]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/xfrm/xfrm_state.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[XFRM] STATE: Add source address list.
[mirror_ubuntu-artful-kernel.git] / net / xfrm / xfrm_state.c
CommitLineData
1da177e4
LT		 1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
df71837d 13 *
1da177e4
LT		 14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
21#include <asm/uaccess.h>
22
ee857a7d
DM		 23struct sock *xfrm_nl;
24EXPORT_SYMBOL(xfrm_nl);
25
f8cd5488 26u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME;
a70fcb0b
DM		 27EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
28
f8cd5488 29u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE;
a70fcb0b
DM		 30EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
31
1da177e4
LT		 32/* Each xfrm_state may be linked to two tables:
33
34 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
35 2. Hash table by daddr to find what SAs exist for given
36 destination/tunnel endpoint. (output)
37 */
38
39static DEFINE_SPINLOCK(xfrm_state_lock);
40
41/* Hash table to find appropriate SA towards given target (endpoint
42 * of tunnel or destination of transport mode) allowed by selector.
43 *
44 * Main use is finding SA after policy selected tunnel or transport mode.
45 * Also, it can be used by ah/esp icmp error handler to find offending SA.
46 */
47static struct list_head xfrm_state_bydst[XFRM_DST_HSIZE];
6c44e6b7 48static struct list_head xfrm_state_bysrc[XFRM_DST_HSIZE];
1da177e4
LT		 49static struct list_head xfrm_state_byspi[XFRM_DST_HSIZE];
50
51DECLARE_WAIT_QUEUE_HEAD(km_waitq);
52EXPORT_SYMBOL(km_waitq);
53
54static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
55static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
56
57static struct work_struct xfrm_state_gc_work;
58static struct list_head xfrm_state_gc_list = LIST_HEAD_INIT(xfrm_state_gc_list);
59static DEFINE_SPINLOCK(xfrm_state_gc_lock);
60
61static int xfrm_state_gc_flush_bundles;
62
53bc6b4d 63int __xfrm_state_delete(struct xfrm_state *x);
1da177e4
LT		 64
65static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family);
66static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
67
980ebd25 68int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
53bc6b4d 69void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
1da177e4
LT		 70
71static void xfrm_state_gc_destroy(struct xfrm_state *x)
72{
73 if (del_timer(&x->timer))
74 BUG();
f8cd5488
JHS		 75 if (del_timer(&x->rtimer))
76 BUG();
a51482bd
JJ		 77 kfree(x->aalg);
78 kfree(x->ealg);
79 kfree(x->calg);
80 kfree(x->encap);
b59f45d0
HX		 81 if (x->mode)
82 xfrm_put_mode(x->mode);
1da177e4
LT		 83 if (x->type) {
84 x->type->destructor(x);
85 xfrm_put_type(x->type);
86 }
df71837d 87 security_xfrm_state_free(x);
1da177e4
LT		 88 kfree(x);
89}
90
91static void xfrm_state_gc_task(void *data)
92{
93 struct xfrm_state *x;
94 struct list_head *entry, *tmp;
95 struct list_head gc_list = LIST_HEAD_INIT(gc_list);
96
97 if (xfrm_state_gc_flush_bundles) {
98 xfrm_state_gc_flush_bundles = 0;
99 xfrm_flush_bundles();
100 }
101
102 spin_lock_bh(&xfrm_state_gc_lock);
103 list_splice_init(&xfrm_state_gc_list, &gc_list);
104 spin_unlock_bh(&xfrm_state_gc_lock);
105
106 list_for_each_safe(entry, tmp, &gc_list) {
107 x = list_entry(entry, struct xfrm_state, bydst);
108 xfrm_state_gc_destroy(x);
109 }
110 wake_up(&km_waitq);
111}
112
113static inline unsigned long make_jiffies(long secs)
114{
115 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
116 return MAX_SCHEDULE_TIMEOUT-1;
117 else
118 return secs*HZ;
119}
120
121static void xfrm_timer_handler(unsigned long data)
122{
123 struct xfrm_state *x = (struct xfrm_state*)data;
124 unsigned long now = (unsigned long)xtime.tv_sec;
125 long next = LONG_MAX;
126 int warn = 0;
127
128 spin_lock(&x->lock);
129 if (x->km.state == XFRM_STATE_DEAD)
130 goto out;
131 if (x->km.state == XFRM_STATE_EXPIRED)
132 goto expired;
133 if (x->lft.hard_add_expires_seconds) {
134 long tmo = x->lft.hard_add_expires_seconds +
