]> git.proxmox.com Git - mirror_ubuntu-eoan-kernel.git/blame - net/xfrm/xfrm_state.c
projects / mirror_ubuntu-eoan-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
netns xfrm: per-netns xfrm_state_hmask
[mirror_ubuntu-eoan-kernel.git] / net / xfrm / xfrm_state.c
CommitLineData
1da177e4
LT		 1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
df71837d 13 *
1da177e4
LT		 14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
f034b5d4 21#include <linux/cache.h>
68277acc 22#include <linux/audit.h>
b5890d8b 23#include <asm/uaccess.h>
1da177e4 24
44e36b42
DM		 25#include "xfrm_hash.h"
26
ee857a7d
DM		 27struct sock *xfrm_nl;
28EXPORT_SYMBOL(xfrm_nl);
29
01e67d08 30u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
a70fcb0b
DM		 31EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
01e67d08 33u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
a70fcb0b
DM		 34EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
01e67d08
DM		 36u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
1da177e4
LT		 38/* Each xfrm_state may be linked to two tables:
39
40 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
a624c108 41 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
1da177e4
LT		 42 destination/tunnel endpoint. (output)
43 */
44
45static DEFINE_SPINLOCK(xfrm_state_lock);
46
f034b5d4
DM		 47static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
48static unsigned int xfrm_state_num;
9d4a706d 49static unsigned int xfrm_state_genid;
f034b5d4 50
17c2a42a
HX		 51static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
52static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
53
afeb14b4
PM		 54#ifdef CONFIG_AUDITSYSCALL
55static void xfrm_audit_state_replay(struct xfrm_state *x,
56 struct sk_buff *skb, __be32 net_seq);
57#else
58#define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
59#endif /* CONFIG_AUDITSYSCALL */
60
c1969f29
DM		 61static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
62 xfrm_address_t *saddr,
63 u32 reqid,
a624c108 64 unsigned short family)
f034b5d4 65{
529983ec 66 return __xfrm_dst_hash(daddr, saddr, reqid, family, init_net.xfrm.state_hmask);
f034b5d4
DM		 67}
68
667bbcb6
MN		 69static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
70 xfrm_address_t *saddr,
44e36b42 71 unsigned short family)
f034b5d4 72{
529983ec 73 return __xfrm_src_hash(daddr, saddr, family, init_net.xfrm.state_hmask);
f034b5d4
DM		 74}
75
f034b5d4 76static inline unsigned int
8122adf0 77xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
f034b5d4 78{
529983ec 79 return __xfrm_spi_hash(daddr, spi, proto, family, init_net.xfrm.state_hmask);
f034b5d4
DM		 80}
81
f034b5d4
DM		 82static void xfrm_hash_transfer(struct hlist_head *list,
83 struct hlist_head *ndsttable,
84 struct hlist_head *nsrctable,
85 struct hlist_head *nspitable,
86 unsigned int nhashmask)
87{
88 struct hlist_node *entry, *tmp;
89 struct xfrm_state *x;
90
91 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
92 unsigned int h;
93
c1969f29
DM		 94 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
95 x->props.reqid, x->props.family,
96 nhashmask);
f034b5d4
DM		 97 hlist_add_head(&x->bydst, ndsttable+h);
98
667bbcb6
MN		 99 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
100 x->props.family,
f034b5d4
DM		 101 nhashmask);
102 hlist_add_head(&x->bysrc, nsrctable+h);
103
7b4dc360
MN		 104 if (x->id.spi) {
105 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
106 x->id.proto, x->props.family,
107 nhashmask);
108 hlist_add_head(&x->byspi, nspitable+h);
109 }
f034b5d4
DM		 110 }
111}
112
113static unsigned long xfrm_hash_new_size(void)
114{
529983ec 115 return ((init_net.xfrm.state_hmask + 1) << 1) *
f034b5d4
DM		 116 sizeof(struct hlist_head);
117}
118
119static DEFINE_MUTEX(hash_resize_mutex);
120
c4028958 121static void xfrm_hash_resize(struct work_struct *__unused)
f034b5d4
DM		 122{
123 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
124 unsigned long nsize, osize;
125 unsigned int nhashmask, ohashmask;
126 int i;
127
128 mutex_lock(&hash_resize_mutex);
129
130 nsize = xfrm_hash_new_size();
44e36b42 131 ndst = xfrm_hash_alloc(nsize);
f034b5d4
DM		 132 if (!ndst)
133 goto out_unlock;
44e36b42 134 nsrc = xfrm_hash_alloc(nsize);
f034b5d4 135 if (!nsrc) {
44e36b42 136 xfrm_hash_free(ndst, nsize);
f034b5d4
DM		 137 goto out_unlock;
138 }
44e36b42 139 nspi = xfrm_hash_alloc(nsize);
f034b5d4 140 if (!nspi) {
44e36b42
DM		 141 xfrm_hash_free(ndst, nsize);
142 xfrm_hash_free(nsrc, nsize);
f034b5d4
DM		 143 goto out_unlock;
144 }
145
146 spin_lock_bh(&xfrm_state_lock);
147
148 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
529983ec 149 for (i = init_net.xfrm.state_hmask; i >= 0; i--)
73d189dc 150 xfrm_hash_transfer(init_net.xfrm.state_bydst+i, ndst, nsrc, nspi,
f034b5d4
DM		 151 nhashmask);
152
73d189dc 153 odst = init_net.xfrm.state_bydst;
d320bbb3 154 osrc = init_net.xfrm.state_bysrc;
b754a4fd 155 ospi = init_net.xfrm.state_byspi;
529983ec 156 ohashmask = init_net.xfrm.state_hmask;
f034b5d4 157
73d189dc 158 init_net.xfrm.state_bydst = ndst;
d320bbb3 159 init_net.xfrm.state_bysrc = nsrc;
b754a4fd 160 init_net.xfrm.state_byspi = nspi;
529983ec 161 init_net.xfrm.state_hmask = nhashmask;
f034b5d4
DM		 162
163 spin_unlock_bh(&xfrm_state_lock);
164
165 osize = (ohashmask + 1) * sizeof(struct hlist_head);
44e36b42
DM		 166 xfrm_hash_free(odst, osize);
167 xfrm_hash_free(osrc, osize);
168 xfrm_hash_free(ospi, osize);
f034b5d4
DM		 169
170out_unlock:
171 mutex_unlock(&hash_resize_mutex);
172}
173
c4028958 174static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
f034b5d4 175
1da177e4
LT		 176DECLARE_WAIT_QUEUE_HEAD(km_waitq);
177EXPORT_SYMBOL(km_waitq);
178
179static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
180static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
181
182static struct work_struct xfrm_state_gc_work;
12a169e7 183static HLIST_HEAD(xfrm_state_gc_list);
1da177e4
LT		 184static DEFINE_SPINLOCK(xfrm_state_gc_lock);
185
53bc6b4d 186int __xfrm_state_delete(struct xfrm_state *x);
1da177e4 187
980ebd25 188int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
53bc6b4d 189void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
1da177e4 190
aa5d62cc
HX		 191static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
192{
193 struct xfrm_state_afinfo *afinfo;
194 if (unlikely(family >= NPROTO))
195 return NULL;
196 write_lock_bh(&xfrm_state_afinfo_lock);
197 afinfo = xfrm_state_afinfo[family];
198 if (unlikely(!afinfo))
199 write_unlock_bh(&xfrm_state_afinfo_lock);
200 return afinfo;
201}
202
203static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 204 __releases(xfrm_state_afinfo_lock)
aa5d62cc
HX		 205{
206 write_unlock_bh(&xfrm_state_afinfo_lock);
207}
208
533cb5b0 209int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 210{
211 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 212 const struct xfrm_type **typemap;
aa5d62cc
HX		 213 int err = 0;
214
215 if (unlikely(afinfo == NULL))
216 return -EAFNOSUPPORT;
217 typemap = afinfo->type_map;
218
219 if (likely(typemap[type->proto] == NULL))
220 typemap[type->proto] = type;
221 else
222 err = -EEXIST;
223 xfrm_state_unlock_afinfo(afinfo);
224 return err;
225}
226EXPORT_SYMBOL(xfrm_register_type);
227
533cb5b0 228int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 229{
230 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 231 const struct xfrm_type **typemap;
aa5d62cc
HX		 232 int err = 0;
233
234 if (unlikely(afinfo == NULL))
235 return -EAFNOSUPPORT;
236 typemap = afinfo->type_map;
237
238 if (unlikely(typemap[type->proto] != type))
239 err = -ENOENT;
240 else
241 typemap[type->proto] = NULL;
242 xfrm_state_unlock_afinfo(afinfo);
243 return err;
244}
245EXPORT_SYMBOL(xfrm_unregister_type);
246
533cb5b0 247static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
aa5d62cc
HX		 248{
249 struct xfrm_state_afinfo *afinfo;
533cb5b0
ED		 250 const struct xfrm_type **typemap;
251 const struct xfrm_type *type;
aa5d62cc
HX		 252 int modload_attempted = 0;
253
254retry:
255 afinfo = xfrm_state_get_afinfo(family);
256 if (unlikely(afinfo == NULL))
257 return NULL;
258 typemap = afinfo->type_map;
259
260 type = typemap[proto];
