]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/xfrm/xfrm_state.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[IPSEC]: Add missing BEET checks
[mirror_ubuntu-artful-kernel.git] / net / xfrm / xfrm_state.c
CommitLineData
1da177e4
LT		 1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
df71837d 13 *
1da177e4
LT		 14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
f034b5d4 21#include <linux/cache.h>
b5890d8b 22#include <asm/uaccess.h>
1da177e4 23
44e36b42
DM		 24#include "xfrm_hash.h"
25
ee857a7d
DM		 26struct sock *xfrm_nl;
27EXPORT_SYMBOL(xfrm_nl);
28
01e67d08 29u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
a70fcb0b
DM		 30EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
31
01e67d08 32u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
a70fcb0b
DM		 33EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
34
01e67d08
DM		 35u32 sysctl_xfrm_acq_expires __read_mostly = 30;
36
1da177e4
LT		 37/* Each xfrm_state may be linked to two tables:
38
39 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
a624c108 40 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
1da177e4
LT		 41 destination/tunnel endpoint. (output)
42 */
43
44static DEFINE_SPINLOCK(xfrm_state_lock);
45
46/* Hash table to find appropriate SA towards given target (endpoint
47 * of tunnel or destination of transport mode) allowed by selector.
48 *
49 * Main use is finding SA after policy selected tunnel or transport mode.
50 * Also, it can be used by ah/esp icmp error handler to find offending SA.
51 */
f034b5d4
DM		 52static struct hlist_head *xfrm_state_bydst __read_mostly;
53static struct hlist_head *xfrm_state_bysrc __read_mostly;
54static struct hlist_head *xfrm_state_byspi __read_mostly;
55static unsigned int xfrm_state_hmask __read_mostly;
56static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
57static unsigned int xfrm_state_num;
9d4a706d 58static unsigned int xfrm_state_genid;
f034b5d4 59
c1969f29
DM		 60static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
61 xfrm_address_t *saddr,
62 u32 reqid,
a624c108 63 unsigned short family)
f034b5d4 64{
c1969f29 65 return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
f034b5d4
DM		 66}
67
667bbcb6
MN		 68static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
69 xfrm_address_t *saddr,
44e36b42 70 unsigned short family)
f034b5d4 71{
667bbcb6 72 return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
f034b5d4
DM		 73}
74
f034b5d4 75static inline unsigned int
8122adf0 76xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
f034b5d4 77{
c1969f29 78 return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
f034b5d4
DM		 79}
80
f034b5d4
DM		 81static void xfrm_hash_transfer(struct hlist_head *list,
82 struct hlist_head *ndsttable,
83 struct hlist_head *nsrctable,
84 struct hlist_head *nspitable,
85 unsigned int nhashmask)
86{
87 struct hlist_node *entry, *tmp;
88 struct xfrm_state *x;
89
90 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
91 unsigned int h;
92
c1969f29
DM		 93 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
94 x->props.reqid, x->props.family,
95 nhashmask);
f034b5d4
DM		 96 hlist_add_head(&x->bydst, ndsttable+h);
97
667bbcb6
MN		 98 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
99 x->props.family,
f034b5d4
DM		 100 nhashmask);
101 hlist_add_head(&x->bysrc, nsrctable+h);
102
7b4dc360
MN		 103 if (x->id.spi) {
104 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
105 x->id.proto, x->props.family,
106 nhashmask);
107 hlist_add_head(&x->byspi, nspitable+h);
108 }
f034b5d4
DM		 109 }
110}
111
112static unsigned long xfrm_hash_new_size(void)
113{
114 return ((xfrm_state_hmask + 1) << 1) *
115 sizeof(struct hlist_head);
116}
117
118static DEFINE_MUTEX(hash_resize_mutex);
119
c4028958 120static void xfrm_hash_resize(struct work_struct *__unused)
f034b5d4
DM		 121{
122 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
123 unsigned long nsize, osize;
124 unsigned int nhashmask, ohashmask;
125 int i;
126
127 mutex_lock(&hash_resize_mutex);
128
129 nsize = xfrm_hash_new_size();
44e36b42 130 ndst = xfrm_hash_alloc(nsize);
f034b5d4
DM		 131 if (!ndst)
132 goto out_unlock;
44e36b42 133 nsrc = xfrm_hash_alloc(nsize);
f034b5d4 134 if (!nsrc) {
44e36b42 135 xfrm_hash_free(ndst, nsize);
f034b5d4
DM		 136 goto out_unlock;
137 }
44e36b42 138 nspi = xfrm_hash_alloc(nsize);
f034b5d4 139 if (!nspi) {
44e36b42
DM		 140 xfrm_hash_free(ndst, nsize);
141 xfrm_hash_free(nsrc, nsize);
f034b5d4
DM		 142 goto out_unlock;
143 }
144
145 spin_lock_bh(&xfrm_state_lock);
146
147 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
148 for (i = xfrm_state_hmask; i >= 0; i--)
149 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
150 nhashmask);
151
152 odst = xfrm_state_bydst;
153 osrc = xfrm_state_bysrc;
154 ospi = xfrm_state_byspi;
155 ohashmask = xfrm_state_hmask;
156
157 xfrm_state_bydst = ndst;
158 xfrm_state_bysrc = nsrc;
159 xfrm_state_byspi = nspi;
160 xfrm_state_hmask = nhashmask;
161
162 spin_unlock_bh(&xfrm_state_lock);
163
164 osize = (ohashmask + 1) * sizeof(struct hlist_head);
44e36b42
DM		 165 xfrm_hash_free(odst, osize);
166 xfrm_hash_free(osrc, osize);
167 xfrm_hash_free(ospi, osize);
f034b5d4
DM		 168
169out_unlock:
170 mutex_unlock(&hash_resize_mutex);
171}
172
c4028958 173static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
f034b5d4 174
1da177e4
LT		 175DECLARE_WAIT_QUEUE_HEAD(km_waitq);
176EXPORT_SYMBOL(km_waitq);
177
178static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
179static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
180
181static struct work_struct xfrm_state_gc_work;
8f126e37 182static HLIST_HEAD(xfrm_state_gc_list);
1da177e4
LT		 183static DEFINE_SPINLOCK(xfrm_state_gc_lock);
184
53bc6b4d 185int __xfrm_state_delete(struct xfrm_state *x);
1da177e4 186
980ebd25 187int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
53bc6b4d 188void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
1da177e4 189
aa5d62cc
HX		 190static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
191{
192 struct xfrm_state_afinfo *afinfo;
193 if (unlikely(family >= NPROTO))
194 return NULL;
195 write_lock_bh(&xfrm_state_afinfo_lock);
196 afinfo = xfrm_state_afinfo[family];
197 if (unlikely(!afinfo))
198 write_unlock_bh(&xfrm_state_afinfo_lock);
199 return afinfo;
200}
201
202static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
203{
204 write_unlock_bh(&xfrm_state_afinfo_lock);
205}
206
207int xfrm_register_type(struct xfrm_type *type, unsigned short family)
208{
209 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
210 struct xfrm_type **typemap;
211 int err = 0;
212
213 if (unlikely(afinfo == NULL))
214 return -EAFNOSUPPORT;
215 typemap = afinfo->type_map;
216
217 if (likely(typemap[type->proto] == NULL))
218 typemap[type->proto] = type;
219 else
220 err = -EEXIST;
221 xfrm_state_unlock_afinfo(afinfo);
222 return err;
223}
224EXPORT_SYMBOL(xfrm_register_type);
225
226int xfrm_unregister_type(struct xfrm_type *type, unsigned short family)
227{
228 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
229 struct xfrm_type **typemap;
230 int err = 0;
231
232 if (unlikely(afinfo == NULL))
233 return -EAFNOSUPPORT;
234 typemap = afinfo->type_map;
235
236 if (unlikely(typemap[type->proto] != type))
237 err = -ENOENT;
238 else
239 typemap[type->proto] = NULL;
240 xfrm_state_unlock_afinfo(afinfo);
241 return err;
242}
243EXPORT_SYMBOL(xfrm_unregister_type);
244
245static struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
246{
247 struct xfrm_state_afinfo *afinfo;
248 struct xfrm_type **typemap;
249 struct xfrm_type *type;
250 int modload_attempted = 0;
251
252retry:
253 afinfo = xfrm_state_get_afinfo(family);
254 if (unlikely(afinfo == NULL))
255 return NULL;
256 typemap = afinfo->type_map;
