6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
16 #include <linux/workqueue.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <linux/cache.h>
22 #include <linux/audit.h>
23 #include <asm/uaccess.h>
25 #include "xfrm_hash.h"
28 EXPORT_SYMBOL(xfrm_nl
);
30 u32 sysctl_xfrm_aevent_etime __read_mostly
= XFRM_AE_ETIME
;
31 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime
);
33 u32 sysctl_xfrm_aevent_rseqth __read_mostly
= XFRM_AE_SEQT_SIZE
;
34 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth
);
36 u32 sysctl_xfrm_acq_expires __read_mostly
= 30;
38 /* Each xfrm_state may be linked to two tables:
40 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
41 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
42 destination/tunnel endpoint. (output)
45 static DEFINE_SPINLOCK(xfrm_state_lock
);
47 /* Hash table to find appropriate SA towards given target (endpoint
48 * of tunnel or destination of transport mode) allowed by selector.
50 * Main use is finding SA after policy selected tunnel or transport mode.
51 * Also, it can be used by ah/esp icmp error handler to find offending SA.
53 static LIST_HEAD(xfrm_state_all
);
54 static struct hlist_head
*xfrm_state_bydst __read_mostly
;
55 static struct hlist_head
*xfrm_state_bysrc __read_mostly
;
56 static struct hlist_head
*xfrm_state_byspi __read_mostly
;
57 static unsigned int xfrm_state_hmask __read_mostly
;
58 static unsigned int xfrm_state_hashmax __read_mostly
= 1 * 1024 * 1024;
59 static unsigned int xfrm_state_num
;
60 static unsigned int xfrm_state_genid
;
62 /* Counter indicating ongoing walk, protected by xfrm_state_lock. */
63 static unsigned long xfrm_state_walk_ongoing
;
64 /* Counter indicating walk completion, protected by xfrm_cfg_mutex. */
65 static unsigned long xfrm_state_walk_completed
;
67 /* List of outstanding state walks used to set the completed counter. */
68 static LIST_HEAD(xfrm_state_walks
);
70 static struct xfrm_state_afinfo
*xfrm_state_get_afinfo(unsigned int family
);
71 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo
*afinfo
);
73 #ifdef CONFIG_AUDITSYSCALL
74 static void xfrm_audit_state_replay(struct xfrm_state
*x
,
75 struct sk_buff
*skb
, __be32 net_seq
);
77 #define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
78 #endif /* CONFIG_AUDITSYSCALL */
80 static inline unsigned int xfrm_dst_hash(xfrm_address_t
*daddr
,
81 xfrm_address_t
*saddr
,
83 unsigned short family
)
85 return __xfrm_dst_hash(daddr
, saddr
, reqid
, family
, xfrm_state_hmask
);
88 static inline unsigned int xfrm_src_hash(xfrm_address_t
*daddr
,
89 xfrm_address_t
*saddr
,
90 unsigned short family
)
92 return __xfrm_src_hash(daddr
, saddr
, family
, xfrm_state_hmask
);
95 static inline unsigned int
96 xfrm_spi_hash(xfrm_address_t
*daddr
, __be32 spi
, u8 proto
, unsigned short family
)
98 return __xfrm_spi_hash(daddr
, spi
, proto
, family
, xfrm_state_hmask
);
101 static void xfrm_hash_transfer(struct hlist_head
*list
,
102 struct hlist_head
*ndsttable
,
103 struct hlist_head
*nsrctable
,
104 struct hlist_head
*nspitable
,
105 unsigned int nhashmask
)
107 struct hlist_node
*entry
, *tmp
;
108 struct xfrm_state
*x
;
110 hlist_for_each_entry_safe(x
, entry
, tmp
, list
, bydst
) {
113 h
= __xfrm_dst_hash(&x
->id
.daddr
, &x
->props
.saddr
,
114 x
->props
.reqid
, x
->props
.family
,
116 hlist_add_head(&x
->bydst
, ndsttable
+h
);
118 h
= __xfrm_src_hash(&x
->id
.daddr
, &x
->props
.saddr
,
121 hlist_add_head(&x
->bysrc
, nsrctable
+h
);
124 h
= __xfrm_spi_hash(&x
->id
.daddr
, x
->id
.spi
,
125 x
->id
.proto
, x
->props
.family
,
127 hlist_add_head(&x
->byspi
, nspitable
+h
);
132 static unsigned long xfrm_hash_new_size(void)
134 return ((xfrm_state_hmask
+ 1) << 1) *
135 sizeof(struct hlist_head
);
138 static DEFINE_MUTEX(hash_resize_mutex
);
140 static void xfrm_hash_resize(struct work_struct
*__unused
)
142 struct hlist_head
*ndst
, *nsrc
, *nspi
, *odst
, *osrc
, *ospi
;
143 unsigned long nsize
, osize
;
144 unsigned int nhashmask
, ohashmask
;
147 mutex_lock(&hash_resize_mutex
);
149 nsize
= xfrm_hash_new_size();
150 ndst
= xfrm_hash_alloc(nsize
);
153 nsrc
= xfrm_hash_alloc(nsize
);
155 xfrm_hash_free(ndst
, nsize
);
158 nspi
= xfrm_hash_alloc(nsize
);
160 xfrm_hash_free(ndst
, nsize
);
161 xfrm_hash_free(nsrc
, nsize
);
165 spin_lock_bh(&xfrm_state_lock
);
167 nhashmask
= (nsize
/ sizeof(struct hlist_head
)) - 1U;
168 for (i
= xfrm_state_hmask
; i
>= 0; i
--)
169 xfrm_hash_transfer(xfrm_state_bydst
+i
, ndst
, nsrc
, nspi
,
172 odst
= xfrm_state_bydst
;
173 osrc
= xfrm_state_bysrc
;
174 ospi
= xfrm_state_byspi
;
175 ohashmask
= xfrm_state_hmask
;
177 xfrm_state_bydst
= ndst
;
178 xfrm_state_bysrc
= nsrc
;
179 xfrm_state_byspi
= nspi
;
180 xfrm_state_hmask
= nhashmask
;
182 spin_unlock_bh(&xfrm_state_lock
);
184 osize
= (ohashmask
+ 1) * sizeof(struct hlist_head
);
185 xfrm_hash_free(odst
, osize
);
186 xfrm_hash_free(osrc
, osize
);
187 xfrm_hash_free(ospi
, osize
);
190 mutex_unlock(&hash_resize_mutex
);
193 static DECLARE_WORK(xfrm_hash_work
, xfrm_hash_resize
);
195 DECLARE_WAIT_QUEUE_HEAD(km_waitq
);
196 EXPORT_SYMBOL(km_waitq
);
198 static DEFINE_RWLOCK(xfrm_state_afinfo_lock
);
199 static struct xfrm_state_afinfo
*xfrm_state_afinfo
[NPROTO
];
201 static struct work_struct xfrm_state_gc_work
;
202 static LIST_HEAD(xfrm_state_gc_leftovers
);
203 static LIST_HEAD(xfrm_state_gc_list
);
204 static DEFINE_SPINLOCK(xfrm_state_gc_lock
);
206 int __xfrm_state_delete(struct xfrm_state
*x
);
208 int km_query(struct xfrm_state
*x
, struct xfrm_tmpl
*t
, struct xfrm_policy
*pol
);
209 void km_state_expired(struct xfrm_state
*x
, int hard
, u32 pid
);
211 static struct xfrm_state_afinfo
*xfrm_state_lock_afinfo(unsigned int family
)
213 struct xfrm_state_afinfo
*afinfo
;
214 if (unlikely(family
>= NPROTO
))
216 write_lock_bh(&xfrm_state_afinfo_lock
);
217 afinfo
= xfrm_state_afinfo
[family
];
218 if (unlikely(!afinfo
))
219 write_unlock_bh(&xfrm_state_afinfo_lock
);
223 static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo
*afinfo
)
224 __releases(xfrm_state_afinfo_lock
)
226 write_unlock_bh(&xfrm_state_afinfo_lock
);
229 int xfrm_register_type(const struct xfrm_type
*type
, unsigned short family
)
231 struct xfrm_state_afinfo
*afinfo
= xfrm_state_lock_afinfo(family
);
232 const struct xfrm_type
**typemap
;
235 if (unlikely(afinfo
== NULL
))
236 return -EAFNOSUPPORT
;
237 typemap
= afinfo
->type_map
;
239 if (likely(typemap
[type
->proto
] == NULL
))
240 typemap
[type
->proto
] = type
;
243 xfrm_state_unlock_afinfo(afinfo
);
246 EXPORT_SYMBOL(xfrm_register_type
);
248 int xfrm_unregister_type(const struct xfrm_type
*type
, unsigned short family
)
250 struct xfrm_state_afinfo
*afinfo
= xfrm_state_lock_afinfo(family
);
251 const struct xfrm_type
**typemap
;
