diff options
| author | Derek Atkins <derek@ihtfp.com> | 2003-04-02 13:21:02 -0800 |
|---|---|---|
| committer | David S. Miller <davem@nuts.ninka.net> | 2003-04-02 13:21:02 -0800 |
| commit | cbc3488685b20e7b2a98ad387a1a816aada569d8 (patch) | |
| tree | e3d7cd299f1de96ade31e4c6fcf2fc252a8ce332 /include/net | |
| parent | 450609e5524a6252f2a835746b728950abe73976 (diff) | |
[IPSEC]: Implement UDP Encapsulation framework.
In particular, implement ESPinUDP encapsulation for IPsec
Nat Traversal.
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/xfrm.h | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 85ff3a302e78..f8706d30b1a6 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -118,6 +118,7 @@ struct xfrm_state struct xfrm_algo *aalg; struct xfrm_algo *ealg; struct xfrm_algo *calg; + struct xfrm_algo *encap_alg; /* State for replay detection */ struct xfrm_replay_state replay; @@ -192,6 +193,7 @@ extern int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo); extern struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family); extern void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo); +struct xfrm_decap_state; struct xfrm_type { char *description; @@ -200,7 +202,8 @@ struct xfrm_type int (*init_state)(struct xfrm_state *x, void *args); void (*destructor)(struct xfrm_state *); - int (*input)(struct xfrm_state *, struct sk_buff *skb); + int (*input)(struct xfrm_state *, struct xfrm_decap_state *, struct sk_buff *skb); + int (*post_input)(struct xfrm_state *, struct xfrm_decap_state *, struct sk_buff *skb); int (*output)(struct sk_buff *skb); /* Estimate maximal size of result of transformation of a dgram */ u32 (*get_max_size)(struct xfrm_state *, int size); @@ -246,7 +249,7 @@ struct xfrm_tmpl __u32 calgos; }; -#define XFRM_MAX_DEPTH 3 +#define XFRM_MAX_DEPTH 4 struct xfrm_policy { @@ -278,6 +281,7 @@ struct xfrm_mgr int (*notify)(struct xfrm_state *x, int event); int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir); struct xfrm_policy *(*compile_policy)(u16 family, int opt, u8 *data, int len, int *dir); + int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport); }; extern int xfrm_register_km(struct xfrm_mgr *km); @@ -498,12 +502,26 @@ struct xfrm_dst } u; }; +/* Decapsulation state, used by the input to store data during + * decapsulation procedure, to be used later (during the policy + * check + */ +struct xfrm_decap_state { + __u16 decap_type; + char decap_data[30]; +}; + +struct sec_decap_state { + struct xfrm_state *xvec; + struct xfrm_decap_state decap; +}; + struct sec_path { kmem_cache_t *pool; atomic_t refcnt; int len; - struct xfrm_state *xvec[XFRM_MAX_DEPTH]; + struct sec_decap_state x[XFRM_MAX_DEPTH]; }; static inline struct sec_path * @@ -730,6 +748,7 @@ extern int xfrm_replay_check(struct xfrm_state *x, u32 seq); extern void xfrm_replay_advance(struct xfrm_state *x, u32 seq); extern int xfrm_check_selectors(struct xfrm_state **x, int n, struct flowi *fl); extern int xfrm4_rcv(struct sk_buff *skb); +extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type); extern int xfrm6_rcv(struct sk_buff **pskb); extern int xfrm6_clear_mutable_options(struct sk_buff *skb, u16 *nh_offset, int dir); extern int xfrm_user_policy(struct sock *sk, int optname, u8 *optval, int optlen); @@ -760,6 +779,7 @@ extern wait_queue_head_t km_waitq; extern void km_warn_expired(struct xfrm_state *x); extern void km_expired(struct xfrm_state *x); extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *pol); +extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport); extern void xfrm4_input_init(void); extern void xfrm6_input_init(void); |