| /kernel/linux/linux-5.10/drivers/net/ethernet/mellanox/mlx5/core/accel/ |
| H A D | ipsec.c | 107 struct mlx5_accel_esp_xfrm *xfrm, in mlx5_accel_esp_create_hw_context()
116 if (!xfrm->attrs.is_ipv6) { in mlx5_accel_esp_create_hw_context()
117 saddr[3] = xfrm->attrs.saddr.a4; in mlx5_accel_esp_create_hw_context()
118 daddr[3] = xfrm->attrs.daddr.a4; in mlx5_accel_esp_create_hw_context()
120 memcpy(saddr, xfrm->attrs.saddr.a6, sizeof(saddr)); in mlx5_accel_esp_create_hw_context()
121 memcpy(daddr, xfrm->attrs.daddr.a6, sizeof(daddr)); in mlx5_accel_esp_create_hw_context()
124 return ipsec_ops->create_hw_context(mdev, xfrm, saddr, daddr, xfrm->attrs.spi, in mlx5_accel_esp_create_hw_context()
125 xfrm->attrs.is_ipv6, sa_handle); in mlx5_accel_esp_create_hw_context()
144 struct mlx5_accel_esp_xfrm *xfrm; in mlx5_accel_esp_create_xfrm() local
106 mlx5_accel_esp_create_hw_context(struct mlx5_core_dev *mdev, struct mlx5_accel_esp_xfrm *xfrm, u32 *sa_handle) mlx5_accel_esp_create_hw_context() argument
158 mlx5_accel_esp_destroy_xfrm(struct mlx5_accel_esp_xfrm *xfrm) mlx5_accel_esp_destroy_xfrm() argument
169 mlx5_accel_esp_modify_xfrm(struct mlx5_accel_esp_xfrm *xfrm, const struct mlx5_accel_esp_xfrm_attrs *attrs) mlx5_accel_esp_modify_xfrm() argument
[all...] |
| H A D | ipsec.h | 50 struct mlx5_accel_esp_xfrm *xfrm,
62 struct mlx5_accel_esp_xfrm *xfrm,
71 int (*esp_modify_xfrm)(struct mlx5_accel_esp_xfrm *xfrm,
73 void (*esp_destroy_xfrm)(struct mlx5_accel_esp_xfrm *xfrm);
82 struct mlx5_accel_esp_xfrm *xfrm, in mlx5_accel_esp_create_hw_context()
81 mlx5_accel_esp_create_hw_context(struct mlx5_core_dev *mdev, struct mlx5_accel_esp_xfrm *xfrm, u32 *sa_handle) mlx5_accel_esp_create_hw_context() argument
|
| H A D | ipsec_offload.c | 61 mlx5_core_err(mdev, "Cannot offload xfrm states with anti replay (replay_type = %d)\n", in mlx5_ipsec_offload_esp_validate_xfrm_attrs()
81 mlx5_core_err(mdev, "Cannot offload xfrm states with key length other than 128/256 bit (key length = %d)\n", in mlx5_ipsec_offload_esp_validate_xfrm_attrs()
88 mlx5_core_err(mdev, "Cannot offload xfrm states with ESN triggered\n"); in mlx5_ipsec_offload_esp_validate_xfrm_attrs()
118 static void mlx5_ipsec_offload_esp_destroy_xfrm(struct mlx5_accel_esp_xfrm *xfrm) in mlx5_ipsec_offload_esp_destroy_xfrm() argument
120 struct mlx5_ipsec_esp_xfrm *mxfrm = container_of(xfrm, struct mlx5_ipsec_esp_xfrm, in mlx5_ipsec_offload_esp_destroy_xfrm()
330 static int mlx5_ipsec_offload_esp_modify_xfrm(struct mlx5_accel_esp_xfrm *xfrm, in mlx5_ipsec_offload_esp_modify_xfrm() argument
334 struct mlx5_core_dev *mdev = xfrm->mdev; in mlx5_ipsec_offload_esp_modify_xfrm()
339 if (!memcmp(&xfrm->attrs, attrs, sizeof(xfrm->attrs))) in mlx5_ipsec_offload_esp_modify_xfrm()
345 mxfrm = container_of(xfrm, struc in mlx5_ipsec_offload_esp_modify_xfrm()
[all...] |
| /kernel/linux/linux-5.10/net/xfrm/ |
| H A D | xfrm_sysctl.c | 5 #include <net/xfrm.h>
9 net->xfrm.sysctl_aevent_etime = XFRM_AE_ETIME; in __xfrm_sysctl_init()
10 net->xfrm.sysctl_aevent_rseqth = XFRM_AE_SEQT_SIZE; in __xfrm_sysctl_init()
