xref: /openbmc/linux/include/net/netns/xfrm.h (revision ce55c22ec8b223a90ff3e084d842f73cfba35588) 
1b2441318SGreg Kroah-Hartman /* SPDX-License-Identifier: GPL-2.0 */
2d62ddc21SAlexey Dobriyan #ifndef __NETNS_XFRM_H
3d62ddc21SAlexey Dobriyan #define __NETNS_XFRM_H
4d62ddc21SAlexey Dobriyan 
59d4139c7SAlexey Dobriyan #include <linux/list.h>
650a30657SAlexey Dobriyan #include <linux/wait.h>
763082733SAlexey Dobriyan #include <linux/workqueue.h>
824969facSFlorian Westphal #include <linux/rhashtable-types.h>
98b18f8eaSAlexey Dobriyan #include <linux/xfrm.h>
10d7c7544cSAlexey Dobriyan #include <net/dst_ops.h>
119d4139c7SAlexey Dobriyan 
12b27aeadbSAlexey Dobriyan struct ctl_table_header;
13b27aeadbSAlexey Dobriyan 
14a35f6c5dSAlexey Dobriyan struct xfrm_policy_hash {
15a7c44247SFlorian Westphal 	struct hlist_head	__rcu *table;
16a35f6c5dSAlexey Dobriyan 	unsigned int		hmask;
17b58555f1SChristophe Gouault 	u8			dbits4;
18b58555f1SChristophe Gouault 	u8			sbits4;
19b58555f1SChristophe Gouault 	u8			dbits6;
20b58555f1SChristophe Gouault 	u8			sbits6;
21a35f6c5dSAlexey Dobriyan };
22a35f6c5dSAlexey Dobriyan 
23880a6fabSChristophe Gouault struct xfrm_policy_hthresh {
24880a6fabSChristophe Gouault 	struct work_struct	work;
25880a6fabSChristophe Gouault 	seqlock_t		lock;
26880a6fabSChristophe Gouault 	u8			lbits4;
27880a6fabSChristophe Gouault 	u8			rbits4;
28880a6fabSChristophe Gouault 	u8			lbits6;
29880a6fabSChristophe Gouault 	u8			rbits6;
30880a6fabSChristophe Gouault };
31880a6fabSChristophe Gouault 
32d62ddc21SAlexey Dobriyan struct netns_xfrm {
339d4139c7SAlexey Dobriyan 	struct list_head	state_all;
3473d189dcSAlexey Dobriyan 	/*
3573d189dcSAlexey Dobriyan 	 * Hash table to find appropriate SA towards given target (endpoint of
3673d189dcSAlexey Dobriyan 	 * tunnel or destination of transport mode) allowed by selector.
3773d189dcSAlexey Dobriyan 	 *
3873d189dcSAlexey Dobriyan 	 * Main use is finding SA after policy selected tunnel or transport
3973d189dcSAlexey Dobriyan 	 * mode. Also, it can be used by ah/esp icmp error handler to find
4073d189dcSAlexey Dobriyan 	 * offending SA.
4173d189dcSAlexey Dobriyan 	 */
42d737a580SFlorian Westphal 	struct hlist_head	__rcu *state_bydst;
43d737a580SFlorian Westphal 	struct hlist_head	__rcu *state_bysrc;
44d737a580SFlorian Westphal 	struct hlist_head	__rcu *state_byspi;
45fe9f1d87SSabrina Dubroca 	struct hlist_head	__rcu *state_byseq;
46529983ecSAlexey Dobriyan 	unsigned int		state_hmask;
470bf7c5b0SAlexey Dobriyan 	unsigned int		state_num;
4863082733SAlexey Dobriyan 	struct work_struct	state_hash_work;
4950a30657SAlexey Dobriyan 
50adfcf0b2SAlexey Dobriyan 	struct list_head	policy_all;
5193b851c1SAlexey Dobriyan 	struct hlist_head	*policy_byidx;
528100bea7SAlexey Dobriyan 	unsigned int		policy_idx_hmask;
53*3e4bc239SEric Dumazet 	unsigned int		idx_generator;
5453c2e285SHerbert Xu 	struct hlist_head	policy_inexact[XFRM_POLICY_MAX];
5553c2e285SHerbert Xu 	struct xfrm_policy_hash	policy_bydst[XFRM_POLICY_MAX];
56dc2caba7SAlexey Dobriyan 	unsigned int		policy_count[XFRM_POLICY_MAX * 2];
5766caf628SAlexey Dobriyan 	struct work_struct	policy_hash_work;
58880a6fabSChristophe Gouault 	struct xfrm_policy_hthresh policy_hthresh;
5924969facSFlorian Westphal 	struct list_head	inexact_bins;
60a6483b79SAlexey Dobriyan 
61d7c7544cSAlexey Dobriyan 
62a6483b79SAlexey Dobriyan 	struct sock		*nlsk;
63d79d792eSEric W. Biederman 	struct sock		*nlsk_stash;
64b27aeadbSAlexey Dobriyan 
65b27aeadbSAlexey Dobriyan 	u32			sysctl_aevent_etime;
66b27aeadbSAlexey Dobriyan 	u32			sysctl_aevent_rseqth;
67b27aeadbSAlexey Dobriyan 	int			sysctl_larval_drop;
68b27aeadbSAlexey Dobriyan 	u32			sysctl_acq_expires;
692d151d39SSteffen Klassert 
70b58b1f56SNicolas Dichtel 	u8			policy_default[XFRM_POLICY_MAX];
712d151d39SSteffen Klassert 
72b27aeadbSAlexey Dobriyan #ifdef CONFIG_SYSCTL
73b27aeadbSAlexey Dobriyan 	struct ctl_table_header	*sysctl_hdr;
74b27aeadbSAlexey Dobriyan #endif
758e602ce2SEric Dumazet 
768e602ce2SEric Dumazet 	struct dst_ops		xfrm4_dst_ops;
77dfd56b8bSEric Dumazet #if IS_ENABLED(CONFIG_IPV6)
788e602ce2SEric Dumazet 	struct dst_ops		xfrm6_dst_ops;
798e602ce2SEric Dumazet #endif
80283bc9f3SFan Du 	spinlock_t		xfrm_state_lock;
81bc8e0adfSAhmed S. Darwish 	seqcount_spinlock_t	xfrm_state_hash_generation;
822580d3f4SFrederic Weisbecker 	seqcount_spinlock_t	xfrm_policy_hash_generation;
83e88add19SAhmed S. Darwish 
849d0380dfSFlorian Westphal 	spinlock_t xfrm_policy_lock;
85283bc9f3SFan Du 	struct mutex xfrm_cfg_mutex;
86d62ddc21SAlexey Dobriyan };
87d62ddc21SAlexey Dobriyan 
88d62ddc21SAlexey Dobriyan #endif
89