Home
last modified time | relevance | path

Searched refs:xfrm (Results 1 – 25 of 56) sorted by relevance

123

/kernel/linux/linux-5.10/drivers/net/ethernet/mellanox/mlx5/core/accel/
Dipsec.c107 struct mlx5_accel_esp_xfrm *xfrm, in mlx5_accel_esp_create_hw_context() argument
116 if (!xfrm->attrs.is_ipv6) { in mlx5_accel_esp_create_hw_context()
117 saddr[3] = xfrm->attrs.saddr.a4; in mlx5_accel_esp_create_hw_context()
118 daddr[3] = xfrm->attrs.daddr.a4; in mlx5_accel_esp_create_hw_context()
120 memcpy(saddr, xfrm->attrs.saddr.a6, sizeof(saddr)); in mlx5_accel_esp_create_hw_context()
121 memcpy(daddr, xfrm->attrs.daddr.a6, sizeof(daddr)); in mlx5_accel_esp_create_hw_context()
124 return ipsec_ops->create_hw_context(mdev, xfrm, saddr, daddr, xfrm->attrs.spi, in mlx5_accel_esp_create_hw_context()
125 xfrm->attrs.is_ipv6, sa_handle); in mlx5_accel_esp_create_hw_context()
144 struct mlx5_accel_esp_xfrm *xfrm; in mlx5_accel_esp_create_xfrm() local
149 xfrm = ipsec_ops->esp_create_xfrm(mdev, attrs, flags); in mlx5_accel_esp_create_xfrm()
[all …]
Dipsec.h50 struct mlx5_accel_esp_xfrm *xfrm,
62 struct mlx5_accel_esp_xfrm *xfrm,
71 int (*esp_modify_xfrm)(struct mlx5_accel_esp_xfrm *xfrm,
73 void (*esp_destroy_xfrm)(struct mlx5_accel_esp_xfrm *xfrm);
82 struct mlx5_accel_esp_xfrm *xfrm, in mlx5_accel_esp_create_hw_context() argument
Dipsec_offload.c118 static void mlx5_ipsec_offload_esp_destroy_xfrm(struct mlx5_accel_esp_xfrm *xfrm) in mlx5_ipsec_offload_esp_destroy_xfrm() argument
120 struct mlx5_ipsec_esp_xfrm *mxfrm = container_of(xfrm, struct mlx5_ipsec_esp_xfrm, in mlx5_ipsec_offload_esp_destroy_xfrm()
330 static int mlx5_ipsec_offload_esp_modify_xfrm(struct mlx5_accel_esp_xfrm *xfrm, in mlx5_ipsec_offload_esp_modify_xfrm() argument
334 struct mlx5_core_dev *mdev = xfrm->mdev; in mlx5_ipsec_offload_esp_modify_xfrm()
339 if (!memcmp(&xfrm->attrs, attrs, sizeof(xfrm->attrs))) in mlx5_ipsec_offload_esp_modify_xfrm()
345 mxfrm = container_of(xfrm, struct mlx5_ipsec_esp_xfrm, accel_xfrm); in mlx5_ipsec_offload_esp_modify_xfrm()
363 memcpy(&xfrm->attrs, attrs, sizeof(xfrm->attrs)); in mlx5_ipsec_offload_esp_modify_xfrm()
/kernel/linux/linux-5.10/net/xfrm/
Dxfrm_sysctl.c9 net->xfrm.sysctl_aevent_etime = XFRM_AE_ETIME; in __xfrm_sysctl_init()
10 net->xfrm.sysctl_aevent_rseqth = XFRM_AE_SEQT_SIZE; in __xfrm_sysctl_init()
11 net->xfrm.sysctl_larval_drop = 1; in __xfrm_sysctl_init()
12 net->xfrm.sysctl_acq_expires = 30; in __xfrm_sysctl_init()
53 table[0].data = &net->xfrm.sysctl_aevent_etime; in xfrm_sysctl_init()
54 table[1].data = &net->xfrm.sysctl_aevent_rseqth; in xfrm_sysctl_init()
55 table[2].data = &net->xfrm.sysctl_larval_drop; in xfrm_sysctl_init()
56 table[3].data = &net->xfrm.sysctl_acq_expires; in xfrm_sysctl_init()
62 net->xfrm.sysctl_hdr = register_net_sysctl(net, "net/core", table); in xfrm_sysctl_init()
63 if (!net->xfrm.sysctl_hdr) in xfrm_sysctl_init()
[all …]
Dxfrm_policy.c458 return __idx_hash(index, net->xfrm.policy_idx_hmask); in idx_hash()
468 *dbits = net->xfrm.policy_bydst[dir].dbits4; in __get_hash_thresh()
469 *sbits = net->xfrm.policy_bydst[dir].sbits4; in __get_hash_thresh()
473 *dbits = net->xfrm.policy_bydst[dir].dbits6; in __get_hash_thresh()
474 *sbits = net->xfrm.policy_bydst[dir].sbits6; in __get_hash_thresh()
487 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask; in policy_hash_bysel()