11 net->xfrm.sysctl_larval_drop = 1; in __xfrm_sysctl_init()
12 net->xfrm.sysctl_acq_expires = 30; in __xfrm_sysctl_init()
53 table[0].data = &net->xfrm.sysctl_aevent_etime; in xfrm_sysctl_init()
54 table[1].data = &net->xfrm.sysctl_aevent_rseqth; in xfrm_sysctl_init()
55 table[2].data = &net->xfrm.sysctl_larval_drop; in xfrm_sysctl_init()
56 table[3].data = &net->xfrm.sysctl_acq_expires; in xfrm_sysctl_init()
62 net->xfrm in xfrm_sysctl_init()
[all...] |
| H A D | xfrm_policy.c | 35 #include <net/xfrm.h>
77 /* xfrm inexact policy search tree:
458 return __idx_hash(index, net->xfrm.policy_idx_hmask); in idx_hash()
468 *dbits = net->xfrm.policy_bydst[dir].dbits4; in __get_hash_thresh()
469 *sbits = net->xfrm.policy_bydst[dir].sbits4; in __get_hash_thresh()
473 *dbits = net->xfrm.policy_bydst[dir].dbits6; in __get_hash_thresh()
474 *sbits = net->xfrm.policy_bydst[dir].sbits6; in __get_hash_thresh()
487 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask; in policy_hash_bysel()
498 return rcu_dereference_check(net->xfrm.policy_bydst[dir].table, in policy_hash_bysel()
499 lockdep_is_held(&net->xfrm in policy_hash_bysel()
2363 xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl, struct xfrm_state **xfrm, unsigned short family) xfrm_tmpl_resolve_one() argument
2422 xfrm_tmpl_resolve(struct xfrm_policy **pols, int npols, const struct flowi *fl, struct xfrm_state **xfrm, unsigned short family) xfrm_tmpl_resolve() argument
2534 xfrm_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, struct xfrm_dst **bundle, int nx, const struct flowi *fl, struct dst_entry *dst) xfrm_bundle_create() argument
2724 struct xfrm_state *xfrm[XFRM_MAX_DEPTH]; xfrm_resolve_and_create_bundle() local
3927 const struct xfrm_state *xfrm = dst->xfrm; xfrm_get_dst_nexthop() local
[all...] |
| H A D | xfrm_state.c | 18 #include <net/xfrm.h>
35 rcu_dereference_protected((table), lockdep_is_held(&(net)->xfrm.xfrm_state_lock))
63 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask); in xfrm_dst_hash()
71 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask); in xfrm_src_hash()
78 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask); in xfrm_spi_hash()
119 struct net *net = container_of(work, struct net, xfrm.state_hash_work); in xfrm_hash_resize()
125 nsize = xfrm_hash_new_size(net->xfrm.state_hmask); in xfrm_hash_resize()
141 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_hash_resize()
142 write_seqcount_begin(&net->xfrm.xfrm_state_hash_generation); in xfrm_hash_resize()
145 odst = xfrm_state_deref_prot(net->xfrm in xfrm_hash_resize()
[all...] |
| /kernel/linux/linux-6.6/net/xfrm/ |
| H A D | xfrm_sysctl.c | 5 #include <net/xfrm.h>
9 net->xfrm.sysctl_aevent_etime = XFRM_AE_ETIME; in __xfrm_sysctl_init()
10 net->xfrm.sysctl_aevent_rseqth = XFRM_AE_SEQT_SIZE; in __xfrm_sysctl_init()
11 net->xfrm.sysctl_larval_drop = 1; in __xfrm_sysctl_init()
12 net->xfrm.sysctl_acq_expires = 30; in __xfrm_sysctl_init()
54 table[0].data = &net->xfrm.sysctl_aevent_etime; in xfrm_sysctl_init()
