]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/xfrm/xfrm_state.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
netns xfrm: state lookup in netns
[mirror_ubuntu-artful-kernel.git] / net / xfrm / xfrm_state.c
CommitLineData
1da177e4
LT		 1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
df71837d 13 *
1da177e4
LT		 14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
f034b5d4 21#include <linux/cache.h>
68277acc 22#include <linux/audit.h>
b5890d8b 23#include <asm/uaccess.h>
1da177e4 24
44e36b42
DM		 25#include "xfrm_hash.h"
26
ee857a7d
DM		 27struct sock *xfrm_nl;
28EXPORT_SYMBOL(xfrm_nl);
29
01e67d08 30u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
a70fcb0b
DM		 31EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
01e67d08 33u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
a70fcb0b
DM		 34EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
01e67d08
DM		 36u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
1da177e4
LT		 38/* Each xfrm_state may be linked to two tables:
39
40 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
a624c108 41 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
1da177e4
LT		 42 destination/tunnel endpoint. (output)
43 */
44
45static DEFINE_SPINLOCK(xfrm_state_lock);
46
f034b5d4 47static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
9d4a706d 48static unsigned int xfrm_state_genid;
f034b5d4 49
17c2a42a
HX		 50static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
51static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
52
afeb14b4
PM		 53#ifdef CONFIG_AUDITSYSCALL
54static void xfrm_audit_state_replay(struct xfrm_state *x,
55 struct sk_buff *skb, __be32 net_seq);
56#else
57#define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
58#endif /* CONFIG_AUDITSYSCALL */
59
64d0cd00
AD		 60static inline unsigned int xfrm_dst_hash(struct net *net,
61 xfrm_address_t *daddr,
c1969f29
DM		 62 xfrm_address_t *saddr,
63 u32 reqid,
a624c108 64 unsigned short family)
f034b5d4 65{
64d0cd00 66 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask);
f034b5d4
DM		 67}
68
64d0cd00
AD		 69static inline unsigned int xfrm_src_hash(struct net *net,
70 xfrm_address_t *daddr,
667bbcb6 71 xfrm_address_t *saddr,
44e36b42 72 unsigned short family)
f034b5d4 73{
64d0cd00 74 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask);
f034b5d4
DM		 75}
76
f034b5d4 77static inline unsigned int
64d0cd00 78xfrm_spi_hash(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
f034b5d4 79{
64d0cd00 80 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask);
f034b5d4
DM		 81}
82
f034b5d4
DM		 83static void xfrm_hash_transfer(struct hlist_head *list,
84 struct hlist_head *ndsttable,
85 struct hlist_head *nsrctable,
86 struct hlist_head *nspitable,
87 unsigned int nhashmask)
88{
89 struct hlist_node *entry, *tmp;
90 struct xfrm_state *x;
91
92 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
93 unsigned int h;
94
c1969f29
DM		 95 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
96 x->props.reqid, x->props.family,
97 nhashmask);
f034b5d4
DM		 98 hlist_add_head(&x->bydst, ndsttable+h);
99
667bbcb6
MN		 100 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
101 x->props.family,
f034b5d4
DM		 102 nhashmask);
103 hlist_add_head(&x->bysrc, nsrctable+h);
104
7b4dc360
MN		 105 if (x->id.spi) {
106 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
107 x->id.proto, x->props.family,
108 nhashmask);
109 hlist_add_head(&x->byspi, nspitable+h);
110 }
f034b5d4
DM		 111 }
112}
113
63082733 114static unsigned long xfrm_hash_new_size(unsigned int state_hmask)
f034b5d4 115{
63082733 116 return ((state_hmask + 1) << 1) * sizeof(struct hlist_head);
f034b5d4
DM		 117}
118
119static DEFINE_MUTEX(hash_resize_mutex);
120
63082733 121static void xfrm_hash_resize(struct work_struct *work)
f034b5d4 122{
63082733 123 struct net *net = container_of(work, struct net, xfrm.state_hash_work);
f034b5d4
DM		 124 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
125 unsigned long nsize, osize;
126 unsigned int nhashmask, ohashmask;
127 int i;
128
129 mutex_lock(&hash_resize_mutex);
130
63082733 131 nsize = xfrm_hash_new_size(net->xfrm.state_hmask);
44e36b42 132 ndst = xfrm_hash_alloc(nsize);
f034b5d4
DM		 133 if (!ndst)
134 goto out_unlock;
44e36b42 135 nsrc = xfrm_hash_alloc(nsize);
f034b5d4 136 if (!nsrc) {
44e36b42 137 xfrm_hash_free(ndst, nsize);
f034b5d4
DM		 138 goto out_unlock;
139 }
44e36b42 140 nspi = xfrm_hash_alloc(nsize);
f034b5d4 141 if (!nspi) {
44e36b42
DM		 142 xfrm_hash_free(ndst, nsize);
143 xfrm_hash_free(nsrc, nsize);
f034b5d4
DM		 144 goto out_unlock;
145 }
146
147 spin_lock_bh(&xfrm_state_lock);
148
149 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
63082733
AD		 150 for (i = net->xfrm.state_hmask; i >= 0; i--)
151 xfrm_hash_transfer(net->xfrm.state_bydst+i, ndst, nsrc, nspi,
f034b5d4
DM		 152 nhashmask);
153
63082733
AD		 154 odst = net->xfrm.state_bydst;
155 osrc = net->xfrm.state_bysrc;
156 ospi = net->xfrm.state_byspi;
157 ohashmask = net->xfrm.state_hmask;
f034b5d4 158
63082733
AD		 159 net->xfrm.state_bydst = ndst;
160 net->xfrm.state_bysrc = nsrc;
161 net->xfrm.state_byspi = nspi;
162 net->xfrm.state_hmask = nhashmask;
f034b5d4
DM		 163
164 spin_unlock_bh(&xfrm_state_lock);
165
166 osize = (ohashmask + 1) * sizeof(struct hlist_head);
44e36b42
DM		 167 xfrm_hash_free(odst, osize);
168 xfrm_hash_free(osrc, osize);
169 xfrm_hash_free(ospi, osize);
f034b5d4
DM		 170
171out_unlock:
172 mutex_unlock(&hash_resize_mutex);
173}
174
1da177e4
LT		 175static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
176static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
177
1da177e4
LT		 178static DEFINE_SPINLOCK(xfrm_state_gc_lock);
179
53bc6b4d 180int __xfrm_state_delete(struct xfrm_state *x);
1da177e4 181
980ebd25 182int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
53bc6b4d 183void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
1da177e4 184
aa5d62cc
HX		 185static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
186{
187 struct xfrm_state_afinfo *afinfo;
188 if (unlikely(family >= NPROTO))
189 return NULL;
190 write_lock_bh(&xfrm_state_afinfo_lock);
191 afinfo = xfrm_state_afinfo[family];
192 if (unlikely(!afinfo))
193 write_unlock_bh(&xfrm_state_afinfo_lock);
194 return afinfo;
195}
196
197static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 198 __releases(xfrm_state_afinfo_lock)
aa5d62cc
HX		 199{
200 write_unlock_bh(&xfrm_state_afinfo_lock);
201}
202
533cb5b0 203int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 204{
205 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 206 const struct xfrm_type **typemap;
aa5d62cc
HX		 207 int err = 0;
208
209 if (unlikely(afinfo == NULL))
210 return -EAFNOSUPPORT;
211 typemap = afinfo->type_map;
212
213 if (likely(typemap[type->proto] == NULL))
214 typemap[type->proto] = type;
215 else
216 err = -EEXIST;
217 xfrm_state_unlock_afinfo(afinfo);
218 return err;
219}
220EXPORT_SYMBOL(xfrm_register_type);
221
533cb5b0 222int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 223{
224 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 225 const struct xfrm_type **typemap;
aa5d62cc
HX		 226 int err = 0;
227
228 if (unlikely(afinfo == NULL))
229 return -EAFNOSUPPORT;
230 typemap = afinfo->type_map;
231
232 if (unlikely(typemap[type->proto] != type))
233 err = -ENOENT;
234 else
235 typemap[type->proto] = NULL;
236 xfrm_state_unlock_afinfo(afinfo);
237 return err;
238}
239EXPORT_SYMBOL(xfrm_unregister_type);
240
533cb5b0 241static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
aa5d62cc
HX		 242{
243 struct xfrm_state_afinfo *afinfo;
533cb5b0
ED		 244 const struct xfrm_type **typemap;
245 const struct xfrm_type *type;
aa5d62cc
HX		 246 int modload_attempted = 0;
247
248retry:
249 afinfo = xfrm_state_get_afinfo(family);
250 if (unlikely(afinfo == NULL))
251 return NULL;
252 typemap = afinfo->type_map;
253
254 type = typemap[proto];
255 if (unlikely(type && !try_module_get(type->owner)))
256 type = NULL;
257 if (!type && !modload_attempted) {
258 xfrm_state_put_afinfo(afinfo);
259 request_module("xfrm-type-%d-%d", family, proto);
260 modload_attempted = 1;
261 goto retry;
262 }
263
264 xfrm_state_put_afinfo(afinfo);
265 return type;
266}
267
533cb5b0 268static void xfrm_put_type(const struct xfrm_type *type)