257
258 type = typemap[proto];
259 if (unlikely(type && !try_module_get(type->owner)))
260 type = NULL;
261 if (!type && !modload_attempted) {
262 xfrm_state_put_afinfo(afinfo);
263 request_module("xfrm-type-%d-%d", family, proto);
264 modload_attempted = 1;
265 goto retry;
266 }
267
268 xfrm_state_put_afinfo(afinfo);
269 return type;
270}
271
272static void xfrm_put_type(struct xfrm_type *type)
273{
274 module_put(type->owner);
275}
276
277int xfrm_register_mode(struct xfrm_mode *mode, int family)
278{
279 struct xfrm_state_afinfo *afinfo;
280 struct xfrm_mode **modemap;
281 int err;
282
283 if (unlikely(mode->encap >= XFRM_MODE_MAX))
284 return -EINVAL;
285
286 afinfo = xfrm_state_lock_afinfo(family);
287 if (unlikely(afinfo == NULL))
288 return -EAFNOSUPPORT;
289
290 err = -EEXIST;
291 modemap = afinfo->mode_map;
292 if (likely(modemap[mode->encap] == NULL)) {
293 modemap[mode->encap] = mode;
294 err = 0;
295 }
296
297 xfrm_state_unlock_afinfo(afinfo);
298 return err;
299}
300EXPORT_SYMBOL(xfrm_register_mode);
301
302int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
303{
304 struct xfrm_state_afinfo *afinfo;
305 struct xfrm_mode **modemap;
306 int err;
307
308 if (unlikely(mode->encap >= XFRM_MODE_MAX))
309 return -EINVAL;
310
311 afinfo = xfrm_state_lock_afinfo(family);
312 if (unlikely(afinfo == NULL))
313 return -EAFNOSUPPORT;
314
315 err = -ENOENT;
316 modemap = afinfo->mode_map;
317 if (likely(modemap[mode->encap] == mode)) {
318 modemap[mode->encap] = NULL;
319 err = 0;
320 }
321
322 xfrm_state_unlock_afinfo(afinfo);
323 return err;
324}
325EXPORT_SYMBOL(xfrm_unregister_mode);
326
327static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
328{
329 struct xfrm_state_afinfo *afinfo;
330 struct xfrm_mode *mode;
331 int modload_attempted = 0;
332
333 if (unlikely(encap >= XFRM_MODE_MAX))
334 return NULL;
335
336retry:
337 afinfo = xfrm_state_get_afinfo(family);
338 if (unlikely(afinfo == NULL))
339 return NULL;
340
341 mode = afinfo->mode_map[encap];
342 if (unlikely(mode && !try_module_get(mode->owner)))
343 mode = NULL;
344 if (!mode && !modload_attempted) {
345 xfrm_state_put_afinfo(afinfo);
346 request_module("xfrm-mode-%d-%d", family, encap);
347 modload_attempted = 1;
348 goto retry;
349 }
350
351 xfrm_state_put_afinfo(afinfo);
352 return mode;
353}
354
355static void xfrm_put_mode(struct xfrm_mode *mode)
356{
357 module_put(mode->owner);
358}
359
1da177e4
LT		 360static void xfrm_state_gc_destroy(struct xfrm_state *x)
361{
a47f0ce0
DM		 362 del_timer_sync(&x->timer);
363 del_timer_sync(&x->rtimer);
a51482bd
JJ		 364 kfree(x->aalg);
365 kfree(x->ealg);
366 kfree(x->calg);
367 kfree(x->encap);
060f02a3 368 kfree(x->coaddr);
b59f45d0
HX		 369 if (x->mode)
370 xfrm_put_mode(x->mode);
1da177e4
LT		 371 if (x->type) {
372 x->type->destructor(x);
373 xfrm_put_type(x->type);
374 }
df71837d 375 security_xfrm_state_free(x);
1da177e4
LT		 376 kfree(x);
377}
378
c4028958 379static void xfrm_state_gc_task(struct work_struct *data)
1da177e4
LT		 380{
381 struct xfrm_state *x;
8f126e37
DM		 382 struct hlist_node *entry, *tmp;
383 struct hlist_head gc_list;
1da177e4 384
1da177e4 385 spin_lock_bh(&xfrm_state_gc_lock);
8f126e37
DM		 386 gc_list.first = xfrm_state_gc_list.first;
387 INIT_HLIST_HEAD(&xfrm_state_gc_list);
1da177e4
LT		 388 spin_unlock_bh(&xfrm_state_gc_lock);
389
8f126e37 390 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, bydst)
1da177e4 391 xfrm_state_gc_destroy(x);
8f126e37 392
1da177e4
LT		 393 wake_up(&km_waitq);
394}
395
396static inline unsigned long make_jiffies(long secs)
397{
398 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
399 return MAX_SCHEDULE_TIMEOUT-1;
400 else
a716c119 401 return secs*HZ;
1da177e4
LT		 402}
403
404static void xfrm_timer_handler(unsigned long data)
405{
406 struct xfrm_state *x = (struct xfrm_state*)data;
9d729f72 407 unsigned long now = get_seconds();
1da177e4
LT		 408 long next = LONG_MAX;
409 int warn = 0;
161a09e7 410 int err = 0;
1da177e4
LT		 411
412 spin_lock(&x->lock);
413 if (x->km.state == XFRM_STATE_DEAD)
414 goto out;
415 if (x->km.state == XFRM_STATE_EXPIRED)
416 goto expired;
417 if (x->lft.hard_add_expires_seconds) {
418 long tmo = x->lft.hard_add_expires_seconds +
419 x->curlft.add_time - now;
420 if (tmo <= 0)
421 goto expired;
422 if (tmo < next)
423 next = tmo;
424 }
425 if (x->lft.hard_use_expires_seconds) {
426 long tmo = x->lft.hard_use_expires_seconds +
427 (x->curlft.use_time ? : now) - now;
428 if (tmo <= 0)
429 goto expired;
430 if (tmo < next)
431 next = tmo;
432 }
433 if (x->km.dying)
434 goto resched;
435 if (x->lft.soft_add_expires_seconds) {
436 long tmo = x->lft.soft_add_expires_seconds +
437 x->curlft.add_time - now;
438 if (tmo <= 0)
439 warn = 1;
440 else if (tmo < next)
441 next = tmo;
442 }
443 if (x->lft.soft_use_expires_seconds) {
444 long tmo = x->lft.soft_use_expires_seconds +
445 (x->curlft.use_time ? : now) - now;
446 if (tmo <= 0)
447 warn = 1;
448 else if (tmo < next)
449 next = tmo;
450 }
451
4666faab 452 x->km.dying = warn;
1da177e4 453 if (warn)
53bc6b4d 454 km_state_expired(x, 0, 0);
1da177e4 455resched:
a47f0ce0
DM		 456 if (next != LONG_MAX)
457 mod_timer(&x->timer, jiffies + make_jiffies(next));
458
1da177e4
LT		 459 goto out;
460
461expired:
462 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
463 x->km.state = XFRM_STATE_EXPIRED;
464 wake_up(&km_waitq);
465 next = 2;
466 goto resched;
467 }
161a09e7
JL		 468
469 err = __xfrm_state_delete(x);
470 if (!err && x->id.spi)
53bc6b4d 471 km_state_expired(x, 1, 0);
1da177e4 472
ab5f5e8b
JL		 473 xfrm_audit_state_delete(x, err ? 0 : 1,
474 audit_get_loginuid(current->audit_context), 0);
161a09e7 475
1da177e4
LT		 476out:
477 spin_unlock(&x->lock);
1da177e4
LT		 478}
479
0ac84752
DM		 480static void xfrm_replay_timer_handler(unsigned long data);
481
1da177e4
LT		 482struct xfrm_state *xfrm_state_alloc(void)
483{
484 struct xfrm_state *x;
485
0da974f4 486 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
1da177e4
LT		 487
488 if (x) {
1da177e4
LT		 489 atomic_set(&x->refcnt, 1);
490 atomic_set(&x->tunnel_users, 0);
8f126e37
DM		 491 INIT_HLIST_NODE(&x->bydst);
492 INIT_HLIST_NODE(&x->bysrc);
493 INIT_HLIST_NODE(&x->byspi);
1da177e4
LT		 494 init_timer(&x->timer);
495 x->timer.function = xfrm_timer_handler;
496 x->timer.data = (unsigned long)x;
f8cd5488
JHS		 497 init_timer(&x->rtimer);
498 x->rtimer.function = xfrm_replay_timer_handler;
499 x->rtimer.data = (unsigned long)x;
9d729f72 500 x->curlft.add_time = get_seconds();
1da177e4
LT		 501 x->lft.soft_byte_limit = XFRM_INF;
502 x->lft.soft_packet_limit = XFRM_INF;
503 x->lft.hard_byte_limit = XFRM_INF;
504 x->lft.hard_packet_limit = XFRM_INF;
f8cd5488
JHS		 505 x->replay_maxage = 0;
506 x->replay_maxdiff = 0;
1da177e4
LT		 507 spin_lock_init(&x->lock);
508 }
509 return x;
510}
511EXPORT_SYMBOL(xfrm_state_alloc);
512
513void __xfrm_state_destroy(struct xfrm_state *x)
514{
515 BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
516
517 spin_lock_bh(&xfrm_state_gc_lock);
8f126e37 518 hlist_add_head(&x->bydst, &xfrm_state_gc_list);
1da177e4
LT		 519 spin_unlock_bh(&xfrm_state_gc_lock);
520 schedule_work(&xfrm_state_gc_work);
521}
522EXPORT_SYMBOL(__xfrm_state_destroy);
523
53bc6b4d 524int __xfrm_state_delete(struct xfrm_state *x)
1da177e4 525{
26b15dad
JHS		 526 int err = -ESRCH;
527
1da177e4
LT		 528 if (x->km.state != XFRM_STATE_DEAD) {
529 x->km.state = XFRM_STATE_DEAD;
530 spin_lock(&xfrm_state_lock);
8f126e37 531 hlist_del(&x->bydst);
8f126e37 532 hlist_del(&x->bysrc);
a47f0ce0 533 if (x->id.spi)
8f126e37 534 hlist_del(&x->byspi);
f034b5d4 535 xfrm_state_num--;
1da177e4 536 spin_unlock(&xfrm_state_lock);
1da177e4 537
1da177e4
LT		 538 /* All xfrm_state objects are created by xfrm_state_alloc.
