net/ipv6/xfrm6_state.c

   1 /*
   2  * xfrm6_state.c: based on xfrm4_state.c
   3  *
   4  * Authors:
   5  *      Mitsuru KANDA @USAGI
   6  *      Kazunori MIYAZAWA @USAGI
   7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
   8  *              IPv6 support
   9  *      YOSHIFUJI Hideaki @USAGI
  10  *              Split up af-specific portion
  11  *
  12  */
  13
  14 #include <net/xfrm.h>
  15 #include <linux/pfkeyv2.h>
  16 #include <linux/ipsec.h>
  17 #include <net/dsfield.h>
  18 #include <net/ipv6.h>
  19 #include <net/addrconf.h>
  20
  21 static struct xfrm_state_afinfo xfrm6_state_afinfo;
  22
  23 static void
  24 __xfrm6_init_tempsel(struct xfrm_state *x, struct flowi *fl,
  25                      struct xfrm_tmpl *tmpl,
  26                      xfrm_address_t *daddr, xfrm_address_t *saddr)
  27 {
  28         /* Initialize temporary selector matching only
  29          * to current session. */
  30         ipv6_addr_copy((struct in6_addr *)&x->sel.daddr, &fl->fl6_dst);
  31         ipv6_addr_copy((struct in6_addr *)&x->sel.saddr, &fl->fl6_src);
  32         x->sel.dport = xfrm_flowi_dport(fl);
  33         x->sel.dport_mask = htons(0xffff);
  34         x->sel.sport = xfrm_flowi_sport(fl);
  35         x->sel.sport_mask = htons(0xffff);
  36         x->sel.prefixlen_d = 128;
  37         x->sel.prefixlen_s = 128;
  38         x->sel.proto = fl->proto;
  39         x->sel.ifindex = fl->oif;
  40         x->id = tmpl->id;
  41         if (ipv6_addr_any((struct in6_addr*)&x->id.daddr))
  42                 memcpy(&x->id.daddr, daddr, sizeof(x->sel.daddr));
  43         memcpy(&x->props.saddr, &tmpl->saddr, sizeof(x->props.saddr));
  44         if (ipv6_addr_any((struct in6_addr*)&x->props.saddr))
  45                 memcpy(&x->props.saddr, saddr, sizeof(x->props.saddr));
  46         x->props.mode = tmpl->mode;
  47         x->props.reqid = tmpl->reqid;
  48         x->props.family = AF_INET6;
  49 }
  50
  51 static int
  52 __xfrm6_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n)
  53 {
  54         int i;
  55         int j = 0;
  56
  57         /* Rule 1: select IPsec transport except AH */
  58         for (i = 0; i < n; i++) {
  59                 if (src[i]->props.mode == XFRM_MODE_TRANSPORT &&
  60                     src[i]->id.proto != IPPROTO_AH) {
  61                         dst[j++] = src[i];
  62                         src[i] = NULL;
  63                 }
  64         }
  65         if (j == n)
  66                 goto end;
  67
  68         /* Rule 2: select MIPv6 RO or inbound trigger */
  69 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
  70         for (i = 0; i < n; i++) {
  71                 if (src[i] &&
  72                     (src[i]->props.mode == XFRM_MODE_ROUTEOPTIMIZATION ||
  73                      src[i]->props.mode == XFRM_MODE_IN_TRIGGER)) {
  74                         dst[j++] = src[i];
  75                         src[i] = NULL;
  76                 }
  77         }
  78         if (j == n)
  79                 goto end;
  80 #endif
  81
  82         /* Rule 3: select IPsec transport AH */
  83         for (i = 0; i < n; i++) {
  84                 if (src[i] &&
  85                     src[i]->props.mode == XFRM_MODE_TRANSPORT &&
  86                     src[i]->id.proto == IPPROTO_AH) {
  87                         dst[j++] = src[i];
  88                         src[i] = NULL;
  89                 }
  90         }
  91         if (j == n)
  92                 goto end;
  93
  94         /* Rule 4: select IPsec tunnel */
  95         for (i = 0; i < n; i++) {
  96                 if (src[i] &&
  97                     (src[i]->props.mode == XFRM_MODE_TUNNEL ||
