summaryrefslogtreecommitdiffstats
path: root/include/net/xfrm.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r--include/net/xfrm.h20
1 files changed, 19 insertions, 1 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index bb91934..a267725 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -2,7 +2,6 @@
#define _NET_XFRM_H
#include <linux/compiler.h>
-#include <linux/in.h>
#include <linux/xfrm.h>
#include <linux/spinlock.h>
#include <linux/list.h>
@@ -16,6 +15,7 @@
#include <net/sock.h>
#include <net/dst.h>
+#include <net/ip.h>
#include <net/route.h>
#include <net/ipv6.h>
#include <net/ip6_fib.h>
@@ -279,6 +279,7 @@ struct xfrm_type
__u8 proto;
__u8 flags;
#define XFRM_TYPE_NON_FRAGMENT 1
+#define XFRM_TYPE_REPLAY_PROT 2
int (*init_state)(struct xfrm_state *x);
void (*destructor)(struct xfrm_state *);
@@ -419,6 +420,23 @@ extern int xfrm_unregister_km(struct xfrm_mgr *km);
extern unsigned int xfrm_policy_count[XFRM_POLICY_MAX*2];
+/*
+ * This structure is used for the duration where packets are being
+ * transformed by IPsec. As soon as the packet leaves IPsec the
+ * area beyond the generic IP part may be overwritten.
+ */
+struct xfrm_skb_cb {
+ union {
+ struct inet_skb_parm h4;
+ struct inet6_skb_parm h6;
+ } header;
+
+ /* Sequence number for replay protection. */
+ u64 seq;
+};
+
+#define XFRM_SKB_CB(__skb) ((struct xfrm_skb_cb *)&((__skb)->cb[0]))
+
/* Audit Information */
struct xfrm_audit
{
OpenPOWER on IntegriCloud