539 * The xfrm_state_alloc call gives a reference, and that
540 * is what we are dropping here.
541 */
21380b81 542 __xfrm_state_put(x);
26b15dad 543 err = 0;
1da177e4 544 }
26b15dad
JHS		 545
546 return err;
1da177e4 547}
53bc6b4d 548EXPORT_SYMBOL(__xfrm_state_delete);
1da177e4 549
26b15dad 550int xfrm_state_delete(struct xfrm_state *x)
1da177e4 551{
26b15dad
JHS		 552 int err;
553
1da177e4 554 spin_lock_bh(&x->lock);
26b15dad 555 err = __xfrm_state_delete(x);
1da177e4 556 spin_unlock_bh(&x->lock);
26b15dad
JHS		 557
558 return err;
1da177e4
LT		 559}
560EXPORT_SYMBOL(xfrm_state_delete);
561
4aa2e62c
JL		 562#ifdef CONFIG_SECURITY_NETWORK_XFRM
563static inline int
564xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
1da177e4 565{
4aa2e62c
JL		 566 int i, err = 0;
567
568 for (i = 0; i <= xfrm_state_hmask; i++) {
569 struct hlist_node *entry;
570 struct xfrm_state *x;
571
572 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
573 if (xfrm_id_proto_match(x->id.proto, proto) &&
574 (err = security_xfrm_state_delete(x)) != 0) {
ab5f5e8b
JL		 575 xfrm_audit_state_delete(x, 0,
576 audit_info->loginuid,
577 audit_info->secid);
4aa2e62c
JL		 578 return err;
579 }
580 }
581 }
582
583 return err;
584}
585#else
586static inline int
587xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
588{
589 return 0;
590}
591#endif
592
593int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
594{
595 int i, err = 0;
1da177e4
LT		 596
597 spin_lock_bh(&xfrm_state_lock);
4aa2e62c
JL		 598 err = xfrm_state_flush_secctx_check(proto, audit_info);
599 if (err)
600 goto out;
601
a9917c06 602 for (i = 0; i <= xfrm_state_hmask; i++) {
8f126e37
DM		 603 struct hlist_node *entry;
604 struct xfrm_state *x;
1da177e4 605restart:
8f126e37 606 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1da177e4 607 if (!xfrm_state_kern(x) &&
5794708f 608 xfrm_id_proto_match(x->id.proto, proto)) {
1da177e4
LT		 609 xfrm_state_hold(x);
610 spin_unlock_bh(&xfrm_state_lock);
611
161a09e7 612 err = xfrm_state_delete(x);
ab5f5e8b
JL		 613 xfrm_audit_state_delete(x, err ? 0 : 1,
614 audit_info->loginuid,
615 audit_info->secid);
1da177e4
LT		 616 xfrm_state_put(x);
617
618 spin_lock_bh(&xfrm_state_lock);
619 goto restart;
620 }
621 }
622 }
4aa2e62c
JL		 623 err = 0;
624
625out:
1da177e4
LT		 626 spin_unlock_bh(&xfrm_state_lock);
627 wake_up(&km_waitq);
4aa2e62c 628 return err;
1da177e4
LT		 629}
630EXPORT_SYMBOL(xfrm_state_flush);
631
af11e316 632void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
28d8909b
JHS		 633{
634 spin_lock_bh(&xfrm_state_lock);
635 si->sadcnt = xfrm_state_num;
636 si->sadhcnt = xfrm_state_hmask;
637 si->sadhmcnt = xfrm_state_hashmax;
638 spin_unlock_bh(&xfrm_state_lock);
639}
640EXPORT_SYMBOL(xfrm_sad_getinfo);
641
1da177e4
LT		 642static int
643xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
644 struct xfrm_tmpl *tmpl,
645 xfrm_address_t *daddr, xfrm_address_t *saddr,
646 unsigned short family)
647{
648 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
649 if (!afinfo)
650 return -1;
651 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
652 xfrm_state_put_afinfo(afinfo);
653 return 0;
654}
655
a94cfd19 656static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
edcd5821
DM		 657{
658 unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
659 struct xfrm_state *x;
8f126e37 660 struct hlist_node *entry;
edcd5821 661
8f126e37 662 hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
edcd5821
DM		 663 if (x->props.family != family ||
664 x->id.spi != spi ||
665 x->id.proto != proto)
666 continue;
667
668 switch (family) {
669 case AF_INET:
670 if (x->id.daddr.a4 != daddr->a4)
671 continue;
672 break;
673 case AF_INET6:
674 if (!ipv6_addr_equal((struct in6_addr *)daddr,
675 (struct in6_addr *)
676 x->id.daddr.a6))
677 continue;
678 break;
3ff50b79 679 }
edcd5821
DM		 680
681 xfrm_state_hold(x);
682 return x;
683 }
684
685 return NULL;
686}
687
688static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
689{
667bbcb6 690 unsigned int h = xfrm_src_hash(daddr, saddr, family);
edcd5821 691 struct xfrm_state *x;
8f126e37 692 struct hlist_node *entry;
edcd5821 693
8f126e37 694 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
edcd5821
DM		 695 if (x->props.family != family ||
696 x->id.proto != proto)
697 continue;
698
699 switch (family) {
700 case AF_INET:
701 if (x->id.daddr.a4 != daddr->a4 ||
702 x->props.saddr.a4 != saddr->a4)
703 continue;
704 break;
705 case AF_INET6:
706 if (!ipv6_addr_equal((struct in6_addr *)daddr,
707 (struct in6_addr *)
708 x->id.daddr.a6) ||
709 !ipv6_addr_equal((struct in6_addr *)saddr,
710 (struct in6_addr *)
711 x->props.saddr.a6))
712 continue;
713 break;
3ff50b79 714 }
edcd5821
DM		 715
716 xfrm_state_hold(x);
717 return x;
718 }
719
720 return NULL;
721}
722
723static inline struct xfrm_state *
724__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
725{
726 if (use_spi)
727 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
728 x->id.proto, family);
729 else
730 return __xfrm_state_lookup_byaddr(&x->id.daddr,
731 &x->props.saddr,
732 x->id.proto, family);
733}
734
2fab22f2
PM		 735static void xfrm_hash_grow_check(int have_hash_collision)
736{
737 if (have_hash_collision &&
738 (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
739 xfrm_state_num > xfrm_state_hmask)
740 schedule_work(&xfrm_hash_work);
741}
742
1da177e4 743struct xfrm_state *
a716c119 744xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 745 struct flowi *fl, struct xfrm_tmpl *tmpl,
746 struct xfrm_policy *pol, int *err,
747 unsigned short family)
748{
c1969f29 749 unsigned int h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
8f126e37 750 struct hlist_node *entry;
1da177e4
LT		 751 struct xfrm_state *x, *x0;
752 int acquire_in_progress = 0;
753 int error = 0;
754 struct xfrm_state *best = NULL;
a716c119 755
1da177e4 756 spin_lock_bh(&xfrm_state_lock);
8f126e37 757 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1da177e4
LT		 758 if (x->props.family == family &&
759 x->props.reqid == tmpl->reqid &&
fbd9a5b4 760 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1da177e4
LT		 761 xfrm_state_addr_check(x, daddr, saddr, family) &&
762 tmpl->mode == x->props.mode &&
763 tmpl->id.proto == x->id.proto &&
764 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
765 /* Resolution logic:
766 1. There is a valid state with matching selector.
