]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/xfrm/xfrm_state.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
netns xfrm: propagate netns into bydst/bysrc/byspi hash functions
[mirror_ubuntu-artful-kernel.git] / net / xfrm / xfrm_state.c
CommitLineData
1da177e4
LT		 1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
df71837d 13 *
1da177e4
LT		 14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
f034b5d4 21#include <linux/cache.h>
68277acc 22#include <linux/audit.h>
b5890d8b 23#include <asm/uaccess.h>
1da177e4 24
44e36b42
DM		 25#include "xfrm_hash.h"
26
ee857a7d
DM		 27struct sock *xfrm_nl;
28EXPORT_SYMBOL(xfrm_nl);
29
01e67d08 30u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
a70fcb0b
DM		 31EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
01e67d08 33u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
a70fcb0b
DM		 34EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
01e67d08
DM		 36u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
1da177e4
LT		 38/* Each xfrm_state may be linked to two tables:
39
40 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
a624c108 41 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
1da177e4
LT		 42 destination/tunnel endpoint. (output)
43 */
44
45static DEFINE_SPINLOCK(xfrm_state_lock);
46
f034b5d4 47static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
9d4a706d 48static unsigned int xfrm_state_genid;
f034b5d4 49
17c2a42a
HX		 50static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
51static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
52
afeb14b4
PM		 53#ifdef CONFIG_AUDITSYSCALL
54static void xfrm_audit_state_replay(struct xfrm_state *x,
55 struct sk_buff *skb, __be32 net_seq);
56#else
57#define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
58#endif /* CONFIG_AUDITSYSCALL */
59
64d0cd00
AD		 60static inline unsigned int xfrm_dst_hash(struct net *net,
61 xfrm_address_t *daddr,
c1969f29
DM		 62 xfrm_address_t *saddr,
63 u32 reqid,
a624c108 64 unsigned short family)
f034b5d4 65{
64d0cd00 66 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask);
f034b5d4
DM		 67}
68
64d0cd00
AD		 69static inline unsigned int xfrm_src_hash(struct net *net,
70 xfrm_address_t *daddr,
667bbcb6 71 xfrm_address_t *saddr,
44e36b42 72 unsigned short family)
f034b5d4 73{
64d0cd00 74 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask);
f034b5d4
DM		 75}
76
f034b5d4 77static inline unsigned int
64d0cd00 78xfrm_spi_hash(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
f034b5d4 79{
64d0cd00 80 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask);
f034b5d4
DM		 81}
82
f034b5d4
DM		 83static void xfrm_hash_transfer(struct hlist_head *list,
84 struct hlist_head *ndsttable,
85 struct hlist_head *nsrctable,
86 struct hlist_head *nspitable,
87 unsigned int nhashmask)
88{
89 struct hlist_node *entry, *tmp;
90 struct xfrm_state *x;
91
92 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
93 unsigned int h;
94
c1969f29
DM		 95 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
96 x->props.reqid, x->props.family,
97 nhashmask);
f034b5d4
DM		 98 hlist_add_head(&x->bydst, ndsttable+h);
99
667bbcb6
MN		 100 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
101 x->props.family,
f034b5d4
DM		 102 nhashmask);
103 hlist_add_head(&x->bysrc, nsrctable+h);
104
7b4dc360
MN		 105 if (x->id.spi) {
106 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
107 x->id.proto, x->props.family,
108 nhashmask);
109 hlist_add_head(&x->byspi, nspitable+h);
110 }
f034b5d4
DM		 111 }
112}
113
63082733 114static unsigned long xfrm_hash_new_size(unsigned int state_hmask)
f034b5d4 115{
63082733 116 return ((state_hmask + 1) << 1) * sizeof(struct hlist_head);
f034b5d4
DM		 117}
118
119static DEFINE_MUTEX(hash_resize_mutex);
120
63082733 121static void xfrm_hash_resize(struct work_struct *work)
f034b5d4 122{
63082733 123 struct net *net = container_of(work, struct net, xfrm.state_hash_work);
f034b5d4
DM		 124 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
125 unsigned long nsize, osize;
126 unsigned int nhashmask, ohashmask;
127 int i;
128
129 mutex_lock(&hash_resize_mutex);
130
63082733 131 nsize = xfrm_hash_new_size(net->xfrm.state_hmask);
44e36b42 132 ndst = xfrm_hash_alloc(nsize);
f034b5d4
DM		 133 if (!ndst)
134 goto out_unlock;
44e36b42 135 nsrc = xfrm_hash_alloc(nsize);
f034b5d4 136 if (!nsrc) {
44e36b42 137 xfrm_hash_free(ndst, nsize);
f034b5d4
DM		 138 goto out_unlock;
139 }
44e36b42 140 nspi = xfrm_hash_alloc(nsize);
f034b5d4 141 if (!nspi) {
44e36b42
DM		 142 xfrm_hash_free(ndst, nsize);
143 xfrm_hash_free(nsrc, nsize);
f034b5d4
DM		 144 goto out_unlock;
145 }
146
147 spin_lock_bh(&xfrm_state_lock);
148
149 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
63082733
AD		 150 for (i = net->xfrm.state_hmask; i >= 0; i--)
151 xfrm_hash_transfer(net->xfrm.state_bydst+i, ndst, nsrc, nspi,
f034b5d4
DM		 152 nhashmask);
153
63082733
AD		 154 odst = net->xfrm.state_bydst;
155 osrc = net->xfrm.state_bysrc;
156 ospi = net->xfrm.state_byspi;
157 ohashmask = net->xfrm.state_hmask;
f034b5d4 158
63082733
AD		 159 net->xfrm.state_bydst = ndst;
160 net->xfrm.state_bysrc = nsrc;
161 net->xfrm.state_byspi = nspi;
162 net->xfrm.state_hmask = nhashmask;
f034b5d4
DM		 163
164 spin_unlock_bh(&xfrm_state_lock);
165
166 osize = (ohashmask + 1) * sizeof(struct hlist_head);
44e36b42
DM		 167 xfrm_hash_free(odst, osize);
168 xfrm_hash_free(osrc, osize);
169 xfrm_hash_free(ospi, osize);
f034b5d4
DM		 170
171out_unlock:
172 mutex_unlock(&hash_resize_mutex);
173}
174
1da177e4
LT		 175static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
176static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
177
1da177e4
LT		 178static DEFINE_SPINLOCK(xfrm_state_gc_lock);
179
53bc6b4d 180int __xfrm_state_delete(struct xfrm_state *x);
1da177e4 181
980ebd25 182int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
53bc6b4d 183void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
1da177e4 184
aa5d62cc
HX		 185static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
186{
187 struct xfrm_state_afinfo *afinfo;
188 if (unlikely(family >= NPROTO))
189 return NULL;
190 write_lock_bh(&xfrm_state_afinfo_lock);
191 afinfo = xfrm_state_afinfo[family];
192 if (unlikely(!afinfo))
193 write_unlock_bh(&xfrm_state_afinfo_lock);
194 return afinfo;
195}
196
197static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 198 __releases(xfrm_state_afinfo_lock)
aa5d62cc
HX		 199{
200 write_unlock_bh(&xfrm_state_afinfo_lock);
201}
202
533cb5b0 203int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 204{
205 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 206 const struct xfrm_type **typemap;
aa5d62cc
HX		 207 int err = 0;
208
209 if (unlikely(afinfo == NULL))
210 return -EAFNOSUPPORT;
211 typemap = afinfo->type_map;
212
213 if (likely(typemap[type->proto] == NULL))
214 typemap[type->proto] = type;
215 else
216 err = -EEXIST;
217 xfrm_state_unlock_afinfo(afinfo);
218 return err;
219}
220EXPORT_SYMBOL(xfrm_register_type);
221
533cb5b0 222int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 223{
224 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 225 const struct xfrm_type **typemap;
aa5d62cc
HX		 226 int err = 0;
227
228 if (unlikely(afinfo == NULL))
229 return -EAFNOSUPPORT;
230 typemap = afinfo->type_map;
231
232 if (unlikely(typemap[type->proto] != type))
233 err = -ENOENT;
234 else
235 typemap[type->proto] = NULL;
236 xfrm_state_unlock_afinfo(afinfo);
237 return err;
238}
239EXPORT_SYMBOL(xfrm_unregister_type);
240
533cb5b0 241static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
aa5d62cc
HX		 242{
243 struct xfrm_state_afinfo *afinfo;
533cb5b0
ED		 244 const struct xfrm_type **typemap;
245 const struct xfrm_type *type;
aa5d62cc
HX		 246 int modload_attempted = 0;
247
248retry:
249 afinfo = xfrm_state_get_afinfo(family);
250 if (unlikely(afinfo == NULL))
251 return NULL;
252 typemap = afinfo->type_map;
253
254 type = typemap[proto];
255 if (unlikely(type && !try_module_get(type->owner)))
256 type = NULL;
257 if (!type && !modload_attempted) {
258 xfrm_state_put_afinfo(afinfo);
259 request_module("xfrm-type-%d-%d", family, proto);
260 modload_attempted = 1;
