Home
last modified time | relevance | path

Searched refs:xfrm (Results 1 – 25 of 50) sorted by relevance

12

/linux/net/xfrm/
H A Dxfrm_sysctl.c9 net->xfrm.sysctl_aevent_etime = XFRM_AE_ETIME; in __xfrm_sysctl_init()
10 net->xfrm.sysctl_aevent_rseqth = XFRM_AE_SEQT_SIZE; in __xfrm_sysctl_init()
11 net->xfrm.sysctl_larval_drop = 1; in __xfrm_sysctl_init()
12 net->xfrm.sysctl_acq_expires = 30; in __xfrm_sysctl_init()
53 table[0].data = &net->xfrm.sysctl_aevent_etime; in xfrm_sysctl_init()
54 table[1].data = &net->xfrm.sysctl_aevent_rseqth; in xfrm_sysctl_init()
55 table[2].data = &net->xfrm.sysctl_larval_drop; in xfrm_sysctl_init()
56 table[3].data = &net->xfrm.sysctl_acq_expires; in xfrm_sysctl_init()
62 net->xfrm.sysctl_hdr = register_net_sysctl_sz(net, "net/core", table, in xfrm_sysctl_init()
64 if (!net->xfrm.sysctl_hdr) in xfrm_sysctl_init()
[all …]
H A Dxfrm_policy.c498 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_policy_kill()
502 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_policy_kill()
511 return __idx_hash(index, net->xfrm.policy_idx_hmask); in idx_hash()
521 *dbits = net->xfrm.policy_bydst[dir].dbits4; in __get_hash_thresh()
522 *sbits = net->xfrm.policy_bydst[dir].sbits4; in __get_hash_thresh()
526 *dbits = net->xfrm.policy_bydst[dir].dbits6; in __get_hash_thresh()
527 *sbits = net->xfrm.policy_bydst[dir].sbits6; in __get_hash_thresh()
540 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask; in policy_hash_bysel()
551 return rcu_dereference_check(net->xfrm.policy_bydst[dir].table, in policy_hash_bysel()
552 lockdep_is_held(&net->xfrm.xfrm_policy_lock)) + hash; in policy_hash_bysel()
[all …]
H A Dxfrm_state.c36 rcu_dereference_protected((table), lockdep_is_held(&(net)->xfrm.xfrm_state_lock))
38 rcu_dereference_check((table), lockdep_is_held(&(net)->xfrm.xfrm_state_lock))
67 lockdep_assert_held(&net->xfrm.xfrm_state_lock); in xfrm_dst_hash()
69 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask); in xfrm_dst_hash()
77 lockdep_assert_held(&net->xfrm.xfrm_state_lock); in xfrm_src_hash()
79 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask); in xfrm_src_hash()
86 lockdep_assert_held(&net->xfrm.xfrm_state_lock); in xfrm_spi_hash()
88 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask); in xfrm_spi_hash()
93 lockdep_assert_held(&net->xfrm.xfrm_state_lock); in xfrm_seq_hash()
95 return __xfrm_seq_hash(seq, net->xfrm.state_hmask); in xfrm_seq_hash()
[all …]
H A Dxfrm_nat_keepalive.c206 net = container_of(work, struct net, xfrm.nat_keepalive_work.work); in nat_keepalive_work()
211 schedule_delayed_work(&net->xfrm.nat_keepalive_work, in nat_keepalive_work()
253 schedule_delayed_work(&net->xfrm.nat_keepalive_work, 0); in xfrm_nat_keepalive_state_updated()
258 INIT_DELAYED_WORK(&net->xfrm.nat_keepalive_work, nat_keepalive_work); in xfrm_nat_keepalive_net_init()
264 disable_delayed_work_sync(&net->xfrm.nat_keepalive_work); in xfrm_nat_keepalive_net_fini()
H A Dxfrm_user.c44 return rcu_dereference_protected(net->xfrm.nlsk, sk->sk_net_refcnt); in xfrm_net_nlsk()
982 x->replay_maxdiff = net->xfrm.sysctl_aevent_rseqth; in xfrm_state_construct()
984 x->replay_maxage = (net->xfrm.sysctl_aevent_etime*HZ)/XFRM_AE_ETH_M; in xfrm_state_construct()
1583 struct sock *nlsk = rcu_dereference(net->xfrm.nlsk); in xfrm_nlmsg_multicast()
1643 lseq = read_seqbegin(&net->xfrm.policy_hthresh.lock); in build_spdinfo()
1645 spt4.lbits = net->xfrm.policy_hthresh.lbits4; in build_spdinfo()
1646 spt4.rbits = net->xfrm.policy_hthresh.rbits4; in build_spdinfo()