55 table[1].data = &net->xfrm.sysctl_aevent_rseqth; in xfrm_sysctl_init()
56 table[2].data = &net->xfrm.sysctl_larval_drop; in xfrm_sysctl_init()
57 table[3].data = &net->xfrm.sysctl_acq_expires; in xfrm_sysctl_init()
65 net->xfrm in xfrm_sysctl_init()
[all...] |
| H A D | xfrm_policy.c | 35 #include <net/xfrm.h>
77 /* xfrm inexact policy search tree:
459 return __idx_hash(index, net->xfrm.policy_idx_hmask); in idx_hash()
469 *dbits = net->xfrm.policy_bydst[dir].dbits4; in __get_hash_thresh()
470 *sbits = net->xfrm.policy_bydst[dir].sbits4; in __get_hash_thresh()
474 *dbits = net->xfrm.policy_bydst[dir].dbits6; in __get_hash_thresh()
475 *sbits = net->xfrm.policy_bydst[dir].sbits6; in __get_hash_thresh()
488 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask; in policy_hash_bysel()
499 return rcu_dereference_check(net->xfrm.policy_bydst[dir].table, in policy_hash_bysel()
500 lockdep_is_held(&net->xfrm in policy_hash_bysel()
2444 xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl, struct xfrm_state **xfrm, unsigned short family) xfrm_tmpl_resolve_one() argument
2503 xfrm_tmpl_resolve(struct xfrm_policy **pols, int npols, const struct flowi *fl, struct xfrm_state **xfrm, unsigned short family) xfrm_tmpl_resolve() argument
2613 xfrm_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, struct xfrm_dst **bundle, int nx, const struct flowi *fl, struct dst_entry *dst) xfrm_bundle_create() argument
2807 struct xfrm_state *xfrm[XFRM_MAX_DEPTH]; xfrm_resolve_and_create_bundle() local
3978 const struct xfrm_state *xfrm = dst->xfrm; xfrm_get_dst_nexthop() local
[all...] |
| H A D | xfrm_state.c | 19 #include <net/xfrm.h>
36 rcu_dereference_protected((table), lockdep_is_held(&(net)->xfrm.xfrm_state_lock))
64 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask); in xfrm_dst_hash()
72 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask); in xfrm_src_hash()
79 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask); in xfrm_spi_hash()
84 return __xfrm_seq_hash(seq, net->xfrm.state_hmask); in xfrm_seq_hash()
152 struct net *net = container_of(work, struct net, xfrm.state_hash_work); in xfrm_hash_resize()
158 nsize = xfrm_hash_new_size(net->xfrm.state_hmask); in xfrm_hash_resize()
181 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_hash_resize()
182 write_seqcount_begin(&net->xfrm in xfrm_hash_resize()
[all...] |
| /kernel/linux/linux-5.10/tools/testing/selftests/net/ |
| H A D | xfrm_policy.sh | 4 # Check xfrm policy resolution. Topology:
39 ip -net $ns xfrm policy add src $lnet dst $rnet dir out tmpl src $me dst $remote proto esp mode tunnel priority 100 action allow
41 ip -net $ns xfrm policy add src $rnet dst $lnet dir fwd tmpl src $remote dst $me proto esp mode tunnel priority 100 action allow
53 ip -net $ns xfrm state add src $remote dst $me proto esp spi $spi_in enc aes $KEY_AES auth sha1 $KEY_SHA mode tunnel sel src $rnet dst $lnet
54 ip -net $ns xfrm state add src $me dst $remote proto esp spi $spi_out enc aes $KEY_AES auth sha1 $KEY_SHA mode tunnel sel src $lnet dst $rnet