261 goto retry;
262 }
263
264 xfrm_state_put_afinfo(afinfo);
265 return type;
266}
267
533cb5b0 268static void xfrm_put_type(const struct xfrm_type *type)
aa5d62cc
HX		 269{
270 module_put(type->owner);
271}
272
273int xfrm_register_mode(struct xfrm_mode *mode, int family)
274{
275 struct xfrm_state_afinfo *afinfo;
276 struct xfrm_mode **modemap;
277 int err;
278
279 if (unlikely(mode->encap >= XFRM_MODE_MAX))
280 return -EINVAL;
281
282 afinfo = xfrm_state_lock_afinfo(family);
283 if (unlikely(afinfo == NULL))
284 return -EAFNOSUPPORT;
285
286 err = -EEXIST;
287 modemap = afinfo->mode_map;
17c2a42a
HX		 288 if (modemap[mode->encap])
289 goto out;
aa5d62cc 290
17c2a42a
HX		 291 err = -ENOENT;
292 if (!try_module_get(afinfo->owner))
293 goto out;
294
295 mode->afinfo = afinfo;
296 modemap[mode->encap] = mode;
297 err = 0;
298
299out:
aa5d62cc
HX		 300 xfrm_state_unlock_afinfo(afinfo);
301 return err;
302}
303EXPORT_SYMBOL(xfrm_register_mode);
304
305int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
306{
307 struct xfrm_state_afinfo *afinfo;
308 struct xfrm_mode **modemap;
309 int err;
310
311 if (unlikely(mode->encap >= XFRM_MODE_MAX))
312 return -EINVAL;
313
314 afinfo = xfrm_state_lock_afinfo(family);
315 if (unlikely(afinfo == NULL))
316 return -EAFNOSUPPORT;
317
318 err = -ENOENT;
319 modemap = afinfo->mode_map;
320 if (likely(modemap[mode->encap] == mode)) {
321 modemap[mode->encap] = NULL;
17c2a42a 322 module_put(mode->afinfo->owner);
aa5d62cc
HX		 323 err = 0;
324 }
325
326 xfrm_state_unlock_afinfo(afinfo);
327 return err;
328}
329EXPORT_SYMBOL(xfrm_unregister_mode);
330
331static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
332{
333 struct xfrm_state_afinfo *afinfo;
334 struct xfrm_mode *mode;
335 int modload_attempted = 0;
336
337 if (unlikely(encap >= XFRM_MODE_MAX))
338 return NULL;
339
340retry:
341 afinfo = xfrm_state_get_afinfo(family);
342 if (unlikely(afinfo == NULL))
343 return NULL;
344
345 mode = afinfo->mode_map[encap];
346 if (unlikely(mode && !try_module_get(mode->owner)))
347 mode = NULL;
348 if (!mode && !modload_attempted) {
349 xfrm_state_put_afinfo(afinfo);
350 request_module("xfrm-mode-%d-%d", family, encap);
351 modload_attempted = 1;
352 goto retry;
353 }
354
355 xfrm_state_put_afinfo(afinfo);
356 return mode;
357}
358
359static void xfrm_put_mode(struct xfrm_mode *mode)
360{
361 module_put(mode->owner);
362}
363
1da177e4
LT		 364static void xfrm_state_gc_destroy(struct xfrm_state *x)
365{
a47f0ce0
DM		 366 del_timer_sync(&x->timer);
367 del_timer_sync(&x->rtimer);
a51482bd
JJ		 368 kfree(x->aalg);
369 kfree(x->ealg);
370 kfree(x->calg);
371 kfree(x->encap);
060f02a3 372 kfree(x->coaddr);
13996378
HX		 373 if (x->inner_mode)
374 xfrm_put_mode(x->inner_mode);
df9dcb45
KM		 375 if (x->inner_mode_iaf)
376 xfrm_put_mode(x->inner_mode_iaf);
13996378
HX		 377 if (x->outer_mode)
378 xfrm_put_mode(x->outer_mode);
1da177e4
LT		 379 if (x->type) {
380 x->type->destructor(x);
381 xfrm_put_type(x->type);
382 }
df71837d 383 security_xfrm_state_free(x);
1da177e4
LT		 384 kfree(x);
385}
386
c7837144 387static void xfrm_state_gc_task(struct work_struct *work)
1da177e4 388{
c7837144 389 struct net *net = container_of(work, struct net, xfrm.state_gc_work);
12a169e7
HX		 390 struct xfrm_state *x;
391 struct hlist_node *entry, *tmp;
392 struct hlist_head gc_list;
1da177e4 393
1da177e4 394 spin_lock_bh(&xfrm_state_gc_lock);
c7837144 395 hlist_move_list(&net->xfrm.state_gc_list, &gc_list);
1da177e4
LT		 396 spin_unlock_bh(&xfrm_state_gc_lock);
397
12a169e7 398 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
1da177e4 399 xfrm_state_gc_destroy(x);
8f126e37 400
50a30657 401 wake_up(&net->xfrm.km_waitq);
1da177e4
LT		 402}
403
404static inline unsigned long make_jiffies(long secs)
405{
406 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
407 return MAX_SCHEDULE_TIMEOUT-1;
408 else
a716c119 409 return secs*HZ;
1da177e4
LT		 410}
411
412static void xfrm_timer_handler(unsigned long data)
413{
414 struct xfrm_state *x = (struct xfrm_state*)data;
9d729f72 415 unsigned long now = get_seconds();
1da177e4
LT		 416 long next = LONG_MAX;
417 int warn = 0;
161a09e7 418 int err = 0;
1da177e4
LT		 419
420 spin_lock(&x->lock);
421 if (x->km.state == XFRM_STATE_DEAD)
422 goto out;
423 if (x->km.state == XFRM_STATE_EXPIRED)
424 goto expired;
425 if (x->lft.hard_add_expires_seconds) {
426 long tmo = x->lft.hard_add_expires_seconds +
427 x->curlft.add_time - now;
428 if (tmo <= 0)
429 goto expired;
430 if (tmo < next)
431 next = tmo;
432 }
433 if (x->lft.hard_use_expires_seconds) {
434 long tmo = x->lft.hard_use_expires_seconds +
435 (x->curlft.use_time ? : now) - now;
436 if (tmo <= 0)
437 goto expired;
438 if (tmo < next)
439 next = tmo;
440 }
441 if (x->km.dying)
442 goto resched;
443 if (x->lft.soft_add_expires_seconds) {
444 long tmo = x->lft.soft_add_expires_seconds +
445 x->curlft.add_time - now;
446 if (tmo <= 0)
447 warn = 1;
448 else if (tmo < next)
449 next = tmo;
450 }
451 if (x->lft.soft_use_expires_seconds) {
452 long tmo = x->lft.soft_use_expires_seconds +
453 (x->curlft.use_time ? : now) - now;
454 if (tmo <= 0)
455 warn = 1;
456 else if (tmo < next)
457 next = tmo;
458 }
459
4666faab 460 x->km.dying = warn;
1da177e4 461 if (warn)
53bc6b4d 462 km_state_expired(x, 0, 0);
1da177e4 463resched:
a47f0ce0
DM		 464 if (next != LONG_MAX)
465 mod_timer(&x->timer, jiffies + make_jiffies(next));
466
1da177e4
LT		 467 goto out;
468
469expired:
470 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
471 x->km.state = XFRM_STATE_EXPIRED;
50a30657 472 wake_up(&init_net.xfrm.km_waitq);
1da177e4
LT		 473 next = 2;
474 goto resched;
475 }
161a09e7
JL		 476
477 err = __xfrm_state_delete(x);
478 if (!err && x->id.spi)
53bc6b4d 479 km_state_expired(x, 1, 0);
1da177e4 480
ab5f5e8b 481 xfrm_audit_state_delete(x, err ? 0 : 1,
2532386f
EP		 482 audit_get_loginuid(current),
483 audit_get_sessionid(current), 0);
161a09e7 484
1da177e4
LT		 485out:
486 spin_unlock(&x->lock);
1da177e4
LT		 487}
488
0ac84752
DM		 489static void xfrm_replay_timer_handler(unsigned long data);
490
673c09be 491struct xfrm_state *xfrm_state_alloc(struct net *net)
1da177e4
LT		 492{
493 struct xfrm_state *x;
494
0da974f4 495 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
1da177e4
LT		 496
497 if (x) {
673c09be 498 write_pnet(&x->xs_net, net);
1da177e4
LT		 499 atomic_set(&x->refcnt, 1);
500 atomic_set(&x->tunnel_users, 0);
12a169e7 501 INIT_LIST_HEAD(&x->km.all);
8f126e37
DM		 502 INIT_HLIST_NODE(&x->bydst);
503 INIT_HLIST_NODE(&x->bysrc);
504 INIT_HLIST_NODE(&x->byspi);
b24b8a24
PE		 505 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
506 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
507 (unsigned long)x);
9d729f72 508 x->curlft.add_time = get_seconds();
1da177e4
LT		 509 x->lft.soft_byte_limit = XFRM_INF;
510 x->lft.soft_packet_limit = XFRM_INF;
511 x->lft.hard_byte_limit = XFRM_INF;
512 x->lft.hard_packet_limit = XFRM_INF;
f8cd5488
JHS		 513 x->replay_maxage = 0;
514 x->replay_maxdiff = 0;
df9dcb45
KM		 515 x->inner_mode = NULL;
516 x->inner_mode_iaf = NULL;
1da177e4
LT		 517 spin_lock_init(&x->lock);
518 }
519 return x;
520}
521EXPORT_SYMBOL(xfrm_state_alloc);
522
523void __xfrm_state_destroy(struct xfrm_state *x)
524{
547b792c 525 WARN_ON(x->km.state != XFRM_STATE_DEAD);
1da177e4
LT		 526
527 spin_lock_bh(&xfrm_state_gc_lock);
b8a0ae20 528 hlist_add_head(&x->gclist, &init_net.xfrm.state_gc_list);
1da177e4 529 spin_unlock_bh(&xfrm_state_gc_lock);
c7837144 530 schedule_work(&init_net.xfrm.state_gc_work);
1da177e4
LT		 531}
532EXPORT_SYMBOL(__xfrm_state_destroy);
533
53bc6b4d 534int __xfrm_state_delete(struct xfrm_state *x)
1da177e4 535{
26b15dad
JHS		 536 int err = -ESRCH;
537
1da177e4
LT		 538 if (x->km.state != XFRM_STATE_DEAD) {
539 x->km.state = XFRM_STATE_DEAD;
540 spin_lock(&xfrm_state_lock);
12a169e7 541 list_del(&x->km.all);
8f126e37 542 hlist_del(&x->bydst);
8f126e37 543 hlist_del(&x->bysrc);
a47f0ce0 544 if (x->id.spi)
8f126e37 545 hlist_del(&x->byspi);
0bf7c5b0 546 init_net.xfrm.state_num--;
1da177e4 547 spin_unlock(&xfrm_state_lock);
1da177e4 548
1da177e4
LT		 549 /* All xfrm_state objects are created by xfrm_state_alloc.