aa5d62cc
HX		 269{
270 module_put(type->owner);
271}
272
273int xfrm_register_mode(struct xfrm_mode *mode, int family)
274{
275 struct xfrm_state_afinfo *afinfo;
276 struct xfrm_mode **modemap;
277 int err;
278
279 if (unlikely(mode->encap >= XFRM_MODE_MAX))
280 return -EINVAL;
281
282 afinfo = xfrm_state_lock_afinfo(family);
283 if (unlikely(afinfo == NULL))
284 return -EAFNOSUPPORT;
285
286 err = -EEXIST;
287 modemap = afinfo->mode_map;
17c2a42a
HX		 288 if (modemap[mode->encap])
289 goto out;
aa5d62cc 290
17c2a42a
HX		 291 err = -ENOENT;
292 if (!try_module_get(afinfo->owner))
293 goto out;
294
295 mode->afinfo = afinfo;
296 modemap[mode->encap] = mode;
297 err = 0;
298
299out:
aa5d62cc
HX		 300 xfrm_state_unlock_afinfo(afinfo);
301 return err;
302}
303EXPORT_SYMBOL(xfrm_register_mode);
304
305int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
306{
307 struct xfrm_state_afinfo *afinfo;
308 struct xfrm_mode **modemap;
309 int err;
310
311 if (unlikely(mode->encap >= XFRM_MODE_MAX))
312 return -EINVAL;
313
314 afinfo = xfrm_state_lock_afinfo(family);
315 if (unlikely(afinfo == NULL))
316 return -EAFNOSUPPORT;
317
318 err = -ENOENT;
319 modemap = afinfo->mode_map;
320 if (likely(modemap[mode->encap] == mode)) {
321 modemap[mode->encap] = NULL;
17c2a42a 322 module_put(mode->afinfo->owner);
aa5d62cc
HX		 323 err = 0;
324 }
325
326 xfrm_state_unlock_afinfo(afinfo);
327 return err;
328}
329EXPORT_SYMBOL(xfrm_unregister_mode);
330
331static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
332{
333 struct xfrm_state_afinfo *afinfo;
334 struct xfrm_mode *mode;
335 int modload_attempted = 0;
336
337 if (unlikely(encap >= XFRM_MODE_MAX))
338 return NULL;
339
340retry:
341 afinfo = xfrm_state_get_afinfo(family);
342 if (unlikely(afinfo == NULL))
343 return NULL;
344
345 mode = afinfo->mode_map[encap];
346 if (unlikely(mode && !try_module_get(mode->owner)))
347 mode = NULL;
348 if (!mode && !modload_attempted) {
349 xfrm_state_put_afinfo(afinfo);
350 request_module("xfrm-mode-%d-%d", family, encap);
351 modload_attempted = 1;
352 goto retry;
353 }
354
355 xfrm_state_put_afinfo(afinfo);
356 return mode;
357}
358
359static void xfrm_put_mode(struct xfrm_mode *mode)
360{
361 module_put(mode->owner);
362}
363
1da177e4
LT		 364static void xfrm_state_gc_destroy(struct xfrm_state *x)
365{
a47f0ce0
DM		 366 del_timer_sync(&x->timer);
367 del_timer_sync(&x->rtimer);
a51482bd
JJ		 368 kfree(x->aalg);
369 kfree(x->ealg);
370 kfree(x->calg);
371 kfree(x->encap);
060f02a3 372 kfree(x->coaddr);
13996378
HX		 373 if (x->inner_mode)
374 xfrm_put_mode(x->inner_mode);
df9dcb45
KM		 375 if (x->inner_mode_iaf)
376 xfrm_put_mode(x->inner_mode_iaf);
13996378
HX		 377 if (x->outer_mode)
378 xfrm_put_mode(x->outer_mode);
1da177e4
LT		 379 if (x->type) {
380 x->type->destructor(x);
381 xfrm_put_type(x->type);
382 }
df71837d 383 security_xfrm_state_free(x);
1da177e4
LT		 384 kfree(x);
385}
386
c7837144 387static void xfrm_state_gc_task(struct work_struct *work)
1da177e4 388{
c7837144 389 struct net *net = container_of(work, struct net, xfrm.state_gc_work);
12a169e7
HX		 390 struct xfrm_state *x;
391 struct hlist_node *entry, *tmp;
392 struct hlist_head gc_list;
1da177e4 393
1da177e4 394 spin_lock_bh(&xfrm_state_gc_lock);
c7837144 395 hlist_move_list(&net->xfrm.state_gc_list, &gc_list);
1da177e4
LT		 396 spin_unlock_bh(&xfrm_state_gc_lock);
397
12a169e7 398 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
1da177e4 399 xfrm_state_gc_destroy(x);
8f126e37 400
50a30657 401 wake_up(&net->xfrm.km_waitq);
1da177e4
LT		 402}
403
404static inline unsigned long make_jiffies(long secs)
405{
406 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
407 return MAX_SCHEDULE_TIMEOUT-1;
408 else
a716c119 409 return secs*HZ;
1da177e4
LT		 410}
411
412static void xfrm_timer_handler(unsigned long data)
413{
414 struct xfrm_state *x = (struct xfrm_state*)data;
98806f75 415 struct net *net = xs_net(x);
9d729f72 416 unsigned long now = get_seconds();
1da177e4
LT		 417 long next = LONG_MAX;
418 int warn = 0;
161a09e7 419 int err = 0;
1da177e4
LT		 420
421 spin_lock(&x->lock);
422 if (x->km.state == XFRM_STATE_DEAD)
423 goto out;
424 if (x->km.state == XFRM_STATE_EXPIRED)
425 goto expired;
426 if (x->lft.hard_add_expires_seconds) {
427 long tmo = x->lft.hard_add_expires_seconds +
428 x->curlft.add_time - now;
429 if (tmo <= 0)
430 goto expired;
431 if (tmo < next)
432 next = tmo;
433 }
434 if (x->lft.hard_use_expires_seconds) {
435 long tmo = x->lft.hard_use_expires_seconds +
436 (x->curlft.use_time ? : now) - now;
437 if (tmo <= 0)
438 goto expired;
439 if (tmo < next)
440 next = tmo;
441 }
442 if (x->km.dying)
443 goto resched;
444 if (x->lft.soft_add_expires_seconds) {
445 long tmo = x->lft.soft_add_expires_seconds +
446 x->curlft.add_time - now;
447 if (tmo <= 0)
448 warn = 1;
449 else if (tmo < next)
450 next = tmo;
451 }
452 if (x->lft.soft_use_expires_seconds) {
453 long tmo = x->lft.soft_use_expires_seconds +
454 (x->curlft.use_time ? : now) - now;
455 if (tmo <= 0)
456 warn = 1;
457 else if (tmo < next)
458 next = tmo;
459 }
460
4666faab 461 x->km.dying = warn;
1da177e4 462 if (warn)
53bc6b4d 463 km_state_expired(x, 0, 0);
1da177e4 464resched:
a47f0ce0
DM		 465 if (next != LONG_MAX)
466 mod_timer(&x->timer, jiffies + make_jiffies(next));
467
1da177e4
LT		 468 goto out;
469
470expired:
471 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
472 x->km.state = XFRM_STATE_EXPIRED;
98806f75 473 wake_up(&net->xfrm.km_waitq);
1da177e4
LT		 474 next = 2;
475 goto resched;
476 }
161a09e7
JL		 477
478 err = __xfrm_state_delete(x);
479 if (!err && x->id.spi)
53bc6b4d 480 km_state_expired(x, 1, 0);
1da177e4 481
ab5f5e8b 482 xfrm_audit_state_delete(x, err ? 0 : 1,
2532386f
EP		 483 audit_get_loginuid(current),
484 audit_get_sessionid(current), 0);
161a09e7 485
1da177e4
LT		 486out:
487 spin_unlock(&x->lock);
1da177e4
LT		 488}
489
0ac84752
DM		 490static void xfrm_replay_timer_handler(unsigned long data);
491
673c09be 492struct xfrm_state *xfrm_state_alloc(struct net *net)
1da177e4
LT		 493{
494 struct xfrm_state *x;
495
0da974f4 496 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
1da177e4
LT		 497
498 if (x) {
673c09be 499 write_pnet(&x->xs_net, net);
1da177e4
LT		 500 atomic_set(&x->refcnt, 1);
501 atomic_set(&x->tunnel_users, 0);
12a169e7 502 INIT_LIST_HEAD(&x->km.all);
8f126e37
DM		 503 INIT_HLIST_NODE(&x->bydst);
504 INIT_HLIST_NODE(&x->bysrc);
505 INIT_HLIST_NODE(&x->byspi);
b24b8a24
PE		 506 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
507 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
508 (unsigned long)x);
9d729f72 509 x->curlft.add_time = get_seconds();
1da177e4
LT		 510 x->lft.soft_byte_limit = XFRM_INF;
511 x->lft.soft_packet_limit = XFRM_INF;
512 x->lft.hard_byte_limit = XFRM_INF;
513 x->lft.hard_packet_limit = XFRM_INF;
f8cd5488
JHS		 514 x->replay_maxage = 0;
515 x->replay_maxdiff = 0;
df9dcb45
KM		 516 x->inner_mode = NULL;
517 x->inner_mode_iaf = NULL;
1da177e4
LT		 518 spin_lock_init(&x->lock);
519 }
520 return x;
521}
522EXPORT_SYMBOL(xfrm_state_alloc);
523
524void __xfrm_state_destroy(struct xfrm_state *x)
525{
98806f75
AD		 526 struct net *net = xs_net(x);
527
547b792c 528 WARN_ON(x->km.state != XFRM_STATE_DEAD);
1da177e4
LT		 529
530 spin_lock_bh(&xfrm_state_gc_lock);
98806f75 531 hlist_add_head(&x->gclist, &net->xfrm.state_gc_list);
1da177e4 532 spin_unlock_bh(&xfrm_state_gc_lock);
98806f75 533 schedule_work(&net->xfrm.state_gc_work);
1da177e4
LT		 534}
535EXPORT_SYMBOL(__xfrm_state_destroy);
536
53bc6b4d 537int __xfrm_state_delete(struct xfrm_state *x)
1da177e4 538{
98806f75 539 struct net *net = xs_net(x);
26b15dad
JHS		 540 int err = -ESRCH;
541
1da177e4
LT		 542 if (x->km.state != XFRM_STATE_DEAD) {
543 x->km.state = XFRM_STATE_DEAD;
544 spin_lock(&xfrm_state_lock);
12a169e7 545 list_del(&x->km.all);
8f126e37 546 hlist_del(&x->bydst);
8f126e37 547 hlist_del(&x->bysrc);
a47f0ce0 548 if (x->id.spi)
8f126e37 549 hlist_del(&x->byspi);
98806f75 550 net->xfrm.state_num--;
1da177e4 551 spin_unlock(&xfrm_state_lock);
1da177e4 552
1da177e4
LT		 553 /* All xfrm_state objects are created by xfrm_state_alloc.
554 * The xfrm_state_alloc call gives a reference, and that
555 * is what we are dropping here.
