projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
netns xfrm: per-netns xfrm_hash_work
[deliverable/linux.git] / net / xfrm / xfrm_state.c
CommitLineData
1da177e4
LT		 1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
df71837d 13 *
1da177e4
LT		 14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
f034b5d4 21#include <linux/cache.h>
68277acc 22#include <linux/audit.h>
b5890d8b 23#include <asm/uaccess.h>
1da177e4 24
44e36b42
DM		 25#include "xfrm_hash.h"
26
ee857a7d
DM		 27struct sock *xfrm_nl;
28EXPORT_SYMBOL(xfrm_nl);
29
01e67d08 30u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
a70fcb0b
DM		 31EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
01e67d08 33u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
a70fcb0b
DM		 34EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
01e67d08
DM		 36u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
1da177e4
LT		 38/* Each xfrm_state may be linked to two tables:
39
40 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
a624c108 41 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
1da177e4
LT		 42 destination/tunnel endpoint. (output)
43 */
44
45static DEFINE_SPINLOCK(xfrm_state_lock);
46
f034b5d4 47static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
9d4a706d 48static unsigned int xfrm_state_genid;
f034b5d4 49
17c2a42a
HX		 50static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
51static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
52
afeb14b4
PM		 53#ifdef CONFIG_AUDITSYSCALL
54static void xfrm_audit_state_replay(struct xfrm_state *x,
55 struct sk_buff *skb, __be32 net_seq);
56#else
57#define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
58#endif /* CONFIG_AUDITSYSCALL */
59
c1969f29
DM		 60static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
61 xfrm_address_t *saddr,
62 u32 reqid,
a624c108 63 unsigned short family)
f034b5d4 64{
529983ec 65 return __xfrm_dst_hash(daddr, saddr, reqid, family, init_net.xfrm.state_hmask);
f034b5d4
DM		 66}
67
667bbcb6
MN		 68static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
69 xfrm_address_t *saddr,
44e36b42 70 unsigned short family)
f034b5d4 71{
529983ec 72 return __xfrm_src_hash(daddr, saddr, family, init_net.xfrm.state_hmask);
f034b5d4
DM		 73}
74
f034b5d4 75static inline unsigned int
8122adf0 76xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
f034b5d4 77{
529983ec 78 return __xfrm_spi_hash(daddr, spi, proto, family, init_net.xfrm.state_hmask);
f034b5d4
DM		 79}
80
f034b5d4
DM		 81static void xfrm_hash_transfer(struct hlist_head *list,
82 struct hlist_head *ndsttable,
83 struct hlist_head *nsrctable,
84 struct hlist_head *nspitable,
85 unsigned int nhashmask)
86{
87 struct hlist_node *entry, *tmp;
88 struct xfrm_state *x;
89
90 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
91 unsigned int h;
92
c1969f29
DM		 93 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
94 x->props.reqid, x->props.family,
95 nhashmask);
f034b5d4
DM		 96 hlist_add_head(&x->bydst, ndsttable+h);
97
667bbcb6
MN		 98 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
99 x->props.family,
f034b5d4
DM		 100 nhashmask);
101 hlist_add_head(&x->bysrc, nsrctable+h);
102
7b4dc360
MN		 103 if (x->id.spi) {
104 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
105 x->id.proto, x->props.family,
106 nhashmask);
107 hlist_add_head(&x->byspi, nspitable+h);
108 }
f034b5d4
DM		 109 }
110}
111
63082733 112static unsigned long xfrm_hash_new_size(unsigned int state_hmask)
f034b5d4 113{
63082733 114 return ((state_hmask + 1) << 1) * sizeof(struct hlist_head);
f034b5d4
DM		 115}
116
117static DEFINE_MUTEX(hash_resize_mutex);
118
63082733 119static void xfrm_hash_resize(struct work_struct *work)
f034b5d4 120{
63082733 121 struct net *net = container_of(work, struct net, xfrm.state_hash_work);
f034b5d4
DM		 122 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
123 unsigned long nsize, osize;
124 unsigned int nhashmask, ohashmask;
125 int i;
126
127 mutex_lock(&hash_resize_mutex);
128
63082733 129 nsize = xfrm_hash_new_size(net->xfrm.state_hmask);
44e36b42 130 ndst = xfrm_hash_alloc(nsize);
f034b5d4
DM		 131 if (!ndst)
132 goto out_unlock;
44e36b42 133 nsrc = xfrm_hash_alloc(nsize);
f034b5d4 134 if (!nsrc) {
44e36b42 135 xfrm_hash_free(ndst, nsize);
f034b5d4
DM		 136 goto out_unlock;
137 }
44e36b42 138 nspi = xfrm_hash_alloc(nsize);
f034b5d4 139 if (!nspi) {
44e36b42
DM		 140 xfrm_hash_free(ndst, nsize);
141 xfrm_hash_free(nsrc, nsize);
f034b5d4
DM		 142 goto out_unlock;
143 }
144
145 spin_lock_bh(&xfrm_state_lock);
146
147 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
63082733
AD		 148 for (i = net->xfrm.state_hmask; i >= 0; i--)
149 xfrm_hash_transfer(net->xfrm.state_bydst+i, ndst, nsrc, nspi,
f034b5d4
DM		 150 nhashmask);
151
63082733
AD		 152 odst = net->xfrm.state_bydst;
153 osrc = net->xfrm.state_bysrc;
154 ospi = net->xfrm.state_byspi;
155 ohashmask = net->xfrm.state_hmask;
f034b5d4 156
63082733
AD		 157 net->xfrm.state_bydst = ndst;
158 net->xfrm.state_bysrc = nsrc;
159 net->xfrm.state_byspi = nspi;
160 net->xfrm.state_hmask = nhashmask;
f034b5d4
DM		 161
162 spin_unlock_bh(&xfrm_state_lock);
163
164 osize = (ohashmask + 1) * sizeof(struct hlist_head);
44e36b42
DM		 165 xfrm_hash_free(odst, osize);
166 xfrm_hash_free(osrc, osize);
167 xfrm_hash_free(ospi, osize);
f034b5d4
DM		 168
169out_unlock:
170 mutex_unlock(&hash_resize_mutex);
171}
172
1da177e4
LT		 173DECLARE_WAIT_QUEUE_HEAD(km_waitq);
174EXPORT_SYMBOL(km_waitq);
175
176static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
177static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
178
179static struct work_struct xfrm_state_gc_work;
12a169e7 180static HLIST_HEAD(xfrm_state_gc_list);
1da177e4
LT		 181static DEFINE_SPINLOCK(xfrm_state_gc_lock);
182
53bc6b4d 183int __xfrm_state_delete(struct xfrm_state *x);
1da177e4 184
980ebd25 185int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
53bc6b4d 186void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
1da177e4 187
aa5d62cc
HX		 188static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
189{
190 struct xfrm_state_afinfo *afinfo;
191 if (unlikely(family >= NPROTO))
192 return NULL;
193 write_lock_bh(&xfrm_state_afinfo_lock);
194 afinfo = xfrm_state_afinfo[family];
195 if (unlikely(!afinfo))
196 write_unlock_bh(&xfrm_state_afinfo_lock);
197 return afinfo;
198}
199
200static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 201 __releases(xfrm_state_afinfo_lock)
aa5d62cc
HX		 202{
203 write_unlock_bh(&xfrm_state_afinfo_lock);
204}
205
533cb5b0 206int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 207{
208 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 209 const struct xfrm_type **typemap;
aa5d62cc
HX		 210 int err = 0;
211
212 if (unlikely(afinfo == NULL))
213 return -EAFNOSUPPORT;
214 typemap = afinfo->type_map;
215
216 if (likely(typemap[type->proto] == NULL))
217 typemap[type->proto] = type;
218 else
219 err = -EEXIST;
220 xfrm_state_unlock_afinfo(afinfo);
221 return err;
222}
223EXPORT_SYMBOL(xfrm_register_type);
224
533cb5b0 225int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 226{
227 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 228 const struct xfrm_type **typemap;
aa5d62cc
HX		 229 int err = 0;
230
231 if (unlikely(afinfo == NULL))
232 return -EAFNOSUPPORT;
233 typemap = afinfo->type_map;
234
235 if (unlikely(typemap[type->proto] != type))
236 err = -ENOENT;
237 else
238 typemap[type->proto] = NULL;
239 xfrm_state_unlock_afinfo(afinfo);
240 return err;
241}
242EXPORT_SYMBOL(xfrm_unregister_type);
243
533cb5b0 244static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
aa5d62cc
HX		 245{
246 struct xfrm_state_afinfo *afinfo;
533cb5b0
ED		 247 const struct xfrm_type **typemap;
248 const struct xfrm_type *type;
aa5d62cc
HX		 249 int modload_attempted = 0;
250
251retry:
252 afinfo = xfrm_state_get_afinfo(family);
253 if (unlikely(afinfo == NULL))
254 return NULL;
255 typemap = afinfo->type_map;
256
257 type = typemap[proto];
258 if (unlikely(type && !try_module_get(type->owner)))
259 type = NULL;
260 if (!type && !modload_attempted) {
