]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/xfrm/xfrm_state.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[AF_RXRPC]: Sort out MTU handling.
[mirror_ubuntu-artful-kernel.git] / net / xfrm / xfrm_state.c
CommitLineData
1da177e4
LT		 1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
df71837d 13 *
1da177e4
LT		 14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
f034b5d4 21#include <linux/cache.h>
1da177e4 22#include <asm/uaccess.h>
161a09e7 23#include <linux/audit.h>
1da177e4 24
44e36b42
DM		 25#include "xfrm_hash.h"
26
ee857a7d
DM		 27struct sock *xfrm_nl;
28EXPORT_SYMBOL(xfrm_nl);
29
f8cd5488 30u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME;
a70fcb0b
DM		 31EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
f8cd5488 33u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE;
a70fcb0b
DM		 34EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
1da177e4
LT		 36/* Each xfrm_state may be linked to two tables:
37
38 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
a624c108 39 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
1da177e4
LT		 40 destination/tunnel endpoint. (output)
41 */
42
43static DEFINE_SPINLOCK(xfrm_state_lock);
44
45/* Hash table to find appropriate SA towards given target (endpoint
46 * of tunnel or destination of transport mode) allowed by selector.
47 *
48 * Main use is finding SA after policy selected tunnel or transport mode.
49 * Also, it can be used by ah/esp icmp error handler to find offending SA.
50 */
f034b5d4
DM		 51static struct hlist_head *xfrm_state_bydst __read_mostly;
52static struct hlist_head *xfrm_state_bysrc __read_mostly;
53static struct hlist_head *xfrm_state_byspi __read_mostly;
54static unsigned int xfrm_state_hmask __read_mostly;
55static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
56static unsigned int xfrm_state_num;
9d4a706d 57static unsigned int xfrm_state_genid;
f034b5d4 58
c1969f29
DM		 59static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
60 xfrm_address_t *saddr,
61 u32 reqid,
a624c108 62 unsigned short family)
f034b5d4 63{
c1969f29 64 return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
f034b5d4
DM		 65}
66
667bbcb6
MN		 67static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
68 xfrm_address_t *saddr,
44e36b42 69 unsigned short family)
f034b5d4 70{
667bbcb6 71 return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
f034b5d4
DM		 72}
73
f034b5d4 74static inline unsigned int
8122adf0 75xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
f034b5d4 76{
c1969f29 77 return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
f034b5d4
DM		 78}
79
f034b5d4
DM		 80static void xfrm_hash_transfer(struct hlist_head *list,
81 struct hlist_head *ndsttable,
82 struct hlist_head *nsrctable,
83 struct hlist_head *nspitable,
84 unsigned int nhashmask)
85{
86 struct hlist_node *entry, *tmp;
87 struct xfrm_state *x;
88
89 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
90 unsigned int h;
91
c1969f29
DM		 92 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
93 x->props.reqid, x->props.family,
94 nhashmask);
f034b5d4
DM		 95 hlist_add_head(&x->bydst, ndsttable+h);
96
667bbcb6
MN		 97 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
98 x->props.family,
f034b5d4
DM		 99 nhashmask);
100 hlist_add_head(&x->bysrc, nsrctable+h);
101
7b4dc360
MN		 102 if (x->id.spi) {
103 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
104 x->id.proto, x->props.family,
105 nhashmask);
106 hlist_add_head(&x->byspi, nspitable+h);
107 }
f034b5d4
DM		 108 }
109}
110
111static unsigned long xfrm_hash_new_size(void)
112{
113 return ((xfrm_state_hmask + 1) << 1) *
114 sizeof(struct hlist_head);
115}
116
117static DEFINE_MUTEX(hash_resize_mutex);
118
c4028958 119static void xfrm_hash_resize(struct work_struct *__unused)
f034b5d4
DM		 120{
121 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
122 unsigned long nsize, osize;
123 unsigned int nhashmask, ohashmask;
124 int i;
125
126 mutex_lock(&hash_resize_mutex);
127
128 nsize = xfrm_hash_new_size();
44e36b42 129 ndst = xfrm_hash_alloc(nsize);
f034b5d4
DM		 130 if (!ndst)
131 goto out_unlock;
44e36b42 132 nsrc = xfrm_hash_alloc(nsize);
f034b5d4 133 if (!nsrc) {
44e36b42 134 xfrm_hash_free(ndst, nsize);
f034b5d4
DM		 135 goto out_unlock;
136 }
44e36b42 137 nspi = xfrm_hash_alloc(nsize);
f034b5d4 138 if (!nspi) {
44e36b42
DM		 139 xfrm_hash_free(ndst, nsize);
140 xfrm_hash_free(nsrc, nsize);
f034b5d4
DM		 141 goto out_unlock;
142 }
143
144 spin_lock_bh(&xfrm_state_lock);
145
146 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
147 for (i = xfrm_state_hmask; i >= 0; i--)
148 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
149 nhashmask);
150
151 odst = xfrm_state_bydst;
152 osrc = xfrm_state_bysrc;
153 ospi = xfrm_state_byspi;
154 ohashmask = xfrm_state_hmask;
155
156 xfrm_state_bydst = ndst;
157 xfrm_state_bysrc = nsrc;
158 xfrm_state_byspi = nspi;
159 xfrm_state_hmask = nhashmask;
160
161 spin_unlock_bh(&xfrm_state_lock);
162
163 osize = (ohashmask + 1) * sizeof(struct hlist_head);
44e36b42
DM		 164 xfrm_hash_free(odst, osize);
165 xfrm_hash_free(osrc, osize);
166 xfrm_hash_free(ospi, osize);
f034b5d4
DM		 167
168out_unlock:
169 mutex_unlock(&hash_resize_mutex);
170}
171
c4028958 172static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
f034b5d4 173
1da177e4
LT		 174DECLARE_WAIT_QUEUE_HEAD(km_waitq);
175EXPORT_SYMBOL(km_waitq);
176
177static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
178static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
179
180static struct work_struct xfrm_state_gc_work;
8f126e37 181static HLIST_HEAD(xfrm_state_gc_list);
1da177e4
LT		 182static DEFINE_SPINLOCK(xfrm_state_gc_lock);
