]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/xfrm/xfrm_state.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
netns xfrm: per-netns xfrm_state_byspi hash
[mirror_ubuntu-artful-kernel.git] / net / xfrm / xfrm_state.c
CommitLineData
1da177e4
LT		 1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
df71837d 13 *
1da177e4
LT		 14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
f034b5d4 21#include <linux/cache.h>
68277acc 22#include <linux/audit.h>
b5890d8b 23#include <asm/uaccess.h>
1da177e4 24
44e36b42
DM		 25#include "xfrm_hash.h"
26
ee857a7d
DM		 27struct sock *xfrm_nl;
28EXPORT_SYMBOL(xfrm_nl);
29
01e67d08 30u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
a70fcb0b
DM		 31EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
01e67d08 33u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
a70fcb0b
DM		 34EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
01e67d08
DM		 36u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
1da177e4
LT		 38/* Each xfrm_state may be linked to two tables:
39
40 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
a624c108 41 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
1da177e4
LT		 42 destination/tunnel endpoint. (output)
43 */
44
45static DEFINE_SPINLOCK(xfrm_state_lock);
46
f034b5d4
DM		 47static unsigned int xfrm_state_hmask __read_mostly;
48static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
49static unsigned int xfrm_state_num;
9d4a706d 50static unsigned int xfrm_state_genid;
f034b5d4 51
17c2a42a
HX		 52static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
53static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
54
afeb14b4
PM		 55#ifdef CONFIG_AUDITSYSCALL
56static void xfrm_audit_state_replay(struct xfrm_state *x,
57 struct sk_buff *skb, __be32 net_seq);
58#else
59#define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
60#endif /* CONFIG_AUDITSYSCALL */
61
c1969f29
DM		 62static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
63 xfrm_address_t *saddr,
64 u32 reqid,
a624c108 65 unsigned short family)
f034b5d4 66{
c1969f29 67 return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
f034b5d4
DM		 68}
69
667bbcb6
MN		 70static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
71 xfrm_address_t *saddr,
44e36b42 72 unsigned short family)
f034b5d4 73{
667bbcb6 74 return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
f034b5d4
DM		 75}
76
f034b5d4 77static inline unsigned int
8122adf0 78xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
f034b5d4 79{
c1969f29 80 return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
f034b5d4
DM		 81}
82
f034b5d4
DM		 83static void xfrm_hash_transfer(struct hlist_head *list,
84 struct hlist_head *ndsttable,
85 struct hlist_head *nsrctable,
86 struct hlist_head *nspitable,
87 unsigned int nhashmask)
88{
89 struct hlist_node *entry, *tmp;
90 struct xfrm_state *x;
91
92 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
93 unsigned int h;
94
c1969f29
DM		 95 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
96 x->props.reqid, x->props.family,
97 nhashmask);
f034b5d4
DM		 98 hlist_add_head(&x->bydst, ndsttable+h);
99
667bbcb6
MN		 100 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
101 x->props.family,
f034b5d4
DM		 102 nhashmask);
103 hlist_add_head(&x->bysrc, nsrctable+h);
104
7b4dc360
MN		 105 if (x->id.spi) {
106 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
107 x->id.proto, x->props.family,
108 nhashmask);
109 hlist_add_head(&x->byspi, nspitable+h);
110 }
f034b5d4
DM		 111 }
112}
113
114static unsigned long xfrm_hash_new_size(void)
115{
116 return ((xfrm_state_hmask + 1) << 1) *
117 sizeof(struct hlist_head);
118}
119
120static DEFINE_MUTEX(hash_resize_mutex);
121
c4028958 122static void xfrm_hash_resize(struct work_struct *__unused)
f034b5d4
DM		 123{
124 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
125 unsigned long nsize, osize;
126 unsigned int nhashmask, ohashmask;
127 int i;
128
129 mutex_lock(&hash_resize_mutex);
130
131 nsize = xfrm_hash_new_size();
44e36b42 132 ndst = xfrm_hash_alloc(nsize);
f034b5d4
DM		 133 if (!ndst)
134 goto out_unlock;
44e36b42 135 nsrc = xfrm_hash_alloc(nsize);
f034b5d4 136 if (!nsrc) {
44e36b42 137 xfrm_hash_free(ndst, nsize);
f034b5d4
DM		 138 goto out_unlock;
139 }
44e36b42 140 nspi = xfrm_hash_alloc(nsize);
f034b5d4 141 if (!nspi) {
44e36b42
DM		 142 xfrm_hash_free(ndst, nsize);
143 xfrm_hash_free(nsrc, nsize);
f034b5d4
DM		 144 goto out_unlock;
145 }
146
147 spin_lock_bh(&xfrm_state_lock);
148
149 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
150 for (i = xfrm_state_hmask; i >= 0; i--)
73d189dc 151 xfrm_hash_transfer(init_net.xfrm.state_bydst+i, ndst, nsrc, nspi,
f034b5d4
DM		 152 nhashmask);
153
73d189dc 154 odst = init_net.xfrm.state_bydst;
d320bbb3 155 osrc = init_net.xfrm.state_bysrc;
b754a4fd 156 ospi = init_net.xfrm.state_byspi;
f034b5d4
DM		 157 ohashmask = xfrm_state_hmask;
158
73d189dc 159 init_net.xfrm.state_bydst = ndst;
d320bbb3 160 init_net.xfrm.state_bysrc = nsrc;
b754a4fd 161 init_net.xfrm.state_byspi = nspi;
f034b5d4
DM		 162 xfrm_state_hmask = nhashmask;
163
164 spin_unlock_bh(&xfrm_state_lock);
165
166 osize = (ohashmask + 1) * sizeof(struct hlist_head);
44e36b42
DM		 167 xfrm_hash_free(odst, osize);
168 xfrm_hash_free(osrc, osize);
169 xfrm_hash_free(ospi, osize);
f034b5d4
DM		 170
171out_unlock:
172 mutex_unlock(&hash_resize_mutex);
173}
174
c4028958 175static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
f034b5d4 176
1da177e4
LT		 177DECLARE_WAIT_QUEUE_HEAD(km_waitq);
178EXPORT_SYMBOL(km_waitq);
179
180static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
181static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
182
183static struct work_struct xfrm_state_gc_work;
12a169e7 184static HLIST_HEAD(xfrm_state_gc_list);
1da177e4
LT		 185static DEFINE_SPINLOCK(xfrm_state_gc_lock);
186
53bc6b4d 187int __xfrm_state_delete(struct xfrm_state *x);
1da177e4 188
980ebd25 189int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
53bc6b4d 190void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
1da177e4 191
aa5d62cc
HX		 192static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
193{
194 struct xfrm_state_afinfo *afinfo;
195 if (unlikely(family >= NPROTO))
196 return NULL;
197 write_lock_bh(&xfrm_state_afinfo_lock);
198 afinfo = xfrm_state_afinfo[family];
199 if (unlikely(!afinfo))
200 write_unlock_bh(&xfrm_state_afinfo_lock);
201 return afinfo;
202}
203
204static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 205 __releases(xfrm_state_afinfo_lock)
aa5d62cc
HX		 206{
207 write_unlock_bh(&xfrm_state_afinfo_lock);
208}
209
533cb5b0 210int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 211{
212 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 213 const struct xfrm_type **typemap;
aa5d62cc
HX		 214 int err = 0;
215
216 if (unlikely(afinfo == NULL))
217 return -EAFNOSUPPORT;
218 typemap = afinfo->type_map;
219
220 if (likely(typemap[type->proto] == NULL))
221 typemap[type->proto] = type;
222 else
223 err = -EEXIST;
224 xfrm_state_unlock_afinfo(afinfo);
225 return err;
226}
227EXPORT_SYMBOL(xfrm_register_type);
228
533cb5b0 229int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 230{
231 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 232 const struct xfrm_type **typemap;
aa5d62cc
HX		 233 int err = 0;
234
235 if (unlikely(afinfo == NULL))
236 return -EAFNOSUPPORT;
237 typemap = afinfo->type_map;
238
239 if (unlikely(typemap[type->proto] != type))
240 err = -ENOENT;
241 else
242 typemap[type->proto] = NULL;
243 xfrm_state_unlock_afinfo(afinfo);
244 return err;
245}
246EXPORT_SYMBOL(xfrm_unregister_type);
247
533cb5b0 248static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
aa5d62cc
HX		 249{
250 struct xfrm_state_afinfo *afinfo;
533cb5b0
ED		 251 const struct xfrm_type **typemap;
252 const struct xfrm_type *type;
aa5d62cc
HX		 253 int modload_attempted = 0;
254
255retry:
256 afinfo = xfrm_state_get_afinfo(family);
257 if (unlikely(afinfo == NULL))
258 return NULL;
259 typemap = afinfo->type_map;
260
261 type = typemap[proto];
262 if (unlikely(type && !try_module_get(type->owner)))
263 type = NULL;
