]> git.proxmox.com Git - mirror_ubuntu-eoan-kernel.git/blame - net/xfrm/xfrm_state.c
projects / mirror_ubuntu-eoan-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
netns xfrm: per-netns xfrm_state counts
[mirror_ubuntu-eoan-kernel.git] / net / xfrm / xfrm_state.c
CommitLineData
1da177e4
LT		 1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
df71837d 13 *
1da177e4
LT		 14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
f034b5d4 21#include <linux/cache.h>
68277acc 22#include <linux/audit.h>
b5890d8b 23#include <asm/uaccess.h>
1da177e4 24
44e36b42
DM		 25#include "xfrm_hash.h"
26
ee857a7d
DM		 27struct sock *xfrm_nl;
28EXPORT_SYMBOL(xfrm_nl);
29
01e67d08 30u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
a70fcb0b
DM		 31EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
01e67d08 33u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
a70fcb0b
DM		 34EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
01e67d08
DM		 36u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
1da177e4
LT		 38/* Each xfrm_state may be linked to two tables:
39
40 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
a624c108 41 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
1da177e4
LT		 42 destination/tunnel endpoint. (output)
43 */
44
45static DEFINE_SPINLOCK(xfrm_state_lock);
46
f034b5d4 47static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
9d4a706d 48static unsigned int xfrm_state_genid;
f034b5d4 49
17c2a42a
HX		 50static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
51static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
52
afeb14b4
PM		 53#ifdef CONFIG_AUDITSYSCALL
54static void xfrm_audit_state_replay(struct xfrm_state *x,
55 struct sk_buff *skb, __be32 net_seq);
56#else
57#define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
58#endif /* CONFIG_AUDITSYSCALL */
59
c1969f29
DM		 60static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
61 xfrm_address_t *saddr,
62 u32 reqid,
a624c108 63 unsigned short family)
f034b5d4 64{
529983ec 65 return __xfrm_dst_hash(daddr, saddr, reqid, family, init_net.xfrm.state_hmask);
f034b5d4
DM		 66}
67
667bbcb6
MN		 68static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
69 xfrm_address_t *saddr,
44e36b42 70 unsigned short family)
f034b5d4 71{
529983ec 72 return __xfrm_src_hash(daddr, saddr, family, init_net.xfrm.state_hmask);
f034b5d4
DM		 73}
74
f034b5d4 75static inline unsigned int
8122adf0 76xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
f034b5d4 77{
529983ec 78 return __xfrm_spi_hash(daddr, spi, proto, family, init_net.xfrm.state_hmask);
f034b5d4
DM		 79}
80
f034b5d4
DM		 81static void xfrm_hash_transfer(struct hlist_head *list,
82 struct hlist_head *ndsttable,
83 struct hlist_head *nsrctable,
84 struct hlist_head *nspitable,
85 unsigned int nhashmask)
86{
87 struct hlist_node *entry, *tmp;
88 struct xfrm_state *x;
89
90 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
91 unsigned int h;
92
c1969f29
DM		 93 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
94 x->props.reqid, x->props.family,
95 nhashmask);
f034b5d4
DM		 96 hlist_add_head(&x->bydst, ndsttable+h);
97
667bbcb6
MN		 98 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
99 x->props.family,
f034b5d4
DM		 100 nhashmask);
101 hlist_add_head(&x->bysrc, nsrctable+h);
102
7b4dc360
MN		 103 if (x->id.spi) {
104 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
105 x->id.proto, x->props.family,
106 nhashmask);
107 hlist_add_head(&x->byspi, nspitable+h);
108 }
f034b5d4
DM		 109 }
110}
111
112static unsigned long xfrm_hash_new_size(void)
113{
529983ec 114 return ((init_net.xfrm.state_hmask + 1) << 1) *
f034b5d4
DM		 115 sizeof(struct hlist_head);
116}
117
118static DEFINE_MUTEX(hash_resize_mutex);
119
c4028958 120static void xfrm_hash_resize(struct work_struct *__unused)
f034b5d4
DM		 121{
122 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
123 unsigned long nsize, osize;
124 unsigned int nhashmask, ohashmask;
125 int i;
126
127 mutex_lock(&hash_resize_mutex);
128
129 nsize = xfrm_hash_new_size();
44e36b42 130 ndst = xfrm_hash_alloc(nsize);
f034b5d4
DM		 131 if (!ndst)
132 goto out_unlock;
44e36b42 133 nsrc = xfrm_hash_alloc(nsize);
f034b5d4 134 if (!nsrc) {
44e36b42 135 xfrm_hash_free(ndst, nsize);
f034b5d4
DM		 136 goto out_unlock;
137 }
44e36b42 138 nspi = xfrm_hash_alloc(nsize);
f034b5d4 139 if (!nspi) {
44e36b42
DM		 140 xfrm_hash_free(ndst, nsize);
141 xfrm_hash_free(nsrc, nsize);
f034b5d4
DM		 142 goto out_unlock;
143 }
144
145 spin_lock_bh(&xfrm_state_lock);
146
147 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
529983ec 148 for (i = init_net.xfrm.state_hmask; i >= 0; i--)
73d189dc 149 xfrm_hash_transfer(init_net.xfrm.state_bydst+i, ndst, nsrc, nspi,
f034b5d4
DM		 150 nhashmask);
151
73d189dc 152 odst = init_net.xfrm.state_bydst;
d320bbb3 153 osrc = init_net.xfrm.state_bysrc;
b754a4fd 154 ospi = init_net.xfrm.state_byspi;
529983ec 155 ohashmask = init_net.xfrm.state_hmask;
f034b5d4 156
73d189dc 157 init_net.xfrm.state_bydst = ndst;
d320bbb3 158 init_net.xfrm.state_bysrc = nsrc;
b754a4fd 159 init_net.xfrm.state_byspi = nspi;
529983ec 160 init_net.xfrm.state_hmask = nhashmask;
f034b5d4
DM		 161
162 spin_unlock_bh(&xfrm_state_lock);
163
164 osize = (ohashmask + 1) * sizeof(struct hlist_head);
44e36b42
DM		 165 xfrm_hash_free(odst, osize);
166 xfrm_hash_free(osrc, osize);
167 xfrm_hash_free(ospi, osize);
f034b5d4
DM		 168
169out_unlock:
170 mutex_unlock(&hash_resize_mutex);
171}
172
c4028958 173static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
f034b5d4 174
1da177e4
LT		 175DECLARE_WAIT_QUEUE_HEAD(km_waitq);
176EXPORT_SYMBOL(km_waitq);
177
178static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
179static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
180
181static struct work_struct xfrm_state_gc_work;
12a169e7 182static HLIST_HEAD(xfrm_state_gc_list);
1da177e4
LT		 183static DEFINE_SPINLOCK(xfrm_state_gc_lock);
184
53bc6b4d 185int __xfrm_state_delete(struct xfrm_state *x);
1da177e4 186
980ebd25 187int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
53bc6b4d 188void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
1da177e4 189
aa5d62cc
HX		 190static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
191{
192 struct xfrm_state_afinfo *afinfo;
193 if (unlikely(family >= NPROTO))
194 return NULL;
195 write_lock_bh(&xfrm_state_afinfo_lock);
196 afinfo = xfrm_state_afinfo[family];
197 if (unlikely(!afinfo))
198 write_unlock_bh(&xfrm_state_afinfo_lock);
199 return afinfo;
200}
201
202static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 203 __releases(xfrm_state_afinfo_lock)
aa5d62cc
HX		 204{
205 write_unlock_bh(&xfrm_state_afinfo_lock);
206}
207
533cb5b0 208int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 209{
210 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 211 const struct xfrm_type **typemap;
aa5d62cc
HX		 212 int err = 0;
213
214 if (unlikely(afinfo == NULL))
215 return -EAFNOSUPPORT;
216 typemap = afinfo->type_map;
217
218 if (likely(typemap[type->proto] == NULL))
219 typemap[type->proto] = type;
220 else
221 err = -EEXIST;
222 xfrm_state_unlock_afinfo(afinfo);
223 return err;
224}
225EXPORT_SYMBOL(xfrm_register_type);
226
533cb5b0 227int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 228{
229 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 230 const struct xfrm_type **typemap;
aa5d62cc
HX		 231 int err = 0;
232
233 if (unlikely(afinfo == NULL))
234 return -EAFNOSUPPORT;
235 typemap = afinfo->type_map;
236
237 if (unlikely(typemap[type->proto] != type))
238 err = -ENOENT;
239 else
240 typemap[type->proto] = NULL;
241 xfrm_state_unlock_afinfo(afinfo);
242 return err;
243}
244EXPORT_SYMBOL(xfrm_unregister_type);
245
533cb5b0 246static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
aa5d62cc
HX		 247{
248 struct xfrm_state_afinfo *afinfo;
533cb5b0
ED		 249 const struct xfrm_type **typemap;
250 const struct xfrm_type *type;
aa5d62cc
HX		 251 int modload_attempted = 0;
252
253retry:
254 afinfo = xfrm_state_get_afinfo(family);
255 if (unlikely(afinfo == NULL))
256 return NULL;
257 typemap = afinfo->type_map;
258
259 type = typemap[proto];
260 if (unlikely(type && !try_module_get(type->owner)))