261 if (unlikely(type && !try_module_get(type->owner)))
262 type = NULL;
263 if (!type && !modload_attempted) {
264 xfrm_state_put_afinfo(afinfo);
265 request_module("xfrm-type-%d-%d", family, proto);
266 modload_attempted = 1;
267 goto retry;
268 }
269
270 xfrm_state_put_afinfo(afinfo);
271 return type;
272}
273
533cb5b0 274static void xfrm_put_type(const struct xfrm_type *type)
aa5d62cc
HX		 275{
276 module_put(type->owner);
277}
278
279int xfrm_register_mode(struct xfrm_mode *mode, int family)
280{
281 struct xfrm_state_afinfo *afinfo;
282 struct xfrm_mode **modemap;
283 int err;
284
285 if (unlikely(mode->encap >= XFRM_MODE_MAX))
286 return -EINVAL;
287
288 afinfo = xfrm_state_lock_afinfo(family);
289 if (unlikely(afinfo == NULL))
290 return -EAFNOSUPPORT;
291
292 err = -EEXIST;
293 modemap = afinfo->mode_map;
17c2a42a
HX		 294 if (modemap[mode->encap])
295 goto out;
aa5d62cc 296
17c2a42a
HX		 297 err = -ENOENT;
298 if (!try_module_get(afinfo->owner))
299 goto out;
300
301 mode->afinfo = afinfo;
302 modemap[mode->encap] = mode;
303 err = 0;
304
305out:
aa5d62cc
HX		 306 xfrm_state_unlock_afinfo(afinfo);
307 return err;
308}
309EXPORT_SYMBOL(xfrm_register_mode);
310
311int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
312{
313 struct xfrm_state_afinfo *afinfo;
314 struct xfrm_mode **modemap;
315 int err;
316
317 if (unlikely(mode->encap >= XFRM_MODE_MAX))
318 return -EINVAL;
319
320 afinfo = xfrm_state_lock_afinfo(family);
321 if (unlikely(afinfo == NULL))
322 return -EAFNOSUPPORT;
323
324 err = -ENOENT;
325 modemap = afinfo->mode_map;
326 if (likely(modemap[mode->encap] == mode)) {
327 modemap[mode->encap] = NULL;
17c2a42a 328 module_put(mode->afinfo->owner);
aa5d62cc
HX		 329 err = 0;
330 }
331
332 xfrm_state_unlock_afinfo(afinfo);
333 return err;
334}
335EXPORT_SYMBOL(xfrm_unregister_mode);
336
337static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
338{
339 struct xfrm_state_afinfo *afinfo;
340 struct xfrm_mode *mode;
341 int modload_attempted = 0;
342
343 if (unlikely(encap >= XFRM_MODE_MAX))
344 return NULL;
345
346retry:
347 afinfo = xfrm_state_get_afinfo(family);
348 if (unlikely(afinfo == NULL))
349 return NULL;
350
351 mode = afinfo->mode_map[encap];
352 if (unlikely(mode && !try_module_get(mode->owner)))
353 mode = NULL;
354 if (!mode && !modload_attempted) {
355 xfrm_state_put_afinfo(afinfo);
356 request_module("xfrm-mode-%d-%d", family, encap);
357 modload_attempted = 1;
358 goto retry;
359 }
360
361 xfrm_state_put_afinfo(afinfo);
362 return mode;
363}
364
365static void xfrm_put_mode(struct xfrm_mode *mode)
366{
367 module_put(mode->owner);
368}
369
1da177e4
LT		 370static void xfrm_state_gc_destroy(struct xfrm_state *x)
371{
a47f0ce0
DM		 372 del_timer_sync(&x->timer);
373 del_timer_sync(&x->rtimer);
a51482bd
JJ		 374 kfree(x->aalg);
375 kfree(x->ealg);
376 kfree(x->calg);
377 kfree(x->encap);
060f02a3 378 kfree(x->coaddr);
13996378
HX		 379 if (x->inner_mode)
380 xfrm_put_mode(x->inner_mode);
df9dcb45
KM		 381 if (x->inner_mode_iaf)
382 xfrm_put_mode(x->inner_mode_iaf);
13996378
HX		 383 if (x->outer_mode)
384 xfrm_put_mode(x->outer_mode);
1da177e4
LT		 385 if (x->type) {
386 x->type->destructor(x);
387 xfrm_put_type(x->type);
388 }
df71837d 389 security_xfrm_state_free(x);
1da177e4
LT		 390 kfree(x);
391}
392
c4028958 393static void xfrm_state_gc_task(struct work_struct *data)
1da177e4 394{
12a169e7
HX		 395 struct xfrm_state *x;
396 struct hlist_node *entry, *tmp;
397 struct hlist_head gc_list;
1da177e4 398
1da177e4 399 spin_lock_bh(&xfrm_state_gc_lock);
12a169e7 400 hlist_move_list(&xfrm_state_gc_list, &gc_list);
1da177e4
LT		 401 spin_unlock_bh(&xfrm_state_gc_lock);
402
12a169e7 403 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
1da177e4 404 xfrm_state_gc_destroy(x);
8f126e37 405
1da177e4
LT		 406 wake_up(&km_waitq);
407}
408
409static inline unsigned long make_jiffies(long secs)
410{
411 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
412 return MAX_SCHEDULE_TIMEOUT-1;
413 else
a716c119 414 return secs*HZ;
1da177e4
LT		 415}
416
417static void xfrm_timer_handler(unsigned long data)
418{
419 struct xfrm_state *x = (struct xfrm_state*)data;
9d729f72 420 unsigned long now = get_seconds();
1da177e4
LT		 421 long next = LONG_MAX;
422 int warn = 0;
161a09e7 423 int err = 0;
1da177e4
LT		 424
425 spin_lock(&x->lock);
426 if (x->km.state == XFRM_STATE_DEAD)
427 goto out;
428 if (x->km.state == XFRM_STATE_EXPIRED)
429 goto expired;
430 if (x->lft.hard_add_expires_seconds) {
431 long tmo = x->lft.hard_add_expires_seconds +
432 x->curlft.add_time - now;
433 if (tmo <= 0)
434 goto expired;
435 if (tmo < next)
436 next = tmo;
437 }
438 if (x->lft.hard_use_expires_seconds) {
439 long tmo = x->lft.hard_use_expires_seconds +
440 (x->curlft.use_time ? : now) - now;
441 if (tmo <= 0)
442 goto expired;
443 if (tmo < next)
444 next = tmo;
445 }
446 if (x->km.dying)
447 goto resched;
448 if (x->lft.soft_add_expires_seconds) {
449 long tmo = x->lft.soft_add_expires_seconds +
450 x->curlft.add_time - now;
451 if (tmo <= 0)
452 warn = 1;
453 else if (tmo < next)
454 next = tmo;
455 }
456 if (x->lft.soft_use_expires_seconds) {
457 long tmo = x->lft.soft_use_expires_seconds +
458 (x->curlft.use_time ? : now) - now;
459 if (tmo <= 0)
460 warn = 1;
461 else if (tmo < next)
462 next = tmo;
463 }
464
4666faab 465 x->km.dying = warn;
1da177e4 466 if (warn)
53bc6b4d 467 km_state_expired(x, 0, 0);
1da177e4 468resched:
a47f0ce0
DM		 469 if (next != LONG_MAX)
470 mod_timer(&x->timer, jiffies + make_jiffies(next));
471
1da177e4
LT		 472 goto out;
473
474expired:
475 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
476 x->km.state = XFRM_STATE_EXPIRED;
477 wake_up(&km_waitq);
478 next = 2;
479 goto resched;
480 }
161a09e7
JL		 481
482 err = __xfrm_state_delete(x);
483 if (!err && x->id.spi)
53bc6b4d 484 km_state_expired(x, 1, 0);
1da177e4 485
ab5f5e8b 486 xfrm_audit_state_delete(x, err ? 0 : 1,
2532386f
EP		 487 audit_get_loginuid(current),
488 audit_get_sessionid(current), 0);
161a09e7 489
1da177e4
LT		 490out:
491 spin_unlock(&x->lock);
1da177e4
LT		 492}
493
0ac84752
DM		 494static void xfrm_replay_timer_handler(unsigned long data);
495
673c09be 496struct xfrm_state *xfrm_state_alloc(struct net *net)
1da177e4
LT		 497{
498 struct xfrm_state *x;
499
0da974f4 500 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
1da177e4
LT		 501
502 if (x) {
673c09be 503 write_pnet(&x->xs_net, net);
1da177e4
LT		 504 atomic_set(&x->refcnt, 1);
505 atomic_set(&x->tunnel_users, 0);
12a169e7 506 INIT_LIST_HEAD(&x->km.all);
8f126e37
DM		 507 INIT_HLIST_NODE(&x->bydst);
508 INIT_HLIST_NODE(&x->bysrc);
509 INIT_HLIST_NODE(&x->byspi);
b24b8a24
PE		 510 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
511 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
512 (unsigned long)x);
9d729f72 513 x->curlft.add_time = get_seconds();
1da177e4
LT		 514 x->lft.soft_byte_limit = XFRM_INF;
515 x->lft.soft_packet_limit = XFRM_INF;
516 x->lft.hard_byte_limit = XFRM_INF;
517 x->lft.hard_packet_limit = XFRM_INF;
f8cd5488
JHS		 518 x->replay_maxage = 0;
519 x->replay_maxdiff = 0;
df9dcb45
KM		 520 x->inner_mode = NULL;
521 x->inner_mode_iaf = NULL;
1da177e4
LT		 522 spin_lock_init(&x->lock);
523 }
524 return x;
525}
526EXPORT_SYMBOL(xfrm_state_alloc);
527
528void __xfrm_state_destroy(struct xfrm_state *x)
529{
547b792c 530 WARN_ON(x->km.state != XFRM_STATE_DEAD);
1da177e4
LT		 531
532 spin_lock_bh(&xfrm_state_gc_lock);
12a169e7 533 hlist_add_head(&x->gclist, &xfrm_state_gc_list);
1da177e4
LT		 534 spin_unlock_bh(&xfrm_state_gc_lock);
535 schedule_work(&xfrm_state_gc_work);
536}
537EXPORT_SYMBOL(__xfrm_state_destroy);
538
53bc6b4d 539int __xfrm_state_delete(struct xfrm_state *x)
1da177e4 540{
26b15dad
JHS		 541 int err = -ESRCH;
542
1da177e4
LT		 543 if (x->km.state != XFRM_STATE_DEAD) {
544 x->km.state = XFRM_STATE_DEAD;
545 spin_lock(&xfrm_state_lock);
12a169e7 546 list_del(&x->km.all);
8f126e37 547 hlist_del(&x->bydst);
8f126e37 548 hlist_del(&x->bysrc);
a47f0ce0 549 if (x->id.spi)
8f126e37 550 hlist_del(&x->byspi);
f034b5d4 551 xfrm_state_num--;
1da177e4 552 spin_unlock(&xfrm_state_lock);
1da177e4 553
1da177e4
LT		 554 /* All xfrm_state objects are created by xfrm_state_alloc.
