projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[IPSEC]: Move xfrm_state_check into xfrm_output.c
[deliverable/linux.git] / net / xfrm / xfrm_state.c
1 /*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
13 *
14 */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <linux/cache.h>
22 #include <asm/uaccess.h>
23
24 #include "xfrm_hash.h"
25
26 struct sock *xfrm_nl;
27 EXPORT_SYMBOL(xfrm_nl);
28
29 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
30 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
31
32 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
33 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
34
35 u32 sysctl_xfrm_acq_expires __read_mostly = 30;
36
37 /* Each xfrm_state may be linked to two tables:
38
39 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
40 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
41 destination/tunnel endpoint. (output)
42 */
43
44 static DEFINE_SPINLOCK(xfrm_state_lock);
45
46 /* Hash table to find appropriate SA towards given target (endpoint
47 * of tunnel or destination of transport mode) allowed by selector.
48 *
49 * Main use is finding SA after policy selected tunnel or transport mode.
50 * Also, it can be used by ah/esp icmp error handler to find offending SA.
51 */
52 static struct hlist_head *xfrm_state_bydst __read_mostly;
53 static struct hlist_head *xfrm_state_bysrc __read_mostly;
54 static struct hlist_head *xfrm_state_byspi __read_mostly;
55 static unsigned int xfrm_state_hmask __read_mostly;
56 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
57 static unsigned int xfrm_state_num;
58 static unsigned int xfrm_state_genid;
59
60 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
61 xfrm_address_t *saddr,
62 u32 reqid,
63 unsigned short family)
64 {
65 return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
66 }
67
68 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
69 xfrm_address_t *saddr,
70 unsigned short family)
71 {
72 return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
73 }
74
75 static inline unsigned int
76 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
77 {
78 return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
79 }
80
81 static void xfrm_hash_transfer(struct hlist_head *list,
82 struct hlist_head *ndsttable,
83 struct hlist_head *nsrctable,
84 struct hlist_head *nspitable,
85 unsigned int nhashmask)
86 {
87 struct hlist_node *entry, *tmp;
88 struct xfrm_state *x;
89
90 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
91 unsigned int h;
92
93 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
94 x->props.reqid, x->props.family,
95 nhashmask);
96 hlist_add_head(&x->bydst, ndsttable+h);
97
98 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
99 x->props.family,
100 nhashmask);
101 hlist_add_head(&x->bysrc, nsrctable+h);
102
103 if (x->id.spi) {
104 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
105 x->id.proto, x->props.family,
106 nhashmask);
107 hlist_add_head(&x->byspi, nspitable+h);
108 }
109 }
110 }
111
112 static unsigned long xfrm_hash_new_size(void)
113 {
114 return ((xfrm_state_hmask + 1) << 1) *
115 sizeof(struct hlist_head);
116 }
117
118 static DEFINE_MUTEX(hash_resize_mutex);
119
120 static void xfrm_hash_resize(struct work_struct *__unused)
121 {
122 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
123 unsigned long nsize, osize;
124 unsigned int nhashmask, ohashmask;
125 int i;
126
127 mutex_lock(&hash_resize_mutex);
128
129 nsize = xfrm_hash_new_size();
130 ndst = xfrm_hash_alloc(nsize);
131 if (!ndst)
132 goto out_unlock;
133 nsrc = xfrm_hash_alloc(nsize);
134 if (!nsrc) {
135 xfrm_hash_free(ndst, nsize);
136 goto out_unlock;
137 }
138 nspi = xfrm_hash_alloc(nsize);
139 if (!nspi) {
140 xfrm_hash_free(ndst, nsize);
141 xfrm_hash_free(nsrc, nsize);
142 goto out_unlock;
143 }
144
145 spin_lock_bh(&xfrm_state_lock);
146
147 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
148 for (i = xfrm_state_hmask; i >= 0; i--)
149 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
150 nhashmask);
151
152 odst = xfrm_state_bydst;
153 osrc = xfrm_state_bysrc;
154 ospi = xfrm_state_byspi;
155 ohashmask = xfrm_state_hmask;
156
157 xfrm_state_bydst = ndst;
158 xfrm_state_bysrc = nsrc;
159 xfrm_state_byspi = nspi;
160 xfrm_state_hmask = nhashmask;
161
162 spin_unlock_bh(&xfrm_state_lock);
163
164 osize = (ohashmask + 1) * sizeof(struct hlist_head);
165 xfrm_hash_free(odst, osize);
166 xfrm_hash_free(osrc, osize);
167 xfrm_hash_free(ospi, osize);
168
169 out_unlock:
170 mutex_unlock(&hash_resize_mutex);
171 }
172
173 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
174
175 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
176 EXPORT_SYMBOL(km_waitq);
177
178 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
179 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
180
181 static struct work_struct xfrm_state_gc_work;
182 static HLIST_HEAD(xfrm_state_gc_list);
183 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
184
185 int __xfrm_state_delete(struct xfrm_state *x);
186
187 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
188 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
189
190 static void xfrm_state_gc_destroy(struct xfrm_state *x)
191 {
192 del_timer_sync(&x->timer);
193 del_timer_sync(&x->rtimer);
194 kfree(x->aalg);
195 kfree(x->ealg);
196 kfree(x->calg);
197 kfree(x->encap);
198 kfree(x->coaddr);
199 if (x->mode)
200 xfrm_put_mode(x->mode);
201 if (x->type) {
202 x->type->destructor(x);
203 xfrm_put_type(x->type);
204 }
205 security_xfrm_state_free(x);
206 kfree(x);
207 }
208
209 static void xfrm_state_gc_task(struct work_struct *data)
210 {
211 struct xfrm_state *x;
212 struct hlist_node *entry, *tmp;
213 struct hlist_head gc_list;
214
215 spin_lock_bh(&xfrm_state_gc_lock);
216 gc_list.first = xfrm_state_gc_list.first;
217 INIT_HLIST_HEAD(&xfrm_state_gc_list);
218 spin_unlock_bh(&xfrm_state_gc_lock);
219
220 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, bydst)
221 xfrm_state_gc_destroy(x);
222
223 wake_up(&km_waitq);
224 }
225
226 static inline unsigned long make_jiffies(long secs)
227 {
228 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
229 return MAX_SCHEDULE_TIMEOUT-1;
230 else
231 return secs*HZ;
232 }
233
234 static void xfrm_timer_handler(unsigned long data)
235 {
236 struct xfrm_state *x = (struct xfrm_state*)data;
237 unsigned long now = get_seconds();
238 long next = LONG_MAX;
239 int warn = 0;
240 int err = 0;
241
242 spin_lock(&x->lock);
243 if (x->km.state == XFRM_STATE_DEAD)
244 goto out;
245 if (x->km.state == XFRM_STATE_EXPIRED)
246 goto expired;
247 if (x->lft.hard_add_expires_seconds) {
248 long tmo = x->lft.hard_add_expires_seconds +
249 x->curlft.add_time - now;
250 if (tmo <= 0)
251 goto expired;
252 if (tmo < next)
253 next = tmo;
254 }
255 if (x->lft.hard_use_expires_seconds) {
256 long tmo = x->lft.hard_use_expires_seconds +
257 (x->curlft.use_time ? : now) - now;
258 if (tmo <= 0)
259 goto expired;
260 if (tmo < next)
261 next = tmo;
262 }
263 if (x->km.dying)
264 goto resched;
265 if (x->lft.soft_add_expires_seconds) {
266 long tmo = x->lft.soft_add_expires_seconds +
267 x->curlft.add_time - now;
268 if (tmo <= 0)
269 warn = 1;
270 else if (tmo < next)
271 next = tmo;
272 }
273 if (x->lft.soft_use_expires_seconds) {
274 long tmo = x->lft.soft_use_expires_seconds +
275 (x->curlft.use_time ? : now) - now;
276 if (tmo <= 0)
277 warn = 1;
278 else if (tmo < next)
279 next = tmo;
280 }
281
282 x->km.dying = warn;
283 if (warn)
284 km_state_expired(x, 0, 0);
285 resched:
286 if (next != LONG_MAX)
287 mod_timer(&x->timer, jiffies + make_jiffies(next));
288
289 goto out;
290
291 expired:
292 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
293 x->km.state = XFRM_STATE_EXPIRED;
294 wake_up(&km_waitq);
295 next = 2;
296 goto resched;
297 }
298
299 err = __xfrm_state_delete(x);
300 if (!err && x->id.spi)
301 km_state_expired(x, 1, 0);
302
303 xfrm_audit_state_delete(x, err ? 0 : 1,
304 audit_get_loginuid(current->audit_context), 0);
305
306 out:
307 spin_unlock(&x->lock);
308 }
309
310 static void xfrm_replay_timer_handler(unsigned long data);
311
312 struct xfrm_state *xfrm_state_alloc(void)
313 {
314 struct xfrm_state *x;
315
316 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
317
318 if (x) {
319 atomic_set(&x->refcnt, 1);
320 atomic_set(&x->tunnel_users, 0);
321 INIT_HLIST_NODE(&x->bydst);
322 INIT_HLIST_NODE(&x->bysrc);
323 INIT_HLIST_NODE(&x->byspi);
324 init_timer(&x->timer);
325 x->timer.function = xfrm_timer_handler;
326 x->timer.data = (unsigned long)x;
327 init_timer(&x->rtimer);
328 x->rtimer.function = xfrm_replay_timer_handler;
329 x->rtimer.data = (unsigned long)x;
330 x->curlft.add_time = get_seconds();
331 x->lft.soft_byte_limit = XFRM_INF;
332 x->lft.soft_packet_limit = XFRM_INF;
333 x->lft.hard_byte_limit = XFRM_INF;
334 x->lft.hard_packet_limit = XFRM_INF;
335 x->replay_maxage = 0;
336 x->replay_maxdiff = 0;
337 spin_lock_init(&x->lock);
338 }
339 return x;
340 }
341 EXPORT_SYMBOL(xfrm_state_alloc);
342
343 void __xfrm_state_destroy(struct xfrm_state *x)
344 {
345 BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
346
347 spin_lock_bh(&xfrm_state_gc_lock);
348 hlist_add_head(&x->bydst, &xfrm_state_gc_list);
349 spin_unlock_bh(&xfrm_state_gc_lock);
350 schedule_work(&xfrm_state_gc_work);
351 }
352 EXPORT_SYMBOL(__xfrm_state_destroy);
353
354 int __xfrm_state_delete(struct xfrm_state *x)
355 {
356 int err = -ESRCH;
357
358 if (x->km.state != XFRM_STATE_DEAD) {
359 x->km.state = XFRM_STATE_DEAD;
360 spin_lock(&xfrm_state_lock);
361 hlist_del(&x->bydst);
362 hlist_del(&x->bysrc);
363 if (x->id.spi)
364 hlist_del(&x->byspi);
365 xfrm_state_num--;
366 spin_unlock(&xfrm_state_lock);
367
368 /* All xfrm_state objects are created by xfrm_state_alloc.
369 * The xfrm_state_alloc call gives a reference, and that
370 * is what we are dropping here.
371 */
372 __xfrm_state_put(x);
373 err = 0;
374 }
375
376 return err;
377 }
378 EXPORT_SYMBOL(__xfrm_state_delete);
379
380 int xfrm_state_delete(struct xfrm_state *x)
381 {
382 int err;
383
384 spin_lock_bh(&x->lock);
385 err = __xfrm_state_delete(x);
386 spin_unlock_bh(&x->lock);
387
388 return err;
389 }
390 EXPORT_SYMBOL(xfrm_state_delete);
391
392 #ifdef CONFIG_SECURITY_NETWORK_XFRM
393 static inline int
394 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
395 {
396 int i, err = 0;
397
398 for (i = 0; i <= xfrm_state_hmask; i++) {
399 struct hlist_node *entry;
400 struct xfrm_state *x;
401
402 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
403 if (xfrm_id_proto_match(x->id.proto, proto) &&
404 (err = security_xfrm_state_delete(x)) != 0) {
405 xfrm_audit_state_delete(x, 0,
406 audit_info->loginuid,
407 audit_info->secid);
408 return err;
409 }
410 }
411 }
412
413 return err;
414 }
415 #else
416 static inline int
417 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
418 {
419 return 0;
420 }
421 #endif
422
423 int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
424 {
425 int i, err = 0;
426
427 spin_lock_bh(&xfrm_state_lock);
428 err = xfrm_state_flush_secctx_check(proto, audit_info);
429 if (err)
430 goto out;
431
432 for (i = 0; i <= xfrm_state_hmask; i++) {
433 struct hlist_node *entry;
434 struct xfrm_state *x;
435 restart:
436 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
437 if (!xfrm_state_kern(x) &&
438 xfrm_id_proto_match(x->id.proto, proto)) {
439 xfrm_state_hold(x);
440 spin_unlock_bh(&xfrm_state_lock);
441
442 err = xfrm_state_delete(x);
443 xfrm_audit_state_delete(x, err ? 0 : 1,
444 audit_info->loginuid,
445 audit_info->secid);
446 xfrm_state_put(x);
447
448 spin_lock_bh(&xfrm_state_lock);
449 goto restart;
450 }
451 }
452 }
453 err = 0;
454
455 out:
456 spin_unlock_bh(&xfrm_state_lock);
457 wake_up(&km_waitq);
458 return err;
459 }
460 EXPORT_SYMBOL(xfrm_state_flush);
461
462 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
463 {
464 spin_lock_bh(&xfrm_state_lock);
465 si->sadcnt = xfrm_state_num;
466 si->sadhcnt = xfrm_state_hmask;
467 si->sadhmcnt = xfrm_state_hashmax;
468 spin_unlock_bh(&xfrm_state_lock);
469 }
470 EXPORT_SYMBOL(xfrm_sad_getinfo);
471
472 static int
473 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
474 struct xfrm_tmpl *tmpl,
475 xfrm_address_t *daddr, xfrm_address_t *saddr,
476 unsigned short family)
477 {
478 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
479 if (!afinfo)
480 return -1;
481 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
482 xfrm_state_put_afinfo(afinfo);
483 return 0;
484 }
485
486 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
487 {
488 unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
489 struct xfrm_state *x;
490 struct hlist_node *entry;
491
492 hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
493 if (x->props.family != family ||
494 x->id.spi != spi ||
495 x->id.proto != proto)
496 continue;
497
498 switch (family) {
499 case AF_INET:
500 if (x->id.daddr.a4 != daddr->a4)
501 continue;
502 break;
503 case AF_INET6:
504 if (!ipv6_addr_equal((struct in6_addr *)daddr,
505 (struct in6_addr *)
506 x->id.daddr.a6))
507 continue;
508 break;
509 }
510
511 xfrm_state_hold(x);
512 return x;
513 }
514
515 return NULL;
516 }
517
518 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
519 {
520 unsigned int h = xfrm_src_hash(daddr, saddr, family);
521 struct xfrm_state *x;
522 struct hlist_node *entry;
523
524 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
525 if (x->props.family != family ||
526 x->id.proto != proto)
527 continue;
528
529 switch (family) {
530 case AF_INET:
531 if (x->id.daddr.a4 != daddr->a4 ||
532 x->props.saddr.a4 != saddr->a4)
533 continue;
534 break;
535 case AF_INET6:
536 if (!ipv6_addr_equal((struct in6_addr *)daddr,
537 (struct in6_addr *)
538 x->id.daddr.a6) ||
539 !ipv6_addr_equal((struct in6_addr *)saddr,
540 (struct in6_addr *)
541 x->props.saddr.a6))
542 continue;
543 break;
544 }
545
546 xfrm_state_hold(x);
547 return x;
548 }
549
550 return NULL;
551 }
552
553 static inline struct xfrm_state *
554 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
555 {
556 if (use_spi)
557 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
558 x->id.proto, family);
559 else
560 return __xfrm_state_lookup_byaddr(&x->id.daddr,
561 &x->props.saddr,
562 x->id.proto, family);
563 }
564
565 static void xfrm_hash_grow_check(int have_hash_collision)
566 {
567 if (have_hash_collision &&
568 (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
569 xfrm_state_num > xfrm_state_hmask)
570 schedule_work(&xfrm_hash_work);
571 }
572
573 struct xfrm_state *
574 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
575 struct flowi *fl, struct xfrm_tmpl *tmpl,
576 struct xfrm_policy *pol, int *err,
577 unsigned short family)
578 {
579 unsigned int h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
580 struct hlist_node *entry;
581 struct xfrm_state *x, *x0;
582 int acquire_in_progress = 0;
583 int error = 0;
584 struct xfrm_state *best = NULL;
585
586 spin_lock_bh(&xfrm_state_lock);
587 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
588 if (x->props.family == family &&
589 x->props.reqid == tmpl->reqid &&
590 !(x->props.flags & XFRM_STATE_WILDRECV) &&
591 xfrm_state_addr_check(x, daddr, saddr, family) &&
592 tmpl->mode == x->props.mode &&
593 tmpl->id.proto == x->id.proto &&
594 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
595 /* Resolution logic:
596 1. There is a valid state with matching selector.
597 Done.
598 2. Valid state with inappropriate selector. Skip.
599
600 Entering area of "sysdeps".
601
602 3. If state is not valid, selector is temporary,
603 it selects only session which triggered
604 previous resolution. Key manager will do
605 something to install a state with proper
606 selector.
607 */
608 if (x->km.state == XFRM_STATE_VALID) {
609 if (!xfrm_selector_match(&x->sel, fl, x->sel.family) ||
610 !security_xfrm_state_pol_flow_match(x, pol, fl))
611 continue;
612 if (!best ||
613 best->km.dying > x->km.dying ||
614 (best->km.dying == x->km.dying &&
615 best->curlft.add_time < x->curlft.add_time))
616 best = x;
617 } else if (x->km.state == XFRM_STATE_ACQ) {
618 acquire_in_progress = 1;
619 } else if (x->km.state == XFRM_STATE_ERROR ||
620 x->km.state == XFRM_STATE_EXPIRED) {
621 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
622 security_xfrm_state_pol_flow_match(x, pol, fl))
623 error = -ESRCH;
624 }
625 }
626 }
627
628 x = best;
629 if (!x && !error && !acquire_in_progress) {
630 if (tmpl->id.spi &&
631 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
632 tmpl->id.proto, family)) != NULL) {
633 xfrm_state_put(x0);
634 error = -EEXIST;
635 goto out;
636 }
637 x = xfrm_state_alloc();
638 if (x == NULL) {
639 error = -ENOMEM;
640 goto out;
641 }
642 /* Initialize temporary selector matching only
643 * to current session. */
644 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
645
646 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
647 if (error) {
648 x->km.state = XFRM_STATE_DEAD;
649 xfrm_state_put(x);
650 x = NULL;
651 goto out;
652 }
653
654 if (km_query(x, tmpl, pol) == 0) {
655 x->km.state = XFRM_STATE_ACQ;
656 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
657 h = xfrm_src_hash(daddr, saddr, family);
658 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
659 if (x->id.spi) {
660 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
661 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
662 }
663 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
664 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
665 add_timer(&x->timer);
666 xfrm_state_num++;
667 xfrm_hash_grow_check(x->bydst.next != NULL);
668 } else {
669 x->km.state = XFRM_STATE_DEAD;
670 xfrm_state_put(x);
671 x = NULL;
672 error = -ESRCH;
673 }
674 }
675 out:
676 if (x)
677 xfrm_state_hold(x);
678 else
679 *err = acquire_in_progress ? -EAGAIN : error;
680 spin_unlock_bh(&xfrm_state_lock);
681 return x;
682 }
683
684 struct xfrm_state *
685 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
686 unsigned short family, u8 mode, u8 proto, u32 reqid)
687 {
688 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
689 struct xfrm_state *rx = NULL, *x = NULL;
690 struct hlist_node *entry;
691
692 spin_lock(&xfrm_state_lock);
693 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
694 if (x->props.family == family &&
695 x->props.reqid == reqid &&
696 !(x->props.flags & XFRM_STATE_WILDRECV) &&
697 xfrm_state_addr_check(x, daddr, saddr, family) &&
698 mode == x->props.mode &&
699 proto == x->id.proto &&
700 x->km.state == XFRM_STATE_VALID) {
701 rx = x;
702 break;
703 }
704 }
705
706 if (rx)
707 xfrm_state_hold(rx);
708 spin_unlock(&xfrm_state_lock);
709
710
711 return rx;
712 }
713 EXPORT_SYMBOL(xfrm_stateonly_find);
714
715 static void __xfrm_state_insert(struct xfrm_state *x)
716 {
717 unsigned int h;
718
719 x->genid = ++xfrm_state_genid;
720
721 h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
722 x->props.reqid, x->props.family);
723 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
724
725 h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
726 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
727
728 if (x->id.spi) {
729 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
730 x->props.family);
731
732 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
733 }
734
735 mod_timer(&x->timer, jiffies + HZ);
736 if (x->replay_maxage)
737 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
738
739 wake_up(&km_waitq);
740
741 xfrm_state_num++;
742
743 xfrm_hash_grow_check(x->bydst.next != NULL);
744 }
745
746 /* xfrm_state_lock is held */
747 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
748 {
749 unsigned short family = xnew->props.family;
750 u32 reqid = xnew->props.reqid;
751 struct xfrm_state *x;
752 struct hlist_node *entry;
753 unsigned int h;
754
755 h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
756 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
757 if (x->props.family == family &&
758 x->props.reqid == reqid &&
759 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
760 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
761 x->genid = xfrm_state_genid;
762 }
763 }
764
765 void xfrm_state_insert(struct xfrm_state *x)
766 {
767 spin_lock_bh(&xfrm_state_lock);
768 __xfrm_state_bump_genids(x);
769 __xfrm_state_insert(x);
770 spin_unlock_bh(&xfrm_state_lock);
771 }
772 EXPORT_SYMBOL(xfrm_state_insert);
773
774 /* xfrm_state_lock is held */
775 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
776 {
777 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
778 struct hlist_node *entry;
779 struct xfrm_state *x;
780
781 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
782 if (x->props.reqid != reqid ||
783 x->props.mode != mode ||
784 x->props.family != family ||
785 x->km.state != XFRM_STATE_ACQ ||
786 x->id.spi != 0 ||
787 x->id.proto != proto)
788 continue;
789
790 switch (family) {
791 case AF_INET:
792 if (x->id.daddr.a4 != daddr->a4 ||
793 x->props.saddr.a4 != saddr->a4)
794 continue;
795 break;
796 case AF_INET6:
797 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
798 (struct in6_addr *)daddr) ||
799 !ipv6_addr_equal((struct in6_addr *)
800 x->props.saddr.a6,
801 (struct in6_addr *)saddr))
802 continue;
803 break;
804 }
805
806 xfrm_state_hold(x);
807 return x;
808 }
809
810 if (!create)
811 return NULL;
812
813 x = xfrm_state_alloc();
814 if (likely(x)) {
815 switch (family) {
816 case AF_INET:
817 x->sel.daddr.a4 = daddr->a4;
818 x->sel.saddr.a4 = saddr->a4;
819 x->sel.prefixlen_d = 32;
820 x->sel.prefixlen_s = 32;
821 x->props.saddr.a4 = saddr->a4;
822 x->id.daddr.a4 = daddr->a4;
823 break;
824
825 case AF_INET6:
826 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
827 (struct in6_addr *)daddr);
828 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
829 (struct in6_addr *)saddr);
830 x->sel.prefixlen_d = 128;
831 x->sel.prefixlen_s = 128;
832 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
833 (struct in6_addr *)saddr);
834 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
835 (struct in6_addr *)daddr);
836 break;
837 }
838
839 x->km.state = XFRM_STATE_ACQ;
840 x->id.proto = proto;
841 x->props.family = family;
842 x->props.mode = mode;
843 x->props.reqid = reqid;
844 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
845 xfrm_state_hold(x);
846 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
847 add_timer(&x->timer);
848 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
849 h = xfrm_src_hash(daddr, saddr, family);
850 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
851 wake_up(&km_waitq);
852
853 xfrm_state_num++;
854
855 xfrm_hash_grow_check(x->bydst.next != NULL);
856 }
857
858 return x;
859 }
860
861 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
862
863 int xfrm_state_add(struct xfrm_state *x)
864 {
865 struct xfrm_state *x1;
866 int family;
867 int err;
868 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
869
870 family = x->props.family;
871
872 spin_lock_bh(&xfrm_state_lock);
873
874 x1 = __xfrm_state_locate(x, use_spi, family);
875 if (x1) {
876 xfrm_state_put(x1);
877 x1 = NULL;
878 err = -EEXIST;
879 goto out;
880 }
881
882 if (use_spi && x->km.seq) {
883 x1 = __xfrm_find_acq_byseq(x->km.seq);
884 if (x1 && ((x1->id.proto != x->id.proto) ||
885 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
886 xfrm_state_put(x1);
887 x1 = NULL;
888 }
889 }
890
891 if (use_spi && !x1)
892 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
893 x->id.proto,
894 &x->id.daddr, &x->props.saddr, 0);
895
896 __xfrm_state_bump_genids(x);
897 __xfrm_state_insert(x);
898 err = 0;
899
900 out:
901 spin_unlock_bh(&xfrm_state_lock);
902
903 if (x1) {
904 xfrm_state_delete(x1);
905 xfrm_state_put(x1);
906 }
907
908 return err;
909 }
910 EXPORT_SYMBOL(xfrm_state_add);
911
912 #ifdef CONFIG_XFRM_MIGRATE
913 struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
914 {
915 int err = -ENOMEM;
916 struct xfrm_state *x = xfrm_state_alloc();
917 if (!x)
918 goto error;
919
920 memcpy(&x->id, &orig->id, sizeof(x->id));
921 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