76 ip -net $ns xfrm policy add src 10.1.0.0/24 dst 10.0.0.0/24 dir fwd priority 200 action block
79 ip -net $ns xfrm policy add src 10.2.0.0/24 dst 10.0.0.0/24 dir fwd priority 200 action block
82 ip -net $ns xfrm policy add src 10.2.0.0/23 dst 10.0.1.0/24 dir fwd priority 200 action block
108 ip -net $ns xfrm policy add src 10.1.0.0/24 dst 10.0.0.0/23 dir fwd priority 200 action block
113 ip -net $ns xfrm polic
[all...] |
| H A D | l2tp.sh | 234 run_cmd host-1 ip xfrm policy add \
238 run_cmd host-1 ip xfrm policy add \
242 run_cmd host-2 ip xfrm policy add \
246 run_cmd host-2 ip xfrm policy add \
250 ip -netns host-1 xfrm state add \
255 ip -netns host-1 xfrm state add \
260 ip -netns host-2 xfrm state add \
265 ip -netns host-2 xfrm state add \
273 run_cmd host-1 ip -6 xfrm policy add \
277 run_cmd host-1 ip -6 xfrm polic
[all...] |
| H A D | vrf-xfrm-tests.sh | 202 ip -netns ${ns} xfrm ${x} flush
203 ip -6 -netns ${ns} xfrm ${x} flush
221 ip -netns host1 xfrm policy add \
226 ip -netns host2 xfrm policy add \
231 ip -netns host1 xfrm policy add \
236 ip -netns host2 xfrm policy add \
242 ip -6 -netns host1 xfrm policy add \
247 ip -6 -netns host2 xfrm policy add \
252 ip -6 -netns host1 xfrm policy add \
257 ip -6 -netns host2 xfrm polic
[all...] |
| /kernel/linux/linux-6.6/tools/testing/selftests/net/ |
| H A D | xfrm_policy.sh | 4 # Check xfrm policy resolution. Topology:
39 ip -net $ns xfrm policy add src $lnet dst $rnet dir out tmpl src $me dst $remote proto esp mode tunnel priority 100 action allow
41 ip -net $ns xfrm policy add src $rnet dst $lnet dir fwd tmpl src $remote dst $me proto esp mode tunnel priority 100 action allow
53 ip -net $ns xfrm state add src $remote dst $me proto esp spi $spi_in enc aes $KEY_AES auth sha1 $KEY_SHA mode tunnel sel src $rnet dst $lnet
54 ip -net $ns xfrm state add src $me dst $remote proto esp spi $spi_out enc aes $KEY_AES auth sha1 $KEY_SHA mode tunnel sel src $lnet dst $rnet
76 ip -net $ns xfrm policy add src 10.1.0.0/24 dst 10.0.0.0/24 dir fwd priority 200 action block
79 ip -net $ns xfrm policy add src 10.2.0.0/24 dst 10.0.0.0/24 dir fwd priority 200 action block
82 ip -net $ns xfrm policy add src 10.2.0.0/23 dst 10.0.1.0/24 dir fwd priority 200 action block
108 ip -net $ns xfrm policy add src 10.1.0.0/24 dst 10.0.0.0/23 dir fwd priority 200 action block
113 ip -net $ns xfrm polic
[all...] |
| H A D | l2tp.sh | 234 run_cmd host-1 ip xfrm policy add \
238 run_cmd host-1 ip xfrm policy add \
242 run_cmd host-2 ip xfrm policy add \
246 run_cmd host-2 ip xfrm policy add \
250 ip -netns host-1 xfrm state add \
255 ip -netns host-1 xfrm state add \
260 ip -netns host-2 xfrm state add \
265 ip -netns host-2 xfrm state add \
273 run_cmd host-1 ip -6 xfrm policy add \
277 run_cmd host-1 ip -6 xfrm polic
[all...] |
| H A D | vrf-xfrm-tests.sh | 202 ip -netns ${ns} xfrm ${x} flush
203 ip -6 -netns ${ns} xfrm ${x} flush
221 ip -netns host1 xfrm policy add \
226 ip -netns host2 xfrm policy add \
231 ip -netns host1 xfrm policy add \
236 ip -netns host2 xfrm policy add \
242 ip -6 -netns host1 xfrm policy add \
