mirror of
https://github.com/torvalds/linux.git
synced 2024-12-02 00:51:44 +00:00
f531d13bdf
Add the ability to send out RFC-3948 NAT keepalives from the xfrm stack. To use, Userspace sets an XFRM_NAT_KEEPALIVE_INTERVAL integer property when creating XFRM outbound states which denotes the number of seconds between keepalive messages. Keepalive messages are sent from a per net delayed work which iterates over the xfrm states. The logic is guarded by the xfrm state spinlock due to the xfrm state walk iterator. Possible future enhancements: - Adding counters to keep track of sent keepalives. - deduplicate NAT keepalives between states sharing the same nat keepalive parameters. - provisioning hardware offloads for devices capable of implementing this. - revise xfrm state list to use an rcu list in order to avoid running this under spinlock. Suggested-by: Paul Wouters <paul.wouters@aiven.io> Tested-by: Paul Wouters <paul.wouters@aiven.io> Tested-by: Antony Antony <antony.antony@secunet.com> Signed-off-by: Eyal Birger <eyal.birger@gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
26 lines
892 B
Makefile
26 lines
892 B
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Makefile for the XFRM subsystem.
|
|
#
|
|
|
|
xfrm_interface-$(CONFIG_XFRM_INTERFACE) += xfrm_interface_core.o
|
|
|
|
ifeq ($(CONFIG_XFRM_INTERFACE),m)
|
|
xfrm_interface-$(CONFIG_DEBUG_INFO_BTF_MODULES) += xfrm_interface_bpf.o
|
|
else ifeq ($(CONFIG_XFRM_INTERFACE),y)
|
|
xfrm_interface-$(CONFIG_DEBUG_INFO_BTF) += xfrm_interface_bpf.o
|
|
endif
|
|
|
|
obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \
|
|
xfrm_input.o xfrm_output.o \
|
|
xfrm_sysctl.o xfrm_replay.o xfrm_device.o \
|
|
xfrm_nat_keepalive.o
|
|
obj-$(CONFIG_XFRM_STATISTICS) += xfrm_proc.o
|
|
obj-$(CONFIG_XFRM_ALGO) += xfrm_algo.o
|
|
obj-$(CONFIG_XFRM_USER) += xfrm_user.o
|
|
obj-$(CONFIG_XFRM_USER_COMPAT) += xfrm_compat.o
|
|
obj-$(CONFIG_XFRM_IPCOMP) += xfrm_ipcomp.o
|
|
obj-$(CONFIG_XFRM_INTERFACE) += xfrm_interface.o
|
|
obj-$(CONFIG_XFRM_ESPINTCP) += espintcp.o
|
|
obj-$(CONFIG_DEBUG_INFO_BTF) += xfrm_state_bpf.o
|