projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[IPSEC]: Remove gratuitous km wake-up events on ACQUIRE
[deliverable/linux.git] / net / xfrm / xfrm_state.c
1 /*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
13 *
14 */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <linux/cache.h>
22 #include <asm/uaccess.h>
23
24 #include "xfrm_hash.h"
25
26 struct sock *xfrm_nl;
27 EXPORT_SYMBOL(xfrm_nl);
28
29 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
30 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
31
32 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
33 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
34
35 u32 sysctl_xfrm_acq_expires __read_mostly = 30;
36
37 /* Each xfrm_state may be linked to two tables:
38
39 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
40 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
41 destination/tunnel endpoint. (output)
42 */
43
44 static DEFINE_SPINLOCK(xfrm_state_lock);
45
46 /* Hash table to find appropriate SA towards given target (endpoint
47 * of tunnel or destination of transport mode) allowed by selector.
48 *
49 * Main use is finding SA after policy selected tunnel or transport mode.
50 * Also, it can be used by ah/esp icmp error handler to find offending SA.
51 */
52 static struct hlist_head *xfrm_state_bydst __read_mostly;
53 static struct hlist_head *xfrm_state_bysrc __read_mostly;
54 static struct hlist_head *xfrm_state_byspi __read_mostly;
55 static unsigned int xfrm_state_hmask __read_mostly;
56 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
57 static unsigned int xfrm_state_num;
58 static unsigned int xfrm_state_genid;
59
60 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
61 xfrm_address_t *saddr,
62 u32 reqid,
63 unsigned short family)
64 {
65 return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
66 }
67
68 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
69 xfrm_address_t *saddr,
70 unsigned short family)
71 {
72 return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
73 }
74
75 static inline unsigned int
76 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
77 {
78 return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
79 }
80
81 static void xfrm_hash_transfer(struct hlist_head *list,
82 struct hlist_head *ndsttable,
83 struct hlist_head *nsrctable,
84 struct hlist_head *nspitable,
85 unsigned int nhashmask)
86 {
87 struct hlist_node *entry, *tmp;
88 struct xfrm_state *x;
89
90 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
91 unsigned int h;
92
93 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
94 x->props.reqid, x->props.family,
95 nhashmask);
96 hlist_add_head(&x->bydst, ndsttable+h);
97
98 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
99 x->props.family,
100 nhashmask);
101 hlist_add_head(&x->bysrc, nsrctable+h);
102
103 if (x->id.spi) {
104 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
105 x->id.proto, x->props.family,
106 nhashmask);
107 hlist_add_head(&x->byspi, nspitable+h);
108 }
109 }
110 }
111
112 static unsigned long xfrm_hash_new_size(void)
113 {
114 return ((xfrm_state_hmask + 1) << 1) *
115 sizeof(struct hlist_head);
116 }
117
118 static DEFINE_MUTEX(hash_resize_mutex);
119
120 static void xfrm_hash_resize(struct work_struct *__unused)
121 {
122 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
123 unsigned long nsize, osize;
124 unsigned int nhashmask, ohashmask;
125 int i;
126
127 mutex_lock(&hash_resize_mutex);
128
129 nsize = xfrm_hash_new_size();
130 ndst = xfrm_hash_alloc(nsize);
131 if (!ndst)
132 goto out_unlock;
133 nsrc = xfrm_hash_alloc(nsize);
134 if (!nsrc) {
135 xfrm_hash_free(ndst, nsize);
136 goto out_unlock;
137 }
138 nspi = xfrm_hash_alloc(nsize);
139 if (!nspi) {
140 xfrm_hash_free(ndst, nsize);
141 xfrm_hash_free(nsrc, nsize);
142 goto out_unlock;
143 }
144
145 spin_lock_bh(&xfrm_state_lock);
146
147 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
148 for (i = xfrm_state_hmask; i >= 0; i--)
149 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
150 nhashmask);
151
152 odst = xfrm_state_bydst;
153 osrc = xfrm_state_bysrc;
154 ospi = xfrm_state_byspi;
155 ohashmask = xfrm_state_hmask;
156
157 xfrm_state_bydst = ndst;
158 xfrm_state_bysrc = nsrc;
159 xfrm_state_byspi = nspi;
160 xfrm_state_hmask = nhashmask;
161
162 spin_unlock_bh(&xfrm_state_lock);
163
164 osize = (ohashmask + 1) * sizeof(struct hlist_head);
165 xfrm_hash_free(odst, osize);
166 xfrm_hash_free(osrc, osize);
167 xfrm_hash_free(ospi, osize);
168
169 out_unlock:
170 mutex_unlock(&hash_resize_mutex);
171 }
172
173 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
174
175 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
176 EXPORT_SYMBOL(km_waitq);
177
178 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
179 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
180
181 static struct work_struct xfrm_state_gc_work;
182 static HLIST_HEAD(xfrm_state_gc_list);
183 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
184
185 int __xfrm_state_delete(struct xfrm_state *x);
186
187 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
188 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
189
190 static void xfrm_state_gc_destroy(struct xfrm_state *x)
191 {
192 del_timer_sync(&x->timer);
193 del_timer_sync(&x->rtimer);
194 kfree(x->aalg);
195 kfree(x->ealg);
196 kfree(x->calg);
197 kfree(x->encap);
198 kfree(x->coaddr);
199 if (x->mode)
200 xfrm_put_mode(x->mode);
201 if (x->type) {
202 x->type->destructor(x);
203 xfrm_put_type(x->type);
204 }
205 security_xfrm_state_free(x);
206 kfree(x);
207 }
208
209 static void xfrm_state_gc_task(struct work_struct *data)
210 {
211 struct xfrm_state *x;
212 struct hlist_node *entry, *tmp;
213 struct hlist_head gc_list;
214
215 spin_lock_bh(&xfrm_state_gc_lock);
216 gc_list.first = xfrm_state_gc_list.first;
217 INIT_HLIST_HEAD(&xfrm_state_gc_list);
218 spin_unlock_bh(&xfrm_state_gc_lock);
219
220 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, bydst)
221 xfrm_state_gc_destroy(x);