498 return rcu_dereference_check(net->xfrm.policy_bydst[dir].table, in policy_hash_bysel()
499 lockdep_is_held(&net->xfrm.xfrm_policy_lock)) + hash; in policy_hash_bysel()
507 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask; in policy_hash_direct()
515 return rcu_dereference_check(net->xfrm.policy_bydst[dir].table, in policy_hash_direct()
[all …]
Dxfrm_state.c35 rcu_dereference_protected((table), lockdep_is_held(&(net)->xfrm.xfrm_state_lock))
63 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask); in xfrm_dst_hash()
71 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask); in xfrm_src_hash()
78 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask); in xfrm_spi_hash()
119 struct net *net = container_of(work, struct net, xfrm.state_hash_work); in xfrm_hash_resize()
125 nsize = xfrm_hash_new_size(net->xfrm.state_hmask); in xfrm_hash_resize()
141 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_hash_resize()
142 write_seqcount_begin(&net->xfrm.xfrm_state_hash_generation); in xfrm_hash_resize()
145 odst = xfrm_state_deref_prot(net->xfrm.state_bydst, net); in xfrm_hash_resize()
146 for (i = net->xfrm.state_hmask; i >= 0; i--) in xfrm_hash_resize()
[all …]
Dxfrm_user.c651 x->replay_maxdiff = net->xfrm.sysctl_aevent_rseqth; in xfrm_state_construct()
653 x->replay_maxage = (net->xfrm.sysctl_aevent_etime*HZ)/XFRM_AE_ETH_M; in xfrm_state_construct()
1119 struct sock *nlsk = rcu_dereference(net->xfrm.nlsk); in xfrm_nlmsg_multicast()
1179 lseq = read_seqbegin(&net->xfrm.policy_hthresh.lock); in build_spdinfo()
1181 spt4.lbits = net->xfrm.policy_hthresh.lbits4; in build_spdinfo()
1182 spt4.rbits = net->xfrm.policy_hthresh.rbits4; in build_spdinfo()
1183 spt6.lbits = net->xfrm.policy_hthresh.lbits6; in build_spdinfo()
1184 spt6.rbits = net->xfrm.policy_hthresh.rbits6; in build_spdinfo()
1185 } while (read_seqretry(&net->xfrm.policy_hthresh.lock, lseq)); in build_spdinfo()
1231 write_seqlock(&net->xfrm.policy_hthresh.lock); in xfrm_set_spdinfo()
[all …]
Dxfrm_output.c416 struct xfrm_state *x = dst->xfrm; in xfrm_output_one()
493 x = dst->xfrm; in xfrm_output_one()
508 struct net *net = xs_net(skb_dst(skb)->xfrm); in xfrm_output_resume()
517 if (!skb_dst(skb)->xfrm) in xfrm_output_resume()
571 struct xfrm_state *x = skb_dst(skb)->xfrm; in xfrm_output()
/kernel/linux/linux-5.10/tools/testing/selftests/net/
Dxfrm_policy.sh39 …ip -net $ns xfrm policy add src $lnet dst $rnet dir out tmpl src $me dst $remote proto esp mode tu…
41 …ip -net $ns xfrm policy add src $rnet dst $lnet dir fwd tmpl src $remote dst $me proto esp mode tu…
53 …ip -net $ns xfrm state add src $remote dst $me proto esp spi $spi_in enc aes $KEY_AES auth sha1 …
54 …ip -net $ns xfrm state add src $me dst $remote proto esp spi $spi_out enc aes $KEY_AES auth sha1 …
76 ip -net $ns xfrm policy add src 10.1.0.0/24 dst 10.0.0.0/24 dir fwd priority 200 action block
79 ip -net $ns xfrm policy add src 10.2.0.0/24 dst 10.0.0.0/24 dir fwd priority 200 action block
82 ip -net $ns xfrm policy add src 10.2.0.0/23 dst 10.0.1.0/24 dir fwd priority 200 action block
108 ip -net $ns xfrm policy add src 10.1.0.0/24 dst 10.0.0.0/23 dir fwd priority 200 action block
113 …ip -net $ns xfrm policy add src 10.253.1.$((RANDOM%255))/$p dst 10.254.1.$((RANDOM%255))/$p dir fw…
123 ip -net $ns xfrm policy get src $lnet dst $rnet dir out > /dev/null
[all …]
Dl2tp.sh234 run_cmd host-1 ip xfrm policy add \