261 type = NULL;
262 if (!type && !modload_attempted) {
263 xfrm_state_put_afinfo(afinfo);
264 request_module("xfrm-type-%d-%d", family, proto);
265 modload_attempted = 1;
266 goto retry;
267 }
268
269 xfrm_state_put_afinfo(afinfo);
270 return type;
271}
272
533cb5b0 273static void xfrm_put_type(const struct xfrm_type *type)
aa5d62cc
HX		 274{
275 module_put(type->owner);
276}
277
278int xfrm_register_mode(struct xfrm_mode *mode, int family)
279{
280 struct xfrm_state_afinfo *afinfo;
281 struct xfrm_mode **modemap;
282 int err;
283
284 if (unlikely(mode->encap >= XFRM_MODE_MAX))
285 return -EINVAL;
286
287 afinfo = xfrm_state_lock_afinfo(family);
288 if (unlikely(afinfo == NULL))
289 return -EAFNOSUPPORT;
290
291 err = -EEXIST;
292 modemap = afinfo->mode_map;
17c2a42a
HX		 293 if (modemap[mode->encap])
294 goto out;
aa5d62cc 295
17c2a42a
HX		 296 err = -ENOENT;
297 if (!try_module_get(afinfo->owner))
298 goto out;
299
300 mode->afinfo = afinfo;
301 modemap[mode->encap] = mode;
302 err = 0;
303
304out:
aa5d62cc
HX		 305 xfrm_state_unlock_afinfo(afinfo);
306 return err;
307}
308EXPORT_SYMBOL(xfrm_register_mode);
309
310int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
311{
312 struct xfrm_state_afinfo *afinfo;
313 struct xfrm_mode **modemap;
314 int err;
315
316 if (unlikely(mode->encap >= XFRM_MODE_MAX))
317 return -EINVAL;
318
319 afinfo = xfrm_state_lock_afinfo(family);
320 if (unlikely(afinfo == NULL))
321 return -EAFNOSUPPORT;
322
323 err = -ENOENT;
324 modemap = afinfo->mode_map;
325 if (likely(modemap[mode->encap] == mode)) {
326 modemap[mode->encap] = NULL;
17c2a42a 327 module_put(mode->afinfo->owner);
aa5d62cc
HX		 328 err = 0;
329 }
330
331 xfrm_state_unlock_afinfo(afinfo);
332 return err;
333}
334EXPORT_SYMBOL(xfrm_unregister_mode);
335
336static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
337{
338 struct xfrm_state_afinfo *afinfo;
339 struct xfrm_mode *mode;
340 int modload_attempted = 0;
341
342 if (unlikely(encap >= XFRM_MODE_MAX))
343 return NULL;
344
345retry:
346 afinfo = xfrm_state_get_afinfo(family);
347 if (unlikely(afinfo == NULL))
348 return NULL;
349
350 mode = afinfo->mode_map[encap];
351 if (unlikely(mode && !try_module_get(mode->owner)))
352 mode = NULL;
353 if (!mode && !modload_attempted) {
354 xfrm_state_put_afinfo(afinfo);
355 request_module("xfrm-mode-%d-%d", family, encap);
356 modload_attempted = 1;
357 goto retry;
358 }
359
360 xfrm_state_put_afinfo(afinfo);
361 return mode;
362}
363
364static void xfrm_put_mode(struct xfrm_mode *mode)
365{
366 module_put(mode->owner);
367}
368
1da177e4
LT		 369static void xfrm_state_gc_destroy(struct xfrm_state *x)
370{
a47f0ce0
DM		 371 del_timer_sync(&x->timer);
372 del_timer_sync(&x->rtimer);
a51482bd
JJ		 373 kfree(x->aalg);
374 kfree(x->ealg);
375 kfree(x->calg);
376 kfree(x->encap);
060f02a3 377 kfree(x->coaddr);
13996378
HX		 378 if (x->inner_mode)
379 xfrm_put_mode(x->inner_mode);
df9dcb45
KM		 380 if (x->inner_mode_iaf)
381 xfrm_put_mode(x->inner_mode_iaf);
13996378
HX		 382 if (x->outer_mode)
383 xfrm_put_mode(x->outer_mode);
1da177e4
LT		 384 if (x->type) {
385 x->type->destructor(x);
386 xfrm_put_type(x->type);
387 }
df71837d 388 security_xfrm_state_free(x);
1da177e4
LT		 389 kfree(x);
390}
391
c4028958 392static void xfrm_state_gc_task(struct work_struct *data)
1da177e4 393{
12a169e7
HX		 394 struct xfrm_state *x;
395 struct hlist_node *entry, *tmp;
396 struct hlist_head gc_list;
1da177e4 397
1da177e4 398 spin_lock_bh(&xfrm_state_gc_lock);
12a169e7 399 hlist_move_list(&xfrm_state_gc_list, &gc_list);
1da177e4
LT		 400 spin_unlock_bh(&xfrm_state_gc_lock);
401
12a169e7 402 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
1da177e4 403 xfrm_state_gc_destroy(x);
8f126e37 404
1da177e4
LT		 405 wake_up(&km_waitq);
406}
407
408static inline unsigned long make_jiffies(long secs)
409{
410 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
411 return MAX_SCHEDULE_TIMEOUT-1;
412 else
a716c119 413 return secs*HZ;
1da177e4
LT		 414}
415
416static void xfrm_timer_handler(unsigned long data)
417{
418 struct xfrm_state *x = (struct xfrm_state*)data;
9d729f72 419 unsigned long now = get_seconds();
1da177e4
LT		 420 long next = LONG_MAX;
421 int warn = 0;
161a09e7 422 int err = 0;
1da177e4
LT		 423
424 spin_lock(&x->lock);
425 if (x->km.state == XFRM_STATE_DEAD)
426 goto out;
427 if (x->km.state == XFRM_STATE_EXPIRED)
428 goto expired;
429 if (x->lft.hard_add_expires_seconds) {
430 long tmo = x->lft.hard_add_expires_seconds +
431 x->curlft.add_time - now;
432 if (tmo <= 0)
433 goto expired;
434 if (tmo < next)
435 next = tmo;
436 }
437 if (x->lft.hard_use_expires_seconds) {
438 long tmo = x->lft.hard_use_expires_seconds +
439 (x->curlft.use_time ? : now) - now;
440 if (tmo <= 0)
441 goto expired;
442 if (tmo < next)
443 next = tmo;
444 }
445 if (x->km.dying)
446 goto resched;
447 if (x->lft.soft_add_expires_seconds) {
448 long tmo = x->lft.soft_add_expires_seconds +
449 x->curlft.add_time - now;
450 if (tmo <= 0)
451 warn = 1;
452 else if (tmo < next)
453 next = tmo;
454 }
455 if (x->lft.soft_use_expires_seconds) {
456 long tmo = x->lft.soft_use_expires_seconds +
457 (x->curlft.use_time ? : now) - now;
458 if (tmo <= 0)
459 warn = 1;
460 else if (tmo < next)
461 next = tmo;
462 }
463
4666faab 464 x->km.dying = warn;
1da177e4 465 if (warn)
53bc6b4d 466 km_state_expired(x, 0, 0);
1da177e4 467resched:
a47f0ce0
DM		 468 if (next != LONG_MAX)
469 mod_timer(&x->timer, jiffies + make_jiffies(next));
470
1da177e4
LT		 471 goto out;
472
473expired:
474 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
475 x->km.state = XFRM_STATE_EXPIRED;
476 wake_up(&km_waitq);
477 next = 2;
478 goto resched;
479 }
161a09e7
JL		 480
481 err = __xfrm_state_delete(x);
482 if (!err && x->id.spi)
53bc6b4d 483 km_state_expired(x, 1, 0);
1da177e4 484
ab5f5e8b 485 xfrm_audit_state_delete(x, err ? 0 : 1,
2532386f
EP		 486 audit_get_loginuid(current),
487 audit_get_sessionid(current), 0);
161a09e7 488
1da177e4
LT		 489out:
490 spin_unlock(&x->lock);
1da177e4
LT		 491}
492
0ac84752
DM		 493static void xfrm_replay_timer_handler(unsigned long data);
494
673c09be 495struct xfrm_state *xfrm_state_alloc(struct net *net)
1da177e4
LT		 496{
497 struct xfrm_state *x;
498
0da974f4 499 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
1da177e4
LT		 500
501 if (x) {
673c09be 502 write_pnet(&x->xs_net, net);
1da177e4
LT		 503 atomic_set(&x->refcnt, 1);
504 atomic_set(&x->tunnel_users, 0);
12a169e7 505 INIT_LIST_HEAD(&x->km.all);
8f126e37
DM		 506 INIT_HLIST_NODE(&x->bydst);
507 INIT_HLIST_NODE(&x->bysrc);
508 INIT_HLIST_NODE(&x->byspi);
b24b8a24
PE		 509 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
510 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
511 (unsigned long)x);
9d729f72 512 x->curlft.add_time = get_seconds();
1da177e4
LT		 513 x->lft.soft_byte_limit = XFRM_INF;
514 x->lft.soft_packet_limit = XFRM_INF;
515 x->lft.hard_byte_limit = XFRM_INF;
516 x->lft.hard_packet_limit = XFRM_INF;
f8cd5488
JHS		 517 x->replay_maxage = 0;
518 x->replay_maxdiff = 0;
df9dcb45
KM		 519 x->inner_mode = NULL;
520 x->inner_mode_iaf = NULL;
1da177e4
LT		 521 spin_lock_init(&x->lock);
522 }
523 return x;
524}
525EXPORT_SYMBOL(xfrm_state_alloc);
526
527void __xfrm_state_destroy(struct xfrm_state *x)
528{
547b792c 529 WARN_ON(x->km.state != XFRM_STATE_DEAD);
1da177e4
LT		 530
531 spin_lock_bh(&xfrm_state_gc_lock);
12a169e7 532 hlist_add_head(&x->gclist, &xfrm_state_gc_list);
1da177e4
LT		 533 spin_unlock_bh(&xfrm_state_gc_lock);
534 schedule_work(&xfrm_state_gc_work);
535}
536EXPORT_SYMBOL(__xfrm_state_destroy);
537
53bc6b4d 538int __xfrm_state_delete(struct xfrm_state *x)
1da177e4 539{
26b15dad
JHS		 540 int err = -ESRCH;
541
1da177e4
LT		 542 if (x->km.state != XFRM_STATE_DEAD) {
543 x->km.state = XFRM_STATE_DEAD;
544 spin_lock(&xfrm_state_lock);
12a169e7 545 list_del(&x->km.all);
8f126e37 546 hlist_del(&x->bydst);
8f126e37 547 hlist_del(&x->bysrc);
a47f0ce0 548 if (x->id.spi)
8f126e37 549 hlist_del(&x->byspi);
0bf7c5b0 550 init_net.xfrm.state_num--;
1da177e4 551 spin_unlock(&xfrm_state_lock);
1da177e4 552
1da177e4
LT		 553 /* All xfrm_state objects are created by xfrm_state_alloc.
