ipv6: sr: add core files for SR HMAC support
This patch adds the necessary functions to compute and check the HMAC signature of an SR-enabled packet. Two HMAC algorithms are supported: hmac(sha1) and hmac(sha256). In order to avoid dynamic memory allocation for each HMAC computation, a per-cpu ring buffer is allocated for this purpose. A new per-interface sysctl called seg6_require_hmac is added, allowing a user-defined policy for processing HMAC-signed SR-enabled packets. A value of -1 means that the HMAC field will always be ignored. A value of 0 means that if an HMAC field is present, its validity will be enforced (the packet is dropped is the signature is incorrect). Finally, a value of 1 means that any SR-enabled packet that does not contain an HMAC signature or whose signature is incorrect will be dropped. Signed-off-by: David Lebrun <david.lebrun@uclouvain.be> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David Lebrun
committed by
David S. Miller
David S. Miller
parent
6c8702c60b
commit
bf355b8d2c
@@ -65,6 +65,9 @@ struct ipv6_devconf {
|
||||
__s32 use_oif_addrs_only;
|
||||
__s32 keep_addr_on_down;
|
||||
__s32 seg6_enabled;
|
||||
#ifdef CONFIG_IPV6_SEG6_HMAC
|
||||
__s32 seg6_require_hmac;
|
||||
#endif
|
||||
|
||||
struct ctl_table_header *sysctl_header;
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user