summaryrefslogtreecommitdiff
path: root/include/linux
diff options
context:
space:
mode:
authorMasahide NAKAMURA <nakam@linux-ipv6.org>2006-08-23 22:43:30 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 15:08:34 -0700
commit4e81bb8336a0ac50289d4d4c7a55e559b994ee8f (patch)
treefefa71843c3f8152dd0a008b3b40fe2e42d204d7 /include/linux
parentc11f1a15c522ddd3bbd2c32b5ce3e0b1831b22f2 (diff)
[XFRM] POLICY: sub policy support.
Sub policy is introduced. Main and sub policy are applied the same flow. (Policy that current kernel uses is named as main.) It is required another transformation policy management to keep IPsec and Mobile IPv6 lives separate. Policy which lives shorter time in kernel should be a sub i.e. normally main is for IPsec and sub is for Mobile IPv6. (Such usage as two IPsec policies on different database can be used, too.) Limitation or TODOs: - Sub policy is not supported for per socket one (it is always inserted as main). - Current kernel makes cached outbound with flowi to skip searching database. However this patch makes it disabled only when "two policies are used and the first matched one is bypass case" because neither flowi nor bundle information knows about transformation template size. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/xfrm.h7
1 files changed, 7 insertions, 0 deletions
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 4009f4445fa9..492fb9818747 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -104,6 +104,13 @@ struct xfrm_stats {
enum
{
+ XFRM_POLICY_TYPE_MAIN = 0,
+ XFRM_POLICY_TYPE_SUB = 1,
+ XFRM_POLICY_TYPE_MAX = 2
+};
+
+enum
+{
XFRM_POLICY_IN = 0,
XFRM_POLICY_OUT = 1,
XFRM_POLICY_FWD = 2,