xfrm: make user policy API complete
>From a userland POV, this API was based on some magic values:
- dirmask and action were bitfields but meaning of bits
(XFRM_POL_DEFAULT_*) are not exported;
- action is confusing, if a bit is set, does it mean drop or accept?
Let's try to simplify this uapi by using explicit field and macros.
Fixes: 2d151d3907 ("xfrm: Add possibility to set the default to block if we have no policy")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
Nicolas Dichtel
Steffen Klassert
parent
844f7eaaed
commit
f8d858e607
2 changed files with 25 additions and 20 deletions
|
|
@ -514,9 +514,12 @@ struct xfrm_user_offload {
|
|||
#define XFRM_OFFLOAD_INBOUND 2
|
||||
|
||||
struct xfrm_userpolicy_default {
|
||||
#define XFRM_USERPOLICY_DIRMASK_MAX (sizeof(__u8) * 8)
|
||||
__u8 dirmask;
|
||||
__u8 action;
|
||||
#define XFRM_USERPOLICY_UNSPEC 0
|
||||
#define XFRM_USERPOLICY_BLOCK 1
|
||||
#define XFRM_USERPOLICY_ACCEPT 2
|
||||
__u8 in;
|
||||
__u8 fwd;
|
||||
__u8 out;
|
||||
};
|
||||
|
||||
#ifndef __KERNEL__
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue