1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
21#include <linux/cache.h>
22#include <linux/audit.h>
23#include <asm/uaccess.h>
24#include <linux/ktime.h>
25#include <linux/slab.h>
26#include <linux/interrupt.h>
27#include <linux/kernel.h>
28
29#include "xfrm_hash.h"
30
31
32
33
34
35
36
37
38static DEFINE_SPINLOCK(xfrm_state_lock);
39
40static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
41
42static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
43static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
44
45#ifdef CONFIG_AUDITSYSCALL
46static void xfrm_audit_state_replay(struct xfrm_state *x,
47 struct sk_buff *skb, __be32 net_seq);
48#else
49#define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
50#endif
51
52static inline unsigned int xfrm_dst_hash(struct net *net,
53 xfrm_address_t *daddr,
54 xfrm_address_t *saddr,
55 u32 reqid,
56 unsigned short family)
57{
58 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask);
59}
60
61static inline unsigned int xfrm_src_hash(struct net *net,
62 xfrm_address_t *daddr,
63 xfrm_address_t *saddr,
64 unsigned short family)
65{
66 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask);
67}
68
69static inline unsigned int
70xfrm_spi_hash(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
71{
72 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask);
73}
74
75static void xfrm_hash_transfer(struct hlist_head *list,
76 struct hlist_head *ndsttable,
77 struct hlist_head *nsrctable,
78 struct hlist_head *nspitable,
79 unsigned int nhashmask)
80{
81 struct hlist_node *entry, *tmp;
82 struct xfrm_state *x;
83
84 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
85 unsigned int h;
86
87 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
88 x->props.reqid, x->props.family,
89 nhashmask);
90 hlist_add_head(&x->bydst, ndsttable+h);
91
92 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
93 x->props.family,
94 nhashmask);
95 hlist_add_head(&x->bysrc, nsrctable+h);
96
97 if (x->id.spi) {
98 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
99 x->id.proto, x->props.family,
100 nhashmask);
101 hlist_add_head(&x->byspi, nspitable+h);
102 }
103 }
104}
105
106static unsigned long xfrm_hash_new_size(unsigned int state_hmask)
107{
108 return ((state_hmask + 1) << 1) * sizeof(struct hlist_head);
109}
110
111static DEFINE_MUTEX(hash_resize_mutex);
112
113static void xfrm_hash_resize(struct work_struct *work)
114{
115 struct net *net = container_of(work, struct net, xfrm.state_hash_work);
116 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
117 unsigned long nsize, osize;
118 unsigned int nhashmask, ohashmask;
119 int i;
120
121 mutex_lock(&hash_resize_mutex);
122
123 nsize = xfrm_hash_new_size(net->xfrm.state_hmask);
124 ndst = xfrm_hash_alloc(nsize);
125 if (!ndst)
126 goto out_unlock;
127 nsrc = xfrm_hash_alloc(nsize);
128 if (!nsrc) {
129 xfrm_hash_free(ndst, nsize);
130 goto out_unlock;
131 }
132 nspi = xfrm_hash_alloc(nsize);
133 if (!nspi) {
134 xfrm_hash_free(ndst, nsize);
135 xfrm_hash_free(nsrc, nsize);
136 goto out_unlock;
137 }
138
139 spin_lock_bh(&xfrm_state_lock);
140
141 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
142 for (i = net->xfrm.state_hmask; i >= 0; i--)
143 xfrm_hash_transfer(net->xfrm.state_bydst+i, ndst, nsrc, nspi,
144 nhashmask);
145
146 odst = net->xfrm.state_bydst;
147 osrc = net->xfrm.state_bysrc;
148 ospi = net->xfrm.state_byspi;
149 ohashmask = net->xfrm.state_hmask;
150
151 net->xfrm.state_bydst = ndst;
152 net->xfrm.state_bysrc = nsrc;
153 net->xfrm.state_byspi = nspi;
154 net->xfrm.state_hmask = nhashmask;
155
156 spin_unlock_bh(&xfrm_state_lock);
157
158 osize = (ohashmask + 1) * sizeof(struct hlist_head);
159 xfrm_hash_free(odst, osize);
160 xfrm_hash_free(osrc, osize);
161 xfrm_hash_free(ospi, osize);
162
163out_unlock:
164 mutex_unlock(&hash_resize_mutex);
165}
166
167static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
168static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
169
170static DEFINE_SPINLOCK(xfrm_state_gc_lock);
171
172int __xfrm_state_delete(struct xfrm_state *x);
173
174int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
175void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
176
177static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
178{
179 struct xfrm_state_afinfo *afinfo;
180 if (unlikely(family >= NPROTO))
181 return NULL;
182 write_lock_bh(&xfrm_state_afinfo_lock);
183 afinfo = xfrm_state_afinfo[family];
184 if (unlikely(!afinfo))
185 write_unlock_bh(&xfrm_state_afinfo_lock);
186 return afinfo;
187}
188
189static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
190 __releases(xfrm_state_afinfo_lock)
191{
192 write_unlock_bh(&xfrm_state_afinfo_lock);
193}
194
195int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
196{
197 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
198 const struct xfrm_type **typemap;
199 int err = 0;
200
201 if (unlikely(afinfo == NULL))
202 return -EAFNOSUPPORT;
203 typemap = afinfo->type_map;
204
205 if (likely(typemap[type->proto] == NULL))
206 typemap[type->proto] = type;
207 else
208 err = -EEXIST;
209 xfrm_state_unlock_afinfo(afinfo);
210 return err;
211}
212EXPORT_SYMBOL(xfrm_register_type);
213
214int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
215{
216 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
217 const struct xfrm_type **typemap;
218 int err = 0;
219
220 if (unlikely(afinfo == NULL))
221 return -EAFNOSUPPORT;
222 typemap = afinfo->type_map;
223
224 if (unlikely(typemap[type->proto] != type))
225 err = -ENOENT;
226 else
227 typemap[type->proto] = NULL;
228 xfrm_state_unlock_afinfo(afinfo);
229 return err;
230}
231EXPORT_SYMBOL(xfrm_unregister_type);
232
233static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
234{
235 struct xfrm_state_afinfo *afinfo;
236 const struct xfrm_type **typemap;
237 const struct xfrm_type *type;
238 int modload_attempted = 0;
239
240retry:
241 afinfo = xfrm_state_get_afinfo(family);
242 if (unlikely(afinfo == NULL))
243 return NULL;
244 typemap = afinfo->type_map;
245
246 type = typemap[proto];
247 if (unlikely(type && !try_module_get(type->owner)))
248 type = NULL;
249 if (!type && !modload_attempted) {
250 xfrm_state_put_afinfo(afinfo);
251 request_module("xfrm-type-%d-%d", family, proto);
252 modload_attempted = 1;
253 goto retry;
254 }
255
256 xfrm_state_put_afinfo(afinfo);
257 return type;
258}
259
260static void xfrm_put_type(const struct xfrm_type *type)
261{
262 module_put(type->owner);
263}
264
265int xfrm_register_mode(struct xfrm_mode *mode, int family)
266{
267 struct xfrm_state_afinfo *afinfo;
268 struct xfrm_mode **modemap;
269 int err;
270
271 if (unlikely(mode->encap >= XFRM_MODE_MAX))
272 return -EINVAL;
273
274 afinfo = xfrm_state_lock_afinfo(family);
275 if (unlikely(afinfo == NULL))
276 return -EAFNOSUPPORT;
277
278 err = -EEXIST;
279 modemap = afinfo->mode_map;
280 if (modemap[mode->encap])
281 goto out;
282
283 err = -ENOENT;
284 if (!try_module_get(afinfo->owner))
285 goto out;
286
287 mode->afinfo = afinfo;
288 modemap[mode->encap] = mode;
289 err = 0;
290
291out:
292 xfrm_state_unlock_afinfo(afinfo);
293 return err;
294}
295EXPORT_SYMBOL(xfrm_register_mode);
296
297int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
298{
299 struct xfrm_state_afinfo *afinfo;
300 struct xfrm_mode **modemap;
301 int err;
302
303 if (unlikely(mode->encap >= XFRM_MODE_MAX))
304 return -EINVAL;
305
306 afinfo = xfrm_state_lock_afinfo(family);
307 if (unlikely(afinfo == NULL))
308 return -EAFNOSUPPORT;
309
310 err = -ENOENT;
311 modemap = afinfo->mode_map;
312 if (likely(modemap[mode->encap] == mode)) {
313 modemap[mode->encap] = NULL;
314 module_put(mode->afinfo->owner);
315 err = 0;
316 }
317
318 xfrm_state_unlock_afinfo(afinfo);
319 return err;
320}
321EXPORT_SYMBOL(xfrm_unregister_mode);
322
323static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
324{
325 struct xfrm_state_afinfo *afinfo;
326 struct xfrm_mode *mode;
327 int modload_attempted = 0;
328
329 if (unlikely(encap >= XFRM_MODE_MAX))
330 return NULL;
331
332retry:
333 afinfo = xfrm_state_get_afinfo(family);
334 if (unlikely(afinfo == NULL))
335 return NULL;
336
337 mode = afinfo->mode_map[encap];
338 if (unlikely(mode && !try_module_get(mode->owner)))
339 mode = NULL;
340 if (!mode && !modload_attempted) {
341 xfrm_state_put_afinfo(afinfo);
342 request_module("xfrm-mode-%d-%d", family, encap);
343 modload_attempted = 1;
344 goto retry;
345 }
346
347 xfrm_state_put_afinfo(afinfo);
348 return mode;
349}
350
351static void xfrm_put_mode(struct xfrm_mode *mode)
352{
353 module_put(mode->owner);
354}
355
356static void xfrm_state_gc_destroy(struct xfrm_state *x)
357{
358 tasklet_hrtimer_cancel(&x->mtimer);
359 del_timer_sync(&x->rtimer);
360 kfree(x->aalg);
361 kfree(x->ealg);
362 kfree(x->calg);
363 kfree(x->encap);
364 kfree(x->coaddr);
365 if (x->inner_mode)
366 xfrm_put_mode(x->inner_mode);
367 if (x->inner_mode_iaf)
368 xfrm_put_mode(x->inner_mode_iaf);
369 if (x->outer_mode)
370 xfrm_put_mode(x->outer_mode);
371 if (x->type) {
372 x->type->destructor(x);
373 xfrm_put_type(x->type);
374 }
375 security_xfrm_state_free(x);
376 kfree(x);
377}
378
379static void xfrm_state_gc_task(struct work_struct *work)
380{
381 struct net *net = container_of(work, struct net, xfrm.state_gc_work);
382 struct xfrm_state *x;
383 struct hlist_node *entry, *tmp;
384 struct hlist_head gc_list;
385
386 spin_lock_bh(&xfrm_state_gc_lock);
387 hlist_move_list(&net->xfrm.state_gc_list, &gc_list);
388 spin_unlock_bh(&xfrm_state_gc_lock);
389
390 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
391 xfrm_state_gc_destroy(x);
392
393 wake_up(&net->xfrm.km_waitq);
394}
395
396static inline unsigned long make_jiffies(long secs)
397{
398 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
399 return MAX_SCHEDULE_TIMEOUT-1;
400 else
401 return secs*HZ;
402}
403
404static enum hrtimer_restart xfrm_timer_handler(struct hrtimer * me)
405{
406 struct tasklet_hrtimer *thr = container_of(me, struct tasklet_hrtimer, timer);
407 struct xfrm_state *x = container_of(thr, struct xfrm_state, mtimer);
408 struct net *net = xs_net(x);
409 unsigned long now = get_seconds();
410 long next = LONG_MAX;
411 int warn = 0;
412 int err = 0;
413
414 spin_lock(&x->lock);
415 if (x->km.state == XFRM_STATE_DEAD)
416 goto out;
417 if (x->km.state == XFRM_STATE_EXPIRED)
418 goto expired;
419 if (x->lft.hard_add_expires_seconds) {
420 long tmo = x->lft.hard_add_expires_seconds +
421 x->curlft.add_time - now;
422 if (tmo <= 0)
423 goto expired;
424 if (tmo < next)
425 next = tmo;
426 }
427 if (x->lft.hard_use_expires_seconds) {
428 long tmo = x->lft.hard_use_expires_seconds +
429 (x->curlft.use_time ? : now) - now;
430 if (tmo <= 0)
431 goto expired;
432 if (tmo < next)
433 next = tmo;
434 }
435 if (x->km.dying)
436 goto resched;
437 if (x->lft.soft_add_expires_seconds) {
438 long tmo = x->lft.soft_add_expires_seconds +
439 x->curlft.add_time - now;
440 if (tmo <= 0)
441 warn = 1;
442 else if (tmo < next)
443 next = tmo;
444 }
445 if (x->lft.soft_use_expires_seconds) {
446 long tmo = x->lft.soft_use_expires_seconds +
447 (x->curlft.use_time ? : now) - now;
448 if (tmo <= 0)
449 warn = 1;
450 else if (tmo < next)
451 next = tmo;
452 }
453
454 x->km.dying = warn;
455 if (warn)
456 km_state_expired(x, 0, 0);
457resched:
458 if (next != LONG_MAX){
459 tasklet_hrtimer_start(&x->mtimer, ktime_set(next, 0), HRTIMER_MODE_REL);
460 }
461
462 goto out;
463
464expired:
465 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
466 x->km.state = XFRM_STATE_EXPIRED;
467 wake_up(&net->xfrm.km_waitq);
468 next = 2;
469 goto resched;
470 }
471
472 err = __xfrm_state_delete(x);
473 if (!err && x->id.spi)
474 km_state_expired(x, 1, 0);
475
476 xfrm_audit_state_delete(x, err ? 0 : 1,
477 audit_get_loginuid(current),
478 audit_get_sessionid(current), 0);
479
480out:
481 spin_unlock(&x->lock);
482 return HRTIMER_NORESTART;
483}
484
485static void xfrm_replay_timer_handler(unsigned long data);
486
487struct xfrm_state *xfrm_state_alloc(struct net *net)
488{
489 struct xfrm_state *x;
490
491 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
492
493 if (x) {
494 write_pnet(&x->xs_net, net);
495 atomic_set(&x->refcnt, 1);
496 atomic_set(&x->tunnel_users, 0);
497 INIT_LIST_HEAD(&x->km.all);
498 INIT_HLIST_NODE(&x->bydst);
499 INIT_HLIST_NODE(&x->bysrc);
500 INIT_HLIST_NODE(&x->byspi);
501 tasklet_hrtimer_init(&x->mtimer, xfrm_timer_handler, CLOCK_REALTIME, HRTIMER_MODE_ABS);
502 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
503 (unsigned long)x);
504 x->curlft.add_time = get_seconds();
505 x->lft.soft_byte_limit = XFRM_INF;
506 x->lft.soft_packet_limit = XFRM_INF;
507 x->lft.hard_byte_limit = XFRM_INF;
508 x->lft.hard_packet_limit = XFRM_INF;
509 x->replay_maxage = 0;
510 x->replay_maxdiff = 0;
511 x->inner_mode = NULL;
512 x->inner_mode_iaf = NULL;
513 spin_lock_init(&x->lock);
514 }
515 return x;
516}
517EXPORT_SYMBOL(xfrm_state_alloc);
518
519void __xfrm_state_destroy(struct xfrm_state *x)
520{
521 struct net *net = xs_net(x);
522
523 WARN_ON(x->km.state != XFRM_STATE_DEAD);
524
525 spin_lock_bh(&xfrm_state_gc_lock);
526 hlist_add_head(&x->gclist, &net->xfrm.state_gc_list);
527 spin_unlock_bh(&xfrm_state_gc_lock);
528 schedule_work(&net->xfrm.state_gc_work);
529}
530EXPORT_SYMBOL(__xfrm_state_destroy);
531
532int __xfrm_state_delete(struct xfrm_state *x)
533{
534 struct net *net = xs_net(x);
535 int err = -ESRCH;
536
537 if (x->km.state != XFRM_STATE_DEAD) {
538 x->km.state = XFRM_STATE_DEAD;
539 spin_lock(&xfrm_state_lock);
540 list_del(&x->km.all);
541 hlist_del(&x->bydst);
542 hlist_del(&x->bysrc);
543 if (x->id.spi)
544 hlist_del(&x->byspi);
545 net->xfrm.state_num--;
546 spin_unlock(&xfrm_state_lock);
547
548
549
550
551
552 xfrm_state_put(x);
553 err = 0;
554 }
555
556 return err;
557}
558EXPORT_SYMBOL(__xfrm_state_delete);
559
560int xfrm_state_delete(struct xfrm_state *x)
561{
562 int err;
563
564 spin_lock_bh(&x->lock);
565 err = __xfrm_state_delete(x);
566 spin_unlock_bh(&x->lock);
567
568 return err;
569}
570EXPORT_SYMBOL(xfrm_state_delete);
571
572#ifdef CONFIG_SECURITY_NETWORK_XFRM
573static inline int
574xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info)
575{
576 int i, err = 0;
577
578 for (i = 0; i <= net->xfrm.state_hmask; i++) {
579 struct hlist_node *entry;
580 struct xfrm_state *x;
581
582 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) {
583 if (xfrm_id_proto_match(x->id.proto, proto) &&
584 (err = security_xfrm_state_delete(x)) != 0) {
585 xfrm_audit_state_delete(x, 0,
586 audit_info->loginuid,
587 audit_info->sessionid,
588 audit_info->secid);
589 return err;
590 }
591 }
592 }
593
594 return err;
595}
596#else
597static inline int
598xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info)
599{
600 return 0;
601}
602#endif
603
604int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info)
605{
606 int i, err = 0, cnt = 0;
607
608 spin_lock_bh(&xfrm_state_lock);
609 err = xfrm_state_flush_secctx_check(net, proto, audit_info);
610 if (err)
611 goto out;
612
613 err = -ESRCH;
614 for (i = 0; i <= net->xfrm.state_hmask; i++) {
615 struct hlist_node *entry;
616 struct xfrm_state *x;
617restart:
618 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) {
619 if (!xfrm_state_kern(x) &&
620 xfrm_id_proto_match(x->id.proto, proto)) {
621 xfrm_state_hold(x);
622 spin_unlock_bh(&xfrm_state_lock);
623
624 err = xfrm_state_delete(x);
625 xfrm_audit_state_delete(x, err ? 0 : 1,
626 audit_info->loginuid,
627 audit_info->sessionid,
628 audit_info->secid);
629 xfrm_state_put(x);
630 if (!err)
631 cnt++;
632
633 spin_lock_bh(&xfrm_state_lock);
634 goto restart;
635 }
636 }
637 }
638 if (cnt)
639 err = 0;
640
641out:
642 spin_unlock_bh(&xfrm_state_lock);
643 wake_up(&net->xfrm.km_waitq);
644 return err;
645}
646EXPORT_SYMBOL(xfrm_state_flush);
647
648void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si)
649{
650 spin_lock_bh(&xfrm_state_lock);
651 si->sadcnt = net->xfrm.state_num;
652 si->sadhcnt = net->xfrm.state_hmask;
653 si->sadhmcnt = xfrm_state_hashmax;
654 spin_unlock_bh(&xfrm_state_lock);
655}
656EXPORT_SYMBOL(xfrm_sad_getinfo);
657
658static int
659xfrm_init_tempstate(struct xfrm_state *x, struct flowi *fl,
660 struct xfrm_tmpl *tmpl,
661 xfrm_address_t *daddr, xfrm_address_t *saddr,
662 unsigned short family)
663{
664 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
665 if (!afinfo)
666 return -1;
667 afinfo->init_tempsel(&x->sel, fl);
668
669 if (family != tmpl->encap_family) {
670 xfrm_state_put_afinfo(afinfo);
671 afinfo = xfrm_state_get_afinfo(tmpl->encap_family);
672 if (!afinfo)
673 return -1;
674 }
675 afinfo->init_temprop(x, tmpl, daddr, saddr);
676 xfrm_state_put_afinfo(afinfo);
677 return 0;
678}
679
680static struct xfrm_state *__xfrm_state_lookup(struct net *net, u32 mark, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
681{
682 unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family);
683 struct xfrm_state *x;
684 struct hlist_node *entry;
685
686 hlist_for_each_entry(x, entry, net->xfrm.state_byspi+h, byspi) {
687 if (x->props.family != family ||
688 x->id.spi != spi ||
689 x->id.proto != proto ||
690 xfrm_addr_cmp(&x->id.daddr, daddr, family))
691 continue;
692
693 if ((mark & x->mark.m) != x->mark.v)
694 continue;
695 xfrm_state_hold(x);
696 return x;
697 }
698
699 return NULL;
700}
701
702static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, u32 mark, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
703{
704 unsigned int h = xfrm_src_hash(net, daddr, saddr, family);
705 struct xfrm_state *x;
706 struct hlist_node *entry;
707
708 hlist_for_each_entry(x, entry, net->xfrm.state_bysrc+h, bysrc) {
709 if (x->props.family != family ||
710 x->id.proto != proto ||
711 xfrm_addr_cmp(&x->id.daddr, daddr, family) ||
712 xfrm_addr_cmp(&x->props.saddr, saddr, family))
713 continue;
714
715 if ((mark & x->mark.m) != x->mark.v)
716 continue;
717 xfrm_state_hold(x);
718 return x;
719 }
720
721 return NULL;
722}
723
724static inline struct xfrm_state *
725__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
726{
727 struct net *net = xs_net(x);
728 u32 mark = x->mark.v & x->mark.m;
729
730 if (use_spi)
731 return __xfrm_state_lookup(net, mark, &x->id.daddr,
732 x->id.spi, x->id.proto, family);
733 else
734 return __xfrm_state_lookup_byaddr(net, mark,
735 &x->id.daddr,
736 &x->props.saddr,
737 x->id.proto, family);
738}
739
740static void xfrm_hash_grow_check(struct net *net, int have_hash_collision)
741{
742 if (have_hash_collision &&
743 (net->xfrm.state_hmask + 1) < xfrm_state_hashmax &&
744 net->xfrm.state_num > net->xfrm.state_hmask)
745 schedule_work(&net->xfrm.state_hash_work);
746}
747
748static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x,
749 struct flowi *fl, unsigned short family,
750 xfrm_address_t *daddr, xfrm_address_t *saddr,
751 struct xfrm_state **best, int *acq_in_progress,
752 int *error)
753{
754
755
756
757
758
759
760
761
762
763
764
765 if (x->km.state == XFRM_STATE_VALID) {
766 if ((x->sel.family &&
767 !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
768 !security_xfrm_state_pol_flow_match(x, pol, fl))
769 return;
770
771 if (!*best ||
772 (*best)->km.dying > x->km.dying ||
773 ((*best)->km.dying == x->km.dying &&
774 (*best)->curlft.add_time < x->curlft.add_time))
775 *best = x;
776 } else if (x->km.state == XFRM_STATE_ACQ) {
777 *acq_in_progress = 1;
778 } else if (x->km.state == XFRM_STATE_ERROR ||
779 x->km.state == XFRM_STATE_EXPIRED) {
780 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
781 security_xfrm_state_pol_flow_match(x, pol, fl))
782 *error = -ESRCH;
783 }
784}
785
786struct xfrm_state *
787xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
788 struct flowi *fl, struct xfrm_tmpl *tmpl,
789 struct xfrm_policy *pol, int *err,
790 unsigned short family)
791{
792 static xfrm_address_t saddr_wildcard = { };
793 struct net *net = xp_net(pol);
794 unsigned int h, h_wildcard;
795 struct hlist_node *entry;
796 struct xfrm_state *x, *x0, *to_put;
797 int acquire_in_progress = 0;
798 int error = 0;
799 struct xfrm_state *best = NULL;
800 u32 mark = pol->mark.v & pol->mark.m;
801 unsigned short encap_family = tmpl->encap_family;
802
803 to_put = NULL;
804
805 spin_lock_bh(&xfrm_state_lock);
806 h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, encap_family);
807 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
808 if (x->props.family == encap_family &&
809 x->props.reqid == tmpl->reqid &&
810 (mark & x->mark.m) == x->mark.v &&
811 !(x->props.flags & XFRM_STATE_WILDRECV) &&
812 xfrm_state_addr_check(x, daddr, saddr, encap_family) &&
813 tmpl->mode == x->props.mode &&
814 tmpl->id.proto == x->id.proto &&
815 (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
816 xfrm_state_look_at(pol, x, fl, encap_family, daddr, saddr,
817 &best, &acquire_in_progress, &error);
818 }
819 if (best)
820 goto found;
821
822 h_wildcard = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, encap_family);
823 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h_wildcard, bydst) {
824 if (x->props.family == encap_family &&
825 x->props.reqid == tmpl->reqid &&
826 (mark & x->mark.m) == x->mark.v &&
827 !(x->props.flags & XFRM_STATE_WILDRECV) &&
828 xfrm_state_addr_check(x, daddr, saddr, encap_family) &&
829 tmpl->mode == x->props.mode &&
830 tmpl->id.proto == x->id.proto &&
831 (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
832 xfrm_state_look_at(pol, x, fl, encap_family, daddr, saddr,
833 &best, &acquire_in_progress, &error);
834 }
835
836found:
837 x = best;
838 if (!x && !error && !acquire_in_progress) {
839 if (tmpl->id.spi &&
840 (x0 = __xfrm_state_lookup(net, mark, daddr, tmpl->id.spi,
841 tmpl->id.proto, encap_family)) != NULL) {
842 to_put = x0;
843 error = -EEXIST;
844 goto out;
845 }
846 x = xfrm_state_alloc(net);
847 if (x == NULL) {
848 error = -ENOMEM;
849 goto out;
850 }
851
852
853 xfrm_init_tempstate(x, fl, tmpl, daddr, saddr, family);
854 memcpy(&x->mark, &pol->mark, sizeof(x->mark));
855
856 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
857 if (error) {
858 x->km.state = XFRM_STATE_DEAD;
859 to_put = x;
860 x = NULL;
861 goto out;
862 }
863
864 if (km_query(x, tmpl, pol) == 0) {
865 x->km.state = XFRM_STATE_ACQ;
866 list_add(&x->km.all, &net->xfrm.state_all);
867 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
868 h = xfrm_src_hash(net, daddr, saddr, encap_family);
