diff options
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r-- | include/net/xfrm.h | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index bb91934..a267725 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -2,7 +2,6 @@ #define _NET_XFRM_H #include <linux/compiler.h> -#include <linux/in.h> #include <linux/xfrm.h> #include <linux/spinlock.h> #include <linux/list.h> @@ -16,6 +15,7 @@ #include <net/sock.h> #include <net/dst.h> +#include <net/ip.h> #include <net/route.h> #include <net/ipv6.h> #include <net/ip6_fib.h> @@ -279,6 +279,7 @@ struct xfrm_type __u8 proto; __u8 flags; #define XFRM_TYPE_NON_FRAGMENT 1 +#define XFRM_TYPE_REPLAY_PROT 2 int (*init_state)(struct xfrm_state *x); void (*destructor)(struct xfrm_state *); @@ -419,6 +420,23 @@ extern int xfrm_unregister_km(struct xfrm_mgr *km); extern unsigned int xfrm_policy_count[XFRM_POLICY_MAX*2]; +/* + * This structure is used for the duration where packets are being + * transformed by IPsec. As soon as the packet leaves IPsec the + * area beyond the generic IP part may be overwritten. + */ +struct xfrm_skb_cb { + union { + struct inet_skb_parm h4; + struct inet6_skb_parm h6; + } header; + + /* Sequence number for replay protection. */ + u64 seq; +}; + +#define XFRM_SKB_CB(__skb) ((struct xfrm_skb_cb *)&((__skb)->cb[0])) + /* Audit Information */ struct xfrm_audit { |