|
|
@@ -498,6 +498,7 @@ struct xfrm_tmpl {
|
|
|
};
|
|
|
|
|
|
#define XFRM_MAX_DEPTH 6
|
|
|
+#define XFRM_MAX_OFFLOAD_DEPTH 1
|
|
|
|
|
|
struct xfrm_policy_walk_entry {
|
|
|
struct list_head all;
|
|
|
@@ -973,10 +974,41 @@ static inline void xfrm_dst_destroy(struct xfrm_dst *xdst)
|
|
|
|
|
|
void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev);
|
|
|
|
|
|
+struct xfrm_offload {
|
|
|
+ /* Output sequence number for replay protection on offloading. */
|
|
|
+ struct {
|
|
|
+ __u32 low;
|
|
|
+ __u32 hi;
|
|
|
+ } seq;
|
|
|
+
|
|
|
+ __u32 flags;
|
|
|
+#define SA_DELETE_REQ 1
|
|
|
+#define CRYPTO_DONE 2
|
|
|
+#define CRYPTO_NEXT_DONE 4
|
|
|
+#define CRYPTO_FALLBACK 8
|
|
|
+#define XFRM_GSO_SEGMENT 16
|
|
|
+#define XFRM_GRO 32
|
|
|
+
|
|
|
+ __u32 status;
|
|
|
+#define CRYPTO_SUCCESS 1
|
|
|
+#define CRYPTO_GENERIC_ERROR 2
|
|
|
+#define CRYPTO_TRANSPORT_AH_AUTH_FAILED 4
|
|
|
+#define CRYPTO_TRANSPORT_ESP_AUTH_FAILED 8
|
|
|
+#define CRYPTO_TUNNEL_AH_AUTH_FAILED 16
|
|
|
+#define CRYPTO_TUNNEL_ESP_AUTH_FAILED 32
|
|
|
+#define CRYPTO_INVALID_PACKET_SYNTAX 64
|
|
|
+#define CRYPTO_INVALID_PROTOCOL 128
|
|
|
+
|
|
|
+ __u8 proto;
|
|
|
+};
|
|
|
+
|
|
|
struct sec_path {
|
|
|
atomic_t refcnt;
|
|
|
int len;
|
|
|
+ int olen;
|
|
|
+
|
|
|
struct xfrm_state *xvec[XFRM_MAX_DEPTH];
|
|
|
+ struct xfrm_offload ovec[XFRM_MAX_OFFLOAD_DEPTH];
|
|
|
};
|
|
|
|
|
|
static inline int secpath_exists(struct sk_buff *skb)
|
|
|
@@ -1776,6 +1808,15 @@ static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb)
|
|
|
{
|
|
|
return skb->sp->xvec[skb->sp->len - 1];
|
|
|
}
|
|
|
+static inline struct xfrm_offload *xfrm_offload(struct sk_buff *skb)
|
|
|
+{
|
|
|
+ struct sec_path *sp = skb->sp;
|
|
|
+
|
|
|
+ if (!sp || !sp->olen || sp->len != sp->olen)
|
|
|
+ return NULL;
|
|
|
+
|
|
|
+ return &sp->ovec[sp->olen - 1];
|
|
|
+}
|
|
|
#endif
|
|
|
|
|
|
static inline int xfrm_mark_get(struct nlattr **attrs, struct xfrm_mark *m)
|
Steffen Klassert