Lines Matching +full:ports +full:- +full:block +full:- +full:pack +full:- +full:mode
1 /* SPDX-License-Identifier: GPL-2.0 */
46 MODULE_ALIAS("xfrm-mode-" __stringify(family) "-" __stringify(encap))
48 MODULE_ALIAS("xfrm-type-" __stringify(family) "-" __stringify(proto))
50 MODULE_ALIAS("xfrm-offload-" __stringify(family) "-" __stringify(proto))
53 #define XFRM_INC_STATS(net, field) SNMP_INC_STATS((net)->mib.xfrm_statistics, field)
60 ------------------------------------
63 - policy rule, struct xfrm_policy (=SPD entry)
64 - bundle of transformations, struct dst_entry == struct xfrm_dst (=SA bundle)
65 - instance of a transformer, struct xfrm_state (=SA)
66 - template to clone xfrm_state, struct xfrm_tmpl
75 If "action" is "block", then we prohibit the flow, otherwise:
79 to a complete xfrm_state (see below) and we pack bundle of transformations
82 dst -. xfrm .-> xfrm_state #1
83 |---. child .-> dst -. xfrm .-> xfrm_state #2
84 |---. child .-> dst -. xfrm .-> xfrm_state #3
85 |---. child .-> NULL
87 Bundles are cached at xrfm_policy struct (field ->bundles).
91 -----------------------
93 1. ->mode Mode: transport or tunnel
94 2. ->id.proto Protocol: AH/ESP/IPCOMP
95 3. ->id.daddr Remote tunnel endpoint, ignored for transport mode.
97 4. ->id.spi If not zero, static SPI.
98 5. ->saddr Local tunnel endpoint, ignored for transport mode.
99 6. ->algos List of allowed algos. Plain bitmask now.
101 7. ->share Sharing mode.
102 Q: how to implement private sharing mode? To add struct sock* to
106 with appropriate mode/proto/algo, permitted by selector.
117 metrics. Plus, it will be made via sk->sk_dst_cache. Solved.
175 u8 mode; member
204 /* Data for care-of address */
244 /* used to fix curlft->add_time when changing date */
271 return read_pnet(&x->xs_net); in xs_net()
274 /* xflags - make enum if more show up */
441 if ((ipproto == IPPROTO_IPIP && x->props.family == AF_INET) || in xfrm_ip2inner_mode()
442 (ipproto == IPPROTO_IPV6 && x->props.family == AF_INET6)) in xfrm_ip2inner_mode()
443 return &x->inner_mode; in xfrm_ip2inner_mode()
445 return &x->inner_mode_iaf; in xfrm_ip2inner_mode()
450 * daddr - destination of tunnel, may be zero for transport mode.
451 * spi - zero to acquire spi. Not zero if spi is static, then
453 * proto - AH/ESP/IPCOMP
464 /* Mode: transport, tunnel etc. */
465 u8 mode; member
467 /* Sharing mode: unique, this session only, this user only etc. */
537 return read_pnet(&xp->xp_net); in xp_net()
553 u8 mode; member
604 #define XFRM_TUNNEL_SKB_CB(__skb) ((struct xfrm_tunnel_skb_cb *)&((__skb)->cb[0]))
627 #define XFRM_SKB_CB(__skb) ((struct xfrm_skb_cb *)&((__skb)->cb[0]))
631 * to transmit header information to the mode input/output functions.