183
53bc6b4d 184int __xfrm_state_delete(struct xfrm_state *x);
1da177e4 185
980ebd25 186int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
53bc6b4d 187void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
1da177e4
LT		 188
189static void xfrm_state_gc_destroy(struct xfrm_state *x)
190{
a47f0ce0
DM		 191 del_timer_sync(&x->timer);
192 del_timer_sync(&x->rtimer);
a51482bd
JJ		 193 kfree(x->aalg);
194 kfree(x->ealg);
195 kfree(x->calg);
196 kfree(x->encap);
060f02a3 197 kfree(x->coaddr);
b59f45d0
HX		 198 if (x->mode)
199 xfrm_put_mode(x->mode);
1da177e4
LT		 200 if (x->type) {
201 x->type->destructor(x);
202 xfrm_put_type(x->type);
203 }
df71837d 204 security_xfrm_state_free(x);
1da177e4
LT		 205 kfree(x);
206}
207
c4028958 208static void xfrm_state_gc_task(struct work_struct *data)
1da177e4
LT		 209{
210 struct xfrm_state *x;
8f126e37
DM		 211 struct hlist_node *entry, *tmp;
212 struct hlist_head gc_list;
1da177e4 213
1da177e4 214 spin_lock_bh(&xfrm_state_gc_lock);
8f126e37
DM		 215 gc_list.first = xfrm_state_gc_list.first;
216 INIT_HLIST_HEAD(&xfrm_state_gc_list);
1da177e4
LT		 217 spin_unlock_bh(&xfrm_state_gc_lock);
218
8f126e37 219 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, bydst)
1da177e4 220 xfrm_state_gc_destroy(x);
8f126e37 221
1da177e4
LT		 222 wake_up(&km_waitq);
223}
224
225static inline unsigned long make_jiffies(long secs)
226{
227 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
228 return MAX_SCHEDULE_TIMEOUT-1;
229 else
a716c119 230 return secs*HZ;
1da177e4
LT		 231}
232
233static void xfrm_timer_handler(unsigned long data)
234{
235 struct xfrm_state *x = (struct xfrm_state*)data;
9d729f72 236 unsigned long now = get_seconds();
1da177e4
LT		 237 long next = LONG_MAX;
238 int warn = 0;
161a09e7 239 int err = 0;
1da177e4
LT		 240
241 spin_lock(&x->lock);
242 if (x->km.state == XFRM_STATE_DEAD)
243 goto out;
244 if (x->km.state == XFRM_STATE_EXPIRED)
245 goto expired;
246 if (x->lft.hard_add_expires_seconds) {
247 long tmo = x->lft.hard_add_expires_seconds +
248 x->curlft.add_time - now;
249 if (tmo <= 0)
250 goto expired;
251 if (tmo < next)
252 next = tmo;
253 }
254 if (x->lft.hard_use_expires_seconds) {
255 long tmo = x->lft.hard_use_expires_seconds +
256 (x->curlft.use_time ? : now) - now;
257 if (tmo <= 0)
258 goto expired;
259 if (tmo < next)
260 next = tmo;
261 }
262 if (x->km.dying)
263 goto resched;
264 if (x->lft.soft_add_expires_seconds) {
265 long tmo = x->lft.soft_add_expires_seconds +
266 x->curlft.add_time - now;
267 if (tmo <= 0)
268 warn = 1;
269 else if (tmo < next)
270 next = tmo;
271 }
272 if (x->lft.soft_use_expires_seconds) {
273 long tmo = x->lft.soft_use_expires_seconds +
274 (x->curlft.use_time ? : now) - now;
275 if (tmo <= 0)
276 warn = 1;
277 else if (tmo < next)
278 next = tmo;
279 }
280
4666faab 281 x->km.dying = warn;
1da177e4 282 if (warn)
53bc6b4d 283 km_state_expired(x, 0, 0);
1da177e4 284resched:
a47f0ce0
DM		 285 if (next != LONG_MAX)
286 mod_timer(&x->timer, jiffies + make_jiffies(next));
287
1da177e4
LT		 288 goto out;
289
290expired:
291 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
292 x->km.state = XFRM_STATE_EXPIRED;
293 wake_up(&km_waitq);
294 next = 2;
295 goto resched;
296 }
161a09e7
JL		 297
298 err = __xfrm_state_delete(x);
299 if (!err && x->id.spi)
53bc6b4d 300 km_state_expired(x, 1, 0);
1da177e4 301
161a09e7
JL		 302 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
303 AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x);
304
1da177e4
LT		 305out:
306 spin_unlock(&x->lock);
1da177e4
LT		 307}
308
0ac84752
DM		 309static void xfrm_replay_timer_handler(unsigned long data);
310
1da177e4
LT		 311struct xfrm_state *xfrm_state_alloc(void)
312{
313 struct xfrm_state *x;
314
0da974f4 315 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
1da177e4
LT		 316
317 if (x) {
1da177e4
LT		 318 atomic_set(&x->refcnt, 1);
319 atomic_set(&x->tunnel_users, 0);
8f126e37
DM		 320 INIT_HLIST_NODE(&x->bydst);
321 INIT_HLIST_NODE(&x->bysrc);
322 INIT_HLIST_NODE(&x->byspi);
1da177e4
LT		 323 init_timer(&x->timer);
324 x->timer.function = xfrm_timer_handler;
325 x->timer.data = (unsigned long)x;
f8cd5488
JHS		 326 init_timer(&x->rtimer);
327 x->rtimer.function = xfrm_replay_timer_handler;
328 x->rtimer.data = (unsigned long)x;
9d729f72 329 x->curlft.add_time = get_seconds();
1da177e4
LT		 330 x->lft.soft_byte_limit = XFRM_INF;
331 x->lft.soft_packet_limit = XFRM_INF;
332 x->lft.hard_byte_limit = XFRM_INF;
333 x->lft.hard_packet_limit = XFRM_INF;
f8cd5488
JHS		 334 x->replay_maxage = 0;
335 x->replay_maxdiff = 0;
1da177e4
LT		 336 spin_lock_init(&x->lock);
337 }
338 return x;
339}
340EXPORT_SYMBOL(xfrm_state_alloc);
341
342void __xfrm_state_destroy(struct xfrm_state *x)
343{
344 BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
345
346 spin_lock_bh(&xfrm_state_gc_lock);
8f126e37 347 hlist_add_head(&x->bydst, &xfrm_state_gc_list);
1da177e4
LT		 348 spin_unlock_bh(&xfrm_state_gc_lock);
349 schedule_work(&xfrm_state_gc_work);
350}
351EXPORT_SYMBOL(__xfrm_state_destroy);
352
53bc6b4d 353int __xfrm_state_delete(struct xfrm_state *x)
1da177e4 354{
26b15dad
JHS		 355 int err = -ESRCH;
356
1da177e4
LT		 357 if (x->km.state != XFRM_STATE_DEAD) {
358 x->km.state = XFRM_STATE_DEAD;
359 spin_lock(&xfrm_state_lock);
8f126e37 360 hlist_del(&x->bydst);
8f126e37 361 hlist_del(&x->bysrc);
a47f0ce0 362 if (x->id.spi)
8f126e37 363 hlist_del(&x->byspi);
f034b5d4 364 xfrm_state_num--;
1da177e4 365 spin_unlock(&xfrm_state_lock);
1da177e4 366
1da177e4
LT		 367 /* All xfrm_state objects are created by xfrm_state_alloc.
368 * The xfrm_state_alloc call gives a reference, and that
369 * is what we are dropping here.