222
223 wake_up(&km_waitq);
224 }
225
226 static inline unsigned long make_jiffies(long secs)
227 {
228 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
229 return MAX_SCHEDULE_TIMEOUT-1;
230 else
231 return secs*HZ;
232 }
233
234 static void xfrm_timer_handler(unsigned long data)
235 {
236 struct xfrm_state *x = (struct xfrm_state*)data;
237 unsigned long now = get_seconds();
238 long next = LONG_MAX;
239 int warn = 0;
240 int err = 0;
241
242 spin_lock(&x->lock);
243 if (x->km.state == XFRM_STATE_DEAD)
244 goto out;
245 if (x->km.state == XFRM_STATE_EXPIRED)
246 goto expired;
247 if (x->lft.hard_add_expires_seconds) {
248 long tmo = x->lft.hard_add_expires_seconds +
249 x->curlft.add_time - now;
250 if (tmo <= 0)
251 goto expired;
252 if (tmo < next)
253 next = tmo;
254 }
255 if (x->lft.hard_use_expires_seconds) {
256 long tmo = x->lft.hard_use_expires_seconds +
257 (x->curlft.use_time ? : now) - now;
258 if (tmo <= 0)
259 goto expired;
260 if (tmo < next)
261 next = tmo;
262 }
263 if (x->km.dying)
264 goto resched;
265 if (x->lft.soft_add_expires_seconds) {
266 long tmo = x->lft.soft_add_expires_seconds +
267 x->curlft.add_time - now;
268 if (tmo <= 0)
269 warn = 1;
270 else if (tmo < next)
271 next = tmo;
272 }
273 if (x->lft.soft_use_expires_seconds) {
274 long tmo = x->lft.soft_use_expires_seconds +
275 (x->curlft.use_time ? : now) - now;
276 if (tmo <= 0)
277 warn = 1;
278 else if (tmo < next)
279 next = tmo;
280 }
281
282 x->km.dying = warn;
283 if (warn)
284 km_state_expired(x, 0, 0);
285 resched:
286 if (next != LONG_MAX)
287 mod_timer(&x->timer, jiffies + make_jiffies(next));
288
289 goto out;
290
291 expired:
292 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
293 x->km.state = XFRM_STATE_EXPIRED;
294 wake_up(&km_waitq);
295 next = 2;
296 goto resched;
297 }
298
299 err = __xfrm_state_delete(x);
300 if (!err && x->id.spi)
301 km_state_expired(x, 1, 0);
302
303 xfrm_audit_state_delete(x, err ? 0 : 1,
304 audit_get_loginuid(current->audit_context), 0);
305
306 out:
307 spin_unlock(&x->lock);
308 }
309
310 static void xfrm_replay_timer_handler(unsigned long data);
311
312 struct xfrm_state *xfrm_state_alloc(void)
313 {
314 struct xfrm_state *x;
315
316 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
317
318 if (x) {
319 atomic_set(&x->refcnt, 1);
320 atomic_set(&x->tunnel_users, 0);
321 INIT_HLIST_NODE(&x->bydst);
322 INIT_HLIST_NODE(&x->bysrc);
323 INIT_HLIST_NODE(&x->byspi);
324 init_timer(&x->timer);
325 x->timer.function = xfrm_timer_handler;
326 x->timer.data = (unsigned long)x;
327 init_timer(&x->rtimer);
328 x->rtimer.function = xfrm_replay_timer_handler;
329 x->rtimer.data = (unsigned long)x;
330 x->curlft.add_time = get_seconds();
331 x->lft.soft_byte_limit = XFRM_INF;
332 x->lft.soft_packet_limit = XFRM_INF;
333 x->lft.hard_byte_limit = XFRM_INF;
334 x->lft.hard_packet_limit = XFRM_INF;
335 x->replay_maxage = 0;
336 x->replay_maxdiff = 0;
337 spin_lock_init(&x->lock);
338 }
339 return x;
340 }
341 EXPORT_SYMBOL(xfrm_state_alloc);
342
343 void __xfrm_state_destroy(struct xfrm_state *x)
344 {
345 BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
346
347 spin_lock_bh(&xfrm_state_gc_lock);
348 hlist_add_head(&x->bydst, &xfrm_state_gc_list);
349 spin_unlock_bh(&xfrm_state_gc_lock);
350 schedule_work(&xfrm_state_gc_work);
351 }
352 EXPORT_SYMBOL(__xfrm_state_destroy);
353
354 int __xfrm_state_delete(struct xfrm_state *x)
355 {
356 int err = -ESRCH;
357
358 if (x->km.state != XFRM_STATE_DEAD) {
359 x->km.state = XFRM_STATE_DEAD;
360 spin_lock(&xfrm_state_lock);
361 hlist_del(&x->bydst);
362 hlist_del(&x->bysrc);
363 if (x->id.spi)
364 hlist_del(&x->byspi);
365 xfrm_state_num--;
366 spin_unlock(&xfrm_state_lock);
367
368 /* All xfrm_state objects are created by xfrm_state_alloc.
369 * The xfrm_state_alloc call gives a reference, and that
370 * is what we are dropping here.
371 */
372 __xfrm_state_put(x);
373 err = 0;
374 }
375
376 return err;
377 }
378 EXPORT_SYMBOL(__xfrm_state_delete);
379
380 int xfrm_state_delete(struct xfrm_state *x)
381 {
382 int err;
383
384 spin_lock_bh(&x->lock);
385 err = __xfrm_state_delete(x);
386 spin_unlock_bh(&x->lock);
387
388 return err;
389 }
390 EXPORT_SYMBOL(xfrm_state_delete);
391
392 #ifdef CONFIG_SECURITY_NETWORK_XFRM
393 static inline int
394 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
395 {
396 int i, err = 0;
397
398 for (i = 0; i <= xfrm_state_hmask; i++) {
399 struct hlist_node *entry;
400 struct xfrm_state *x;
401
402 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
403 if (xfrm_id_proto_match(x->id.proto, proto) &&
404 (err = security_xfrm_state_delete(x)) != 0) {
405 xfrm_audit_state_delete(x, 0,
406 audit_info->loginuid,
407 audit_info->secid);
408 return err;
409 }
410 }
411 }
412
413 return err;
414 }
415 #else
416 static inline int
417 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
418 {
419 return 0;
420 }
421 #endif
422
423 int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
424 {
425 int i, err = 0;
426
427 spin_lock_bh(&xfrm_state_lock);
428 err = xfrm_state_flush_secctx_check(proto, audit_info);
429 if (err)
430 goto out;
431
432 for (i = 0; i <= xfrm_state_hmask; i++) {
433 struct hlist_node *entry;
434 struct xfrm_state *x;
435 restart:
436 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
437 if (!xfrm_state_kern(x) &&
438 xfrm_id_proto_match(x->id.proto, proto)) {
439 xfrm_state_hold(x);
440 spin_unlock_bh(&xfrm_state_lock);
441
442 err = xfrm_state_delete(x);
443 xfrm_audit_state_delete(x, err ? 0 : 1,
444 audit_info->loginuid,
445 audit_info->secid);
446 xfrm_state_put(x);
447
448 spin_lock_bh(&xfrm_state_lock);
449 goto restart;
450 }
451 }
452 }
453 err = 0;
454
455 out:
456 spin_unlock_bh(&xfrm_state_lock);
457 wake_up(&km_waitq);
458 return err;
459 }
460 EXPORT_SYMBOL(xfrm_state_flush);
461
462 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
463 {
464 spin_lock_bh(&xfrm_state_lock);
465 si->sadcnt = xfrm_state_num;
466 si->sadhcnt = xfrm_state_hmask;
