include/net/xfrm.h
Source file repositories/reference/linux-study-clean/include/net/xfrm.h
File Facts
- System
- Linux kernel
- Corpus path
include/net/xfrm.h- Extension
.h- Size
- 66144 bytes
- Lines
- 2369
- Domain
- Networking Core
- Bucket
- Sockets, Protocols, Packet Path, And Network Policy
- Inferred role
- Networking Core: implementation source
- Status
- source implementation candidate
Why This File Exists
Networking stack implementation surface: socket APIs, protocol dispatch, packet flow, routing, filtering, and network namespaces.
- Networking stack implementation surface: socket APIs, protocol dispatch, packet flow, routing, filtering, and network namespaces.
- Touches user memory; correctness depends on fault-safe copying and privilege boundary handling.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/compiler.hlinux/xfrm.hlinux/spinlock.hlinux/list.hlinux/skbuff.hlinux/socket.hlinux/pfkeyv2.hlinux/ipsec.hlinux/in6.hlinux/mutex.hlinux/audit.hlinux/slab.hlinux/refcount.hlinux/sockptr.hnet/sock.hnet/dst.hnet/inet_dscp.hnet/ip.hnet/route.hnet/ipv6.hnet/ip6_fib.hnet/flow.hnet/gro_cells.hlinux/interrupt.hnet/snmp.h
Detected Declarations
struct xfrm_state_walkstruct xfrm_dev_offloadstruct xfrm_modestruct xfrm_statestruct km_eventstruct xfrm_if_decode_session_resultstruct xfrm_if_cbstruct xfrm_dst_lookup_paramsstruct net_devicestruct xfrm_typestruct xfrm_dststruct xfrm_policy_afinfostruct xfrm_tmplstruct xfrm_state_afinfostruct xfrm_input_afinfostruct xfrm_typestruct xfrm_type_offloadstruct xfrm_mode_cbsstruct xfrm_tmplstruct xfrm_policy_walk_entrystruct xfrm_policy_walkstruct xfrm_policy_queuestruct xfrm_policystruct xfrm_kmaddressstruct xfrm_migratestruct xfrm_mgrstruct xfrm_tunnel_skb_cbstruct xfrm_skb_cbstruct xfrm_mode_skb_cbstruct xfrm_spi_skb_cbstruct xfrm_dststruct xfrm_if_parmsstruct xfrm_ifstruct xfrm_offloadstruct sec_pathstruct xfrm_algo_aead_infostruct xfrm_algo_auth_infostruct xfrm_algo_encr_infostruct xfrm_algo_comp_infostruct xfrm_algo_descstruct xfrm4_protocolstruct xfrm6_protocolstruct xfrm_tunnelstruct xfrm6_tunnelstruct xfrmk_sadinfostruct xfrmk_spdinfostruct xfrm_translatorenum xfrm_replay_mode
Annotated Snippet
struct xfrm_state_walk {
struct list_head all;
u8 state;
u8 dying;
u8 proto;
u32 seq;
struct xfrm_address_filter *filter;
};
enum {
XFRM_DEV_OFFLOAD_IN = 1,
XFRM_DEV_OFFLOAD_OUT,
XFRM_DEV_OFFLOAD_FWD,
};
enum {
XFRM_DEV_OFFLOAD_UNSPECIFIED,
XFRM_DEV_OFFLOAD_CRYPTO,
XFRM_DEV_OFFLOAD_PACKET,
};
enum {
XFRM_DEV_OFFLOAD_FLAG_ACQ = 1,
};
struct xfrm_dev_offload {
/* The device for this offload.
* Device drivers should not use this directly, as that will prevent
* them from working with bonding device. Instead, the device passed
* to the add/delete callbacks should be used.
*/
struct net_device *dev;
netdevice_tracker dev_tracker;
/* This is a private pointer used by the bonding driver (and eventually
* should be moved there). Device drivers should not use it.
* Protected by xfrm_state.lock AND bond.ipsec_lock in most cases,
* except in the .xdo_dev_state_del() flow, where only xfrm_state.lock
* is held.
*/
struct net_device *real_dev;
unsigned long offload_handle;
u8 dir : 2;
u8 type : 2;
u8 flags : 2;
};
struct xfrm_mode {
u8 encap;
u8 family;
u8 flags;
};
/* Flags for xfrm_mode. */
enum {
XFRM_MODE_FLAG_TUNNEL = 1,
};
enum xfrm_replay_mode {
XFRM_REPLAY_MODE_LEGACY,
XFRM_REPLAY_MODE_BMP,
XFRM_REPLAY_MODE_ESN,
};
/* Full description of state of transformer. */
struct xfrm_state {
possible_net_t xs_net;
union {
struct hlist_node gclist;
struct hlist_node bydst;
};
union {
struct hlist_node dev_gclist;
struct hlist_node bysrc;
};
struct hlist_node byspi;
struct hlist_node byseq;
struct hlist_node state_cache;
struct hlist_node state_cache_input;
refcount_t refcnt;
spinlock_t lock;
u32 pcpu_num;
struct xfrm_id id;
struct xfrm_selector sel;
struct xfrm_mark mark;
u32 if_id;
u32 tfcpad;
u32 genid;
Annotation
- Immediate include surface: `linux/compiler.h`, `linux/xfrm.h`, `linux/spinlock.h`, `linux/list.h`, `linux/skbuff.h`, `linux/socket.h`, `linux/pfkeyv2.h`, `linux/ipsec.h`.
- Detected declarations: `struct xfrm_state_walk`, `struct xfrm_dev_offload`, `struct xfrm_mode`, `struct xfrm_state`, `struct km_event`, `struct xfrm_if_decode_session_result`, `struct xfrm_if_cb`, `struct xfrm_dst_lookup_params`, `struct net_device`, `struct xfrm_type`.
- Atlas domain: Networking Core / Sockets, Protocols, Packet Path, And Network Policy.
- Implementation status: source implementation candidate.
- This snippet crosses the user/kernel memory boundary; validate fault handling and access checks before translating the pattern.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.