ipv6: sr: add core files for SR HMAC support
authorDavid Lebrun <david.lebrun@uclouvain.be>
Tue, 8 Nov 2016 13:57:42 +0000 (14:57 +0100)
committerDavid S. Miller <davem@davemloft.net>
Thu, 10 Nov 2016 01:40:06 +0000 (20:40 -0500)
commitbf355b8d2c30a289232042cacc1cfaea4923936c
treee7f1a5472ac6ac4c5b6c46ff4fe54d9bb9c4ab0f
parent6c8702c60b88651072460f3f4026c7dfe2521d12
ipv6: sr: add core files for SR HMAC support

This patch adds the necessary functions to compute and check the HMAC signature
of an SR-enabled packet. Two HMAC algorithms are supported: hmac(sha1) and
hmac(sha256).

In order to avoid dynamic memory allocation for each HMAC computation,
a per-cpu ring buffer is allocated for this purpose.

A new per-interface sysctl called seg6_require_hmac is added, allowing a
user-defined policy for processing HMAC-signed SR-enabled packets.
A value of -1 means that the HMAC field will always be ignored.
A value of 0 means that if an HMAC field is present, its validity will
be enforced (the packet is dropped is the signature is incorrect).
Finally, a value of 1 means that any SR-enabled packet that does not
contain an HMAC signature or whose signature is incorrect will be dropped.

Signed-off-by: David Lebrun <david.lebrun@uclouvain.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/ipv6.h
include/linux/seg6_hmac.h [new file with mode: 0644]
include/net/seg6.h
include/net/seg6_hmac.h [new file with mode: 0644]
include/uapi/linux/ipv6.h
include/uapi/linux/seg6_hmac.h [new file with mode: 0644]
net/ipv6/Kconfig
net/ipv6/Makefile
net/ipv6/addrconf.c
net/ipv6/seg6_hmac.c [new file with mode: 0644]