467 si->sadhmcnt = xfrm_state_hashmax;
468 spin_unlock_bh(&xfrm_state_lock);
469 }
470 EXPORT_SYMBOL(xfrm_sad_getinfo);
471
472 static int
473 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
474 struct xfrm_tmpl *tmpl,
475 xfrm_address_t *daddr, xfrm_address_t *saddr,
476 unsigned short family)
477 {
478 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
479 if (!afinfo)
480 return -1;
481 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
482 xfrm_state_put_afinfo(afinfo);
483 return 0;
484 }
485
486 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
487 {
488 unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
489 struct xfrm_state *x;
490 struct hlist_node *entry;
491
492 hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
493 if (x->props.family != family ||
494 x->id.spi != spi ||
495 x->id.proto != proto)
496 continue;
497
498 switch (family) {
499 case AF_INET:
500 if (x->id.daddr.a4 != daddr->a4)
501 continue;
502 break;
503 case AF_INET6:
504 if (!ipv6_addr_equal((struct in6_addr *)daddr,
505 (struct in6_addr *)
506 x->id.daddr.a6))
507 continue;
508 break;
509 }
510
511 xfrm_state_hold(x);
512 return x;
513 }
514
515 return NULL;
516 }
517
518 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
519 {
520 unsigned int h = xfrm_src_hash(daddr, saddr, family);
521 struct xfrm_state *x;
522 struct hlist_node *entry;
523
524 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
525 if (x->props.family != family ||
526 x->id.proto != proto)
527 continue;
528
529 switch (family) {
530 case AF_INET:
531 if (x->id.daddr.a4 != daddr->a4 ||
532 x->props.saddr.a4 != saddr->a4)
533 continue;
534 break;
535 case AF_INET6:
536 if (!ipv6_addr_equal((struct in6_addr *)daddr,
537 (struct in6_addr *)
538 x->id.daddr.a6) ||
539 !ipv6_addr_equal((struct in6_addr *)saddr,
540 (struct in6_addr *)
541 x->props.saddr.a6))
542 continue;
543 break;
544 }
545
546 xfrm_state_hold(x);
547 return x;
548 }
549
550 return NULL;
551 }
552
553 static inline struct xfrm_state *
554 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
555 {
556 if (use_spi)
557 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
558 x->id.proto, family);
559 else
560 return __xfrm_state_lookup_byaddr(&x->id.daddr,
561 &x->props.saddr,
562 x->id.proto, family);
563 }
564
565 static void xfrm_hash_grow_check(int have_hash_collision)
566 {
567 if (have_hash_collision &&
568 (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
569 xfrm_state_num > xfrm_state_hmask)
570 schedule_work(&xfrm_hash_work);
571 }
572
573 struct xfrm_state *
574 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
575 struct flowi *fl, struct xfrm_tmpl *tmpl,
576 struct xfrm_policy *pol, int *err,
577 unsigned short family)
578 {
579 unsigned int h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
580 struct hlist_node *entry;
581 struct xfrm_state *x, *x0;
582 int acquire_in_progress = 0;
583 int error = 0;
584 struct xfrm_state *best = NULL;
585
586 spin_lock_bh(&xfrm_state_lock);
587 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
588 if (x->props.family == family &&
589 x->props.reqid == tmpl->reqid &&
590 !(x->props.flags & XFRM_STATE_WILDRECV) &&
591 xfrm_state_addr_check(x, daddr, saddr, family) &&
592 tmpl->mode == x->props.mode &&
593 tmpl->id.proto == x->id.proto &&
594 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
595 /* Resolution logic:
596 1. There is a valid state with matching selector.
597 Done.
598 2. Valid state with inappropriate selector. Skip.
599
600 Entering area of "sysdeps".
601
602 3. If state is not valid, selector is temporary,
603 it selects only session which triggered
604 previous resolution. Key manager will do
605 something to install a state with proper
606 selector.
607 */
608 if (x->km.state == XFRM_STATE_VALID) {
609 if (!xfrm_selector_match(&x->sel, fl, x->sel.family) ||
610 !security_xfrm_state_pol_flow_match(x, pol, fl))
611 continue;
612 if (!best ||
613 best->km.dying > x->km.dying ||
614 (best->km.dying == x->km.dying &&
615 best->curlft.add_time < x->curlft.add_time))
616 best = x;
617 } else if (x->km.state == XFRM_STATE_ACQ) {
618 acquire_in_progress = 1;
619 } else if (x->km.state == XFRM_STATE_ERROR ||
620 x->km.state == XFRM_STATE_EXPIRED) {
621 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
622 security_xfrm_state_pol_flow_match(x, pol, fl))
623 error = -ESRCH;
624 }
625 }
626 }
627
628 x = best;
629 if (!x && !error && !acquire_in_progress) {
630 if (tmpl->id.spi &&
631 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
632 tmpl->id.proto, family)) != NULL) {
633 xfrm_state_put(x0);
634 error = -EEXIST;
635 goto out;
636 }
637 x = xfrm_state_alloc();
638 if (x == NULL) {
639 error = -ENOMEM;
640 goto out;
641 }
642 /* Initialize temporary selector matching only
643 * to current session. */
644 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
645
646 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
647 if (error) {
648 x->km.state = XFRM_STATE_DEAD;
649 xfrm_state_put(x);
650 x = NULL;
651 goto out;
652 }
653
654 if (km_query(x, tmpl, pol) == 0) {
655 x->km.state = XFRM_STATE_ACQ;
656 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
657 h = xfrm_src_hash(daddr, saddr, family);
658 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
659 if (x->id.spi) {
660 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
661 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
662 }
663 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
664 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
665 add_timer(&x->timer);
666 xfrm_state_num++;
667 xfrm_hash_grow_check(x->bydst.next != NULL);
668 } else {
669 x->km.state = XFRM_STATE_DEAD;
670 xfrm_state_put(x);
671 x = NULL;
672 error = -ESRCH;
673 }
674 }
675 out:
676 if (x)
677 xfrm_state_hold(x);
678 else
679 *err = acquire_in_progress ? -EAGAIN : error;
680 spin_unlock_bh(&xfrm_state_lock);
681 return x;
682 }
683
684 struct xfrm_state *
685 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