261 xfrm_state_put_afinfo(afinfo);
262 request_module("xfrm-type-%d-%d", family, proto);
263 modload_attempted = 1;
264 goto retry;
265 }
266
267 xfrm_state_put_afinfo(afinfo);
268 return type;
269}
270
533cb5b0 271static void xfrm_put_type(const struct xfrm_type *type)
aa5d62cc
HX		 272{
273 module_put(type->owner);
274}
275
276int xfrm_register_mode(struct xfrm_mode *mode, int family)
277{
278 struct xfrm_state_afinfo *afinfo;
279 struct xfrm_mode **modemap;
280 int err;
281
282 if (unlikely(mode->encap >= XFRM_MODE_MAX))
283 return -EINVAL;
284
285 afinfo = xfrm_state_lock_afinfo(family);
286 if (unlikely(afinfo == NULL))
287 return -EAFNOSUPPORT;
288
289 err = -EEXIST;
290 modemap = afinfo->mode_map;
17c2a42a
HX		 291 if (modemap[mode->encap])
292 goto out;
aa5d62cc 293
17c2a42a
HX		 294 err = -ENOENT;
295 if (!try_module_get(afinfo->owner))
296 goto out;
297
298 mode->afinfo = afinfo;
299 modemap[mode->encap] = mode;
300 err = 0;
301
302out:
aa5d62cc
HX		 303 xfrm_state_unlock_afinfo(afinfo);
304 return err;
305}
306EXPORT_SYMBOL(xfrm_register_mode);
307
308int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
309{
310 struct xfrm_state_afinfo *afinfo;
311 struct xfrm_mode **modemap;
312 int err;
313
314 if (unlikely(mode->encap >= XFRM_MODE_MAX))
315 return -EINVAL;
316
317 afinfo = xfrm_state_lock_afinfo(family);
318 if (unlikely(afinfo == NULL))
319 return -EAFNOSUPPORT;
320
321 err = -ENOENT;
322 modemap = afinfo->mode_map;
323 if (likely(modemap[mode->encap] == mode)) {
324 modemap[mode->encap] = NULL;
17c2a42a 325 module_put(mode->afinfo->owner);
aa5d62cc
HX		 326 err = 0;
327 }
328
329 xfrm_state_unlock_afinfo(afinfo);
330 return err;
331}
332EXPORT_SYMBOL(xfrm_unregister_mode);
333
334static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
335{
336 struct xfrm_state_afinfo *afinfo;
337 struct xfrm_mode *mode;
338 int modload_attempted = 0;
339
340 if (unlikely(encap >= XFRM_MODE_MAX))
341 return NULL;
342
343retry:
344 afinfo = xfrm_state_get_afinfo(family);
345 if (unlikely(afinfo == NULL))
346 return NULL;
347
348 mode = afinfo->mode_map[encap];
349 if (unlikely(mode && !try_module_get(mode->owner)))
350 mode = NULL;
351 if (!mode && !modload_attempted) {
352 xfrm_state_put_afinfo(afinfo);
353 request_module("xfrm-mode-%d-%d", family, encap);
354 modload_attempted = 1;
355 goto retry;
356 }
357
358 xfrm_state_put_afinfo(afinfo);
359 return mode;
360}
361
362static void xfrm_put_mode(struct xfrm_mode *mode)
363{
364 module_put(mode->owner);
365}
366
1da177e4
LT		 367static void xfrm_state_gc_destroy(struct xfrm_state *x)
368{
a47f0ce0
DM		 369 del_timer_sync(&x->timer);
370 del_timer_sync(&x->rtimer);
a51482bd
JJ		 371 kfree(x->aalg);
372 kfree(x->ealg);
373 kfree(x->calg);
374 kfree(x->encap);
060f02a3 375 kfree(x->coaddr);
13996378
HX		 376 if (x->inner_mode)
377 xfrm_put_mode(x->inner_mode);
df9dcb45
KM		 378 if (x->inner_mode_iaf)
379 xfrm_put_mode(x->inner_mode_iaf);
13996378
HX		 380 if (x->outer_mode)
381 xfrm_put_mode(x->outer_mode);
1da177e4
LT		 382 if (x->type) {
383 x->type->destructor(x);
384 xfrm_put_type(x->type);
385 }
df71837d 386 security_xfrm_state_free(x);
1da177e4
LT		 387 kfree(x);
388}
389
c4028958 390static void xfrm_state_gc_task(struct work_struct *data)
1da177e4 391{
12a169e7
HX		 392 struct xfrm_state *x;
393 struct hlist_node *entry, *tmp;
394 struct hlist_head gc_list;
1da177e4 395
1da177e4 396 spin_lock_bh(&xfrm_state_gc_lock);
12a169e7 397 hlist_move_list(&xfrm_state_gc_list, &gc_list);
1da177e4
LT		 398 spin_unlock_bh(&xfrm_state_gc_lock);
399
12a169e7 400 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
1da177e4 401 xfrm_state_gc_destroy(x);
8f126e37 402
1da177e4
LT		 403 wake_up(&km_waitq);
404}
405
406static inline unsigned long make_jiffies(long secs)
407{
408 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
409 return MAX_SCHEDULE_TIMEOUT-1;
410 else
a716c119 411 return secs*HZ;
1da177e4
LT		 412}
413
414static void xfrm_timer_handler(unsigned long data)
415{
416 struct xfrm_state *x = (struct xfrm_state*)data;
9d729f72 417 unsigned long now = get_seconds();
1da177e4
LT		 418 long next = LONG_MAX;
419 int warn = 0;
161a09e7 420 int err = 0;
1da177e4
LT		 421
422 spin_lock(&x->lock);
423 if (x->km.state == XFRM_STATE_DEAD)
424 goto out;
425 if (x->km.state == XFRM_STATE_EXPIRED)
426 goto expired;
427 if (x->lft.hard_add_expires_seconds) {
428 long tmo = x->lft.hard_add_expires_seconds +
429 x->curlft.add_time - now;
430 if (tmo <= 0)
431 goto expired;
432 if (tmo < next)
433 next = tmo;
434 }
435 if (x->lft.hard_use_expires_seconds) {
436 long tmo = x->lft.hard_use_expires_seconds +
437 (x->curlft.use_time ? : now) - now;
438 if (tmo <= 0)
439 goto expired;
440 if (tmo < next)
441 next = tmo;
442 }
443 if (x->km.dying)
444 goto resched;
445 if (x->lft.soft_add_expires_seconds) {
446 long tmo = x->lft.soft_add_expires_seconds +
447 x->curlft.add_time - now;
448 if (tmo <= 0)
449 warn = 1;
450 else if (tmo < next)
451 next = tmo;
452 }
453 if (x->lft.soft_use_expires_seconds) {
454 long tmo = x->lft.soft_use_expires_seconds +
455 (x->curlft.use_time ? : now) - now;
456 if (tmo <= 0)
457 warn = 1;
458 else if (tmo < next)
459 next = tmo;
460 }
461
4666faab 462 x->km.dying = warn;
1da177e4 463 if (warn)
53bc6b4d 464 km_state_expired(x, 0, 0);
1da177e4 465resched:
a47f0ce0
DM		 466 if (next != LONG_MAX)
467 mod_timer(&x->timer, jiffies + make_jiffies(next));
468
1da177e4
LT		 469 goto out;
470
471expired:
472 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
473 x->km.state = XFRM_STATE_EXPIRED;
474 wake_up(&km_waitq);
475 next = 2;
476 goto resched;
477 }
161a09e7
JL		 478
479 err = __xfrm_state_delete(x);
480 if (!err && x->id.spi)
53bc6b4d 481 km_state_expired(x, 1, 0);
1da177e4 482
ab5f5e8b 483 xfrm_audit_state_delete(x, err ? 0 : 1,
2532386f
EP		 484 audit_get_loginuid(current),
485 audit_get_sessionid(current), 0);
161a09e7 486
1da177e4
LT		 487out:
488 spin_unlock(&x->lock);
1da177e4
LT		 489}
490
0ac84752
DM		 491static void xfrm_replay_timer_handler(unsigned long data);
492
673c09be 493struct xfrm_state *xfrm_state_alloc(struct net *net)
1da177e4
LT		 494{
495 struct xfrm_state *x;
496
0da974f4 497 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
1da177e4
LT		 498
499 if (x) {
673c09be 500 write_pnet(&x->xs_net, net);
1da177e4
LT		 501 atomic_set(&x->refcnt, 1);
502 atomic_set(&x->tunnel_users, 0);
12a169e7 503 INIT_LIST_HEAD(&x->km.all);
8f126e37
DM		 504 INIT_HLIST_NODE(&x->bydst);
505 INIT_HLIST_NODE(&x->bysrc);
506 INIT_HLIST_NODE(&x->byspi);
b24b8a24
PE		 507 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
508 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
509 (unsigned long)x);
9d729f72 510 x->curlft.add_time = get_seconds();
1da177e4
LT		 511 x->lft.soft_byte_limit = XFRM_INF;
512 x->lft.soft_packet_limit = XFRM_INF;
513 x->lft.hard_byte_limit = XFRM_INF;
514 x->lft.hard_packet_limit = XFRM_INF;
f8cd5488
JHS		 515 x->replay_maxage = 0;
516 x->replay_maxdiff = 0;
df9dcb45
KM		 517 x->inner_mode = NULL;
518 x->inner_mode_iaf = NULL;
1da177e4
LT		 519 spin_lock_init(&x->lock);
520 }
521 return x;
522}
523EXPORT_SYMBOL(xfrm_state_alloc);
524
525void __xfrm_state_destroy(struct xfrm_state *x)
526{
547b792c 527 WARN_ON(x->km.state != XFRM_STATE_DEAD);
1da177e4
LT		 528
529 spin_lock_bh(&xfrm_state_gc_lock);
12a169e7 530 hlist_add_head(&x->gclist, &xfrm_state_gc_list);
1da177e4
LT		 531 spin_unlock_bh(&xfrm_state_gc_lock);
532 schedule_work(&xfrm_state_gc_work);
533}
534EXPORT_SYMBOL(__xfrm_state_destroy);
535
53bc6b4d 536int __xfrm_state_delete(struct xfrm_state *x)
1da177e4 537{
26b15dad
JHS		 538 int err = -ESRCH;
539
1da177e4
LT		 540 if (x->km.state != XFRM_STATE_DEAD) {
541 x->km.state = XFRM_STATE_DEAD;
542 spin_lock(&xfrm_state_lock);
12a169e7 543 list_del(&x->km.all);
8f126e37 544 hlist_del(&x->bydst);
8f126e37 545 hlist_del(&x->bysrc);
a47f0ce0 546 if (x->id.spi)
8f126e37 547 hlist_del(&x->byspi);
0bf7c5b0 548 init_net.xfrm.state_num--;
1da177e4 549 spin_unlock(&xfrm_state_lock);
1da177e4 550
1da177e4
LT		 551 /* All xfrm_state objects are created by xfrm_state_alloc.