238 run_cmd host-1 ip xfrm policy add \
242 run_cmd host-2 ip xfrm policy add \
246 run_cmd host-2 ip xfrm policy add \
250 ip -netns host-1 xfrm state add \
255 ip -netns host-1 xfrm state add \
260 ip -netns host-2 xfrm state add \
265 ip -netns host-2 xfrm state add \
273 run_cmd host-1 ip -6 xfrm policy add \
277 run_cmd host-1 ip -6 xfrm policy add \
[all …]
Dvrf-xfrm-tests.sh202 ip -netns ${ns} xfrm ${x} flush
203 ip -6 -netns ${ns} xfrm ${x} flush
221 ip -netns host1 xfrm policy add \
226 ip -netns host2 xfrm policy add \
231 ip -netns host1 xfrm policy add \
236 ip -netns host2 xfrm policy add \
242 ip -6 -netns host1 xfrm policy add \
247 ip -6 -netns host2 xfrm policy add \
252 ip -6 -netns host1 xfrm policy add \
257 ip -6 -netns host2 xfrm policy add \
[all …]
/kernel/linux/linux-5.10/include/linux/mlx5/
Daccel.h137 void mlx5_accel_esp_destroy_xfrm(struct mlx5_accel_esp_xfrm *xfrm);
138 int mlx5_accel_esp_modify_xfrm(struct mlx5_accel_esp_xfrm *xfrm,
150 mlx5_accel_esp_destroy_xfrm(struct mlx5_accel_esp_xfrm *xfrm) {} in mlx5_accel_esp_destroy_xfrm() argument
152 mlx5_accel_esp_modify_xfrm(struct mlx5_accel_esp_xfrm *xfrm, in mlx5_accel_esp_modify_xfrm() argument
/kernel/linux/linux-5.10/net/ipv6/
Dxfrm6_policy.c149 } while (xdst->u.dst.xfrm); in xfrm6_dst_ifdown()
190 .data = &init_net.xfrm.xfrm6_dst_ops.gc_thresh,
209 table[0].data = &net->xfrm.xfrm6_dst_ops.gc_thresh; in xfrm6_net_sysctl_init()
253 memcpy(&net->xfrm.xfrm6_dst_ops, &xfrm6_dst_ops_template, in xfrm6_net_init()
255 ret = dst_entries_init(&net->xfrm.xfrm6_dst_ops); in xfrm6_net_init()
261 dst_entries_destroy(&net->xfrm.xfrm6_dst_ops); in xfrm6_net_init()
269 dst_entries_destroy(&net->xfrm.xfrm6_dst_ops); in xfrm6_net_exit()
/kernel/linux/linux-5.10/drivers/net/ethernet/mellanox/mlx5/core/en_accel/
Dipsec.c290 return mlx5e_accel_ipsec_fs_add_rule(priv, &sa_entry->xfrm->attrs, in mlx5e_xfrm_fs_add_rule()
301 mlx5e_accel_ipsec_fs_del_rule(priv, &sa_entry->xfrm->attrs, in mlx5e_xfrm_fs_del_rule()
334 sa_entry->xfrm = in mlx5e_xfrm_add_state()
337 if (IS_ERR(sa_entry->xfrm)) { in mlx5e_xfrm_add_state()
338 err = PTR_ERR(sa_entry->xfrm); in mlx5e_xfrm_add_state()
345 sa_entry->xfrm, in mlx5e_xfrm_add_state()
374 mlx5_accel_esp_destroy_xfrm(sa_entry->xfrm); in mlx5e_xfrm_add_state()
404 mlx5_accel_esp_free_hw_context(sa_entry->xfrm->mdev, sa_entry->hw_context); in mlx5e_xfrm_free_state()
405 mlx5_accel_esp_destroy_xfrm(sa_entry->xfrm); in mlx5e_xfrm_free_state()
486 ret = mlx5_accel_esp_modify_xfrm(sa_entry->xfrm, in _update_xfrm_state()
/kernel/linux/linux-5.10/net/ipv4/
Dxfrm4_policy.c163 .data = &init_net.xfrm.xfrm4_dst_ops.gc_thresh,
182 table[0].data = &net->xfrm.xfrm4_dst_ops.gc_thresh; in xfrm4_net_sysctl_init()
226 memcpy(&net->xfrm.xfrm4_dst_ops, &xfrm4_dst_ops_template, in xfrm4_net_init()
228 ret = dst_entries_init(&net->xfrm.xfrm4_dst_ops); in xfrm4_net_init()
234 dst_entries_destroy(&net->xfrm.xfrm4_dst_ops); in xfrm4_net_init()
242 dst_entries_destroy(&net->xfrm.xfrm4_dst_ops); in xfrm4_net_exit()
Dxfrm4_output.c20 struct xfrm_state *x = skb_dst(skb)->xfrm; in __xfrm4_output()
/kernel/linux/linux-5.10/tools/testing/selftests/bpf/
Dtest_tunnel.sh595 ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \
599 ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir out \
604 ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \
608 ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir in \
620 ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \
623 ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir in \
627 ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \
630 ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir out \
689 ip xfrm policy delete dir out src 10.1.1.200/32 dst 10.1.1.100/32 2> /dev/null
690 ip xfrm policy delete dir in src 10.1.1.100/32 dst 10.1.1.200/32 2> /dev/null
[all …]
/kernel/linux/linux-5.10/net/netfilter/
Dxt_policy.c90 if (dst->xfrm == NULL) in match_policy_out()
93 for (i = 0; dst && dst->xfrm; in match_policy_out()
100 if (match_xfrm_state(dst->xfrm, e, family)) { in match_policy_out()
Dnft_xfrm.c180 for (i = 0; dst && dst->xfrm; in nft_xfrm_get_eval_out()
185 nft_xfrm_state_get_key(priv, regs, dst->xfrm); in nft_xfrm_get_eval_out()
/kernel/linux/linux-5.10/tools/testing/selftests/net/forwarding/
Dip6_forward_instats_vrf.sh149 ip xfrm policy add dst 2001:1:2::2/128 dir fwd action block
152 ip xfrm policy del dst 2001:1:2::2/128 dir fwd
/kernel/linux/linux-5.10/tools/testing/selftests/netfilter/
Dnft_flowtable.sh391 …ip -net $ns xfrm state add src $remote dst $me proto esp spi $spi_in enc aes $KEY_AES auth sha1 …
392 …ip -net $ns xfrm state add src $me dst $remote proto esp spi $spi_out enc aes $KEY_AES auth sha1 …
395 …ip -net $ns xfrm policy add src $lnet dst $rnet dir out tmpl src $me dst $remote proto esp mode tu…
397 …ip -net $ns xfrm policy add src $rnet dst $lnet dir fwd tmpl src $remote dst $me proto esp mode tu…
/kernel/linux/linux-5.10/include/net/
Dxfrm.h952 if (dst->xfrm || (dst->flags & DST_XFRM_QUEUE)) { in xfrm_dst_path()
964 if (dst->xfrm || (dst->flags & DST_XFRM_QUEUE)) { in xfrm_dst_child()
982 if (likely(xdst->u.dst.xfrm)) in xfrm_dst_destroy()
983 xfrm_state_put(xdst->u.dst.xfrm); in xfrm_dst_destroy()
1098 if (!net->xfrm.policy_count[dir] && !secpath_exists(skb)) in __xfrm_check_nopolicy()
1099 return net->xfrm.policy_default[dir] == XFRM_USERPOLICY_ACCEPT; in __xfrm_check_nopolicy()
1180 if (!net->xfrm.policy_count[XFRM_POLICY_OUT] && in xfrm_route_forward()
1181 net->xfrm.policy_default[XFRM_POLICY_OUT] == XFRM_USERPOLICY_ACCEPT) in xfrm_route_forward()
1763 nlsk = rcu_dereference(net->xfrm.nlsk); in xfrm_aevent_is_on()
1776 nlsk = rcu_dereference(net->xfrm.nlsk); in xfrm_acquire_is_on()
[all …]
/kernel/linux/linux-5.10/drivers/net/ethernet/mellanox/mlx5/core/fpga/
Dipsec.c1480 static void mlx5_fpga_esp_destroy_xfrm(struct mlx5_accel_esp_xfrm *xfrm) in mlx5_fpga_esp_destroy_xfrm() argument
1483 container_of(xfrm, struct mlx5_fpga_esp_xfrm, in mlx5_fpga_esp_destroy_xfrm()
1489 static int mlx5_fpga_esp_modify_xfrm(struct mlx5_accel_esp_xfrm *xfrm, in mlx5_fpga_esp_modify_xfrm() argument
1492 struct mlx5_core_dev *mdev = xfrm->mdev; in mlx5_fpga_esp_modify_xfrm()
1500 if (!memcmp(&xfrm->attrs, attrs, sizeof(xfrm->attrs))) in mlx5_fpga_esp_modify_xfrm()
1513 fpga_xfrm = container_of(xfrm, struct mlx5_fpga_esp_xfrm, accel_xfrm); in mlx5_fpga_esp_modify_xfrm()
1528 mlx5_fpga_ipsec_build_hw_xfrm(xfrm->mdev, attrs, in mlx5_fpga_esp_modify_xfrm()
1557 memcpy(&xfrm->attrs, attrs, sizeof(xfrm->attrs)); in mlx5_fpga_esp_modify_xfrm()
/kernel/linux/linux-5.10/security/selinux/
DMakefile13 selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
/kernel/linux/linux-5.10/Documentation/networking/
Dsecid.rst11 matching labeled xfrm(s).

123