Lines Matching defs:xfrm
36 #include <net/xfrm.h>
79 /* xfrm inexact policy search tree:
498 spin_lock_bh(&net->xfrm.xfrm_state_lock);
502 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
511 return __idx_hash(index, net->xfrm.policy_idx_hmask);
521 *dbits = net->xfrm.policy_bydst[dir].dbits4;
522 *sbits = net->xfrm.policy_bydst[dir].sbits4;
526 *dbits = net->xfrm.policy_bydst[dir].dbits6;
527 *sbits = net->xfrm.policy_bydst[dir].sbits6;
540 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask;
551 return rcu_dereference_check(net->xfrm.policy_bydst[dir].table,
552 lockdep_is_held(&net->xfrm.xfrm_policy_lock)) + hash;
560 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask;
568 return rcu_dereference_check(net->xfrm.policy_bydst[dir].table,
569 lockdep_is_held(&net->xfrm.xfrm_policy_lock)) + hash;
631 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask;
641 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
642 write_seqcount_begin(&net->xfrm.xfrm_policy_hash_generation);
644 odst = rcu_dereference_protected(net->xfrm.policy_bydst[dir].table,
645 lockdep_is_held(&net->xfrm.xfrm_policy_lock));
650 rcu_assign_pointer(net->xfrm.policy_bydst[dir].table, ndst);
651 net->xfrm.policy_bydst[dir].hmask = nhashmask;
653 write_seqcount_end(&net->xfrm.xfrm_policy_hash_generation);
654 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
663 unsigned int hmask = net->xfrm.policy_idx_hmask;
666 struct hlist_head *oidx = net->xfrm.policy_byidx;
673 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
678 net->xfrm.policy_byidx = nidx;
679 net->xfrm.policy_idx_hmask = nhashmask;
681 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
688 unsigned int cnt = net->xfrm.policy_count[dir];
689 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask;
703 unsigned int hmask = net->xfrm.policy_idx_hmask;
714 si->incnt = net->xfrm.policy_count[XFRM_POLICY_IN];
715 si->outcnt = net->xfrm.policy_count[XFRM_POLICY_OUT];
716 si->fwdcnt = net->xfrm.policy_count[XFRM_POLICY_FWD];
717 si->inscnt = net->xfrm.policy_count[XFRM_POLICY_IN+XFRM_POLICY_MAX];
718 si->outscnt = net->xfrm.policy_count[XFRM_POLICY_OUT+XFRM_POLICY_MAX];
719 si->fwdscnt = net->xfrm.policy_count[XFRM_POLICY_FWD+XFRM_POLICY_MAX];
720 si->spdhcnt = net->xfrm.policy_idx_hmask;
728 struct net *net = container_of(work, struct net, xfrm.policy_hash_work);
760 lockdep_assert_held(&net->xfrm.xfrm_policy_lock);
776 seqcount_spinlock_init(&bin->count, &net->xfrm.xfrm_policy_lock);
782 list_add(&bin->inexact_bins, &net->xfrm.inexact_bins);
902 list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) {
1163 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1165 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1172 lockdep_assert_held(&net->xfrm.xfrm_policy_lock);
1174 list_for_each_entry_safe(bin, t, &net->xfrm.inexact_bins, inexact_bins)
1186 lockdep_assert_held(&net->xfrm.xfrm_policy_lock);
1251 lockdep_assert_held(&net->xfrm.xfrm_policy_lock);
1285 xfrm.policy_hthresh.work);
1298 seq = read_seqbegin(&net->xfrm.policy_hthresh.lock);
1300 lbits4 = net->xfrm.policy_hthresh.lbits4;
1301 rbits4 = net->xfrm.policy_hthresh.rbits4;
1302 lbits6 = net->xfrm.policy_hthresh.lbits6;
1303 rbits6 = net->xfrm.policy_hthresh.rbits6;
1304 } while (read_seqretry(&net->xfrm.policy_hthresh.lock, seq));
1306 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1307 write_seqcount_begin(&net->xfrm.xfrm_policy_hash_generation);
1312 list_for_each_entry(policy, &net->xfrm.policy_all, walk.all) {
1353 net->xfrm.policy_bydst[dir].dbits4 = rbits4;
1354 net->xfrm.policy_bydst[dir].sbits4 = lbits4;
1355 net->xfrm.policy_bydst[dir].dbits6 = rbits6;
1356 net->xfrm.policy_bydst[dir].sbits6 = lbits6;
1359 net->xfrm.policy_bydst[dir].dbits4 = lbits4;
1360 net->xfrm.policy_bydst[dir].sbits4 = rbits4;
1361 net->xfrm.policy_bydst[dir].dbits6 = lbits6;
1362 net->xfrm.policy_bydst[dir].sbits6 = rbits6;
1367 list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) {
1399 write_seqcount_end(&net->xfrm.xfrm_policy_hash_generation);
1400 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1407 schedule_work(&net->xfrm.policy_hthresh.work);
1422 idx = (net->xfrm.idx_generator | dir);
1423 net->xfrm.idx_generator += 8;
1431 list = net->xfrm.policy_byidx + idx_hash(net, idx);
1587 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1595 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1612 hlist_add_head(&policy->byidx, net->xfrm.policy_byidx+idx_hash(net, policy->index));
1617 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1622 schedule_work(&net->xfrm.policy_hash_work);