556 */
5dba4797 557 xfrm_state_put(x);
26b15dad 558 err = 0;
1da177e4 559 }
26b15dad
JHS		 560
561 return err;
1da177e4 562}
53bc6b4d 563EXPORT_SYMBOL(__xfrm_state_delete);
1da177e4 564
26b15dad 565int xfrm_state_delete(struct xfrm_state *x)
1da177e4 566{
26b15dad
JHS		 567 int err;
568
1da177e4 569 spin_lock_bh(&x->lock);
26b15dad 570 err = __xfrm_state_delete(x);
1da177e4 571 spin_unlock_bh(&x->lock);
26b15dad
JHS		 572
573 return err;
1da177e4
LT		 574}
575EXPORT_SYMBOL(xfrm_state_delete);
576
4aa2e62c
JL		 577#ifdef CONFIG_SECURITY_NETWORK_XFRM
578static inline int
0e602451 579xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info)
1da177e4 580{
4aa2e62c
JL		 581 int i, err = 0;
582
0e602451 583 for (i = 0; i <= net->xfrm.state_hmask; i++) {
4aa2e62c
JL		 584 struct hlist_node *entry;
585 struct xfrm_state *x;
586
0e602451 587 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) {
4aa2e62c
JL		 588 if (xfrm_id_proto_match(x->id.proto, proto) &&
589 (err = security_xfrm_state_delete(x)) != 0) {
ab5f5e8b
JL		 590 xfrm_audit_state_delete(x, 0,
591 audit_info->loginuid,
2532386f 592 audit_info->sessionid,
ab5f5e8b 593 audit_info->secid);
4aa2e62c
JL		 594 return err;
595 }
596 }
597 }
598
599 return err;
600}
601#else
602static inline int
0e602451 603xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info)
4aa2e62c
JL		 604{
605 return 0;
606}
607#endif
608
0e602451 609int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info)
4aa2e62c
JL		 610{
611 int i, err = 0;
1da177e4
LT		 612
613 spin_lock_bh(&xfrm_state_lock);
0e602451 614 err = xfrm_state_flush_secctx_check(net, proto, audit_info);
4aa2e62c
JL		 615 if (err)
616 goto out;
617
0e602451 618 for (i = 0; i <= net->xfrm.state_hmask; i++) {
8f126e37
DM		 619 struct hlist_node *entry;
620 struct xfrm_state *x;
1da177e4 621restart:
0e602451 622 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) {
1da177e4 623 if (!xfrm_state_kern(x) &&
5794708f 624 xfrm_id_proto_match(x->id.proto, proto)) {
1da177e4
LT		 625 xfrm_state_hold(x);
626 spin_unlock_bh(&xfrm_state_lock);
627
161a09e7 628 err = xfrm_state_delete(x);
ab5f5e8b
JL		 629 xfrm_audit_state_delete(x, err ? 0 : 1,
630 audit_info->loginuid,
2532386f 631 audit_info->sessionid,
ab5f5e8b 632 audit_info->secid);
1da177e4
LT		 633 xfrm_state_put(x);
634
635 spin_lock_bh(&xfrm_state_lock);
636 goto restart;
637 }
638 }
639 }
4aa2e62c
JL		 640 err = 0;
641
642out:
1da177e4 643 spin_unlock_bh(&xfrm_state_lock);
0e602451 644 wake_up(&net->xfrm.km_waitq);
4aa2e62c 645 return err;
1da177e4
LT		 646}
647EXPORT_SYMBOL(xfrm_state_flush);
648
af11e316 649void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
28d8909b
JHS		 650{
651 spin_lock_bh(&xfrm_state_lock);
0bf7c5b0 652 si->sadcnt = init_net.xfrm.state_num;
529983ec 653 si->sadhcnt = init_net.xfrm.state_hmask;
28d8909b
JHS		 654 si->sadhmcnt = xfrm_state_hashmax;
655 spin_unlock_bh(&xfrm_state_lock);
656}
657EXPORT_SYMBOL(xfrm_sad_getinfo);
658
1da177e4
LT		 659static int
660xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
661 struct xfrm_tmpl *tmpl,
662 xfrm_address_t *daddr, xfrm_address_t *saddr,
663 unsigned short family)
664{
665 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
666 if (!afinfo)
667 return -1;
668 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
669 xfrm_state_put_afinfo(afinfo);
670 return 0;
671}
672
221df1ed 673static struct xfrm_state *__xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
edcd5821 674{
221df1ed 675 unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family);
edcd5821 676 struct xfrm_state *x;
8f126e37 677 struct hlist_node *entry;
edcd5821 678
221df1ed 679 hlist_for_each_entry(x, entry, net->xfrm.state_byspi+h, byspi) {
edcd5821
DM		 680 if (x->props.family != family ||
681 x->id.spi != spi ||
682 x->id.proto != proto)
683 continue;
684
685 switch (family) {
686 case AF_INET:
687 if (x->id.daddr.a4 != daddr->a4)
688 continue;
689 break;
690 case AF_INET6:
691 if (!ipv6_addr_equal((struct in6_addr *)daddr,
692 (struct in6_addr *)
693 x->id.daddr.a6))
694 continue;
695 break;
3ff50b79 696 }
edcd5821
DM		 697
698 xfrm_state_hold(x);
699 return x;
700 }
701
702 return NULL;
703}
704
221df1ed 705static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
edcd5821 706{
221df1ed 707 unsigned int h = xfrm_src_hash(net, daddr, saddr, family);
edcd5821 708 struct xfrm_state *x;
8f126e37 709 struct hlist_node *entry;
edcd5821 710
221df1ed 711 hlist_for_each_entry(x, entry, net->xfrm.state_bysrc+h, bysrc) {
edcd5821
DM		 712 if (x->props.family != family ||
713 x->id.proto != proto)
714 continue;
715
716 switch (family) {
717 case AF_INET:
718 if (x->id.daddr.a4 != daddr->a4 ||
719 x->props.saddr.a4 != saddr->a4)
720 continue;
721 break;
722 case AF_INET6:
723 if (!ipv6_addr_equal((struct in6_addr *)daddr,
724 (struct in6_addr *)
725 x->id.daddr.a6) ||
726 !ipv6_addr_equal((struct in6_addr *)saddr,
727 (struct in6_addr *)
728 x->props.saddr.a6))
729 continue;
730 break;
3ff50b79 731 }
edcd5821
DM		 732
733 xfrm_state_hold(x);
734 return x;
735 }
736
737 return NULL;
738}
739
740static inline struct xfrm_state *
741__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
742{
221df1ed
AD		 743 struct net *net = xs_net(x);
744
edcd5821 745 if (use_spi)
221df1ed 746 return __xfrm_state_lookup(net, &x->id.daddr, x->id.spi,
edcd5821
DM		 747 x->id.proto, family);
748 else
221df1ed 749 return __xfrm_state_lookup_byaddr(net, &x->id.daddr,
edcd5821
DM		 750 &x->props.saddr,
751 x->id.proto, family);
752}
753
98806f75 754static void xfrm_hash_grow_check(struct net *net, int have_hash_collision)
2fab22f2
PM		 755{
756 if (have_hash_collision &&
98806f75
AD		 757 (net->xfrm.state_hmask + 1) < xfrm_state_hashmax &&
758 net->xfrm.state_num > net->xfrm.state_hmask)
759 schedule_work(&net->xfrm.state_hash_work);
2fab22f2
PM		 760}
761
1da177e4 762struct xfrm_state *
a716c119 763xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 764 struct flowi *fl, struct xfrm_tmpl *tmpl,
765 struct xfrm_policy *pol, int *err,
766 unsigned short family)
767{
4bda4f25 768 unsigned int h;
8f126e37 769 struct hlist_node *entry;
37b08e34 770 struct xfrm_state *x, *x0, *to_put;
1da177e4
LT		 771 int acquire_in_progress = 0;
772 int error = 0;
773 struct xfrm_state *best = NULL;
a716c119 774
37b08e34
DM		 775 to_put = NULL;
776
1da177e4 777 spin_lock_bh(&xfrm_state_lock);
64d0cd00 778 h = xfrm_dst_hash(&init_net, daddr, saddr, tmpl->reqid, family);
73d189dc 779 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
1da177e4
LT		 780 if (x->props.family == family &&
781 x->props.reqid == tmpl->reqid &&
fbd9a5b4 782 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1da177e4
LT		 783 xfrm_state_addr_check(x, daddr, saddr, family) &&
784 tmpl->mode == x->props.mode &&
785 tmpl->id.proto == x->id.proto &&
786 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
787 /* Resolution logic:
788 1. There is a valid state with matching selector.
789 Done.
790 2. Valid state with inappropriate selector. Skip.
791
792 Entering area of "sysdeps".
793
794 3. If state is not valid, selector is temporary,
795 it selects only session which triggered
796 previous resolution. Key manager will do
797 something to install a state with proper
798 selector.