550 * The xfrm_state_alloc call gives a reference, and that
551 * is what we are dropping here.
552 */
5dba4797 553 xfrm_state_put(x);
26b15dad 554 err = 0;
1da177e4 555 }
26b15dad
JHS		 556
557 return err;
1da177e4 558}
53bc6b4d 559EXPORT_SYMBOL(__xfrm_state_delete);
1da177e4 560
26b15dad 561int xfrm_state_delete(struct xfrm_state *x)
1da177e4 562{
26b15dad
JHS		 563 int err;
564
1da177e4 565 spin_lock_bh(&x->lock);
26b15dad 566 err = __xfrm_state_delete(x);
1da177e4 567 spin_unlock_bh(&x->lock);
26b15dad
JHS		 568
569 return err;
1da177e4
LT		 570}
571EXPORT_SYMBOL(xfrm_state_delete);
572
4aa2e62c
JL		 573#ifdef CONFIG_SECURITY_NETWORK_XFRM
574static inline int
575xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
1da177e4 576{
4aa2e62c
JL		 577 int i, err = 0;
578
529983ec 579 for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
4aa2e62c
JL		 580 struct hlist_node *entry;
581 struct xfrm_state *x;
582
73d189dc 583 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
4aa2e62c
JL		 584 if (xfrm_id_proto_match(x->id.proto, proto) &&
585 (err = security_xfrm_state_delete(x)) != 0) {
ab5f5e8b
JL		 586 xfrm_audit_state_delete(x, 0,
587 audit_info->loginuid,
2532386f 588 audit_info->sessionid,
ab5f5e8b 589 audit_info->secid);
4aa2e62c
JL		 590 return err;
591 }
592 }
593 }
594
595 return err;
596}
597#else
598static inline int
599xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
600{
601 return 0;
602}
603#endif
604
605int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
606{
607 int i, err = 0;
1da177e4
LT		 608
609 spin_lock_bh(&xfrm_state_lock);
4aa2e62c
JL		 610 err = xfrm_state_flush_secctx_check(proto, audit_info);
611 if (err)
612 goto out;
613
529983ec 614 for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
8f126e37
DM		 615 struct hlist_node *entry;
616 struct xfrm_state *x;
1da177e4 617restart:
73d189dc 618 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
1da177e4 619 if (!xfrm_state_kern(x) &&
5794708f 620 xfrm_id_proto_match(x->id.proto, proto)) {
1da177e4
LT		 621 xfrm_state_hold(x);
622 spin_unlock_bh(&xfrm_state_lock);
623
161a09e7 624 err = xfrm_state_delete(x);
ab5f5e8b
JL		 625 xfrm_audit_state_delete(x, err ? 0 : 1,
626 audit_info->loginuid,
2532386f 627 audit_info->sessionid,
ab5f5e8b 628 audit_info->secid);
1da177e4
LT		 629 xfrm_state_put(x);
630
631 spin_lock_bh(&xfrm_state_lock);
632 goto restart;
633 }
634 }
635 }
4aa2e62c
JL		 636 err = 0;
637
638out:
1da177e4 639 spin_unlock_bh(&xfrm_state_lock);
50a30657 640 wake_up(&init_net.xfrm.km_waitq);
4aa2e62c 641 return err;
1da177e4
LT		 642}
643EXPORT_SYMBOL(xfrm_state_flush);
644
af11e316 645void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
28d8909b
JHS		 646{
647 spin_lock_bh(&xfrm_state_lock);
0bf7c5b0 648 si->sadcnt = init_net.xfrm.state_num;
529983ec 649 si->sadhcnt = init_net.xfrm.state_hmask;
28d8909b
JHS		 650 si->sadhmcnt = xfrm_state_hashmax;
651 spin_unlock_bh(&xfrm_state_lock);
652}
653EXPORT_SYMBOL(xfrm_sad_getinfo);
654
1da177e4
LT		 655static int
656xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
657 struct xfrm_tmpl *tmpl,
658 xfrm_address_t *daddr, xfrm_address_t *saddr,
659 unsigned short family)
660{
661 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
662 if (!afinfo)
663 return -1;
664 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
665 xfrm_state_put_afinfo(afinfo);
666 return 0;
667}
668
a94cfd19 669static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
edcd5821 670{
64d0cd00 671 unsigned int h = xfrm_spi_hash(&init_net, daddr, spi, proto, family);
edcd5821 672 struct xfrm_state *x;
8f126e37 673 struct hlist_node *entry;
edcd5821 674
b754a4fd 675 hlist_for_each_entry(x, entry, init_net.xfrm.state_byspi+h, byspi) {
edcd5821
DM		 676 if (x->props.family != family ||
677 x->id.spi != spi ||
678 x->id.proto != proto)
679 continue;
680
681 switch (family) {
682 case AF_INET:
683 if (x->id.daddr.a4 != daddr->a4)
684 continue;
685 break;
686 case AF_INET6:
687 if (!ipv6_addr_equal((struct in6_addr *)daddr,
688 (struct in6_addr *)
689 x->id.daddr.a6))
690 continue;
691 break;
3ff50b79 692 }
edcd5821
DM		 693
694 xfrm_state_hold(x);
695 return x;
696 }
697
698 return NULL;
699}
700
701static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
702{
64d0cd00 703 unsigned int h = xfrm_src_hash(&init_net, daddr, saddr, family);
edcd5821 704 struct xfrm_state *x;
8f126e37 705 struct hlist_node *entry;
edcd5821 706
d320bbb3 707 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
edcd5821
DM		 708 if (x->props.family != family ||
709 x->id.proto != proto)
710 continue;
711
712 switch (family) {
713 case AF_INET:
714 if (x->id.daddr.a4 != daddr->a4 ||
715 x->props.saddr.a4 != saddr->a4)
716 continue;
717 break;
718 case AF_INET6:
719 if (!ipv6_addr_equal((struct in6_addr *)daddr,
720 (struct in6_addr *)
721 x->id.daddr.a6) ||
722 !ipv6_addr_equal((struct in6_addr *)saddr,
723 (struct in6_addr *)
724 x->props.saddr.a6))
725 continue;
726 break;
3ff50b79 727 }
edcd5821
DM		 728
729 xfrm_state_hold(x);
730 return x;
731 }
732
733 return NULL;
734}
735
736static inline struct xfrm_state *
737__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
738{
739 if (use_spi)
740 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
741 x->id.proto, family);
742 else
743 return __xfrm_state_lookup_byaddr(&x->id.daddr,
744 &x->props.saddr,
745 x->id.proto, family);
746}
747
2fab22f2
PM		 748static void xfrm_hash_grow_check(int have_hash_collision)
749{
750 if (have_hash_collision &&
529983ec 751 (init_net.xfrm.state_hmask + 1) < xfrm_state_hashmax &&
0bf7c5b0 752 init_net.xfrm.state_num > init_net.xfrm.state_hmask)
63082733 753 schedule_work(&init_net.xfrm.state_hash_work);
2fab22f2
PM		 754}
755
1da177e4 756struct xfrm_state *
a716c119 757xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 758 struct flowi *fl, struct xfrm_tmpl *tmpl,
759 struct xfrm_policy *pol, int *err,
760 unsigned short family)
761{
4bda4f25 762 unsigned int h;
8f126e37 763 struct hlist_node *entry;
37b08e34 764 struct xfrm_state *x, *x0, *to_put;
1da177e4
LT		 765 int acquire_in_progress = 0;
766 int error = 0;
767 struct xfrm_state *best = NULL;
a716c119 768
37b08e34
DM		 769 to_put = NULL;
770
1da177e4 771 spin_lock_bh(&xfrm_state_lock);
64d0cd00 772 h = xfrm_dst_hash(&init_net, daddr, saddr, tmpl->reqid, family);
73d189dc 773 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
1da177e4
LT		 774 if (x->props.family == family &&
775 x->props.reqid == tmpl->reqid &&
fbd9a5b4 776 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1da177e4
LT		 777 xfrm_state_addr_check(x, daddr, saddr, family) &&
778 tmpl->mode == x->props.mode &&
779 tmpl->id.proto == x->id.proto &&
780 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
781 /* Resolution logic:
782 1. There is a valid state with matching selector.
783 Done.
784 2. Valid state with inappropriate selector. Skip.
785
786 Entering area of "sysdeps".
787
788 3. If state is not valid, selector is temporary,
789 it selects only session which triggered
790 previous resolution. Key manager will do
791 something to install a state with proper
792 selector.