767 Done.
768 2. Valid state with inappropriate selector. Skip.
769
770 Entering area of "sysdeps".
771
772 3. If state is not valid, selector is temporary,
773 it selects only session which triggered
774 previous resolution. Key manager will do
775 something to install a state with proper
776 selector.
777 */
778 if (x->km.state == XFRM_STATE_VALID) {
48b8d783 779 if (!xfrm_selector_match(&x->sel, fl, x->sel.family) ||
e0d1caa7 780 !security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 781 continue;
782 if (!best ||
783 best->km.dying > x->km.dying ||
784 (best->km.dying == x->km.dying &&
785 best->curlft.add_time < x->curlft.add_time))
786 best = x;
787 } else if (x->km.state == XFRM_STATE_ACQ) {
788 acquire_in_progress = 1;
789 } else if (x->km.state == XFRM_STATE_ERROR ||
790 x->km.state == XFRM_STATE_EXPIRED) {
48b8d783 791 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
e0d1caa7 792 security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 793 error = -ESRCH;
794 }
795 }
796 }
797
798 x = best;
799 if (!x && !error && !acquire_in_progress) {
5c5d281a 800 if (tmpl->id.spi &&
edcd5821
DM		 801 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
802 tmpl->id.proto, family)) != NULL) {
1da177e4
LT		 803 xfrm_state_put(x0);
804 error = -EEXIST;
805 goto out;
806 }
807 x = xfrm_state_alloc();
808 if (x == NULL) {
809 error = -ENOMEM;
810 goto out;
811 }
812 /* Initialize temporary selector matching only
813 * to current session. */
814 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
815
e0d1caa7
VY		 816 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
817 if (error) {
818 x->km.state = XFRM_STATE_DEAD;
819 xfrm_state_put(x);
820 x = NULL;
821 goto out;
822 }
823
1da177e4
LT		 824 if (km_query(x, tmpl, pol) == 0) {
825 x->km.state = XFRM_STATE_ACQ;
8f126e37 826 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
667bbcb6 827 h = xfrm_src_hash(daddr, saddr, family);
8f126e37 828 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1da177e4
LT		 829 if (x->id.spi) {
830 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
8f126e37 831 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1da177e4 832 }
01e67d08
DM		 833 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
834 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1da177e4 835 add_timer(&x->timer);
2fab22f2
PM		 836 xfrm_state_num++;
837 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 838 } else {
839 x->km.state = XFRM_STATE_DEAD;
840 xfrm_state_put(x);
841 x = NULL;
842 error = -ESRCH;
843 }
844 }
845out:
846 if (x)
847 xfrm_state_hold(x);
848 else
849 *err = acquire_in_progress ? -EAGAIN : error;
850 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 851 return x;
852}
853
628529b6
JHS		 854struct xfrm_state *
855xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
856 unsigned short family, u8 mode, u8 proto, u32 reqid)
857{
858 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
859 struct xfrm_state *rx = NULL, *x = NULL;
860 struct hlist_node *entry;
861
862 spin_lock(&xfrm_state_lock);
863 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
864 if (x->props.family == family &&
865 x->props.reqid == reqid &&
866 !(x->props.flags & XFRM_STATE_WILDRECV) &&
867 xfrm_state_addr_check(x, daddr, saddr, family) &&
868 mode == x->props.mode &&
869 proto == x->id.proto &&
870 x->km.state == XFRM_STATE_VALID) {
871 rx = x;
872 break;
873 }
874 }
875
876 if (rx)
877 xfrm_state_hold(rx);
878 spin_unlock(&xfrm_state_lock);
879
880
881 return rx;
882}
883EXPORT_SYMBOL(xfrm_stateonly_find);
884
1da177e4
LT		 885static void __xfrm_state_insert(struct xfrm_state *x)
886{
a624c108 887 unsigned int h;
1da177e4 888
9d4a706d
DM		 889 x->genid = ++xfrm_state_genid;
890
c1969f29
DM		 891 h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
892 x->props.reqid, x->props.family);
8f126e37 893 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
1da177e4 894
667bbcb6 895 h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
8f126e37 896 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1da177e4 897
7b4dc360 898 if (x->id.spi) {
6c44e6b7
MN		 899 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
900 x->props.family);
901
8f126e37 902 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
6c44e6b7
MN		 903 }
904
a47f0ce0
DM		 905 mod_timer(&x->timer, jiffies + HZ);
906 if (x->replay_maxage)
907 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
f8cd5488 908
1da177e4 909 wake_up(&km_waitq);
f034b5d4
DM		 910
911 xfrm_state_num++;
912
918049f0 913 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 914}
915
c7f5ea3a
DM		 916/* xfrm_state_lock is held */
917static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
918{
919 unsigned short family = xnew->props.family;
920 u32 reqid = xnew->props.reqid;
921 struct xfrm_state *x;
922 struct hlist_node *entry;
923 unsigned int h;
924
c1969f29 925 h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
c7f5ea3a
DM		 926 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
927 if (x->props.family == family &&
928 x->props.reqid == reqid &&
c1969f29
DM		 929 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
930 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
c7f5ea3a
DM		 931 x->genid = xfrm_state_genid;
932 }
933}
934
1da177e4
LT		 935void xfrm_state_insert(struct xfrm_state *x)
936{
937 spin_lock_bh(&xfrm_state_lock);
c7f5ea3a 938 __xfrm_state_bump_genids(x);
1da177e4
LT		 939 __xfrm_state_insert(x);
940 spin_unlock_bh(&xfrm_state_lock);
941}
942EXPORT_SYMBOL(xfrm_state_insert);
943
2770834c
DM		 944/* xfrm_state_lock is held */
945static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
946{
c1969f29 947 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
8f126e37 948 struct hlist_node *entry;
2770834c
DM		 949 struct xfrm_state *x;
950
8f126e37 951 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
2770834c
DM		 952 if (x->props.reqid != reqid ||
953 x->props.mode != mode ||
954 x->props.family != family ||
955 x->km.state != XFRM_STATE_ACQ ||
75e252d9
JL		 956 x->id.spi != 0 ||
957 x->id.proto != proto)
2770834c
DM		 958 continue;
959
960 switch (family) {
961 case AF_INET:
962 if (x->id.daddr.a4 != daddr->a4 ||
963 x->props.saddr.a4 != saddr->a4)
964 continue;
965 break;
966 case AF_INET6:
967 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
968 (struct in6_addr *)daddr) ||
969 !ipv6_addr_equal((struct in6_addr *)
970 x->props.saddr.a6,
971 (struct in6_addr *)saddr))
972 continue;
973 break;
3ff50b79 974 }
2770834c
DM		 975
976 xfrm_state_hold(x);
977 return x;
978 }
979
980 if (!create)
981 return NULL;
982
983 x = xfrm_state_alloc();
984 if (likely(x)) {
985 switch (family) {
986 case AF_INET:
987 x->sel.daddr.a4 = daddr->a4;
988 x->sel.saddr.a4 = saddr->a4;
989 x->sel.prefixlen_d = 32;
990 x->sel.prefixlen_s = 32;
991 x->props.saddr.a4 = saddr->a4;
992 x->id.daddr.a4 = daddr->a4;
993 break;
994
995 case AF_INET6:
996 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
997 (struct in6_addr *)daddr);
998 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
999 (struct in6_addr *)saddr);
1000 x->sel.prefixlen_d = 128;
1001 x->sel.prefixlen_s = 128;
1002 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1003 (struct in6_addr *)saddr);
1004 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1005 (struct in6_addr *)daddr);
