首页 › 资源下载 › 网络 › linux 内核源代码 › 源码查看
xfrm.h

来自「linux 内核源代码」· C头文件代码 · 共 1,218 行 · 第 1/3 页
1,218 行
/* which seqno */#define XFRM_REPLAY_SEQ		1#define XFRM_REPLAY_OSEQ	2#define XFRM_REPLAY_SEQ_MASK	3/* what happened */#define XFRM_REPLAY_UPDATE	XFRM_AE_CR#define XFRM_REPLAY_TIMEOUT	XFRM_AE_CE/* default aevent timeout in units of 100ms */#define XFRM_AE_ETIME			10/* Async Event timer multiplier */#define XFRM_AE_ETH_M			10/* default seq threshold size */#define XFRM_AE_SEQT_SIZE		2struct xfrm_mgr{	struct list_head	list;	char			*id;	int			(*notify)(struct xfrm_state *x, struct km_event *c);	int			(*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir);	struct xfrm_policy	*(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir);	int			(*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);	int			(*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c);	int			(*report)(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);	int			(*migrate)(struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles);};extern int xfrm_register_km(struct xfrm_mgr *km);extern int xfrm_unregister_km(struct xfrm_mgr *km);extern unsigned int xfrm_policy_count[XFRM_POLICY_MAX*2];/* * This structure is used for the duration where packets are being * transformed by IPsec.  As soon as the packet leaves IPsec the * area beyond the generic IP part may be overwritten. */struct xfrm_skb_cb {	union {		struct inet_skb_parm h4;		struct inet6_skb_parm h6;        } header;        /* Sequence number for replay protection. */        u64 seq;};#define XFRM_SKB_CB(__skb) ((struct xfrm_skb_cb *)&((__skb)->cb[0]))/* Audit Information */struct xfrm_audit{	u32	loginuid;	u32	secid;};#ifdef CONFIG_AUDITSYSCALLstatic inline struct audit_buffer *xfrm_audit_start(u32 auid, u32 sid){	struct audit_buffer *audit_buf = NULL;	char *secctx;	u32 secctx_len;	audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC,			      AUDIT_MAC_IPSEC_EVENT);	if (audit_buf == NULL)		return NULL;	audit_log_format(audit_buf, "auid=%u", auid);	if (sid != 0 &&	    security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) {		audit_log_format(audit_buf, " subj=%s", secctx);		security_release_secctx(secctx, secctx_len);	} else		audit_log_task_context(audit_buf);	return audit_buf;}extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,				  u32 auid, u32 sid);extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,				  u32 auid, u32 sid);extern void xfrm_audit_state_add(struct xfrm_state *x, int result,				 u32 auid, u32 sid);extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,				    u32 auid, u32 sid);#else#define xfrm_audit_policy_add(x, r, a, s)	do { ; } while (0)#define xfrm_audit_policy_delete(x, r, a, s)	do { ; } while (0)#define xfrm_audit_state_add(x, r, a, s)	do { ; } while (0)#define xfrm_audit_state_delete(x, r, a, s)	do { ; } while (0)#endif /* CONFIG_AUDITSYSCALL */static inline void xfrm_pol_hold(struct xfrm_policy *policy){	if (likely(policy != NULL))		atomic_inc(&policy->refcnt);}extern void __xfrm_policy_destroy(struct xfrm_policy *policy);static inline void xfrm_pol_put(struct xfrm_policy *policy){	if (atomic_dec_and_test(&policy->refcnt))		__xfrm_policy_destroy(policy);}#ifdef CONFIG_XFRM_SUB_POLICYstatic inline void xfrm_pols_put(struct xfrm_policy **pols, int npols){	int i;	for (i = npols - 1; i >= 0; --i)		xfrm_pol_put(pols[i]);}#elsestatic inline void xfrm_pols_put(struct xfrm_policy **pols, int npols){	xfrm_pol_put(pols[0]);}#endifextern void __xfrm_state_destroy(struct xfrm_state *);static inline void __xfrm_state_put(struct xfrm_state *x){	atomic_dec(&x->refcnt);}static inline void xfrm_state_put(struct xfrm_state *x){	if (atomic_dec_and_test(&x->refcnt))		__xfrm_state_destroy(x);}static inline void xfrm_state_hold(struct xfrm_state *x){	atomic_inc(&x->refcnt);}static __inline__ int addr_match(void *token1, void *token2, int prefixlen){	__be32 *a1 = token1;	__be32 *a2 = token2;	int pdw;	int pbi;	pdw = prefixlen >> 5;	  /* num of whole __u32 in prefix */	pbi = prefixlen &  0x1f;  /* num of bits in incomplete u32 in prefix */	if (pdw)		if (memcmp(a1, a2, pdw << 2))			return 0;	if (pbi) {		__be32 mask;		mask = htonl((0xffffffff) << (32 - pbi));		if ((a1[pdw] ^ a2[pdw]) & mask)			return 0;	}	return 1;}static __inline____be16 xfrm_flowi_sport(struct flowi *fl){	__be16 port;	switch(fl->proto) {	case IPPROTO_TCP:	case IPPROTO_UDP:	case IPPROTO_UDPLITE:	case IPPROTO_SCTP:		port = fl->fl_ip_sport;		break;	case IPPROTO_ICMP:	case IPPROTO_ICMPV6:		port = htons(fl->fl_icmp_type);		break;	case IPPROTO_MH:		port = htons(fl->fl_mh_type);		break;	default:		port = 0;	/*XXX*/	}	return port;}static __inline____be16 xfrm_flowi_dport(struct flowi *fl){	__be16 port;	switch(fl->proto) {	case IPPROTO_TCP:	case IPPROTO_UDP:	case IPPROTO_UDPLITE:	case IPPROTO_SCTP:		port = fl->fl_ip_dport;		break;	case IPPROTO_ICMP:	case IPPROTO_ICMPV6:		