869 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
870 if (x->id.spi) {
871 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, encap_family);
872 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
873 }
874 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
875 tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL);
876 net->xfrm.state_num++;
877 xfrm_hash_grow_check(net, x->bydst.next != NULL);
878 } else {
879 x->km.state = XFRM_STATE_DEAD;
880 to_put = x;
881 x = NULL;
882 error = -ESRCH;
883 }
884 }
885out:
886 if (x)
887 xfrm_state_hold(x);
888 else
889 *err = acquire_in_progress ? -EAGAIN : error;
890 spin_unlock_bh(&xfrm_state_lock);
891 if (to_put)
892 xfrm_state_put(to_put);
893 return x;
894}
895
896struct xfrm_state *
897xfrm_stateonly_find(struct net *net, u32 mark,
898 xfrm_address_t *daddr, xfrm_address_t *saddr,
899 unsigned short family, u8 mode, u8 proto, u32 reqid)
900{
901 unsigned int h;
902 struct xfrm_state *rx = NULL, *x = NULL;
903 struct hlist_node *entry;
904
905 spin_lock(&xfrm_state_lock);
906 h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
907 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
908 if (x->props.family == family &&
909 x->props.reqid == reqid &&
910 (mark & x->mark.m) == x->mark.v &&
911 !(x->props.flags & XFRM_STATE_WILDRECV) &&
912 xfrm_state_addr_check(x, daddr, saddr, family) &&
913 mode == x->props.mode &&
914 proto == x->id.proto &&
915 x->km.state == XFRM_STATE_VALID) {
916 rx = x;
917 break;
918 }
919 }
920
921 if (rx)
922 xfrm_state_hold(rx);
923 spin_unlock(&xfrm_state_lock);
924
925
926 return rx;
927}
928EXPORT_SYMBOL(xfrm_stateonly_find);
929
930static void __xfrm_state_insert(struct xfrm_state *x)
931{
932 struct net *net = xs_net(x);
933 unsigned int h;
934
935 list_add(&x->km.all, &net->xfrm.state_all);
936
937 h = xfrm_dst_hash(net, &x->id.daddr, &x->props.saddr,
938 x->props.reqid, x->props.family);
939 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
940
941 h = xfrm_src_hash(net, &x->id.daddr, &x->props.saddr, x->props.family);
942 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
943
944 if (x->id.spi) {
945 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto,
946 x->props.family);
947
948 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
949 }
950
951 tasklet_hrtimer_start(&x->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL);
952 if (x->replay_maxage)
953 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
954
955 wake_up(&net->xfrm.km_waitq);
956
957 net->xfrm.state_num++;
958
959 xfrm_hash_grow_check(net, x->bydst.next != NULL);
960}
961
962
963static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
964{
965 struct net *net = xs_net(xnew);
966 unsigned short family = xnew->props.family;
967 u32 reqid = xnew->props.reqid;
968 struct xfrm_state *x;
969 struct hlist_node *entry;
970 unsigned int h;
971 u32 mark = xnew->mark.v & xnew->mark.m;
972
973 h = xfrm_dst_hash(net, &xnew->id.daddr, &xnew->props.saddr, reqid, family);
974 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
975 if (x->props.family == family &&
976 x->props.reqid == reqid &&
977 (mark & x->mark.m) == x->mark.v &&
978 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
979 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
980 x->genid++;
981 }
982}
983
984void xfrm_state_insert(struct xfrm_state *x)
985{
986 spin_lock_bh(&xfrm_state_lock);
987 __xfrm_state_bump_genids(x);
988 __xfrm_state_insert(x);
989 spin_unlock_bh(&xfrm_state_lock);
990}
991EXPORT_SYMBOL(xfrm_state_insert);
992
993
994static struct xfrm_state *__find_acq_core(struct net *net, struct xfrm_mark *m, unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
995{
996 unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
997 struct hlist_node *entry;
998 struct xfrm_state *x;
999 u32 mark = m->v & m->m;
1000
1001 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
1002 if (x->props.reqid != reqid ||
1003 x->props.mode != mode ||
1004 x->props.family != family ||
1005 x->km.state != XFRM_STATE_ACQ ||
1006 x->id.spi != 0 ||
1007 x->id.proto != proto ||
1008 (mark & x->mark.m) != x->mark.v ||
1009 xfrm_addr_cmp(&x->id.daddr, daddr, family) ||
1010 xfrm_addr_cmp(&x->props.saddr, saddr, family))
1011 continue;
1012
1013 xfrm_state_hold(x);
1014 return x;
1015 }
1016
1017 if (!create)
1018 return NULL;
1019
1020 x = xfrm_state_alloc(net);
1021 if (likely(x)) {
1022 switch (family) {
1023 case AF_INET:
1024 x->sel.daddr.a4 = daddr->a4;
1025 x->sel.saddr.a4 = saddr->a4;
1026 x->sel.prefixlen_d = 32;
1027 x->sel.prefixlen_s = 32;
1028 x->props.saddr.a4 = saddr->a4;
1029 x->id.daddr.a4 = daddr->a4;
1030 break;
1031
1032 case AF_INET6:
1033 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1034 (struct in6_addr *)daddr);
1035 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1036 (struct in6_addr *)saddr);
1037 x->sel.prefixlen_d = 128;
1038 x->sel.prefixlen_s = 128;
1039 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1040 (struct in6_addr *)saddr);
1041 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1042 (struct in6_addr *)daddr);
1043 break;
1044 }
1045
1046 x->km.state = XFRM_STATE_ACQ;
1047 x->id.proto = proto;
1048 x->props.family = family;
1049 x->props.mode = mode;
1050 x->props.reqid = reqid;
1051 x->mark.v = m->v;
1052 x->mark.m = m->m;
1053 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
1054 xfrm_state_hold(x);
1055 tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL);
1056 list_add(&x->km.all, &net->xfrm.state_all);
1057 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
1058 h = xfrm_src_hash(net, daddr, saddr, family);
1059 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
1060
1061 net->xfrm.state_num++;
1062
1063 xfrm_hash_grow_check(net, x->bydst.next != NULL);
1064 }
1065
1066 return x;
1067}
1068
1069static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq);
1070
1071int xfrm_state_add(struct xfrm_state *x)
1072{
1073 struct net *net = xs_net(x);
1074 struct xfrm_state *x1, *to_put;
1075 int family;
1076 int err;
1077 u32 mark = x->mark.v & x->mark.m;
1078 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1079
1080 family = x->props.family;
1081
1082 to_put = NULL;
1083
1084 spin_lock_bh(&xfrm_state_lock);
1085
1086 x1 = __xfrm_state_locate(x, use_spi, family);
1087 if (x1) {
1088 to_put = x1;
1089 x1 = NULL;
1090 err = -EEXIST;
1091 goto out;
1092 }
1093
1094 if (use_spi && x->km.seq) {
1095 x1 = __xfrm_find_acq_byseq(net, mark, x->km.seq);
1096 if (x1 && ((x1->id.proto != x->id.proto) ||
1097 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1098 to_put = x1;
1099 x1 = NULL;
1100 }
1101 }
1102
1103 if (use_spi && !x1)
1104 x1 = __find_acq_core(net, &x->mark, family, x->props.mode,
1105 x->props.reqid, x->id.proto,
1106 &x->id.daddr, &x->props.saddr, 0);
1107
1108 __xfrm_state_bump_genids(x);
1109 __xfrm_state_insert(x);
1110 err = 0;
1111
1112out:
1113 spin_unlock_bh(&xfrm_state_lock);
1114
1115 if (x1) {
1116 xfrm_state_delete(x1);
1117 xfrm_state_put(x1);
1118 }
1119
1120 if (to_put)
1121 xfrm_state_put(to_put);
1122
1123 return err;
1124}
1125EXPORT_SYMBOL(xfrm_state_add);
1126
1127#ifdef CONFIG_XFRM_MIGRATE
1128static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1129{
1130 struct net *net = xs_net(orig);
1131 int err = -ENOMEM;
1132 struct xfrm_state *x = xfrm_state_alloc(net);
1133 if (!x)
1134 goto out;
1135
1136 memcpy(&x->id, &orig->id, sizeof(x->id));
