Skip to content

Commit f69eb4f

Browse files
choppsv1klassert
choppsv1
authored and
klassert
committed
xfrm: netlink: add config (netlink) options
Add netlink options for configuring IP-TFS SAs. Signed-off-by: Christian Hopps <[email protected]> Tested-by: Antony Antony <[email protected]> Signed-off-by: Steffen Klassert <[email protected]>
1 parent 64e8445 commit f69eb4f

File tree

3 files changed

+68
-3
lines changed

3 files changed

+68
-3
lines changed

include/uapi/linux/xfrm.h

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -158,7 +158,8 @@ enum {
158158
#define XFRM_MODE_ROUTEOPTIMIZATION 2
159159
#define XFRM_MODE_IN_TRIGGER 3
160160
#define XFRM_MODE_BEET 4
161-
#define XFRM_MODE_MAX 5
161+
#define XFRM_MODE_IPTFS 5
162+
#define XFRM_MODE_MAX 6
162163

163164
/* Netlink configuration messages. */
164165
enum {
@@ -323,6 +324,12 @@ enum xfrm_attr_type_t {
323324
XFRMA_SA_DIR, /* __u8 */
324325
XFRMA_NAT_KEEPALIVE_INTERVAL, /* __u32 in seconds for NAT keepalive */
325326
XFRMA_SA_PCPU, /* __u32 */
327+
XFRMA_IPTFS_DROP_TIME, /* __u32 in: usec to wait for next seq */
328+
XFRMA_IPTFS_REORDER_WINDOW, /* __u16 in: reorder window size (pkts) */
329+
XFRMA_IPTFS_DONT_FRAG, /* out: don't use fragmentation */
330+
XFRMA_IPTFS_INIT_DELAY, /* __u32 out: initial packet wait delay (usec) */
331+
XFRMA_IPTFS_MAX_QSIZE, /* __u32 out: max ingress queue size (octets) */
332+
XFRMA_IPTFS_PKT_SIZE, /* __u32 out: size of outer packet, 0 for PMTU */
326333
__XFRMA_MAX
327334

328335
#define XFRMA_OUTPUT_MARK XFRMA_SET_MARK /* Compatibility */

net/xfrm/xfrm_compat.c

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -284,9 +284,15 @@ static int xfrm_xlate64_attr(struct sk_buff *dst, const struct nlattr *src)
284284
case XFRMA_SA_DIR:
285285
case XFRMA_NAT_KEEPALIVE_INTERVAL:
286286
case XFRMA_SA_PCPU:
287+
case XFRMA_IPTFS_DROP_TIME:
288+
case XFRMA_IPTFS_REORDER_WINDOW:
289+
case XFRMA_IPTFS_DONT_FRAG:
290+
case XFRMA_IPTFS_INIT_DELAY:
291+
case XFRMA_IPTFS_MAX_QSIZE:
292+
case XFRMA_IPTFS_PKT_SIZE:
287293
return xfrm_nla_cpy(dst, src, nla_len(src));
288294
default:
289-
BUILD_BUG_ON(XFRMA_MAX != XFRMA_SA_PCPU);
295+
BUILD_BUG_ON(XFRMA_MAX != XFRMA_IPTFS_PKT_SIZE);
290296
pr_warn_once("unsupported nla_type %d\n", src->nla_type);
291297
return -EOPNOTSUPP;
292298
}
@@ -441,7 +447,7 @@ static int xfrm_xlate32_attr(void *dst, const struct nlattr *nla,
441447
int err;
442448

