projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
netns xfrm: per-netns policy hash resizing work
[deliverable/linux.git] / net / xfrm / xfrm_state.c
CommitLineData
1da177e4
LT		 1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
df71837d 13 *
1da177e4
LT		 14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
f034b5d4 21#include <linux/cache.h>
68277acc 22#include <linux/audit.h>
b5890d8b 23#include <asm/uaccess.h>
1da177e4 24
44e36b42
DM		 25#include "xfrm_hash.h"
26
ee857a7d
DM		 27struct sock *xfrm_nl;
28EXPORT_SYMBOL(xfrm_nl);
29
01e67d08 30u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
a70fcb0b
DM		 31EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
01e67d08 33u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
a70fcb0b
DM		 34EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
01e67d08
DM		 36u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
1da177e4
LT		 38/* Each xfrm_state may be linked to two tables:
39
40 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
a624c108 41 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
1da177e4
LT		 42 destination/tunnel endpoint. (output)
43 */
44
45static DEFINE_SPINLOCK(xfrm_state_lock);
46
f034b5d4 47static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
9d4a706d 48static unsigned int xfrm_state_genid;
f034b5d4 49
17c2a42a
HX		 50static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
51static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
52
afeb14b4
PM		 53#ifdef CONFIG_AUDITSYSCALL
54static void xfrm_audit_state_replay(struct xfrm_state *x,
55 struct sk_buff *skb, __be32 net_seq);
56#else
57#define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
58#endif /* CONFIG_AUDITSYSCALL */
59
c1969f29
DM		 60static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
61 xfrm_address_t *saddr,
62 u32 reqid,
a624c108 63 unsigned short family)
f034b5d4 64{
529983ec 65 return __xfrm_dst_hash(daddr, saddr, reqid, family, init_net.xfrm.state_hmask);
f034b5d4
DM		 66}
67
667bbcb6
MN		 68static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
69 xfrm_address_t *saddr,
44e36b42 70 unsigned short family)
f034b5d4 71{
529983ec 72 return __xfrm_src_hash(daddr, saddr, family, init_net.xfrm.state_hmask);
f034b5d4
DM		 73}
74
f034b5d4 75static inline unsigned int
8122adf0 76xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
f034b5d4 77{
529983ec 78 return __xfrm_spi_hash(daddr, spi, proto, family, init_net.xfrm.state_hmask);
f034b5d4
DM		 79}
80
f034b5d4
DM		 81static void xfrm_hash_transfer(struct hlist_head *list,
82 struct hlist_head *ndsttable,
83 struct hlist_head *nsrctable,
84 struct hlist_head *nspitable,
85 unsigned int nhashmask)
86{
87 struct hlist_node *entry, *tmp;
88 struct xfrm_state *x;
89
90 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
91 unsigned int h;
92
c1969f29
DM		 93 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
94 x->props.reqid, x->props.family,
95 nhashmask);
f034b5d4
DM		 96 hlist_add_head(&x->bydst, ndsttable+h);
97
667bbcb6
MN		 98 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
99 x->props.family,
f034b5d4
DM		 100 nhashmask);
101 hlist_add_head(&x->bysrc, nsrctable+h);
102
7b4dc360
MN		 103 if (x->id.spi) {
104 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
105 x->id.proto, x->props.family,
106 nhashmask);
107 hlist_add_head(&x->byspi, nspitable+h);
108 }
f034b5d4
DM		 109 }
110}
111
63082733 112static unsigned long xfrm_hash_new_size(unsigned int state_hmask)
f034b5d4 113{
63082733 114 return ((state_hmask + 1) << 1) * sizeof(struct hlist_head);
f034b5d4
DM		 115}
116
117static DEFINE_MUTEX(hash_resize_mutex);
118
63082733 119static void xfrm_hash_resize(struct work_struct *work)
f034b5d4 120{
63082733 121 struct net *net = container_of(work, struct net, xfrm.state_hash_work);
f034b5d4
DM		 122 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
123 unsigned long nsize, osize;
124 unsigned int nhashmask, ohashmask;
125 int i;
126
127 mutex_lock(&hash_resize_mutex);
128
63082733 129 nsize = xfrm_hash_new_size(net->xfrm.state_hmask);
44e36b42 130 ndst = xfrm_hash_alloc(nsize);
f034b5d4
DM		 131 if (!ndst)
132 goto out_unlock;
44e36b42 133 nsrc = xfrm_hash_alloc(nsize);
f034b5d4 134 if (!nsrc) {
44e36b42 135 xfrm_hash_free(ndst, nsize);
f034b5d4
DM		 136 goto out_unlock;
137 }
44e36b42 138 nspi = xfrm_hash_alloc(nsize);
f034b5d4 139 if (!nspi) {
44e36b42
DM		 140 xfrm_hash_free(ndst, nsize);
141 xfrm_hash_free(nsrc, nsize);
f034b5d4
DM		 142 goto out_unlock;
143 }
144
145 spin_lock_bh(&xfrm_state_lock);
146
147 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
63082733
AD		 148 for (i = net->xfrm.state_hmask; i >= 0; i--)
149 xfrm_hash_transfer(net->xfrm.state_bydst+i, ndst, nsrc, nspi,
f034b5d4
DM		 150 nhashmask);
151
63082733
AD		 152 odst = net->xfrm.state_bydst;
153 osrc = net->xfrm.state_bysrc;
154 ospi = net->xfrm.state_byspi;
155 ohashmask = net->xfrm.state_hmask;
f034b5d4 156
63082733
AD		 157 net->xfrm.state_bydst = ndst;
158 net->xfrm.state_bysrc = nsrc;
159 net->xfrm.state_byspi = nspi;
160 net->xfrm.state_hmask = nhashmask;
f034b5d4
DM		 161
162 spin_unlock_bh(&xfrm_state_lock);
163
164 osize = (ohashmask + 1) * sizeof(struct hlist_head);
44e36b42
DM		 165 xfrm_hash_free(odst, osize);
166 xfrm_hash_free(osrc, osize);
167 xfrm_hash_free(ospi, osize);
f034b5d4
DM		 168
169out_unlock:
170 mutex_unlock(&hash_resize_mutex);
171}
172
1da177e4
LT		 173static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
174static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
175
1da177e4
LT		 176static DEFINE_SPINLOCK(xfrm_state_gc_lock);
177
53bc6b4d 178int __xfrm_state_delete(struct xfrm_state *x);
1da177e4 179
980ebd25 180int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
53bc6b4d 181void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
1da177e4 182
aa5d62cc
HX		 183static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
184{
185 struct xfrm_state_afinfo *afinfo;
186 if (unlikely(family >= NPROTO))
187 return NULL;
188 write_lock_bh(&xfrm_state_afinfo_lock);
189 afinfo = xfrm_state_afinfo[family];
190 if (unlikely(!afinfo))
191 write_unlock_bh(&xfrm_state_afinfo_lock);
192 return afinfo;
193}
194
195static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 196 __releases(xfrm_state_afinfo_lock)
aa5d62cc
HX		 197{
198 write_unlock_bh(&xfrm_state_afinfo_lock);
199}
200
533cb5b0 201int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 202{
203 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 204 const struct xfrm_type **typemap;
aa5d62cc
HX		 205 int err = 0;
206
207 if (unlikely(afinfo == NULL))
208 return -EAFNOSUPPORT;
209 typemap = afinfo->type_map;
210
211 if (likely(typemap[type->proto] == NULL))
212 typemap[type->proto] = type;
213 else
214 err = -EEXIST;
215 xfrm_state_unlock_afinfo(afinfo);
216 return err;
217}
218EXPORT_SYMBOL(xfrm_register_type);
219
533cb5b0 220int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 221{
222 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 223 const struct xfrm_type **typemap;
aa5d62cc
HX		 224 int err = 0;
225
226 if (unlikely(afinfo == NULL))
227 return -EAFNOSUPPORT;
228 typemap = afinfo->type_map;
229
230 if (unlikely(typemap[type->proto] != type))
231 err = -ENOENT;
232 else
233 typemap[type->proto] = NULL;
234 xfrm_state_unlock_afinfo(afinfo);
235 return err;
236}
237EXPORT_SYMBOL(xfrm_unregister_type);
238
533cb5b0 239static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
aa5d62cc
HX		 240{
241 struct xfrm_state_afinfo *afinfo;
533cb5b0
ED		 242 const struct xfrm_type **typemap;
243 const struct xfrm_type *type;
aa5d62cc
HX		 244 int modload_attempted = 0;
245
246retry:
247 afinfo = xfrm_state_get_afinfo(family);
248 if (unlikely(afinfo == NULL))
249 return NULL;
250 typemap = afinfo->type_map;
251
252 type = typemap[proto];
253 if (unlikely(type && !try_module_get(type->owner)))
254 type = NULL;
255 if (!type && !modload_attempted) {
256 xfrm_state_put_afinfo(afinfo);
257 request_module("xfrm-type-%d-%d", family, proto);
258 modload_attempted = 1;
259 goto retry;
260 }
261
262 xfrm_state_put_afinfo(afinfo);
263 return type;
264}
265
533cb5b0 266static void xfrm_put_type(const struct xfrm_type *type)
aa5d62cc
HX		 267{
268 module_put(type->owner);
269}
270
271int xfrm_register_mode(struct xfrm_mode *mode, int family)
272{
273 struct xfrm_state_afinfo *afinfo;
274 struct xfrm_mode **modemap;
275 int err;
276
277 if (unlikely(mode->encap >= XFRM_MODE_MAX))
278 return -EINVAL;
279
280 afinfo = xfrm_state_lock_afinfo(family);
281 if (unlikely(afinfo == NULL))
282 return -EAFNOSUPPORT;
283
284 err = -EEXIST;
285 modemap = afinfo->mode_map;
17c2a42a
HX		 286 if (modemap[mode->encap])
287 goto out;
aa5d62cc 288
17c2a42a
HX		 289 err = -ENOENT;
290 if (!try_module_get(afinfo->owner))
291 goto out;
292
293 mode->afinfo = afinfo;
294 modemap[mode->encap] = mode;
295 err = 0;
296
297out:
aa5d62cc
HX		 298 xfrm_state_unlock_afinfo(afinfo);
299 return err;
300}
301EXPORT_SYMBOL(xfrm_register_mode);
302
303int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
304{
305 struct xfrm_state_afinfo *afinfo;
306 struct xfrm_mode **modemap;
307 int err;
308
309 if (unlikely(mode->encap >= XFRM_MODE_MAX))
310 return -EINVAL;
311
312 afinfo = xfrm_state_lock_afinfo(family);
313 if (unlikely(afinfo == NULL))
314 return -EAFNOSUPPORT;
315
316 err = -ENOENT;
317 modemap = afinfo->mode_map;
318 if (likely(modemap[mode->encap] == mode)) {
319 modemap[mode->encap] = NULL;
17c2a42a 320 module_put(mode->afinfo->owner);
aa5d62cc
HX		 321 err = 0;
322 }
323
324 xfrm_state_unlock_afinfo(afinfo);
325 return err;
326}
327EXPORT_SYMBOL(xfrm_unregister_mode);
328
329static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
330{
331 struct xfrm_state_afinfo *afinfo;
332 struct xfrm_mode *mode;
333 int modload_attempted = 0;
334
335 if (unlikely(encap >= XFRM_MODE_MAX))
336 return NULL;
337
338retry:
339 afinfo = xfrm_state_get_afinfo(family);
340 if (unlikely(afinfo == NULL))
341 return NULL;
342
343 mode = afinfo->mode_map[encap];
344 if (unlikely(mode && !try_module_get(mode->owner)))
345 mode = NULL;
346 if (!mode && !modload_attempted) {
347 xfrm_state_put_afinfo(afinfo);
348 request_module("xfrm-mode-%d-%d", family, encap);
349 modload_attempted = 1;
350 goto retry;
351 }
352
353 xfrm_state_put_afinfo(afinfo);
354 return mode;
355}
356
357static void xfrm_put_mode(struct xfrm_mode *mode)
358{
359 module_put(mode->owner);
360}
361
1da177e4
LT		 362static void xfrm_state_gc_destroy(struct xfrm_state *x)
363{
a47f0ce0
DM		 364 del_timer_sync(&x->timer);
365 del_timer_sync(&x->rtimer);
a51482bd
JJ		 366 kfree(x->aalg);
367 kfree(x->ealg);
368 kfree(x->calg);
369 kfree(x->encap);
060f02a3 370 kfree(x->coaddr);
13996378
HX		 371 if (x->inner_mode)
372 xfrm_put_mode(x->inner_mode);
df9dcb45
KM		 373 if (x->inner_mode_iaf)
374 xfrm_put_mode(x->inner_mode_iaf);
13996378
HX		 375 if (x->outer_mode)
376 xfrm_put_mode(x->outer_mode);
1da177e4
LT		 377 if (x->type) {
378 x->type->destructor(x);
379 xfrm_put_type(x->type);
380 }
df71837d 381 security_xfrm_state_free(x);
1da177e4
LT		 382 kfree(x);
383}
384
c7837144 385static void xfrm_state_gc_task(struct work_struct *work)
1da177e4 386{
c7837144 387 struct net *net = container_of(work, struct net, xfrm.state_gc_work);
12a169e7
HX		 388 struct xfrm_state *x;
389 struct hlist_node *entry, *tmp;
390 struct hlist_head gc_list;
1da177e4 391
1da177e4 392 spin_lock_bh(&xfrm_state_gc_lock);
c7837144 393 hlist_move_list(&net->xfrm.state_gc_list, &gc_list);
1da177e4
LT		 394 spin_unlock_bh(&xfrm_state_gc_lock);
395
12a169e7 396 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
1da177e4 397 xfrm_state_gc_destroy(x);
8f126e37 398
50a30657 399 wake_up(&net->xfrm.km_waitq);
1da177e4
LT		 400}
401
402static inline unsigned long make_jiffies(long secs)
403{
404 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
405 return MAX_SCHEDULE_TIMEOUT-1;
406 else
a716c119 407 return secs*HZ;
1da177e4
LT		 408}
409
410static void xfrm_timer_handler(unsigned long data)
411{
412 struct xfrm_state *x = (struct xfrm_state*)data;
9d729f72 413 unsigned long now = get_seconds();
1da177e4
LT		 414 long next = LONG_MAX;
415 int warn = 0;
161a09e7 416 int err = 0;
1da177e4
LT		 417
418 spin_lock(&x->lock);
419 if (x->km.state == XFRM_STATE_DEAD)
420 goto out;
421 if (x->km.state == XFRM_STATE_EXPIRED)
422 goto expired;
423 if (x->lft.hard_add_expires_seconds) {
424 long tmo = x->lft.hard_add_expires_seconds +
425 x->curlft.add_time - now;
426 if (tmo <= 0)
427 goto expired;
428 if (tmo < next)
429 next = tmo;
430 }
431 if (x->lft.hard_use_expires_seconds) {
432 long tmo = x->lft.hard_use_expires_seconds +
433 (x->curlft.use_time ? : now) - now;
434 if (tmo <= 0)
435 goto expired;
436 if (tmo < next)
437 next = tmo;
438 }
439 if (x->km.dying)
440 goto resched;
441 if (x->lft.soft_add_expires_seconds) {
442 long tmo = x->lft.soft_add_expires_seconds +
443 x->curlft.add_time - now;
444 if (tmo <= 0)
445 warn = 1;
446 else if (tmo < next)
447 next = tmo;
448 }
449 if (x->lft.soft_use_expires_seconds) {
450 long tmo = x->lft.soft_use_expires_seconds +
451 (x->curlft.use_time ? : now) - now;
452 if (tmo <= 0)
453 warn = 1;
454 else if (tmo < next)
455 next = tmo;
456 }
457
4666faab 458 x->km.dying = warn;
1da177e4 459 if (warn)
53bc6b4d 460 km_state_expired(x, 0, 0);
1da177e4 461resched:
a47f0ce0
DM		 462 if (next != LONG_MAX)
463 mod_timer(&x->timer, jiffies + make_jiffies(next));
464
1da177e4
LT		 465 goto out;
466
467expired:
468 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
469 x->km.state = XFRM_STATE_EXPIRED;
50a30657 470 wake_up(&init_net.xfrm.km_waitq);
1da177e4
LT		 471 next = 2;
472 goto resched;
473 }
161a09e7
JL		 474
475 err = __xfrm_state_delete(x);
476 if (!err && x->id.spi)
53bc6b4d 477 km_state_expired(x, 1, 0);
1da177e4 478
ab5f5e8b 479 xfrm_audit_state_delete(x, err ? 0 : 1,
2532386f
EP		 480 audit_get_loginuid(current),
481 audit_get_sessionid(current), 0);
161a09e7 482
1da177e4
LT		 483out:
484 spin_unlock(&x->lock);
1da177e4
LT		 485}
486
0ac84752
DM		 487static void xfrm_replay_timer_handler(unsigned long data);
488
673c09be 489struct xfrm_state *xfrm_state_alloc(struct net *net)
1da177e4
LT		 490{
491 struct xfrm_state *x;
492
0da974f4 493 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
1da177e4
LT		 494
495 if (x) {
673c09be 496 write_pnet(&x->xs_net, net);
1da177e4
LT		 497 atomic_set(&x->refcnt, 1);
498 atomic_set(&x->tunnel_users, 0);
12a169e7 499 INIT_LIST_HEAD(&x->km.all);
8f126e37
DM		 500 INIT_HLIST_NODE(&x->bydst);
501 INIT_HLIST_NODE(&x->bysrc);
502 INIT_HLIST_NODE(&x->byspi);
b24b8a24
PE		 503 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
504 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
505 (unsigned long)x);
9d729f72 506 x->curlft.add_time = get_seconds();
1da177e4
LT		 507 x->lft.soft_byte_limit = XFRM_INF;
508 x->lft.soft_packet_limit = XFRM_INF;
509 x->lft.hard_byte_limit = XFRM_INF;
510 x->lft.hard_packet_limit = XFRM_INF;
f8cd5488
JHS		 511 x->replay_maxage = 0;
512 x->replay_maxdiff = 0;
df9dcb45
KM		 513 x->inner_mode = NULL;
514 x->inner_mode_iaf = NULL;
1da177e4
LT		 515 spin_lock_init(&x->lock);
516 }
517 return x;
518}
519EXPORT_SYMBOL(xfrm_state_alloc);
520
521void __xfrm_state_destroy(struct xfrm_state *x)
522{
547b792c 523 WARN_ON(x->km.state != XFRM_STATE_DEAD);
1da177e4
LT		 524
525 spin_lock_bh(&xfrm_state_gc_lock);
b8a0ae20 526 hlist_add_head(&x->gclist, &init_net.xfrm.state_gc_list);
1da177e4 527 spin_unlock_bh(&xfrm_state_gc_lock);
c7837144 528 schedule_work(&init_net.xfrm.state_gc_work);
1da177e4
LT		 529}
530EXPORT_SYMBOL(__xfrm_state_destroy);
531
53bc6b4d 532int __xfrm_state_delete(struct xfrm_state *x)
1da177e4 533{
26b15dad
JHS		 534 int err = -ESRCH;
535
1da177e4
LT		 536 if (x->km.state != XFRM_STATE_DEAD) {
537 x->km.state = XFRM_STATE_DEAD;
538 spin_lock(&xfrm_state_lock);
12a169e7 539 list_del(&x->km.all);
8f126e37 540 hlist_del(&x->bydst);
8f126e37 541 hlist_del(&x->bysrc);
a47f0ce0 542 if (x->id.spi)
8f126e37 543 hlist_del(&x->byspi);
0bf7c5b0 544 init_net.xfrm.state_num--;
1da177e4 545 spin_unlock(&xfrm_state_lock);
1da177e4 546
1da177e4
LT		 547 /* All xfrm_state objects are created by xfrm_state_alloc.
548 * The xfrm_state_alloc call gives a reference, and that
549 * is what we are dropping here.
550 */
5dba4797 551 xfrm_state_put(x);
26b15dad 552 err = 0;
1da177e4 553 }
26b15dad
JHS		 554
555 return err;
1da177e4 556}
53bc6b4d 557EXPORT_SYMBOL(__xfrm_state_delete);
1da177e4 558
26b15dad 559int xfrm_state_delete(struct xfrm_state *x)
1da177e4 560{
26b15dad
JHS		 561 int err;
562
1da177e4 563 spin_lock_bh(&x->lock);
26b15dad 564 err = __xfrm_state_delete(x);
1da177e4 565 spin_unlock_bh(&x->lock);
26b15dad
JHS		 566
567 return err;
1da177e4
LT		 568}
569EXPORT_SYMBOL(xfrm_state_delete);
570
4aa2e62c
JL		 571#ifdef CONFIG_SECURITY_NETWORK_XFRM
572static inline int
573xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
1da177e4 574{
4aa2e62c
JL		 575 int i, err = 0;
576
529983ec 577 for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
4aa2e62c
JL		 578 struct hlist_node *entry;
579 struct xfrm_state *x;
580
73d189dc 581 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
4aa2e62c
JL		 582 if (xfrm_id_proto_match(x->id.proto, proto) &&
583 (err = security_xfrm_state_delete(x)) != 0) {
ab5f5e8b
JL		 584 xfrm_audit_state_delete(x, 0,
585 audit_info->loginuid,
2532386f 586 audit_info->sessionid,
ab5f5e8b 587 audit_info->secid);
4aa2e62c
JL		 588 return err;
589 }
590 }
591 }
592
593 return err;
594}
595#else
596static inline int
597xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
598{
599 return 0;
600}
601#endif
602
603int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
604{
605 int i, err = 0;
1da177e4
LT		 606
607 spin_lock_bh(&xfrm_state_lock);
4aa2e62c
JL		 608 err = xfrm_state_flush_secctx_check(proto, audit_info);
609 if (err)
610 goto out;
611
529983ec 612 for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
8f126e37
DM		 613 struct hlist_node *entry;
614 struct xfrm_state *x;
1da177e4 615restart:
73d189dc 616 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
1da177e4 617 if (!xfrm_state_kern(x) &&
5794708f 618 xfrm_id_proto_match(x->id.proto, proto)) {
1da177e4
LT		 619 xfrm_state_hold(x);
620 spin_unlock_bh(&xfrm_state_lock);
621
161a09e7 622 err = xfrm_state_delete(x);
ab5f5e8b
JL		 623 xfrm_audit_state_delete(x, err ? 0 : 1,
624 audit_info->loginuid,
2532386f 625 audit_info->sessionid,
ab5f5e8b 626 audit_info->secid);
1da177e4
LT		 627 xfrm_state_put(x);
628
629 spin_lock_bh(&xfrm_state_lock);
630 goto restart;
631 }
632 }
633 }
4aa2e62c
JL		 634 err = 0;
635
636out:
1da177e4 637 spin_unlock_bh(&xfrm_state_lock);
50a30657 638 wake_up(&init_net.xfrm.km_waitq);
4aa2e62c 639 return err;
1da177e4
LT		 640}
641EXPORT_SYMBOL(xfrm_state_flush);
642
af11e316 643void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
28d8909b
JHS		 644{
645 spin_lock_bh(&xfrm_state_lock);
0bf7c5b0 646 si->sadcnt = init_net.xfrm.state_num;
529983ec 647 si->sadhcnt = init_net.xfrm.state_hmask;
28d8909b
JHS		 648 si->sadhmcnt = xfrm_state_hashmax;
649 spin_unlock_bh(&xfrm_state_lock);
650}
651EXPORT_SYMBOL(xfrm_sad_getinfo);
652
1da177e4
LT		 653static int
654xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
655 struct xfrm_tmpl *tmpl,
656 xfrm_address_t *daddr, xfrm_address_t *saddr,
657 unsigned short family)
658{
659 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
660 if (!afinfo)
661 return -1;
662 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
663 xfrm_state_put_afinfo(afinfo);
664 return 0;
665}
666
a94cfd19 667static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
edcd5821
DM		 668{
669 unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
670 struct xfrm_state *x;
8f126e37 671 struct hlist_node *entry;
edcd5821 672
b754a4fd 673 hlist_for_each_entry(x, entry, init_net.xfrm.state_byspi+h, byspi) {
edcd5821
DM		 674 if (x->props.family != family ||
675 x->id.spi != spi ||
676 x->id.proto != proto)
677 continue;
678
679 switch (family) {
680 case AF_INET:
681 if (x->id.daddr.a4 != daddr->a4)
682 continue;
683 break;
684 case AF_INET6:
685 if (!ipv6_addr_equal((struct in6_addr *)daddr,
686 (struct in6_addr *)
687 x->id.daddr.a6))
688 continue;
689 break;
3ff50b79 690 }
edcd5821
DM		 691
692 xfrm_state_hold(x);
693 return x;
694 }
695
696 return NULL;
697}
698
699static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
700{
667bbcb6 701 unsigned int h = xfrm_src_hash(daddr, saddr, family);
edcd5821 702 struct xfrm_state *x;
8f126e37 703 struct hlist_node *entry;
edcd5821 704
d320bbb3 705 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
edcd5821
DM		 706 if (x->props.family != family ||
707 x->id.proto != proto)
708 continue;
709
710 switch (family) {
711 case AF_INET:
712 if (x->id.daddr.a4 != daddr->a4 ||
713 x->props.saddr.a4 != saddr->a4)
714 continue;
715 break;
716 case AF_INET6:
717 if (!ipv6_addr_equal((struct in6_addr *)daddr,
718 (struct in6_addr *)
719 x->id.daddr.a6) ||
720 !ipv6_addr_equal((struct in6_addr *)saddr,
721 (struct in6_addr *)
722 x->props.saddr.a6))
723 continue;
724 break;
3ff50b79 725 }
edcd5821
DM		 726
727 xfrm_state_hold(x);
728 return x;
729 }
730
731 return NULL;
732}
733
734static inline struct xfrm_state *
735__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
736{
737 if (use_spi)
738 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
739 x->id.proto, family);
740 else
741 return __xfrm_state_lookup_byaddr(&x->id.daddr,
742 &x->props.saddr,
743 x->id.proto, family);
744}
745
2fab22f2
PM		 746static void xfrm_hash_grow_check(int have_hash_collision)
747{
748 if (have_hash_collision &&
529983ec 749 (init_net.xfrm.state_hmask + 1) < xfrm_state_hashmax &&
0bf7c5b0 750 init_net.xfrm.state_num > init_net.xfrm.state_hmask)
63082733 751 schedule_work(&init_net.xfrm.state_hash_work);
2fab22f2
PM		 752}
753
1da177e4 754struct xfrm_state *
a716c119 755xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 756 struct flowi *fl, struct xfrm_tmpl *tmpl,
757 struct xfrm_policy *pol, int *err,
758 unsigned short family)
759{
4bda4f25 760 unsigned int h;
8f126e37 761 struct hlist_node *entry;
37b08e34 762 struct xfrm_state *x, *x0, *to_put;
1da177e4
LT		 763 int acquire_in_progress = 0;
764 int error = 0;
765 struct xfrm_state *best = NULL;
a716c119 766
37b08e34
DM		 767 to_put = NULL;
768
1da177e4 769 spin_lock_bh(&xfrm_state_lock);
4bda4f25 770 h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
73d189dc 771 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
1da177e4
LT		 772 if (x->props.family == family &&
773 x->props.reqid == tmpl->reqid &&
fbd9a5b4 774 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1da177e4
LT		 775 xfrm_state_addr_check(x, daddr, saddr, family) &&
776 tmpl->mode == x->props.mode &&
777 tmpl->id.proto == x->id.proto &&
778 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
779 /* Resolution logic:
780 1. There is a valid state with matching selector.
781 Done.
782 2. Valid state with inappropriate selector. Skip.
783
784 Entering area of "sysdeps".
785
786 3. If state is not valid, selector is temporary,
787 it selects only session which triggered
788 previous resolution. Key manager will do
789 something to install a state with proper
790 selector.
791 */
792 if (x->km.state == XFRM_STATE_VALID) {
df9dcb45 793 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
e0d1caa7 794 !security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 795 continue;
796 if (!best ||
797 best->km.dying > x->km.dying ||
798 (best->km.dying == x->km.dying &&
799 best->curlft.add_time < x->curlft.add_time))
800 best = x;
801 } else if (x->km.state == XFRM_STATE_ACQ) {
802 acquire_in_progress = 1;
803 } else if (x->km.state == XFRM_STATE_ERROR ||
804 x->km.state == XFRM_STATE_EXPIRED) {
48b8d783 805 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
e0d1caa7 806 security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 807 error = -ESRCH;
808 }
809 }
810 }
811
812 x = best;
813 if (!x && !error && !acquire_in_progress) {
5c5d281a 814 if (tmpl->id.spi &&
edcd5821
DM		 815 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
816 tmpl->id.proto, family)) != NULL) {
37b08e34 817 to_put = x0;
1da177e4
LT		 818 error = -EEXIST;
819 goto out;
820 }
673c09be 821 x = xfrm_state_alloc(&init_net);
1da177e4
LT		 822 if (x == NULL) {
823 error = -ENOMEM;
824 goto out;
825 }
826 /* Initialize temporary selector matching only
827 * to current session. */
828 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
829
e0d1caa7
VY		 830 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
831 if (error) {
832 x->km.state = XFRM_STATE_DEAD;
37b08e34 833 to_put = x;
e0d1caa7
VY		 834 x = NULL;
835 goto out;
836 }
837
1da177e4
LT		 838 if (km_query(x, tmpl, pol) == 0) {
839 x->km.state = XFRM_STATE_ACQ;
9d4139c7 840 list_add(&x->km.all, &init_net.xfrm.state_all);
73d189dc 841 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
667bbcb6 842 h = xfrm_src_hash(daddr, saddr, family);
d320bbb3 843 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1da177e4
LT		 844 if (x->id.spi) {
845 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
b754a4fd 846 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1da177e4 847 }
01e67d08
DM		 848 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
849 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1da177e4 850 add_timer(&x->timer);
0bf7c5b0 851 init_net.xfrm.state_num++;
2fab22f2 852 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 853 } else {
854 x->km.state = XFRM_STATE_DEAD;
37b08e34 855 to_put = x;
1da177e4
LT		 856 x = NULL;
857 error = -ESRCH;
858 }
859 }
860out:
861 if (x)
862 xfrm_state_hold(x);
863 else
864 *err = acquire_in_progress ? -EAGAIN : error;
865 spin_unlock_bh(&xfrm_state_lock);
37b08e34
DM		 866 if (to_put)
867 xfrm_state_put(to_put);
1da177e4
LT		 868 return x;
869}
870
628529b6
JHS		 871struct xfrm_state *
872xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
873 unsigned short family, u8 mode, u8 proto, u32 reqid)
874{
4bda4f25 875 unsigned int h;
628529b6
JHS		 876 struct xfrm_state *rx = NULL, *x = NULL;
877 struct hlist_node *entry;
878
879 spin_lock(&xfrm_state_lock);
4bda4f25 880 h = xfrm_dst_hash(daddr, saddr, reqid, family);
73d189dc 881 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
628529b6
JHS		 882 if (x->props.family == family &&
883 x->props.reqid == reqid &&
884 !(x->props.flags & XFRM_STATE_WILDRECV) &&
885 xfrm_state_addr_check(x, daddr, saddr, family) &&
886 mode == x->props.mode &&
887 proto == x->id.proto &&
888 x->km.state == XFRM_STATE_VALID) {
889 rx = x;
890 break;
891 }
892 }
893
894 if (rx)
895 xfrm_state_hold(rx);
896 spin_unlock(&xfrm_state_lock);
897
898
899 return rx;
900}
901EXPORT_SYMBOL(xfrm_stateonly_find);
902
1da177e4
LT		 903static void __xfrm_state_insert(struct xfrm_state *x)
904{
a624c108 905 unsigned int h;
1da177e4 906
9d4a706d
DM		 907 x->genid = ++xfrm_state_genid;
908
9d4139c7 909 list_add(&x->km.all, &init_net.xfrm.state_all);
4c563f76 910
c1969f29
DM		 911 h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
912 x->props.reqid, x->props.family);
73d189dc 913 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
1da177e4 914
667bbcb6 915 h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
d320bbb3 916 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1da177e4 917
7b4dc360 918 if (x->id.spi) {
6c44e6b7
MN		 919 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
920 x->props.family);
921
b754a4fd 922 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
6c44e6b7
MN		 923 }
924
a47f0ce0
DM		 925 mod_timer(&x->timer, jiffies + HZ);
926 if (x->replay_maxage)
927 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
f8cd5488 928
50a30657 929 wake_up(&init_net.xfrm.km_waitq);
f034b5d4 930
0bf7c5b0 931 init_net.xfrm.state_num++;
f034b5d4 932
918049f0 933 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 934}
935
c7f5ea3a
DM		 936/* xfrm_state_lock is held */
937static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
938{
939 unsigned short family = xnew->props.family;
940 u32 reqid = xnew->props.reqid;
941 struct xfrm_state *x;
942 struct hlist_node *entry;
943 unsigned int h;
944
c1969f29 945 h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
73d189dc 946 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
c7f5ea3a
DM		 947 if (x->props.family == family &&
948 x->props.reqid == reqid &&
c1969f29
DM		 949 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
950 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
c7f5ea3a
DM		 951 x->genid = xfrm_state_genid;
952 }
953}
954
1da177e4
LT		 955void xfrm_state_insert(struct xfrm_state *x)
956{
957 spin_lock_bh(&xfrm_state_lock);
c7f5ea3a 958 __xfrm_state_bump_genids(x);
1da177e4
LT		 959 __xfrm_state_insert(x);
960 spin_unlock_bh(&xfrm_state_lock);
961}
962EXPORT_SYMBOL(xfrm_state_insert);
963
2770834c
DM		 964/* xfrm_state_lock is held */
965static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
966{
c1969f29 967 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
8f126e37 968 struct hlist_node *entry;
2770834c
DM		 969 struct xfrm_state *x;
970
73d189dc 971 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
2770834c
DM		 972 if (x->props.reqid != reqid ||
973 x->props.mode != mode ||
974 x->props.family != family ||
975 x->km.state != XFRM_STATE_ACQ ||
75e252d9
JL		 976 x->id.spi != 0 ||
977 x->id.proto != proto)
2770834c
DM		 978 continue;
979
980 switch (family) {
981 case AF_INET:
982 if (x->id.daddr.a4 != daddr->a4 ||
983 x->props.saddr.a4 != saddr->a4)
984 continue;
985 break;
986 case AF_INET6:
987 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
988 (struct in6_addr *)daddr) ||
989 !ipv6_addr_equal((struct in6_addr *)
990 x->props.saddr.a6,
991 (struct in6_addr *)saddr))
992 continue;
993 break;
3ff50b79 994 }
2770834c
DM		 995
996 xfrm_state_hold(x);
997 return x;
998 }
999
1000 if (!create)
1001 return NULL;
1002
673c09be 1003 x = xfrm_state_alloc(&init_net);
2770834c
DM		 1004 if (likely(x)) {
1005 switch (family) {
1006 case AF_INET:
1007 x->sel.daddr.a4 = daddr->a4;
1008 x->sel.saddr.a4 = saddr->a4;
1009 x->sel.prefixlen_d = 32;
1010 x->sel.prefixlen_s = 32;
1011 x->props.saddr.a4 = saddr->a4;
1012 x->id.daddr.a4 = daddr->a4;
1013 break;
1014
1015 case AF_INET6:
1016 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1017 (struct in6_addr *)daddr);
1018 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1019 (struct in6_addr *)saddr);
1020 x->sel.prefixlen_d = 128;
1021 x->sel.prefixlen_s = 128;
1022 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1023 (struct in6_addr *)saddr);
1024 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1025 (struct in6_addr *)daddr);
1026 break;
3ff50b79 1027 }
2770834c
DM		 1028
1029 x->km.state = XFRM_STATE_ACQ;
1030 x->id.proto = proto;
1031 x->props.family = family;
1032 x->props.mode = mode;
1033 x->props.reqid = reqid;
01e67d08 1034 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
2770834c 1035 xfrm_state_hold(x);
01e67d08 1036 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
2770834c 1037 add_timer(&x->timer);
9d4139c7 1038 list_add(&x->km.all, &init_net.xfrm.state_all);
73d189dc 1039 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
667bbcb6 1040 h = xfrm_src_hash(daddr, saddr, family);
d320bbb3 1041 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
918049f0 1042
0bf7c5b0 1043 init_net.xfrm.state_num++;
918049f0
DM		 1044
1045 xfrm_hash_grow_check(x->bydst.next != NULL);
2770834c
DM		 1046 }
1047
1048 return x;
1049}
1050
1da177e4
LT		 1051static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1052
1053int xfrm_state_add(struct xfrm_state *x)
1054{
37b08e34 1055 struct xfrm_state *x1, *to_put;
1da177e4
LT		 1056 int family;
1057 int err;
eb2971b6 1058 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4
LT		 1059
1060 family = x->props.family;
1da177e4 1061
37b08e34
DM		 1062 to_put = NULL;
1063
1da177e4
LT		 1064 spin_lock_bh(&xfrm_state_lock);
1065
edcd5821 1066 x1 = __xfrm_state_locate(x, use_spi, family);
1da177e4 1067 if (x1) {
37b08e34 1068 to_put = x1;
1da177e4
LT		 1069 x1 = NULL;
1070 err = -EEXIST;
1071 goto out;
1072 }
1073
eb2971b6 1074 if (use_spi && x->km.seq) {
1da177e4 1075 x1 = __xfrm_find_acq_byseq(x->km.seq);
75e252d9
JL		 1076 if (x1 && ((x1->id.proto != x->id.proto) ||
1077 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
37b08e34 1078 to_put = x1;
1da177e4
LT		 1079 x1 = NULL;
1080 }
1081 }
1082
eb2971b6 1083 if (use_spi && !x1)
2770834c
DM		 1084 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1085 x->id.proto,
1086 &x->id.daddr, &x->props.saddr, 0);
1da177e4 1087
c7f5ea3a 1088 __xfrm_state_bump_genids(x);
1da177e4
LT		 1089 __xfrm_state_insert(x);
1090 err = 0;
1091
1092out:
1093 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1094
1095 if (x1) {
1096 xfrm_state_delete(x1);
1097 xfrm_state_put(x1);
1098 }
1099
37b08e34
DM		 1100 if (to_put)
1101 xfrm_state_put(to_put);
1102
1da177e4
LT		 1103 return err;
1104}
1105EXPORT_SYMBOL(xfrm_state_add);
1106
80c9abaa 1107#ifdef CONFIG_XFRM_MIGRATE
6666351d 1108static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
80c9abaa
SS		 1109{
1110 int err = -ENOMEM;
673c09be 1111 struct xfrm_state *x = xfrm_state_alloc(&init_net);
80c9abaa
SS		 1112 if (!x)
1113 goto error;
1114
1115 memcpy(&x->id, &orig->id, sizeof(x->id));
1116 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1117 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1118 x->props.mode = orig->props.mode;
1119 x->props.replay_window = orig->props.replay_window;
1120 x->props.reqid = orig->props.reqid;
1121 x->props.family = orig->props.family;
1122 x->props.saddr = orig->props.saddr;
1123
1124 if (orig->aalg) {
1125 x->aalg = xfrm_algo_clone(orig->aalg);
1126 if (!x->aalg)
1127 goto error;
1128 }
1129 x->props.aalgo = orig->props.aalgo;
1130
1131 if (orig->ealg) {
1132 x->ealg = xfrm_algo_clone(orig->ealg);
1133 if (!x->ealg)
1134 goto error;
1135 }
1136 x->props.ealgo = orig->props.ealgo;
1137
1138 if (orig->calg) {
1139 x->calg = xfrm_algo_clone(orig->calg);
1140 if (!x->calg)
1141 goto error;
1142 }
1143 x->props.calgo = orig->props.calgo;
1144
a716c119 1145 if (orig->encap) {
80c9abaa
SS		 1146 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1147 if (!x->encap)
1148 goto error;
1149 }
1150
1151 if (orig->coaddr) {
1152 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1153 GFP_KERNEL);
1154 if (!x->coaddr)
1155 goto error;
1156 }
1157
1158 err = xfrm_init_state(x);
1159 if (err)
1160 goto error;
1161
1162 x->props.flags = orig->props.flags;
1163
1164 x->curlft.add_time = orig->curlft.add_time;
1165 x->km.state = orig->km.state;
1166 x->km.seq = orig->km.seq;
1167
1168 return x;
1169
1170 error:
1171 if (errp)
1172 *errp = err;
1173 if (x) {
1174 kfree(x->aalg);
1175 kfree(x->ealg);
1176 kfree(x->calg);
1177 kfree(x->encap);
1178 kfree(x->coaddr);
1179 }
1180 kfree(x);
1181 return NULL;
1182}
80c9abaa
SS		 1183
1184/* xfrm_state_lock is held */
1185struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1186{
1187 unsigned int h;
1188 struct xfrm_state *x;
1189 struct hlist_node *entry;
1190
1191 if (m->reqid) {
1192 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1193 m->reqid, m->old_family);
73d189dc 1194 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
80c9abaa
SS		 1195 if (x->props.mode != m->mode ||
1196 x->id.proto != m->proto)
1197 continue;
1198 if (m->reqid && x->props.reqid != m->reqid)
1199 continue;
1200 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1201 m->old_family) ||
1202 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1203 m->old_family))
1204 continue;
1205 xfrm_state_hold(x);
1206 return x;
1207 }
1208 } else {
1209 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1210 m->old_family);
d320bbb3 1211 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
80c9abaa
SS		 1212 if (x->props.mode != m->mode ||
1213 x->id.proto != m->proto)
1214 continue;
1215 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1216 m->old_family) ||
1217 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1218 m->old_family))
1219 continue;
1220 xfrm_state_hold(x);
1221 return x;
1222 }
1223 }
1224
a716c119 1225 return NULL;
80c9abaa
SS		 1226}
1227EXPORT_SYMBOL(xfrm_migrate_state_find);
1228
1229struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1230 struct xfrm_migrate *m)
1231{
1232 struct xfrm_state *xc;
1233 int err;
1234
1235 xc = xfrm_state_clone(x, &err);
1236 if (!xc)
1237 return NULL;
1238
1239 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1240 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1241
1242 /* add state */
1243 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1244 /* a care is needed when the destination address of the
1245 state is to be updated as it is a part of triplet */
1246 xfrm_state_insert(xc);
1247 } else {
1248 if ((err = xfrm_state_add(xc)) < 0)
1249 goto error;
1250 }
1251
1252 return xc;
1253error:
1254 kfree(xc);
1255 return NULL;
1256}
1257EXPORT_SYMBOL(xfrm_state_migrate);
1258#endif
1259
1da177e4
LT		 1260int xfrm_state_update(struct xfrm_state *x)
1261{
37b08e34 1262 struct xfrm_state *x1, *to_put;
1da177e4 1263 int err;
eb2971b6 1264 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4 1265
37b08e34
DM		 1266 to_put = NULL;
1267
1da177e4 1268 spin_lock_bh(&xfrm_state_lock);
edcd5821 1269 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1da177e4
LT		 1270
1271 err = -ESRCH;
1272 if (!x1)
1273 goto out;
1274
1275 if (xfrm_state_kern(x1)) {
37b08e34 1276 to_put = x1;
1da177e4
LT		 1277 err = -EEXIST;
1278 goto out;
1279 }
1280
1281 if (x1->km.state == XFRM_STATE_ACQ) {
1282 __xfrm_state_insert(x);
1283 x = NULL;
1284 }
1285 err = 0;
1286
1287out:
1288 spin_unlock_bh(&xfrm_state_lock);
1da177e4 1289
37b08e34
DM		 1290 if (to_put)
1291 xfrm_state_put(to_put);
1292
1da177e4
LT		 1293 if (err)
1294 return err;
1295
1296 if (!x) {
1297 xfrm_state_delete(x1);
1298 xfrm_state_put(x1);
1299 return 0;
1300 }
1301
1302 err = -EINVAL;
1303 spin_lock_bh(&x1->lock);
1304 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1305 if (x->encap && x1->encap)
1306 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
060f02a3
NT		 1307 if (x->coaddr && x1->coaddr) {
1308 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1309 }
1310 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1311 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1da177e4
LT		 1312 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1313 x1->km.dying = 0;
1314
a47f0ce0 1315 mod_timer(&x1->timer, jiffies + HZ);
1da177e4
LT		 1316 if (x1->curlft.use_time)
1317 xfrm_state_check_expire(x1);
1318
1319 err = 0;
1320 }
1321 spin_unlock_bh(&x1->lock);
1322
1323 xfrm_state_put(x1);
1324
1325 return err;
1326}
1327EXPORT_SYMBOL(xfrm_state_update);
1328
1329int xfrm_state_check_expire(struct xfrm_state *x)
1330{
1331 if (!x->curlft.use_time)
9d729f72 1332 x->curlft.use_time = get_seconds();
1da177e4
LT		 1333
1334 if (x->km.state != XFRM_STATE_VALID)
1335 return -EINVAL;
1336
1337 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1338 x->curlft.packets >= x->lft.hard_packet_limit) {
4666faab 1339 x->km.state = XFRM_STATE_EXPIRED;
a47f0ce0 1340 mod_timer(&x->timer, jiffies);
1da177e4
LT		 1341 return -EINVAL;
1342 }
1343
1344 if (!x->km.dying &&
1345 (x->curlft.bytes >= x->lft.soft_byte_limit ||
4666faab
HX		 1346 x->curlft.packets >= x->lft.soft_packet_limit)) {
1347 x->km.dying = 1;
53bc6b4d 1348 km_state_expired(x, 0, 0);
4666faab 1349 }
1da177e4
LT		 1350 return 0;
1351}
1352EXPORT_SYMBOL(xfrm_state_check_expire);
1353
1da177e4 1354struct xfrm_state *
a94cfd19 1355xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1da177e4
LT		 1356 unsigned short family)
1357{
1358 struct xfrm_state *x;
1da177e4
LT		 1359
1360 spin_lock_bh(&xfrm_state_lock);
edcd5821 1361 x = __xfrm_state_lookup(daddr, spi, proto, family);
1da177e4 1362 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1363 return x;
1364}
1365EXPORT_SYMBOL(xfrm_state_lookup);
1366
1367struct xfrm_state *
eb2971b6
MN		 1368xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1369 u8 proto, unsigned short family)
1370{
1371 struct xfrm_state *x;
eb2971b6
MN		 1372
1373 spin_lock_bh(&xfrm_state_lock);
edcd5821 1374 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
eb2971b6 1375 spin_unlock_bh(&xfrm_state_lock);
eb2971b6
MN		 1376 return x;
1377}
1378EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1379
1380struct xfrm_state *
a716c119
YH		 1381xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1382 xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 1383 int create, unsigned short family)
1384{
1385 struct xfrm_state *x;
1da177e4
LT		 1386
1387 spin_lock_bh(&xfrm_state_lock);
2770834c 1388 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1da177e4 1389 spin_unlock_bh(&xfrm_state_lock);
2770834c 1390
1da177e4
LT		 1391 return x;
1392}
1393EXPORT_SYMBOL(xfrm_find_acq);
1394
41a49cc3
MN		 1395#ifdef CONFIG_XFRM_SUB_POLICY
1396int
1397xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1398 unsigned short family)
1399{
1400 int err = 0;
1401 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1402 if (!afinfo)
1403 return -EAFNOSUPPORT;
1404
1405 spin_lock_bh(&xfrm_state_lock);
1406 if (afinfo->tmpl_sort)
1407 err = afinfo->tmpl_sort(dst, src, n);
1408 spin_unlock_bh(&xfrm_state_lock);
1409 xfrm_state_put_afinfo(afinfo);
1410 return err;
1411}
1412EXPORT_SYMBOL(xfrm_tmpl_sort);
1413
1414int
1415xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1416 unsigned short family)
1417{
1418 int err = 0;
1419 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1420 if (!afinfo)
1421 return -EAFNOSUPPORT;
1422
1423 spin_lock_bh(&xfrm_state_lock);
1424 if (afinfo->state_sort)
1425 err = afinfo->state_sort(dst, src, n);
1426 spin_unlock_bh(&xfrm_state_lock);
1427 xfrm_state_put_afinfo(afinfo);
1428 return err;
1429}
1430EXPORT_SYMBOL(xfrm_state_sort);
1431#endif
1432
1da177e4
LT		 1433/* Silly enough, but I'm lazy to build resolution list */
1434
1435static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1436{
1437 int i;
1da177e4 1438
529983ec 1439 for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
8f126e37
DM		 1440 struct hlist_node *entry;
1441 struct xfrm_state *x;
1442
73d189dc 1443 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
8f126e37
DM		 1444 if (x->km.seq == seq &&
1445 x->km.state == XFRM_STATE_ACQ) {
1da177e4
LT		 1446 xfrm_state_hold(x);
1447 return x;
1448 }
1449 }
1450 }
1451 return NULL;
1452}
1453
1454struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1455{
1456 struct xfrm_state *x;
1457
1458 spin_lock_bh(&xfrm_state_lock);
1459 x = __xfrm_find_acq_byseq(seq);
1460 spin_unlock_bh(&xfrm_state_lock);
1461 return x;
1462}
1463EXPORT_SYMBOL(xfrm_find_acq_byseq);
1464
1465u32 xfrm_get_acqseq(void)
1466{
1467 u32 res;
1468 static u32 acqseq;
1469 static DEFINE_SPINLOCK(acqseq_lock);
1470
1471 spin_lock_bh(&acqseq_lock);
1472 res = (++acqseq ? : ++acqseq);
1473 spin_unlock_bh(&acqseq_lock);
1474 return res;
1475}
1476EXPORT_SYMBOL(xfrm_get_acqseq);
1477
658b219e 1478int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1da177e4 1479{
f034b5d4 1480 unsigned int h;
1da177e4 1481 struct xfrm_state *x0;
658b219e
HX		 1482 int err = -ENOENT;
1483 __be32 minspi = htonl(low);
1484 __be32 maxspi = htonl(high);
1da177e4 1485
658b219e
HX		 1486 spin_lock_bh(&x->lock);
1487 if (x->km.state == XFRM_STATE_DEAD)
1488 goto unlock;
1489
1490 err = 0;
1da177e4 1491 if (x->id.spi)
658b219e
HX		 1492 goto unlock;
1493
1494 err = -ENOENT;
1da177e4
LT		 1495
1496 if (minspi == maxspi) {
1497 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1498 if (x0) {
1499 xfrm_state_put(x0);
658b219e 1500 goto unlock;
1da177e4
LT		 1501 }
1502 x->id.spi = minspi;
1503 } else {
1504 u32 spi = 0;
26977b4e
AV		 1505 for (h=0; h<high-low+1; h++) {
1506 spi = low + net_random()%(high-low+1);
1da177e4
LT		 1507 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1508 if (x0 == NULL) {
1509 x->id.spi = htonl(spi);
1510 break;
1511 }
1512 xfrm_state_put(x0);
1513 }
1514 }
1515 if (x->id.spi) {
1516 spin_lock_bh(&xfrm_state_lock);
1517 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
b754a4fd 1518 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1da177e4 1519 spin_unlock_bh(&xfrm_state_lock);
658b219e
HX		 1520
1521 err = 0;
1da177e4 1522 }
658b219e
HX		 1523
1524unlock:
1525 spin_unlock_bh(&x->lock);
1526
1527 return err;
1da177e4
LT		 1528}
1529EXPORT_SYMBOL(xfrm_alloc_spi);
1530
4c563f76
TT		 1531int xfrm_state_walk(struct xfrm_state_walk *walk,
1532 int (*func)(struct xfrm_state *, int, void*),
1da177e4
LT		 1533 void *data)
1534{
12a169e7
HX		 1535 struct xfrm_state *state;
1536 struct xfrm_state_walk *x;
1da177e4
LT		 1537 int err = 0;
1538
12a169e7 1539 if (walk->seq != 0 && list_empty(&walk->all))
4c563f76
TT		 1540 return 0;
1541
1da177e4 1542 spin_lock_bh(&xfrm_state_lock);
12a169e7 1543 if (list_empty(&walk->all))
9d4139c7 1544 x = list_first_entry(&init_net.xfrm.state_all, struct xfrm_state_walk, all);
12a169e7
HX		 1545 else
1546 x = list_entry(&walk->all, struct xfrm_state_walk, all);
9d4139c7 1547 list_for_each_entry_from(x, &init_net.xfrm.state_all, all) {
12a169e7 1548 if (x->state == XFRM_STATE_DEAD)
4c563f76 1549 continue;
12a169e7
HX		 1550 state = container_of(x, struct xfrm_state, km);
1551 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
4c563f76 1552 continue;
12a169e7
HX		 1553 err = func(state, walk->seq, data);
1554 if (err) {
1555 list_move_tail(&walk->all, &x->all);
1556 goto out;
1da177e4 1557 }
12a169e7 1558 walk->seq++;
1da177e4 1559 }
12a169e7 1560 if (walk->seq == 0) {
1da177e4
LT		 1561 err = -ENOENT;
1562 goto out;
1563 }
12a169e7 1564 list_del_init(&walk->all);
1da177e4
LT		 1565out:
1566 spin_unlock_bh(&xfrm_state_lock);
1567 return err;
1568}
1569EXPORT_SYMBOL(xfrm_state_walk);
1570
5c182458
HX		 1571void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1572{
12a169e7 1573 INIT_LIST_HEAD(&walk->all);
5c182458 1574 walk->proto = proto;
12a169e7
HX		 1575 walk->state = XFRM_STATE_DEAD;
1576 walk->seq = 0;
5c182458
HX		 1577}
1578EXPORT_SYMBOL(xfrm_state_walk_init);
1579
abb81c4f
HX		 1580void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1581{
12a169e7 1582 if (list_empty(&walk->all))
5c182458 1583 return;
5c182458 1584
12a169e7
HX		 1585 spin_lock_bh(&xfrm_state_lock);
1586 list_del(&walk->all);
1587 spin_lock_bh(&xfrm_state_lock);
abb81c4f
HX		 1588}
1589EXPORT_SYMBOL(xfrm_state_walk_done);
1590
f8cd5488
JHS		 1591
1592void xfrm_replay_notify(struct xfrm_state *x, int event)
1593{
1594 struct km_event c;
1595 /* we send notify messages in case
1596 * 1. we updated on of the sequence numbers, and the seqno difference
1597 * is at least x->replay_maxdiff, in this case we also update the
1598 * timeout of our timer function
1599 * 2. if x->replay_maxage has elapsed since last update,
1600 * and there were changes
1601 *
1602 * The state structure must be locked!
1603 */
1604
1605 switch (event) {
1606 case XFRM_REPLAY_UPDATE:
1607 if (x->replay_maxdiff &&
1608 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
2717096a
JHS		 1609 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1610 if (x->xflags & XFRM_TIME_DEFER)
1611 event = XFRM_REPLAY_TIMEOUT;
1612 else
1613 return;
1614 }
f8cd5488
JHS		 1615
1616 break;
1617
1618 case XFRM_REPLAY_TIMEOUT:
1619 if ((x->replay.seq == x->preplay.seq) &&
1620 (x->replay.bitmap == x->preplay.bitmap) &&
2717096a
JHS		 1621 (x->replay.oseq == x->preplay.oseq)) {
1622 x->xflags |= XFRM_TIME_DEFER;
f8cd5488 1623 return;
2717096a 1624 }
f8cd5488
JHS		 1625
1626 break;
1627 }
1628
1629 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1630 c.event = XFRM_MSG_NEWAE;
1631 c.data.aevent = event;
1632 km_state_notify(x, &c);
1633
f8cd5488 1634 if (x->replay_maxage &&
a47f0ce0 1635 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
2717096a 1636 x->xflags &= ~XFRM_TIME_DEFER;
f8cd5488
JHS		 1637}
1638
1639static void xfrm_replay_timer_handler(unsigned long data)
1640{
1641 struct xfrm_state *x = (struct xfrm_state*)data;
1642
1643 spin_lock(&x->lock);
1644
2717096a
JHS		 1645 if (x->km.state == XFRM_STATE_VALID) {
1646 if (xfrm_aevent_is_on())
1647 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1648 else
1649 x->xflags |= XFRM_TIME_DEFER;
1650 }
f8cd5488
JHS		 1651
1652 spin_unlock(&x->lock);
1653}
1654
afeb14b4
PM		 1655int xfrm_replay_check(struct xfrm_state *x,
1656 struct sk_buff *skb, __be32 net_seq)
1da177e4
LT		 1657{
1658 u32 diff;
a252cc23 1659 u32 seq = ntohl(net_seq);
1da177e4
LT		 1660
1661 if (unlikely(seq == 0))
afeb14b4 1662 goto err;
1da177e4
LT		 1663
1664 if (likely(seq > x->replay.seq))
1665 return 0;
1666
1667 diff = x->replay.seq - seq;
4c4d51a7
HX		 1668 if (diff >= min_t(unsigned int, x->props.replay_window,
1669 sizeof(x->replay.bitmap) * 8)) {
1da177e4 1670 x->stats.replay_window++;
afeb14b4 1671 goto err;
1da177e4
LT		 1672 }
1673
1674 if (x->replay.bitmap & (1U << diff)) {
1675 x->stats.replay++;
afeb14b4 1676 goto err;
1da177e4
LT		 1677 }
1678 return 0;
afeb14b4
PM		 1679
1680err:
1681 xfrm_audit_state_replay(x, skb, net_seq);
1682 return -EINVAL;
1da177e4 1683}
1da177e4 1684
61f4627b 1685void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1da177e4
LT		 1686{
1687 u32 diff;
61f4627b 1688 u32 seq = ntohl(net_seq);
1da177e4
LT		 1689
1690 if (seq > x->replay.seq) {
1691 diff = seq - x->replay.seq;
1692 if (diff < x->props.replay_window)
1693 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1694 else
1695 x->replay.bitmap = 1;
1696 x->replay.seq = seq;
1697 } else {
1698 diff = x->replay.seq - seq;
1699 x->replay.bitmap |= (1U << diff);
1700 }
f8cd5488
JHS		 1701
1702 if (xfrm_aevent_is_on())
1703 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1da177e4 1704}
1da177e4 1705
df01812e 1706static LIST_HEAD(xfrm_km_list);
1da177e4
LT		 1707static DEFINE_RWLOCK(xfrm_km_lock);
1708
26b15dad 1709void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1da177e4
LT		 1710{
1711 struct xfrm_mgr *km;
1712
26b15dad
JHS		 1713 read_lock(&xfrm_km_lock);
1714 list_for_each_entry(km, &xfrm_km_list, list)
1715 if (km->notify_policy)
1716 km->notify_policy(xp, dir, c);
1717 read_unlock(&xfrm_km_lock);
1718}
1da177e4 1719
26b15dad
JHS		 1720void km_state_notify(struct xfrm_state *x, struct km_event *c)
1721{
1722 struct xfrm_mgr *km;
1da177e4
LT		 1723 read_lock(&xfrm_km_lock);
1724 list_for_each_entry(km, &xfrm_km_list, list)
26b15dad
JHS		 1725 if (km->notify)
1726 km->notify(x, c);
1da177e4 1727 read_unlock(&xfrm_km_lock);
26b15dad
JHS		 1728}
1729
1730EXPORT_SYMBOL(km_policy_notify);
1731EXPORT_SYMBOL(km_state_notify);
1732
53bc6b4d 1733void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
26b15dad
JHS		 1734{
1735 struct km_event c;
1736
bf08867f 1737 c.data.hard = hard;
53bc6b4d 1738 c.pid = pid;
f60f6b8f 1739 c.event = XFRM_MSG_EXPIRE;
26b15dad 1740 km_state_notify(x, &c);
1da177e4
LT		 1741
1742 if (hard)
50a30657 1743 wake_up(&init_net.xfrm.km_waitq);
1da177e4
LT		 1744}
1745
53bc6b4d 1746EXPORT_SYMBOL(km_state_expired);
26b15dad
JHS		 1747/*
1748 * We send to all registered managers regardless of failure
1749 * We are happy with one success
1750*/
980ebd25 1751int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1da177e4 1752{
26b15dad 1753 int err = -EINVAL, acqret;
1da177e4
LT		 1754 struct xfrm_mgr *km;
1755
1756 read_lock(&xfrm_km_lock);
1757 list_for_each_entry(km, &xfrm_km_list, list) {
26b15dad
JHS		 1758 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1759 if (!acqret)
1760 err = acqret;
1da177e4
LT		 1761 }
1762 read_unlock(&xfrm_km_lock);
1763 return err;
1764}
980ebd25 1765EXPORT_SYMBOL(km_query);
1da177e4 1766
5d36b180 1767int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1da177e4
LT		 1768{
1769 int err = -EINVAL;
1770 struct xfrm_mgr *km;
1771
1772 read_lock(&xfrm_km_lock);
1773 list_for_each_entry(km, &xfrm_km_list, list) {
1774 if (km->new_mapping)
1775 err = km->new_mapping(x, ipaddr, sport);
1776 if (!err)
1777 break;
1778 }
1779 read_unlock(&xfrm_km_lock);
1780 return err;
1781}
1782EXPORT_SYMBOL(km_new_mapping);
1783
6c5c8ca7 1784void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1da177e4 1785{
26b15dad 1786 struct km_event c;
1da177e4 1787
bf08867f 1788 c.data.hard = hard;
6c5c8ca7 1789 c.pid = pid;
f60f6b8f 1790 c.event = XFRM_MSG_POLEXPIRE;
26b15dad 1791 km_policy_notify(pol, dir, &c);
1da177e4
LT		 1792
1793 if (hard)
50a30657 1794 wake_up(&init_net.xfrm.km_waitq);
1da177e4 1795}
a70fcb0b 1796EXPORT_SYMBOL(km_policy_expired);
1da177e4 1797
2d60abc2 1798#ifdef CONFIG_XFRM_MIGRATE
80c9abaa 1799int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
13c1d189
AE		 1800 struct xfrm_migrate *m, int num_migrate,
1801 struct xfrm_kmaddress *k)
80c9abaa
SS		 1802{
1803 int err = -EINVAL;
1804 int ret;
1805 struct xfrm_mgr *km;
1806
1807 read_lock(&xfrm_km_lock);
1808 list_for_each_entry(km, &xfrm_km_list, list) {
1809 if (km->migrate) {
13c1d189 1810 ret = km->migrate(sel, dir, type, m, num_migrate, k);
80c9abaa
SS		 1811 if (!ret)
1812 err = ret;
1813 }
1814 }
1815 read_unlock(&xfrm_km_lock);
1816 return err;
1817}
1818EXPORT_SYMBOL(km_migrate);
2d60abc2 1819#endif
80c9abaa 1820
97a64b45
MN		 1821int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1822{
1823 int err = -EINVAL;
1824 int ret;
1825 struct xfrm_mgr *km;
1826
1827 read_lock(&xfrm_km_lock);
1828 list_for_each_entry(km, &xfrm_km_list, list) {
1829 if (km->report) {
1830 ret = km->report(proto, sel, addr);
1831 if (!ret)
1832 err = ret;
1833 }
1834 }
1835 read_unlock(&xfrm_km_lock);
1836 return err;
1837}
1838EXPORT_SYMBOL(km_report);
1839
1da177e4
LT		 1840int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1841{
1842 int err;
1843 u8 *data;
1844 struct xfrm_mgr *km;
1845 struct xfrm_policy *pol = NULL;
1846
1847 if (optlen <= 0 || optlen > PAGE_SIZE)
1848 return -EMSGSIZE;
1849
1850 data = kmalloc(optlen, GFP_KERNEL);
1851 if (!data)
1852 return -ENOMEM;
1853
1854 err = -EFAULT;
1855 if (copy_from_user(data, optval, optlen))
1856 goto out;
1857
1858 err = -EINVAL;
1859 read_lock(&xfrm_km_lock);
1860 list_for_each_entry(km, &xfrm_km_list, list) {
cb969f07 1861 pol = km->compile_policy(sk, optname, data,
1da177e4
LT		 1862 optlen, &err);
1863 if (err >= 0)
1864 break;
1865 }
1866 read_unlock(&xfrm_km_lock);
1867
1868 if (err >= 0) {
1869 xfrm_sk_policy_insert(sk, err, pol);
1870 xfrm_pol_put(pol);
1871 err = 0;
1872 }
1873
1874out:
1875 kfree(data);
1876 return err;
1877}
1878EXPORT_SYMBOL(xfrm_user_policy);
1879
1880int xfrm_register_km(struct xfrm_mgr *km)
1881{
1882 write_lock_bh(&xfrm_km_lock);
1883 list_add_tail(&km->list, &xfrm_km_list);
1884 write_unlock_bh(&xfrm_km_lock);
1885 return 0;
1886}
1887EXPORT_SYMBOL(xfrm_register_km);
1888
1889int xfrm_unregister_km(struct xfrm_mgr *km)
1890{
1891 write_lock_bh(&xfrm_km_lock);
1892 list_del(&km->list);
1893 write_unlock_bh(&xfrm_km_lock);
1894 return 0;
1895}
1896EXPORT_SYMBOL(xfrm_unregister_km);
1897
1898int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1899{
1900 int err = 0;
1901 if (unlikely(afinfo == NULL))
1902 return -EINVAL;
1903 if (unlikely(afinfo->family >= NPROTO))
1904 return -EAFNOSUPPORT;
f3111502 1905 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1906 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1907 err = -ENOBUFS;
edcd5821 1908 else
1da177e4 1909 xfrm_state_afinfo[afinfo->family] = afinfo;
f3111502 1910 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1911 return err;
1912}
1913EXPORT_SYMBOL(xfrm_state_register_afinfo);
1914
1915int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1916{
1917 int err = 0;
1918 if (unlikely(afinfo == NULL))
1919 return -EINVAL;
1920 if (unlikely(afinfo->family >= NPROTO))
1921 return -EAFNOSUPPORT;
f3111502 1922 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1923 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1924 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1925 err = -EINVAL;
edcd5821 1926 else
1da177e4 1927 xfrm_state_afinfo[afinfo->family] = NULL;
1da177e4 1928 }
f3111502 1929 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1930 return err;
1931}
1932EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1933
17c2a42a 1934static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1da177e4
LT		 1935{
1936 struct xfrm_state_afinfo *afinfo;
1937 if (unlikely(family >= NPROTO))
1938 return NULL;
1939 read_lock(&xfrm_state_afinfo_lock);
1940 afinfo = xfrm_state_afinfo[family];
546be240
HX		 1941 if (unlikely(!afinfo))
1942 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1943 return afinfo;
1944}
1945
17c2a42a 1946static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 1947 __releases(xfrm_state_afinfo_lock)
1da177e4 1948{
546be240 1949 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1950}
1951
1952/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1953void xfrm_state_delete_tunnel(struct xfrm_state *x)
1954{
1955 if (x->tunnel) {
1956 struct xfrm_state *t = x->tunnel;
1957
1958 if (atomic_read(&t->tunnel_users) == 2)
1959 xfrm_state_delete(t);
1960 atomic_dec(&t->tunnel_users);
1961 xfrm_state_put(t);
1962 x->tunnel = NULL;
1963 }
1964}
1965EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1966
1967int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1968{
c5c25238 1969 int res;
1da177e4 1970
c5c25238
PM		 1971 spin_lock_bh(&x->lock);
1972 if (x->km.state == XFRM_STATE_VALID &&
1973 x->type && x->type->get_mtu)
1974 res = x->type->get_mtu(x, mtu);
1975 else
28121617 1976 res = mtu - x->props.header_len;
c5c25238 1977 spin_unlock_bh(&x->lock);
1da177e4
LT		 1978 return res;
1979}
1980
72cb6962
HX		 1981int xfrm_init_state(struct xfrm_state *x)
1982{
d094cd83 1983 struct xfrm_state_afinfo *afinfo;
df9dcb45 1984 struct xfrm_mode *inner_mode;
d094cd83 1985 int family = x->props.family;
72cb6962
HX		 1986 int err;
1987
d094cd83
HX		 1988 err = -EAFNOSUPPORT;
1989 afinfo = xfrm_state_get_afinfo(family);
1990 if (!afinfo)
1991 goto error;
1992
1993 err = 0;
1994 if (afinfo->init_flags)
1995 err = afinfo->init_flags(x);
1996
1997 xfrm_state_put_afinfo(afinfo);
1998
1999 if (err)
2000 goto error;
2001
2002 err = -EPROTONOSUPPORT;
13996378 2003
df9dcb45
KM		 2004 if (x->sel.family != AF_UNSPEC) {
2005 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2006 if (inner_mode == NULL)
2007 goto error;
