Home
last modified time | relevance | path

Searched refs:xfrm (Results 1 – 25 of 55) sorted by relevance

123

/linux-6.12.1/net/xfrm/
Dxfrm_sysctl.c9 net->xfrm.sysctl_aevent_etime = XFRM_AE_ETIME; in __xfrm_sysctl_init()
10 net->xfrm.sysctl_aevent_rseqth = XFRM_AE_SEQT_SIZE; in __xfrm_sysctl_init()
11 net->xfrm.sysctl_larval_drop = 1; in __xfrm_sysctl_init()
12 net->xfrm.sysctl_acq_expires = 30; in __xfrm_sysctl_init()
53 table[0].data = &net->xfrm.sysctl_aevent_etime; in xfrm_sysctl_init()
54 table[1].data = &net->xfrm.sysctl_aevent_rseqth; in xfrm_sysctl_init()
55 table[2].data = &net->xfrm.sysctl_larval_drop; in xfrm_sysctl_init()
56 table[3].data = &net->xfrm.sysctl_acq_expires; in xfrm_sysctl_init()
62 net->xfrm.sysctl_hdr = register_net_sysctl_sz(net, "net/core", table, in xfrm_sysctl_init()
64 if (!net->xfrm.sysctl_hdr) in xfrm_sysctl_init()
[all …]
Dxfrm_policy.c500 return __idx_hash(index, net->xfrm.policy_idx_hmask); in idx_hash()
510 *dbits = net->xfrm.policy_bydst[dir].dbits4; in __get_hash_thresh()
511 *sbits = net->xfrm.policy_bydst[dir].sbits4; in __get_hash_thresh()
515 *dbits = net->xfrm.policy_bydst[dir].dbits6; in __get_hash_thresh()
516 *sbits = net->xfrm.policy_bydst[dir].sbits6; in __get_hash_thresh()
529 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask; in policy_hash_bysel()
540 return rcu_dereference_check(net->xfrm.policy_bydst[dir].table, in policy_hash_bysel()
541 lockdep_is_held(&net->xfrm.xfrm_policy_lock)) + hash; in policy_hash_bysel()
549 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask; in policy_hash_direct()
557 return rcu_dereference_check(net->xfrm.policy_bydst[dir].table, in policy_hash_direct()
[all …]
Dxfrm_state.c36 rcu_dereference_protected((table), lockdep_is_held(&(net)->xfrm.xfrm_state_lock))
65 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask); in xfrm_dst_hash()
73 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask); in xfrm_src_hash()
80 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask); in xfrm_spi_hash()
85 return __xfrm_seq_hash(seq, net->xfrm.state_hmask); in xfrm_seq_hash()
153 struct net *net = container_of(work, struct net, xfrm.state_hash_work); in xfrm_hash_resize()
159 nsize = xfrm_hash_new_size(net->xfrm.state_hmask); in xfrm_hash_resize()
182 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_hash_resize()
183 write_seqcount_begin(&net->xfrm.xfrm_state_hash_generation); in xfrm_hash_resize()
186 odst = xfrm_state_deref_prot(net->xfrm.state_bydst, net); in xfrm_hash_resize()
[all …]
Dxfrm_nat_keepalive.c196 net = container_of(work, struct net, xfrm.nat_keepalive_work.work); in nat_keepalive_work()
201 schedule_delayed_work(&net->xfrm.nat_keepalive_work, in nat_keepalive_work()
243 schedule_delayed_work(&net->xfrm.nat_keepalive_work, 0); in xfrm_nat_keepalive_state_updated()
248 INIT_DELAYED_WORK(&net->xfrm.nat_keepalive_work, nat_keepalive_work); in xfrm_nat_keepalive_net_init()
254 cancel_delayed_work_sync(&net->xfrm.nat_keepalive_work); in xfrm_nat_keepalive_net_fini()
Dxfrm_user.c860 x->replay_maxdiff = net->xfrm.sysctl_aevent_rseqth; in xfrm_state_construct()
862 x->replay_maxage = (net->xfrm.sysctl_aevent_etime*HZ)/XFRM_AE_ETH_M; in xfrm_state_construct()
1445 struct sock *nlsk = rcu_dereference(net->xfrm.nlsk); in xfrm_nlmsg_multicast()
1505 lseq = read_seqbegin(&net->xfrm.policy_hthresh.lock); in build_spdinfo()
1507 spt4.lbits = net->xfrm.policy_hthresh.lbits4; in build_spdinfo()
1508 spt4.rbits = net->xfrm.policy_hthresh.rbits4; in build_spdinfo()
1509 spt6.lbits = net->xfrm.policy_hthresh.lbits6; in build_spdinfo()