1660 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1669 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1676 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1703 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1710 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1732 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1733 chain = net->xfrm.policy_byidx + idx_hash(net, id);
1743 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1752 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1767 list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1789 list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1823 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1830 list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1840 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1844 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1852 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1863 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1870 list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1880 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1884 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1892 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1912 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1914 x = list_first_entry(&net->xfrm.policy_all, struct xfrm_policy_walk_entry, all);
1919 list_for_each_entry_from(x, &net->xfrm.policy_all, all) {
1940 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1959 spin_lock_bh(&net->xfrm.xfrm_policy_lock); /*FIXME where is net? */
1961 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
2084 lockdep_assert_held(&net->xfrm.xfrm_policy_lock);
2177 sequence = read_seqcount_begin(&net->xfrm.xfrm_policy_hash_generation);
2179 } while (read_seqcount_retry(&net->xfrm.xfrm_policy_hash_generation, sequence));
2213 if (read_seqcount_retry(&net->xfrm.xfrm_policy_hash_generation, sequence))
2289 list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) {
2303 list_for_each_entry(policy, &net->xfrm.policy_all, walk.all) {
2329 list_add(&pol->walk.all, &net->xfrm.policy_all);
2330 net->xfrm.policy_count[dir]++;
2349 net->xfrm.policy_count[dir]--;
2368 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
2370 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
2389 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
2391 lockdep_is_held(&net->xfrm.xfrm_policy_lock));
2407 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
2439 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
2441 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
2487 struct xfrm_state **xfrm, unsigned short family)
2532 xfrm[nx++] = x;
2552 xfrm_state_put(xfrm[nx]);
2558 struct xfrm_state **xfrm, unsigned short family)
2561 struct xfrm_state **tpp = (npols > 1) ? tp : xfrm;
2583 xfrm_state_sort(xfrm, tpp, cnx, family);
2613 dst_ops = &net->xfrm.xfrm4_dst_ops;
2617 dst_ops = &net->xfrm.xfrm6_dst_ops;
2662 /* Allocate chain of dst_entry's, attach known xfrm's, calculate
2667 struct xfrm_state **xfrm,
2714 if (xfrm[i]->sel.family == AF_UNSPEC) {
2715 inner_mode = xfrm_ip2inner_mode(xfrm[i],
2723 inner_mode = &xfrm[i]->inner_mode;
2728 if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) {
2732 if (xfrm[i]->props.smark.v || xfrm[i]->props.smark.m)
2733 mark = xfrm_smark_get(fl->flowi_mark, xfrm[i]);
2735 if (xfrm[i]->xso.type != XFRM_DEV_OFFLOAD_PACKET)
2736 family = xfrm[i]->props.family;
2739 dst = xfrm_dst_lookup(xfrm[i], dscp, oif, &saddr,
2747 dst1->xfrm = xfrm[i];
2748 xdst->xfrm_genid = xfrm[i]->genid;
2755 if (xfrm[i]->mode_cbs && xfrm[i]->mode_cbs->output) {
2756 dst1->output = xfrm[i]->mode_cbs->output;
2769 header_len += xfrm[i]->props.header_len;
2770 if (xfrm[i]->type->flags & XFRM_TYPE_NON_FRAGMENT)
2771 nfheader_len += xfrm[i]->props.header_len;
2772 trailer_len += xfrm[i]->props.trailer_len;
2794 header_len -= xdst_prev->u.dst.xfrm->props.header_len;
2795 trailer_len -= xdst_prev->u.dst.xfrm->props.trailer_len;
2802 xfrm_state_put(xfrm[i]);
2864 struct xfrm_state *xfrm[XFRM_MAX_DEPTH];
2871 err = xfrm_tmpl_resolve(pols, num_pols, fl, xfrm, family);
2881 dst = xfrm_bundle_create(pols[0], xfrm, bundle, err, fl, dst_orig);
3042 net->xfrm.sysctl_larval_drop ||
3234 !net->xfrm.policy_count[XFRM_POLICY_OUT]))
3259 if (net->xfrm.sysctl_larval_drop) {
3300 if (dst->xfrm &&
3301 (dst->xfrm->props.mode == XFRM_MODE_TUNNEL ||
3302 dst->xfrm->props.mode == XFRM_MODE_IPTFS))
3308 net->xfrm.policy_default[dir] == XFRM_USERPOLICY_BLOCK) {
3665 if (dst2->xfrm) {
3762 if (net->xfrm.policy_default[dir] == XFRM_USERPOLICY_BLOCK) {
3831 /* For each tunnel xfrm, find the first matching tmpl.