793 */
794 if (x->km.state == XFRM_STATE_VALID) {
df9dcb45 795 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
e0d1caa7 796 !security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 797 continue;
798 if (!best ||
799 best->km.dying > x->km.dying ||
800 (best->km.dying == x->km.dying &&
801 best->curlft.add_time < x->curlft.add_time))
802 best = x;
803 } else if (x->km.state == XFRM_STATE_ACQ) {
804 acquire_in_progress = 1;
805 } else if (x->km.state == XFRM_STATE_ERROR ||
806 x->km.state == XFRM_STATE_EXPIRED) {
48b8d783 807 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
e0d1caa7 808 security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 809 error = -ESRCH;
810 }
811 }
812 }
813
814 x = best;
815 if (!x && !error && !acquire_in_progress) {
5c5d281a 816 if (tmpl->id.spi &&
edcd5821
DM		 817 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
818 tmpl->id.proto, family)) != NULL) {
37b08e34 819 to_put = x0;
1da177e4
LT		 820 error = -EEXIST;
821 goto out;
822 }
673c09be 823 x = xfrm_state_alloc(&init_net);
1da177e4
LT		 824 if (x == NULL) {
825 error = -ENOMEM;
826 goto out;
827 }
828 /* Initialize temporary selector matching only
829 * to current session. */
830 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
831
e0d1caa7
VY		 832 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
833 if (error) {
834 x->km.state = XFRM_STATE_DEAD;
37b08e34 835 to_put = x;
e0d1caa7
VY		 836 x = NULL;
837 goto out;
838 }
839
1da177e4
LT		 840 if (km_query(x, tmpl, pol) == 0) {
841 x->km.state = XFRM_STATE_ACQ;
9d4139c7 842 list_add(&x->km.all, &init_net.xfrm.state_all);
73d189dc 843 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
64d0cd00 844 h = xfrm_src_hash(&init_net, daddr, saddr, family);
d320bbb3 845 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1da177e4 846 if (x->id.spi) {
64d0cd00 847 h = xfrm_spi_hash(&init_net, &x->id.daddr, x->id.spi, x->id.proto, family);
b754a4fd 848 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1da177e4 849 }
01e67d08
DM		 850 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
851 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1da177e4 852 add_timer(&x->timer);
0bf7c5b0 853 init_net.xfrm.state_num++;
2fab22f2 854 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 855 } else {
856 x->km.state = XFRM_STATE_DEAD;
37b08e34 857 to_put = x;
1da177e4
LT		 858 x = NULL;
859 error = -ESRCH;
860 }
861 }
862out:
863 if (x)
864 xfrm_state_hold(x);
865 else
866 *err = acquire_in_progress ? -EAGAIN : error;
867 spin_unlock_bh(&xfrm_state_lock);
37b08e34
DM		 868 if (to_put)
869 xfrm_state_put(to_put);
1da177e4
LT		 870 return x;
871}
872
628529b6
JHS		 873struct xfrm_state *
874xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
875 unsigned short family, u8 mode, u8 proto, u32 reqid)
876{
4bda4f25 877 unsigned int h;
628529b6
JHS		 878 struct xfrm_state *rx = NULL, *x = NULL;
879 struct hlist_node *entry;
880
881 spin_lock(&xfrm_state_lock);
64d0cd00 882 h = xfrm_dst_hash(&init_net, daddr, saddr, reqid, family);
73d189dc 883 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
628529b6
JHS		 884 if (x->props.family == family &&
885 x->props.reqid == reqid &&
886 !(x->props.flags & XFRM_STATE_WILDRECV) &&
887 xfrm_state_addr_check(x, daddr, saddr, family) &&
888 mode == x->props.mode &&
889 proto == x->id.proto &&
890 x->km.state == XFRM_STATE_VALID) {
891 rx = x;
892 break;
893 }
894 }
895
896 if (rx)
897 xfrm_state_hold(rx);
898 spin_unlock(&xfrm_state_lock);
899
900
901 return rx;
902}
903EXPORT_SYMBOL(xfrm_stateonly_find);
904
1da177e4
LT		 905static void __xfrm_state_insert(struct xfrm_state *x)
906{
a624c108 907 unsigned int h;
1da177e4 908
9d4a706d
DM		 909 x->genid = ++xfrm_state_genid;
910
9d4139c7 911 list_add(&x->km.all, &init_net.xfrm.state_all);
4c563f76 912
64d0cd00 913 h = xfrm_dst_hash(&init_net, &x->id.daddr, &x->props.saddr,
c1969f29 914 x->props.reqid, x->props.family);
73d189dc 915 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
1da177e4 916
64d0cd00 917 h = xfrm_src_hash(&init_net, &x->id.daddr, &x->props.saddr, x->props.family);
d320bbb3 918 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1da177e4 919
7b4dc360 920 if (x->id.spi) {
64d0cd00 921 h = xfrm_spi_hash(&init_net, &x->id.daddr, x->id.spi, x->id.proto,
6c44e6b7
MN		 922 x->props.family);
923
b754a4fd 924 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
6c44e6b7
MN		 925 }
926
a47f0ce0
DM		 927 mod_timer(&x->timer, jiffies + HZ);
928 if (x->replay_maxage)
929 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
f8cd5488 930
50a30657 931 wake_up(&init_net.xfrm.km_waitq);
f034b5d4 932
0bf7c5b0 933 init_net.xfrm.state_num++;
f034b5d4 934
918049f0 935 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 936}
937
c7f5ea3a
DM		 938/* xfrm_state_lock is held */
939static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
940{
941 unsigned short family = xnew->props.family;
942 u32 reqid = xnew->props.reqid;
943 struct xfrm_state *x;
944 struct hlist_node *entry;
945 unsigned int h;
946
64d0cd00 947 h = xfrm_dst_hash(&init_net, &xnew->id.daddr, &xnew->props.saddr, reqid, family);
73d189dc 948 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
c7f5ea3a
DM		 949 if (x->props.family == family &&
950 x->props.reqid == reqid &&
c1969f29
DM		 951 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
952 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
c7f5ea3a
DM		 953 x->genid = xfrm_state_genid;
954 }
955}
956
1da177e4
LT		 957void xfrm_state_insert(struct xfrm_state *x)
958{
959 spin_lock_bh(&xfrm_state_lock);
c7f5ea3a 960 __xfrm_state_bump_genids(x);
1da177e4
LT		 961 __xfrm_state_insert(x);
962 spin_unlock_bh(&xfrm_state_lock);
963}
964EXPORT_SYMBOL(xfrm_state_insert);
965
2770834c
DM		 966/* xfrm_state_lock is held */
967static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
968{
64d0cd00 969 unsigned int h = xfrm_dst_hash(&init_net, daddr, saddr, reqid, family);
8f126e37 970 struct hlist_node *entry;
2770834c
DM		 971 struct xfrm_state *x;
972
73d189dc 973 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
2770834c
DM		 974 if (x->props.reqid != reqid ||
975 x->props.mode != mode ||
976 x->props.family != family ||
977 x->km.state != XFRM_STATE_ACQ ||
75e252d9
JL		 978 x->id.spi != 0 ||
979 x->id.proto != proto)
2770834c
DM		 980 continue;
981
982 switch (family) {
983 case AF_INET:
984 if (x->id.daddr.a4 != daddr->a4 ||
985 x->props.saddr.a4 != saddr->a4)
986 continue;
987 break;
988 case AF_INET6:
989 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
990 (struct in6_addr *)daddr) ||
991 !ipv6_addr_equal((struct in6_addr *)
992 x->props.saddr.a6,
993 (struct in6_addr *)saddr))
994 continue;
995 break;
3ff50b79 996 }
2770834c
DM		 997
998 xfrm_state_hold(x);
999 return x;
1000 }
1001
1002 if (!create)
1003 return NULL;
1004
673c09be 1005 x = xfrm_state_alloc(&init_net);
2770834c
DM		 1006 if (likely(x)) {
1007 switch (family) {
1008 case AF_INET:
1009 x->sel.daddr.a4 = daddr->a4;
1010 x->sel.saddr.a4 = saddr->a4;
1011 x->sel.prefixlen_d = 32;
1012 x->sel.prefixlen_s = 32;
1013 x->props.saddr.a4 = saddr->a4;
1014 x->id.daddr.a4 = daddr->a4;
1015 break;
1016
1017 case AF_INET6:
1018 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1019 (struct in6_addr *)daddr);
1020 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1021 (struct in6_addr *)saddr);
1022 x->sel.prefixlen_d = 128;
1023 x->sel.prefixlen_s = 128;
1024 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1025 (struct in6_addr *)saddr);
1026 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1027 (struct in6_addr *)daddr);
1028 break;
3ff50b79 1029 }
2770834c
DM		 1030
1031 x->km.state = XFRM_STATE_ACQ;
1032 x->id.proto = proto;
1033 x->props.family = family;
1034 x->props.mode = mode;
1035 x->props.reqid = reqid;
01e67d08 1036 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
2770834c 1037 xfrm_state_hold(x);
01e67d08 1038 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
2770834c 1039 add_timer(&x->timer);
9d4139c7 1040 list_add(&x->km.all, &init_net.xfrm.state_all);
73d189dc 1041 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
64d0cd00 1042 h = xfrm_src_hash(&init_net, daddr, saddr, family);
d320bbb3 1043 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
918049f0 1044
0bf7c5b0 1045 init_net.xfrm.state_num++;
918049f0
DM		 1046
1047 xfrm_hash_grow_check(x->bydst.next != NULL);
2770834c
DM		 1048 }
1049
1050 return x;
1051}
1052
1da177e4
LT		 1053static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1054
1055int xfrm_state_add(struct xfrm_state *x)
1056{
37b08e34 1057 struct xfrm_state *x1, *to_put;
1da177e4
LT		 1058 int family;
1059 int err;
eb2971b6 1060 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4
LT		 1061
1062 family = x->props.family;
1da177e4 1063
37b08e34
DM		 1064 to_put = NULL;