555 * The xfrm_state_alloc call gives a reference, and that
556 * is what we are dropping here.
557 */
5dba4797 558 xfrm_state_put(x);
26b15dad 559 err = 0;
1da177e4 560 }
26b15dad
JHS		 561
562 return err;
1da177e4 563}
53bc6b4d 564EXPORT_SYMBOL(__xfrm_state_delete);
1da177e4 565
26b15dad 566int xfrm_state_delete(struct xfrm_state *x)
1da177e4 567{
26b15dad
JHS		 568 int err;
569
1da177e4 570 spin_lock_bh(&x->lock);
26b15dad 571 err = __xfrm_state_delete(x);
1da177e4 572 spin_unlock_bh(&x->lock);
26b15dad
JHS		 573
574 return err;
1da177e4
LT		 575}
576EXPORT_SYMBOL(xfrm_state_delete);
577
4aa2e62c
JL		 578#ifdef CONFIG_SECURITY_NETWORK_XFRM
579static inline int
580xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
1da177e4 581{
4aa2e62c
JL		 582 int i, err = 0;
583
529983ec 584 for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
4aa2e62c
JL		 585 struct hlist_node *entry;
586 struct xfrm_state *x;
587
73d189dc 588 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
4aa2e62c
JL		 589 if (xfrm_id_proto_match(x->id.proto, proto) &&
590 (err = security_xfrm_state_delete(x)) != 0) {
ab5f5e8b
JL		 591 xfrm_audit_state_delete(x, 0,
592 audit_info->loginuid,
2532386f 593 audit_info->sessionid,
ab5f5e8b 594 audit_info->secid);
4aa2e62c
JL		 595 return err;
596 }
597 }
598 }
599
600 return err;
601}
602#else
603static inline int
604xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
605{
606 return 0;
607}
608#endif
609
610int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
611{
612 int i, err = 0;
1da177e4
LT		 613
614 spin_lock_bh(&xfrm_state_lock);
4aa2e62c
JL		 615 err = xfrm_state_flush_secctx_check(proto, audit_info);
616 if (err)
617 goto out;
618
529983ec 619 for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
8f126e37
DM		 620 struct hlist_node *entry;
621 struct xfrm_state *x;
1da177e4 622restart:
73d189dc 623 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
1da177e4 624 if (!xfrm_state_kern(x) &&
5794708f 625 xfrm_id_proto_match(x->id.proto, proto)) {
1da177e4
LT		 626 xfrm_state_hold(x);
627 spin_unlock_bh(&xfrm_state_lock);
628
161a09e7 629 err = xfrm_state_delete(x);
ab5f5e8b
JL		 630 xfrm_audit_state_delete(x, err ? 0 : 1,
631 audit_info->loginuid,
2532386f 632 audit_info->sessionid,
ab5f5e8b 633 audit_info->secid);
1da177e4
LT		 634 xfrm_state_put(x);
635
636 spin_lock_bh(&xfrm_state_lock);
637 goto restart;
638 }
639 }
640 }
4aa2e62c
JL		 641 err = 0;
642
643out:
1da177e4
LT		 644 spin_unlock_bh(&xfrm_state_lock);
645 wake_up(&km_waitq);
4aa2e62c 646 return err;
1da177e4
LT		 647}
648EXPORT_SYMBOL(xfrm_state_flush);
649
af11e316 650void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
28d8909b
JHS		 651{
652 spin_lock_bh(&xfrm_state_lock);
653 si->sadcnt = xfrm_state_num;
529983ec 654 si->sadhcnt = init_net.xfrm.state_hmask;
28d8909b
JHS		 655 si->sadhmcnt = xfrm_state_hashmax;
656 spin_unlock_bh(&xfrm_state_lock);
657}
658EXPORT_SYMBOL(xfrm_sad_getinfo);
659
1da177e4
LT		 660static int
661xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
662 struct xfrm_tmpl *tmpl,
663 xfrm_address_t *daddr, xfrm_address_t *saddr,
664 unsigned short family)
665{
666 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
667 if (!afinfo)
668 return -1;
669 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
670 xfrm_state_put_afinfo(afinfo);
671 return 0;
672}
673
a94cfd19 674static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
edcd5821
DM		 675{
676 unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
677 struct xfrm_state *x;
8f126e37 678 struct hlist_node *entry;
edcd5821 679
b754a4fd 680 hlist_for_each_entry(x, entry, init_net.xfrm.state_byspi+h, byspi) {
edcd5821
DM		 681 if (x->props.family != family ||
682 x->id.spi != spi ||
683 x->id.proto != proto)
684 continue;
685
686 switch (family) {
687 case AF_INET:
688 if (x->id.daddr.a4 != daddr->a4)
689 continue;
690 break;
691 case AF_INET6:
692 if (!ipv6_addr_equal((struct in6_addr *)daddr,
693 (struct in6_addr *)
694 x->id.daddr.a6))
695 continue;
696 break;
3ff50b79 697 }
edcd5821
DM		 698
699 xfrm_state_hold(x);
700 return x;
701 }
702
703 return NULL;
704}
705
706static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
707{
667bbcb6 708 unsigned int h = xfrm_src_hash(daddr, saddr, family);
edcd5821 709 struct xfrm_state *x;
8f126e37 710 struct hlist_node *entry;
edcd5821 711
d320bbb3 712 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
edcd5821
DM		 713 if (x->props.family != family ||
714 x->id.proto != proto)
715 continue;
716
717 switch (family) {
718 case AF_INET:
719 if (x->id.daddr.a4 != daddr->a4 ||
720 x->props.saddr.a4 != saddr->a4)
721 continue;
722 break;
723 case AF_INET6:
724 if (!ipv6_addr_equal((struct in6_addr *)daddr,
725 (struct in6_addr *)
726 x->id.daddr.a6) ||
727 !ipv6_addr_equal((struct in6_addr *)saddr,
728 (struct in6_addr *)
729 x->props.saddr.a6))
730 continue;
731 break;
3ff50b79 732 }
edcd5821
DM		 733
734 xfrm_state_hold(x);
735 return x;
736 }
737
738 return NULL;
739}
740
741static inline struct xfrm_state *
742__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
743{
744 if (use_spi)
745 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
746 x->id.proto, family);
747 else
748 return __xfrm_state_lookup_byaddr(&x->id.daddr,
749 &x->props.saddr,
750 x->id.proto, family);
751}
752
2fab22f2
PM		 753static void xfrm_hash_grow_check(int have_hash_collision)
754{
755 if (have_hash_collision &&
529983ec
AD		 756 (init_net.xfrm.state_hmask + 1) < xfrm_state_hashmax &&
757 xfrm_state_num > init_net.xfrm.state_hmask)
2fab22f2
PM		 758 schedule_work(&xfrm_hash_work);
759}
760
1da177e4 761struct xfrm_state *
a716c119 762xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 763 struct flowi *fl, struct xfrm_tmpl *tmpl,
764 struct xfrm_policy *pol, int *err,
765 unsigned short family)
766{
4bda4f25 767 unsigned int h;
8f126e37 768 struct hlist_node *entry;
37b08e34 769 struct xfrm_state *x, *x0, *to_put;
1da177e4
LT		 770 int acquire_in_progress = 0;
771 int error = 0;
772 struct xfrm_state *best = NULL;
a716c119 773
37b08e34
DM		 774 to_put = NULL;
775
1da177e4 776 spin_lock_bh(&xfrm_state_lock);
4bda4f25 777 h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
73d189dc 778 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
1da177e4
LT		 779 if (x->props.family == family &&
780 x->props.reqid == tmpl->reqid &&
fbd9a5b4 781 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1da177e4
LT		 782 xfrm_state_addr_check(x, daddr, saddr, family) &&
783 tmpl->mode == x->props.mode &&
784 tmpl->id.proto == x->id.proto &&
785 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
786 /* Resolution logic:
787 1. There is a valid state with matching selector.
788 Done.
789 2. Valid state with inappropriate selector. Skip.
790
791 Entering area of "sysdeps".
792
793 3. If state is not valid, selector is temporary,
794 it selects only session which triggered
795 previous resolution. Key manager will do
796 something to install a state with proper
797 selector.