  98                      src[i]->props.mode == XFRM_MODE_BEET)) {
  99                         dst[j++] = src[i];
 100                         src[i] = NULL;
 101                 }
 102         }
 103         if (likely(j == n))
 104                 goto end;
 105
 106         /* Final rule */
 107         for (i = 0; i < n; i++) {
 108                 if (src[i]) {
 109                         dst[j++] = src[i];
 110                         src[i] = NULL;
 111                 }
 112         }
 113
 114  end:
 115         return 0;
 116 }
 117
 118 static int
 119 __xfrm6_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n)
 120 {
 121         int i;
 122         int j = 0;
 123
 124         /* Rule 1: select IPsec transport */
 125         for (i = 0; i < n; i++) {
 126                 if (src[i]->mode == XFRM_MODE_TRANSPORT) {
 127                         dst[j++] = src[i];
 128                         src[i] = NULL;
 129                 }
 130         }
 131         if (j == n)
 132                 goto end;
 133
 134         /* Rule 2: select MIPv6 RO or inbound trigger */
 135 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
 136         for (i = 0; i < n; i++) {
 137                 if (src[i] &&
 138                     (src[i]->mode == XFRM_MODE_ROUTEOPTIMIZATION ||
 139                      src[i]->mode == XFRM_MODE_IN_TRIGGER)) {
 140                         dst[j++] = src[i];
 141                         src[i] = NULL;
 142                 }
 143         }
 144         if (j == n)
 145                 goto end;
 146 #endif
 147
 148         /* Rule 3: select IPsec tunnel */
 149         for (i = 0; i < n; i++) {
 150                 if (src[i] &&
 151                     (src[i]->mode == XFRM_MODE_TUNNEL ||
 152                      src[i]->mode == XFRM_MODE_BEET)) {
 153                         dst[j++] = src[i];
 154                         src[i] = NULL;
 155                 }
 156         }
 157         if (likely(j == n))
 158                 goto end;
 159
 160         /* Final rule */
 161         for (i = 0; i < n; i++) {
 162                 if (src[i]) {
 163                         dst[j++] = src[i];
 164                         src[i] = NULL;
 165                 }
 166         }
 167
 168  end:
 169         return 0;
 170 }
 171
 172 int xfrm6_extract_header(struct sk_buff *skb)
 173 {
 174         struct ipv6hdr *iph = ipv6_hdr(skb);
 175
 176         XFRM_MODE_SKB_CB(skb)->id = 0;
 177         XFRM_MODE_SKB_CB(skb)->frag_off = htons(IP_DF);
 178         XFRM_MODE_SKB_CB(skb)->tos = ipv6_get_dsfield(iph);
 179         XFRM_MODE_SKB_CB(skb)->ttl = iph->hop_limit;
 180         XFRM_MODE_SKB_CB(skb)->protocol = iph->nexthdr;
 181         memcpy(XFRM_MODE_SKB_CB(skb)->flow_lbl, iph->flow_lbl,
 182                sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl));
 183
 184         return 0;
 185 }
 186
 187 static struct xfrm_state_afinfo xfrm6_state_afinfo = {
 188         .family                 = AF_INET6,
 189         .proto                  = IPPROTO_IPV6,
 190         .owner                  = THIS_MODULE,
 191         .init_tempsel           = __xfrm6_init_tempsel,
 192         .tmpl_sort              = __xfrm6_tmpl_sort,
 193         .state_sort             = __xfrm6_state_sort,
 194         .output                 = xfrm6_output,
 195         .extract_output         = xfrm6_extract_output,
 196 };
 197
 198 void __init xfrm6_state_init(void)
 199 {
 200         xfrm_state_register_afinfo(&xfrm6_state_afinfo);
 201 }
 202
 203 void xfrm6_state_fini(void)
 204 {
 205         xfrm_state_unregister_afinfo(&xfrm6_state_afinfo);
 206 }
 207