1065
1da177e4
LT		 1066 spin_lock_bh(&xfrm_state_lock);
1067
edcd5821 1068 x1 = __xfrm_state_locate(x, use_spi, family);
1da177e4 1069 if (x1) {
37b08e34 1070 to_put = x1;
1da177e4
LT		 1071 x1 = NULL;
1072 err = -EEXIST;
1073 goto out;
1074 }
1075
eb2971b6 1076 if (use_spi && x->km.seq) {
1da177e4 1077 x1 = __xfrm_find_acq_byseq(x->km.seq);
75e252d9
JL		 1078 if (x1 && ((x1->id.proto != x->id.proto) ||
1079 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
37b08e34 1080 to_put = x1;
1da177e4
LT		 1081 x1 = NULL;
1082 }
1083 }
1084
eb2971b6 1085 if (use_spi && !x1)
2770834c
DM		 1086 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1087 x->id.proto,
1088 &x->id.daddr, &x->props.saddr, 0);
1da177e4 1089
c7f5ea3a 1090 __xfrm_state_bump_genids(x);
1da177e4
LT		 1091 __xfrm_state_insert(x);
1092 err = 0;
1093
1094out:
1095 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1096
1097 if (x1) {
1098 xfrm_state_delete(x1);
1099 xfrm_state_put(x1);
1100 }
1101
37b08e34
DM		 1102 if (to_put)
1103 xfrm_state_put(to_put);
1104
1da177e4
LT		 1105 return err;
1106}
1107EXPORT_SYMBOL(xfrm_state_add);
1108
80c9abaa 1109#ifdef CONFIG_XFRM_MIGRATE
6666351d 1110static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
80c9abaa
SS		 1111{
1112 int err = -ENOMEM;
673c09be 1113 struct xfrm_state *x = xfrm_state_alloc(&init_net);
80c9abaa
SS		 1114 if (!x)
1115 goto error;
1116
1117 memcpy(&x->id, &orig->id, sizeof(x->id));
1118 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1119 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1120 x->props.mode = orig->props.mode;
1121 x->props.replay_window = orig->props.replay_window;
1122 x->props.reqid = orig->props.reqid;
1123 x->props.family = orig->props.family;
1124 x->props.saddr = orig->props.saddr;
1125
1126 if (orig->aalg) {
1127 x->aalg = xfrm_algo_clone(orig->aalg);
1128 if (!x->aalg)
1129 goto error;
1130 }
1131 x->props.aalgo = orig->props.aalgo;
1132
1133 if (orig->ealg) {
1134 x->ealg = xfrm_algo_clone(orig->ealg);
1135 if (!x->ealg)
1136 goto error;
1137 }
1138 x->props.ealgo = orig->props.ealgo;
1139
1140 if (orig->calg) {
1141 x->calg = xfrm_algo_clone(orig->calg);
1142 if (!x->calg)
1143 goto error;
1144 }
1145 x->props.calgo = orig->props.calgo;
1146
a716c119 1147 if (orig->encap) {
80c9abaa
SS		 1148 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1149 if (!x->encap)
1150 goto error;
1151 }
1152
1153 if (orig->coaddr) {
1154 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1155 GFP_KERNEL);
1156 if (!x->coaddr)
1157 goto error;
1158 }
1159
1160 err = xfrm_init_state(x);
1161 if (err)
1162 goto error;
1163
1164 x->props.flags = orig->props.flags;
1165
1166 x->curlft.add_time = orig->curlft.add_time;
1167 x->km.state = orig->km.state;
1168 x->km.seq = orig->km.seq;
1169
1170 return x;
1171
1172 error:
1173 if (errp)
1174 *errp = err;
1175 if (x) {
1176 kfree(x->aalg);
1177 kfree(x->ealg);
1178 kfree(x->calg);
1179 kfree(x->encap);
1180 kfree(x->coaddr);
1181 }
1182 kfree(x);
1183 return NULL;
1184}
80c9abaa
SS		 1185
1186/* xfrm_state_lock is held */
1187struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1188{
1189 unsigned int h;
1190 struct xfrm_state *x;
1191 struct hlist_node *entry;
1192
1193 if (m->reqid) {
64d0cd00 1194 h = xfrm_dst_hash(&init_net, &m->old_daddr, &m->old_saddr,
80c9abaa 1195 m->reqid, m->old_family);
73d189dc 1196 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
80c9abaa
SS		 1197 if (x->props.mode != m->mode ||
1198 x->id.proto != m->proto)
1199 continue;
1200 if (m->reqid && x->props.reqid != m->reqid)
1201 continue;
1202 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1203 m->old_family) ||
1204 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1205 m->old_family))
1206 continue;
1207 xfrm_state_hold(x);
1208 return x;
1209 }
1210 } else {
64d0cd00 1211 h = xfrm_src_hash(&init_net, &m->old_daddr, &m->old_saddr,
80c9abaa 1212 m->old_family);
d320bbb3 1213 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
80c9abaa
SS		 1214 if (x->props.mode != m->mode ||
1215 x->id.proto != m->proto)
1216 continue;
1217 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1218 m->old_family) ||
1219 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1220 m->old_family))
1221 continue;
1222 xfrm_state_hold(x);
1223 return x;
1224 }
1225 }
1226
a716c119 1227 return NULL;
80c9abaa
SS		 1228}
1229EXPORT_SYMBOL(xfrm_migrate_state_find);
1230
1231struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1232 struct xfrm_migrate *m)
1233{
1234 struct xfrm_state *xc;
1235 int err;
1236
1237 xc = xfrm_state_clone(x, &err);
1238 if (!xc)
1239 return NULL;
1240
1241 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1242 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1243
1244 /* add state */
1245 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1246 /* a care is needed when the destination address of the
1247 state is to be updated as it is a part of triplet */
1248 xfrm_state_insert(xc);
1249 } else {
1250 if ((err = xfrm_state_add(xc)) < 0)
1251 goto error;
1252 }
1253
1254 return xc;
1255error:
1256 kfree(xc);
1257 return NULL;
1258}
1259EXPORT_SYMBOL(xfrm_state_migrate);
1260#endif
1261
1da177e4
LT		 1262int xfrm_state_update(struct xfrm_state *x)
1263{
37b08e34 1264 struct xfrm_state *x1, *to_put;
1da177e4 1265 int err;
eb2971b6 1266 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4 1267
37b08e34
DM		 1268 to_put = NULL;
1269
1da177e4 1270 spin_lock_bh(&xfrm_state_lock);
edcd5821 1271 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1da177e4
LT		 1272
1273 err = -ESRCH;
1274 if (!x1)
1275 goto out;
1276
1277 if (xfrm_state_kern(x1)) {
37b08e34 1278 to_put = x1;
1da177e4
LT		 1279 err = -EEXIST;
1280 goto out;
1281 }
1282
1283 if (x1->km.state == XFRM_STATE_ACQ) {
1284 __xfrm_state_insert(x);
1285 x = NULL;
1286 }
1287 err = 0;
1288
1289out:
1290 spin_unlock_bh(&xfrm_state_lock);
1da177e4 1291
37b08e34
DM		 1292 if (to_put)
1293 xfrm_state_put(to_put);
1294
1da177e4
LT		 1295 if (err)
1296 return err;
1297
1298 if (!x) {
1299 xfrm_state_delete(x1);
1300 xfrm_state_put(x1);
1301 return 0;
1302 }
1303
1304 err = -EINVAL;
1305 spin_lock_bh(&x1->lock);
1306 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1307 if (x->encap && x1->encap)
1308 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
060f02a3
NT		 1309 if (x->coaddr && x1->coaddr) {
1310 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1311 }
1312 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1313 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1da177e4
LT		 1314 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1315 x1->km.dying = 0;
1316
a47f0ce0 1317 mod_timer(&x1->timer, jiffies + HZ);
1da177e4
LT		 1318 if (x1->curlft.use_time)
1319 xfrm_state_check_expire(x1);
1320
1321 err = 0;
1322 }
1323 spin_unlock_bh(&x1->lock);
1324
1325 xfrm_state_put(x1);
1326
1327 return err;
1328}
1329EXPORT_SYMBOL(xfrm_state_update);
1330
1331int xfrm_state_check_expire(struct xfrm_state *x)
1332{
1333 if (!x->curlft.use_time)
9d729f72 1334 x->curlft.use_time = get_seconds();
1da177e4
LT		 1335
1336 if (x->km.state != XFRM_STATE_VALID)
1337 return -EINVAL;
1338
1339 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1340 x->curlft.packets >= x->lft.hard_packet_limit) {
4666faab 1341 x->km.state = XFRM_STATE_EXPIRED;
a47f0ce0 1342 mod_timer(&x->timer, jiffies);
1da177e4
LT		 1343 return -EINVAL;
1344 }
1345
1346 if (!x->km.dying &&
1347 (x->curlft.bytes >= x->lft.soft_byte_limit ||
4666faab
HX		 1348 x->curlft.packets >= x->lft.soft_packet_limit)) {
1349 x->km.dying = 1;
53bc6b4d 1350 km_state_expired(x, 0, 0);
4666faab 1351 }
1da177e4
LT		 1352 return 0;
1353}
1354EXPORT_SYMBOL(xfrm_state_check_expire);
1355
1da177e4 1356struct xfrm_state *
a94cfd19 1357xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1da177e4
LT		 1358 unsigned short family)
1359{
1360 struct xfrm_state *x;
1da177e4
LT		 1361
1362 spin_lock_bh(&xfrm_state_lock);
edcd5821 1363 x = __xfrm_state_lookup(daddr, spi, proto, family);
1da177e4 1364 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1365 return x;
1366}
1367EXPORT_SYMBOL(xfrm_state_lookup);
1368
1369struct xfrm_state *
eb2971b6
MN		 1370xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1371 u8 proto, unsigned short family)
1372{
1373 struct xfrm_state *x;
eb2971b6
MN		 1374
1375 spin_lock_bh(&xfrm_state_lock);
edcd5821 1376 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
eb2971b6 1377 spin_unlock_bh(&xfrm_state_lock);
eb2971b6
MN		 1378 return x;
1379}
1380EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1381
1382struct xfrm_state *
a716c119
YH		 1383xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1384 xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 1385 int create, unsigned short family)
1386{
1387 struct xfrm_state *x;
