]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - net/xfrm/xfrm_state.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
netns xfrm: per-netns xfrm_state_byspi hash
[mirror_ubuntu-artful-kernel.git] / net / xfrm / xfrm_state.c
1 /*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
13 *
14 */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <linux/cache.h>
22 #include <linux/audit.h>
23 #include <asm/uaccess.h>
24
25 #include "xfrm_hash.h"
26
27 struct sock *xfrm_nl;
28 EXPORT_SYMBOL(xfrm_nl);
29
30 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
31 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
33 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
34 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
36 u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
38 /* Each xfrm_state may be linked to two tables:
39
40 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
41 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
42 destination/tunnel endpoint. (output)
43 */
44
45 static DEFINE_SPINLOCK(xfrm_state_lock);
46
47 static unsigned int xfrm_state_hmask __read_mostly;
48 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
49 static unsigned int xfrm_state_num;
50 static unsigned int xfrm_state_genid;
51
52 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
53 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
54
55 #ifdef CONFIG_AUDITSYSCALL
56 static void xfrm_audit_state_replay(struct xfrm_state *x,
57 struct sk_buff *skb, __be32 net_seq);
58 #else
59 #define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
60 #endif /* CONFIG_AUDITSYSCALL */
61
62 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
63 xfrm_address_t *saddr,
64 u32 reqid,
65 unsigned short family)
66 {
67 return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
68 }
69
70 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
71 xfrm_address_t *saddr,
72 unsigned short family)
73 {
74 return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
75 }
76
77 static inline unsigned int
78 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
79 {
80 return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
81 }
82
83 static void xfrm_hash_transfer(struct hlist_head *list,
84 struct hlist_head *ndsttable,
85 struct hlist_head *nsrctable,
86 struct hlist_head *nspitable,
87 unsigned int nhashmask)
88 {
89 struct hlist_node *entry, *tmp;
90 struct xfrm_state *x;
91
92 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
93 unsigned int h;
94
95 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
96 x->props.reqid, x->props.family,
97 nhashmask);
98 hlist_add_head(&x->bydst, ndsttable+h);
99
100 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
101 x->props.family,
102 nhashmask);
103 hlist_add_head(&x->bysrc, nsrctable+h);
104
105 if (x->id.spi) {
106 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
107 x->id.proto, x->props.family,
108 nhashmask);
109 hlist_add_head(&x->byspi, nspitable+h);
110 }
111 }
112 }
113
114 static unsigned long xfrm_hash_new_size(void)
115 {
116 return ((xfrm_state_hmask + 1) << 1) *
117 sizeof(struct hlist_head);
118 }
119
120 static DEFINE_MUTEX(hash_resize_mutex);
121
122 static void xfrm_hash_resize(struct work_struct *__unused)
123 {
124 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
125 unsigned long nsize, osize;
126 unsigned int nhashmask, ohashmask;
127 int i;
128
129 mutex_lock(&hash_resize_mutex);
130
131 nsize = xfrm_hash_new_size();
132 ndst = xfrm_hash_alloc(nsize);
133 if (!ndst)
134 goto out_unlock;
135 nsrc = xfrm_hash_alloc(nsize);
136 if (!nsrc) {
137 xfrm_hash_free(ndst, nsize);
138 goto out_unlock;
139 }
140 nspi = xfrm_hash_alloc(nsize);
141 if (!nspi) {
142 xfrm_hash_free(ndst, nsize);
143 xfrm_hash_free(nsrc, nsize);
144 goto out_unlock;
145 }
146
147 spin_lock_bh(&xfrm_state_lock);
148
149 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
150 for (i = xfrm_state_hmask; i >= 0; i--)
151 xfrm_hash_transfer(init_net.xfrm.state_bydst+i, ndst, nsrc, nspi,
152 nhashmask);
153
154 odst = init_net.xfrm.state_bydst;
155 osrc = init_net.xfrm.state_bysrc;
156 ospi = init_net.xfrm.state_byspi;
157 ohashmask = xfrm_state_hmask;
158
159 init_net.xfrm.state_bydst = ndst;
160 init_net.xfrm.state_bysrc = nsrc;
161 init_net.xfrm.state_byspi = nspi;
162 xfrm_state_hmask = nhashmask;
163
164 spin_unlock_bh(&xfrm_state_lock);
165
166 osize = (ohashmask + 1) * sizeof(struct hlist_head);
167 xfrm_hash_free(odst, osize);
168 xfrm_hash_free(osrc, osize);
169 xfrm_hash_free(ospi, osize);
170
171 out_unlock:
172 mutex_unlock(&hash_resize_mutex);
173 }
174
175 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
176
177 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
178 EXPORT_SYMBOL(km_waitq);
179
180 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
181 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
182
183 static struct work_struct xfrm_state_gc_work;
184 static HLIST_HEAD(xfrm_state_gc_list);
185 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
186
187 int __xfrm_state_delete(struct xfrm_state *x);
188
189 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
190 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
191
192 static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
193 {
194 struct xfrm_state_afinfo *afinfo;
195 if (unlikely(family >= NPROTO))
196 return NULL;
197 write_lock_bh(&xfrm_state_afinfo_lock);
198 afinfo = xfrm_state_afinfo[family];
199 if (unlikely(!afinfo))
200 write_unlock_bh(&xfrm_state_afinfo_lock);
201 return afinfo;
202 }
203
204 static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
205 __releases(xfrm_state_afinfo_lock)
206 {
207 write_unlock_bh(&xfrm_state_afinfo_lock);
208 }
209
210 int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
211 {
212 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
213 const struct xfrm_type **typemap;
214 int err = 0;
215
216 if (unlikely(afinfo == NULL))
217 return -EAFNOSUPPORT;
218 typemap = afinfo->type_map;
219
220 if (likely(typemap[type->proto] == NULL))
221 typemap[type->proto] = type;
222 else
223 err = -EEXIST;
224 xfrm_state_unlock_afinfo(afinfo);
225 return err;
226 }
227 EXPORT_SYMBOL(xfrm_register_type);
228
229 int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
230 {
231 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
232 const struct xfrm_type **typemap;
233 int err = 0;
234
235 if (unlikely(afinfo == NULL))
236 return -EAFNOSUPPORT;
237 typemap = afinfo->type_map;
238
239 if (unlikely(typemap[type->proto] != type))
240 err = -ENOENT;
241 else
242 typemap[type->proto] = NULL;
243 xfrm_state_unlock_afinfo(afinfo);
244 return err;
245 }
246 EXPORT_SYMBOL(xfrm_unregister_type);
247
248 static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
249 {
250 struct xfrm_state_afinfo *afinfo;
251 const struct xfrm_type **typemap;
252 const struct xfrm_type *type;
253 int modload_attempted = 0;
254
255 retry:
256 afinfo = xfrm_state_get_afinfo(family);
257 if (unlikely(afinfo == NULL))
258 return NULL;
259 typemap = afinfo->type_map;
260
261 type = typemap[proto];
262 if (unlikely(type && !try_module_get(type->owner)))
263 type = NULL;
264 if (!type && !modload_attempted) {
265 xfrm_state_put_afinfo(afinfo);