799 */
800 if (x->km.state == XFRM_STATE_VALID) {
df9dcb45 801 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
e0d1caa7 802 !security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 803 continue;
804 if (!best ||
805 best->km.dying > x->km.dying ||
806 (best->km.dying == x->km.dying &&
807 best->curlft.add_time < x->curlft.add_time))
808 best = x;
809 } else if (x->km.state == XFRM_STATE_ACQ) {
810 acquire_in_progress = 1;
811 } else if (x->km.state == XFRM_STATE_ERROR ||
812 x->km.state == XFRM_STATE_EXPIRED) {
48b8d783 813 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
e0d1caa7 814 security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 815 error = -ESRCH;
816 }
817 }
818 }
819
820 x = best;
821 if (!x && !error && !acquire_in_progress) {
5c5d281a 822 if (tmpl->id.spi &&
221df1ed 823 (x0 = __xfrm_state_lookup(&init_net, daddr, tmpl->id.spi,
edcd5821 824 tmpl->id.proto, family)) != NULL) {
37b08e34 825 to_put = x0;
1da177e4
LT		 826 error = -EEXIST;
827 goto out;
828 }
673c09be 829 x = xfrm_state_alloc(&init_net);
1da177e4
LT		 830 if (x == NULL) {
831 error = -ENOMEM;
832 goto out;
833 }
834 /* Initialize temporary selector matching only
835 * to current session. */
836 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
837
e0d1caa7
VY		 838 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
839 if (error) {
840 x->km.state = XFRM_STATE_DEAD;
37b08e34 841 to_put = x;
e0d1caa7
VY		 842 x = NULL;
843 goto out;
844 }
845
1da177e4
LT		 846 if (km_query(x, tmpl, pol) == 0) {
847 x->km.state = XFRM_STATE_ACQ;
9d4139c7 848 list_add(&x->km.all, &init_net.xfrm.state_all);
73d189dc 849 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
64d0cd00 850 h = xfrm_src_hash(&init_net, daddr, saddr, family);
d320bbb3 851 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1da177e4 852 if (x->id.spi) {
64d0cd00 853 h = xfrm_spi_hash(&init_net, &x->id.daddr, x->id.spi, x->id.proto, family);
b754a4fd 854 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1da177e4 855 }
01e67d08
DM		 856 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
857 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1da177e4 858 add_timer(&x->timer);
0bf7c5b0 859 init_net.xfrm.state_num++;
98806f75 860 xfrm_hash_grow_check(&init_net, x->bydst.next != NULL);
1da177e4
LT		 861 } else {
862 x->km.state = XFRM_STATE_DEAD;
37b08e34 863 to_put = x;
1da177e4
LT		 864 x = NULL;
865 error = -ESRCH;
866 }
867 }
868out:
869 if (x)
870 xfrm_state_hold(x);
871 else
872 *err = acquire_in_progress ? -EAGAIN : error;
873 spin_unlock_bh(&xfrm_state_lock);
37b08e34
DM		 874 if (to_put)
875 xfrm_state_put(to_put);
1da177e4
LT		 876 return x;
877}
878
628529b6
JHS		 879struct xfrm_state *
880xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
881 unsigned short family, u8 mode, u8 proto, u32 reqid)
882{
4bda4f25 883 unsigned int h;
628529b6
JHS		 884 struct xfrm_state *rx = NULL, *x = NULL;
885 struct hlist_node *entry;
886
887 spin_lock(&xfrm_state_lock);
64d0cd00 888 h = xfrm_dst_hash(&init_net, daddr, saddr, reqid, family);
73d189dc 889 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
628529b6
JHS		 890 if (x->props.family == family &&
891 x->props.reqid == reqid &&
892 !(x->props.flags & XFRM_STATE_WILDRECV) &&
893 xfrm_state_addr_check(x, daddr, saddr, family) &&
894 mode == x->props.mode &&
895 proto == x->id.proto &&
896 x->km.state == XFRM_STATE_VALID) {
897 rx = x;
898 break;
899 }
900 }
901
902 if (rx)
903 xfrm_state_hold(rx);
904 spin_unlock(&xfrm_state_lock);
905
906
907 return rx;
908}
909EXPORT_SYMBOL(xfrm_stateonly_find);
910
1da177e4
LT		 911static void __xfrm_state_insert(struct xfrm_state *x)
912{
98806f75 913 struct net *net = xs_net(x);
a624c108 914 unsigned int h;
1da177e4 915
9d4a706d
DM		 916 x->genid = ++xfrm_state_genid;
917
98806f75 918 list_add(&x->km.all, &net->xfrm.state_all);
4c563f76 919
98806f75 920 h = xfrm_dst_hash(net, &x->id.daddr, &x->props.saddr,
c1969f29 921 x->props.reqid, x->props.family);
98806f75 922 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
1da177e4 923
98806f75
AD		 924 h = xfrm_src_hash(net, &x->id.daddr, &x->props.saddr, x->props.family);
925 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
1da177e4 926
7b4dc360 927 if (x->id.spi) {
98806f75 928 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto,
6c44e6b7
MN		 929 x->props.family);
930
98806f75 931 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
6c44e6b7
MN		 932 }
933
a47f0ce0
DM		 934 mod_timer(&x->timer, jiffies + HZ);
935 if (x->replay_maxage)
936 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
f8cd5488 937
98806f75 938 wake_up(&net->xfrm.km_waitq);
f034b5d4 939
98806f75 940 net->xfrm.state_num++;
f034b5d4 941
98806f75 942 xfrm_hash_grow_check(net, x->bydst.next != NULL);
1da177e4
LT		 943}
944
c7f5ea3a
DM		 945/* xfrm_state_lock is held */
946static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
947{
98806f75 948 struct net *net = xs_net(xnew);
c7f5ea3a
DM		 949 unsigned short family = xnew->props.family;
950 u32 reqid = xnew->props.reqid;
951 struct xfrm_state *x;
952 struct hlist_node *entry;
953 unsigned int h;
954
98806f75
AD		 955 h = xfrm_dst_hash(net, &xnew->id.daddr, &xnew->props.saddr, reqid, family);
956 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
c7f5ea3a
DM		 957 if (x->props.family == family &&
958 x->props.reqid == reqid &&
c1969f29
DM		 959 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
960 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
c7f5ea3a
DM		 961 x->genid = xfrm_state_genid;
962 }
963}
964
1da177e4
LT		 965void xfrm_state_insert(struct xfrm_state *x)
966{
967 spin_lock_bh(&xfrm_state_lock);
c7f5ea3a 968 __xfrm_state_bump_genids(x);
1da177e4
LT		 969 __xfrm_state_insert(x);
970 spin_unlock_bh(&xfrm_state_lock);
971}
972EXPORT_SYMBOL(xfrm_state_insert);
973
2770834c
DM		 974/* xfrm_state_lock is held */
975static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
976{
64d0cd00 977 unsigned int h = xfrm_dst_hash(&init_net, daddr, saddr, reqid, family);
8f126e37 978 struct hlist_node *entry;
2770834c
DM		 979 struct xfrm_state *x;
980
73d189dc 981 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
2770834c
DM		 982 if (x->props.reqid != reqid ||
983 x->props.mode != mode ||
984 x->props.family != family ||
985 x->km.state != XFRM_STATE_ACQ ||
75e252d9
JL		 986 x->id.spi != 0 ||
987 x->id.proto != proto)
2770834c
DM		 988 continue;
989
990 switch (family) {
991 case AF_INET:
992 if (x->id.daddr.a4 != daddr->a4 ||
993 x->props.saddr.a4 != saddr->a4)
994 continue;
995 break;
996 case AF_INET6:
997 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
998 (struct in6_addr *)daddr) ||
999 !ipv6_addr_equal((struct in6_addr *)
1000 x->props.saddr.a6,
1001 (struct in6_addr *)saddr))
1002 continue;
1003 break;
3ff50b79 1004 }
2770834c
DM		 1005
1006 xfrm_state_hold(x);
1007 return x;
1008 }
1009
1010 if (!create)
1011 return NULL;
1012
673c09be 1013 x = xfrm_state_alloc(&init_net);
2770834c
DM		 1014 if (likely(x)) {
1015 switch (family) {
1016 case AF_INET:
1017 x->sel.daddr.a4 = daddr->a4;
1018 x->sel.saddr.a4 = saddr->a4;
1019 x->sel.prefixlen_d = 32;
1020 x->sel.prefixlen_s = 32;
1021 x->props.saddr.a4 = saddr->a4;
1022 x->id.daddr.a4 = daddr->a4;
1023 break;
1024
1025 case AF_INET6:
1026 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1027 (struct in6_addr *)daddr);
1028 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1029 (struct in6_addr *)saddr);
1030 x->sel.prefixlen_d = 128;
1031 x->sel.prefixlen_s = 128;
1032 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1033 (struct in6_addr *)saddr);
1034 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1035 (struct in6_addr *)daddr);
1036 break;
3ff50b79 1037 }
2770834c
DM		 1038
1039 x->km.state = XFRM_STATE_ACQ;
1040 x->id.proto = proto;
1041 x->props.family = family;
1042 x->props.mode = mode;
1043 x->props.reqid = reqid;
01e67d08 1044 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
2770834c 1045 xfrm_state_hold(x);
01e67d08 1046 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
2770834c 1047 add_timer(&x->timer);
9d4139c7 1048 list_add(&x->km.all, &init_net.xfrm.state_all);
73d189dc 1049 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
64d0cd00 1050 h = xfrm_src_hash(&init_net, daddr, saddr, family);
d320bbb3 1051 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
918049f0 1052
0bf7c5b0 1053 init_net.xfrm.state_num++;
918049f0 1054
98806f75 1055 xfrm_hash_grow_check(&init_net, x->bydst.next != NULL);
2770834c
DM		 1056 }
1057
1058 return x;
1059}
1060
1da177e4
LT		 1061static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1062
1063int xfrm_state_add(struct xfrm_state *x)
1064{
37b08e34 1065 struct xfrm_state *x1, *to_put;
1da177e4
LT		 1066 int family;
1067 int err;
eb2971b6 1068 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4
LT		 1069
1070 family = x->props.family;
1da177e4 1071
37b08e34
