projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[XFRM]: Speed up xfrm_policy and xfrm_state walking
[deliverable/linux.git] / net / xfrm / xfrm_state.c
CommitLineData
1da177e4
LT		 1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
df71837d 13 *
1da177e4
LT		 14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
f034b5d4 21#include <linux/cache.h>
68277acc 22#include <linux/audit.h>
b5890d8b 23#include <asm/uaccess.h>
1da177e4 24
44e36b42
DM		 25#include "xfrm_hash.h"
26
ee857a7d
DM		 27struct sock *xfrm_nl;
28EXPORT_SYMBOL(xfrm_nl);
29
01e67d08 30u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
a70fcb0b
DM		 31EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
01e67d08 33u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
a70fcb0b
DM		 34EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
01e67d08
DM		 36u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
1da177e4
LT		 38/* Each xfrm_state may be linked to two tables:
39
40 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
a624c108 41 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
1da177e4
LT		 42 destination/tunnel endpoint. (output)
43 */
44
45static DEFINE_SPINLOCK(xfrm_state_lock);
46
47/* Hash table to find appropriate SA towards given target (endpoint
48 * of tunnel or destination of transport mode) allowed by selector.
49 *
50 * Main use is finding SA after policy selected tunnel or transport mode.
51 * Also, it can be used by ah/esp icmp error handler to find offending SA.
52 */
4c563f76 53static LIST_HEAD(xfrm_state_all);
f034b5d4
DM		 54static struct hlist_head *xfrm_state_bydst __read_mostly;
55static struct hlist_head *xfrm_state_bysrc __read_mostly;
56static struct hlist_head *xfrm_state_byspi __read_mostly;
57static unsigned int xfrm_state_hmask __read_mostly;
58static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
59static unsigned int xfrm_state_num;
9d4a706d 60static unsigned int xfrm_state_genid;
f034b5d4 61
17c2a42a
HX		 62static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
63static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
64
afeb14b4
PM		 65#ifdef CONFIG_AUDITSYSCALL
66static void xfrm_audit_state_replay(struct xfrm_state *x,
67 struct sk_buff *skb, __be32 net_seq);
68#else
69#define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
70#endif /* CONFIG_AUDITSYSCALL */
71
c1969f29
DM		 72static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
73 xfrm_address_t *saddr,
74 u32 reqid,
a624c108 75 unsigned short family)
f034b5d4 76{
c1969f29 77 return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
f034b5d4
DM		 78}
79
667bbcb6
MN		 80static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
81 xfrm_address_t *saddr,
44e36b42 82 unsigned short family)
f034b5d4 83{
667bbcb6 84 return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
f034b5d4
DM		 85}
86
f034b5d4 87static inline unsigned int
8122adf0 88xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
f034b5d4 89{
c1969f29 90 return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
f034b5d4
DM		 91}
92
f034b5d4
DM		 93static void xfrm_hash_transfer(struct hlist_head *list,
94 struct hlist_head *ndsttable,
95 struct hlist_head *nsrctable,
96 struct hlist_head *nspitable,
97 unsigned int nhashmask)
98{
99 struct hlist_node *entry, *tmp;
100 struct xfrm_state *x;
101
102 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
103 unsigned int h;
104
c1969f29
DM		 105 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
106 x->props.reqid, x->props.family,
107 nhashmask);
f034b5d4
DM		 108 hlist_add_head(&x->bydst, ndsttable+h);
109
667bbcb6
MN		 110 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
111 x->props.family,
f034b5d4
DM		 112 nhashmask);
113 hlist_add_head(&x->bysrc, nsrctable+h);
114
7b4dc360
MN		 115 if (x->id.spi) {
116 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
117 x->id.proto, x->props.family,
118 nhashmask);
119 hlist_add_head(&x->byspi, nspitable+h);
120 }
f034b5d4
DM		 121 }
122}
123
124static unsigned long xfrm_hash_new_size(void)
125{
126 return ((xfrm_state_hmask + 1) << 1) *
127 sizeof(struct hlist_head);
128}
129
130static DEFINE_MUTEX(hash_resize_mutex);
131
c4028958 132static void xfrm_hash_resize(struct work_struct *__unused)
f034b5d4
DM		 133{
134 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
135 unsigned long nsize, osize;
136 unsigned int nhashmask, ohashmask;
137 int i;
138
139 mutex_lock(&hash_resize_mutex);
140
141 nsize = xfrm_hash_new_size();
44e36b42 142 ndst = xfrm_hash_alloc(nsize);
f034b5d4
DM		 143 if (!ndst)
144 goto out_unlock;
44e36b42 145 nsrc = xfrm_hash_alloc(nsize);
f034b5d4 146 if (!nsrc) {
44e36b42 147 xfrm_hash_free(ndst, nsize);
f034b5d4
DM		 148 goto out_unlock;
149 }
44e36b42 150 nspi = xfrm_hash_alloc(nsize);
f034b5d4 151 if (!nspi) {
44e36b42
DM		 152 xfrm_hash_free(ndst, nsize);
153 xfrm_hash_free(nsrc, nsize);
f034b5d4
DM		 154 goto out_unlock;
155 }
156
157 spin_lock_bh(&xfrm_state_lock);
158
159 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
160 for (i = xfrm_state_hmask; i >= 0; i--)
161 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
162 nhashmask);
163
164 odst = xfrm_state_bydst;
165 osrc = xfrm_state_bysrc;
166 ospi = xfrm_state_byspi;
167 ohashmask = xfrm_state_hmask;
168
169 xfrm_state_bydst = ndst;
170 xfrm_state_bysrc = nsrc;
171 xfrm_state_byspi = nspi;
172 xfrm_state_hmask = nhashmask;
173
174 spin_unlock_bh(&xfrm_state_lock);
175
176 osize = (ohashmask + 1) * sizeof(struct hlist_head);
44e36b42
DM		 177 xfrm_hash_free(odst, osize);
178 xfrm_hash_free(osrc, osize);
179 xfrm_hash_free(ospi, osize);
f034b5d4
DM		 180
181out_unlock:
182 mutex_unlock(&hash_resize_mutex);
183}
184
c4028958 185static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
f034b5d4 186
1da177e4
LT		 187DECLARE_WAIT_QUEUE_HEAD(km_waitq);
188EXPORT_SYMBOL(km_waitq);
189
190static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
191static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
192
193static struct work_struct xfrm_state_gc_work;
8f126e37 194static HLIST_HEAD(xfrm_state_gc_list);
1da177e4
LT		 195static DEFINE_SPINLOCK(xfrm_state_gc_lock);
196
53bc6b4d 197int __xfrm_state_delete(struct xfrm_state *x);
1da177e4 198
980ebd25 199int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
53bc6b4d 200void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
1da177e4 201
aa5d62cc
HX		 202static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
203{
204 struct xfrm_state_afinfo *afinfo;
205 if (unlikely(family >= NPROTO))
206 return NULL;
207 write_lock_bh(&xfrm_state_afinfo_lock);
208 afinfo = xfrm_state_afinfo[family];
209 if (unlikely(!afinfo))
210 write_unlock_bh(&xfrm_state_afinfo_lock);
211 return afinfo;
212}
213
214static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 215 __releases(xfrm_state_afinfo_lock)
aa5d62cc
HX		 216{
217 write_unlock_bh(&xfrm_state_afinfo_lock);
218}
219
533cb5b0 220int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 221{
222 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 223 const struct xfrm_type **typemap;
aa5d62cc
HX		 224 int err = 0;
225
226 if (unlikely(afinfo == NULL))
227 return -EAFNOSUPPORT;
228 typemap = afinfo->type_map;
229
230 if (likely(typemap[type->proto] == NULL))
231 typemap[type->proto] = type;
232 else
233 err = -EEXIST;
234 xfrm_state_unlock_afinfo(afinfo);
235 return err;
236}
237EXPORT_SYMBOL(xfrm_register_type);
238
533cb5b0 239int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 240{
241 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 242 const struct xfrm_type **typemap;
aa5d62cc
HX		 243 int err = 0;
244
245 if (unlikely(afinfo == NULL))
246 return -EAFNOSUPPORT;
247 typemap = afinfo->type_map;
248
249 if (unlikely(typemap[type->proto] != type))
250 err = -ENOENT;
251 else
252 typemap[type->proto] = NULL;
253 xfrm_state_unlock_afinfo(afinfo);
254 return err;
255}
256EXPORT_SYMBOL(xfrm_unregister_type);
257
533cb5b0 258static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
aa5d62cc
HX		 259{
260 struct xfrm_state_afinfo *afinfo;
533cb5b0
ED		 261 const struct xfrm_type **typemap;
262 const struct xfrm_type *type;
aa5d62cc
HX		 263 int modload_attempted = 0;
264
265retry:
266 afinfo = xfrm_state_get_afinfo(family);
267 if (unlikely(afinfo == NULL))
268 return NULL;
269 typemap = afinfo->type_map;
270
271 type = typemap[proto];
272 if (unlikely(type && !try_module_get(type->owner)))
273 type = NULL;
274 if (!type && !modload_attempted) {
275 xfrm_state_put_afinfo(afinfo);
276 request_module("xfrm-type-%d-%d", family, proto);
277 modload_attempted = 1;
278 goto retry;
279 }
280
281 xfrm_state_put_afinfo(afinfo);
282 return type;
283}
284
533cb5b0 285static void xfrm_put_type(const struct xfrm_type *type)
aa5d62cc
HX		 286{
287 module_put(type->owner);
288}
289
290int xfrm_register_mode(struct xfrm_mode *mode, int family)
291{
292 struct xfrm_state_afinfo *afinfo;
293 struct xfrm_mode **modemap;
294 int err;
295
296 if (unlikely(mode->encap >= XFRM_MODE_MAX))
297 return -EINVAL;
298
299 afinfo = xfrm_state_lock_afinfo(family);
300 if (unlikely(afinfo == NULL))
301 return -EAFNOSUPPORT;
302
303 err = -EEXIST;
304 modemap = afinfo->mode_map;
17c2a42a
HX		 305 if (modemap[mode->encap])
306 goto out;
aa5d62cc 307
17c2a42a
HX		 308 err = -ENOENT;
309 if (!try_module_get(afinfo->owner))
310 goto out;
311
312 mode->afinfo = afinfo;
313 modemap[mode->encap] = mode;
314 err = 0;
315
316out:
aa5d62cc
HX		 317 xfrm_state_unlock_afinfo(afinfo);
318 return err;
319}
320EXPORT_SYMBOL(xfrm_register_mode);
321
322int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
323{
324 struct xfrm_state_afinfo *afinfo;
325 struct xfrm_mode **modemap;
326 int err;
327
328 if (unlikely(mode->encap >= XFRM_MODE_MAX))
329 return -EINVAL;
330
331 afinfo = xfrm_state_lock_afinfo(family);
332 if (unlikely(afinfo == NULL))
333 return -EAFNOSUPPORT;
334
335 err = -ENOENT;
336 modemap = afinfo->mode_map;
337 if (likely(modemap[mode->encap] == mode)) {
338 modemap[mode->encap] = NULL;
17c2a42a 339 module_put(mode->afinfo->owner);
aa5d62cc
HX		 340 err = 0;
341 }
342
343 xfrm_state_unlock_afinfo(afinfo);
344 return err;
345}
346EXPORT_SYMBOL(xfrm_unregister_mode);
347
348static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
349{
350 struct xfrm_state_afinfo *afinfo;
351 struct xfrm_mode *mode;
352 int modload_attempted = 0;
353
354 if (unlikely(encap >= XFRM_MODE_MAX))
355 return NULL;
356
357retry:
358 afinfo = xfrm_state_get_afinfo(family);
359 if (unlikely(afinfo == NULL))
360 return NULL;
361
362 mode = afinfo->mode_map[encap];
363 if (unlikely(mode && !try_module_get(mode->owner)))
364 mode = NULL;
365 if (!mode && !modload_attempted) {
366 xfrm_state_put_afinfo(afinfo);
367 request_module("xfrm-mode-%d-%d", family, encap);
368 modload_attempted = 1;
369 goto retry;
370 }
371
372 xfrm_state_put_afinfo(afinfo);
373 return mode;
374}
375
376static void xfrm_put_mode(struct xfrm_mode *mode)
377{
378 module_put(mode->owner);
379}
380
1da177e4
LT		 381static void xfrm_state_gc_destroy(struct xfrm_state *x)
382{
a47f0ce0
DM		 383 del_timer_sync(&x->timer);
384 del_timer_sync(&x->rtimer);
a51482bd
JJ		 385 kfree(x->aalg);
386 kfree(x->ealg);
387 kfree(x->calg);
388 kfree(x->encap);
060f02a3 389 kfree(x->coaddr);
13996378
HX		 390 if (x->inner_mode)
391 xfrm_put_mode(x->inner_mode);
392 if (x->outer_mode)
393 xfrm_put_mode(x->outer_mode);
1da177e4
LT		 394 if (x->type) {
395 x->type->destructor(x);
396 xfrm_put_type(x->type);
397 }
df71837d 398 security_xfrm_state_free(x);
1da177e4
LT		 399 kfree(x);
400}
401
c4028958 402static void xfrm_state_gc_task(struct work_struct *data)
1da177e4
LT		 403{
404 struct xfrm_state *x;
8f126e37
DM		 405 struct hlist_node *entry, *tmp;
406 struct hlist_head gc_list;
1da177e4 407
1da177e4 408 spin_lock_bh(&xfrm_state_gc_lock);
8f126e37
DM		 409 gc_list.first = xfrm_state_gc_list.first;
410 INIT_HLIST_HEAD(&xfrm_state_gc_list);
1da177e4
LT		 411 spin_unlock_bh(&xfrm_state_gc_lock);
412
8f126e37 413 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, bydst)
1da177e4 414 xfrm_state_gc_destroy(x);
8f126e37 415
1da177e4
LT		 416 wake_up(&km_waitq);
417}
418
419static inline unsigned long make_jiffies(long secs)
420{
421 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
422 return MAX_SCHEDULE_TIMEOUT-1;
423 else
a716c119 424 return secs*HZ;
1da177e4
LT		 425}
426
427static void xfrm_timer_handler(unsigned long data)
428{
429 struct xfrm_state *x = (struct xfrm_state*)data;
9d729f72 430 unsigned long now = get_seconds();
1da177e4
LT		 431 long next = LONG_MAX;
432 int warn = 0;
161a09e7 433 int err = 0;
1da177e4
LT		 434
435 spin_lock(&x->lock);
436 if (x->km.state == XFRM_STATE_DEAD)
437 goto out;
438 if (x->km.state == XFRM_STATE_EXPIRED)
439 goto expired;
440 if (x->lft.hard_add_expires_seconds) {
441 long tmo = x->lft.hard_add_expires_seconds +
442 x->curlft.add_time - now;
443 if (tmo <= 0)
444 goto expired;
445 if (tmo < next)
446 next = tmo;
447 }
448 if (x->lft.hard_use_expires_seconds) {
449 long tmo = x->lft.hard_use_expires_seconds +
450 (x->curlft.use_time ? : now) - now;
451 if (tmo <= 0)
452 goto expired;
453 if (tmo < next)
454 next = tmo;
455 }
456 if (x->km.dying)
457 goto resched;
458 if (x->lft.soft_add_expires_seconds) {
459 long tmo = x->lft.soft_add_expires_seconds +
460 x->curlft.add_time - now;
461 if (tmo <= 0)
462 warn = 1;
463 else if (tmo < next)
464 next = tmo;
465 }
466 if (x->lft.soft_use_expires_seconds) {
467 long tmo = x->lft.soft_use_expires_seconds +
468 (x->curlft.use_time ? : now) - now;
469 if (tmo <= 0)
470 warn = 1;
471 else if (tmo < next)
472 next = tmo;
473 }
474
4666faab 475 x->km.dying = warn;
1da177e4 476 if (warn)
53bc6b4d 477 km_state_expired(x, 0, 0);
1da177e4 478resched:
a47f0ce0
DM		 479 if (next != LONG_MAX)
480 mod_timer(&x->timer, jiffies + make_jiffies(next));
481
1da177e4
LT		 482 goto out;
483
484expired:
485 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
486 x->km.state = XFRM_STATE_EXPIRED;
487 wake_up(&km_waitq);
488 next = 2;
489 goto resched;
490 }
161a09e7
JL		 491
492 err = __xfrm_state_delete(x);
493 if (!err && x->id.spi)
53bc6b4d 494 km_state_expired(x, 1, 0);
1da177e4 495
ab5f5e8b 496 xfrm_audit_state_delete(x, err ? 0 : 1,
0c11b942 497 audit_get_loginuid(current), 0);
161a09e7 498
1da177e4
LT		 499out:
500 spin_unlock(&x->lock);
1da177e4
LT		 501}
502
0ac84752
DM		 503static void xfrm_replay_timer_handler(unsigned long data);
504
1da177e4
LT		 505struct xfrm_state *xfrm_state_alloc(void)
506{
507 struct xfrm_state *x;
508
0da974f4 509 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
1da177e4
LT		 510
511 if (x) {
1da177e4
LT		 512 atomic_set(&x->refcnt, 1);
513 atomic_set(&x->tunnel_users, 0);
4c563f76 514 INIT_LIST_HEAD(&x->all);
8f126e37
DM		 515 INIT_HLIST_NODE(&x->bydst);
516 INIT_HLIST_NODE(&x->bysrc);
517 INIT_HLIST_NODE(&x->byspi);
b24b8a24
PE		 518 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
519 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
520 (unsigned long)x);
9d729f72 521 x->curlft.add_time = get_seconds();
1da177e4
LT		 522 x->lft.soft_byte_limit = XFRM_INF;
523 x->lft.soft_packet_limit = XFRM_INF;
524 x->lft.hard_byte_limit = XFRM_INF;
525 x->lft.hard_packet_limit = XFRM_INF;
f8cd5488
JHS		 526 x->replay_maxage = 0;
527 x->replay_maxdiff = 0;
1da177e4
LT		 528 spin_lock_init(&x->lock);
529 }
530 return x;
531}
532EXPORT_SYMBOL(xfrm_state_alloc);
533
534void __xfrm_state_destroy(struct xfrm_state *x)
535{
536 BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
537
4c563f76
TT		 538 spin_lock_bh(&xfrm_state_lock);
539 list_del(&x->all);
540 spin_unlock_bh(&xfrm_state_lock);
541
1da177e4 542 spin_lock_bh(&xfrm_state_gc_lock);
8f126e37 543 hlist_add_head(&x->bydst, &xfrm_state_gc_list);
1da177e4
LT		 544 spin_unlock_bh(&xfrm_state_gc_lock);
545 schedule_work(&xfrm_state_gc_work);
546}
547EXPORT_SYMBOL(__xfrm_state_destroy);
548
53bc6b4d 549int __xfrm_state_delete(struct xfrm_state *x)
1da177e4 550{
26b15dad
JHS		 551 int err = -ESRCH;
552
1da177e4
LT		 553 if (x->km.state != XFRM_STATE_DEAD) {
554 x->km.state = XFRM_STATE_DEAD;
555 spin_lock(&xfrm_state_lock);
8f126e37 556 hlist_del(&x->bydst);
8f126e37 557 hlist_del(&x->bysrc);
a47f0ce0 558 if (x->id.spi)
8f126e37 559 hlist_del(&x->byspi);
f034b5d4 560 xfrm_state_num--;
1da177e4 561 spin_unlock(&xfrm_state_lock);
1da177e4 562
1da177e4
LT		 563 /* All xfrm_state objects are created by xfrm_state_alloc.
564 * The xfrm_state_alloc call gives a reference, and that
565 * is what we are dropping here.
566 */
5dba4797 567 xfrm_state_put(x);
26b15dad 568 err = 0;
1da177e4 569 }
26b15dad
JHS		 570
571 return err;
1da177e4 572}
53bc6b4d 573EXPORT_SYMBOL(__xfrm_state_delete);
1da177e4 574
26b15dad 575int xfrm_state_delete(struct xfrm_state *x)
1da177e4 576{
26b15dad
JHS		 577 int err;
578
1da177e4 579 spin_lock_bh(&x->lock);
26b15dad 580 err = __xfrm_state_delete(x);
1da177e4 581 spin_unlock_bh(&x->lock);
26b15dad
JHS		 582
583 return err;
1da177e4
LT		 584}
585EXPORT_SYMBOL(xfrm_state_delete);
586
4aa2e62c
JL		 587#ifdef CONFIG_SECURITY_NETWORK_XFRM
588static inline int
589xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
1da177e4 590{
4aa2e62c
JL		 591 int i, err = 0;
592
593 for (i = 0; i <= xfrm_state_hmask; i++) {
594 struct hlist_node *entry;
595 struct xfrm_state *x;
596
597 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
598 if (xfrm_id_proto_match(x->id.proto, proto) &&
599 (err = security_xfrm_state_delete(x)) != 0) {
ab5f5e8b
JL		 600 xfrm_audit_state_delete(x, 0,
601 audit_info->loginuid,
602 audit_info->secid);
4aa2e62c
JL		 603 return err;
604 }
605 }
606 }
607
608 return err;
609}
610#else
611static inline int
612xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
613{
614 return 0;
615}
616#endif
617
618int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
619{
620 int i, err = 0;
1da177e4
LT		 621
622 spin_lock_bh(&xfrm_state_lock);
4aa2e62c
JL		 623 err = xfrm_state_flush_secctx_check(proto, audit_info);
624 if (err)
625 goto out;
626
a9917c06 627 for (i = 0; i <= xfrm_state_hmask; i++) {
8f126e37
DM		 628 struct hlist_node *entry;
629 struct xfrm_state *x;
1da177e4 630restart:
8f126e37 631 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1da177e4 632 if (!xfrm_state_kern(x) &&
5794708f 633 xfrm_id_proto_match(x->id.proto, proto)) {
1da177e4
LT		 634 xfrm_state_hold(x);
635 spin_unlock_bh(&xfrm_state_lock);
636
161a09e7 637 err = xfrm_state_delete(x);
ab5f5e8b
JL		 638 xfrm_audit_state_delete(x, err ? 0 : 1,
639 audit_info->loginuid,
640 audit_info->secid);
1da177e4
LT		 641 xfrm_state_put(x);
642
643 spin_lock_bh(&xfrm_state_lock);
644 goto restart;
645 }
646 }
647 }
4aa2e62c
JL		 648 err = 0;
649
650out:
1da177e4
LT		 651 spin_unlock_bh(&xfrm_state_lock);
652 wake_up(&km_waitq);
4aa2e62c 653 return err;
1da177e4
LT		 654}
655EXPORT_SYMBOL(xfrm_state_flush);
656
af11e316 657void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
28d8909b
JHS		 658{
659 spin_lock_bh(&xfrm_state_lock);
660 si->sadcnt = xfrm_state_num;
661 si->sadhcnt = xfrm_state_hmask;
662 si->sadhmcnt = xfrm_state_hashmax;
663 spin_unlock_bh(&xfrm_state_lock);
664}
665EXPORT_SYMBOL(xfrm_sad_getinfo);
666
1da177e4
LT		 667static int
668xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
669 struct xfrm_tmpl *tmpl,
670 xfrm_address_t *daddr, xfrm_address_t *saddr,
671 unsigned short family)
672{
673 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
674 if (!afinfo)
675 return -1;
676 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
677 xfrm_state_put_afinfo(afinfo);
678 return 0;
679}
680
a94cfd19 681static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
edcd5821
DM		 682{
683 unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
684 struct xfrm_state *x;
8f126e37 685 struct hlist_node *entry;
edcd5821 686
8f126e37 687 hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
edcd5821
DM		 688 if (x->props.family != family ||
689 x->id.spi != spi ||
690 x->id.proto != proto)
691 continue;
692
693 switch (family) {
694 case AF_INET:
695 if (x->id.daddr.a4 != daddr->a4)
696 continue;
697 break;
698 case AF_INET6:
699 if (!ipv6_addr_equal((struct in6_addr *)daddr,
700 (struct in6_addr *)
701 x->id.daddr.a6))
702 continue;
703 break;
3ff50b79 704 }
edcd5821
DM		 705
706 xfrm_state_hold(x);
707 return x;
708 }
709
710 return NULL;
711}
712
713static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
714{
667bbcb6 715 unsigned int h = xfrm_src_hash(daddr, saddr, family);
edcd5821 716 struct xfrm_state *x;
8f126e37 717 struct hlist_node *entry;
edcd5821 718
8f126e37 719 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
edcd5821
DM		 720 if (x->props.family != family ||
721 x->id.proto != proto)
722 continue;
723
724 switch (family) {
725 case AF_INET:
726 if (x->id.daddr.a4 != daddr->a4 ||
727 x->props.saddr.a4 != saddr->a4)
728 continue;
729 break;
730 case AF_INET6:
731 if (!ipv6_addr_equal((struct in6_addr *)daddr,
732 (struct in6_addr *)
733 x->id.daddr.a6) ||
734 !ipv6_addr_equal((struct in6_addr *)saddr,
735 (struct in6_addr *)
736 x->props.saddr.a6))
737 continue;
738 break;
3ff50b79 739 }
edcd5821
DM		 740
741 xfrm_state_hold(x);
742 return x;
743 }
744
745 return NULL;
746}
747
748static inline struct xfrm_state *
749__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
750{
751 if (use_spi)
752 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
753 x->id.proto, family);
754 else
755 return __xfrm_state_lookup_byaddr(&x->id.daddr,
756 &x->props.saddr,
757 x->id.proto, family);
758}
759
2fab22f2
PM		 760static void xfrm_hash_grow_check(int have_hash_collision)
761{
762 if (have_hash_collision &&
763 (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
764 xfrm_state_num > xfrm_state_hmask)
765 schedule_work(&xfrm_hash_work);
766}
767
1da177e4 768struct xfrm_state *
a716c119 769xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 770 struct flowi *fl, struct xfrm_tmpl *tmpl,
771 struct xfrm_policy *pol, int *err,
772 unsigned short family)
773{
4bda4f25 774 unsigned int h;
8f126e37 775 struct hlist_node *entry;
1da177e4
LT		 776 struct xfrm_state *x, *x0;
777 int acquire_in_progress = 0;
778 int error = 0;
779 struct xfrm_state *best = NULL;
a716c119 780
1da177e4 781 spin_lock_bh(&xfrm_state_lock);
4bda4f25 782 h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
8f126e37 783 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1da177e4
LT		 784 if (x->props.family == family &&
785 x->props.reqid == tmpl->reqid &&
fbd9a5b4 786 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1da177e4
LT		 787 xfrm_state_addr_check(x, daddr, saddr, family) &&
788 tmpl->mode == x->props.mode &&
789 tmpl->id.proto == x->id.proto &&
790 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
791 /* Resolution logic:
792 1. There is a valid state with matching selector.
793 Done.
794 2. Valid state with inappropriate selector. Skip.
795
796 Entering area of "sysdeps".
797
798 3. If state is not valid, selector is temporary,
799 it selects only session which triggered
800 previous resolution. Key manager will do
801 something to install a state with proper
802 selector.
803 */
804 if (x->km.state == XFRM_STATE_VALID) {
48b8d783 805 if (!xfrm_selector_match(&x->sel, fl, x->sel.family) ||
e0d1caa7 806 !security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 807 continue;
808 if (!best ||
809 best->km.dying > x->km.dying ||
810 (best->km.dying == x->km.dying &&
811 best->curlft.add_time < x->curlft.add_time))
812 best = x;
813 } else if (x->km.state == XFRM_STATE_ACQ) {
814 acquire_in_progress = 1;
815 } else if (x->km.state == XFRM_STATE_ERROR ||
816 x->km.state == XFRM_STATE_EXPIRED) {
48b8d783 817 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
e0d1caa7 818 security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 819 error = -ESRCH;
820 }
821 }
822 }
823
824 x = best;
825 if (!x && !error && !acquire_in_progress) {
5c5d281a 826 if (tmpl->id.spi &&
edcd5821
DM		 827 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
828 tmpl->id.proto, family)) != NULL) {
1da177e4
LT		 829 xfrm_state_put(x0);
830 error = -EEXIST;
831 goto out;
832 }
833 x = xfrm_state_alloc();
834 if (x == NULL) {
835 error = -ENOMEM;
836 goto out;
837 }
838 /* Initialize temporary selector matching only
839 * to current session. */
840 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
841
e0d1caa7
VY		 842 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
843 if (error) {
844 x->km.state = XFRM_STATE_DEAD;
845 xfrm_state_put(x);
846 x = NULL;
847 goto out;
848 }
849
1da177e4
LT		 850 if (km_query(x, tmpl, pol) == 0) {
851 x->km.state = XFRM_STATE_ACQ;
8f126e37 852 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
667bbcb6 853 h = xfrm_src_hash(daddr, saddr, family);
8f126e37 854 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1da177e4
LT		 855 if (x->id.spi) {
856 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
8f126e37 857 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1da177e4 858 }
01e67d08
DM		 859 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
860 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1da177e4 861 add_timer(&x->timer);
2fab22f2
PM		 862 xfrm_state_num++;
863 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 864 } else {
865 x->km.state = XFRM_STATE_DEAD;
866 xfrm_state_put(x);
867 x = NULL;
868 error = -ESRCH;
869 }
870 }
871out:
872 if (x)
873 xfrm_state_hold(x);
874 else
875 *err = acquire_in_progress ? -EAGAIN : error;
876 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 877 return x;
878}
879
628529b6
JHS		 880struct xfrm_state *
881xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
882 unsigned short family, u8 mode, u8 proto, u32 reqid)
883{
4bda4f25 884 unsigned int h;
628529b6
JHS		 885 struct xfrm_state *rx = NULL, *x = NULL;
886 struct hlist_node *entry;
887
888 spin_lock(&xfrm_state_lock);
4bda4f25 889 h = xfrm_dst_hash(daddr, saddr, reqid, family);
628529b6
JHS		 890 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
891 if (x->props.family == family &&
892 x->props.reqid == reqid &&
893 !(x->props.flags & XFRM_STATE_WILDRECV) &&
894 xfrm_state_addr_check(x, daddr, saddr, family) &&
895 mode == x->props.mode &&
896 proto == x->id.proto &&
897 x->km.state == XFRM_STATE_VALID) {
898 rx = x;
899 break;
900 }
901 }
902
903 if (rx)
904 xfrm_state_hold(rx);
905 spin_unlock(&xfrm_state_lock);
906
907
908 return rx;
909}
910EXPORT_SYMBOL(xfrm_stateonly_find);
911
1da177e4
LT		 912static void __xfrm_state_insert(struct xfrm_state *x)
913{
a624c108 914 unsigned int h;
1da177e4 915
9d4a706d
DM		 916 x->genid = ++xfrm_state_genid;
917
4c563f76
TT		 918 list_add_tail(&x->all, &xfrm_state_all);
919
c1969f29
DM		 920 h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
921 x->props.reqid, x->props.family);
8f126e37 922 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
1da177e4 923
667bbcb6 924 h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
8f126e37 925 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1da177e4 926
7b4dc360 927 if (x->id.spi) {
6c44e6b7
MN		 928 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
929 x->props.family);
930
8f126e37 931 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
6c44e6b7
MN		 932 }
933
a47f0ce0
DM		 934 mod_timer(&x->timer, jiffies + HZ);
935 if (x->replay_maxage)
936 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
f8cd5488 937
1da177e4 938 wake_up(&km_waitq);
f034b5d4
DM		 939
940 xfrm_state_num++;
941
918049f0 942 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 943}
944
c7f5ea3a
DM		 945/* xfrm_state_lock is held */
946static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
947{
948 unsigned short family = xnew->props.family;
949 u32 reqid = xnew->props.reqid;
950 struct xfrm_state *x;
951 struct hlist_node *entry;
952 unsigned int h;
953
c1969f29 954 h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
c7f5ea3a
DM		 955 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
956 if (x->props.family == family &&
957 x->props.reqid == reqid &&
c1969f29
DM		 958 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
959 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
c7f5ea3a
DM		 960 x->genid = xfrm_state_genid;
961 }
962}
963
1da177e4
LT		 964void xfrm_state_insert(struct xfrm_state *x)
965{
966 spin_lock_bh(&xfrm_state_lock);
c7f5ea3a 967 __xfrm_state_bump_genids(x);
1da177e4
LT		 968 __xfrm_state_insert(x);
969 spin_unlock_bh(&xfrm_state_lock);
970}
971EXPORT_SYMBOL(xfrm_state_insert);
972
2770834c
DM		 973/* xfrm_state_lock is held */
974static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
975{
c1969f29 976 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
8f126e37 977 struct hlist_node *entry;
2770834c
DM		 978 struct xfrm_state *x;
979
8f126e37 980 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
2770834c
DM		 981 if (x->props.reqid != reqid ||
982 x->props.mode != mode ||
983 x->props.family != family ||
984 x->km.state != XFRM_STATE_ACQ ||
75e252d9
JL		 985 x->id.spi != 0 ||
986 x->id.proto != proto)
2770834c
DM		 987 continue;
988
989 switch (family) {
990 case AF_INET:
991 if (x->id.daddr.a4 != daddr->a4 ||
992 x->props.saddr.a4 != saddr->a4)
993 continue;
994 break;
995 case AF_INET6:
996 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
997 (struct in6_addr *)daddr) ||
998 !ipv6_addr_equal((struct in6_addr *)
999 x->props.saddr.a6,
1000 (struct in6_addr *)saddr))
1001 continue;
1002 break;
3ff50b79 1003 }
2770834c
DM		 1004
1005 xfrm_state_hold(x);
1006 return x;
1007 }
1008
1009 if (!create)
1010 return NULL;
1011
1012 x = xfrm_state_alloc();
1013 if (likely(x)) {
1014 switch (family) {
1015 case AF_INET:
1016 x->sel.daddr.a4 = daddr->a4;
1017 x->sel.saddr.a4 = saddr->a4;
1018 x->sel.prefixlen_d = 32;
1019 x->sel.prefixlen_s = 32;
1020 x->props.saddr.a4 = saddr->a4;
1021 x->id.daddr.a4 = daddr->a4;
1022 break;
1023
1024 case AF_INET6:
1025 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1026 (struct in6_addr *)daddr);
1027 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1028 (struct in6_addr *)saddr);
1029 x->sel.prefixlen_d = 128;
1030 x->sel.prefixlen_s = 128;
1031 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1032 (struct in6_addr *)saddr);
1033 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1034 (struct in6_addr *)daddr);
1035 break;
3ff50b79 1036 }
2770834c
DM		 1037
1038 x->km.state = XFRM_STATE_ACQ;
1039 x->id.proto = proto;
1040 x->props.family = family;
1041 x->props.mode = mode;
1042 x->props.reqid = reqid;
01e67d08 1043 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