264 if (!type && !modload_attempted) {
265 xfrm_state_put_afinfo(afinfo);
266 request_module("xfrm-type-%d-%d", family, proto);
267 modload_attempted = 1;
268 goto retry;
269 }
270
271 xfrm_state_put_afinfo(afinfo);
272 return type;
273}
274
533cb5b0 275static void xfrm_put_type(const struct xfrm_type *type)
aa5d62cc
HX		 276{
277 module_put(type->owner);
278}
279
280int xfrm_register_mode(struct xfrm_mode *mode, int family)
281{
282 struct xfrm_state_afinfo *afinfo;
283 struct xfrm_mode **modemap;
284 int err;
285
286 if (unlikely(mode->encap >= XFRM_MODE_MAX))
287 return -EINVAL;
288
289 afinfo = xfrm_state_lock_afinfo(family);
290 if (unlikely(afinfo == NULL))
291 return -EAFNOSUPPORT;
292
293 err = -EEXIST;
294 modemap = afinfo->mode_map;
17c2a42a
HX		 295 if (modemap[mode->encap])
296 goto out;
aa5d62cc 297
17c2a42a
HX		 298 err = -ENOENT;
299 if (!try_module_get(afinfo->owner))
300 goto out;
301
302 mode->afinfo = afinfo;
303 modemap[mode->encap] = mode;
304 err = 0;
305
306out:
aa5d62cc
HX		 307 xfrm_state_unlock_afinfo(afinfo);
308 return err;
309}
310EXPORT_SYMBOL(xfrm_register_mode);
311
312int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
313{
314 struct xfrm_state_afinfo *afinfo;
315 struct xfrm_mode **modemap;
316 int err;
317
318 if (unlikely(mode->encap >= XFRM_MODE_MAX))
319 return -EINVAL;
320
321 afinfo = xfrm_state_lock_afinfo(family);
322 if (unlikely(afinfo == NULL))
323 return -EAFNOSUPPORT;
324
325 err = -ENOENT;
326 modemap = afinfo->mode_map;
327 if (likely(modemap[mode->encap] == mode)) {
328 modemap[mode->encap] = NULL;
17c2a42a 329 module_put(mode->afinfo->owner);
aa5d62cc
HX		 330 err = 0;
331 }
332
333 xfrm_state_unlock_afinfo(afinfo);
334 return err;
335}
336EXPORT_SYMBOL(xfrm_unregister_mode);
337
338static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
339{
340 struct xfrm_state_afinfo *afinfo;
341 struct xfrm_mode *mode;
342 int modload_attempted = 0;
343
344 if (unlikely(encap >= XFRM_MODE_MAX))
345 return NULL;
346
347retry:
348 afinfo = xfrm_state_get_afinfo(family);
349 if (unlikely(afinfo == NULL))
350 return NULL;
351
352 mode = afinfo->mode_map[encap];
353 if (unlikely(mode && !try_module_get(mode->owner)))
354 mode = NULL;
355 if (!mode && !modload_attempted) {
356 xfrm_state_put_afinfo(afinfo);
357 request_module("xfrm-mode-%d-%d", family, encap);
358 modload_attempted = 1;
359 goto retry;
360 }
361
362 xfrm_state_put_afinfo(afinfo);
363 return mode;
364}
365
366static void xfrm_put_mode(struct xfrm_mode *mode)
367{
368 module_put(mode->owner);
369}
370
1da177e4
LT		 371static void xfrm_state_gc_destroy(struct xfrm_state *x)
372{
a47f0ce0
DM		 373 del_timer_sync(&x->timer);
374 del_timer_sync(&x->rtimer);
a51482bd
JJ		 375 kfree(x->aalg);
376 kfree(x->ealg);
377 kfree(x->calg);
378 kfree(x->encap);
060f02a3 379 kfree(x->coaddr);
13996378
HX		 380 if (x->inner_mode)
381 xfrm_put_mode(x->inner_mode);
df9dcb45
KM		 382 if (x->inner_mode_iaf)
383 xfrm_put_mode(x->inner_mode_iaf);
13996378
HX		 384 if (x->outer_mode)
385 xfrm_put_mode(x->outer_mode);
1da177e4
LT		 386 if (x->type) {
387 x->type->destructor(x);
388 xfrm_put_type(x->type);
389 }
df71837d 390 security_xfrm_state_free(x);
1da177e4
LT		 391 kfree(x);
392}
393
c4028958 394static void xfrm_state_gc_task(struct work_struct *data)
1da177e4 395{
12a169e7
HX		 396 struct xfrm_state *x;
397 struct hlist_node *entry, *tmp;
398 struct hlist_head gc_list;
1da177e4 399
1da177e4 400 spin_lock_bh(&xfrm_state_gc_lock);
12a169e7 401 hlist_move_list(&xfrm_state_gc_list, &gc_list);
1da177e4
LT		 402 spin_unlock_bh(&xfrm_state_gc_lock);
403
12a169e7 404 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
1da177e4 405 xfrm_state_gc_destroy(x);
8f126e37 406
1da177e4
LT		 407 wake_up(&km_waitq);
408}
409
410static inline unsigned long make_jiffies(long secs)
411{
412 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
413 return MAX_SCHEDULE_TIMEOUT-1;
414 else
a716c119 415 return secs*HZ;
1da177e4
LT		 416}
417
418static void xfrm_timer_handler(unsigned long data)
419{
420 struct xfrm_state *x = (struct xfrm_state*)data;
9d729f72 421 unsigned long now = get_seconds();
1da177e4
LT		 422 long next = LONG_MAX;
423 int warn = 0;
161a09e7 424 int err = 0;
1da177e4
LT		 425
426 spin_lock(&x->lock);
427 if (x->km.state == XFRM_STATE_DEAD)
428 goto out;
429 if (x->km.state == XFRM_STATE_EXPIRED)
430 goto expired;
431 if (x->lft.hard_add_expires_seconds) {
432 long tmo = x->lft.hard_add_expires_seconds +
433 x->curlft.add_time - now;
434 if (tmo <= 0)
435 goto expired;
436 if (tmo < next)
437 next = tmo;
438 }
439 if (x->lft.hard_use_expires_seconds) {
440 long tmo = x->lft.hard_use_expires_seconds +
441 (x->curlft.use_time ? : now) - now;
442 if (tmo <= 0)
443 goto expired;
444 if (tmo < next)
445 next = tmo;
446 }
447 if (x->km.dying)
448 goto resched;
449 if (x->lft.soft_add_expires_seconds) {
450 long tmo = x->lft.soft_add_expires_seconds +
451 x->curlft.add_time - now;
452 if (tmo <= 0)
453 warn = 1;
454 else if (tmo < next)
455 next = tmo;
456 }
457 if (x->lft.soft_use_expires_seconds) {
458 long tmo = x->lft.soft_use_expires_seconds +
459 (x->curlft.use_time ? : now) - now;
460 if (tmo <= 0)
461 warn = 1;
462 else if (tmo < next)
463 next = tmo;
464 }
465
4666faab 466 x->km.dying = warn;
1da177e4 467 if (warn)
53bc6b4d 468 km_state_expired(x, 0, 0);
1da177e4 469resched:
a47f0ce0
DM		 470 if (next != LONG_MAX)
471 mod_timer(&x->timer, jiffies + make_jiffies(next));
472
1da177e4
LT		 473 goto out;
474
475expired:
476 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
477 x->km.state = XFRM_STATE_EXPIRED;
478 wake_up(&km_waitq);
479 next = 2;
480 goto resched;
481 }
161a09e7
JL		 482
483 err = __xfrm_state_delete(x);
484 if (!err && x->id.spi)
53bc6b4d 485 km_state_expired(x, 1, 0);
1da177e4 486
ab5f5e8b 487 xfrm_audit_state_delete(x, err ? 0 : 1,
2532386f
EP		 488 audit_get_loginuid(current),
489 audit_get_sessionid(current), 0);
161a09e7 490
1da177e4
LT		 491out:
492 spin_unlock(&x->lock);
1da177e4
LT		 493}
494
0ac84752
DM		 495static void xfrm_replay_timer_handler(unsigned long data);
496
673c09be 497struct xfrm_state *xfrm_state_alloc(struct net *net)
1da177e4
LT		 498{
499 struct xfrm_state *x;
500
0da974f4 501 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
1da177e4
LT		 502
503 if (x) {
673c09be 504 write_pnet(&x->xs_net, net);
1da177e4
LT		 505 atomic_set(&x->refcnt, 1);
506 atomic_set(&x->tunnel_users, 0);
12a169e7 507 INIT_LIST_HEAD(&x->km.all);
8f126e37
DM		 508 INIT_HLIST_NODE(&x->bydst);
509 INIT_HLIST_NODE(&x->bysrc);
510 INIT_HLIST_NODE(&x->byspi);
b24b8a24
PE		 511 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
512 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
513 (unsigned long)x);
9d729f72 514 x->curlft.add_time = get_seconds();
1da177e4
LT		 515 x->lft.soft_byte_limit = XFRM_INF;
516 x->lft.soft_packet_limit = XFRM_INF;
517 x->lft.hard_byte_limit = XFRM_INF;
518 x->lft.hard_packet_limit = XFRM_INF;
f8cd5488
JHS		 519 x->replay_maxage = 0;
520 x->replay_maxdiff = 0;
df9dcb45
KM		 521 x->inner_mode = NULL;
522 x->inner_mode_iaf = NULL;
1da177e4
LT		 523 spin_lock_init(&x->lock);
524 }
525 return x;
526}
527EXPORT_SYMBOL(xfrm_state_alloc);
528
529void __xfrm_state_destroy(struct xfrm_state *x)
530{
547b792c 531 WARN_ON(x->km.state != XFRM_STATE_DEAD);
1da177e4
LT		 532
533 spin_lock_bh(&xfrm_state_gc_lock);
12a169e7 534 hlist_add_head(&x->gclist, &xfrm_state_gc_list);
1da177e4
LT		 535 spin_unlock_bh(&xfrm_state_gc_lock);
536 schedule_work(&xfrm_state_gc_work);
537}
538EXPORT_SYMBOL(__xfrm_state_destroy);
539
53bc6b4d 540int __xfrm_state_delete(struct xfrm_state *x)
1da177e4 541{
26b15dad
JHS		 542 int err = -ESRCH;
543
1da177e4
LT		 544 if (x->km.state != XFRM_STATE_DEAD) {
545 x->km.state = XFRM_STATE_DEAD;
546 spin_lock(&xfrm_state_lock);
12a169e7 547 list_del(&x->km.all);
8f126e37 548 hlist_del(&x->bydst);
8f126e37 549 hlist_del(&x->bysrc);
a47f0ce0 550 if (x->id.spi)
8f126e37 551 hlist_del(&x->byspi);
f034b5d4 552 xfrm_state_num--;
1da177e4 553 spin_unlock(&xfrm_state_lock);
1da177e4 554
1da177e4
LT		 555 /* All xfrm_state objects are created by xfrm_state_alloc.
556 * The xfrm_state_alloc call gives a reference, and that
557 * is what we are dropping here.
558 */
5dba4797 559 xfrm_state_put(x);
26b15dad 560 err = 0;
1da177e4 561 }
26b15dad
JHS		 562
563 return err;
1da177e4 564}
53bc6b4d 565EXPORT_SYMBOL(__xfrm_state_delete);
1da177e4 566
26b15dad 567int xfrm_state_delete(struct xfrm_state *x)
1da177e4 568{
26b15dad
JHS		 569 int err;
570
1da177e4 571 spin_lock_bh(&x->lock);
26b15dad 572 err = __xfrm_state_delete(x);
1da177e4 573 spin_unlock_bh(&x->lock);
26b15dad
JHS		 574
575 return err;
1da177e4
LT		 576}
577EXPORT_SYMBOL(xfrm_state_delete);
578
4aa2e62c
JL		 579#ifdef CONFIG_SECURITY_NETWORK_XFRM
580static inline int
581xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
1da177e4 582{
4aa2e62c
JL		 583 int i, err = 0;
584
585 for (i = 0; i <= xfrm_state_hmask; i++) {
586 struct hlist_node *entry;
587 struct xfrm_state *x;
588
73d189dc 589 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
4aa2e62c
JL		 590 if (xfrm_id_proto_match(x->id.proto, proto) &&
591 (err = security_xfrm_state_delete(x)) != 0) {
ab5f5e8b
JL		 592 xfrm_audit_state_delete(x, 0,
593 audit_info->loginuid,
2532386f 594 audit_info->sessionid,
ab5f5e8b 595 audit_info->secid);
4aa2e62c
JL		 596 return err;
597 }
598 }
599 }
600
601 return err;
602}
603#else
604static inline int
605xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
606{
607 return 0;
608}
609#endif
610
611int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
612{
613 int i, err = 0;
1da177e4
LT		 614
615 spin_lock_bh(&xfrm_state_lock);
4aa2e62c
JL		 616 err = xfrm_state_flush_secctx_check(proto, audit_info);
617 if (err)
618 goto out;
619
a9917c06 620 for (i = 0; i <= xfrm_state_hmask; i++) {
8f126e37
DM		 621 struct hlist_node *entry;
622 struct xfrm_state *x;
1da177e4 623restart:
73d189dc 624 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
1da177e4 625 if (!xfrm_state_kern(x) &&
5794708f 626 xfrm_id_proto_match(x->id.proto, proto)) {
1da177e4
LT		 627 xfrm_state_hold(x);
628 spin_unlock_bh(&xfrm_state_lock);
629
161a09e7 630 err = xfrm_state_delete(x);
ab5f5e8b
JL		 631 xfrm_audit_state_delete(x, err ? 0 : 1,
632 audit_info->loginuid,
2532386f 633 audit_info->sessionid,
ab5f5e8b 634 audit_info->secid);
1da177e4
LT		 635 xfrm_state_put(x);
636
637 spin_lock_bh(&xfrm_state_lock);
638 goto restart;
639 }
640 }
641 }
4aa2e62c
JL		 642 err = 0;
643
644out:
1da177e4
LT		 645 spin_unlock_bh(&xfrm_state_lock);
646 wake_up(&km_waitq);
4aa2e62c 647 return err;
1da177e4
LT		 648}
649EXPORT_SYMBOL(xfrm_state_flush);
650
af11e316 651void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
28d8909b
JHS		 652{
653 spin_lock_bh(&xfrm_state_lock);
654 si->sadcnt = xfrm_state_num;
655 si->sadhcnt = xfrm_state_hmask;
656 si->sadhmcnt = xfrm_state_hashmax;
657 spin_unlock_bh(&xfrm_state_lock);
658}
659EXPORT_SYMBOL(xfrm_sad_getinfo);
660
1da177e4
LT		 661static int
662xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
663 struct xfrm_tmpl *tmpl,
664 xfrm_address_t *daddr, xfrm_address_t *saddr,
665 unsigned short family)
666{
667 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
668 if (!afinfo)
669 return -1;
670 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
671 xfrm_state_put_afinfo(afinfo);
672 return 0;
673}
674
a94cfd19 675static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
edcd5821
DM		 676{
677 unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
678 struct xfrm_state *x;
8f126e37 679 struct hlist_node *entry;
edcd5821 680
b754a4fd 681 hlist_for_each_entry(x, entry, init_net.xfrm.state_byspi+h, byspi) {
edcd5821
DM		 682 if (x->props.family != family ||
683 x->id.spi != spi ||
684 x->id.proto != proto)
685 continue;
686
687 switch (family) {
688 case AF_INET:
689 if (x->id.daddr.a4 != daddr->a4)
690 continue;
691 break;
692 case AF_INET6:
693 if (!ipv6_addr_equal((struct in6_addr *)daddr,
694 (struct in6_addr *)
695 x->id.daddr.a6))
696 continue;
697 break;
3ff50b79 698 }
edcd5821
DM		 699
700 xfrm_state_hold(x);
701 return x;
702 }
703
704 return NULL;
705}
706
707static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
708{
667bbcb6 709 unsigned int h = xfrm_src_hash(daddr, saddr, family);
edcd5821 710 struct xfrm_state *x;
8f126e37 711 struct hlist_node *entry;
edcd5821 712
d320bbb3 713 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
edcd5821
DM		 714 if (x->props.family != family ||
715 x->id.proto != proto)
716 continue;
717
718 switch (family) {
719 case AF_INET:
720 if (x->id.daddr.a4 != daddr->a4 ||
721 x->props.saddr.a4 != saddr->a4)
722 continue;
723 break;
724 case AF_INET6:
725 if (!ipv6_addr_equal((struct in6_addr *)daddr,
726 (struct in6_addr *)
727 x->id.daddr.a6) ||
728 !ipv6_addr_equal((struct in6_addr *)saddr,
729 (struct in6_addr *)
730 x->props.saddr.a6))
731 continue;
732 break;
3ff50b79 733 }
edcd5821
DM		 734
735 xfrm_state_hold(x);
736 return x;
737 }
738
739 return NULL;
740}
741
742static inline struct xfrm_state *
743__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
744{
745 if (use_spi)
746 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
747 x->id.proto, family);
748 else
749 return __xfrm_state_lookup_byaddr(&x->id.daddr,
750 &x->props.saddr,
751 x->id.proto, family);
752}
753
2fab22f2
PM		 754static void xfrm_hash_grow_check(int have_hash_collision)
755{
756 if (have_hash_collision &&
757 (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
758 xfrm_state_num > xfrm_state_hmask)
759 schedule_work(&xfrm_hash_work);
760}
761
1da177e4 762struct xfrm_state *
a716c119 763xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 764 struct flowi *fl, struct xfrm_tmpl *tmpl,
765 struct xfrm_policy *pol, int *err,
766 unsigned short family)
767{
4bda4f25 768 unsigned int h;
8f126e37 769 struct hlist_node *entry;
37b08e34 770 struct xfrm_state *x, *x0, *to_put;
1da177e4
LT		 771 int acquire_in_progress = 0;
772 int error = 0;
773 struct xfrm_state *best = NULL;
a716c119 774
37b08e34
DM		 775 to_put = NULL;
776
1da177e4 777 spin_lock_bh(&xfrm_state_lock);
4bda4f25 778 h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
73d189dc 779 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
1da177e4
LT		 780 if (x->props.family == family &&
781 x->props.reqid == tmpl->reqid &&
fbd9a5b4 782 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1da177e4
LT		 783 xfrm_state_addr_check(x, daddr, saddr, family) &&
784 tmpl->mode == x->props.mode &&
785 tmpl->id.proto == x->id.proto &&
786 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
787 /* Resolution logic:
788 1. There is a valid state with matching selector.
789 Done.
790 2. Valid state with inappropriate selector. Skip.
791
792 Entering area of "sysdeps".
793
794 3. If state is not valid, selector is temporary,
795 it selects only session which triggered
796 previous resolution. Key manager will do
797 something to install a state with proper
798 selector.
799 */
800 if (x->km.state == XFRM_STATE_VALID) {
df9dcb45 801 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
e0d1caa7 802 !security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 803 continue;
804 if (!best ||
805 best->km.dying > x->km.dying ||
806 (best->km.dying == x->km.dying &&
807 best->curlft.add_time < x->curlft.add_time))
808 best = x;
809 } else if (x->km.state == XFRM_STATE_ACQ) {
810 acquire_in_progress = 1;
811 } else if (x->km.state == XFRM_STATE_ERROR ||
812 x->km.state == XFRM_STATE_EXPIRED) {
48b8d783 813 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
e0d1caa7 814 security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 815 error = -ESRCH;
816 }
817 }
818 }
819
820 x = best;
821 if (!x && !error && !acquire_in_progress) {
5c5d281a 822 if (tmpl->id.spi &&
edcd5821
DM		 823 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
824 tmpl->id.proto, family)) != NULL) {
37b08e34 825 to_put = x0;
1da177e4
LT		 826 error = -EEXIST;
827 goto out;
828 }
673c09be 829 x = xfrm_state_alloc(&init_net);
1da177e4
LT		 830 if (x == NULL) {
831 error = -ENOMEM;
832 goto out;
833 }
834 /* Initialize temporary selector matching only
835 * to current session. */
836 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
837
e0d1caa7
VY		 838 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
839 if (error) {
840 x->km.state = XFRM_STATE_DEAD;
37b08e34 841 to_put = x;
e0d1caa7
VY		 842 x = NULL;
843 goto out;
844 }
845
1da177e4
LT		 846 if (km_query(x, tmpl, pol) == 0) {
847 x->km.state = XFRM_STATE_ACQ;
9d4139c7 848 list_add(&x->km.all, &init_net.xfrm.state_all);
73d189dc 849 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
667bbcb6 850 h = xfrm_src_hash(daddr, saddr, family);
d320bbb3 851 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1da177e4
LT		 852 if (x->id.spi) {
853 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
b754a4fd 854 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1da177e4 855 }
01e67d08
DM		 856 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
857 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1da177e4 858 add_timer(&x->timer);
2fab22f2
PM		 859 xfrm_state_num++;
860 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 861 } else {
862 x->km.state = XFRM_STATE_DEAD;
37b08e34 863 to_put = x;
1da177e4
LT		 864 x = NULL;
865 error = -ESRCH;
866 }
867 }
868out:
869 if (x)
870 xfrm_state_hold(x);
871 else
872 *err = acquire_in_progress ? -EAGAIN : error;
873 spin_unlock_bh(&xfrm_state_lock);
37b08e34
DM		 874 if (to_put)
875 xfrm_state_put(to_put);
1da177e4
LT		 876 return x;
877}
878
628529b6
JHS		 879struct xfrm_state *
880xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
881 unsigned short family, u8 mode, u8 proto, u32 reqid)
882{
4bda4f25 883 unsigned int h;
628529b6
JHS		 884 struct xfrm_state *rx = NULL, *x = NULL;
885 struct hlist_node *entry;
886
887 spin_lock(&xfrm_state_lock);
4bda4f25 888 h = xfrm_dst_hash(daddr, saddr, reqid, family);
73d189dc 889 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
628529b6
JHS		 890 if (x->props.family == family &&
891 x->props.reqid == reqid &&
892 !(x->props.flags & XFRM_STATE_WILDRECV) &&
893 xfrm_state_addr_check(x, daddr, saddr, family) &&
894 mode == x->props.mode &&
895 proto == x->id.proto &&
896 x->km.state == XFRM_STATE_VALID) {
897 rx = x;
898 break;
899 }
900 }
901
902 if (rx)
903 xfrm_state_hold(rx);
904 spin_unlock(&xfrm_state_lock);
905
906
907 return rx;
908}
909EXPORT_SYMBOL(xfrm_stateonly_find);
910
1da177e4
LT		 911static void __xfrm_state_insert(struct xfrm_state *x)
912{
a624c108 913 unsigned int h;
1da177e4 914
9d4a706d
DM		 915 x->genid = ++xfrm_state_genid;
916
9d4139c7 917 list_add(&x->km.all, &init_net.xfrm.state_all);
4c563f76 918
c1969f29
DM		 919 h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
920 x->props.reqid, x->props.family);
73d189dc 921 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
1da177e4 922
667bbcb6 923 h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
d320bbb3 924 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1da177e4 925
7b4dc360 926 if (x->id.spi) {
6c44e6b7
MN		 927 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
928 x->props.family);
929
b754a4fd 930 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
6c44e6b7
MN		 931 }
932
a47f0ce0
DM		 933 mod_timer(&x->timer, jiffies + HZ);
934 if (x->replay_maxage)
935 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
f8cd5488 936
1da177e4 937 wake_up(&km_waitq);
f034b5d4
DM		 938
939 xfrm_state_num++;
940
918049f0 941 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 942}
943
c7f5ea3a
DM		 944/* xfrm_state_lock is held */
945static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
946{
947 unsigned short family = xnew->props.family;
948 u32 reqid = xnew->props.reqid;
949 struct xfrm_state *x;
950 struct hlist_node *entry;
951 unsigned int h;
952
c1969f29 953 h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
73d189dc 954 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
c7f5ea3a
DM		 955 if (x->props.family == family &&
956 x->props.reqid == reqid &&
c1969f29
DM		 957 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
958 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
c7f5ea3a
DM		 959 x->genid = xfrm_state_genid;
960 }
961}
962
1da177e4
LT		 963void xfrm_state_insert(struct xfrm_state *x)
964{
965 spin_lock_bh(&xfrm_state_lock);
c7f5ea3a 966 __xfrm_state_bump_genids(x);
1da177e4
LT		 967 __xfrm_state_insert(x);
968 spin_unlock_bh(&xfrm_state_lock);
969}
970EXPORT_SYMBOL(xfrm_state_insert);
971
2770834c
DM		 972/* xfrm_state_lock is held */
973static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
974{
c1969f29 975 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
8f126e37 976 struct hlist_node *entry;
2770834c
DM		 977 struct xfrm_state *x;
978
73d189dc 979 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
2770834c
DM		 980 if (x->props.reqid != reqid ||
981 x->props.mode != mode ||
982 x->props.family != family ||
983 x->km.state != XFRM_STATE_ACQ ||
75e252d9
JL		 984 x->id.spi != 0 ||
985 x->id.proto != proto)
2770834c
DM		 986 continue;
987
988 switch (family) {
989 case AF_INET:
990 if (x->id.daddr.a4 != daddr->a4 ||
991 x->props.saddr.a4 != saddr->a4)
992 continue;
993 break;
994 case AF_INET6:
995 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
996 (struct in6_addr *)daddr) ||
997 !ipv6_addr_equal((struct in6_addr *)
998 x->props.saddr.a6,
999 (struct in6_addr *)saddr))
1000 continue;
1001 break;
3ff50b79 1002 }
2770834c
DM		 1003
1004 xfrm_state_hold(x);
1005 return x;
1006 }
1007
1008 if (!create)
1009 return NULL;
1010
673c09be 1011 x = xfrm_state_alloc(&init_net);
2770834c
DM		 1012 if (likely(x)) {
1013 switch (family) {
1014 case AF_INET:
1015 x->sel.daddr.a4 = daddr->a4;
1016 x->sel.saddr.a4 = saddr->a4;
1017 x->sel.prefixlen_d = 32;
1018 x->sel.prefixlen_s = 32;
1019 x->props.saddr.a4 = saddr->a4;
1020 x->id.daddr.a4 = daddr->a4;
1021 break;
1022
1023 case AF_INET6:
1024 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1025 (struct in6_addr *)daddr);
1026 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1027 (struct in6_addr *)saddr);
1028 x->sel.prefixlen_d = 128;
1029 x->sel.prefixlen_s = 128;
1030 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1031 (struct in6_addr *)saddr);
1032 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1033 (struct in6_addr *)daddr);
1034 break;
3ff50b79 1035 }
2770834c
DM		 1036
1037 x->km.state = XFRM_STATE_ACQ;
1038 x->id.proto = proto;
1039 x->props.family = family;
1040 x->props.mode = mode;
1041 x->props.reqid = reqid;
01e67d08 1042 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
2770834c 1043 xfrm_state_hold(x);
01e67d08 1044 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
2770834c 1045 add_timer(&x->timer);
9d4139c7 1046 list_add(&x->km.all, &init_net.xfrm.state_all);
73d189dc 1047 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
667bbcb6 1048 h = xfrm_src_hash(daddr, saddr, family);
d320bbb3 1049 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
918049f0
DM		 1050
1051 xfrm_state_num++;
1052
1053 xfrm_hash_grow_check(x->bydst.next != NULL);
2770834c
DM		 1054 }
1055
1056 return x;
1057}
1058
1da177e4
LT		 1059static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1060
1061int xfrm_state_add(struct xfrm_state *x)
1062{
37b08e34 1063 struct xfrm_state *x1, *to_put;
1da177e4
LT		 1064 int family;
1065 int err;
eb2971b6 1066 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4
LT		 1067
1068 family = x->props.family;
1da177e4 1069
37b08e34
DM		 1070 to_put = NULL;
1071
1da177e4
LT		 1072 spin_lock_bh(&xfrm_state_lock);
1073
edcd5821 1074 x1 = __xfrm_state_locate(x, use_spi, family);