1510 spt6.rbits = net->xfrm.policy_hthresh.rbits6; in build_spdinfo()
1511 } while (read_seqretry(&net->xfrm.policy_hthresh.lock, lseq)); in build_spdinfo()
1566 write_seqlock(&net->xfrm.policy_hthresh.lock); in xfrm_set_spdinfo()
[all …]
Dxfrm_output.c493 struct xfrm_state *x = dst->xfrm; in xfrm_output_one()
571 x = dst->xfrm; in xfrm_output_one()
586 struct net *net = xs_net(skb_dst(skb)->xfrm); in xfrm_output_resume()
595 if (!skb_dst(skb)->xfrm) in xfrm_output_resume()
706 struct xfrm_state *x = skb_dst(skb)->xfrm; in xfrm_output()
/linux-6.12.1/tools/testing/selftests/net/
Dxfrm_policy.sh38 …ip -net $ns xfrm policy add src $lnet dst $rnet dir out tmpl src $me dst $remote proto esp mode tu…
40 …ip -net $ns xfrm policy add src $rnet dst $lnet dir fwd tmpl src $remote dst $me proto esp mode tu…
52 …ip -net $ns xfrm state add src $remote dst $me proto esp spi $spi_in enc aes $KEY_AES auth sha1 …
53 …ip -net $ns xfrm state add src $me dst $remote proto esp spi $spi_out enc aes $KEY_AES auth sha1 …
75 ip -net $ns xfrm policy add src 10.1.0.0/24 dst 10.0.0.0/24 dir fwd priority 200 action block
78 ip -net $ns xfrm policy add src 10.2.0.0/24 dst 10.0.0.0/24 dir fwd priority 200 action block
81 ip -net $ns xfrm policy add src 10.2.0.0/23 dst 10.0.1.0/24 dir fwd priority 200 action block
107 ip -net $ns xfrm policy add src 10.1.0.0/24 dst 10.0.0.0/23 dir fwd priority 200 action block
112 …ip -net $ns xfrm policy add src 10.253.1.$((RANDOM%255))/$p dst 10.254.1.$((RANDOM%255))/$p dir fw…
122 ip -net $ns xfrm policy get src $lnet dst $rnet dir out > /dev/null
[all …]
Dl2tp.sh228 run_cmd $host_1 ip xfrm policy add \
232 run_cmd $host_1 ip xfrm policy add \
236 run_cmd $host_2 ip xfrm policy add \
240 run_cmd $host_2 ip xfrm policy add \
244 ip -netns $host_1 xfrm state add \
249 ip -netns $host_1 xfrm state add \
254 ip -netns $host_2 xfrm state add \
259 ip -netns $host_2 xfrm state add \
267 run_cmd $host_1 ip -6 xfrm policy add \
271 run_cmd $host_1 ip -6 xfrm policy add \
[all …]
Dvrf-xfrm-tests.sh197 ip -netns ${ns} xfrm ${x} flush
198 ip -6 -netns ${ns} xfrm ${x} flush
216 ip -netns $host1 xfrm policy add \
221 ip -netns $host2 xfrm policy add \
226 ip -netns $host1 xfrm policy add \
231 ip -netns $host2 xfrm policy add \
237 ip -6 -netns $host1 xfrm policy add \
242 ip -6 -netns $host2 xfrm policy add \
247 ip -6 -netns $host1 xfrm policy add \
252 ip -6 -netns $host2 xfrm policy add \
[all …]
Dxfrm_policy_add_speed.sh28 ip netns exec "$ns" ip xfrm policy flush
40 echo xfrm policy add src 10.$s.$j.0/30 dst 10.$d.$j.$a/$pfx dir $dir action block
45 echo xfrm policy add src 10.$s.$j.$a/30 dst 10.$d.$j.0/$pfx dir $dir action block
70 have=$(ip netns exec "$ns" ip xfrm policy show | grep "action block" | wc -l)
/linux-6.12.1/net/netfilter/
Dnft_xfrm.c182 for (i = 0; dst && dst->xfrm; in nft_xfrm_get_eval_out()
187 nft_xfrm_state_get_key(priv, regs, dst->xfrm); in nft_xfrm_get_eval_out()
265 const struct nft_xfrm *xfrm; in nft_xfrm_reduce() local
272 xfrm = nft_expr_priv(track->regs[priv->dreg].selector); in nft_xfrm_reduce()
273 if (priv->key != xfrm->key || in nft_xfrm_reduce()
274 priv->dreg != xfrm->dreg || in nft_xfrm_reduce()
275 priv->dir != xfrm->dir || in nft_xfrm_reduce()
276 priv->spnum != xfrm->spnum) { in nft_xfrm_reduce()
Dxt_policy.c90 if (dst->xfrm == NULL) in match_policy_out()
93 for (i = 0; dst && dst->xfrm; in match_policy_out()
100 if (match_xfrm_state(dst->xfrm, e, family)) { in match_policy_out()
/linux-6.12.1/net/ipv6/