135 x->curlft.add_time - now;
136 if (tmo <= 0)
137 goto expired;
138 if (tmo < next)
139 next = tmo;
140 }
141 if (x->lft.hard_use_expires_seconds) {
142 long tmo = x->lft.hard_use_expires_seconds +
143 (x->curlft.use_time ? : now) - now;
144 if (tmo <= 0)
145 goto expired;
146 if (tmo < next)
147 next = tmo;
148 }
149 if (x->km.dying)
150 goto resched;
151 if (x->lft.soft_add_expires_seconds) {
152 long tmo = x->lft.soft_add_expires_seconds +
153 x->curlft.add_time - now;
154 if (tmo <= 0)
155 warn = 1;
156 else if (tmo < next)
157 next = tmo;
158 }
159 if (x->lft.soft_use_expires_seconds) {
160 long tmo = x->lft.soft_use_expires_seconds +
161 (x->curlft.use_time ? : now) - now;
162 if (tmo <= 0)
163 warn = 1;
164 else if (tmo < next)
165 next = tmo;
166 }
167
4666faab 168 x->km.dying = warn;
1da177e4 169 if (warn)
53bc6b4d 170 km_state_expired(x, 0, 0);
1da177e4
LT		 171resched:
172 if (next != LONG_MAX &&
173 !mod_timer(&x->timer, jiffies + make_jiffies(next)))
174 xfrm_state_hold(x);
175 goto out;
176
177expired:
178 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
179 x->km.state = XFRM_STATE_EXPIRED;
180 wake_up(&km_waitq);
181 next = 2;
182 goto resched;
183 }
4666faab 184 if (!__xfrm_state_delete(x) && x->id.spi)
53bc6b4d 185 km_state_expired(x, 1, 0);
1da177e4
LT		 186
187out:
188 spin_unlock(&x->lock);
189 xfrm_state_put(x);
190}
191
0ac84752
DM		 192static void xfrm_replay_timer_handler(unsigned long data);
193
1da177e4
LT		 194struct xfrm_state *xfrm_state_alloc(void)
195{
196 struct xfrm_state *x;
197
0da974f4 198 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
1da177e4
LT		 199
200 if (x) {
1da177e4
LT		 201 atomic_set(&x->refcnt, 1);
202 atomic_set(&x->tunnel_users, 0);
203 INIT_LIST_HEAD(&x->bydst);
6c44e6b7 204 INIT_LIST_HEAD(&x->bysrc);
1da177e4
LT		 205 INIT_LIST_HEAD(&x->byspi);
206 init_timer(&x->timer);
207 x->timer.function = xfrm_timer_handler;
208 x->timer.data = (unsigned long)x;
f8cd5488
JHS		 209 init_timer(&x->rtimer);
210 x->rtimer.function = xfrm_replay_timer_handler;
211 x->rtimer.data = (unsigned long)x;
1da177e4
LT		 212 x->curlft.add_time = (unsigned long)xtime.tv_sec;
213 x->lft.soft_byte_limit = XFRM_INF;
214 x->lft.soft_packet_limit = XFRM_INF;
215 x->lft.hard_byte_limit = XFRM_INF;
216 x->lft.hard_packet_limit = XFRM_INF;
f8cd5488
JHS		 217 x->replay_maxage = 0;
218 x->replay_maxdiff = 0;
1da177e4
LT		 219 spin_lock_init(&x->lock);
220 }
221 return x;
222}
223EXPORT_SYMBOL(xfrm_state_alloc);
224
225void __xfrm_state_destroy(struct xfrm_state *x)
226{
227 BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
228
229 spin_lock_bh(&xfrm_state_gc_lock);
230 list_add(&x->bydst, &xfrm_state_gc_list);
231 spin_unlock_bh(&xfrm_state_gc_lock);
232 schedule_work(&xfrm_state_gc_work);
233}
234EXPORT_SYMBOL(__xfrm_state_destroy);
235
53bc6b4d 236int __xfrm_state_delete(struct xfrm_state *x)
1da177e4 237{
26b15dad
JHS		 238 int err = -ESRCH;
239
1da177e4
LT		 240 if (x->km.state != XFRM_STATE_DEAD) {
241 x->km.state = XFRM_STATE_DEAD;
242 spin_lock(&xfrm_state_lock);
243 list_del(&x->bydst);
21380b81 244 __xfrm_state_put(x);
6c44e6b7
MN		 245 list_del(&x->bysrc);
246 __xfrm_state_put(x);
1da177e4
LT		 247 if (x->id.spi) {
248 list_del(&x->byspi);
21380b81 249 __xfrm_state_put(x);
1da177e4
LT		 250 }
251 spin_unlock(&xfrm_state_lock);
252 if (del_timer(&x->timer))
21380b81 253 __xfrm_state_put(x);
f8cd5488
JHS		 254 if (del_timer(&x->rtimer))
255 __xfrm_state_put(x);
1da177e4
LT		 256
257 /* The number two in this test is the reference
258 * mentioned in the comment below plus the reference
259 * our caller holds. A larger value means that
260 * there are DSTs attached to this xfrm_state.
261 */
262 if (atomic_read(&x->refcnt) > 2) {
263 xfrm_state_gc_flush_bundles = 1;
264 schedule_work(&xfrm_state_gc_work);
265 }
266
267 /* All xfrm_state objects are created by xfrm_state_alloc.
268 * The xfrm_state_alloc call gives a reference, and that
269 * is what we are dropping here.