1137 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1138 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1139 x->props.mode = orig->props.mode;
1140 x->props.replay_window = orig->props.replay_window;
1141 x->props.reqid = orig->props.reqid;
1142 x->props.family = orig->props.family;
1143 x->props.saddr = orig->props.saddr;
1144
1145 if (orig->aalg) {
1146 x->aalg = xfrm_algo_auth_clone(orig->aalg);
1147 if (!x->aalg)
1148 goto error;
1149 }
1150 x->props.aalgo = orig->props.aalgo;
1151
1152 if (orig->ealg) {
1153 x->ealg = xfrm_algo_clone(orig->ealg);
1154 if (!x->ealg)
1155 goto error;
1156 }
1157 x->props.ealgo = orig->props.ealgo;
1158
1159 if (orig->calg) {
1160 x->calg = xfrm_algo_clone(orig->calg);
1161 if (!x->calg)
1162 goto error;
1163 }
1164 x->props.calgo = orig->props.calgo;
1165
1166 if (orig->encap) {
1167 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1168 if (!x->encap)
1169 goto error;
1170 }
1171
1172 if (orig->coaddr) {
1173 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1174 GFP_KERNEL);
1175 if (!x->coaddr)
1176 goto error;
1177 }
1178
1179 memcpy(&x->mark, &orig->mark, sizeof(x->mark));
1180
1181 err = xfrm_init_state(x);
1182 if (err)
1183 goto error;
1184
1185 x->props.flags = orig->props.flags;
1186
1187 x->curlft.add_time = orig->curlft.add_time;
1188 x->km.state = orig->km.state;
1189 x->km.seq = orig->km.seq;
1190
1191 return x;
1192
1193 error:
1194 xfrm_state_put(x);
1195out:
1196 if (errp)
1197 *errp = err;
1198 return NULL;
1199}
1200
1201
1202struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1203{
1204 unsigned int h;
1205 struct xfrm_state *x;
1206 struct hlist_node *entry;
1207
1208 if (m->reqid) {
1209 h = xfrm_dst_hash(&init_net, &m->old_daddr, &m->old_saddr,
1210 m->reqid, m->old_family);
1211 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
1212 if (x->props.mode != m->mode ||
1213 x->id.proto != m->proto)
1214 continue;
1215 if (m->reqid && x->props.reqid != m->reqid)
1216 continue;
1217 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1218 m->old_family) ||
1219 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1220 m->old_family))
1221 continue;
1222 xfrm_state_hold(x);
1223 return x;
1224 }
1225 } else {
1226 h = xfrm_src_hash(&init_net, &m->old_daddr, &m->old_saddr,
1227 m->old_family);
1228 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
1229 if (x->props.mode != m->mode ||
1230 x->id.proto != m->proto)
1231 continue;
1232 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1233 m->old_family) ||
1234 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1235 m->old_family))
1236 continue;
1237 xfrm_state_hold(x);
1238 return x;
1239 }
1240 }
1241
1242 return NULL;
1243}
1244EXPORT_SYMBOL(xfrm_migrate_state_find);
1245
1246struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1247 struct xfrm_migrate *m)
1248{
1249 struct xfrm_state *xc;
1250 int err;
1251
1252 xc = xfrm_state_clone(x, &err);
1253 if (!xc)
1254 return NULL;
1255
1256 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1257 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1258
1259
1260 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1261
1262
1263 xfrm_state_insert(xc);
1264 } else {
1265 if ((err = xfrm_state_add(xc)) < 0)
1266 goto error;
1267 }
1268
1269 return xc;
1270error:
1271 xfrm_state_put(xc);
1272 return NULL;
1273}
1274EXPORT_SYMBOL(xfrm_state_migrate);
1275#endif
1276
1277int xfrm_state_update(struct xfrm_state *x)
1278{
1279 struct xfrm_state *x1, *to_put;
1280 int err;
1281 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1282
1283 to_put = NULL;
1284
1285 spin_lock_bh(&xfrm_state_lock);
1286 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1287
1288 err = -ESRCH;
1289 if (!x1)
1290 goto out;
1291
1292 if (xfrm_state_kern(x1)) {
1293 to_put = x1;
1294 err = -EEXIST;
1295 goto out;
1296 }
1297
1298 if (x1->km.state == XFRM_STATE_ACQ) {
1299 __xfrm_state_insert(x);
1300 x = NULL;
1301 }
1302 err = 0;
1303
1304out:
1305 spin_unlock_bh(&xfrm_state_lock);
1306
1307 if (to_put)
1308 xfrm_state_put(to_put);
1309
1310 if (err)
1311 return err;
1312
1313 if (!x) {
1314 xfrm_state_delete(x1);
1315 xfrm_state_put(x1);
1316 return 0;
1317 }
1318
1319 err = -EINVAL;
1320 spin_lock_bh(&x1->lock);
1321 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1322 if (x->encap && x1->encap)
1323 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1324 if (x->coaddr && x1->coaddr) {
1325 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1326 }
1327 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1328 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1329 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1330 x1->km.dying = 0;
1331
1332 tasklet_hrtimer_start(&x1->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL);
1333 if (x1->curlft.use_time)
1334 xfrm_state_check_expire(x1);
1335
1336 err = 0;
1337 }
1338 spin_unlock_bh(&x1->lock);
1339
1340 xfrm_state_put(x1);
1341
1342 return err;
1343}
1344EXPORT_SYMBOL(xfrm_state_update);
1345
1346int xfrm_state_check_expire(struct xfrm_state *x)
1347{
1348 if (!x->curlft.use_time)
1349 x->curlft.use_time = get_seconds();
1350
1351 if (x->km.state != XFRM_STATE_VALID)
1352 return -EINVAL;
1353
1354 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1355 x->curlft.packets >= x->lft.hard_packet_limit) {
1356 x->km.state = XFRM_STATE_EXPIRED;
1357 tasklet_hrtimer_start(&x->mtimer, ktime_set(0,0), HRTIMER_MODE_REL);
1358 return -EINVAL;
1359 }
1360
1361 if (!x->km.dying &&
1362 (x->curlft.bytes >= x->lft.soft_byte_limit ||
1363 x->curlft.packets >= x->lft.soft_packet_limit)) {
1364 x->km.dying = 1;
1365 km_state_expired(x, 0, 0);
1366 }
1367 return 0;
1368}
1369EXPORT_SYMBOL(xfrm_state_check_expire);
1370
1371struct xfrm_state *
1372xfrm_state_lookup(struct net *net, u32 mark, xfrm_address_t *daddr, __be32 spi,
1373 u8 proto, unsigned short family)
1374{
1375 struct xfrm_state *x;
1376
1377 spin_lock_bh(&xfrm_state_lock);
1378 x = __xfrm_state_lookup(net, mark, daddr, spi, proto, family);
1379 spin_unlock_bh(&xfrm_state_lock);
1380 return x;
1381}
1382EXPORT_SYMBOL(xfrm_state_lookup);
1383
1384struct xfrm_state *
1385xfrm_state_lookup_byaddr(struct net *net, u32 mark,
1386 xfrm_address_t *daddr, xfrm_address_t *saddr,
1387 u8 proto, unsigned short family)
1388{
1389 struct xfrm_state *x;
1390
1391 spin_lock_bh(&xfrm_state_lock);
1392 x = __xfrm_state_lookup_byaddr(net, mark, daddr, saddr, proto, family);
1393 spin_unlock_bh(&xfrm_state_lock);
1394 return x;
1395}
1396EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1397
1398struct xfrm_state *
1399xfrm_find_acq(struct net *net, struct xfrm_mark *mark, u8 mode, u32 reqid, u8 proto,
1400 xfrm_address_t *daddr, xfrm_address_t *saddr,
1401 int create, unsigned short family)
1402{
1403 struct xfrm_state *x;
1404
1405 spin_lock_bh(&xfrm_state_lock);
1406 x = __find_acq_core(net, mark, family, mode, reqid, proto, daddr, saddr, create);
1407 spin_unlock_bh(&xfrm_state_lock);
1408
1409 return x;
1410}
1411EXPORT_SYMBOL(xfrm_find_acq);
1412
1413#ifdef CONFIG_XFRM_SUB_POLICY
1414int
1415xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1416 unsigned short family)
1417{
1418 int err = 0;
1419 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1420 if (!afinfo)
1421 return -EAFNOSUPPORT;
1422
1423 spin_lock_bh(&xfrm_state_lock);
1424 if (afinfo->tmpl_sort)
1425 err = afinfo->tmpl_sort(dst, src, n);
1426 spin_unlock_bh(&xfrm_state_lock);
1427 xfrm_state_put_afinfo(afinfo);
1428 return err;
1429}
1430EXPORT_SYMBOL(xfrm_tmpl_sort);