254 if (unlikely(afinfo
== NULL
))
255 return -EAFNOSUPPORT
;
256 typemap
= afinfo
->type_map
;
258 if (unlikely(typemap
[type
->proto
] != type
))
261 typemap
[type
->proto
] = NULL
;
262 xfrm_state_unlock_afinfo(afinfo
);
265 EXPORT_SYMBOL(xfrm_unregister_type
);
267 static const struct xfrm_type
*xfrm_get_type(u8 proto
, unsigned short family
)
269 struct xfrm_state_afinfo
*afinfo
;
270 const struct xfrm_type
**typemap
;
271 const struct xfrm_type
*type
;
272 int modload_attempted
= 0;
275 afinfo
= xfrm_state_get_afinfo(family
);
276 if (unlikely(afinfo
== NULL
))
278 typemap
= afinfo
->type_map
;
280 type
= typemap
[proto
];
281 if (unlikely(type
&& !try_module_get(type
->owner
)))
283 if (!type
&& !modload_attempted
) {
284 xfrm_state_put_afinfo(afinfo
);
285 request_module("xfrm-type-%d-%d", family
, proto
);
286 modload_attempted
= 1;
290 xfrm_state_put_afinfo(afinfo
);
294 static void xfrm_put_type(const struct xfrm_type
*type
)
296 module_put(type
->owner
);
299 int xfrm_register_mode(struct xfrm_mode
*mode
, int family
)
301 struct xfrm_state_afinfo
*afinfo
;
302 struct xfrm_mode
**modemap
;
305 if (unlikely(mode
->encap
>= XFRM_MODE_MAX
))
308 afinfo
= xfrm_state_lock_afinfo(family
);
309 if (unlikely(afinfo
== NULL
))
310 return -EAFNOSUPPORT
;
313 modemap
= afinfo
->mode_map
;
314 if (modemap
[mode
->encap
])
318 if (!try_module_get(afinfo
->owner
))
321 mode
->afinfo
= afinfo
;
322 modemap
[mode
->encap
] = mode
;
326 xfrm_state_unlock_afinfo(afinfo
);
329 EXPORT_SYMBOL(xfrm_register_mode
);
331 int xfrm_unregister_mode(struct xfrm_mode
*mode
, int family
)
333 struct xfrm_state_afinfo
*afinfo
;
334 struct xfrm_mode
**modemap
;
337 if (unlikely(mode
->encap
>= XFRM_MODE_MAX
))
340 afinfo
= xfrm_state_lock_afinfo(family
);
341 if (unlikely(afinfo
== NULL
))
342 return -EAFNOSUPPORT
;
345 modemap
= afinfo
->mode_map
;
346 if (likely(modemap
[mode
->encap
] == mode
)) {
347 modemap
[mode
->encap
] = NULL
;
348 module_put(mode
->afinfo
->owner
);
352 xfrm_state_unlock_afinfo(afinfo
);
355 EXPORT_SYMBOL(xfrm_unregister_mode
);
357 static struct xfrm_mode
*xfrm_get_mode(unsigned int encap
, int family
)
359 struct xfrm_state_afinfo
*afinfo
;
360 struct xfrm_mode
*mode
;
361 int modload_attempted
= 0;
363 if (unlikely(encap
>= XFRM_MODE_MAX
))
367 afinfo
= xfrm_state_get_afinfo(family
);
368 if (unlikely(afinfo
== NULL
))
371 mode
= afinfo
->mode_map
[encap
];
372 if (unlikely(mode
&& !try_module_get(mode
->owner
)))
374 if (!mode
&& !modload_attempted
) {
375 xfrm_state_put_afinfo(afinfo
);
376 request_module("xfrm-mode-%d-%d", family
, encap
);
377 modload_attempted
= 1;
381 xfrm_state_put_afinfo(afinfo
);
385 static void xfrm_put_mode(struct xfrm_mode
*mode
)
387 module_put(mode
->owner
);
390 static void xfrm_state_gc_destroy(struct xfrm_state
*x
)
392 del_timer_sync(&x
->timer
);
393 del_timer_sync(&x
->rtimer
);
400 xfrm_put_mode(x
->inner_mode
);
401 if (x
->inner_mode_iaf
)
402 xfrm_put_mode(x
->inner_mode_iaf
);
404 xfrm_put_mode(x
->outer_mode
);
406 x
->type
->destructor(x
);
407 xfrm_put_type(x
->type
);
409 security_xfrm_state_free(x
);
413 static void xfrm_state_gc_task(struct work_struct
*data
)
415 struct xfrm_state
*x
, *tmp
;
416 unsigned long completed
;
418 mutex_lock(&xfrm_cfg_mutex
);
419 spin_lock_bh(&xfrm_state_gc_lock
);
420 list_splice_tail_init(&xfrm_state_gc_list
, &xfrm_state_gc_leftovers
);
421 spin_unlock_bh(&xfrm_state_gc_lock
);
423 completed
= xfrm_state_walk_completed
;
424 mutex_unlock(&xfrm_cfg_mutex
);
426 list_for_each_entry_safe(x
, tmp
, &xfrm_state_gc_leftovers
, gclist
) {
427 if ((long)(x
->lastused
- completed
) > 0)
429 list_del(&x
->gclist
);
430 xfrm_state_gc_destroy(x
);
436 static inline unsigned long make_jiffies(long secs
)
438 if (secs
>= (MAX_SCHEDULE_TIMEOUT
-1)/HZ
)
439 return MAX_SCHEDULE_TIMEOUT
-1;
444 static void xfrm_timer_handler(unsigned long data
)
446 struct xfrm_state
*x
= (struct xfrm_state
*)data
;
447 unsigned long now
= get_seconds();
448 long next
= LONG_MAX
;
453 if (x
->km
.state
== XFRM_STATE_DEAD
)
455 if (x
->km
.state
== XFRM_STATE_EXPIRED
)
457 if (x
->lft
.hard_add_expires_seconds
) {
458 long tmo
= x
->lft
.hard_add_expires_seconds
+
459 x
->curlft
.add_time
- now
;
465 if (x
->lft
.hard_use_expires_seconds
) {
466 long tmo
= x
->lft
.hard_use_expires_seconds
+
467 (x
->curlft
.use_time
? : now
) - now
;
475 if (x
->lft
.soft_add_expires_seconds
) {
476 long tmo
= x
->lft
.soft_add_expires_seconds
+
477 x
->curlft
.add_time
- now
;
483 if (x
->lft
.soft_use_expires_seconds
) {
484 long tmo
= x
->lft
.soft_use_expires_seconds
+
485 (x
->curlft
.use_time
? : now
) - now
;
494 km_state_expired(x
, 0, 0);
496 if (next
!= LONG_MAX
)
497 mod_timer(&x
->timer
, jiffies
+ make_jiffies(next
));
502 if (x
->km
.state
== XFRM_STATE_ACQ
&& x
->id
.spi
== 0) {
503 x
->km
.state
= XFRM_STATE_EXPIRED
;
509 err
= __xfrm_state_delete(x
);
510 if (!err
&& x
->id
.spi
)
511 km_state_expired(x
, 1, 0);
513 xfrm_audit_state_delete(x
, err
? 0 : 1,
514 audit_get_loginuid(current
),
515 audit_get_sessionid(current
), 0);
518 spin_unlock(&x
->lock
);
521 static void xfrm_replay_timer_handler(unsigned long data
);
523 struct xfrm_state
*xfrm_state_alloc(void)
525 struct xfrm_state
*x
;
527 x
= kzalloc(sizeof(struct xfrm_state
), GFP_ATOMIC
);
530 atomic_set(&x
->refcnt
, 1);
531 atomic_set(&x
->tunnel_users
, 0);
532 INIT_LIST_HEAD(&x
->all
);
533 INIT_HLIST_NODE(&x
->bydst
);
534 INIT_HLIST_NODE(&x
->bysrc
);
535 INIT_HLIST_NODE(&x
->byspi
);
536 setup_timer(&x
->timer
, xfrm_timer_handler
, (unsigned long)x
);
537 setup_timer(&x
->rtimer
, xfrm_replay_timer_handler
,
539 x
->curlft
.add_time
= get_seconds();
540 x
->lft
.soft_byte_limit
= XFRM_INF
;
541 x
->lft
.soft_packet_limit
= XFRM_INF
;
542 x
->lft
.hard_byte_limit
= XFRM_INF
;
543 x
->lft
.hard_packet_limit
= XFRM_INF
;
544 x
->replay_maxage
= 0;
545 x
->replay_maxdiff
= 0;
546 x
->inner_mode
= NULL
;
547 x
->inner_mode_iaf
= NULL
;
548 spin_lock_init(&x
->lock
);
552 EXPORT_SYMBOL(xfrm_state_alloc
);
554 void __xfrm_state_destroy(struct xfrm_state
*x
)
556 WARN_ON(x
->km
.state
!= XFRM_STATE_DEAD
);
558 spin_lock_bh(&xfrm_state_gc_lock
);
559 list_add_tail(&x
->gclist
, &xfrm_state_gc_list
);
560 spin_unlock_bh(&xfrm_state_gc_lock
);
561 schedule_work(&xfrm_state_gc_work
);
563 EXPORT_SYMBOL(__xfrm_state_destroy
);
565 int __xfrm_state_delete(struct xfrm_state
*x
)
569 if (x
->km
.state
!= XFRM_STATE_DEAD
) {
570 x
->km
.state
= XFRM_STATE_DEAD
;
571 spin_lock(&xfrm_state_lock
);
572 x
->lastused
= xfrm_state_walk_ongoing
;
573 list_del_rcu(&x
->all
);
574 hlist_del(&x
->bydst
);
575 hlist_del(&x
->bysrc
);
577 hlist_del(&x
->byspi
);
579 spin_unlock(&xfrm_state_lock
);
581 /* All xfrm_state objects are created by xfrm_state_alloc.