270 */
21380b81 271 __xfrm_state_put(x);
26b15dad 272 err = 0;
1da177e4 273 }
26b15dad
JHS		 274
275 return err;
1da177e4 276}
53bc6b4d 277EXPORT_SYMBOL(__xfrm_state_delete);
1da177e4 278
26b15dad 279int xfrm_state_delete(struct xfrm_state *x)
1da177e4 280{
26b15dad
JHS		 281 int err;
282
1da177e4 283 spin_lock_bh(&x->lock);
26b15dad 284 err = __xfrm_state_delete(x);
1da177e4 285 spin_unlock_bh(&x->lock);
26b15dad
JHS		 286
287 return err;
1da177e4
LT		 288}
289EXPORT_SYMBOL(xfrm_state_delete);
290
291void xfrm_state_flush(u8 proto)
292{
293 int i;
294 struct xfrm_state *x;
295
296 spin_lock_bh(&xfrm_state_lock);
297 for (i = 0; i < XFRM_DST_HSIZE; i++) {
298restart:
299 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
300 if (!xfrm_state_kern(x) &&
5794708f 301 xfrm_id_proto_match(x->id.proto, proto)) {
1da177e4
LT		 302 xfrm_state_hold(x);
303 spin_unlock_bh(&xfrm_state_lock);
304
305 xfrm_state_delete(x);
306 xfrm_state_put(x);
307
308 spin_lock_bh(&xfrm_state_lock);
309 goto restart;
310 }
311 }
312 }
313 spin_unlock_bh(&xfrm_state_lock);
314 wake_up(&km_waitq);
315}
316EXPORT_SYMBOL(xfrm_state_flush);
317
318static int
319xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
320 struct xfrm_tmpl *tmpl,
321 xfrm_address_t *daddr, xfrm_address_t *saddr,
322 unsigned short family)
323{
324 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
325 if (!afinfo)
326 return -1;
327 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
328 xfrm_state_put_afinfo(afinfo);
329 return 0;
330}
331
332struct xfrm_state *
333xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
334 struct flowi *fl, struct xfrm_tmpl *tmpl,
335 struct xfrm_policy *pol, int *err,
336 unsigned short family)
337{
338 unsigned h = xfrm_dst_hash(daddr, family);
339 struct xfrm_state *x, *x0;
340 int acquire_in_progress = 0;
341 int error = 0;
342 struct xfrm_state *best = NULL;
343 struct xfrm_state_afinfo *afinfo;
344
345 afinfo = xfrm_state_get_afinfo(family);
346 if (afinfo == NULL) {
347 *err = -EAFNOSUPPORT;
348 return NULL;
349 }
350
351 spin_lock_bh(&xfrm_state_lock);
352 list_for_each_entry(x, xfrm_state_bydst+h, bydst) {
353 if (x->props.family == family &&
354 x->props.reqid == tmpl->reqid &&
355 xfrm_state_addr_check(x, daddr, saddr, family) &&
356 tmpl->mode == x->props.mode &&
357 tmpl->id.proto == x->id.proto &&
358 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
359 /* Resolution logic:
360 1. There is a valid state with matching selector.
361 Done.
362 2. Valid state with inappropriate selector. Skip.
363
364 Entering area of "sysdeps".
365
366 3. If state is not valid, selector is temporary,
367 it selects only session which triggered
368 previous resolution. Key manager will do
369 something to install a state with proper
370 selector.
371 */
372 if (x->km.state == XFRM_STATE_VALID) {
df71837d 373 if (!xfrm_selector_match(&x->sel, fl, family) ||
e0d1caa7 374 !security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 375 continue;
376 if (!best ||
377 best->km.dying > x->km.dying ||
378 (best->km.dying == x->km.dying &&
379 best->curlft.add_time < x->curlft.add_time))
380 best = x;
381 } else if (x->km.state == XFRM_STATE_ACQ) {
382 acquire_in_progress = 1;
383 } else if (x->km.state == XFRM_STATE_ERROR ||
384 x->km.state == XFRM_STATE_EXPIRED) {
df71837d 385 if (xfrm_selector_match(&x->sel, fl, family) &&
e0d1caa7 386 security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 387 error = -ESRCH;
388 }
389 }
390 }
391
392 x = best;
393 if (!x && !error && !acquire_in_progress) {
5c5d281a
PM		 394 if (tmpl->id.spi &&
395 (x0 = afinfo->state_lookup(daddr, tmpl->id.spi,
396 tmpl->id.proto)) != NULL) {
1da177e4
LT		 397 xfrm_state_put(x0);
398 error = -EEXIST;
399 goto out;
400 }
401 x = xfrm_state_alloc();
402 if (x == NULL) {
403 error = -ENOMEM;
404 goto out;
405 }
406 /* Initialize temporary selector matching only
407 * to current session. */
408 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
409
e0d1caa7
VY		 410 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
411 if (error) {
412 x->km.state = XFRM_STATE_DEAD;
413 xfrm_state_put(x);
414 x = NULL;
415 goto out;
416 }
417
1da177e4
LT		 418 if (km_query(x, tmpl, pol) == 0) {