266 request_module("xfrm-type-%d-%d", family, proto);
267 modload_attempted = 1;
268 goto retry;
269 }
270
271 xfrm_state_put_afinfo(afinfo);
272 return type;
273 }
274
275 static void xfrm_put_type(const struct xfrm_type *type)
276 {
277 module_put(type->owner);
278 }
279
280 int xfrm_register_mode(struct xfrm_mode *mode, int family)
281 {
282 struct xfrm_state_afinfo *afinfo;
283 struct xfrm_mode **modemap;
284 int err;
285
286 if (unlikely(mode->encap >= XFRM_MODE_MAX))
287 return -EINVAL;
288
289 afinfo = xfrm_state_lock_afinfo(family);
290 if (unlikely(afinfo == NULL))
291 return -EAFNOSUPPORT;
292
293 err = -EEXIST;
294 modemap = afinfo->mode_map;
295 if (modemap[mode->encap])
296 goto out;
297
298 err = -ENOENT;
299 if (!try_module_get(afinfo->owner))
300 goto out;
301
302 mode->afinfo = afinfo;
303 modemap[mode->encap] = mode;
304 err = 0;
305
306 out:
307 xfrm_state_unlock_afinfo(afinfo);
308 return err;
309 }
310 EXPORT_SYMBOL(xfrm_register_mode);
311
312 int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
313 {
314 struct xfrm_state_afinfo *afinfo;
315 struct xfrm_mode **modemap;
316 int err;
317
318 if (unlikely(mode->encap >= XFRM_MODE_MAX))
319 return -EINVAL;
320
321 afinfo = xfrm_state_lock_afinfo(family);
322 if (unlikely(afinfo == NULL))
323 return -EAFNOSUPPORT;
324
325 err = -ENOENT;
326 modemap = afinfo->mode_map;
327 if (likely(modemap[mode->encap] == mode)) {
328 modemap[mode->encap] = NULL;
329 module_put(mode->afinfo->owner);
330 err = 0;
331 }
332
333 xfrm_state_unlock_afinfo(afinfo);
334 return err;
335 }
336 EXPORT_SYMBOL(xfrm_unregister_mode);
337
338 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
339 {
340 struct xfrm_state_afinfo *afinfo;
341 struct xfrm_mode *mode;
342 int modload_attempted = 0;
343
344 if (unlikely(encap >= XFRM_MODE_MAX))
345 return NULL;
346
347 retry:
348 afinfo = xfrm_state_get_afinfo(family);
349 if (unlikely(afinfo == NULL))
350 return NULL;
351
352 mode = afinfo->mode_map[encap];
353 if (unlikely(mode && !try_module_get(mode->owner)))
354 mode = NULL;
355 if (!mode && !modload_attempted) {
356 xfrm_state_put_afinfo(afinfo);
357 request_module("xfrm-mode-%d-%d", family, encap);
358 modload_attempted = 1;
359 goto retry;
360 }
361
362 xfrm_state_put_afinfo(afinfo);
363 return mode;
364 }
365
366 static void xfrm_put_mode(struct xfrm_mode *mode)
367 {
368 module_put(mode->owner);
369 }
370
371 static void xfrm_state_gc_destroy(struct xfrm_state *x)
372 {
373 del_timer_sync(&x->timer);
374 del_timer_sync(&x->rtimer);
375 kfree(x->aalg);
376 kfree(x->ealg);
377 kfree(x->calg);
378 kfree(x->encap);
379 kfree(x->coaddr);
380 if (x->inner_mode)
381 xfrm_put_mode(x->inner_mode);
382 if (x->inner_mode_iaf)
383 xfrm_put_mode(x->inner_mode_iaf);
384 if (x->outer_mode)
385 xfrm_put_mode(x->outer_mode);
386 if (x->type) {
387 x->type->destructor(x);
388 xfrm_put_type(x->type);
389 }
390 security_xfrm_state_free(x);
391 kfree(x);
392 }
393
394 static void xfrm_state_gc_task(struct work_struct *data)
395 {
396 struct xfrm_state *x;
397 struct hlist_node *entry, *tmp;
398 struct hlist_head gc_list;
399
400 spin_lock_bh(&xfrm_state_gc_lock);
401 hlist_move_list(&xfrm_state_gc_list, &gc_list);
402 spin_unlock_bh(&xfrm_state_gc_lock);
403
404 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
405 xfrm_state_gc_destroy(x);
406
407 wake_up(&km_waitq);
408 }
409
410 static inline unsigned long make_jiffies(long secs)
411 {
412 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
413 return MAX_SCHEDULE_TIMEOUT-1;
414 else
415 return secs*HZ;
416 }
417
418 static void xfrm_timer_handler(unsigned long data)
419 {
420 struct xfrm_state *x = (struct xfrm_state*)data;
421 unsigned long now = get_seconds();
422 long next = LONG_MAX;
423 int warn = 0;
424 int err = 0;
425
426 spin_lock(&x->lock);
427 if (x->km.state == XFRM_STATE_DEAD)
428 goto out;
429 if (x->km.state == XFRM_STATE_EXPIRED)
430 goto expired;
431 if (x->lft.hard_add_expires_seconds) {
432 long tmo = x->lft.hard_add_expires_seconds +
433 x->curlft.add_time - now;
434 if (tmo <= 0)
435 goto expired;
436 if (tmo < next)
437 next = tmo;
438 }
439 if (x->lft.hard_use_expires_seconds) {
440 long tmo = x->lft.hard_use_expires_seconds +
441 (x->curlft.use_time ? : now) - now;
442 if (tmo <= 0)
443 goto expired;
444 if (tmo < next)
445 next = tmo;
446 }
447 if (x->km.dying)
448 goto resched;
449 if (x->lft.soft_add_expires_seconds) {
450 long tmo = x->lft.soft_add_expires_seconds +
451 x->curlft.add_time - now;
452 if (tmo <= 0)
453 warn = 1;
454 else if (tmo < next)
455 next = tmo;
456 }
457 if (x->lft.soft_use_expires_seconds) {
458 long tmo = x->lft.soft_use_expires_seconds +
459 (x->curlft.use_time ? : now) - now;
460 if (tmo <= 0)
461 warn = 1;
462 else if (tmo < next)
463 next = tmo;
464 }
465
466 x->km.dying = warn;
467 if (warn)
468 km_state_expired(x, 0, 0);
469 resched:
470 if (next != LONG_MAX)
471 mod_timer(&x->timer, jiffies + make_jiffies(next));
472
473 goto out;
474
475 expired:
476 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
477 x->km.state = XFRM_STATE_EXPIRED;
478 wake_up(&km_waitq);
479 next = 2;
480 goto resched;
481 }
482
483 err = __xfrm_state_delete(x);
484 if (!err && x->id.spi)
485 km_state_expired(x, 1, 0);
486
487 xfrm_audit_state_delete(x, err ? 0 : 1,
488 audit_get_loginuid(current),
489 audit_get_sessionid(current), 0);
490
491 out:
492 spin_unlock(&x->lock);
493 }
494
495 static void xfrm_replay_timer_handler(unsigned long data);
496
497 struct xfrm_state *xfrm_state_alloc(struct net *net)
498 {
499 struct xfrm_state *x;
500
501 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
502
503 if (x) {
504 write_pnet(&x->xs_net, net);
505 atomic_set(&x->refcnt, 1);
506 atomic_set(&x->tunnel_users, 0);
507 INIT_LIST_HEAD(&x->km.all);
508 INIT_HLIST_NODE(&x->bydst);
509 INIT_HLIST_NODE(&x->bysrc);
510 INIT_HLIST_NODE(&x->byspi);
511 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
512 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
513 (unsigned long)x);
514 x->curlft.add_time = get_seconds();
515 x->lft.soft_byte_limit = XFRM_INF;
516 x->lft.soft_packet_limit = XFRM_INF;
517 x->lft.hard_byte_limit = XFRM_INF;
518 x->lft.hard_packet_limit = XFRM_INF;
519 x->replay_maxage = 0;
520 x->replay_maxdiff = 0;
521 x->inner_mode = NULL;
522 x->inner_mode_iaf = NULL;
523 spin_lock_init(&x->lock);
524 }
525 return x;
526 }
527 EXPORT_SYMBOL(xfrm_state_alloc);
528
529 void __xfrm_state_destroy(struct xfrm_state *x)
530 {
531 WARN_ON(x->km.state != XFRM_STATE_DEAD);
532
533 spin_lock_bh(&xfrm_state_gc_lock);
534 hlist_add_head(&x->gclist, &xfrm_state_gc_list);
535 spin_unlock_bh(&xfrm_state_gc_lock);
536 schedule_work(&xfrm_state_gc_work);
537 }
538 EXPORT_SYMBOL(__xfrm_state_destroy);
539
540 int __xfrm_state_delete(struct xfrm_state *x)
541 {
542 int err = -ESRCH;
543
544 if (x->km.state != XFRM_STATE_DEAD) {
545 x->km.state = XFRM_STATE_DEAD;
546 spin_lock(&xfrm_state_lock);
547 list_del(&x->km.all);
548 hlist_del(&x->bydst);
549 hlist_del(&x->bysrc);
550 if (x->id.spi)
551 hlist_del(&x->byspi);
552 xfrm_state_num--;
553 spin_unlock(&xfrm_state_lock);
554
555 /* All xfrm_state objects are created by xfrm_state_alloc.
556 * The xfrm_state_alloc call gives a reference, and that
557 * is what we are dropping here.