1006 break;
3ff50b79 1007 }
2770834c
DM		 1008
1009 x->km.state = XFRM_STATE_ACQ;
1010 x->id.proto = proto;
1011 x->props.family = family;
1012 x->props.mode = mode;
1013 x->props.reqid = reqid;
01e67d08 1014 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
2770834c 1015 xfrm_state_hold(x);
01e67d08 1016 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
2770834c 1017 add_timer(&x->timer);
8f126e37 1018 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
667bbcb6 1019 h = xfrm_src_hash(daddr, saddr, family);
8f126e37 1020 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
918049f0
DM		 1021
1022 xfrm_state_num++;
1023
1024 xfrm_hash_grow_check(x->bydst.next != NULL);
2770834c
DM		 1025 }
1026
1027 return x;
1028}
1029
1da177e4
LT		 1030static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1031
1032int xfrm_state_add(struct xfrm_state *x)
1033{
1da177e4
LT		 1034 struct xfrm_state *x1;
1035 int family;
1036 int err;
eb2971b6 1037 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4
LT		 1038
1039 family = x->props.family;
1da177e4
LT		 1040
1041 spin_lock_bh(&xfrm_state_lock);
1042
edcd5821 1043 x1 = __xfrm_state_locate(x, use_spi, family);
1da177e4
LT		 1044 if (x1) {
1045 xfrm_state_put(x1);
1046 x1 = NULL;
1047 err = -EEXIST;
1048 goto out;
1049 }
1050
eb2971b6 1051 if (use_spi && x->km.seq) {
1da177e4 1052 x1 = __xfrm_find_acq_byseq(x->km.seq);
75e252d9
JL		 1053 if (x1 && ((x1->id.proto != x->id.proto) ||
1054 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1da177e4
LT		 1055 xfrm_state_put(x1);
1056 x1 = NULL;
1057 }
1058 }
1059
eb2971b6 1060 if (use_spi && !x1)
2770834c
DM		 1061 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1062 x->id.proto,
1063 &x->id.daddr, &x->props.saddr, 0);
1da177e4 1064
c7f5ea3a 1065 __xfrm_state_bump_genids(x);
1da177e4
LT		 1066 __xfrm_state_insert(x);
1067 err = 0;
1068
1069out:
1070 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1071
1072 if (x1) {
1073 xfrm_state_delete(x1);
1074 xfrm_state_put(x1);
1075 }
1076
1077 return err;
1078}
1079EXPORT_SYMBOL(xfrm_state_add);
1080
80c9abaa
SS		 1081#ifdef CONFIG_XFRM_MIGRATE
1082struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1083{
1084 int err = -ENOMEM;
1085 struct xfrm_state *x = xfrm_state_alloc();
1086 if (!x)
1087 goto error;
1088
1089 memcpy(&x->id, &orig->id, sizeof(x->id));
1090 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1091 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1092 x->props.mode = orig->props.mode;
1093 x->props.replay_window = orig->props.replay_window;
1094 x->props.reqid = orig->props.reqid;
1095 x->props.family = orig->props.family;
1096 x->props.saddr = orig->props.saddr;
1097
1098 if (orig->aalg) {
1099 x->aalg = xfrm_algo_clone(orig->aalg);
1100 if (!x->aalg)
1101 goto error;
1102 }
1103 x->props.aalgo = orig->props.aalgo;
1104
1105 if (orig->ealg) {
1106 x->ealg = xfrm_algo_clone(orig->ealg);
1107 if (!x->ealg)
1108 goto error;
1109 }
1110 x->props.ealgo = orig->props.ealgo;
1111
1112 if (orig->calg) {
1113 x->calg = xfrm_algo_clone(orig->calg);
1114 if (!x->calg)
1115 goto error;
1116 }
1117 x->props.calgo = orig->props.calgo;
1118
a716c119 1119 if (orig->encap) {
80c9abaa
SS		 1120 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1121 if (!x->encap)
1122 goto error;
1123 }
1124
1125 if (orig->coaddr) {
1126 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1127 GFP_KERNEL);
1128 if (!x->coaddr)
1129 goto error;
1130 }
1131
1132 err = xfrm_init_state(x);
1133 if (err)
1134 goto error;
1135
1136 x->props.flags = orig->props.flags;
1137
1138 x->curlft.add_time = orig->curlft.add_time;
1139 x->km.state = orig->km.state;
1140 x->km.seq = orig->km.seq;
1141
1142 return x;
1143
1144 error:
1145 if (errp)
1146 *errp = err;
1147 if (x) {
1148 kfree(x->aalg);
1149 kfree(x->ealg);
1150 kfree(x->calg);
1151 kfree(x->encap);
1152 kfree(x->coaddr);
1153 }
1154 kfree(x);
1155 return NULL;
1156}
1157EXPORT_SYMBOL(xfrm_state_clone);
1158
1159/* xfrm_state_lock is held */
1160struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1161{
1162 unsigned int h;
1163 struct xfrm_state *x;
1164 struct hlist_node *entry;
1165
1166 if (m->reqid) {
1167 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1168 m->reqid, m->old_family);
1169 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1170 if (x->props.mode != m->mode ||
1171 x->id.proto != m->proto)
1172 continue;
1173 if (m->reqid && x->props.reqid != m->reqid)
1174 continue;
1175 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1176 m->old_family) ||
1177 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1178 m->old_family))
1179 continue;
1180 xfrm_state_hold(x);
1181 return x;
1182 }
1183 } else {
1184 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1185 m->old_family);
1186 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
1187 if (x->props.mode != m->mode ||
1188 x->id.proto != m->proto)
1189 continue;
1190 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1191 m->old_family) ||
1192 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1193 m->old_family))
1194 continue;
1195 xfrm_state_hold(x);
1196 return x;
1197 }
1198 }
1199
a716c119 1200 return NULL;
80c9abaa
SS		 1201}
1202EXPORT_SYMBOL(xfrm_migrate_state_find);
1203
1204struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1205 struct xfrm_migrate *m)
1206{
1207 struct xfrm_state *xc;
1208 int err;
1209
1210 xc = xfrm_state_clone(x, &err);
1211 if (!xc)
1212 return NULL;
1213
1214 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1215 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1216
1217 /* add state */
1218 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1219 /* a care is needed when the destination address of the
1220 state is to be updated as it is a part of triplet */
1221 xfrm_state_insert(xc);
1222 } else {
1223 if ((err = xfrm_state_add(xc)) < 0)
1224 goto error;
1225 }
1226
1227 return xc;
1228error:
1229 kfree(xc);
1230 return NULL;
1231}
1232EXPORT_SYMBOL(xfrm_state_migrate);
1233#endif
1234
1da177e4
LT		 1235int xfrm_state_update(struct xfrm_state *x)
1236{
1da177e4
LT		 1237 struct xfrm_state *x1;
1238 int err;
eb2971b6 1239 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4 1240
1da177e4 1241 spin_lock_bh(&xfrm_state_lock);
edcd5821 1242 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1da177e4
LT		 1243
1244 err = -ESRCH;
1245 if (!x1)
1246 goto out;
1247
1248 if (xfrm_state_kern(x1)) {
1249 xfrm_state_put(x1);
1250 err = -EEXIST;
1251 goto out;
1252 }
1253
1254 if (x1->km.state == XFRM_STATE_ACQ) {
1255 __xfrm_state_insert(x);
1256 x = NULL;
1257 }
1258 err = 0;
1259
1260out:
1261 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1262
1263 if (err)
1264 return err;
1265
1266 if (!x) {
1267 xfrm_state_delete(x1);
1268 xfrm_state_put(x1);
1269 return 0;
1270 }
1271
1272 err = -EINVAL;
1273 spin_lock_bh(&x1->lock);
1274 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1275 if (x->encap && x1->encap)
1276 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
060f02a3
NT		 1277 if (x->coaddr && x1->coaddr) {
1278 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1279 }
1280 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1281 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1da177e4
LT		 1282 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1283 x1->km.dying = 0;