1431
1432int
1433xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1434 unsigned short family)
1435{
1436 int err = 0;
1437 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1438 if (!afinfo)
1439 return -EAFNOSUPPORT;
1440
1441 spin_lock_bh(&xfrm_state_lock);
1442 if (afinfo->state_sort)
1443 err = afinfo->state_sort(dst, src, n);
1444 spin_unlock_bh(&xfrm_state_lock);
1445 xfrm_state_put_afinfo(afinfo);
1446 return err;
1447}
1448EXPORT_SYMBOL(xfrm_state_sort);
1449#endif
1450
1451
1452
1453static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq)
1454{
1455 int i;
1456
1457 for (i = 0; i <= net->xfrm.state_hmask; i++) {
1458 struct hlist_node *entry;
1459 struct xfrm_state *x;
1460
1461 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) {
1462 if (x->km.seq == seq &&
1463 (mark & x->mark.m) == x->mark.v &&
1464 x->km.state == XFRM_STATE_ACQ) {
1465 xfrm_state_hold(x);
1466 return x;
1467 }
1468 }
1469 }
1470 return NULL;
1471}
1472
1473struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq)
1474{
1475 struct xfrm_state *x;
1476
1477 spin_lock_bh(&xfrm_state_lock);
1478 x = __xfrm_find_acq_byseq(net, mark, seq);
1479 spin_unlock_bh(&xfrm_state_lock);
1480 return x;
1481}
1482EXPORT_SYMBOL(xfrm_find_acq_byseq);
1483
1484u32 xfrm_get_acqseq(void)
1485{
1486 u32 res;
1487 static atomic_t acqseq;
1488
1489 do {
1490 res = atomic_inc_return(&acqseq);
1491 } while (!res);
1492
1493 return res;
1494}
1495EXPORT_SYMBOL(xfrm_get_acqseq);
1496
1497int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1498{
1499 struct net *net = xs_net(x);
1500 unsigned int h;
1501 struct xfrm_state *x0;
1502 int err = -ENOENT;
1503 __be32 minspi = htonl(low);
1504 __be32 maxspi = htonl(high);
1505 u32 mark = x->mark.v & x->mark.m;
1506
1507 spin_lock_bh(&x->lock);
1508 if (x->km.state == XFRM_STATE_DEAD)
1509 goto unlock;
1510
1511 err = 0;
1512 if (x->id.spi)
1513 goto unlock;
1514
1515 err = -ENOENT;
1516
1517 if (minspi == maxspi) {
1518 x0 = xfrm_state_lookup(net, mark, &x->id.daddr, minspi, x->id.proto, x->props.family);
1519 if (x0) {
1520 xfrm_state_put(x0);
1521 goto unlock;
1522 }
1523 x->id.spi = minspi;
1524 } else {
1525 u32 spi = 0;
1526 for (h=0; h<high-low+1; h++) {
1527 spi = low + net_random()%(high-low+1);
1528 x0 = xfrm_state_lookup(net, mark, &x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1529 if (x0 == NULL) {
1530 x->id.spi = htonl(spi);
1531 break;
1532 }
1533 xfrm_state_put(x0);
1534 }
1535 }
1536 if (x->id.spi) {
1537 spin_lock_bh(&xfrm_state_lock);
1538 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1539 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
1540 spin_unlock_bh(&xfrm_state_lock);
1541
1542 err = 0;
1543 }
1544
1545unlock:
1546 spin_unlock_bh(&x->lock);
1547
1548 return err;
1549}
1550EXPORT_SYMBOL(xfrm_alloc_spi);
1551
1552int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
1553 int (*func)(struct xfrm_state *, int, void*),
1554 void *data)
1555{
1556 struct xfrm_state *state;
1557 struct xfrm_state_walk *x;
1558 int err = 0;
1559
1560 if (walk->seq != 0 && list_empty(&walk->all))
1561 return 0;
1562
1563 spin_lock_bh(&xfrm_state_lock);
1564 if (list_empty(&walk->all))
1565 x = list_first_entry(&net->xfrm.state_all, struct xfrm_state_walk, all);
1566 else
1567 x = list_entry(&walk->all, struct xfrm_state_walk, all);
1568 list_for_each_entry_from(x, &net->xfrm.state_all, all) {
1569 if (x->state == XFRM_STATE_DEAD)
1570 continue;
1571 state = container_of(x, struct xfrm_state, km);
1572 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
1573 continue;
1574 err = func(state, walk->seq, data);
1575 if (err) {
1576 list_move_tail(&walk->all, &x->all);
1577 goto out;
1578 }
1579 walk->seq++;
1580 }
1581 if (walk->seq == 0) {
1582 err = -ENOENT;
1583 goto out;
1584 }
1585 list_del_init(&walk->all);
1586out:
1587 spin_unlock_bh(&xfrm_state_lock);
1588 return err;
1589}
1590EXPORT_SYMBOL(xfrm_state_walk);
1591
1592void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1593{
1594 INIT_LIST_HEAD(&walk->all);
1595 walk->proto = proto;
1596 walk->state = XFRM_STATE_DEAD;
1597 walk->seq = 0;
1598}
1599EXPORT_SYMBOL(xfrm_state_walk_init);
1600
1601void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1602{
1603 if (list_empty(&walk->all))
1604 return;
1605
1606 spin_lock_bh(&xfrm_state_lock);
1607 list_del(&walk->all);
1608 spin_unlock_bh(&xfrm_state_lock);
1609}
1610EXPORT_SYMBOL(xfrm_state_walk_done);
1611
1612
1613void xfrm_replay_notify(struct xfrm_state *x, int event)
1614{
1615 struct km_event c;
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626 switch (event) {
1627 case XFRM_REPLAY_UPDATE:
1628 if (x->replay_maxdiff &&
1629 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1630 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1631 if (x->xflags & XFRM_TIME_DEFER)
1632 event = XFRM_REPLAY_TIMEOUT;
1633 else
1634 return;
1635 }
1636
1637 break;
1638
1639 case XFRM_REPLAY_TIMEOUT:
1640 if ((x->replay.seq == x->preplay.seq) &&
1641 (x->replay.bitmap == x->preplay.bitmap) &&
1642 (x->replay.oseq == x->preplay.oseq)) {
1643 x->xflags |= XFRM_TIME_DEFER;
1644 return;
1645 }
1646
1647 break;
1648 }
1649
1650 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1651 c.event = XFRM_MSG_NEWAE;
1652 c.data.aevent = event;
1653 km_state_notify(x, &c);
1654
1655 if (x->replay_maxage &&
1656 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1657 x->xflags &= ~XFRM_TIME_DEFER;
1658}
1659
1660static void xfrm_replay_timer_handler(unsigned long data)
1661{
1662 struct xfrm_state *x = (struct xfrm_state*)data;
1663
1664 spin_lock(&x->lock);
1665
1666 if (x->km.state == XFRM_STATE_VALID) {
1667 if (xfrm_aevent_is_on(xs_net(x)))
1668 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1669 else
1670 x->xflags |= XFRM_TIME_DEFER;
1671 }
1672
1673 spin_unlock(&x->lock);
1674}
1675
1676int xfrm_replay_check(struct xfrm_state *x,
1677 struct sk_buff *skb, __be32 net_seq)
1678{
1679 u32 diff;
1680 u32 seq = ntohl(net_seq);
1681
1682 if (unlikely(seq == 0))
1683 goto err;
1684
1685 if (likely(seq > x->replay.seq))
1686 return 0;
1687
1688 diff = x->replay.seq - seq;
1689 if (diff >= min_t(unsigned int, x->props.replay_window,
1690 sizeof(x->replay.bitmap) * 8)) {
1691 x->stats.replay_window++;
1692 goto err;
1693 }
1694
1695 if (x->replay.bitmap & (1U << diff)) {
1696 x->stats.replay++;
1697 goto err;
1698 }
1699 return 0;
1700
1701err:
1702 xfrm_audit_state_replay(x, skb, net_seq);
1703 return -EINVAL;
1704}
1705
1706void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1707{
1708 u32 diff;
1709 u32 seq = ntohl(net_seq);
1710
1711 if (seq > x->replay.seq) {
1712 diff = seq - x->replay.seq;
1713 if (diff < x->props.replay_window)
1714 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1715 else
1716 x->replay.bitmap = 1;
1717 x->replay.seq = seq;
1718 } else {
1719 diff = x->replay.seq - seq;
1720 x->replay.bitmap |= (1U << diff);
1721 }
1722
1723 if (xfrm_aevent_is_on(xs_net(x)))
1724 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1725}
1726
1727static LIST_HEAD(xfrm_km_list);
1728static DEFINE_RWLOCK(xfrm_km_lock);
1729
1730void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1731{
1732 struct xfrm_mgr *km;
1733
1734 read_lock(&xfrm_km_lock);
1735 list_for_each_entry(km, &xfrm_km_list, list)
1736 if (km->notify_policy)
1737 km->notify_policy(xp, dir, c);
1738 read_unlock(&xfrm_km_lock);
1739}
1740
1741void km_state_notify(struct xfrm_state *x, struct km_event *c)
1742{