922 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
923 x->props.mode = orig->props.mode;
924 x->props.replay_window = orig->props.replay_window;
925 x->props.reqid = orig->props.reqid;
926 x->props.family = orig->props.family;
927 x->props.saddr = orig->props.saddr;
928
929 if (orig->aalg) {
930 x->aalg = xfrm_algo_clone(orig->aalg);
931 if (!x->aalg)
932 goto error;
933 }
934 x->props.aalgo = orig->props.aalgo;
935
936 if (orig->ealg) {
937 x->ealg = xfrm_algo_clone(orig->ealg);
938 if (!x->ealg)
939 goto error;
940 }
941 x->props.ealgo = orig->props.ealgo;
942
943 if (orig->calg) {
944 x->calg = xfrm_algo_clone(orig->calg);
945 if (!x->calg)
946 goto error;
947 }
948 x->props.calgo = orig->props.calgo;
949
950 if (orig->encap) {
951 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
952 if (!x->encap)
953 goto error;
954 }
955
956 if (orig->coaddr) {
957 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
958 GFP_KERNEL);
959 if (!x->coaddr)
960 goto error;
961 }
962
963 err = xfrm_init_state(x);
964 if (err)
965 goto error;
966
967 x->props.flags = orig->props.flags;
968
969 x->curlft.add_time = orig->curlft.add_time;
970 x->km.state = orig->km.state;
971 x->km.seq = orig->km.seq;
972
973 return x;
974
975 error:
976 if (errp)
977 *errp = err;
978 if (x) {
979 kfree(x->aalg);
980 kfree(x->ealg);
981 kfree(x->calg);
982 kfree(x->encap);
983 kfree(x->coaddr);
984 }
985 kfree(x);
986 return NULL;
987 }
988 EXPORT_SYMBOL(xfrm_state_clone);
989
990 /* xfrm_state_lock is held */
991 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
992 {
993 unsigned int h;
994 struct xfrm_state *x;
995 struct hlist_node *entry;
996
997 if (m->reqid) {
998 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
999 m->reqid, m->old_family);
1000 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1001 if (x->props.mode != m->mode ||
1002 x->id.proto != m->proto)
1003 continue;
1004 if (m->reqid && x->props.reqid != m->reqid)
1005 continue;
1006 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1007 m->old_family) ||
1008 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1009 m->old_family))
1010 continue;
1011 xfrm_state_hold(x);
1012 return x;
1013 }
1014 } else {
1015 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1016 m->old_family);
1017 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
1018 if (x->props.mode != m->mode ||
1019 x->id.proto != m->proto)
1020 continue;
1021 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1022 m->old_family) ||
1023 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1024 m->old_family))
1025 continue;
1026 xfrm_state_hold(x);
1027 return x;
1028 }
1029 }
1030
1031 return NULL;
1032 }
1033 EXPORT_SYMBOL(xfrm_migrate_state_find);
1034
1035 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1036 struct xfrm_migrate *m)
1037 {
1038 struct xfrm_state *xc;
1039 int err;
1040
1041 xc = xfrm_state_clone(x, &err);
1042 if (!xc)
1043 return NULL;
1044
1045 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1046 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1047
1048 /* add state */
1049 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1050 /* a care is needed when the destination address of the
1051 state is to be updated as it is a part of triplet */
1052 xfrm_state_insert(xc);
1053 } else {
1054 if ((err = xfrm_state_add(xc)) < 0)
1055 goto error;
1056 }
1057
1058 return xc;
1059 error:
1060 kfree(xc);
1061 return NULL;
1062 }
1063 EXPORT_SYMBOL(xfrm_state_migrate);
1064 #endif
1065
1066 int xfrm_state_update(struct xfrm_state *x)
1067 {
1068 struct xfrm_state *x1;
1069 int err;
1070 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1071
1072 spin_lock_bh(&xfrm_state_lock);
1073 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1074
1075 err = -ESRCH;
1076 if (!x1)
1077 goto out;
1078
1079 if (xfrm_state_kern(x1)) {
1080 xfrm_state_put(x1);
1081 err = -EEXIST;
1082 goto out;
1083 }
1084
1085 if (x1->km.state == XFRM_STATE_ACQ) {
1086 __xfrm_state_insert(x);
1087 x = NULL;
1088 }
1089 err = 0;
1090
1091 out:
1092 spin_unlock_bh(&xfrm_state_lock);
1093
1094 if (err)
1095 return err;
1096
1097 if (!x) {
1098 xfrm_state_delete(x1);
1099 xfrm_state_put(x1);
1100 return 0;
1101 }
1102
1103 err = -EINVAL;
1104 spin_lock_bh(&x1->lock);
1105 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1106 if (x->encap && x1->encap)
1107 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1108 if (x->coaddr && x1->coaddr) {
1109 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1110 }
1111 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1112 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1113 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1114 x1->km.dying = 0;
1115
1116 mod_timer(&x1->timer, jiffies + HZ);
1117 if (x1->curlft.use_time)
1118 xfrm_state_check_expire(x1);
1119
1120 err = 0;
1121 }
1122 spin_unlock_bh(&x1->lock);
1123
1124 xfrm_state_put(x1);
1125
1126 return err;
1127 }
1128 EXPORT_SYMBOL(xfrm_state_update);
1129
1130 int xfrm_state_check_expire(struct xfrm_state *x)
1131 {
1132 if (!x->curlft.use_time)
1133 x->curlft.use_time = get_seconds();
1134
1135 if (x->km.state != XFRM_STATE_VALID)
1136 return -EINVAL;
1137
1138 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1139 x->curlft.packets >= x->lft.hard_packet_limit) {
1140 x->km.state = XFRM_STATE_EXPIRED;
1141 mod_timer(&x->timer, jiffies);
1142 return -EINVAL;
1143 }
1144
1145 if (!x->km.dying &&
1146 (x->curlft.bytes >= x->lft.soft_byte_limit ||
1147 x->curlft.packets >= x->lft.soft_packet_limit)) {
1148 x->km.dying = 1;
1149 km_state_expired(x, 0, 0);
1150 }
1151 return 0;
1152 }
1153 EXPORT_SYMBOL(xfrm_state_check_expire);
1154
1155 struct xfrm_state *
1156 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1157 unsigned short family)
1158 {
1159 struct xfrm_state *x;
1160
1161 spin_lock_bh(&xfrm_state_lock);
1162 x = __xfrm_state_lookup(daddr, spi, proto, family);
1163 spin_unlock_bh(&xfrm_state_lock);
1164 return x;
1165 }
1166 EXPORT_SYMBOL(xfrm_state_lookup);