582 * The xfrm_state_alloc call gives a reference, and that
583 * is what we are dropping here.
591 EXPORT_SYMBOL(__xfrm_state_delete
);
593 int xfrm_state_delete(struct xfrm_state
*x
)
597 spin_lock_bh(&x
->lock
);
598 err
= __xfrm_state_delete(x
);
599 spin_unlock_bh(&x
->lock
);
603 EXPORT_SYMBOL(xfrm_state_delete
);
605 #ifdef CONFIG_SECURITY_NETWORK_XFRM
607 xfrm_state_flush_secctx_check(u8 proto
, struct xfrm_audit
*audit_info
)
611 for (i
= 0; i
<= xfrm_state_hmask
; i
++) {
612 struct hlist_node
*entry
;
613 struct xfrm_state
*x
;
615 hlist_for_each_entry(x
, entry
, xfrm_state_bydst
+i
, bydst
) {
616 if (xfrm_id_proto_match(x
->id
.proto
, proto
) &&
617 (err
= security_xfrm_state_delete(x
)) != 0) {
618 xfrm_audit_state_delete(x
, 0,
619 audit_info
->loginuid
,
620 audit_info
->sessionid
,
631 xfrm_state_flush_secctx_check(u8 proto
, struct xfrm_audit
*audit_info
)
637 int xfrm_state_flush(u8 proto
, struct xfrm_audit
*audit_info
)
641 spin_lock_bh(&xfrm_state_lock
);
642 err
= xfrm_state_flush_secctx_check(proto
, audit_info
);
646 for (i
= 0; i
<= xfrm_state_hmask
; i
++) {
647 struct hlist_node
*entry
;
648 struct xfrm_state
*x
;
650 hlist_for_each_entry(x
, entry
, xfrm_state_bydst
+i
, bydst
) {
651 if (!xfrm_state_kern(x
) &&
652 xfrm_id_proto_match(x
->id
.proto
, proto
)) {
654 spin_unlock_bh(&xfrm_state_lock
);
656 err
= xfrm_state_delete(x
);
657 xfrm_audit_state_delete(x
, err
? 0 : 1,
658 audit_info
->loginuid
,
659 audit_info
->sessionid
,
663 spin_lock_bh(&xfrm_state_lock
);
671 spin_unlock_bh(&xfrm_state_lock
);
675 EXPORT_SYMBOL(xfrm_state_flush
);
677 void xfrm_sad_getinfo(struct xfrmk_sadinfo
*si
)
679 spin_lock_bh(&xfrm_state_lock
);
680 si
->sadcnt
= xfrm_state_num
;
681 si
->sadhcnt
= xfrm_state_hmask
;
682 si
->sadhmcnt
= xfrm_state_hashmax
;
683 spin_unlock_bh(&xfrm_state_lock
);
685 EXPORT_SYMBOL(xfrm_sad_getinfo
);
688 xfrm_init_tempsel(struct xfrm_state
*x
, struct flowi
*fl
,
689 struct xfrm_tmpl
*tmpl
,
690 xfrm_address_t
*daddr
, xfrm_address_t
*saddr
,
691 unsigned short family
)
693 struct xfrm_state_afinfo
*afinfo
= xfrm_state_get_afinfo(family
);
696 afinfo
->init_tempsel(x
, fl
, tmpl
, daddr
, saddr
);
697 xfrm_state_put_afinfo(afinfo
);
701 static struct xfrm_state
*__xfrm_state_lookup(xfrm_address_t
*daddr
, __be32 spi
, u8 proto
, unsigned short family
)
703 unsigned int h
= xfrm_spi_hash(daddr
, spi
, proto
, family
);
704 struct xfrm_state
*x
;
705 struct hlist_node
*entry
;
707 hlist_for_each_entry(x
, entry
, xfrm_state_byspi
+h
, byspi
) {
708 if (x
->props
.family
!= family
||
710 x
->id
.proto
!= proto
)
715 if (x
->id
.daddr
.a4
!= daddr
->a4
)
719 if (!ipv6_addr_equal((struct in6_addr
*)daddr
,
733 static struct xfrm_state
*__xfrm_state_lookup_byaddr(xfrm_address_t
*daddr
, xfrm_address_t
*saddr
, u8 proto
, unsigned short family
)
735 unsigned int h
= xfrm_src_hash(daddr
, saddr
, family
);
736 struct xfrm_state
*x
;
737 struct hlist_node
*entry
;
739 hlist_for_each_entry(x
, entry
, xfrm_state_bysrc
+h
, bysrc
) {
740 if (x
->props
.family
!= family
||
741 x
->id
.proto
!= proto
)
746 if (x
->id
.daddr
.a4
!= daddr
->a4
||
747 x
->props
.saddr
.a4
!= saddr
->a4
)
751 if (!ipv6_addr_equal((struct in6_addr
*)daddr
,
754 !ipv6_addr_equal((struct in6_addr
*)saddr
,
768 static inline struct xfrm_state
*
769 __xfrm_state_locate(struct xfrm_state
*x
, int use_spi
, int family
)
772 return __xfrm_state_lookup(&x
->id
.daddr
, x
->id
.spi
,
773 x
->id
.proto
, family
);
775 return __xfrm_state_lookup_byaddr(&x
->id
.daddr
,
777 x
->id
.proto
, family
);
780 static void xfrm_hash_grow_check(int have_hash_collision
)
782 if (have_hash_collision
&&
783 (xfrm_state_hmask
+ 1) < xfrm_state_hashmax
&&
784 xfrm_state_num
> xfrm_state_hmask
)
785 schedule_work(&xfrm_hash_work
);
789 xfrm_state_find(xfrm_address_t
*daddr
, xfrm_address_t
*saddr
,
790 struct flowi
*fl
, struct xfrm_tmpl
*tmpl
,
791 struct xfrm_policy
*pol
, int *err
,
792 unsigned short family
)
795 struct hlist_node
*entry
;
796 struct xfrm_state
*x
, *x0
, *to_put
;
797 int acquire_in_progress
= 0;
799 struct xfrm_state
*best
= NULL
;
803 spin_lock_bh(&xfrm_state_lock
);
804 h
= xfrm_dst_hash(daddr
, saddr
, tmpl
->reqid
, family
);
805 hlist_for_each_entry(x
, entry
, xfrm_state_bydst
+h
, bydst
) {
806 if (x
->props
.family
== family
&&
807 x
->props
.reqid
== tmpl
->reqid
&&
808 !(x
->props
.flags
& XFRM_STATE_WILDRECV
) &&
809 xfrm_state_addr_check(x
, daddr
, saddr
, family
) &&
810 tmpl
->mode
== x
->props
.mode
&&
811 tmpl
->id
.proto
== x
->id
.proto
&&
812 (tmpl
->id
.spi
== x
->id
.spi
|| !tmpl
->id
.spi
)) {
814 1. There is a valid state with matching selector.
816 2. Valid state with inappropriate selector. Skip.