659 #define XFRM_MODE_SKB_CB(__skb) ((struct xfrm_mode_skb_cb *)&((__skb)->cb[0]))
673 #define XFRM_SPI_SKB_CB(__skb) ((struct xfrm_spi_skb_cb *)&((__skb)->cb[0]))
768 refcount_inc(&policy->refcnt); in xfrm_pol_hold()
775 if (refcount_dec_and_test(&policy->refcnt)) in xfrm_pol_put()
782 for (i = npols - 1; i >= 0; --i) in xfrm_pols_put()
790 refcount_dec(&x->refcnt); in __xfrm_state_put()
795 if (refcount_dec_and_test(&x->refcnt)) in xfrm_state_put()
801 if (refcount_dec_and_test(&x->refcnt)) in xfrm_state_put_sync()
807 refcount_inc(&x->refcnt); in xfrm_state_hold()
828 mask = htonl((0xffffffff) << (32 - pbi)); in addr_match()
842 return !((a1 ^ a2) & htonl(~0UL << (32 - prefixlen))); in addr4_match()
849 switch(fl->flowi_proto) { in xfrm_flowi_sport()
854 port = uli->ports.sport; in xfrm_flowi_sport()
858 port = htons(uli->icmpt.type); in xfrm_flowi_sport()
861 port = htons(uli->mht.type); in xfrm_flowi_sport()
864 port = htons(ntohl(uli->gre_key) >> 16); in xfrm_flowi_sport()
876 switch(fl->flowi_proto) { in xfrm_flowi_dport()
881 port = uli->ports.dport; in xfrm_flowi_dport()
885 port = htons(uli->icmpt.code); in xfrm_flowi_dport()
888 port = htons(ntohl(uli->gre_key) & 0xffff); in xfrm_flowi_dport()
900 /* If neither has a context --> match
907 (s1->ctx_sid == s2->ctx_sid) && in xfrm_sec_ctx_match()
908 (s1->ctx_doi == s2->ctx_doi) && in xfrm_sec_ctx_match()
909 (s1->ctx_alg == s2->ctx_alg))); in xfrm_sec_ctx_match()
920 * xdst->child points to the next element of bundle.
921 * dst->xfrm points to an instanse of transformer.
951 if (dst->xfrm || (dst->flags & DST_XFRM_QUEUE)) { in xfrm_dst_path()
954 return xdst->path; in xfrm_dst_path()
963 if (dst->xfrm || (dst->flags & DST_XFRM_QUEUE)) { in xfrm_dst_child()
965 return xdst->child; in xfrm_dst_child()
974 xdst->child = child; in xfrm_dst_set_child()
979 xfrm_pols_put(xdst->pols, xdst->num_pols); in xfrm_dst_destroy()
980 dst_release(xdst->route); in xfrm_dst_destroy()
981 if (likely(xdst->u.dst.xfrm)) in xfrm_dst_destroy()
982 xfrm_state_put(xdst->u.dst.xfrm); in xfrm_dst_destroy()
1057 return addr->a4 == 0; in xfrm_addr_any()
1059 return ipv6_addr_any(&addr->in6); in xfrm_addr_any()
1067 return (tmpl->saddr.a4 && in __xfrm4_state_addr_cmp()
1068 tmpl->saddr.a4 != x->props.saddr.a4); in __xfrm4_state_addr_cmp()
1074 return (!ipv6_addr_any((struct in6_addr*)&tmpl->saddr) && in __xfrm6_state_addr_cmp()
1075 !ipv6_addr_equal((struct in6_addr *)&tmpl->saddr, (struct in6_addr*)&x->props.saddr)); in __xfrm6_state_addr_cmp()
1097 if (!net->xfrm.policy_count[dir] && !secpath_exists(skb)) in __xfrm_check_nopolicy()
1098 return net->xfrm.policy_default[dir] == XFRM_USERPOLICY_ACCEPT; in __xfrm_check_nopolicy()
1110 return IPCB(skb)->flags & IPSKB_NOPOLICY; in __xfrm_check_dev_nopolicy()
1112 return skb_dst(skb) && (skb_dst(skb)->flags & DST_NOPOLICY); in __xfrm_check_dev_nopolicy()
1119 struct net *net = dev_net(skb->dev); in __xfrm_policy_check2()
1122 if (sk && sk->sk_policy[XFRM_POLICY_IN]) in __xfrm_policy_check2()