552 * The xfrm_state_alloc call gives a reference, and that
553 * is what we are dropping here.
554 */
5dba4797 555 xfrm_state_put(x);
26b15dad 556 err = 0;
1da177e4 557 }
26b15dad
JHS		 558
559 return err;
1da177e4 560}
53bc6b4d 561EXPORT_SYMBOL(__xfrm_state_delete);
1da177e4 562
26b15dad 563int xfrm_state_delete(struct xfrm_state *x)
1da177e4 564{
26b15dad
JHS		 565 int err;
566
1da177e4 567 spin_lock_bh(&x->lock);
26b15dad 568 err = __xfrm_state_delete(x);
1da177e4 569 spin_unlock_bh(&x->lock);
26b15dad
JHS		 570
571 return err;
1da177e4
LT		 572}
573EXPORT_SYMBOL(xfrm_state_delete);
574
4aa2e62c
JL		 575#ifdef CONFIG_SECURITY_NETWORK_XFRM
576static inline int
577xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
1da177e4 578{
4aa2e62c
JL		 579 int i, err = 0;
580
529983ec 581 for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
4aa2e62c
JL		 582 struct hlist_node *entry;
583 struct xfrm_state *x;
584
73d189dc 585 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
4aa2e62c
JL		 586 if (xfrm_id_proto_match(x->id.proto, proto) &&
587 (err = security_xfrm_state_delete(x)) != 0) {
ab5f5e8b
JL		 588 xfrm_audit_state_delete(x, 0,
589 audit_info->loginuid,
2532386f 590 audit_info->sessionid,
ab5f5e8b 591 audit_info->secid);
4aa2e62c
JL		 592 return err;
593 }
594 }
595 }
596
597 return err;
598}
599#else
600static inline int
601xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
602{
603 return 0;
604}
605#endif
606
607int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
608{
609 int i, err = 0;
1da177e4
LT		 610
611 spin_lock_bh(&xfrm_state_lock);
4aa2e62c
JL		 612 err = xfrm_state_flush_secctx_check(proto, audit_info);
613 if (err)
614 goto out;
615
529983ec 616 for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
8f126e37
DM		 617 struct hlist_node *entry;
618 struct xfrm_state *x;
1da177e4 619restart:
73d189dc 620 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
1da177e4 621 if (!xfrm_state_kern(x) &&
5794708f 622 xfrm_id_proto_match(x->id.proto, proto)) {
1da177e4
LT		 623 xfrm_state_hold(x);
624 spin_unlock_bh(&xfrm_state_lock);
625
161a09e7 626 err = xfrm_state_delete(x);
ab5f5e8b
JL		 627 xfrm_audit_state_delete(x, err ? 0 : 1,
628 audit_info->loginuid,
2532386f 629 audit_info->sessionid,
ab5f5e8b 630 audit_info->secid);
1da177e4
LT		 631 xfrm_state_put(x);
632
633 spin_lock_bh(&xfrm_state_lock);
634 goto restart;
635 }
636 }
637 }
4aa2e62c
JL		 638 err = 0;
639
640out:
1da177e4
LT		 641 spin_unlock_bh(&xfrm_state_lock);
642 wake_up(&km_waitq);
4aa2e62c 643 return err;
1da177e4
LT		 644}
645EXPORT_SYMBOL(xfrm_state_flush);
646
af11e316 647void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
28d8909b
JHS		 648{
649 spin_lock_bh(&xfrm_state_lock);
0bf7c5b0 650 si->sadcnt = init_net.xfrm.state_num;
529983ec 651 si->sadhcnt = init_net.xfrm.state_hmask;
28d8909b
JHS		 652 si->sadhmcnt = xfrm_state_hashmax;
653 spin_unlock_bh(&xfrm_state_lock);
654}
655EXPORT_SYMBOL(xfrm_sad_getinfo);
656
1da177e4
LT		 657static int
658xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
659 struct xfrm_tmpl *tmpl,
660 xfrm_address_t *daddr, xfrm_address_t *saddr,
661 unsigned short family)
662{
663 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
664 if (!afinfo)
665 return -1;
666 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
667 xfrm_state_put_afinfo(afinfo);
668 return 0;
669}
670
a94cfd19 671static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
edcd5821
DM		 672{
673 unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
674 struct xfrm_state *x;
8f126e37 675 struct hlist_node *entry;
edcd5821 676
b754a4fd 677 hlist_for_each_entry(x, entry, init_net.xfrm.state_byspi+h, byspi) {
edcd5821
DM		 678 if (x->props.family != family ||
679 x->id.spi != spi ||
680 x->id.proto != proto)
681 continue;
682
683 switch (family) {
684 case AF_INET:
685 if (x->id.daddr.a4 != daddr->a4)
686 continue;
687 break;
688 case AF_INET6:
689 if (!ipv6_addr_equal((struct in6_addr *)daddr,
690 (struct in6_addr *)
691 x->id.daddr.a6))
692 continue;
693 break;
3ff50b79 694 }
edcd5821
DM		 695
696 xfrm_state_hold(x);
697 return x;
698 }
699
700 return NULL;
701}
702
703static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
704{
667bbcb6 705 unsigned int h = xfrm_src_hash(daddr, saddr, family);
edcd5821 706 struct xfrm_state *x;
8f126e37 707 struct hlist_node *entry;
edcd5821 708
d320bbb3 709 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
edcd5821
DM		 710 if (x->props.family != family ||
711 x->id.proto != proto)
712 continue;
713
714 switch (family) {
715 case AF_INET:
716 if (x->id.daddr.a4 != daddr->a4 ||
717 x->props.saddr.a4 != saddr->a4)
718 continue;
719 break;
720 case AF_INET6:
721 if (!ipv6_addr_equal((struct in6_addr *)daddr,
722 (struct in6_addr *)
723 x->id.daddr.a6) ||
724 !ipv6_addr_equal((struct in6_addr *)saddr,
725 (struct in6_addr *)
726 x->props.saddr.a6))
727 continue;
728 break;
3ff50b79 729 }
edcd5821
DM		 730
731 xfrm_state_hold(x);
732 return x;
733 }
734
735 return NULL;
736}
737
738static inline struct xfrm_state *
739__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
740{
741 if (use_spi)
742 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
743 x->id.proto, family);
744 else
745 return __xfrm_state_lookup_byaddr(&x->id.daddr,
746 &x->props.saddr,
747 x->id.proto, family);
748}
749
2fab22f2
PM		 750static void xfrm_hash_grow_check(int have_hash_collision)
751{
752 if (have_hash_collision &&
529983ec 753 (init_net.xfrm.state_hmask + 1) < xfrm_state_hashmax &&
0bf7c5b0 754 init_net.xfrm.state_num > init_net.xfrm.state_hmask)
63082733 755 schedule_work(&init_net.xfrm.state_hash_work);
2fab22f2
PM		 756}
757
1da177e4 758struct xfrm_state *
a716c119 759xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 760 struct flowi *fl, struct xfrm_tmpl *tmpl,
761 struct xfrm_policy *pol, int *err,
762 unsigned short family)
763{
4bda4f25 764 unsigned int h;
8f126e37 765 struct hlist_node *entry;
37b08e34 766 struct xfrm_state *x, *x0, *to_put;
1da177e4
LT		 767 int acquire_in_progress = 0;
768 int error = 0;
769 struct xfrm_state *best = NULL;
a716c119 770
37b08e34
DM		 771 to_put = NULL;
772
1da177e4 773 spin_lock_bh(&xfrm_state_lock);
4bda4f25 774 h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
73d189dc 775 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
1da177e4
LT		 776 if (x->props.family == family &&
777 x->props.reqid == tmpl->reqid &&
fbd9a5b4 778 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1da177e4
LT		 779 xfrm_state_addr_check(x, daddr, saddr, family) &&
780 tmpl->mode == x->props.mode &&
781 tmpl->id.proto == x->id.proto &&
782 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
783 /* Resolution logic:
784 1. There is a valid state with matching selector.
785 Done.
786 2. Valid state with inappropriate selector. Skip.
787
788 Entering area of "sysdeps".
789
790 3. If state is not valid, selector is temporary,
791 it selects only session which triggered
792 previous resolution. Key manager will do
793 something to install a state with proper
794 selector.