419 x->km.state = XFRM_STATE_ACQ;
420 list_add_tail(&x->bydst, xfrm_state_bydst+h);
421 xfrm_state_hold(x);
6c44e6b7
MN		 422 list_add_tail(&x->bysrc, xfrm_state_bysrc+h);
423 xfrm_state_hold(x);
1da177e4
LT		 424 if (x->id.spi) {
425 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
426 list_add(&x->byspi, xfrm_state_byspi+h);
427 xfrm_state_hold(x);
428 }
429 x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
430 xfrm_state_hold(x);
431 x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
432 add_timer(&x->timer);
433 } else {
434 x->km.state = XFRM_STATE_DEAD;
435 xfrm_state_put(x);
436 x = NULL;
437 error = -ESRCH;
438 }
439 }
440out:
441 if (x)
442 xfrm_state_hold(x);
443 else
444 *err = acquire_in_progress ? -EAGAIN : error;
445 spin_unlock_bh(&xfrm_state_lock);
446 xfrm_state_put_afinfo(afinfo);
447 return x;
448}
449
450static void __xfrm_state_insert(struct xfrm_state *x)
451{
452 unsigned h = xfrm_dst_hash(&x->id.daddr, x->props.family);
453
454 list_add(&x->bydst, xfrm_state_bydst+h);
455 xfrm_state_hold(x);
456
6c44e6b7 457 h = xfrm_src_hash(&x->props.saddr, x->props.family);
1da177e4 458
6c44e6b7 459 list_add(&x->bysrc, xfrm_state_bysrc+h);
1da177e4
LT		 460 xfrm_state_hold(x);
461
6c44e6b7
MN		 462 if (xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY)) {
463 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
464 x->props.family);
465
466 list_add(&x->byspi, xfrm_state_byspi+h);
467 xfrm_state_hold(x);
468 }
469
1da177e4
LT		 470 if (!mod_timer(&x->timer, jiffies + HZ))
471 xfrm_state_hold(x);
472
f8cd5488
JHS		 473 if (x->replay_maxage &&
474 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
475 xfrm_state_hold(x);
476
1da177e4
LT		 477 wake_up(&km_waitq);
478}
479
480void xfrm_state_insert(struct xfrm_state *x)
481{
482 spin_lock_bh(&xfrm_state_lock);
483 __xfrm_state_insert(x);
484 spin_unlock_bh(&xfrm_state_lock);
399c180a
DM		 485
486 xfrm_flush_all_bundles();
1da177e4
LT		 487}
488EXPORT_SYMBOL(xfrm_state_insert);
489
490static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
491
492int xfrm_state_add(struct xfrm_state *x)
493{
494 struct xfrm_state_afinfo *afinfo;
495 struct xfrm_state *x1;
496 int family;
497 int err;
498
499 family = x->props.family;
500 afinfo = xfrm_state_get_afinfo(family);
501 if (unlikely(afinfo == NULL))
502 return -EAFNOSUPPORT;
503
504 spin_lock_bh(&xfrm_state_lock);
505
506 x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
507 if (x1) {
508 xfrm_state_put(x1);
509 x1 = NULL;
510 err = -EEXIST;
511 goto out;
512 }
513
514 if (x->km.seq) {
515 x1 = __xfrm_find_acq_byseq(x->km.seq);
516 if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
517 xfrm_state_put(x1);
518 x1 = NULL;
519 }
520 }
521
522 if (!x1)
523 x1 = afinfo->find_acq(
524 x->props.mode, x->props.reqid, x->id.proto,
525 &x->id.daddr, &x->props.saddr, 0);
526
527 __xfrm_state_insert(x);
528 err = 0;
529
530out:
531 spin_unlock_bh(&xfrm_state_lock);
532 xfrm_state_put_afinfo(afinfo);
533
399c180a
DM		 534 if (!err)
535 xfrm_flush_all_bundles();
536
1da177e4
LT		 537 if (x1) {
538 xfrm_state_delete(x1);
539 xfrm_state_put(x1);
540 }
541
542 return err;
543}
544EXPORT_SYMBOL(xfrm_state_add);
545
546int xfrm_state_update(struct xfrm_state *x)
547{
548 struct xfrm_state_afinfo *afinfo;
549 struct xfrm_state *x1;
550 int err;
551
552 afinfo = xfrm_state_get_afinfo(x->props.family);
553 if (unlikely(afinfo == NULL))
554 return -EAFNOSUPPORT;
555
556 spin_lock_bh(&xfrm_state_lock);
557 x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
558
559 err = -ESRCH;
560 if (!x1)
561 goto out;
562
563 if (xfrm_state_kern(x1)) {
564 xfrm_state_put(x1);
565 err = -EEXIST;
566 goto out;
567 }
568
569 if (x1->km.state == XFRM_STATE_ACQ) {
570 __xfrm_state_insert(x);
571 x = NULL;
572 }
573 err = 0;
574
575out:
576 spin_unlock_bh(&xfrm_state_lock);
577 xfrm_state_put_afinfo(afinfo);
578
579 if (err)
580 return err;
581
582 if (!x) {
583 xfrm_state_delete(x1);
584 xfrm_state_put(x1);
585 return 0;
586 }
587
588 err = -EINVAL;
589 spin_lock_bh(&x1->lock);
590 if (likely(x1->km.state == XFRM_STATE_VALID)) {
591 if (x->encap && x1->encap)
592 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
593 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