370 */
21380b81 371 __xfrm_state_put(x);
26b15dad 372 err = 0;
1da177e4 373 }
26b15dad
JHS		 374
375 return err;
1da177e4 376}
53bc6b4d 377EXPORT_SYMBOL(__xfrm_state_delete);
1da177e4 378
26b15dad 379int xfrm_state_delete(struct xfrm_state *x)
1da177e4 380{
26b15dad
JHS		 381 int err;
382
1da177e4 383 spin_lock_bh(&x->lock);
26b15dad 384 err = __xfrm_state_delete(x);
1da177e4 385 spin_unlock_bh(&x->lock);
26b15dad
JHS		 386
387 return err;
1da177e4
LT		 388}
389EXPORT_SYMBOL(xfrm_state_delete);
390
161a09e7 391void xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
1da177e4
LT		 392{
393 int i;
161a09e7 394 int err = 0;
1da177e4
LT		 395
396 spin_lock_bh(&xfrm_state_lock);
a9917c06 397 for (i = 0; i <= xfrm_state_hmask; i++) {
8f126e37
DM		 398 struct hlist_node *entry;
399 struct xfrm_state *x;
1da177e4 400restart:
8f126e37 401 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1da177e4 402 if (!xfrm_state_kern(x) &&
5794708f 403 xfrm_id_proto_match(x->id.proto, proto)) {
1da177e4
LT		 404 xfrm_state_hold(x);
405 spin_unlock_bh(&xfrm_state_lock);
406
161a09e7
JL		 407 err = xfrm_state_delete(x);
408 xfrm_audit_log(audit_info->loginuid,
409 audit_info->secid,
410 AUDIT_MAC_IPSEC_DELSA,
411 err ? 0 : 1, NULL, x);
1da177e4
LT		 412 xfrm_state_put(x);
413
414 spin_lock_bh(&xfrm_state_lock);
415 goto restart;
416 }
417 }
418 }
419 spin_unlock_bh(&xfrm_state_lock);
420 wake_up(&km_waitq);
421}
422EXPORT_SYMBOL(xfrm_state_flush);
423
28d8909b
JHS		 424void xfrm_sad_getinfo(struct xfrm_sadinfo *si)
425{
426 spin_lock_bh(&xfrm_state_lock);
427 si->sadcnt = xfrm_state_num;
428 si->sadhcnt = xfrm_state_hmask;
429 si->sadhmcnt = xfrm_state_hashmax;
430 spin_unlock_bh(&xfrm_state_lock);
431}
432EXPORT_SYMBOL(xfrm_sad_getinfo);
433
1da177e4
LT		 434static int
435xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
436 struct xfrm_tmpl *tmpl,
437 xfrm_address_t *daddr, xfrm_address_t *saddr,
438 unsigned short family)
439{
440 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
441 if (!afinfo)
442 return -1;
443 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
444 xfrm_state_put_afinfo(afinfo);
445 return 0;
446}
447
a94cfd19 448static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
edcd5821
DM		 449{
450 unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
451 struct xfrm_state *x;
8f126e37 452 struct hlist_node *entry;
edcd5821 453
8f126e37 454 hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
edcd5821
DM		 455 if (x->props.family != family ||
456 x->id.spi != spi ||
457 x->id.proto != proto)
458 continue;
459
460 switch (family) {
461 case AF_INET:
462 if (x->id.daddr.a4 != daddr->a4)
463 continue;
464 break;
465 case AF_INET6:
466 if (!ipv6_addr_equal((struct in6_addr *)daddr,
467 (struct in6_addr *)
468 x->id.daddr.a6))
469 continue;
470 break;
3ff50b79 471 }
edcd5821
DM		 472
473 xfrm_state_hold(x);
474 return x;
475 }
476
477 return NULL;
478}
479
480static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
481{
667bbcb6 482 unsigned int h = xfrm_src_hash(daddr, saddr, family);
edcd5821 483 struct xfrm_state *x;
8f126e37 484 struct hlist_node *entry;
edcd5821 485
8f126e37 486 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
edcd5821
DM		 487 if (x->props.family != family ||
488 x->id.proto != proto)
489 continue;
490
491 switch (family) {
492 case AF_INET:
493 if (x->id.daddr.a4 != daddr->a4 ||
494 x->props.saddr.a4 != saddr->a4)
495 continue;
496 break;
497 case AF_INET6:
498 if (!ipv6_addr_equal((struct in6_addr *)daddr,
499 (struct in6_addr *)
500 x->id.daddr.a6) ||
501 !ipv6_addr_equal((struct in6_addr *)saddr,
502 (struct in6_addr *)
503 x->props.saddr.a6))
504 continue;
505 break;
3ff50b79 506 }
edcd5821
DM		 507
508 xfrm_state_hold(x);
509 return x;
510 }
511
512 return NULL;
513}
514
515static inline struct xfrm_state *
516__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
517{
518 if (use_spi)
519 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
520 x->id.proto, family);
521 else
522 return __xfrm_state_lookup_byaddr(&x->id.daddr,
523 &x->props.saddr,
524 x->id.proto, family);
525}
526
2fab22f2
PM		 527static void xfrm_hash_grow_check(int have_hash_collision)
528{
529 if (have_hash_collision &&
530 (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
531 xfrm_state_num > xfrm_state_hmask)
532 schedule_work(&xfrm_hash_work);
533}
534
1da177e4 535struct xfrm_state *
a716c119 536xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 537 struct flowi *fl, struct xfrm_tmpl *tmpl,
538 struct xfrm_policy *pol, int *err,
539 unsigned short family)
540{
c1969f29 541 unsigned int h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
8f126e37 542 struct hlist_node *entry;
1da177e4
LT		 543 struct xfrm_state *x, *x0;
544 int acquire_in_progress = 0;
545 int error = 0;
546 struct xfrm_state *best = NULL;
a716c119 547
1da177e4 548 spin_lock_bh(&xfrm_state_lock);
8f126e37 549 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1da177e4
LT		 550 if (x->props.family == family &&
551 x->props.reqid == tmpl->reqid &&
fbd9a5b4 552 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1da177e4
LT		 553 xfrm_state_addr_check(x, daddr, saddr, family) &&
554 tmpl->mode == x->props.mode &&
555 tmpl->id.proto == x->id.proto &&
556 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
557 /* Resolution logic:
558 1. There is a valid state with matching selector.
559 Done.
560 2. Valid state with inappropriate selector. Skip.
561
562 Entering area of "sysdeps".
563
564 3. If state is not valid, selector is temporary,
565 it selects only session which triggered
566 previous resolution. Key manager will do
567 something to install a state with proper
568 selector.