558 */
559 xfrm_state_put(x);
560 err = 0;
561 }
562
563 return err;
564 }
565 EXPORT_SYMBOL(__xfrm_state_delete);
566
567 int xfrm_state_delete(struct xfrm_state *x)
568 {
569 int err;
570
571 spin_lock_bh(&x->lock);
572 err = __xfrm_state_delete(x);
573 spin_unlock_bh(&x->lock);
574
575 return err;
576 }
577 EXPORT_SYMBOL(xfrm_state_delete);
578
579 #ifdef CONFIG_SECURITY_NETWORK_XFRM
580 static inline int
581 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
582 {
583 int i, err = 0;
584
585 for (i = 0; i <= xfrm_state_hmask; i++) {
586 struct hlist_node *entry;
587 struct xfrm_state *x;
588
589 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
590 if (xfrm_id_proto_match(x->id.proto, proto) &&
591 (err = security_xfrm_state_delete(x)) != 0) {
592 xfrm_audit_state_delete(x, 0,
593 audit_info->loginuid,
594 audit_info->sessionid,
595 audit_info->secid);
596 return err;
597 }
598 }
599 }
600
601 return err;
602 }
603 #else
604 static inline int
605 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
606 {
607 return 0;
608 }
609 #endif
610
611 int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
612 {
613 int i, err = 0;
614
615 spin_lock_bh(&xfrm_state_lock);
616 err = xfrm_state_flush_secctx_check(proto, audit_info);
617 if (err)
618 goto out;
619
620 for (i = 0; i <= xfrm_state_hmask; i++) {
621 struct hlist_node *entry;
622 struct xfrm_state *x;
623 restart:
624 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
625 if (!xfrm_state_kern(x) &&
626 xfrm_id_proto_match(x->id.proto, proto)) {
627 xfrm_state_hold(x);
628 spin_unlock_bh(&xfrm_state_lock);
629
630 err = xfrm_state_delete(x);
631 xfrm_audit_state_delete(x, err ? 0 : 1,
632 audit_info->loginuid,
633 audit_info->sessionid,
634 audit_info->secid);
635 xfrm_state_put(x);
636
637 spin_lock_bh(&xfrm_state_lock);
638 goto restart;
639 }
640 }
641 }
642 err = 0;
643
644 out:
645 spin_unlock_bh(&xfrm_state_lock);
646 wake_up(&km_waitq);
647 return err;
648 }
649 EXPORT_SYMBOL(xfrm_state_flush);
650
651 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
652 {
653 spin_lock_bh(&xfrm_state_lock);
654 si->sadcnt = xfrm_state_num;
655 si->sadhcnt = xfrm_state_hmask;
656 si->sadhmcnt = xfrm_state_hashmax;
657 spin_unlock_bh(&xfrm_state_lock);
658 }
659 EXPORT_SYMBOL(xfrm_sad_getinfo);
660
661 static int
662 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
663 struct xfrm_tmpl *tmpl,
664 xfrm_address_t *daddr, xfrm_address_t *saddr,
665 unsigned short family)
666 {
667 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
668 if (!afinfo)
669 return -1;
670 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
671 xfrm_state_put_afinfo(afinfo);
672 return 0;
673 }
674
675 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
676 {
677 unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
678 struct xfrm_state *x;
679 struct hlist_node *entry;
680
681 hlist_for_each_entry(x, entry, init_net.xfrm.state_byspi+h, byspi) {
682 if (x->props.family != family ||
683 x->id.spi != spi ||
684 x->id.proto != proto)
685 continue;
686
687 switch (family) {
688 case AF_INET:
689 if (x->id.daddr.a4 != daddr->a4)
690 continue;
691 break;
692 case AF_INET6:
693 if (!ipv6_addr_equal((struct in6_addr *)daddr,
694 (struct in6_addr *)
695 x->id.daddr.a6))
696 continue;
697 break;
698 }
699
700 xfrm_state_hold(x);
701 return x;
702 }
703
704 return NULL;
705 }
706
707 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
708 {
709 unsigned int h = xfrm_src_hash(daddr, saddr, family);
710 struct xfrm_state *x;
711 struct hlist_node *entry;
712
713 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
714 if (x->props.family != family ||
715 x->id.proto != proto)
716 continue;
717
718 switch (family) {
719 case AF_INET:
720 if (x->id.daddr.a4 != daddr->a4 ||
721 x->props.saddr.a4 != saddr->a4)
722 continue;
723 break;
724 case AF_INET6:
725 if (!ipv6_addr_equal((struct in6_addr *)daddr,
726 (struct in6_addr *)
727 x->id.daddr.a6) ||
728 !ipv6_addr_equal((struct in6_addr *)saddr,
729 (struct in6_addr *)
730 x->props.saddr.a6))
731 continue;
732 break;
733 }
734
735 xfrm_state_hold(x);
736 return x;
737 }
738
739 return NULL;
740 }
741
742 static inline struct xfrm_state *
743 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
744 {
745 if (use_spi)
746 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
747 x->id.proto, family);
748 else
749 return __xfrm_state_lookup_byaddr(&x->id.daddr,
750 &x->props.saddr,
751 x->id.proto, family);
752 }
753
754 static void xfrm_hash_grow_check(int have_hash_collision)
755 {
756 if (have_hash_collision &&
757 (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
758 xfrm_state_num > xfrm_state_hmask)
759 schedule_work(&xfrm_hash_work);
760 }
761
762 struct xfrm_state *
763 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
764 struct flowi *fl, struct xfrm_tmpl *tmpl,
765 struct xfrm_policy *pol, int *err,
766 unsigned short family)
767 {
768 unsigned int h;
769 struct hlist_node *entry;
770 struct xfrm_state *x, *x0, *to_put;
771 int acquire_in_progress = 0;
772 int error = 0;
773 struct xfrm_state *best = NULL;
774
775 to_put = NULL;
776
777 spin_lock_bh(&xfrm_state_lock);
778 h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
779 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
780 if (x->props.family == family &&
781 x->props.reqid == tmpl->reqid &&
782 !(x->props.flags & XFRM_STATE_WILDRECV) &&
783 xfrm_state_addr_check(x, daddr, saddr, family) &&
784 tmpl->mode == x->props.mode &&
785 tmpl->id.proto == x->id.proto &&
786 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
787 /* Resolution logic:
788 1. There is a valid state with matching selector.
789 Done.
790 2. Valid state with inappropriate selector. Skip.
791
792 Entering area of "sysdeps".
793
794 3. If state is not valid, selector is temporary,
795 it selects only session which triggered
796 previous resolution. Key manager will do
797 something to install a state with proper
798 selector.