2008
2009 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2010 family != x->sel.family) {
2011 xfrm_put_mode(inner_mode);
2012 goto error;
2013 }
2014
2015 x->inner_mode = inner_mode;
2016 } else {
2017 struct xfrm_mode *inner_mode_iaf;
2018
2019 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2020 if (inner_mode == NULL)
2021 goto error;
2022
2023 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2024 xfrm_put_mode(inner_mode);
2025 goto error;
2026 }
2027
2028 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2029 if (inner_mode_iaf == NULL)
2030 goto error;
2031
2032 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2033 xfrm_put_mode(inner_mode_iaf);
2034 goto error;
2035 }
2036
2037 if (x->props.family == AF_INET) {
2038 x->inner_mode = inner_mode;
2039 x->inner_mode_iaf = inner_mode_iaf;
2040 } else {
2041 x->inner_mode = inner_mode_iaf;
2042 x->inner_mode_iaf = inner_mode;
2043 }
2044 }
13996378 2045
d094cd83 2046 x->type = xfrm_get_type(x->id.proto, family);
72cb6962
HX		 2047 if (x->type == NULL)
2048 goto error;
2049
2050 err = x->type->init_state(x);
2051 if (err)
2052 goto error;
2053
13996378
HX		 2054 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2055 if (x->outer_mode == NULL)
b59f45d0
HX		 2056 goto error;
2057
72cb6962
HX		 2058 x->km.state = XFRM_STATE_VALID;
2059
2060error:
2061 return err;
2062}
2063
2064EXPORT_SYMBOL(xfrm_init_state);
a716c119 2065
d62ddc21 2066int __net_init xfrm_state_init(struct net *net)
1da177e4 2067{
f034b5d4
DM		 2068 unsigned int sz;
2069
9d4139c7
AD		 2070 INIT_LIST_HEAD(&net->xfrm.state_all);
2071
f034b5d4
DM		 2072 sz = sizeof(struct hlist_head) * 8;
2073
73d189dc
AD		 2074 net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2075 if (!net->xfrm.state_bydst)
2076 goto out_bydst;
d320bbb3
AD		 2077 net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2078 if (!net->xfrm.state_bysrc)
2079 goto out_bysrc;
b754a4fd
AD		 2080 net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2081 if (!net->xfrm.state_byspi)
2082 goto out_byspi;
529983ec 2083 net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1da177e4 2084
0bf7c5b0 2085 net->xfrm.state_num = 0;
63082733 2086 INIT_WORK(&net->xfrm.state_hash_work, xfrm_hash_resize);
b8a0ae20 2087 INIT_HLIST_HEAD(&net->xfrm.state_gc_list);
c7837144 2088 INIT_WORK(&net->xfrm.state_gc_work, xfrm_state_gc_task);
50a30657 2089 init_waitqueue_head(&net->xfrm.km_waitq);
d62ddc21 2090 return 0;
73d189dc 2091
b754a4fd
AD		 2092out_byspi:
2093 xfrm_hash_free(net->xfrm.state_bysrc, sz);
d320bbb3
AD		 2094out_bysrc:
2095 xfrm_hash_free(net->xfrm.state_bydst, sz);
73d189dc
AD		 2096out_bydst:
2097 return -ENOMEM;
d62ddc21
AD		 2098}
2099
2100void xfrm_state_fini(struct net *net)
2101{
73d189dc
AD		 2102 unsigned int sz;
2103
9d4139c7 2104 WARN_ON(!list_empty(&net->xfrm.state_all));
73d189dc 2105
529983ec 2106 sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
b754a4fd
AD		 2107 WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2108 xfrm_hash_free(net->xfrm.state_byspi, sz);
d320bbb3
AD		 2109 WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2110 xfrm_hash_free(net->xfrm.state_bysrc, sz);
73d189dc
AD		 2111 WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2112 xfrm_hash_free(net->xfrm.state_bydst, sz);
1da177e4
LT		 2113}
2114
ab5f5e8b 2115#ifdef CONFIG_AUDITSYSCALL
cf35f43e
IJ		 2116static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2117 struct audit_buffer *audit_buf)
ab5f5e8b 2118{
68277acc
PM		 2119 struct xfrm_sec_ctx *ctx = x->security;
2120 u32 spi = ntohl(x->id.spi);
2121
2122 if (ctx)
ab5f5e8b 2123 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
68277acc 2124 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
ab5f5e8b
JL		 2125
2126 switch(x->props.family) {
2127 case AF_INET:
21454aaa
HH		 2128 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2129 &x->props.saddr.a4, &x->id.daddr.a4);
ab5f5e8b
JL		 2130 break;
2131 case AF_INET6:
5b095d98 2132 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
fdb46ee7 2133 x->props.saddr.a6, x->id.daddr.a6);
ab5f5e8b
JL		 2134 break;
2135 }
68277acc
PM		 2136
2137 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
ab5f5e8b
JL		 2138}
2139
cf35f43e
IJ		 2140static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2141 struct audit_buffer *audit_buf)
afeb14b4
PM		 2142{
2143 struct iphdr *iph4;
2144 struct ipv6hdr *iph6;
2145
2146 switch (family) {
2147 case AF_INET:
2148 iph4 = ip_hdr(skb);
21454aaa
HH		 2149 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2150 &iph4->saddr, &iph4->daddr);
afeb14b4
PM		 2151 break;
2152 case AF_INET6:
2153 iph6 = ipv6_hdr(skb);
2154 audit_log_format(audit_buf,
5b095d98 2155 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
fdb46ee7 2156 &iph6->saddr,&iph6->daddr,
afeb14b4
PM		 2157 iph6->flow_lbl[0] & 0x0f,
2158 iph6->flow_lbl[1],
2159 iph6->flow_lbl[2]);
2160 break;
2161 }
2162}
2163
68277acc 2164void xfrm_audit_state_add(struct xfrm_state *x, int result,
2532386f 2165 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2166{
2167 struct audit_buffer *audit_buf;
ab5f5e8b 2168
afeb14b4 2169 audit_buf = xfrm_audit_start("SAD-add");
ab5f5e8b
JL		 2170 if (audit_buf == NULL)
2171 return;
2532386f 2172 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2173 xfrm_audit_helper_sainfo(x, audit_buf);
2174 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2175 audit_log_end(audit_buf);
2176}
2177EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2178
68277acc 2179void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2532386f 2180 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2181{
2182 struct audit_buffer *audit_buf;
ab5f5e8b 2183
afeb14b4 2184 audit_buf = xfrm_audit_start("SAD-delete");
ab5f5e8b
JL		 2185 if (audit_buf == NULL)
2186 return;
2532386f 2187 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2188 xfrm_audit_helper_sainfo(x, audit_buf);
2189 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2190 audit_log_end(audit_buf);
2191}
2192EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
afeb14b4
PM		 2193
2194void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2195 struct sk_buff *skb)
2196{
2197 struct audit_buffer *audit_buf;
2198 u32 spi;
2199
2200 audit_buf = xfrm_audit_start("SA-replay-overflow");
2201 if (audit_buf == NULL)
2202 return;
2203 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2204 /* don't record the sequence number because it's inherent in this kind
2205 * of audit message */
2206 spi = ntohl(x->id.spi);
2207 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2208 audit_log_end(audit_buf);
2209}
2210EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2211
2212static void xfrm_audit_state_replay(struct xfrm_state *x,
2213 struct sk_buff *skb, __be32 net_seq)
2214{
2215 struct audit_buffer *audit_buf;
2216 u32 spi;
2217
2218 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2219 if (audit_buf == NULL)
2220 return;
2221 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2222 spi = ntohl(x->id.spi);
2223 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2224 spi, spi, ntohl(net_seq));
2225 audit_log_end(audit_buf);
2226}
2227
2228void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2229{
2230 struct audit_buffer *audit_buf;
2231
2232 audit_buf = xfrm_audit_start("SA-notfound");
2233 if (audit_buf == NULL)
2234 return;
2235 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2236 audit_log_end(audit_buf);
2237}
2238EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2239
2240void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2241 __be32 net_spi, __be32 net_seq)
2242{
2243 struct audit_buffer *audit_buf;
2244 u32 spi;
2245
2246 audit_buf = xfrm_audit_start("SA-notfound");
2247 if (audit_buf == NULL)
2248 return;
2249 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2250 spi = ntohl(net_spi);
2251 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2252 spi, spi, ntohl(net_seq));
2253 audit_log_end(audit_buf);
2254}
2255EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2256
2257void xfrm_audit_state_icvfail(struct xfrm_state *x,
2258 struct sk_buff *skb, u8 proto)
2259{
2260 struct audit_buffer *audit_buf;
2261 __be32 net_spi;
2262 __be32 net_seq;
2263
2264 audit_buf = xfrm_audit_start("SA-icv-failure");
2265 if (audit_buf == NULL)
2266 return;
2267 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2268 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2269 u32 spi = ntohl(net_spi);
2270 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2271 spi, spi, ntohl(net_seq));
2272 }
2273 audit_log_end(audit_buf);
2274}
2275EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
ab5f5e8b 2276#endif /* CONFIG_AUDITSYSCALL */
Linux kernel - Deliverables
This page took 0.551231 seconds and 5 git commands to generate.