Dxfrm6_policy.c148 } while (xdst->u.dst.xfrm); in xfrm6_dst_ifdown()
189 .data = &init_net.xfrm.xfrm6_dst_ops.gc_thresh,
207 table[0].data = &net->xfrm.xfrm6_dst_ops.gc_thresh; in xfrm6_net_sysctl_init()
252 memcpy(&net->xfrm.xfrm6_dst_ops, &xfrm6_dst_ops_template, in xfrm6_net_init()
254 ret = dst_entries_init(&net->xfrm.xfrm6_dst_ops); in xfrm6_net_init()
260 dst_entries_destroy(&net->xfrm.xfrm6_dst_ops); in xfrm6_net_init()
268 dst_entries_destroy(&net->xfrm.xfrm6_dst_ops); in xfrm6_net_exit()
Dxfrm6_output.c64 struct xfrm_state *x = dst->xfrm; in __xfrm6_output()
/linux-6.12.1/net/ipv4/
Dxfrm4_policy.c146 .data = &init_net.xfrm.xfrm4_dst_ops.gc_thresh,
164 table[0].data = &net->xfrm.xfrm4_dst_ops.gc_thresh; in xfrm4_net_sysctl_init()
209 memcpy(&net->xfrm.xfrm4_dst_ops, &xfrm4_dst_ops_template, in xfrm4_net_init()
211 ret = dst_entries_init(&net->xfrm.xfrm4_dst_ops); in xfrm4_net_init()
217 dst_entries_destroy(&net->xfrm.xfrm4_dst_ops); in xfrm4_net_init()
225 dst_entries_destroy(&net->xfrm.xfrm4_dst_ops); in xfrm4_net_exit()
Dxfrm4_output.c20 struct xfrm_state *x = skb_dst(skb)->xfrm; in __xfrm4_output()
/linux-6.12.1/arch/x86/kvm/vmx/
Dsgx.c148 u64 attributes, xfrm, size; in __handle_encls_ecreate() local
162 xfrm = contents->xfrm; in __handle_encls_ecreate()
183 (u32)xfrm & ~sgx_12_1->ecx || in __handle_encls_ecreate()
184 (u32)(xfrm >> 32) & ~sgx_12_1->edx || in __handle_encls_ecreate()
185 xfrm & ~(vcpu->arch.guest_supported_xcr0 | XFEATURE_MASK_FPSSE) || in __handle_encls_ecreate()
186 (xfrm & XFEATURE_MASK_FPSSE) != XFEATURE_MASK_FPSSE) { in __handle_encls_ecreate()
/linux-6.12.1/tools/testing/selftests/net/forwarding/
Dip6_forward_instats_vrf.sh151 ip xfrm policy add dst 2001:1:2::2/128 dir fwd action block
154 ip xfrm policy del dst 2001:1:2::2/128 dir fwd
/linux-6.12.1/arch/x86/include/asm/
Dsgx.h177 u64 xfrm; member
373 u64 xfrm; member
/linux-6.12.1/include/net/
Dxfrm.h1014 if (dst->xfrm || (dst->flags & DST_XFRM_QUEUE)) { in xfrm_dst_path()
1026 if (dst->xfrm || (dst->flags & DST_XFRM_QUEUE)) { in xfrm_dst_child()
1044 if (likely(xdst->u.dst.xfrm)) in xfrm_dst_destroy()
1045 xfrm_state_put(xdst->u.dst.xfrm); in xfrm_dst_destroy()
1188 if (!net->xfrm.policy_count[dir] && !secpath_exists(skb)) in __xfrm_check_nopolicy()
1189 return net->xfrm.policy_default[dir] == XFRM_USERPOLICY_ACCEPT; in __xfrm_check_nopolicy()
1279 if (!net->xfrm.policy_count[XFRM_POLICY_OUT] && in xfrm_route_forward()
1280 net->xfrm.policy_default[XFRM_POLICY_OUT] == XFRM_USERPOLICY_ACCEPT) in xfrm_route_forward()
1882 nlsk = rcu_dereference(net->xfrm.nlsk); in xfrm_aevent_is_on()
1895 nlsk = rcu_dereference(net->xfrm.nlsk); in xfrm_acquire_is_on()
[all …]
/linux-6.12.1/security/selinux/
DMakefile22 selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
Dxfrm.c214 x = dst->xfrm; in selinux_xfrm_skb_sid_egress()
454 struct xfrm_state *x = iter->xfrm; in selinux_xfrm_postroute_last()
/linux-6.12.1/Documentation/networking/
Dsecid.rst11 matching labeled xfrm(s).
/linux-6.12.1/net/core/
Ddst.c57 dst->xfrm = NULL; in dst_init()
106 if (dst->xfrm) { in dst_destroy()
/linux-6.12.1/tools/testing/selftests/net/netfilter/
Dnft_flowtable.sh627 …ip -net "$ns" xfrm state add src "$remote" dst "$me" proto esp spi "$spi_in" enc aes "$KEY_AES" …
628 …ip -net "$ns" xfrm state add src "$me" dst "$remote" proto esp spi "$spi_out" enc aes "$KEY_AES" …
631 …ip -net "$ns" xfrm policy add src "$lnet" dst "$rnet" dir out tmpl src "$me" dst "$remote" proto e…
633 …ip -net "$ns" xfrm policy add src "$rnet" dst "$lnet" dir fwd tmpl src "$remote" dst "$me" proto e…

123