diff options
author | David S. Miller <davem@davemloft.net> | 2022-01-06 12:54:20 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2022-01-06 12:54:20 +0100 |
commit | d093d17c9554be794b1bd83971fb6d0ae3ea77b1 (patch) | |
tree | 7c397973f12f7ce6883fbe98757a807295c18b64 /include/net/xfrm.h | |
parent | Merge branch 'net-lantiq_xrx200-improve-ethernet-performance' (diff) | |
parent | xfrm: rate limit SA mapping change message to user space (diff) | |
download | linux-d093d17c9554be794b1bd83971fb6d0ae3ea77b1.tar.xz linux-d093d17c9554be794b1bd83971fb6d0ae3ea77b1.zip |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
Steffen Klassert says:
====================
pull request (net-next): ipsec-next 2022-01-06
1) Fix some clang_analyzer warnings about never read variables.
From luo penghao.
2) Check for pols[0] only once in xfrm_expand_policies().
From Jean Sacren.
3) The SA curlft.use_time was updated only on SA cration time.
Update whenever the SA is used. From Antony Antony
4) Add support for SM3 secure hash.
From Xu Jia.
5) Add support for SM4 symmetric cipher algorithm.
From Xu Jia.
6) Add a rate limit for SA mapping change messages.
From Antony Antony.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r-- | include/net/xfrm.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 83b46da8873d..d728d7b9a72e 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -201,6 +201,11 @@ struct xfrm_state { struct xfrm_algo_aead *aead; const char *geniv; + /* mapping change rate limiting */ + __be16 new_mapping_sport; + u32 new_mapping; /* seconds */ + u32 mapping_maxage; /* seconds for input SA */ + /* Data for encapsulator */ struct xfrm_encap_tmpl *encap; struct sock __rcu *encap_sk; |