818 Entering area of "sysdeps".
820 3. If state is not valid, selector is temporary,
821 it selects only session which triggered
822 previous resolution. Key manager will do
823 something to install a state with proper
826 if (x
->km
.state
== XFRM_STATE_VALID
) {
827 if ((x
->sel
.family
&& !xfrm_selector_match(&x
->sel
, fl
, x
->sel
.family
)) ||
828 !security_xfrm_state_pol_flow_match(x
, pol
, fl
))
831 best
->km
.dying
> x
->km
.dying
||
832 (best
->km
.dying
== x
->km
.dying
&&
833 best
->curlft
.add_time
< x
->curlft
.add_time
))
835 } else if (x
->km
.state
== XFRM_STATE_ACQ
) {
836 acquire_in_progress
= 1;
837 } else if (x
->km
.state
== XFRM_STATE_ERROR
||
838 x
->km
.state
== XFRM_STATE_EXPIRED
) {
839 if (xfrm_selector_match(&x
->sel
, fl
, x
->sel
.family
) &&
840 security_xfrm_state_pol_flow_match(x
, pol
, fl
))
847 if (!x
&& !error
&& !acquire_in_progress
) {
849 (x0
= __xfrm_state_lookup(daddr
, tmpl
->id
.spi
,
850 tmpl
->id
.proto
, family
)) != NULL
) {
855 x
= xfrm_state_alloc();
860 /* Initialize temporary selector matching only
861 * to current session. */
862 xfrm_init_tempsel(x
, fl
, tmpl
, daddr
, saddr
, family
);
864 error
= security_xfrm_state_alloc_acquire(x
, pol
->security
, fl
->secid
);
866 x
->km
.state
= XFRM_STATE_DEAD
;
872 if (km_query(x
, tmpl
, pol
) == 0) {
873 x
->km
.state
= XFRM_STATE_ACQ
;
874 list_add_tail(&x
->all
, &xfrm_state_all
);
875 hlist_add_head(&x
->bydst
, xfrm_state_bydst
+h
);
876 h
= xfrm_src_hash(daddr
, saddr
, family
);
877 hlist_add_head(&x
->bysrc
, xfrm_state_bysrc
+h
);
879 h
= xfrm_spi_hash(&x
->id
.daddr
, x
->id
.spi
, x
->id
.proto
, family
);
880 hlist_add_head(&x
->byspi
, xfrm_state_byspi
+h
);
882 x
->lft
.hard_add_expires_seconds
= sysctl_xfrm_acq_expires
;
883 x
->timer
.expires
= jiffies
+ sysctl_xfrm_acq_expires
*HZ
;
884 add_timer(&x
->timer
);
886 xfrm_hash_grow_check(x
->bydst
.next
!= NULL
);
888 x
->km
.state
= XFRM_STATE_DEAD
;
898 *err
= acquire_in_progress
? -EAGAIN
: error
;
899 spin_unlock_bh(&xfrm_state_lock
);
901 xfrm_state_put(to_put
);
906 xfrm_stateonly_find(xfrm_address_t
*daddr
, xfrm_address_t
*saddr
,
907 unsigned short family
, u8 mode
, u8 proto
, u32 reqid
)
910 struct xfrm_state
*rx
= NULL
, *x
= NULL
;
911 struct hlist_node
*entry
;
913 spin_lock(&xfrm_state_lock
);
914 h
= xfrm_dst_hash(daddr
, saddr
, reqid
, family
);
915 hlist_for_each_entry(x
, entry
, xfrm_state_bydst
+h
, bydst
) {
916 if (x
->props
.family
== family
&&
917 x
->props
.reqid
== reqid
&&
918 !(x
->props
.flags
& XFRM_STATE_WILDRECV
) &&
919 xfrm_state_addr_check(x
, daddr
, saddr
, family
) &&
920 mode
== x
->props
.mode
&&
921 proto
== x
->id
.proto
&&
922 x
->km
.state
== XFRM_STATE_VALID
) {
930 spin_unlock(&xfrm_state_lock
);
935 EXPORT_SYMBOL(xfrm_stateonly_find
);
937 static void __xfrm_state_insert(struct xfrm_state
*x
)
941 x
->genid
= ++xfrm_state_genid
;
943 list_add_tail(&x
->all
, &xfrm_state_all
);
945 h
= xfrm_dst_hash(&x
->id
.daddr
, &x
->props
.saddr
,
946 x
->props
.reqid
, x
->props
.family
);
947 hlist_add_head(&x
->bydst
, xfrm_state_bydst
+h
);
949 h
= xfrm_src_hash(&x
->id
.daddr
, &x
->props
.saddr
, x
->props
.family
);
950 hlist_add_head(&x
->bysrc
, xfrm_state_bysrc
+h
);
953 h
= xfrm_spi_hash(&x
->id
.daddr
, x
->id
.spi
, x
->id
.proto
,
956 hlist_add_head(&x
->byspi
, xfrm_state_byspi
+h
);
959 mod_timer(&x
->timer
, jiffies
+ HZ
);
960 if (x
->replay_maxage
)
961 mod_timer(&x
->rtimer
, jiffies
+ x
->replay_maxage
);
967 xfrm_hash_grow_check(x
->bydst
.next
!= NULL
);
970 /* xfrm_state_lock is held */
971 static void __xfrm_state_bump_genids(struct xfrm_state
*xnew
)
973 unsigned short family
= xnew
->props
.family
;
974 u32 reqid
= xnew
->props
.reqid
;
975 struct xfrm_state
*x
;
976 struct hlist_node
*entry
;
979 h
= xfrm_dst_hash(&xnew
->id
.daddr
, &xnew
->props
.saddr
, reqid
, family
);
980 hlist_for_each_entry(x
, entry
, xfrm_state_bydst
+h
, bydst
) {
981 if (x
->props
.family
== family
&&
982 x
->props
.reqid
== reqid
&&
983 !xfrm_addr_cmp(&x
->id
.daddr
, &xnew
->id
.daddr
, family
) &&
984 !xfrm_addr_cmp(&x
->props
.saddr
, &xnew
->props
.saddr
, family
))
985 x
->genid
= xfrm_state_genid
;
989 void xfrm_state_insert(struct xfrm_state
*x
)
991 spin_lock_bh(&xfrm_state_lock
);
992 __xfrm_state_bump_genids(x
);
993 __xfrm_state_insert(x
);
994 spin_unlock_bh(&xfrm_state_lock
);
996 EXPORT_SYMBOL(xfrm_state_insert
);
998 /* xfrm_state_lock is held */
999 static struct xfrm_state
*__find_acq_core(unsigned short family
, u8 mode
, u32 reqid
, u8 proto
, xfrm_address_t
*daddr
, xfrm_address_t
*saddr
, int create
)
1001 unsigned int h
= xfrm_dst_hash(daddr
, saddr
, reqid
, family
);
1002 struct hlist_node
*entry
;
1003 struct xfrm_state
*x
;
1005 hlist_for_each_entry(x
, entry
, xfrm_state_bydst
+h
, bydst
) {
1006 if (x
->props
.reqid
!= reqid
||
1007 x
->props
.mode
!= mode
||
1008 x
->props
.family
!= family
||
1009 x
->km
.state
!= XFRM_STATE_ACQ
||
1011 x
->id
.proto
!= proto
)
1016 if (x
->id
.daddr
.a4
!= daddr
->a4
||
1017 x
->props
.saddr
.a4
!= saddr
->a4
)
1021 if (!ipv6_addr_equal((struct in6_addr
*)x
->id
.daddr
.a6
,
1022 (struct in6_addr
*)daddr
) ||
1023 !ipv6_addr_equal((struct in6_addr
*)
1025 (struct in6_addr
*)saddr
))
1037 x
= xfrm_state_alloc();
1041 x
->sel
.daddr
.a4
= daddr
->a4
;
1042 x
->sel
.saddr
.a4
= saddr
->a4
;
1043 x
->sel
.prefixlen_d
= 32;
1044 x
->sel
.prefixlen_s
= 32;
1045 x
->props
.saddr
.a4
= saddr
->a4
;
1046 x
->id
.daddr
.a4
= daddr
->a4
;
1050 ipv6_addr_copy((struct in6_addr
*)x
->sel
.daddr
.a6
,
1051 (struct in6_addr
*)daddr
);
1052 ipv6_addr_copy((struct in6_addr
*)x
->sel
.saddr
.a6
,
1053 (struct in6_addr
*)saddr
);
1054 x
->sel
.prefixlen_d
= 128;
1055 x
->sel
.prefixlen_s
= 128;
1056 ipv6_addr_copy((struct in6_addr
*)x
->props
.saddr
.a6
,
1057 (struct in6_addr
*)saddr
);
1058 ipv6_addr_copy((struct in6_addr
*)x
->id
.daddr
.a6
,
1059 (struct in6_addr
*)daddr
);
1063 x
->km
.state
= XFRM_STATE_ACQ
;
1064 x
->id
.proto
= proto
;
1065 x
->props
.family
= family
;
1066 x
->props
.mode
= mode
;
1067 x
->props
.reqid
= reqid
;
1068 x
->lft
.hard_add_expires_seconds
= sysctl_xfrm_acq_expires
;
1070 x
->timer
.expires
= jiffies
+ sysctl_xfrm_acq_expires
*HZ
;
1071 add_timer(&x
->timer
);
1072 list_add_tail(&x
->all
, &xfrm_state_all
);
1073 hlist_add_head(&x
->bydst
, xfrm_state_bydst
+h
);