554 * The xfrm_state_alloc call gives a reference, and that
555 * is what we are dropping here.
556 */
5dba4797 557 xfrm_state_put(x);
26b15dad 558 err = 0;
1da177e4 559 }
26b15dad
JHS		 560
561 return err;
1da177e4 562}
53bc6b4d 563EXPORT_SYMBOL(__xfrm_state_delete);
1da177e4 564
26b15dad 565int xfrm_state_delete(struct xfrm_state *x)
1da177e4 566{
26b15dad
JHS		 567 int err;
568
1da177e4 569 spin_lock_bh(&x->lock);
26b15dad 570 err = __xfrm_state_delete(x);
1da177e4 571 spin_unlock_bh(&x->lock);
26b15dad
JHS		 572
573 return err;
1da177e4
LT		 574}
575EXPORT_SYMBOL(xfrm_state_delete);
576
4aa2e62c
JL		 577#ifdef CONFIG_SECURITY_NETWORK_XFRM
578static inline int
579xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
1da177e4 580{
4aa2e62c
JL		 581 int i, err = 0;
582
529983ec 583 for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
4aa2e62c
JL		 584 struct hlist_node *entry;
585 struct xfrm_state *x;
586
73d189dc 587 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
4aa2e62c
JL		 588 if (xfrm_id_proto_match(x->id.proto, proto) &&
589 (err = security_xfrm_state_delete(x)) != 0) {
ab5f5e8b
JL		 590 xfrm_audit_state_delete(x, 0,
591 audit_info->loginuid,
2532386f 592 audit_info->sessionid,
ab5f5e8b 593 audit_info->secid);
4aa2e62c
JL		 594 return err;
595 }
596 }
597 }
598
599 return err;
600}
601#else
602static inline int
603xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
604{
605 return 0;
606}
607#endif
608
609int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
610{
611 int i, err = 0;
1da177e4
LT		 612
613 spin_lock_bh(&xfrm_state_lock);
4aa2e62c
JL		 614 err = xfrm_state_flush_secctx_check(proto, audit_info);
615 if (err)
616 goto out;
617
529983ec 618 for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
8f126e37
DM		 619 struct hlist_node *entry;
620 struct xfrm_state *x;
1da177e4 621restart:
73d189dc 622 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
1da177e4 623 if (!xfrm_state_kern(x) &&
5794708f 624 xfrm_id_proto_match(x->id.proto, proto)) {
1da177e4
LT		 625 xfrm_state_hold(x);
626 spin_unlock_bh(&xfrm_state_lock);
627
161a09e7 628 err = xfrm_state_delete(x);
ab5f5e8b
JL		 629 xfrm_audit_state_delete(x, err ? 0 : 1,
630 audit_info->loginuid,
2532386f 631 audit_info->sessionid,
ab5f5e8b 632 audit_info->secid);
1da177e4
LT		 633 xfrm_state_put(x);
634
635 spin_lock_bh(&xfrm_state_lock);
636 goto restart;
637 }
638 }
639 }
4aa2e62c
JL		 640 err = 0;
641
642out:
1da177e4
LT		 643 spin_unlock_bh(&xfrm_state_lock);
644 wake_up(&km_waitq);
4aa2e62c 645 return err;
1da177e4
LT		 646}
647EXPORT_SYMBOL(xfrm_state_flush);
648
af11e316 649void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
28d8909b
JHS		 650{
651 spin_lock_bh(&xfrm_state_lock);
0bf7c5b0 652 si->sadcnt = init_net.xfrm.state_num;
529983ec 653 si->sadhcnt = init_net.xfrm.state_hmask;
28d8909b
JHS		 654 si->sadhmcnt = xfrm_state_hashmax;
655 spin_unlock_bh(&xfrm_state_lock);
656}
657EXPORT_SYMBOL(xfrm_sad_getinfo);
658
1da177e4
LT		 659static int
660xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
661 struct xfrm_tmpl *tmpl,
662 xfrm_address_t *daddr, xfrm_address_t *saddr,
663 unsigned short family)
664{
665 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
666 if (!afinfo)
667 return -1;
668 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
669 xfrm_state_put_afinfo(afinfo);
670 return 0;
671}
672
a94cfd19 673static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
edcd5821
DM		 674{
675 unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
676 struct xfrm_state *x;
8f126e37 677 struct hlist_node *entry;
edcd5821 678
b754a4fd 679 hlist_for_each_entry(x, entry, init_net.xfrm.state_byspi+h, byspi) {
edcd5821
DM		 680 if (x->props.family != family ||
681 x->id.spi != spi ||
682 x->id.proto != proto)
683 continue;
684
685 switch (family) {
686 case AF_INET:
687 if (x->id.daddr.a4 != daddr->a4)
688 continue;
689 break;
690 case AF_INET6:
691 if (!ipv6_addr_equal((struct in6_addr *)daddr,
692 (struct in6_addr *)
693 x->id.daddr.a6))
694 continue;
695 break;
3ff50b79 696 }
edcd5821
DM		 697
698 xfrm_state_hold(x);
699 return x;
700 }
701
702 return NULL;
703}
704
705static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
706{
667bbcb6 707 unsigned int h = xfrm_src_hash(daddr, saddr, family);
edcd5821 708 struct xfrm_state *x;
8f126e37 709 struct hlist_node *entry;
edcd5821 710
d320bbb3 711 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
edcd5821
DM		 712 if (x->props.family != family ||
713 x->id.proto != proto)
714 continue;
715
716 switch (family) {
717 case AF_INET:
718 if (x->id.daddr.a4 != daddr->a4 ||
719 x->props.saddr.a4 != saddr->a4)
720 continue;
721 break;
722 case AF_INET6:
723 if (!ipv6_addr_equal((struct in6_addr *)daddr,
724 (struct in6_addr *)
725 x->id.daddr.a6) ||
726 !ipv6_addr_equal((struct in6_addr *)saddr,
727 (struct in6_addr *)
728 x->props.saddr.a6))
729 continue;
730 break;
3ff50b79 731 }
edcd5821
DM		 732
733 xfrm_state_hold(x);
734 return x;
735 }
736
737 return NULL;
738}
739
740static inline struct xfrm_state *
741__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
742{
743 if (use_spi)
744 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
745 x->id.proto, family);
746 else
747 return __xfrm_state_lookup_byaddr(&x->id.daddr,
748 &x->props.saddr,
749 x->id.proto, family);
750}
751
2fab22f2
PM		 752static void xfrm_hash_grow_check(int have_hash_collision)
753{
754 if (have_hash_collision &&
529983ec 755 (init_net.xfrm.state_hmask + 1) < xfrm_state_hashmax &&
0bf7c5b0 756 init_net.xfrm.state_num > init_net.xfrm.state_hmask)
2fab22f2
PM		 757 schedule_work(&xfrm_hash_work);
758}
759
1da177e4 760struct xfrm_state *
a716c119 761xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 762 struct flowi *fl, struct xfrm_tmpl *tmpl,
763 struct xfrm_policy *pol, int *err,
764 unsigned short family)
765{
4bda4f25 766 unsigned int h;
8f126e37 767 struct hlist_node *entry;
37b08e34 768 struct xfrm_state *x, *x0, *to_put;
1da177e4
LT		 769 int acquire_in_progress = 0;
770 int error = 0;
771 struct xfrm_state *best = NULL;
a716c119 772
37b08e34
DM		 773 to_put = NULL;
774
1da177e4 775 spin_lock_bh(&xfrm_state_lock);
4bda4f25 776 h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
73d189dc 777 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
1da177e4
LT		 778 if (x->props.family == family &&
779 x->props.reqid == tmpl->reqid &&
fbd9a5b4 780 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1da177e4
LT		 781 xfrm_state_addr_check(x, daddr, saddr, family) &&
782 tmpl->mode == x->props.mode &&
783 tmpl->id.proto == x->id.proto &&
784 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
785 /* Resolution logic:
786 1. There is a valid state with matching selector.
787 Done.
788 2. Valid state with inappropriate selector. Skip.
789
790 Entering area of "sysdeps".
791
792 3. If state is not valid, selector is temporary,
793 it selects only session which triggered
794 previous resolution. Key manager will do
795 something to install a state with proper
796 selector.
797 */
798 if (x->km.state == XFRM_STATE_VALID) {
df9dcb45 799 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
e0d1caa7 800 !security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 801 continue;
802 if (!best ||
803 best->km.dying > x->km.dying ||
804 (best->km.dying == x->km.dying &&
805 best->curlft.add_time < x->curlft.add_time))
806 best = x;
807 } else if (x->km.state == XFRM_STATE_ACQ) {
808 acquire_in_progress = 1;
809 } else if (x->km.state == XFRM_STATE_ERROR ||
810 x->km.state == XFRM_STATE_EXPIRED) {
48b8d783 811 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
e0d1caa7 812 security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 813 error = -ESRCH;
814 }
815 }
816 }
817
818 x = best;
819 if (!x && !error && !acquire_in_progress) {
5c5d281a 820 if (tmpl->id.spi &&
edcd5821
DM		 821 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
822 tmpl->id.proto, family)) != NULL) {
37b08e34 823 to_put = x0;
1da177e4
LT		 824 error = -EEXIST;
825 goto out;
826 }
673c09be 827 x = xfrm_state_alloc(&init_net);
1da177e4
LT		 828 if (x == NULL) {
829 error = -ENOMEM;
830 goto out;
831 }
832 /* Initialize temporary selector matching only
833 * to current session. */
834 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
835
e0d1caa7
VY		 836 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
837 if (error) {
838 x->km.state = XFRM_STATE_DEAD;
37b08e34 839 to_put = x;
e0d1caa7
VY		 840 x = NULL;
841 goto out;
842 }
843
1da177e4
LT		 844 if (km_query(x, tmpl, pol) == 0) {
845 x->km.state = XFRM_STATE_ACQ;
9d4139c7 846 list_add(&x->km.all, &init_net.xfrm.state_all);
73d189dc 847 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
667bbcb6 848 h = xfrm_src_hash(daddr, saddr, family);
d320bbb3 849 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1da177e4
LT		 850 if (x->id.spi) {
851 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
b754a4fd 852 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1da177e4 853 }
01e67d08
DM		 854 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
855 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1da177e4 856 add_timer(&x->timer);
0bf7c5b0 857 init_net.xfrm.state_num++;
2fab22f2 858 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 859 } else {
860 x->km.state = XFRM_STATE_DEAD;
37b08e34 861 to_put = x;
1da177e4
LT		 862 x = NULL;
863 error = -ESRCH;
864 }
865 }
866out:
867 if (x)
868 xfrm_state_hold(x);
869 else
870 *err = acquire_in_progress ? -EAGAIN : error;
871 spin_unlock_bh(&xfrm_state_lock);
37b08e34
DM		 872 if (to_put)
873 xfrm_state_put(to_put);
1da177e4
LT		 874 return x;
875}
876
628529b6
JHS		 877struct xfrm_state *
878xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
879 unsigned short family, u8 mode, u8 proto, u32 reqid)
880{
4bda4f25 881 unsigned int h;
628529b6
JHS		 882 struct xfrm_state *rx = NULL, *x = NULL;
883 struct hlist_node *entry;
884
885 spin_lock(&xfrm_state_lock);
4bda4f25 886 h = xfrm_dst_hash(daddr, saddr, reqid, family);
73d189dc 887 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
628529b6
JHS		 888 if (x->props.family == family &&
889 x->props.reqid == reqid &&
890 !(x->props.flags & XFRM_STATE_WILDRECV) &&
891 xfrm_state_addr_check(x, daddr, saddr, family) &&
892 mode == x->props.mode &&
893 proto == x->id.proto &&
894 x->km.state == XFRM_STATE_VALID) {
895 rx = x;
896 break;
897 }
898 }
899
900 if (rx)
901 xfrm_state_hold(rx);
902 spin_unlock(&xfrm_state_lock);
903
904
905 return rx;
906}
907EXPORT_SYMBOL(xfrm_stateonly_find);
908
1da177e4
LT		 909static void __xfrm_state_insert(struct xfrm_state *x)
910{
a624c108 911 unsigned int h;
1da177e4 912
9d4a706d
DM		 913 x->genid = ++xfrm_state_genid;
914
9d4139c7 915 list_add(&x->km.all, &init_net.xfrm.state_all);
4c563f76 916
c1969f29
DM		 917 h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
918 x->props.reqid, x->props.family);
73d189dc 919 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
1da177e4 920
667bbcb6 921 h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
d320bbb3 922 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1da177e4 923
7b4dc360 924 if (x->id.spi) {
6c44e6b7
MN		 925 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
926 x->props.family);
927
b754a4fd 928 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
6c44e6b7
MN		 929 }
930
a47f0ce0
DM		 931 mod_timer(&x->timer, jiffies + HZ);
932 if (x->replay_maxage)
933 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
f8cd5488 934
1da177e4 935 wake_up(&km_waitq);
f034b5d4 936
0bf7c5b0 937 init_net.xfrm.state_num++;
f034b5d4 938
918049f0 939 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 940}
941
c7f5ea3a
DM		 942/* xfrm_state_lock is held */
943static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
944{
945 unsigned short family = xnew->props.family;
946 u32 reqid = xnew->props.reqid;
947 struct xfrm_state *x;
948 struct hlist_node *entry;
949 unsigned int h;
950
c1969f29 951 h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
73d189dc 952 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
c7f5ea3a
DM		 953 if (x->props.family == family &&
954 x->props.reqid == reqid &&
c1969f29
DM		 955 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
956 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
c7f5ea3a
DM		 957 x->genid = xfrm_state_genid;
958 }
959}
960
1da177e4
LT		 961void xfrm_state_insert(struct xfrm_state *x)
962{
963 spin_lock_bh(&xfrm_state_lock);
c7f5ea3a 964 __xfrm_state_bump_genids(x);
1da177e4
LT		 965 __xfrm_state_insert(x);
966 spin_unlock_bh(&xfrm_state_lock);
967}
968EXPORT_SYMBOL(xfrm_state_insert);
969
2770834c
DM		 970/* xfrm_state_lock is held */
971static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
972{
c1969f29 973 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
8f126e37 974 struct hlist_node *entry;
2770834c
DM		 975 struct xfrm_state *x;
976
73d189dc 977 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
2770834c
DM		 978 if (x->props.reqid != reqid ||
979 x->props.mode != mode ||
980 x->props.family != family ||
981 x->km.state != XFRM_STATE_ACQ ||
75e252d9
JL		 982 x->id.spi != 0 ||
983 x->id.proto != proto)
2770834c
DM		 984 continue;
985
986 switch (family) {
987 case AF_INET:
988 if (x->id.daddr.a4 != daddr->a4 ||
989 x->props.saddr.a4 != saddr->a4)
990 continue;
991 break;
992 case AF_INET6:
993 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
994 (struct in6_addr *)daddr) ||
995 !ipv6_addr_equal((struct in6_addr *)
996 x->props.saddr.a6,
997 (struct in6_addr *)saddr))
998 continue;
999 break;
3ff50b79 1000 }
2770834c
DM		 1001
1002 xfrm_state_hold(x);
1003 return x;
1004 }
1005
1006 if (!create)
1007 return NULL;
1008
673c09be 1009 x = xfrm_state_alloc(&init_net);
2770834c
DM		 1010 if (likely(x)) {
1011 switch (family) {
1012 case AF_INET:
1013 x->sel.daddr.a4 = daddr->a4;
1014 x->sel.saddr.a4 = saddr->a4;
1015 x->sel.prefixlen_d = 32;
1016 x->sel.prefixlen_s = 32;
1017 x->props.saddr.a4 = saddr->a4;
1018 x->id.daddr.a4 = daddr->a4;
1019 break;
1020
1021 case AF_INET6:
1022 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1023 (struct in6_addr *)daddr);
1024 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1025 (struct in6_addr *)saddr);
1026 x->sel.prefixlen_d = 128;
1027 x->sel.prefixlen_s = 128;
1028 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1029 (struct in6_addr *)saddr);
1030 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1031 (struct in6_addr *)daddr);
1032 break;
3ff50b79 1033 }
2770834c
DM		 1034
1035 x->km.state = XFRM_STATE_ACQ;
1036 x->id.proto = proto;
1037 x->props.family = family;
1038 x->props.mode = mode;
1039 x->props.reqid = reqid;
01e67d08 1040 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
2770834c 1041 xfrm_state_hold(x);
01e67d08 1042 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
2770834c 1043 add_timer(&x->timer);
9d4139c7 1044 list_add(&x->km.all, &init_net.xfrm.state_all);
73d189dc 1045 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
667bbcb6 1046 h = xfrm_src_hash(daddr, saddr, family);
d320bbb3 1047 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
918049f0 1048
0bf7c5b0 1049 init_net.xfrm.state_num++;
918049f0
DM		 1050
1051 xfrm_hash_grow_check(x->bydst.next != NULL);
2770834c
DM		 1052 }
1053
1054 return x;
1055}
1056
1da177e4
LT		 1057static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1058
1059int xfrm_state_add(struct xfrm_state *x)
1060{
37b08e34 1061 struct xfrm_state *x1, *to_put;
1da177e4
LT		 1062 int family;
1063 int err;
eb2971b6 1064 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4
LT		 1065
1066 family = x->props.family;
1da177e4 1067
37b08e34
DM		 1068 to_put = NULL;
1069
1da177e4
LT		 1070 spin_lock_bh(&xfrm_state_lock);
1071