1167
1168 struct xfrm_state *
1169 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1170 u8 proto, unsigned short family)
1171 {
1172 struct xfrm_state *x;
1173
1174 spin_lock_bh(&xfrm_state_lock);
1175 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
1176 spin_unlock_bh(&xfrm_state_lock);
1177 return x;
1178 }
1179 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1180
1181 struct xfrm_state *
1182 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1183 xfrm_address_t *daddr, xfrm_address_t *saddr,
1184 int create, unsigned short family)
1185 {
1186 struct xfrm_state *x;
1187
1188 spin_lock_bh(&xfrm_state_lock);
1189 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1190 spin_unlock_bh(&xfrm_state_lock);
1191
1192 return x;
1193 }
1194 EXPORT_SYMBOL(xfrm_find_acq);
1195
1196 #ifdef CONFIG_XFRM_SUB_POLICY
1197 int
1198 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1199 unsigned short family)
1200 {
1201 int err = 0;
1202 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1203 if (!afinfo)
1204 return -EAFNOSUPPORT;
1205
1206 spin_lock_bh(&xfrm_state_lock);
1207 if (afinfo->tmpl_sort)
1208 err = afinfo->tmpl_sort(dst, src, n);
1209 spin_unlock_bh(&xfrm_state_lock);
1210 xfrm_state_put_afinfo(afinfo);
1211 return err;
1212 }
1213 EXPORT_SYMBOL(xfrm_tmpl_sort);
1214
1215 int
1216 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1217 unsigned short family)
1218 {
1219 int err = 0;
1220 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1221 if (!afinfo)
1222 return -EAFNOSUPPORT;
1223
1224 spin_lock_bh(&xfrm_state_lock);
1225 if (afinfo->state_sort)
1226 err = afinfo->state_sort(dst, src, n);
1227 spin_unlock_bh(&xfrm_state_lock);
1228 xfrm_state_put_afinfo(afinfo);
1229 return err;
1230 }
1231 EXPORT_SYMBOL(xfrm_state_sort);
1232 #endif
1233
1234 /* Silly enough, but I'm lazy to build resolution list */
1235
1236 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1237 {
1238 int i;
1239
1240 for (i = 0; i <= xfrm_state_hmask; i++) {
1241 struct hlist_node *entry;
1242 struct xfrm_state *x;
1243
1244 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1245 if (x->km.seq == seq &&
1246 x->km.state == XFRM_STATE_ACQ) {
1247 xfrm_state_hold(x);
1248 return x;
1249 }
1250 }
1251 }
1252 return NULL;
1253 }
1254
1255 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1256 {
1257 struct xfrm_state *x;
1258
1259 spin_lock_bh(&xfrm_state_lock);
1260 x = __xfrm_find_acq_byseq(seq);
1261 spin_unlock_bh(&xfrm_state_lock);
1262 return x;
1263 }
1264 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1265
1266 u32 xfrm_get_acqseq(void)
1267 {
1268 u32 res;
1269 static u32 acqseq;
1270 static DEFINE_SPINLOCK(acqseq_lock);
1271
1272 spin_lock_bh(&acqseq_lock);
1273 res = (++acqseq ? : ++acqseq);
1274 spin_unlock_bh(&acqseq_lock);
1275 return res;
1276 }
1277 EXPORT_SYMBOL(xfrm_get_acqseq);
1278
1279 void
1280 xfrm_alloc_spi(struct xfrm_state *x, __be32 minspi, __be32 maxspi)
1281 {
1282 unsigned int h;
1283 struct xfrm_state *x0;
1284
1285 if (x->id.spi)
1286 return;
1287
1288 if (minspi == maxspi) {
1289 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1290 if (x0) {
1291 xfrm_state_put(x0);
1292 return;
1293 }
1294 x->id.spi = minspi;
1295 } else {
1296 u32 spi = 0;
1297 u32 low = ntohl(minspi);
1298 u32 high = ntohl(maxspi);
1299 for (h=0; h<high-low+1; h++) {
1300 spi = low + net_random()%(high-low+1);
1301 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1302 if (x0 == NULL) {
1303 x->id.spi = htonl(spi);
1304 break;
1305 }
1306 xfrm_state_put(x0);
1307 }
1308 }
1309 if (x->id.spi) {
1310 spin_lock_bh(&xfrm_state_lock);
1311 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1312 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1313 spin_unlock_bh(&xfrm_state_lock);
1314 wake_up(&km_waitq);
1315 }
1316 }
1317 EXPORT_SYMBOL(xfrm_alloc_spi);
1318
1319 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
1320 void *data)
1321 {
1322 int i;
1323 struct xfrm_state *x, *last = NULL;
1324 struct hlist_node *entry;
1325 int count = 0;
1326 int err = 0;
1327
1328 spin_lock_bh(&xfrm_state_lock);
1329 for (i = 0; i <= xfrm_state_hmask; i++) {
1330 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1331 if (!xfrm_id_proto_match(x->id.proto, proto))
1332 continue;
1333 if (last) {
1334 err = func(last, count, data);
1335 if (err)
1336 goto out;
1337 }
1338 last = x;
1339 count++;
1340 }
1341 }
1342 if (count == 0) {
1343 err = -ENOENT;
1344 goto out;
1345 }
1346 err = func(last, 0, data);
1347 out:
1348 spin_unlock_bh(&xfrm_state_lock);
1349 return err;
1350 }
1351 EXPORT_SYMBOL(xfrm_state_walk);
1352
1353
1354 void xfrm_replay_notify(struct xfrm_state *x, int event)
1355 {
1356 struct km_event c;
1357 /* we send notify messages in case
1358 * 1. we updated on of the sequence numbers, and the seqno difference
1359 * is at least x->replay_maxdiff, in this case we also update the
1360 * timeout of our timer function
1361 * 2. if x->replay_maxage has elapsed since last update,
1362 * and there were changes
1363 *
1364 * The state structure must be locked!
1365 */
1366
1367 switch (event) {
1368 case XFRM_REPLAY_UPDATE:
1369 if (x->replay_maxdiff &&
1370 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1371 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1372 if (x->xflags & XFRM_TIME_DEFER)
1373 event = XFRM_REPLAY_TIMEOUT;
1374 else
1375 return;
1376 }
1377
1378 break;
1379
1380 case XFRM_REPLAY_TIMEOUT:
1381 if ((x->replay.seq == x->preplay.seq) &&
1382 (x->replay.bitmap == x->preplay.bitmap) &&
1383 (x->replay.oseq == x->preplay.oseq)) {
1384 x->xflags |= XFRM_TIME_DEFER;
1385 return;
1386 }
1387
1388 break;
1389 }
1390
1391 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1392 c.event = XFRM_MSG_NEWAE;
1393 c.data.aevent = event;
1394 km_state_notify(x, &c);
1395
1396 if (x->replay_maxage &&
1397 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1398 x->xflags &= ~XFRM_TIME_DEFER;
1399 }
1400 EXPORT_SYMBOL(xfrm_replay_notify);
1401