2770834c 1044 xfrm_state_hold(x);
01e67d08 1045 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
2770834c 1046 add_timer(&x->timer);
8f126e37 1047 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
667bbcb6 1048 h = xfrm_src_hash(daddr, saddr, family);
8f126e37 1049 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
918049f0
DM		 1050
1051 xfrm_state_num++;
1052
1053 xfrm_hash_grow_check(x->bydst.next != NULL);
2770834c
DM		 1054 }
1055
1056 return x;
1057}
1058
1da177e4
LT		 1059static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1060
1061int xfrm_state_add(struct xfrm_state *x)
1062{
1da177e4
LT		 1063 struct xfrm_state *x1;
1064 int family;
1065 int err;
eb2971b6 1066 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4
LT		 1067
1068 family = x->props.family;
1da177e4
LT		 1069
1070 spin_lock_bh(&xfrm_state_lock);
1071
edcd5821 1072 x1 = __xfrm_state_locate(x, use_spi, family);
1da177e4
LT		 1073 if (x1) {
1074 xfrm_state_put(x1);
1075 x1 = NULL;
1076 err = -EEXIST;
1077 goto out;
1078 }
1079
eb2971b6 1080 if (use_spi && x->km.seq) {
1da177e4 1081 x1 = __xfrm_find_acq_byseq(x->km.seq);
75e252d9
JL		 1082 if (x1 && ((x1->id.proto != x->id.proto) ||
1083 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1da177e4
LT		 1084 xfrm_state_put(x1);
1085 x1 = NULL;
1086 }
1087 }
1088
eb2971b6 1089 if (use_spi && !x1)
2770834c
DM		 1090 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1091 x->id.proto,
1092 &x->id.daddr, &x->props.saddr, 0);
1da177e4 1093
c7f5ea3a 1094 __xfrm_state_bump_genids(x);
1da177e4
LT		 1095 __xfrm_state_insert(x);
1096 err = 0;
1097
1098out:
1099 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1100
1101 if (x1) {
1102 xfrm_state_delete(x1);
1103 xfrm_state_put(x1);
1104 }
1105
1106 return err;
1107}
1108EXPORT_SYMBOL(xfrm_state_add);
1109
80c9abaa 1110#ifdef CONFIG_XFRM_MIGRATE
6666351d 1111static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
80c9abaa
SS		 1112{
1113 int err = -ENOMEM;
1114 struct xfrm_state *x = xfrm_state_alloc();
1115 if (!x)
1116 goto error;
1117
1118 memcpy(&x->id, &orig->id, sizeof(x->id));
1119 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1120 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1121 x->props.mode = orig->props.mode;
1122 x->props.replay_window = orig->props.replay_window;
1123 x->props.reqid = orig->props.reqid;
1124 x->props.family = orig->props.family;
1125 x->props.saddr = orig->props.saddr;
1126
1127 if (orig->aalg) {
1128 x->aalg = xfrm_algo_clone(orig->aalg);
1129 if (!x->aalg)
1130 goto error;
1131 }
1132 x->props.aalgo = orig->props.aalgo;
1133
1134 if (orig->ealg) {
1135 x->ealg = xfrm_algo_clone(orig->ealg);
1136 if (!x->ealg)
1137 goto error;
1138 }
1139 x->props.ealgo = orig->props.ealgo;
1140
1141 if (orig->calg) {
1142 x->calg = xfrm_algo_clone(orig->calg);
1143 if (!x->calg)
1144 goto error;
1145 }
1146 x->props.calgo = orig->props.calgo;
1147
a716c119 1148 if (orig->encap) {
80c9abaa
SS		 1149 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1150 if (!x->encap)
1151 goto error;
1152 }
1153
1154 if (orig->coaddr) {
1155 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1156 GFP_KERNEL);
1157 if (!x->coaddr)
1158 goto error;
1159 }
1160
1161 err = xfrm_init_state(x);
1162 if (err)
1163 goto error;
1164
1165 x->props.flags = orig->props.flags;
1166
1167 x->curlft.add_time = orig->curlft.add_time;
1168 x->km.state = orig->km.state;
1169 x->km.seq = orig->km.seq;
1170
1171 return x;
1172
1173 error:
1174 if (errp)
1175 *errp = err;
1176 if (x) {
1177 kfree(x->aalg);
1178 kfree(x->ealg);
1179 kfree(x->calg);
1180 kfree(x->encap);
1181 kfree(x->coaddr);
1182 }
1183 kfree(x);
1184 return NULL;
1185}
80c9abaa
SS		 1186
1187/* xfrm_state_lock is held */
1188struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1189{
1190 unsigned int h;
1191 struct xfrm_state *x;
1192 struct hlist_node *entry;
1193
1194 if (m->reqid) {
1195 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1196 m->reqid, m->old_family);
1197 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1198 if (x->props.mode != m->mode ||
1199 x->id.proto != m->proto)
1200 continue;
1201 if (m->reqid && x->props.reqid != m->reqid)
1202 continue;
1203 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1204 m->old_family) ||
1205 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1206 m->old_family))
1207 continue;
1208 xfrm_state_hold(x);
1209 return x;
1210 }
1211 } else {
1212 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1213 m->old_family);
1214 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
1215 if (x->props.mode != m->mode ||
1216 x->id.proto != m->proto)
1217 continue;
1218 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1219 m->old_family) ||
1220 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1221 m->old_family))
1222 continue;
1223 xfrm_state_hold(x);
1224 return x;
1225 }
1226 }
1227
a716c119 1228 return NULL;
80c9abaa
SS		 1229}
1230EXPORT_SYMBOL(xfrm_migrate_state_find);
1231
1232struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1233 struct xfrm_migrate *m)
1234{
1235 struct xfrm_state *xc;
1236 int err;
1237
1238 xc = xfrm_state_clone(x, &err);
1239 if (!xc)
1240 return NULL;
1241
1242 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1243 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1244
1245 /* add state */
1246 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1247 /* a care is needed when the destination address of the
1248 state is to be updated as it is a part of triplet */
1249 xfrm_state_insert(xc);
1250 } else {
1251 if ((err = xfrm_state_add(xc)) < 0)
1252 goto error;
1253 }
1254
1255 return xc;
1256error:
1257 kfree(xc);
1258 return NULL;
1259}
1260EXPORT_SYMBOL(xfrm_state_migrate);
1261#endif
1262
1da177e4
LT		 1263int xfrm_state_update(struct xfrm_state *x)
1264{
1da177e4
LT		 1265 struct xfrm_state *x1;
1266 int err;
eb2971b6 1267 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4 1268
1da177e4 1269 spin_lock_bh(&xfrm_state_lock);
edcd5821 1270 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1da177e4
LT		 1271
1272 err = -ESRCH;
1273 if (!x1)
1274 goto out;
1275
1276 if (xfrm_state_kern(x1)) {
1277 xfrm_state_put(x1);
1278 err = -EEXIST;
1279 goto out;
1280 }
1281
1282 if (x1->km.state == XFRM_STATE_ACQ) {
1283 __xfrm_state_insert(x);
1284 x = NULL;
1285 }
1286 err = 0;
1287
1288out:
1289 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1290
1291 if (err)
1292 return err;
1293
1294 if (!x) {
1295 xfrm_state_delete(x1);
1296 xfrm_state_put(x1);
1297 return 0;
1298 }
1299
1300 err = -EINVAL;
1301 spin_lock_bh(&x1->lock);
1302 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1303 if (x->encap && x1->encap)
1304 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
060f02a3
NT		 1305 if (x->coaddr && x1->coaddr) {
1306 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1307 }
1308 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1309 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1da177e4
LT		 1310 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1311 x1->km.dying = 0;
1312
a47f0ce0 1313 mod_timer(&x1->timer, jiffies + HZ);
1da177e4
LT		 1314 if (x1->curlft.use_time)
1315 xfrm_state_check_expire(x1);
1316
1317 err = 0;
1318 }
1319 spin_unlock_bh(&x1->lock);
1320
1321 xfrm_state_put(x1);
1322
1323 return err;
1324}
1325EXPORT_SYMBOL(xfrm_state_update);
1326
1327int xfrm_state_check_expire(struct xfrm_state *x)