798 */
799 if (x->km.state == XFRM_STATE_VALID) {
df9dcb45 800 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
e0d1caa7 801 !security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 802 continue;
803 if (!best ||
804 best->km.dying > x->km.dying ||
805 (best->km.dying == x->km.dying &&
806 best->curlft.add_time < x->curlft.add_time))
807 best = x;
808 } else if (x->km.state == XFRM_STATE_ACQ) {
809 acquire_in_progress = 1;
810 } else if (x->km.state == XFRM_STATE_ERROR ||
811 x->km.state == XFRM_STATE_EXPIRED) {
48b8d783 812 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
e0d1caa7 813 security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 814 error = -ESRCH;
815 }
816 }
817 }
818
819 x = best;
820 if (!x && !error && !acquire_in_progress) {
5c5d281a 821 if (tmpl->id.spi &&
edcd5821
DM		 822 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
823 tmpl->id.proto, family)) != NULL) {
37b08e34 824 to_put = x0;
1da177e4
LT		 825 error = -EEXIST;
826 goto out;
827 }
673c09be 828 x = xfrm_state_alloc(&init_net);
1da177e4
LT		 829 if (x == NULL) {
830 error = -ENOMEM;
831 goto out;
832 }
833 /* Initialize temporary selector matching only
834 * to current session. */
835 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
836
e0d1caa7
VY		 837 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
838 if (error) {
839 x->km.state = XFRM_STATE_DEAD;
37b08e34 840 to_put = x;
e0d1caa7
VY		 841 x = NULL;
842 goto out;
843 }
844
1da177e4
LT		 845 if (km_query(x, tmpl, pol) == 0) {
846 x->km.state = XFRM_STATE_ACQ;
9d4139c7 847 list_add(&x->km.all, &init_net.xfrm.state_all);
73d189dc 848 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
667bbcb6 849 h = xfrm_src_hash(daddr, saddr, family);
d320bbb3 850 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1da177e4
LT		 851 if (x->id.spi) {
852 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
b754a4fd 853 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1da177e4 854 }
01e67d08
DM		 855 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
856 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1da177e4 857 add_timer(&x->timer);
2fab22f2
PM		 858 xfrm_state_num++;
859 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 860 } else {
861 x->km.state = XFRM_STATE_DEAD;
37b08e34 862 to_put = x;
1da177e4
LT		 863 x = NULL;
864 error = -ESRCH;
865 }
866 }
867out:
868 if (x)
869 xfrm_state_hold(x);
870 else
871 *err = acquire_in_progress ? -EAGAIN : error;
872 spin_unlock_bh(&xfrm_state_lock);
37b08e34
DM		 873 if (to_put)
874 xfrm_state_put(to_put);
1da177e4
LT		 875 return x;
876}
877
628529b6
JHS		 878struct xfrm_state *
879xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
880 unsigned short family, u8 mode, u8 proto, u32 reqid)
881{
4bda4f25 882 unsigned int h;
628529b6
JHS		 883 struct xfrm_state *rx = NULL, *x = NULL;
884 struct hlist_node *entry;
885
886 spin_lock(&xfrm_state_lock);
4bda4f25 887 h = xfrm_dst_hash(daddr, saddr, reqid, family);
73d189dc 888 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
628529b6
JHS		 889 if (x->props.family == family &&
890 x->props.reqid == reqid &&
891 !(x->props.flags & XFRM_STATE_WILDRECV) &&
892 xfrm_state_addr_check(x, daddr, saddr, family) &&
893 mode == x->props.mode &&
894 proto == x->id.proto &&
895 x->km.state == XFRM_STATE_VALID) {
896 rx = x;
897 break;
898 }
899 }
900
901 if (rx)
902 xfrm_state_hold(rx);
903 spin_unlock(&xfrm_state_lock);
904
905
906 return rx;
907}
908EXPORT_SYMBOL(xfrm_stateonly_find);
909
1da177e4
LT		 910static void __xfrm_state_insert(struct xfrm_state *x)
911{
a624c108 912 unsigned int h;
1da177e4 913
9d4a706d
DM		 914 x->genid = ++xfrm_state_genid;
915
9d4139c7 916 list_add(&x->km.all, &init_net.xfrm.state_all);
4c563f76 917
c1969f29
DM		 918 h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
919 x->props.reqid, x->props.family);
73d189dc 920 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
1da177e4 921
667bbcb6 922 h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
d320bbb3 923 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1da177e4 924
7b4dc360 925 if (x->id.spi) {
6c44e6b7
MN		 926 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
927 x->props.family);
928
b754a4fd 929 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
6c44e6b7
MN		 930 }
931
a47f0ce0
DM		 932 mod_timer(&x->timer, jiffies + HZ);
933 if (x->replay_maxage)
934 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
f8cd5488 935
1da177e4 936 wake_up(&km_waitq);
f034b5d4
DM		 937
938 xfrm_state_num++;
939
918049f0 940 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 941}
942
c7f5ea3a
DM		 943/* xfrm_state_lock is held */
944static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
945{
946 unsigned short family = xnew->props.family;
947 u32 reqid = xnew->props.reqid;
948 struct xfrm_state *x;
949 struct hlist_node *entry;
950 unsigned int h;
951
c1969f29 952 h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
73d189dc 953 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
c7f5ea3a
DM		 954 if (x->props.family == family &&
955 x->props.reqid == reqid &&
c1969f29
DM		 956 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
957 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
c7f5ea3a
DM		 958 x->genid = xfrm_state_genid;
959 }
960}
961
1da177e4
LT		 962void xfrm_state_insert(struct xfrm_state *x)
963{
964 spin_lock_bh(&xfrm_state_lock);
c7f5ea3a 965 __xfrm_state_bump_genids(x);
1da177e4
LT		 966 __xfrm_state_insert(x);
967 spin_unlock_bh(&xfrm_state_lock);
968}
969EXPORT_SYMBOL(xfrm_state_insert);
970
2770834c
DM		 971/* xfrm_state_lock is held */
972static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
973{
c1969f29 974 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
8f126e37 975 struct hlist_node *entry;
2770834c
DM		 976 struct xfrm_state *x;
977
73d189dc 978 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
2770834c
DM		 979 if (x->props.reqid != reqid ||
980 x->props.mode != mode ||
981 x->props.family != family ||
982 x->km.state != XFRM_STATE_ACQ ||
75e252d9
JL		 983 x->id.spi != 0 ||
984 x->id.proto != proto)
2770834c
DM		 985 continue;
986
987 switch (family) {
988 case AF_INET:
989 if (x->id.daddr.a4 != daddr->a4 ||
990 x->props.saddr.a4 != saddr->a4)
991 continue;
992 break;
993 case AF_INET6:
994 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
995 (struct in6_addr *)daddr) ||
996 !ipv6_addr_equal((struct in6_addr *)
997 x->props.saddr.a6,
998 (struct in6_addr *)saddr))
999 continue;
1000 break;
3ff50b79 1001 }
2770834c
DM		 1002
1003 xfrm_state_hold(x);
1004 return x;
1005 }
1006
1007 if (!create)
1008 return NULL;
1009
673c09be 1010 x = xfrm_state_alloc(&init_net);
2770834c
DM		 1011 if (likely(x)) {
1012 switch (family) {
1013 case AF_INET:
1014 x->sel.daddr.a4 = daddr->a4;
1015 x->sel.saddr.a4 = saddr->a4;
1016 x->sel.prefixlen_d = 32;
1017 x->sel.prefixlen_s = 32;
1018 x->props.saddr.a4 = saddr->a4;
1019 x->id.daddr.a4 = daddr->a4;
1020 break;
1021
1022 case AF_INET6:
1023 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1024 (struct in6_addr *)daddr);
1025 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1026 (struct in6_addr *)saddr);
1027 x->sel.prefixlen_d = 128;
1028 x->sel.prefixlen_s = 128;
1029 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1030 (struct in6_addr *)saddr);
1031 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1032 (struct in6_addr *)daddr);
1033 break;
3ff50b79 1034 }
2770834c
DM		 1035
1036 x->km.state = XFRM_STATE_ACQ;
1037 x->id.proto = proto;
1038 x->props.family = family;
1039 x->props.mode = mode;
1040 x->props.reqid = reqid;
01e67d08 1041 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
2770834c 1042 xfrm_state_hold(x);
01e67d08 1043 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
2770834c 1044 add_timer(&x->timer);
9d4139c7 1045 list_add(&x->km.all, &init_net.xfrm.state_all);
73d189dc 1046 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
667bbcb6 1047 h = xfrm_src_hash(daddr, saddr, family);
d320bbb3 1048 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
918049f0
DM		 1049
1050 xfrm_state_num++;
1051
1052 xfrm_hash_grow_check(x->bydst.next != NULL);
2770834c
DM		 1053 }
1054
1055 return x;
1056}
1057
1da177e4
LT		 1058static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1059
1060int xfrm_state_add(struct xfrm_state *x)
1061{
37b08e34 1062 struct xfrm_state *x1, *to_put;
1da177e4
LT		 1063 int family;
1064 int err;
eb2971b6 1065 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4
LT		 1066
1067 family = x->props.family;
1da177e4 1068
37b08e34
DM		 1069 to_put = NULL;
1070
1da177e4
LT		 1071 spin_lock_bh(&xfrm_state_lock);
1072
edcd5821 1073 x1 = __xfrm_state_locate(x, use_spi, family);