799 */
800 if (x->km.state == XFRM_STATE_VALID) {
801 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
802 !security_xfrm_state_pol_flow_match(x, pol, fl))
803 continue;
804 if (!best ||
805 best->km.dying > x->km.dying ||
806 (best->km.dying == x->km.dying &&
807 best->curlft.add_time < x->curlft.add_time))
808 best = x;
809 } else if (x->km.state == XFRM_STATE_ACQ) {
810 acquire_in_progress = 1;
811 } else if (x->km.state == XFRM_STATE_ERROR ||
812 x->km.state == XFRM_STATE_EXPIRED) {
813 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
814 security_xfrm_state_pol_flow_match(x, pol, fl))
815 error = -ESRCH;
816 }
817 }
818 }
819
820 x = best;
821 if (!x && !error && !acquire_in_progress) {
822 if (tmpl->id.spi &&
823 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
824 tmpl->id.proto, family)) != NULL) {
825 to_put = x0;
826 error = -EEXIST;
827 goto out;
828 }
829 x = xfrm_state_alloc(&init_net);
830 if (x == NULL) {
831 error = -ENOMEM;
832 goto out;
833 }
834 /* Initialize temporary selector matching only
835 * to current session. */
836 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
837
838 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
839 if (error) {
840 x->km.state = XFRM_STATE_DEAD;
841 to_put = x;
842 x = NULL;
843 goto out;
844 }
845
846 if (km_query(x, tmpl, pol) == 0) {
847 x->km.state = XFRM_STATE_ACQ;
848 list_add(&x->km.all, &init_net.xfrm.state_all);
849 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
850 h = xfrm_src_hash(daddr, saddr, family);
851 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
852 if (x->id.spi) {
853 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
854 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
855 }
856 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
857 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
858 add_timer(&x->timer);
859 xfrm_state_num++;
860 xfrm_hash_grow_check(x->bydst.next != NULL);
861 } else {
862 x->km.state = XFRM_STATE_DEAD;
863 to_put = x;
864 x = NULL;
865 error = -ESRCH;
866 }
867 }
868 out:
869 if (x)
870 xfrm_state_hold(x);
871 else
872 *err = acquire_in_progress ? -EAGAIN : error;
873 spin_unlock_bh(&xfrm_state_lock);
874 if (to_put)
875 xfrm_state_put(to_put);
876 return x;
877 }
878
879 struct xfrm_state *
880 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
881 unsigned short family, u8 mode, u8 proto, u32 reqid)
882 {
883 unsigned int h;
884 struct xfrm_state *rx = NULL, *x = NULL;
885 struct hlist_node *entry;
886
887 spin_lock(&xfrm_state_lock);
888 h = xfrm_dst_hash(daddr, saddr, reqid, family);
889 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
890 if (x->props.family == family &&
891 x->props.reqid == reqid &&
892 !(x->props.flags & XFRM_STATE_WILDRECV) &&
893 xfrm_state_addr_check(x, daddr, saddr, family) &&
894 mode == x->props.mode &&
895 proto == x->id.proto &&
896 x->km.state == XFRM_STATE_VALID) {
897 rx = x;
898 break;
899 }
900 }
901
902 if (rx)
903 xfrm_state_hold(rx);
904 spin_unlock(&xfrm_state_lock);
905
906
907 return rx;
908 }
909 EXPORT_SYMBOL(xfrm_stateonly_find);
910
911 static void __xfrm_state_insert(struct xfrm_state *x)
912 {
913 unsigned int h;
914
915 x->genid = ++xfrm_state_genid;
916
917 list_add(&x->km.all, &init_net.xfrm.state_all);
918
919 h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
920 x->props.reqid, x->props.family);
921 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
922
923 h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
924 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
925
926 if (x->id.spi) {
927 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
928 x->props.family);
929
930 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
931 }
932
933 mod_timer(&x->timer, jiffies + HZ);
934 if (x->replay_maxage)
935 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
936
937 wake_up(&km_waitq);
938
939 xfrm_state_num++;
940
941 xfrm_hash_grow_check(x->bydst.next != NULL);
942 }
943
944 /* xfrm_state_lock is held */
945 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
946 {
947 unsigned short family = xnew->props.family;
948 u32 reqid = xnew->props.reqid;
949 struct xfrm_state *x;
950 struct hlist_node *entry;
951 unsigned int h;
952
953 h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
954 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
955 if (x->props.family == family &&
956 x->props.reqid == reqid &&
957 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
958 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
959 x->genid = xfrm_state_genid;
960 }
961 }
962
963 void xfrm_state_insert(struct xfrm_state *x)
964 {
965 spin_lock_bh(&xfrm_state_lock);
966 __xfrm_state_bump_genids(x);
967 __xfrm_state_insert(x);
968 spin_unlock_bh(&xfrm_state_lock);
969 }
970 EXPORT_SYMBOL(xfrm_state_insert);
971
972 /* xfrm_state_lock is held */
973 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
974 {
975 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
976 struct hlist_node *entry;
977 struct xfrm_state *x;
978
979 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
980 if (x->props.reqid != reqid ||
981 x->props.mode != mode ||
982 x->props.family != family ||
983 x->km.state != XFRM_STATE_ACQ ||
984 x->id.spi != 0 ||
985 x->id.proto != proto)
986 continue;
987
988 switch (family) {
989 case AF_INET:
990 if (x->id.daddr.a4 != daddr->a4 ||
991 x->props.saddr.a4 != saddr->a4)
992 continue;
993 break;
994 case AF_INET6:
995 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
996 (struct in6_addr *)daddr) ||
997 !ipv6_addr_equal((struct in6_addr *)
998 x->props.saddr.a6,
999 (struct in6_addr *)saddr))
1000 continue;
1001 break;
1002 }
1003
1004 xfrm_state_hold(x);
1005 return x;
1006 }
1007
1008 if (!create)
1009 return NULL;
1010
1011 x = xfrm_state_alloc(&init_net);
1012 if (likely(x)) {
1013 switch (family) {
1014 case AF_INET:
1015 x->sel.daddr.a4 = daddr->a4;
1016 x->sel.saddr.a4 = saddr->a4;
1017 x->sel.prefixlen_d = 32;
1018 x->sel.prefixlen_s = 32;
1019 x->props.saddr.a4 = saddr->a4;
1020 x->id.daddr.a4 = daddr->a4;
1021 break;
1022
1023 case AF_INET6:
1024 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1025 (struct in6_addr *)daddr);
1026 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1027 (struct in6_addr *)saddr);
1028 x->sel.prefixlen_d = 128;
1029 x->sel.prefixlen_s = 128;
1030 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1031 (struct in6_addr *)saddr);
1032 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1033 (struct in6_addr *)daddr);
1034 break;
1035 }
1036
1037 x->km.state = XFRM_STATE_ACQ;
1038 x->id.proto = proto;
1039 x->props.family = family;
1040 x->props.mode = mode;
1041 x->props.reqid = reqid;
1042 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
1043 xfrm_state_hold(x);
1044 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1045 add_timer(&x->timer);
1046 list_add(&x->km.all, &init_net.xfrm.state_all);
1047 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
1048 h = xfrm_src_hash(daddr, saddr, family);
1049 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1050
1051 xfrm_state_num++;
1052
1053 xfrm_hash_grow_check(x->bydst.next != NULL);
1054 }
1055
1056 return x;
1057 }
1058
1059 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1060
1061 int xfrm_state_add(struct xfrm_state *x)
1062 {
1063 struct xfrm_state *x1, *to_put;
1064 int family;
1065 int err;
1066 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1067
1068 family = x->props.family;
1069
1070 to_put = NULL;
1071
1072 spin_lock_bh(&xfrm_state_lock);
1073
1074 x1 = __xfrm_state_locate(x, use_spi, family);
1075 if (x1) {
1076 to_put = x1;
1077 x1 = NULL;
1078 err = -EEXIST;
1079 goto out;
1080 }
1081
1082 if (use_spi && x->km.seq) {