443449
if (type > XFRMA_MAX) {
444-
BUILD_BUG_ON(XFRMA_MAX != XFRMA_SA_PCPU);
450+
BUILD_BUG_ON(XFRMA_MAX != XFRMA_IPTFS_PKT_SIZE);
445451
NL_SET_ERR_MSG(extack, "Bad attribute");
446452
return -EOPNOTSUPP;
447453
}

net/xfrm/xfrm_user.c

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -301,6 +301,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p,
301301
NL_SET_ERR_MSG(extack, "TFC padding can only be used in tunnel mode");
302302
goto out;
303303
}
304+
if ((attrs[XFRMA_IPTFS_DROP_TIME] ||
305+
attrs[XFRMA_IPTFS_REORDER_WINDOW] ||
306+
attrs[XFRMA_IPTFS_DONT_FRAG] ||
307+
attrs[XFRMA_IPTFS_INIT_DELAY] ||
308+
attrs[XFRMA_IPTFS_MAX_QSIZE] ||
309+
attrs[XFRMA_IPTFS_PKT_SIZE]) &&
310+
p->mode != XFRM_MODE_IPTFS) {
311+
NL_SET_ERR_MSG(extack, "IP-TFS options can only be used in IP-TFS mode");
312+
goto out;
313+
}
304314
break;
305315

306316
case IPPROTO_COMP:
@@ -421,6 +431,18 @@ static int verify_newsa_info(struct xfrm_usersa_info *p,
421431
goto out;
422432
}
423433

434+
if (attrs[XFRMA_IPTFS_DROP_TIME]) {
435+
NL_SET_ERR_MSG(extack, "IP-TFS drop time should not be set for output SA");
436+
err = -EINVAL;
437+
goto out;
438+
}
439+
440+
if (attrs[XFRMA_IPTFS_REORDER_WINDOW]) {
441+
NL_SET_ERR_MSG(extack, "IP-TFS reorder window should not be set for output SA");
442+
err = -EINVAL;
443+
goto out;
444+
}
445+
424446
if (attrs[XFRMA_REPLAY_VAL]) {
425447
struct xfrm_replay_state *replay;
426448

@@ -458,6 +480,30 @@ static int verify_newsa_info(struct xfrm_usersa_info *p,
458480
}
459481

460482
}
483+
484+
if (attrs[XFRMA_IPTFS_DONT_FRAG]) {
485+
NL_SET_ERR_MSG(extack, "IP-TFS don't fragment should not be set for input SA");
486+
err = -EINVAL;
487+
goto out;
488+
}
489+
490+
if (attrs[XFRMA_IPTFS_INIT_DELAY]) {
491+
NL_SET_ERR_MSG(extack, "IP-TFS initial delay should not be set for input SA");
492+
err = -EINVAL;
493+
goto out;
494+
}
495+
496+
if (attrs[XFRMA_IPTFS_MAX_QSIZE]) {
497+
NL_SET_ERR_MSG(extack, "IP-TFS max queue size should not be set for input SA");
498+
err = -EINVAL;
499+
goto out;
500+
}
501+
502+
if (attrs[XFRMA_IPTFS_PKT_SIZE]) {
503+
NL_SET_ERR_MSG(extack, "IP-TFS packet size should not be set for input SA");
504+
err = -EINVAL;
505+
goto out;
506+
}
461507
}
462508

463509
if (!sa_dir && attrs[XFRMA_SA_PCPU]) {
@@ -3220,6 +3266,12 @@ const struct nla_policy xfrma_policy[XFRMA_MAX+1] = {
32203266
[XFRMA_SA_DIR] = NLA_POLICY_RANGE(NLA_U8, XFRM_SA_DIR_IN, XFRM_SA_DIR_OUT),
32213267
[XFRMA_NAT_KEEPALIVE_INTERVAL] = { .type = NLA_U32 },
32223268
[XFRMA_SA_PCPU] = { .type = NLA_U32 },
3269+
[XFRMA_IPTFS_DROP_TIME] = { .type = NLA_U32 },
3270+
[XFRMA_IPTFS_REORDER_WINDOW] = { .type = NLA_U16 },
3271+
[XFRMA_IPTFS_DONT_FRAG] = { .type = NLA_FLAG },
3272+
[XFRMA_IPTFS_INIT_DELAY] = { .type = NLA_U32 },
3273+
[XFRMA_IPTFS_MAX_QSIZE] = { .type = NLA_U32 },
3274+
[XFRMA_IPTFS_PKT_SIZE] = { .type = NLA_U32 },
32233275
};
32243276
EXPORT_SYMBOL_GPL(xfrma_policy);
32253277

0 commit comments

Comments
 (0)