569 */
570 if (x->km.state == XFRM_STATE_VALID) {
df71837d 571 if (!xfrm_selector_match(&x->sel, fl, family) ||
e0d1caa7 572 !security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 573 continue;
574 if (!best ||
575 best->km.dying > x->km.dying ||
576 (best->km.dying == x->km.dying &&
577 best->curlft.add_time < x->curlft.add_time))
578 best = x;
579 } else if (x->km.state == XFRM_STATE_ACQ) {
580 acquire_in_progress = 1;
581 } else if (x->km.state == XFRM_STATE_ERROR ||
582 x->km.state == XFRM_STATE_EXPIRED) {
a716c119 583 if (xfrm_selector_match(&x->sel, fl, family) &&
e0d1caa7 584 security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 585 error = -ESRCH;
586 }
587 }
588 }
589
590 x = best;
591 if (!x && !error && !acquire_in_progress) {
5c5d281a 592 if (tmpl->id.spi &&
edcd5821
DM		 593 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
594 tmpl->id.proto, family)) != NULL) {
1da177e4
LT		 595 xfrm_state_put(x0);
596 error = -EEXIST;
597 goto out;
598 }
599 x = xfrm_state_alloc();
600 if (x == NULL) {
601 error = -ENOMEM;
602 goto out;
603 }
604 /* Initialize temporary selector matching only
605 * to current session. */
606 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
607
e0d1caa7
VY		 608 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
609 if (error) {
610 x->km.state = XFRM_STATE_DEAD;
611 xfrm_state_put(x);
612 x = NULL;
613 goto out;
614 }
615
1da177e4
LT		 616 if (km_query(x, tmpl, pol) == 0) {
617 x->km.state = XFRM_STATE_ACQ;
8f126e37 618 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
667bbcb6 619 h = xfrm_src_hash(daddr, saddr, family);
8f126e37 620 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1da177e4
LT		 621 if (x->id.spi) {
622 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
8f126e37 623 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1da177e4
LT		 624 }
625 x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
1da177e4
LT		 626 x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
627 add_timer(&x->timer);
2fab22f2
PM		 628 xfrm_state_num++;
629 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 630 } else {
631 x->km.state = XFRM_STATE_DEAD;
632 xfrm_state_put(x);
633 x = NULL;
634 error = -ESRCH;
635 }
636 }
637out:
638 if (x)
639 xfrm_state_hold(x);
640 else
641 *err = acquire_in_progress ? -EAGAIN : error;
642 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 643 return x;
644}
645
646static void __xfrm_state_insert(struct xfrm_state *x)
647{
a624c108 648 unsigned int h;
1da177e4 649
9d4a706d
DM		 650 x->genid = ++xfrm_state_genid;
651
c1969f29
DM		 652 h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
653 x->props.reqid, x->props.family);
8f126e37 654 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
1da177e4 655
667bbcb6 656 h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
8f126e37 657 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1da177e4 658
7b4dc360 659 if (x->id.spi) {
6c44e6b7
MN		 660 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
661 x->props.family);
662
8f126e37 663 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
6c44e6b7
MN		 664 }
665
a47f0ce0
DM		 666 mod_timer(&x->timer, jiffies + HZ);
667 if (x->replay_maxage)
668 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
f8cd5488 669
1da177e4 670 wake_up(&km_waitq);
f034b5d4
DM		 671
672 xfrm_state_num++;
673
918049f0 674 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 675}
676
c7f5ea3a
DM		 677/* xfrm_state_lock is held */
678static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
679{
680 unsigned short family = xnew->props.family;
681 u32 reqid = xnew->props.reqid;
682 struct xfrm_state *x;
683 struct hlist_node *entry;
684 unsigned int h;
685
c1969f29 686 h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
c7f5ea3a
DM		 687 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
688 if (x->props.family == family &&
689 x->props.reqid == reqid &&
c1969f29
DM		 690 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
691 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
c7f5ea3a
DM		 692 x->genid = xfrm_state_genid;
693 }
694}
695
1da177e4
LT		 696void xfrm_state_insert(struct xfrm_state *x)
697{
698 spin_lock_bh(&xfrm_state_lock);
c7f5ea3a 699 __xfrm_state_bump_genids(x);
1da177e4
LT		 700 __xfrm_state_insert(x);
701 spin_unlock_bh(&xfrm_state_lock);
702}
703EXPORT_SYMBOL(xfrm_state_insert);
704
2770834c
DM		 705/* xfrm_state_lock is held */
706static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
707{
c1969f29 708 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
8f126e37 709 struct hlist_node *entry;
2770834c
DM		 710 struct xfrm_state *x;
711
8f126e37 712 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
2770834c
DM		 713 if (x->props.reqid != reqid ||
714 x->props.mode != mode ||
715 x->props.family != family ||
716 x->km.state != XFRM_STATE_ACQ ||
75e252d9
JL		 717 x->id.spi != 0 ||
718 x->id.proto != proto)
2770834c
DM		 719 continue;
720
721 switch (family) {
722 case AF_INET:
723 if (x->id.daddr.a4 != daddr->a4 ||
724 x->props.saddr.a4 != saddr->a4)
725 continue;
726 break;
727 case AF_INET6:
728 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
729 (struct in6_addr *)daddr) ||
730 !ipv6_addr_equal((struct in6_addr *)
731 x->props.saddr.a6,
732 (struct in6_addr *)saddr))
733 continue;
734 break;
3ff50b79 735 }
2770834c
DM		 736
737 xfrm_state_hold(x);
738 return x;
739 }
740
741 if (!create)
742 return NULL;
743
744 x = xfrm_state_alloc();
745 if (likely(x)) {
746 switch (family) {
747 case AF_INET:
748 x->sel.daddr.a4 = daddr->a4;
749 x->sel.saddr.a4 = saddr->a4;
750 x->sel.prefixlen_d = 32;
751 x->sel.prefixlen_s = 32;
752 x->props.saddr.a4 = saddr->a4;
753 x->id.daddr.a4 = daddr->a4;
754 break;
755
756 case AF_INET6:
757 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
758 (struct in6_addr *)daddr);
759 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
760 (struct in6_addr *)saddr);
761 x->sel.prefixlen_d = 128;
762 x->sel.prefixlen_s = 128;
763 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
764 (struct in6_addr *)saddr);
765 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
766 (struct in6_addr *)daddr);
767 break;
3ff50b79 768 }
2770834c
DM		 769
770 x->km.state = XFRM_STATE_ACQ;
771 x->id.proto = proto;
772 x->props.family = family;
773 x->props.mode = mode;
774 x->props.reqid = reqid;
775 x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
776 xfrm_state_hold(x);
777 x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
778 add_timer(&x->timer);
8f126e37 779 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
667bbcb6 780 h = xfrm_src_hash(daddr, saddr, family);
8f126e37 781 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
2770834c 782 wake_up(&km_waitq);
918049f0
DM		 783
784 xfrm_state_num++;
785
786 xfrm_hash_grow_check(x->bydst.next != NULL);
2770834c
DM		 787 }
788
789 return x;
790}
791
1da177e4
LT		 792static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
