Lines Matching refs:xfrm
35 #include <net/xfrm.h>
77 /* xfrm inexact policy search tree:
458 return __idx_hash(index, net->xfrm.policy_idx_hmask);
468 *dbits = net->xfrm.policy_bydst[dir].dbits4;
469 *sbits = net->xfrm.policy_bydst[dir].sbits4;
473 *dbits = net->xfrm.policy_bydst[dir].dbits6;
474 *sbits = net->xfrm.policy_bydst[dir].sbits6;
487 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask;
498 return rcu_dereference_check(net->xfrm.policy_bydst[dir].table,
499 lockdep_is_held(&net->xfrm.xfrm_policy_lock)) + hash;
507 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask;
515 return rcu_dereference_check(net->xfrm.policy_bydst[dir].table,
516 lockdep_is_held(&net->xfrm.xfrm_policy_lock)) + hash;
578 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask;
588 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
589 write_seqcount_begin(&net->xfrm.xfrm_policy_hash_generation);
591 odst = rcu_dereference_protected(net->xfrm.policy_bydst[dir].table,
592 lockdep_is_held(&net->xfrm.xfrm_policy_lock));
597 rcu_assign_pointer(net->xfrm.policy_bydst[dir].table, ndst);
598 net->xfrm.policy_bydst[dir].hmask = nhashmask;
600 write_seqcount_end(&net->xfrm.xfrm_policy_hash_generation);
601 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
610 unsigned int hmask = net->xfrm.policy_idx_hmask;
613 struct hlist_head *oidx = net->xfrm.policy_byidx;
620 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
625 net->xfrm.policy_byidx = nidx;
626 net->xfrm.policy_idx_hmask = nhashmask;
628 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
635 unsigned int cnt = net->xfrm.policy_count[dir];
636 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask;
650 unsigned int hmask = net->xfrm.policy_idx_hmask;
661 si->incnt = net->xfrm.policy_count[XFRM_POLICY_IN];
662 si->outcnt = net->xfrm.policy_count[XFRM_POLICY_OUT];
663 si->fwdcnt = net->xfrm.policy_count[XFRM_POLICY_FWD];
664 si->inscnt = net->xfrm.policy_count[XFRM_POLICY_IN+XFRM_POLICY_MAX];
665 si->outscnt = net->xfrm.policy_count[XFRM_POLICY_OUT+XFRM_POLICY_MAX];
666 si->fwdscnt = net->xfrm.policy_count[XFRM_POLICY_FWD+XFRM_POLICY_MAX];
667 si->spdhcnt = net->xfrm.policy_idx_hmask;
675 struct net *net = container_of(work, struct net, xfrm.policy_hash_work);
707 lockdep_assert_held(&net->xfrm.xfrm_policy_lock);
723 seqcount_spinlock_init(&bin->count, &net->xfrm.xfrm_policy_lock);
729 list_add(&bin->inexact_bins, &net->xfrm.inexact_bins);
849 list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) {
1110 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1112 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1119 lockdep_assert_held(&net->xfrm.xfrm_policy_lock);
1121 list_for_each_entry_safe(bin, t, &net->xfrm.inexact_bins, inexact_bins)
1133 lockdep_assert_held(&net->xfrm.xfrm_policy_lock);
1198 lockdep_assert_held(&net->xfrm.xfrm_policy_lock);
1212 chain = &net->xfrm.policy_inexact[dir];
1224 xfrm.policy_hthresh.work);
1240 seq = read_seqbegin(&net->xfrm.policy_hthresh.lock);
1242 lbits4 = net->xfrm.policy_hthresh.lbits4;
1243 rbits4 = net->xfrm.policy_hthresh.rbits4;
1244 lbits6 = net->xfrm.policy_hthresh.lbits6;
1245 rbits6 = net->xfrm.policy_hthresh.rbits6;
1246 } while (read_seqretry(&net->xfrm.policy_hthresh.lock, seq));
1248 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1249 write_seqcount_begin(&net->xfrm.xfrm_policy_hash_generation);
1254 list_for_each_entry(policy, &net->xfrm.policy_all, walk.all) {
1297 &net->xfrm.policy_inexact[dir],
1303 hmask = net->xfrm.policy_bydst[dir].hmask;
1304 odst = net->xfrm.policy_bydst[dir].table;
1311 net->xfrm.policy_bydst[dir].dbits4 = rbits4;
1312 net->xfrm.policy_bydst[dir].sbits4 = lbits4;
1313 net->xfrm.policy_bydst[dir].dbits6 = rbits6;
1314 net->xfrm.policy_bydst[dir].sbits6 = lbits6;
1317 net->xfrm.policy_bydst[dir].dbits4 = lbits4;
1318 net->xfrm.policy_bydst[dir].sbits4 = rbits4;
1319 net->xfrm.policy_bydst[dir].dbits6 = lbits6;
1320 net->xfrm.policy_bydst[dir].sbits6 = rbits6;
1325 list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) {
1358 write_seqcount_end(&net->xfrm.xfrm_policy_hash_generation);
1359 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1366 schedule_work(&net->xfrm.policy_hthresh.work);
1381 idx = (net->xfrm.idx_generator | dir);
1382 net->xfrm.idx_generator += 8;