DM		 1072 to_put = NULL;
1073
1da177e4
LT		 1074 spin_lock_bh(&xfrm_state_lock);
1075
edcd5821 1076 x1 = __xfrm_state_locate(x, use_spi, family);
1da177e4 1077 if (x1) {
37b08e34 1078 to_put = x1;
1da177e4
LT		 1079 x1 = NULL;
1080 err = -EEXIST;
1081 goto out;
1082 }
1083
eb2971b6 1084 if (use_spi && x->km.seq) {
1da177e4 1085 x1 = __xfrm_find_acq_byseq(x->km.seq);
75e252d9
JL		 1086 if (x1 && ((x1->id.proto != x->id.proto) ||
1087 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
37b08e34 1088 to_put = x1;
1da177e4
LT		 1089 x1 = NULL;
1090 }
1091 }
1092
eb2971b6 1093 if (use_spi && !x1)
2770834c
DM		 1094 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1095 x->id.proto,
1096 &x->id.daddr, &x->props.saddr, 0);
1da177e4 1097
c7f5ea3a 1098 __xfrm_state_bump_genids(x);
1da177e4
LT		 1099 __xfrm_state_insert(x);
1100 err = 0;
1101
1102out:
1103 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1104
1105 if (x1) {
1106 xfrm_state_delete(x1);
1107 xfrm_state_put(x1);
1108 }
1109
37b08e34
DM		 1110 if (to_put)
1111 xfrm_state_put(to_put);
1112
1da177e4
LT		 1113 return err;
1114}
1115EXPORT_SYMBOL(xfrm_state_add);
1116
80c9abaa 1117#ifdef CONFIG_XFRM_MIGRATE
6666351d 1118static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
80c9abaa 1119{
98806f75 1120 struct net *net = xs_net(orig);
80c9abaa 1121 int err = -ENOMEM;
98806f75 1122 struct xfrm_state *x = xfrm_state_alloc(net);
80c9abaa
SS		 1123 if (!x)
1124 goto error;
1125
1126 memcpy(&x->id, &orig->id, sizeof(x->id));
1127 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1128 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1129 x->props.mode = orig->props.mode;
1130 x->props.replay_window = orig->props.replay_window;
1131 x->props.reqid = orig->props.reqid;
1132 x->props.family = orig->props.family;
1133 x->props.saddr = orig->props.saddr;
1134
1135 if (orig->aalg) {
1136 x->aalg = xfrm_algo_clone(orig->aalg);
1137 if (!x->aalg)
1138 goto error;
1139 }
1140 x->props.aalgo = orig->props.aalgo;
1141
1142 if (orig->ealg) {
1143 x->ealg = xfrm_algo_clone(orig->ealg);
1144 if (!x->ealg)
1145 goto error;
1146 }
1147 x->props.ealgo = orig->props.ealgo;
1148
1149 if (orig->calg) {
1150 x->calg = xfrm_algo_clone(orig->calg);
1151 if (!x->calg)
1152 goto error;
1153 }
1154 x->props.calgo = orig->props.calgo;
1155
a716c119 1156 if (orig->encap) {
80c9abaa
SS		 1157 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1158 if (!x->encap)
1159 goto error;
1160 }
1161
1162 if (orig->coaddr) {
1163 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1164 GFP_KERNEL);
1165 if (!x->coaddr)
1166 goto error;
1167 }
1168
1169 err = xfrm_init_state(x);
1170 if (err)
1171 goto error;
1172
1173 x->props.flags = orig->props.flags;
1174
1175 x->curlft.add_time = orig->curlft.add_time;
1176 x->km.state = orig->km.state;
1177 x->km.seq = orig->km.seq;
1178
1179 return x;
1180
1181 error:
1182 if (errp)
1183 *errp = err;
1184 if (x) {
1185 kfree(x->aalg);
1186 kfree(x->ealg);
1187 kfree(x->calg);
1188 kfree(x->encap);
1189 kfree(x->coaddr);
1190 }
1191 kfree(x);
1192 return NULL;
1193}
80c9abaa
SS		 1194
1195/* xfrm_state_lock is held */
1196struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1197{
1198 unsigned int h;
1199 struct xfrm_state *x;
1200 struct hlist_node *entry;
1201
1202 if (m->reqid) {
64d0cd00 1203 h = xfrm_dst_hash(&init_net, &m->old_daddr, &m->old_saddr,
80c9abaa 1204 m->reqid, m->old_family);
73d189dc 1205 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
80c9abaa
SS		 1206 if (x->props.mode != m->mode ||
1207 x->id.proto != m->proto)
1208 continue;
1209 if (m->reqid && x->props.reqid != m->reqid)
1210 continue;
1211 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1212 m->old_family) ||
1213 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1214 m->old_family))
1215 continue;
1216 xfrm_state_hold(x);
1217 return x;
1218 }
1219 } else {
64d0cd00 1220 h = xfrm_src_hash(&init_net, &m->old_daddr, &m->old_saddr,
80c9abaa 1221 m->old_family);
d320bbb3 1222 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
80c9abaa
SS		 1223 if (x->props.mode != m->mode ||
1224 x->id.proto != m->proto)
1225 continue;
1226 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1227 m->old_family) ||
1228 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1229 m->old_family))
1230 continue;
1231 xfrm_state_hold(x);
1232 return x;
1233 }
1234 }
1235
a716c119 1236 return NULL;
80c9abaa
SS		 1237}
1238EXPORT_SYMBOL(xfrm_migrate_state_find);
1239
1240struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1241 struct xfrm_migrate *m)
1242{
1243 struct xfrm_state *xc;
1244 int err;
1245
1246 xc = xfrm_state_clone(x, &err);
1247 if (!xc)
1248 return NULL;
1249
1250 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1251 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1252
1253 /* add state */
1254 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1255 /* a care is needed when the destination address of the
1256 state is to be updated as it is a part of triplet */
1257 xfrm_state_insert(xc);
1258 } else {
1259 if ((err = xfrm_state_add(xc)) < 0)
1260 goto error;
1261 }
1262
1263 return xc;
1264error:
1265 kfree(xc);
1266 return NULL;
1267}
1268EXPORT_SYMBOL(xfrm_state_migrate);
1269#endif
1270
1da177e4
LT		 1271int xfrm_state_update(struct xfrm_state *x)
1272{
37b08e34 1273 struct xfrm_state *x1, *to_put;
1da177e4 1274 int err;
eb2971b6 1275 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4 1276
37b08e34
DM		 1277 to_put = NULL;
1278
1da177e4 1279 spin_lock_bh(&xfrm_state_lock);
edcd5821 1280 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1da177e4
LT		 1281
1282 err = -ESRCH;
1283 if (!x1)
1284 goto out;
1285
1286 if (xfrm_state_kern(x1)) {
37b08e34 1287 to_put = x1;
1da177e4
LT		 1288 err = -EEXIST;
1289 goto out;
1290 }
1291
1292 if (x1->km.state == XFRM_STATE_ACQ) {
1293 __xfrm_state_insert(x);
1294 x = NULL;
1295 }
1296 err = 0;
1297
1298out:
1299 spin_unlock_bh(&xfrm_state_lock);
1da177e4 1300
37b08e34
DM		 1301 if (to_put)
1302 xfrm_state_put(to_put);
1303
1da177e4
LT		 1304 if (err)
1305 return err;
1306
1307 if (!x) {
1308 xfrm_state_delete(x1);
1309 xfrm_state_put(x1);
1310 return 0;
1311 }
1312
1313 err = -EINVAL;
1314 spin_lock_bh(&x1->lock);
1315 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1316 if (x->encap && x1->encap)
1317 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
060f02a3
NT		 1318 if (x->coaddr && x1->coaddr) {
1319 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1320 }
1321 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1322 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1da177e4
LT		 1323 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1324 x1->km.dying = 0;
1325
a47f0ce0 1326 mod_timer(&x1->timer, jiffies + HZ);
1da177e4
LT		 1327 if (x1->curlft.use_time)
1328 xfrm_state_check_expire(x1);
1329
1330 err = 0;
1331 }
1332 spin_unlock_bh(&x1->lock);
1333
1334 xfrm_state_put(x1);
1335
1336 return err;
1337}
1338EXPORT_SYMBOL(xfrm_state_update);
1339
1340int xfrm_state_check_expire(struct xfrm_state *x)
1341{
1342 if (!x->curlft.use_time)
9d729f72 1343 x->curlft.use_time = get_seconds();
1da177e4
LT		 1344
1345 if (x->km.state != XFRM_STATE_VALID)
1346 return -EINVAL;
1347
1348 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1349 x->curlft.packets >= x->lft.hard_packet_limit) {
4666faab 1350 x->km.state = XFRM_STATE_EXPIRED;
a47f0ce0 1351 mod_timer(&x->timer, jiffies);
1da177e4
LT		 1352 return -EINVAL;
1353 }
1354
1355 if (!x->km.dying &&
1356 (x->curlft.bytes >= x->lft.soft_byte_limit ||
4666faab
HX		 1357 x->curlft.packets >= x->lft.soft_packet_limit)) {
1358 x->km.dying = 1;
53bc6b4d 1359 km_state_expired(x, 0, 0);
4666faab 1360 }
1da177e4
LT		 1361 return 0;
1362}
1363EXPORT_SYMBOL(xfrm_state_check_expire);
1364
1da177e4 1365struct xfrm_state *
221df1ed 1366xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto,
1da177e4
LT		 1367 unsigned short family)
1368{
1369 struct xfrm_state *x;
1da177e4
LT		 1370
1371 spin_lock_bh(&xfrm_state_lock);
221df1ed 1372 x = __xfrm_state_lookup(net, daddr, spi, proto, family);
1da177e4 1373 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1374 return x;
1375}
1376EXPORT_SYMBOL(xfrm_state_lookup);
1377
1378struct xfrm_state *
221df1ed
AD		 1379xfrm_state_lookup_byaddr(struct net *net,
1380 xfrm_address_t *daddr, xfrm_address_t *saddr,
eb2971b6
MN		 1381 u8 proto, unsigned short family)
1382{
1383 struct xfrm_state *x;
eb2971b6
MN		 1384
1385 spin_lock_bh(&xfrm_state_lock);
221df1ed 1386 x = __xfrm_state_lookup_byaddr(net, daddr, saddr, proto, family);
eb2971b6 1387 spin_unlock_bh(&xfrm_state_lock);
eb2971b6
MN		 1388 return x;
1389}
1390EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1391
1392struct xfrm_state *
a716c119
YH		 1393xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1394 xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 1395 int create, unsigned short family)