793
794int xfrm_state_add(struct xfrm_state *x)
795{
1da177e4
LT		 796 struct xfrm_state *x1;
797 int family;
798 int err;
eb2971b6 799 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4
LT		 800
801 family = x->props.family;
1da177e4
LT		 802
803 spin_lock_bh(&xfrm_state_lock);
804
edcd5821 805 x1 = __xfrm_state_locate(x, use_spi, family);
1da177e4
LT		 806 if (x1) {
807 xfrm_state_put(x1);
808 x1 = NULL;
809 err = -EEXIST;
810 goto out;
811 }
812
eb2971b6 813 if (use_spi && x->km.seq) {
1da177e4 814 x1 = __xfrm_find_acq_byseq(x->km.seq);
75e252d9
JL		 815 if (x1 && ((x1->id.proto != x->id.proto) ||
816 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1da177e4
LT		 817 xfrm_state_put(x1);
818 x1 = NULL;
819 }
820 }
821
eb2971b6 822 if (use_spi && !x1)
2770834c
DM		 823 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
824 x->id.proto,
825 &x->id.daddr, &x->props.saddr, 0);
1da177e4 826
c7f5ea3a 827 __xfrm_state_bump_genids(x);
1da177e4
LT		 828 __xfrm_state_insert(x);
829 err = 0;
830
831out:
832 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 833
834 if (x1) {
835 xfrm_state_delete(x1);
836 xfrm_state_put(x1);
837 }
838
839 return err;
840}
841EXPORT_SYMBOL(xfrm_state_add);
842
80c9abaa
SS		 843#ifdef CONFIG_XFRM_MIGRATE
844struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
845{
846 int err = -ENOMEM;
847 struct xfrm_state *x = xfrm_state_alloc();
848 if (!x)
849 goto error;
850
851 memcpy(&x->id, &orig->id, sizeof(x->id));
852 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
853 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
854 x->props.mode = orig->props.mode;
855 x->props.replay_window = orig->props.replay_window;
856 x->props.reqid = orig->props.reqid;
857 x->props.family = orig->props.family;
858 x->props.saddr = orig->props.saddr;
859
860 if (orig->aalg) {
861 x->aalg = xfrm_algo_clone(orig->aalg);
862 if (!x->aalg)
863 goto error;
864 }
865 x->props.aalgo = orig->props.aalgo;
866
867 if (orig->ealg) {
868 x->ealg = xfrm_algo_clone(orig->ealg);
869 if (!x->ealg)
870 goto error;
871 }
872 x->props.ealgo = orig->props.ealgo;
873
874 if (orig->calg) {
875 x->calg = xfrm_algo_clone(orig->calg);
876 if (!x->calg)
877 goto error;
878 }
879 x->props.calgo = orig->props.calgo;
880
a716c119 881 if (orig->encap) {
80c9abaa
SS		 882 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
883 if (!x->encap)
884 goto error;
885 }
886
887 if (orig->coaddr) {
888 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
889 GFP_KERNEL);
890 if (!x->coaddr)
891 goto error;
892 }
893
894 err = xfrm_init_state(x);
895 if (err)
896 goto error;
897
898 x->props.flags = orig->props.flags;
899
900 x->curlft.add_time = orig->curlft.add_time;
901 x->km.state = orig->km.state;
902 x->km.seq = orig->km.seq;
903
904 return x;
905
906 error:
907 if (errp)
908 *errp = err;
909 if (x) {
910 kfree(x->aalg);
911 kfree(x->ealg);
912 kfree(x->calg);
913 kfree(x->encap);
914 kfree(x->coaddr);
915 }
916 kfree(x);
917 return NULL;
918}
919EXPORT_SYMBOL(xfrm_state_clone);
920
921/* xfrm_state_lock is held */
922struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
923{
924 unsigned int h;
925 struct xfrm_state *x;
926 struct hlist_node *entry;
927
928 if (m->reqid) {
929 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
930 m->reqid, m->old_family);
931 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
932 if (x->props.mode != m->mode ||
933 x->id.proto != m->proto)
934 continue;
935 if (m->reqid && x->props.reqid != m->reqid)
936 continue;
937 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
938 m->old_family) ||
939 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
940 m->old_family))
941 continue;
942 xfrm_state_hold(x);
943 return x;
944 }
945 } else {
946 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
947 m->old_family);
948 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
949 if (x->props.mode != m->mode ||
950 x->id.proto != m->proto)
951 continue;
952 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
953 m->old_family) ||
954 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
955 m->old_family))
956 continue;
957 xfrm_state_hold(x);
958 return x;
959 }
960 }
961
a716c119 962 return NULL;
80c9abaa
SS		 963}
964EXPORT_SYMBOL(xfrm_migrate_state_find);
965
966struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
967 struct xfrm_migrate *m)
968{
969 struct xfrm_state *xc;
970 int err;
971
972 xc = xfrm_state_clone(x, &err);
973 if (!xc)
974 return NULL;
975
976 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
977 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
978
979 /* add state */
980 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
981 /* a care is needed when the destination address of the
982 state is to be updated as it is a part of triplet */
983 xfrm_state_insert(xc);
984 } else {
985 if ((err = xfrm_state_add(xc)) < 0)
986 goto error;
987 }
988
989 return xc;
990error:
991 kfree(xc);
992 return NULL;
993}
994EXPORT_SYMBOL(xfrm_state_migrate);
995#endif
996
1da177e4
LT		 997int xfrm_state_update(struct xfrm_state *x)
998{
1da177e4
LT		 999 struct xfrm_state *x1;
1000 int err;
eb2971b6 1001 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4 1002
1da177e4 1003 spin_lock_bh(&xfrm_state_lock);
edcd5821 1004 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1da177e4
LT		 1005
1006 err = -ESRCH;
1007 if (!x1)
1008 goto out;
1009
1010 if (xfrm_state_kern(x1)) {
1011 xfrm_state_put(x1);
1012 err = -EEXIST;
1013 goto out;
1014 }
1015
1016 if (x1->km.state == XFRM_STATE_ACQ) {
1017 __xfrm_state_insert(x);
1018 x = NULL;
1019 }
1020 err = 0;
1021
1022out:
1023 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1024
1025 if (err)
1026 return err;
1027
1028 if (!x) {
1029 xfrm_state_delete(x1);
1030 xfrm_state_put(x1);
1031 return 0;
1032 }
1033
1034 err = -EINVAL;
1035 spin_lock_bh(&x1->lock);
1036 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1037 if (x->encap && x1->encap)
1038 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
060f02a3
NT		 1039 if (x->coaddr && x1->coaddr) {
1040 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1041 }
1042 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1043 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1da177e4
LT		 1044 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1045 x1->km.dying = 0;
1046
a47f0ce0 1047 mod_timer(&x1->timer, jiffies + HZ);
1da177e4
LT		 1048 if (x1->curlft.use_time)
1049 xfrm_state_check_expire(x1);
1050
1051 err = 0;
1052 }
1053 spin_unlock_bh(&x1->lock);
1054
1055 xfrm_state_put(x1);
1056
1057 return err;
1058}
1059EXPORT_SYMBOL(xfrm_state_update);
1060
1061int xfrm_state_check_expire(struct xfrm_state *x)
1062{
1063 if (!x->curlft.use_time)
9d729f72 1064 x->curlft.use_time = get_seconds();
1da177e4
LT		 1065
1066 if (x->km.state != XFRM_STATE_VALID)
1067 return -EINVAL;
1068
