1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0 */ 2*4882a593Smuzhiyun #ifndef __NETNS_XFRM_H 3*4882a593Smuzhiyun #define __NETNS_XFRM_H 4*4882a593Smuzhiyun 5*4882a593Smuzhiyun #include <linux/list.h> 6*4882a593Smuzhiyun #include <linux/wait.h> 7*4882a593Smuzhiyun #include <linux/workqueue.h> 8*4882a593Smuzhiyun #include <linux/rhashtable-types.h> 9*4882a593Smuzhiyun #include <linux/xfrm.h> 10*4882a593Smuzhiyun #include <linux/android_kabi.h> 11*4882a593Smuzhiyun #include <net/dst_ops.h> 12*4882a593Smuzhiyun 13*4882a593Smuzhiyun struct ctl_table_header; 14*4882a593Smuzhiyun 15*4882a593Smuzhiyun struct xfrm_policy_hash { 16*4882a593Smuzhiyun struct hlist_head __rcu *table; 17*4882a593Smuzhiyun unsigned int hmask; 18*4882a593Smuzhiyun u8 dbits4; 19*4882a593Smuzhiyun u8 sbits4; 20*4882a593Smuzhiyun u8 dbits6; 21*4882a593Smuzhiyun u8 sbits6; 22*4882a593Smuzhiyun }; 23*4882a593Smuzhiyun 24*4882a593Smuzhiyun struct xfrm_policy_hthresh { 25*4882a593Smuzhiyun struct work_struct work; 26*4882a593Smuzhiyun seqlock_t lock; 27*4882a593Smuzhiyun u8 lbits4; 28*4882a593Smuzhiyun u8 rbits4; 29*4882a593Smuzhiyun u8 lbits6; 30*4882a593Smuzhiyun u8 rbits6; 31*4882a593Smuzhiyun }; 32*4882a593Smuzhiyun 33*4882a593Smuzhiyun struct netns_xfrm { 34*4882a593Smuzhiyun struct list_head state_all; 35*4882a593Smuzhiyun /* 36*4882a593Smuzhiyun * Hash table to find appropriate SA towards given target (endpoint of 37*4882a593Smuzhiyun * tunnel or destination of transport mode) allowed by selector. 38*4882a593Smuzhiyun * 39*4882a593Smuzhiyun * Main use is finding SA after policy selected tunnel or transport 40*4882a593Smuzhiyun * mode. Also, it can be used by ah/esp icmp error handler to find 41*4882a593Smuzhiyun * offending SA. 42*4882a593Smuzhiyun */ 43*4882a593Smuzhiyun struct hlist_head __rcu *state_bydst; 44*4882a593Smuzhiyun struct hlist_head __rcu *state_bysrc; 45*4882a593Smuzhiyun struct hlist_head __rcu *state_byspi; 46*4882a593Smuzhiyun unsigned int state_hmask; 47*4882a593Smuzhiyun unsigned int state_num; 48*4882a593Smuzhiyun struct work_struct state_hash_work; 49*4882a593Smuzhiyun 50*4882a593Smuzhiyun struct list_head policy_all; 51*4882a593Smuzhiyun struct hlist_head *policy_byidx; 52*4882a593Smuzhiyun unsigned int policy_idx_hmask; 53*4882a593Smuzhiyun struct hlist_head policy_inexact[XFRM_POLICY_MAX]; 54*4882a593Smuzhiyun struct xfrm_policy_hash policy_bydst[XFRM_POLICY_MAX]; 55*4882a593Smuzhiyun unsigned int policy_count[XFRM_POLICY_MAX * 2]; 56*4882a593Smuzhiyun struct work_struct policy_hash_work; 57*4882a593Smuzhiyun struct xfrm_policy_hthresh policy_hthresh; 58*4882a593Smuzhiyun struct list_head inexact_bins; 59*4882a593Smuzhiyun 60*4882a593Smuzhiyun 61*4882a593Smuzhiyun struct sock *nlsk; 62*4882a593Smuzhiyun struct sock *nlsk_stash; 63*4882a593Smuzhiyun 64*4882a593Smuzhiyun u32 sysctl_aevent_etime; 65*4882a593Smuzhiyun u32 sysctl_aevent_rseqth; 66*4882a593Smuzhiyun int sysctl_larval_drop; 67*4882a593Smuzhiyun u32 sysctl_acq_expires; 68*4882a593Smuzhiyun #ifdef CONFIG_SYSCTL 69*4882a593Smuzhiyun struct ctl_table_header *sysctl_hdr; 70*4882a593Smuzhiyun #endif 71*4882a593Smuzhiyun 72*4882a593Smuzhiyun struct dst_ops xfrm4_dst_ops; 73*4882a593Smuzhiyun #if IS_ENABLED(CONFIG_IPV6) 74*4882a593Smuzhiyun struct dst_ops xfrm6_dst_ops; 75*4882a593Smuzhiyun #endif 76*4882a593Smuzhiyun spinlock_t xfrm_state_lock; 77*4882a593Smuzhiyun seqcount_t xfrm_state_hash_generation; 78*4882a593Smuzhiyun 79*4882a593Smuzhiyun spinlock_t xfrm_policy_lock; 80*4882a593Smuzhiyun struct mutex xfrm_cfg_mutex; 81*4882a593Smuzhiyun 82*4882a593Smuzhiyun ANDROID_KABI_RESERVE(1); 83*4882a593Smuzhiyun }; 84*4882a593Smuzhiyun 85*4882a593Smuzhiyun #endif 86