edcd5821 1072 x1 = __xfrm_state_locate(x, use_spi, family);
1da177e4 1073 if (x1) {
37b08e34 1074 to_put = x1;
1da177e4
LT		 1075 x1 = NULL;
1076 err = -EEXIST;
1077 goto out;
1078 }
1079
eb2971b6 1080 if (use_spi && x->km.seq) {
1da177e4 1081 x1 = __xfrm_find_acq_byseq(x->km.seq);
75e252d9
JL		 1082 if (x1 && ((x1->id.proto != x->id.proto) ||
1083 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
37b08e34 1084 to_put = x1;
1da177e4
LT		 1085 x1 = NULL;
1086 }
1087 }
1088
eb2971b6 1089 if (use_spi && !x1)
2770834c
DM		 1090 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1091 x->id.proto,
1092 &x->id.daddr, &x->props.saddr, 0);
1da177e4 1093
c7f5ea3a 1094 __xfrm_state_bump_genids(x);
1da177e4
LT		 1095 __xfrm_state_insert(x);
1096 err = 0;
1097
1098out:
1099 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1100
1101 if (x1) {
1102 xfrm_state_delete(x1);
1103 xfrm_state_put(x1);
1104 }
1105
37b08e34
DM		 1106 if (to_put)
1107 xfrm_state_put(to_put);
1108
1da177e4
LT		 1109 return err;
1110}
1111EXPORT_SYMBOL(xfrm_state_add);
1112
80c9abaa 1113#ifdef CONFIG_XFRM_MIGRATE
6666351d 1114static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
80c9abaa
SS		 1115{
1116 int err = -ENOMEM;
673c09be 1117 struct xfrm_state *x = xfrm_state_alloc(&init_net);
80c9abaa
SS		 1118 if (!x)
1119 goto error;
1120
1121 memcpy(&x->id, &orig->id, sizeof(x->id));
1122 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1123 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1124 x->props.mode = orig->props.mode;
1125 x->props.replay_window = orig->props.replay_window;
1126 x->props.reqid = orig->props.reqid;
1127 x->props.family = orig->props.family;
1128 x->props.saddr = orig->props.saddr;
1129
1130 if (orig->aalg) {
1131 x->aalg = xfrm_algo_clone(orig->aalg);
1132 if (!x->aalg)
1133 goto error;
1134 }
1135 x->props.aalgo = orig->props.aalgo;
1136
1137 if (orig->ealg) {
1138 x->ealg = xfrm_algo_clone(orig->ealg);
1139 if (!x->ealg)
1140 goto error;
1141 }
1142 x->props.ealgo = orig->props.ealgo;
1143
1144 if (orig->calg) {
1145 x->calg = xfrm_algo_clone(orig->calg);
1146 if (!x->calg)
1147 goto error;
1148 }
1149 x->props.calgo = orig->props.calgo;
1150
a716c119 1151 if (orig->encap) {
80c9abaa
SS		 1152 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1153 if (!x->encap)
1154 goto error;
1155 }
1156
1157 if (orig->coaddr) {
1158 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1159 GFP_KERNEL);
1160 if (!x->coaddr)
1161 goto error;
1162 }
1163
1164 err = xfrm_init_state(x);
1165 if (err)
1166 goto error;
1167
1168 x->props.flags = orig->props.flags;
1169
1170 x->curlft.add_time = orig->curlft.add_time;
1171 x->km.state = orig->km.state;
1172 x->km.seq = orig->km.seq;
1173
1174 return x;
1175
1176 error:
1177 if (errp)
1178 *errp = err;
1179 if (x) {
1180 kfree(x->aalg);
1181 kfree(x->ealg);
1182 kfree(x->calg);
1183 kfree(x->encap);
1184 kfree(x->coaddr);
1185 }
1186 kfree(x);
1187 return NULL;
1188}
80c9abaa
SS		 1189
1190/* xfrm_state_lock is held */
1191struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1192{
1193 unsigned int h;
1194 struct xfrm_state *x;
1195 struct hlist_node *entry;
1196
1197 if (m->reqid) {
1198 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1199 m->reqid, m->old_family);
73d189dc 1200 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
80c9abaa
SS		 1201 if (x->props.mode != m->mode ||
1202 x->id.proto != m->proto)
1203 continue;
1204 if (m->reqid && x->props.reqid != m->reqid)
1205 continue;
1206 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1207 m->old_family) ||
1208 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1209 m->old_family))
1210 continue;
1211 xfrm_state_hold(x);
1212 return x;
1213 }
1214 } else {
1215 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1216 m->old_family);
d320bbb3 1217 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
80c9abaa
SS		 1218 if (x->props.mode != m->mode ||
1219 x->id.proto != m->proto)
1220 continue;
1221 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1222 m->old_family) ||
1223 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1224 m->old_family))
1225 continue;
1226 xfrm_state_hold(x);
1227 return x;
1228 }
1229 }
1230
a716c119 1231 return NULL;
80c9abaa
SS		 1232}
1233EXPORT_SYMBOL(xfrm_migrate_state_find);
1234
1235struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1236 struct xfrm_migrate *m)
1237{
1238 struct xfrm_state *xc;
1239 int err;
1240
1241 xc = xfrm_state_clone(x, &err);
1242 if (!xc)
1243 return NULL;
1244
1245 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1246 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1247
1248 /* add state */
1249 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1250 /* a care is needed when the destination address of the
1251 state is to be updated as it is a part of triplet */
1252 xfrm_state_insert(xc);
1253 } else {
1254 if ((err = xfrm_state_add(xc)) < 0)
1255 goto error;
1256 }
1257
1258 return xc;
1259error:
1260 kfree(xc);
1261 return NULL;
1262}
1263EXPORT_SYMBOL(xfrm_state_migrate);
1264#endif
1265
1da177e4
LT		 1266int xfrm_state_update(struct xfrm_state *x)
1267{
37b08e34 1268 struct xfrm_state *x1, *to_put;
1da177e4 1269 int err;
eb2971b6 1270 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4 1271
37b08e34
DM		 1272 to_put = NULL;
1273
1da177e4 1274 spin_lock_bh(&xfrm_state_lock);
edcd5821 1275 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1da177e4
LT		 1276
1277 err = -ESRCH;
1278 if (!x1)
1279 goto out;
1280
1281 if (xfrm_state_kern(x1)) {
37b08e34 1282 to_put = x1;
1da177e4
LT		 1283 err = -EEXIST;
1284 goto out;
1285 }
1286
1287 if (x1->km.state == XFRM_STATE_ACQ) {
1288 __xfrm_state_insert(x);
1289 x = NULL;
1290 }
1291 err = 0;
1292
1293out:
1294 spin_unlock_bh(&xfrm_state_lock);
1da177e4 1295
37b08e34
DM		 1296 if (to_put)
1297 xfrm_state_put(to_put);
1298
1da177e4
LT		 1299 if (err)
1300 return err;
1301
1302 if (!x) {
1303 xfrm_state_delete(x1);
1304 xfrm_state_put(x1);
1305 return 0;
1306 }
1307
1308 err = -EINVAL;
1309 spin_lock_bh(&x1->lock);
1310 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1311 if (x->encap && x1->encap)
1312 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
060f02a3
NT		 1313 if (x->coaddr && x1->coaddr) {
1314 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1315 }
1316 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1317 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1da177e4
LT		 1318 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1319 x1->km.dying = 0;
1320
a47f0ce0 1321 mod_timer(&x1->timer, jiffies + HZ);
1da177e4
LT		 1322 if (x1->curlft.use_time)
1323 xfrm_state_check_expire(x1);
1324
1325 err = 0;
1326 }
1327 spin_unlock_bh(&x1->lock);
1328
1329 xfrm_state_put(x1);
1330
1331 return err;
1332}
1333EXPORT_SYMBOL(xfrm_state_update);
1334
1335int xfrm_state_check_expire(struct xfrm_state *x)
1336{
1337 if (!x->curlft.use_time)
9d729f72 1338 x->curlft.use_time = get_seconds();
1da177e4
LT		 1339
1340 if (x->km.state != XFRM_STATE_VALID)
1341 return -EINVAL;
1342
1343 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1344 x->curlft.packets >= x->lft.hard_packet_limit) {
4666faab 1345 x->km.state = XFRM_STATE_EXPIRED;
a47f0ce0 1346 mod_timer(&x->timer, jiffies);
1da177e4
LT		 1347 return -EINVAL;
1348 }
1349
1350 if (!x->km.dying &&
1351 (x->curlft.bytes >= x->lft.soft_byte_limit ||
4666faab
HX		 1352 x->curlft.packets >= x->lft.soft_packet_limit)) {
1353 x->km.dying = 1;
53bc6b4d 1354 km_state_expired(x, 0, 0);
4666faab 1355 }
1da177e4
LT		 1356 return 0;
1357}
1358EXPORT_SYMBOL(xfrm_state_check_expire);
1359
1da177e4 1360struct xfrm_state *
a94cfd19 1361xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1da177e4
LT		 1362 unsigned short family)
1363{
1364 struct xfrm_state *x;
1da177e4
LT		 1365
1366 spin_lock_bh(&xfrm_state_lock);
edcd5821 1367 x = __xfrm_state_lookup(daddr, spi, proto, family);
1da177e4 1368 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1369 return x;
1370}
1371EXPORT_SYMBOL(xfrm_state_lookup);
1372
1373struct xfrm_state *
eb2971b6
MN		 1374xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1375 u8 proto, unsigned short family)
1376{
1377 struct xfrm_state *x;
eb2971b6
MN		 1378
1379 spin_lock_bh(&xfrm_state_lock);
edcd5821 1380 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
eb2971b6 1381 spin_unlock_bh(&xfrm_state_lock);
eb2971b6
MN		 1382 return x;
1383}
1384EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1385
1386struct xfrm_state *
a716c119
YH		 1387xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1388 xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 1389 int create, unsigned short family)
1390{
1391 struct xfrm_state *x;
1da177e4