686 unsigned short family, u8 mode, u8 proto, u32 reqid)
687 {
688 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
689 struct xfrm_state *rx = NULL, *x = NULL;
690 struct hlist_node *entry;
691
692 spin_lock(&xfrm_state_lock);
693 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
694 if (x->props.family == family &&
695 x->props.reqid == reqid &&
696 !(x->props.flags & XFRM_STATE_WILDRECV) &&
697 xfrm_state_addr_check(x, daddr, saddr, family) &&
698 mode == x->props.mode &&
699 proto == x->id.proto &&
700 x->km.state == XFRM_STATE_VALID) {
701 rx = x;
702 break;
703 }
704 }
705
706 if (rx)
707 xfrm_state_hold(rx);
708 spin_unlock(&xfrm_state_lock);
709
710
711 return rx;
712 }
713 EXPORT_SYMBOL(xfrm_stateonly_find);
714
715 static void __xfrm_state_insert(struct xfrm_state *x)
716 {
717 unsigned int h;
718
719 x->genid = ++xfrm_state_genid;
720
721 h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
722 x->props.reqid, x->props.family);
723 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
724
725 h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
726 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
727
728 if (x->id.spi) {
729 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
730 x->props.family);
731
732 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
733 }
734
735 mod_timer(&x->timer, jiffies + HZ);
736 if (x->replay_maxage)
737 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
738
739 wake_up(&km_waitq);
740
741 xfrm_state_num++;
742
743 xfrm_hash_grow_check(x->bydst.next != NULL);
744 }
745
746 /* xfrm_state_lock is held */
747 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
748 {
749 unsigned short family = xnew->props.family;
750 u32 reqid = xnew->props.reqid;
751 struct xfrm_state *x;
752 struct hlist_node *entry;
753 unsigned int h;
754
755 h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
756 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
757 if (x->props.family == family &&
758 x->props.reqid == reqid &&
759 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
760 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
761 x->genid = xfrm_state_genid;
762 }
763 }
764
765 void xfrm_state_insert(struct xfrm_state *x)
766 {
767 spin_lock_bh(&xfrm_state_lock);
768 __xfrm_state_bump_genids(x);
769 __xfrm_state_insert(x);
770 spin_unlock_bh(&xfrm_state_lock);
771 }
772 EXPORT_SYMBOL(xfrm_state_insert);
773
774 /* xfrm_state_lock is held */
775 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
776 {
777 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
778 struct hlist_node *entry;
779 struct xfrm_state *x;
780
781 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
782 if (x->props.reqid != reqid ||
783 x->props.mode != mode ||
784 x->props.family != family ||
785 x->km.state != XFRM_STATE_ACQ ||
786 x->id.spi != 0 ||
787 x->id.proto != proto)
788 continue;
789
790 switch (family) {
791 case AF_INET:
792 if (x->id.daddr.a4 != daddr->a4 ||
793 x->props.saddr.a4 != saddr->a4)
794 continue;
795 break;
796 case AF_INET6:
797 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
798 (struct in6_addr *)daddr) ||
799 !ipv6_addr_equal((struct in6_addr *)
800 x->props.saddr.a6,
801 (struct in6_addr *)saddr))
802 continue;
803 break;
804 }
805
806 xfrm_state_hold(x);
807 return x;
808 }
809
810 if (!create)
811 return NULL;
812
813 x = xfrm_state_alloc();
814 if (likely(x)) {
815 switch (family) {
816 case AF_INET:
817 x->sel.daddr.a4 = daddr->a4;
818 x->sel.saddr.a4 = saddr->a4;
819 x->sel.prefixlen_d = 32;
820 x->sel.prefixlen_s = 32;
821 x->props.saddr.a4 = saddr->a4;
822 x->id.daddr.a4 = daddr->a4;
823 break;
824
825 case AF_INET6:
826 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
827 (struct in6_addr *)daddr);
828 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
829 (struct in6_addr *)saddr);
830 x->sel.prefixlen_d = 128;
831 x->sel.prefixlen_s = 128;
832 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
833 (struct in6_addr *)saddr);
834 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
835 (struct in6_addr *)daddr);
836 break;
837 }
838
839 x->km.state = XFRM_STATE_ACQ;
840 x->id.proto = proto;
841 x->props.family = family;
842 x->props.mode = mode;
843 x->props.reqid = reqid;
844 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
845 xfrm_state_hold(x);
846 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
847 add_timer(&x->timer);
848 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
849 h = xfrm_src_hash(daddr, saddr, family);
850 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
851
852 xfrm_state_num++;
853
854 xfrm_hash_grow_check(x->bydst.next != NULL);
855 }
856
857 return x;
858 }
859
860 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
861
862 int xfrm_state_add(struct xfrm_state *x)
863 {
864 struct xfrm_state *x1;
865 int family;
866 int err;
867 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
868
869 family = x->props.family;
870
871 spin_lock_bh(&xfrm_state_lock);
872
873 x1 = __xfrm_state_locate(x, use_spi, family);
874 if (x1) {
875 xfrm_state_put(x1);
876 x1 = NULL;
877 err = -EEXIST;
878 goto out;
879 }
880
881 if (use_spi && x->km.seq) {
882 x1 = __xfrm_find_acq_byseq(x->km.seq);
883 if (x1 && ((x1->id.proto != x->id.proto) ||
884 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
885 xfrm_state_put(x1);
886 x1 = NULL;
887 }
888 }
889
890 if (use_spi && !x1)
891 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
892 x->id.proto,
893 &x->id.daddr, &x->props.saddr, 0);
894
895 __xfrm_state_bump_genids(x);
896 __xfrm_state_insert(x);
897 err = 0;
898
899 out:
900 spin_unlock_bh(&xfrm_state_lock);
901
902 if (x1) {
903 xfrm_state_delete(x1);
904 xfrm_state_put(x1);
905 }
906
907 return err;
908 }
909 EXPORT_SYMBOL(xfrm_state_add);
910
911 #ifdef CONFIG_XFRM_MIGRATE
912 struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
913 {
914 int err = -ENOMEM;
915 struct xfrm_state *x = xfrm_state_alloc();
916 if (!x)
917 goto error;
918
919 memcpy(&x->id, &orig->id, sizeof(x->id));