1da177e4 1075 if (x1) {
37b08e34 1076 to_put = x1;
1da177e4
LT		 1077 x1 = NULL;
1078 err = -EEXIST;
1079 goto out;
1080 }
1081
eb2971b6 1082 if (use_spi && x->km.seq) {
1da177e4 1083 x1 = __xfrm_find_acq_byseq(x->km.seq);
75e252d9
JL		 1084 if (x1 && ((x1->id.proto != x->id.proto) ||
1085 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
37b08e34 1086 to_put = x1;
1da177e4
LT		 1087 x1 = NULL;
1088 }
1089 }
1090
eb2971b6 1091 if (use_spi && !x1)
2770834c
DM		 1092 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1093 x->id.proto,
1094 &x->id.daddr, &x->props.saddr, 0);
1da177e4 1095
c7f5ea3a 1096 __xfrm_state_bump_genids(x);
1da177e4
LT		 1097 __xfrm_state_insert(x);
1098 err = 0;
1099
1100out:
1101 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1102
1103 if (x1) {
1104 xfrm_state_delete(x1);
1105 xfrm_state_put(x1);
1106 }
1107
37b08e34
DM		 1108 if (to_put)
1109 xfrm_state_put(to_put);
1110
1da177e4
LT		 1111 return err;
1112}
1113EXPORT_SYMBOL(xfrm_state_add);
1114
80c9abaa 1115#ifdef CONFIG_XFRM_MIGRATE
6666351d 1116static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
80c9abaa
SS		 1117{
1118 int err = -ENOMEM;
673c09be 1119 struct xfrm_state *x = xfrm_state_alloc(&init_net);
80c9abaa
SS		 1120 if (!x)
1121 goto error;
1122
1123 memcpy(&x->id, &orig->id, sizeof(x->id));
1124 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1125 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1126 x->props.mode = orig->props.mode;
1127 x->props.replay_window = orig->props.replay_window;
1128 x->props.reqid = orig->props.reqid;
1129 x->props.family = orig->props.family;
1130 x->props.saddr = orig->props.saddr;
1131
1132 if (orig->aalg) {
1133 x->aalg = xfrm_algo_clone(orig->aalg);
1134 if (!x->aalg)
1135 goto error;
1136 }
1137 x->props.aalgo = orig->props.aalgo;
1138
1139 if (orig->ealg) {
1140 x->ealg = xfrm_algo_clone(orig->ealg);
1141 if (!x->ealg)
1142 goto error;
1143 }
1144 x->props.ealgo = orig->props.ealgo;
1145
1146 if (orig->calg) {
1147 x->calg = xfrm_algo_clone(orig->calg);
1148 if (!x->calg)
1149 goto error;
1150 }
1151 x->props.calgo = orig->props.calgo;
1152
a716c119 1153 if (orig->encap) {
80c9abaa
SS		 1154 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1155 if (!x->encap)
1156 goto error;
1157 }
1158
1159 if (orig->coaddr) {
1160 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1161 GFP_KERNEL);
1162 if (!x->coaddr)
1163 goto error;
1164 }
1165
1166 err = xfrm_init_state(x);
1167 if (err)
1168 goto error;
1169
1170 x->props.flags = orig->props.flags;
1171
1172 x->curlft.add_time = orig->curlft.add_time;
1173 x->km.state = orig->km.state;
1174 x->km.seq = orig->km.seq;
1175
1176 return x;
1177
1178 error:
1179 if (errp)
1180 *errp = err;
1181 if (x) {
1182 kfree(x->aalg);
1183 kfree(x->ealg);
1184 kfree(x->calg);
1185 kfree(x->encap);
1186 kfree(x->coaddr);
1187 }
1188 kfree(x);
1189 return NULL;
1190}
80c9abaa
SS		 1191
1192/* xfrm_state_lock is held */
1193struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1194{
1195 unsigned int h;
1196 struct xfrm_state *x;
1197 struct hlist_node *entry;
1198
1199 if (m->reqid) {
1200 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1201 m->reqid, m->old_family);
73d189dc 1202 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
80c9abaa
SS		 1203 if (x->props.mode != m->mode ||
1204 x->id.proto != m->proto)
1205 continue;
1206 if (m->reqid && x->props.reqid != m->reqid)
1207 continue;
1208 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1209 m->old_family) ||
1210 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1211 m->old_family))
1212 continue;
1213 xfrm_state_hold(x);
1214 return x;
1215 }
1216 } else {
1217 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1218 m->old_family);
d320bbb3 1219 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
80c9abaa
SS		 1220 if (x->props.mode != m->mode ||
1221 x->id.proto != m->proto)
1222 continue;
1223 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1224 m->old_family) ||
1225 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1226 m->old_family))
1227 continue;
1228 xfrm_state_hold(x);
1229 return x;
1230 }
1231 }
1232
a716c119 1233 return NULL;
80c9abaa
SS		 1234}
1235EXPORT_SYMBOL(xfrm_migrate_state_find);
1236
1237struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1238 struct xfrm_migrate *m)
1239{
1240 struct xfrm_state *xc;
1241 int err;
1242
1243 xc = xfrm_state_clone(x, &err);
1244 if (!xc)
1245 return NULL;
1246
1247 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1248 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1249
1250 /* add state */
1251 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1252 /* a care is needed when the destination address of the
1253 state is to be updated as it is a part of triplet */
1254 xfrm_state_insert(xc);
1255 } else {
1256 if ((err = xfrm_state_add(xc)) < 0)
1257 goto error;
1258 }
1259
1260 return xc;
1261error:
1262 kfree(xc);
1263 return NULL;
1264}
1265EXPORT_SYMBOL(xfrm_state_migrate);
1266#endif
1267
1da177e4
LT		 1268int xfrm_state_update(struct xfrm_state *x)
1269{
37b08e34 1270 struct xfrm_state *x1, *to_put;
1da177e4 1271 int err;
eb2971b6 1272 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4 1273
37b08e34
DM		 1274 to_put = NULL;
1275
1da177e4 1276 spin_lock_bh(&xfrm_state_lock);
edcd5821 1277 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1da177e4
LT		 1278
1279 err = -ESRCH;
1280 if (!x1)
1281 goto out;
1282
1283 if (xfrm_state_kern(x1)) {
37b08e34 1284 to_put = x1;
1da177e4
LT		 1285 err = -EEXIST;
1286 goto out;
1287 }
1288
1289 if (x1->km.state == XFRM_STATE_ACQ) {
1290 __xfrm_state_insert(x);
1291 x = NULL;
1292 }
1293 err = 0;
1294
1295out:
1296 spin_unlock_bh(&xfrm_state_lock);
1da177e4 1297
37b08e34
DM		 1298 if (to_put)
1299 xfrm_state_put(to_put);
1300
1da177e4
LT		 1301 if (err)
1302 return err;
1303
1304 if (!x) {
1305 xfrm_state_delete(x1);
1306 xfrm_state_put(x1);
1307 return 0;
1308 }
1309
1310 err = -EINVAL;
1311 spin_lock_bh(&x1->lock);
1312 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1313 if (x->encap && x1->encap)
1314 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
060f02a3
NT		 1315 if (x->coaddr && x1->coaddr) {
1316 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1317 }
1318 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1319 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1da177e4
LT		 1320 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1321 x1->km.dying = 0;
1322
a47f0ce0 1323 mod_timer(&x1->timer, jiffies + HZ);
1da177e4
LT		 1324 if (x1->curlft.use_time)
1325 xfrm_state_check_expire(x1);
1326
1327 err = 0;
1328 }
1329 spin_unlock_bh(&x1->lock);
1330
1331 xfrm_state_put(x1);
1332
1333 return err;
1334}
1335EXPORT_SYMBOL(xfrm_state_update);
1336
1337int xfrm_state_check_expire(struct xfrm_state *x)
1338{
1339 if (!x->curlft.use_time)
9d729f72 1340 x->curlft.use_time = get_seconds();
1da177e4
LT		 1341
1342 if (x->km.state != XFRM_STATE_VALID)
1343 return -EINVAL;
1344
1345 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1346 x->curlft.packets >= x->lft.hard_packet_limit) {
4666faab 1347 x->km.state = XFRM_STATE_EXPIRED;
a47f0ce0 1348 mod_timer(&x->timer, jiffies);
1da177e4
LT		 1349 return -EINVAL;
1350 }
1351
1352 if (!x->km.dying &&
1353 (x->curlft.bytes >= x->lft.soft_byte_limit ||
4666faab
HX		 1354 x->curlft.packets >= x->lft.soft_packet_limit)) {
1355 x->km.dying = 1;
53bc6b4d 1356 km_state_expired(x, 0, 0);
4666faab 1357 }
1da177e4
LT		 1358 return 0;
1359}
1360EXPORT_SYMBOL(xfrm_state_check_expire);
1361
1da177e4 1362struct xfrm_state *
a94cfd19 1363xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1da177e4
LT		 1364 unsigned short family)
1365{
1366 struct xfrm_state *x;
1da177e4
LT		 1367
1368 spin_lock_bh(&xfrm_state_lock);
edcd5821 1369 x = __xfrm_state_lookup(daddr, spi, proto, family);
1da177e4 1370 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1371 return x;
1372}
1373EXPORT_SYMBOL(xfrm_state_lookup);
1374
1375struct xfrm_state *
eb2971b6
MN		 1376xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1377 u8 proto, unsigned short family)
1378{
1379 struct xfrm_state *x;
eb2971b6
MN		 1380
1381 spin_lock_bh(&xfrm_state_lock);
edcd5821 1382 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
eb2971b6 1383 spin_unlock_bh(&xfrm_state_lock);
eb2971b6
MN		 1384 return x;
1385}
1386EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1387
1388struct xfrm_state *
a716c119
YH		 1389xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1390 xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 1391 int create, unsigned short family)
1392{
1393 struct xfrm_state *x;
1da177e4
LT		 1394