1074 h
= xfrm_src_hash(daddr
, saddr
, family
);
1075 hlist_add_head(&x
->bysrc
, xfrm_state_bysrc
+h
);
1079 xfrm_hash_grow_check(x
->bydst
.next
!= NULL
);
1085 static struct xfrm_state
*__xfrm_find_acq_byseq(u32 seq
);
1087 int xfrm_state_add(struct xfrm_state
*x
)
1089 struct xfrm_state
*x1
, *to_put
;
1092 int use_spi
= xfrm_id_proto_match(x
->id
.proto
, IPSEC_PROTO_ANY
);
1094 family
= x
->props
.family
;
1098 spin_lock_bh(&xfrm_state_lock
);
1100 x1
= __xfrm_state_locate(x
, use_spi
, family
);
1108 if (use_spi
&& x
->km
.seq
) {
1109 x1
= __xfrm_find_acq_byseq(x
->km
.seq
);
1110 if (x1
&& ((x1
->id
.proto
!= x
->id
.proto
) ||
1111 xfrm_addr_cmp(&x1
->id
.daddr
, &x
->id
.daddr
, family
))) {
1118 x1
= __find_acq_core(family
, x
->props
.mode
, x
->props
.reqid
,
1120 &x
->id
.daddr
, &x
->props
.saddr
, 0);
1122 __xfrm_state_bump_genids(x
);
1123 __xfrm_state_insert(x
);
1127 spin_unlock_bh(&xfrm_state_lock
);
1130 xfrm_state_delete(x1
);
1135 xfrm_state_put(to_put
);
1139 EXPORT_SYMBOL(xfrm_state_add
);
1141 #ifdef CONFIG_XFRM_MIGRATE
1142 static struct xfrm_state
*xfrm_state_clone(struct xfrm_state
*orig
, int *errp
)
1145 struct xfrm_state
*x
= xfrm_state_alloc();
1149 memcpy(&x
->id
, &orig
->id
, sizeof(x
->id
));
1150 memcpy(&x
->sel
, &orig
->sel
, sizeof(x
->sel
));
1151 memcpy(&x
->lft
, &orig
->lft
, sizeof(x
->lft
));
1152 x
->props
.mode
= orig
->props
.mode
;
1153 x
->props
.replay_window
= orig
->props
.replay_window
;
1154 x
->props
.reqid
= orig
->props
.reqid
;
1155 x
->props
.family
= orig
->props
.family
;
1156 x
->props
.saddr
= orig
->props
.saddr
;
1159 x
->aalg
= xfrm_algo_clone(orig
->aalg
);
1163 x
->props
.aalgo
= orig
->props
.aalgo
;
1166 x
->ealg
= xfrm_algo_clone(orig
->ealg
);
1170 x
->props
.ealgo
= orig
->props
.ealgo
;
1173 x
->calg
= xfrm_algo_clone(orig
->calg
);
1177 x
->props
.calgo
= orig
->props
.calgo
;
1180 x
->encap
= kmemdup(orig
->encap
, sizeof(*x
->encap
), GFP_KERNEL
);
1186 x
->coaddr
= kmemdup(orig
->coaddr
, sizeof(*x
->coaddr
),
1192 err
= xfrm_init_state(x
);
1196 x
->props
.flags
= orig
->props
.flags
;
1198 x
->curlft
.add_time
= orig
->curlft
.add_time
;
1199 x
->km
.state
= orig
->km
.state
;
1200 x
->km
.seq
= orig
->km
.seq
;
1218 /* xfrm_state_lock is held */
1219 struct xfrm_state
* xfrm_migrate_state_find(struct xfrm_migrate
*m
)
1222 struct xfrm_state
*x
;
1223 struct hlist_node
*entry
;
1226 h
= xfrm_dst_hash(&m
->old_daddr
, &m
->old_saddr
,
1227 m
->reqid
, m
->old_family
);
1228 hlist_for_each_entry(x
, entry
, xfrm_state_bydst
+h
, bydst
) {
1229 if (x
->props
.mode
!= m
->mode
||
1230 x
->id
.proto
!= m
->proto
)
1232 if (m
->reqid
&& x
->props
.reqid
!= m
->reqid
)
1234 if (xfrm_addr_cmp(&x
->id
.daddr
, &m
->old_daddr
,
1236 xfrm_addr_cmp(&x
->props
.saddr
, &m
->old_saddr
,
1243 h
= xfrm_src_hash(&m
->old_daddr
, &m
->old_saddr
,
1245 hlist_for_each_entry(x
, entry
, xfrm_state_bysrc
+h
, bysrc
) {
1246 if (x
->props
.mode
!= m
->mode
||
1247 x
->id
.proto
!= m
->proto
)
1249 if (xfrm_addr_cmp(&x
->id
.daddr
, &m
->old_daddr
,
1251 xfrm_addr_cmp(&x
->props
.saddr
, &m
->old_saddr
,
1261 EXPORT_SYMBOL(xfrm_migrate_state_find
);
1263 struct xfrm_state
* xfrm_state_migrate(struct xfrm_state
*x
,
1264 struct xfrm_migrate
*m
)
1266 struct xfrm_state
*xc
;
1269 xc
= xfrm_state_clone(x
, &err
);
1273 memcpy(&xc
->id
.daddr
, &m
->new_daddr
, sizeof(xc
->id
.daddr
));
1274 memcpy(&xc
->props
.saddr
, &m
->new_saddr
, sizeof(xc
->props
.saddr
));
1277 if (!xfrm_addr_cmp(&x
->id
.daddr
, &m
->new_daddr
, m
->new_family
)) {
1278 /* a care is needed when the destination address of the
1279 state is to be updated as it is a part of triplet */
1280 xfrm_state_insert(xc
);
1282 if ((err
= xfrm_state_add(xc
)) < 0)
1291 EXPORT_SYMBOL(xfrm_state_migrate
);
1294 int xfrm_state_update(struct xfrm_state
*x
)
1296 struct xfrm_state
*x1
, *to_put
;
1298 int use_spi
= xfrm_id_proto_match(x
->id
.proto
, IPSEC_PROTO_ANY
);
1302 spin_lock_bh(&xfrm_state_lock
);
1303 x1
= __xfrm_state_locate(x
, use_spi
, x
->props
.family
);
1309 if (xfrm_state_kern(x1
)) {
1315 if (x1
->km
.state
== XFRM_STATE_ACQ
) {
1316 __xfrm_state_insert(x
);
1322 spin_unlock_bh(&xfrm_state_lock
);
1325 xfrm_state_put(to_put
);
1331 xfrm_state_delete(x1
);
1337 spin_lock_bh(&x1
->lock
);
1338 if (likely(x1
->km
.state
== XFRM_STATE_VALID
)) {
1339 if (x
->encap
&& x1
->encap
)
1340 memcpy(x1
->encap
, x
->encap
, sizeof(*x1
->encap
));
1341 if (x
->coaddr
&& x1
->coaddr
) {
1342 memcpy(x1
->coaddr
, x
->coaddr
, sizeof(*x1
->coaddr
));
1344 if (!use_spi
&& memcmp(&x1
->sel
, &x
->sel
, sizeof(x1
->sel
)))
1345 memcpy(&x1
->sel
, &x
->sel
, sizeof(x1
->sel
));
1346 memcpy(&x1
->lft
, &x
->lft
, sizeof(x1
->lft
));
1349 mod_timer(&x1
->timer
, jiffies
+ HZ
);
1350 if (x1
->curlft
.use_time
)
1351 xfrm_state_check_expire(x1
);
1355 spin_unlock_bh(&x1
->lock
);
1361 EXPORT_SYMBOL(xfrm_state_update
);
1363 int xfrm_state_check_expire(struct xfrm_state
*x
)
1365 if (!x
->curlft
.use_time
)
1366 x
->curlft
.use_time
= get_seconds();
1368 if (x
->km
.state
!= XFRM_STATE_VALID
)
1371 if (x
->curlft
.bytes
>= x
->lft
.hard_byte_limit
||
1372 x
->curlft
.packets
>= x
->lft
.hard_packet_limit
) {
1373 x
->km
.state
= XFRM_STATE_EXPIRED
;
1374 mod_timer(&x
->timer
, jiffies
);
1379 (x
->curlft
.bytes
>= x
->lft
.soft_byte_limit
||
1380 x
->curlft
.packets
>= x
->lft
.soft_packet_limit
)) {
1382 km_state_expired(x
, 0, 0);
1386 EXPORT_SYMBOL(xfrm_state_check_expire
);
1389 xfrm_state_lookup(xfrm_address_t
*daddr
, __be32 spi
, u8 proto
,
1390 unsigned short family
)
1392 struct xfrm_state
*x
;
1394 spin_lock_bh(&xfrm_state_lock
);
1395 x
= __xfrm_state_lookup(daddr
, spi
, proto
, family
);
1396 spin_unlock_bh(&xfrm_state_lock
);
1399 EXPORT_SYMBOL(xfrm_state_lookup
);
1402 xfrm_state_lookup_byaddr(xfrm_address_t
*daddr
, xfrm_address_t
*saddr
,
1403 u8 proto
, unsigned short family
)
1405 struct xfrm_state
*x
;
1407 spin_lock_bh(&xfrm_state_lock
);
1408 x
= __xfrm_state_lookup_byaddr(daddr
, saddr
, proto
, family
);
1409 spin_unlock_bh(&xfrm_state_lock
);
1412 EXPORT_SYMBOL(xfrm_state_lookup_byaddr
);
1415 xfrm_find_acq(u8 mode
, u32 reqid
, u8 proto
,
1416 xfrm_address_t
*daddr
, xfrm_address_t
*saddr
,
1417 int create
, unsigned short family
)
1419 struct xfrm_state
*x
;
1421 spin_lock_bh(&xfrm_state_lock
);
1422 x
= __find_acq_core(family
