From 4ab47d47af20addd6ecee1ece0205b1fbf483942 Mon Sep 17 00:00:00 2001 From: Antony Antony Date: Tue, 6 Jun 2017 12:12:13 +0200 Subject: xfrm: extend MIGRATE with UDP encapsulation port Add UDP encapsulation port to XFRM_MSG_MIGRATE using an optional netlink attribute XFRMA_ENCAP. The devices that support IKE MOBIKE extension (RFC-4555 Section 3.8) could go to sleep for a few minutes and wake up. When it wake up the NAT mapping could have expired, the device send a MOBIKE UPDATE_SA message to migrate the IPsec SA. The change could be a change UDP encapsulation port, IP address, or both. Reported-by: Paul Wouters Signed-off-by: Antony Antony Reviewed-by: Richard Guy Briggs Signed-off-by: Steffen Klassert --- include/net/xfrm.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'include/net/xfrm.h') diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 6793a30c66b1..1cc71726e581 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1688,10 +1688,12 @@ int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, const struct xfrm_kmaddress *k); struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net); struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, - struct xfrm_migrate *m); + struct xfrm_migrate *m, + struct xfrm_encap_tmpl *encap); int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles, - struct xfrm_kmaddress *k, struct net *net); + struct xfrm_kmaddress *k, struct net *net, + struct xfrm_encap_tmpl *encap); #endif int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport); -- cgit v1.2.1 From 8bafd73093f2f431f5a363f8057abc0ccc118853 Mon Sep 17 00:00:00 2001 From: Antony Antony Date: Tue, 6 Jun 2017 12:12:14 +0200 Subject: xfrm: add UDP encapsulation port in migrate message Add XFRMA_ENCAP, UDP encapsulation port, to km_migrate announcement to userland. Only add if XFRMA_ENCAP was in user migrate request. Signed-off-by: Antony Antony Reviewed-by: Richard Guy Briggs Signed-off-by: Steffen Klassert --- include/net/xfrm.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'include/net/xfrm.h') diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 1cc71726e581..34420d9708a0 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -631,7 +631,8 @@ struct xfrm_mgr { u8 dir, u8 type, const struct xfrm_migrate *m, int num_bundles, - const struct xfrm_kmaddress *k); + const struct xfrm_kmaddress *k, + const struct xfrm_encap_tmpl *encap); bool (*is_alive)(const struct km_event *c); }; @@ -1685,7 +1686,8 @@ int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol); #ifdef CONFIG_XFRM_MIGRATE int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, const struct xfrm_migrate *m, int num_bundles, - const struct xfrm_kmaddress *k); + const struct xfrm_kmaddress *k, + const struct xfrm_encap_tmpl *encap); struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net); struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, struct xfrm_migrate *m, -- cgit v1.2.1