594 x1->km.dying = 0;
595
596 if (!mod_timer(&x1->timer, jiffies + HZ))
597 xfrm_state_hold(x1);
598 if (x1->curlft.use_time)
599 xfrm_state_check_expire(x1);
600
601 err = 0;
602 }
603 spin_unlock_bh(&x1->lock);
604
605 xfrm_state_put(x1);
606
607 return err;
608}
609EXPORT_SYMBOL(xfrm_state_update);
610
611int xfrm_state_check_expire(struct xfrm_state *x)
612{
613 if (!x->curlft.use_time)
614 x->curlft.use_time = (unsigned long)xtime.tv_sec;
615
616 if (x->km.state != XFRM_STATE_VALID)
617 return -EINVAL;
618
619 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
620 x->curlft.packets >= x->lft.hard_packet_limit) {
4666faab
HX		 621 x->km.state = XFRM_STATE_EXPIRED;
622 if (!mod_timer(&x->timer, jiffies))
1da177e4
LT		 623 xfrm_state_hold(x);
624 return -EINVAL;
625 }
626
627 if (!x->km.dying &&
628 (x->curlft.bytes >= x->lft.soft_byte_limit ||
4666faab
HX		 629 x->curlft.packets >= x->lft.soft_packet_limit)) {
630 x->km.dying = 1;
53bc6b4d 631 km_state_expired(x, 0, 0);
4666faab 632 }
1da177e4
LT		 633 return 0;
634}
635EXPORT_SYMBOL(xfrm_state_check_expire);
636
637static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
638{
639 int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev)
640 - skb_headroom(skb);
641
642 if (nhead > 0)
643 return pskb_expand_head(skb, nhead, 0, GFP_ATOMIC);
644
645 /* Check tail too... */
646 return 0;
647}
648
649int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
650{
651 int err = xfrm_state_check_expire(x);
652 if (err < 0)
653 goto err;
654 err = xfrm_state_check_space(x, skb);
655err:
656 return err;
657}
658EXPORT_SYMBOL(xfrm_state_check);
659
660struct xfrm_state *
661xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto,
662 unsigned short family)
663{
664 struct xfrm_state *x;
665 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
666 if (!afinfo)
667 return NULL;
668
669 spin_lock_bh(&xfrm_state_lock);
670 x = afinfo->state_lookup(daddr, spi, proto);
671 spin_unlock_bh(&xfrm_state_lock);
672 xfrm_state_put_afinfo(afinfo);
673 return x;
674}
675EXPORT_SYMBOL(xfrm_state_lookup);
676
677struct xfrm_state *
678xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
679 xfrm_address_t *daddr, xfrm_address_t *saddr,
680 int create, unsigned short family)
681{
682 struct xfrm_state *x;
683 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
684 if (!afinfo)
685 return NULL;
686
687 spin_lock_bh(&xfrm_state_lock);
688 x = afinfo->find_acq(mode, reqid, proto, daddr, saddr, create);
689 spin_unlock_bh(&xfrm_state_lock);
690 xfrm_state_put_afinfo(afinfo);
691 return x;
692}
693EXPORT_SYMBOL(xfrm_find_acq);
694
695/* Silly enough, but I'm lazy to build resolution list */
696
697static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
698{
699 int i;
700 struct xfrm_state *x;
701
702 for (i = 0; i < XFRM_DST_HSIZE; i++) {
703 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
704 if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
705 xfrm_state_hold(x);
706 return x;
707 }
708 }
709 }
710 return NULL;
711}
712
713struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
714{
715 struct xfrm_state *x;
716
717 spin_lock_bh(&xfrm_state_lock);
718 x = __xfrm_find_acq_byseq(seq);
719 spin_unlock_bh(&xfrm_state_lock);
720 return x;
721}
722EXPORT_SYMBOL(xfrm_find_acq_byseq);
723
724u32 xfrm_get_acqseq(void)
725{
726 u32 res;
727 static u32 acqseq;
728 static DEFINE_SPINLOCK(acqseq_lock);
729
730 spin_lock_bh(&acqseq_lock);
731 res = (++acqseq ? : ++acqseq);
732 spin_unlock_bh(&acqseq_lock);
733 return res;
734}
735EXPORT_SYMBOL(xfrm_get_acqseq);
736
737void
738xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi)
739{
740 u32 h;
741 struct xfrm_state *x0;
742
743 if (x->id.spi)
744 return;
745
746 if (minspi == maxspi) {
747 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
748 if (x0) {
749 xfrm_state_put(x0);
750 return;
751 }
752 x->id.spi = minspi;
753 } else {
754 u32 spi = 0;
755 minspi = ntohl(minspi);
756 maxspi = ntohl(maxspi);
757 for (h=0; h<maxspi-minspi+1; h++) {
758 spi = minspi + net_random()%(maxspi-minspi+1);
759 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
760 if (x0 == NULL) {
761 x->id.spi = htonl(spi);
762 break;
763 }
764 xfrm_state_put(x0);
765 }
766 }