1069 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1070 x->curlft.packets >= x->lft.hard_packet_limit) {
4666faab 1071 x->km.state = XFRM_STATE_EXPIRED;
a47f0ce0 1072 mod_timer(&x->timer, jiffies);
1da177e4
LT		 1073 return -EINVAL;
1074 }
1075
1076 if (!x->km.dying &&
1077 (x->curlft.bytes >= x->lft.soft_byte_limit ||
4666faab
HX		 1078 x->curlft.packets >= x->lft.soft_packet_limit)) {
1079 x->km.dying = 1;
53bc6b4d 1080 km_state_expired(x, 0, 0);
4666faab 1081 }
1da177e4
LT		 1082 return 0;
1083}
1084EXPORT_SYMBOL(xfrm_state_check_expire);
1085
1086static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
1087{
1088 int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev)
1089 - skb_headroom(skb);
1090
1091 if (nhead > 0)
1092 return pskb_expand_head(skb, nhead, 0, GFP_ATOMIC);
1093
1094 /* Check tail too... */
1095 return 0;
1096}
1097
1098int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
1099{
1100 int err = xfrm_state_check_expire(x);
1101 if (err < 0)
1102 goto err;
1103 err = xfrm_state_check_space(x, skb);
1104err:
1105 return err;
1106}
1107EXPORT_SYMBOL(xfrm_state_check);
1108
1109struct xfrm_state *
a94cfd19 1110xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1da177e4
LT		 1111 unsigned short family)
1112{
1113 struct xfrm_state *x;
1da177e4
LT		 1114
1115 spin_lock_bh(&xfrm_state_lock);
edcd5821 1116 x = __xfrm_state_lookup(daddr, spi, proto, family);
1da177e4 1117 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1118 return x;
1119}
1120EXPORT_SYMBOL(xfrm_state_lookup);
1121
1122struct xfrm_state *
eb2971b6
MN		 1123xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1124 u8 proto, unsigned short family)
1125{
1126 struct xfrm_state *x;
eb2971b6
MN		 1127
1128 spin_lock_bh(&xfrm_state_lock);
edcd5821 1129 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
eb2971b6 1130 spin_unlock_bh(&xfrm_state_lock);
eb2971b6
MN		 1131 return x;
1132}
1133EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1134
1135struct xfrm_state *
a716c119
YH		 1136xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1137 xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 1138 int create, unsigned short family)
1139{
1140 struct xfrm_state *x;
1da177e4
LT		 1141
1142 spin_lock_bh(&xfrm_state_lock);
2770834c 1143 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1da177e4 1144 spin_unlock_bh(&xfrm_state_lock);
2770834c 1145
1da177e4
LT		 1146 return x;
1147}
1148EXPORT_SYMBOL(xfrm_find_acq);
1149
41a49cc3
MN		 1150#ifdef CONFIG_XFRM_SUB_POLICY
1151int
1152xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1153 unsigned short family)
1154{
1155 int err = 0;
1156 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1157 if (!afinfo)
1158 return -EAFNOSUPPORT;
1159
1160 spin_lock_bh(&xfrm_state_lock);
1161 if (afinfo->tmpl_sort)
1162 err = afinfo->tmpl_sort(dst, src, n);
1163 spin_unlock_bh(&xfrm_state_lock);
1164 xfrm_state_put_afinfo(afinfo);
1165 return err;
1166}
1167EXPORT_SYMBOL(xfrm_tmpl_sort);
1168
1169int
1170xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1171 unsigned short family)
1172{
1173 int err = 0;
1174 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1175 if (!afinfo)
1176 return -EAFNOSUPPORT;
1177
1178 spin_lock_bh(&xfrm_state_lock);
1179 if (afinfo->state_sort)
1180 err = afinfo->state_sort(dst, src, n);
1181 spin_unlock_bh(&xfrm_state_lock);
1182 xfrm_state_put_afinfo(afinfo);
1183 return err;
1184}
1185EXPORT_SYMBOL(xfrm_state_sort);
1186#endif
1187
1da177e4
LT		 1188/* Silly enough, but I'm lazy to build resolution list */
1189
1190static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1191{
1192 int i;
1da177e4 1193
f034b5d4 1194 for (i = 0; i <= xfrm_state_hmask; i++) {
8f126e37
DM		 1195 struct hlist_node *entry;
1196 struct xfrm_state *x;
1197
1198 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1199 if (x->km.seq == seq &&
1200 x->km.state == XFRM_STATE_ACQ) {
1da177e4
LT		 1201 xfrm_state_hold(x);
1202 return x;
1203 }
1204 }
1205 }
1206 return NULL;
1207}
1208
1209struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1210{
1211 struct xfrm_state *x;
1212
1213 spin_lock_bh(&xfrm_state_lock);
1214 x = __xfrm_find_acq_byseq(seq);
1215 spin_unlock_bh(&xfrm_state_lock);
1216 return x;
1217}
1218EXPORT_SYMBOL(xfrm_find_acq_byseq);
1219
1220u32 xfrm_get_acqseq(void)
1221{
1222 u32 res;
1223 static u32 acqseq;
1224 static DEFINE_SPINLOCK(acqseq_lock);
1225
1226 spin_lock_bh(&acqseq_lock);
1227 res = (++acqseq ? : ++acqseq);
1228 spin_unlock_bh(&acqseq_lock);
1229 return res;
1230}
1231EXPORT_SYMBOL(xfrm_get_acqseq);
1232
1233void
26977b4e 1234xfrm_alloc_spi(struct xfrm_state *x, __be32 minspi, __be32 maxspi)
1da177e4 1235{
f034b5d4 1236 unsigned int h;
1da177e4
LT		 1237 struct xfrm_state *x0;
1238
1239 if (x->id.spi)
1240 return;
1241
1242 if (minspi == maxspi) {
1243 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1244 if (x0) {
1245 xfrm_state_put(x0);
1246 return;
1247 }
1248 x->id.spi = minspi;
1249 } else {
1250 u32 spi = 0;
26977b4e
AV		 1251 u32 low = ntohl(minspi);
1252 u32 high = ntohl(maxspi);
1253 for (h=0; h<high-low+1; h++) {
1254 spi = low + net_random()%(high-low+1);
1da177e4
LT		 1255 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1256 if (x0 == NULL) {
1257 x->id.spi = htonl(spi);
1258 break;
1259 }
1260 xfrm_state_put(x0);
1261 }
1262 }
1263 if (x->id.spi) {
1264 spin_lock_bh(&xfrm_state_lock);
1265 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
8f126e37 1266 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1da177e4
LT		 1267 spin_unlock_bh(&xfrm_state_lock);
1268 wake_up(&km_waitq);
1269 }
1270}
1271EXPORT_SYMBOL(xfrm_alloc_spi);
1272
1273int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
1274 void *data)
1275{
1276 int i;
94b9bb54 1277 struct xfrm_state *x, *last = NULL;
8f126e37 1278 struct hlist_node *entry;
1da177e4
LT		 1279 int count = 0;
1280 int err = 0;
1281
1282 spin_lock_bh(&xfrm_state_lock);
f034b5d4 1283 for (i = 0; i <= xfrm_state_hmask; i++) {
8f126e37 1284 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
94b9bb54
JHS		 1285 if (!xfrm_id_proto_match(x->id.proto, proto))
1286 continue;
1287 if (last) {
1288 err = func(last, count, data);
1289 if (err)
1290 goto out;
1291 }
1292 last = x;
1293 count++;
1da177e4
LT		 1294 }
1295 }
1296 if (count == 0) {
1297 err = -ENOENT;
1298 goto out;
1299 }
94b9bb54 1300 err = func(last, 0, data);
1da177e4
LT		 1301out:
1302 spin_unlock_bh(&xfrm_state_lock);
1303 return err;
1304}
1305EXPORT_SYMBOL(xfrm_state_walk);
1306
f8cd5488
JHS		 1307
1308void xfrm_replay_notify(struct xfrm_state *x, int event)
1309{
1310 struct km_event c;
1311 /* we send notify messages in case
1312 * 1. we updated on of the sequence numbers, and the seqno difference
1313 * is at least x->replay_maxdiff, in this case we also update the
1314 * timeout of our timer function
1315 * 2. if x->replay_maxage has elapsed since last update,
1316 * and there were changes
1317 *
1318 * The state structure must be locked!