795 */
796 if (x->km.state == XFRM_STATE_VALID) {
df9dcb45 797 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
e0d1caa7 798 !security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 799 continue;
800 if (!best ||
801 best->km.dying > x->km.dying ||
802 (best->km.dying == x->km.dying &&
803 best->curlft.add_time < x->curlft.add_time))
804 best = x;
805 } else if (x->km.state == XFRM_STATE_ACQ) {
806 acquire_in_progress = 1;
807 } else if (x->km.state == XFRM_STATE_ERROR ||
808 x->km.state == XFRM_STATE_EXPIRED) {
48b8d783 809 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
e0d1caa7 810 security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 811 error = -ESRCH;
812 }
813 }
814 }
815
816 x = best;
817 if (!x && !error && !acquire_in_progress) {
5c5d281a 818 if (tmpl->id.spi &&
edcd5821
DM		 819 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
820 tmpl->id.proto, family)) != NULL) {
37b08e34 821 to_put = x0;
1da177e4
LT		 822 error = -EEXIST;
823 goto out;
824 }
673c09be 825 x = xfrm_state_alloc(&init_net);
1da177e4
LT		 826 if (x == NULL) {
827 error = -ENOMEM;
828 goto out;
829 }
830 /* Initialize temporary selector matching only
831 * to current session. */
832 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
833
e0d1caa7
VY		 834 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
835 if (error) {
836 x->km.state = XFRM_STATE_DEAD;
37b08e34 837 to_put = x;
e0d1caa7
VY		 838 x = NULL;
839 goto out;
840 }
841
1da177e4
LT		 842 if (km_query(x, tmpl, pol) == 0) {
843 x->km.state = XFRM_STATE_ACQ;
9d4139c7 844 list_add(&x->km.all, &init_net.xfrm.state_all);
73d189dc 845 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
667bbcb6 846 h = xfrm_src_hash(daddr, saddr, family);
d320bbb3 847 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1da177e4
LT		 848 if (x->id.spi) {
849 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
b754a4fd 850 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1da177e4 851 }
01e67d08
DM		 852 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
853 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1da177e4 854 add_timer(&x->timer);
0bf7c5b0 855 init_net.xfrm.state_num++;
2fab22f2 856 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 857 } else {
858 x->km.state = XFRM_STATE_DEAD;
37b08e34 859 to_put = x;
1da177e4
LT		 860 x = NULL;
861 error = -ESRCH;
862 }
863 }
864out:
865 if (x)
866 xfrm_state_hold(x);
867 else
868 *err = acquire_in_progress ? -EAGAIN : error;
869 spin_unlock_bh(&xfrm_state_lock);
37b08e34
DM		 870 if (to_put)
871 xfrm_state_put(to_put);
1da177e4
LT		 872 return x;
873}
874
628529b6
JHS		 875struct xfrm_state *
876xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
877 unsigned short family, u8 mode, u8 proto, u32 reqid)
878{
4bda4f25 879 unsigned int h;
628529b6
JHS		 880 struct xfrm_state *rx = NULL, *x = NULL;
881 struct hlist_node *entry;
882
883 spin_lock(&xfrm_state_lock);
4bda4f25 884 h = xfrm_dst_hash(daddr, saddr, reqid, family);
73d189dc 885 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
628529b6
JHS		 886 if (x->props.family == family &&
887 x->props.reqid == reqid &&
888 !(x->props.flags & XFRM_STATE_WILDRECV) &&
889 xfrm_state_addr_check(x, daddr, saddr, family) &&
890 mode == x->props.mode &&
891 proto == x->id.proto &&
892 x->km.state == XFRM_STATE_VALID) {
893 rx = x;
894 break;
895 }
896 }
897
898 if (rx)
899 xfrm_state_hold(rx);
900 spin_unlock(&xfrm_state_lock);
901
902
903 return rx;
904}
905EXPORT_SYMBOL(xfrm_stateonly_find);
906
1da177e4
LT		 907static void __xfrm_state_insert(struct xfrm_state *x)
908{
a624c108 909 unsigned int h;
1da177e4 910
9d4a706d
DM		 911 x->genid = ++xfrm_state_genid;
912
9d4139c7 913 list_add(&x->km.all, &init_net.xfrm.state_all);
4c563f76 914
c1969f29
DM		 915 h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
916 x->props.reqid, x->props.family);
73d189dc 917 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
1da177e4 918
667bbcb6 919 h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
d320bbb3 920 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1da177e4 921
7b4dc360 922 if (x->id.spi) {
6c44e6b7
MN		 923 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
924 x->props.family);
925
b754a4fd 926 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
6c44e6b7
MN		 927 }
928
a47f0ce0
DM		 929 mod_timer(&x->timer, jiffies + HZ);
930 if (x->replay_maxage)
931 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
f8cd5488 932
1da177e4 933 wake_up(&km_waitq);
f034b5d4 934
0bf7c5b0 935 init_net.xfrm.state_num++;
f034b5d4 936
918049f0 937 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 938}
939
c7f5ea3a
DM		 940/* xfrm_state_lock is held */
941static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
942{
943 unsigned short family = xnew->props.family;
944 u32 reqid = xnew->props.reqid;
945 struct xfrm_state *x;
946 struct hlist_node *entry;
947 unsigned int h;
948
c1969f29 949 h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
73d189dc 950 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
c7f5ea3a
DM		 951 if (x->props.family == family &&
952 x->props.reqid == reqid &&
c1969f29
DM		 953 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
954 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
c7f5ea3a
DM		 955 x->genid = xfrm_state_genid;
956 }
957}
958
1da177e4
LT		 959void xfrm_state_insert(struct xfrm_state *x)
960{
961 spin_lock_bh(&xfrm_state_lock);
c7f5ea3a 962 __xfrm_state_bump_genids(x);
1da177e4
LT		 963 __xfrm_state_insert(x);
964 spin_unlock_bh(&xfrm_state_lock);
965}
966EXPORT_SYMBOL(xfrm_state_insert);
967
2770834c
DM		 968/* xfrm_state_lock is held */
969static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
970{
c1969f29 971 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
8f126e37 972 struct hlist_node *entry;
2770834c
DM		 973 struct xfrm_state *x;
974
73d189dc 975 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
2770834c
DM		 976 if (x->props.reqid != reqid ||
977 x->props.mode != mode ||
978 x->props.family != family ||
979 x->km.state != XFRM_STATE_ACQ ||
75e252d9
JL		 980 x->id.spi != 0 ||
981 x->id.proto != proto)
2770834c
DM		 982 continue;
983
984 switch (family) {
985 case AF_INET:
986 if (x->id.daddr.a4 != daddr->a4 ||
987 x->props.saddr.a4 != saddr->a4)
988 continue;
989 break;
990 case AF_INET6:
991 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
992 (struct in6_addr *)daddr) ||
993 !ipv6_addr_equal((struct in6_addr *)
994 x->props.saddr.a6,
995 (struct in6_addr *)saddr))
996 continue;
997 break;
3ff50b79 998 }
2770834c
DM		 999
1000 xfrm_state_hold(x);
1001 return x;
1002 }
1003
1004 if (!create)
1005 return NULL;
1006
673c09be 1007 x = xfrm_state_alloc(&init_net);
2770834c
DM		 1008 if (likely(x)) {
1009 switch (family) {
1010 case AF_INET:
1011 x->sel.daddr.a4 = daddr->a4;
1012 x->sel.saddr.a4 = saddr->a4;
1013 x->sel.prefixlen_d = 32;
1014 x->sel.prefixlen_s = 32;
1015 x->props.saddr.a4 = saddr->a4;
1016 x->id.daddr.a4 = daddr->a4;
1017 break;
1018
1019 case AF_INET6:
1020 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1021 (struct in6_addr *)daddr);
1022 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1023 (struct in6_addr *)saddr);
1024 x->sel.prefixlen_d = 128;
1025 x->sel.prefixlen_s = 128;
1026 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1027 (struct in6_addr *)saddr);
1028 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1029 (struct in6_addr *)daddr);
1030 break;
3ff50b79 1031 }
2770834c
DM		 1032
1033 x->km.state = XFRM_STATE_ACQ;
1034 x->id.proto = proto;
1035 x->props.family = family;
1036 x->props.mode = mode;
1037 x->props.reqid = reqid;
01e67d08 1038 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
2770834c 1039 xfrm_state_hold(x);
01e67d08 1040 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
2770834c 1041 add_timer(&x->timer);
9d4139c7 1042 list_add(&x->km.all, &init_net.xfrm.state_all);
73d189dc 1043 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
667bbcb6 1044 h = xfrm_src_hash(daddr, saddr, family);
d320bbb3 1045 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
918049f0 1046
0bf7c5b0 1047 init_net.xfrm.state_num++;
918049f0
DM		 1048
1049 xfrm_hash_grow_check(x->bydst.next != NULL);
2770834c
DM		 1050 }
1051
1052 return x;
1053}
1054
1da177e4
LT		 1055static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1056
1057int xfrm_state_add(struct xfrm_state *x)
1058{
37b08e34 1059 struct xfrm_state *x1, *to_put;
1da177e4
LT		 1060 int family;
1061 int err;
eb2971b6 1062 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4
LT		 1063
1064 family = x->props.family;
1da177e4 1065
37b08e34
DM		 1066 to_put = NULL;
1067
1da177e4
LT		 1068 spin_lock_bh(&xfrm_state_lock);
1069
edcd5821 1070 x1 = __xfrm_state_locate(x, use_spi, family);
1da177e4 1071 if (x1) {
37b08e34 1072 to_put = x1;
1da177e4
LT		 1073 x1 = NULL;
1074 err = -EEXIST;
1075 goto out;
1076 }
1077
eb2971b6 1078 if (use_spi && x->km.seq) {
1da177e4 1079 x1 = __xfrm_find_acq_byseq(x->km.seq);
75e252d9
JL		 1080 if (x1 && ((x1->id.proto != x->id.proto) ||
1081 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
37b08e34 1082 to_put = x1;
1da177e4
LT		 1083 x1 = NULL;
1084 }
1085 }
1086
eb2971b6 1087 if (use_spi && !x1)
2770834c
DM		 1088 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1089 x->id.proto,
1090 &x->id.daddr, &x->props.saddr, 0);
1da177e4 1091
c7f5ea3a 1092 __xfrm_state_bump_genids(x);
1da177e4
LT		 1093 __xfrm_state_insert(x);
1094 err = 0;
1095
1096out:
1097 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1098
1099 if (x1) {
1100 xfrm_state_delete(x1);
1101 xfrm_state_put(x1);
1102 }
1103
37b08e34
DM		 1104 if (to_put)
1105 xfrm_state_put(to_put);
1106
1da177e4
LT		 1107 return err;
1108}
1109EXPORT_SYMBOL(xfrm_state_add);
1110
80c9abaa 1111#ifdef CONFIG_XFRM_MIGRATE
6666351d 1112static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
80c9abaa
SS		 1113{
1114 int err = -ENOMEM;
673c09be 1115 struct xfrm_state *x = xfrm_state_alloc(&init_net);
80c9abaa
SS		 1116 if (!x)
1117 goto error;
1118
1119 memcpy(&x->id, &orig->id, sizeof(x->id));
1120 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1121 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1122 x->props.mode = orig->props.mode;
1123 x->props.replay_window = orig->props.replay_window;
1124 x->props.reqid = orig->props.reqid;
1125 x->props.family = orig->props.family;
1126 x->props.saddr = orig->props.saddr;
1127
1128 if (orig->aalg) {
1129 x->aalg = xfrm_algo_clone(orig->aalg);
1130 if (!x->aalg)
1131 goto error;
1132 }
1133 x->props.aalgo = orig->props.aalgo;
1134
1135 if (orig->ealg) {
1136 x->ealg = xfrm_algo_clone(orig->ealg);
1137 if (!x->ealg)
1138 goto error;
1139 }
1140 x->props.ealgo = orig->props.ealgo;
1141
1142 if (orig->calg) {
1143 x->calg = xfrm_algo_clone(orig->calg);
1144 if (!x->calg)
1145 goto error;
1146 }
1147 x->props.calgo = orig->props.calgo;
1148
a716c119 1149 if (orig->encap) {
80c9abaa
SS		 1150 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1151 if (!x->encap)
1152 goto error;
1153 }
1154
1155 if (orig->coaddr) {
1156 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1157 GFP_KERNEL);
1158 if (!x->coaddr)
1159 goto error;
1160 }
1161
1162 err = xfrm_init_state(x);
1163 if (err)
1164 goto error;
1165
1166 x->props.flags = orig->props.flags;
1167
1168 x->curlft.add_time = orig->curlft.add_time;
1169 x->km.state = orig->km.state;
1170 x->km.seq = orig->km.seq;
1171
1172 return x;
1173
1174 error:
1175 if (errp)
1176 *errp = err;
1177 if (x) {
1178 kfree(x->aalg);
1179 kfree(x->ealg);
1180 kfree(x->calg);
1181 kfree(x->encap);
1182 kfree(x->coaddr);
1183 }
1184 kfree(x);
1185 return NULL;
1186}
80c9abaa
SS		 1187
1188/* xfrm_state_lock is held */
1189struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1190{
1191 unsigned int h;
1192 struct xfrm_state *x;
1193 struct hlist_node *entry;
1194
1195 if (m->reqid) {
1196 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1197 m->reqid, m->old_family);
73d189dc 1198 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
80c9abaa
SS		 1199 if (x->props.mode != m->mode ||
1200 x->id.proto != m->proto)
1201 continue;
1202 if (m->reqid && x->props.reqid != m->reqid)
1203 continue;
1204 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1205 m->old_family) ||
1206 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1207 m->old_family))
1208 continue;
1209 xfrm_state_hold(x);
1210 return x;
1211 }
1212 } else {
1213 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1214 m->old_family);
d320bbb3 1215 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
80c9abaa
SS		 1216 if (x->props.mode != m->mode ||
1217 x->id.proto != m->proto)
1218 continue;
1219 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1220 m->old_family) ||
1221 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1222 m->old_family))
1223 continue;
1224 xfrm_state_hold(x);
1225 return x;
1226 }
1227 }
1228
a716c119 1229 return NULL;
80c9abaa
SS		 1230}
1231EXPORT_SYMBOL(xfrm_migrate_state_find);
1232
1233struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1234 struct xfrm_migrate *m)
1235{
1236 struct xfrm_state *xc;
1237 int err;
1238
1239 xc = xfrm_state_clone(x, &err);
1240 if (!xc)
1241 return NULL;
1242
1243 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1244 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1245
1246 /* add state */
1247 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1248 /* a care is needed when the destination address of the
1249 state is to be updated as it is a part of triplet */
1250 xfrm_state_insert(xc);
1251 } else {
1252 if ((err = xfrm_state_add(xc)) < 0)
1253 goto error;
1254 }
1255
1256 return xc;
1257error:
1258 kfree(xc);
1259 return NULL;
1260}
1261EXPORT_SYMBOL(xfrm_state_migrate);
1262#endif
1263
1da177e4
LT		 1264int xfrm_state_update(struct xfrm_state *x)
1265{
37b08e34 1266 struct xfrm_state *x1, *to_put;
1da177e4 1267 int err;
eb2971b6 1268 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4 1269
37b08e34
DM		 1270 to_put = NULL;
1271
1da177e4 1272 spin_lock_bh(&xfrm_state_lock);
edcd5821 1273 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1da177e4
LT		 1274
1275 err = -ESRCH;
1276 if (!x1)
1277 goto out;
1278
1279 if (xfrm_state_kern(x1)) {
37b08e34 1280 to_put = x1;
1da177e4
LT		 1281 err = -EEXIST;
1282 goto out;
1283 }
1284
1285 if (x1->km.state == XFRM_STATE_ACQ) {
1286 __xfrm_state_insert(x);
1287 x = NULL;
1288 }
1289 err = 0;
1290
1291out:
1292 spin_unlock_bh(&xfrm_state_lock);
1da177e4 1293
37b08e34
DM		 1294 if (to_put)
1295 xfrm_state_put(to_put);
1296
1da177e4
LT		 1297 if (err)
1298 return err;
1299
1300 if (!x) {
1301 xfrm_state_delete(x1);
1302 xfrm_state_put(x1);
1303 return 0;
1304 }
1305
1306 err = -EINVAL;
1307 spin_lock_bh(&x1->lock);
1308 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1309 if (x->encap && x1->encap)
1310 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
060f02a3
NT		 1311 if (x->coaddr && x1->coaddr) {
1312 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1313 }
1314 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1315 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1da177e4
LT		 1316 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1317 x1->km.dying = 0;
1318
a47f0ce0 1319 mod_timer(&x1->timer, jiffies + HZ);
1da177e4
LT		 1320 if (x1->curlft.use_time)
1321 xfrm_state_check_expire(x1);
1322
1323 err = 0;
1324 }
1325 spin_unlock_bh(&x1->lock);
1326
1327 xfrm_state_put(x1);
1328
1329 return err;
1330}
1331EXPORT_SYMBOL(xfrm_state_update);
1332
1333int xfrm_state_check_expire(struct xfrm_state *x)
1334{
1335 if (!x->curlft.use_time)
9d729f72 1336 x->curlft.use_time = get_seconds();
1da177e4
LT		 1337
1338 if (x->km.state != XFRM_STATE_VALID)
1339 return -EINVAL;
1340
1341 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1342 x->curlft.packets >= x->lft.hard_packet_limit) {
4666faab 1343 x->km.state = XFRM_STATE_EXPIRED;
a47f0ce0 1344 mod_timer(&x->timer, jiffies);
1da177e4
LT		 1345 return -EINVAL;
1346 }
1347
1348 if (!x->km.dying &&
1349 (x->curlft.bytes >= x->lft.soft_byte_limit ||
4666faab
HX		 1350 x->curlft.packets >= x->lft.soft_packet_limit)) {
1351 x->km.dying = 1;
53bc6b4d 1352 km_state_expired(x, 0, 0);
4666faab 1353 }
1da177e4
LT		 1354 return 0;
1355}
1356EXPORT_SYMBOL(xfrm_state_check_expire);
1357
1da177e4 1358struct xfrm_state *
a94cfd19 1359xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1da177e4
LT		 1360 unsigned short family)
1361{
1362 struct xfrm_state *x;
1da177e4
LT		 1363
1364 spin_lock_bh(&xfrm_state_lock);
edcd5821 1365 x = __xfrm_state_lookup(daddr, spi, proto, family);
1da177e4 1366 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1367 return x;
1368}
1369EXPORT_SYMBOL(xfrm_state_lookup);
1370
1371struct xfrm_state *
eb2971b6
MN		 1372xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1373 u8 proto, unsigned short family)
1374{
1375 struct xfrm_state *x;
eb2971b6
MN		 1376
1377 spin_lock_bh(&xfrm_state_lock);
edcd5821 1378 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
eb2971b6 1379 spin_unlock_bh(&xfrm_state_lock);
eb2971b6
MN		 1380 return x;
1381}
1382EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1383
1384struct xfrm_state *
a716c119
YH		 1385xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1386 xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 1387 int create, unsigned short family)
1388{
1389 struct xfrm_state *x;
1da177e4
LT		 1390
1391 spin_lock_bh(&xfrm_state_lock);