1395 spin_lock_bh(&xfrm_state_lock);
2770834c 1396 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1da177e4 1397 spin_unlock_bh(&xfrm_state_lock);
2770834c 1398
1da177e4
LT		 1399 return x;
1400}
1401EXPORT_SYMBOL(xfrm_find_acq);
1402
41a49cc3
MN		 1403#ifdef CONFIG_XFRM_SUB_POLICY
1404int
1405xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1406 unsigned short family)
1407{
1408 int err = 0;
1409 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1410 if (!afinfo)
1411 return -EAFNOSUPPORT;
1412
1413 spin_lock_bh(&xfrm_state_lock);
1414 if (afinfo->tmpl_sort)
1415 err = afinfo->tmpl_sort(dst, src, n);
1416 spin_unlock_bh(&xfrm_state_lock);
1417 xfrm_state_put_afinfo(afinfo);
1418 return err;
1419}
1420EXPORT_SYMBOL(xfrm_tmpl_sort);
1421
1422int
1423xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1424 unsigned short family)
1425{
1426 int err = 0;
1427 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1428 if (!afinfo)
1429 return -EAFNOSUPPORT;
1430
1431 spin_lock_bh(&xfrm_state_lock);
1432 if (afinfo->state_sort)
1433 err = afinfo->state_sort(dst, src, n);
1434 spin_unlock_bh(&xfrm_state_lock);
1435 xfrm_state_put_afinfo(afinfo);
1436 return err;
1437}
1438EXPORT_SYMBOL(xfrm_state_sort);
1439#endif
1440
1da177e4
LT		 1441/* Silly enough, but I'm lazy to build resolution list */
1442
1443static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1444{
1445 int i;
1da177e4 1446
f034b5d4 1447 for (i = 0; i <= xfrm_state_hmask; i++) {
8f126e37
DM		 1448 struct hlist_node *entry;
1449 struct xfrm_state *x;
1450
73d189dc 1451 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
8f126e37
DM		 1452 if (x->km.seq == seq &&
1453 x->km.state == XFRM_STATE_ACQ) {
1da177e4
LT		 1454 xfrm_state_hold(x);
1455 return x;
1456 }
1457 }
1458 }
1459 return NULL;
1460}
1461
1462struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1463{
1464 struct xfrm_state *x;
1465
1466 spin_lock_bh(&xfrm_state_lock);
1467 x = __xfrm_find_acq_byseq(seq);
1468 spin_unlock_bh(&xfrm_state_lock);
1469 return x;
1470}
1471EXPORT_SYMBOL(xfrm_find_acq_byseq);
1472
1473u32 xfrm_get_acqseq(void)
1474{
1475 u32 res;
1476 static u32 acqseq;
1477 static DEFINE_SPINLOCK(acqseq_lock);
1478
1479 spin_lock_bh(&acqseq_lock);
1480 res = (++acqseq ? : ++acqseq);
1481 spin_unlock_bh(&acqseq_lock);
1482 return res;
1483}
1484EXPORT_SYMBOL(xfrm_get_acqseq);
1485
658b219e 1486int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1da177e4 1487{
f034b5d4 1488 unsigned int h;
1da177e4 1489 struct xfrm_state *x0;
658b219e
HX		 1490 int err = -ENOENT;
1491 __be32 minspi = htonl(low);
1492 __be32 maxspi = htonl(high);
1da177e4 1493
658b219e
HX		 1494 spin_lock_bh(&x->lock);
1495 if (x->km.state == XFRM_STATE_DEAD)
1496 goto unlock;
1497
1498 err = 0;
1da177e4 1499 if (x->id.spi)
658b219e
HX		 1500 goto unlock;
1501
1502 err = -ENOENT;
1da177e4
LT		 1503
1504 if (minspi == maxspi) {
1505 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1506 if (x0) {
1507 xfrm_state_put(x0);
658b219e 1508 goto unlock;
1da177e4
LT		 1509 }
1510 x->id.spi = minspi;
1511 } else {
1512 u32 spi = 0;
26977b4e
AV		 1513 for (h=0; h<high-low+1; h++) {
1514 spi = low + net_random()%(high-low+1);
1da177e4
LT		 1515 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1516 if (x0 == NULL) {
1517 x->id.spi = htonl(spi);
1518 break;
1519 }
1520 xfrm_state_put(x0);
1521 }
1522 }
1523 if (x->id.spi) {
1524 spin_lock_bh(&xfrm_state_lock);
1525 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
b754a4fd 1526 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1da177e4 1527 spin_unlock_bh(&xfrm_state_lock);
658b219e
HX		 1528
1529 err = 0;
1da177e4 1530 }
658b219e
HX		 1531
1532unlock:
1533 spin_unlock_bh(&x->lock);
1534
1535 return err;
1da177e4
LT		 1536}
1537EXPORT_SYMBOL(xfrm_alloc_spi);
1538
4c563f76
TT		 1539int xfrm_state_walk(struct xfrm_state_walk *walk,
1540 int (*func)(struct xfrm_state *, int, void*),
1da177e4
LT		 1541 void *data)
1542{
12a169e7
HX		 1543 struct xfrm_state *state;
1544 struct xfrm_state_walk *x;
1da177e4
LT		 1545 int err = 0;
1546
12a169e7 1547 if (walk->seq != 0 && list_empty(&walk->all))
4c563f76
TT		 1548 return 0;
1549
1da177e4 1550 spin_lock_bh(&xfrm_state_lock);
12a169e7 1551 if (list_empty(&walk->all))
9d4139c7 1552 x = list_first_entry(&init_net.xfrm.state_all, struct xfrm_state_walk, all);
12a169e7
HX		 1553 else
1554 x = list_entry(&walk->all, struct xfrm_state_walk, all);
9d4139c7 1555 list_for_each_entry_from(x, &init_net.xfrm.state_all, all) {
12a169e7 1556 if (x->state == XFRM_STATE_DEAD)
4c563f76 1557 continue;
12a169e7
HX		 1558 state = container_of(x, struct xfrm_state, km);
1559 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
4c563f76 1560 continue;
12a169e7
HX		 1561 err = func(state, walk->seq, data);
1562 if (err) {
1563 list_move_tail(&walk->all, &x->all);
1564 goto out;
1da177e4 1565 }
12a169e7 1566 walk->seq++;
1da177e4 1567 }
12a169e7 1568 if (walk->seq == 0) {
1da177e4
LT		 1569 err = -ENOENT;
1570 goto out;
1571 }
12a169e7 1572 list_del_init(&walk->all);
1da177e4
LT		 1573out:
1574 spin_unlock_bh(&xfrm_state_lock);
1575 return err;
1576}
1577EXPORT_SYMBOL(xfrm_state_walk);
1578
5c182458
HX		 1579void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1580{
12a169e7 1581 INIT_LIST_HEAD(&walk->all);
5c182458 1582 walk->proto = proto;
12a169e7
HX		 1583 walk->state = XFRM_STATE_DEAD;
1584 walk->seq = 0;
5c182458
HX		 1585}
1586EXPORT_SYMBOL(xfrm_state_walk_init);
1587
abb81c4f
HX		 1588void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1589{
12a169e7 1590 if (list_empty(&walk->all))
5c182458 1591 return;
5c182458 1592
12a169e7
HX		 1593 spin_lock_bh(&xfrm_state_lock);
1594 list_del(&walk->all);
1595 spin_lock_bh(&xfrm_state_lock);
abb81c4f
HX		 1596}
1597EXPORT_SYMBOL(xfrm_state_walk_done);
1598
f8cd5488
JHS		 1599
1600void xfrm_replay_notify(struct xfrm_state *x, int event)
1601{
1602 struct km_event c;
1603 /* we send notify messages in case
1604 * 1. we updated on of the sequence numbers, and the seqno difference
1605 * is at least x->replay_maxdiff, in this case we also update the
1606 * timeout of our timer function
1607 * 2. if x->replay_maxage has elapsed since last update,
1608 * and there were changes
1609 *
1610 * The state structure must be locked!
1611 */
1612
1613 switch (event) {
1614 case XFRM_REPLAY_UPDATE:
1615 if (x->replay_maxdiff &&
1616 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
2717096a
JHS		 1617 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1618 if (x->xflags & XFRM_TIME_DEFER)
1619 event = XFRM_REPLAY_TIMEOUT;
1620 else
1621 return;
1622 }
f8cd5488
JHS		 1623
1624 break;
1625
1626 case XFRM_REPLAY_TIMEOUT:
1627 if ((x->replay.seq == x->preplay.seq) &&
1628 (x->replay.bitmap == x->preplay.bitmap) &&
2717096a
JHS		 1629 (x->replay.oseq == x->preplay.oseq)) {
1630 x->xflags |= XFRM_TIME_DEFER;
f8cd5488 1631 return;
2717096a 1632 }
f8cd5488
JHS		 1633
1634 break;
1635 }
1636
1637 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1638 c.event = XFRM_MSG_NEWAE;
1639 c.data.aevent = event;
1640 km_state_notify(x, &c);
1641
f8cd5488 1642 if (x->replay_maxage &&
a47f0ce0 1643 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
2717096a 1644 x->xflags &= ~XFRM_TIME_DEFER;
f8cd5488
JHS		 1645}
1646
1647static void xfrm_replay_timer_handler(unsigned long data)
1648{
1649 struct xfrm_state *x = (struct xfrm_state*)data;
1650
1651 spin_lock(&x->lock);
1652
2717096a
JHS		 1653 if (x->km.state == XFRM_STATE_VALID) {
1654 if (xfrm_aevent_is_on())
1655 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1656 else
1657 x->xflags |= XFRM_TIME_DEFER;
1658 }
f8cd5488
JHS		 1659
1660 spin_unlock(&x->lock);
1661}
1662
afeb14b4
PM		 1663int xfrm_replay_check(struct xfrm_state *x,
1664 struct sk_buff *skb, __be32 net_seq)
1da177e4
LT		 1665{
1666 u32 diff;
a252cc23 1667 u32 seq = ntohl(net_seq);
1da177e4
LT		 1668
1669 if (unlikely(seq == 0))
afeb14b4 1670 goto err;
1da177e4
LT		 1671
1672 if (likely(seq > x->replay.seq))
1673 return 0;
1674
1675 diff = x->replay.seq - seq;
4c4d51a7
HX		 1676 if (diff >= min_t(unsigned int, x->props.replay_window,
1677 sizeof(x->replay.bitmap) * 8)) {
1da177e4 1678 x->stats.replay_window++;
afeb14b4 1679 goto err;
1da177e4
LT		 1680 }
1681
1682 if (x->replay.bitmap & (1U << diff)) {
1683 x->stats.replay++;
afeb14b4 1684 goto err;
1da177e4
LT		 1685 }
1686 return 0;
afeb14b4
PM		 1687
1688err:
1689 xfrm_audit_state_replay(x, skb, net_seq);
1690 return -EINVAL;
1da177e4 1691}
1da177e4 1692
61f4627b 1693void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1da177e4
LT		 1694{
1695 u32 diff;
61f4627b 1696 u32 seq = ntohl(net_seq);
1da177e4
LT		 1697
1698 if (seq > x->replay.seq) {