1328{
1329 if (!x->curlft.use_time)
9d729f72 1330 x->curlft.use_time = get_seconds();
1da177e4
LT		 1331
1332 if (x->km.state != XFRM_STATE_VALID)
1333 return -EINVAL;
1334
1335 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1336 x->curlft.packets >= x->lft.hard_packet_limit) {
4666faab 1337 x->km.state = XFRM_STATE_EXPIRED;
a47f0ce0 1338 mod_timer(&x->timer, jiffies);
1da177e4
LT		 1339 return -EINVAL;
1340 }
1341
1342 if (!x->km.dying &&
1343 (x->curlft.bytes >= x->lft.soft_byte_limit ||
4666faab
HX		 1344 x->curlft.packets >= x->lft.soft_packet_limit)) {
1345 x->km.dying = 1;
53bc6b4d 1346 km_state_expired(x, 0, 0);
4666faab 1347 }
1da177e4
LT		 1348 return 0;
1349}
1350EXPORT_SYMBOL(xfrm_state_check_expire);
1351
1da177e4 1352struct xfrm_state *
a94cfd19 1353xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1da177e4
LT		 1354 unsigned short family)
1355{
1356 struct xfrm_state *x;
1da177e4
LT		 1357
1358 spin_lock_bh(&xfrm_state_lock);
edcd5821 1359 x = __xfrm_state_lookup(daddr, spi, proto, family);
1da177e4 1360 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1361 return x;
1362}
1363EXPORT_SYMBOL(xfrm_state_lookup);
1364
1365struct xfrm_state *
eb2971b6
MN		 1366xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1367 u8 proto, unsigned short family)
1368{
1369 struct xfrm_state *x;
eb2971b6
MN		 1370
1371 spin_lock_bh(&xfrm_state_lock);
edcd5821 1372 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
eb2971b6 1373 spin_unlock_bh(&xfrm_state_lock);
eb2971b6
MN		 1374 return x;
1375}
1376EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1377
1378struct xfrm_state *
a716c119
YH		 1379xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1380 xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 1381 int create, unsigned short family)
1382{
1383 struct xfrm_state *x;
1da177e4
LT		 1384
1385 spin_lock_bh(&xfrm_state_lock);
2770834c 1386 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1da177e4 1387 spin_unlock_bh(&xfrm_state_lock);
2770834c 1388
1da177e4
LT		 1389 return x;
1390}
1391EXPORT_SYMBOL(xfrm_find_acq);
1392
41a49cc3
MN		 1393#ifdef CONFIG_XFRM_SUB_POLICY
1394int
1395xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1396 unsigned short family)
1397{
1398 int err = 0;
1399 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1400 if (!afinfo)
1401 return -EAFNOSUPPORT;
1402
1403 spin_lock_bh(&xfrm_state_lock);
1404 if (afinfo->tmpl_sort)
1405 err = afinfo->tmpl_sort(dst, src, n);
1406 spin_unlock_bh(&xfrm_state_lock);
1407 xfrm_state_put_afinfo(afinfo);
1408 return err;
1409}
1410EXPORT_SYMBOL(xfrm_tmpl_sort);
1411
1412int
1413xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1414 unsigned short family)
1415{
1416 int err = 0;
1417 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1418 if (!afinfo)
1419 return -EAFNOSUPPORT;
1420
1421 spin_lock_bh(&xfrm_state_lock);
1422 if (afinfo->state_sort)
1423 err = afinfo->state_sort(dst, src, n);
1424 spin_unlock_bh(&xfrm_state_lock);
1425 xfrm_state_put_afinfo(afinfo);
1426 return err;
1427}
1428EXPORT_SYMBOL(xfrm_state_sort);
1429#endif
1430
1da177e4
LT		 1431/* Silly enough, but I'm lazy to build resolution list */
1432
1433static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1434{
1435 int i;
1da177e4 1436
f034b5d4 1437 for (i = 0; i <= xfrm_state_hmask; i++) {
8f126e37
DM		 1438 struct hlist_node *entry;
1439 struct xfrm_state *x;
1440
1441 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1442 if (x->km.seq == seq &&
1443 x->km.state == XFRM_STATE_ACQ) {
1da177e4
LT		 1444 xfrm_state_hold(x);
1445 return x;
1446 }
1447 }
1448 }
1449 return NULL;
1450}
1451
1452struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1453{
1454 struct xfrm_state *x;
1455
1456 spin_lock_bh(&xfrm_state_lock);
1457 x = __xfrm_find_acq_byseq(seq);
1458 spin_unlock_bh(&xfrm_state_lock);
1459 return x;
1460}
1461EXPORT_SYMBOL(xfrm_find_acq_byseq);
1462
1463u32 xfrm_get_acqseq(void)
1464{
1465 u32 res;
1466 static u32 acqseq;
1467 static DEFINE_SPINLOCK(acqseq_lock);
1468
1469 spin_lock_bh(&acqseq_lock);
1470 res = (++acqseq ? : ++acqseq);
1471 spin_unlock_bh(&acqseq_lock);
1472 return res;
1473}
1474EXPORT_SYMBOL(xfrm_get_acqseq);
1475
658b219e 1476int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1da177e4 1477{
f034b5d4 1478 unsigned int h;
1da177e4 1479 struct xfrm_state *x0;
658b219e
HX		 1480 int err = -ENOENT;
1481 __be32 minspi = htonl(low);
1482 __be32 maxspi = htonl(high);
1da177e4 1483
658b219e
HX		 1484 spin_lock_bh(&x->lock);
1485 if (x->km.state == XFRM_STATE_DEAD)
1486 goto unlock;
1487
1488 err = 0;
1da177e4 1489 if (x->id.spi)
658b219e
HX		 1490 goto unlock;
1491
1492 err = -ENOENT;
1da177e4
LT		 1493
1494 if (minspi == maxspi) {
1495 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1496 if (x0) {
1497 xfrm_state_put(x0);
658b219e 1498 goto unlock;
1da177e4
LT		 1499 }
1500 x->id.spi = minspi;
1501 } else {
1502 u32 spi = 0;
26977b4e
AV		 1503 for (h=0; h<high-low+1; h++) {
1504 spi = low + net_random()%(high-low+1);
1da177e4
LT		 1505 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1506 if (x0 == NULL) {
1507 x->id.spi = htonl(spi);
1508 break;
1509 }
1510 xfrm_state_put(x0);
1511 }
1512 }
1513 if (x->id.spi) {
1514 spin_lock_bh(&xfrm_state_lock);
1515 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
8f126e37 1516 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1da177e4 1517 spin_unlock_bh(&xfrm_state_lock);
658b219e
HX		 1518
1519 err = 0;
1da177e4 1520 }
658b219e
HX		 1521
1522unlock:
1523 spin_unlock_bh(&x->lock);
1524
1525 return err;
1da177e4
LT		 1526}
1527EXPORT_SYMBOL(xfrm_alloc_spi);
1528
4c563f76
TT		 1529int xfrm_state_walk(struct xfrm_state_walk *walk,
1530 int (*func)(struct xfrm_state *, int, void*),
1da177e4
LT		 1531 void *data)
1532{
4c563f76 1533 struct xfrm_state *old, *x, *last = NULL;
1da177e4
LT		 1534 int err = 0;
1535
4c563f76
TT		 1536 if (walk->state == NULL && walk->count != 0)
1537 return 0;
1538
1539 old = x = walk->state;
1540 walk->state = NULL;
1da177e4 1541 spin_lock_bh(&xfrm_state_lock);
4c563f76
TT		 1542 if (x == NULL)
1543 x = list_first_entry(&xfrm_state_all, struct xfrm_state, all);
1544 list_for_each_entry_from(x, &xfrm_state_all, all) {
1545 if (x->km.state == XFRM_STATE_DEAD)
1546 continue;
1547 if (!xfrm_id_proto_match(x->id.proto, walk->proto))
1548 continue;
1549 if (last) {
1550 err = func(last, walk->count, data);
1551 if (err) {
1552 xfrm_state_hold(last);
1553 walk->state = last;
1554 goto out;
94b9bb54 1555 }
1da177e4 1556 }
4c563f76
TT		 1557 last = x;
1558 walk->count++;
1da177e4 1559 }
4c563f76 1560 if (walk->count == 0) {
1da177e4
LT		 1561 err = -ENOENT;
1562 goto out;
1563 }
4c563f76
TT		 1564 if (last)
1565 err = func(last, 0, data);
1da177e4
LT		 1566out:
1567 spin_unlock_bh(&xfrm_state_lock);
4c563f76
TT		 1568 if (old != NULL)
1569 xfrm_state_put(old);
1da177e4
LT		 1570 return err;
1571}
1572EXPORT_SYMBOL(xfrm_state_walk);
1573
f8cd5488
JHS		 1574
1575void xfrm_replay_notify(struct xfrm_state *x, int event)
1576{
1577 struct km_event c;
1578 /* we send notify messages in case
1579 * 1. we updated on of the sequence numbers, and the seqno difference
1580 * is at least x->replay_maxdiff, in this case we also update the
1581 * timeout of our timer function
1582 * 2. if x->replay_maxage has elapsed since last update,
1583 * and there were changes
1584 *
1585 * The state structure must be locked!