2770834c 1392 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1da177e4 1393 spin_unlock_bh(&xfrm_state_lock);
2770834c 1394
1da177e4
LT		 1395 return x;
1396}
1397EXPORT_SYMBOL(xfrm_find_acq);
1398
41a49cc3
MN		 1399#ifdef CONFIG_XFRM_SUB_POLICY
1400int
1401xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1402 unsigned short family)
1403{
1404 int err = 0;
1405 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1406 if (!afinfo)
1407 return -EAFNOSUPPORT;
1408
1409 spin_lock_bh(&xfrm_state_lock);
1410 if (afinfo->tmpl_sort)
1411 err = afinfo->tmpl_sort(dst, src, n);
1412 spin_unlock_bh(&xfrm_state_lock);
1413 xfrm_state_put_afinfo(afinfo);
1414 return err;
1415}
1416EXPORT_SYMBOL(xfrm_tmpl_sort);
1417
1418int
1419xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1420 unsigned short family)
1421{
1422 int err = 0;
1423 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1424 if (!afinfo)
1425 return -EAFNOSUPPORT;
1426
1427 spin_lock_bh(&xfrm_state_lock);
1428 if (afinfo->state_sort)
1429 err = afinfo->state_sort(dst, src, n);
1430 spin_unlock_bh(&xfrm_state_lock);
1431 xfrm_state_put_afinfo(afinfo);
1432 return err;
1433}
1434EXPORT_SYMBOL(xfrm_state_sort);
1435#endif
1436
1da177e4
LT		 1437/* Silly enough, but I'm lazy to build resolution list */
1438
1439static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1440{
1441 int i;
1da177e4 1442
529983ec 1443 for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
8f126e37
DM		 1444 struct hlist_node *entry;
1445 struct xfrm_state *x;
1446
73d189dc 1447 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
8f126e37
DM		 1448 if (x->km.seq == seq &&
1449 x->km.state == XFRM_STATE_ACQ) {
1da177e4
LT		 1450 xfrm_state_hold(x);
1451 return x;
1452 }
1453 }
1454 }
1455 return NULL;
1456}
1457
1458struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1459{
1460 struct xfrm_state *x;
1461
1462 spin_lock_bh(&xfrm_state_lock);
1463 x = __xfrm_find_acq_byseq(seq);
1464 spin_unlock_bh(&xfrm_state_lock);
1465 return x;
1466}
1467EXPORT_SYMBOL(xfrm_find_acq_byseq);
1468
1469u32 xfrm_get_acqseq(void)
1470{
1471 u32 res;
1472 static u32 acqseq;
1473 static DEFINE_SPINLOCK(acqseq_lock);
1474
1475 spin_lock_bh(&acqseq_lock);
1476 res = (++acqseq ? : ++acqseq);
1477 spin_unlock_bh(&acqseq_lock);
1478 return res;
1479}
1480EXPORT_SYMBOL(xfrm_get_acqseq);
1481
658b219e 1482int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1da177e4 1483{
f034b5d4 1484 unsigned int h;
1da177e4 1485 struct xfrm_state *x0;
658b219e
HX		 1486 int err = -ENOENT;
1487 __be32 minspi = htonl(low);
1488 __be32 maxspi = htonl(high);
1da177e4 1489
658b219e
HX		 1490 spin_lock_bh(&x->lock);
1491 if (x->km.state == XFRM_STATE_DEAD)
1492 goto unlock;
1493
1494 err = 0;
1da177e4 1495 if (x->id.spi)
658b219e
HX		 1496 goto unlock;
1497
1498 err = -ENOENT;
1da177e4
LT		 1499
1500 if (minspi == maxspi) {
1501 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1502 if (x0) {
1503 xfrm_state_put(x0);
658b219e 1504 goto unlock;
1da177e4
LT		 1505 }
1506 x->id.spi = minspi;
1507 } else {
1508 u32 spi = 0;
26977b4e
AV		 1509 for (h=0; h<high-low+1; h++) {
1510 spi = low + net_random()%(high-low+1);
1da177e4
LT		 1511 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1512 if (x0 == NULL) {
1513 x->id.spi = htonl(spi);
1514 break;
1515 }
1516 xfrm_state_put(x0);
1517 }
1518 }
1519 if (x->id.spi) {
1520 spin_lock_bh(&xfrm_state_lock);
1521 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
b754a4fd 1522 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1da177e4 1523 spin_unlock_bh(&xfrm_state_lock);
658b219e
HX		 1524
1525 err = 0;
1da177e4 1526 }
658b219e
HX		 1527
1528unlock:
1529 spin_unlock_bh(&x->lock);
1530
1531 return err;
1da177e4
LT		 1532}
1533EXPORT_SYMBOL(xfrm_alloc_spi);
1534
4c563f76
TT		 1535int xfrm_state_walk(struct xfrm_state_walk *walk,
1536 int (*func)(struct xfrm_state *, int, void*),
1da177e4
LT		 1537 void *data)
1538{
12a169e7
HX		 1539 struct xfrm_state *state;
1540 struct xfrm_state_walk *x;
1da177e4
LT		 1541 int err = 0;
1542
12a169e7 1543 if (walk->seq != 0 && list_empty(&walk->all))
4c563f76
TT		 1544 return 0;
1545
1da177e4 1546 spin_lock_bh(&xfrm_state_lock);
12a169e7 1547 if (list_empty(&walk->all))
9d4139c7 1548 x = list_first_entry(&init_net.xfrm.state_all, struct xfrm_state_walk, all);
12a169e7
HX		 1549 else
1550 x = list_entry(&walk->all, struct xfrm_state_walk, all);
9d4139c7 1551 list_for_each_entry_from(x, &init_net.xfrm.state_all, all) {
12a169e7 1552 if (x->state == XFRM_STATE_DEAD)
4c563f76 1553 continue;
12a169e7
HX		 1554 state = container_of(x, struct xfrm_state, km);
1555 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
4c563f76 1556 continue;
12a169e7
HX		 1557 err = func(state, walk->seq, data);
1558 if (err) {
1559 list_move_tail(&walk->all, &x->all);
1560 goto out;
1da177e4 1561 }
12a169e7 1562 walk->seq++;
1da177e4 1563 }
12a169e7 1564 if (walk->seq == 0) {
1da177e4
LT		 1565 err = -ENOENT;
1566 goto out;
1567 }
12a169e7 1568 list_del_init(&walk->all);
1da177e4
LT		 1569out:
1570 spin_unlock_bh(&xfrm_state_lock);
1571 return err;
1572}
1573EXPORT_SYMBOL(xfrm_state_walk);
1574
5c182458
HX		 1575void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1576{
12a169e7 1577 INIT_LIST_HEAD(&walk->all);
5c182458 1578 walk->proto = proto;
12a169e7
HX		 1579 walk->state = XFRM_STATE_DEAD;
1580 walk->seq = 0;
5c182458
HX		 1581}
1582EXPORT_SYMBOL(xfrm_state_walk_init);
1583
abb81c4f
HX		 1584void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1585{
12a169e7 1586 if (list_empty(&walk->all))
5c182458 1587 return;
5c182458 1588
12a169e7
HX		 1589 spin_lock_bh(&xfrm_state_lock);
1590 list_del(&walk->all);
1591 spin_lock_bh(&xfrm_state_lock);
abb81c4f
HX		 1592}
1593EXPORT_SYMBOL(xfrm_state_walk_done);
1594
f8cd5488
JHS		 1595
1596void xfrm_replay_notify(struct xfrm_state *x, int event)
1597{
1598 struct km_event c;
1599 /* we send notify messages in case
1600 * 1. we updated on of the sequence numbers, and the seqno difference
1601 * is at least x->replay_maxdiff, in this case we also update the
1602 * timeout of our timer function
1603 * 2. if x->replay_maxage has elapsed since last update,
1604 * and there were changes
1605 *
1606 * The state structure must be locked!
1607 */
1608
1609 switch (event) {
1610 case XFRM_REPLAY_UPDATE:
1611 if (x->replay_maxdiff &&
1612 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
2717096a
JHS		 1613 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1614 if (x->xflags & XFRM_TIME_DEFER)
1615 event = XFRM_REPLAY_TIMEOUT;
1616 else
1617 return;
1618 }
f8cd5488
JHS		 1619
1620 break;
1621
1622 case XFRM_REPLAY_TIMEOUT:
1623 if ((x->replay.seq == x->preplay.seq) &&
1624 (x->replay.bitmap == x->preplay.bitmap) &&
2717096a
JHS		 1625 (x->replay.oseq == x->preplay.oseq)) {
1626 x->xflags |= XFRM_TIME_DEFER;
f8cd5488 1627 return;
2717096a 1628 }
f8cd5488
JHS		 1629
1630 break;
1631 }
1632
1633 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1634 c.event = XFRM_MSG_NEWAE;
1635 c.data.aevent = event;
1636 km_state_notify(x, &c);
1637
f8cd5488 1638 if (x->replay_maxage &&
a47f0ce0 1639 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
2717096a 1640 x->xflags &= ~XFRM_TIME_DEFER;
f8cd5488
JHS		 1641}
1642
1643static void xfrm_replay_timer_handler(unsigned long data)
1644{
1645 struct xfrm_state *x = (struct xfrm_state*)data;
1646
1647 spin_lock(&x->lock);
1648
2717096a
JHS		 1649 if (x->km.state == XFRM_STATE_VALID) {
1650 if (xfrm_aevent_is_on())
1651 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1652 else
1653 x->xflags |= XFRM_TIME_DEFER;
1654 }
f8cd5488
JHS		 1655
1656 spin_unlock(&x->lock);
1657}
1658
afeb14b4
PM		 1659int xfrm_replay_check(struct xfrm_state *x,
1660 struct sk_buff *skb, __be32 net_seq)
1da177e4
LT		 1661{
1662 u32 diff;
a252cc23 1663 u32 seq = ntohl(net_seq);
1da177e4
LT		 1664
1665 if (unlikely(seq == 0))
afeb14b4 1666 goto err;
1da177e4
LT		 1667
1668 if (likely(seq > x->replay.seq))
1669 return 0;
1670
1671 diff = x->replay.seq - seq;
4c4d51a7
HX		 1672 if (diff >= min_t(unsigned int, x->props.replay_window,
1673 sizeof(x->replay.bitmap) * 8)) {
1da177e4 1674 x->stats.replay_window++;
afeb14b4 1675 goto err;
1da177e4
LT		 1676 }
1677
1678 if (x->replay.bitmap & (1U << diff)) {
1679 x->stats.replay++;
afeb14b4 1680 goto err;
1da177e4
LT		 1681 }
1682 return 0;
afeb14b4
PM		 1683
1684err:
1685 xfrm_audit_state_replay(x, skb, net_seq);
1686 return -EINVAL;
1da177e4 1687}
1da177e4 1688
61f4627b 1689void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1da177e4
LT		 1690{
1691 u32 diff;
61f4627b 1692 u32 seq = ntohl(net_seq);
1da177e4
LT		 1693
1694 if (seq > x->replay.seq) {
1695 diff = seq - x->replay.seq;
1696 if (diff < x->props.replay_window)
