ipv6: sr: add core files for SR HMAC support
This patch adds the necessary functions to compute and check the HMAC signature of an SR-enabled packet. Two HMAC algorithms are supported: hmac(sha1) and hmac(sha256). In order to avoid dynamic memory allocation for each HMAC computation, a per-cpu ring buffer is allocated for this purpose. A new per-interface sysctl called seg6_require_hmac is added, allowing a user-defined policy for processing HMAC-signed SR-enabled packets. A value of -1 means that the HMAC field will always be ignored. A value of 0 means that if an HMAC field is present, its validity will be enforced (the packet is dropped is the signature is incorrect). Finally, a value of 1 means that any SR-enabled packet that does not contain an HMAC signature or whose signature is incorrect will be dropped. Signed-off-by:David Lebrun <david.lebrun@uclouvain.be> Signed-off-by:
Showing
- include/linux/ipv6.h 3 additions, 0 deletionsinclude/linux/ipv6.h
- include/linux/seg6_hmac.h 6 additions, 0 deletionsinclude/linux/seg6_hmac.h
- include/net/seg6.h 4 additions, 0 deletionsinclude/net/seg6.h
- include/net/seg6_hmac.h 62 additions, 0 deletionsinclude/net/seg6_hmac.h
- include/uapi/linux/ipv6.h 1 addition, 0 deletionsinclude/uapi/linux/ipv6.h
- include/uapi/linux/seg6_hmac.h 21 additions, 0 deletionsinclude/uapi/linux/seg6_hmac.h
- net/ipv6/Kconfig 12 additions, 0 deletionsnet/ipv6/Kconfig
- net/ipv6/Makefile 1 addition, 0 deletionsnet/ipv6/Makefile
- net/ipv6/addrconf.c 18 additions, 0 deletionsnet/ipv6/addrconf.c
- net/ipv6/seg6_hmac.c 484 additions, 0 deletionsnet/ipv6/seg6_hmac.c
Loading
Please register or sign in to comment