xfrm: netlink: add config (netlink) options

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Add netlink options for configuring IP-TFS SAs.

Signed-off-by: Christian Hopps <chopps@labn.net>
Tested-by: Antony Antony <antony.antony@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

authored by

Christian Hopps and committed by

Steffen Klassert 1 year ago f69eb4f6 64e84450

+68 -3

3 changed files

expand all

include

uapi

linux

xfrm.h

net

xfrm

xfrm_compat.c

xfrm_user.c

+8 -1

include/uapi/linux/xfrm.h

··· 158 158 #define XFRM_MODE_ROUTEOPTIMIZATION 2 159 159 #define XFRM_MODE_IN_TRIGGER 3 160 160 #define XFRM_MODE_BEET 4 161 - #define XFRM_MODE_MAX 5 161 + #define XFRM_MODE_IPTFS 5 162 + #define XFRM_MODE_MAX 6 162 163 163 164 /* Netlink configuration messages. */ 164 165 enum { ··· 324 323 XFRMA_SA_DIR, /* __u8 */ 325 324 XFRMA_NAT_KEEPALIVE_INTERVAL, /* __u32 in seconds for NAT keepalive */ 326 325 XFRMA_SA_PCPU, /* __u32 */ 326 + XFRMA_IPTFS_DROP_TIME, /* __u32 in: usec to wait for next seq */ 327 + XFRMA_IPTFS_REORDER_WINDOW, /* __u16 in: reorder window size (pkts) */ 328 + XFRMA_IPTFS_DONT_FRAG, /* out: don't use fragmentation */ 329 + XFRMA_IPTFS_INIT_DELAY, /* __u32 out: initial packet wait delay (usec) */ 330 + XFRMA_IPTFS_MAX_QSIZE, /* __u32 out: max ingress queue size (octets) */ 331 + XFRMA_IPTFS_PKT_SIZE, /* __u32 out: size of outer packet, 0 for PMTU */ 327 332 __XFRMA_MAX 328 333 329 334 #define XFRMA_OUTPUT_MARK XFRMA_SET_MARK /* Compatibility */

+8 -2

net/xfrm/xfrm_compat.c

··· 284 284 case XFRMA_SA_DIR: 285 285 case XFRMA_NAT_KEEPALIVE_INTERVAL: 286 286 case XFRMA_SA_PCPU: 287 + case XFRMA_IPTFS_DROP_TIME: 288 + case XFRMA_IPTFS_REORDER_WINDOW: 289 + case XFRMA_IPTFS_DONT_FRAG: 290 + case XFRMA_IPTFS_INIT_DELAY: 291 + case XFRMA_IPTFS_MAX_QSIZE: 292 + case XFRMA_IPTFS_PKT_SIZE: 287 293 return xfrm_nla_cpy(dst, src, nla_len(src)); 288 294 default: 289 - BUILD_BUG_ON(XFRMA_MAX != XFRMA_SA_PCPU); 295 + BUILD_BUG_ON(XFRMA_MAX != XFRMA_IPTFS_PKT_SIZE); 290 296 pr_warn_once("unsupported nla_type %d\n", src->nla_type); 291 297 return -EOPNOTSUPP; 292 298 } ··· 447 441 int err; 448 442 449 443 if (type > XFRMA_MAX) { 450 - BUILD_BUG_ON(XFRMA_MAX != XFRMA_SA_PCPU); 444 + BUILD_BUG_ON(XFRMA_MAX != XFRMA_IPTFS_PKT_SIZE); 451 445 NL_SET_ERR_MSG(extack, "Bad attribute"); 452 446 return -EOPNOTSUPP; 453 447 }

+52

net/xfrm/xfrm_user.c

··· 301 301 NL_SET_ERR_MSG(extack, "TFC padding can only be used in tunnel mode"); 302 302 goto out; 303 303 } 304 + if ((attrs[XFRMA_IPTFS_DROP_TIME] || 305 + attrs[XFRMA_IPTFS_REORDER_WINDOW] || 306 + attrs[XFRMA_IPTFS_DONT_FRAG] || 307 + attrs[XFRMA_IPTFS_INIT_DELAY] || 308 + attrs[XFRMA_IPTFS_MAX_QSIZE] || 309 + attrs[XFRMA_IPTFS_PKT_SIZE]) && 310 + p->mode != XFRM_MODE_IPTFS) { 311 + NL_SET_ERR_MSG(extack, "IP-TFS options can only be used in IP-TFS mode"); 312 + goto out; 313 + } 304 314 break; 305 315 306 316 case IPPROTO_COMP: ··· 431 421 goto out; 432 422 } 433 423 424 + if (attrs[XFRMA_IPTFS_DROP_TIME]) { 425 + NL_SET_ERR_MSG(extack, "IP-TFS drop time should not be set for output SA"); 426 + err = -EINVAL; 427 + goto out; 428 + } 429 + 430 + if (attrs[XFRMA_IPTFS_REORDER_WINDOW]) { 431 + NL_SET_ERR_MSG(extack, "IP-TFS reorder window should not be set for output SA"); 432 + err = -EINVAL; 433 + goto out; 434 + } 435 + 434 436 if (attrs[XFRMA_REPLAY_VAL]) { 435 437 struct xfrm_replay_state *replay; 436 438 ··· 479 457 goto out; 480 458 } 481 459 460 + } 461 + 462 + if (attrs[XFRMA_IPTFS_DONT_FRAG]) { 463 + NL_SET_ERR_MSG(extack, "IP-TFS don't fragment should not be set for input SA"); 464 + err = -EINVAL; 465 + goto out; 466 + } 467 + 468 + if (attrs[XFRMA_IPTFS_INIT_DELAY]) { 469 + NL_SET_ERR_MSG(extack, "IP-TFS initial delay should not be set for input SA"); 470 + err = -EINVAL; 471 + goto out; 472 + } 473 + 474 + if (attrs[XFRMA_IPTFS_MAX_QSIZE]) { 475 + NL_SET_ERR_MSG(extack, "IP-TFS max queue size should not be set for input SA"); 476 + err = -EINVAL; 477 + goto out; 478 + } 479 + 480 + if (attrs[XFRMA_IPTFS_PKT_SIZE]) { 481 + NL_SET_ERR_MSG(extack, "IP-TFS packet size should not be set for input SA"); 482 + err = -EINVAL; 483 + goto out; 482 484 } 483 485 } 484 486 ··· 3266 3220 [XFRMA_SA_DIR] = NLA_POLICY_RANGE(NLA_U8, XFRM_SA_DIR_IN, XFRM_SA_DIR_OUT), 3267 3221 [XFRMA_NAT_KEEPALIVE_INTERVAL] = { .type = NLA_U32 }, 3268 3222 [XFRMA_SA_PCPU] = { .type = NLA_U32 }, 3223 + [XFRMA_IPTFS_DROP_TIME] = { .type = NLA_U32 }, 3224 + [XFRMA_IPTFS_REORDER_WINDOW] = { .type = NLA_U16 }, 3225 + [XFRMA_IPTFS_DONT_FRAG] = { .type = NLA_FLAG }, 3226 + [XFRMA_IPTFS_INIT_DELAY] = { .type = NLA_U32 }, 3227 + [XFRMA_IPTFS_MAX_QSIZE] = { .type = NLA_U32 }, 3228 + [XFRMA_IPTFS_PKT_SIZE] = { .type = NLA_U32 }, 3269 3229 }; 3270 3230 EXPORT_SYMBOL_GPL(xfrma_policy); 3271 3231