, mode
, reqid
, proto
, daddr
, saddr
, create
);
1423 spin_unlock_bh(&xfrm_state_lock
);
1427 EXPORT_SYMBOL(xfrm_find_acq
);
1429 #ifdef CONFIG_XFRM_SUB_POLICY
1431 xfrm_tmpl_sort(struct xfrm_tmpl
**dst
, struct xfrm_tmpl
**src
, int n
,
1432 unsigned short family
)
1435 struct xfrm_state_afinfo
*afinfo
= xfrm_state_get_afinfo(family
);
1437 return -EAFNOSUPPORT
;
1439 spin_lock_bh(&xfrm_state_lock
);
1440 if (afinfo
->tmpl_sort
)
1441 err
= afinfo
->tmpl_sort(dst
, src
, n
);
1442 spin_unlock_bh(&xfrm_state_lock
);
1443 xfrm_state_put_afinfo(afinfo
);
1446 EXPORT_SYMBOL(xfrm_tmpl_sort
);
1449 xfrm_state_sort(struct xfrm_state
**dst
, struct xfrm_state
**src
, int n
,
1450 unsigned short family
)
1453 struct xfrm_state_afinfo
*afinfo
= xfrm_state_get_afinfo(family
);
1455 return -EAFNOSUPPORT
;
1457 spin_lock_bh(&xfrm_state_lock
);
1458 if (afinfo
->state_sort
)
1459 err
= afinfo
->state_sort(dst
, src
, n
);
1460 spin_unlock_bh(&xfrm_state_lock
);
1461 xfrm_state_put_afinfo(afinfo
);
1464 EXPORT_SYMBOL(xfrm_state_sort
);
1467 /* Silly enough, but I'm lazy to build resolution list */
1469 static struct xfrm_state
*__xfrm_find_acq_byseq(u32 seq
)
1473 for (i
= 0; i
<= xfrm_state_hmask
; i
++) {
1474 struct hlist_node
*entry
;
1475 struct xfrm_state
*x
;
1477 hlist_for_each_entry(x
, entry
, xfrm_state_bydst
+i
, bydst
) {
1478 if (x
->km
.seq
== seq
&&
1479 x
->km
.state
== XFRM_STATE_ACQ
) {
1488 struct xfrm_state
*xfrm_find_acq_byseq(u32 seq
)
1490 struct xfrm_state
*x
;
1492 spin_lock_bh(&xfrm_state_lock
);
1493 x
= __xfrm_find_acq_byseq(seq
);
1494 spin_unlock_bh(&xfrm_state_lock
);
1497 EXPORT_SYMBOL(xfrm_find_acq_byseq
);
1499 u32
xfrm_get_acqseq(void)
1503 static DEFINE_SPINLOCK(acqseq_lock
);
1505 spin_lock_bh(&acqseq_lock
);
1506 res
= (++acqseq
? : ++acqseq
);
1507 spin_unlock_bh(&acqseq_lock
);
1510 EXPORT_SYMBOL(xfrm_get_acqseq
);
1512 int xfrm_alloc_spi(struct xfrm_state
*x
, u32 low
, u32 high
)
1515 struct xfrm_state
*x0
;
1517 __be32 minspi
= htonl(low
);
1518 __be32 maxspi
= htonl(high
);
1520 spin_lock_bh(&x
->lock
);
1521 if (x
->km
.state
== XFRM_STATE_DEAD
)
1530 if (minspi
== maxspi
) {
1531 x0
= xfrm_state_lookup(&x
->id
.daddr
, minspi
, x
->id
.proto
, x
->props
.family
);
1539 for (h
=0; h
<high
-low
+1; h
++) {
1540 spi
= low
+ net_random()%(high
-low
+1);
1541 x0
= xfrm_state_lookup(&x
->id
.daddr
, htonl(spi
), x
->id
.proto
, x
->props
.family
);
1543 x
->id
.spi
= htonl(spi
);
1550 spin_lock_bh(&xfrm_state_lock
);
1551 h
= xfrm_spi_hash(&x
->id
.daddr
, x
->id
.spi
, x
->id
.proto
, x
->props
.family
);
1552 hlist_add_head(&x
->byspi
, xfrm_state_byspi
+h
);
1553 spin_unlock_bh(&xfrm_state_lock
);
1559 spin_unlock_bh(&x
->lock
);
1563 EXPORT_SYMBOL(xfrm_alloc_spi
);
1565 int xfrm_state_walk(struct xfrm_state_walk
*walk
,
1566 int (*func
)(struct xfrm_state
*, int, void*),
1569 struct xfrm_state
*old
, *x
, *last
= NULL
;
1572 if (walk
->state
== NULL
&& walk
->count
!= 0)
1575 old
= x
= walk
->state
;
1577 spin_lock_bh(&xfrm_state_lock
);
1579 x
= list_first_entry(&xfrm_state_all
, struct xfrm_state
, all
);
1580 list_for_each_entry_from(x
, &xfrm_state_all
, all
) {
1581 if (x
->km
.state
== XFRM_STATE_DEAD
)
1583 if (!xfrm_id_proto_match(x
->id
.proto
, walk
->proto
))
1586 err
= func(last
, walk
->count
, data
);
1588 xfrm_state_hold(last
);
1596 if (walk
->count
== 0) {
1601 err
= func(last
, 0, data
);
1603 spin_unlock_bh(&xfrm_state_lock
);
1605 xfrm_state_put(old
);
1608 EXPORT_SYMBOL(xfrm_state_walk
);
1610 void xfrm_state_walk_init(struct xfrm_state_walk
*walk
, u8 proto
)
1612 walk
->proto
= proto
;
1615 list_add_tail(&walk
->list
, &xfrm_state_walks
);
1616 walk
->genid
= ++xfrm_state_walk_ongoing
;
1618 EXPORT_SYMBOL(xfrm_state_walk_init
);
1620 void xfrm_state_walk_done(struct xfrm_state_walk
*walk
)
1622 struct list_head
*prev
;
1624 if (walk
->state
!= NULL
) {
1625 xfrm_state_put(walk
->state
);
1629 prev
= walk
->list
.prev
;
1630 list_del(&walk
->list
);
1632 if (prev
!= &xfrm_state_walks
) {
1633 list_entry(prev
, struct xfrm_state_walk
, list
)->genid
=
1638 xfrm_state_walk_completed
= walk
->genid
;
1640 if (!list_empty(&xfrm_state_gc_leftovers
))
1641 schedule_work(&xfrm_state_gc_work
);
1643 EXPORT_SYMBOL(xfrm_state_walk_done
);
1646 void xfrm_replay_notify(struct xfrm_state
*x
, int event
)
1649 /* we send notify messages in case
1650 * 1. we updated on of the sequence numbers, and the seqno difference
1651 * is at least x->replay_maxdiff, in this case we also update the
1652 * timeout of our timer function
1653 * 2. if x->replay_maxage has elapsed since last update,
1654 * and there were changes
1656 * The state structure must be locked!
1660 case XFRM_REPLAY_UPDATE
:
1661 if (x
->replay_maxdiff
&&
1662 (x
->replay
.seq
- x
->preplay
.seq
< x
->replay_maxdiff
) &&
1663 (x
->replay
.oseq
- x
->preplay
.oseq
< x
->replay_maxdiff
)) {
1664 if (x
->xflags
& XFRM_TIME_DEFER
)
1665 event
= XFRM_REPLAY_TIMEOUT
;
1672 case XFRM_REPLAY_TIMEOUT
:
1673 if ((x
->replay
.seq
== x
->preplay
.seq
) &&
1674 (x
->replay
.bitmap
== x
->preplay
.bitmap
) &&
1675 (x
->replay
.oseq
== x
->preplay
.oseq
)) {
1676 x
->xflags
|= XFRM_TIME_DEFER
;
1683 memcpy(&x
->preplay
, &x
->replay
, sizeof(struct xfrm_replay_state
));
1684 c
.event
= XFRM_MSG_NEWAE
;
1685 c
.data
.aevent
= event
;
1686 km_state_notify(x
, &c
);
1688 if (x
->replay_maxage
&&
1689 !mod_timer(&x
->rtimer
, jiffies
+ x
->replay_maxage
))
1690 x
->xflags
&= ~XFRM_TIME_DEFER
;
1693 static void xfrm_replay_timer_handler(unsigned long data
)
1695 struct xfrm_state
*x
= (struct xfrm_state
*)data
;
1697 spin_lock(&x
->lock
);
1699 if (x
->km
.state
== XFRM_STATE_VALID
) {
1700 if (xfrm_aevent_is_on())
1701 xfrm_replay_notify(x
, XFRM_REPLAY_TIMEOUT
);
1703 x
->xflags
|= XFRM_TIME_DEFER
;
1706 spin_unlock(&x
->lock
);
1709 int xfrm_replay_check(struct xfrm_state
*x
,
1710 struct sk_buff
*skb
, __be32 net_seq
)
1713 u32 seq
= ntohl(net_seq
);
1715 if (unlikely(seq
== 0))
1718 if (likely(seq
> x
->replay
.seq
))
1721 diff
= x
->replay
.seq
- seq
;
1722 if (diff
>= min_t(unsigned int, x
->props
.replay_window
,
1723 sizeof(x
->replay
.bitmap
) * 8)) {
1724 x
->stats
.replay_window
++;
1728 if (x
->replay
.bitmap
& (1U << diff
)) {
1735 xfrm_audit_state_replay(x
, skb
, net_seq
);
1739 void xfrm_replay_advance(struct xfrm_state
*x
, __be32 net_seq
)
1742 u32 seq