LT		 1392
1393 spin_lock_bh(&xfrm_state_lock);
2770834c 1394 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1da177e4 1395 spin_unlock_bh(&xfrm_state_lock);
2770834c 1396
1da177e4
LT		 1397 return x;
1398}
1399EXPORT_SYMBOL(xfrm_find_acq);
1400
41a49cc3
MN		 1401#ifdef CONFIG_XFRM_SUB_POLICY
1402int
1403xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1404 unsigned short family)
1405{
1406 int err = 0;
1407 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1408 if (!afinfo)
1409 return -EAFNOSUPPORT;
1410
1411 spin_lock_bh(&xfrm_state_lock);
1412 if (afinfo->tmpl_sort)
1413 err = afinfo->tmpl_sort(dst, src, n);
1414 spin_unlock_bh(&xfrm_state_lock);
1415 xfrm_state_put_afinfo(afinfo);
1416 return err;
1417}
1418EXPORT_SYMBOL(xfrm_tmpl_sort);
1419
1420int
1421xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1422 unsigned short family)
1423{
1424 int err = 0;
1425 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1426 if (!afinfo)
1427 return -EAFNOSUPPORT;
1428
1429 spin_lock_bh(&xfrm_state_lock);
1430 if (afinfo->state_sort)
1431 err = afinfo->state_sort(dst, src, n);
1432 spin_unlock_bh(&xfrm_state_lock);
1433 xfrm_state_put_afinfo(afinfo);
1434 return err;
1435}
1436EXPORT_SYMBOL(xfrm_state_sort);
1437#endif
1438
1da177e4
LT		 1439/* Silly enough, but I'm lazy to build resolution list */
1440
1441static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1442{
1443 int i;
1da177e4 1444
529983ec 1445 for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
8f126e37
DM		 1446 struct hlist_node *entry;
1447 struct xfrm_state *x;
1448
73d189dc 1449 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
8f126e37
DM		 1450 if (x->km.seq == seq &&
1451 x->km.state == XFRM_STATE_ACQ) {
1da177e4
LT		 1452 xfrm_state_hold(x);
1453 return x;
1454 }
1455 }
1456 }
1457 return NULL;
1458}
1459
1460struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1461{
1462 struct xfrm_state *x;
1463
1464 spin_lock_bh(&xfrm_state_lock);
1465 x = __xfrm_find_acq_byseq(seq);
1466 spin_unlock_bh(&xfrm_state_lock);
1467 return x;
1468}
1469EXPORT_SYMBOL(xfrm_find_acq_byseq);
1470
1471u32 xfrm_get_acqseq(void)
1472{
1473 u32 res;
1474 static u32 acqseq;
1475 static DEFINE_SPINLOCK(acqseq_lock);
1476
1477 spin_lock_bh(&acqseq_lock);
1478 res = (++acqseq ? : ++acqseq);
1479 spin_unlock_bh(&acqseq_lock);
1480 return res;
1481}
1482EXPORT_SYMBOL(xfrm_get_acqseq);
1483
658b219e 1484int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1da177e4 1485{
f034b5d4 1486 unsigned int h;
1da177e4 1487 struct xfrm_state *x0;
658b219e
HX		 1488 int err = -ENOENT;
1489 __be32 minspi = htonl(low);
1490 __be32 maxspi = htonl(high);
1da177e4 1491
658b219e
HX		 1492 spin_lock_bh(&x->lock);
1493 if (x->km.state == XFRM_STATE_DEAD)
1494 goto unlock;
1495
1496 err = 0;
1da177e4 1497 if (x->id.spi)
658b219e
HX		 1498 goto unlock;
1499
1500 err = -ENOENT;
1da177e4
LT		 1501
1502 if (minspi == maxspi) {
1503 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1504 if (x0) {
1505 xfrm_state_put(x0);
658b219e 1506 goto unlock;
1da177e4
LT		 1507 }
1508 x->id.spi = minspi;
1509 } else {
1510 u32 spi = 0;
26977b4e
AV		 1511 for (h=0; h<high-low+1; h++) {
1512 spi = low + net_random()%(high-low+1);
1da177e4
LT		 1513 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1514 if (x0 == NULL) {
1515 x->id.spi = htonl(spi);
1516 break;
1517 }
1518 xfrm_state_put(x0);
1519 }
1520 }
1521 if (x->id.spi) {
1522 spin_lock_bh(&xfrm_state_lock);
1523 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
b754a4fd 1524 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1da177e4 1525 spin_unlock_bh(&xfrm_state_lock);
658b219e
HX		 1526
1527 err = 0;
1da177e4 1528 }
658b219e
HX		 1529
1530unlock:
1531 spin_unlock_bh(&x->lock);
1532
1533 return err;
1da177e4
LT		 1534}
1535EXPORT_SYMBOL(xfrm_alloc_spi);
1536
4c563f76
TT		 1537int xfrm_state_walk(struct xfrm_state_walk *walk,
1538 int (*func)(struct xfrm_state *, int, void*),
1da177e4
LT		 1539 void *data)
1540{
12a169e7
HX		 1541 struct xfrm_state *state;
1542 struct xfrm_state_walk *x;
1da177e4
LT		 1543 int err = 0;
1544
12a169e7 1545 if (walk->seq != 0 && list_empty(&walk->all))
4c563f76
TT		 1546 return 0;
1547
1da177e4 1548 spin_lock_bh(&xfrm_state_lock);
12a169e7 1549 if (list_empty(&walk->all))
9d4139c7 1550 x = list_first_entry(&init_net.xfrm.state_all, struct xfrm_state_walk, all);
12a169e7
HX		 1551 else
1552 x = list_entry(&walk->all, struct xfrm_state_walk, all);
9d4139c7 1553 list_for_each_entry_from(x, &init_net.xfrm.state_all, all) {
12a169e7 1554 if (x->state == XFRM_STATE_DEAD)
4c563f76 1555 continue;
12a169e7
HX		 1556 state = container_of(x, struct xfrm_state, km);
1557 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
4c563f76 1558 continue;
12a169e7
HX		 1559 err = func(state, walk->seq, data);
1560 if (err) {
1561 list_move_tail(&walk->all, &x->all);
1562 goto out;
1da177e4 1563 }
12a169e7 1564 walk->seq++;
1da177e4 1565 }
12a169e7 1566 if (walk->seq == 0) {
1da177e4
LT		 1567 err = -ENOENT;
1568 goto out;
1569 }
12a169e7 1570 list_del_init(&walk->all);
1da177e4
LT		 1571out:
1572 spin_unlock_bh(&xfrm_state_lock);
1573 return err;
1574}
1575EXPORT_SYMBOL(xfrm_state_walk);
1576
5c182458
HX		 1577void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1578{
12a169e7 1579 INIT_LIST_HEAD(&walk->all);
5c182458 1580 walk->proto = proto;
12a169e7
HX		 1581 walk->state = XFRM_STATE_DEAD;
1582 walk->seq = 0;
5c182458
HX		 1583}
1584EXPORT_SYMBOL(xfrm_state_walk_init);
1585
abb81c4f
HX		 1586void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1587{
12a169e7 1588 if (list_empty(&walk->all))
5c182458 1589 return;
5c182458 1590
12a169e7
HX		 1591 spin_lock_bh(&xfrm_state_lock);
1592 list_del(&walk->all);
1593 spin_lock_bh(&xfrm_state_lock);
abb81c4f
HX		 1594}
1595EXPORT_SYMBOL(xfrm_state_walk_done);
1596
f8cd5488
JHS		 1597
1598void xfrm_replay_notify(struct xfrm_state *x, int event)
1599{
1600 struct km_event c;
1601 /* we send notify messages in case
1602 * 1. we updated on of the sequence numbers, and the seqno difference
1603 * is at least x->replay_maxdiff, in this case we also update the
1604 * timeout of our timer function
1605 * 2. if x->replay_maxage has elapsed since last update,
1606 * and there were changes
1607 *
1608 * The state structure must be locked!
1609 */
1610
1611 switch (event) {
1612 case XFRM_REPLAY_UPDATE:
1613 if (x->replay_maxdiff &&
1614 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
2717096a
JHS		 1615 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1616 if (x->xflags & XFRM_TIME_DEFER)
1617 event = XFRM_REPLAY_TIMEOUT;
1618 else
1619 return;
1620 }
f8cd5488
JHS		 1621
1622 break;
1623
1624 case XFRM_REPLAY_TIMEOUT:
1625 if ((x->replay.seq == x->preplay.seq) &&
1626 (x->replay.bitmap == x->preplay.bitmap) &&
2717096a
JHS		 1627 (x->replay.oseq == x->preplay.oseq)) {
1628 x->xflags |= XFRM_TIME_DEFER;
f8cd5488 1629 return;
2717096a 1630 }
f8cd5488
JHS		 1631
1632 break;
1633 }
1634
1635 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1636 c.event = XFRM_MSG_NEWAE;
1637 c.data.aevent = event;
1638 km_state_notify(x, &c);
1639
f8cd5488 1640 if (x->replay_maxage &&
a47f0ce0 1641 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
2717096a 1642 x->xflags &= ~XFRM_TIME_DEFER;
f8cd5488
JHS		 1643}
1644
1645static void xfrm_replay_timer_handler(unsigned long data)
1646{
1647 struct xfrm_state *x = (struct xfrm_state*)data;
1648
1649 spin_lock(&x->lock);
1650
2717096a
JHS		 1651 if (x->km.state == XFRM_STATE_VALID) {
1652 if (xfrm_aevent_is_on())
1653 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1654 else
1655 x->xflags |= XFRM_TIME_DEFER;
1656 }
f8cd5488
JHS		 1657
1658 spin_unlock(&x->lock);
1659}
1660
afeb14b4
PM		 1661int xfrm_replay_check(struct xfrm_state *x,
1662 struct sk_buff *skb, __be32 net_seq)
1da177e4
LT		 1663{
1664 u32 diff;
a252cc23 1665 u32 seq = ntohl(net_seq);
1da177e4
LT		 1666
1667 if (unlikely(seq == 0))
afeb14b4 1668 goto err;
1da177e4
LT		 1669
1670 if (likely(seq > x->replay.seq))
1671 return 0;
1672
1673 diff = x->replay.seq - seq;
4c4d51a7
HX		 1674 if (diff >= min_t(unsigned int, x->props.replay_window,
1675 sizeof(x->replay.bitmap) * 8)) {
1da177e4 1676 x->stats.replay_window++;
afeb14b4 1677 goto err;
1da177e4
LT		 1678 }
1679
1680 if (x->replay.bitmap & (1U << diff)) {
1681 x->stats.replay++;
afeb14b4 1682 goto err;
1da177e4
LT		 1683 }
1684 return 0;
afeb14b4
PM		 1685
1686err:
1687 xfrm_audit_state_replay(x, skb, net_seq);
1688 return -EINVAL;
1da177e4 1689}
1da177e4 1690
61f4627b 1691void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1da177e4
LT		 1692{
1693 u32 diff;
61f4627b 1694 u32 seq = ntohl(net_seq);
1da177e4
LT		 1695
1696 if (seq > x->replay.seq) {