1da177e4 1074 if (x1) {
37b08e34 1075 to_put = x1;
1da177e4
LT		 1076 x1 = NULL;
1077 err = -EEXIST;
1078 goto out;
1079 }
1080
eb2971b6 1081 if (use_spi && x->km.seq) {
1da177e4 1082 x1 = __xfrm_find_acq_byseq(x->km.seq);
75e252d9
JL		 1083 if (x1 && ((x1->id.proto != x->id.proto) ||
1084 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
37b08e34 1085 to_put = x1;
1da177e4
LT		 1086 x1 = NULL;
1087 }
1088 }
1089
eb2971b6 1090 if (use_spi && !x1)
2770834c
DM		 1091 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1092 x->id.proto,
1093 &x->id.daddr, &x->props.saddr, 0);
1da177e4 1094
c7f5ea3a 1095 __xfrm_state_bump_genids(x);
1da177e4
LT		 1096 __xfrm_state_insert(x);
1097 err = 0;
1098
1099out:
1100 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1101
1102 if (x1) {
1103 xfrm_state_delete(x1);
1104 xfrm_state_put(x1);
1105 }
1106
37b08e34
DM		 1107 if (to_put)
1108 xfrm_state_put(to_put);
1109
1da177e4
LT		 1110 return err;
1111}
1112EXPORT_SYMBOL(xfrm_state_add);
1113
80c9abaa 1114#ifdef CONFIG_XFRM_MIGRATE
6666351d 1115static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
80c9abaa
SS		 1116{
1117 int err = -ENOMEM;
673c09be 1118 struct xfrm_state *x = xfrm_state_alloc(&init_net);
80c9abaa
SS		 1119 if (!x)
1120 goto error;
1121
1122 memcpy(&x->id, &orig->id, sizeof(x->id));
1123 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1124 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1125 x->props.mode = orig->props.mode;
1126 x->props.replay_window = orig->props.replay_window;
1127 x->props.reqid = orig->props.reqid;
1128 x->props.family = orig->props.family;
1129 x->props.saddr = orig->props.saddr;
1130
1131 if (orig->aalg) {
1132 x->aalg = xfrm_algo_clone(orig->aalg);
1133 if (!x->aalg)
1134 goto error;
1135 }
1136 x->props.aalgo = orig->props.aalgo;
1137
1138 if (orig->ealg) {
1139 x->ealg = xfrm_algo_clone(orig->ealg);
1140 if (!x->ealg)
1141 goto error;
1142 }
1143 x->props.ealgo = orig->props.ealgo;
1144
1145 if (orig->calg) {
1146 x->calg = xfrm_algo_clone(orig->calg);
1147 if (!x->calg)
1148 goto error;
1149 }
1150 x->props.calgo = orig->props.calgo;
1151
a716c119 1152 if (orig->encap) {
80c9abaa
SS		 1153 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1154 if (!x->encap)
1155 goto error;
1156 }
1157
1158 if (orig->coaddr) {
1159 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1160 GFP_KERNEL);
1161 if (!x->coaddr)
1162 goto error;
1163 }
1164
1165 err = xfrm_init_state(x);
1166 if (err)
1167 goto error;
1168
1169 x->props.flags = orig->props.flags;
1170
1171 x->curlft.add_time = orig->curlft.add_time;
1172 x->km.state = orig->km.state;
1173 x->km.seq = orig->km.seq;
1174
1175 return x;
1176
1177 error:
1178 if (errp)
1179 *errp = err;
1180 if (x) {
1181 kfree(x->aalg);
1182 kfree(x->ealg);
1183 kfree(x->calg);
1184 kfree(x->encap);
1185 kfree(x->coaddr);
1186 }
1187 kfree(x);
1188 return NULL;
1189}
80c9abaa
SS		 1190
1191/* xfrm_state_lock is held */
1192struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1193{
1194 unsigned int h;
1195 struct xfrm_state *x;
1196 struct hlist_node *entry;
1197
1198 if (m->reqid) {
1199 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1200 m->reqid, m->old_family);
73d189dc 1201 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
80c9abaa
SS		 1202 if (x->props.mode != m->mode ||
1203 x->id.proto != m->proto)
1204 continue;
1205 if (m->reqid && x->props.reqid != m->reqid)
1206 continue;
1207 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1208 m->old_family) ||
1209 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1210 m->old_family))
1211 continue;
1212 xfrm_state_hold(x);
1213 return x;
1214 }
1215 } else {
1216 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1217 m->old_family);
d320bbb3 1218 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
80c9abaa
SS		 1219 if (x->props.mode != m->mode ||
1220 x->id.proto != m->proto)
1221 continue;
1222 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1223 m->old_family) ||
1224 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1225 m->old_family))
1226 continue;
1227 xfrm_state_hold(x);
1228 return x;
1229 }
1230 }
1231
a716c119 1232 return NULL;
80c9abaa
SS		 1233}
1234EXPORT_SYMBOL(xfrm_migrate_state_find);
1235
1236struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1237 struct xfrm_migrate *m)
1238{
1239 struct xfrm_state *xc;
1240 int err;
1241
1242 xc = xfrm_state_clone(x, &err);
1243 if (!xc)
1244 return NULL;
1245
1246 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1247 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1248
1249 /* add state */
1250 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1251 /* a care is needed when the destination address of the
1252 state is to be updated as it is a part of triplet */
1253 xfrm_state_insert(xc);
1254 } else {
1255 if ((err = xfrm_state_add(xc)) < 0)
1256 goto error;
1257 }
1258
1259 return xc;
1260error:
1261 kfree(xc);
1262 return NULL;
1263}
1264EXPORT_SYMBOL(xfrm_state_migrate);
1265#endif
1266
1da177e4
LT		 1267int xfrm_state_update(struct xfrm_state *x)
1268{
37b08e34 1269 struct xfrm_state *x1, *to_put;
1da177e4 1270 int err;
eb2971b6 1271 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4 1272
37b08e34
DM		 1273 to_put = NULL;
1274
1da177e4 1275 spin_lock_bh(&xfrm_state_lock);
edcd5821 1276 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1da177e4
LT		 1277
1278 err = -ESRCH;
1279 if (!x1)
1280 goto out;
1281
1282 if (xfrm_state_kern(x1)) {
37b08e34 1283 to_put = x1;
1da177e4
LT		 1284 err = -EEXIST;
1285 goto out;
1286 }
1287
1288 if (x1->km.state == XFRM_STATE_ACQ) {
1289 __xfrm_state_insert(x);
1290 x = NULL;
1291 }
1292 err = 0;
1293
1294out:
1295 spin_unlock_bh(&xfrm_state_lock);
1da177e4 1296
37b08e34
DM		 1297 if (to_put)
1298 xfrm_state_put(to_put);
1299
1da177e4
LT		 1300 if (err)
1301 return err;
1302
1303 if (!x) {
1304 xfrm_state_delete(x1);
1305 xfrm_state_put(x1);
1306 return 0;
1307 }
1308
1309 err = -EINVAL;
1310 spin_lock_bh(&x1->lock);
1311 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1312 if (x->encap && x1->encap)
1313 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
060f02a3
NT		 1314 if (x->coaddr && x1->coaddr) {
1315 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1316 }
1317 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1318 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1da177e4
LT		 1319 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1320 x1->km.dying = 0;
1321
a47f0ce0 1322 mod_timer(&x1->timer, jiffies + HZ);
1da177e4
LT		 1323 if (x1->curlft.use_time)
1324 xfrm_state_check_expire(x1);
1325
1326 err = 0;
1327 }
1328 spin_unlock_bh(&x1->lock);
1329
1330 xfrm_state_put(x1);
1331
1332 return err;
1333}
1334EXPORT_SYMBOL(xfrm_state_update);
1335
1336int xfrm_state_check_expire(struct xfrm_state *x)
1337{
1338 if (!x->curlft.use_time)
9d729f72 1339 x->curlft.use_time = get_seconds();
1da177e4
LT		 1340
1341 if (x->km.state != XFRM_STATE_VALID)
1342 return -EINVAL;
1343
1344 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1345 x->curlft.packets >= x->lft.hard_packet_limit) {
4666faab 1346 x->km.state = XFRM_STATE_EXPIRED;
a47f0ce0 1347 mod_timer(&x->timer, jiffies);
1da177e4
LT		 1348 return -EINVAL;
1349 }
1350
1351 if (!x->km.dying &&
1352 (x->curlft.bytes >= x->lft.soft_byte_limit ||
4666faab
HX		 1353 x->curlft.packets >= x->lft.soft_packet_limit)) {
1354 x->km.dying = 1;
53bc6b4d 1355 km_state_expired(x, 0, 0);
4666faab 1356 }
1da177e4
LT		 1357 return 0;
1358}
1359EXPORT_SYMBOL(xfrm_state_check_expire);
1360
1da177e4 1361struct xfrm_state *
a94cfd19 1362xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1da177e4
LT		 1363 unsigned short family)
1364{
1365 struct xfrm_state *x;
1da177e4
LT		 1366
1367 spin_lock_bh(&xfrm_state_lock);
edcd5821 1368 x = __xfrm_state_lookup(daddr, spi, proto, family);
1da177e4 1369 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1370 return x;
1371}
1372EXPORT_SYMBOL(xfrm_state_lookup);
1373
1374struct xfrm_state *
eb2971b6
MN		 1375xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1376 u8 proto, unsigned short family)
1377{
1378 struct xfrm_state *x;
eb2971b6
MN		 1379
1380 spin_lock_bh(&xfrm_state_lock);
edcd5821 1381 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
eb2971b6 1382 spin_unlock_bh(&xfrm_state_lock);
eb2971b6
MN		 1383 return x;
1384}
1385EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1386
1387struct xfrm_state *
a716c119
YH		 1388xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1389 xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 1390 int create, unsigned short family)
1391{
1392 struct xfrm_state *x;
1da177e4
LT		 1393