1083 x1 = __xfrm_find_acq_byseq(x->km.seq);
1084 if (x1 && ((x1->id.proto != x->id.proto) ||
1085 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1086 to_put = x1;
1087 x1 = NULL;
1088 }
1089 }
1090
1091 if (use_spi && !x1)
1092 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1093 x->id.proto,
1094 &x->id.daddr, &x->props.saddr, 0);
1095
1096 __xfrm_state_bump_genids(x);
1097 __xfrm_state_insert(x);
1098 err = 0;
1099
1100 out:
1101 spin_unlock_bh(&xfrm_state_lock);
1102
1103 if (x1) {
1104 xfrm_state_delete(x1);
1105 xfrm_state_put(x1);
1106 }
1107
1108 if (to_put)
1109 xfrm_state_put(to_put);
1110
1111 return err;
1112 }
1113 EXPORT_SYMBOL(xfrm_state_add);
1114
1115 #ifdef CONFIG_XFRM_MIGRATE
1116 static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1117 {
1118 int err = -ENOMEM;
1119 struct xfrm_state *x = xfrm_state_alloc(&init_net);
1120 if (!x)
1121 goto error;
1122
1123 memcpy(&x->id, &orig->id, sizeof(x->id));
1124 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1125 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1126 x->props.mode = orig->props.mode;
1127 x->props.replay_window = orig->props.replay_window;
1128 x->props.reqid = orig->props.reqid;
1129 x->props.family = orig->props.family;
1130 x->props.saddr = orig->props.saddr;
1131
1132 if (orig->aalg) {
1133 x->aalg = xfrm_algo_clone(orig->aalg);
1134 if (!x->aalg)
1135 goto error;
1136 }
1137 x->props.aalgo = orig->props.aalgo;
1138
1139 if (orig->ealg) {
1140 x->ealg = xfrm_algo_clone(orig->ealg);
1141 if (!x->ealg)
1142 goto error;
1143 }
1144 x->props.ealgo = orig->props.ealgo;
1145
1146 if (orig->calg) {
1147 x->calg = xfrm_algo_clone(orig->calg);
1148 if (!x->calg)
1149 goto error;
1150 }
1151 x->props.calgo = orig->props.calgo;
1152
1153 if (orig->encap) {
1154 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1155 if (!x->encap)
1156 goto error;
1157 }
1158
1159 if (orig->coaddr) {
1160 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1161 GFP_KERNEL);
1162 if (!x->coaddr)
1163 goto error;
1164 }
1165
1166 err = xfrm_init_state(x);
1167 if (err)
1168 goto error;
1169
1170 x->props.flags = orig->props.flags;
1171
1172 x->curlft.add_time = orig->curlft.add_time;
1173 x->km.state = orig->km.state;
1174 x->km.seq = orig->km.seq;
1175
1176 return x;
1177
1178 error:
1179 if (errp)
1180 *errp = err;
1181 if (x) {
1182 kfree(x->aalg);
1183 kfree(x->ealg);
1184 kfree(x->calg);
1185 kfree(x->encap);
1186 kfree(x->coaddr);
1187 }
1188 kfree(x);
1189 return NULL;
1190 }
1191
1192 /* xfrm_state_lock is held */
1193 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1194 {
1195 unsigned int h;
1196 struct xfrm_state *x;
1197 struct hlist_node *entry;
1198
1199 if (m->reqid) {
1200 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1201 m->reqid, m->old_family);
1202 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
1203 if (x->props.mode != m->mode ||
1204 x->id.proto != m->proto)
1205 continue;
1206 if (m->reqid && x->props.reqid != m->reqid)
1207 continue;
1208 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1209 m->old_family) ||
1210 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1211 m->old_family))
1212 continue;
1213 xfrm_state_hold(x);
1214 return x;
1215 }
1216 } else {
1217 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1218 m->old_family);
1219 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
1220 if (x->props.mode != m->mode ||
1221 x->id.proto != m->proto)
1222 continue;
1223 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1224 m->old_family) ||
1225 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1226 m->old_family))
1227 continue;
1228 xfrm_state_hold(x);
1229 return x;
1230 }
1231 }
1232
1233 return NULL;
1234 }
1235 EXPORT_SYMBOL(xfrm_migrate_state_find);
1236
1237 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1238 struct xfrm_migrate *m)
1239 {
1240 struct xfrm_state *xc;
1241 int err;
1242
1243 xc = xfrm_state_clone(x, &err);
1244 if (!xc)
1245 return NULL;
1246
1247 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1248 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1249
1250 /* add state */
1251 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1252 /* a care is needed when the destination address of the
1253 state is to be updated as it is a part of triplet */
1254 xfrm_state_insert(xc);
1255 } else {
1256 if ((err = xfrm_state_add(xc)) < 0)
1257 goto error;
1258 }
1259
1260 return xc;
1261 error:
1262 kfree(xc);
1263 return NULL;
1264 }
1265 EXPORT_SYMBOL(xfrm_state_migrate);
1266 #endif
1267
1268 int xfrm_state_update(struct xfrm_state *x)
1269 {
1270 struct xfrm_state *x1, *to_put;
1271 int err;
1272 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1273
1274 to_put = NULL;
1275
1276 spin_lock_bh(&xfrm_state_lock);
1277 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1278
1279 err = -ESRCH;
1280 if (!x1)
1281 goto out;
1282
1283 if (xfrm_state_kern(x1)) {
1284 to_put = x1;
1285 err = -EEXIST;
1286 goto out;
1287 }
1288
1289 if (x1->km.state == XFRM_STATE_ACQ) {
1290 __xfrm_state_insert(x);
1291 x = NULL;
1292 }
1293 err = 0;
1294
1295 out:
1296 spin_unlock_bh(&xfrm_state_lock);
1297
1298 if (to_put)
1299 xfrm_state_put(to_put);
1300
1301 if (err)
1302 return err;
1303
1304 if (!x) {
1305 xfrm_state_delete(x1);
1306 xfrm_state_put(x1);
1307 return 0;
1308 }
1309
1310 err = -EINVAL;
1311 spin_lock_bh(&x1->lock);
1312 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1313 if (x->encap && x1->encap)
1314 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1315 if (x->coaddr && x1->coaddr) {
1316 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1317 }
1318 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1319 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1320 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1321 x1->km.dying = 0;
1322
1323 mod_timer(&x1->timer, jiffies + HZ);
1324 if (x1->curlft.use_time)
1325 xfrm_state_check_expire(x1);
1326
1327 err = 0;
1328 }
1329 spin_unlock_bh(&x1->lock);
1330
1331 xfrm_state_put(x1);
1332
1333 return err;
1334 }
1335 EXPORT_SYMBOL(xfrm_state_update);
1336
1337 int xfrm_state_check_expire(struct xfrm_state *x)
1338 {
1339 if (!x->curlft.use_time)
1340 x->curlft.use_time = get_seconds();
1341
1342 if (x->km.state != XFRM_STATE_VALID)
1343 return -EINVAL;
1344
1345 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1346 x->curlft.packets >= x->lft.hard_packet_limit) {
1347 x->km.state = XFRM_STATE_EXPIRED;
1348 mod_timer(&x->timer, jiffies);
1349 return -EINVAL;
1350 }
1351
1352 if (!x->km.dying &&
1353 (x->curlft.bytes >= x->lft.soft_byte_limit ||
1354 x->curlft.packets >= x->lft.soft_packet_limit)) {
1355 x->km.dying = 1;
1356 km_state_expired(x, 0, 0);
1357 }
1358 return 0;
1359 }
1360 EXPORT_SYMBOL(xfrm_state_check_expire);
1361
1362 struct xfrm_state *
1363 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1364 unsigned short family)
1365 {
1366 struct xfrm_state *x;
1367
1368 spin_lock_bh(&xfrm_state_lock);
1369 x = __xfrm_state_lookup(daddr, spi, proto, family);
1370 spin_unlock_bh(&xfrm_state_lock);
1371 return x;
1372 }
1373 EXPORT_SYMBOL(xfrm_state_lookup);
1374
1375 struct xfrm_state *
1376 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1377 u8 proto, unsigned short family)
1378 {
1379 struct xfrm_state *x;
1380
1381 spin_lock_bh(&xfrm_state_lock);
1382 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
1383 spin_unlock_bh(&xfrm_state_lock);
1384 return x;
1385 }
1386 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1387
1388 struct xfrm_state *
1389 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1390 xfrm_address_t *daddr, xfrm_address_t *saddr,
1391 int create, unsigned short family)
1392 {
1393 struct xfrm_state *x;
1394
1395 spin_lock_bh(&xfrm_state_lock);