1177 struct net *net = dev_net(skb->dev); in xfrm_route_forward()
1179 if (!net->xfrm.policy_count[XFRM_POLICY_OUT] && in xfrm_route_forward()
1180 net->xfrm.policy_default[XFRM_POLICY_OUT] == XFRM_USERPOLICY_ACCEPT) in xfrm_route_forward()
1183 return (skb_dst(skb)->flags & DST_NOXFRM) || in xfrm_route_forward()
1203 sk->sk_policy[0] = NULL; in xfrm_sk_clone_policy()
1204 sk->sk_policy[1] = NULL; in xfrm_sk_clone_policy()
1205 if (unlikely(osk->sk_policy[0] || osk->sk_policy[1])) in xfrm_sk_clone_policy()
1216 pol = rcu_dereference_protected(sk->sk_policy[0], 1); in xfrm_sk_free_policy()
1219 sk->sk_policy[0] = NULL; in xfrm_sk_free_policy()
1221 pol = rcu_dereference_protected(sk->sk_policy[1], 1); in xfrm_sk_free_policy()
1224 sk->sk_policy[1] = NULL; in xfrm_sk_free_policy()
1250 return -ENOSYS; in xfrm_decode_session_reverse()
1269 return (xfrm_address_t *)&fl->u.ip4.daddr; in xfrm_flowi_daddr()
1271 return (xfrm_address_t *)&fl->u.ip6.daddr; in xfrm_flowi_daddr()
1281 return (xfrm_address_t *)&fl->u.ip4.saddr; in xfrm_flowi_saddr()
1283 return (xfrm_address_t *)&fl->u.ip6.saddr; in xfrm_flowi_saddr()
1295 memcpy(&saddr->a4, &fl->u.ip4.saddr, sizeof(saddr->a4)); in xfrm_flowi_addr_get()
1296 memcpy(&daddr->a4, &fl->u.ip4.daddr, sizeof(daddr->a4)); in xfrm_flowi_addr_get()
1299 saddr->in6 = fl->u.ip6.saddr; in xfrm_flowi_addr_get()
1300 daddr->in6 = fl->u.ip6.daddr; in xfrm_flowi_addr_get()
1309 if (daddr->a4 == x->id.daddr.a4 && in __xfrm4_state_addr_check()
1310 (saddr->a4 == x->props.saddr.a4 || !saddr->a4 || !x->props.saddr.a4)) in __xfrm4_state_addr_check()
1319 if (ipv6_addr_equal((struct in6_addr *)daddr, (struct in6_addr *)&x->id.daddr) && in __xfrm6_state_addr_check()
1320 (ipv6_addr_equal((struct in6_addr *)saddr, (struct in6_addr *)&x->props.saddr) || in __xfrm6_state_addr_check()
1322 ipv6_addr_any((struct in6_addr *)&x->props.saddr))) in __xfrm6_state_addr_check()
1348 (const xfrm_address_t *)&fl->u.ip4.daddr, in xfrm_state_addr_flow_check()
1349 (const xfrm_address_t *)&fl->u.ip4.saddr); in xfrm_state_addr_flow_check()
1352 (const xfrm_address_t *)&fl->u.ip6.daddr, in xfrm_state_addr_flow_check()
1353 (const xfrm_address_t *)&fl->u.ip6.saddr); in xfrm_state_addr_flow_check()
1360 return atomic_read(&x->tunnel_users); in xfrm_state_kern()
1523 u8 mode, u8 proto, u32 reqid);
1608 XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; in xfrm4_rcv_spi()
1609 XFRM_SPI_SKB_CB(skb)->family = AF_INET; in xfrm4_rcv_spi()
1610 XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr); in xfrm4_rcv_spi()
1653 return -ENOPROTOOPT; in xfrm_user_policy()
1686 u8 mode, u32 reqid, u32 if_id, u8 proto,
1744 return ((__force u32)a->a4 ^ (__force u32)b->a4) == 0; in xfrm_addr_equal()
1762 nlsk = rcu_dereference(net->xfrm.nlsk); in xfrm_aevent_is_on()
1775 nlsk = rcu_dereference(net->xfrm.nlsk); in xfrm_acquire_is_on()
1786 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8); in aead_len()