1699 diff = seq - x->replay.seq;
1700 if (diff < x->props.replay_window)
1701 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1702 else
1703 x->replay.bitmap = 1;
1704 x->replay.seq = seq;
1705 } else {
1706 diff = x->replay.seq - seq;
1707 x->replay.bitmap |= (1U << diff);
1708 }
f8cd5488
JHS		 1709
1710 if (xfrm_aevent_is_on())
1711 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1da177e4 1712}
1da177e4 1713
df01812e 1714static LIST_HEAD(xfrm_km_list);
1da177e4
LT		 1715static DEFINE_RWLOCK(xfrm_km_lock);
1716
26b15dad 1717void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1da177e4
LT		 1718{
1719 struct xfrm_mgr *km;
1720
26b15dad
JHS		 1721 read_lock(&xfrm_km_lock);
1722 list_for_each_entry(km, &xfrm_km_list, list)
1723 if (km->notify_policy)
1724 km->notify_policy(xp, dir, c);
1725 read_unlock(&xfrm_km_lock);
1726}
1da177e4 1727
26b15dad
JHS		 1728void km_state_notify(struct xfrm_state *x, struct km_event *c)
1729{
1730 struct xfrm_mgr *km;
1da177e4
LT		 1731 read_lock(&xfrm_km_lock);
1732 list_for_each_entry(km, &xfrm_km_list, list)
26b15dad
JHS		 1733 if (km->notify)
1734 km->notify(x, c);
1da177e4 1735 read_unlock(&xfrm_km_lock);
26b15dad
JHS		 1736}
1737
1738EXPORT_SYMBOL(km_policy_notify);
1739EXPORT_SYMBOL(km_state_notify);
1740
53bc6b4d 1741void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
26b15dad
JHS		 1742{
1743 struct km_event c;
1744
bf08867f 1745 c.data.hard = hard;
53bc6b4d 1746 c.pid = pid;
f60f6b8f 1747 c.event = XFRM_MSG_EXPIRE;
26b15dad 1748 km_state_notify(x, &c);
1da177e4
LT		 1749
1750 if (hard)
1751 wake_up(&km_waitq);
1752}
1753
53bc6b4d 1754EXPORT_SYMBOL(km_state_expired);
26b15dad
JHS		 1755/*
1756 * We send to all registered managers regardless of failure
1757 * We are happy with one success
1758*/
980ebd25 1759int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1da177e4 1760{
26b15dad 1761 int err = -EINVAL, acqret;
1da177e4
LT		 1762 struct xfrm_mgr *km;
1763
1764 read_lock(&xfrm_km_lock);
1765 list_for_each_entry(km, &xfrm_km_list, list) {
26b15dad
JHS		 1766 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1767 if (!acqret)
1768 err = acqret;
1da177e4
LT		 1769 }
1770 read_unlock(&xfrm_km_lock);
1771 return err;
1772}
980ebd25 1773EXPORT_SYMBOL(km_query);
1da177e4 1774
5d36b180 1775int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1da177e4
LT		 1776{
1777 int err = -EINVAL;
1778 struct xfrm_mgr *km;
1779
1780 read_lock(&xfrm_km_lock);
1781 list_for_each_entry(km, &xfrm_km_list, list) {
1782 if (km->new_mapping)
1783 err = km->new_mapping(x, ipaddr, sport);
1784 if (!err)
1785 break;
1786 }
1787 read_unlock(&xfrm_km_lock);
1788 return err;
1789}
1790EXPORT_SYMBOL(km_new_mapping);
1791
6c5c8ca7 1792void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1da177e4 1793{
26b15dad 1794 struct km_event c;
1da177e4 1795
bf08867f 1796 c.data.hard = hard;
6c5c8ca7 1797 c.pid = pid;
f60f6b8f 1798 c.event = XFRM_MSG_POLEXPIRE;
26b15dad 1799 km_policy_notify(pol, dir, &c);
1da177e4
LT		 1800
1801 if (hard)
1802 wake_up(&km_waitq);
1803}
a70fcb0b 1804EXPORT_SYMBOL(km_policy_expired);
1da177e4 1805
2d60abc2 1806#ifdef CONFIG_XFRM_MIGRATE
80c9abaa 1807int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
13c1d189
AE		 1808 struct xfrm_migrate *m, int num_migrate,
1809 struct xfrm_kmaddress *k)
80c9abaa
SS		 1810{
1811 int err = -EINVAL;
1812 int ret;
1813 struct xfrm_mgr *km;
1814
1815 read_lock(&xfrm_km_lock);
1816 list_for_each_entry(km, &xfrm_km_list, list) {
1817 if (km->migrate) {
13c1d189 1818 ret = km->migrate(sel, dir, type, m, num_migrate, k);
80c9abaa
SS		 1819 if (!ret)
1820 err = ret;
1821 }
1822 }
1823 read_unlock(&xfrm_km_lock);
1824 return err;
1825}
1826EXPORT_SYMBOL(km_migrate);
2d60abc2 1827#endif
80c9abaa 1828
97a64b45
MN		 1829int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1830{
1831 int err = -EINVAL;
1832 int ret;
1833 struct xfrm_mgr *km;
1834
1835 read_lock(&xfrm_km_lock);
1836 list_for_each_entry(km, &xfrm_km_list, list) {
1837 if (km->report) {
1838 ret = km->report(proto, sel, addr);
1839 if (!ret)
1840 err = ret;
1841 }
1842 }
1843 read_unlock(&xfrm_km_lock);
1844 return err;
1845}
1846EXPORT_SYMBOL(km_report);
1847
1da177e4
LT		 1848int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1849{
1850 int err;
1851 u8 *data;
1852 struct xfrm_mgr *km;
1853 struct xfrm_policy *pol = NULL;
1854
1855 if (optlen <= 0 || optlen > PAGE_SIZE)
1856 return -EMSGSIZE;
1857
1858 data = kmalloc(optlen, GFP_KERNEL);
1859 if (!data)
1860 return -ENOMEM;
1861
1862 err = -EFAULT;
1863 if (copy_from_user(data, optval, optlen))
1864 goto out;
1865
1866 err = -EINVAL;
1867 read_lock(&xfrm_km_lock);
1868 list_for_each_entry(km, &xfrm_km_list, list) {
cb969f07 1869 pol = km->compile_policy(sk, optname, data,
1da177e4
LT		 1870 optlen, &err);
1871 if (err >= 0)
1872 break;
1873 }
1874 read_unlock(&xfrm_km_lock);
1875
1876 if (err >= 0) {
1877 xfrm_sk_policy_insert(sk, err, pol);
1878 xfrm_pol_put(pol);
1879 err = 0;
1880 }
1881
1882out:
1883 kfree(data);
1884 return err;
1885}
1886EXPORT_SYMBOL(xfrm_user_policy);
1887
1888int xfrm_register_km(struct xfrm_mgr *km)
1889{
1890 write_lock_bh(&xfrm_km_lock);
1891 list_add_tail(&km->list, &xfrm_km_list);
1892 write_unlock_bh(&xfrm_km_lock);
1893 return 0;
1894}
1895EXPORT_SYMBOL(xfrm_register_km);
1896
1897int xfrm_unregister_km(struct xfrm_mgr *km)
1898{
1899 write_lock_bh(&xfrm_km_lock);
1900 list_del(&km->list);
1901 write_unlock_bh(&xfrm_km_lock);
1902 return 0;
1903}
1904EXPORT_SYMBOL(xfrm_unregister_km);
1905
1906int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1907{
1908 int err = 0;
1909 if (unlikely(afinfo == NULL))
1910 return -EINVAL;
1911 if (unlikely(afinfo->family >= NPROTO))
1912 return -EAFNOSUPPORT;
f3111502 1913 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1914 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1915 err = -ENOBUFS;
edcd5821 1916 else
1da177e4 1917 xfrm_state_afinfo[afinfo->family] = afinfo;
f3111502 1918 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1919 return err;
1920}
1921EXPORT_SYMBOL(xfrm_state_register_afinfo);
1922
1923int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1924{
1925 int err = 0;
1926 if (unlikely(afinfo == NULL))
1927 return -EINVAL;
1928 if (unlikely(afinfo->family >= NPROTO))
1929 return -EAFNOSUPPORT;
f3111502 1930 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1931 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1932 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1933 err = -EINVAL;
edcd5821 1934 else
1da177e4 1935 xfrm_state_afinfo[afinfo->family] = NULL;
1da177e4 1936 }
f3111502 1937 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1938 return err;
1939}
1940EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1941
17c2a42a 1942static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1da177e4
LT		 1943{
1944 struct xfrm_state_afinfo *afinfo;
1945 if (unlikely(family >= NPROTO))
1946 return NULL;
1947 read_lock(&xfrm_state_afinfo_lock);
1948 afinfo = xfrm_state_afinfo[family];
546be240
HX		 1949 if (unlikely(!afinfo))
1950 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1951 return afinfo;
1952}
1953
17c2a42a 1954static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 1955 __releases(xfrm_state_afinfo_lock)
1da177e4 1956{
546be240 1957 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1958}
1959
1960/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1961void xfrm_state_delete_tunnel(struct xfrm_state *x)
1962{
1963 if (x->tunnel) {
1964 struct xfrm_state *t = x->tunnel;
1965
1966 if (atomic_read(&t->tunnel_users) == 2)
1967 xfrm_state_delete(t);
1968 atomic_dec(&t->tunnel_users);
1969 xfrm_state_put(t);
1970 x->tunnel = NULL;
1971 }
1972}
1973EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1974
1975int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1976{
c5c25238 1977 int res;
1da177e4 1978
c5c25238
PM		 1979 spin_lock_bh(&x->lock);
1980 if (x->km.state == XFRM_STATE_VALID &&
1981 x->type && x->type->get_mtu)
1982 res = x->type->get_mtu(x, mtu);
1983 else
28121617 1984 res = mtu - x->props.header_len;
c5c25238 1985 spin_unlock_bh(&x->lock);
1da177e4
LT		 1986 return res;
1987}
1988
72cb6962
HX		 1989int xfrm_init_state(struct xfrm_state *x)
1990{
d094cd83 1991 struct xfrm_state_afinfo *afinfo;
df9dcb45 1992 struct xfrm_mode *inner_mode;
d094cd83 1993 int family = x->props.family;
72cb6962
HX		 1994 int err;
1995
d094cd83
HX		 1996 err = -EAFNOSUPPORT;
1997 afinfo = xfrm_state_get_afinfo(family);
1998 if (!afinfo)
1999 goto error;
2000
2001 err = 0;
2002 if (afinfo->init_flags)
2003 err = afinfo->init_flags(x);
2004
2005 xfrm_state_put_afinfo(afinfo);
2006
2007 if (err)
2008 goto error;