920 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
921 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
922 x->props.mode = orig->props.mode;
923 x->props.replay_window = orig->props.replay_window;
924 x->props.reqid = orig->props.reqid;
925 x->props.family = orig->props.family;
926 x->props.saddr = orig->props.saddr;
927
928 if (orig->aalg) {
929 x->aalg = xfrm_algo_clone(orig->aalg);
930 if (!x->aalg)
931 goto error;
932 }
933 x->props.aalgo = orig->props.aalgo;
934
935 if (orig->ealg) {
936 x->ealg = xfrm_algo_clone(orig->ealg);
937 if (!x->ealg)
938 goto error;
939 }
940 x->props.ealgo = orig->props.ealgo;
941
942 if (orig->calg) {
943 x->calg = xfrm_algo_clone(orig->calg);
944 if (!x->calg)
945 goto error;
946 }
947 x->props.calgo = orig->props.calgo;
948
949 if (orig->encap) {
950 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
951 if (!x->encap)
952 goto error;
953 }
954
955 if (orig->coaddr) {
956 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
957 GFP_KERNEL);
958 if (!x->coaddr)
959 goto error;
960 }
961
962 err = xfrm_init_state(x);
963 if (err)
964 goto error;
965
966 x->props.flags = orig->props.flags;
967
968 x->curlft.add_time = orig->curlft.add_time;
969 x->km.state = orig->km.state;
970 x->km.seq = orig->km.seq;
971
972 return x;
973
974 error:
975 if (errp)
976 *errp = err;
977 if (x) {
978 kfree(x->aalg);
979 kfree(x->ealg);
980 kfree(x->calg);
981 kfree(x->encap);
982 kfree(x->coaddr);
983 }
984 kfree(x);
985 return NULL;
986 }
987 EXPORT_SYMBOL(xfrm_state_clone);
988
989 /* xfrm_state_lock is held */
990 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
991 {
992 unsigned int h;
993 struct xfrm_state *x;
994 struct hlist_node *entry;
995
996 if (m->reqid) {
997 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
998 m->reqid, m->old_family);
999 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1000 if (x->props.mode != m->mode ||
1001 x->id.proto != m->proto)
1002 continue;
1003 if (m->reqid && x->props.reqid != m->reqid)
1004 continue;
1005 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1006 m->old_family) ||
1007 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1008 m->old_family))
1009 continue;
1010 xfrm_state_hold(x);
1011 return x;
1012 }
1013 } else {
1014 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1015 m->old_family);
1016 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
1017 if (x->props.mode != m->mode ||
1018 x->id.proto != m->proto)
1019 continue;
1020 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1021 m->old_family) ||
1022 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1023 m->old_family))
1024 continue;
1025 xfrm_state_hold(x);
1026 return x;
1027 }
1028 }
1029
1030 return NULL;
1031 }
1032 EXPORT_SYMBOL(xfrm_migrate_state_find);
1033
1034 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1035 struct xfrm_migrate *m)
1036 {
1037 struct xfrm_state *xc;
1038 int err;
1039
1040 xc = xfrm_state_clone(x, &err);
1041 if (!xc)
1042 return NULL;
1043
1044 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1045 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1046
1047 /* add state */
1048 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1049 /* a care is needed when the destination address of the
1050 state is to be updated as it is a part of triplet */
1051 xfrm_state_insert(xc);
1052 } else {
1053 if ((err = xfrm_state_add(xc)) < 0)
1054 goto error;
1055 }
1056
1057 return xc;
1058 error:
1059 kfree(xc);
1060 return NULL;
1061 }
1062 EXPORT_SYMBOL(xfrm_state_migrate);
1063 #endif
1064
1065 int xfrm_state_update(struct xfrm_state *x)
1066 {
1067 struct xfrm_state *x1;
1068 int err;
1069 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1070
1071 spin_lock_bh(&xfrm_state_lock);
1072 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1073
1074 err = -ESRCH;
1075 if (!x1)
1076 goto out;
1077
1078 if (xfrm_state_kern(x1)) {
1079 xfrm_state_put(x1);
1080 err = -EEXIST;
1081 goto out;
1082 }
1083
1084 if (x1->km.state == XFRM_STATE_ACQ) {
1085 __xfrm_state_insert(x);
1086 x = NULL;
1087 }
1088 err = 0;
1089
1090 out:
1091 spin_unlock_bh(&xfrm_state_lock);
1092
1093 if (err)
1094 return err;
1095
1096 if (!x) {
1097 xfrm_state_delete(x1);
1098 xfrm_state_put(x1);
1099 return 0;
1100 }
1101
1102 err = -EINVAL;
1103 spin_lock_bh(&x1->lock);
1104 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1105 if (x->encap && x1->encap)
1106 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1107 if (x->coaddr && x1->coaddr) {
1108 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1109 }
1110 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1111 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1112 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1113 x1->km.dying = 0;
1114
1115 mod_timer(&x1->timer, jiffies + HZ);
1116 if (x1->curlft.use_time)
1117 xfrm_state_check_expire(x1);
1118
1119 err = 0;
1120 }
1121 spin_unlock_bh(&x1->lock);
1122
1123 xfrm_state_put(x1);
1124
1125 return err;
1126 }
1127 EXPORT_SYMBOL(xfrm_state_update);
1128
1129 int xfrm_state_check_expire(struct xfrm_state *x)
1130 {
1131 if (!x->curlft.use_time)
1132 x->curlft.use_time = get_seconds();
1133
1134 if (x->km.state != XFRM_STATE_VALID)
1135 return -EINVAL;
1136
1137 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1138 x->curlft.packets >= x->lft.hard_packet_limit) {
1139 x->km.state = XFRM_STATE_EXPIRED;
1140 mod_timer(&x->timer, jiffies);
1141 return -EINVAL;
1142 }
1143
1144 if (!x->km.dying &&
1145 (x->curlft.bytes >= x->lft.soft_byte_limit ||
1146 x->curlft.packets >= x->lft.soft_packet_limit)) {
1147 x->km.dying = 1;
1148 km_state_expired(x, 0, 0);
1149 }
1150 return 0;
1151 }
1152 EXPORT_SYMBOL(xfrm_state_check_expire);
1153
1154 struct xfrm_state *
1155 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1156 unsigned short family)
1157 {
1158 struct xfrm_state *x;
1159
1160 spin_lock_bh(&xfrm_state_lock);
1161 x = __xfrm_state_lookup(daddr, spi, proto, family);
1162 spin_unlock_bh(&xfrm_state_lock);
1163 return x;