1402 static void xfrm_replay_timer_handler(unsigned long data)
1403 {
1404 struct xfrm_state *x = (struct xfrm_state*)data;
1405
1406 spin_lock(&x->lock);
1407
1408 if (x->km.state == XFRM_STATE_VALID) {
1409 if (xfrm_aevent_is_on())
1410 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1411 else
1412 x->xflags |= XFRM_TIME_DEFER;
1413 }
1414
1415 spin_unlock(&x->lock);
1416 }
1417
1418 int xfrm_replay_check(struct xfrm_state *x, __be32 net_seq)
1419 {
1420 u32 diff;
1421 u32 seq = ntohl(net_seq);
1422
1423 if (unlikely(seq == 0))
1424 return -EINVAL;
1425
1426 if (likely(seq > x->replay.seq))
1427 return 0;
1428
1429 diff = x->replay.seq - seq;
1430 if (diff >= min_t(unsigned int, x->props.replay_window,
1431 sizeof(x->replay.bitmap) * 8)) {
1432 x->stats.replay_window++;
1433 return -EINVAL;
1434 }
1435
1436 if (x->replay.bitmap & (1U << diff)) {
1437 x->stats.replay++;
1438 return -EINVAL;
1439 }
1440 return 0;
1441 }
1442 EXPORT_SYMBOL(xfrm_replay_check);
1443
1444 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1445 {
1446 u32 diff;
1447 u32 seq = ntohl(net_seq);
1448
1449 if (seq > x->replay.seq) {
1450 diff = seq - x->replay.seq;
1451 if (diff < x->props.replay_window)
1452 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1453 else
1454 x->replay.bitmap = 1;
1455 x->replay.seq = seq;
1456 } else {
1457 diff = x->replay.seq - seq;
1458 x->replay.bitmap |= (1U << diff);
1459 }
1460
1461 if (xfrm_aevent_is_on())
1462 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1463 }
1464 EXPORT_SYMBOL(xfrm_replay_advance);
1465
1466 static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
1467 static DEFINE_RWLOCK(xfrm_km_lock);
1468
1469 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1470 {
1471 struct xfrm_mgr *km;
1472
1473 read_lock(&xfrm_km_lock);
1474 list_for_each_entry(km, &xfrm_km_list, list)
1475 if (km->notify_policy)
1476 km->notify_policy(xp, dir, c);
1477 read_unlock(&xfrm_km_lock);
1478 }
1479
1480 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1481 {
1482 struct xfrm_mgr *km;
1483 read_lock(&xfrm_km_lock);
1484 list_for_each_entry(km, &xfrm_km_list, list)
1485 if (km->notify)
1486 km->notify(x, c);
1487 read_unlock(&xfrm_km_lock);
1488 }
1489
1490 EXPORT_SYMBOL(km_policy_notify);
1491 EXPORT_SYMBOL(km_state_notify);
1492
1493 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1494 {
1495 struct km_event c;
1496
1497 c.data.hard = hard;
1498 c.pid = pid;
1499 c.event = XFRM_MSG_EXPIRE;
1500 km_state_notify(x, &c);
1501
1502 if (hard)
1503 wake_up(&km_waitq);
1504 }
1505
1506 EXPORT_SYMBOL(km_state_expired);
1507 /*
1508 * We send to all registered managers regardless of failure
1509 * We are happy with one success
1510 */
1511 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1512 {
1513 int err = -EINVAL, acqret;
1514 struct xfrm_mgr *km;
1515
1516 read_lock(&xfrm_km_lock);
1517 list_for_each_entry(km, &xfrm_km_list, list) {
1518 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1519 if (!acqret)
1520 err = acqret;
1521 }
1522 read_unlock(&xfrm_km_lock);
1523 return err;
1524 }
1525 EXPORT_SYMBOL(km_query);
1526
1527 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1528 {
1529 int err = -EINVAL;
1530 struct xfrm_mgr *km;
1531
1532 read_lock(&xfrm_km_lock);
1533 list_for_each_entry(km, &xfrm_km_list, list) {
1534 if (km->new_mapping)
1535 err = km->new_mapping(x, ipaddr, sport);
1536 if (!err)
1537 break;
1538 }
1539 read_unlock(&xfrm_km_lock);
1540 return err;
1541 }
1542 EXPORT_SYMBOL(km_new_mapping);
1543
1544 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1545 {
1546 struct km_event c;
1547
1548 c.data.hard = hard;
1549 c.pid = pid;
1550 c.event = XFRM_MSG_POLEXPIRE;
1551 km_policy_notify(pol, dir, &c);
1552
1553 if (hard)
1554 wake_up(&km_waitq);
1555 }
1556 EXPORT_SYMBOL(km_policy_expired);
1557
1558 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1559 struct xfrm_migrate *m, int num_migrate)
1560 {
1561 int err = -EINVAL;
1562 int ret;
1563 struct xfrm_mgr *km;
1564
1565 read_lock(&xfrm_km_lock);
1566 list_for_each_entry(km, &xfrm_km_list, list) {
1567 if (km->migrate) {
1568 ret = km->migrate(sel, dir, type, m, num_migrate);
1569 if (!ret)
1570 err = ret;
1571 }
1572 }
1573 read_unlock(&xfrm_km_lock);
1574 return err;
1575 }
1576 EXPORT_SYMBOL(km_migrate);
1577
1578 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1579 {
1580 int err = -EINVAL;
1581 int ret;
1582 struct xfrm_mgr *km;
1583
1584 read_lock(&xfrm_km_lock);
1585 list_for_each_entry(km, &xfrm_km_list, list) {
1586 if (km->report) {
1587 ret = km->report(proto, sel, addr);
1588 if (!ret)
1589 err = ret;
1590 }
1591 }
1592 read_unlock(&xfrm_km_lock);
1593 return err;
1594 }
1595 EXPORT_SYMBOL(km_report);
1596
1597 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1598 {
1599 int err;
1600 u8 *data;
1601 struct xfrm_mgr *km;
1602 struct xfrm_policy *pol = NULL;
1603
1604 if (optlen <= 0 || optlen > PAGE_SIZE)
1605 return -EMSGSIZE;
1606
1607 data = kmalloc(optlen, GFP_KERNEL);
1608 if (!data)
1609 return -ENOMEM;
1610
1611 err = -EFAULT;
1612 if (copy_from_user(data, optval, optlen))
1613 goto out;
1614
1615 err = -EINVAL;
1616 read_lock(&xfrm_km_lock);
1617 list_for_each_entry(km, &xfrm_km_list, list) {
1618 pol = km->compile_policy(sk, optname, data,
1619 optlen, &err);
1620 if (err >= 0)
1621 break;
1622 }
1623 read_unlock(&xfrm_km_lock);
1624
1625 if (err >= 0) {
1626 xfrm_sk_policy_insert(sk, err, pol);
1627 xfrm_pol_put(pol);
1628 err = 0;
1629 }
1630
1631 out:
1632 kfree(data);
1633 return err;
1634 }
1635 EXPORT_SYMBOL(xfrm_user_policy);
1636
1637 int xfrm_register_km(struct xfrm_mgr *km)
1638 {
1639 write_lock_bh(&xfrm_km_lock);
1640 list_add_tail(&km->list, &xfrm_km_list);
1641 write_unlock_bh(&xfrm_km_lock);
1642 return 0;
1643 }
1644 EXPORT_SYMBOL(xfrm_register_km);
1645
1646 int xfrm_unregister_km(struct xfrm_mgr *km)
1647 {
1648 write_lock_bh(&xfrm_km_lock);
1649 list_del(&km->list);
1650 write_unlock_bh(&xfrm_km_lock);
1651 return 0;
1652 }
1653 EXPORT_SYMBOL(xfrm_unregister_km);