1396 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1397 spin_unlock_bh(&xfrm_state_lock);
1398
1399 return x;
1400 }
1401 EXPORT_SYMBOL(xfrm_find_acq);
1402
1403 #ifdef CONFIG_XFRM_SUB_POLICY
1404 int
1405 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1406 unsigned short family)
1407 {
1408 int err = 0;
1409 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1410 if (!afinfo)
1411 return -EAFNOSUPPORT;
1412
1413 spin_lock_bh(&xfrm_state_lock);
1414 if (afinfo->tmpl_sort)
1415 err = afinfo->tmpl_sort(dst, src, n);
1416 spin_unlock_bh(&xfrm_state_lock);
1417 xfrm_state_put_afinfo(afinfo);
1418 return err;
1419 }
1420 EXPORT_SYMBOL(xfrm_tmpl_sort);
1421
1422 int
1423 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1424 unsigned short family)
1425 {
1426 int err = 0;
1427 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1428 if (!afinfo)
1429 return -EAFNOSUPPORT;
1430
1431 spin_lock_bh(&xfrm_state_lock);
1432 if (afinfo->state_sort)
1433 err = afinfo->state_sort(dst, src, n);
1434 spin_unlock_bh(&xfrm_state_lock);
1435 xfrm_state_put_afinfo(afinfo);
1436 return err;
1437 }
1438 EXPORT_SYMBOL(xfrm_state_sort);
1439 #endif
1440
1441 /* Silly enough, but I'm lazy to build resolution list */
1442
1443 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1444 {
1445 int i;
1446
1447 for (i = 0; i <= xfrm_state_hmask; i++) {
1448 struct hlist_node *entry;
1449 struct xfrm_state *x;
1450
1451 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
1452 if (x->km.seq == seq &&
1453 x->km.state == XFRM_STATE_ACQ) {
1454 xfrm_state_hold(x);
1455 return x;
1456 }
1457 }
1458 }
1459 return NULL;
1460 }
1461
1462 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1463 {
1464 struct xfrm_state *x;
1465
1466 spin_lock_bh(&xfrm_state_lock);
1467 x = __xfrm_find_acq_byseq(seq);
1468 spin_unlock_bh(&xfrm_state_lock);
1469 return x;
1470 }
1471 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1472
1473 u32 xfrm_get_acqseq(void)
1474 {
1475 u32 res;
1476 static u32 acqseq;
1477 static DEFINE_SPINLOCK(acqseq_lock);
1478
1479 spin_lock_bh(&acqseq_lock);
1480 res = (++acqseq ? : ++acqseq);
1481 spin_unlock_bh(&acqseq_lock);
1482 return res;
1483 }
1484 EXPORT_SYMBOL(xfrm_get_acqseq);
1485
1486 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1487 {
1488 unsigned int h;
1489 struct xfrm_state *x0;
1490 int err = -ENOENT;
1491 __be32 minspi = htonl(low);
1492 __be32 maxspi = htonl(high);
1493
1494 spin_lock_bh(&x->lock);
1495 if (x->km.state == XFRM_STATE_DEAD)
1496 goto unlock;
1497
1498 err = 0;
1499 if (x->id.spi)
1500 goto unlock;
1501
1502 err = -ENOENT;
1503
1504 if (minspi == maxspi) {
1505 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1506 if (x0) {
1507 xfrm_state_put(x0);
1508 goto unlock;
1509 }
1510 x->id.spi = minspi;
1511 } else {
1512 u32 spi = 0;
1513 for (h=0; h<high-low+1; h++) {
1514 spi = low + net_random()%(high-low+1);
1515 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1516 if (x0 == NULL) {
1517 x->id.spi = htonl(spi);
1518 break;
1519 }
1520 xfrm_state_put(x0);
1521 }
1522 }
1523 if (x->id.spi) {
1524 spin_lock_bh(&xfrm_state_lock);
1525 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1526 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1527 spin_unlock_bh(&xfrm_state_lock);
1528
1529 err = 0;
1530 }
1531
1532 unlock:
1533 spin_unlock_bh(&x->lock);
1534
1535 return err;
1536 }
1537 EXPORT_SYMBOL(xfrm_alloc_spi);
1538
1539 int xfrm_state_walk(struct xfrm_state_walk *walk,
1540 int (*func)(struct xfrm_state *, int, void*),
1541 void *data)
1542 {
1543 struct xfrm_state *state;
1544 struct xfrm_state_walk *x;
1545 int err = 0;
1546
1547 if (walk->seq != 0 && list_empty(&walk->all))
1548 return 0;
1549
1550 spin_lock_bh(&xfrm_state_lock);
1551 if (list_empty(&walk->all))
1552 x = list_first_entry(&init_net.xfrm.state_all, struct xfrm_state_walk, all);
1553 else
1554 x = list_entry(&walk->all, struct xfrm_state_walk, all);
1555 list_for_each_entry_from(x, &init_net.xfrm.state_all, all) {
1556 if (x->state == XFRM_STATE_DEAD)
1557 continue;
1558 state = container_of(x, struct xfrm_state, km);
1559 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
1560 continue;
1561 err = func(state, walk->seq, data);
1562 if (err) {
1563 list_move_tail(&walk->all, &x->all);
1564 goto out;
1565 }
1566 walk->seq++;
1567 }
1568 if (walk->seq == 0) {
1569 err = -ENOENT;
1570 goto out;
1571 }
1572 list_del_init(&walk->all);
1573 out:
1574 spin_unlock_bh(&xfrm_state_lock);
1575 return err;
1576 }
1577 EXPORT_SYMBOL(xfrm_state_walk);
1578
1579 void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1580 {
1581 INIT_LIST_HEAD(&walk->all);
1582 walk->proto = proto;
1583 walk->state = XFRM_STATE_DEAD;
1584 walk->seq = 0;
1585 }
1586 EXPORT_SYMBOL(xfrm_state_walk_init);
1587
1588 void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1589 {
1590 if (list_empty(&walk->all))
1591 return;
1592
1593 spin_lock_bh(&xfrm_state_lock);
1594 list_del(&walk->all);
1595 spin_lock_bh(&xfrm_state_lock);
1596 }
1597 EXPORT_SYMBOL(xfrm_state_walk_done);
1598
1599
1600 void xfrm_replay_notify(struct xfrm_state *x, int event)
1601 {
1602 struct km_event c;
1603 /* we send notify messages in case
1604 * 1. we updated on of the sequence numbers, and the seqno difference
1605 * is at least x->replay_maxdiff, in this case we also update the
1606 * timeout of our timer function
1607 * 2. if x->replay_maxage has elapsed since last update,
1608 * and there were changes
1609 *
1610 * The state structure must be locked!
1611 */
1612
1613 switch (event) {
1614 case XFRM_REPLAY_UPDATE:
1615 if (x->replay_maxdiff &&
1616 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1617 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1618 if (x->xflags & XFRM_TIME_DEFER)
1619 event = XFRM_REPLAY_TIMEOUT;
1620 else
1621 return;
1622 }
1623
1624 break;
1625
1626 case XFRM_REPLAY_TIMEOUT:
1627 if ((x->replay.seq == x->preplay.seq) &&
1628 (x->replay.bitmap == x->preplay.bitmap) &&
1629 (x->replay.oseq == x->preplay.oseq)) {
1630 x->xflags |= XFRM_TIME_DEFER;
1631 return;
1632 }
1633
1634 break;
1635 }
1636
1637 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1638 c.event = XFRM_MSG_NEWAE;
1639 c.data.aevent = event;
1640 km_state_notify(x, &c);
1641
1642 if (x->replay_maxage &&
1643 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1644 x->xflags &= ~XFRM_TIME_DEFER;
1645 }
1646
1647 static void xfrm_replay_timer_handler(unsigned long data)
1648 {
1649 struct xfrm_state *x = (struct xfrm_state*)data;
1650
1651 spin_lock(&x->lock);
1652
1653 if (x->km.state == XFRM_STATE_VALID) {
1654 if (xfrm_aevent_is_on())
1655 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1656 else
1657 x->xflags |= XFRM_TIME_DEFER;
1658 }
1659
1660 spin_unlock(&x->lock);
1661 }
1662
1663 int xfrm_replay_check(struct xfrm_state *x,
1664 struct sk_buff *skb, __be32 net_seq)
1665 {
1666 u32 diff;
1667 u32 seq = ntohl(net_seq);
1668
1669 if (unlikely(seq == 0))
1670 goto err;
1671
1672 if (likely(seq > x->replay.seq))
1673 return 0;
1674
1675 diff = x->replay.seq - seq;
1676 if (diff >= min_t(unsigned int, x->props.replay_window,
1677 sizeof(x->replay.bitmap) * 8)) {
1678 x->stats.replay_window++;
1679 goto err;
1680 }
1681
1682 if (x->replay.bitmap & (1U << diff)) {
1683 x->stats.replay++;
1684 goto err;
1685 }
1686 return 0;
1687
1688 err:
1689 xfrm_audit_state_replay(x, skb, net_seq);
1690 return -EINVAL;
1691 }
1692
1693 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1694 {
1695 u32 diff;
1696 u32 seq = ntohl(net_seq);
1697
1698 if (seq > x->replay.seq) {
1699 diff = seq - x->replay.seq;
1700 if (diff < x->props.replay_window)
1701 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1702 else
1703 x->replay.bitmap = 1;