1da177e4
LT		 1388
1389 spin_lock_bh(&xfrm_state_lock);
2770834c 1390 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1da177e4 1391 spin_unlock_bh(&xfrm_state_lock);
2770834c 1392
1da177e4
LT		 1393 return x;
1394}
1395EXPORT_SYMBOL(xfrm_find_acq);
1396
41a49cc3
MN		 1397#ifdef CONFIG_XFRM_SUB_POLICY
1398int
1399xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1400 unsigned short family)
1401{
1402 int err = 0;
1403 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1404 if (!afinfo)
1405 return -EAFNOSUPPORT;
1406
1407 spin_lock_bh(&xfrm_state_lock);
1408 if (afinfo->tmpl_sort)
1409 err = afinfo->tmpl_sort(dst, src, n);
1410 spin_unlock_bh(&xfrm_state_lock);
1411 xfrm_state_put_afinfo(afinfo);
1412 return err;
1413}
1414EXPORT_SYMBOL(xfrm_tmpl_sort);
1415
1416int
1417xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1418 unsigned short family)
1419{
1420 int err = 0;
1421 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1422 if (!afinfo)
1423 return -EAFNOSUPPORT;
1424
1425 spin_lock_bh(&xfrm_state_lock);
1426 if (afinfo->state_sort)
1427 err = afinfo->state_sort(dst, src, n);
1428 spin_unlock_bh(&xfrm_state_lock);
1429 xfrm_state_put_afinfo(afinfo);
1430 return err;
1431}
1432EXPORT_SYMBOL(xfrm_state_sort);
1433#endif
1434
1da177e4
LT		 1435/* Silly enough, but I'm lazy to build resolution list */
1436
1437static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1438{
1439 int i;
1da177e4 1440
529983ec 1441 for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
8f126e37
DM		 1442 struct hlist_node *entry;
1443 struct xfrm_state *x;
1444
73d189dc 1445 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
8f126e37
DM		 1446 if (x->km.seq == seq &&
1447 x->km.state == XFRM_STATE_ACQ) {
1da177e4
LT		 1448 xfrm_state_hold(x);
1449 return x;
1450 }
1451 }
1452 }
1453 return NULL;
1454}
1455
1456struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1457{
1458 struct xfrm_state *x;
1459
1460 spin_lock_bh(&xfrm_state_lock);
1461 x = __xfrm_find_acq_byseq(seq);
1462 spin_unlock_bh(&xfrm_state_lock);
1463 return x;
1464}
1465EXPORT_SYMBOL(xfrm_find_acq_byseq);
1466
1467u32 xfrm_get_acqseq(void)
1468{
1469 u32 res;
1470 static u32 acqseq;
1471 static DEFINE_SPINLOCK(acqseq_lock);
1472
1473 spin_lock_bh(&acqseq_lock);
1474 res = (++acqseq ? : ++acqseq);
1475 spin_unlock_bh(&acqseq_lock);
1476 return res;
1477}
1478EXPORT_SYMBOL(xfrm_get_acqseq);
1479
658b219e 1480int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1da177e4 1481{
f034b5d4 1482 unsigned int h;
1da177e4 1483 struct xfrm_state *x0;
658b219e
HX		 1484 int err = -ENOENT;
1485 __be32 minspi = htonl(low);
1486 __be32 maxspi = htonl(high);
1da177e4 1487
658b219e
HX		 1488 spin_lock_bh(&x->lock);
1489 if (x->km.state == XFRM_STATE_DEAD)
1490 goto unlock;
1491
1492 err = 0;
1da177e4 1493 if (x->id.spi)
658b219e
HX		 1494 goto unlock;
1495
1496 err = -ENOENT;
1da177e4
LT		 1497
1498 if (minspi == maxspi) {
1499 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1500 if (x0) {
1501 xfrm_state_put(x0);
658b219e 1502 goto unlock;
1da177e4
LT		 1503 }
1504 x->id.spi = minspi;
1505 } else {
1506 u32 spi = 0;
26977b4e
AV		 1507 for (h=0; h<high-low+1; h++) {
1508 spi = low + net_random()%(high-low+1);
1da177e4
LT		 1509 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1510 if (x0 == NULL) {
1511 x->id.spi = htonl(spi);
1512 break;
1513 }
1514 xfrm_state_put(x0);
1515 }
1516 }
1517 if (x->id.spi) {
1518 spin_lock_bh(&xfrm_state_lock);
64d0cd00 1519 h = xfrm_spi_hash(&init_net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family);
b754a4fd 1520 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1da177e4 1521 spin_unlock_bh(&xfrm_state_lock);
658b219e
HX		 1522
1523 err = 0;
1da177e4 1524 }
658b219e
HX		 1525
1526unlock:
1527 spin_unlock_bh(&x->lock);
1528
1529 return err;
1da177e4
LT		 1530}
1531EXPORT_SYMBOL(xfrm_alloc_spi);
1532
4c563f76
TT		 1533int xfrm_state_walk(struct xfrm_state_walk *walk,
1534 int (*func)(struct xfrm_state *, int, void*),
1da177e4
LT		 1535 void *data)
1536{
12a169e7
HX		 1537 struct xfrm_state *state;
1538 struct xfrm_state_walk *x;
1da177e4
LT		 1539 int err = 0;
1540
12a169e7 1541 if (walk->seq != 0 && list_empty(&walk->all))
4c563f76
TT		 1542 return 0;
1543
1da177e4 1544 spin_lock_bh(&xfrm_state_lock);
12a169e7 1545 if (list_empty(&walk->all))
9d4139c7 1546 x = list_first_entry(&init_net.xfrm.state_all, struct xfrm_state_walk, all);
12a169e7
HX		 1547 else
1548 x = list_entry(&walk->all, struct xfrm_state_walk, all);
9d4139c7 1549 list_for_each_entry_from(x, &init_net.xfrm.state_all, all) {
12a169e7 1550 if (x->state == XFRM_STATE_DEAD)
4c563f76 1551 continue;
12a169e7
HX		 1552 state = container_of(x, struct xfrm_state, km);
1553 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
4c563f76 1554 continue;
12a169e7
HX		 1555 err = func(state, walk->seq, data);
1556 if (err) {
1557 list_move_tail(&walk->all, &x->all);
1558 goto out;
1da177e4 1559 }
12a169e7 1560 walk->seq++;
1da177e4 1561 }
12a169e7 1562 if (walk->seq == 0) {
1da177e4
LT		 1563 err = -ENOENT;
1564 goto out;
1565 }
12a169e7 1566 list_del_init(&walk->all);
1da177e4
LT		 1567out:
1568 spin_unlock_bh(&xfrm_state_lock);
1569 return err;
1570}
1571EXPORT_SYMBOL(xfrm_state_walk);
1572
5c182458
HX		 1573void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1574{
12a169e7 1575 INIT_LIST_HEAD(&walk->all);
5c182458 1576 walk->proto = proto;
12a169e7
HX		 1577 walk->state = XFRM_STATE_DEAD;
1578 walk->seq = 0;
5c182458
HX		 1579}
1580EXPORT_SYMBOL(xfrm_state_walk_init);
1581
abb81c4f
HX		 1582void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1583{
12a169e7 1584 if (list_empty(&walk->all))
5c182458 1585 return;
5c182458 1586
12a169e7
HX		 1587 spin_lock_bh(&xfrm_state_lock);
1588 list_del(&walk->all);
1589 spin_lock_bh(&xfrm_state_lock);
abb81c4f
HX		 1590}
1591EXPORT_SYMBOL(xfrm_state_walk_done);
1592
f8cd5488
JHS		 1593
1594void xfrm_replay_notify(struct xfrm_state *x, int event)
1595{
1596 struct km_event c;
1597 /* we send notify messages in case
1598 * 1. we updated on of the sequence numbers, and the seqno difference
1599 * is at least x->replay_maxdiff, in this case we also update the
1600 * timeout of our timer function
1601 * 2. if x->replay_maxage has elapsed since last update,
1602 * and there were changes
1603 *
1604 * The state structure must be locked!
1605 */
1606
1607 switch (event) {
1608 case XFRM_REPLAY_UPDATE:
1609 if (x->replay_maxdiff &&
1610 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
2717096a
JHS		 1611 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1612 if (x->xflags & XFRM_TIME_DEFER)
1613 event = XFRM_REPLAY_TIMEOUT;
1614 else
1615 return;
1616 }
f8cd5488
JHS		 1617
1618 break;
1619
1620 case XFRM_REPLAY_TIMEOUT:
1621 if ((x->replay.seq == x->preplay.seq) &&
1622 (x->replay.bitmap == x->preplay.bitmap) &&
2717096a
JHS		 1623 (x->replay.oseq == x->preplay.oseq)) {
1624 x->xflags |= XFRM_TIME_DEFER;
f8cd5488 1625 return;
2717096a 1626 }
f8cd5488
JHS		 1627
1628 break;
1629 }
1630
1631 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1632 c.event = XFRM_MSG_NEWAE;
1633 c.data.aevent = event;
1634 km_state_notify(x, &c);
1635
f8cd5488 1636 if (x->replay_maxage &&
a47f0ce0 1637 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
2717096a 1638 x->xflags &= ~XFRM_TIME_DEFER;
f8cd5488
JHS		 1639}
1640
1641static void xfrm_replay_timer_handler(unsigned long data)
1642{
1643 struct xfrm_state *x = (struct xfrm_state*)data;
1644
1645 spin_lock(&x->lock);
1646
2717096a
JHS		 1647 if (x->km.state == XFRM_STATE_VALID) {
1648 if (xfrm_aevent_is_on())
1649 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1650 else
1651 x->xflags |= XFRM_TIME_DEFER;
1652 }
f8cd5488
JHS		 1653
1654 spin_unlock(&x->lock);
1655}
1656
afeb14b4
PM		 1657int xfrm_replay_check(struct xfrm_state *x,
1658 struct sk_buff *skb, __be32 net_seq)
1da177e4
LT		 1659{
1660 u32 diff;
a252cc23 1661 u32 seq = ntohl(net_seq);
1da177e4
LT		 1662
1663 if (unlikely(seq == 0))
afeb14b4 1664 goto err;
1da177e4
LT		 1665
1666 if (likely(seq > x->replay.seq))
1667 return 0;
1668
1669 diff = x->replay.seq - seq;
4c4d51a7
HX		 1670 if (diff >= min_t(unsigned int, x->props.replay_window,
1671 sizeof(x->replay.bitmap) * 8)) {
1da177e4 1672 x->stats.replay_window++;
afeb14b4 1673 goto err;
1da177e4
LT		 1674 }
1675
1676 if (x->replay.bitmap & (1U << diff)) {
1677 x->stats.replay++;
afeb14b4 1678 goto err;
1da177e4
LT		 1679 }
1680 return 0;
afeb14b4
PM		 1681
1682err:
1683 xfrm_audit_state_replay(x, skb, net_seq);
1684 return -EINVAL;
1da177e4 1685}
1da177e4 1686
61f4627b 1687void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1da177e4
LT		 1688{
1689 u32 diff;
61f4627b 1690 u32 seq = ntohl(net_seq);
1da177e4
LT		 1691
1692 if (seq > x->replay.seq) {
1693 diff = seq - x->replay.seq;