1654
1655 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1656 {
1657 int err = 0;
1658 if (unlikely(afinfo == NULL))
1659 return -EINVAL;
1660 if (unlikely(afinfo->family >= NPROTO))
1661 return -EAFNOSUPPORT;
1662 write_lock_bh(&xfrm_state_afinfo_lock);
1663 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1664 err = -ENOBUFS;
1665 else
1666 xfrm_state_afinfo[afinfo->family] = afinfo;
1667 write_unlock_bh(&xfrm_state_afinfo_lock);
1668 return err;
1669 }
1670 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1671
1672 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1673 {
1674 int err = 0;
1675 if (unlikely(afinfo == NULL))
1676 return -EINVAL;
1677 if (unlikely(afinfo->family >= NPROTO))
1678 return -EAFNOSUPPORT;
1679 write_lock_bh(&xfrm_state_afinfo_lock);
1680 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1681 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1682 err = -EINVAL;
1683 else
1684 xfrm_state_afinfo[afinfo->family] = NULL;
1685 }
1686 write_unlock_bh(&xfrm_state_afinfo_lock);
1687 return err;
1688 }
1689 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1690
1691 struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
1692 {
1693 struct xfrm_state_afinfo *afinfo;
1694 if (unlikely(family >= NPROTO))
1695 return NULL;
1696 read_lock(&xfrm_state_afinfo_lock);
1697 afinfo = xfrm_state_afinfo[family];
1698 if (unlikely(!afinfo))
1699 read_unlock(&xfrm_state_afinfo_lock);
1700 return afinfo;
1701 }
1702
1703 void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1704 {
1705 read_unlock(&xfrm_state_afinfo_lock);
1706 }
1707
1708 EXPORT_SYMBOL(xfrm_state_get_afinfo);
1709 EXPORT_SYMBOL(xfrm_state_put_afinfo);
1710
1711 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1712 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1713 {
1714 if (x->tunnel) {
1715 struct xfrm_state *t = x->tunnel;
1716
1717 if (atomic_read(&t->tunnel_users) == 2)
1718 xfrm_state_delete(t);
1719 atomic_dec(&t->tunnel_users);
1720 xfrm_state_put(t);
1721 x->tunnel = NULL;
1722 }
1723 }
1724 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1725
1726 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1727 {
1728 int res;
1729
1730 spin_lock_bh(&x->lock);
1731 if (x->km.state == XFRM_STATE_VALID &&
1732 x->type && x->type->get_mtu)
1733 res = x->type->get_mtu(x, mtu);
1734 else
1735 res = mtu - x->props.header_len;
1736 spin_unlock_bh(&x->lock);
1737 return res;
1738 }
1739
1740 int xfrm_init_state(struct xfrm_state *x)
1741 {
1742 struct xfrm_state_afinfo *afinfo;
1743 int family = x->props.family;
1744 int err;
1745
1746 err = -EAFNOSUPPORT;
1747 afinfo = xfrm_state_get_afinfo(family);
1748 if (!afinfo)
1749 goto error;
1750
1751 err = 0;
1752 if (afinfo->init_flags)
1753 err = afinfo->init_flags(x);
1754
1755 xfrm_state_put_afinfo(afinfo);
1756
1757 if (err)
1758 goto error;
1759
1760 err = -EPROTONOSUPPORT;
1761 x->type = xfrm_get_type(x->id.proto, family);
1762 if (x->type == NULL)
1763 goto error;
1764
1765 err = x->type->init_state(x);
1766 if (err)
1767 goto error;
1768
1769 x->mode = xfrm_get_mode(x->props.mode, family);
1770 if (x->mode == NULL)
1771 goto error;
1772
1773 x->km.state = XFRM_STATE_VALID;
1774
1775 error:
1776 return err;
1777 }
1778
1779 EXPORT_SYMBOL(xfrm_init_state);
1780
1781 void __init xfrm_state_init(void)
1782 {
1783 unsigned int sz;
1784
1785 sz = sizeof(struct hlist_head) * 8;
1786
1787 xfrm_state_bydst = xfrm_hash_alloc(sz);
1788 xfrm_state_bysrc = xfrm_hash_alloc(sz);
1789 xfrm_state_byspi = xfrm_hash_alloc(sz);
1790 if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
1791 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
1792 xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1793
1794 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
1795 }
1796
1797 #ifdef CONFIG_AUDITSYSCALL
1798 static inline void xfrm_audit_common_stateinfo(struct xfrm_state *x,
1799 struct audit_buffer *audit_buf)
1800 {
1801 if (x->security)
1802 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
1803 x->security->ctx_alg, x->security->ctx_doi,
1804 x->security->ctx_str);
1805
1806 switch(x->props.family) {
1807 case AF_INET:
1808 audit_log_format(audit_buf, " src=%u.%u.%u.%u dst=%u.%u.%u.%u",
1809 NIPQUAD(x->props.saddr.a4),
1810 NIPQUAD(x->id.daddr.a4));
1811 break;
1812 case AF_INET6:
1813 {
1814 struct in6_addr saddr6, daddr6;
1815
1816 memcpy(&saddr6, x->props.saddr.a6,
1817 sizeof(struct in6_addr));
1818 memcpy(&daddr6, x->id.daddr.a6,
1819 sizeof(struct in6_addr));
1820 audit_log_format(audit_buf,
1821 " src=" NIP6_FMT " dst=" NIP6_FMT,
1822 NIP6(saddr6), NIP6(daddr6));
1823 }
1824 break;
1825 }
1826 }
1827
1828 void
1829 xfrm_audit_state_add(struct xfrm_state *x, int result, u32 auid, u32 sid)
1830 {
1831 struct audit_buffer *audit_buf;
1832 extern int audit_enabled;
1833
1834 if (audit_enabled == 0)
1835 return;
1836 audit_buf = xfrm_audit_start(sid, auid);
1837 if (audit_buf == NULL)
1838 return;
1839 audit_log_format(audit_buf, " op=SAD-add res=%u",result);
1840 xfrm_audit_common_stateinfo(x, audit_buf);
1841 audit_log_format(audit_buf, " spi=%lu(0x%lx)",
1842 (unsigned long)x->id.spi, (unsigned long)x->id.spi);
1843 audit_log_end(audit_buf);
1844 }
1845 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
1846
1847 void
1848 xfrm_audit_state_delete(struct xfrm_state *x, int result, u32 auid, u32 sid)
1849 {
1850 struct audit_buffer *audit_buf;
1851 extern int audit_enabled;
1852
1853 if (audit_enabled == 0)
1854 return;
1855 audit_buf = xfrm_audit_start(sid, auid);
1856 if (audit_buf == NULL)
1857 return;
1858 audit_log_format(audit_buf, " op=SAD-delete res=%u",result);
1859 xfrm_audit_common_stateinfo(x, audit_buf);
1860 audit_log_format(audit_buf, " spi=%lu(0x%lx)",
1861 (unsigned long)x->id.spi, (unsigned long)x->id.spi);
1862 audit_log_end(audit_buf);
1863 }
1864 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
1865 #endif /* CONFIG_AUDITSYSCALL */
Linux kernel - Deliverables
This page took 0.095123 seconds and 6 git commands to generate.