ipv6_addr_cmp((struct in6_addr *)a,
1532 (struct in6_addr *)b);
1536 static inline int xfrm_policy_id2dir(u32 index)
1542 static inline int xfrm_aevent_is_on(struct net *net)
1548 nlsk = rcu_dereference(net->xfrm.nlsk);
1550 ret = netlink_has_listeners(nlsk, XFRMNLGRP_AEVENTS);
1556 static inline int xfrm_alg_len(struct xfrm_algo *alg)
1558 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
1561 static inline int xfrm_alg_auth_len(struct xfrm_algo_auth *alg)
1563 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
1566 #ifdef CONFIG_XFRM_MIGRATE
1567 static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig)
1569 return kmemdup(orig, xfrm_alg_len(orig), GFP_KERNEL);
1572 static inline struct xfrm_algo_auth *xfrm_algo_auth_clone(struct xfrm_algo_auth *orig)
1574 return kmemdup(orig, xfrm_alg_auth_len(orig), GFP_KERNEL);
1577 static inline void xfrm_states_put(struct xfrm_state **states, int n)
1580 for (i = 0; i < n; i++)
1581 xfrm_state_put(*(states + i));
1584 static inline void xfrm_states_delete(struct xfrm_state **states, int n)
1587 for (i = 0; i < n; i++)
1588 xfrm_state_delete(*(states + i));
1593 static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb)
1595 return skb->sp->xvec[skb->sp->len - 1];
1599 static inline int xfrm_mark_get(struct nlattr **attrs, struct xfrm_mark *m)
1601 if (attrs[XFRMA_MARK])
1602 memcpy(m, nla_data(attrs[XFRMA_MARK]), sizeof(struct xfrm_mark));
1609 static inline int xfrm_mark_put(struct sk_buff *skb, struct xfrm_mark *m)
1612 NLA_PUT(skb, XFRMA_MARK, sizeof(struct xfrm_mark), m);
1619 #endif /* _NET_XFRM_H */
projects / cascardo / linux.git / blob