summaryrefslogtreecommitdiffstats
path: root/include/net/xfrm.h
diff options
context:
space:
mode:
authorSabrina Dubroca <sd@queasysnail.net>2019-11-25 14:49:02 +0100
committerSteffen Klassert <steffen.klassert@secunet.com>2019-12-09 09:59:07 +0100
commite27cca96cd68fa2c6814c90f9a1cfd36bb68c593 (patch)
treec5d84ce22c0cdd452fea7478ca8d63b37188b6b6 /include/net/xfrm.h
parentesp4: split esp_output_udp_encap and introduce esp_output_encap (diff)
downloadlinux-e27cca96cd68fa2c6814c90f9a1cfd36bb68c593.tar.xz
linux-e27cca96cd68fa2c6814c90f9a1cfd36bb68c593.zip
xfrm: add espintcp (RFC 8229)
TCP encapsulation of IKE and IPsec messages (RFC 8229) is implemented as a TCP ULP, overriding in particular the sendmsg and recvmsg operations. A Stream Parser is used to extract messages out of the TCP stream using the first 2 bytes as length marker. Received IKE messages are put on "ike_queue", waiting to be dequeued by the custom recvmsg implementation. Received ESP messages are sent to XFRM, like with UDP encapsulation. Some of this code is taken from the original submission by Herbert Xu. Currently, only IPv4 is supported, like for UDP encapsulation. Co-developed-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r--include/net/xfrm.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 56ff86621bb4..8f71c111e65a 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -193,6 +193,7 @@ struct xfrm_state {
/* Data for encapsulator */
struct xfrm_encap_tmpl *encap;
+ struct sock __rcu *encap_sk;
/* Data for care-of address */
xfrm_address_t *coaddr;