1164 }
1165 EXPORT_SYMBOL(xfrm_state_lookup);
1166
1167 struct xfrm_state *
1168 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1169 u8 proto, unsigned short family)
1170 {
1171 struct xfrm_state *x;
1172
1173 spin_lock_bh(&xfrm_state_lock);
1174 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
1175 spin_unlock_bh(&xfrm_state_lock);
1176 return x;
1177 }
1178 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1179
1180 struct xfrm_state *
1181 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1182 xfrm_address_t *daddr, xfrm_address_t *saddr,
1183 int create, unsigned short family)
1184 {
1185 struct xfrm_state *x;
1186
1187 spin_lock_bh(&xfrm_state_lock);
1188 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1189 spin_unlock_bh(&xfrm_state_lock);
1190
1191 return x;
1192 }
1193 EXPORT_SYMBOL(xfrm_find_acq);
1194
1195 #ifdef CONFIG_XFRM_SUB_POLICY
1196 int
1197 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1198 unsigned short family)
1199 {
1200 int err = 0;
1201 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1202 if (!afinfo)
1203 return -EAFNOSUPPORT;
1204
1205 spin_lock_bh(&xfrm_state_lock);
1206 if (afinfo->tmpl_sort)
1207 err = afinfo->tmpl_sort(dst, src, n);
1208 spin_unlock_bh(&xfrm_state_lock);
1209 xfrm_state_put_afinfo(afinfo);
1210 return err;
1211 }
1212 EXPORT_SYMBOL(xfrm_tmpl_sort);
1213
1214 int
1215 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1216 unsigned short family)
1217 {
1218 int err = 0;
1219 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1220 if (!afinfo)
1221 return -EAFNOSUPPORT;
1222
1223 spin_lock_bh(&xfrm_state_lock);
1224 if (afinfo->state_sort)
1225 err = afinfo->state_sort(dst, src, n);
1226 spin_unlock_bh(&xfrm_state_lock);
1227 xfrm_state_put_afinfo(afinfo);
1228 return err;
1229 }
1230 EXPORT_SYMBOL(xfrm_state_sort);
1231 #endif
1232
1233 /* Silly enough, but I'm lazy to build resolution list */
1234
1235 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1236 {
1237 int i;
1238
1239 for (i = 0; i <= xfrm_state_hmask; i++) {
1240 struct hlist_node *entry;
1241 struct xfrm_state *x;
1242
1243 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1244 if (x->km.seq == seq &&
1245 x->km.state == XFRM_STATE_ACQ) {
1246 xfrm_state_hold(x);
1247 return x;
1248 }
1249 }
1250 }
1251 return NULL;
1252 }
1253
1254 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1255 {
1256 struct xfrm_state *x;
1257
1258 spin_lock_bh(&xfrm_state_lock);
1259 x = __xfrm_find_acq_byseq(seq);
1260 spin_unlock_bh(&xfrm_state_lock);
1261 return x;
1262 }
1263 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1264
1265 u32 xfrm_get_acqseq(void)
1266 {
1267 u32 res;
1268 static u32 acqseq;
1269 static DEFINE_SPINLOCK(acqseq_lock);
1270
1271 spin_lock_bh(&acqseq_lock);
1272 res = (++acqseq ? : ++acqseq);
1273 spin_unlock_bh(&acqseq_lock);
1274 return res;
1275 }
1276 EXPORT_SYMBOL(xfrm_get_acqseq);
1277
1278 void
1279 xfrm_alloc_spi(struct xfrm_state *x, __be32 minspi, __be32 maxspi)
1280 {
1281 unsigned int h;
1282 struct xfrm_state *x0;
1283
1284 if (x->id.spi)
1285 return;
1286
1287 if (minspi == maxspi) {
1288 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1289 if (x0) {
1290 xfrm_state_put(x0);
1291 return;
1292 }
1293 x->id.spi = minspi;
1294 } else {
1295 u32 spi = 0;
1296 u32 low = ntohl(minspi);
1297 u32 high = ntohl(maxspi);
1298 for (h=0; h<high-low+1; h++) {
1299 spi = low + net_random()%(high-low+1);
1300 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1301 if (x0 == NULL) {
1302 x->id.spi = htonl(spi);
1303 break;
1304 }
1305 xfrm_state_put(x0);
1306 }
1307 }
1308 if (x->id.spi) {
1309 spin_lock_bh(&xfrm_state_lock);
1310 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1311 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1312 spin_unlock_bh(&xfrm_state_lock);
1313 }
1314 }
1315 EXPORT_SYMBOL(xfrm_alloc_spi);
1316
1317 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
1318 void *data)
1319 {
1320 int i;
1321 struct xfrm_state *x, *last = NULL;
1322 struct hlist_node *entry;
1323 int count = 0;
1324 int err = 0;
1325
1326 spin_lock_bh(&xfrm_state_lock);
1327 for (i = 0; i <= xfrm_state_hmask; i++) {
1328 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1329 if (!xfrm_id_proto_match(x->id.proto, proto))
1330 continue;
1331 if (last) {
1332 err = func(last, count, data);
1333 if (err)
1334 goto out;
1335 }
1336 last = x;
1337 count++;
1338 }
1339 }
1340 if (count == 0) {
1341 err = -ENOENT;
1342 goto out;
1343 }
1344 err = func(last, 0, data);
1345 out:
1346 spin_unlock_bh(&xfrm_state_lock);
1347 return err;
1348 }
1349 EXPORT_SYMBOL(xfrm_state_walk);
1350
1351
1352 void xfrm_replay_notify(struct xfrm_state *x, int event)
1353 {
1354 struct km_event c;
1355 /* we send notify messages in case
1356 * 1. we updated on of the sequence numbers, and the seqno difference
1357 * is at least x->replay_maxdiff, in this case we also update the
1358 * timeout of our timer function
1359 * 2. if x->replay_maxage has elapsed since last update,
1360 * and there were changes
1361 *
1362 * The state structure must be locked!
1363 */
1364
1365 switch (event) {
1366 case XFRM_REPLAY_UPDATE:
1367 if (x->replay_maxdiff &&
1368 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1369 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1370 if (x->xflags & XFRM_TIME_DEFER)
1371 event = XFRM_REPLAY_TIMEOUT;
1372 else
1373 return;
1374 }
1375
1376 break;
1377
1378 case XFRM_REPLAY_TIMEOUT:
1379 if ((x->replay.seq == x->preplay.seq) &&
1380 (x->replay.bitmap == x->preplay.bitmap) &&
1381 (x->replay.oseq == x->preplay.oseq)) {
1382 x->xflags |= XFRM_TIME_DEFER;
1383 return;
1384 }
1385
1386 break;
1387 }
1388
1389 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1390 c.event = XFRM_MSG_NEWAE;
1391 c.data.aevent = event;
1392 km_state_notify(x, &c);
1393
1394 if (x->replay_maxage &&
1395 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1396 x->xflags &= ~XFRM_TIME_DEFER;
1397 }
1398
1399 static void xfrm_replay_timer_handler(unsigned long data)