1694 if (diff < x->props.replay_window)
1695 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1696 else
1697 x->replay.bitmap = 1;
1698 x->replay.seq = seq;
1699 } else {
1700 diff = x->replay.seq - seq;
1701 x->replay.bitmap |= (1U << diff);
1702 }
f8cd5488
JHS		 1703
1704 if (xfrm_aevent_is_on())
1705 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1da177e4 1706}
1da177e4 1707
df01812e 1708static LIST_HEAD(xfrm_km_list);
1da177e4
LT		 1709static DEFINE_RWLOCK(xfrm_km_lock);
1710
26b15dad 1711void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1da177e4
LT		 1712{
1713 struct xfrm_mgr *km;
1714
26b15dad
JHS		 1715 read_lock(&xfrm_km_lock);
1716 list_for_each_entry(km, &xfrm_km_list, list)
1717 if (km->notify_policy)
1718 km->notify_policy(xp, dir, c);
1719 read_unlock(&xfrm_km_lock);
1720}
1da177e4 1721
26b15dad
JHS		 1722void km_state_notify(struct xfrm_state *x, struct km_event *c)
1723{
1724 struct xfrm_mgr *km;
1da177e4
LT		 1725 read_lock(&xfrm_km_lock);
1726 list_for_each_entry(km, &xfrm_km_list, list)
26b15dad
JHS		 1727 if (km->notify)
1728 km->notify(x, c);
1da177e4 1729 read_unlock(&xfrm_km_lock);
26b15dad
JHS		 1730}
1731
1732EXPORT_SYMBOL(km_policy_notify);
1733EXPORT_SYMBOL(km_state_notify);
1734
53bc6b4d 1735void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
26b15dad
JHS		 1736{
1737 struct km_event c;
1738
bf08867f 1739 c.data.hard = hard;
53bc6b4d 1740 c.pid = pid;
f60f6b8f 1741 c.event = XFRM_MSG_EXPIRE;
26b15dad 1742 km_state_notify(x, &c);
1da177e4
LT		 1743
1744 if (hard)
50a30657 1745 wake_up(&init_net.xfrm.km_waitq);
1da177e4
LT		 1746}
1747
53bc6b4d 1748EXPORT_SYMBOL(km_state_expired);
26b15dad
JHS		 1749/*
1750 * We send to all registered managers regardless of failure
1751 * We are happy with one success
1752*/
980ebd25 1753int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1da177e4 1754{
26b15dad 1755 int err = -EINVAL, acqret;
1da177e4
LT		 1756 struct xfrm_mgr *km;
1757
1758 read_lock(&xfrm_km_lock);
1759 list_for_each_entry(km, &xfrm_km_list, list) {
26b15dad
JHS		 1760 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1761 if (!acqret)
1762 err = acqret;
1da177e4
LT		 1763 }
1764 read_unlock(&xfrm_km_lock);
1765 return err;
1766}
980ebd25 1767EXPORT_SYMBOL(km_query);
1da177e4 1768
5d36b180 1769int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1da177e4
LT		 1770{
1771 int err = -EINVAL;
1772 struct xfrm_mgr *km;
1773
1774 read_lock(&xfrm_km_lock);
1775 list_for_each_entry(km, &xfrm_km_list, list) {
1776 if (km->new_mapping)
1777 err = km->new_mapping(x, ipaddr, sport);
1778 if (!err)
1779 break;
1780 }
1781 read_unlock(&xfrm_km_lock);
1782 return err;
1783}
1784EXPORT_SYMBOL(km_new_mapping);
1785
6c5c8ca7 1786void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1da177e4 1787{
26b15dad 1788 struct km_event c;
1da177e4 1789
bf08867f 1790 c.data.hard = hard;
6c5c8ca7 1791 c.pid = pid;
f60f6b8f 1792 c.event = XFRM_MSG_POLEXPIRE;
26b15dad 1793 km_policy_notify(pol, dir, &c);
1da177e4
LT		 1794
1795 if (hard)
50a30657 1796 wake_up(&init_net.xfrm.km_waitq);
1da177e4 1797}
a70fcb0b 1798EXPORT_SYMBOL(km_policy_expired);
1da177e4 1799
2d60abc2 1800#ifdef CONFIG_XFRM_MIGRATE
80c9abaa 1801int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
13c1d189
AE		 1802 struct xfrm_migrate *m, int num_migrate,
1803 struct xfrm_kmaddress *k)
80c9abaa
SS		 1804{
1805 int err = -EINVAL;
1806 int ret;
1807 struct xfrm_mgr *km;
1808
1809 read_lock(&xfrm_km_lock);
1810 list_for_each_entry(km, &xfrm_km_list, list) {
1811 if (km->migrate) {
13c1d189 1812 ret = km->migrate(sel, dir, type, m, num_migrate, k);
80c9abaa
SS		 1813 if (!ret)
1814 err = ret;
1815 }
1816 }
1817 read_unlock(&xfrm_km_lock);
1818 return err;
1819}
1820EXPORT_SYMBOL(km_migrate);
2d60abc2 1821#endif
80c9abaa 1822
97a64b45
MN		 1823int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1824{
1825 int err = -EINVAL;
1826 int ret;
1827 struct xfrm_mgr *km;
1828
1829 read_lock(&xfrm_km_lock);
1830 list_for_each_entry(km, &xfrm_km_list, list) {
1831 if (km->report) {
1832 ret = km->report(proto, sel, addr);
1833 if (!ret)
1834 err = ret;
1835 }
1836 }
1837 read_unlock(&xfrm_km_lock);
1838 return err;
1839}
1840EXPORT_SYMBOL(km_report);
1841
1da177e4
LT		 1842int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1843{
1844 int err;
1845 u8 *data;
1846 struct xfrm_mgr *km;
1847 struct xfrm_policy *pol = NULL;
1848
1849 if (optlen <= 0 || optlen > PAGE_SIZE)
1850 return -EMSGSIZE;
1851
1852 data = kmalloc(optlen, GFP_KERNEL);
1853 if (!data)
1854 return -ENOMEM;
1855
1856 err = -EFAULT;
1857 if (copy_from_user(data, optval, optlen))
1858 goto out;
1859
1860 err = -EINVAL;
1861 read_lock(&xfrm_km_lock);
1862 list_for_each_entry(km, &xfrm_km_list, list) {
cb969f07 1863 pol = km->compile_policy(sk, optname, data,
1da177e4
LT		 1864 optlen, &err);
1865 if (err >= 0)
1866 break;
1867 }
1868 read_unlock(&xfrm_km_lock);
1869
1870 if (err >= 0) {
1871 xfrm_sk_policy_insert(sk, err, pol);
1872 xfrm_pol_put(pol);
1873 err = 0;
1874 }
1875
1876out:
1877 kfree(data);
1878 return err;
1879}
1880EXPORT_SYMBOL(xfrm_user_policy);
1881
1882int xfrm_register_km(struct xfrm_mgr *km)
1883{
1884 write_lock_bh(&xfrm_km_lock);
1885 list_add_tail(&km->list, &xfrm_km_list);
1886 write_unlock_bh(&xfrm_km_lock);
1887 return 0;
1888}
1889EXPORT_SYMBOL(xfrm_register_km);
1890
1891int xfrm_unregister_km(struct xfrm_mgr *km)
1892{
1893 write_lock_bh(&xfrm_km_lock);
1894 list_del(&km->list);
1895 write_unlock_bh(&xfrm_km_lock);
1896 return 0;
1897}
1898EXPORT_SYMBOL(xfrm_unregister_km);
1899
1900int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1901{
1902 int err = 0;
1903 if (unlikely(afinfo == NULL))
1904 return -EINVAL;
1905 if (unlikely(afinfo->family >= NPROTO))
1906 return -EAFNOSUPPORT;
f3111502 1907 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1908 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1909 err = -ENOBUFS;
edcd5821 1910 else
1da177e4 1911 xfrm_state_afinfo[afinfo->family] = afinfo;
f3111502 1912 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1913 return err;
1914}
1915EXPORT_SYMBOL(xfrm_state_register_afinfo);
1916
1917int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1918{
1919 int err = 0;
1920 if (unlikely(afinfo == NULL))
1921 return -EINVAL;
1922 if (unlikely(afinfo->family >= NPROTO))
1923 return -EAFNOSUPPORT;
f3111502 1924 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1925 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1926 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1927 err = -EINVAL;
edcd5821 1928 else
1da177e4 1929 xfrm_state_afinfo[afinfo->family] = NULL;
1da177e4 1930 }
f3111502 1931 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1932 return err;
1933}
1934EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1935
17c2a42a 1936static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1da177e4
LT		 1937{
1938 struct xfrm_state_afinfo *afinfo;
1939 if (unlikely(family >= NPROTO))
1940 return NULL;
1941 read_lock(&xfrm_state_afinfo_lock);
1942 afinfo = xfrm_state_afinfo[family];
546be240
HX		 1943 if (unlikely(!afinfo))
1944 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1945 return afinfo;
1946}
1947
17c2a42a 1948static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 1949 __releases(xfrm_state_afinfo_lock)
1da177e4 1950{
546be240 1951 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1952}
1953
1954/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1955void xfrm_state_delete_tunnel(struct xfrm_state *x)
1956{
1957 if (x->tunnel) {
1958 struct xfrm_state *t = x->tunnel;
1959
1960 if (atomic_read(&t->tunnel_users) == 2)
1961 xfrm_state_delete(t);
1962 atomic_dec(&t->tunnel_users);
1963 xfrm_state_put(t);
1964 x->tunnel = NULL;
1965 }
1966}
1967EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1968
1969int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1970{
c5c25238 1971 int res;
1da177e4 1972
c5c25238
PM		 1973 spin_lock_bh(&x->lock);
1974 if (x->km.state == XFRM_STATE_VALID &&
1975 x->type && x->type->get_mtu)
1976 res = x->type->get_mtu(x, mtu);
1977 else
28121617 1978 res = mtu - x->props.header_len;
c5c25238 1979 spin_unlock_bh(&x->lock);
1da177e4
LT		 1980 return res;
1981}
1982
72cb6962
HX		 1983int xfrm_init_state(struct xfrm_state *x)
1984{
d094cd83 1985 struct xfrm_state_afinfo *afinfo;
df9dcb45 1986 struct xfrm_mode *inner_mode;
d094cd83 1987 int family = x->props.family;
72cb6962
HX		 1988 int err;
1989
d094cd83
HX		 1990 err = -EAFNOSUPPORT;
1991 afinfo = xfrm_state_get_afinfo(family);
1992 if (!afinfo)
1993 goto error;
1994
1995 err = 0;
1996 if (afinfo->init_flags)
1997 err = afinfo->init_flags(x);
1998
1999 xfrm_state_put_afinfo(afinfo);
2000
2001 if (err)
2002 goto error;
2003
2004 err = -EPROTONOSUPPORT;
13996378 2005
df9dcb45
KM		 2006 if (x->sel.family != AF_UNSPEC) {
