include/net/netns/xfrm.h

   1 /* SPDX-License-Identifier: GPL-2.0 */
   2 #ifndef __NETNS_XFRM_H
   3 #define __NETNS_XFRM_H
   4
   5 #include <linux/list.h>
   6 #include <linux/wait.h>
   7 #include <linux/workqueue.h>
   8 #include <linux/rhashtable-types.h>
   9 #include <linux/xfrm.h>
  10 #include <net/dst_ops.h>
  11
  12 struct ctl_table_header;
  13
  14 struct xfrm_policy_hash {
  15         struct hlist_head       __rcu *table;
  16         unsigned int            hmask;
  17         u8                      dbits4;
  18         u8                      sbits4;
  19         u8                      dbits6;
  20         u8                      sbits6;
  21 };
  22
  23 struct xfrm_policy_hthresh {
  24         struct work_struct      work;
  25         seqlock_t               lock;
  26         u8                      lbits4;
  27         u8                      rbits4;
  28         u8                      lbits6;
  29         u8                      rbits6;
  30 };
  31
  32 struct netns_xfrm {
  33         struct list_head        state_all;
  34         /*
  35          * Hash table to find appropriate SA towards given target (endpoint of
  36          * tunnel or destination of transport mode) allowed by selector.
  37          *
  38          * Main use is finding SA after policy selected tunnel or transport
  39          * mode. Also, it can be used by ah/esp icmp error handler to find
  40          * offending SA.
  41          */
  42         struct hlist_head       __rcu *state_bydst;
  43         struct hlist_head       __rcu *state_bysrc;
  44         struct hlist_head       __rcu *state_byspi;
  45         struct hlist_head       __rcu *state_byseq;
  46         unsigned int            state_hmask;
  47         unsigned int            state_num;
  48         struct work_struct      state_hash_work;
  49
  50         struct list_head        policy_all;
  51         struct hlist_head       *policy_byidx;
  52         unsigned int            policy_idx_hmask;
  53         struct hlist_head       policy_inexact[XFRM_POLICY_MAX];
  54         struct xfrm_policy_hash policy_bydst[XFRM_POLICY_MAX];
  55         unsigned int            policy_count[XFRM_POLICY_MAX * 2];
  56         struct work_struct      policy_hash_work;
  57         struct xfrm_policy_hthresh policy_hthresh;
  58         struct list_head        inexact_bins;
  59
  60
  61         struct sock             *nlsk;
  62         struct sock             *nlsk_stash;
  63
  64         u32                     sysctl_aevent_etime;
  65         u32                     sysctl_aevent_rseqth;
  66         int                     sysctl_larval_drop;
  67         u32                     sysctl_acq_expires;
  68
  69         u8                      policy_default[XFRM_POLICY_MAX];
  70
  71 #ifdef CONFIG_SYSCTL
  72         struct ctl_table_header *sysctl_hdr;
  73 #endif
  74
  75         struct dst_ops          xfrm4_dst_ops;
  76 #if IS_ENABLED(CONFIG_IPV6)
  77         struct dst_ops          xfrm6_dst_ops;
  78 #endif
  79         spinlock_t              xfrm_state_lock;
  80         seqcount_spinlock_t     xfrm_state_hash_generation;
  81         seqcount_spinlock_t     xfrm_policy_hash_generation;
  82
  83         spinlock_t xfrm_policy_lock;
  84         struct mutex xfrm_cfg_mutex;
  85 };
  86
  87 #endif