1697 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1698 else
1699 x->replay.bitmap = 1;
1700 x->replay.seq = seq;
1701 } else {
1702 diff = x->replay.seq - seq;
1703 x->replay.bitmap |= (1U << diff);
1704 }
f8cd5488
JHS		 1705
1706 if (xfrm_aevent_is_on())
1707 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1da177e4 1708}
1da177e4 1709
df01812e 1710static LIST_HEAD(xfrm_km_list);
1da177e4
LT		 1711static DEFINE_RWLOCK(xfrm_km_lock);
1712
26b15dad 1713void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1da177e4
LT		 1714{
1715 struct xfrm_mgr *km;
1716
26b15dad
JHS		 1717 read_lock(&xfrm_km_lock);
1718 list_for_each_entry(km, &xfrm_km_list, list)
1719 if (km->notify_policy)
1720 km->notify_policy(xp, dir, c);
1721 read_unlock(&xfrm_km_lock);
1722}
1da177e4 1723
26b15dad
JHS		 1724void km_state_notify(struct xfrm_state *x, struct km_event *c)
1725{
1726 struct xfrm_mgr *km;
1da177e4
LT		 1727 read_lock(&xfrm_km_lock);
1728 list_for_each_entry(km, &xfrm_km_list, list)
26b15dad
JHS		 1729 if (km->notify)
1730 km->notify(x, c);
1da177e4 1731 read_unlock(&xfrm_km_lock);
26b15dad
JHS		 1732}
1733
1734EXPORT_SYMBOL(km_policy_notify);
1735EXPORT_SYMBOL(km_state_notify);
1736
53bc6b4d 1737void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
26b15dad
JHS		 1738{
1739 struct km_event c;
1740
bf08867f 1741 c.data.hard = hard;
53bc6b4d 1742 c.pid = pid;
f60f6b8f 1743 c.event = XFRM_MSG_EXPIRE;
26b15dad 1744 km_state_notify(x, &c);
1da177e4
LT		 1745
1746 if (hard)
1747 wake_up(&km_waitq);
1748}
1749
53bc6b4d 1750EXPORT_SYMBOL(km_state_expired);
26b15dad
JHS		 1751/*
1752 * We send to all registered managers regardless of failure
1753 * We are happy with one success
1754*/
980ebd25 1755int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1da177e4 1756{
26b15dad 1757 int err = -EINVAL, acqret;
1da177e4
LT		 1758 struct xfrm_mgr *km;
1759
1760 read_lock(&xfrm_km_lock);
1761 list_for_each_entry(km, &xfrm_km_list, list) {
26b15dad
JHS		 1762 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1763 if (!acqret)
1764 err = acqret;
1da177e4
LT		 1765 }
1766 read_unlock(&xfrm_km_lock);
1767 return err;
1768}
980ebd25 1769EXPORT_SYMBOL(km_query);
1da177e4 1770
5d36b180 1771int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1da177e4
LT		 1772{
1773 int err = -EINVAL;
1774 struct xfrm_mgr *km;
1775
1776 read_lock(&xfrm_km_lock);
1777 list_for_each_entry(km, &xfrm_km_list, list) {
1778 if (km->new_mapping)
1779 err = km->new_mapping(x, ipaddr, sport);
1780 if (!err)
1781 break;
1782 }
1783 read_unlock(&xfrm_km_lock);
1784 return err;
1785}
1786EXPORT_SYMBOL(km_new_mapping);
1787
6c5c8ca7 1788void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1da177e4 1789{
26b15dad 1790 struct km_event c;
1da177e4 1791
bf08867f 1792 c.data.hard = hard;
6c5c8ca7 1793 c.pid = pid;
f60f6b8f 1794 c.event = XFRM_MSG_POLEXPIRE;
26b15dad 1795 km_policy_notify(pol, dir, &c);
1da177e4
LT		 1796
1797 if (hard)
1798 wake_up(&km_waitq);
1799}
a70fcb0b 1800EXPORT_SYMBOL(km_policy_expired);
1da177e4 1801
2d60abc2 1802#ifdef CONFIG_XFRM_MIGRATE
80c9abaa 1803int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
13c1d189
AE		 1804 struct xfrm_migrate *m, int num_migrate,
1805 struct xfrm_kmaddress *k)
80c9abaa
SS		 1806{
1807 int err = -EINVAL;
1808 int ret;
1809 struct xfrm_mgr *km;
1810
1811 read_lock(&xfrm_km_lock);
1812 list_for_each_entry(km, &xfrm_km_list, list) {
1813 if (km->migrate) {
13c1d189 1814 ret = km->migrate(sel, dir, type, m, num_migrate, k);
80c9abaa
SS		 1815 if (!ret)
1816 err = ret;
1817 }
1818 }
1819 read_unlock(&xfrm_km_lock);
1820 return err;
1821}
1822EXPORT_SYMBOL(km_migrate);
2d60abc2 1823#endif
80c9abaa 1824
97a64b45
MN		 1825int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1826{
1827 int err = -EINVAL;
1828 int ret;
1829 struct xfrm_mgr *km;
1830
1831 read_lock(&xfrm_km_lock);
1832 list_for_each_entry(km, &xfrm_km_list, list) {
1833 if (km->report) {
1834 ret = km->report(proto, sel, addr);
1835 if (!ret)
1836 err = ret;
1837 }
1838 }
1839 read_unlock(&xfrm_km_lock);
1840 return err;
1841}
1842EXPORT_SYMBOL(km_report);
1843
1da177e4
LT		 1844int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1845{
1846 int err;
1847 u8 *data;
1848 struct xfrm_mgr *km;
1849 struct xfrm_policy *pol = NULL;
1850
1851 if (optlen <= 0 || optlen > PAGE_SIZE)
1852 return -EMSGSIZE;
1853
1854 data = kmalloc(optlen, GFP_KERNEL);
1855 if (!data)
1856 return -ENOMEM;
1857
1858 err = -EFAULT;
1859 if (copy_from_user(data, optval, optlen))
1860 goto out;
1861
1862 err = -EINVAL;
1863 read_lock(&xfrm_km_lock);
1864 list_for_each_entry(km, &xfrm_km_list, list) {
cb969f07 1865 pol = km->compile_policy(sk, optname, data,
1da177e4
LT		 1866 optlen, &err);
1867 if (err >= 0)
1868 break;
1869 }
1870 read_unlock(&xfrm_km_lock);
1871
1872 if (err >= 0) {
1873 xfrm_sk_policy_insert(sk, err, pol);
1874 xfrm_pol_put(pol);
1875 err = 0;
1876 }
1877
1878out:
1879 kfree(data);
1880 return err;
1881}
1882EXPORT_SYMBOL(xfrm_user_policy);
1883
1884int xfrm_register_km(struct xfrm_mgr *km)
1885{
1886 write_lock_bh(&xfrm_km_lock);
1887 list_add_tail(&km->list, &xfrm_km_list);
1888 write_unlock_bh(&xfrm_km_lock);
1889 return 0;
1890}
1891EXPORT_SYMBOL(xfrm_register_km);
1892
1893int xfrm_unregister_km(struct xfrm_mgr *km)
1894{
1895 write_lock_bh(&xfrm_km_lock);
1896 list_del(&km->list);
1897 write_unlock_bh(&xfrm_km_lock);
1898 return 0;
1899}
1900EXPORT_SYMBOL(xfrm_unregister_km);
1901
1902int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1903{
1904 int err = 0;
1905 if (unlikely(afinfo == NULL))
1906 return -EINVAL;
1907 if (unlikely(afinfo->family >= NPROTO))
1908 return -EAFNOSUPPORT;
f3111502 1909 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1910 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1911 err = -ENOBUFS;
edcd5821 1912 else
1da177e4 1913 xfrm_state_afinfo[afinfo->family] = afinfo;
f3111502 1914 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1915 return err;
1916}
1917EXPORT_SYMBOL(xfrm_state_register_afinfo);
1918
1919int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1920{
1921 int err = 0;
1922 if (unlikely(afinfo == NULL))
1923 return -EINVAL;
1924 if (unlikely(afinfo->family >= NPROTO))
1925 return -EAFNOSUPPORT;
f3111502 1926 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1927 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1928 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1929 err = -EINVAL;
edcd5821 1930 else
1da177e4 1931 xfrm_state_afinfo[afinfo->family] = NULL;
1da177e4 1932 }
f3111502 1933 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1934 return err;
1935}
1936EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1937
17c2a42a 1938static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1da177e4
LT		 1939{
1940 struct xfrm_state_afinfo *afinfo;
1941 if (unlikely(family >= NPROTO))
1942 return NULL;
1943 read_lock(&xfrm_state_afinfo_lock);
1944 afinfo = xfrm_state_afinfo[family];
546be240
HX		 1945 if (unlikely(!afinfo))
1946 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1947 return afinfo;
1948}
1949
17c2a42a 1950static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 1951 __releases(xfrm_state_afinfo_lock)
1da177e4 1952{
546be240 1953 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1954}
1955
1956/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1957void xfrm_state_delete_tunnel(struct xfrm_state *x)
1958{
1959 if (x->tunnel) {
1960 struct xfrm_state *t = x->tunnel;
1961
1962 if (atomic_read(&t->tunnel_users) == 2)
1963 xfrm_state_delete(t);
1964 atomic_dec(&t->tunnel_users);
1965 xfrm_state_put(t);
1966 x->tunnel = NULL;
1967 }
1968}
1969EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1970
1971int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1972{
c5c25238 1973 int res;
1da177e4 1974
c5c25238
PM		 1975 spin_lock_bh(&x->lock);
1976 if (x->km.state == XFRM_STATE_VALID &&
1977 x->type && x->type->get_mtu)
1978 res = x->type->get_mtu(x, mtu);
1979 else
28121617 1980 res = mtu - x->props.header_len;
c5c25238 1981 spin_unlock_bh(&x->lock);
1da177e4
LT		 1982 return res;
1983}
1984
72cb6962
HX		 1985int xfrm_init_state(struct xfrm_state *x)
1986{
d094cd83 1987 struct xfrm_state_afinfo *afinfo;
df9dcb45 1988 struct xfrm_mode *inner_mode;
d094cd83 1989 int family = x->props.family;
72cb6962
HX		 1990 int err;
1991
d094cd83
HX		 1992 err = -EAFNOSUPPORT;
1993 afinfo = xfrm_state_get_afinfo(family);
1994 if (!afinfo)
1995 goto error;
1996
1997 err = 0;
1998 if (afinfo->init_flags)
1999 err = afinfo->init_flags(x);
2000
2001 xfrm_state_put_afinfo(afinfo);
2002
2003 if (err)
2004 goto error;
2005
2006 err = -EPROTONOSUPPORT;
13996378 2007
df9dcb45
KM		 2008 if (x->sel.family != AF_UNSPEC) {