1743 struct xfrm_mgr *km;
1744 read_lock(&xfrm_km_lock);
1745 list_for_each_entry(km, &xfrm_km_list, list)
1746 if (km->notify)
1747 km->notify(x, c);
1748 read_unlock(&xfrm_km_lock);
1749}
1750
1751EXPORT_SYMBOL(km_policy_notify);
1752EXPORT_SYMBOL(km_state_notify);
1753
1754void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1755{
1756 struct net *net = xs_net(x);
1757 struct km_event c;
1758
1759 c.data.hard = hard;
1760 c.pid = pid;
1761 c.event = XFRM_MSG_EXPIRE;
1762 km_state_notify(x, &c);
1763
1764 if (hard)
1765 wake_up(&net->xfrm.km_waitq);
1766}
1767
1768EXPORT_SYMBOL(km_state_expired);
1769
1770
1771
1772
1773int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1774{
1775 int err = -EINVAL, acqret;
1776 struct xfrm_mgr *km;
1777
1778 read_lock(&xfrm_km_lock);
1779 list_for_each_entry(km, &xfrm_km_list, list) {
1780 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1781 if (!acqret)
1782 err = acqret;
1783 }
1784 read_unlock(&xfrm_km_lock);
1785 return err;
1786}
1787EXPORT_SYMBOL(km_query);
1788
1789int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1790{
1791 int err = -EINVAL;
1792 struct xfrm_mgr *km;
1793
1794 read_lock(&xfrm_km_lock);
1795 list_for_each_entry(km, &xfrm_km_list, list) {
1796 if (km->new_mapping)
1797 err = km->new_mapping(x, ipaddr, sport);
1798 if (!err)
1799 break;
1800 }
1801 read_unlock(&xfrm_km_lock);
1802 return err;
1803}
1804EXPORT_SYMBOL(km_new_mapping);
1805
1806void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1807{
1808 struct net *net = xp_net(pol);
1809 struct km_event c;
1810
1811 c.data.hard = hard;
1812 c.pid = pid;
1813 c.event = XFRM_MSG_POLEXPIRE;
1814 km_policy_notify(pol, dir, &c);
1815
1816 if (hard)
1817 wake_up(&net->xfrm.km_waitq);
1818}
1819EXPORT_SYMBOL(km_policy_expired);
1820
1821#ifdef CONFIG_XFRM_MIGRATE
1822int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1823 struct xfrm_migrate *m, int num_migrate,
1824 struct xfrm_kmaddress *k)
1825{
1826 int err = -EINVAL;
1827 int ret;
1828 struct xfrm_mgr *km;
1829
1830 read_lock(&xfrm_km_lock);
1831 list_for_each_entry(km, &xfrm_km_list, list) {
1832 if (km->migrate) {
1833 ret = km->migrate(sel, dir, type, m, num_migrate, k);
1834 if (!ret)
1835 err = ret;
1836 }
1837 }
1838 read_unlock(&xfrm_km_lock);
1839 return err;
1840}
1841EXPORT_SYMBOL(km_migrate);
1842#endif
1843
1844int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1845{
1846 int err = -EINVAL;
1847 int ret;
1848 struct xfrm_mgr *km;
1849
1850 read_lock(&xfrm_km_lock);
1851 list_for_each_entry(km, &xfrm_km_list, list) {
1852 if (km->report) {
1853 ret = km->report(net, proto, sel, addr);
1854 if (!ret)
1855 err = ret;
1856 }
1857 }
1858 read_unlock(&xfrm_km_lock);
1859 return err;
1860}
1861EXPORT_SYMBOL(km_report);
1862
1863int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1864{
1865 int err;
1866 u8 *data;
1867 struct xfrm_mgr *km;
1868 struct xfrm_policy *pol = NULL;
1869
1870 if (optlen <= 0 || optlen > PAGE_SIZE)
1871 return -EMSGSIZE;
1872
1873 data = kmalloc(optlen, GFP_KERNEL);
1874 if (!data)
1875 return -ENOMEM;
1876
1877 err = -EFAULT;
1878 if (copy_from_user(data, optval, optlen))
1879 goto out;
1880
1881 err = -EINVAL;
1882 read_lock(&xfrm_km_lock);
1883 list_for_each_entry(km, &xfrm_km_list, list) {
1884 pol = km->compile_policy(sk, optname, data,
1885 optlen, &err);
1886 if (err >= 0)
1887 break;
1888 }
1889 read_unlock(&xfrm_km_lock);
1890
1891 if (err >= 0) {
1892 xfrm_sk_policy_insert(sk, err, pol);
1893 xfrm_pol_put(pol);
1894 err = 0;
1895 }
1896
1897out:
1898 kfree(data);
1899 return err;
1900}
1901EXPORT_SYMBOL(xfrm_user_policy);
1902
1903int xfrm_register_km(struct xfrm_mgr *km)
1904{
1905 write_lock_bh(&xfrm_km_lock);
1906 list_add_tail(&km->list, &xfrm_km_list);
1907 write_unlock_bh(&xfrm_km_lock);
1908 return 0;
1909}
1910EXPORT_SYMBOL(xfrm_register_km);
1911
1912int xfrm_unregister_km(struct xfrm_mgr *km)
1913{
1914 write_lock_bh(&xfrm_km_lock);
1915 list_del(&km->list);
1916 write_unlock_bh(&xfrm_km_lock);
1917 return 0;
1918}
1919EXPORT_SYMBOL(xfrm_unregister_km);
1920
1921int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1922{
1923 int err = 0;
1924 if (unlikely(afinfo == NULL))
1925 return -EINVAL;
1926 if (unlikely(afinfo->family >= NPROTO))
1927 return -EAFNOSUPPORT;
1928 write_lock_bh(&xfrm_state_afinfo_lock);
1929 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1930 err = -ENOBUFS;
1931 else
1932 xfrm_state_afinfo[afinfo->family] = afinfo;
1933 write_unlock_bh(&xfrm_state_afinfo_lock);
1934 return err;
1935}
1936EXPORT_SYMBOL(xfrm_state_register_afinfo);
1937
1938int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1939{
1940 int err = 0;
1941 if (unlikely(afinfo == NULL))
1942 return -EINVAL;
1943 if (unlikely(afinfo->family >= NPROTO))
1944 return -EAFNOSUPPORT;
1945 write_lock_bh(&xfrm_state_afinfo_lock);
1946 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1947 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1948 err = -EINVAL;
1949 else
1950 xfrm_state_afinfo[afinfo->family] = NULL;
1951 }
1952 write_unlock_bh(&xfrm_state_afinfo_lock);
1953 return err;
1954}
1955EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1956
1957static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1958{
1959 struct xfrm_state_afinfo *afinfo;
1960 if (unlikely(family >= NPROTO))
1961 return NULL;
1962 read_lock(&xfrm_state_afinfo_lock);
1963 afinfo = xfrm_state_afinfo[family];
1964 if (unlikely(!afinfo))
1965 read_unlock(&xfrm_state_afinfo_lock);
1966 return afinfo;
1967}
1968
1969static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1970 __releases(xfrm_state_afinfo_lock)
1971{
1972 read_unlock(&xfrm_state_afinfo_lock);
1973}
1974
1975
1976void xfrm_state_delete_tunnel(struct xfrm_state *x)
1977{
1978 if (x->tunnel) {
1979 struct xfrm_state *t = x->tunnel;
1980
1981 if (atomic_read(&t->tunnel_users) == 2)
1982 xfrm_state_delete(t);
1983 atomic_dec(&t->tunnel_users);
1984 xfrm_state_put(t);
1985 x->tunnel = NULL;
1986 }
1987}
1988EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1989
1990int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1991{
1992 int res;
1993
1994 spin_lock_bh(&x->lock);
1995 if (x->km.state == XFRM_STATE_VALID &&
1996 x->type && x->type->get_mtu)
1997 res = x->type->get_mtu(x, mtu);
1998 else
1999 res = mtu - x->props.header_len;
2000 spin_unlock_bh(&x->lock);
2001 return res;
2002}
2003
2004int xfrm_init_state(struct xfrm_state *x)
2005{
2006 struct xfrm_state_afinfo *afinfo;
2007 struct xfrm_mode *inner_mode;
2008 int family = x->props.family;
2009 int err;
2010
2011 err = -EAFNOSUPPORT;
2012 afinfo = xfrm_state_get_afinfo(family);
2013 if (!afinfo)
2014 goto error;
2015
2016 err = 0;
2017 if (afinfo->init_flags)
2018 err = afinfo->init_flags(x);
2019
2020 xfrm_state_put_afinfo(afinfo);
2021
2022 if (err)
2023 goto error;
2024
2025 err = -EPROTONOSUPPORT;
2026
2027 if (x->sel.family != AF_UNSPEC) {
2028 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2029 if (inner_mode == NULL)
2030 goto error;
2031
2032 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2033 family != x->sel.family) {
2034 xfrm_put_mode(inner_mode);
2035 goto error;
2036 }
2037
2038 x->inner_mode = inner_mode;
2039 } else {
2040 struct xfrm_mode *inner_mode_iaf;
2041 int iafamily = AF_INET;
2042
2043 inner_mode = xfrm_get_mode(x->props.mode, x->props.family);
2044 if (inner_mode == NULL)
2045 goto error;
2046
2047 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2048 xfrm_put_mode(inner_mode);