1791 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8); in xfrm_alg_len()
1796 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8); in xfrm_alg_auth_len()
1801 return sizeof(*replay_esn) + replay_esn->bmp_len * sizeof(__u32); in xfrm_replay_state_esn_len()
1809 x->replay_esn = kmemdup(orig->replay_esn, in xfrm_replay_clone()
1810 xfrm_replay_state_esn_len(orig->replay_esn), in xfrm_replay_clone()
1812 if (!x->replay_esn) in xfrm_replay_clone()
1813 return -ENOMEM; in xfrm_replay_clone()
1814 x->preplay_esn = kmemdup(orig->preplay_esn, in xfrm_replay_clone()
1815 xfrm_replay_state_esn_len(orig->preplay_esn), in xfrm_replay_clone()
1817 if (!x->preplay_esn) in xfrm_replay_clone()
1818 return -ENOMEM; in xfrm_replay_clone()
1859 return sp->xvec[sp->len - 1]; in xfrm_input_state()
1868 if (!sp || !sp->olen || sp->len != sp->olen) in xfrm_offload()
1871 return &sp->ovec[sp->olen - 1]; in xfrm_offload()
1889 struct xfrm_state_offload *xso = &x->xso; in xfrm_dev_state_advance_esn()
1891 if (xso->dev && xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn) in xfrm_dev_state_advance_esn()
1892 xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn(x); in xfrm_dev_state_advance_esn()
1897 struct xfrm_state *x = dst->xfrm; in xfrm_dst_offload_ok()
1900 if (!x || !x->type_offload) in xfrm_dst_offload_ok()
1904 if (!x->xso.offload_handle && !xdst->child->xfrm) in xfrm_dst_offload_ok()
1906 if (x->xso.offload_handle && (x->xso.dev == xfrm_dst_path(dst)->dev) && in xfrm_dst_offload_ok()
1907 !xdst->child->xfrm) in xfrm_dst_offload_ok()
1915 struct xfrm_state_offload *xso = &x->xso; in xfrm_dev_state_delete()
1917 if (xso->dev) in xfrm_dev_state_delete()
1918 xso->dev->xfrmdev_ops->xdo_dev_state_delete(x); in xfrm_dev_state_delete()
1923 struct xfrm_state_offload *xso = &x->xso; in xfrm_dev_state_free()
1924 struct net_device *dev = xso->dev; in xfrm_dev_state_free()
1926 if (dev && dev->xfrmdev_ops) { in xfrm_dev_state_free()
1927 if (dev->xfrmdev_ops->xdo_dev_state_free) in xfrm_dev_state_free()
1928 dev->xfrmdev_ops->xdo_dev_state_free(x); in xfrm_dev_state_free()
1929 xso->dev = NULL; in xfrm_dev_state_free()
1980 m->v = m->m = 0; in xfrm_mark_get()
1982 return m->v & m->m; in xfrm_mark_get()
1989 if (m->m | m->v) in xfrm_mark_put()
1996 struct xfrm_mark *m = &x->props.smark; in xfrm_smark_get()
1998 return (m->v & m->m) | (mark & ~m->m); in xfrm_smark_get()
2017 if (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4) in xfrm_tunnel_check()
2021 if (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6) in xfrm_tunnel_check()
2025 if (tunnel && !(x->outer_mode.flags & XFRM_MODE_FLAG_TUNNEL)) in xfrm_tunnel_check()
2026 return -EINVAL; in xfrm_tunnel_check()
2038 /* Allocate nlmsg with 64-bit translaton of received 32-bit message */
2043 /* Translate 32-bit user_policy from sockptr */
2069 if (!sk || sk->sk_family != AF_INET6) in xfrm6_local_dontfrag()
2072 proto = sk->sk_protocol; in xfrm6_local_dontfrag()
2074 return inet6_sk(sk)->dontfrag; in xfrm6_local_dontfrag()