net/netns/xfrm.h

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 #ifndef __NETNS_XFRM_H
0003 #define __NETNS_XFRM_H
0004
0005 #include <linux/list.h>
0006 #include <linux/wait.h>
0007 #include <linux/workqueue.h>
0008 #include <linux/rhashtable-types.h>
0009 #include <linux/xfrm.h>
0010 #include <net/dst_ops.h>
0011
0012 struct ctl_table_header;
0013
0014 struct xfrm_policy_hash {
0015     struct hlist_head   __rcu *table;
0016     unsigned int        hmask;
0017     u8          dbits4;
0018     u8          sbits4;
0019     u8          dbits6;
0020     u8          sbits6;
0021 };
0022
0023 struct xfrm_policy_hthresh {
0024     struct work_struct  work;
0025     seqlock_t       lock;
0026     u8          lbits4;
0027     u8          rbits4;
0028     u8          lbits6;
0029     u8          rbits6;
0030 };
0031
0032 struct netns_xfrm {
0033     struct list_head    state_all;
0034     /*
0035      * Hash table to find appropriate SA towards given target (endpoint of
0036      * tunnel or destination of transport mode) allowed by selector.
0037      *
0038      * Main use is finding SA after policy selected tunnel or transport
0039      * mode. Also, it can be used by ah/esp icmp error handler to find
0040      * offending SA.
0041      */
0042     struct hlist_head   __rcu *state_bydst;
0043     struct hlist_head   __rcu *state_bysrc;
0044     struct hlist_head   __rcu *state_byspi;
0045     struct hlist_head   __rcu *state_byseq;
0046     unsigned int        state_hmask;
0047     unsigned int        state_num;
0048     struct work_struct  state_hash_work;
0049
0050     struct list_head    policy_all;
0051     struct hlist_head   *policy_byidx;
0052     unsigned int        policy_idx_hmask;
0053     struct hlist_head   policy_inexact[XFRM_POLICY_MAX];
0054     struct xfrm_policy_hash policy_bydst[XFRM_POLICY_MAX];
0055     unsigned int        policy_count[XFRM_POLICY_MAX * 2];
0056     struct work_struct  policy_hash_work;
0057     struct xfrm_policy_hthresh policy_hthresh;
0058     struct list_head    inexact_bins;
0059
0060
0061     struct sock     *nlsk;
0062     struct sock     *nlsk_stash;
0063
0064     u32         sysctl_aevent_etime;
0065     u32         sysctl_aevent_rseqth;
0066     int         sysctl_larval_drop;
0067     u32         sysctl_acq_expires;
0068
0069     u8          policy_default[XFRM_POLICY_MAX];
0070
0071 #ifdef CONFIG_SYSCTL
0072     struct ctl_table_header *sysctl_hdr;
0073 #endif
0074
0075     struct dst_ops      xfrm4_dst_ops;
0076 #if IS_ENABLED(CONFIG_IPV6)
0077     struct dst_ops      xfrm6_dst_ops;
0078 #endif
0079     spinlock_t      xfrm_state_lock;
0080     seqcount_spinlock_t xfrm_state_hash_generation;
0081     seqcount_spinlock_t xfrm_policy_hash_generation;
0082
0083     spinlock_t xfrm_policy_lock;
0084     struct mutex xfrm_cfg_mutex;
0085 };
0086
0087 #endif