]> git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/blame - net/xfrm/xfrm_state.c
projects / mirror_ubuntu-focal-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
netns xfrm: per-netns xfrm_state_bysrc hash
[mirror_ubuntu-focal-kernel.git] / net / xfrm / xfrm_state.c
CommitLineData
1da177e4
LT		 1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
df71837d 13 *
1da177e4
LT		 14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
f034b5d4 21#include <linux/cache.h>
68277acc 22#include <linux/audit.h>
b5890d8b 23#include <asm/uaccess.h>
1da177e4 24
44e36b42
DM		 25#include "xfrm_hash.h"
26
ee857a7d
DM		 27struct sock *xfrm_nl;
28EXPORT_SYMBOL(xfrm_nl);
29
01e67d08 30u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
a70fcb0b
DM		 31EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
01e67d08 33u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
a70fcb0b
DM		 34EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
01e67d08
DM		 36u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
1da177e4
LT		 38/* Each xfrm_state may be linked to two tables:
39
40 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
a624c108 41 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
1da177e4
LT		 42 destination/tunnel endpoint. (output)
43 */
44
45static DEFINE_SPINLOCK(xfrm_state_lock);
46
f034b5d4
DM		 47static struct hlist_head *xfrm_state_byspi __read_mostly;
48static unsigned int xfrm_state_hmask __read_mostly;
49static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
50static unsigned int xfrm_state_num;
9d4a706d 51static unsigned int xfrm_state_genid;
f034b5d4 52
17c2a42a
HX		 53static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
54static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
55
afeb14b4
PM		 56#ifdef CONFIG_AUDITSYSCALL
57static void xfrm_audit_state_replay(struct xfrm_state *x,
58 struct sk_buff *skb, __be32 net_seq);
59#else
60#define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
61#endif /* CONFIG_AUDITSYSCALL */
62
c1969f29
DM		 63static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
64 xfrm_address_t *saddr,
65 u32 reqid,
a624c108 66 unsigned short family)
f034b5d4 67{
c1969f29 68 return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
f034b5d4
DM		 69}
70
667bbcb6
MN		 71static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
72 xfrm_address_t *saddr,
44e36b42 73 unsigned short family)
f034b5d4 74{
667bbcb6 75 return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
f034b5d4
DM		 76}
77
f034b5d4 78static inline unsigned int
8122adf0 79xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
f034b5d4 80{
c1969f29 81 return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
f034b5d4
DM		 82}
83
f034b5d4
DM		 84static void xfrm_hash_transfer(struct hlist_head *list,
85 struct hlist_head *ndsttable,
86 struct hlist_head *nsrctable,
87 struct hlist_head *nspitable,
88 unsigned int nhashmask)
89{
90 struct hlist_node *entry, *tmp;
91 struct xfrm_state *x;
92
93 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
94 unsigned int h;
95
c1969f29
DM		 96 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
97 x->props.reqid, x->props.family,
98 nhashmask);
f034b5d4
DM		 99 hlist_add_head(&x->bydst, ndsttable+h);
100
667bbcb6
MN		 101 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
102 x->props.family,
f034b5d4
DM		 103 nhashmask);
104 hlist_add_head(&x->bysrc, nsrctable+h);
105
7b4dc360
MN		 106 if (x->id.spi) {
107 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
108 x->id.proto, x->props.family,
109 nhashmask);
110 hlist_add_head(&x->byspi, nspitable+h);
111 }
f034b5d4
DM		 112 }
113}
114
115static unsigned long xfrm_hash_new_size(void)
116{
117 return ((xfrm_state_hmask + 1) << 1) *
118 sizeof(struct hlist_head);
119}
120
121static DEFINE_MUTEX(hash_resize_mutex);
122
c4028958 123static void xfrm_hash_resize(struct work_struct *__unused)
f034b5d4
DM		 124{
125 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
126 unsigned long nsize, osize;
127 unsigned int nhashmask, ohashmask;
128 int i;
129
130 mutex_lock(&hash_resize_mutex);
131
132 nsize = xfrm_hash_new_size();
44e36b42 133 ndst = xfrm_hash_alloc(nsize);
f034b5d4
DM		 134 if (!ndst)
135 goto out_unlock;
44e36b42 136 nsrc = xfrm_hash_alloc(nsize);
f034b5d4 137 if (!nsrc) {
44e36b42 138 xfrm_hash_free(ndst, nsize);
f034b5d4
DM		 139 goto out_unlock;
140 }
44e36b42 141 nspi = xfrm_hash_alloc(nsize);
f034b5d4 142 if (!nspi) {
44e36b42
DM		 143 xfrm_hash_free(ndst, nsize);
144 xfrm_hash_free(nsrc, nsize);
f034b5d4
DM		 145 goto out_unlock;
146 }
147
148 spin_lock_bh(&xfrm_state_lock);
149
150 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
151 for (i = xfrm_state_hmask; i >= 0; i--)
73d189dc 152 xfrm_hash_transfer(init_net.xfrm.state_bydst+i, ndst, nsrc, nspi,
f034b5d4
DM		 153 nhashmask);
154
73d189dc 155 odst = init_net.xfrm.state_bydst;
d320bbb3 156 osrc = init_net.xfrm.state_bysrc;
f034b5d4
DM		 157 ospi = xfrm_state_byspi;
158 ohashmask = xfrm_state_hmask;
159
73d189dc 160 init_net.xfrm.state_bydst = ndst;
d320bbb3 161 init_net.xfrm.state_bysrc = nsrc;
f034b5d4
DM		 162 xfrm_state_byspi = nspi;
163 xfrm_state_hmask = nhashmask;
164
165 spin_unlock_bh(&xfrm_state_lock);
166
167 osize = (ohashmask + 1) * sizeof(struct hlist_head);
44e36b42
DM		 168 xfrm_hash_free(odst, osize);
169 xfrm_hash_free(osrc, osize);
170 xfrm_hash_free(ospi, osize);
f034b5d4
DM		 171
172out_unlock:
173 mutex_unlock(&hash_resize_mutex);
174}
175
c4028958 176static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
f034b5d4 177
1da177e4
LT		 178DECLARE_WAIT_QUEUE_HEAD(km_waitq);
179EXPORT_SYMBOL(km_waitq);
180
181static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
182static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
183
184static struct work_struct xfrm_state_gc_work;
12a169e7 185static HLIST_HEAD(xfrm_state_gc_list);
1da177e4
LT		 186static DEFINE_SPINLOCK(xfrm_state_gc_lock);
187
53bc6b4d 188int __xfrm_state_delete(struct xfrm_state *x);
1da177e4 189
980ebd25 190int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
53bc6b4d 191void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
1da177e4 192
aa5d62cc
HX		 193static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
194{
195 struct xfrm_state_afinfo *afinfo;
196 if (unlikely(family >= NPROTO))
197 return NULL;
198 write_lock_bh(&xfrm_state_afinfo_lock);
199 afinfo = xfrm_state_afinfo[family];
200 if (unlikely(!afinfo))
201 write_unlock_bh(&xfrm_state_afinfo_lock);
202 return afinfo;
203}
204
205static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 206 __releases(xfrm_state_afinfo_lock)
aa5d62cc
HX		 207{
208 write_unlock_bh(&xfrm_state_afinfo_lock);
209}
210
533cb5b0 211int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 212{
213 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 214 const struct xfrm_type **typemap;
aa5d62cc
HX		 215 int err = 0;
216
217 if (unlikely(afinfo == NULL))
218 return -EAFNOSUPPORT;
219 typemap = afinfo->type_map;
220
221 if (likely(typemap[type->proto] == NULL))
222 typemap[type->proto] = type;
223 else
224 err = -EEXIST;
225 xfrm_state_unlock_afinfo(afinfo);
226 return err;
227}
228EXPORT_SYMBOL(xfrm_register_type);
229
533cb5b0 230int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 231{
232 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 233 const struct xfrm_type **typemap;
aa5d62cc
HX		 234 int err = 0;
235
236 if (unlikely(afinfo == NULL))
237 return -EAFNOSUPPORT;
238 typemap = afinfo->type_map;
239
240 if (unlikely(typemap[type->proto] != type))
241 err = -ENOENT;
242 else
243 typemap[type->proto] = NULL;
244 xfrm_state_unlock_afinfo(afinfo);
245 return err;
246}
247EXPORT_SYMBOL(xfrm_unregister_type);
248
533cb5b0 249static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
aa5d62cc
HX		 250{
251 struct xfrm_state_afinfo *afinfo;
533cb5b0
ED		 252 const struct xfrm_type **typemap;
253 const struct xfrm_type *type;
aa5d62cc
HX		 254 int modload_attempted = 0;
255
256retry:
257 afinfo = xfrm_state_get_afinfo(family);
258 if (unlikely(afinfo == NULL))
259 return NULL;
260 typemap = afinfo->type_map;
261
262 type = typemap[proto];
263 if (unlikely(type && !try_module_get(type->owner)))
264 type = NULL;
265 if (!type && !modload_attempted) {
266 xfrm_state_put_afinfo(afinfo);
267 request_module("xfrm-type-%d-%d", family, proto);
268 modload_attempted = 1;
269 goto retry;
270 }
271
272 xfrm_state_put_afinfo(afinfo);
273 return type;
274}
275
533cb5b0 276static void xfrm_put_type(const struct xfrm_type *type)
aa5d62cc
HX		 277{
278 module_put(type->owner);
279}
280
281int xfrm_register_mode(struct xfrm_mode *mode, int family)
282{
283 struct xfrm_state_afinfo *afinfo;
284 struct xfrm_mode **modemap;
285 int err;
286
287 if (unlikely(mode->encap >= XFRM_MODE_MAX))
288 return -EINVAL;
289
290 afinfo = xfrm_state_lock_afinfo(family);
291 if (unlikely(afinfo == NULL))
292 return -EAFNOSUPPORT;
293
294 err = -EEXIST;
295 modemap = afinfo->mode_map;
17c2a42a
HX		 296 if (modemap[mode->encap])
297 goto out;
aa5d62cc 298
17c2a42a
HX		 299 err = -ENOENT;
300 if (!try_module_get(afinfo->owner))
301 goto out;
302
303 mode->afinfo = afinfo;
304 modemap[mode->encap] = mode;
305 err = 0;
306
307out:
aa5d62cc
HX		 308 xfrm_state_unlock_afinfo(afinfo);
309 return err;
310}
311EXPORT_SYMBOL(xfrm_register_mode);
312
313int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
314{
315 struct xfrm_state_afinfo *afinfo;
316 struct xfrm_mode **modemap;
317 int err;
318
319 if (unlikely(mode->encap >= XFRM_MODE_MAX))
320 return -EINVAL;
321
322 afinfo = xfrm_state_lock_afinfo(family);
323 if (unlikely(afinfo == NULL))
324 return -EAFNOSUPPORT;
325
326 err = -ENOENT;
327 modemap = afinfo->mode_map;
328 if (likely(modemap[mode->encap] == mode)) {
329 modemap[mode->encap] = NULL;
17c2a42a 330 module_put(mode->afinfo->owner);
aa5d62cc
HX		 331 err = 0;
332 }
333
334 xfrm_state_unlock_afinfo(afinfo);
335 return err;
336}
337EXPORT_SYMBOL(xfrm_unregister_mode);
338
339static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
340{
341 struct xfrm_state_afinfo *afinfo;
342 struct xfrm_mode *mode;
343 int modload_attempted = 0;
344
345 if (unlikely(encap >= XFRM_MODE_MAX))
346 return NULL;
347
348retry:
349 afinfo = xfrm_state_get_afinfo(family);
350 if (unlikely(afinfo == NULL))
351 return NULL;
352
353 mode = afinfo->mode_map[encap];
354 if (unlikely(mode && !try_module_get(mode->owner)))
355 mode = NULL;
356 if (!mode && !modload_attempted) {
357 xfrm_state_put_afinfo(afinfo);
358 request_module("xfrm-mode-%d-%d", family, encap);
359 modload_attempted = 1;
360 goto retry;
361 }
362
363 xfrm_state_put_afinfo(afinfo);
364 return mode;
365}
366
367static void xfrm_put_mode(struct xfrm_mode *mode)
368{
369 module_put(mode->owner);
370}
371
1da177e4
LT		 372static void xfrm_state_gc_destroy(struct xfrm_state *x)
373{
a47f0ce0
DM		 374 del_timer_sync(&x->timer);
375 del_timer_sync(&x->rtimer);
a51482bd
JJ		 376 kfree(x->aalg);
377 kfree(x->ealg);
378 kfree(x->calg);
379 kfree(x->encap);
060f02a3 380 kfree(x->coaddr);
13996378
HX		 381 if (x->inner_mode)
382 xfrm_put_mode(x->inner_mode);
df9dcb45
KM		 383 if (x->inner_mode_iaf)
384 xfrm_put_mode(x->inner_mode_iaf);
13996378
HX		 385 if (x->outer_mode)
386 xfrm_put_mode(x->outer_mode);
1da177e4
LT		 387 if (x->type) {
388 x->type->destructor(x);
389 xfrm_put_type(x->type);
390 }
df71837d 391 security_xfrm_state_free(x);
1da177e4
LT		 392 kfree(x);
393}
394
c4028958 395static void xfrm_state_gc_task(struct work_struct *data)
1da177e4 396{
12a169e7
HX		 397 struct xfrm_state *x;
398 struct hlist_node *entry, *tmp;
399 struct hlist_head gc_list;
1da177e4 400
1da177e4 401 spin_lock_bh(&xfrm_state_gc_lock);
12a169e7 402 hlist_move_list(&xfrm_state_gc_list, &gc_list);
1da177e4
LT		 403 spin_unlock_bh(&xfrm_state_gc_lock);
404
12a169e7 405 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
1da177e4 406 xfrm_state_gc_destroy(x);
8f126e37 407
1da177e4
LT		 408 wake_up(&km_waitq);
409}
410
411static inline unsigned long make_jiffies(long secs)
412{
413 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
414 return MAX_SCHEDULE_TIMEOUT-1;
415 else
a716c119 416 return secs*HZ;
1da177e4
LT		 417}
418
419static void xfrm_timer_handler(unsigned long data)
420{
421 struct xfrm_state *x = (struct xfrm_state*)data;
9d729f72 422 unsigned long now = get_seconds();
1da177e4
LT		 423 long next = LONG_MAX;
424 int warn = 0;
161a09e7 425 int err = 0;
1da177e4
LT		 426
427 spin_lock(&x->lock);
428 if (x->km.state == XFRM_STATE_DEAD)
429 goto out;
430 if (x->km.state == XFRM_STATE_EXPIRED)
431 goto expired;
432 if (x->lft.hard_add_expires_seconds) {
433 long tmo = x->lft.hard_add_expires_seconds +
434 x->curlft.add_time - now;
435 if (tmo <= 0)
436 goto expired;
437 if (tmo < next)
438 next = tmo;
439 }
440 if (x->lft.hard_use_expires_seconds) {
441 long tmo = x->lft.hard_use_expires_seconds +
442 (x->curlft.use_time ? : now) - now;
443 if (tmo <= 0)
444 goto expired;
445 if (tmo < next)
446 next = tmo;
447 }
448 if (x->km.dying)
449 goto resched;
450 if (x->lft.soft_add_expires_seconds) {
451 long tmo = x->lft.soft_add_expires_seconds +
452 x->curlft.add_time - now;
453 if (tmo <= 0)
454 warn = 1;
455 else if (tmo < next)
456 next = tmo;
457 }
458 if (x->lft.soft_use_expires_seconds) {
459 long tmo = x->lft.soft_use_expires_seconds +
460 (x->curlft.use_time ? : now) - now;
461 if (tmo <= 0)
462 warn = 1;
463 else if (tmo < next)
464 next = tmo;
465 }
466
4666faab 467 x->km.dying = warn;
1da177e4 468 if (warn)
53bc6b4d 469 km_state_expired(x, 0, 0);
1da177e4 470resched:
a47f0ce0
DM		 471 if (next != LONG_MAX)
472 mod_timer(&x->timer, jiffies + make_jiffies(next));
473
1da177e4
LT		 474 goto out;
475
476expired:
477 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
478 x->km.state = XFRM_STATE_EXPIRED;
479 wake_up(&km_waitq);
480 next = 2;
481 goto resched;
482 }
161a09e7
JL		 483
484 err = __xfrm_state_delete(x);
485 if (!err && x->id.spi)
53bc6b4d 486 km_state_expired(x, 1, 0);
1da177e4 487
ab5f5e8b 488 xfrm_audit_state_delete(x, err ? 0 : 1,
2532386f
EP		 489 audit_get_loginuid(current),
490 audit_get_sessionid(current), 0);
161a09e7 491
1da177e4
LT		 492out:
493 spin_unlock(&x->lock);
1da177e4
LT		 494}
495
0ac84752
DM		 496static void xfrm_replay_timer_handler(unsigned long data);
497
673c09be 498struct xfrm_state *xfrm_state_alloc(struct net *net)
1da177e4
LT		 499{
500 struct xfrm_state *x;
501
0da974f4 502 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
1da177e4
LT		 503
504 if (x) {
673c09be 505 write_pnet(&x->xs_net, net);
1da177e4
LT		 506 atomic_set(&x->refcnt, 1);
507 atomic_set(&x->tunnel_users, 0);
12a169e7 508 INIT_LIST_HEAD(&x->km.all);
8f126e37
DM		 509 INIT_HLIST_NODE(&x->bydst);
510 INIT_HLIST_NODE(&x->bysrc);
511 INIT_HLIST_NODE(&x->byspi);
b24b8a24
PE		 512 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
513 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
514 (unsigned long)x);
9d729f72 515 x->curlft.add_time = get_seconds();
1da177e4
LT		 516 x->lft.soft_byte_limit = XFRM_INF;
517 x->lft.soft_packet_limit = XFRM_INF;
518 x->lft.hard_byte_limit = XFRM_INF;
519 x->lft.hard_packet_limit = XFRM_INF;
f8cd5488
JHS		 520 x->replay_maxage = 0;
521 x->replay_maxdiff = 0;
df9dcb45
KM		 522 x->inner_mode = NULL;
523 x->inner_mode_iaf = NULL;
1da177e4
LT		 524 spin_lock_init(&x->lock);
525 }
526 return x;
527}
528EXPORT_SYMBOL(xfrm_state_alloc);
529
530void __xfrm_state_destroy(struct xfrm_state *x)
531{
547b792c 532 WARN_ON(x->km.state != XFRM_STATE_DEAD);
1da177e4
LT		 533
534 spin_lock_bh(&xfrm_state_gc_lock);
12a169e7 535 hlist_add_head(&x->gclist, &xfrm_state_gc_list);
1da177e4
LT		 536 spin_unlock_bh(&xfrm_state_gc_lock);
537 schedule_work(&xfrm_state_gc_work);
538}
539EXPORT_SYMBOL(__xfrm_state_destroy);
540
53bc6b4d 541int __xfrm_state_delete(struct xfrm_state *x)
1da177e4 542{
26b15dad
JHS		 543 int err = -ESRCH;
544
1da177e4
LT		 545 if (x->km.state != XFRM_STATE_DEAD) {
546 x->km.state = XFRM_STATE_DEAD;
547 spin_lock(&xfrm_state_lock);
12a169e7 548 list_del(&x->km.all);
8f126e37 549 hlist_del(&x->bydst);
8f126e37 550 hlist_del(&x->bysrc);
a47f0ce0 551 if (x->id.spi)
8f126e37 552 hlist_del(&x->byspi);
f034b5d4 553 xfrm_state_num--;
1da177e4 554 spin_unlock(&xfrm_state_lock);
1da177e4 555
1da177e4
LT		 556 /* All xfrm_state objects are created by xfrm_state_alloc.
557 * The xfrm_state_alloc call gives a reference, and that
558 * is what we are dropping here.
559 */
5dba4797 560 xfrm_state_put(x);
26b15dad 561 err = 0;
1da177e4 562 }
26b15dad
JHS		 563
564 return err;
1da177e4 565}
53bc6b4d 566EXPORT_SYMBOL(__xfrm_state_delete);
1da177e4 567
26b15dad 568int xfrm_state_delete(struct xfrm_state *x)
1da177e4 569{
26b15dad
JHS		 570 int err;
571
1da177e4 572 spin_lock_bh(&x->lock);
26b15dad 573 err = __xfrm_state_delete(x);
1da177e4 574 spin_unlock_bh(&x->lock);
26b15dad
JHS		 575
576 return err;
1da177e4
LT		 577}
578EXPORT_SYMBOL(xfrm_state_delete);
579
4aa2e62c
JL		 580#ifdef CONFIG_SECURITY_NETWORK_XFRM
581static inline int
582xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
1da177e4 583{
4aa2e62c
JL		 584 int i, err = 0;
585
586 for (i = 0; i <= xfrm_state_hmask; i++) {
587 struct hlist_node *entry;
588 struct xfrm_state *x;
589
73d189dc 590 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
4aa2e62c
JL		 591 if (xfrm_id_proto_match(x->id.proto, proto) &&
592 (err = security_xfrm_state_delete(x)) != 0) {
ab5f5e8b
JL		 593 xfrm_audit_state_delete(x, 0,
594 audit_info->loginuid,
2532386f 595 audit_info->sessionid,
ab5f5e8b 596 audit_info->secid);
4aa2e62c
JL		 597 return err;
598 }
599 }
600 }
601
602 return err;
603}
604#else
605static inline int
606xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
607{
608 return 0;
609}
610#endif
611
612int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
613{
614 int i, err = 0;
1da177e4
LT		 615
616 spin_lock_bh(&xfrm_state_lock);
4aa2e62c
JL		 617 err = xfrm_state_flush_secctx_check(proto, audit_info);
618 if (err)
619 goto out;
620
a9917c06 621 for (i = 0; i <= xfrm_state_hmask; i++) {
8f126e37
DM		 622 struct hlist_node *entry;
623 struct xfrm_state *x;
1da177e4 624restart:
73d189dc 625 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
1da177e4 626 if (!xfrm_state_kern(x) &&
5794708f 627 xfrm_id_proto_match(x->id.proto, proto)) {
1da177e4
LT		 628 xfrm_state_hold(x);
629 spin_unlock_bh(&xfrm_state_lock);
630
161a09e7 631 err = xfrm_state_delete(x);
ab5f5e8b
JL		 632 xfrm_audit_state_delete(x, err ? 0 : 1,
633 audit_info->loginuid,
2532386f 634 audit_info->sessionid,
ab5f5e8b 635 audit_info->secid);
1da177e4
LT		 636 xfrm_state_put(x);
637
638 spin_lock_bh(&xfrm_state_lock);
639 goto restart;
640 }
641 }
642 }
4aa2e62c
JL		 643 err = 0;
644
645out:
1da177e4
LT		 646 spin_unlock_bh(&xfrm_state_lock);
647 wake_up(&km_waitq);
4aa2e62c 648 return err;
1da177e4
LT		 649}
650EXPORT_SYMBOL(xfrm_state_flush);
651
af11e316 652void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
28d8909b
JHS		 653{
654 spin_lock_bh(&xfrm_state_lock);
655 si->sadcnt = xfrm_state_num;
656 si->sadhcnt = xfrm_state_hmask;
657 si->sadhmcnt = xfrm_state_hashmax;
658 spin_unlock_bh(&xfrm_state_lock);
659}
660EXPORT_SYMBOL(xfrm_sad_getinfo);
661
1da177e4
LT		 662static int
663xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
664 struct xfrm_tmpl *tmpl,
665 xfrm_address_t *daddr, xfrm_address_t *saddr,
666 unsigned short family)
667{
668 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
669 if (!afinfo)
670 return -1;
671 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
672 xfrm_state_put_afinfo(afinfo);
673 return 0;
674}
675
a94cfd19 676static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
edcd5821
DM		 677{
678 unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
679 struct xfrm_state *x;
8f126e37 680 struct hlist_node *entry;
edcd5821 681
8f126e37 682 hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
edcd5821
DM		 683 if (x->props.family != family ||
684 x->id.spi != spi ||
685 x->id.proto != proto)
686 continue;
687
688 switch (family) {
689 case AF_INET:
690 if (x->id.daddr.a4 != daddr->a4)
691 continue;
692 break;
693 case AF_INET6:
694 if (!ipv6_addr_equal((struct in6_addr *)daddr,
695 (struct in6_addr *)
696 x->id.daddr.a6))
697 continue;
698 break;
3ff50b79 699 }
edcd5821
DM		 700
701 xfrm_state_hold(x);
702 return x;
703 }
704
705 return NULL;
706}
707
708static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
709{
667bbcb6 710 unsigned int h = xfrm_src_hash(daddr, saddr, family);
edcd5821 711 struct xfrm_state *x;
8f126e37 712 struct hlist_node *entry;
edcd5821 713
d320bbb3 714 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
edcd5821
DM		 715 if (x->props.family != family ||
716 x->id.proto != proto)
717 continue;
718
719 switch (family) {
720 case AF_INET:
721 if (x->id.daddr.a4 != daddr->a4 ||
722 x->props.saddr.a4 != saddr->a4)
723 continue;
724 break;
725 case AF_INET6:
726 if (!ipv6_addr_equal((struct in6_addr *)daddr,
727 (struct in6_addr *)
728 x->id.daddr.a6) ||
729 !ipv6_addr_equal((struct in6_addr *)saddr,
730 (struct in6_addr *)
731 x->props.saddr.a6))
732 continue;
733 break;
3ff50b79 734 }
edcd5821
DM		 735
736 xfrm_state_hold(x);
737 return x;
738 }
739
740 return NULL;
741}
742
743static inline struct xfrm_state *
744__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
745{
746 if (use_spi)
747 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
748 x->id.proto, family);
749 else
750 return __xfrm_state_lookup_byaddr(&x->id.daddr,
751 &x->props.saddr,
752 x->id.proto, family);
753}
754
2fab22f2
PM		 755static void xfrm_hash_grow_check(int have_hash_collision)
756{
757 if (have_hash_collision &&
758 (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
759 xfrm_state_num > xfrm_state_hmask)
760 schedule_work(&xfrm_hash_work);
761}
762
1da177e4 763struct xfrm_state *
a716c119 764xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 765 struct flowi *fl, struct xfrm_tmpl *tmpl,
766 struct xfrm_policy *pol, int *err,
767 unsigned short family)
768{
4bda4f25 769 unsigned int h;
8f126e37 770 struct hlist_node *entry;
37b08e34 771 struct xfrm_state *x, *x0, *to_put;
1da177e4
LT		 772 int acquire_in_progress = 0;
773 int error = 0;
774 struct xfrm_state *best = NULL;
a716c119 775
37b08e34
DM		 776 to_put = NULL;
777
1da177e4 778 spin_lock_bh(&xfrm_state_lock);
4bda4f25 779 h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
73d189dc 780 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
1da177e4
LT		 781 if (x->props.family == family &&
782 x->props.reqid == tmpl->reqid &&
fbd9a5b4 783 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1da177e4
LT		 784 xfrm_state_addr_check(x, daddr, saddr, family) &&
785 tmpl->mode == x->props.mode &&
786 tmpl->id.proto == x->id.proto &&
787 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
788 /* Resolution logic:
789 1. There is a valid state with matching selector.
790 Done.
791 2. Valid state with inappropriate selector. Skip.
792
793 Entering area of "sysdeps".
794
795 3. If state is not valid, selector is temporary,
796 it selects only session which triggered
797 previous resolution. Key manager will do
798 something to install a state with proper
799 selector.
800 */
801 if (x->km.state == XFRM_STATE_VALID) {
df9dcb45 802 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
e0d1caa7 803 !security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 804 continue;
805 if (!best ||
806 best->km.dying > x->km.dying ||
807 (best->km.dying == x->km.dying &&
808 best->curlft.add_time < x->curlft.add_time))
809 best = x;
810 } else if (x->km.state == XFRM_STATE_ACQ) {
811 acquire_in_progress = 1;
812 } else if (x->km.state == XFRM_STATE_ERROR ||
813 x->km.state == XFRM_STATE_EXPIRED) {
48b8d783 814 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
e0d1caa7 815 security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 816 error = -ESRCH;
817 }
818 }
819 }
820
821 x = best;
822 if (!x && !error && !acquire_in_progress) {
5c5d281a 823 if (tmpl->id.spi &&
edcd5821
DM		 824 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
825 tmpl->id.proto, family)) != NULL) {
37b08e34 826 to_put = x0;
1da177e4
LT		 827 error = -EEXIST;
828 goto out;
829 }
673c09be 830 x = xfrm_state_alloc(&init_net);
1da177e4
LT		 831 if (x == NULL) {
832 error = -ENOMEM;
833 goto out;
834 }
835 /* Initialize temporary selector matching only
836 * to current session. */
837 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
838
e0d1caa7
VY		 839 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
840 if (error) {
841 x->km.state = XFRM_STATE_DEAD;
37b08e34 842 to_put = x;
e0d1caa7
VY		 843 x = NULL;
844 goto out;
845 }
846
1da177e4
LT		 847 if (km_query(x, tmpl, pol) == 0) {
848 x->km.state = XFRM_STATE_ACQ;
9d4139c7 849 list_add(&x->km.all, &init_net.xfrm.state_all);
73d189dc 850 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
667bbcb6 851 h = xfrm_src_hash(daddr, saddr, family);
d320bbb3 852 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1da177e4
LT		 853 if (x->id.spi) {
854 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
8f126e37 855 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1da177e4 856 }
01e67d08
DM		 857 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
858 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1da177e4 859 add_timer(&x->timer);
2fab22f2
PM		 860 xfrm_state_num++;
861 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 862 } else {
863 x->km.state = XFRM_STATE_DEAD;
37b08e34 864 to_put = x;
1da177e4
LT		 865 x = NULL;
866 error = -ESRCH;
867 }
868 }
869out:
870 if (x)
871 xfrm_state_hold(x);
872 else
873 *err = acquire_in_progress ? -EAGAIN : error;
874 spin_unlock_bh(&xfrm_state_lock);
37b08e34
DM		 875 if (to_put)
876 xfrm_state_put(to_put);
1da177e4
LT		 877 return x;
878}
879
628529b6
JHS		 880struct xfrm_state *
881xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
882 unsigned short family, u8 mode, u8 proto, u32 reqid)
883{
4bda4f25 884 unsigned int h;
628529b6
JHS		 885 struct xfrm_state *rx = NULL, *x = NULL;
886 struct hlist_node *entry;
887
888 spin_lock(&xfrm_state_lock);
4bda4f25 889 h = xfrm_dst_hash(daddr, saddr, reqid, family);
73d189dc 890 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
628529b6
JHS		 891 if (x->props.family == family &&
892 x->props.reqid == reqid &&
893 !(x->props.flags & XFRM_STATE_WILDRECV) &&
894 xfrm_state_addr_check(x, daddr, saddr, family) &&
895 mode == x->props.mode &&
896 proto == x->id.proto &&
897 x->km.state == XFRM_STATE_VALID) {
898 rx = x;
899 break;
900 }
901 }
902
903 if (rx)
904 xfrm_state_hold(rx);
905 spin_unlock(&xfrm_state_lock);
906
907
908 return rx;
909}
910EXPORT_SYMBOL(xfrm_stateonly_find);
911
1da177e4
LT		 912static void __xfrm_state_insert(struct xfrm_state *x)
913{
a624c108 914 unsigned int h;
1da177e4 915
9d4a706d
DM		 916 x->genid = ++xfrm_state_genid;
917
9d4139c7 918 list_add(&x->km.all, &init_net.xfrm.state_all);
4c563f76 919
c1969f29
DM		 920 h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
921 x->props.reqid, x->props.family);
73d189dc 922 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
1da177e4 923
667bbcb6 924 h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
d320bbb3 925 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1da177e4 926
7b4dc360 927 if (x->id.spi) {
6c44e6b7
MN		 928 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
929 x->props.family);
930
8f126e37 931 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
6c44e6b7
MN		 932 }
933
a47f0ce0
DM		 934 mod_timer(&x->timer, jiffies + HZ);
935 if (x->replay_maxage)
936 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
f8cd5488 937
1da177e4 938 wake_up(&km_waitq);
f034b5d4
DM		 939
940 xfrm_state_num++;
941
918049f0 942 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 943}
944
c7f5ea3a
DM		 945/* xfrm_state_lock is held */
946static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
947{
948 unsigned short family = xnew->props.family;
949 u32 reqid = xnew->props.reqid;
950 struct xfrm_state *x;
951 struct hlist_node *entry;
952 unsigned int h;
953
c1969f29 954 h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
73d189dc 955 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
c7f5ea3a
DM		 956 if (x->props.family == family &&
957 x->props.reqid == reqid &&
c1969f29
DM		 958 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
959 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
c7f5ea3a
DM		 960 x->genid = xfrm_state_genid;
961 }
962}
963
1da177e4
LT		 964void xfrm_state_insert(struct xfrm_state *x)
965{
966 spin_lock_bh(&xfrm_state_lock);
c7f5ea3a 967 __xfrm_state_bump_genids(x);
1da177e4
LT		 968 __xfrm_state_insert(x);
969 spin_unlock_bh(&xfrm_state_lock);
970}
971EXPORT_SYMBOL(xfrm_state_insert);
972
2770834c
DM		 973/* xfrm_state_lock is held */
974static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
975{
c1969f29 976 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
8f126e37 977 struct hlist_node *entry;
2770834c
DM		 978 struct xfrm_state *x;
979
73d189dc 980 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
2770834c
DM		 981 if (x->props.reqid != reqid ||
982 x->props.mode != mode ||
983 x->props.family != family ||
984 x->km.state != XFRM_STATE_ACQ ||
75e252d9
JL		 985 x->id.spi != 0 ||
986 x->id.proto != proto)
2770834c
DM		 987 continue;
988
989 switch (family) {
990 case AF_INET:
991 if (x->id.daddr.a4 != daddr->a4 ||
992 x->props.saddr.a4 != saddr->a4)
993 continue;
994 break;
995 case AF_INET6:
996 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
997 (struct in6_addr *)daddr) ||
998 !ipv6_addr_equal((struct in6_addr *)
999 x->props.saddr.a6,
1000 (struct in6_addr *)saddr))
1001 continue;
1002 break;
3ff50b79 1003 }
2770834c
DM		 1004
1005 xfrm_state_hold(x);
1006 return x;
1007 }
1008
1009 if (!create)
1010 return NULL;
1011
673c09be 1012 x = xfrm_state_alloc(&init_net);
2770834c
DM		 1013 if (likely(x)) {
1014 switch (family) {
1015 case AF_INET:
1016 x->sel.daddr.a4 = daddr->a4;
1017 x->sel.saddr.a4 = saddr->a4;
1018 x->sel.prefixlen_d = 32;
1019 x->sel.prefixlen_s = 32;
1020 x->props.saddr.a4 = saddr->a4;
1021 x->id.daddr.a4 = daddr->a4;
1022 break;
1023
1024 case AF_INET6:
1025 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1026 (struct in6_addr *)daddr);
1027 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1028 (struct in6_addr *)saddr);
1029 x->sel.prefixlen_d = 128;
1030 x->sel.prefixlen_s = 128;
1031 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1032 (struct in6_addr *)saddr);
1033 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1034 (struct in6_addr *)daddr);
1035 break;
3ff50b79 1036 }
2770834c
DM		 1037
1038 x->km.state = XFRM_STATE_ACQ;
1039 x->id.proto = proto;
1040 x->props.family = family;
1041 x->props.mode = mode;
1042 x->props.reqid = reqid;
01e67d08 1043 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
2770834c 1044 xfrm_state_hold(x);
01e67d08 1045 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
2770834c 1046 add_timer(&x->timer);
9d4139c7 1047 list_add(&x->km.all, &init_net.xfrm.state_all);
73d189dc 1048 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
667bbcb6 1049 h = xfrm_src_hash(daddr, saddr, family);
d320bbb3 1050 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
918049f0
DM		 1051
1052 xfrm_state_num++;
1053
1054 xfrm_hash_grow_check(x->bydst.next != NULL);
2770834c
DM		 1055 }
1056
1057 return x;
1058}
1059
1da177e4
LT		 1060static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1061
1062int xfrm_state_add(struct xfrm_state *x)
1063{
37b08e34 1064 struct xfrm_state *x1, *to_put;
1da177e4
LT		 1065 int family;
1066 int err;
eb2971b6 1067 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4
LT		 1068
1069 family = x->props.family;
1da177e4 1070
37b08e34
DM		 1071 to_put = NULL;
1072
1da177e4
LT		 1073 spin_lock_bh(&xfrm_state_lock);
1074
edcd5821 1075 x1 = __xfrm_state_locate(x, use_spi, family);
1da177e4 1076 if (x1) {
37b08e34 1077 to_put = x1;
1da177e4
LT		 1078 x1 = NULL;
1079 err = -EEXIST;
1080 goto out;
1081 }
1082
eb2971b6 1083 if (use_spi && x->km.seq) {
1da177e4 1084 x1 = __xfrm_find_acq_byseq(x->km.seq);
75e252d9
JL		 1085 if (x1 && ((x1->id.proto != x->id.proto) ||
1086 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
37b08e34 1087 to_put = x1;
1da177e4
LT		 1088 x1 = NULL;
1089 }
1090 }
1091
eb2971b6 1092 if (use_spi && !x1)
2770834c
DM		 1093 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1094 x->id.proto,
1095 &x->id.daddr, &x->props.saddr, 0);
1da177e4 1096
c7f5ea3a 1097 __xfrm_state_bump_genids(x);
1da177e4
LT		 1098 __xfrm_state_insert(x);
1099 err = 0;
1100
1101out:
1102 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1103
1104 if (x1) {
1105 xfrm_state_delete(x1);
1106 xfrm_state_put(x1);
1107 }
1108
37b08e34
DM		 1109 if (to_put)
1110 xfrm_state_put(to_put);
1111
1da177e4
LT		 1112 return err;
1113}
1114EXPORT_SYMBOL(xfrm_state_add);
1115
80c9abaa 1116#ifdef CONFIG_XFRM_MIGRATE
6666351d 1117static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
80c9abaa
SS		 1118{
1119 int err = -ENOMEM;
673c09be 1120 struct xfrm_state *x = xfrm_state_alloc(&init_net);
80c9abaa
SS		 1121 if (!x)
1122 goto error;
1123
1124 memcpy(&x->id, &orig->id, sizeof(x->id));
1125 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1126 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1127 x->props.mode = orig->props.mode;
1128 x->props.replay_window = orig->props.replay_window;
1129 x->props.reqid = orig->props.reqid;
1130 x->props.family = orig->props.family;
1131 x->props.saddr = orig->props.saddr;
1132
1133 if (orig->aalg) {
1134 x->aalg = xfrm_algo_clone(orig->aalg);
1135 if (!x->aalg)
1136 goto error;
1137 }
1138 x->props.aalgo = orig->props.aalgo;
1139
1140 if (orig->ealg) {
1141 x->ealg = xfrm_algo_clone(orig->ealg);
1142 if (!x->ealg)
1143 goto error;
1144 }
1145 x->props.ealgo = orig->props.ealgo;
1146
1147 if (orig->calg) {
1148 x->calg = xfrm_algo_clone(orig->calg);
1149 if (!x->calg)
1150 goto error;
1151 }
1152 x->props.calgo = orig->props.calgo;
1153
a716c119 1154 if (orig->encap) {
80c9abaa
SS		 1155 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1156 if (!x->encap)
1157 goto error;
1158 }
1159
1160 if (orig->coaddr) {
1161 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1162 GFP_KERNEL);
1163 if (!x->coaddr)
1164 goto error;
1165 }
1166
1167 err = xfrm_init_state(x);
1168 if (err)
1169 goto error;
1170
1171 x->props.flags = orig->props.flags;
1172
1173 x->curlft.add_time = orig->curlft.add_time;
1174 x->km.state = orig->km.state;
1175 x->km.seq = orig->km.seq;
1176
1177 return x;
1178
1179 error:
1180 if (errp)
1181 *errp = err;
1182 if (x) {
1183 kfree(x->aalg);
1184 kfree(x->ealg);
1185 kfree(x->calg);
1186 kfree(x->encap);
1187 kfree(x->coaddr);
1188 }
1189 kfree(x);
1190 return NULL;
1191}
80c9abaa
SS		 1192
1193/* xfrm_state_lock is held */
1194struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1195{
1196 unsigned int h;
1197 struct xfrm_state *x;
1198 struct hlist_node *entry;
1199
1200 if (m->reqid) {
1201 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1202 m->reqid, m->old_family);
73d189dc 1203 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
80c9abaa
SS		 1204 if (x->props.mode != m->mode ||
1205 x->id.proto != m->proto)
1206 continue;
1207 if (m->reqid && x->props.reqid != m->reqid)
1208 continue;
1209 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1210 m->old_family) ||
1211 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1212 m->old_family))
1213 continue;
1214 xfrm_state_hold(x);
1215 return x;
1216 }
1217 } else {
1218 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1219 m->old_family);
d320bbb3 1220 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
80c9abaa
SS		 1221 if (x->props.mode != m->mode ||
1222 x->id.proto != m->proto)
1223 continue;
1224 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1225 m->old_family) ||
1226 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1227 m->old_family))
1228 continue;
1229 xfrm_state_hold(x);
1230 return x;
1231 }
1232 }
1233
a716c119 1234 return NULL;
80c9abaa
SS		 1235}
1236EXPORT_SYMBOL(xfrm_migrate_state_find);
1237
1238struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1239 struct xfrm_migrate *m)
1240{
1241 struct xfrm_state *xc;
1242 int err;
1243
1244 xc = xfrm_state_clone(x, &err);
1245 if (!xc)
1246 return NULL;
1247
1248 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1249 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1250
1251 /* add state */
1252 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1253 /* a care is needed when the destination address of the
1254 state is to be updated as it is a part of triplet */
1255 xfrm_state_insert(xc);
1256 } else {
1257 if ((err = xfrm_state_add(xc)) < 0)
1258 goto error;
1259 }
1260
1261 return xc;
1262error:
1263 kfree(xc);
1264 return NULL;
1265}
1266EXPORT_SYMBOL(xfrm_state_migrate);
1267#endif
1268
1da177e4
LT		 1269int xfrm_state_update(struct xfrm_state *x)
1270{
37b08e34 1271 struct xfrm_state *x1, *to_put;
1da177e4 1272 int err;
eb2971b6 1273 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4 1274
37b08e34
DM		 1275 to_put = NULL;
1276
1da177e4 1277 spin_lock_bh(&xfrm_state_lock);
edcd5821 1278 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1da177e4
LT		 1279
1280 err = -ESRCH;
1281 if (!x1)
1282 goto out;
1283
1284 if (xfrm_state_kern(x1)) {
37b08e34 1285 to_put = x1;
1da177e4
LT		 1286 err = -EEXIST;
1287 goto out;
1288 }
1289
1290 if (x1->km.state == XFRM_STATE_ACQ) {
1291 __xfrm_state_insert(x);
1292 x = NULL;
1293 }
1294 err = 0;
1295
1296out:
1297 spin_unlock_bh(&xfrm_state_lock);
1da177e4 1298
37b08e34
DM		 1299 if (to_put)
1300 xfrm_state_put(to_put);
1301
1da177e4
LT		 1302 if (err)
1303 return err;
1304
1305 if (!x) {
1306 xfrm_state_delete(x1);
1307 xfrm_state_put(x1);
1308 return 0;
1309 }
1310
1311 err = -EINVAL;
1312 spin_lock_bh(&x1->lock);
1313 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1314 if (x->encap && x1->encap)
1315 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
060f02a3
NT		 1316 if (x->coaddr && x1->coaddr) {
1317 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1318 }
1319 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1320 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1da177e4
LT		 1321 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1322 x1->km.dying = 0;
1323
a47f0ce0 1324 mod_timer(&x1->timer, jiffies + HZ);
1da177e4
LT		 1325 if (x1->curlft.use_time)
1326 xfrm_state_check_expire(x1);
1327
1328 err = 0;
1329 }
1330 spin_unlock_bh(&x1->lock);
1331
1332 xfrm_state_put(x1);
1333
1334 return err;
1335}
1336EXPORT_SYMBOL(xfrm_state_update);
1337
1338int xfrm_state_check_expire(struct xfrm_state *x)
1339{
1340 if (!x->curlft.use_time)
9d729f72 1341 x->curlft.use_time = get_seconds();
1da177e4
LT		 1342
1343 if (x->km.state != XFRM_STATE_VALID)
1344 return -EINVAL;
1345
1346 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1347 x->curlft.packets >= x->lft.hard_packet_limit) {
4666faab 1348 x->km.state = XFRM_STATE_EXPIRED;
a47f0ce0 1349 mod_timer(&x->timer, jiffies);
1da177e4
LT		 1350 return -EINVAL;
1351 }
1352
1353 if (!x->km.dying &&
1354 (x->curlft.bytes >= x->lft.soft_byte_limit ||
4666faab
HX		 1355 x->curlft.packets >= x->lft.soft_packet_limit)) {
1356 x->km.dying = 1;
53bc6b4d 1357 km_state_expired(x, 0, 0);
4666faab 1358 }
1da177e4
LT		 1359 return 0;
1360}
1361EXPORT_SYMBOL(xfrm_state_check_expire);
1362
1da177e4 1363struct xfrm_state *
a94cfd19 1364xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1da177e4
LT		 1365 unsigned short family)
1366{
1367 struct xfrm_state *x;
1da177e4
LT		 1368
1369 spin_lock_bh(&xfrm_state_lock);
edcd5821 1370 x = __xfrm_state_lookup(daddr, spi, proto, family);
1da177e4 1371 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1372 return x;
1373}
1374EXPORT_SYMBOL(xfrm_state_lookup);
1375
1376struct xfrm_state *
eb2971b6
MN		 1377xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1378 u8 proto, unsigned short family)
1379{
1380 struct xfrm_state *x;
eb2971b6
MN		 1381
1382 spin_lock_bh(&xfrm_state_lock);
edcd5821 1383 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
eb2971b6 1384 spin_unlock_bh(&xfrm_state_lock);
eb2971b6
MN		 1385 return x;
1386}
1387EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1388
1389struct xfrm_state *
a716c119
YH		 1390xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1391 xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 1392 int create, unsigned short family)
1393{
1394 struct xfrm_state *x;
1da177e4
LT		 1395
1396 spin_lock_bh(&xfrm_state_lock);
2770834c 1397 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1da177e4 1398 spin_unlock_bh(&xfrm_state_lock);
2770834c 1399
1da177e4
LT		 1400 return x;
1401}
1402EXPORT_SYMBOL(xfrm_find_acq);
1403
41a49cc3
MN		 1404#ifdef CONFIG_XFRM_SUB_POLICY
1405int
1406xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1407 unsigned short family)
1408{
1409 int err = 0;
1410 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1411 if (!afinfo)
1412 return -EAFNOSUPPORT;
1413
1414 spin_lock_bh(&xfrm_state_lock);
1415 if (afinfo->tmpl_sort)
1416 err = afinfo->tmpl_sort(dst, src, n);
1417 spin_unlock_bh(&xfrm_state_lock);
1418 xfrm_state_put_afinfo(afinfo);
1419 return err;
1420}
1421EXPORT_SYMBOL(xfrm_tmpl_sort);
1422
1423int
1424xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1425 unsigned short family)
1426{
1427 int err = 0;
1428 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1429 if (!afinfo)
1430 return -EAFNOSUPPORT;
1431
1432 spin_lock_bh(&xfrm_state_lock);
1433 if (afinfo->state_sort)
1434 err = afinfo->state_sort(dst, src, n);
1435 spin_unlock_bh(&xfrm_state_lock);
1436 xfrm_state_put_afinfo(afinfo);
1437 return err;
1438}
1439EXPORT_SYMBOL(xfrm_state_sort);
1440#endif
1441
1da177e4
LT		 1442/* Silly enough, but I'm lazy to build resolution list */
1443
1444static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1445{
1446 int i;
1da177e4 1447
f034b5d4 1448 for (i = 0; i <= xfrm_state_hmask; i++) {
8f126e37
DM		 1449 struct hlist_node *entry;
1450 struct xfrm_state *x;
1451
73d189dc 1452 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
8f126e37
DM		 1453 if (x->km.seq == seq &&
1454 x->km.state == XFRM_STATE_ACQ) {
1da177e4
LT		 1455 xfrm_state_hold(x);
1456 return x;
1457 }
1458 }
1459 }
1460 return NULL;
1461}
1462
1463struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1464{
1465 struct xfrm_state *x;
1466
1467 spin_lock_bh(&xfrm_state_lock);
1468 x = __xfrm_find_acq_byseq(seq);
1469 spin_unlock_bh(&xfrm_state_lock);
1470 return x;
1471}
1472EXPORT_SYMBOL(xfrm_find_acq_byseq);
1473
1474u32 xfrm_get_acqseq(void)
1475{
1476 u32 res;
1477 static u32 acqseq;
1478 static DEFINE_SPINLOCK(acqseq_lock);
1479
1480 spin_lock_bh(&acqseq_lock);
1481 res = (++acqseq ? : ++acqseq);
1482 spin_unlock_bh(&acqseq_lock);
1483 return res;
1484}
1485EXPORT_SYMBOL(xfrm_get_acqseq);
1486
658b219e 1487int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1da177e4 1488{
f034b5d4 1489 unsigned int h;
1da177e4 1490 struct xfrm_state *x0;
658b219e
HX		 1491 int err = -ENOENT;
1492 __be32 minspi = htonl(low);
1493 __be32 maxspi = htonl(high);
1da177e4 1494
658b219e
HX		 1495 spin_lock_bh(&x->lock);
1496 if (x->km.state == XFRM_STATE_DEAD)
1497 goto unlock;
1498
1499 err = 0;
1da177e4 1500 if (x->id.spi)
658b219e
HX		 1501 goto unlock;
1502
1503 err = -ENOENT;
1da177e4
LT		 1504
1505 if (minspi == maxspi) {
1506 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1507 if (x0) {
1508 xfrm_state_put(x0);
658b219e 1509 goto unlock;
1da177e4
LT		 1510 }
1511 x->id.spi = minspi;
1512 } else {
1513 u32 spi = 0;
26977b4e
AV		 1514 for (h=0; h<high-low+1; h++) {
1515 spi = low + net_random()%(high-low+1);
1da177e4
LT		 1516 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1517 if (x0 == NULL) {
1518 x->id.spi = htonl(spi);
1519 break;
1520 }
1521 xfrm_state_put(x0);
1522 }
1523 }
1524 if (x->id.spi) {
1525 spin_lock_bh(&xfrm_state_lock);
1526 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
8f126e37 1527 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1da177e4 1528 spin_unlock_bh(&xfrm_state_lock);
658b219e
HX		 1529
1530 err = 0;
1da177e4 1531 }
658b219e
HX		 1532
1533unlock:
1534 spin_unlock_bh(&x->lock);
1535
1536 return err;
1da177e4
LT		 1537}
1538EXPORT_SYMBOL(xfrm_alloc_spi);
1539
4c563f76
TT		 1540int xfrm_state_walk(struct xfrm_state_walk *walk,
1541 int (*func)(struct xfrm_state *, int, void*),
1da177e4
LT		 1542 void *data)
1543{
12a169e7
HX		 1544 struct xfrm_state *state;
1545 struct xfrm_state_walk *x;
1da177e4
LT		 1546 int err = 0;
1547
12a169e7 1548 if (walk->seq != 0 && list_empty(&walk->all))
4c563f76
TT		 1549 return 0;
1550
1da177e4 1551 spin_lock_bh(&xfrm_state_lock);
12a169e7 1552 if (list_empty(&walk->all))
9d4139c7 1553 x = list_first_entry(&init_net.xfrm.state_all, struct xfrm_state_walk, all);
12a169e7
HX		 1554 else
1555 x = list_entry(&walk->all, struct xfrm_state_walk, all);
9d4139c7 1556 list_for_each_entry_from(x, &init_net.xfrm.state_all, all) {
12a169e7 1557 if (x->state == XFRM_STATE_DEAD)
4c563f76 1558 continue;
12a169e7
HX		 1559 state = container_of(x, struct xfrm_state, km);
1560 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
4c563f76 1561 continue;
12a169e7
HX		 1562 err = func(state, walk->seq, data);
1563 if (err) {
1564 list_move_tail(&walk->all, &x->all);
1565 goto out;
1da177e4 1566 }
12a169e7 1567 walk->seq++;
1da177e4 1568 }
12a169e7 1569 if (walk->seq == 0) {
1da177e4
LT		 1570 err = -ENOENT;
1571 goto out;
1572 }
12a169e7 1573 list_del_init(&walk->all);
1da177e4
LT		 1574out:
1575 spin_unlock_bh(&xfrm_state_lock);
1576 return err;
1577}
1578EXPORT_SYMBOL(xfrm_state_walk);
1579
5c182458
HX		 1580void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1581{
12a169e7 1582 INIT_LIST_HEAD(&walk->all);
5c182458 1583 walk->proto = proto;
12a169e7
HX		 1584 walk->state = XFRM_STATE_DEAD;
1585 walk->seq = 0;
5c182458
HX		 1586}
1587EXPORT_SYMBOL(xfrm_state_walk_init);
1588
abb81c4f
HX		 1589void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1590{
12a169e7 1591 if (list_empty(&walk->all))
5c182458 1592 return;
5c182458 1593
12a169e7
HX		 1594 spin_lock_bh(&xfrm_state_lock);
1595 list_del(&walk->all);
1596 spin_lock_bh(&xfrm_state_lock);
abb81c4f
HX		 1597}
1598EXPORT_SYMBOL(xfrm_state_walk_done);
1599
f8cd5488
JHS		 1600
1601void xfrm_replay_notify(struct xfrm_state *x, int event)
1602{
1603 struct km_event c;
1604 /* we send notify messages in case
1605 * 1. we updated on of the sequence numbers, and the seqno difference
1606 * is at least x->replay_maxdiff, in this case we also update the
1607 * timeout of our timer function
1608 * 2. if x->replay_maxage has elapsed since last update,
1609 * and there were changes
1610 *
1611 * The state structure must be locked!
1612 */
1613
1614 switch (event) {
1615 case XFRM_REPLAY_UPDATE:
1616 if (x->replay_maxdiff &&
1617 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
2717096a
JHS		 1618 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1619 if (x->xflags & XFRM_TIME_DEFER)
1620 event = XFRM_REPLAY_TIMEOUT;
1621 else
1622 return;
1623 }
f8cd5488
JHS		 1624
1625 break;
1626
1627 case XFRM_REPLAY_TIMEOUT:
1628 if ((x->replay.seq == x->preplay.seq) &&
1629 (x->replay.bitmap == x->preplay.bitmap) &&
2717096a
JHS		 1630 (x->replay.oseq == x->preplay.oseq)) {
1631 x->xflags |= XFRM_TIME_DEFER;
f8cd5488 1632 return;
2717096a 1633 }
f8cd5488
JHS		 1634
1635 break;
1636 }
1637
1638 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1639 c.event = XFRM_MSG_NEWAE;
1640 c.data.aevent = event;
1641 km_state_notify(x, &c);
1642
f8cd5488 1643 if (x->replay_maxage &&
a47f0ce0 1644 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
2717096a 1645 x->xflags &= ~XFRM_TIME_DEFER;
f8cd5488
JHS		 1646}
1647
1648static void xfrm_replay_timer_handler(unsigned long data)
1649{
1650 struct xfrm_state *x = (struct xfrm_state*)data;
1651
1652 spin_lock(&x->lock);
1653
2717096a
JHS		 1654 if (x->km.state == XFRM_STATE_VALID) {
1655 if (xfrm_aevent_is_on())
1656 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1657 else
1658 x->xflags |= XFRM_TIME_DEFER;
1659 }
f8cd5488
JHS		 1660
1661 spin_unlock(&x->lock);
1662}
1663
afeb14b4
PM		 1664int xfrm_replay_check(struct xfrm_state *x,
1665 struct sk_buff *skb, __be32 net_seq)
1da177e4
LT		 1666{
1667 u32 diff;
a252cc23 1668 u32 seq = ntohl(net_seq);
1da177e4
LT		 1669
1670 if (unlikely(seq == 0))
afeb14b4 1671 goto err;
1da177e4
LT		 1672
1673 if (likely(seq > x->replay.seq))
1674 return 0;
1675
1676 diff = x->replay.seq - seq;
4c4d51a7
HX		 1677 if (diff >= min_t(unsigned int, x->props.replay_window,
1678 sizeof(x->replay.bitmap) * 8)) {
1da177e4 1679 x->stats.replay_window++;
afeb14b4 1680 goto err;
1da177e4
LT		 1681 }
1682
1683 if (x->replay.bitmap & (1U << diff)) {
1684 x->stats.replay++;
afeb14b4 1685 goto err;
1da177e4
LT		 1686 }
1687 return 0;
afeb14b4
PM		 1688
1689err:
1690 xfrm_audit_state_replay(x, skb, net_seq);
1691 return -EINVAL;
1da177e4 1692}
1da177e4 1693
61f4627b 1694void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1da177e4
LT		 1695{
1696 u32 diff;
61f4627b 1697 u32 seq = ntohl(net_seq);
1da177e4
LT		 1698
1699 if (seq > x->replay.seq) {
1700 diff = seq - x->replay.seq;
1701 if (diff < x->props.replay_window)
1702 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1703 else
1704 x->replay.bitmap = 1;
1705 x->replay.seq = seq;
1706 } else {
1707 diff = x->replay.seq - seq;
1708 x->replay.bitmap |= (1U << diff);
1709 }
f8cd5488
JHS		 1710
1711 if (xfrm_aevent_is_on())
1712 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1da177e4 1713}
1da177e4 1714
df01812e 1715static LIST_HEAD(xfrm_km_list);
1da177e4
LT		 1716static DEFINE_RWLOCK(xfrm_km_lock);
1717
26b15dad 1718void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1da177e4
LT		 1719{
1720 struct xfrm_mgr *km;
1721
26b15dad
JHS		 1722 read_lock(&xfrm_km_lock);
1723 list_for_each_entry(km, &xfrm_km_list, list)
1724 if (km->notify_policy)
1725 km->notify_policy(xp, dir, c);
1726 read_unlock(&xfrm_km_lock);
1727}
1da177e4 1728
26b15dad
JHS		 1729void km_state_notify(struct xfrm_state *x, struct km_event *c)
1730{
1731 struct xfrm_mgr *km;
1da177e4
LT		 1732 read_lock(&xfrm_km_lock);
1733 list_for_each_entry(km, &xfrm_km_list, list)
26b15dad
JHS		 1734 if (km->notify)
1735 km->notify(x, c);
1da177e4 1736 read_unlock(&xfrm_km_lock);
26b15dad
JHS		 1737}
1738
1739EXPORT_SYMBOL(km_policy_notify);
1740EXPORT_SYMBOL(km_state_notify);
1741
53bc6b4d 1742void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
26b15dad
JHS		 1743{
1744 struct km_event c;
1745
bf08867f 1746 c.data.hard = hard;
53bc6b4d 1747 c.pid = pid;
f60f6b8f 1748 c.event = XFRM_MSG_EXPIRE;
26b15dad 1749 km_state_notify(x, &c);
1da177e4
LT		 1750
1751 if (hard)
1752 wake_up(&km_waitq);
1753}
1754
53bc6b4d 1755EXPORT_SYMBOL(km_state_expired);
26b15dad
JHS		 1756/*
1757 * We send to all registered managers regardless of failure
1758 * We are happy with one success
1759*/
980ebd25 1760int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1da177e4 1761{
26b15dad 1762 int err = -EINVAL, acqret;
1da177e4
LT		 1763 struct xfrm_mgr *km;
1764
1765 read_lock(&xfrm_km_lock);
1766 list_for_each_entry(km, &xfrm_km_list, list) {
26b15dad
JHS		 1767 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1768 if (!acqret)
1769 err = acqret;
1da177e4
LT		 1770 }
1771 read_unlock(&xfrm_km_lock);
1772 return err;
1773}
980ebd25 1774EXPORT_SYMBOL(km_query);
1da177e4 1775
5d36b180 1776int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1da177e4
LT		 1777{
1778 int err = -EINVAL;
1779 struct xfrm_mgr *km;
1780
1781 read_lock(&xfrm_km_lock);
1782 list_for_each_entry(km, &xfrm_km_list, list) {
1783 if (km->new_mapping)
1784 err = km->new_mapping(x, ipaddr, sport);
1785 if (!err)
1786 break;
1787 }
1788 read_unlock(&xfrm_km_lock);
1789 return err;
1790}
1791EXPORT_SYMBOL(km_new_mapping);
1792
6c5c8ca7 1793void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1da177e4 1794{
26b15dad 1795 struct km_event c;
1da177e4 1796
bf08867f 1797 c.data.hard = hard;
6c5c8ca7 1798 c.pid = pid;
f60f6b8f 1799 c.event = XFRM_MSG_POLEXPIRE;
26b15dad 1800 km_policy_notify(pol, dir, &c);
1da177e4
LT		 1801
1802 if (hard)
1803 wake_up(&km_waitq);
1804}
a70fcb0b 1805EXPORT_SYMBOL(km_policy_expired);
1da177e4 1806
2d60abc2 1807#ifdef CONFIG_XFRM_MIGRATE
80c9abaa 1808int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
13c1d189
AE		 1809 struct xfrm_migrate *m, int num_migrate,
1810 struct xfrm_kmaddress *k)
80c9abaa
SS		 1811{
1812 int err = -EINVAL;
1813 int ret;
1814 struct xfrm_mgr *km;
1815
1816 read_lock(&xfrm_km_lock);
1817 list_for_each_entry(km, &xfrm_km_list, list) {
1818 if (km->migrate) {
13c1d189 1819 ret = km->migrate(sel, dir, type, m, num_migrate, k);
80c9abaa
SS		 1820 if (!ret)
1821 err = ret;
1822 }
1823 }
1824 read_unlock(&xfrm_km_lock);
1825 return err;
1826}
1827EXPORT_SYMBOL(km_migrate);
2d60abc2 1828#endif
80c9abaa 1829
97a64b45
MN		 1830int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1831{
1832 int err = -EINVAL;
1833 int ret;
1834 struct xfrm_mgr *km;
1835
1836 read_lock(&xfrm_km_lock);
1837 list_for_each_entry(km, &xfrm_km_list, list) {
1838 if (km->report) {
1839 ret = km->report(proto, sel, addr);
1840 if (!ret)
1841 err = ret;
1842 }
1843 }
1844 read_unlock(&xfrm_km_lock);
1845 return err;
1846}
1847EXPORT_SYMBOL(km_report);
1848
1da177e4
LT		 1849int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1850{
1851 int err;
1852 u8 *data;
1853 struct xfrm_mgr *km;
1854 struct xfrm_policy *pol = NULL;
1855
1856 if (optlen <= 0 || optlen > PAGE_SIZE)
1857 return -EMSGSIZE;
1858
1859 data = kmalloc(optlen, GFP_KERNEL);
1860 if (!data)
1861 return -ENOMEM;
1862
1863 err = -EFAULT;
1864 if (copy_from_user(data, optval, optlen))
1865 goto out;
1866
1867 err = -EINVAL;
1868 read_lock(&xfrm_km_lock);
1869 list_for_each_entry(km, &xfrm_km_list, list) {
cb969f07 1870 pol = km->compile_policy(sk, optname, data,
1da177e4
LT		 1871 optlen, &err);
1872 if (err >= 0)
1873 break;
1874 }
1875 read_unlock(&xfrm_km_lock);
1876
1877 if (err >= 0) {
1878 xfrm_sk_policy_insert(sk, err, pol);
1879 xfrm_pol_put(pol);
1880 err = 0;
1881 }
1882
1883out:
1884 kfree(data);
1885 return err;
1886}
1887EXPORT_SYMBOL(xfrm_user_policy);
1888
1889int xfrm_register_km(struct xfrm_mgr *km)
1890{
1891 write_lock_bh(&xfrm_km_lock);
1892 list_add_tail(&km->list, &xfrm_km_list);
1893 write_unlock_bh(&xfrm_km_lock);
1894 return 0;
1895}
1896EXPORT_SYMBOL(xfrm_register_km);
1897
1898int xfrm_unregister_km(struct xfrm_mgr *km)
1899{
1900 write_lock_bh(&xfrm_km_lock);
1901 list_del(&km->list);
1902 write_unlock_bh(&xfrm_km_lock);
1903 return 0;
1904}
1905EXPORT_SYMBOL(xfrm_unregister_km);
1906
1907int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1908{
1909 int err = 0;
1910 if (unlikely(afinfo == NULL))
1911 return -EINVAL;
1912 if (unlikely(afinfo->family >= NPROTO))
1913 return -EAFNOSUPPORT;
f3111502 1914 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1915 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1916 err = -ENOBUFS;
edcd5821 1917 else
1da177e4 1918 xfrm_state_afinfo[afinfo->family] = afinfo;
f3111502 1919 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1920 return err;
1921}
1922EXPORT_SYMBOL(xfrm_state_register_afinfo);
1923
1924int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1925{
1926 int err = 0;
1927 if (unlikely(afinfo == NULL))
1928 return -EINVAL;
1929 if (unlikely(afinfo->family >= NPROTO))
1930 return -EAFNOSUPPORT;
f3111502 1931 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1932 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1933 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1934 err = -EINVAL;
edcd5821 1935 else
1da177e4 1936 xfrm_state_afinfo[afinfo->family] = NULL;
1da177e4 1937 }
f3111502 1938 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1939 return err;
1940}
1941EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1942
17c2a42a 1943static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1da177e4
LT		 1944{
1945 struct xfrm_state_afinfo *afinfo;
1946 if (unlikely(family >= NPROTO))
1947 return NULL;
1948 read_lock(&xfrm_state_afinfo_lock);
1949 afinfo = xfrm_state_afinfo[family];
546be240
HX		 1950 if (unlikely(!afinfo))
1951 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1952 return afinfo;
1953}
1954
17c2a42a 1955static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 1956 __releases(xfrm_state_afinfo_lock)
1da177e4 1957{
546be240 1958 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1959}
1960
1961/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1962void xfrm_state_delete_tunnel(struct xfrm_state *x)
1963{
1964 if (x->tunnel) {
1965 struct xfrm_state *t = x->tunnel;
1966
1967 if (atomic_read(&t->tunnel_users) == 2)
1968 xfrm_state_delete(t);
1969 atomic_dec(&t->tunnel_users);
1970 xfrm_state_put(t);
1971 x->tunnel = NULL;
1972 }
1973}
1974EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1975
1976int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1977{
c5c25238 1978 int res;
1da177e4 1979
c5c25238
PM		 1980 spin_lock_bh(&x->lock);
1981 if (x->km.state == XFRM_STATE_VALID &&
1982 x->type && x->type->get_mtu)
1983 res = x->type->get_mtu(x, mtu);
1984 else
28121617 1985 res = mtu - x->props.header_len;
c5c25238 1986 spin_unlock_bh(&x->lock);
1da177e4
LT		 1987 return res;
1988}
1989
72cb6962
HX		 1990int xfrm_init_state(struct xfrm_state *x)
1991{
d094cd83 1992 struct xfrm_state_afinfo *afinfo;
df9dcb45 1993 struct xfrm_mode *inner_mode;
d094cd83 1994 int family = x->props.family;
72cb6962
HX		 1995 int err;
1996
d094cd83
HX		 1997 err = -EAFNOSUPPORT;
1998 afinfo = xfrm_state_get_afinfo(family);