1697 diff = seq - x->replay.seq;
1698 if (diff < x->props.replay_window)
1699 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1700 else
1701 x->replay.bitmap = 1;
1702 x->replay.seq = seq;
1703 } else {
1704 diff = x->replay.seq - seq;
1705 x->replay.bitmap |= (1U << diff);
1706 }
f8cd5488
JHS		 1707
1708 if (xfrm_aevent_is_on())
1709 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1da177e4 1710}
1da177e4 1711
df01812e 1712static LIST_HEAD(xfrm_km_list);
1da177e4
LT		 1713static DEFINE_RWLOCK(xfrm_km_lock);
1714
26b15dad 1715void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1da177e4
LT		 1716{
1717 struct xfrm_mgr *km;
1718
26b15dad
JHS		 1719 read_lock(&xfrm_km_lock);
1720 list_for_each_entry(km, &xfrm_km_list, list)
1721 if (km->notify_policy)
1722 km->notify_policy(xp, dir, c);
1723 read_unlock(&xfrm_km_lock);
1724}
1da177e4 1725
26b15dad
JHS		 1726void km_state_notify(struct xfrm_state *x, struct km_event *c)
1727{
1728 struct xfrm_mgr *km;
1da177e4
LT		 1729 read_lock(&xfrm_km_lock);
1730 list_for_each_entry(km, &xfrm_km_list, list)
26b15dad
JHS		 1731 if (km->notify)
1732 km->notify(x, c);
1da177e4 1733 read_unlock(&xfrm_km_lock);
26b15dad
JHS		 1734}
1735
1736EXPORT_SYMBOL(km_policy_notify);
1737EXPORT_SYMBOL(km_state_notify);
1738
53bc6b4d 1739void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
26b15dad
JHS		 1740{
1741 struct km_event c;
1742
bf08867f 1743 c.data.hard = hard;
53bc6b4d 1744 c.pid = pid;
f60f6b8f 1745 c.event = XFRM_MSG_EXPIRE;
26b15dad 1746 km_state_notify(x, &c);
1da177e4
LT		 1747
1748 if (hard)
1749 wake_up(&km_waitq);
1750}
1751
53bc6b4d 1752EXPORT_SYMBOL(km_state_expired);
26b15dad
JHS		 1753/*
1754 * We send to all registered managers regardless of failure
1755 * We are happy with one success
1756*/
980ebd25 1757int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1da177e4 1758{
26b15dad 1759 int err = -EINVAL, acqret;
1da177e4
LT		 1760 struct xfrm_mgr *km;
1761
1762 read_lock(&xfrm_km_lock);
1763 list_for_each_entry(km, &xfrm_km_list, list) {
26b15dad
JHS		 1764 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1765 if (!acqret)
1766 err = acqret;
1da177e4
LT		 1767 }
1768 read_unlock(&xfrm_km_lock);
1769 return err;
1770}
980ebd25 1771EXPORT_SYMBOL(km_query);
1da177e4 1772
5d36b180 1773int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1da177e4
LT		 1774{
1775 int err = -EINVAL;
1776 struct xfrm_mgr *km;
1777
1778 read_lock(&xfrm_km_lock);
1779 list_for_each_entry(km, &xfrm_km_list, list) {
1780 if (km->new_mapping)
1781 err = km->new_mapping(x, ipaddr, sport);
1782 if (!err)
1783 break;
1784 }
1785 read_unlock(&xfrm_km_lock);
1786 return err;
1787}
1788EXPORT_SYMBOL(km_new_mapping);
1789
6c5c8ca7 1790void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1da177e4 1791{
26b15dad 1792 struct km_event c;
1da177e4 1793
bf08867f 1794 c.data.hard = hard;
6c5c8ca7 1795 c.pid = pid;
f60f6b8f 1796 c.event = XFRM_MSG_POLEXPIRE;
26b15dad 1797 km_policy_notify(pol, dir, &c);
1da177e4
LT		 1798
1799 if (hard)
1800 wake_up(&km_waitq);
1801}
a70fcb0b 1802EXPORT_SYMBOL(km_policy_expired);
1da177e4 1803
2d60abc2 1804#ifdef CONFIG_XFRM_MIGRATE
80c9abaa 1805int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
13c1d189
AE		 1806 struct xfrm_migrate *m, int num_migrate,
1807 struct xfrm_kmaddress *k)
80c9abaa
SS		 1808{
1809 int err = -EINVAL;
1810 int ret;
1811 struct xfrm_mgr *km;
1812
1813 read_lock(&xfrm_km_lock);
1814 list_for_each_entry(km, &xfrm_km_list, list) {
1815 if (km->migrate) {
13c1d189 1816 ret = km->migrate(sel, dir, type, m, num_migrate, k);
80c9abaa
SS		 1817 if (!ret)
1818 err = ret;
1819 }
1820 }
1821 read_unlock(&xfrm_km_lock);
1822 return err;
1823}
1824EXPORT_SYMBOL(km_migrate);
2d60abc2 1825#endif
80c9abaa 1826
97a64b45
MN		 1827int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1828{
1829 int err = -EINVAL;
1830 int ret;
1831 struct xfrm_mgr *km;
1832
1833 read_lock(&xfrm_km_lock);
1834 list_for_each_entry(km, &xfrm_km_list, list) {
1835 if (km->report) {
1836 ret = km->report(proto, sel, addr);
1837 if (!ret)
1838 err = ret;
1839 }
1840 }
1841 read_unlock(&xfrm_km_lock);
1842 return err;
1843}
1844EXPORT_SYMBOL(km_report);
1845
1da177e4
LT		 1846int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1847{
1848 int err;
1849 u8 *data;
1850 struct xfrm_mgr *km;
1851 struct xfrm_policy *pol = NULL;
1852
1853 if (optlen <= 0 || optlen > PAGE_SIZE)
1854 return -EMSGSIZE;
1855
1856 data = kmalloc(optlen, GFP_KERNEL);
1857 if (!data)
1858 return -ENOMEM;
1859
1860 err = -EFAULT;
1861 if (copy_from_user(data, optval, optlen))
1862 goto out;
1863
1864 err = -EINVAL;
1865 read_lock(&xfrm_km_lock);
1866 list_for_each_entry(km, &xfrm_km_list, list) {
cb969f07 1867 pol = km->compile_policy(sk, optname, data,
1da177e4
LT		 1868 optlen, &err);
1869 if (err >= 0)
1870 break;
1871 }
1872 read_unlock(&xfrm_km_lock);
1873
1874 if (err >= 0) {
1875 xfrm_sk_policy_insert(sk, err, pol);
1876 xfrm_pol_put(pol);
1877 err = 0;
1878 }
1879
1880out:
1881 kfree(data);
1882 return err;
1883}
1884EXPORT_SYMBOL(xfrm_user_policy);
1885
1886int xfrm_register_km(struct xfrm_mgr *km)
1887{
1888 write_lock_bh(&xfrm_km_lock);
1889 list_add_tail(&km->list, &xfrm_km_list);
1890 write_unlock_bh(&xfrm_km_lock);
1891 return 0;
1892}
1893EXPORT_SYMBOL(xfrm_register_km);
1894
1895int xfrm_unregister_km(struct xfrm_mgr *km)
1896{
1897 write_lock_bh(&xfrm_km_lock);
1898 list_del(&km->list);
1899 write_unlock_bh(&xfrm_km_lock);
1900 return 0;
1901}
1902EXPORT_SYMBOL(xfrm_unregister_km);
1903
1904int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1905{
1906 int err = 0;
1907 if (unlikely(afinfo == NULL))
1908 return -EINVAL;
1909 if (unlikely(afinfo->family >= NPROTO))
1910 return -EAFNOSUPPORT;
f3111502 1911 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1912 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1913 err = -ENOBUFS;
edcd5821 1914 else
1da177e4 1915 xfrm_state_afinfo[afinfo->family] = afinfo;
f3111502 1916 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1917 return err;
1918}
1919EXPORT_SYMBOL(xfrm_state_register_afinfo);
1920
1921int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1922{
1923 int err = 0;
1924 if (unlikely(afinfo == NULL))
1925 return -EINVAL;
1926 if (unlikely(afinfo->family >= NPROTO))
1927 return -EAFNOSUPPORT;
f3111502 1928 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1929 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1930 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1931 err = -EINVAL;
edcd5821 1932 else
1da177e4 1933 xfrm_state_afinfo[afinfo->family] = NULL;
1da177e4 1934 }
f3111502 1935 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1936 return err;
1937}
1938EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1939
17c2a42a 1940static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1da177e4
LT		 1941{
1942 struct xfrm_state_afinfo *afinfo;
1943 if (unlikely(family >= NPROTO))
1944 return NULL;
1945 read_lock(&xfrm_state_afinfo_lock);
1946 afinfo = xfrm_state_afinfo[family];
546be240
HX		 1947 if (unlikely(!afinfo))
1948 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1949 return afinfo;
1950}
1951
17c2a42a 1952static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 1953 __releases(xfrm_state_afinfo_lock)
1da177e4 1954{
546be240 1955 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1956}
1957
1958/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1959void xfrm_state_delete_tunnel(struct xfrm_state *x)
1960{
1961 if (x->tunnel) {
1962 struct xfrm_state *t = x->tunnel;
1963
1964 if (atomic_read(&t->tunnel_users) == 2)
1965 xfrm_state_delete(t);
1966 atomic_dec(&t->tunnel_users);
1967 xfrm_state_put(t);
1968 x->tunnel = NULL;
1969 }
1970}
1971EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1972
1973int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1974{
c5c25238 1975 int res;
1da177e4 1976
c5c25238
PM		 1977 spin_lock_bh(&x->lock);
1978 if (x->km.state == XFRM_STATE_VALID &&
1979 x->type && x->type->get_mtu)
1980 res = x->type->get_mtu(x, mtu);
1981 else
28121617 1982 res = mtu - x->props.header_len;
c5c25238 1983 spin_unlock_bh(&x->lock);
1da177e4
LT		 1984 return res;
1985}
1986
72cb6962
HX		 1987int xfrm_init_state(struct xfrm_state *x)
1988{
d094cd83 1989 struct xfrm_state_afinfo *afinfo;
df9dcb45 1990 struct xfrm_mode *inner_mode;
d094cd83 1991 int family = x->props.family;
72cb6962
HX		 1992 int err;
1993
d094cd83
HX		 1994 err = -EAFNOSUPPORT;
1995 afinfo = xfrm_state_get_afinfo(family);
1996 if (!afinfo)
1997 goto error;
1998
1999 err = 0;
2000 if (afinfo->init_flags)
2001 err = afinfo->init_flags(x);
2002
2003 xfrm_state_put_afinfo(afinfo);
2004
2005 if (err)
2006 goto error;
2007
2008 err = -EPROTONOSUPPORT;