2007 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2008 if (inner_mode == NULL)
2009 goto error;
2010
2011 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2012 family != x->sel.family) {
2013 xfrm_put_mode(inner_mode);
2014 goto error;
2015 }
2016
2017 x->inner_mode = inner_mode;
2018 } else {
2019 struct xfrm_mode *inner_mode_iaf;
2020
2021 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2022 if (inner_mode == NULL)
2023 goto error;
2024
2025 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2026 xfrm_put_mode(inner_mode);
2027 goto error;
2028 }
2029
2030 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2031 if (inner_mode_iaf == NULL)
2032 goto error;
2033
2034 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2035 xfrm_put_mode(inner_mode_iaf);
2036 goto error;
2037 }
2038
2039 if (x->props.family == AF_INET) {
2040 x->inner_mode = inner_mode;
2041 x->inner_mode_iaf = inner_mode_iaf;
2042 } else {
2043 x->inner_mode = inner_mode_iaf;
2044 x->inner_mode_iaf = inner_mode;
2045 }
2046 }
13996378 2047
d094cd83 2048 x->type = xfrm_get_type(x->id.proto, family);
72cb6962
HX		 2049 if (x->type == NULL)
2050 goto error;
2051
2052 err = x->type->init_state(x);
2053 if (err)
2054 goto error;
2055
13996378
HX		 2056 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2057 if (x->outer_mode == NULL)
b59f45d0
HX		 2058 goto error;
2059
72cb6962
HX		 2060 x->km.state = XFRM_STATE_VALID;
2061
2062error:
2063 return err;
2064}
2065
2066EXPORT_SYMBOL(xfrm_init_state);
a716c119 2067
d62ddc21 2068int __net_init xfrm_state_init(struct net *net)
1da177e4 2069{
f034b5d4
DM		 2070 unsigned int sz;
2071
9d4139c7
AD		 2072 INIT_LIST_HEAD(&net->xfrm.state_all);
2073
f034b5d4
DM		 2074 sz = sizeof(struct hlist_head) * 8;
2075
73d189dc
AD		 2076 net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2077 if (!net->xfrm.state_bydst)
2078 goto out_bydst;
d320bbb3
AD		 2079 net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2080 if (!net->xfrm.state_bysrc)
2081 goto out_bysrc;
b754a4fd
AD		 2082 net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2083 if (!net->xfrm.state_byspi)
2084 goto out_byspi;
529983ec 2085 net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1da177e4 2086
0bf7c5b0 2087 net->xfrm.state_num = 0;
63082733 2088 INIT_WORK(&net->xfrm.state_hash_work, xfrm_hash_resize);
b8a0ae20 2089 INIT_HLIST_HEAD(&net->xfrm.state_gc_list);
c7837144 2090 INIT_WORK(&net->xfrm.state_gc_work, xfrm_state_gc_task);
50a30657 2091 init_waitqueue_head(&net->xfrm.km_waitq);
d62ddc21 2092 return 0;
73d189dc 2093
b754a4fd
AD		 2094out_byspi:
2095 xfrm_hash_free(net->xfrm.state_bysrc, sz);
d320bbb3
AD		 2096out_bysrc:
2097 xfrm_hash_free(net->xfrm.state_bydst, sz);
73d189dc
AD		 2098out_bydst:
2099 return -ENOMEM;
d62ddc21
AD		 2100}
2101
2102void xfrm_state_fini(struct net *net)
2103{
73d189dc
AD		 2104 unsigned int sz;
2105
9d4139c7 2106 WARN_ON(!list_empty(&net->xfrm.state_all));
73d189dc 2107
529983ec 2108 sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
b754a4fd
AD		 2109 WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2110 xfrm_hash_free(net->xfrm.state_byspi, sz);
d320bbb3
AD		 2111 WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2112 xfrm_hash_free(net->xfrm.state_bysrc, sz);
73d189dc
AD		 2113 WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2114 xfrm_hash_free(net->xfrm.state_bydst, sz);
1da177e4
LT		 2115}
2116
ab5f5e8b 2117#ifdef CONFIG_AUDITSYSCALL
cf35f43e
IJ		 2118static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2119 struct audit_buffer *audit_buf)
ab5f5e8b 2120{
68277acc
PM		 2121 struct xfrm_sec_ctx *ctx = x->security;
2122 u32 spi = ntohl(x->id.spi);
2123
2124 if (ctx)
ab5f5e8b 2125 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
68277acc 2126 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
ab5f5e8b
JL		 2127
2128 switch(x->props.family) {
2129 case AF_INET:
21454aaa
HH		 2130 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2131 &x->props.saddr.a4, &x->id.daddr.a4);
ab5f5e8b
JL		 2132 break;
2133 case AF_INET6:
5b095d98 2134 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
fdb46ee7 2135 x->props.saddr.a6, x->id.daddr.a6);
ab5f5e8b
JL		 2136 break;
2137 }
68277acc
PM		 2138
2139 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
ab5f5e8b
JL		 2140}
2141
cf35f43e
IJ		 2142static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2143 struct audit_buffer *audit_buf)
afeb14b4
PM		 2144{
2145 struct iphdr *iph4;
2146 struct ipv6hdr *iph6;
2147
2148 switch (family) {
2149 case AF_INET:
2150 iph4 = ip_hdr(skb);
21454aaa
HH		 2151 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2152 &iph4->saddr, &iph4->daddr);
afeb14b4
PM		 2153 break;
2154 case AF_INET6:
2155 iph6 = ipv6_hdr(skb);
2156 audit_log_format(audit_buf,
5b095d98 2157 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
fdb46ee7 2158 &iph6->saddr,&iph6->daddr,
afeb14b4
PM		 2159 iph6->flow_lbl[0] & 0x0f,
2160 iph6->flow_lbl[1],
2161 iph6->flow_lbl[2]);
2162 break;
2163 }
2164}
2165
68277acc 2166void xfrm_audit_state_add(struct xfrm_state *x, int result,
2532386f 2167 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2168{
2169 struct audit_buffer *audit_buf;
ab5f5e8b 2170
afeb14b4 2171 audit_buf = xfrm_audit_start("SAD-add");
ab5f5e8b
JL		 2172 if (audit_buf == NULL)
2173 return;
2532386f 2174 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2175 xfrm_audit_helper_sainfo(x, audit_buf);
2176 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2177 audit_log_end(audit_buf);
2178}
2179EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2180
68277acc 2181void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2532386f 2182 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2183{
2184 struct audit_buffer *audit_buf;
ab5f5e8b 2185
afeb14b4 2186 audit_buf = xfrm_audit_start("SAD-delete");
ab5f5e8b
JL		 2187 if (audit_buf == NULL)
2188 return;
2532386f 2189 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2190 xfrm_audit_helper_sainfo(x, audit_buf);
2191 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2192 audit_log_end(audit_buf);
2193}
2194EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
afeb14b4
PM		 2195
2196void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2197 struct sk_buff *skb)
2198{
2199 struct audit_buffer *audit_buf;
2200 u32 spi;
2201
2202 audit_buf = xfrm_audit_start("SA-replay-overflow");
2203 if (audit_buf == NULL)
2204 return;
2205 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2206 /* don't record the sequence number because it's inherent in this kind
2207 * of audit message */
2208 spi = ntohl(x->id.spi);
2209 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2210 audit_log_end(audit_buf);
2211}
2212EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2213
2214static void xfrm_audit_state_replay(struct xfrm_state *x,
2215 struct sk_buff *skb, __be32 net_seq)
2216{
2217 struct audit_buffer *audit_buf;
2218 u32 spi;
2219
2220 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2221 if (audit_buf == NULL)
2222 return;
2223 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2224 spi = ntohl(x->id.spi);
2225 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2226 spi, spi, ntohl(net_seq));
2227 audit_log_end(audit_buf);
2228}
2229
2230void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2231{
2232 struct audit_buffer *audit_buf;
2233
2234 audit_buf = xfrm_audit_start("SA-notfound");
2235 if (audit_buf == NULL)
2236 return;
2237 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2238 audit_log_end(audit_buf);
2239}
2240EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2241
2242void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2243 __be32 net_spi, __be32 net_seq)
2244{
2245 struct audit_buffer *audit_buf;
2246 u32 spi;
2247
2248 audit_buf = xfrm_audit_start("SA-notfound");
2249 if (audit_buf == NULL)
2250 return;
2251 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2252 spi = ntohl(net_spi);
2253 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2254 spi, spi, ntohl(net_seq));
2255 audit_log_end(audit_buf);
2256}
2257EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2258
2259void xfrm_audit_state_icvfail(struct xfrm_state *x,
2260 struct sk_buff *skb, u8 proto)
2261{
2262 struct audit_buffer *audit_buf;
2263 __be32 net_spi;
2264 __be32 net_seq;
2265
2266 audit_buf = xfrm_audit_start("SA-icv-failure");
2267 if (audit_buf == NULL)
2268 return;
2269 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2270 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2271 u32 spi = ntohl(net_spi);
2272 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2273 spi, spi, ntohl(net_seq));
2274 }
2275 audit_log_end(audit_buf);
2276}
2277EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
ab5f5e8b 2278#endif /* CONFIG_AUDITSYSCALL */
Ubuntu Artful kernel mirror