1396{
1397 struct xfrm_state *x;
1da177e4
LT		 1398
1399 spin_lock_bh(&xfrm_state_lock);
2770834c 1400 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1da177e4 1401 spin_unlock_bh(&xfrm_state_lock);
2770834c 1402
1da177e4
LT		 1403 return x;
1404}
1405EXPORT_SYMBOL(xfrm_find_acq);
1406
41a49cc3
MN		 1407#ifdef CONFIG_XFRM_SUB_POLICY
1408int
1409xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1410 unsigned short family)
1411{
1412 int err = 0;
1413 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1414 if (!afinfo)
1415 return -EAFNOSUPPORT;
1416
1417 spin_lock_bh(&xfrm_state_lock);
1418 if (afinfo->tmpl_sort)
1419 err = afinfo->tmpl_sort(dst, src, n);
1420 spin_unlock_bh(&xfrm_state_lock);
1421 xfrm_state_put_afinfo(afinfo);
1422 return err;
1423}
1424EXPORT_SYMBOL(xfrm_tmpl_sort);
1425
1426int
1427xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1428 unsigned short family)
1429{
1430 int err = 0;
1431 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1432 if (!afinfo)
1433 return -EAFNOSUPPORT;
1434
1435 spin_lock_bh(&xfrm_state_lock);
1436 if (afinfo->state_sort)
1437 err = afinfo->state_sort(dst, src, n);
1438 spin_unlock_bh(&xfrm_state_lock);
1439 xfrm_state_put_afinfo(afinfo);
1440 return err;
1441}
1442EXPORT_SYMBOL(xfrm_state_sort);
1443#endif
1444
1da177e4
LT		 1445/* Silly enough, but I'm lazy to build resolution list */
1446
1447static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1448{
1449 int i;
1da177e4 1450
529983ec 1451 for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
8f126e37
DM		 1452 struct hlist_node *entry;
1453 struct xfrm_state *x;
1454
73d189dc 1455 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
8f126e37
DM		 1456 if (x->km.seq == seq &&
1457 x->km.state == XFRM_STATE_ACQ) {
1da177e4
LT		 1458 xfrm_state_hold(x);
1459 return x;
1460 }
1461 }
1462 }
1463 return NULL;
1464}
1465
1466struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1467{
1468 struct xfrm_state *x;
1469
1470 spin_lock_bh(&xfrm_state_lock);
1471 x = __xfrm_find_acq_byseq(seq);
1472 spin_unlock_bh(&xfrm_state_lock);
1473 return x;
1474}
1475EXPORT_SYMBOL(xfrm_find_acq_byseq);
1476
1477u32 xfrm_get_acqseq(void)
1478{
1479 u32 res;
1480 static u32 acqseq;
1481 static DEFINE_SPINLOCK(acqseq_lock);
1482
1483 spin_lock_bh(&acqseq_lock);
1484 res = (++acqseq ? : ++acqseq);
1485 spin_unlock_bh(&acqseq_lock);
1486 return res;
1487}
1488EXPORT_SYMBOL(xfrm_get_acqseq);
1489
658b219e 1490int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1da177e4 1491{
221df1ed 1492 struct net *net = xs_net(x);
f034b5d4 1493 unsigned int h;
1da177e4 1494 struct xfrm_state *x0;
658b219e
HX		 1495 int err = -ENOENT;
1496 __be32 minspi = htonl(low);
1497 __be32 maxspi = htonl(high);
1da177e4 1498
658b219e
HX		 1499 spin_lock_bh(&x->lock);
1500 if (x->km.state == XFRM_STATE_DEAD)
1501 goto unlock;
1502
1503 err = 0;
1da177e4 1504 if (x->id.spi)
658b219e
HX		 1505 goto unlock;
1506
1507 err = -ENOENT;
1da177e4
LT		 1508
1509 if (minspi == maxspi) {
221df1ed 1510 x0 = xfrm_state_lookup(net, &x->id.daddr, minspi, x->id.proto, x->props.family);
1da177e4
LT		 1511 if (x0) {
1512 xfrm_state_put(x0);
658b219e 1513 goto unlock;
1da177e4
LT		 1514 }
1515 x->id.spi = minspi;
1516 } else {
1517 u32 spi = 0;
26977b4e
AV		 1518 for (h=0; h<high-low+1; h++) {
1519 spi = low + net_random()%(high-low+1);
221df1ed 1520 x0 = xfrm_state_lookup(net, &x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1da177e4
LT		 1521 if (x0 == NULL) {
1522 x->id.spi = htonl(spi);
1523 break;
1524 }
1525 xfrm_state_put(x0);
1526 }
1527 }
1528 if (x->id.spi) {
1529 spin_lock_bh(&xfrm_state_lock);
64d0cd00 1530 h = xfrm_spi_hash(&init_net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family);
b754a4fd 1531 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1da177e4 1532 spin_unlock_bh(&xfrm_state_lock);
658b219e
HX		 1533
1534 err = 0;
1da177e4 1535 }
658b219e
HX		 1536
1537unlock:
1538 spin_unlock_bh(&x->lock);
1539
1540 return err;
1da177e4
LT		 1541}
1542EXPORT_SYMBOL(xfrm_alloc_spi);
1543
4c563f76
TT		 1544int xfrm_state_walk(struct xfrm_state_walk *walk,
1545 int (*func)(struct xfrm_state *, int, void*),
1da177e4
LT		 1546 void *data)
1547{
12a169e7
HX		 1548 struct xfrm_state *state;
1549 struct xfrm_state_walk *x;
1da177e4
LT		 1550 int err = 0;
1551
12a169e7 1552 if (walk->seq != 0 && list_empty(&walk->all))
4c563f76
TT		 1553 return 0;
1554
1da177e4 1555 spin_lock_bh(&xfrm_state_lock);
12a169e7 1556 if (list_empty(&walk->all))
9d4139c7 1557 x = list_first_entry(&init_net.xfrm.state_all, struct xfrm_state_walk, all);
12a169e7
HX		 1558 else
1559 x = list_entry(&walk->all, struct xfrm_state_walk, all);
9d4139c7 1560 list_for_each_entry_from(x, &init_net.xfrm.state_all, all) {
12a169e7 1561 if (x->state == XFRM_STATE_DEAD)
4c563f76 1562 continue;
12a169e7
HX		 1563 state = container_of(x, struct xfrm_state, km);
1564 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
4c563f76 1565 continue;
12a169e7
HX		 1566 err = func(state, walk->seq, data);
1567 if (err) {
1568 list_move_tail(&walk->all, &x->all);
1569 goto out;
1da177e4 1570 }
12a169e7 1571 walk->seq++;
1da177e4 1572 }
12a169e7 1573 if (walk->seq == 0) {
1da177e4
LT		 1574 err = -ENOENT;
1575 goto out;
1576 }
12a169e7 1577 list_del_init(&walk->all);
1da177e4
LT		 1578out:
1579 spin_unlock_bh(&xfrm_state_lock);
1580 return err;
1581}
1582EXPORT_SYMBOL(xfrm_state_walk);
1583
5c182458
HX		 1584void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1585{
12a169e7 1586 INIT_LIST_HEAD(&walk->all);
5c182458 1587 walk->proto = proto;
12a169e7
HX		 1588 walk->state = XFRM_STATE_DEAD;
1589 walk->seq = 0;
5c182458
HX		 1590}
1591EXPORT_SYMBOL(xfrm_state_walk_init);
1592
abb81c4f
HX		 1593void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1594{
12a169e7 1595 if (list_empty(&walk->all))
5c182458 1596 return;
5c182458 1597
12a169e7
HX		 1598 spin_lock_bh(&xfrm_state_lock);
1599 list_del(&walk->all);
1600 spin_lock_bh(&xfrm_state_lock);
abb81c4f
HX		 1601}
1602EXPORT_SYMBOL(xfrm_state_walk_done);
1603
f8cd5488
JHS		 1604
1605void xfrm_replay_notify(struct xfrm_state *x, int event)
1606{
1607 struct km_event c;
1608 /* we send notify messages in case
1609 * 1. we updated on of the sequence numbers, and the seqno difference
1610 * is at least x->replay_maxdiff, in this case we also update the
1611 * timeout of our timer function
1612 * 2. if x->replay_maxage has elapsed since last update,
1613 * and there were changes
1614 *
1615 * The state structure must be locked!
1616 */
1617
1618 switch (event) {
1619 case XFRM_REPLAY_UPDATE:
1620 if (x->replay_maxdiff &&
1621 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
2717096a
JHS		 1622 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1623 if (x->xflags & XFRM_TIME_DEFER)
1624 event = XFRM_REPLAY_TIMEOUT;
1625 else
1626 return;
1627 }
f8cd5488
JHS		 1628
1629 break;
1630
1631 case XFRM_REPLAY_TIMEOUT:
1632 if ((x->replay.seq == x->preplay.seq) &&
1633 (x->replay.bitmap == x->preplay.bitmap) &&
2717096a
JHS		 1634 (x->replay.oseq == x->preplay.oseq)) {
1635 x->xflags |= XFRM_TIME_DEFER;
f8cd5488 1636 return;
2717096a 1637 }
f8cd5488
JHS		 1638
1639 break;
1640 }
1641
1642 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1643 c.event = XFRM_MSG_NEWAE;
1644 c.data.aevent = event;
1645 km_state_notify(x, &c);
1646
f8cd5488 1647 if (x->replay_maxage &&
a47f0ce0 1648 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
2717096a 1649 x->xflags &= ~XFRM_TIME_DEFER;
f8cd5488
JHS		 1650}
1651
1652static void xfrm_replay_timer_handler(unsigned long data)
1653{
1654 struct xfrm_state *x = (struct xfrm_state*)data;
1655
1656 spin_lock(&x->lock);
1657
2717096a
JHS		 1658 if (x->km.state == XFRM_STATE_VALID) {
1659 if (xfrm_aevent_is_on())
1660 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1661 else
1662 x->xflags |= XFRM_TIME_DEFER;
1663 }
f8cd5488
JHS		 1664
1665 spin_unlock(&x->lock);
1666}
1667
afeb14b4
PM		 1668int xfrm_replay_check(struct xfrm_state *x,
1669 struct sk_buff *skb, __be32 net_seq)
1da177e4
LT		 1670{
1671 u32 diff;
a252cc23 1672 u32 seq = ntohl(net_seq);
1da177e4
LT		 1673
1674 if (unlikely(seq == 0))
afeb14b4 1675 goto err;
1da177e4
LT		 1676
1677 if (likely(seq > x->replay.seq))
1678 return 0;
1679
1680 diff = x->replay.seq - seq;
4c4d51a7
HX		 1681 if (diff >= min_t(unsigned int, x->props.replay_window,
1682 sizeof(x->replay.bitmap) * 8)) {
1da177e4 1683 x->stats.replay_window++;
afeb14b4 1684 goto err;
1da177e4
LT		 1685 }
1686
1687 if (x->replay.bitmap & (1U << diff)) {
1688 x->stats.replay++;
afeb14b4 1689 goto err;
1da177e4
LT		 1690 }
1691 return 0;
afeb14b4
PM		 1692
1693err:
1694 xfrm_audit_state_replay(x, skb, net_seq);
1695 return -EINVAL;
1da177e4 1696}
1da177e4 1697
61f4627b 1698void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1da177e4
LT		 1699{
1700 u32 diff;
61f4627b 1701 u32 seq = ntohl(net_seq);
1da177e4