767 if (x->id.spi) {
768 spin_lock_bh(&xfrm_state_lock);
769 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
770 list_add(&x->byspi, xfrm_state_byspi+h);
771 xfrm_state_hold(x);
772 spin_unlock_bh(&xfrm_state_lock);
773 wake_up(&km_waitq);
774 }
775}
776EXPORT_SYMBOL(xfrm_alloc_spi);
777
778int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
779 void *data)
780{
781 int i;
782 struct xfrm_state *x;
783 int count = 0;
784 int err = 0;
785
786 spin_lock_bh(&xfrm_state_lock);
787 for (i = 0; i < XFRM_DST_HSIZE; i++) {
788 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
5794708f 789 if (xfrm_id_proto_match(x->id.proto, proto))
1da177e4
LT		 790 count++;
791 }
792 }
793 if (count == 0) {
794 err = -ENOENT;
795 goto out;
796 }
797
798 for (i = 0; i < XFRM_DST_HSIZE; i++) {
799 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
5794708f 800 if (!xfrm_id_proto_match(x->id.proto, proto))
1da177e4
LT		 801 continue;
802 err = func(x, --count, data);
803 if (err)
804 goto out;
805 }
806 }
807out:
808 spin_unlock_bh(&xfrm_state_lock);
809 return err;
810}
811EXPORT_SYMBOL(xfrm_state_walk);
812
f8cd5488
JHS		 813
814void xfrm_replay_notify(struct xfrm_state *x, int event)
815{
816 struct km_event c;
817 /* we send notify messages in case
818 * 1. we updated on of the sequence numbers, and the seqno difference
819 * is at least x->replay_maxdiff, in this case we also update the
820 * timeout of our timer function
821 * 2. if x->replay_maxage has elapsed since last update,
822 * and there were changes
823 *
824 * The state structure must be locked!
825 */
826
827 switch (event) {
828 case XFRM_REPLAY_UPDATE:
829 if (x->replay_maxdiff &&
830 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
2717096a
JHS		 831 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
832 if (x->xflags & XFRM_TIME_DEFER)
833 event = XFRM_REPLAY_TIMEOUT;
834 else
835 return;
836 }
f8cd5488
JHS		 837
838 break;
839
840 case XFRM_REPLAY_TIMEOUT:
841 if ((x->replay.seq == x->preplay.seq) &&
842 (x->replay.bitmap == x->preplay.bitmap) &&
2717096a
JHS		 843 (x->replay.oseq == x->preplay.oseq)) {
844 x->xflags |= XFRM_TIME_DEFER;
f8cd5488 845 return;
2717096a 846 }
f8cd5488
JHS		 847
848 break;
849 }
850
851 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
852 c.event = XFRM_MSG_NEWAE;
853 c.data.aevent = event;
854 km_state_notify(x, &c);
855
f8cd5488 856 if (x->replay_maxage &&
2717096a 857 !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) {
f8cd5488 858 xfrm_state_hold(x);
2717096a
JHS		 859 x->xflags &= ~XFRM_TIME_DEFER;
860 }
f8cd5488 861}
a70fcb0b 862EXPORT_SYMBOL(xfrm_replay_notify);
f8cd5488
JHS		 863
864static void xfrm_replay_timer_handler(unsigned long data)
865{
866 struct xfrm_state *x = (struct xfrm_state*)data;
867
868 spin_lock(&x->lock);
869
2717096a
JHS		 870 if (x->km.state == XFRM_STATE_VALID) {
871 if (xfrm_aevent_is_on())
872 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
873 else
874 x->xflags |= XFRM_TIME_DEFER;
875 }
f8cd5488
JHS		 876
877 spin_unlock(&x->lock);
2717096a 878 xfrm_state_put(x);
f8cd5488
JHS		 879}
880
1da177e4
LT		 881int xfrm_replay_check(struct xfrm_state *x, u32 seq)
882{
883 u32 diff;
884
885 seq = ntohl(seq);
886
887 if (unlikely(seq == 0))
888 return -EINVAL;
889
890 if (likely(seq > x->replay.seq))
891 return 0;
892
893 diff = x->replay.seq - seq;
894 if (diff >= x->props.replay_window) {
895 x->stats.replay_window++;
896 return -EINVAL;
897 }
898
899 if (x->replay.bitmap & (1U << diff)) {
900 x->stats.replay++;
901 return -EINVAL;
902 }
903 return 0;
904}
905EXPORT_SYMBOL(xfrm_replay_check);
906
907void xfrm_replay_advance(struct xfrm_state *x, u32 seq)
908{
909 u32 diff;
910
911 seq = ntohl(seq);
912
913 if (seq > x->replay.seq) {
914 diff = seq - x->replay.seq;
915 if (diff < x->props.replay_window)
916 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
917 else
918 x->replay.bitmap = 1;
919 x->replay.seq = seq;
920 } else {
921 diff = x->replay.seq - seq;
922 x->replay.bitmap |= (1U << diff);
923 }
f8cd5488
JHS		 924
925 if (xfrm_aevent_is_on())
926 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1da177e4
LT		 927}
928EXPORT_SYMBOL(xfrm_replay_advance);
929
930static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