1284
a47f0ce0 1285 mod_timer(&x1->timer, jiffies + HZ);
1da177e4
LT		 1286 if (x1->curlft.use_time)
1287 xfrm_state_check_expire(x1);
1288
1289 err = 0;
1290 }
1291 spin_unlock_bh(&x1->lock);
1292
1293 xfrm_state_put(x1);
1294
1295 return err;
1296}
1297EXPORT_SYMBOL(xfrm_state_update);
1298
1299int xfrm_state_check_expire(struct xfrm_state *x)
1300{
1301 if (!x->curlft.use_time)
9d729f72 1302 x->curlft.use_time = get_seconds();
1da177e4
LT		 1303
1304 if (x->km.state != XFRM_STATE_VALID)
1305 return -EINVAL;
1306
1307 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1308 x->curlft.packets >= x->lft.hard_packet_limit) {
4666faab 1309 x->km.state = XFRM_STATE_EXPIRED;
a47f0ce0 1310 mod_timer(&x->timer, jiffies);
1da177e4
LT		 1311 return -EINVAL;
1312 }
1313
1314 if (!x->km.dying &&
1315 (x->curlft.bytes >= x->lft.soft_byte_limit ||
4666faab
HX		 1316 x->curlft.packets >= x->lft.soft_packet_limit)) {
1317 x->km.dying = 1;
53bc6b4d 1318 km_state_expired(x, 0, 0);
4666faab 1319 }
1da177e4
LT		 1320 return 0;
1321}
1322EXPORT_SYMBOL(xfrm_state_check_expire);
1323
1da177e4 1324struct xfrm_state *
a94cfd19 1325xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1da177e4
LT		 1326 unsigned short family)
1327{
1328 struct xfrm_state *x;
1da177e4
LT		 1329
1330 spin_lock_bh(&xfrm_state_lock);
edcd5821 1331 x = __xfrm_state_lookup(daddr, spi, proto, family);
1da177e4 1332 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1333 return x;
1334}
1335EXPORT_SYMBOL(xfrm_state_lookup);
1336
1337struct xfrm_state *
eb2971b6
MN		 1338xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1339 u8 proto, unsigned short family)
1340{
1341 struct xfrm_state *x;
eb2971b6
MN		 1342
1343 spin_lock_bh(&xfrm_state_lock);
edcd5821 1344 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
eb2971b6 1345 spin_unlock_bh(&xfrm_state_lock);
eb2971b6
MN		 1346 return x;
1347}
1348EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1349
1350struct xfrm_state *
a716c119
YH		 1351xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1352 xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 1353 int create, unsigned short family)
1354{
1355 struct xfrm_state *x;
1da177e4
LT		 1356
1357 spin_lock_bh(&xfrm_state_lock);
2770834c 1358 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1da177e4 1359 spin_unlock_bh(&xfrm_state_lock);
2770834c 1360
1da177e4
LT		 1361 return x;
1362}
1363EXPORT_SYMBOL(xfrm_find_acq);
1364
41a49cc3
MN		 1365#ifdef CONFIG_XFRM_SUB_POLICY
1366int
1367xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1368 unsigned short family)
1369{
1370 int err = 0;
1371 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1372 if (!afinfo)
1373 return -EAFNOSUPPORT;
1374
1375 spin_lock_bh(&xfrm_state_lock);
1376 if (afinfo->tmpl_sort)
1377 err = afinfo->tmpl_sort(dst, src, n);
1378 spin_unlock_bh(&xfrm_state_lock);
1379 xfrm_state_put_afinfo(afinfo);
1380 return err;
1381}
1382EXPORT_SYMBOL(xfrm_tmpl_sort);
1383
1384int
1385xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1386 unsigned short family)
1387{
1388 int err = 0;
1389 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1390 if (!afinfo)
1391 return -EAFNOSUPPORT;
1392
1393 spin_lock_bh(&xfrm_state_lock);
1394 if (afinfo->state_sort)
1395 err = afinfo->state_sort(dst, src, n);
1396 spin_unlock_bh(&xfrm_state_lock);
1397 xfrm_state_put_afinfo(afinfo);
1398 return err;
1399}
1400EXPORT_SYMBOL(xfrm_state_sort);
1401#endif
1402
1da177e4
LT		 1403/* Silly enough, but I'm lazy to build resolution list */
1404
1405static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1406{
1407 int i;
1da177e4 1408
f034b5d4 1409 for (i = 0; i <= xfrm_state_hmask; i++) {
8f126e37
DM		 1410 struct hlist_node *entry;
1411 struct xfrm_state *x;
1412
1413 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1414 if (x->km.seq == seq &&
1415 x->km.state == XFRM_STATE_ACQ) {
1da177e4
LT		 1416 xfrm_state_hold(x);
1417 return x;
1418 }
1419 }
1420 }
1421 return NULL;
1422}
1423
1424struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1425{
1426 struct xfrm_state *x;
1427
1428 spin_lock_bh(&xfrm_state_lock);
1429 x = __xfrm_find_acq_byseq(seq);
1430 spin_unlock_bh(&xfrm_state_lock);
1431 return x;
1432}
1433EXPORT_SYMBOL(xfrm_find_acq_byseq);
1434
1435u32 xfrm_get_acqseq(void)
1436{
1437 u32 res;
1438 static u32 acqseq;
1439 static DEFINE_SPINLOCK(acqseq_lock);
1440
1441 spin_lock_bh(&acqseq_lock);
1442 res = (++acqseq ? : ++acqseq);
1443 spin_unlock_bh(&acqseq_lock);
1444 return res;
1445}
1446EXPORT_SYMBOL(xfrm_get_acqseq);
1447
658b219e 1448int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1da177e4 1449{
f034b5d4 1450 unsigned int h;
1da177e4 1451 struct xfrm_state *x0;
658b219e
HX		 1452 int err = -ENOENT;
1453 __be32 minspi = htonl(low);
1454 __be32 maxspi = htonl(high);
1da177e4 1455
658b219e
HX		 1456 spin_lock_bh(&x->lock);
1457 if (x->km.state == XFRM_STATE_DEAD)
1458 goto unlock;
1459
1460 err = 0;
1da177e4 1461 if (x->id.spi)
658b219e
HX		 1462 goto unlock;
1463
1464 err = -ENOENT;
1da177e4
LT		 1465
1466 if (minspi == maxspi) {
1467 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1468 if (x0) {
1469 xfrm_state_put(x0);
658b219e 1470 goto unlock;
1da177e4
LT		 1471 }
1472 x->id.spi = minspi;
1473 } else {
1474 u32 spi = 0;
26977b4e
AV		 1475 for (h=0; h<high-low+1; h++) {
1476 spi = low + net_random()%(high-low+1);
1da177e4
LT		 1477 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1478 if (x0 == NULL) {
1479 x->id.spi = htonl(spi);
1480 break;
1481 }
1482 xfrm_state_put(x0);
1483 }
1484 }
1485 if (x->id.spi) {
1486 spin_lock_bh(&xfrm_state_lock);
1487 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
8f126e37 1488 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1da177e4 1489 spin_unlock_bh(&xfrm_state_lock);
658b219e
HX		 1490
1491 err = 0;
1da177e4 1492 }
658b219e
HX		 1493
1494unlock:
1495 spin_unlock_bh(&x->lock);
1496
1497 return err;
1da177e4
LT		 1498}
1499EXPORT_SYMBOL(xfrm_alloc_spi);
1500
1501int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
1502 void *data)
1503{
1504 int i;
94b9bb54 1505 struct xfrm_state *x, *last = NULL;
8f126e37 1506 struct hlist_node *entry;
1da177e4
LT		 1507 int count = 0;
1508 int err = 0;
1509
1510 spin_lock_bh(&xfrm_state_lock);
f034b5d4 1511 for (i = 0; i <= xfrm_state_hmask; i++) {
8f126e37 1512 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
94b9bb54
JHS		 1513 if (!xfrm_id_proto_match(x->id.proto, proto))
1514 continue;
1515 if (last) {
1516 err = func(last, count, data);
1517 if (err)
1518 goto out;
1519 }
1520 last = x;
1521 count++;
1da177e4
LT		 1522 }
1523 }
1524 if (count == 0) {
1525 err = -ENOENT;
1526 goto out;
1527 }
94b9bb54 1528 err = func(last, 0, data);
1da177e4
LT		 1529out:
1530 spin_unlock_bh(&xfrm_state_lock);
1531 return err;
1532}
1533EXPORT_SYMBOL(xfrm_state_walk);
1534
f8cd5488
JHS		 1535
1536void xfrm_replay_notify(struct xfrm_state *x, int event)
1537{
1538 struct km_event c;
1539 /* we send notify messages in case
1540 * 1. we updated on of the sequence numbers, and the seqno difference
1541 * is at least x->replay_maxdiff, in this case we also update the
1542 * timeout of our timer function
1543 * 2. if x->replay_maxage has elapsed since last update,
1544 * and there were changes
1545 *
1546 * The state structure must be locked!