1647 spt6.lbits = net->xfrm.policy_hthresh.lbits6; in build_spdinfo()
1648 spt6.rbits = net->xfrm.policy_hthresh.rbits6; in build_spdinfo()
1649 } while (read_seqretry(&net->xfrm.policy_hthresh.lock, lseq)); in build_spdinfo()
[all …]
H A Dxfrm_output.c502 struct xfrm_state *x = dst->xfrm; in xfrm_output_one()
580 x = dst->xfrm; in xfrm_output_one()
595 struct net *net = xs_net(skb_dst(skb)->xfrm); in xfrm_output_resume()
604 if (!skb_dst(skb)->xfrm) in xfrm_output_resume()
753 struct xfrm_state *x = skb_dst(skb)->xfrm; in xfrm_output()
/linux/tools/testing/selftests/drivers/net/hw/
H A Dipsec_vxlan.py25 def xfrm(args, host=None): function
91 xfrm(f"state add src {local_addr} dst {remote_addr} "
95 defer(xfrm, f"state del src {local_addr} dst {remote_addr} "
99 xfrm(f"state add src {remote_addr} dst {local_addr} "
103 defer(xfrm, f"state del src {remote_addr} dst {local_addr} "
107 xfrm(f"state add src {remote_addr} dst {local_addr} "
112 defer(xfrm, f"state del src {remote_addr} dst {local_addr} "
116 xfrm(f"state add src {local_addr} dst {remote_addr} "
121 defer(xfrm, f"state del src {local_addr} dst {remote_addr} "
125 xfrm(f"policy add src {local_addr} dst {remote_addr} "
[all …]
H A Drss_api.py320 def set_rss(cfg, xfrm, fh): argument
322 "input-xfrm": xfrm, "flow-hash": fh})
/linux/tools/testing/selftests/net/
H A Dxfrm_policy.sh38 …ip -net $ns xfrm policy add src $lnet dst $rnet dir out tmpl src $me dst $remote proto esp mode tu…
40 …ip -net $ns xfrm policy add src $rnet dst $lnet dir fwd tmpl src $remote dst $me proto esp mode tu…
52 …ip -net $ns xfrm state add src $remote dst $me proto esp spi $spi_in enc aes $KEY_AES auth sha1 …
53 …ip -net $ns xfrm state add src $me dst $remote proto esp spi $spi_out enc aes $KEY_AES auth sha1 …
75 ip -net $ns xfrm policy add src 10.1.0.0/24 dst 10.0.0.0/24 dir fwd priority 200 action block
78 ip -net $ns xfrm policy add src 10.2.0.0/24 dst 10.0.0.0/24 dir fwd priority 200 action block
81 ip -net $ns xfrm policy add src 10.2.0.0/23 dst 10.0.1.0/24 dir fwd priority 200 action block
107 ip -net $ns xfrm policy add src 10.1.0.0/24 dst 10.0.0.0/23 dir fwd priority 200 action block
112 …ip -net $ns xfrm policy add src 10.253.1.$((RANDOM%255))/$p dst 10.254.1.$((RANDOM%255))/$p dir fw…
122 ip -net $ns xfrm policy get src $lnet dst $rnet dir out > /dev/null
[all …]
H A Dl2tp.sh228 run_cmd $host_1 ip xfrm policy add \
232 run_cmd $host_1 ip xfrm policy add \
236 run_cmd $host_2 ip xfrm policy add \
240 run_cmd $host_2 ip xfrm policy add \
244 ip -netns $host_1 xfrm state add \
249 ip -netns $host_1 xfrm state add \
254 ip -netns $host_2 xfrm state add \
259 ip -netns $host_2 xfrm state add \
267 run_cmd $host_1 ip -6 xfrm policy add \
271 run_cmd $host_1 ip -6 xfrm policy add \
[all …]
H A Dvrf-xfrm-tests.sh197 ip -netns ${ns} xfrm ${x} flush
198 ip -6 -netns ${ns} xfrm ${x} flush
216 ip -netns $host1 xfrm policy add \
221 ip -netns $host2 xfrm policy add \
226 ip -netns $host1 xfrm policy add \
231 ip -netns $host2 xfrm policy add \
237 ip -6 -netns $host1 xfrm policy add \
242 ip -6 -netns $host2 xfrm policy add \
247 ip -6 -netns $host1 xfrm policy add \
252 ip -6 -netns $host2 xfrm policy add \
[all …]
H A Dxfrm_policy_add_speed.sh28 ip netns exec "$ns" ip xfrm policy flush
40 echo xfrm policy add src 10.$s.$j.0/30 dst 10.$d.$j.$a/$pfx dir $dir action block
45 echo xfrm policy add src 10.$s.$j.$a/30 dst 10.$d.$j.0/$pfx dir $dir action block
70 have=$(ip netns exec "$ns" ip xfrm policy show | grep "action block" | wc -l)