1394 spin_lock_bh(&xfrm_state_lock);
2770834c 1395 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1da177e4 1396 spin_unlock_bh(&xfrm_state_lock);
2770834c 1397
1da177e4
LT		 1398 return x;
1399}
1400EXPORT_SYMBOL(xfrm_find_acq);
1401
41a49cc3
MN		 1402#ifdef CONFIG_XFRM_SUB_POLICY
1403int
1404xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1405 unsigned short family)
1406{
1407 int err = 0;
1408 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1409 if (!afinfo)
1410 return -EAFNOSUPPORT;
1411
1412 spin_lock_bh(&xfrm_state_lock);
1413 if (afinfo->tmpl_sort)
1414 err = afinfo->tmpl_sort(dst, src, n);
1415 spin_unlock_bh(&xfrm_state_lock);
1416 xfrm_state_put_afinfo(afinfo);
1417 return err;
1418}
1419EXPORT_SYMBOL(xfrm_tmpl_sort);
1420
1421int
1422xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1423 unsigned short family)
1424{
1425 int err = 0;
1426 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1427 if (!afinfo)
1428 return -EAFNOSUPPORT;
1429
1430 spin_lock_bh(&xfrm_state_lock);
1431 if (afinfo->state_sort)
1432 err = afinfo->state_sort(dst, src, n);
1433 spin_unlock_bh(&xfrm_state_lock);
1434 xfrm_state_put_afinfo(afinfo);
1435 return err;
1436}
1437EXPORT_SYMBOL(xfrm_state_sort);
1438#endif
1439
1da177e4
LT		 1440/* Silly enough, but I'm lazy to build resolution list */
1441
1442static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1443{
1444 int i;
1da177e4 1445
529983ec 1446 for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
8f126e37
DM		 1447 struct hlist_node *entry;
1448 struct xfrm_state *x;
1449
73d189dc 1450 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
8f126e37
DM		 1451 if (x->km.seq == seq &&
1452 x->km.state == XFRM_STATE_ACQ) {
1da177e4
LT		 1453 xfrm_state_hold(x);
1454 return x;
1455 }
1456 }
1457 }
1458 return NULL;
1459}
1460
1461struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1462{
1463 struct xfrm_state *x;
1464
1465 spin_lock_bh(&xfrm_state_lock);
1466 x = __xfrm_find_acq_byseq(seq);
1467 spin_unlock_bh(&xfrm_state_lock);
1468 return x;
1469}
1470EXPORT_SYMBOL(xfrm_find_acq_byseq);
1471
1472u32 xfrm_get_acqseq(void)
1473{
1474 u32 res;
1475 static u32 acqseq;
1476 static DEFINE_SPINLOCK(acqseq_lock);
1477
1478 spin_lock_bh(&acqseq_lock);
1479 res = (++acqseq ? : ++acqseq);
1480 spin_unlock_bh(&acqseq_lock);
1481 return res;
1482}
1483EXPORT_SYMBOL(xfrm_get_acqseq);
1484
658b219e 1485int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1da177e4 1486{
f034b5d4 1487 unsigned int h;
1da177e4 1488 struct xfrm_state *x0;
658b219e
HX		 1489 int err = -ENOENT;
1490 __be32 minspi = htonl(low);
1491 __be32 maxspi = htonl(high);
1da177e4 1492
658b219e
HX		 1493 spin_lock_bh(&x->lock);
1494 if (x->km.state == XFRM_STATE_DEAD)
1495 goto unlock;
1496
1497 err = 0;
1da177e4 1498 if (x->id.spi)
658b219e
HX		 1499 goto unlock;
1500
1501 err = -ENOENT;
1da177e4
LT		 1502
1503 if (minspi == maxspi) {
1504 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1505 if (x0) {
1506 xfrm_state_put(x0);
658b219e 1507 goto unlock;
1da177e4
LT		 1508 }
1509 x->id.spi = minspi;
1510 } else {
1511 u32 spi = 0;
26977b4e
AV		 1512 for (h=0; h<high-low+1; h++) {
1513 spi = low + net_random()%(high-low+1);
1da177e4
LT		 1514 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1515 if (x0 == NULL) {
1516 x->id.spi = htonl(spi);
1517 break;
1518 }
1519 xfrm_state_put(x0);
1520 }
1521 }
1522 if (x->id.spi) {
1523 spin_lock_bh(&xfrm_state_lock);
1524 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
b754a4fd 1525 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1da177e4 1526 spin_unlock_bh(&xfrm_state_lock);
658b219e
HX		 1527
1528 err = 0;
1da177e4 1529 }
658b219e
HX		 1530
1531unlock:
1532 spin_unlock_bh(&x->lock);
1533
1534 return err;
1da177e4
LT		 1535}
1536EXPORT_SYMBOL(xfrm_alloc_spi);
1537
4c563f76
TT		 1538int xfrm_state_walk(struct xfrm_state_walk *walk,
1539 int (*func)(struct xfrm_state *, int, void*),
1da177e4
LT		 1540 void *data)
1541{
12a169e7
HX		 1542 struct xfrm_state *state;
1543 struct xfrm_state_walk *x;
1da177e4
LT		 1544 int err = 0;
1545
12a169e7 1546 if (walk->seq != 0 && list_empty(&walk->all))
4c563f76
TT		 1547 return 0;
1548
1da177e4 1549 spin_lock_bh(&xfrm_state_lock);
12a169e7 1550 if (list_empty(&walk->all))
9d4139c7 1551 x = list_first_entry(&init_net.xfrm.state_all, struct xfrm_state_walk, all);
12a169e7
HX		 1552 else
1553 x = list_entry(&walk->all, struct xfrm_state_walk, all);
9d4139c7 1554 list_for_each_entry_from(x, &init_net.xfrm.state_all, all) {
12a169e7 1555 if (x->state == XFRM_STATE_DEAD)
4c563f76 1556 continue;
12a169e7
HX		 1557 state = container_of(x, struct xfrm_state, km);
1558 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
4c563f76 1559 continue;
12a169e7
HX		 1560 err = func(state, walk->seq, data);
1561 if (err) {
1562 list_move_tail(&walk->all, &x->all);
1563 goto out;
1da177e4 1564 }
12a169e7 1565 walk->seq++;
1da177e4 1566 }
12a169e7 1567 if (walk->seq == 0) {
1da177e4
LT		 1568 err = -ENOENT;
1569 goto out;
1570 }
12a169e7 1571 list_del_init(&walk->all);
1da177e4
LT		 1572out:
1573 spin_unlock_bh(&xfrm_state_lock);
1574 return err;
1575}
1576EXPORT_SYMBOL(xfrm_state_walk);
1577
5c182458
HX		 1578void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1579{
12a169e7 1580 INIT_LIST_HEAD(&walk->all);
5c182458 1581 walk->proto = proto;
12a169e7
HX		 1582 walk->state = XFRM_STATE_DEAD;
1583 walk->seq = 0;
5c182458
HX		 1584}
1585EXPORT_SYMBOL(xfrm_state_walk_init);
1586
abb81c4f
HX		 1587void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1588{
12a169e7 1589 if (list_empty(&walk->all))
5c182458 1590 return;
5c182458 1591
12a169e7
HX		 1592 spin_lock_bh(&xfrm_state_lock);
1593 list_del(&walk->all);
1594 spin_lock_bh(&xfrm_state_lock);
abb81c4f
HX		 1595}
1596EXPORT_SYMBOL(xfrm_state_walk_done);
1597
f8cd5488
JHS		 1598
1599void xfrm_replay_notify(struct xfrm_state *x, int event)
1600{
1601 struct km_event c;
1602 /* we send notify messages in case
1603 * 1. we updated on of the sequence numbers, and the seqno difference
1604 * is at least x->replay_maxdiff, in this case we also update the
1605 * timeout of our timer function
1606 * 2. if x->replay_maxage has elapsed since last update,
1607 * and there were changes
1608 *
1609 * The state structure must be locked!
1610 */
1611
1612 switch (event) {
1613 case XFRM_REPLAY_UPDATE:
1614 if (x->replay_maxdiff &&
1615 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
2717096a
JHS		 1616 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1617 if (x->xflags & XFRM_TIME_DEFER)
1618 event = XFRM_REPLAY_TIMEOUT;
1619 else
1620 return;
1621 }
f8cd5488
JHS		 1622
1623 break;
1624
1625 case XFRM_REPLAY_TIMEOUT:
1626 if ((x->replay.seq == x->preplay.seq) &&
1627 (x->replay.bitmap == x->preplay.bitmap) &&
2717096a
JHS		 1628 (x->replay.oseq == x->preplay.oseq)) {
1629 x->xflags |= XFRM_TIME_DEFER;
f8cd5488 1630 return;
2717096a 1631 }
f8cd5488
JHS		 1632
1633 break;
1634 }
1635
1636 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1637 c.event = XFRM_MSG_NEWAE;
1638 c.data.aevent = event;
1639 km_state_notify(x, &c);
1640
f8cd5488 1641 if (x->replay_maxage &&
a47f0ce0 1642 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
2717096a 1643 x->xflags &= ~XFRM_TIME_DEFER;
f8cd5488
JHS		 1644}
1645
1646static void xfrm_replay_timer_handler(unsigned long data)
1647{
1648 struct xfrm_state *x = (struct xfrm_state*)data;
1649
1650 spin_lock(&x->lock);
1651
2717096a
JHS		 1652 if (x->km.state == XFRM_STATE_VALID) {
1653 if (xfrm_aevent_is_on())
1654 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1655 else
1656 x->xflags |= XFRM_TIME_DEFER;
1657 }
f8cd5488
JHS		 1658
1659 spin_unlock(&x->lock);
1660}
1661
afeb14b4
PM		 1662int xfrm_replay_check(struct xfrm_state *x,
1663 struct sk_buff *skb, __be32 net_seq)
1da177e4
LT		 1664{
1665 u32 diff;
a252cc23 1666 u32 seq = ntohl(net_seq);
1da177e4
LT		 1667
1668 if (unlikely(seq == 0))
afeb14b4 1669 goto err;
1da177e4
LT		 1670
1671 if (likely(seq > x->replay.seq))
1672 return 0;
1673
1674 diff = x->replay.seq - seq;
4c4d51a7
HX		 1675 if (diff >= min_t(unsigned int, x->props.replay_window,
1676 sizeof(x->replay.bitmap) * 8)) {
1da177e4 1677 x->stats.replay_window++;
afeb14b4 1678 goto err;
1da177e4
LT		 1679 }
1680
1681 if (x->replay.bitmap & (1U << diff)) {
1682 x->stats.replay++;
afeb14b4 1683 goto err;
1da177e4
LT		 1684 }
1685 return 0;
afeb14b4
PM		 1686
1687err:
1688 xfrm_audit_state_replay(x, skb, net_seq);
1689 return -EINVAL;
1da177e4 1690}
1da177e4 1691
61f4627b 1692void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1da177e4
LT		 1693{
1694 u32 diff;
61f4627b 1695 u32 seq = ntohl(net_seq);
1da177e4
LT		 1696
1697 if (seq > x->replay.seq) {
