diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2011-03-08 00:05:43 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-03-13 20:22:28 -0700 |
commit | 9736acf395d3608583a7be70f62800b494fa103c (patch) | |
tree | ef7b50bb74a7e6a0d93f962cc7a4c98dd18c2caa /include/linux/xfrm.h | |
parent | a5079d084f8be781aae8a635cab4b179cfea4ebd (diff) |
xfrm: Add basic infrastructure to support IPsec extended sequence numbers
This patch adds the struct xfrm_replay_state_esn which will be
used to support IPsec extended sequence numbers and anti replay windows
bigger than 32 packets. Also we add a function that returns the actual
size of the xfrm_replay_state_esn, a xfrm netlink atribute and a xfrm state
flag for the use of extended sequence numbers.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux/xfrm.h')
-rw-r--r-- | include/linux/xfrm.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h index b93d6f598085..22e61fdf75a2 100644 --- a/include/linux/xfrm.h +++ b/include/linux/xfrm.h @@ -84,6 +84,16 @@ struct xfrm_replay_state { __u32 bitmap; }; +struct xfrm_replay_state_esn { + unsigned int bmp_len; + __u32 oseq; + __u32 seq; + __u32 oseq_hi; + __u32 seq_hi; + __u32 replay_window; + __u32 bmp[0]; +}; + struct xfrm_algo { char alg_name[64]; unsigned int alg_key_len; /* in bits */ @@ -284,6 +294,7 @@ enum xfrm_attr_type_t { XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */ XFRMA_MARK, /* struct xfrm_mark */ XFRMA_TFCPAD, /* __u32 */ + XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_esn */ __XFRMA_MAX #define XFRMA_MAX (__XFRMA_MAX - 1) @@ -351,6 +362,7 @@ struct xfrm_usersa_info { #define XFRM_STATE_ICMP 16 #define XFRM_STATE_AF_UNSPEC 32 #define XFRM_STATE_ALIGN4 64 +#define XFRM_STATE_ESN 128 }; struct xfrm_usersa_id { |