H A Dpmtu.sh123 # Set up vti tunnel on top of veth, with xfrm states and policies, in two
135 # add xfrm states and policies with ESP-in-UDP encapsulation. Check that
141 # Set up vti6 tunnel on top of veth, with xfrm states and policies, in two
681 run_cmd ${ns_a} ip -${proto} xfrm state add src ${veth_a_addr} dst ${veth_b_addr} spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel ${encap} || return 1
682 run_cmd ${ns_a} ip -${proto} xfrm state add src ${veth_b_addr} dst ${veth_a_addr} spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel ${encap}
683 run_cmd ${ns_a} ip -${proto} xfrm policy add dir out mark 10 tmpl src ${veth_a_addr} dst ${veth_b_addr} proto esp mode tunnel
684 run_cmd ${ns_a} ip -${proto} xfrm policy add dir in mark 10 tmpl src ${veth_b_addr} dst ${veth_a_addr} proto esp mode tunnel
686 run_cmd ${ns_b} ip -${proto} xfrm state add src ${veth_a_addr} dst ${veth_b_addr} spi 0x1000 proto esp aead 'rfc4106(gcm(aes))' 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel ${encap}
687 run_cmd ${ns_b} ip -${proto} xfrm state add src ${veth_b_addr} dst ${veth_a_addr} spi 0x1001 proto esp aead 'rfc4106(gcm(aes))' 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f 128 mode tunnel ${encap}
688 run_cmd ${ns_b} ip -${proto} xfrm polic
[all...]
/linux/net/ipv6/
H A Dxfrm6_policy.c151 } while (xdst->u.dst.xfrm); in xfrm6_dst_ifdown()
192 .data = &init_net.xfrm.xfrm6_dst_ops.gc_thresh,
210 table[0].data = &net->xfrm.xfrm6_dst_ops.gc_thresh; in xfrm6_net_sysctl_init()
255 memcpy(&net->xfrm.xfrm6_dst_ops, &xfrm6_dst_ops_template, in xfrm6_net_init()
257 ret = dst_entries_init(&net->xfrm.xfrm6_dst_ops); in xfrm6_net_init()
263 dst_entries_destroy(&net->xfrm.xfrm6_dst_ops); in xfrm6_net_init()
271 dst_entries_destroy(&net->xfrm.xfrm6_dst_ops); in xfrm6_net_exit()
H A Dxfrm6_output.c64 struct xfrm_state *x = dst->xfrm; in __xfrm6_output()
/linux/net/netfilter/
H A Dxt_policy.c90 if (dst->xfrm == NULL) in match_policy_out()
93 for (i = 0; dst && dst->xfrm; in match_policy_out()
100 if (match_xfrm_state(dst->xfrm, e, family)) { in match_policy_out()
/linux/tools/testing/selftests/net/forwarding/
H A Dip6_forward_instats_vrf.sh151 ip xfrm policy add dst 2001:1:2::2/128 dir fwd action block
154 ip xfrm policy del dst 2001:1:2::2/128 dir fwd
/linux/net/ipv4/
H A Dxfrm4_output.c20 struct xfrm_state *x = skb_dst(skb)->xfrm; in __xfrm4_output()
/linux/security/selinux/
H A Dxfrm.c214 x = dst->xfrm; in selinux_xfrm_skb_sid_egress()
454 struct xfrm_state *x = iter->xfrm; in selinux_xfrm_postroute_last()
H A DMakefile22 selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
/linux/Documentation/networking/
H A Dsecid.rst11 matching labeled xfrm(s).
H A Dindex.rst132 xfrm/index
/linux/net/core/
H A Ddst.c57 dst->xfrm = NULL; in dst_init()
107 if (dst->xfrm) { in dst_destroy()
/linux/tools/testing/selftests/net/netfilter/
H A Dnft_flowtable.sh807 ip -net "$ns" xfrm state add src "$remote" dst "$me" proto esp spi "$spi_in" enc aes "$KEY_AES" auth sha1 "$KEY_SHA" mode tunnel sel src "$rnet" dst "$lnet"
808 ip -net "$ns" xfrm state add src "$me" dst "$remote" proto esp spi "$spi_out" enc aes "$KEY_AES" auth sha1 "$KEY_SHA" mode tunnel sel src "$lnet" dst "$rnet"
811 ip -net "$ns" xfrm policy add src "$lnet" dst "$rnet" dir out tmpl src "$me" dst "$remote" proto esp mode tunnel priority 1 action allow
813 ip -net "$ns" xfrm policy add src "$rnet" dst "$lnet" dir fwd tmpl src "$remote" dst "$me" proto esp mode tunnel priority 1 action allow
/linux/net/
H A DMakefile19 obj-$(CONFIG_XFRM) += xfrm/

12