2049 goto error;
2050 }
2051 x->inner_mode = inner_mode;
2052
2053 if (x->props.family == AF_INET)
2054 iafamily = AF_INET6;
2055
2056 inner_mode_iaf = xfrm_get_mode(x->props.mode, iafamily);
2057 if (inner_mode_iaf) {
2058 if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)
2059 x->inner_mode_iaf = inner_mode_iaf;
2060 else
2061 xfrm_put_mode(inner_mode_iaf);
2062 }
2063 }
2064
2065 x->type = xfrm_get_type(x->id.proto, family);
2066 if (x->type == NULL)
2067 goto error;
2068
2069 err = x->type->init_state(x);
2070 if (err)
2071 goto error;
2072
2073 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2074 if (x->outer_mode == NULL)
2075 goto error;
2076
2077 x->km.state = XFRM_STATE_VALID;
2078
2079error:
2080 return err;
2081}
2082
2083EXPORT_SYMBOL(xfrm_init_state);
2084
2085int __net_init xfrm_state_init(struct net *net)
2086{
2087 unsigned int sz;
2088
2089 INIT_LIST_HEAD(&net->xfrm.state_all);
2090
2091 sz = sizeof(struct hlist_head) * 8;
2092
2093 net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2094 if (!net->xfrm.state_bydst)
2095 goto out_bydst;
2096 net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2097 if (!net->xfrm.state_bysrc)
2098 goto out_bysrc;
2099 net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2100 if (!net->xfrm.state_byspi)
2101 goto out_byspi;
2102 net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2103
2104 net->xfrm.state_num = 0;
2105 INIT_WORK(&net->xfrm.state_hash_work, xfrm_hash_resize);
2106 INIT_HLIST_HEAD(&net->xfrm.state_gc_list);
2107 INIT_WORK(&net->xfrm.state_gc_work, xfrm_state_gc_task);
2108 init_waitqueue_head(&net->xfrm.km_waitq);
2109 return 0;
2110
2111out_byspi:
2112 xfrm_hash_free(net->xfrm.state_bysrc, sz);
2113out_bysrc:
2114 xfrm_hash_free(net->xfrm.state_bydst, sz);
2115out_bydst:
2116 return -ENOMEM;
2117}
2118
2119void xfrm_state_fini(struct net *net)
2120{
2121 struct xfrm_audit audit_info;
2122 unsigned int sz;
2123
2124 flush_work(&net->xfrm.state_hash_work);
2125 audit_info.loginuid = -1;
2126 audit_info.sessionid = -1;
2127 audit_info.secid = 0;
2128 xfrm_state_flush(net, IPSEC_PROTO_ANY, &audit_info);
2129 flush_work(&net->xfrm.state_gc_work);
2130
2131 WARN_ON(!list_empty(&net->xfrm.state_all));
2132
2133 sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
2134 WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2135 xfrm_hash_free(net->xfrm.state_byspi, sz);
2136 WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2137 xfrm_hash_free(net->xfrm.state_bysrc, sz);
2138 WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2139 xfrm_hash_free(net->xfrm.state_bydst, sz);
2140}
2141
2142#ifdef CONFIG_AUDITSYSCALL
2143static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2144 struct audit_buffer *audit_buf)
2145{
2146 struct xfrm_sec_ctx *ctx = x->security;
2147 u32 spi = ntohl(x->id.spi);
2148
2149 if (ctx)
2150 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2151 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2152
2153 switch(x->props.family) {
2154 case AF_INET:
2155 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2156 &x->props.saddr.a4, &x->id.daddr.a4);
2157 break;
2158 case AF_INET6:
2159 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
2160 x->props.saddr.a6, x->id.daddr.a6);
2161 break;
2162 }
2163
2164 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2165}
2166
2167static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2168 struct audit_buffer *audit_buf)
2169{
2170 struct iphdr *iph4;
2171 struct ipv6hdr *iph6;
2172
2173 switch (family) {
2174 case AF_INET:
2175 iph4 = ip_hdr(skb);
2176 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2177 &iph4->saddr, &iph4->daddr);
2178 break;
2179 case AF_INET6:
2180 iph6 = ipv6_hdr(skb);
2181 audit_log_format(audit_buf,
2182 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
2183 &iph6->saddr,&iph6->daddr,
2184 iph6->flow_lbl[0] & 0x0f,
2185 iph6->flow_lbl[1],
2186 iph6->flow_lbl[2]);
2187 break;
2188 }
2189}
2190
2191void xfrm_audit_state_add(struct xfrm_state *x, int result,
2192 uid_t auid, u32 sessionid, u32 secid)
2193{
2194 struct audit_buffer *audit_buf;
2195
2196 audit_buf = xfrm_audit_start("SAD-add");
2197 if (audit_buf == NULL)
2198 return;
2199 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2200 xfrm_audit_helper_sainfo(x, audit_buf);
2201 audit_log_format(audit_buf, " res=%u", result);
2202 audit_log_end(audit_buf);
2203}
2204EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2205
2206void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2207 uid_t auid, u32 sessionid, u32 secid)
2208{
2209 struct audit_buffer *audit_buf;
2210
2211 audit_buf = xfrm_audit_start("SAD-delete");
2212 if (audit_buf == NULL)
2213 return;
2214 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2215 xfrm_audit_helper_sainfo(x, audit_buf);
2216 audit_log_format(audit_buf, " res=%u", result);
2217 audit_log_end(audit_buf);
2218}
2219EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2220
2221void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2222 struct sk_buff *skb)
2223{
2224 struct audit_buffer *audit_buf;
2225 u32 spi;
2226
2227 audit_buf = xfrm_audit_start("SA-replay-overflow");
2228 if (audit_buf == NULL)
2229 return;
2230 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2231
2232
2233 spi = ntohl(x->id.spi);
2234 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2235 audit_log_end(audit_buf);
2236}
2237EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2238
2239static void xfrm_audit_state_replay(struct xfrm_state *x,
2240 struct sk_buff *skb, __be32 net_seq)
2241{
2242 struct audit_buffer *audit_buf;
2243 u32 spi;
2244
2245 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2246 if (audit_buf == NULL)
2247 return;
2248 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2249 spi = ntohl(x->id.spi);
2250 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2251 spi, spi, ntohl(net_seq));
2252 audit_log_end(audit_buf);
2253}
2254
2255void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2256{
2257 struct audit_buffer *audit_buf;
2258
2259 audit_buf = xfrm_audit_start("SA-notfound");
2260 if (audit_buf == NULL)
2261 return;
2262 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2263 audit_log_end(audit_buf);
2264}
2265EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2266
2267void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2268 __be32 net_spi, __be32 net_seq)
2269{
2270 struct audit_buffer *audit_buf;
2271 u32 spi;
2272
2273 audit_buf = xfrm_audit_start("SA-notfound");
2274 if (audit_buf == NULL)
2275 return;
2276 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2277 spi = ntohl(net_spi);
2278 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2279 spi, spi, ntohl(net_seq));
2280 audit_log_end(audit_buf);
2281}
2282EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2283
2284void xfrm_audit_state_icvfail(struct xfrm_state *x,
2285 struct sk_buff *skb, u8 proto)
2286{
2287 struct audit_buffer *audit_buf;
2288 __be32 net_spi;
2289 __be32 net_seq;
2290
2291 audit_buf = xfrm_audit_start("SA-icv-failure");
2292 if (audit_buf == NULL)
2293 return;
2294 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2295 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2296 u32 spi = ntohl(net_spi);
2297 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2298 spi, spi, ntohl(net_seq));
2299 }
2300 audit_log_end(audit_buf);
2301}
2302EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2303#endif
2304