1698 diff = seq - x->replay.seq;
1699 if (diff < x->props.replay_window)
1700 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1701 else
1702 x->replay.bitmap = 1;
1703 x->replay.seq = seq;
1704 } else {
1705 diff = x->replay.seq - seq;
1706 x->replay.bitmap |= (1U << diff);
1707 }
f8cd5488
JHS		 1708
1709 if (xfrm_aevent_is_on())
1710 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1da177e4 1711}
1da177e4 1712
df01812e 1713static LIST_HEAD(xfrm_km_list);
1da177e4
LT		 1714static DEFINE_RWLOCK(xfrm_km_lock);
1715
26b15dad 1716void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1da177e4
LT		 1717{
1718 struct xfrm_mgr *km;
1719
26b15dad
JHS		 1720 read_lock(&xfrm_km_lock);
1721 list_for_each_entry(km, &xfrm_km_list, list)
1722 if (km->notify_policy)
1723 km->notify_policy(xp, dir, c);
1724 read_unlock(&xfrm_km_lock);
1725}
1da177e4 1726
26b15dad
JHS		 1727void km_state_notify(struct xfrm_state *x, struct km_event *c)
1728{
1729 struct xfrm_mgr *km;
1da177e4
LT		 1730 read_lock(&xfrm_km_lock);
1731 list_for_each_entry(km, &xfrm_km_list, list)
26b15dad
JHS		 1732 if (km->notify)
1733 km->notify(x, c);
1da177e4 1734 read_unlock(&xfrm_km_lock);
26b15dad
JHS		 1735}
1736
1737EXPORT_SYMBOL(km_policy_notify);
1738EXPORT_SYMBOL(km_state_notify);
1739
53bc6b4d 1740void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
26b15dad
JHS		 1741{
1742 struct km_event c;
1743
bf08867f 1744 c.data.hard = hard;
53bc6b4d 1745 c.pid = pid;
f60f6b8f 1746 c.event = XFRM_MSG_EXPIRE;
26b15dad 1747 km_state_notify(x, &c);
1da177e4
LT		 1748
1749 if (hard)
1750 wake_up(&km_waitq);
1751}
1752
53bc6b4d 1753EXPORT_SYMBOL(km_state_expired);
26b15dad
JHS		 1754/*
1755 * We send to all registered managers regardless of failure
1756 * We are happy with one success
1757*/
980ebd25 1758int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1da177e4 1759{
26b15dad 1760 int err = -EINVAL, acqret;
1da177e4
LT		 1761 struct xfrm_mgr *km;
1762
1763 read_lock(&xfrm_km_lock);
1764 list_for_each_entry(km, &xfrm_km_list, list) {
26b15dad
JHS		 1765 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1766 if (!acqret)
1767 err = acqret;
1da177e4
LT		 1768 }
1769 read_unlock(&xfrm_km_lock);
1770 return err;
1771}
980ebd25 1772EXPORT_SYMBOL(km_query);
1da177e4 1773
5d36b180 1774int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1da177e4
LT		 1775{
1776 int err = -EINVAL;
1777 struct xfrm_mgr *km;
1778
1779 read_lock(&xfrm_km_lock);
1780 list_for_each_entry(km, &xfrm_km_list, list) {
1781 if (km->new_mapping)
1782 err = km->new_mapping(x, ipaddr, sport);
1783 if (!err)
1784 break;
1785 }
1786 read_unlock(&xfrm_km_lock);
1787 return err;
1788}
1789EXPORT_SYMBOL(km_new_mapping);
1790
6c5c8ca7 1791void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1da177e4 1792{
26b15dad 1793 struct km_event c;
1da177e4 1794
bf08867f 1795 c.data.hard = hard;
6c5c8ca7 1796 c.pid = pid;
f60f6b8f 1797 c.event = XFRM_MSG_POLEXPIRE;
26b15dad 1798 km_policy_notify(pol, dir, &c);
1da177e4
LT		 1799
1800 if (hard)
1801 wake_up(&km_waitq);
1802}
a70fcb0b 1803EXPORT_SYMBOL(km_policy_expired);
1da177e4 1804
2d60abc2 1805#ifdef CONFIG_XFRM_MIGRATE
80c9abaa 1806int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
13c1d189
AE		 1807 struct xfrm_migrate *m, int num_migrate,
1808 struct xfrm_kmaddress *k)
80c9abaa
SS		 1809{
1810 int err = -EINVAL;
1811 int ret;
1812 struct xfrm_mgr *km;
1813
1814 read_lock(&xfrm_km_lock);
1815 list_for_each_entry(km, &xfrm_km_list, list) {
1816 if (km->migrate) {
13c1d189 1817 ret = km->migrate(sel, dir, type, m, num_migrate, k);
80c9abaa
SS		 1818 if (!ret)
1819 err = ret;
1820 }
1821 }
1822 read_unlock(&xfrm_km_lock);
1823 return err;
1824}
1825EXPORT_SYMBOL(km_migrate);
2d60abc2 1826#endif
80c9abaa 1827
97a64b45
MN		 1828int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1829{
1830 int err = -EINVAL;
1831 int ret;
1832 struct xfrm_mgr *km;
1833
1834 read_lock(&xfrm_km_lock);
1835 list_for_each_entry(km, &xfrm_km_list, list) {
1836 if (km->report) {
1837 ret = km->report(proto, sel, addr);
1838 if (!ret)
1839 err = ret;
1840 }
1841 }
1842 read_unlock(&xfrm_km_lock);
1843 return err;
1844}
1845EXPORT_SYMBOL(km_report);
1846
1da177e4
LT		 1847int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1848{
1849 int err;
1850 u8 *data;
1851 struct xfrm_mgr *km;
1852 struct xfrm_policy *pol = NULL;
1853
1854 if (optlen <= 0 || optlen > PAGE_SIZE)
1855 return -EMSGSIZE;
1856
1857 data = kmalloc(optlen, GFP_KERNEL);
1858 if (!data)
1859 return -ENOMEM;
1860
1861 err = -EFAULT;
1862 if (copy_from_user(data, optval, optlen))
1863 goto out;
1864
1865 err = -EINVAL;
1866 read_lock(&xfrm_km_lock);
1867 list_for_each_entry(km, &xfrm_km_list, list) {
cb969f07 1868 pol = km->compile_policy(sk, optname, data,
1da177e4
LT		 1869 optlen, &err);
1870 if (err >= 0)
1871 break;
1872 }
1873 read_unlock(&xfrm_km_lock);
1874
1875 if (err >= 0) {
1876 xfrm_sk_policy_insert(sk, err, pol);
1877 xfrm_pol_put(pol);
1878 err = 0;
1879 }
1880
1881out:
1882 kfree(data);
1883 return err;
1884}
1885EXPORT_SYMBOL(xfrm_user_policy);
1886
1887int xfrm_register_km(struct xfrm_mgr *km)
1888{
1889 write_lock_bh(&xfrm_km_lock);
1890 list_add_tail(&km->list, &xfrm_km_list);
1891 write_unlock_bh(&xfrm_km_lock);
1892 return 0;
1893}
1894EXPORT_SYMBOL(xfrm_register_km);
1895
1896int xfrm_unregister_km(struct xfrm_mgr *km)
1897{
1898 write_lock_bh(&xfrm_km_lock);
1899 list_del(&km->list);
1900 write_unlock_bh(&xfrm_km_lock);
1901 return 0;
1902}
1903EXPORT_SYMBOL(xfrm_unregister_km);
1904
1905int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1906{
1907 int err = 0;
1908 if (unlikely(afinfo == NULL))
1909 return -EINVAL;
1910 if (unlikely(afinfo->family >= NPROTO))
1911 return -EAFNOSUPPORT;
f3111502 1912 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1913 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1914 err = -ENOBUFS;
edcd5821 1915 else
1da177e4 1916 xfrm_state_afinfo[afinfo->family] = afinfo;
f3111502 1917 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1918 return err;
1919}
1920EXPORT_SYMBOL(xfrm_state_register_afinfo);
1921
1922int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1923{
1924 int err = 0;
1925 if (unlikely(afinfo == NULL))
1926 return -EINVAL;
1927 if (unlikely(afinfo->family >= NPROTO))
1928 return -EAFNOSUPPORT;
f3111502 1929 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1930 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1931 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1932 err = -EINVAL;
edcd5821 1933 else
1da177e4 1934 xfrm_state_afinfo[afinfo->family] = NULL;
1da177e4 1935 }
f3111502 1936 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1937 return err;
1938}
1939EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1940
17c2a42a 1941static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1da177e4
LT		 1942{
1943 struct xfrm_state_afinfo *afinfo;
1944 if (unlikely(family >= NPROTO))
1945 return NULL;
1946 read_lock(&xfrm_state_afinfo_lock);
1947 afinfo = xfrm_state_afinfo[family];
546be240
HX		 1948 if (unlikely(!afinfo))
1949 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1950 return afinfo;
1951}
1952
17c2a42a 1953static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 1954 __releases(xfrm_state_afinfo_lock)
1da177e4 1955{
546be240 1956 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1957}
1958
1959/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1960void xfrm_state_delete_tunnel(struct xfrm_state *x)
1961{
1962 if (x->tunnel) {
1963 struct xfrm_state *t = x->tunnel;
1964
1965 if (atomic_read(&t->tunnel_users) == 2)
1966 xfrm_state_delete(t);
1967 atomic_dec(&t->tunnel_users);
1968 xfrm_state_put(t);
1969 x->tunnel = NULL;
1970 }
1971}
1972EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1973
1974int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1975{
c5c25238 1976 int res;
1da177e4 1977
c5c25238
PM		 1978 spin_lock_bh(&x->lock);
1979 if (x->km.state == XFRM_STATE_VALID &&
1980 x->type && x->type->get_mtu)
1981 res = x->type->get_mtu(x, mtu);
1982 else
28121617 1983 res = mtu - x->props.header_len;
c5c25238 1984 spin_unlock_bh(&x->lock);
1da177e4
LT		 1985 return res;
1986}
1987
72cb6962
HX		 1988int xfrm_init_state(struct xfrm_state *x)
1989{
d094cd83 1990 struct xfrm_state_afinfo *afinfo;
df9dcb45 1991 struct xfrm_mode *inner_mode;
d094cd83 1992 int family = x->props.family;
72cb6962
HX		 1993 int err;
1994
d094cd83
HX		 1995 err = -EAFNOSUPPORT;
1996 afinfo = xfrm_state_get_afinfo(family);
1997 if (!afinfo)
1998 goto error;
1999
2000 err = 0;
2001 if (afinfo->init_flags)
2002 err = afinfo->init_flags(x);
2003
2004 xfrm_state_put_afinfo(afinfo);
2005
2006 if (err)
2007 goto error;
2008