LT		 1702
1703 if (seq > x->replay.seq) {
1704 diff = seq - x->replay.seq;
1705 if (diff < x->props.replay_window)
1706 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1707 else
1708 x->replay.bitmap = 1;
1709 x->replay.seq = seq;
1710 } else {
1711 diff = x->replay.seq - seq;
1712 x->replay.bitmap |= (1U << diff);
1713 }
f8cd5488
JHS		 1714
1715 if (xfrm_aevent_is_on())
1716 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1da177e4 1717}
1da177e4 1718
df01812e 1719static LIST_HEAD(xfrm_km_list);
1da177e4
LT		 1720static DEFINE_RWLOCK(xfrm_km_lock);
1721
26b15dad 1722void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1da177e4
LT		 1723{
1724 struct xfrm_mgr *km;
1725
26b15dad
JHS		 1726 read_lock(&xfrm_km_lock);
1727 list_for_each_entry(km, &xfrm_km_list, list)
1728 if (km->notify_policy)
1729 km->notify_policy(xp, dir, c);
1730 read_unlock(&xfrm_km_lock);
1731}
1da177e4 1732
26b15dad
JHS		 1733void km_state_notify(struct xfrm_state *x, struct km_event *c)
1734{
1735 struct xfrm_mgr *km;
1da177e4
LT		 1736 read_lock(&xfrm_km_lock);
1737 list_for_each_entry(km, &xfrm_km_list, list)
26b15dad
JHS		 1738 if (km->notify)
1739 km->notify(x, c);
1da177e4 1740 read_unlock(&xfrm_km_lock);
26b15dad
JHS		 1741}
1742
1743EXPORT_SYMBOL(km_policy_notify);
1744EXPORT_SYMBOL(km_state_notify);
1745
53bc6b4d 1746void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
26b15dad 1747{
98806f75 1748 struct net *net = xs_net(x);
26b15dad
JHS		 1749 struct km_event c;
1750
bf08867f 1751 c.data.hard = hard;
53bc6b4d 1752 c.pid = pid;
f60f6b8f 1753 c.event = XFRM_MSG_EXPIRE;
26b15dad 1754 km_state_notify(x, &c);
1da177e4
LT		 1755
1756 if (hard)
98806f75 1757 wake_up(&net->xfrm.km_waitq);
1da177e4
LT		 1758}
1759
53bc6b4d 1760EXPORT_SYMBOL(km_state_expired);
26b15dad
JHS		 1761/*
1762 * We send to all registered managers regardless of failure
1763 * We are happy with one success
1764*/
980ebd25 1765int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1da177e4 1766{
26b15dad 1767 int err = -EINVAL, acqret;
1da177e4
LT		 1768 struct xfrm_mgr *km;
1769
1770 read_lock(&xfrm_km_lock);
1771 list_for_each_entry(km, &xfrm_km_list, list) {
26b15dad
JHS		 1772 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1773 if (!acqret)
1774 err = acqret;
1da177e4
LT		 1775 }
1776 read_unlock(&xfrm_km_lock);
1777 return err;
1778}
980ebd25 1779EXPORT_SYMBOL(km_query);
1da177e4 1780
5d36b180 1781int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1da177e4
LT		 1782{
1783 int err = -EINVAL;
1784 struct xfrm_mgr *km;
1785
1786 read_lock(&xfrm_km_lock);
1787 list_for_each_entry(km, &xfrm_km_list, list) {
1788 if (km->new_mapping)
1789 err = km->new_mapping(x, ipaddr, sport);
1790 if (!err)
1791 break;
1792 }
1793 read_unlock(&xfrm_km_lock);
1794 return err;
1795}
1796EXPORT_SYMBOL(km_new_mapping);
1797
6c5c8ca7 1798void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1da177e4 1799{
98806f75 1800 struct net *net = xp_net(pol);
26b15dad 1801 struct km_event c;
1da177e4 1802
bf08867f 1803 c.data.hard = hard;
6c5c8ca7 1804 c.pid = pid;
f60f6b8f 1805 c.event = XFRM_MSG_POLEXPIRE;
26b15dad 1806 km_policy_notify(pol, dir, &c);
1da177e4
LT		 1807
1808 if (hard)
98806f75 1809 wake_up(&net->xfrm.km_waitq);
1da177e4 1810}
a70fcb0b 1811EXPORT_SYMBOL(km_policy_expired);
1da177e4 1812
2d60abc2 1813#ifdef CONFIG_XFRM_MIGRATE
80c9abaa 1814int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
13c1d189
AE		 1815 struct xfrm_migrate *m, int num_migrate,
1816 struct xfrm_kmaddress *k)
80c9abaa
SS		 1817{
1818 int err = -EINVAL;
1819 int ret;
1820 struct xfrm_mgr *km;
1821
1822 read_lock(&xfrm_km_lock);
1823 list_for_each_entry(km, &xfrm_km_list, list) {
1824 if (km->migrate) {
13c1d189 1825 ret = km->migrate(sel, dir, type, m, num_migrate, k);
80c9abaa
SS		 1826 if (!ret)
1827 err = ret;
1828 }
1829 }
1830 read_unlock(&xfrm_km_lock);
1831 return err;
1832}
1833EXPORT_SYMBOL(km_migrate);
2d60abc2 1834#endif
80c9abaa 1835
97a64b45
MN		 1836int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1837{
1838 int err = -EINVAL;
1839 int ret;
1840 struct xfrm_mgr *km;
1841
1842 read_lock(&xfrm_km_lock);
1843 list_for_each_entry(km, &xfrm_km_list, list) {
1844 if (km->report) {
1845 ret = km->report(proto, sel, addr);
1846 if (!ret)
1847 err = ret;
1848 }
1849 }
1850 read_unlock(&xfrm_km_lock);
1851 return err;
1852}
1853EXPORT_SYMBOL(km_report);
1854
1da177e4
LT		 1855int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1856{
1857 int err;
1858 u8 *data;
1859 struct xfrm_mgr *km;
1860 struct xfrm_policy *pol = NULL;
1861
1862 if (optlen <= 0 || optlen > PAGE_SIZE)
1863 return -EMSGSIZE;
1864
1865 data = kmalloc(optlen, GFP_KERNEL);
1866 if (!data)
1867 return -ENOMEM;
1868
1869 err = -EFAULT;
1870 if (copy_from_user(data, optval, optlen))
1871 goto out;
1872
1873 err = -EINVAL;
1874 read_lock(&xfrm_km_lock);
1875 list_for_each_entry(km, &xfrm_km_list, list) {
cb969f07 1876 pol = km->compile_policy(sk, optname, data,
1da177e4
LT		 1877 optlen, &err);
1878 if (err >= 0)
1879 break;
1880 }
1881 read_unlock(&xfrm_km_lock);
1882
1883 if (err >= 0) {
1884 xfrm_sk_policy_insert(sk, err, pol);
1885 xfrm_pol_put(pol);
1886 err = 0;
1887 }
1888
1889out:
1890 kfree(data);
1891 return err;
1892}
1893EXPORT_SYMBOL(xfrm_user_policy);
1894
1895int xfrm_register_km(struct xfrm_mgr *km)
1896{
1897 write_lock_bh(&xfrm_km_lock);
1898 list_add_tail(&km->list, &xfrm_km_list);
1899 write_unlock_bh(&xfrm_km_lock);
1900 return 0;
1901}
1902EXPORT_SYMBOL(xfrm_register_km);
1903
1904int xfrm_unregister_km(struct xfrm_mgr *km)
1905{
1906 write_lock_bh(&xfrm_km_lock);
1907 list_del(&km->list);
1908 write_unlock_bh(&xfrm_km_lock);
1909 return 0;
1910}
1911EXPORT_SYMBOL(xfrm_unregister_km);
1912
1913int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1914{
1915 int err = 0;
1916 if (unlikely(afinfo == NULL))
1917 return -EINVAL;
1918 if (unlikely(afinfo->family >= NPROTO))
1919 return -EAFNOSUPPORT;
f3111502 1920 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1921 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1922 err = -ENOBUFS;
edcd5821 1923 else
1da177e4 1924 xfrm_state_afinfo[afinfo->family] = afinfo;
f3111502 1925 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1926 return err;
1927}
1928EXPORT_SYMBOL(xfrm_state_register_afinfo);
1929
1930int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1931{
1932 int err = 0;
1933 if (unlikely(afinfo == NULL))
1934 return -EINVAL;
1935 if (unlikely(afinfo->family >= NPROTO))
1936 return -EAFNOSUPPORT;
f3111502 1937 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1938 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1939 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1940 err = -EINVAL;
edcd5821 1941 else
1da177e4 1942 xfrm_state_afinfo[afinfo->family] = NULL;
1da177e4 1943 }
f3111502 1944 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1945 return err;
1946}
1947EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1948
17c2a42a 1949static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1da177e4
LT		 1950{
1951 struct xfrm_state_afinfo *afinfo;
1952 if (unlikely(family >= NPROTO))
1953 return NULL;
1954 read_lock(&xfrm_state_afinfo_lock);
1955 afinfo = xfrm_state_afinfo[family];
546be240
HX		 1956 if (unlikely(!afinfo))
1957 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1958 return afinfo;
1959}
1960
17c2a42a 1961static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 1962 __releases(xfrm_state_afinfo_lock)
1da177e4 1963{
546be240 1964 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1965}
1966
1967/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1968void xfrm_state_delete_tunnel(struct xfrm_state *x)
1969{
1970 if (x->tunnel) {
1971 struct xfrm_state *t = x->tunnel;
1972
1973 if (atomic_read(&t->tunnel_users) == 2)
1974 xfrm_state_delete(t);
1975 atomic_dec(&t->tunnel_users);
1976 xfrm_state_put(t);
1977 x->tunnel = NULL;
1978 }
1979}
1980EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1981
1982int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1983{
c5c25238 1984 int res;
1da177e4 1985
c5c25238
PM		 1986 spin_lock_bh(&x->lock);
1987 if (x->km.state == XFRM_STATE_VALID &&
1988 x->type && x->type->get_mtu)
1989 res = x->type->get_mtu(x, mtu);
1990 else
28121617 1991 res = mtu - x->props.header_len;
c5c25238 1992 spin_unlock_bh(&x->lock);
1da177e4
LT		 1993 return res;
1994}
1995
72cb6962
HX		 1996int xfrm_init_state(struct xfrm_state *x)
1997{
d094cd83 1998 struct xfrm_state_afinfo *afinfo;
df9dcb45 1999 struct xfrm_mode *inner_mode;
d094cd83 2000 int family = x->props.family;
72cb6962
HX		 2001 int err;
2002
d094cd83
HX		 2003 err = -EAFNOSUPPORT;
2004 afinfo = xfrm_state_get_afinfo(family);
2005 if (!afinfo)
2006 goto error;
2007
2008 err = 0;
2009 if (afinfo->init_flags)
2010 err = afinfo->init_flags(x);
2011
2012 xfrm_state_put_afinfo(afinfo);
2013
2014 if (err)
2015 goto error;
2016