1319 */
1320
1321 switch (event) {
1322 case XFRM_REPLAY_UPDATE:
1323 if (x->replay_maxdiff &&
1324 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
2717096a
JHS		 1325 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1326 if (x->xflags & XFRM_TIME_DEFER)
1327 event = XFRM_REPLAY_TIMEOUT;
1328 else
1329 return;
1330 }
f8cd5488
JHS		 1331
1332 break;
1333
1334 case XFRM_REPLAY_TIMEOUT:
1335 if ((x->replay.seq == x->preplay.seq) &&
1336 (x->replay.bitmap == x->preplay.bitmap) &&
2717096a
JHS		 1337 (x->replay.oseq == x->preplay.oseq)) {
1338 x->xflags |= XFRM_TIME_DEFER;
f8cd5488 1339 return;
2717096a 1340 }
f8cd5488
JHS		 1341
1342 break;
1343 }
1344
1345 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1346 c.event = XFRM_MSG_NEWAE;
1347 c.data.aevent = event;
1348 km_state_notify(x, &c);
1349
f8cd5488 1350 if (x->replay_maxage &&
a47f0ce0 1351 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
2717096a 1352 x->xflags &= ~XFRM_TIME_DEFER;
f8cd5488 1353}
a70fcb0b 1354EXPORT_SYMBOL(xfrm_replay_notify);
f8cd5488
JHS		 1355
1356static void xfrm_replay_timer_handler(unsigned long data)
1357{
1358 struct xfrm_state *x = (struct xfrm_state*)data;
1359
1360 spin_lock(&x->lock);
1361
2717096a
JHS		 1362 if (x->km.state == XFRM_STATE_VALID) {
1363 if (xfrm_aevent_is_on())
1364 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1365 else
1366 x->xflags |= XFRM_TIME_DEFER;
1367 }
f8cd5488
JHS		 1368
1369 spin_unlock(&x->lock);
1370}
1371
a252cc23 1372int xfrm_replay_check(struct xfrm_state *x, __be32 net_seq)
1da177e4
LT		 1373{
1374 u32 diff;
a252cc23 1375 u32 seq = ntohl(net_seq);
1da177e4
LT		 1376
1377 if (unlikely(seq == 0))
1378 return -EINVAL;
1379
1380 if (likely(seq > x->replay.seq))
1381 return 0;
1382
1383 diff = x->replay.seq - seq;
4c4d51a7
HX		 1384 if (diff >= min_t(unsigned int, x->props.replay_window,
1385 sizeof(x->replay.bitmap) * 8)) {
1da177e4
LT		 1386 x->stats.replay_window++;
1387 return -EINVAL;
1388 }
1389
1390 if (x->replay.bitmap & (1U << diff)) {
1391 x->stats.replay++;
1392 return -EINVAL;
1393 }
1394 return 0;
1395}
1396EXPORT_SYMBOL(xfrm_replay_check);
1397
61f4627b 1398void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1da177e4
LT		 1399{
1400 u32 diff;
61f4627b 1401 u32 seq = ntohl(net_seq);
1da177e4
LT		 1402
1403 if (seq > x->replay.seq) {
1404 diff = seq - x->replay.seq;
1405 if (diff < x->props.replay_window)
1406 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1407 else
1408 x->replay.bitmap = 1;
1409 x->replay.seq = seq;
1410 } else {
1411 diff = x->replay.seq - seq;
1412 x->replay.bitmap |= (1U << diff);
1413 }
f8cd5488
JHS		 1414
1415 if (xfrm_aevent_is_on())
1416 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1da177e4
LT		 1417}
1418EXPORT_SYMBOL(xfrm_replay_advance);
1419
1420static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
1421static DEFINE_RWLOCK(xfrm_km_lock);
1422
26b15dad 1423void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1da177e4
LT		 1424{
1425 struct xfrm_mgr *km;
1426
26b15dad
JHS		 1427 read_lock(&xfrm_km_lock);
1428 list_for_each_entry(km, &xfrm_km_list, list)
1429 if (km->notify_policy)
1430 km->notify_policy(xp, dir, c);
1431 read_unlock(&xfrm_km_lock);
1432}
1da177e4 1433
26b15dad
JHS		 1434void km_state_notify(struct xfrm_state *x, struct km_event *c)
1435{
1436 struct xfrm_mgr *km;
1da177e4
LT		 1437 read_lock(&xfrm_km_lock);
1438 list_for_each_entry(km, &xfrm_km_list, list)
26b15dad
JHS		 1439 if (km->notify)
1440 km->notify(x, c);
1da177e4 1441 read_unlock(&xfrm_km_lock);
26b15dad
JHS		 1442}
1443
1444EXPORT_SYMBOL(km_policy_notify);
1445EXPORT_SYMBOL(km_state_notify);
1446
53bc6b4d 1447void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
26b15dad
JHS		 1448{
1449 struct km_event c;
1450
bf08867f 1451 c.data.hard = hard;
53bc6b4d 1452 c.pid = pid;
f60f6b8f 1453 c.event = XFRM_MSG_EXPIRE;
26b15dad 1454 km_state_notify(x, &c);
1da177e4
LT		 1455
1456 if (hard)
1457 wake_up(&km_waitq);
1458}
1459
53bc6b4d 1460EXPORT_SYMBOL(km_state_expired);
26b15dad
JHS		 1461/*
1462 * We send to all registered managers regardless of failure
1463 * We are happy with one success
1464*/
980ebd25 1465int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1da177e4 1466{
26b15dad 1467 int err = -EINVAL, acqret;
1da177e4
LT		 1468 struct xfrm_mgr *km;
1469
1470 read_lock(&xfrm_km_lock);
1471 list_for_each_entry(km, &xfrm_km_list, list) {
26b15dad
JHS		 1472 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1473 if (!acqret)
1474 err = acqret;
1da177e4
LT		 1475 }
1476 read_unlock(&xfrm_km_lock);
1477 return err;
1478}
980ebd25 1479EXPORT_SYMBOL(km_query);
1da177e4 1480
5d36b180 1481int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1da177e4
LT		 1482{
1483 int err = -EINVAL;
1484 struct xfrm_mgr *km;
1485
1486 read_lock(&xfrm_km_lock);
1487 list_for_each_entry(km, &xfrm_km_list, list) {
1488 if (km->new_mapping)
1489 err = km->new_mapping(x, ipaddr, sport);
1490 if (!err)
1491 break;
1492 }
1493 read_unlock(&xfrm_km_lock);
1494 return err;
1495}
1496EXPORT_SYMBOL(km_new_mapping);
1497
6c5c8ca7 1498void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1da177e4 1499{
26b15dad 1500 struct km_event c;
1da177e4 1501
bf08867f 1502 c.data.hard = hard;
6c5c8ca7 1503 c.pid = pid;
f60f6b8f 1504 c.event = XFRM_MSG_POLEXPIRE;
26b15dad 1505 km_policy_notify(pol, dir, &c);
1da177e4
LT		 1506
1507 if (hard)
1508 wake_up(&km_waitq);
1509}
a70fcb0b 1510EXPORT_SYMBOL(km_policy_expired);
1da177e4 1511
80c9abaa
SS		 1512int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1513 struct xfrm_migrate *m, int num_migrate)
1514{
1515 int err = -EINVAL;
1516 int ret;
1517 struct xfrm_mgr *km;
1518
1519 read_lock(&xfrm_km_lock);
1520 list_for_each_entry(km, &xfrm_km_list, list) {
1521 if (km->migrate) {
1522 ret = km->migrate(sel, dir, type, m, num_migrate);
1523 if (!ret)
1524 err = ret;
1525 }
1526 }
1527 read_unlock(&xfrm_km_lock);
1528 return err;
1529}
1530EXPORT_SYMBOL(km_migrate);
1531
97a64b45
