xfrm: Add basic infrastructure to support IPsec extended sequence numbers
This patch adds the struct xfrm_replay_state_esn which will be used to support IPsec extended sequence numbers and anti replay windows bigger than 32 packets. Also we add a function that returns the actual size of the xfrm_replay_state_esn, a xfrm netlink atribute and a xfrm state flag for the use of extended sequence numbers. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
a5079d084f
commit
9736acf395
2 changed files with 19 additions and 0 deletions
|
@ -84,6 +84,16 @@ struct xfrm_replay_state {
|
|||
__u32 bitmap;
|
||||
};
|
||||
|
||||
struct xfrm_replay_state_esn {
|
||||
unsigned int bmp_len;
|
||||
__u32 oseq;
|
||||
__u32 seq;
|
||||
__u32 oseq_hi;
|
||||
__u32 seq_hi;
|
||||
__u32 replay_window;
|
||||
__u32 bmp[0];
|
||||
};
|
||||
|
||||
struct xfrm_algo {
|
||||
char alg_name[64];
|
||||
unsigned int alg_key_len; /* in bits */
|
||||
|
@ -284,6 +294,7 @@ enum xfrm_attr_type_t {
|
|||
XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */
|
||||
XFRMA_MARK, /* struct xfrm_mark */
|
||||
XFRMA_TFCPAD, /* __u32 */
|
||||
XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_esn */
|
||||
__XFRMA_MAX
|
||||
|
||||
#define XFRMA_MAX (__XFRMA_MAX - 1)
|
||||
|
@ -351,6 +362,7 @@ struct xfrm_usersa_info {
|
|||
#define XFRM_STATE_ICMP 16
|
||||
#define XFRM_STATE_AF_UNSPEC 32
|
||||
#define XFRM_STATE_ALIGN4 64
|
||||
#define XFRM_STATE_ESN 128
|
||||
};
|
||||
|
||||
struct xfrm_usersa_id {
|
||||
|
|
|
@ -186,9 +186,11 @@ struct xfrm_state {
|
|||
|
||||
/* State for replay detection */
|
||||
struct xfrm_replay_state replay;
|
||||
struct xfrm_replay_state_esn *replay_esn;
|
||||
|
||||
/* Replay detection state at the time we sent the last notification */
|
||||
struct xfrm_replay_state preplay;
|
||||
struct xfrm_replay_state_esn *preplay_esn;
|
||||
|
||||
/* internal flag that only holds state for delayed aevent at the
|
||||
* moment
|
||||
|
@ -1569,6 +1571,11 @@ static inline int xfrm_alg_auth_len(const struct xfrm_algo_auth *alg)
|
|||
return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
|
||||
}
|
||||
|
||||
static inline int xfrm_replay_state_esn_len(struct xfrm_replay_state_esn *replay_esn)
|
||||
{
|
||||
return sizeof(*replay_esn) + replay_esn->bmp_len * sizeof(__u32);
|
||||
}
|
||||
|
||||
#ifdef CONFIG_XFRM_MIGRATE
|
||||
static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig)
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue