]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/xfrm/xfrm_state.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[XFRM]: Restrict authentication algorithm only when inbound transformation protocol...
[mirror_ubuntu-artful-kernel.git] / net / xfrm / xfrm_state.c
CommitLineData
1da177e4
LT		 1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
df71837d 13 *
1da177e4
LT		 14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
21#include <asm/uaccess.h>
22
ee857a7d
DM		 23struct sock *xfrm_nl;
24EXPORT_SYMBOL(xfrm_nl);
25
f8cd5488 26u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME;
a70fcb0b
DM		 27EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
28
f8cd5488 29u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE;
a70fcb0b
DM		 30EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
31
1da177e4
LT		 32/* Each xfrm_state may be linked to two tables:
33
34 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
35 2. Hash table by daddr to find what SAs exist for given
36 destination/tunnel endpoint. (output)
37 */
38
39static DEFINE_SPINLOCK(xfrm_state_lock);
40
41/* Hash table to find appropriate SA towards given target (endpoint
42 * of tunnel or destination of transport mode) allowed by selector.
43 *
44 * Main use is finding SA after policy selected tunnel or transport mode.
45 * Also, it can be used by ah/esp icmp error handler to find offending SA.
46 */
47static struct list_head xfrm_state_bydst[XFRM_DST_HSIZE];
6c44e6b7 48static struct list_head xfrm_state_bysrc[XFRM_DST_HSIZE];
1da177e4
LT		 49static struct list_head xfrm_state_byspi[XFRM_DST_HSIZE];
50
51DECLARE_WAIT_QUEUE_HEAD(km_waitq);
52EXPORT_SYMBOL(km_waitq);
53
54static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
55static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
56
57static struct work_struct xfrm_state_gc_work;
58static struct list_head xfrm_state_gc_list = LIST_HEAD_INIT(xfrm_state_gc_list);
59static DEFINE_SPINLOCK(xfrm_state_gc_lock);
60
61static int xfrm_state_gc_flush_bundles;
62
53bc6b4d 63int __xfrm_state_delete(struct xfrm_state *x);
1da177e4
LT		 64
65static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family);
66static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
67
980ebd25 68int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
53bc6b4d 69void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
1da177e4
LT		 70
71static void xfrm_state_gc_destroy(struct xfrm_state *x)
72{
73 if (del_timer(&x->timer))
74 BUG();
f8cd5488
JHS		 75 if (del_timer(&x->rtimer))
76 BUG();
a51482bd
JJ		 77 kfree(x->aalg);
78 kfree(x->ealg);
79 kfree(x->calg);
80 kfree(x->encap);
b59f45d0
HX		 81 if (x->mode)
82 xfrm_put_mode(x->mode);
1da177e4
LT		 83 if (x->type) {
84 x->type->destructor(x);
85 xfrm_put_type(x->type);
86 }
df71837d 87 security_xfrm_state_free(x);
1da177e4
LT		 88 kfree(x);
89}
90
91static void xfrm_state_gc_task(void *data)
92{
93 struct xfrm_state *x;
94 struct list_head *entry, *tmp;
95 struct list_head gc_list = LIST_HEAD_INIT(gc_list);
96
97 if (xfrm_state_gc_flush_bundles) {
98 xfrm_state_gc_flush_bundles = 0;
99 xfrm_flush_bundles();
100 }
101
102 spin_lock_bh(&xfrm_state_gc_lock);
103 list_splice_init(&xfrm_state_gc_list, &gc_list);
104 spin_unlock_bh(&xfrm_state_gc_lock);
105
106 list_for_each_safe(entry, tmp, &gc_list) {
107 x = list_entry(entry, struct xfrm_state, bydst);
108 xfrm_state_gc_destroy(x);
109 }
110 wake_up(&km_waitq);
111}
112
113static inline unsigned long make_jiffies(long secs)
114{
115 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
116 return MAX_SCHEDULE_TIMEOUT-1;
117 else
118 return secs*HZ;
119}
120
121static void xfrm_timer_handler(unsigned long data)
122{
123 struct xfrm_state *x = (struct xfrm_state*)data;
124 unsigned long now = (unsigned long)xtime.tv_sec;
125 long next = LONG_MAX;
126 int warn = 0;
127
128 spin_lock(&x->lock);
129 if (x->km.state == XFRM_STATE_DEAD)
130 goto out;
131 if (x->km.state == XFRM_STATE_EXPIRED)
132 goto expired;
133 if (x->lft.hard_add_expires_seconds) {
134 long tmo = x->lft.hard_add_expires_seconds +
135 x->curlft.add_time - now;
136 if (tmo <= 0)
137 goto expired;
138 if (tmo < next)
139 next = tmo;
140 }
141 if (x->lft.hard_use_expires_seconds) {
142 long tmo = x->lft.hard_use_expires_seconds +
143 (x->curlft.use_time ? : now) - now;
144 if (tmo <= 0)
145 goto expired;
146 if (tmo < next)
147 next = tmo;
148 }
149 if (x->km.dying)
150 goto resched;
151 if (x->lft.soft_add_expires_seconds) {
152 long tmo = x->lft.soft_add_expires_seconds +
153 x->curlft.add_time - now;
154 if (tmo <= 0)
155 warn = 1;
156 else if (tmo < next)
157 next = tmo;
158 }
159 if (x->lft.soft_use_expires_seconds) {
160 long tmo = x->lft.soft_use_expires_seconds +
161 (x->curlft.use_time ? : now) - now;
162 if (tmo <= 0)
163 warn = 1;
164 else if (tmo < next)
165 next = tmo;
166 }
167
4666faab 168 x->km.dying = warn;
1da177e4 169 if (warn)
53bc6b4d 170 km_state_expired(x, 0, 0);
1da177e4
LT		 171resched:
172 if (next != LONG_MAX &&
173 !mod_timer(&x->timer, jiffies + make_jiffies(next)))
174 xfrm_state_hold(x);
175 goto out;
176
177expired:
178 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
179 x->km.state = XFRM_STATE_EXPIRED;
180 wake_up(&km_waitq);
181 next = 2;
182 goto resched;
183 }
4666faab 184 if (!__xfrm_state_delete(x) && x->id.spi)
53bc6b4d 185 km_state_expired(x, 1, 0);
1da177e4
LT		 186
187out:
188 spin_unlock(&x->lock);
189 xfrm_state_put(x);
190}
191
0ac84752
DM		 192static void xfrm_replay_timer_handler(unsigned long data);
193
1da177e4
LT		 194struct xfrm_state *xfrm_state_alloc(void)
195{
196 struct xfrm_state *x;
197
0da974f4 198 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
1da177e4
LT		 199
200 if (x) {
1da177e4
LT		 201 atomic_set(&x->refcnt, 1);
202 atomic_set(&x->tunnel_users, 0);
203 INIT_LIST_HEAD(&x->bydst);
6c44e6b7 204 INIT_LIST_HEAD(&x->bysrc);
1da177e4
LT		 205 INIT_LIST_HEAD(&x->byspi);
206 init_timer(&x->timer);
207 x->timer.function = xfrm_timer_handler;
208 x->timer.data = (unsigned long)x;
f8cd5488
JHS		 209 init_timer(&x->rtimer);
210 x->rtimer.function = xfrm_replay_timer_handler;
211 x->rtimer.data = (unsigned long)x;
1da177e4
LT		 212 x->curlft.add_time = (unsigned long)xtime.tv_sec;
213 x->lft.soft_byte_limit = XFRM_INF;
214 x->lft.soft_packet_limit = XFRM_INF;
215 x->lft.hard_byte_limit = XFRM_INF;
216 x->lft.hard_packet_limit = XFRM_INF;
f8cd5488
JHS		 217 x->replay_maxage = 0;
218 x->replay_maxdiff = 0;
1da177e4
LT		 219 spin_lock_init(&x->lock);
220 }
221 return x;
222}
223EXPORT_SYMBOL(xfrm_state_alloc);
224
225void __xfrm_state_destroy(struct xfrm_state *x)
226{
227 BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
228
229 spin_lock_bh(&xfrm_state_gc_lock);
230 list_add(&x->bydst, &xfrm_state_gc_list);
231 spin_unlock_bh(&xfrm_state_gc_lock);
232 schedule_work(&xfrm_state_gc_work);
233}
234EXPORT_SYMBOL(__xfrm_state_destroy);
235
53bc6b4d 236int __xfrm_state_delete(struct xfrm_state *x)
1da177e4 237{
26b15dad
JHS		 238 int err = -ESRCH;
239
1da177e4
LT		 240 if (x->km.state != XFRM_STATE_DEAD) {
241 x->km.state = XFRM_STATE_DEAD;
242 spin_lock(&xfrm_state_lock);
243 list_del(&x->bydst);
21380b81 244 __xfrm_state_put(x);
6c44e6b7
MN		 245 list_del(&x->bysrc);
246 __xfrm_state_put(x);
1da177e4
LT		 247 if (x->id.spi) {
248 list_del(&x->byspi);
21380b81 249 __xfrm_state_put(x);
1da177e4
LT		 250 }
251 spin_unlock(&xfrm_state_lock);
252 if (del_timer(&x->timer))
21380b81 253 __xfrm_state_put(x);
f8cd5488
JHS		 254 if (del_timer(&x->rtimer))
255 __xfrm_state_put(x);
1da177e4
LT		 256
257 /* The number two in this test is the reference
258 * mentioned in the comment below plus the reference
259 * our caller holds. A larger value means that
260 * there are DSTs attached to this xfrm_state.
261 */
262 if (atomic_read(&x->refcnt) > 2) {
263 xfrm_state_gc_flush_bundles = 1;
264 schedule_work(&xfrm_state_gc_work);
265 }
266
267 /* All xfrm_state objects are created by xfrm_state_alloc.
268 * The xfrm_state_alloc call gives a reference, and that
269 * is what we are dropping here.
270 */
21380b81 271 __xfrm_state_put(x);
26b15dad 272 err = 0;
1da177e4 273 }
26b15dad
JHS		 274
275 return err;
1da177e4 276}
53bc6b4d 277EXPORT_SYMBOL(__xfrm_state_delete);
1da177e4 278
26b15dad 279int xfrm_state_delete(struct xfrm_state *x)
1da177e4 280{
26b15dad
JHS		 281 int err;
282
1da177e4 283 spin_lock_bh(&x->lock);
26b15dad 284 err = __xfrm_state_delete(x);
1da177e4 285 spin_unlock_bh(&x->lock);
26b15dad
JHS		 286
287 return err;
1da177e4
LT		 288}
289EXPORT_SYMBOL(xfrm_state_delete);
290
291void xfrm_state_flush(u8 proto)
292{
293 int i;
294 struct xfrm_state *x;
295
296 spin_lock_bh(&xfrm_state_lock);
297 for (i = 0; i < XFRM_DST_HSIZE; i++) {
298restart:
299 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
300 if (!xfrm_state_kern(x) &&
5794708f 301 xfrm_id_proto_match(x->id.proto, proto)) {
1da177e4
LT		 302 xfrm_state_hold(x);
303 spin_unlock_bh(&xfrm_state_lock);
304
305 xfrm_state_delete(x);
306 xfrm_state_put(x);
307
308 spin_lock_bh(&xfrm_state_lock);
309 goto restart;
310 }
311 }
312 }
313 spin_unlock_bh(&xfrm_state_lock);
314 wake_up(&km_waitq);
315}
316EXPORT_SYMBOL(xfrm_state_flush);
317
318static int
319xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
320 struct xfrm_tmpl *tmpl,
321 xfrm_address_t *daddr, xfrm_address_t *saddr,
322 unsigned short family)
323{
324 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
325 if (!afinfo)
326 return -1;
327 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
328 xfrm_state_put_afinfo(afinfo);
329 return 0;
330}
331
332struct xfrm_state *
333xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
334 struct flowi *fl, struct xfrm_tmpl *tmpl,
335 struct xfrm_policy *pol, int *err,
336 unsigned short family)
337{
338 unsigned h = xfrm_dst_hash(daddr, family);
339 struct xfrm_state *x, *x0;
340 int acquire_in_progress = 0;
341 int error = 0;
342 struct xfrm_state *best = NULL;
343 struct xfrm_state_afinfo *afinfo;
344
345 afinfo = xfrm_state_get_afinfo(family);
346 if (afinfo == NULL) {
347 *err = -EAFNOSUPPORT;
348 return NULL;
349 }
350
351 spin_lock_bh(&xfrm_state_lock);
352 list_for_each_entry(x, xfrm_state_bydst+h, bydst) {
353 if (x->props.family == family &&
354 x->props.reqid == tmpl->reqid &&
355 xfrm_state_addr_check(x, daddr, saddr, family) &&
356 tmpl->mode == x->props.mode &&
357 tmpl->id.proto == x->id.proto &&
358 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
359 /* Resolution logic:
360 1. There is a valid state with matching selector.
361 Done.
362 2. Valid state with inappropriate selector. Skip.
363
364 Entering area of "sysdeps".
365
366 3. If state is not valid, selector is temporary,
367 it selects only session which triggered
368 previous resolution. Key manager will do
369 something to install a state with proper
370 selector.
371 */
372 if (x->km.state == XFRM_STATE_VALID) {
df71837d 373 if (!xfrm_selector_match(&x->sel, fl, family) ||
e0d1caa7 374 !security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 375 continue;
376 if (!best ||
377 best->km.dying > x->km.dying ||
378 (best->km.dying == x->km.dying &&
379 best->curlft.add_time < x->curlft.add_time))
380 best = x;
381 } else if (x->km.state == XFRM_STATE_ACQ) {
382 acquire_in_progress = 1;
383 } else if (x->km.state == XFRM_STATE_ERROR ||
384 x->km.state == XFRM_STATE_EXPIRED) {
df71837d 385 if (xfrm_selector_match(&x->sel, fl, family) &&
e0d1caa7 386 security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 387 error = -ESRCH;
388 }
389 }
390 }
391
392 x = best;
393 if (!x && !error && !acquire_in_progress) {
5c5d281a
PM		 394 if (tmpl->id.spi &&
395 (x0 = afinfo->state_lookup(daddr, tmpl->id.spi,
396 tmpl->id.proto)) != NULL) {
1da177e4
LT		 397 xfrm_state_put(x0);
398 error = -EEXIST;
399 goto out;
400 }
401 x = xfrm_state_alloc();
402 if (x == NULL) {
403 error = -ENOMEM;
404 goto out;
405 }
406 /* Initialize temporary selector matching only
407 * to current session. */
408 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
409
e0d1caa7
VY		 410 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
411 if (error) {
412 x->km.state = XFRM_STATE_DEAD;
413 xfrm_state_put(x);
414 x = NULL;
415 goto out;
416 }
417
1da177e4
LT		 418 if (km_query(x, tmpl, pol) == 0) {
419 x->km.state = XFRM_STATE_ACQ;
420 list_add_tail(&x->bydst, xfrm_state_bydst+h);
421 xfrm_state_hold(x);
6c44e6b7
MN		 422 list_add_tail(&x->bysrc, xfrm_state_bysrc+h);
423 xfrm_state_hold(x);
1da177e4
LT		 424 if (x->id.spi) {
425 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
426 list_add(&x->byspi, xfrm_state_byspi+h);
427 xfrm_state_hold(x);
428 }
429 x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
430 xfrm_state_hold(x);
431 x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
432 add_timer(&x->timer);
433 } else {
434 x->km.state = XFRM_STATE_DEAD;
435 xfrm_state_put(x);
436 x = NULL;
437 error = -ESRCH;
438 }
439 }
440out:
441 if (x)
442 xfrm_state_hold(x);
443 else
444 *err = acquire_in_progress ? -EAGAIN : error;
445 spin_unlock_bh(&xfrm_state_lock);
446 xfrm_state_put_afinfo(afinfo);
447 return x;
448}
449
450static void __xfrm_state_insert(struct xfrm_state *x)
451{
452 unsigned h = xfrm_dst_hash(&x->id.daddr, x->props.family);
453
454 list_add(&x->bydst, xfrm_state_bydst+h);
455 xfrm_state_hold(x);
456
6c44e6b7 457 h = xfrm_src_hash(&x->props.saddr, x->props.family);
1da177e4 458
6c44e6b7 459 list_add(&x->bysrc, xfrm_state_bysrc+h);
1da177e4
LT		 460 xfrm_state_hold(x);
461
6c44e6b7
MN		 462 if (xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY)) {
463 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
464 x->props.family);
465
466 list_add(&x->byspi, xfrm_state_byspi+h);
467 xfrm_state_hold(x);
468 }
469
1da177e4
LT		 470 if (!mod_timer(&x->timer, jiffies + HZ))
471 xfrm_state_hold(x);
472
f8cd5488
JHS		 473 if (x->replay_maxage &&
474 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
475 xfrm_state_hold(x);
476
1da177e4
LT		 477 wake_up(&km_waitq);
478}
479
480void xfrm_state_insert(struct xfrm_state *x)
481{
482 spin_lock_bh(&xfrm_state_lock);
483 __xfrm_state_insert(x);
484 spin_unlock_bh(&xfrm_state_lock);
399c180a
DM		 485
486 xfrm_flush_all_bundles();
1da177e4
LT		 487}
488EXPORT_SYMBOL(xfrm_state_insert);
489
eb2971b6
MN		 490static inline struct xfrm_state *
491__xfrm_state_locate(struct xfrm_state_afinfo *afinfo, struct xfrm_state *x,
492 int use_spi)
493{
494 if (use_spi)
495 return afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
496 else
497 return afinfo->state_lookup_byaddr(&x->id.daddr, &x->props.saddr, x->id.proto);
498}
499
1da177e4
LT		 500static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
501
502int xfrm_state_add(struct xfrm_state *x)
503{
504 struct xfrm_state_afinfo *afinfo;
505 struct xfrm_state *x1;
506 int family;
507 int err;
eb2971b6 508 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4
LT		 509
510 family = x->props.family;
511 afinfo = xfrm_state_get_afinfo(family);
512 if (unlikely(afinfo == NULL))
513 return -EAFNOSUPPORT;
514
515 spin_lock_bh(&xfrm_state_lock);
516
eb2971b6 517 x1 = __xfrm_state_locate(afinfo, x, use_spi);
1da177e4
LT		 518 if (x1) {
519 xfrm_state_put(x1);
520 x1 = NULL;
521 err = -EEXIST;
522 goto out;
523 }
524
eb2971b6 525 if (use_spi && x->km.seq) {
1da177e4
LT		 526 x1 = __xfrm_find_acq_byseq(x->km.seq);
527 if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
528 xfrm_state_put(x1);
529 x1 = NULL;
530 }
531 }
532
eb2971b6 533 if (use_spi && !x1)
1da177e4
LT		 534 x1 = afinfo->find_acq(
535 x->props.mode, x->props.reqid, x->id.proto,
536 &x->id.daddr, &x->props.saddr, 0);
537
538 __xfrm_state_insert(x);
539 err = 0;
540
541out:
542 spin_unlock_bh(&xfrm_state_lock);
543 xfrm_state_put_afinfo(afinfo);
544
399c180a
DM		 545 if (!err)
546 xfrm_flush_all_bundles();
547
1da177e4
LT		 548 if (x1) {
549 xfrm_state_delete(x1);
550 xfrm_state_put(x1);
551 }
552
553 return err;
554}
555EXPORT_SYMBOL(xfrm_state_add);
556
557int xfrm_state_update(struct xfrm_state *x)
558{
559 struct xfrm_state_afinfo *afinfo;
560 struct xfrm_state *x1;
561 int err;
eb2971b6 562 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4
LT		 563
564 afinfo = xfrm_state_get_afinfo(x->props.family);
565 if (unlikely(afinfo == NULL))
566 return -EAFNOSUPPORT;
567
568 spin_lock_bh(&xfrm_state_lock);
eb2971b6 569 x1 = __xfrm_state_locate(afinfo, x, use_spi);
1da177e4
LT		 570
571 err = -ESRCH;
572 if (!x1)
573 goto out;
574
575 if (xfrm_state_kern(x1)) {
576 xfrm_state_put(x1);
577 err = -EEXIST;
578 goto out;
579 }
580
581 if (x1->km.state == XFRM_STATE_ACQ) {
582 __xfrm_state_insert(x);
583 x = NULL;
584 }
585 err = 0;
586
587out:
588 spin_unlock_bh(&xfrm_state_lock);
589 xfrm_state_put_afinfo(afinfo);
590
591 if (err)
592 return err;
593
594 if (!x) {
595 xfrm_state_delete(x1);
596 xfrm_state_put(x1);
597 return 0;
598 }
599
600 err = -EINVAL;
601 spin_lock_bh(&x1->lock);
602 if (likely(x1->km.state == XFRM_STATE_VALID)) {
603 if (x->encap && x1->encap)
604 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
605 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
606 x1->km.dying = 0;
607
608 if (!mod_timer(&x1->timer, jiffies + HZ))
609 xfrm_state_hold(x1);
610 if (x1->curlft.use_time)
611 xfrm_state_check_expire(x1);
612
613 err = 0;
614 }
615 spin_unlock_bh(&x1->lock);
616
617 xfrm_state_put(x1);
618
619 return err;
620}
621EXPORT_SYMBOL(xfrm_state_update);
622
623int xfrm_state_check_expire(struct xfrm_state *x)
624{
625 if (!x->curlft.use_time)
626 x->curlft.use_time = (unsigned long)xtime.tv_sec;
627
628 if (x->km.state != XFRM_STATE_VALID)
629 return -EINVAL;
630
631 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
632 x->curlft.packets >= x->lft.hard_packet_limit) {
4666faab
HX		 633 x->km.state = XFRM_STATE_EXPIRED;
634 if (!mod_timer(&x->timer, jiffies))
1da177e4
LT		 635 xfrm_state_hold(x);
636 return -EINVAL;
637 }
638
639 if (!x->km.dying &&
640 (x->curlft.bytes >= x->lft.soft_byte_limit ||
4666faab
HX		 641 x->curlft.packets >= x->lft.soft_packet_limit)) {
642 x->km.dying = 1;
53bc6b4d 643 km_state_expired(x, 0, 0);
4666faab 644 }
1da177e4
LT		 645 return 0;
646}
647EXPORT_SYMBOL(xfrm_state_check_expire);
648
649static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
650{
651 int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev)
652 - skb_headroom(skb);
653
654 if (nhead > 0)
655 return pskb_expand_head(skb, nhead, 0, GFP_ATOMIC);
656
657 /* Check tail too... */
658 return 0;
659}
660
661int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
662{
663 int err = xfrm_state_check_expire(x);
664 if (err < 0)
665 goto err;
666 err = xfrm_state_check_space(x, skb);
667err:
668 return err;
669}
670EXPORT_SYMBOL(xfrm_state_check);
671
672struct xfrm_state *
673xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto,
674 unsigned short family)
675{
676 struct xfrm_state *x;
677 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
678 if (!afinfo)
679 return NULL;
680
681 spin_lock_bh(&xfrm_state_lock);
682 x = afinfo->state_lookup(daddr, spi, proto);
683 spin_unlock_bh(&xfrm_state_lock);
684 xfrm_state_put_afinfo(afinfo);
685 return x;
686}
687EXPORT_SYMBOL(xfrm_state_lookup);
688
689struct xfrm_state *
eb2971b6
MN		 690xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
691 u8 proto, unsigned short family)
692{
693 struct xfrm_state *x;
694 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
695 if (!afinfo)
696 return NULL;
697
698 spin_lock_bh(&xfrm_state_lock);
699 x = afinfo->state_lookup_byaddr(daddr, saddr, proto);
700 spin_unlock_bh(&xfrm_state_lock);
701 xfrm_state_put_afinfo(afinfo);
702 return x;
703}
704EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
705
706struct xfrm_state *
1da177e4
LT		 707xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
708 xfrm_address_t *daddr, xfrm_address_t *saddr,
709 int create, unsigned short family)
710{
711 struct xfrm_state *x;
712 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
713 if (!afinfo)
714 return NULL;
715
716 spin_lock_bh(&xfrm_state_lock);
717 x = afinfo->find_acq(mode, reqid, proto, daddr, saddr, create);
718 spin_unlock_bh(&xfrm_state_lock);
719 xfrm_state_put_afinfo(afinfo);
720 return x;
721}
722EXPORT_SYMBOL(xfrm_find_acq);
723
724/* Silly enough, but I'm lazy to build resolution list */
725
726static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
727{
728 int i;
729 struct xfrm_state *x;
730
731 for (i = 0; i < XFRM_DST_HSIZE; i++) {
732 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
733 if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
734 xfrm_state_hold(x);
735 return x;
736 }
737 }
738 }
739 return NULL;
740}
741
742struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
743{
744 struct xfrm_state *x;
745
746 spin_lock_bh(&xfrm_state_lock);
747 x = __xfrm_find_acq_byseq(seq);
748 spin_unlock_bh(&xfrm_state_lock);
749 return x;
750}
751EXPORT_SYMBOL(xfrm_find_acq_byseq);
752
753u32 xfrm_get_acqseq(void)
754{
755 u32 res;
756 static u32 acqseq;
757 static DEFINE_SPINLOCK(acqseq_lock);
758
759 spin_lock_bh(&acqseq_lock);
760 res = (++acqseq ? : ++acqseq);
761 spin_unlock_bh(&acqseq_lock);
762 return res;
763}
764EXPORT_SYMBOL(xfrm_get_acqseq);
765
766void
767xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi)
768{
769 u32 h;
770 struct xfrm_state *x0;
771
772 if (x->id.spi)
773 return;
774
775 if (minspi == maxspi) {
776 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
777 if (x0) {
778 xfrm_state_put(x0);
779 return;
780 }
781 x->id.spi = minspi;
782 } else {
783 u32 spi = 0;
784 minspi = ntohl(minspi);
785 maxspi = ntohl(maxspi);
786 for (h=0; h<maxspi-minspi+1; h++) {
787 spi = minspi + net_random()%(maxspi-minspi+1);
788 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
789 if (x0 == NULL) {
790 x->id.spi = htonl(spi);
791 break;
792 }
793 xfrm_state_put(x0);
794 }
795 }
796 if (x->id.spi) {
797 spin_lock_bh(&xfrm_state_lock);
798 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
799 list_add(&x->byspi, xfrm_state_byspi+h);
800 xfrm_state_hold(x);
801 spin_unlock_bh(&xfrm_state_lock);
802 wake_up(&km_waitq);
803 }
804}
805EXPORT_SYMBOL(xfrm_alloc_spi);
806
807int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
808 void *data)
809{
810 int i;
811 struct xfrm_state *x;
812 int count = 0;
813 int err = 0;
814
815 spin_lock_bh(&xfrm_state_lock);
816 for (i = 0; i < XFRM_DST_HSIZE; i++) {
817 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
5794708f 818 if (xfrm_id_proto_match(x->id.proto, proto))
1da177e4
LT		 819 count++;
820 }
821 }
822 if (count == 0) {
823 err = -ENOENT;
824 goto out;
825 }
826
827 for (i = 0; i < XFRM_DST_HSIZE; i++) {
828 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
5794708f 829 if (!xfrm_id_proto_match(x->id.proto, proto))
1da177e4
LT		 830 continue;
831 err = func(x, --count, data);
832 if (err)
833 goto out;
834 }
835 }
836out:
837 spin_unlock_bh(&xfrm_state_lock);
838 return err;
839}
840EXPORT_SYMBOL(xfrm_state_walk);
841
f8cd5488
JHS		 842
843void xfrm_replay_notify(struct xfrm_state *x, int event)
844{
845 struct km_event c;
846 /* we send notify messages in case
847 * 1. we updated on of the sequence numbers, and the seqno difference
848 * is at least x->replay_maxdiff, in this case we also update the
849 * timeout of our timer function
850 * 2. if x->replay_maxage has elapsed since last update,
851 * and there were changes
852 *
853 * The state structure must be locked!
854 */
855
856 switch (event) {
857 case XFRM_REPLAY_UPDATE:
858 if (x->replay_maxdiff &&
859 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
2717096a
JHS		 860 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
861 if (x->xflags & XFRM_TIME_DEFER)
862 event = XFRM_REPLAY_TIMEOUT;
863 else
864 return;
865 }
f8cd5488
JHS		 866
867 break;
868
869 case XFRM_REPLAY_TIMEOUT:
870 if ((x->replay.seq == x->preplay.seq) &&
871 (x->replay.bitmap == x->preplay.bitmap) &&
2717096a
JHS		 872 (x->replay.oseq == x->preplay.oseq)) {
873 x->xflags |= XFRM_TIME_DEFER;
f8cd5488 874 return;
2717096a 875 }
f8cd5488
JHS		 876
877 break;
878 }
879
880 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
881 c.event = XFRM_MSG_NEWAE;
882 c.data.aevent = event;
883 km_state_notify(x, &c);
884
f8cd5488 885 if (x->replay_maxage &&
2717096a 886 !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) {
f8cd5488 887 xfrm_state_hold(x);
2717096a
JHS		 888 x->xflags &= ~XFRM_TIME_DEFER;
889 }
f8cd5488 890}
a70fcb0b 891EXPORT_SYMBOL(xfrm_replay_notify);
f8cd5488
JHS		 892
893static void xfrm_replay_timer_handler(unsigned long data)
894{
895 struct xfrm_state *x = (struct xfrm_state*)data;
896
897 spin_lock(&x->lock);
898
2717096a
JHS		 899 if (x->km.state == XFRM_STATE_VALID) {
900 if (xfrm_aevent_is_on())
901 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
902 else
903 x->xflags |= XFRM_TIME_DEFER;
904 }
f8cd5488
JHS		 905
906 spin_unlock(&x->lock);
2717096a 907 xfrm_state_put(x);
f8cd5488
JHS		 908}
909
1da177e4
LT		 910int xfrm_replay_check(struct xfrm_state *x, u32 seq)
911{
912 u32 diff;
913
914 seq = ntohl(seq);
915
916 if (unlikely(seq == 0))
917 return -EINVAL;
918
919 if (likely(seq > x->replay.seq))
920 return 0;
921
922 diff = x->replay.seq - seq;
923 if (diff >= x->props.replay_window) {
924 x->stats.replay_window++;
925 return -EINVAL;
926 }
927
928 if (x->replay.bitmap & (1U << diff)) {
929 x->stats.replay++;
930 return -EINVAL;
931 }
932 return 0;
933}
934EXPORT_SYMBOL(xfrm_replay_check);
935
936void xfrm_replay_advance(struct xfrm_state *x, u32 seq)
937{
938 u32 diff;
939
940 seq = ntohl(seq);
941
942 if (seq > x->replay.seq) {
943 diff = seq - x->replay.seq;
944 if (diff < x->props.replay_window)
945 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
946 else
947 x->replay.bitmap = 1;
948 x->replay.seq = seq;
949 } else {
950 diff = x->replay.seq - seq;
951 x->replay.bitmap |= (1U << diff);
952 }
f8cd5488
JHS		 953
954 if (xfrm_aevent_is_on())
955 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1da177e4
LT		 956}
957EXPORT_SYMBOL(xfrm_replay_advance);
958
959static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
960static DEFINE_RWLOCK(xfrm_km_lock);
961
26b15dad 962void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1da177e4
LT		 963{
964 struct xfrm_mgr *km;
965
26b15dad
JHS		 966 read_lock(&xfrm_km_lock);
967 list_for_each_entry(km, &xfrm_km_list, list)
968 if (km->notify_policy)
969 km->notify_policy(xp, dir, c);
970 read_unlock(&xfrm_km_lock);
971}
1da177e4 972
26b15dad
JHS		 973void km_state_notify(struct xfrm_state *x, struct km_event *c)
974{
975 struct xfrm_mgr *km;
1da177e4
LT		 976 read_lock(&xfrm_km_lock);
977 list_for_each_entry(km, &xfrm_km_list, list)
26b15dad
JHS		 978 if (km->notify)
979 km->notify(x, c);
1da177e4 980 read_unlock(&xfrm_km_lock);
26b15dad
JHS		 981}
982
983EXPORT_SYMBOL(km_policy_notify);
984EXPORT_SYMBOL(km_state_notify);
985
53bc6b4d 986void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
26b15dad
JHS		 987{
988 struct km_event c;
989
bf08867f 990 c.data.hard = hard;
53bc6b4d 991 c.pid = pid;
f60f6b8f 992 c.event = XFRM_MSG_EXPIRE;
26b15dad 993 km_state_notify(x, &c);
1da177e4
LT		 994
995 if (hard)
996 wake_up(&km_waitq);
997}
998
53bc6b4d 999EXPORT_SYMBOL(km_state_expired);
26b15dad
JHS		 1000/*
1001 * We send to all registered managers regardless of failure
1002 * We are happy with one success
1003*/
980ebd25 1004int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1da177e4 1005{
26b15dad 1006 int err = -EINVAL, acqret;
1da177e4
LT		 1007 struct xfrm_mgr *km;
1008
1009 read_lock(&xfrm_km_lock);
1010 list_for_each_entry(km, &xfrm_km_list, list) {
26b15dad
JHS		 1011 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1012 if (!acqret)
1013 err = acqret;
1da177e4
LT		 1014 }
1015 read_unlock(&xfrm_km_lock);
1016 return err;
1017}
980ebd25 1018EXPORT_SYMBOL(km_query);
1da177e4
LT		 1019
1020int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport)
1021{
1022 int err = -EINVAL;
1023 struct xfrm_mgr *km;
1024
1025 read_lock(&xfrm_km_lock);
1026 list_for_each_entry(km, &xfrm_km_list, list) {
1027 if (km->new_mapping)
1028 err = km->new_mapping(x, ipaddr, sport);
1029 if (!err)
1030 break;
1031 }
1032 read_unlock(&xfrm_km_lock);
1033 return err;
1034}
1035EXPORT_SYMBOL(km_new_mapping);
1036
6c5c8ca7 1037void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1da177e4 1038{
26b15dad 1039 struct km_event c;
1da177e4 1040
bf08867f 1041 c.data.hard = hard;
6c5c8ca7 1042 c.pid = pid;
f60f6b8f 1043 c.event = XFRM_MSG_POLEXPIRE;
26b15dad 1044 km_policy_notify(pol, dir, &c);
1da177e4
LT		 1045
1046 if (hard)
1047 wake_up(&km_waitq);
1048}
a70fcb0b 1049EXPORT_SYMBOL(km_policy_expired);
1da177e4
LT		 1050
1051int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1052{
1053 int err;
1054 u8 *data;
1055 struct xfrm_mgr *km;
1056 struct xfrm_policy *pol = NULL;
1057
1058 if (optlen <= 0 || optlen > PAGE_SIZE)
1059 return -EMSGSIZE;
1060
1061 data = kmalloc(optlen, GFP_KERNEL);
1062 if (!data)
1063 return -ENOMEM;
1064
1065 err = -EFAULT;
1066 if (copy_from_user(data, optval, optlen))
1067 goto out;
1068
1069 err = -EINVAL;
1070 read_lock(&xfrm_km_lock);
1071 list_for_each_entry(km, &xfrm_km_list, list) {
cb969f07 1072 pol = km->compile_policy(sk, optname, data,
1da177e4
LT		 1073 optlen, &err);
1074 if (err >= 0)
1075 break;
1076 }
1077 read_unlock(&xfrm_km_lock);
1078
1079 if (err >= 0) {
1080 xfrm_sk_policy_insert(sk, err, pol);
1081 xfrm_pol_put(pol);
1082 err = 0;
1083 }
1084
1085out:
1086 kfree(data);
1087 return err;
1088}
1089EXPORT_SYMBOL(xfrm_user_policy);
1090
1091int xfrm_register_km(struct xfrm_mgr *km)
1092{
1093 write_lock_bh(&xfrm_km_lock);
1094 list_add_tail(&km->list, &xfrm_km_list);
1095 write_unlock_bh(&xfrm_km_lock);
1096 return 0;
1097}
1098EXPORT_SYMBOL(xfrm_register_km);
1099
1100int xfrm_unregister_km(struct xfrm_mgr *km)
1101{
1102 write_lock_bh(&xfrm_km_lock);
1103 list_del(&km->list);
1104 write_unlock_bh(&xfrm_km_lock);
1105 return 0;
1106}
1107EXPORT_SYMBOL(xfrm_unregister_km);
1108
1109int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1110{
1111 int err = 0;
1112 if (unlikely(afinfo == NULL))
1113 return -EINVAL;