1547 */
1548
1549 switch (event) {
1550 case XFRM_REPLAY_UPDATE:
1551 if (x->replay_maxdiff &&
1552 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
2717096a
JHS		 1553 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1554 if (x->xflags & XFRM_TIME_DEFER)
1555 event = XFRM_REPLAY_TIMEOUT;
1556 else
1557 return;
1558 }
f8cd5488
JHS		 1559
1560 break;
1561
1562 case XFRM_REPLAY_TIMEOUT:
1563 if ((x->replay.seq == x->preplay.seq) &&
1564 (x->replay.bitmap == x->preplay.bitmap) &&
2717096a
JHS		 1565 (x->replay.oseq == x->preplay.oseq)) {
1566 x->xflags |= XFRM_TIME_DEFER;
f8cd5488 1567 return;
2717096a 1568 }
f8cd5488
JHS		 1569
1570 break;
1571 }
1572
1573 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1574 c.event = XFRM_MSG_NEWAE;
1575 c.data.aevent = event;
1576 km_state_notify(x, &c);
1577
f8cd5488 1578 if (x->replay_maxage &&
a47f0ce0 1579 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
2717096a 1580 x->xflags &= ~XFRM_TIME_DEFER;
f8cd5488
JHS		 1581}
1582
1583static void xfrm_replay_timer_handler(unsigned long data)
1584{
1585 struct xfrm_state *x = (struct xfrm_state*)data;
1586
1587 spin_lock(&x->lock);
1588
2717096a
JHS		 1589 if (x->km.state == XFRM_STATE_VALID) {
1590 if (xfrm_aevent_is_on())
1591 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1592 else
1593 x->xflags |= XFRM_TIME_DEFER;
1594 }
f8cd5488
JHS		 1595
1596 spin_unlock(&x->lock);
1597}
1598
a252cc23 1599int xfrm_replay_check(struct xfrm_state *x, __be32 net_seq)
1da177e4
LT		 1600{
1601 u32 diff;
a252cc23 1602 u32 seq = ntohl(net_seq);
1da177e4
LT		 1603
1604 if (unlikely(seq == 0))
1605 return -EINVAL;
1606
1607 if (likely(seq > x->replay.seq))
1608 return 0;
1609
1610 diff = x->replay.seq - seq;
4c4d51a7
HX		 1611 if (diff >= min_t(unsigned int, x->props.replay_window,
1612 sizeof(x->replay.bitmap) * 8)) {
1da177e4
LT		 1613 x->stats.replay_window++;
1614 return -EINVAL;
1615 }
1616
1617 if (x->replay.bitmap & (1U << diff)) {
1618 x->stats.replay++;
1619 return -EINVAL;
1620 }
1621 return 0;
1622}
1623EXPORT_SYMBOL(xfrm_replay_check);
1624
61f4627b 1625void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1da177e4
LT		 1626{
1627 u32 diff;
61f4627b 1628 u32 seq = ntohl(net_seq);
1da177e4
LT		 1629
1630 if (seq > x->replay.seq) {
1631 diff = seq - x->replay.seq;
1632 if (diff < x->props.replay_window)
1633 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1634 else
1635 x->replay.bitmap = 1;
1636 x->replay.seq = seq;
1637 } else {
1638 diff = x->replay.seq - seq;
1639 x->replay.bitmap |= (1U << diff);
1640 }
f8cd5488
JHS		 1641
1642 if (xfrm_aevent_is_on())
1643 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1da177e4
LT		 1644}
1645EXPORT_SYMBOL(xfrm_replay_advance);
1646
1647static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
1648static DEFINE_RWLOCK(xfrm_km_lock);
1649
26b15dad 1650void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1da177e4
LT		 1651{
1652 struct xfrm_mgr *km;
1653
26b15dad
JHS		 1654 read_lock(&xfrm_km_lock);
1655 list_for_each_entry(km, &xfrm_km_list, list)
1656 if (km->notify_policy)
1657 km->notify_policy(xp, dir, c);
1658 read_unlock(&xfrm_km_lock);
1659}
1da177e4 1660
26b15dad
JHS		 1661void km_state_notify(struct xfrm_state *x, struct km_event *c)
1662{
1663 struct xfrm_mgr *km;
1da177e4
LT		 1664 read_lock(&xfrm_km_lock);
1665 list_for_each_entry(km, &xfrm_km_list, list)
26b15dad
JHS		 1666 if (km->notify)
1667 km->notify(x, c);
1da177e4 1668 read_unlock(&xfrm_km_lock);
26b15dad
JHS		 1669}
1670
1671EXPORT_SYMBOL(km_policy_notify);
1672EXPORT_SYMBOL(km_state_notify);
1673
53bc6b4d 1674void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
26b15dad
JHS		 1675{
1676 struct km_event c;
1677
bf08867f 1678 c.data.hard = hard;
53bc6b4d 1679 c.pid = pid;
f60f6b8f 1680 c.event = XFRM_MSG_EXPIRE;
26b15dad 1681 km_state_notify(x, &c);
1da177e4
LT		 1682
1683 if (hard)
1684 wake_up(&km_waitq);
1685}
1686
53bc6b4d 1687EXPORT_SYMBOL(km_state_expired);
26b15dad
JHS		 1688/*
1689 * We send to all registered managers regardless of failure
1690 * We are happy with one success
1691*/
980ebd25 1692int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1da177e4 1693{
26b15dad 1694 int err = -EINVAL, acqret;
1da177e4
LT		 1695 struct xfrm_mgr *km;
1696
1697 read_lock(&xfrm_km_lock);
1698 list_for_each_entry(km, &xfrm_km_list, list) {
26b15dad
JHS		 1699 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1700 if (!acqret)
1701 err = acqret;
1da177e4
LT		 1702 }
1703 read_unlock(&xfrm_km_lock);
1704 return err;
1705}
980ebd25 1706EXPORT_SYMBOL(km_query);
1da177e4 1707
5d36b180 1708int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1da177e4
LT		 1709{
1710 int err = -EINVAL;
1711 struct xfrm_mgr *km;
1712
1713 read_lock(&xfrm_km_lock);
1714 list_for_each_entry(km, &xfrm_km_list, list) {
1715 if (km->new_mapping)
1716 err = km->new_mapping(x, ipaddr, sport);
1717 if (!err)
1718 break;
1719 }
1720 read_unlock(&xfrm_km_lock);
1721 return err;
1722}
1723EXPORT_SYMBOL(km_new_mapping);
1724
6c5c8ca7 1725void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1da177e4 1726{
26b15dad 1727 struct km_event c;
1da177e4 1728
bf08867f 1729 c.data.hard = hard;
6c5c8ca7 1730 c.pid = pid;
f60f6b8f 1731 c.event = XFRM_MSG_POLEXPIRE;
26b15dad 1732 km_policy_notify(pol, dir, &c);
1da177e4
LT		 1733
1734 if (hard)
1735 wake_up(&km_waitq);
1736}
a70fcb0b 1737EXPORT_SYMBOL(km_policy_expired);
1da177e4 1738
80c9abaa
SS		 1739int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1740 struct xfrm_migrate *m, int num_migrate)
1741{
1742 int err = -EINVAL;
1743 int ret;
1744 struct xfrm_mgr *km;
1745
1746 read_lock(&xfrm_km_lock);
1747 list_for_each_entry(km, &xfrm_km_list, list) {
1748 if (km->migrate) {
1749 ret = km->migrate(sel, dir, type, m, num_migrate);
1750 if (!ret)
1751 err = ret;
1752 }
1753 }
1754 read_unlock(&xfrm_km_lock);
1755 return err;
1756}
1757EXPORT_SYMBOL(km_migrate);
1758
97a64b45
MN		 1759int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1760{
1761 int err = -EINVAL;
1762 int ret;
1763 struct xfrm_mgr *km;
1764
1765 read_lock(&xfrm_km_lock);
1766 list_for_each_entry(km, &xfrm_km_list, list) {
1767 if (km->report) {
1768 ret = km->report(proto, sel, addr);
1769 if (!ret)
1770 err = ret;
1771 }
1772 }
1773 read_unlock(&xfrm_km_lock);
1774 return err;
1775}
1776EXPORT_SYMBOL(km_report);
1777
1da177e4
LT		 1778int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1779{
1780 int err;
1781 u8 *data;
1782 struct xfrm_mgr *km;
1783 struct xfrm_policy *pol = NULL;
1784
1785 if (optlen <= 0 || optlen > PAGE_SIZE)
1786 return -EMSGSIZE;
1787
1788 data = kmalloc(optlen, GFP_KERNEL);
1789 if (!data)
1790 return -ENOMEM;
1791
1792 err = -EFAULT;
1793 if (copy_from_user(data, optval, optlen))
1794 goto out;
1795
1796 err = -EINVAL;
1797 read_lock(&xfrm_km_lock);
1798 list_for_each_entry(km, &xfrm_km_list, list) {
cb969f07 1799 pol = km->compile_policy(sk, optname, data,
1da177e4
LT		 1800 optlen, &err);
1801 if (err >= 0)
1802 break;
1803 }
1804 read_unlock(&xfrm_km_lock);
1805
1806 if (err >= 0) {