2009 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2010 if (inner_mode == NULL)
2011 goto error;
2012
2013 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2014 family != x->sel.family) {
2015 xfrm_put_mode(inner_mode);
2016 goto error;
2017 }
2018
2019 x->inner_mode = inner_mode;
2020 } else {
2021 struct xfrm_mode *inner_mode_iaf;
2022
2023 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2024 if (inner_mode == NULL)
2025 goto error;
2026
2027 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2028 xfrm_put_mode(inner_mode);
2029 goto error;
2030 }
2031
2032 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2033 if (inner_mode_iaf == NULL)
2034 goto error;
2035
2036 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2037 xfrm_put_mode(inner_mode_iaf);
2038 goto error;
2039 }
2040
2041 if (x->props.family == AF_INET) {
2042 x->inner_mode = inner_mode;
2043 x->inner_mode_iaf = inner_mode_iaf;
2044 } else {
2045 x->inner_mode = inner_mode_iaf;
2046 x->inner_mode_iaf = inner_mode;
2047 }
2048 }
13996378 2049
d094cd83 2050 x->type = xfrm_get_type(x->id.proto, family);
72cb6962
HX		 2051 if (x->type == NULL)
2052 goto error;
2053
2054 err = x->type->init_state(x);
2055 if (err)
2056 goto error;
2057
13996378
HX		 2058 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2059 if (x->outer_mode == NULL)
b59f45d0
HX		 2060 goto error;
2061
72cb6962
HX		 2062 x->km.state = XFRM_STATE_VALID;
2063
2064error:
2065 return err;
2066}
2067
2068EXPORT_SYMBOL(xfrm_init_state);
a716c119 2069
d62ddc21 2070int __net_init xfrm_state_init(struct net *net)
1da177e4 2071{
f034b5d4
DM		 2072 unsigned int sz;
2073
9d4139c7
AD		 2074 INIT_LIST_HEAD(&net->xfrm.state_all);
2075
f034b5d4
DM		 2076 sz = sizeof(struct hlist_head) * 8;
2077
73d189dc
AD		 2078 net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2079 if (!net->xfrm.state_bydst)
2080 goto out_bydst;
d320bbb3
AD		 2081 net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2082 if (!net->xfrm.state_bysrc)
2083 goto out_bysrc;
b754a4fd
AD		 2084 net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2085 if (!net->xfrm.state_byspi)
2086 goto out_byspi;
529983ec 2087 net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1da177e4 2088
0bf7c5b0 2089 net->xfrm.state_num = 0;
63082733 2090 INIT_WORK(&net->xfrm.state_hash_work, xfrm_hash_resize);
c4028958 2091 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
d62ddc21 2092 return 0;
73d189dc 2093
b754a4fd
AD		 2094out_byspi:
2095 xfrm_hash_free(net->xfrm.state_bysrc, sz);
d320bbb3
AD		 2096out_bysrc:
2097 xfrm_hash_free(net->xfrm.state_bydst, sz);
73d189dc
AD		 2098out_bydst:
2099 return -ENOMEM;
d62ddc21
AD		 2100}
2101
2102void xfrm_state_fini(struct net *net)
2103{
73d189dc
AD		 2104 unsigned int sz;
2105
9d4139c7 2106 WARN_ON(!list_empty(&net->xfrm.state_all));
73d189dc 2107
529983ec 2108 sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
b754a4fd
AD		 2109 WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2110 xfrm_hash_free(net->xfrm.state_byspi, sz);
d320bbb3
AD		 2111 WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2112 xfrm_hash_free(net->xfrm.state_bysrc, sz);
73d189dc
AD		 2113 WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2114 xfrm_hash_free(net->xfrm.state_bydst, sz);
1da177e4
LT		 2115}
2116
ab5f5e8b 2117#ifdef CONFIG_AUDITSYSCALL
cf35f43e
IJ		 2118static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2119 struct audit_buffer *audit_buf)
ab5f5e8b 2120{
68277acc
PM		 2121 struct xfrm_sec_ctx *ctx = x->security;
2122 u32 spi = ntohl(x->id.spi);
2123
2124 if (ctx)
ab5f5e8b 2125 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
68277acc 2126 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
ab5f5e8b
JL		 2127
2128 switch(x->props.family) {
2129 case AF_INET:
21454aaa
HH		 2130 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2131 &x->props.saddr.a4, &x->id.daddr.a4);
ab5f5e8b
JL		 2132 break;
2133 case AF_INET6:
5b095d98 2134 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
fdb46ee7 2135 x->props.saddr.a6, x->id.daddr.a6);
ab5f5e8b
JL		 2136 break;
2137 }
68277acc
PM		 2138
2139 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
ab5f5e8b
JL		 2140}
2141
cf35f43e
IJ		 2142static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2143 struct audit_buffer *audit_buf)
afeb14b4
PM		 2144{
2145 struct iphdr *iph4;
2146 struct ipv6hdr *iph6;
2147
2148 switch (family) {
2149 case AF_INET:
2150 iph4 = ip_hdr(skb);
21454aaa
HH		 2151 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2152 &iph4->saddr, &iph4->daddr);
afeb14b4
PM		 2153 break;
2154 case AF_INET6:
2155 iph6 = ipv6_hdr(skb);
2156 audit_log_format(audit_buf,
5b095d98 2157 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
fdb46ee7 2158 &iph6->saddr,&iph6->daddr,
afeb14b4
PM		 2159 iph6->flow_lbl[0] & 0x0f,
2160 iph6->flow_lbl[1],
2161 iph6->flow_lbl[2]);
2162 break;
2163 }
2164}
2165
68277acc 2166void xfrm_audit_state_add(struct xfrm_state *x, int result,
2532386f 2167 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2168{
2169 struct audit_buffer *audit_buf;
ab5f5e8b 2170
afeb14b4 2171 audit_buf = xfrm_audit_start("SAD-add");
ab5f5e8b
JL		 2172 if (audit_buf == NULL)
2173 return;
2532386f 2174 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2175 xfrm_audit_helper_sainfo(x, audit_buf);
2176 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2177 audit_log_end(audit_buf);
2178}
2179EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2180
68277acc 2181void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2532386f 2182 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2183{
2184 struct audit_buffer *audit_buf;
ab5f5e8b 2185
afeb14b4 2186 audit_buf = xfrm_audit_start("SAD-delete");
ab5f5e8b
JL		 2187 if (audit_buf == NULL)
2188 return;
2532386f 2189 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2190 xfrm_audit_helper_sainfo(x, audit_buf);
2191 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2192 audit_log_end(audit_buf);
2193}
2194EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
afeb14b4
PM		 2195
2196void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2197 struct sk_buff *skb)
2198{
2199 struct audit_buffer *audit_buf;
2200 u32 spi;
2201
2202 audit_buf = xfrm_audit_start("SA-replay-overflow");
2203 if (audit_buf == NULL)
2204 return;
2205 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2206 /* don't record the sequence number because it's inherent in this kind
2207 * of audit message */
2208 spi = ntohl(x->id.spi);
2209 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2210 audit_log_end(audit_buf);
2211}
2212EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2213
2214static void xfrm_audit_state_replay(struct xfrm_state *x,
2215 struct sk_buff *skb, __be32 net_seq)
2216{
2217 struct audit_buffer *audit_buf;
2218 u32 spi;
2219
2220 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2221 if (audit_buf == NULL)
2222 return;
2223 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2224 spi = ntohl(x->id.spi);
2225 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2226 spi, spi, ntohl(net_seq));
2227 audit_log_end(audit_buf);
2228}
2229
2230void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2231{
2232 struct audit_buffer *audit_buf;
2233
2234 audit_buf = xfrm_audit_start("SA-notfound");
2235 if (audit_buf == NULL)
2236 return;
2237 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2238 audit_log_end(audit_buf);
2239}
2240EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2241
2242void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2243 __be32 net_spi, __be32 net_seq)
2244{
2245 struct audit_buffer *audit_buf;
2246 u32 spi;
2247
2248 audit_buf = xfrm_audit_start("SA-notfound");
2249 if (audit_buf == NULL)
2250 return;
2251 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2252 spi = ntohl(net_spi);
2253 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2254 spi, spi, ntohl(net_seq));
2255 audit_log_end(audit_buf);
2256}
2257EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2258
2259void xfrm_audit_state_icvfail(struct xfrm_state *x,
2260 struct sk_buff *skb, u8 proto)
2261{
2262 struct audit_buffer *audit_buf;
2263 __be32 net_spi;
2264 __be32 net_seq;
2265
2266 audit_buf = xfrm_audit_start("SA-icv-failure");
2267 if (audit_buf == NULL)
2268 return;
2269 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2270 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2271 u32 spi = ntohl(net_spi);
2272 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2273 spi, spi, ntohl(net_seq));
2274 }
2275 audit_log_end(audit_buf);
2276}
2277EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
ab5f5e8b 2278#endif /* CONFIG_AUDITSYSCALL */
Linux kernel - Deliverables
This page took 0.755206 seconds and 5 git commands to generate.