1586 */
1587
1588 switch (event) {
1589 case XFRM_REPLAY_UPDATE:
1590 if (x->replay_maxdiff &&
1591 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
2717096a
JHS		 1592 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1593 if (x->xflags & XFRM_TIME_DEFER)
1594 event = XFRM_REPLAY_TIMEOUT;
1595 else
1596 return;
1597 }
f8cd5488
JHS		 1598
1599 break;
1600
1601 case XFRM_REPLAY_TIMEOUT:
1602 if ((x->replay.seq == x->preplay.seq) &&
1603 (x->replay.bitmap == x->preplay.bitmap) &&
2717096a
JHS		 1604 (x->replay.oseq == x->preplay.oseq)) {
1605 x->xflags |= XFRM_TIME_DEFER;
f8cd5488 1606 return;
2717096a 1607 }
f8cd5488
JHS		 1608
1609 break;
1610 }
1611
1612 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1613 c.event = XFRM_MSG_NEWAE;
1614 c.data.aevent = event;
1615 km_state_notify(x, &c);
1616
f8cd5488 1617 if (x->replay_maxage &&
a47f0ce0 1618 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
2717096a 1619 x->xflags &= ~XFRM_TIME_DEFER;
f8cd5488
JHS		 1620}
1621
1622static void xfrm_replay_timer_handler(unsigned long data)
1623{
1624 struct xfrm_state *x = (struct xfrm_state*)data;
1625
1626 spin_lock(&x->lock);
1627
2717096a
JHS		 1628 if (x->km.state == XFRM_STATE_VALID) {
1629 if (xfrm_aevent_is_on())
1630 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1631 else
1632 x->xflags |= XFRM_TIME_DEFER;
1633 }
f8cd5488
JHS		 1634
1635 spin_unlock(&x->lock);
1636}
1637
afeb14b4
PM		 1638int xfrm_replay_check(struct xfrm_state *x,
1639 struct sk_buff *skb, __be32 net_seq)
1da177e4
LT		 1640{
1641 u32 diff;
a252cc23 1642 u32 seq = ntohl(net_seq);
1da177e4
LT		 1643
1644 if (unlikely(seq == 0))
afeb14b4 1645 goto err;
1da177e4
LT		 1646
1647 if (likely(seq > x->replay.seq))
1648 return 0;
1649
1650 diff = x->replay.seq - seq;
4c4d51a7
HX		 1651 if (diff >= min_t(unsigned int, x->props.replay_window,
1652 sizeof(x->replay.bitmap) * 8)) {
1da177e4 1653 x->stats.replay_window++;
afeb14b4 1654 goto err;
1da177e4
LT		 1655 }
1656
1657 if (x->replay.bitmap & (1U << diff)) {
1658 x->stats.replay++;
afeb14b4 1659 goto err;
1da177e4
LT		 1660 }
1661 return 0;
afeb14b4
PM		 1662
1663err:
1664 xfrm_audit_state_replay(x, skb, net_seq);
1665 return -EINVAL;
1da177e4 1666}
1da177e4 1667
61f4627b 1668void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1da177e4
LT		 1669{
1670 u32 diff;
61f4627b 1671 u32 seq = ntohl(net_seq);
1da177e4
LT		 1672
1673 if (seq > x->replay.seq) {
1674 diff = seq - x->replay.seq;
1675 if (diff < x->props.replay_window)
1676 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1677 else
1678 x->replay.bitmap = 1;
1679 x->replay.seq = seq;
1680 } else {
1681 diff = x->replay.seq - seq;
1682 x->replay.bitmap |= (1U << diff);
1683 }
f8cd5488
JHS		 1684
1685 if (xfrm_aevent_is_on())
1686 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1da177e4 1687}
1da177e4 1688
df01812e 1689static LIST_HEAD(xfrm_km_list);
1da177e4
LT		 1690static DEFINE_RWLOCK(xfrm_km_lock);
1691
26b15dad 1692void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1da177e4
LT		 1693{
1694 struct xfrm_mgr *km;
1695
26b15dad
JHS		 1696 read_lock(&xfrm_km_lock);
1697 list_for_each_entry(km, &xfrm_km_list, list)
1698 if (km->notify_policy)
1699 km->notify_policy(xp, dir, c);
1700 read_unlock(&xfrm_km_lock);
1701}
1da177e4 1702
26b15dad
JHS		 1703void km_state_notify(struct xfrm_state *x, struct km_event *c)
1704{
1705 struct xfrm_mgr *km;
1da177e4
LT		 1706 read_lock(&xfrm_km_lock);
1707 list_for_each_entry(km, &xfrm_km_list, list)
26b15dad
JHS		 1708 if (km->notify)
1709 km->notify(x, c);
1da177e4 1710 read_unlock(&xfrm_km_lock);
26b15dad
JHS		 1711}
1712
1713EXPORT_SYMBOL(km_policy_notify);
1714EXPORT_SYMBOL(km_state_notify);
1715
53bc6b4d 1716void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
26b15dad
JHS		 1717{
1718 struct km_event c;
1719
bf08867f 1720 c.data.hard = hard;
53bc6b4d 1721 c.pid = pid;
f60f6b8f 1722 c.event = XFRM_MSG_EXPIRE;
26b15dad 1723 km_state_notify(x, &c);
1da177e4
LT		 1724
1725 if (hard)
1726 wake_up(&km_waitq);
1727}
1728
53bc6b4d 1729EXPORT_SYMBOL(km_state_expired);
26b15dad
JHS		 1730/*
1731 * We send to all registered managers regardless of failure
1732 * We are happy with one success
1733*/
980ebd25 1734int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1da177e4 1735{
26b15dad 1736 int err = -EINVAL, acqret;
1da177e4
LT		 1737 struct xfrm_mgr *km;
1738
1739 read_lock(&xfrm_km_lock);
1740 list_for_each_entry(km, &xfrm_km_list, list) {
26b15dad
JHS		 1741 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1742 if (!acqret)
1743 err = acqret;
1da177e4
LT		 1744 }
1745 read_unlock(&xfrm_km_lock);
1746 return err;
1747}
980ebd25 1748EXPORT_SYMBOL(km_query);
1da177e4 1749
5d36b180 1750int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1da177e4
LT		 1751{
1752 int err = -EINVAL;
1753 struct xfrm_mgr *km;
1754
1755 read_lock(&xfrm_km_lock);
1756 list_for_each_entry(km, &xfrm_km_list, list) {
1757 if (km->new_mapping)
1758 err = km->new_mapping(x, ipaddr, sport);
1759 if (!err)
1760 break;
1761 }
1762 read_unlock(&xfrm_km_lock);
1763 return err;
1764}
1765EXPORT_SYMBOL(km_new_mapping);
1766
6c5c8ca7 1767void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1da177e4 1768{
26b15dad 1769 struct km_event c;
1da177e4 1770
bf08867f 1771 c.data.hard = hard;
6c5c8ca7 1772 c.pid = pid;
f60f6b8f 1773 c.event = XFRM_MSG_POLEXPIRE;
26b15dad 1774 km_policy_notify(pol, dir, &c);
1da177e4
LT		 1775
1776 if (hard)
1777 wake_up(&km_waitq);
1778}
a70fcb0b 1779EXPORT_SYMBOL(km_policy_expired);
1da177e4 1780
2d60abc2 1781#ifdef CONFIG_XFRM_MIGRATE
80c9abaa
SS		 1782int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1783 struct xfrm_migrate *m, int num_migrate)
1784{
1785 int err = -EINVAL;
1786 int ret;
1787 struct xfrm_mgr *km;
1788
1789 read_lock(&xfrm_km_lock);
1790 list_for_each_entry(km, &xfrm_km_list, list) {
1791 if (km->migrate) {
1792 ret = km->migrate(sel, dir, type, m, num_migrate);
1793 if (!ret)
1794 err = ret;
1795 }
1796 }
1797 read_unlock(&xfrm_km_lock);
1798 return err;
1799}
1800EXPORT_SYMBOL(km_migrate);
2d60abc2 1801#endif
80c9abaa 1802
97a64b45
MN		 1803int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1804{
1805 int err = -EINVAL;
1806 int ret;
1807 struct xfrm_mgr *km;
1808
1809 read_lock(&xfrm_km_lock);
1810 list_for_each_entry(km, &xfrm_km_list, list) {
1811 if (km->report) {
1812 ret = km->report(proto, sel, addr);
1813 if (!ret)
1814 err = ret;
1815 }
1816 }
1817 read_unlock(&xfrm_km_lock);
1818 return err;
1819}
1820EXPORT_SYMBOL(km_report);
1821
1da177e4
LT		 1822int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1823{
1824 int err;
1825 u8 *data;
1826 struct xfrm_mgr *km;
1827 struct xfrm_policy *pol = NULL;
1828
1829 if (optlen <= 0 || optlen > PAGE_SIZE)
1830 return -EMSGSIZE;
1831
1832 data = kmalloc(optlen, GFP_KERNEL);
1833 if (!data)
1834 return -ENOMEM;
1835
1836 err = -EFAULT;
1837 if (copy_from_user(data, optval, optlen))
1838 goto out;
1839
1840 err = -EINVAL;
1841 read_lock(&xfrm_km_lock);
1842 list_for_each_entry(km, &xfrm_km_list, list) {
cb969f07 1843 pol = km->compile_policy(sk, optname, data,
1da177e4
LT		 1844 optlen, &err);
1845 if (err >= 0)
1846 break;
1847 }
1848 read_unlock(&xfrm_km_lock);
1849
1850 if (err >= 0) {
1851 xfrm_sk_policy_insert(sk, err, pol);
1852 xfrm_pol_put(pol);
1853 err = 0;
1854 }
1855
1856out:
1857 kfree(data);
1858 return err;
1859}
1860EXPORT_SYMBOL(xfrm_user_policy);
1861
1862int xfrm_register_km(struct xfrm_mgr *km)
1863{
1864 write_lock_bh(&xfrm_km_lock);
1865 list_add_tail(&km->list, &xfrm_km_list);
1866 write_unlock_bh(&xfrm_km_lock);
1867 return 0;
1868}
1869EXPORT_SYMBOL(xfrm_register_km);
1870
1871int xfrm_unregister_km(struct xfrm_mgr *km)
1872{
1873 write_lock_bh(&xfrm_km_lock);
1874 list_del(&km->list);
1875 write_unlock_bh(&xfrm_km_lock);
1876 return 0;
1877}
1878EXPORT_SYMBOL(xfrm_unregister_km);
1879
1880int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1881{
1882 int err = 0;
1883 if (unlikely(afinfo == NULL))
1884 return -EINVAL;
1885 if (unlikely(afinfo->family >= NPROTO))
1886 return -EAFNOSUPPORT;
f3111502 1887 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1888 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1889 err = -ENOBUFS;
edcd5821 1890 else
1da177e4 1891 xfrm_state_afinfo[afinfo->family] = afinfo;
f3111502 1892 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1893 return err;
1894}
1895EXPORT_SYMBOL(xfrm_state_register_afinfo);
1896
1897int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1898{
1899 int err = 0;
1900 if (unlikely(afinfo == NULL))
1901 return -EINVAL;
1902 if (unlikely(afinfo->family >= NPROTO))
1903 return -EAFNOSUPPORT;
f3111502 1904 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1905 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1906 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1907 err = -EINVAL;
edcd5821 1908 else
1da177e4 1909 xfrm_state_afinfo[afinfo->family] = NULL;
1da177e4 1910 }