MN		 1532int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1533{
1534 int err = -EINVAL;
1535 int ret;
1536 struct xfrm_mgr *km;
1537
1538 read_lock(&xfrm_km_lock);
1539 list_for_each_entry(km, &xfrm_km_list, list) {
1540 if (km->report) {
1541 ret = km->report(proto, sel, addr);
1542 if (!ret)
1543 err = ret;
1544 }
1545 }
1546 read_unlock(&xfrm_km_lock);
1547 return err;
1548}
1549EXPORT_SYMBOL(km_report);
1550
1da177e4
LT		 1551int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1552{
1553 int err;
1554 u8 *data;
1555 struct xfrm_mgr *km;
1556 struct xfrm_policy *pol = NULL;
1557
1558 if (optlen <= 0 || optlen > PAGE_SIZE)
1559 return -EMSGSIZE;
1560
1561 data = kmalloc(optlen, GFP_KERNEL);
1562 if (!data)
1563 return -ENOMEM;
1564
1565 err = -EFAULT;
1566 if (copy_from_user(data, optval, optlen))
1567 goto out;
1568
1569 err = -EINVAL;
1570 read_lock(&xfrm_km_lock);
1571 list_for_each_entry(km, &xfrm_km_list, list) {
cb969f07 1572 pol = km->compile_policy(sk, optname, data,
1da177e4
LT		 1573 optlen, &err);
1574 if (err >= 0)
1575 break;
1576 }
1577 read_unlock(&xfrm_km_lock);
1578
1579 if (err >= 0) {
1580 xfrm_sk_policy_insert(sk, err, pol);
1581 xfrm_pol_put(pol);
1582 err = 0;
1583 }
1584
1585out:
1586 kfree(data);
1587 return err;
1588}
1589EXPORT_SYMBOL(xfrm_user_policy);
1590
1591int xfrm_register_km(struct xfrm_mgr *km)
1592{
1593 write_lock_bh(&xfrm_km_lock);
1594 list_add_tail(&km->list, &xfrm_km_list);
1595 write_unlock_bh(&xfrm_km_lock);
1596 return 0;
1597}
1598EXPORT_SYMBOL(xfrm_register_km);
1599
1600int xfrm_unregister_km(struct xfrm_mgr *km)
1601{
1602 write_lock_bh(&xfrm_km_lock);
1603 list_del(&km->list);
1604 write_unlock_bh(&xfrm_km_lock);
1605 return 0;
1606}
1607EXPORT_SYMBOL(xfrm_unregister_km);
1608
1609int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1610{
1611 int err = 0;
1612 if (unlikely(afinfo == NULL))
1613 return -EINVAL;
1614 if (unlikely(afinfo->family >= NPROTO))
1615 return -EAFNOSUPPORT;
f3111502 1616 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1617 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1618 err = -ENOBUFS;
edcd5821 1619 else
1da177e4 1620 xfrm_state_afinfo[afinfo->family] = afinfo;
f3111502 1621 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1622 return err;
1623}
1624EXPORT_SYMBOL(xfrm_state_register_afinfo);
1625
1626int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1627{
1628 int err = 0;
1629 if (unlikely(afinfo == NULL))
1630 return -EINVAL;
1631 if (unlikely(afinfo->family >= NPROTO))
1632 return -EAFNOSUPPORT;
f3111502 1633 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1634 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1635 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1636 err = -EINVAL;
edcd5821 1637 else
1da177e4 1638 xfrm_state_afinfo[afinfo->family] = NULL;
1da177e4 1639 }
f3111502 1640 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1641 return err;
1642}
1643EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1644
cdca7265 1645struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
1da177e4
LT		 1646{
1647 struct xfrm_state_afinfo *afinfo;
1648 if (unlikely(family >= NPROTO))
1649 return NULL;
1650 read_lock(&xfrm_state_afinfo_lock);
1651 afinfo = xfrm_state_afinfo[family];
546be240
HX		 1652 if (unlikely(!afinfo))
1653 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1654 return afinfo;
1655}
1656
cdca7265 1657void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1da177e4 1658{
546be240 1659 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1660}
1661
cdca7265
MK		 1662EXPORT_SYMBOL(xfrm_state_get_afinfo);
1663EXPORT_SYMBOL(xfrm_state_put_afinfo);
1664
1da177e4
LT		 1665/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1666void xfrm_state_delete_tunnel(struct xfrm_state *x)
1667{
1668 if (x->tunnel) {
1669 struct xfrm_state *t = x->tunnel;
1670
1671 if (atomic_read(&t->tunnel_users) == 2)
1672 xfrm_state_delete(t);
1673 atomic_dec(&t->tunnel_users);
1674 xfrm_state_put(t);
1675 x->tunnel = NULL;
1676 }
1677}
1678EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1679
1680int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1681{
c5c25238 1682 int res;
1da177e4 1683
c5c25238
PM		 1684 spin_lock_bh(&x->lock);
1685 if (x->km.state == XFRM_STATE_VALID &&
1686 x->type && x->type->get_mtu)
1687 res = x->type->get_mtu(x, mtu);
1688 else
1689 res = mtu;
1690 spin_unlock_bh(&x->lock);
1da177e4
LT		 1691 return res;
1692}
1693
72cb6962
HX		 1694int xfrm_init_state(struct xfrm_state *x)
1695{
d094cd83
HX		 1696 struct xfrm_state_afinfo *afinfo;
1697 int family = x->props.family;
72cb6962
HX		 1698 int err;
1699
d094cd83
HX		 1700 err = -EAFNOSUPPORT;
1701 afinfo = xfrm_state_get_afinfo(family);
1702 if (!afinfo)
1703 goto error;
1704
1705 err = 0;
1706 if (afinfo->init_flags)
1707 err = afinfo->init_flags(x);
1708
1709 xfrm_state_put_afinfo(afinfo);
1710
1711 if (err)
1712 goto error;
1713
1714 err = -EPROTONOSUPPORT;
1715 x->type = xfrm_get_type(x->id.proto, family);
72cb6962
HX		 1716 if (x->type == NULL)
1717 goto error;
1718
1719 err = x->type->init_state(x);
1720 if (err)
1721 goto error;
1722
b59f45d0
HX		 1723 x->mode = xfrm_get_mode(x->props.mode, family);
1724 if (x->mode == NULL)
1725 goto error;
1726
72cb6962
HX		 1727 x->km.state = XFRM_STATE_VALID;
1728
1729error:
1730 return err;
1731}
1732
1733EXPORT_SYMBOL(xfrm_init_state);
a716c119 1734
1da177e4
LT		 1735void __init xfrm_state_init(void)
1736{
f034b5d4
DM		 1737 unsigned int sz;
1738
1739 sz = sizeof(struct hlist_head) * 8;
1740
44e36b42
DM		 1741 xfrm_state_bydst = xfrm_hash_alloc(sz);
1742 xfrm_state_bysrc = xfrm_hash_alloc(sz);
1743 xfrm_state_byspi = xfrm_hash_alloc(sz);
f034b5d4
DM		 1744 if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
1745 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
1746 xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1da177e4 1747
c4028958 1748 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
1da177e4
LT		 1749}
1750
Ubuntu Artful kernel mirror