13996378 2009
df9dcb45
KM		 2010 if (x->sel.family != AF_UNSPEC) {
2011 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2012 if (inner_mode == NULL)
2013 goto error;
2014
2015 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2016 family != x->sel.family) {
2017 xfrm_put_mode(inner_mode);
2018 goto error;
2019 }
2020
2021 x->inner_mode = inner_mode;
2022 } else {
2023 struct xfrm_mode *inner_mode_iaf;
2024
2025 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2026 if (inner_mode == NULL)
2027 goto error;
2028
2029 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2030 xfrm_put_mode(inner_mode);
2031 goto error;
2032 }
2033
2034 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2035 if (inner_mode_iaf == NULL)
2036 goto error;
2037
2038 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2039 xfrm_put_mode(inner_mode_iaf);
2040 goto error;
2041 }
2042
2043 if (x->props.family == AF_INET) {
2044 x->inner_mode = inner_mode;
2045 x->inner_mode_iaf = inner_mode_iaf;
2046 } else {
2047 x->inner_mode = inner_mode_iaf;
2048 x->inner_mode_iaf = inner_mode;
2049 }
2050 }
13996378 2051
d094cd83 2052 x->type = xfrm_get_type(x->id.proto, family);
72cb6962
HX		 2053 if (x->type == NULL)
2054 goto error;
2055
2056 err = x->type->init_state(x);
2057 if (err)
2058 goto error;
2059
13996378
HX		 2060 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2061 if (x->outer_mode == NULL)
b59f45d0
HX		 2062 goto error;
2063
72cb6962
HX		 2064 x->km.state = XFRM_STATE_VALID;
2065
2066error:
2067 return err;
2068}
2069
2070EXPORT_SYMBOL(xfrm_init_state);
a716c119 2071
d62ddc21 2072int __net_init xfrm_state_init(struct net *net)
1da177e4 2073{
f034b5d4
DM		 2074 unsigned int sz;
2075
9d4139c7
AD		 2076 INIT_LIST_HEAD(&net->xfrm.state_all);
2077
f034b5d4
DM		 2078 sz = sizeof(struct hlist_head) * 8;
2079
73d189dc
AD		 2080 net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2081 if (!net->xfrm.state_bydst)
2082 goto out_bydst;
d320bbb3
AD		 2083 net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2084 if (!net->xfrm.state_bysrc)
2085 goto out_bysrc;
b754a4fd
AD		 2086 net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2087 if (!net->xfrm.state_byspi)
2088 goto out_byspi;
529983ec 2089 net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1da177e4 2090
0bf7c5b0 2091 net->xfrm.state_num = 0;
c4028958 2092 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
d62ddc21 2093 return 0;
73d189dc 2094
b754a4fd
AD		 2095out_byspi:
2096 xfrm_hash_free(net->xfrm.state_bysrc, sz);
d320bbb3
AD		 2097out_bysrc:
2098 xfrm_hash_free(net->xfrm.state_bydst, sz);
73d189dc
AD		 2099out_bydst:
2100 return -ENOMEM;
d62ddc21
AD		 2101}
2102
2103void xfrm_state_fini(struct net *net)
2104{
73d189dc
AD		 2105 unsigned int sz;
2106
9d4139c7 2107 WARN_ON(!list_empty(&net->xfrm.state_all));
73d189dc 2108
529983ec 2109 sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
b754a4fd
AD		 2110 WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2111 xfrm_hash_free(net->xfrm.state_byspi, sz);
d320bbb3
AD		 2112 WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2113 xfrm_hash_free(net->xfrm.state_bysrc, sz);
73d189dc
AD		 2114 WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2115 xfrm_hash_free(net->xfrm.state_bydst, sz);
1da177e4
LT		 2116}
2117
ab5f5e8b 2118#ifdef CONFIG_AUDITSYSCALL
cf35f43e
IJ		 2119static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2120 struct audit_buffer *audit_buf)
ab5f5e8b 2121{
68277acc
PM		 2122 struct xfrm_sec_ctx *ctx = x->security;
2123 u32 spi = ntohl(x->id.spi);
2124
2125 if (ctx)
ab5f5e8b 2126 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
68277acc 2127 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
ab5f5e8b
JL		 2128
2129 switch(x->props.family) {
2130 case AF_INET:
21454aaa
HH		 2131 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2132 &x->props.saddr.a4, &x->id.daddr.a4);
ab5f5e8b
JL		 2133 break;
2134 case AF_INET6:
5b095d98 2135 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
fdb46ee7 2136 x->props.saddr.a6, x->id.daddr.a6);
ab5f5e8b
JL		 2137 break;
2138 }
68277acc
PM		 2139
2140 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
ab5f5e8b
JL		 2141}
2142
cf35f43e
IJ		 2143static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2144 struct audit_buffer *audit_buf)
afeb14b4
PM		 2145{
2146 struct iphdr *iph4;
2147 struct ipv6hdr *iph6;
2148
2149 switch (family) {
2150 case AF_INET:
2151 iph4 = ip_hdr(skb);
21454aaa
HH		 2152 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2153 &iph4->saddr, &iph4->daddr);
afeb14b4
PM		 2154 break;
2155 case AF_INET6:
2156 iph6 = ipv6_hdr(skb);
2157 audit_log_format(audit_buf,
5b095d98 2158 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
fdb46ee7 2159 &iph6->saddr,&iph6->daddr,
afeb14b4
PM		 2160 iph6->flow_lbl[0] & 0x0f,
2161 iph6->flow_lbl[1],
2162 iph6->flow_lbl[2]);
2163 break;
2164 }
2165}
2166
68277acc 2167void xfrm_audit_state_add(struct xfrm_state *x, int result,
2532386f 2168 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2169{
2170 struct audit_buffer *audit_buf;
ab5f5e8b 2171
afeb14b4 2172 audit_buf = xfrm_audit_start("SAD-add");
ab5f5e8b
JL		 2173 if (audit_buf == NULL)
2174 return;
2532386f 2175 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2176 xfrm_audit_helper_sainfo(x, audit_buf);
2177 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2178 audit_log_end(audit_buf);
2179}
2180EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2181
68277acc 2182void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2532386f 2183 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2184{
2185 struct audit_buffer *audit_buf;
ab5f5e8b 2186
afeb14b4 2187 audit_buf = xfrm_audit_start("SAD-delete");
ab5f5e8b
JL		 2188 if (audit_buf == NULL)
2189 return;
2532386f 2190 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2191 xfrm_audit_helper_sainfo(x, audit_buf);
2192 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2193 audit_log_end(audit_buf);
2194}
2195EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
afeb14b4
PM		 2196
2197void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2198 struct sk_buff *skb)
2199{
2200 struct audit_buffer *audit_buf;
2201 u32 spi;
2202
2203 audit_buf = xfrm_audit_start("SA-replay-overflow");
2204 if (audit_buf == NULL)
2205 return;
2206 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2207 /* don't record the sequence number because it's inherent in this kind
2208 * of audit message */
2209 spi = ntohl(x->id.spi);
2210 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2211 audit_log_end(audit_buf);
2212}
2213EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2214
2215static void xfrm_audit_state_replay(struct xfrm_state *x,
2216 struct sk_buff *skb, __be32 net_seq)
2217{
2218 struct audit_buffer *audit_buf;
2219 u32 spi;
2220
2221 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2222 if (audit_buf == NULL)
2223 return;
2224 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2225 spi = ntohl(x->id.spi);
2226 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2227 spi, spi, ntohl(net_seq));
2228 audit_log_end(audit_buf);
2229}
2230
2231void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2232{
2233 struct audit_buffer *audit_buf;
2234
2235 audit_buf = xfrm_audit_start("SA-notfound");
2236 if (audit_buf == NULL)
2237 return;
2238 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2239 audit_log_end(audit_buf);
2240}
2241EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2242
2243void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2244 __be32 net_spi, __be32 net_seq)
2245{
2246 struct audit_buffer *audit_buf;
2247 u32 spi;
2248
2249 audit_buf = xfrm_audit_start("SA-notfound");
2250 if (audit_buf == NULL)
2251 return;
2252 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2253 spi = ntohl(net_spi);
2254 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2255 spi, spi, ntohl(net_seq));
2256 audit_log_end(audit_buf);
2257}
2258EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2259
2260void xfrm_audit_state_icvfail(struct xfrm_state *x,
2261 struct sk_buff *skb, u8 proto)
2262{
2263 struct audit_buffer *audit_buf;
2264 __be32 net_spi;
2265 __be32 net_seq;
2266
2267 audit_buf = xfrm_audit_start("SA-icv-failure");
2268 if (audit_buf == NULL)
2269 return;
2270 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2271 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2272 u32 spi = ntohl(net_spi);
2273 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2274 spi, spi, ntohl(net_seq));
2275 }
2276 audit_log_end(audit_buf);
2277}
2278EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
ab5f5e8b 2279#endif /* CONFIG_AUDITSYSCALL */
Ubuntu Eoan Linux kernel mirror