1704 x->replay.seq = seq;
1705 } else {
1706 diff = x->replay.seq - seq;
1707 x->replay.bitmap |= (1U << diff);
1708 }
1709
1710 if (xfrm_aevent_is_on())
1711 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1712 }
1713
1714 static LIST_HEAD(xfrm_km_list);
1715 static DEFINE_RWLOCK(xfrm_km_lock);
1716
1717 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1718 {
1719 struct xfrm_mgr *km;
1720
1721 read_lock(&xfrm_km_lock);
1722 list_for_each_entry(km, &xfrm_km_list, list)
1723 if (km->notify_policy)
1724 km->notify_policy(xp, dir, c);
1725 read_unlock(&xfrm_km_lock);
1726 }
1727
1728 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1729 {
1730 struct xfrm_mgr *km;
1731 read_lock(&xfrm_km_lock);
1732 list_for_each_entry(km, &xfrm_km_list, list)
1733 if (km->notify)
1734 km->notify(x, c);
1735 read_unlock(&xfrm_km_lock);
1736 }
1737
1738 EXPORT_SYMBOL(km_policy_notify);
1739 EXPORT_SYMBOL(km_state_notify);
1740
1741 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1742 {
1743 struct km_event c;
1744
1745 c.data.hard = hard;
1746 c.pid = pid;
1747 c.event = XFRM_MSG_EXPIRE;
1748 km_state_notify(x, &c);
1749
1750 if (hard)
1751 wake_up(&km_waitq);
1752 }
1753
1754 EXPORT_SYMBOL(km_state_expired);
1755 /*
1756 * We send to all registered managers regardless of failure
1757 * We are happy with one success
1758 */
1759 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1760 {
1761 int err = -EINVAL, acqret;
1762 struct xfrm_mgr *km;
1763
1764 read_lock(&xfrm_km_lock);
1765 list_for_each_entry(km, &xfrm_km_list, list) {
1766 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1767 if (!acqret)
1768 err = acqret;
1769 }
1770 read_unlock(&xfrm_km_lock);
1771 return err;
1772 }
1773 EXPORT_SYMBOL(km_query);
1774
1775 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1776 {
1777 int err = -EINVAL;
1778 struct xfrm_mgr *km;
1779
1780 read_lock(&xfrm_km_lock);
1781 list_for_each_entry(km, &xfrm_km_list, list) {
1782 if (km->new_mapping)
1783 err = km->new_mapping(x, ipaddr, sport);
1784 if (!err)
1785 break;
1786 }
1787 read_unlock(&xfrm_km_lock);
1788 return err;
1789 }
1790 EXPORT_SYMBOL(km_new_mapping);
1791
1792 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1793 {
1794 struct km_event c;
1795
1796 c.data.hard = hard;
1797 c.pid = pid;
1798 c.event = XFRM_MSG_POLEXPIRE;
1799 km_policy_notify(pol, dir, &c);
1800
1801 if (hard)
1802 wake_up(&km_waitq);
1803 }
1804 EXPORT_SYMBOL(km_policy_expired);
1805
1806 #ifdef CONFIG_XFRM_MIGRATE
1807 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1808 struct xfrm_migrate *m, int num_migrate,
1809 struct xfrm_kmaddress *k)
1810 {
1811 int err = -EINVAL;
1812 int ret;
1813 struct xfrm_mgr *km;
1814
1815 read_lock(&xfrm_km_lock);
1816 list_for_each_entry(km, &xfrm_km_list, list) {
1817 if (km->migrate) {
1818 ret = km->migrate(sel, dir, type, m, num_migrate, k);
1819 if (!ret)
1820 err = ret;
1821 }
1822 }
1823 read_unlock(&xfrm_km_lock);
1824 return err;
1825 }
1826 EXPORT_SYMBOL(km_migrate);
1827 #endif
1828
1829 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1830 {
1831 int err = -EINVAL;
1832 int ret;
1833 struct xfrm_mgr *km;
1834
1835 read_lock(&xfrm_km_lock);
1836 list_for_each_entry(km, &xfrm_km_list, list) {
1837 if (km->report) {
1838 ret = km->report(proto, sel, addr);
1839 if (!ret)
1840 err = ret;
1841 }
1842 }
1843 read_unlock(&xfrm_km_lock);
1844 return err;
1845 }
1846 EXPORT_SYMBOL(km_report);
1847
1848 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1849 {
1850 int err;
1851 u8 *data;
1852 struct xfrm_mgr *km;
1853 struct xfrm_policy *pol = NULL;
1854
1855 if (optlen <= 0 || optlen > PAGE_SIZE)
1856 return -EMSGSIZE;
1857
1858 data = kmalloc(optlen, GFP_KERNEL);
1859 if (!data)
1860 return -ENOMEM;
1861
1862 err = -EFAULT;
1863 if (copy_from_user(data, optval, optlen))
1864 goto out;
1865
1866 err = -EINVAL;
1867 read_lock(&xfrm_km_lock);
1868 list_for_each_entry(km, &xfrm_km_list, list) {
1869 pol = km->compile_policy(sk, optname, data,
1870 optlen, &err);
1871 if (err >= 0)
1872 break;
1873 }
1874 read_unlock(&xfrm_km_lock);
1875
1876 if (err >= 0) {
1877 xfrm_sk_policy_insert(sk, err, pol);
1878 xfrm_pol_put(pol);
1879 err = 0;
1880 }
1881
1882 out:
1883 kfree(data);
1884 return err;
1885 }
1886 EXPORT_SYMBOL(xfrm_user_policy);
1887
1888 int xfrm_register_km(struct xfrm_mgr *km)
1889 {
1890 write_lock_bh(&xfrm_km_lock);
1891 list_add_tail(&km->list, &xfrm_km_list);
1892 write_unlock_bh(&xfrm_km_lock);
1893 return 0;
1894 }
1895 EXPORT_SYMBOL(xfrm_register_km);
1896
1897 int xfrm_unregister_km(struct xfrm_mgr *km)
1898 {
1899 write_lock_bh(&xfrm_km_lock);
1900 list_del(&km->list);
1901 write_unlock_bh(&xfrm_km_lock);
1902 return 0;
1903 }
1904 EXPORT_SYMBOL(xfrm_unregister_km);
1905
1906 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1907 {
1908 int err = 0;
1909 if (unlikely(afinfo == NULL))
1910 return -EINVAL;
1911 if (unlikely(afinfo->family >= NPROTO))
1912 return -EAFNOSUPPORT;
1913 write_lock_bh(&xfrm_state_afinfo_lock);
1914 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1915 err = -ENOBUFS;
1916 else
1917 xfrm_state_afinfo[afinfo->family] = afinfo;
1918 write_unlock_bh(&xfrm_state_afinfo_lock);
1919 return err;
1920 }
1921 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1922
1923 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1924 {
1925 int err = 0;
1926 if (unlikely(afinfo == NULL))
1927 return -EINVAL;
1928 if (unlikely(afinfo->family >= NPROTO))
1929 return -EAFNOSUPPORT;
1930 write_lock_bh(&xfrm_state_afinfo_lock);
1931 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1932 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1933 err = -EINVAL;
1934 else
1935 xfrm_state_afinfo[afinfo->family] = NULL;
1936 }
1937 write_unlock_bh(&xfrm_state_afinfo_lock);
1938 return err;
1939 }
1940 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1941
1942 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1943 {
1944 struct xfrm_state_afinfo *afinfo;
1945 if (unlikely(family >= NPROTO))
1946 return NULL;
1947 read_lock(&xfrm_state_afinfo_lock);
1948 afinfo = xfrm_state_afinfo[family];
1949 if (unlikely(!afinfo))
1950 read_unlock(&xfrm_state_afinfo_lock);
1951 return afinfo;
1952 }
1953
1954 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1955 __releases(xfrm_state_afinfo_lock)
1956 {
1957 read_unlock(&xfrm_state_afinfo_lock);
1958 }
1959
1960 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1961 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1962 {
1963 if (x->tunnel) {
1964 struct xfrm_state *t = x->tunnel;
1965
1966 if (atomic_read(&t->tunnel_users) == 2)
1967 xfrm_state_delete(t);
1968 atomic_dec(&t->tunnel_users);
1969 xfrm_state_put(t);
1970 x->tunnel = NULL;
1971 }
1972 }
1973 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1974
1975 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1976 {
1977 int res;
1978
1979 spin_lock_bh(&x->lock);
1980 if (x->km.state == XFRM_STATE_VALID &&
1981 x->type && x->type->get_mtu)
1982 res = x->type->get_mtu(x, mtu);
1983 else
1984 res = mtu - x->props.header_len;
1985 spin_unlock_bh(&x->lock);
1986 return res;
1987 }
1988
1989 int xfrm_init_state(struct xfrm_state *x)
1990 {
1991 struct xfrm_state_afinfo *afinfo;
1992 struct xfrm_mode *inner_mode;
1993 int family = x->props.family;
1994 int err;
1995
1996 err = -EAFNOSUPPORT;
1997 afinfo = xfrm_state_get_afinfo(family);
1998 if (!afinfo)
1999 goto error;
2000
2001 err = 0;
2002 if (afinfo->init_flags)
2003 err = afinfo->init_flags(x);
2004
2005 xfrm_state_put_afinfo(afinfo);
2006
2007 if (err)
2008 goto error;
2009
2010 err = -EPROTONOSUPPORT;
2011
2012 if (x->sel.family != AF_UNSPEC) {
2013 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2014 if (inner_mode == NULL)
