1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
21#include <linux/cache.h>
22#include <linux/audit.h>
23#include <asm/uaccess.h>
24#include <linux/ktime.h>
25#include <linux/slab.h>
26#include <linux/interrupt.h>
27#include <linux/kernel.h>
28
29#include "xfrm_hash.h"
30
31
32
33
34
35
36
37
38static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
39
40static inline unsigned int xfrm_dst_hash(struct net *net,
41 const xfrm_address_t *daddr,
42 const xfrm_address_t *saddr,
43 u32 reqid,
44 unsigned short family)
45{
46 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask);
47}
48
49static inline unsigned int xfrm_src_hash(struct net *net,
50 const xfrm_address_t *daddr,
51 const xfrm_address_t *saddr,
52 unsigned short family)
53{
54 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask);
55}
56
57static inline unsigned int
58xfrm_spi_hash(struct net *net, const xfrm_address_t *daddr,
59 __be32 spi, u8 proto, unsigned short family)
60{
61 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask);
62}
63
64static void xfrm_hash_transfer(struct hlist_head *list,
65 struct hlist_head *ndsttable,
66 struct hlist_head *nsrctable,
67 struct hlist_head *nspitable,
68 unsigned int nhashmask)
69{
70 struct hlist_node *tmp;
71 struct xfrm_state *x;
72
73 hlist_for_each_entry_safe(x, tmp, list, bydst) {
74 unsigned int h;
75
76 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
77 x->props.reqid, x->props.family,
78 nhashmask);
79 hlist_add_head(&x->bydst, ndsttable+h);
80
81 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
82 x->props.family,
83 nhashmask);
84 hlist_add_head(&x->bysrc, nsrctable+h);
85
86 if (x->id.spi) {
87 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
88 x->id.proto, x->props.family,
89 nhashmask);
90 hlist_add_head(&x->byspi, nspitable+h);
91 }
92 }
93}
94
95static unsigned long xfrm_hash_new_size(unsigned int state_hmask)
96{
97 return ((state_hmask + 1) << 1) * sizeof(struct hlist_head);
98}
99
100static DEFINE_MUTEX(hash_resize_mutex);
101
102static void xfrm_hash_resize(struct work_struct *work)
103{
104 struct net *net = container_of(work, struct net, xfrm.state_hash_work);
105 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
106 unsigned long nsize, osize;
107 unsigned int nhashmask, ohashmask;
108 int i;
109
110 mutex_lock(&hash_resize_mutex);
111
112 nsize = xfrm_hash_new_size(net->xfrm.state_hmask);
113 ndst = xfrm_hash_alloc(nsize);
114 if (!ndst)
115 goto out_unlock;
116 nsrc = xfrm_hash_alloc(nsize);
117 if (!nsrc) {
118 xfrm_hash_free(ndst, nsize);
119 goto out_unlock;
120 }
121 nspi = xfrm_hash_alloc(nsize);
122 if (!nspi) {
123 xfrm_hash_free(ndst, nsize);
124 xfrm_hash_free(nsrc, nsize);
125 goto out_unlock;
126 }
127
128 spin_lock_bh(&net->xfrm.xfrm_state_lock);
129
130 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
131 for (i = net->xfrm.state_hmask; i >= 0; i--)
132 xfrm_hash_transfer(net->xfrm.state_bydst+i, ndst, nsrc, nspi,
133 nhashmask);
134
135 odst = net->xfrm.state_bydst;
136 osrc = net->xfrm.state_bysrc;
137 ospi = net->xfrm.state_byspi;
138 ohashmask = net->xfrm.state_hmask;
139
140 net->xfrm.state_bydst = ndst;
141 net->xfrm.state_bysrc = nsrc;
142 net->xfrm.state_byspi = nspi;
143 net->xfrm.state_hmask = nhashmask;
144
145 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
146
147 osize = (ohashmask + 1) * sizeof(struct hlist_head);
148 xfrm_hash_free(odst, osize);
149 xfrm_hash_free(osrc, osize);
150 xfrm_hash_free(ospi, osize);
151
152out_unlock:
153 mutex_unlock(&hash_resize_mutex);
154}
155
156static DEFINE_SPINLOCK(xfrm_state_afinfo_lock);
157static struct xfrm_state_afinfo __rcu *xfrm_state_afinfo[NPROTO];
158
159static DEFINE_SPINLOCK(xfrm_state_gc_lock);
160
161int __xfrm_state_delete(struct xfrm_state *x);
162