247 ip -6 -netns host2 xfrm policy add \
252 ip -6 -netns host1 xfrm policy add \
257 ip -6 -netns host2 xfrm polic
[all...] |
| /kernel/linux/linux-6.6/net/netfilter/ |
| H A D | nft_xfrm.c | 16 #include <net/xfrm.h>
182 for (i = 0; dst && dst->xfrm; in nft_xfrm_get_eval_out()
187 nft_xfrm_state_get_key(priv, regs, dst->xfrm); in nft_xfrm_get_eval_out()
266 const struct nft_xfrm *xfrm; in nft_xfrm_reduce() local
273 xfrm = nft_expr_priv(track->regs[priv->dreg].selector); in nft_xfrm_reduce()
274 if (priv->key != xfrm->key || in nft_xfrm_reduce()
275 priv->dreg != xfrm->dreg || in nft_xfrm_reduce()
276 priv->dir != xfrm->dir || in nft_xfrm_reduce()
277 priv->spnum != xfrm->spnum) { in nft_xfrm_reduce()
300 .name = "xfrm",
[all...] |
| /kernel/linux/linux-5.10/include/linux/mlx5/ |
| H A D | accel.h | 137 void mlx5_accel_esp_destroy_xfrm(struct mlx5_accel_esp_xfrm *xfrm);
138 int mlx5_accel_esp_modify_xfrm(struct mlx5_accel_esp_xfrm *xfrm,
150 mlx5_accel_esp_destroy_xfrm(struct mlx5_accel_esp_xfrm *xfrm) {} in mlx5_accel_esp_destroy_xfrm() argument
152 mlx5_accel_esp_modify_xfrm(struct mlx5_accel_esp_xfrm *xfrm, in mlx5_accel_esp_modify_xfrm() argument
|
| /kernel/linux/linux-5.10/net/ipv6/ |
| H A D | xfrm6_policy.c | 20 #include <net/xfrm.h>
155 } while (xdst->u.dst.xfrm); in xfrm6_dst_ifdown()
196 .data = &init_net.xfrm.xfrm6_dst_ops.gc_thresh,
215 table[0].data = &net->xfrm.xfrm6_dst_ops.gc_thresh; in xfrm6_net_sysctl_init()
259 memcpy(&net->xfrm.xfrm6_dst_ops, &xfrm6_dst_ops_template, in xfrm6_net_init()
261 ret = dst_entries_init(&net->xfrm.xfrm6_dst_ops); in xfrm6_net_init()
267 dst_entries_destroy(&net->xfrm.xfrm6_dst_ops); in xfrm6_net_init()
275 dst_entries_destroy(&net->xfrm.xfrm6_dst_ops); in xfrm6_net_exit()
|
| /kernel/linux/linux-6.6/net/ipv6/ |
| H A D | xfrm6_policy.c | 20 #include <net/xfrm.h>
141 } while (xdst->u.dst.xfrm); in xfrm6_dst_ifdown()
182 .data = &init_net.xfrm.xfrm6_dst_ops.gc_thresh,
201 table[0].data = &net->xfrm.xfrm6_dst_ops.gc_thresh; in xfrm6_net_sysctl_init()
246 memcpy(&net->xfrm.xfrm6_dst_ops, &xfrm6_dst_ops_template, in xfrm6_net_init()
248 ret = dst_entries_init(&net->xfrm.xfrm6_dst_ops); in xfrm6_net_init()
254 dst_entries_destroy(&net->xfrm.xfrm6_dst_ops); in xfrm6_net_init()
262 dst_entries_destroy(&net->xfrm.xfrm6_dst_ops); in xfrm6_net_exit()
|
| /kernel/linux/linux-5.10/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ |
| H A D | ipsec.c | 215 netdev_info(netdev, "Cannot offload authenticated xfrm states\n"); in mlx5e_xfrm_validate_state()
219 netdev_info(netdev, "Only AES-GCM-ICV16 xfrm state may be offloaded\n"); in mlx5e_xfrm_validate_state()
223 netdev_info(netdev, "Cannot offload compressed xfrm states\n"); in mlx5e_xfrm_validate_state()
229 netdev_info(netdev, "Cannot offload ESN xfrm states\n"); in mlx5e_xfrm_validate_state()
234 netdev_info(netdev, "Only IPv4/6 xfrm states may be offloaded\n"); in mlx5e_xfrm_validate_state()
239 dev_info(&netdev->dev, "Only transport and tunnel xfrm states may be offloaded\n"); in mlx5e_xfrm_validate_state()