2015 goto error;
2016
2017 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2018 family != x->sel.family) {
2019 xfrm_put_mode(inner_mode);
2020 goto error;
2021 }
2022
2023 x->inner_mode = inner_mode;
2024 } else {
2025 struct xfrm_mode *inner_mode_iaf;
2026
2027 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2028 if (inner_mode == NULL)
2029 goto error;
2030
2031 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2032 xfrm_put_mode(inner_mode);
2033 goto error;
2034 }
2035
2036 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2037 if (inner_mode_iaf == NULL)
2038 goto error;
2039
2040 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2041 xfrm_put_mode(inner_mode_iaf);
2042 goto error;
2043 }
2044
2045 if (x->props.family == AF_INET) {
2046 x->inner_mode = inner_mode;
2047 x->inner_mode_iaf = inner_mode_iaf;
2048 } else {
2049 x->inner_mode = inner_mode_iaf;
2050 x->inner_mode_iaf = inner_mode;
2051 }
2052 }
2053
2054 x->type = xfrm_get_type(x->id.proto, family);
2055 if (x->type == NULL)
2056 goto error;
2057
2058 err = x->type->init_state(x);
2059 if (err)
2060 goto error;
2061
2062 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2063 if (x->outer_mode == NULL)
2064 goto error;
2065
2066 x->km.state = XFRM_STATE_VALID;
2067
2068 error:
2069 return err;
2070 }
2071
2072 EXPORT_SYMBOL(xfrm_init_state);
2073
2074 int __net_init xfrm_state_init(struct net *net)
2075 {
2076 unsigned int sz;
2077
2078 INIT_LIST_HEAD(&net->xfrm.state_all);
2079
2080 sz = sizeof(struct hlist_head) * 8;
2081
2082 net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2083 if (!net->xfrm.state_bydst)
2084 goto out_bydst;
2085 net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2086 if (!net->xfrm.state_bysrc)
2087 goto out_bysrc;
2088 net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2089 if (!net->xfrm.state_byspi)
2090 goto out_byspi;
2091 xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2092
2093 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
2094 return 0;
2095
2096 out_byspi:
2097 xfrm_hash_free(net->xfrm.state_bysrc, sz);
2098 out_bysrc:
2099 xfrm_hash_free(net->xfrm.state_bydst, sz);
2100 out_bydst:
2101 return -ENOMEM;
2102 }
2103
2104 void xfrm_state_fini(struct net *net)
2105 {
2106 unsigned int sz;
2107
2108 WARN_ON(!list_empty(&net->xfrm.state_all));
2109
2110 sz = (xfrm_state_hmask + 1) * sizeof(struct hlist_head);
2111 WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2112 xfrm_hash_free(net->xfrm.state_byspi, sz);
2113 WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2114 xfrm_hash_free(net->xfrm.state_bysrc, sz);
2115 WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2116 xfrm_hash_free(net->xfrm.state_bydst, sz);
2117 }
2118
2119 #ifdef CONFIG_AUDITSYSCALL
2120 static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2121 struct audit_buffer *audit_buf)
2122 {
2123 struct xfrm_sec_ctx *ctx = x->security;
2124 u32 spi = ntohl(x->id.spi);
2125
2126 if (ctx)
2127 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2128 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2129
2130 switch(x->props.family) {
2131 case AF_INET:
2132 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2133 &x->props.saddr.a4, &x->id.daddr.a4);
2134 break;
2135 case AF_INET6:
2136 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
2137 x->props.saddr.a6, x->id.daddr.a6);
2138 break;
2139 }
2140
2141 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2142 }
2143
2144 static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2145 struct audit_buffer *audit_buf)
2146 {
2147 struct iphdr *iph4;
2148 struct ipv6hdr *iph6;
2149
2150 switch (family) {
2151 case AF_INET:
2152 iph4 = ip_hdr(skb);
2153 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2154 &iph4->saddr, &iph4->daddr);
2155 break;
2156 case AF_INET6:
2157 iph6 = ipv6_hdr(skb);
2158 audit_log_format(audit_buf,
2159 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
2160 &iph6->saddr,&iph6->daddr,
2161 iph6->flow_lbl[0] & 0x0f,
2162 iph6->flow_lbl[1],
2163 iph6->flow_lbl[2]);
2164 break;
2165 }
2166 }
2167
2168 void xfrm_audit_state_add(struct xfrm_state *x, int result,
2169 uid_t auid, u32 sessionid, u32 secid)
2170 {
2171 struct audit_buffer *audit_buf;
2172
2173 audit_buf = xfrm_audit_start("SAD-add");
2174 if (audit_buf == NULL)
2175 return;
2176 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2177 xfrm_audit_helper_sainfo(x, audit_buf);
2178 audit_log_format(audit_buf, " res=%u", result);
2179 audit_log_end(audit_buf);
2180 }
2181 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2182
2183 void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2184 uid_t auid, u32 sessionid, u32 secid)
2185 {
2186 struct audit_buffer *audit_buf;
2187
2188 audit_buf = xfrm_audit_start("SAD-delete");
2189 if (audit_buf == NULL)
2190 return;
2191 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2192 xfrm_audit_helper_sainfo(x, audit_buf);
2193 audit_log_format(audit_buf, " res=%u", result);
2194 audit_log_end(audit_buf);
2195 }
2196 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2197
2198 void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2199 struct sk_buff *skb)
2200 {
2201 struct audit_buffer *audit_buf;
2202 u32 spi;
2203
2204 audit_buf = xfrm_audit_start("SA-replay-overflow");
2205 if (audit_buf == NULL)
2206 return;
2207 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2208 /* don't record the sequence number because it's inherent in this kind
2209 * of audit message */
2210 spi = ntohl(x->id.spi);
2211 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2212 audit_log_end(audit_buf);
2213 }
2214 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2215
2216 static void xfrm_audit_state_replay(struct xfrm_state *x,
2217 struct sk_buff *skb, __be32 net_seq)
2218 {
2219 struct audit_buffer *audit_buf;
2220 u32 spi;
2221
2222 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2223 if (audit_buf == NULL)
2224 return;
2225 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2226 spi = ntohl(x->id.spi);
2227 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2228 spi, spi, ntohl(net_seq));
2229 audit_log_end(audit_buf);
2230 }
2231
2232 void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2233 {
2234 struct audit_buffer *audit_buf;
2235
2236 audit_buf = xfrm_audit_start("SA-notfound");
2237 if (audit_buf == NULL)
2238 return;
2239 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2240 audit_log_end(audit_buf);
2241 }
2242 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2243
2244 void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2245 __be32 net_spi, __be32 net_seq)
2246 {
2247 struct audit_buffer *audit_buf;
2248 u32 spi;
2249
2250 audit_buf = xfrm_audit_start("SA-notfound");
2251 if (audit_buf == NULL)
2252 return;
2253 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2254 spi = ntohl(net_spi);
2255 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2256 spi, spi, ntohl(net_seq));
2257 audit_log_end(audit_buf);
2258 }
2259 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2260
2261 void xfrm_audit_state_icvfail(struct xfrm_state *x,
2262 struct sk_buff *skb, u8 proto)
2263 {
2264 struct audit_buffer *audit_buf;
2265 __be32 net_spi;
2266 __be32 net_seq;
2267
2268 audit_buf = xfrm_audit_start("SA-icv-failure");
2269 if (audit_buf == NULL)
2270 return;
2271 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2272 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2273 u32 spi = ntohl(net_spi);
2274 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2275 spi, spi, ntohl(net_seq));
2276 }
2277 audit_log_end(audit_buf);
2278 }
2279 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2280 #endif /* CONFIG_AUDITSYSCALL */
Ubuntu Artful kernel mirror