1390 list = net->xfrm.policy_byidx + idx_hash(net, idx);
1576 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1584 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1601 hlist_add_head(&policy->byidx, net->xfrm.policy_byidx+idx_hash(net, policy->index));
1606 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1611 schedule_work(&net->xfrm.policy_hash_work);
1649 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1658 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1665 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1692 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1699 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1721 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1722 chain = net->xfrm.policy_byidx + idx_hash(net, id);
1732 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1741 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1756 list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1783 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1790 list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1798 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1802 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1810 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1830 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1832 x = list_first_entry(&net->xfrm.policy_all, struct xfrm_policy_walk_entry, all);
1837 list_for_each_entry_from(x, &net->xfrm.policy_all, all) {
1858 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1877 spin_lock_bh(&net->xfrm.xfrm_policy_lock); /*FIXME where is net? */
1879 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
2003 lockdep_assert_held(&net->xfrm.xfrm_policy_lock);
2097 sequence = read_seqcount_begin(&net->xfrm.xfrm_policy_hash_generation);
2099 } while (read_seqcount_retry(&net->xfrm.xfrm_policy_hash_generation, sequence));
2130 if (read_seqcount_retry(&net->xfrm.xfrm_policy_hash_generation, sequence))
2205 list_add(&pol->walk.all, &net->xfrm.policy_all);
2206 net->xfrm.policy_count[dir]++;
2226 net->xfrm.policy_count[dir]--;
2245 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
2247 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
2266 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
2268 lockdep_is_held(&net->xfrm.xfrm_policy_lock));
2284 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
2316 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
2318 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
2364 struct xfrm_state **xfrm, unsigned short family)
2397 xfrm[nx++] = x;
2417 xfrm_state_put(xfrm[nx]);
2423 struct xfrm_state **xfrm, unsigned short family)
2426 struct xfrm_state **tpp = (npols > 1) ? tp : xfrm;
2448 xfrm_state_sort(xfrm, tpp, cnx, family);
2478 dst_ops = &net->xfrm.xfrm4_dst_ops;
2482 dst_ops = &net->xfrm.xfrm6_dst_ops;
2530 /* Allocate chain of dst_entry's, attach known xfrm's, calculate
2535 struct xfrm_state **xfrm,
2582 if (xfrm[i]->sel.family == AF_UNSPEC) {
2583 inner_mode = xfrm_ip2inner_mode(xfrm[i],
2591 inner_mode = &xfrm[i]->inner_mode;
2596 if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) {
2599 if (xfrm[i]->props.smark.v || xfrm[i]->props.smark.m)
2600 mark = xfrm_smark_get(fl->flowi_mark, xfrm[i]);
2602 family = xfrm[i]->props.family;
2603 dst = xfrm_dst_lookup(xfrm[i], tos, fl->flowi_oif,
2611 dst1->xfrm = xfrm[i];
2612 xdst->xfrm_genid = xfrm[i]->genid;
2629 header_len += xfrm[i]->props.header_len;
2630 if (xfrm[i]->type->flags & XFRM_TYPE_NON_FRAGMENT)
2631 nfheader_len += xfrm[i]->props.header_len;
2632 trailer_len += xfrm[i]->props.trailer_len;
2654 header_len -= xdst_prev->u.dst.xfrm->props.header_len;
2655 trailer_len -= xdst_prev->u.dst.xfrm->props.trailer_len;
2662 xfrm_state_put(xfrm[i]);
2724 struct xfrm_state *xfrm[XFRM_MAX_DEPTH];
2731 err = xfrm_tmpl_resolve(pols, num_pols, fl, xfrm, family);
2741 dst = xfrm_bundle_create(pols[0], xfrm, bundle, err, fl, dst_orig);
2902 net->xfrm.sysctl_larval_drop ||
3094 !net->xfrm.policy_count[XFRM_POLICY_OUT]))
3119 if (net->xfrm.sysctl_larval_drop) {
3159 if (dst && dst->xfrm &&
3160 dst->xfrm->props.mode == XFRM_MODE_TUNNEL)
3166 net->xfrm.policy_default[dir] == XFRM_USERPOLICY_BLOCK) {
3625 if (net->xfrm.policy_default[dir] == XFRM_USERPOLICY_BLOCK) {
3691 /* For each tunnel xfrm, find the first matching tmpl.
