diff options
| author | David Lebrun <david.lebrun@uclouvain.be> | 2016-11-08 14:57:42 +0100 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-11-09 20:40:06 -0500 |
| commit | bf355b8d2c30a289232042cacc1cfaea4923936c (patch) | |
| tree | e7f1a5472ac6ac4c5b6c46ff4fe54d9bb9c4ab0f /include/uapi/linux/ipv6.h | |
| parent | 6c8702c60b88651072460f3f4026c7dfe2521d12 (diff) | |
| download | linux-bf355b8d2c30a289232042cacc1cfaea4923936c.tar.gz linux-bf355b8d2c30a289232042cacc1cfaea4923936c.tar.bz2 linux-bf355b8d2c30a289232042cacc1cfaea4923936c.zip | |
ipv6: sr: add core files for SR HMAC support
This patch adds the necessary functions to compute and check the HMAC signature
of an SR-enabled packet. Two HMAC algorithms are supported: hmac(sha1) and
hmac(sha256).
In order to avoid dynamic memory allocation for each HMAC computation,
a per-cpu ring buffer is allocated for this purpose.
A new per-interface sysctl called seg6_require_hmac is added, allowing a
user-defined policy for processing HMAC-signed SR-enabled packets.
A value of -1 means that the HMAC field will always be ignored.
A value of 0 means that if an HMAC field is present, its validity will
be enforced (the packet is dropped is the signature is incorrect).
Finally, a value of 1 means that any SR-enabled packet that does not
contain an HMAC signature or whose signature is incorrect will be dropped.
Signed-off-by: David Lebrun <david.lebrun@uclouvain.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/uapi/linux/ipv6.h')
| -rw-r--r-- | include/uapi/linux/ipv6.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/uapi/linux/ipv6.h b/include/uapi/linux/ipv6.h index 7ff1d654e333..53561be1ac21 100644 --- a/include/uapi/linux/ipv6.h +++ b/include/uapi/linux/ipv6.h @@ -180,6 +180,7 @@ enum { DEVCONF_KEEP_ADDR_ON_DOWN, DEVCONF_RTR_SOLICIT_MAX_INTERVAL, DEVCONF_SEG6_ENABLED, + DEVCONF_SEG6_REQUIRE_HMAC, DEVCONF_MAX }; |