1400 {
1401 struct xfrm_state *x = (struct xfrm_state*)data;
1402
1403 spin_lock(&x->lock);
1404
1405 if (x->km.state == XFRM_STATE_VALID) {
1406 if (xfrm_aevent_is_on())
1407 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1408 else
1409 x->xflags |= XFRM_TIME_DEFER;
1410 }
1411
1412 spin_unlock(&x->lock);
1413 }
1414
1415 int xfrm_replay_check(struct xfrm_state *x, __be32 net_seq)
1416 {
1417 u32 diff;
1418 u32 seq = ntohl(net_seq);
1419
1420 if (unlikely(seq == 0))
1421 return -EINVAL;
1422
1423 if (likely(seq > x->replay.seq))
1424 return 0;
1425
1426 diff = x->replay.seq - seq;
1427 if (diff >= min_t(unsigned int, x->props.replay_window,
1428 sizeof(x->replay.bitmap) * 8)) {
1429 x->stats.replay_window++;
1430 return -EINVAL;
1431 }
1432
1433 if (x->replay.bitmap & (1U << diff)) {
1434 x->stats.replay++;
1435 return -EINVAL;
1436 }
1437 return 0;
1438 }
1439 EXPORT_SYMBOL(xfrm_replay_check);
1440
1441 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1442 {
1443 u32 diff;
1444 u32 seq = ntohl(net_seq);
1445
1446 if (seq > x->replay.seq) {
1447 diff = seq - x->replay.seq;
1448 if (diff < x->props.replay_window)
1449 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1450 else
1451 x->replay.bitmap = 1;
1452 x->replay.seq = seq;
1453 } else {
1454 diff = x->replay.seq - seq;
1455 x->replay.bitmap |= (1U << diff);
1456 }
1457
1458 if (xfrm_aevent_is_on())
1459 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1460 }
1461 EXPORT_SYMBOL(xfrm_replay_advance);
1462
1463 static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
1464 static DEFINE_RWLOCK(xfrm_km_lock);
1465
1466 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1467 {
1468 struct xfrm_mgr *km;
1469
1470 read_lock(&xfrm_km_lock);
1471 list_for_each_entry(km, &xfrm_km_list, list)
1472 if (km->notify_policy)
1473 km->notify_policy(xp, dir, c);
1474 read_unlock(&xfrm_km_lock);
1475 }
1476
1477 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1478 {
1479 struct xfrm_mgr *km;
1480 read_lock(&xfrm_km_lock);
1481 list_for_each_entry(km, &xfrm_km_list, list)
1482 if (km->notify)
1483 km->notify(x, c);
1484 read_unlock(&xfrm_km_lock);
1485 }
1486
1487 EXPORT_SYMBOL(km_policy_notify);
1488 EXPORT_SYMBOL(km_state_notify);
1489
1490 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1491 {
1492 struct km_event c;
1493
1494 c.data.hard = hard;
1495 c.pid = pid;
1496 c.event = XFRM_MSG_EXPIRE;
1497 km_state_notify(x, &c);
1498
1499 if (hard)
1500 wake_up(&km_waitq);
1501 }
1502
1503 EXPORT_SYMBOL(km_state_expired);
1504 /*
1505 * We send to all registered managers regardless of failure
1506 * We are happy with one success
1507 */
1508 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1509 {
1510 int err = -EINVAL, acqret;
1511 struct xfrm_mgr *km;
1512
1513 read_lock(&xfrm_km_lock);
1514 list_for_each_entry(km, &xfrm_km_list, list) {
1515 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1516 if (!acqret)
1517 err = acqret;
1518 }
1519 read_unlock(&xfrm_km_lock);
1520 return err;
1521 }
1522 EXPORT_SYMBOL(km_query);
1523
1524 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1525 {
1526 int err = -EINVAL;
1527 struct xfrm_mgr *km;
1528
1529 read_lock(&xfrm_km_lock);
1530 list_for_each_entry(km, &xfrm_km_list, list) {
1531 if (km->new_mapping)
1532 err = km->new_mapping(x, ipaddr, sport);
1533 if (!err)
1534 break;
1535 }
1536 read_unlock(&xfrm_km_lock);
1537 return err;
1538 }
1539 EXPORT_SYMBOL(km_new_mapping);
1540
1541 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1542 {
1543 struct km_event c;
1544
1545 c.data.hard = hard;
1546 c.pid = pid;
1547 c.event = XFRM_MSG_POLEXPIRE;
1548 km_policy_notify(pol, dir, &c);
1549
1550 if (hard)
1551 wake_up(&km_waitq);
1552 }
1553 EXPORT_SYMBOL(km_policy_expired);
1554
1555 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1556 struct xfrm_migrate *m, int num_migrate)
1557 {
1558 int err = -EINVAL;
1559 int ret;
1560 struct xfrm_mgr *km;
1561
1562 read_lock(&xfrm_km_lock);
1563 list_for_each_entry(km, &xfrm_km_list, list) {
1564 if (km->migrate) {
1565 ret = km->migrate(sel, dir, type, m, num_migrate);
1566 if (!ret)
1567 err = ret;
1568 }
1569 }
1570 read_unlock(&xfrm_km_lock);
1571 return err;
1572 }
1573 EXPORT_SYMBOL(km_migrate);
1574
1575 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1576 {
1577 int err = -EINVAL;
1578 int ret;
1579 struct xfrm_mgr *km;
1580
1581 read_lock(&xfrm_km_lock);
1582 list_for_each_entry(km, &xfrm_km_list, list) {
1583 if (km->report) {
1584 ret = km->report(proto, sel, addr);
1585 if (!ret)
1586 err = ret;
1587 }
1588 }
1589 read_unlock(&xfrm_km_lock);
1590 return err;
1591 }
1592 EXPORT_SYMBOL(km_report);
1593
1594 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1595 {
1596 int err;
1597 u8 *data;
1598 struct xfrm_mgr *km;
1599 struct xfrm_policy *pol = NULL;
1600
1601 if (optlen <= 0 || optlen > PAGE_SIZE)
1602 return -EMSGSIZE;
1603
1604 data = kmalloc(optlen, GFP_KERNEL);
1605 if (!data)
1606 return -ENOMEM;
1607
1608 err = -EFAULT;
1609 if (copy_from_user(data, optval, optlen))
1610 goto out;
1611
1612 err = -EINVAL;
1613 read_lock(&xfrm_km_lock);
1614 list_for_each_entry(km, &xfrm_km_list, list) {
1615 pol = km->compile_policy(sk, optname, data,
1616 optlen, &err);
1617 if (err >= 0)
1618 break;
1619 }
1620 read_unlock(&xfrm_km_lock);
1621
1622 if (err >= 0) {
1623 xfrm_sk_policy_insert(sk, err, pol);
1624 xfrm_pol_put(pol);
1625 err = 0;
1626 }
1627
1628 out:
1629 kfree(data);
1630 return err;
1631 }
1632 EXPORT_SYMBOL(xfrm_user_policy);
1633
1634 int xfrm_register_km(struct xfrm_mgr *km)
1635 {
1636 write_lock_bh(&xfrm_km_lock);
1637 list_add_tail(&km->list, &xfrm_km_list);
1638 write_unlock_bh(&xfrm_km_lock);
1639 return 0;
1640 }
1641 EXPORT_SYMBOL(xfrm_register_km);
1642
1643 int xfrm_unregister_km(struct xfrm_mgr *km)
1644 {
1645 write_lock_bh(&xfrm_km_lock);
1646 list_del(&km->list);
1647 write_unlock_bh(&xfrm_km_lock);
1648 return 0;
1649 }
1650 EXPORT_SYMBOL(xfrm_unregister_km);
1651