931static DEFINE_RWLOCK(xfrm_km_lock);
932
26b15dad 933void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1da177e4
LT		 934{
935 struct xfrm_mgr *km;
936
26b15dad
JHS		 937 read_lock(&xfrm_km_lock);
938 list_for_each_entry(km, &xfrm_km_list, list)
939 if (km->notify_policy)
940 km->notify_policy(xp, dir, c);
941 read_unlock(&xfrm_km_lock);
942}
1da177e4 943
26b15dad
JHS		 944void km_state_notify(struct xfrm_state *x, struct km_event *c)
945{
946 struct xfrm_mgr *km;
1da177e4
LT		 947 read_lock(&xfrm_km_lock);
948 list_for_each_entry(km, &xfrm_km_list, list)
26b15dad
JHS		 949 if (km->notify)
950 km->notify(x, c);
1da177e4 951 read_unlock(&xfrm_km_lock);
26b15dad
JHS		 952}
953
954EXPORT_SYMBOL(km_policy_notify);
955EXPORT_SYMBOL(km_state_notify);
956
53bc6b4d 957void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
26b15dad
JHS		 958{
959 struct km_event c;
960
bf08867f 961 c.data.hard = hard;
53bc6b4d 962 c.pid = pid;
f60f6b8f 963 c.event = XFRM_MSG_EXPIRE;
26b15dad 964 km_state_notify(x, &c);
1da177e4
LT		 965
966 if (hard)
967 wake_up(&km_waitq);
968}
969
53bc6b4d 970EXPORT_SYMBOL(km_state_expired);
26b15dad
JHS		 971/*
972 * We send to all registered managers regardless of failure
973 * We are happy with one success
974*/
980ebd25 975int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1da177e4 976{
26b15dad 977 int err = -EINVAL, acqret;
1da177e4
LT		 978 struct xfrm_mgr *km;
979
980 read_lock(&xfrm_km_lock);
981 list_for_each_entry(km, &xfrm_km_list, list) {
26b15dad
JHS		 982 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
983 if (!acqret)
984 err = acqret;
1da177e4
LT		 985 }
986 read_unlock(&xfrm_km_lock);
987 return err;
988}
980ebd25 989EXPORT_SYMBOL(km_query);
1da177e4
LT		 990
991int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport)
992{
993 int err = -EINVAL;
994 struct xfrm_mgr *km;
995
996 read_lock(&xfrm_km_lock);
997 list_for_each_entry(km, &xfrm_km_list, list) {
998 if (km->new_mapping)
999 err = km->new_mapping(x, ipaddr, sport);
1000 if (!err)
1001 break;
1002 }
1003 read_unlock(&xfrm_km_lock);
1004 return err;
1005}
1006EXPORT_SYMBOL(km_new_mapping);
1007
6c5c8ca7 1008void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1da177e4 1009{
26b15dad 1010 struct km_event c;
1da177e4 1011
bf08867f 1012 c.data.hard = hard;
6c5c8ca7 1013 c.pid = pid;
f60f6b8f 1014 c.event = XFRM_MSG_POLEXPIRE;
26b15dad 1015 km_policy_notify(pol, dir, &c);
1da177e4
LT		 1016
1017 if (hard)
1018 wake_up(&km_waitq);
1019}
a70fcb0b 1020EXPORT_SYMBOL(km_policy_expired);
1da177e4
LT		 1021
1022int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1023{
1024 int err;
1025 u8 *data;
1026 struct xfrm_mgr *km;
1027 struct xfrm_policy *pol = NULL;
1028
1029 if (optlen <= 0 || optlen > PAGE_SIZE)
1030 return -EMSGSIZE;
1031
1032 data = kmalloc(optlen, GFP_KERNEL);
1033 if (!data)
1034 return -ENOMEM;
1035
1036 err = -EFAULT;
1037 if (copy_from_user(data, optval, optlen))
1038 goto out;
1039
1040 err = -EINVAL;
1041 read_lock(&xfrm_km_lock);
1042 list_for_each_entry(km, &xfrm_km_list, list) {
cb969f07 1043 pol = km->compile_policy(sk, optname, data,
1da177e4
LT		 1044 optlen, &err);
1045 if (err >= 0)
1046 break;
1047 }
1048 read_unlock(&xfrm_km_lock);
1049
1050 if (err >= 0) {
1051 xfrm_sk_policy_insert(sk, err, pol);
1052 xfrm_pol_put(pol);
1053 err = 0;
1054 }
1055
1056out:
1057 kfree(data);
1058 return err;
1059}
1060EXPORT_SYMBOL(xfrm_user_policy);
1061
1062int xfrm_register_km(struct xfrm_mgr *km)
1063{
1064 write_lock_bh(&xfrm_km_lock);
1065 list_add_tail(&km->list, &xfrm_km_list);
1066 write_unlock_bh(&xfrm_km_lock);
1067 return 0;
1068}
1069EXPORT_SYMBOL(xfrm_register_km);
1070
1071int xfrm_unregister_km(struct xfrm_mgr *km)
1072{
1073 write_lock_bh(&xfrm_km_lock);
1074 list_del(&km->list);
1075 write_unlock_bh(&xfrm_km_lock);
1076 return 0;
1077}
1078EXPORT_SYMBOL(xfrm_unregister_km);
1079
1080int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1081{
1082 int err = 0;
1083 if (unlikely(afinfo == NULL))
1084 return -EINVAL;
1085 if (unlikely(afinfo->family >= NPROTO))
1086 return -EAFNOSUPPORT;
f3111502 1087 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1088 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1089 err = -ENOBUFS;