= ntohl(net_seq
);
1744 if (seq
> x
->replay
.seq
) {
1745 diff
= seq
- x
->replay
.seq
;
1746 if (diff
< x
->props
.replay_window
)
1747 x
->replay
.bitmap
= ((x
->replay
.bitmap
) << diff
) | 1;
1749 x
->replay
.bitmap
= 1;
1750 x
->replay
.seq
= seq
;
1752 diff
= x
->replay
.seq
- seq
;
1753 x
->replay
.bitmap
|= (1U << diff
);
1756 if (xfrm_aevent_is_on())
1757 xfrm_replay_notify(x
, XFRM_REPLAY_UPDATE
);
1760 static LIST_HEAD(xfrm_km_list
);
1761 static DEFINE_RWLOCK(xfrm_km_lock
);
1763 void km_policy_notify(struct xfrm_policy
*xp
, int dir
, struct km_event
*c
)
1765 struct xfrm_mgr
*km
;
1767 read_lock(&xfrm_km_lock
);
1768 list_for_each_entry(km
, &xfrm_km_list
, list
)
1769 if (km
->notify_policy
)
1770 km
->notify_policy(xp
, dir
, c
);
1771 read_unlock(&xfrm_km_lock
);
1774 void km_state_notify(struct xfrm_state
*x
, struct km_event
*c
)
1776 struct xfrm_mgr
*km
;
1777 read_lock(&xfrm_km_lock
);
1778 list_for_each_entry(km
, &xfrm_km_list
, list
)
1781 read_unlock(&xfrm_km_lock
);
1784 EXPORT_SYMBOL(km_policy_notify
);
1785 EXPORT_SYMBOL(km_state_notify
);
1787 void km_state_expired(struct xfrm_state
*x
, int hard
, u32 pid
)
1793 c
.event
= XFRM_MSG_EXPIRE
;
1794 km_state_notify(x
, &c
);
1800 EXPORT_SYMBOL(km_state_expired
);
1802 * We send to all registered managers regardless of failure
1803 * We are happy with one success
1805 int km_query(struct xfrm_state
*x
, struct xfrm_tmpl
*t
, struct xfrm_policy
*pol
)
1807 int err
= -EINVAL
, acqret
;
1808 struct xfrm_mgr
*km
;
1810 read_lock(&xfrm_km_lock
);
1811 list_for_each_entry(km
, &xfrm_km_list
, list
) {
1812 acqret
= km
->acquire(x
, t
, pol
, XFRM_POLICY_OUT
);
1816 read_unlock(&xfrm_km_lock
);
1819 EXPORT_SYMBOL(km_query
);
1821 int km_new_mapping(struct xfrm_state
*x
, xfrm_address_t
*ipaddr
, __be16 sport
)
1824 struct xfrm_mgr
*km
;
1826 read_lock(&xfrm_km_lock
);
1827 list_for_each_entry(km
, &xfrm_km_list
, list
) {
1828 if (km
->new_mapping
)
1829 err
= km
->new_mapping(x
, ipaddr
, sport
);
1833 read_unlock(&xfrm_km_lock
);
1836 EXPORT_SYMBOL(km_new_mapping
);
1838 void km_policy_expired(struct xfrm_policy
*pol
, int dir
, int hard
, u32 pid
)
1844 c
.event
= XFRM_MSG_POLEXPIRE
;
1845 km_policy_notify(pol
, dir
, &c
);
1850 EXPORT_SYMBOL(km_policy_expired
);
1852 #ifdef CONFIG_XFRM_MIGRATE
1853 int km_migrate(struct xfrm_selector
*sel
, u8 dir
, u8 type
,
1854 struct xfrm_migrate
*m
, int num_migrate
)
1858 struct xfrm_mgr
*km
;
1860 read_lock(&xfrm_km_lock
);
1861 list_for_each_entry(km
, &xfrm_km_list
, list
) {
1863 ret
= km
->migrate(sel
, dir
, type
, m
, num_migrate
);
1868 read_unlock(&xfrm_km_lock
);
1871 EXPORT_SYMBOL(km_migrate
);
1874 int km_report(u8 proto
, struct xfrm_selector
*sel
, xfrm_address_t
*addr
)
1878 struct xfrm_mgr
*km
;
1880 read_lock(&xfrm_km_lock
);
1881 list_for_each_entry(km
, &xfrm_km_list
, list
) {
1883 ret
= km
->report(proto
, sel
, addr
);
1888 read_unlock(&xfrm_km_lock
);
1891 EXPORT_SYMBOL(km_report
);
1893 int xfrm_user_policy(struct sock
*sk
, int optname
, u8 __user
*optval
, int optlen
)
1897 struct xfrm_mgr
*km
;
1898 struct xfrm_policy
*pol
= NULL
;
1900 if (optlen
<= 0 || optlen
> PAGE_SIZE
)
1903 data
= kmalloc(optlen
, GFP_KERNEL
);
1908 if (copy_from_user(data
, optval
, optlen
))
1912 read_lock(&xfrm_km_lock
);
1913 list_for_each_entry(km
, &xfrm_km_list
, list
) {
1914 pol
= km
->compile_policy(sk
, optname
, data
,
1919 read_unlock(&xfrm_km_lock
);
1922 xfrm_sk_policy_insert(sk
, err
, pol
);
1931 EXPORT_SYMBOL(xfrm_user_policy
);
1933 int xfrm_register_km(struct xfrm_mgr
*km
)
1935 write_lock_bh(&xfrm_km_lock
);
1936 list_add_tail(&km
->list
, &xfrm_km_list
);
1937 write_unlock_bh(&xfrm_km_lock
);
1940 EXPORT_SYMBOL(xfrm_register_km
);
1942 int xfrm_unregister_km(struct xfrm_mgr
*km
)
1944 write_lock_bh(&xfrm_km_lock
);
1945 list_del(&km
->list
);
1946 write_unlock_bh(&xfrm_km_lock
);
1949 EXPORT_SYMBOL(xfrm_unregister_km
);
1951 int xfrm_state_register_afinfo(struct xfrm_state_afinfo
*afinfo
)
1954 if (unlikely(afinfo
== NULL
))
1956 if (unlikely(afinfo
->family
>= NPROTO
))
1957 return -EAFNOSUPPORT
;
1958 write_lock_bh(&xfrm_state_afinfo_lock
);
1959 if (unlikely(xfrm_state_afinfo
[afinfo
->family
] != NULL
))
1962 xfrm_state_afinfo
[afinfo
->family
] = afinfo
;
1963 write_unlock_bh(&xfrm_state_afinfo_lock
);
1966 EXPORT_SYMBOL(xfrm_state_register_afinfo
);
1968 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo
*afinfo
)
1971 if (unlikely(afinfo
== NULL
))
1973 if (unlikely(afinfo
->family
>= NPROTO
))
1974 return -EAFNOSUPPORT
;
1975 write_lock_bh(&xfrm_state_afinfo_lock
);
1976 if (likely(xfrm_state_afinfo
[afinfo
->family
] != NULL
)) {
1977 if (unlikely(xfrm_state_afinfo
[afinfo
->family
] != afinfo
))
1980 xfrm_state_afinfo
[afinfo
->family
] = NULL
;
1982 write_unlock_bh(&xfrm_state_afinfo_lock
);
1985 EXPORT_SYMBOL(xfrm_state_unregister_afinfo
);
1987 static struct xfrm_state_afinfo
*xfrm_state_get_afinfo(unsigned int family
)
1989 struct xfrm_state_afinfo
*afinfo
;
1990 if (unlikely(family
>= NPROTO
))
1992 read_lock(&xfrm_state_afinfo_lock
);
1993 afinfo
= xfrm_state_afinfo
[family
];
1994 if (unlikely(!afinfo
))
1995 read_unlock(&xfrm_state_afinfo_lock
);
1999 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo
*afinfo
)
2000 __releases(xfrm_state_afinfo_lock
)
2002 read_unlock(&xfrm_state_afinfo_lock
);
2005 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
2006 void xfrm_state_delete_tunnel(struct xfrm_state
*x
)
2009 struct xfrm_state
*t
= x
->tunnel
;
2011 if (atomic_read(&t
->tunnel_users
) == 2)
2012 xfrm_state_delete(t
);
2013 atomic_dec(&t
->tunnel_users
);
2018 EXPORT_SYMBOL(xfrm_state_delete_tunnel
);
2020 int xfrm_state_mtu(struct xfrm_state
*x
, int mtu
)
2024 spin_lock_bh(&x
->lock
);
2025 if (x
->km
.state
== XFRM_STATE_VALID
&&
2026 x
->type
&& x
->type
->get_mtu
)
2027 res
= x
->type
->get_mtu(x
, mtu
);
2029 res
= mtu
- x
->props
.header_len
;
2030 spin_unlock_bh(&x
->lock
);
2034 int xfrm_init_state(struct xfrm_state
*x
)
2036 struct xfrm_state_afinfo
*afinfo
;
2037 struct xfrm_mode
*inner_mode
;
2038 int family
= x
->props
.family
;
2041 err
= -EAFNOSUPPORT
;
2042 afinfo
= xfrm_state_get_afinfo(family
);
2047 if (afinfo
->init_flags
)
2048 err
= afinfo
->init_flags(x
);
2050 xfrm_state_put_afinfo(afinfo
);
2055 err
= -EPROTONOSUPPORT
;
2057 if (x
->sel
.family
!= AF_UNSPEC