3692 * For each tmpl before that, find corresponding xfrm.
3797 while ((dst = xfrm_dst_child(dst)) && dst->xfrm && dst->dev == dev) {
3827 pmtu = xfrm_state_mtu(dst->xfrm, pmtu);
3862 if (dst->xfrm->km.state != XFRM_STATE_VALID)
3864 if (xdst->xfrm_genid != dst->xfrm->genid)
3887 } while (dst->xfrm);
3897 mtu = xfrm_state_mtu(dst->xfrm, mtu);
3926 while (dst->xfrm) {
3927 const struct xfrm_state *xfrm = dst->xfrm;
3931 if (xfrm->props.mode == XFRM_MODE_TRANSPORT)
3933 if (xfrm->type->flags & XFRM_TYPE_REMOTE_COADDR)
3934 daddr = xfrm->coaddr;
3935 else if (!(xfrm->type->flags & XFRM_TYPE_LOCAL_COADDR))
3936 daddr = &xfrm->id.daddr;
4079 net->xfrm.policy_byidx = xfrm_hash_alloc(sz);
4080 if (!net->xfrm.policy_byidx)
4082 net->xfrm.policy_idx_hmask = hmask;
4087 net->xfrm.policy_count[dir] = 0;
4088 net->xfrm.policy_count[XFRM_POLICY_MAX + dir] = 0;
4089 INIT_HLIST_HEAD(&net->xfrm.policy_inexact[dir]);
4091 htab = &net->xfrm.policy_bydst[dir];
4101 net->xfrm.policy_hthresh.lbits4 = 32;
4102 net->xfrm.policy_hthresh.rbits4 = 32;
4103 net->xfrm.policy_hthresh.lbits6 = 128;
4104 net->xfrm.policy_hthresh.rbits6 = 128;
4106 seqlock_init(&net->xfrm.policy_hthresh.lock);
4108 INIT_LIST_HEAD(&net->xfrm.policy_all);
4109 INIT_LIST_HEAD(&net->xfrm.inexact_bins);
4110 INIT_WORK(&net->xfrm.policy_hash_work, xfrm_hash_resize);
4111 INIT_WORK(&net->xfrm.policy_hthresh.work, xfrm_hash_rebuild);
4118 htab = &net->xfrm.policy_bydst[dir];
4121 xfrm_hash_free(net->xfrm.policy_byidx, sz);
4132 flush_work(&net->xfrm.policy_hash_work);
4138 WARN_ON(!list_empty(&net->xfrm.policy_all));
4143 WARN_ON(!hlist_empty(&net->xfrm.policy_inexact[dir]));
4145 htab = &net->xfrm.policy_bydst[dir];
4151 sz = (net->xfrm.policy_idx_hmask + 1) * sizeof(struct hlist_head);
4152 WARN_ON(!hlist_empty(net->xfrm.policy_byidx));
4153 xfrm_hash_free(net->xfrm.policy_byidx, sz);
4155 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
4156 list_for_each_entry_safe(b, t, &net->xfrm.inexact_bins, inexact_bins)
4158 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
4166 spin_lock_init(&net->xfrm.xfrm_state_lock);
4167 spin_lock_init(&net->xfrm.xfrm_policy_lock);
4168 seqcount_spinlock_init(&net->xfrm.xfrm_policy_hash_generation, &net->xfrm.xfrm_policy_lock);
4169 mutex_init(&net->xfrm.xfrm_cfg_mutex);
4170 net->xfrm.policy_default[XFRM_POLICY_IN] = XFRM_USERPOLICY_ACCEPT;
4171 net->xfrm.policy_default[XFRM_POLICY_FWD] = XFRM_USERPOLICY_ACCEPT;
4172 net->xfrm.policy_default[XFRM_POLICY_OUT] = XFRM_USERPOLICY_ACCEPT;
4320 spin_lock_bh(&net->xfrm.xfrm_policy_lock);
4331 chain = &net->xfrm.policy_inexact[dir];
4346 spin_unlock_bh(&net->xfrm.xfrm_policy_lock);