2009
2010 err = -EPROTONOSUPPORT;
13996378 2011
df9dcb45
KM		 2012 if (x->sel.family != AF_UNSPEC) {
2013 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2014 if (inner_mode == NULL)
2015 goto error;
2016
2017 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2018 family != x->sel.family) {
2019 xfrm_put_mode(inner_mode);
2020 goto error;
2021 }
2022
2023 x->inner_mode = inner_mode;
2024 } else {
2025 struct xfrm_mode *inner_mode_iaf;
2026
2027 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2028 if (inner_mode == NULL)
2029 goto error;
2030
2031 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2032 xfrm_put_mode(inner_mode);
2033 goto error;
2034 }
2035
2036 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2037 if (inner_mode_iaf == NULL)
2038 goto error;
2039
2040 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2041 xfrm_put_mode(inner_mode_iaf);
2042 goto error;
2043 }
2044
2045 if (x->props.family == AF_INET) {
2046 x->inner_mode = inner_mode;
2047 x->inner_mode_iaf = inner_mode_iaf;
2048 } else {
2049 x->inner_mode = inner_mode_iaf;
2050 x->inner_mode_iaf = inner_mode;
2051 }
2052 }
13996378 2053
d094cd83 2054 x->type = xfrm_get_type(x->id.proto, family);
72cb6962
HX		 2055 if (x->type == NULL)
2056 goto error;
2057
2058 err = x->type->init_state(x);
2059 if (err)
2060 goto error;
2061
13996378
HX		 2062 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2063 if (x->outer_mode == NULL)
b59f45d0
HX		 2064 goto error;
2065
72cb6962
HX		 2066 x->km.state = XFRM_STATE_VALID;
2067
2068error:
2069 return err;
2070}
2071
2072EXPORT_SYMBOL(xfrm_init_state);
a716c119 2073
d62ddc21 2074int __net_init xfrm_state_init(struct net *net)
1da177e4 2075{
f034b5d4
DM		 2076 unsigned int sz;
2077
9d4139c7
AD		 2078 INIT_LIST_HEAD(&net->xfrm.state_all);
2079
f034b5d4
DM		 2080 sz = sizeof(struct hlist_head) * 8;
2081
73d189dc
AD		 2082 net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2083 if (!net->xfrm.state_bydst)
2084 goto out_bydst;
d320bbb3
AD		 2085 net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2086 if (!net->xfrm.state_bysrc)
2087 goto out_bysrc;
b754a4fd
AD		 2088 net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2089 if (!net->xfrm.state_byspi)
2090 goto out_byspi;
f034b5d4 2091 xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1da177e4 2092
c4028958 2093 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
d62ddc21 2094 return 0;
73d189dc 2095
b754a4fd
AD		 2096out_byspi:
2097 xfrm_hash_free(net->xfrm.state_bysrc, sz);
d320bbb3
AD		 2098out_bysrc:
2099 xfrm_hash_free(net->xfrm.state_bydst, sz);
73d189dc
AD		 2100out_bydst:
2101 return -ENOMEM;
d62ddc21
AD		 2102}
2103
2104void xfrm_state_fini(struct net *net)
2105{
73d189dc
AD		 2106 unsigned int sz;
2107
9d4139c7 2108 WARN_ON(!list_empty(&net->xfrm.state_all));
73d189dc
AD		 2109
2110 sz = (xfrm_state_hmask + 1) * sizeof(struct hlist_head);
b754a4fd
AD		 2111 WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2112 xfrm_hash_free(net->xfrm.state_byspi, sz);
d320bbb3
AD		 2113 WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2114 xfrm_hash_free(net->xfrm.state_bysrc, sz);
73d189dc
AD		 2115 WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2116 xfrm_hash_free(net->xfrm.state_bydst, sz);
1da177e4
LT		 2117}
2118
ab5f5e8b 2119#ifdef CONFIG_AUDITSYSCALL
cf35f43e
IJ		 2120static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2121 struct audit_buffer *audit_buf)
ab5f5e8b 2122{
68277acc
PM		 2123 struct xfrm_sec_ctx *ctx = x->security;
2124 u32 spi = ntohl(x->id.spi);
2125
2126 if (ctx)
ab5f5e8b 2127 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
68277acc 2128 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
ab5f5e8b
JL		 2129
2130 switch(x->props.family) {
2131 case AF_INET:
21454aaa
HH		 2132 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2133 &x->props.saddr.a4, &x->id.daddr.a4);
ab5f5e8b
JL		 2134 break;
2135 case AF_INET6:
5b095d98 2136 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
fdb46ee7 2137 x->props.saddr.a6, x->id.daddr.a6);
ab5f5e8b
JL		 2138 break;
2139 }
68277acc
PM		 2140
2141 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
ab5f5e8b
JL		 2142}
2143
cf35f43e
IJ		 2144static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2145 struct audit_buffer *audit_buf)
afeb14b4
PM		 2146{
2147 struct iphdr *iph4;
2148 struct ipv6hdr *iph6;
2149
2150 switch (family) {
2151 case AF_INET:
2152 iph4 = ip_hdr(skb);
21454aaa
HH		 2153 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2154 &iph4->saddr, &iph4->daddr);
afeb14b4
PM		 2155 break;
2156 case AF_INET6:
2157 iph6 = ipv6_hdr(skb);
2158 audit_log_format(audit_buf,
5b095d98 2159 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
fdb46ee7 2160 &iph6->saddr,&iph6->daddr,
afeb14b4
PM		 2161 iph6->flow_lbl[0] & 0x0f,
2162 iph6->flow_lbl[1],
2163 iph6->flow_lbl[2]);
2164 break;
2165 }
2166}
2167
68277acc 2168void xfrm_audit_state_add(struct xfrm_state *x, int result,
2532386f 2169 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2170{
2171 struct audit_buffer *audit_buf;
ab5f5e8b 2172
afeb14b4 2173 audit_buf = xfrm_audit_start("SAD-add");
ab5f5e8b
JL		 2174 if (audit_buf == NULL)
2175 return;
2532386f 2176 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2177 xfrm_audit_helper_sainfo(x, audit_buf);
2178 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2179 audit_log_end(audit_buf);
2180}
2181EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2182
68277acc 2183void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2532386f 2184 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2185{
2186 struct audit_buffer *audit_buf;
ab5f5e8b 2187
afeb14b4 2188 audit_buf = xfrm_audit_start("SAD-delete");
ab5f5e8b
JL		 2189 if (audit_buf == NULL)
2190 return;
2532386f 2191 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2192 xfrm_audit_helper_sainfo(x, audit_buf);
2193 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2194 audit_log_end(audit_buf);
2195}
2196EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
afeb14b4
PM		 2197
2198void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2199 struct sk_buff *skb)
2200{
2201 struct audit_buffer *audit_buf;
2202 u32 spi;
2203
2204 audit_buf = xfrm_audit_start("SA-replay-overflow");
2205 if (audit_buf == NULL)
2206 return;
2207 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2208 /* don't record the sequence number because it's inherent in this kind
2209 * of audit message */
2210 spi = ntohl(x->id.spi);
2211 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2212 audit_log_end(audit_buf);
2213}
2214EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2215
2216static void xfrm_audit_state_replay(struct xfrm_state *x,
2217 struct sk_buff *skb, __be32 net_seq)
2218{
2219 struct audit_buffer *audit_buf;
2220 u32 spi;
2221
2222 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2223 if (audit_buf == NULL)
2224 return;
2225 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2226 spi = ntohl(x->id.spi);
2227 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2228 spi, spi, ntohl(net_seq));
2229 audit_log_end(audit_buf);
2230}
2231
2232void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2233{
2234 struct audit_buffer *audit_buf;
2235
2236 audit_buf = xfrm_audit_start("SA-notfound");
2237 if (audit_buf == NULL)
2238 return;
2239 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2240 audit_log_end(audit_buf);
2241}
2242EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2243
2244void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2245 __be32 net_spi, __be32 net_seq)
2246{
2247 struct audit_buffer *audit_buf;
2248 u32 spi;
2249
2250 audit_buf = xfrm_audit_start("SA-notfound");
2251 if (audit_buf == NULL)
2252 return;
2253 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2254 spi = ntohl(net_spi);
2255 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2256 spi, spi, ntohl(net_seq));
2257 audit_log_end(audit_buf);
2258}
2259EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2260
2261void xfrm_audit_state_icvfail(struct xfrm_state *x,
2262 struct sk_buff *skb, u8 proto)
2263{
2264 struct audit_buffer *audit_buf;
2265 __be32 net_spi;
2266 __be32 net_seq;
2267
2268 audit_buf = xfrm_audit_start("SA-icv-failure");
2269 if (audit_buf == NULL)
2270 return;
2271 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2272 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2273 u32 spi = ntohl(net_spi);
2274 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2275 spi, spi, ntohl(net_seq));
2276 }
2277 audit_log_end(audit_buf);
2278}
2279EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
ab5f5e8b 2280#endif /* CONFIG_AUDITSYSCALL */
Ubuntu Artful kernel mirror