163int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
164void km_state_expired(struct xfrm_state *x, int hard, u32 portid);
165
166static DEFINE_SPINLOCK(xfrm_type_lock);
167int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
168{
169 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
170 const struct xfrm_type **typemap;
171 int err = 0;
172
173 if (unlikely(afinfo == NULL))
174 return -EAFNOSUPPORT;
175 typemap = afinfo->type_map;
176 spin_lock_bh(&xfrm_type_lock);
177
178 if (likely(typemap[type->proto] == NULL))
179 typemap[type->proto] = type;
180 else
181 err = -EEXIST;
182 spin_unlock_bh(&xfrm_type_lock);
183 xfrm_state_put_afinfo(afinfo);
184 return err;
185}
186EXPORT_SYMBOL(xfrm_register_type);
187
188int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
189{
190 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
191 const struct xfrm_type **typemap;
192 int err = 0;
193
194 if (unlikely(afinfo == NULL))
195 return -EAFNOSUPPORT;
196 typemap = afinfo->type_map;
197 spin_lock_bh(&xfrm_type_lock);
198
199 if (unlikely(typemap[type->proto] != type))
200 err = -ENOENT;
201 else
202 typemap[type->proto] = NULL;
203 spin_unlock_bh(&xfrm_type_lock);
204 xfrm_state_put_afinfo(afinfo);
205 return err;
206}
207EXPORT_SYMBOL(xfrm_unregister_type);
208
209static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
210{
211 struct xfrm_state_afinfo *afinfo;
212 const struct xfrm_type **typemap;
213 const struct xfrm_type *type;
214 int modload_attempted = 0;
215
216retry:
217 afinfo = xfrm_state_get_afinfo(family);
218 if (unlikely(afinfo == NULL))
219 return NULL;
220 typemap = afinfo->type_map;
221
222 type = typemap[proto];
223 if (unlikely(type && !try_module_get(type->owner)))
224 type = NULL;
225 if (!type && !modload_attempted) {
226 xfrm_state_put_afinfo(afinfo);
227 request_module("xfrm-type-%d-%d", family, proto);
228 modload_attempted = 1;
229 goto retry;
230 }
231
232 xfrm_state_put_afinfo(afinfo);
233 return type;
234}
235
236static void xfrm_put_type(const struct xfrm_type *type)
237{
238 module_put(type->owner);
239}
240
241static DEFINE_SPINLOCK(xfrm_mode_lock);
242int xfrm_register_mode(struct xfrm_mode *mode, int family)
243{
244 struct xfrm_state_afinfo *afinfo;
245 struct xfrm_mode **modemap;
246 int err;
247
248 if (unlikely(mode->encap >= XFRM_MODE_MAX))
249 return -EINVAL;
250
251 afinfo = xfrm_state_get_afinfo(family);
252 if (unlikely(afinfo == NULL))
253 return -EAFNOSUPPORT;
254
255 err = -EEXIST;
256 modemap = afinfo->mode_map;
257 spin_lock_bh(&xfrm_mode_lock);
258 if (modemap[mode->encap])
259 goto out;
260
261 err = -ENOENT;
262 if (!try_module_get(afinfo->owner))
263 goto out;
264
265 mode->afinfo = afinfo;
266 modemap[mode->encap] = mode;
267 err = 0;
268
269out:
270 spin_unlock_bh(&xfrm_mode_lock);
271 xfrm_state_put_afinfo(afinfo);
272 return err;
273}
274EXPORT_SYMBOL(xfrm_register_mode);
275
276int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
277{
278 struct xfrm_state_afinfo *afinfo;
279 struct xfrm_mode **modemap;
280 int err;
281
282 if (unlikely(mode->encap >= XFRM_MODE_MAX))
283 return -EINVAL;
284
285 afinfo = xfrm_state_get_afinfo(family);
286 if (unlikely(afinfo == NULL))
287 return -EAFNOSUPPORT;
288
289 err = -ENOENT;
290 modemap = afinfo->mode_map;
291 spin_lock_bh(&xfrm_mode_lock);
292 if (likely(modemap[mode->encap] == mode)) {
293 modemap[mode->encap] = NULL;
294 module_put(mode->afinfo->owner);
295 err = 0;
296 }
297
298 spin_unlock_bh(&xfrm_mode_lock);
299 xfrm_state_put_afinfo(afinfo);
300 return err;
301}
302EXPORT_SYMBOL(xfrm_unregister_mode);
303
304static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
305{
306 struct xfrm_state_afinfo *afinfo;
307 struct xfrm_mode *mode;
308 int modload_attempted = 0;
309
310 if (unlikely(encap >= XFRM_MODE_MAX))