3832 * For each tmpl before that, find corresponding xfrm.
3901 if (dst && !dst->xfrm)
3947 while ((dst = xfrm_dst_child(dst)) && dst->xfrm && dst->dev == dev) {
3977 pmtu = xfrm_state_mtu(dst->xfrm, pmtu);
4012 if (dst->xfrm->km.state != XFRM_STATE_VALID)
4014 if (xdst->xfrm_genid != dst->xfrm->genid)
4037 } while (dst->xfrm);
4047 mtu = xfrm_state_mtu(dst->xfrm, mtu);
4076 while (dst->xfrm) {
4077 const struct xfrm_state *xfrm = dst->xfrm;
4081 if (xfrm->props.mode == XFRM_MODE_TRANSPORT)
4083 if (xfrm->type->flags & XFRM_TYPE_REMOTE_COADDR)
4084 daddr = xfrm->coaddr;
4085 else if (!(xfrm->type->flags & XFRM_TYPE_LOCAL_COADDR))
4086 daddr = &xfrm->id.daddr;
4226 net->xfrm.policy_byidx = xfrm_hash_alloc(sz);
4227 if (!net->xfrm.policy_byidx)
4229 net->xfrm.policy_idx_hmask = hmask;
4234 net->xfrm.policy_count[dir] = 0;
4235 net->xfrm.policy_count[XFRM_POLICY_MAX + dir] = 0;
4237 htab = &net->xfrm.policy_bydst[dir];
4247 net->xfrm.policy_hthresh.lbits4 = 32;
4248 net->xfrm.policy_hthresh.rbits4 = 32;
4249 net->xfrm.policy_hthresh.lbits6 = 128;
4250 net->xfrm.policy_hthresh.rbits6 = 128;
4252 seqlock_init(&net->xfrm.policy_hthresh.lock);
4254 INIT_LIST_HEAD(&net->xfrm.policy_all);
4255 INIT_LIST_HEAD(&net->xfrm.inexact_bins);
4256 INIT_WORK(&net->xfrm.policy_hash_work, xfrm_hash_resize);
4257 INIT_WORK(&net->xfrm.policy_hthresh.work, xfrm_hash_rebuild);
4264 htab = &net->xfrm.policy_bydst[dir];
4267 xfrm_hash_free(net->xfrm.policy_byidx, sz);
4278 flush_work(&net->xfrm.policy_hash_work);
4284 WARN_ON(!list_empty(&net->xfrm.policy_all));
4289 htab = &net->xfrm.policy_bydst[dir];
4295 sz = (net->xfrm.policy_idx_hmask + 1) * sizeof(struct hlist_head);
4296 WARN_ON(!hlist_empty(net->xfrm.policy_byidx));
4297 xfrm_hash_free(net->xfrm.policy_byidx, sz);
4299 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
4300 list_for_each_entry_safe(b, t, &net->xfrm.inexact_bins, inexact_bins)
4302 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
4310 spin_lock_init(&net->xfrm.xfrm_state_lock);
4311 spin_lock_init(&net->xfrm.xfrm_policy_lock);
4312 seqcount_spinlock_init(&net->xfrm.xfrm_policy_hash_generation, &net->xfrm.xfrm_policy_lock);
4313 mutex_init(&net->xfrm.xfrm_cfg_mutex);
4314 net->xfrm.policy_default[XFRM_POLICY_IN] = XFRM_USERPOLICY_ACCEPT;
4315 net->xfrm.policy_default[XFRM_POLICY_FWD] = XFRM_USERPOLICY_ACCEPT;
4316 net->xfrm.policy_default[XFRM_POLICY_OUT] = XFRM_USERPOLICY_ACCEPT;