2017 err = -EPROTONOSUPPORT;
13996378 2018
df9dcb45
KM		 2019 if (x->sel.family != AF_UNSPEC) {
2020 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2021 if (inner_mode == NULL)
2022 goto error;
2023
2024 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2025 family != x->sel.family) {
2026 xfrm_put_mode(inner_mode);
2027 goto error;
2028 }
2029
2030 x->inner_mode = inner_mode;
2031 } else {
2032 struct xfrm_mode *inner_mode_iaf;
2033
2034 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2035 if (inner_mode == NULL)
2036 goto error;
2037
2038 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2039 xfrm_put_mode(inner_mode);
2040 goto error;
2041 }
2042
2043 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2044 if (inner_mode_iaf == NULL)
2045 goto error;
2046
2047 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2048 xfrm_put_mode(inner_mode_iaf);
2049 goto error;
2050 }
2051
2052 if (x->props.family == AF_INET) {
2053 x->inner_mode = inner_mode;
2054 x->inner_mode_iaf = inner_mode_iaf;
2055 } else {
2056 x->inner_mode = inner_mode_iaf;
2057 x->inner_mode_iaf = inner_mode;
2058 }
2059 }
13996378 2060
d094cd83 2061 x->type = xfrm_get_type(x->id.proto, family);
72cb6962
HX		 2062 if (x->type == NULL)
2063 goto error;
2064
2065 err = x->type->init_state(x);
2066 if (err)
2067 goto error;
2068
13996378
HX		 2069 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2070 if (x->outer_mode == NULL)
b59f45d0
HX		 2071 goto error;
2072
72cb6962
HX		 2073 x->km.state = XFRM_STATE_VALID;
2074
2075error:
2076 return err;
2077}
2078
2079EXPORT_SYMBOL(xfrm_init_state);
a716c119 2080
d62ddc21 2081int __net_init xfrm_state_init(struct net *net)
1da177e4 2082{
f034b5d4
DM		 2083 unsigned int sz;
2084
9d4139c7
AD		 2085 INIT_LIST_HEAD(&net->xfrm.state_all);
2086
f034b5d4
DM		 2087 sz = sizeof(struct hlist_head) * 8;
2088
73d189dc
AD		 2089 net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2090 if (!net->xfrm.state_bydst)
2091 goto out_bydst;
d320bbb3
AD		 2092 net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2093 if (!net->xfrm.state_bysrc)
2094 goto out_bysrc;
b754a4fd
AD		 2095 net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2096 if (!net->xfrm.state_byspi)
2097 goto out_byspi;
529983ec 2098 net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1da177e4 2099
0bf7c5b0 2100 net->xfrm.state_num = 0;
63082733 2101 INIT_WORK(&net->xfrm.state_hash_work, xfrm_hash_resize);
b8a0ae20 2102 INIT_HLIST_HEAD(&net->xfrm.state_gc_list);
c7837144 2103 INIT_WORK(&net->xfrm.state_gc_work, xfrm_state_gc_task);
50a30657 2104 init_waitqueue_head(&net->xfrm.km_waitq);
d62ddc21 2105 return 0;
73d189dc 2106
b754a4fd
AD		 2107out_byspi:
2108 xfrm_hash_free(net->xfrm.state_bysrc, sz);
d320bbb3
AD		 2109out_bysrc:
2110 xfrm_hash_free(net->xfrm.state_bydst, sz);
73d189dc
AD		 2111out_bydst:
2112 return -ENOMEM;
d62ddc21
AD		 2113}
2114
2115void xfrm_state_fini(struct net *net)
2116{
73d189dc
AD		 2117 unsigned int sz;
2118
9d4139c7 2119 WARN_ON(!list_empty(&net->xfrm.state_all));
73d189dc 2120
529983ec 2121 sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
b754a4fd
AD		 2122 WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2123 xfrm_hash_free(net->xfrm.state_byspi, sz);
d320bbb3
AD		 2124 WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2125 xfrm_hash_free(net->xfrm.state_bysrc, sz);
73d189dc
AD		 2126 WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2127 xfrm_hash_free(net->xfrm.state_bydst, sz);
1da177e4
LT		 2128}
2129
ab5f5e8b 2130#ifdef CONFIG_AUDITSYSCALL
cf35f43e
IJ		 2131static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2132 struct audit_buffer *audit_buf)
ab5f5e8b 2133{
68277acc
PM		 2134 struct xfrm_sec_ctx *ctx = x->security;
2135 u32 spi = ntohl(x->id.spi);
2136
2137 if (ctx)
ab5f5e8b 2138 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
68277acc 2139 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
ab5f5e8b
JL		 2140
2141 switch(x->props.family) {
2142 case AF_INET:
21454aaa
HH		 2143 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2144 &x->props.saddr.a4, &x->id.daddr.a4);
ab5f5e8b
JL		 2145 break;
2146 case AF_INET6:
5b095d98 2147 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
fdb46ee7 2148 x->props.saddr.a6, x->id.daddr.a6);
ab5f5e8b
JL		 2149 break;
2150 }
68277acc
PM		 2151
2152 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
ab5f5e8b
JL		 2153}
2154
cf35f43e
IJ		 2155static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2156 struct audit_buffer *audit_buf)
afeb14b4
PM		 2157{
2158 struct iphdr *iph4;
2159 struct ipv6hdr *iph6;
2160
2161 switch (family) {
2162 case AF_INET:
2163 iph4 = ip_hdr(skb);
21454aaa
HH		 2164 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2165 &iph4->saddr, &iph4->daddr);
afeb14b4
PM		 2166 break;
2167 case AF_INET6:
2168 iph6 = ipv6_hdr(skb);
2169 audit_log_format(audit_buf,
5b095d98 2170 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
fdb46ee7 2171 &iph6->saddr,&iph6->daddr,
afeb14b4
PM		 2172 iph6->flow_lbl[0] & 0x0f,
2173 iph6->flow_lbl[1],
2174 iph6->flow_lbl[2]);
2175 break;
2176 }
2177}
2178
68277acc 2179void xfrm_audit_state_add(struct xfrm_state *x, int result,
2532386f 2180 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2181{
2182 struct audit_buffer *audit_buf;
ab5f5e8b 2183
afeb14b4 2184 audit_buf = xfrm_audit_start("SAD-add");
ab5f5e8b
JL		 2185 if (audit_buf == NULL)
2186 return;
2532386f 2187 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2188 xfrm_audit_helper_sainfo(x, audit_buf);
2189 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2190 audit_log_end(audit_buf);
2191}
2192EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2193
68277acc 2194void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2532386f 2195 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2196{
2197 struct audit_buffer *audit_buf;
ab5f5e8b 2198
afeb14b4 2199 audit_buf = xfrm_audit_start("SAD-delete");
ab5f5e8b
JL		 2200 if (audit_buf == NULL)
2201 return;
2532386f 2202 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2203 xfrm_audit_helper_sainfo(x, audit_buf);
2204 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2205 audit_log_end(audit_buf);
2206}
2207EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
afeb14b4
PM		 2208
2209void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2210 struct sk_buff *skb)
2211{
2212 struct audit_buffer *audit_buf;
2213 u32 spi;
2214
2215 audit_buf = xfrm_audit_start("SA-replay-overflow");
2216 if (audit_buf == NULL)
2217 return;
2218 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2219 /* don't record the sequence number because it's inherent in this kind
2220 * of audit message */
2221 spi = ntohl(x->id.spi);
2222 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2223 audit_log_end(audit_buf);
2224}
2225EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2226
2227static void xfrm_audit_state_replay(struct xfrm_state *x,
2228 struct sk_buff *skb, __be32 net_seq)
2229{
2230 struct audit_buffer *audit_buf;
2231 u32 spi;
2232
2233 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2234 if (audit_buf == NULL)
2235 return;
2236 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2237 spi = ntohl(x->id.spi);
2238 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2239 spi, spi, ntohl(net_seq));
2240 audit_log_end(audit_buf);
2241}
2242
2243void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2244{
2245 struct audit_buffer *audit_buf;
2246
2247 audit_buf = xfrm_audit_start("SA-notfound");
2248 if (audit_buf == NULL)
2249 return;
2250 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2251 audit_log_end(audit_buf);
2252}
2253EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2254
2255void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2256 __be32 net_spi, __be32 net_seq)
2257{
2258 struct audit_buffer *audit_buf;
2259 u32 spi;
2260
2261 audit_buf = xfrm_audit_start("SA-notfound");
2262 if (audit_buf == NULL)
2263 return;
2264 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2265 spi = ntohl(net_spi);
2266 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2267 spi, spi, ntohl(net_seq));
2268 audit_log_end(audit_buf);
2269}
2270EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2271
2272void xfrm_audit_state_icvfail(struct xfrm_state *x,
2273 struct sk_buff *skb, u8 proto)
2274{
2275 struct audit_buffer *audit_buf;
2276 __be32 net_spi;
2277 __be32 net_seq;
2278
2279 audit_buf = xfrm_audit_start("SA-icv-failure");
2280 if (audit_buf == NULL)
2281 return;
2282 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2283 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2284 u32 spi = ntohl(net_spi);
2285 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2286 spi, spi, ntohl(net_seq));
2287 }
2288 audit_log_end(audit_buf);
2289}
2290EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
ab5f5e8b 2291#endif /* CONFIG_AUDITSYSCALL */
Ubuntu Artful kernel mirror