提交 54ef207a 编写于 作者: S Steffen Klassert

xfrm: Extend the sec_path for IPsec offloading

We need to keep per packet offloading informations across
the layers. So we extend the sec_path to carry these for
the input and output offload codepath.
Signed-off-by: NSteffen Klassert <steffen.klassert@secunet.com>
上级 1e295370
......@@ -498,6 +498,7 @@ struct xfrm_tmpl {
};
#define XFRM_MAX_DEPTH 6
#define XFRM_MAX_OFFLOAD_DEPTH 1
struct xfrm_policy_walk_entry {
struct list_head all;
......@@ -973,10 +974,41 @@ static inline void xfrm_dst_destroy(struct xfrm_dst *xdst)
void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev);
struct xfrm_offload {
/* Output sequence number for replay protection on offloading. */
struct {
__u32 low;
__u32 hi;
} seq;
__u32 flags;
#define SA_DELETE_REQ 1
#define CRYPTO_DONE 2
#define CRYPTO_NEXT_DONE 4
#define CRYPTO_FALLBACK 8
#define XFRM_GSO_SEGMENT 16
#define XFRM_GRO 32
__u32 status;
#define CRYPTO_SUCCESS 1
#define CRYPTO_GENERIC_ERROR 2
#define CRYPTO_TRANSPORT_AH_AUTH_FAILED 4
#define CRYPTO_TRANSPORT_ESP_AUTH_FAILED 8
#define CRYPTO_TUNNEL_AH_AUTH_FAILED 16
#define CRYPTO_TUNNEL_ESP_AUTH_FAILED 32
#define CRYPTO_INVALID_PACKET_SYNTAX 64
#define CRYPTO_INVALID_PROTOCOL 128
__u8 proto;
};
struct sec_path {
atomic_t refcnt;
int len;
int olen;
struct xfrm_state *xvec[XFRM_MAX_DEPTH];
struct xfrm_offload ovec[XFRM_MAX_OFFLOAD_DEPTH];
};
static inline int secpath_exists(struct sk_buff *skb)
......@@ -1776,6 +1808,15 @@ static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb)
{
return skb->sp->xvec[skb->sp->len - 1];
}
static inline struct xfrm_offload *xfrm_offload(struct sk_buff *skb)
{
struct sec_path *sp = skb->sp;
if (!sp || !sp->olen || sp->len != sp->olen)
return NULL;
return &sp->ovec[sp->olen - 1];
}
#endif
static inline int xfrm_mark_get(struct nlattr **attrs, struct xfrm_mark *m)
......
......@@ -105,6 +105,8 @@ struct sec_path *secpath_dup(struct sec_path *src)
return NULL;
sp->len = 0;
sp->olen = 0;
if (src) {
int i;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册