1999 if (!afinfo)
2000 goto error;
2001
2002 err = 0;
2003 if (afinfo->init_flags)
2004 err = afinfo->init_flags(x);
2005
2006 xfrm_state_put_afinfo(afinfo);
2007
2008 if (err)
2009 goto error;
2010
2011 err = -EPROTONOSUPPORT;
13996378 2012
df9dcb45
KM		 2013 if (x->sel.family != AF_UNSPEC) {
2014 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2015 if (inner_mode == NULL)
2016 goto error;
2017
2018 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2019 family != x->sel.family) {
2020 xfrm_put_mode(inner_mode);
2021 goto error;
2022 }
2023
2024 x->inner_mode = inner_mode;
2025 } else {
2026 struct xfrm_mode *inner_mode_iaf;
2027
2028 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2029 if (inner_mode == NULL)
2030 goto error;
2031
2032 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2033 xfrm_put_mode(inner_mode);
2034 goto error;
2035 }
2036
2037 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2038 if (inner_mode_iaf == NULL)
2039 goto error;
2040
2041 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2042 xfrm_put_mode(inner_mode_iaf);
2043 goto error;
2044 }
2045
2046 if (x->props.family == AF_INET) {
2047 x->inner_mode = inner_mode;
2048 x->inner_mode_iaf = inner_mode_iaf;
2049 } else {
2050 x->inner_mode = inner_mode_iaf;
2051 x->inner_mode_iaf = inner_mode;
2052 }
2053 }
13996378 2054
d094cd83 2055 x->type = xfrm_get_type(x->id.proto, family);
72cb6962
HX		 2056 if (x->type == NULL)
2057 goto error;
2058
2059 err = x->type->init_state(x);
2060 if (err)
2061 goto error;
2062
13996378
HX		 2063 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2064 if (x->outer_mode == NULL)
b59f45d0
HX		 2065 goto error;
2066
72cb6962
HX		 2067 x->km.state = XFRM_STATE_VALID;
2068
2069error:
2070 return err;
2071}
2072
2073EXPORT_SYMBOL(xfrm_init_state);
a716c119 2074
d62ddc21 2075int __net_init xfrm_state_init(struct net *net)
1da177e4 2076{
f034b5d4
DM		 2077 unsigned int sz;
2078
9d4139c7
AD		 2079 INIT_LIST_HEAD(&net->xfrm.state_all);
2080
f034b5d4
DM		 2081 sz = sizeof(struct hlist_head) * 8;
2082
73d189dc
AD		 2083 net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2084 if (!net->xfrm.state_bydst)
2085 goto out_bydst;
d320bbb3
AD		 2086 net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2087 if (!net->xfrm.state_bysrc)
2088 goto out_bysrc;
44e36b42 2089 xfrm_state_byspi = xfrm_hash_alloc(sz);
f034b5d4 2090 xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1da177e4 2091
c4028958 2092 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
d62ddc21 2093 return 0;
73d189dc 2094
d320bbb3
AD		 2095out_bysrc:
2096 xfrm_hash_free(net->xfrm.state_bydst, sz);
73d189dc
AD		 2097out_bydst:
2098 return -ENOMEM;
d62ddc21
AD		 2099}
2100
2101void xfrm_state_fini(struct net *net)
2102{
73d189dc
AD		 2103 unsigned int sz;
2104
9d4139c7 2105 WARN_ON(!list_empty(&net->xfrm.state_all));
73d189dc
AD		 2106
2107 sz = (xfrm_state_hmask + 1) * sizeof(struct hlist_head);
d320bbb3
AD		 2108 WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2109 xfrm_hash_free(net->xfrm.state_bysrc, sz);
73d189dc
AD		 2110 WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2111 xfrm_hash_free(net->xfrm.state_bydst, sz);
1da177e4
LT		 2112}
2113
ab5f5e8b 2114#ifdef CONFIG_AUDITSYSCALL
cf35f43e
IJ		 2115static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2116 struct audit_buffer *audit_buf)
ab5f5e8b 2117{
68277acc
PM		 2118 struct xfrm_sec_ctx *ctx = x->security;
2119 u32 spi = ntohl(x->id.spi);
2120
2121 if (ctx)
ab5f5e8b 2122 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
68277acc 2123 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
ab5f5e8b
JL		 2124
2125 switch(x->props.family) {
2126 case AF_INET:
21454aaa
HH		 2127 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2128 &x->props.saddr.a4, &x->id.daddr.a4);
ab5f5e8b
JL		 2129 break;
2130 case AF_INET6:
5b095d98 2131 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
fdb46ee7 2132 x->props.saddr.a6, x->id.daddr.a6);
ab5f5e8b
JL		 2133 break;
2134 }
68277acc
PM		 2135
2136 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
ab5f5e8b
JL		 2137}
2138
cf35f43e
IJ		 2139static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2140 struct audit_buffer *audit_buf)
afeb14b4
PM		 2141{
2142 struct iphdr *iph4;
2143 struct ipv6hdr *iph6;
2144
2145 switch (family) {
2146 case AF_INET:
2147 iph4 = ip_hdr(skb);
21454aaa
HH		 2148 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2149 &iph4->saddr, &iph4->daddr);
afeb14b4
PM		 2150 break;
2151 case AF_INET6:
2152 iph6 = ipv6_hdr(skb);
2153 audit_log_format(audit_buf,
5b095d98 2154 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
fdb46ee7 2155 &iph6->saddr,&iph6->daddr,
afeb14b4
PM		 2156 iph6->flow_lbl[0] & 0x0f,
2157 iph6->flow_lbl[1],
2158 iph6->flow_lbl[2]);
2159 break;
2160 }
2161}
2162
68277acc 2163void xfrm_audit_state_add(struct xfrm_state *x, int result,
2532386f 2164 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2165{
2166 struct audit_buffer *audit_buf;
ab5f5e8b 2167
afeb14b4 2168 audit_buf = xfrm_audit_start("SAD-add");
ab5f5e8b
JL		 2169 if (audit_buf == NULL)
2170 return;
2532386f 2171 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2172 xfrm_audit_helper_sainfo(x, audit_buf);
2173 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2174 audit_log_end(audit_buf);
2175}
2176EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2177
68277acc 2178void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2532386f 2179 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2180{
2181 struct audit_buffer *audit_buf;
ab5f5e8b 2182
afeb14b4 2183 audit_buf = xfrm_audit_start("SAD-delete");
ab5f5e8b
JL		 2184 if (audit_buf == NULL)
2185 return;
2532386f 2186 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2187 xfrm_audit_helper_sainfo(x, audit_buf);
2188 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2189 audit_log_end(audit_buf);
2190}
2191EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
afeb14b4
PM		 2192
2193void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2194 struct sk_buff *skb)
2195{
2196 struct audit_buffer *audit_buf;
2197 u32 spi;
2198
2199 audit_buf = xfrm_audit_start("SA-replay-overflow");
2200 if (audit_buf == NULL)
2201 return;
2202 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2203 /* don't record the sequence number because it's inherent in this kind
2204 * of audit message */
2205 spi = ntohl(x->id.spi);
2206 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2207 audit_log_end(audit_buf);
2208}
2209EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2210
2211static void xfrm_audit_state_replay(struct xfrm_state *x,
2212 struct sk_buff *skb, __be32 net_seq)
2213{
2214 struct audit_buffer *audit_buf;
2215 u32 spi;
2216
2217 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2218 if (audit_buf == NULL)
2219 return;
2220 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2221 spi = ntohl(x->id.spi);
2222 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2223 spi, spi, ntohl(net_seq));
2224 audit_log_end(audit_buf);
2225}
2226
2227void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2228{
2229 struct audit_buffer *audit_buf;
2230
2231 audit_buf = xfrm_audit_start("SA-notfound");
2232 if (audit_buf == NULL)
2233 return;
2234 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2235 audit_log_end(audit_buf);
2236}
2237EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2238
2239void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2240 __be32 net_spi, __be32 net_seq)
2241{
2242 struct audit_buffer *audit_buf;
2243 u32 spi;
2244
2245 audit_buf = xfrm_audit_start("SA-notfound");
2246 if (audit_buf == NULL)
2247 return;
2248 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2249 spi = ntohl(net_spi);
2250 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2251 spi, spi, ntohl(net_seq));
2252 audit_log_end(audit_buf);
2253}
2254EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2255
2256void xfrm_audit_state_icvfail(struct xfrm_state *x,
2257 struct sk_buff *skb, u8 proto)
2258{
2259 struct audit_buffer *audit_buf;
2260 __be32 net_spi;
2261 __be32 net_seq;
2262
2263 audit_buf = xfrm_audit_start("SA-icv-failure");
2264 if (audit_buf == NULL)
2265 return;
2266 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2267 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2268 u32 spi = ntohl(net_spi);
2269 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2270 spi, spi, ntohl(net_seq));
2271 }
2272 audit_log_end(audit_buf);
2273}
2274EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
ab5f5e8b 2275#endif /* CONFIG_AUDITSYSCALL */
Ubuntu Focal Linux kernel mirror