port = htons(fl->fl_icmp_code);		break;	default:		port = 0;	/*XXX*/	}	return port;}extern int xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl,			       unsigned short family);#ifdef CONFIG_SECURITY_NETWORK_XFRM/*	If neither has a context --> match * 	Otherwise, both must have a context and the sids, doi, alg must match */static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2){	return ((!s1 && !s2) ||		(s1 && s2 &&		 (s1->ctx_sid == s2->ctx_sid) &&		 (s1->ctx_doi == s2->ctx_doi) &&		 (s1->ctx_alg == s2->ctx_alg)));}#elsestatic inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2){	return 1;}#endif/* A struct encoding bundle of transformations to apply to some set of flow. * * dst->child points to the next element of bundle. * dst->xfrm  points to an instanse of transformer. * * Due to unfortunate limitations of current routing cache, which we * have no time to fix, it mirrors struct rtable and bound to the same * routing key, including saddr,daddr. However, we can have many of * bundles differing by session id. All the bundles grow from a parent * policy rule. */struct xfrm_dst{	union {		struct dst_entry	dst;		struct rtable		rt;		struct rt6_info		rt6;	} u;	struct dst_entry *route;#ifdef CONFIG_XFRM_SUB_POLICY	struct flowi *origin;	struct xfrm_selector *partner;#endif	u32 genid;	u32 route_mtu_cached;	u32 child_mtu_cached;	u32 route_cookie;	u32 path_cookie;};static inline void xfrm_dst_destroy(struct xfrm_dst *xdst){	dst_release(xdst->route);	if (likely(xdst->u.dst.xfrm))		xfrm_state_put(xdst->u.dst.xfrm);#ifdef CONFIG_XFRM_SUB_POLICY	kfree(xdst->origin);	xdst->origin = NULL;	kfree(xdst->partner);	xdst->partner = NULL;#endif}extern void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev);struct sec_path{	atomic_t		refcnt;	int			len;	struct xfrm_state	*xvec[XFRM_MAX_DEPTH];};static inline struct sec_path *secpath_get(struct sec_path *sp){	if (sp)		atomic_inc(&sp->refcnt);	return sp;}extern void __secpath_destroy(struct sec_path *sp);static inline voidsecpath_put(struct sec_path *sp){	if (sp && atomic_dec_and_test(&sp->refcnt))		__secpath_destroy(sp);}extern struct sec_path *secpath_dup(struct sec_path *src);static inline voidsecpath_reset(struct sk_buff *skb){#ifdef CONFIG_XFRM	secpath_put(skb->sp);	skb->sp = NULL;#endif}static inline intxfrm_addr_any(xfrm_address_t *addr, unsigned short family){	switch (family) {	case AF_INET:		return addr->a4 == 0;	case AF_INET6:		return ipv6_addr_any((struct in6_addr *)&addr->a6);	}	return 0;}static inline int__xfrm4_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x){	return	(tmpl->saddr.a4 &&		 tmpl->saddr.a4 != x->props.saddr.a4);}static inline int__xfrm6_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x){	return	(!ipv6_addr_any((struct in6_addr*)&tmpl->saddr) &&		 ipv6_addr_cmp((struct in6_addr *)&tmpl->saddr, (struct in6_addr*)&x->props.saddr));}static inline intxfrm_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x, unsigned short family){	switch (family) {	case AF_INET:		return __xfrm4_state_addr_cmp(tmpl, x);	case AF_INET6:		return __xfrm6_state_addr_cmp(tmpl, x);	}	return !0;}#ifdef CONFIG_XFRMextern int __xfrm_policy_check(struct sock *, int dir, struct sk_buff *skb, unsigned short family);static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family){	if (sk && sk->sk_policy[XFRM_POLICY_IN])		return __xfrm_policy_check(sk, dir, skb, family);	return	(!xfrm_policy_count[dir] && !skb->sp) ||		(skb->dst->flags & DST_NOPOLICY) ||		__xfrm_policy_check(sk, dir, skb, family);}static inline int xfrm4_policy_check(struct sock *sk, int dir, struct sk_buff *skb){	return xfrm_policy_check(sk, dir, skb, AF_INET);}static inline int xfrm6_policy_check(struct sock *sk, int dir, struct sk_buff *skb){	return xfrm_policy_check(sk, dir, skb, AF_INET6);}extern int xfrm_decode_session(struct sk_buff *skb, struct flowi *fl, unsigned short family);extern int __xfrm_route_forward(struct sk_buff *skb, unsigned short family);static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family){	return	!xfrm_policy_count[XFRM_POLICY_OUT] ||		(skb->dst->flags & DST_NOXFRM) ||		__xfrm_route_forward(skb, family);}static inline int xfrm4_route_forward(struct sk_buff *skb){	return xfrm_route_forward(skb, AF_INET);}static inline int xfrm6_route_forward(struct sk_buff *skb){	return xfrm_route_forward(skb, AF_INET6);}extern int __xfrm_sk_clone_policy(struct sock *sk);static inline int xfrm_sk_clone_policy(struct sock *sk){	if (unlikely(sk->sk_policy[0] || sk->sk_policy[1]))		return __xfrm_sk_clone_policy(sk);	return 0;}extern int xfrm_policy_delete(struct xfrm_policy *pol, int dir);
xfrm.h - 源码说明

本页面展示了「linux 内核源代码」中的 xfrm.h 源码文件，采用 C头文件编程语言编写，共 1,218 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。
虫虫开发者社区收录了大量与Linux相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。
⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?