243 netdev_info(netdev, "Only ESP xfrm state may be offloaded\n"); in mlx5e_xfrm_validate_state()
247 netdev_info(netdev, "Encapsulated xfrm state may not be offloaded\n"); in mlx5e_xfrm_validate_state()
251 netdev_info(netdev, "Cannot offload xfrm states without aead\n"); in mlx5e_xfrm_validate_state()
255 netdev_info(netdev, "Cannot offload xfrm state in mlx5e_xfrm_validate_state()
[all...] |
| /kernel/linux/linux-5.10/net/ipv4/ |
| H A D | xfrm4_policy.c | 16 #include <net/xfrm.h>
163 .data = &init_net.xfrm.xfrm4_dst_ops.gc_thresh,
182 table[0].data = &net->xfrm.xfrm4_dst_ops.gc_thresh; in xfrm4_net_sysctl_init()
226 memcpy(&net->xfrm.xfrm4_dst_ops, &xfrm4_dst_ops_template, in xfrm4_net_init()
228 ret = dst_entries_init(&net->xfrm.xfrm4_dst_ops); in xfrm4_net_init()
234 dst_entries_destroy(&net->xfrm.xfrm4_dst_ops); in xfrm4_net_init()
242 dst_entries_destroy(&net->xfrm.xfrm4_dst_ops); in xfrm4_net_exit()
|
| /kernel/linux/linux-6.6/net/ipv4/ |
| H A D | xfrm4_policy.c | 16 #include <net/xfrm.h>
150 .data = &init_net.xfrm.xfrm4_dst_ops.gc_thresh,
169 table[0].data = &net->xfrm.xfrm4_dst_ops.gc_thresh; in xfrm4_net_sysctl_init()
214 memcpy(&net->xfrm.xfrm4_dst_ops, &xfrm4_dst_ops_template, in xfrm4_net_init()
216 ret = dst_entries_init(&net->xfrm.xfrm4_dst_ops); in xfrm4_net_init()
222 dst_entries_destroy(&net->xfrm.xfrm4_dst_ops); in xfrm4_net_init()
230 dst_entries_destroy(&net->xfrm.xfrm4_dst_ops); in xfrm4_net_exit()
|
| /kernel/linux/linux-5.10/tools/testing/selftests/bpf/ |
| H A D | test_tunnel.sh | 595 ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \
599 ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir out \
604 ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \
608 ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir in \
620 ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \
623 ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir in \
627 ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \
630 ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir out \
657 echo -e ${RED}"FAIL: xfrm tunnel"${NC}
660 echo -e ${GREEN}"PASS: xfrm tunne
[all...] |
| /kernel/linux/linux-6.6/tools/testing/selftests/bpf/ |
| H A D | test_tunnel.sh | 529 ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \
533 ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir out \
538 ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \
542 ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir in \
554 ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \
557 ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir in \
561 ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \
564 ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir out \
598 echo -e ${RED}"FAIL: xfrm tunnel"${NC}
601 echo -e ${GREEN}"PASS: xfrm tunne
[all...] |
| /kernel/linux/linux-5.10/net/netfilter/ |
| H A D | xt_policy.c | 11 #include <net/xfrm.h>
90 if (dst->xfrm == NULL) in match_policy_out()
93 for (i = 0; dst && dst->xfrm; in match_policy_out()
100 if (match_xfrm_state(dst->xfrm, e, family)) { in match_policy_out()
|