f3111502 1911 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1912 return err;
1913}
1914EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1915
17c2a42a 1916static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1da177e4
LT		 1917{
1918 struct xfrm_state_afinfo *afinfo;
1919 if (unlikely(family >= NPROTO))
1920 return NULL;
1921 read_lock(&xfrm_state_afinfo_lock);
1922 afinfo = xfrm_state_afinfo[family];
546be240
HX		 1923 if (unlikely(!afinfo))
1924 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1925 return afinfo;
1926}
1927
17c2a42a 1928static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 1929 __releases(xfrm_state_afinfo_lock)
1da177e4 1930{
546be240 1931 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1932}
1933
1934/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1935void xfrm_state_delete_tunnel(struct xfrm_state *x)
1936{
1937 if (x->tunnel) {
1938 struct xfrm_state *t = x->tunnel;
1939
1940 if (atomic_read(&t->tunnel_users) == 2)
1941 xfrm_state_delete(t);
1942 atomic_dec(&t->tunnel_users);
1943 xfrm_state_put(t);
1944 x->tunnel = NULL;
1945 }
1946}
1947EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1948
1949int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1950{
c5c25238 1951 int res;
1da177e4 1952
c5c25238
PM		 1953 spin_lock_bh(&x->lock);
1954 if (x->km.state == XFRM_STATE_VALID &&
1955 x->type && x->type->get_mtu)
1956 res = x->type->get_mtu(x, mtu);
1957 else
28121617 1958 res = mtu - x->props.header_len;
c5c25238 1959 spin_unlock_bh(&x->lock);
1da177e4
LT		 1960 return res;
1961}
1962
72cb6962
HX		 1963int xfrm_init_state(struct xfrm_state *x)
1964{
d094cd83
HX		 1965 struct xfrm_state_afinfo *afinfo;
1966 int family = x->props.family;
72cb6962
HX		 1967 int err;
1968
d094cd83
HX		 1969 err = -EAFNOSUPPORT;
1970 afinfo = xfrm_state_get_afinfo(family);
1971 if (!afinfo)
1972 goto error;
1973
1974 err = 0;
1975 if (afinfo->init_flags)
1976 err = afinfo->init_flags(x);
1977
1978 xfrm_state_put_afinfo(afinfo);
1979
1980 if (err)
1981 goto error;
1982
1983 err = -EPROTONOSUPPORT;
13996378
HX		 1984 x->inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
1985 if (x->inner_mode == NULL)
1986 goto error;
1987
1988 if (!(x->inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
1989 family != x->sel.family)
1990 goto error;
1991
d094cd83 1992 x->type = xfrm_get_type(x->id.proto, family);
72cb6962
HX		 1993 if (x->type == NULL)
1994 goto error;
1995
1996 err = x->type->init_state(x);
1997 if (err)
1998 goto error;
1999
13996378
HX		 2000 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2001 if (x->outer_mode == NULL)
b59f45d0
HX		 2002 goto error;
2003
72cb6962
HX		 2004 x->km.state = XFRM_STATE_VALID;
2005
2006error:
2007 return err;
2008}
2009
2010EXPORT_SYMBOL(xfrm_init_state);
a716c119 2011
1da177e4
LT		 2012void __init xfrm_state_init(void)
2013{
f034b5d4
DM		 2014 unsigned int sz;
2015
2016 sz = sizeof(struct hlist_head) * 8;
2017
44e36b42
DM		 2018 xfrm_state_bydst = xfrm_hash_alloc(sz);
2019 xfrm_state_bysrc = xfrm_hash_alloc(sz);
2020 xfrm_state_byspi = xfrm_hash_alloc(sz);
f034b5d4
DM		 2021 if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
2022 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
2023 xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1da177e4 2024
c4028958 2025 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
1da177e4
LT		 2026}
2027
ab5f5e8b 2028#ifdef CONFIG_AUDITSYSCALL
cf35f43e
IJ		 2029static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2030 struct audit_buffer *audit_buf)
ab5f5e8b 2031{
68277acc
PM		 2032 struct xfrm_sec_ctx *ctx = x->security;
2033 u32 spi = ntohl(x->id.spi);
2034
2035 if (ctx)
ab5f5e8b 2036 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
68277acc 2037 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
ab5f5e8b
JL		 2038
2039 switch(x->props.family) {
2040 case AF_INET:
68277acc
PM		 2041 audit_log_format(audit_buf,
2042 " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
ab5f5e8b
JL		 2043 NIPQUAD(x->props.saddr.a4),
2044 NIPQUAD(x->id.daddr.a4));
2045 break;
2046 case AF_INET6:
68277acc
PM		 2047 audit_log_format(audit_buf,
2048 " src=" NIP6_FMT " dst=" NIP6_FMT,
2049 NIP6(*(struct in6_addr *)x->props.saddr.a6),
2050 NIP6(*(struct in6_addr *)x->id.daddr.a6));
ab5f5e8b
JL		 2051 break;
2052 }
68277acc
PM		 2053
2054 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
ab5f5e8b
JL		 2055}
2056
cf35f43e
IJ		 2057static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2058 struct audit_buffer *audit_buf)
afeb14b4
PM		 2059{
2060 struct iphdr *iph4;
2061 struct ipv6hdr *iph6;
2062
2063 switch (family) {
2064 case AF_INET:
2065 iph4 = ip_hdr(skb);
2066 audit_log_format(audit_buf,
2067 " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2068 NIPQUAD(iph4->saddr),
2069 NIPQUAD(iph4->daddr));
2070 break;
2071 case AF_INET6:
2072 iph6 = ipv6_hdr(skb);
2073 audit_log_format(audit_buf,
2074 " src=" NIP6_FMT " dst=" NIP6_FMT
2075 " flowlbl=0x%x%x%x",
2076 NIP6(iph6->saddr),
2077 NIP6(iph6->daddr),
2078 iph6->flow_lbl[0] & 0x0f,
2079 iph6->flow_lbl[1],
2080 iph6->flow_lbl[2]);
2081 break;
2082 }
2083}
2084
68277acc
PM		 2085void xfrm_audit_state_add(struct xfrm_state *x, int result,
2086 u32 auid, u32 secid)
ab5f5e8b
JL		 2087{
2088 struct audit_buffer *audit_buf;
ab5f5e8b 2089
afeb14b4 2090 audit_buf = xfrm_audit_start("SAD-add");
ab5f5e8b
JL		 2091 if (audit_buf == NULL)
2092 return;
afeb14b4
PM		 2093 xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
2094 xfrm_audit_helper_sainfo(x, audit_buf);
2095 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2096 audit_log_end(audit_buf);
2097}
2098EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2099
68277acc
PM		 2100void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2101 u32 auid, u32 secid)
ab5f5e8b
JL		 2102{
2103 struct audit_buffer *audit_buf;
ab5f5e8b 2104
afeb14b4 2105 audit_buf = xfrm_audit_start("SAD-delete");
ab5f5e8b
JL		 2106 if (audit_buf == NULL)
2107 return;
afeb14b4
PM		 2108 xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
2109 xfrm_audit_helper_sainfo(x, audit_buf);
2110 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2111 audit_log_end(audit_buf);
2112}
2113EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
afeb14b4
PM		 2114
2115void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2116 struct sk_buff *skb)
2117{
2118 struct audit_buffer *audit_buf;
2119 u32 spi;
2120
2121 audit_buf = xfrm_audit_start("SA-replay-overflow");
2122 if (audit_buf == NULL)
2123 return;
2124 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2125 /* don't record the sequence number because it's inherent in this kind
2126 * of audit message */
2127 spi = ntohl(x->id.spi);
2128 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2129 audit_log_end(audit_buf);
2130}
2131EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2132
2133static void xfrm_audit_state_replay(struct xfrm_state *x,
2134 struct sk_buff *skb, __be32 net_seq)
2135{
2136 struct audit_buffer *audit_buf;
2137 u32 spi;
2138
2139 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2140 if (audit_buf == NULL)
2141 return;
2142 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2143 spi = ntohl(x->id.spi);
2144 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2145 spi, spi, ntohl(net_seq));
2146 audit_log_end(audit_buf);
2147}
2148
2149void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2150{
2151 struct audit_buffer *audit_buf;
2152
2153 audit_buf = xfrm_audit_start("SA-notfound");
2154 if (audit_buf == NULL)
2155 return;
2156 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2157 audit_log_end(audit_buf);
2158}
2159EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2160
2161void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2162 __be32 net_spi, __be32 net_seq)
2163{
2164 struct audit_buffer *audit_buf;
2165 u32 spi;
2166
2167 audit_buf = xfrm_audit_start("SA-notfound");
2168 if (audit_buf == NULL)
2169 return;
2170 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2171 spi = ntohl(net_spi);
2172 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2173 spi, spi, ntohl(net_seq));
2174 audit_log_end(audit_buf);
2175}
2176EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2177
2178void xfrm_audit_state_icvfail(struct xfrm_state *x,
2179 struct sk_buff *skb, u8 proto)
2180{
2181 struct audit_buffer *audit_buf;
2182 __be32 net_spi;
2183 __be32 net_seq;
2184
2185 audit_buf = xfrm_audit_start("SA-icv-failure");
2186 if (audit_buf == NULL)
2187 return;
2188 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2189 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2190 u32 spi = ntohl(net_spi);
2191 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2192 spi, spi, ntohl(net_seq));
2193 }
2194 audit_log_end(audit_buf);
2195}
2196EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
ab5f5e8b 2197#endif /* CONFIG_AUDITSYSCALL */
Linux kernel - Deliverables
This page took 0.785281 seconds and 5 git commands to generate.