4 files changed, 75 insertions, 2 deletions

diff --git a/include/net/ah.h b/include/net/ah.h
index ae1c322f424..5761a0dfd88 100644
--- a/include/net/ah.h
+++ b/include/net/ah.h
@@ -13,7 +13,11 @@ struct ah_data
 	int			icv_full_len;
 	int			icv_trunc_len;
 
-	struct crypto_hash	*tfm;
+	union {
+		struct crypto_hash	*tfm;
+		struct crypto_ahash	*atfm;
+		struct crypto_aead	*aeadtfm;
+	} utfm;
 };
 
 static inline int ah_mac_digest(struct ah_data *ahp, struct sk_buff *skb,
@@ -22,7 +26,7 @@ static inline int ah_mac_digest(struct ah_data *ahp, struct sk_buff *skb,
 	struct hash_desc desc;
 	int err;
 
-	desc.tfm = ahp->tfm;
+	desc.tfm = ahp->utfm.tfm;
 	desc.flags = 0;
 
 	memset(auth_data, 0, ahp->icv_trunc_len);
diff --git a/include/net/esp.h b/include/net/esp.h
index d58451331db..9a07fdccb11 100644
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -11,6 +11,15 @@ struct esp_data {
 
 	/* Confidentiality & Integrity */
 	struct crypto_aead *aead;
+#if CONFIG_INET_ESP_NR_REQ_CACHE > 0
+#define ESP_NFRAGS_CACHE	10 /* total number of frag for cache */
+#define ESP_REQ_CACHE_MAX	CONFIG_INET_ESP_NR_REQ_CACHE
+	void		  *req_cache[ESP_REQ_CACHE_MAX];
+	atomic_t	   req_cache_cnt;
+	int		   req_cache_head;
+	int		   req_cache_tail;
+#endif
+	int		   req_cache_size; /* request size without frag sg */
 };
 
 extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len);
diff --git a/include/net/macsec.h b/include/net/macsec.h
new file mode 100644
index 00000000000..378aa412579
--- /dev/null
+++ b/include/net/macsec.h
@@ -0,0 +1,55 @@
+#ifndef _NET_MACSEC_H
+#define _NET_MACSEC_H
+
+#include <linux/skbuff.h>
+
+#define DEBUG_MACSEC
+#ifdef DEBUG_MACSEC
+#	define MACSEC_DUMP_PKT		print_hex_dump
+#else
+#	define MACSEC_DUMP_PKT(arg...)
+#endif
+
+#define CONFIG_INET_MACSEC_NR_REQ_CACHE		1
+
+struct crypto_aead;
+
+struct macsec_dev_ctx
+{
+	struct crypto_aead *aead;	
+#define MACSEC_NFRAGS_CACHE	4
+#define MACSEC_REQ_CACHE_MAX	256
+	void		  *req_cache[MACSEC_REQ_CACHE_MAX];
+	atomic_t	   req_cache_cnt;
+	int		   req_cache_size;
+	int		   req_cache_head;
+	int		   req_cache_tail;
+};
+
+struct macsec_skb_cb {
+	void *req_ctx;
+	struct macsec_dev_ctx *ctx;
+	int flags;
+};
+
+struct macsec_hdr_t {
+	__be16 macsec_type;
+	unsigned int flags	:8;
+	unsigned int short_len	:8;
+}__attribute__((packed));
+
+struct macsec_ethhdr {
+	unsigned char		h_dest[ETH_ALEN];	/* destination eth addr	*/
+	unsigned char		h_source[ETH_ALEN];	/* source ether addr	*/
+	struct macsec_hdr_t 	hdr;			/* Macsec Tag */
+	__be32			h_pn;			/* Macsec Packet Number */
+	__be16			h_proto;		/* Ethernet packet type ID field */
+} __attribute__((packed));
+
+extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len);
+__be16 macsec_type_trans(struct sk_buff *skb);
+extern int macsec_netif_receive_skb(struct sk_buff *skb, __be16 type);
+extern int macsec_init_state(struct net_device *dev);
+void macsec_destroy(struct net_device *dev);
+
+#endif
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 223e90a4482..645f3956b32 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -164,6 +164,11 @@ struct xfrm_state
 	struct xfrm_algo	*ealg;
 	struct xfrm_algo	*calg;
 	struct xfrm_algo_aead	*aead;
+	#define XFRM_ALGO_FLAGS_OFFLOAD_TRANPORT        0x0001
+        #define XFRM_ALGO_FLAGS_OFFLOAD_TUNNEL          0x0002
+        #define XFRM_ALGO_FLAGS_OFFLOAD_ESP             0x0004
+        #define XFRM_ALGO_FLAGS_OFFLOAD_AH              0x0008
+        u32                     alg_flags;
 
 	/* Data for encapsulator */
 	struct xfrm_encap_tmpl	*encap;