1090 else {
1091 afinfo->state_bydst = xfrm_state_bydst;
6c44e6b7 1092 afinfo->state_bysrc = xfrm_state_bysrc;
1da177e4
LT		 1093 afinfo->state_byspi = xfrm_state_byspi;
1094 xfrm_state_afinfo[afinfo->family] = afinfo;
1095 }
f3111502 1096 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1097 return err;
1098}
1099EXPORT_SYMBOL(xfrm_state_register_afinfo);
1100
1101int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1102{
1103 int err = 0;
1104 if (unlikely(afinfo == NULL))
1105 return -EINVAL;
1106 if (unlikely(afinfo->family >= NPROTO))
1107 return -EAFNOSUPPORT;
f3111502 1108 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1109 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1110 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1111 err = -EINVAL;
1112 else {
1113 xfrm_state_afinfo[afinfo->family] = NULL;
1114 afinfo->state_byspi = NULL;
6c44e6b7 1115 afinfo->state_bysrc = NULL;
1da177e4
LT		 1116 afinfo->state_bydst = NULL;
1117 }
1118 }
f3111502 1119 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1120 return err;
1121}
1122EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1123
1124static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
1125{
1126 struct xfrm_state_afinfo *afinfo;
1127 if (unlikely(family >= NPROTO))
1128 return NULL;
1129 read_lock(&xfrm_state_afinfo_lock);
1130 afinfo = xfrm_state_afinfo[family];
546be240
HX		 1131 if (unlikely(!afinfo))
1132 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1133 return afinfo;
1134}
1135
1136static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1137{
546be240 1138 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1139}
1140
1141/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1142void xfrm_state_delete_tunnel(struct xfrm_state *x)
1143{
1144 if (x->tunnel) {
1145 struct xfrm_state *t = x->tunnel;
1146
1147 if (atomic_read(&t->tunnel_users) == 2)
1148 xfrm_state_delete(t);
1149 atomic_dec(&t->tunnel_users);
1150 xfrm_state_put(t);
1151 x->tunnel = NULL;
1152 }
1153}
1154EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1155
80b30c10
HX		 1156/*
1157 * This function is NOT optimal. For example, with ESP it will give an
1158 * MTU that's usually two bytes short of being optimal. However, it will
1159 * usually give an answer that's a multiple of 4 provided the input is
1160 * also a multiple of 4.
1161 */
1da177e4
LT		 1162int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1163{
1164 int res = mtu;
1165
1166 res -= x->props.header_len;
1167
1168 for (;;) {
1169 int m = res;
1170
1171 if (m < 68)
1172 return 68;
1173
1174 spin_lock_bh(&x->lock);
1175 if (x->km.state == XFRM_STATE_VALID &&
1176 x->type && x->type->get_max_size)
1177 m = x->type->get_max_size(x, m);
1178 else
1179 m += x->props.header_len;
1180 spin_unlock_bh(&x->lock);
1181
1182 if (m <= mtu)
1183 break;
1184 res -= (m - mtu);
1185 }
1186
1187 return res;
1188}
1189
72cb6962
HX		 1190int xfrm_init_state(struct xfrm_state *x)
1191{
d094cd83
HX		 1192 struct xfrm_state_afinfo *afinfo;
1193 int family = x->props.family;
72cb6962
HX		 1194 int err;
1195
d094cd83
HX		 1196 err = -EAFNOSUPPORT;
1197 afinfo = xfrm_state_get_afinfo(family);
1198 if (!afinfo)
1199 goto error;
1200
1201 err = 0;
1202 if (afinfo->init_flags)
1203 err = afinfo->init_flags(x);
1204
1205 xfrm_state_put_afinfo(afinfo);
1206
1207 if (err)
1208 goto error;
1209
1210 err = -EPROTONOSUPPORT;
1211 x->type = xfrm_get_type(x->id.proto, family);
72cb6962
HX		 1212 if (x->type == NULL)
1213 goto error;
1214
1215 err = x->type->init_state(x);
1216 if (err)
1217 goto error;
1218
b59f45d0
HX		 1219 x->mode = xfrm_get_mode(x->props.mode, family);
1220 if (x->mode == NULL)
1221 goto error;
1222
72cb6962
HX		 1223 x->km.state = XFRM_STATE_VALID;
1224
1225error:
1226 return err;
1227}
1228
1229EXPORT_SYMBOL(xfrm_init_state);
1da177e4
LT		 1230
1231void __init xfrm_state_init(void)
1232{
1233 int i;
1234
1235 for (i=0; i<XFRM_DST_HSIZE; i++) {
1236 INIT_LIST_HEAD(&xfrm_state_bydst[i]);
6c44e6b7 1237 INIT_LIST_HEAD(&xfrm_state_bysrc[i]);
1da177e4
LT		 1238 INIT_LIST_HEAD(&xfrm_state_byspi[i]);
1239 }
1240 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task, NULL);
1241}
1242
Ubuntu Artful kernel mirror