[IPSEC]: Make netlink user interface header.

include/linux/netlink.h

@@ -7,6 +7,7 @@
 #define NETLINK_FIREWALL	3	/* Firewalling hook				*/
 #define NETLINK_TCPDIAG		4	/* TCP socket monitoring			*/
 #define NETLINK_NFLOG		5	/* netfilter/iptables ULOG */
+#define NETLINK_XFRM		6	/* ipsec */
 #define NETLINK_ARPD		8
 #define NETLINK_ROUTE6		11	/* af_inet6 route comm channel */
 #define NETLINK_IP6_FW		13
@@ -86,6 +87,8 @@ struct nlmsgerr
 
 #ifdef __KERNEL__
 
+#include <linux/capability.h>
+
 struct netlink_skb_parms
 {
 	struct ucred		creds;		/* Skb credentials	*/

include/linux/xfrm.h

+#ifndef _LINUX_XFRM_H
+#define _LINUX_XFRM_H
+
+#include <linux/types.h>
+
+/* All of the structures in this file may not change size as they are
+ * passed into the kernel from userspace via netlink sockets.
+ */
+
+/* Structure to encapsulate addresses. I do not want to use
+ * "standard" structure. My apologies.
+ */
+typedef union
+{
+	struct {
+		__u32	addr;
+		__u32	mask;	/* Use unused bits to cache mask. */
+	} a4;
+#define xfrm4_addr a4.addr
+#define xfrm4_mask a4.mask
+	__u32		a6[4];
+} xfrm_address_t;
+
+/* Ident of a specific xfrm_state. It is used on input to lookup
+ * the state by (spi,daddr,ah/esp) or to store information about
+ * spi, protocol and tunnel address on output.
+ */
+struct xfrm_id
+{
+	xfrm_address_t	daddr;
+	__u32		spi;
+	__u8		proto;
+};
+
+/* Selector, used as selector both on policy rules (SPD) and SAs. */
+
+struct xfrm_selector
+{
+	xfrm_address_t	daddr;
+	xfrm_address_t	saddr;
+	__u16	dport;
+	__u16	dport_mask;
+	__u16	sport;
+	__u16	sport_mask;
+	__u8	prefixlen_d;
+	__u8	prefixlen_s;
+	__u8	proto;
+	int	ifindex;
+	uid_t	user;
+	void	*owner;
+};
+
+#define XFRM_INF (~(u64)0)
+
+struct xfrm_lifetime_cfg
+{
+	__u64	soft_byte_limit;
+	__u64	hard_byte_limit;
+	__u64	soft_packet_limit;
+	__u64	hard_packet_limit;
+	__u64	soft_add_expires_seconds;
+	__u64	hard_add_expires_seconds;
+	__u64	soft_use_expires_seconds;
+	__u64	hard_use_expires_seconds;
+};
+
+struct xfrm_lifetime_cur
+{
+	__u64	bytes;
+	__u64	packets;
+	__u64	add_time;
+	__u64	use_time;
+};
+
+struct xfrm_replay_state
+{
+	__u32	oseq;
+	__u32	seq;
+	__u32	bitmap;
+};
+
+struct xfrm_algo {
+	char	alg_name[64];
+	int	alg_key_len;    /* in bits */
+	char	alg_key[0];
+};
+
+struct xfrm_stats {
+	__u32	replay_window;
+	__u32	replay;
+	__u32	integrity_failed;
+};
+
+/* Netlink configuration messages.  */
+#define XFRM_MSG_BASE		0x10
+
+#define XFRM_MSG_NEWSA		(RTM_BASE + 0)
+#define XFRM_MSG_DELSA		(RTM_BASE + 1)
+#define XFRM_MSG_GETSA		(RTM_BASE + 2)
+
+#define XFRM_MSG_NEWPOLICY	(RTM_BASE + 3)
+#define XFRM_MSG_DELPOLICY	(RTM_BASE + 4)
+#define XFRM_MSG_GETPOLICY	(RTM_BASE + 5)
+
+#define XFRM_MSG_ALLOCSPI	(RTM_BASE + 6)
+#define XFRM_MSG_ACQUIRE	(RTM_BASE + 7)
+
+#define XFRM_MSG_MAX		(XFRM_MSG_ACQUIRE+1)
+
+struct xfrm_user_tmpl {
+	struct xfrm_id		id;
+	xfrm_address_t		saddr;
+	__u16			reqid;
+	__u8			mode;
+	__u8			share;
+	__u32			aalgos;
+	__u32			ealgos;
+	__u32			calgos;
+};
+
+/* Netlink message attributes.  */
+enum xfrm_attr_type_t {
+	XFRMA_UNSPEC,
+	XFRMA_ALG_AUTH,		/* struct xfrm_algo */
+	XFRMA_ALG_CRYPT,	/* struct xfrm_algo */
+	XFRMA_ALG_COMP,		/* struct xfrm_algo */
+	XFRMA_TMPL,		/* 1 or more struct xfrm_user_tmpl */
+
+#define XFRMA_MAX XFRMA_TMPL
+};
+
+struct xfrm_usersa_info {
+	struct xfrm_selector		sel;
+	struct xfrm_id			id;
+	struct xfrm_lifetime_cfg	lft;
+	struct xfrm_lifetime_cur	curlft;
+	struct xfrm_stats		stats;
+	__u16				family;
+	__u16				reqid;
+	__u8				sa_type;
+	__u8				mode; /* 0=transport,1=tunnel */
+	__u8				replay_window;
+};
+
+struct xfrm_usersa_id {
+	xfrm_address_t			saddr;
+	__u32				spi;
+	__u8				proto;
+};
+
+struct xfrm_userpolicy_info {
+	struct xfrm_selector		sel;
+	struct xfrm_id			id;
+	struct xfrm_lifetime_cfg	lft;
+	struct xfrm_lifetime_cur	curlft;
+	__u32				index;
+	__u16				family;
+	__u8				dir;
+	__u8				action;
+};
+
+struct xfrm_userpolicy_id {
+	struct xfrm_selector		sel;
+	__u32				index;
+	__u8				dir;
+};
+
+#endif /* _LINUX_XFRM_H */