2009 err = -EPROTONOSUPPORT;
13996378 2010
df9dcb45
KM		 2011 if (x->sel.family != AF_UNSPEC) {
2012 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2013 if (inner_mode == NULL)
2014 goto error;
2015
2016 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2017 family != x->sel.family) {
2018 xfrm_put_mode(inner_mode);
2019 goto error;
2020 }
2021
2022 x->inner_mode = inner_mode;
2023 } else {
2024 struct xfrm_mode *inner_mode_iaf;
2025
2026 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2027 if (inner_mode == NULL)
2028 goto error;
2029
2030 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2031 xfrm_put_mode(inner_mode);
2032 goto error;
2033 }
2034
2035 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2036 if (inner_mode_iaf == NULL)
2037 goto error;
2038
2039 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2040 xfrm_put_mode(inner_mode_iaf);
2041 goto error;
2042 }
2043
2044 if (x->props.family == AF_INET) {
2045 x->inner_mode = inner_mode;
2046 x->inner_mode_iaf = inner_mode_iaf;
2047 } else {
2048 x->inner_mode = inner_mode_iaf;
2049 x->inner_mode_iaf = inner_mode;
2050 }
2051 }
13996378 2052
d094cd83 2053 x->type = xfrm_get_type(x->id.proto, family);
72cb6962
HX		 2054 if (x->type == NULL)
2055 goto error;
2056
2057 err = x->type->init_state(x);
2058 if (err)
2059 goto error;
2060
13996378
HX		 2061 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2062 if (x->outer_mode == NULL)
b59f45d0
HX		 2063 goto error;
2064
72cb6962
HX		 2065 x->km.state = XFRM_STATE_VALID;
2066
2067error:
2068 return err;
2069}
2070
2071EXPORT_SYMBOL(xfrm_init_state);
a716c119 2072
d62ddc21 2073int __net_init xfrm_state_init(struct net *net)
1da177e4 2074{
f034b5d4
DM		 2075 unsigned int sz;
2076
9d4139c7
AD		 2077 INIT_LIST_HEAD(&net->xfrm.state_all);
2078
f034b5d4
DM		 2079 sz = sizeof(struct hlist_head) * 8;
2080
73d189dc
AD		 2081 net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2082 if (!net->xfrm.state_bydst)
2083 goto out_bydst;
d320bbb3
AD		 2084 net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2085 if (!net->xfrm.state_bysrc)
2086 goto out_bysrc;
b754a4fd
AD		 2087 net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2088 if (!net->xfrm.state_byspi)
2089 goto out_byspi;
529983ec 2090 net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1da177e4 2091
c4028958 2092 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
d62ddc21 2093 return 0;
73d189dc 2094
b754a4fd
AD		 2095out_byspi:
2096 xfrm_hash_free(net->xfrm.state_bysrc, sz);
d320bbb3
AD		 2097out_bysrc:
2098 xfrm_hash_free(net->xfrm.state_bydst, sz);
73d189dc
AD		 2099out_bydst:
2100 return -ENOMEM;
d62ddc21
AD		 2101}
2102
2103void xfrm_state_fini(struct net *net)
2104{
73d189dc
AD		 2105 unsigned int sz;
2106
9d4139c7 2107 WARN_ON(!list_empty(&net->xfrm.state_all));
73d189dc 2108
529983ec 2109 sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
b754a4fd
AD		 2110 WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2111 xfrm_hash_free(net->xfrm.state_byspi, sz);
d320bbb3
AD		 2112 WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2113 xfrm_hash_free(net->xfrm.state_bysrc, sz);
73d189dc
AD		 2114 WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2115 xfrm_hash_free(net->xfrm.state_bydst, sz);
1da177e4
LT		 2116}
2117
ab5f5e8b 2118#ifdef CONFIG_AUDITSYSCALL
cf35f43e
IJ		 2119static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2120 struct audit_buffer *audit_buf)
ab5f5e8b 2121{
68277acc
PM		 2122 struct xfrm_sec_ctx *ctx = x->security;
2123 u32 spi = ntohl(x->id.spi);
2124
2125 if (ctx)
ab5f5e8b 2126 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
68277acc 2127 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
ab5f5e8b
JL		 2128
2129 switch(x->props.family) {
2130 case AF_INET:
21454aaa
HH		 2131 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2132 &x->props.saddr.a4, &x->id.daddr.a4);
ab5f5e8b
JL		 2133 break;
2134 case AF_INET6:
5b095d98 2135 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
fdb46ee7 2136 x->props.saddr.a6, x->id.daddr.a6);
ab5f5e8b
JL		 2137 break;
2138 }
68277acc
PM		 2139
2140 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
ab5f5e8b
JL		 2141}
2142
cf35f43e
IJ		 2143static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2144 struct audit_buffer *audit_buf)
afeb14b4
PM		 2145{
2146 struct iphdr *iph4;
2147 struct ipv6hdr *iph6;
2148
2149 switch (family) {
2150 case AF_INET:
2151 iph4 = ip_hdr(skb);
21454aaa
HH		 2152 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2153 &iph4->saddr, &iph4->daddr);
afeb14b4
PM		 2154 break;
2155 case AF_INET6:
2156 iph6 = ipv6_hdr(skb);
2157 audit_log_format(audit_buf,
5b095d98 2158 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
fdb46ee7 2159 &iph6->saddr,&iph6->daddr,
afeb14b4
PM		 2160 iph6->flow_lbl[0] & 0x0f,
2161 iph6->flow_lbl[1],
2162 iph6->flow_lbl[2]);
2163 break;
2164 }
2165}
2166
68277acc 2167void xfrm_audit_state_add(struct xfrm_state *x, int result,
2532386f 2168 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2169{
2170 struct audit_buffer *audit_buf;
ab5f5e8b 2171
afeb14b4 2172 audit_buf = xfrm_audit_start("SAD-add");
ab5f5e8b
JL		 2173 if (audit_buf == NULL)
2174 return;
2532386f 2175 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2176 xfrm_audit_helper_sainfo(x, audit_buf);
2177 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2178 audit_log_end(audit_buf);
2179}
2180EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2181
68277acc 2182void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2532386f 2183 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2184{
2185 struct audit_buffer *audit_buf;
ab5f5e8b 2186
afeb14b4 2187 audit_buf = xfrm_audit_start("SAD-delete");
ab5f5e8b
JL		 2188 if (audit_buf == NULL)
2189 return;
2532386f 2190 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2191 xfrm_audit_helper_sainfo(x, audit_buf);
2192 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2193 audit_log_end(audit_buf);
2194}
2195EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
afeb14b4
PM		 2196
2197void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2198 struct sk_buff *skb)
2199{
2200 struct audit_buffer *audit_buf;
2201 u32 spi;
2202
2203 audit_buf = xfrm_audit_start("SA-replay-overflow");
2204 if (audit_buf == NULL)
2205 return;
2206 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2207 /* don't record the sequence number because it's inherent in this kind
2208 * of audit message */
2209 spi = ntohl(x->id.spi);
2210 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2211 audit_log_end(audit_buf);
2212}
2213EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2214
2215static void xfrm_audit_state_replay(struct xfrm_state *x,
2216 struct sk_buff *skb, __be32 net_seq)
2217{
2218 struct audit_buffer *audit_buf;
2219 u32 spi;
2220
2221 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2222 if (audit_buf == NULL)
2223 return;
2224 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2225 spi = ntohl(x->id.spi);
2226 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2227 spi, spi, ntohl(net_seq));
2228 audit_log_end(audit_buf);
2229}
2230
2231void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2232{
2233 struct audit_buffer *audit_buf;
2234
2235 audit_buf = xfrm_audit_start("SA-notfound");
2236 if (audit_buf == NULL)
2237 return;
2238 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2239 audit_log_end(audit_buf);
2240}
2241EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2242
2243void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2244 __be32 net_spi, __be32 net_seq)
2245{
2246 struct audit_buffer *audit_buf;
2247 u32 spi;
2248
2249 audit_buf = xfrm_audit_start("SA-notfound");
2250 if (audit_buf == NULL)
2251 return;
2252 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2253 spi = ntohl(net_spi);
2254 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2255 spi, spi, ntohl(net_seq));
2256 audit_log_end(audit_buf);
2257}
2258EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2259
2260void xfrm_audit_state_icvfail(struct xfrm_state *x,
2261 struct sk_buff *skb, u8 proto)
2262{
2263 struct audit_buffer *audit_buf;
2264 __be32 net_spi;
2265 __be32 net_seq;
2266
2267 audit_buf = xfrm_audit_start("SA-icv-failure");
2268 if (audit_buf == NULL)
2269 return;
2270 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2271 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2272 u32 spi = ntohl(net_spi);
2273 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2274 spi, spi, ntohl(net_seq));
2275 }
2276 audit_log_end(audit_buf);
2277}
2278EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
ab5f5e8b 2279#endif /* CONFIG_AUDITSYSCALL */
Ubuntu Eoan Linux kernel mirror