1114 if (unlikely(afinfo->family >= NPROTO))
1115 return -EAFNOSUPPORT;
f3111502 1116 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1117 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1118 err = -ENOBUFS;
1119 else {
1120 afinfo->state_bydst = xfrm_state_bydst;
6c44e6b7 1121 afinfo->state_bysrc = xfrm_state_bysrc;
1da177e4
LT		 1122 afinfo->state_byspi = xfrm_state_byspi;
1123 xfrm_state_afinfo[afinfo->family] = afinfo;
1124 }
f3111502 1125 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1126 return err;
1127}
1128EXPORT_SYMBOL(xfrm_state_register_afinfo);
1129
1130int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1131{
1132 int err = 0;
1133 if (unlikely(afinfo == NULL))
1134 return -EINVAL;
1135 if (unlikely(afinfo->family >= NPROTO))
1136 return -EAFNOSUPPORT;
f3111502 1137 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1138 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1139 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1140 err = -EINVAL;
1141 else {
1142 xfrm_state_afinfo[afinfo->family] = NULL;
1143 afinfo->state_byspi = NULL;
6c44e6b7 1144 afinfo->state_bysrc = NULL;
1da177e4
LT		 1145 afinfo->state_bydst = NULL;
1146 }
1147 }
f3111502 1148 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1149 return err;
1150}
1151EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1152
1153static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
1154{
1155 struct xfrm_state_afinfo *afinfo;
1156 if (unlikely(family >= NPROTO))
1157 return NULL;
1158 read_lock(&xfrm_state_afinfo_lock);
1159 afinfo = xfrm_state_afinfo[family];
546be240
HX		 1160 if (unlikely(!afinfo))
1161 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1162 return afinfo;
1163}
1164
1165static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1166{
546be240 1167 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1168}
1169
1170/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1171void xfrm_state_delete_tunnel(struct xfrm_state *x)
1172{
1173 if (x->tunnel) {
1174 struct xfrm_state *t = x->tunnel;
1175
1176 if (atomic_read(&t->tunnel_users) == 2)
1177 xfrm_state_delete(t);
1178 atomic_dec(&t->tunnel_users);
1179 xfrm_state_put(t);
1180 x->tunnel = NULL;
1181 }
1182}
1183EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1184
80b30c10
HX		 1185/*
1186 * This function is NOT optimal. For example, with ESP it will give an
1187 * MTU that's usually two bytes short of being optimal. However, it will
1188 * usually give an answer that's a multiple of 4 provided the input is
1189 * also a multiple of 4.
1190 */
1da177e4
LT		 1191int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1192{
1193 int res = mtu;
1194
1195 res -= x->props.header_len;
1196
1197 for (;;) {
1198 int m = res;
1199
1200 if (m < 68)
1201 return 68;
1202
1203 spin_lock_bh(&x->lock);
1204 if (x->km.state == XFRM_STATE_VALID &&
1205 x->type && x->type->get_max_size)
1206 m = x->type->get_max_size(x, m);
1207 else
1208 m += x->props.header_len;
1209 spin_unlock_bh(&x->lock);
1210
1211 if (m <= mtu)
1212 break;
1213 res -= (m - mtu);
1214 }
1215
1216 return res;
1217}
1218
72cb6962
HX		 1219int xfrm_init_state(struct xfrm_state *x)
1220{
d094cd83
HX		 1221 struct xfrm_state_afinfo *afinfo;
1222 int family = x->props.family;
72cb6962
HX		 1223 int err;
1224
d094cd83
HX		 1225 err = -EAFNOSUPPORT;
1226 afinfo = xfrm_state_get_afinfo(family);
1227 if (!afinfo)
1228 goto error;
1229
1230 err = 0;
1231 if (afinfo->init_flags)
1232 err = afinfo->init_flags(x);
1233
1234 xfrm_state_put_afinfo(afinfo);
1235
1236 if (err)
1237 goto error;
1238
1239 err = -EPROTONOSUPPORT;
1240 x->type = xfrm_get_type(x->id.proto, family);
72cb6962
HX		 1241 if (x->type == NULL)
1242 goto error;
1243
1244 err = x->type->init_state(x);
1245 if (err)
1246 goto error;
1247
b59f45d0
HX		 1248 x->mode = xfrm_get_mode(x->props.mode, family);
1249 if (x->mode == NULL)
1250 goto error;
1251
72cb6962
HX		 1252 x->km.state = XFRM_STATE_VALID;
1253
1254error:
1255 return err;
1256}
1257
1258EXPORT_SYMBOL(xfrm_init_state);
1da177e4
LT		 1259
1260void __init xfrm_state_init(void)
1261{
1262 int i;
1263
1264 for (i=0; i<XFRM_DST_HSIZE; i++) {
1265 INIT_LIST_HEAD(&xfrm_state_bydst[i]);
6c44e6b7 1266 INIT_LIST_HEAD(&xfrm_state_bysrc[i]);
1da177e4
LT		 1267 INIT_LIST_HEAD(&xfrm_state_byspi[i]);
1268 }
1269 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task, NULL);
1270}
1271
Ubuntu Artful kernel mirror