include/net/xfrm.h

-#include <linux/types.h>
+#include <linux/xfrm.h>
 #include <linux/spinlock.h>
 #include <linux/list.h>
 #include <linux/skbuff.h>
@@ -10,7 +10,6 @@
 
 extern struct semaphore xfrm_cfg_sem;
 
-
 /* Organization of SPD aka "XFRM rules"
    ------------------------------------
 
@@ -72,84 +71,6 @@ extern struct semaphore xfrm_cfg_sem;
       metrics. Plus, it will be made via sk->dst_cache. Solved.
  */
 
-/* Structure to encapsulate addresses. I do not want to use
- * "standard" structure. My apologies. */
-
-typedef union
-{
-	struct {
-		u32	addr;
-		u32	mask;	/* Use unused bits to cache mask. */
-	} a4;
-#define xfrm4_addr a4.addr
-#define xfrm4_mask a4.mask
-	u32		a6[4];
-} xfrm_address_t;
-
-/* Ident of a specific xfrm_state. It is used on input to lookup
- * the state by (spi,daddr,ah/esp) or to store information about
- * spi, protocol and tunnel address on output. */
-
-struct xfrm_id
-{
-	xfrm_address_t	daddr;
-	__u32		spi;
-	__u8		proto;
-};
-
-/* Selector, used as selector both on policy rules (SPD) and SAs. */
-
-struct xfrm_selector
-{
-	xfrm_address_t	daddr;
-	xfrm_address_t	saddr;
-	__u16	dport;
-	__u16	dport_mask;
-	__u16	sport;
-	__u16	sport_mask;
-	__u8	prefixlen_d;
-	__u8	prefixlen_s;
-	__u8	proto;
-	int	ifindex;
-	uid_t	user;
-	void	*owner;
-};
-
-#define XFRM_INF (~(u64)0)
-
-struct xfrm_lifetime_cfg
-{
-	u64	soft_byte_limit;
-	u64	hard_byte_limit;
-	u64	soft_packet_limit;
-	u64	hard_packet_limit;
-	u64	soft_add_expires_seconds;
-	u64	hard_add_expires_seconds;
-	u64	soft_use_expires_seconds;
-	u64	hard_use_expires_seconds;
-};
-
-struct xfrm_lifetime_cur
-{
-	u64	bytes;
-	u64	packets;
-	u64	add_time;
-	u64	use_time;
-};
-
-struct xfrm_replay_state
-{
-	u32	oseq;
-	u32	seq;
-	u32	bitmap;
-};
-
-struct xfrm_algo {
-	char	alg_name[CRYPTO_MAX_ALG_NAME];
-	int	alg_key_len;    /* in bits */
-	char	alg_key[0];
-};
-
 /* Full description of state of transformer. */
 struct xfrm_state
 {
@@ -191,11 +112,7 @@ struct xfrm_state
 	struct xfrm_replay_state replay;
 
 	/* Statistics */
-	struct {
-		u32		replay_window;
-		u32		replay;
-		u32		integrity_failed;
-	} stats;
+	struct xfrm_stats	stats;
 
 	struct xfrm_lifetime_cur curlft;
 	struct timer_list	timer;