1652 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1653 {
1654 int err = 0;
1655 if (unlikely(afinfo == NULL))
1656 return -EINVAL;
1657 if (unlikely(afinfo->family >= NPROTO))
1658 return -EAFNOSUPPORT;
1659 write_lock_bh(&xfrm_state_afinfo_lock);
1660 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1661 err = -ENOBUFS;
1662 else
1663 xfrm_state_afinfo[afinfo->family] = afinfo;
1664 write_unlock_bh(&xfrm_state_afinfo_lock);
1665 return err;
1666 }
1667 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1668
1669 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1670 {
1671 int err = 0;
1672 if (unlikely(afinfo == NULL))
1673 return -EINVAL;
1674 if (unlikely(afinfo->family >= NPROTO))
1675 return -EAFNOSUPPORT;
1676 write_lock_bh(&xfrm_state_afinfo_lock);
1677 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1678 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1679 err = -EINVAL;
1680 else
1681 xfrm_state_afinfo[afinfo->family] = NULL;
1682 }
1683 write_unlock_bh(&xfrm_state_afinfo_lock);
1684 return err;
1685 }
1686 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1687
1688 struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
1689 {
1690 struct xfrm_state_afinfo *afinfo;
1691 if (unlikely(family >= NPROTO))
1692 return NULL;
1693 read_lock(&xfrm_state_afinfo_lock);
1694 afinfo = xfrm_state_afinfo[family];
1695 if (unlikely(!afinfo))
1696 read_unlock(&xfrm_state_afinfo_lock);
1697 return afinfo;
1698 }
1699
1700 void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1701 {
1702 read_unlock(&xfrm_state_afinfo_lock);
1703 }
1704
1705 EXPORT_SYMBOL(xfrm_state_get_afinfo);
1706 EXPORT_SYMBOL(xfrm_state_put_afinfo);
1707
1708 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1709 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1710 {
1711 if (x->tunnel) {
1712 struct xfrm_state *t = x->tunnel;
1713
1714 if (atomic_read(&t->tunnel_users) == 2)
1715 xfrm_state_delete(t);
1716 atomic_dec(&t->tunnel_users);
1717 xfrm_state_put(t);
1718 x->tunnel = NULL;
1719 }
1720 }
1721 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1722
1723 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1724 {
1725 int res;
1726
1727 spin_lock_bh(&x->lock);
1728 if (x->km.state == XFRM_STATE_VALID &&
1729 x->type && x->type->get_mtu)
1730 res = x->type->get_mtu(x, mtu);
1731 else
1732 res = mtu - x->props.header_len;
1733 spin_unlock_bh(&x->lock);
1734 return res;
1735 }
1736
1737 int xfrm_init_state(struct xfrm_state *x)
1738 {
1739 struct xfrm_state_afinfo *afinfo;
1740 int family = x->props.family;
1741 int err;
1742
1743 err = -EAFNOSUPPORT;
1744 afinfo = xfrm_state_get_afinfo(family);
1745 if (!afinfo)
1746 goto error;
1747
1748 err = 0;
1749 if (afinfo->init_flags)
1750 err = afinfo->init_flags(x);
1751
1752 xfrm_state_put_afinfo(afinfo);
1753
1754 if (err)
1755 goto error;
1756
1757 err = -EPROTONOSUPPORT;
1758 x->type = xfrm_get_type(x->id.proto, family);
1759 if (x->type == NULL)
1760 goto error;
1761
1762 err = x->type->init_state(x);
1763 if (err)
1764 goto error;
1765
1766 x->mode = xfrm_get_mode(x->props.mode, family);
1767 if (x->mode == NULL)
1768 goto error;
1769
1770 x->km.state = XFRM_STATE_VALID;
1771
1772 error:
1773 return err;
1774 }
1775
1776 EXPORT_SYMBOL(xfrm_init_state);
1777
1778 void __init xfrm_state_init(void)
1779 {
1780 unsigned int sz;
1781
1782 sz = sizeof(struct hlist_head) * 8;
1783
1784 xfrm_state_bydst = xfrm_hash_alloc(sz);
1785 xfrm_state_bysrc = xfrm_hash_alloc(sz);
1786 xfrm_state_byspi = xfrm_hash_alloc(sz);
1787 if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
1788 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
1789 xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1790
1791 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
1792 }
1793
1794 #ifdef CONFIG_AUDITSYSCALL
1795 static inline void xfrm_audit_common_stateinfo(struct xfrm_state *x,
1796 struct audit_buffer *audit_buf)
1797 {
1798 if (x->security)
1799 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
1800 x->security->ctx_alg, x->security->ctx_doi,
1801 x->security->ctx_str);
1802
1803 switch(x->props.family) {
1804 case AF_INET:
1805 audit_log_format(audit_buf, " src=%u.%u.%u.%u dst=%u.%u.%u.%u",
1806 NIPQUAD(x->props.saddr.a4),
1807 NIPQUAD(x->id.daddr.a4));
1808 break;
1809 case AF_INET6:
1810 {
1811 struct in6_addr saddr6, daddr6;
1812
1813 memcpy(&saddr6, x->props.saddr.a6,
1814 sizeof(struct in6_addr));
1815 memcpy(&daddr6, x->id.daddr.a6,
1816 sizeof(struct in6_addr));
1817 audit_log_format(audit_buf,
1818 " src=" NIP6_FMT " dst=" NIP6_FMT,
1819 NIP6(saddr6), NIP6(daddr6));
1820 }
1821 break;
1822 }
1823 }
1824
1825 void
1826 xfrm_audit_state_add(struct xfrm_state *x, int result, u32 auid, u32 sid)
1827 {
1828 struct audit_buffer *audit_buf;
1829 extern int audit_enabled;
1830
1831 if (audit_enabled == 0)
1832 return;
1833 audit_buf = xfrm_audit_start(sid, auid);
1834 if (audit_buf == NULL)
1835 return;
1836 audit_log_format(audit_buf, " op=SAD-add res=%u",result);
1837 xfrm_audit_common_stateinfo(x, audit_buf);
1838 audit_log_format(audit_buf, " spi=%lu(0x%lx)",
1839 (unsigned long)x->id.spi, (unsigned long)x->id.spi);
1840 audit_log_end(audit_buf);
1841 }
1842 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
1843
1844 void
1845 xfrm_audit_state_delete(struct xfrm_state *x, int result, u32 auid, u32 sid)
1846 {
1847 struct audit_buffer *audit_buf;
1848 extern int audit_enabled;
1849
1850 if (audit_enabled == 0)
1851 return;
1852 audit_buf = xfrm_audit_start(sid, auid);
1853 if (audit_buf == NULL)
1854 return;
1855 audit_log_format(audit_buf, " op=SAD-delete res=%u",result);
1856 xfrm_audit_common_stateinfo(x, audit_buf);
1857 audit_log_format(audit_buf, " spi=%lu(0x%lx)",
1858 (unsigned long)x->id.spi, (unsigned long)x->id.spi);
1859 audit_log_end(audit_buf);
1860 }
1861 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
1862 #endif /* CONFIG_AUDITSYSCALL */
Linux kernel - Deliverables
This page took 0.073323 seconds and 6 git commands to generate.