) {
2058 inner_mode
= xfrm_get_mode(x
->props
.mode
, x
->sel
.family
);
2059 if (inner_mode
== NULL
)
2062 if (!(inner_mode
->flags
& XFRM_MODE_FLAG_TUNNEL
) &&
2063 family
!= x
->sel
.family
) {
2064 xfrm_put_mode(inner_mode
);
2068 x
->inner_mode
= inner_mode
;
2070 struct xfrm_mode
*inner_mode_iaf
;
2072 inner_mode
= xfrm_get_mode(x
->props
.mode
, AF_INET
);
2073 if (inner_mode
== NULL
)
2076 if (!(inner_mode
->flags
& XFRM_MODE_FLAG_TUNNEL
)) {
2077 xfrm_put_mode(inner_mode
);
2081 inner_mode_iaf
= xfrm_get_mode(x
->props
.mode
, AF_INET6
);
2082 if (inner_mode_iaf
== NULL
)
2085 if (!(inner_mode_iaf
->flags
& XFRM_MODE_FLAG_TUNNEL
)) {
2086 xfrm_put_mode(inner_mode_iaf
);
2090 if (x
->props
.family
== AF_INET
) {
2091 x
->inner_mode
= inner_mode
;
2092 x
->inner_mode_iaf
= inner_mode_iaf
;
2094 x
->inner_mode
= inner_mode_iaf
;
2095 x
->inner_mode_iaf
= inner_mode
;
2099 x
->type
= xfrm_get_type(x
->id
.proto
, family
);
2100 if (x
->type
== NULL
)
2103 err
= x
->type
->init_state(x
);
2107 x
->outer_mode
= xfrm_get_mode(x
->props
.mode
, family
);
2108 if (x
->outer_mode
== NULL
)
2111 x
->km
.state
= XFRM_STATE_VALID
;
2117 EXPORT_SYMBOL(xfrm_init_state
);
2119 void __init
xfrm_state_init(void)
2123 sz
= sizeof(struct hlist_head
) * 8;
2125 xfrm_state_bydst
= xfrm_hash_alloc(sz
);
2126 xfrm_state_bysrc
= xfrm_hash_alloc(sz
);
2127 xfrm_state_byspi
= xfrm_hash_alloc(sz
);
2128 if (!xfrm_state_bydst
|| !xfrm_state_bysrc
|| !xfrm_state_byspi
)
2129 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
2130 xfrm_state_hmask
= ((sz
/ sizeof(struct hlist_head
)) - 1);
2132 INIT_WORK(&xfrm_state_gc_work
, xfrm_state_gc_task
);
2135 #ifdef CONFIG_AUDITSYSCALL
2136 static void xfrm_audit_helper_sainfo(struct xfrm_state
*x
,
2137 struct audit_buffer
*audit_buf
)
2139 struct xfrm_sec_ctx
*ctx
= x
->security
;
2140 u32 spi
= ntohl(x
->id
.spi
);
2143 audit_log_format(audit_buf
, " sec_alg=%u sec_doi=%u sec_obj=%s",
2144 ctx
->ctx_alg
, ctx
->ctx_doi
, ctx
->ctx_str
);
2146 switch(x
->props
.family
) {
2148 audit_log_format(audit_buf
,
2149 " src=" NIPQUAD_FMT
" dst=" NIPQUAD_FMT
,
2150 NIPQUAD(x
->props
.saddr
.a4
),
2151 NIPQUAD(x
->id
.daddr
.a4
));
2154 audit_log_format(audit_buf
,
2155 " src=" NIP6_FMT
" dst=" NIP6_FMT
,
2156 NIP6(*(struct in6_addr
*)x
->props
.saddr
.a6
),
2157 NIP6(*(struct in6_addr
*)x
->id
.daddr
.a6
));
2161 audit_log_format(audit_buf
, " spi=%u(0x%x)", spi
, spi
);
2164 static void xfrm_audit_helper_pktinfo(struct sk_buff
*skb
, u16 family
,
2165 struct audit_buffer
*audit_buf
)
2168 struct ipv6hdr
*iph6
;
2173 audit_log_format(audit_buf
,
2174 " src=" NIPQUAD_FMT
" dst=" NIPQUAD_FMT
,
2175 NIPQUAD(iph4
->saddr
),
2176 NIPQUAD(iph4
->daddr
));
2179 iph6
= ipv6_hdr(skb
);
2180 audit_log_format(audit_buf
,
2181 " src=" NIP6_FMT
" dst=" NIP6_FMT
2182 " flowlbl=0x%x%02x%02x",
2185 iph6
->flow_lbl
[0] & 0x0f,
2192 void xfrm_audit_state_add(struct xfrm_state
*x
, int result
,
2193 uid_t auid
, u32 sessionid
, u32 secid
)
2195 struct audit_buffer
*audit_buf
;
2197 audit_buf
= xfrm_audit_start("SAD-add");
2198 if (audit_buf
== NULL
)
2200 xfrm_audit_helper_usrinfo(auid
, sessionid
, secid
, audit_buf
);
2201 xfrm_audit_helper_sainfo(x
, audit_buf
);
2202 audit_log_format(audit_buf
, " res=%u", result
);
2203 audit_log_end(audit_buf
);
2205 EXPORT_SYMBOL_GPL(xfrm_audit_state_add
);
2207 void xfrm_audit_state_delete(struct xfrm_state
*x
, int result
,
2208 uid_t auid
, u32 sessionid
, u32 secid
)
2210 struct audit_buffer
*audit_buf
;
2212 audit_buf
= xfrm_audit_start("SAD-delete");
2213 if (audit_buf
== NULL
)
2215 xfrm_audit_helper_usrinfo(auid
, sessionid
, secid
, audit_buf
);
2216 xfrm_audit_helper_sainfo(x
, audit_buf
);
2217 audit_log_format(audit_buf
, " res=%u", result
);
2218 audit_log_end(audit_buf
);
2220 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete
);
2222 void xfrm_audit_state_replay_overflow(struct xfrm_state
*x
,
2223 struct sk_buff
*skb
)
2225 struct audit_buffer
*audit_buf
;
2228 audit_buf
= xfrm_audit_start("SA-replay-overflow");
2229 if (audit_buf
== NULL
)
2231 xfrm_audit_helper_pktinfo(skb
, x
->props
.family
, audit_buf
);
2232 /* don't record the sequence number because it's inherent in this kind
2233 * of audit message */
2234 spi
= ntohl(x
->id
.spi
);
2235 audit_log_format(audit_buf
, " spi=%u(0x%x)", spi
, spi
);
2236 audit_log_end(audit_buf
);
2238 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow
);
2240 static void xfrm_audit_state_replay(struct xfrm_state
*x
,
2241 struct sk_buff
*skb
, __be32 net_seq
)
2243 struct audit_buffer
*audit_buf
;
2246 audit_buf
= xfrm_audit_start("SA-replayed-pkt");
2247 if (audit_buf
== NULL
)
2249 xfrm_audit_helper_pktinfo(skb
, x
->props
.family
, audit_buf
);
2250 spi
= ntohl(x
->id
.spi
);
2251 audit_log_format(audit_buf
, " spi=%u(0x%x) seqno=%u",
2252 spi
, spi
, ntohl(net_seq
));
2253 audit_log_end(audit_buf
);
2256 void xfrm_audit_state_notfound_simple(struct sk_buff
*skb
, u16 family
)
2258 struct audit_buffer
*audit_buf
;
2260 audit_buf
= xfrm_audit_start("SA-notfound");
2261 if (audit_buf
== NULL
)
2263 xfrm_audit_helper_pktinfo(skb
, family
, audit_buf
);
2264 audit_log_end(audit_buf
);
2266 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple
);
2268 void xfrm_audit_state_notfound(struct sk_buff
*skb
, u16 family
,
2269 __be32 net_spi
, __be32 net_seq
)
2271 struct audit_buffer
*audit_buf
;
2274 audit_buf
= xfrm_audit_start("SA-notfound");
2275 if (audit_buf
== NULL
)
2277 xfrm_audit_helper_pktinfo(skb
, family
, audit_buf
);
2278 spi
= ntohl(net_spi
);
2279 audit_log_format(audit_buf
, " spi=%u(0x%x) seqno=%u",
2280 spi
, spi
, ntohl(net_seq
));
2281 audit_log_end(audit_buf
);
2283 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound
);
2285 void xfrm_audit_state_icvfail(struct xfrm_state
*x
,
2286 struct sk_buff
*skb
, u8 proto
)
2288 struct audit_buffer
*audit_buf
;
2292 audit_buf
= xfrm_audit_start("SA-icv-failure");
2293 if (audit_buf
== NULL
)
2295 xfrm_audit_helper_pktinfo(skb
, x
->props
.family
, audit_buf
);
2296 if (xfrm_parse_spi(skb
, proto
, &net_spi
, &net_seq
) == 0) {
2297 u32 spi
= ntohl(net_spi
);
2298 audit_log_format(audit_buf
, " spi=%u(0x%x) seqno=%u",
2299 spi
, spi
, ntohl(net_seq
));
2301 audit_log_end(audit_buf
);
2303 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail
);
2304 #endif /* CONFIG_AUDITSYSCALL */