bf355b8d2c
This patch adds the necessary functions to compute and check the HMAC signature of an SR-enabled packet. Two HMAC algorithms are supported: hmac(sha1) and hmac(sha256). In order to avoid dynamic memory allocation for each HMAC computation, a per-cpu ring buffer is allocated for this purpose. A new per-interface sysctl called seg6_require_hmac is added, allowing a user-defined policy for processing HMAC-signed SR-enabled packets. A value of -1 means that the HMAC field will always be ignored. A value of 0 means that if an HMAC field is present, its validity will be enforced (the packet is dropped is the signature is incorrect). Finally, a value of 1 means that any SR-enabled packet that does not contain an HMAC signature or whose signature is incorrect will be dropped. Signed-off-by: David Lebrun <david.lebrun@uclouvain.be> Signed-off-by: David S. Miller <davem@davemloft.net>
58 lines
1.9 KiB
Makefile
58 lines
1.9 KiB
Makefile
#
|
|
# Makefile for the Linux TCP/IP (INET6) layer.
|
|
#
|
|
|
|
obj-$(CONFIG_IPV6) += ipv6.o
|
|
|
|
ipv6-objs := af_inet6.o anycast.o ip6_output.o ip6_input.o addrconf.o \
|
|
addrlabel.o \
|
|
route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o udplite.o \
|
|
raw.o icmp.o mcast.o reassembly.o tcp_ipv6.o ping.o \
|
|
exthdrs.o datagram.o ip6_flowlabel.o inet6_connection_sock.o \
|
|
udp_offload.o seg6.o seg6_iptunnel.o
|
|
|
|
ipv6-offload := ip6_offload.o tcpv6_offload.o exthdrs_offload.o
|
|
|
|
ipv6-$(CONFIG_SYSCTL) = sysctl_net_ipv6.o
|
|
ipv6-$(CONFIG_IPV6_MROUTE) += ip6mr.o
|
|
|
|
ipv6-$(CONFIG_XFRM) += xfrm6_policy.o xfrm6_state.o xfrm6_input.o \
|
|
xfrm6_output.o xfrm6_protocol.o
|
|
ipv6-$(CONFIG_NETFILTER) += netfilter.o
|
|
ipv6-$(CONFIG_IPV6_MULTIPLE_TABLES) += fib6_rules.o
|
|
ipv6-$(CONFIG_PROC_FS) += proc.o
|
|
ipv6-$(CONFIG_SYN_COOKIES) += syncookies.o
|
|
ipv6-$(CONFIG_NETLABEL) += calipso.o
|
|
|
|
ipv6-objs += $(ipv6-y)
|
|
|
|
obj-$(CONFIG_INET6_AH) += ah6.o
|
|
obj-$(CONFIG_INET6_ESP) += esp6.o
|
|
obj-$(CONFIG_INET6_IPCOMP) += ipcomp6.o
|
|
obj-$(CONFIG_INET6_XFRM_TUNNEL) += xfrm6_tunnel.o
|
|
obj-$(CONFIG_INET6_TUNNEL) += tunnel6.o
|
|
obj-$(CONFIG_INET6_XFRM_MODE_TRANSPORT) += xfrm6_mode_transport.o
|
|
obj-$(CONFIG_INET6_XFRM_MODE_TUNNEL) += xfrm6_mode_tunnel.o
|
|
obj-$(CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION) += xfrm6_mode_ro.o
|
|
obj-$(CONFIG_INET6_XFRM_MODE_BEET) += xfrm6_mode_beet.o
|
|
obj-$(CONFIG_IPV6_MIP6) += mip6.o
|
|
obj-$(CONFIG_IPV6_ILA) += ila/
|
|
obj-$(CONFIG_NETFILTER) += netfilter/
|
|
|
|
obj-$(CONFIG_IPV6_VTI) += ip6_vti.o
|
|
obj-$(CONFIG_IPV6_SIT) += sit.o
|
|
obj-$(CONFIG_IPV6_TUNNEL) += ip6_tunnel.o
|
|
obj-$(CONFIG_IPV6_GRE) += ip6_gre.o
|
|
obj-$(CONFIG_IPV6_FOU) += fou6.o
|
|
obj-$(CONFIG_IPV6_SEG6_HMAC) += seg6_hmac.o
|
|
|
|
obj-y += addrconf_core.o exthdrs_core.o ip6_checksum.o ip6_icmp.o
|
|
obj-$(CONFIG_INET) += output_core.o protocol.o $(ipv6-offload)
|
|
|
|
obj-$(subst m,y,$(CONFIG_IPV6)) += inet6_hashtables.o
|
|
|
|
ifneq ($(CONFIG_IPV6),)
|
|
obj-$(CONFIG_NET_UDP_TUNNEL) += ip6_udp_tunnel.o
|
|
obj-y += mcast_snoop.o
|
|
endif
|