1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef __NETNS_XFRM_H 3 #define __NETNS_XFRM_H 4 5 #include <linux/list.h> 6 #include <linux/wait.h> 7 #include <linux/workqueue.h> 8 #include <linux/rhashtable-types.h> 9 #include <linux/xfrm.h> 10 #include <net/dst_ops.h> 11 12 struct ctl_table_header; 13 14 struct xfrm_policy_hash { 15 struct hlist_head __rcu *table; 16 unsigned int hmask; 17 u8 dbits4; 18 u8 sbits4; 19 u8 dbits6; 20 u8 sbits6; 21 }; 22 23 struct xfrm_policy_hthresh { 24 struct work_struct work; 25 seqlock_t lock; 26 u8 lbits4; 27 u8 rbits4; 28 u8 lbits6; 29 u8 rbits6; 30 }; 31 32 struct netns_xfrm { 33 struct list_head state_all; 34 /* 35 * Hash table to find appropriate SA towards given target (endpoint of 36 * tunnel or destination of transport mode) allowed by selector. 37 * 38 * Main use is finding SA after policy selected tunnel or transport 39 * mode. Also, it can be used by ah/esp icmp error handler to find 40 * offending SA. 41 */ 42 struct hlist_head __rcu *state_bydst; 43 struct hlist_head __rcu *state_bysrc; 44 struct hlist_head __rcu *state_byspi; 45 struct hlist_head __rcu *state_byseq; 46 unsigned int state_hmask; 47 unsigned int state_num; 48 struct work_struct state_hash_work; 49 50 struct list_head policy_all; 51 struct hlist_head *policy_byidx; 52 unsigned int policy_idx_hmask; 53 struct hlist_head policy_inexact[XFRM_POLICY_MAX]; 54 struct xfrm_policy_hash policy_bydst[XFRM_POLICY_MAX]; 55 unsigned int policy_count[XFRM_POLICY_MAX * 2]; 56 struct work_struct policy_hash_work; 57 struct xfrm_policy_hthresh policy_hthresh; 58 struct list_head inexact_bins; 59 60 61 struct sock *nlsk; 62 struct sock *nlsk_stash; 63 64 u32 sysctl_aevent_etime; 65 u32 sysctl_aevent_rseqth; 66 int sysctl_larval_drop; 67 u32 sysctl_acq_expires; 68 69 u8 policy_default; 70 #define XFRM_POL_DEFAULT_IN 1 71 #define XFRM_POL_DEFAULT_OUT 2 72 #define XFRM_POL_DEFAULT_FWD 4 73 #define XFRM_POL_DEFAULT_MASK 7 74 75 #ifdef CONFIG_SYSCTL 76 struct ctl_table_header *sysctl_hdr; 77 #endif 78 79 struct dst_ops xfrm4_dst_ops; 80 #if IS_ENABLED(CONFIG_IPV6) 81 struct dst_ops xfrm6_dst_ops; 82 #endif 83 spinlock_t xfrm_state_lock; 84 seqcount_spinlock_t xfrm_state_hash_generation; 85 seqcount_spinlock_t xfrm_policy_hash_generation; 86 87 spinlock_t xfrm_policy_lock; 88 struct mutex xfrm_cfg_mutex; 89 }; 90 91 #endif 92