1807 xfrm_sk_policy_insert(sk, err, pol);
1808 xfrm_pol_put(pol);
1809 err = 0;
1810 }
1811
1812out:
1813 kfree(data);
1814 return err;
1815}
1816EXPORT_SYMBOL(xfrm_user_policy);
1817
1818int xfrm_register_km(struct xfrm_mgr *km)
1819{
1820 write_lock_bh(&xfrm_km_lock);
1821 list_add_tail(&km->list, &xfrm_km_list);
1822 write_unlock_bh(&xfrm_km_lock);
1823 return 0;
1824}
1825EXPORT_SYMBOL(xfrm_register_km);
1826
1827int xfrm_unregister_km(struct xfrm_mgr *km)
1828{
1829 write_lock_bh(&xfrm_km_lock);
1830 list_del(&km->list);
1831 write_unlock_bh(&xfrm_km_lock);
1832 return 0;
1833}
1834EXPORT_SYMBOL(xfrm_unregister_km);
1835
1836int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1837{
1838 int err = 0;
1839 if (unlikely(afinfo == NULL))
1840 return -EINVAL;
1841 if (unlikely(afinfo->family >= NPROTO))
1842 return -EAFNOSUPPORT;
f3111502 1843 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1844 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1845 err = -ENOBUFS;
edcd5821 1846 else
1da177e4 1847 xfrm_state_afinfo[afinfo->family] = afinfo;
f3111502 1848 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1849 return err;
1850}
1851EXPORT_SYMBOL(xfrm_state_register_afinfo);
1852
1853int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1854{
1855 int err = 0;
1856 if (unlikely(afinfo == NULL))
1857 return -EINVAL;
1858 if (unlikely(afinfo->family >= NPROTO))
1859 return -EAFNOSUPPORT;
f3111502 1860 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1861 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1862 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1863 err = -EINVAL;
edcd5821 1864 else
1da177e4 1865 xfrm_state_afinfo[afinfo->family] = NULL;
1da177e4 1866 }
f3111502 1867 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1868 return err;
1869}
1870EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1871
cdca7265 1872struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
1da177e4
LT		 1873{
1874 struct xfrm_state_afinfo *afinfo;
1875 if (unlikely(family >= NPROTO))
1876 return NULL;
1877 read_lock(&xfrm_state_afinfo_lock);
1878 afinfo = xfrm_state_afinfo[family];
546be240
HX		 1879 if (unlikely(!afinfo))
1880 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1881 return afinfo;
1882}
1883
cdca7265 1884void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1da177e4 1885{
546be240 1886 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1887}
1888
cdca7265
MK		 1889EXPORT_SYMBOL(xfrm_state_get_afinfo);
1890EXPORT_SYMBOL(xfrm_state_put_afinfo);
1891
1da177e4
LT		 1892/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1893void xfrm_state_delete_tunnel(struct xfrm_state *x)
1894{
1895 if (x->tunnel) {
1896 struct xfrm_state *t = x->tunnel;
1897
1898 if (atomic_read(&t->tunnel_users) == 2)
1899 xfrm_state_delete(t);
1900 atomic_dec(&t->tunnel_users);
1901 xfrm_state_put(t);
1902 x->tunnel = NULL;
1903 }
1904}
1905EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1906
1907int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1908{
c5c25238 1909 int res;
1da177e4 1910
c5c25238
PM		 1911 spin_lock_bh(&x->lock);
1912 if (x->km.state == XFRM_STATE_VALID &&
1913 x->type && x->type->get_mtu)
1914 res = x->type->get_mtu(x, mtu);
1915 else
28121617 1916 res = mtu - x->props.header_len;
c5c25238 1917 spin_unlock_bh(&x->lock);
1da177e4
LT		 1918 return res;
1919}
1920
72cb6962
HX		 1921int xfrm_init_state(struct xfrm_state *x)
1922{
d094cd83
HX		 1923 struct xfrm_state_afinfo *afinfo;
1924 int family = x->props.family;
72cb6962
HX		 1925 int err;
1926
d094cd83
HX		 1927 err = -EAFNOSUPPORT;
1928 afinfo = xfrm_state_get_afinfo(family);
1929 if (!afinfo)
1930 goto error;
1931
1932 err = 0;
1933 if (afinfo->init_flags)
1934 err = afinfo->init_flags(x);
1935
1936 xfrm_state_put_afinfo(afinfo);
1937
1938 if (err)
1939 goto error;
1940
1941 err = -EPROTONOSUPPORT;
1942 x->type = xfrm_get_type(x->id.proto, family);
72cb6962
HX		 1943 if (x->type == NULL)
1944 goto error;
1945
1946 err = x->type->init_state(x);
1947 if (err)
1948 goto error;
1949
b59f45d0
HX		 1950 x->mode = xfrm_get_mode(x->props.mode, family);
1951 if (x->mode == NULL)
1952 goto error;
1953
72cb6962
HX		 1954 x->km.state = XFRM_STATE_VALID;
1955
1956error:
1957 return err;
1958}
1959
1960EXPORT_SYMBOL(xfrm_init_state);
a716c119 1961
1da177e4
LT		 1962void __init xfrm_state_init(void)
1963{
f034b5d4
DM		 1964 unsigned int sz;
1965
1966 sz = sizeof(struct hlist_head) * 8;
1967
44e36b42
DM		 1968 xfrm_state_bydst = xfrm_hash_alloc(sz);
1969 xfrm_state_bysrc = xfrm_hash_alloc(sz);
1970 xfrm_state_byspi = xfrm_hash_alloc(sz);
f034b5d4
DM		 1971 if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
1972 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
1973 xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1da177e4 1974
c4028958 1975 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
1da177e4
LT		 1976}
1977
ab5f5e8b
JL		 1978#ifdef CONFIG_AUDITSYSCALL
1979static inline void xfrm_audit_common_stateinfo(struct xfrm_state *x,
1980 struct audit_buffer *audit_buf)
1981{
1982 if (x->security)
1983 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
1984 x->security->ctx_alg, x->security->ctx_doi,
1985 x->security->ctx_str);
1986
1987 switch(x->props.family) {
1988 case AF_INET:
1989 audit_log_format(audit_buf, " src=%u.%u.%u.%u dst=%u.%u.%u.%u",
1990 NIPQUAD(x->props.saddr.a4),
1991 NIPQUAD(x->id.daddr.a4));
1992 break;
1993 case AF_INET6:
1994 {
1995 struct in6_addr saddr6, daddr6;
1996
1997 memcpy(&saddr6, x->props.saddr.a6,
1998 sizeof(struct in6_addr));
1999 memcpy(&daddr6, x->id.daddr.a6,
2000 sizeof(struct in6_addr));
2001 audit_log_format(audit_buf,
2002 " src=" NIP6_FMT " dst=" NIP6_FMT,
2003 NIP6(saddr6), NIP6(daddr6));
2004 }
2005 break;
2006 }
2007}
2008
2009void
2010xfrm_audit_state_add(struct xfrm_state *x, int result, u32 auid, u32 sid)
2011{
2012 struct audit_buffer *audit_buf;
2013 extern int audit_enabled;
2014
2015 if (audit_enabled == 0)
2016 return;
2017 audit_buf = xfrm_audit_start(sid, auid);
2018 if (audit_buf == NULL)
2019 return;
2020 audit_log_format(audit_buf, " op=SAD-add res=%u",result);
2021 xfrm_audit_common_stateinfo(x, audit_buf);
2022 audit_log_format(audit_buf, " spi=%lu(0x%lx)",
2023 (unsigned long)x->id.spi, (unsigned long)x->id.spi);
2024 audit_log_end(audit_buf);
2025}
2026EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2027
2028void
2029xfrm_audit_state_delete(struct xfrm_state *x, int result, u32 auid, u32 sid)
2030{
2031 struct audit_buffer *audit_buf;
2032 extern int audit_enabled;
2033
2034 if (audit_enabled == 0)
2035 return;
2036 audit_buf = xfrm_audit_start(sid, auid);
2037 if (audit_buf == NULL)
2038 return;
2039 audit_log_format(audit_buf, " op=SAD-delete res=%u",result);
2040 xfrm_audit_common_stateinfo(x, audit_buf);
2041 audit_log_format(audit_buf, " spi=%lu(0x%lx)",
2042 (unsigned long)x->id.spi, (unsigned long)x->id.spi);
2043 audit_log_end(audit_buf);
2044}
2045EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2046#endif /* CONFIG_AUDITSYSCALL */
Ubuntu Artful kernel mirror