311 return NULL;
312
313retry:
314 afinfo = xfrm_state_get_afinfo(family);
315 if (unlikely(afinfo == NULL))
316 return NULL;
317
318 mode = afinfo->mode_map[encap];
319 if (unlikely(mode && !try_module_get(mode->owner)))
320 mode = NULL;
321 if (!mode && !modload_attempted) {
322 xfrm_state_put_afinfo(afinfo);
323 request_module("xfrm-mode-%d-%d", family, encap);
324 modload_attempted = 1;
325 goto retry;
326 }
327
328 xfrm_state_put_afinfo(afinfo);
329 return mode;
330}
331
332static void xfrm_put_mode(struct xfrm_mode *mode)
333{
334 module_put(mode->owner);
335}
336
337static void xfrm_state_gc_destroy(struct xfrm_state *x)
338{
339 tasklet_hrtimer_cancel(&x->mtimer);
340 del_timer_sync(&x->rtimer);
341 kfree(x->aalg);
342 kfree(x->ealg);
343 kfree(x->calg);
344 kfree(x->encap);
345 kfree(x->coaddr);
346 kfree(x->replay_esn);
347 kfree(x->preplay_esn);
348 if (x->inner_mode)
349 xfrm_put_mode(x->inner_mode);
350 if (x->inner_mode_iaf)
351 xfrm_put_mode(x->inner_mode_iaf);
352 if (x->outer_mode)
353 xfrm_put_mode(x->outer_mode);
354 if (x->type) {
355 x->type->destructor(x);
356 xfrm_put_type(x->type);
357 }
358 security_xfrm_state_free(x);
359 kfree(x);
360}
361
362static void xfrm_state_gc_task(struct work_struct *work)
363{
364 struct net *net = container_of(work, struct net, xfrm.state_gc_work);
365 struct xfrm_state *x;
366 struct hlist_node *tmp;
367 struct hlist_head gc_list;
368
369 spin_lock_bh(&xfrm_state_gc_lock);
370 hlist_move_list(&net->xfrm.state_gc_list, &gc_list);
371 spin_unlock_bh(&xfrm_state_gc_lock);
372
373 hlist_for_each_entry_safe(x, tmp, &gc_list, gclist)
374 xfrm_state_gc_destroy(x);
375}
376
377static inline unsigned long make_jiffies(long secs)
378{
379 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
380 return MAX_SCHEDULE_TIMEOUT-1;
381 else
382 return secs*HZ;
383}
384
385static enum hrtimer_restart xfrm_timer_handler(struct hrtimer *me)
386{
387 struct tasklet_hrtimer *thr = container_of(me, struct tasklet_hrtimer, timer);
388 struct xfrm_state *x = container_of(thr, struct xfrm_state, mtimer);
389 unsigned long now = get_seconds();
390 long next = LONG_MAX;
391 int warn = 0;
392 int err = 0;
393
394 spin_lock(&x->lock);
395 if (x->km.state == XFRM_STATE_DEAD)
396 goto out;
397 if (x->km.state == XFRM_STATE_EXPIRED)
398 goto expired;
399 if (x->lft.hard_add_expires_seconds) {
400 long tmo = x->lft.hard_add_expires_seconds +
401 x->curlft.add_time - now;
402 if (tmo <= 0) {
403 if (x->xflags & XFRM_SOFT_EXPIRE) {
404
405
406
407
408 x->curlft.add_time = now - x->saved_tmo - 1;
409 tmo = x->lft.hard_add_expires_seconds - x->saved_tmo;
410 } else
411 goto expired;
412 }
413 if (tmo < next)
414 next = tmo;
415 }
416 if (x->lft.hard_use_expires_seconds) {
417 long tmo = x->lft.hard_use_expires_seconds +
418 (x->curlft.use_time ? : now) - now;
419 if (tmo <= 0)
420 goto expired;
421 if (tmo < next)
422 next = tmo;
423 }
424 if (x->km.dying)
425 goto resched;
426 if (x->lft.soft_add_expires_seconds) {
427 long tmo = x->lft.soft_add_expires_seconds +
428 x->curlft.add_time - now;
429 if (tmo <= 0) {
430 warn = 1;
431 x->xflags &= ~XFRM_SOFT_EXPIRE;
432 } else if (tmo < next) {
433 next = tmo;
434 x->xflags |= XFRM_SOFT_EXPIRE;
435 x->saved_tmo = tmo;
436 }
437 }
438 if (x->lft.soft_use_expires_seconds) {
439 long tmo = x->lft.soft_use_expires_seconds +
440 (x->curlft.use_time ? : now) - now;
441 if (tmo <= 0)
442 warn = 1;
443 else if (tmo < next)
444 next = tmo;
445 }
446
447 x->km.dying = warn;
448 if (warn)
449 km_state_expired(x, 0, 0);
450resched:
451 if (next != LONG_MAX) {
452 tasklet_hrtimer_start(&x->mtimer, ktime_set(next, 0), HRTIMER_MODE_REL);
453 }
454
455 goto out;
456
457expired:
458 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0)
459 x->km.state = XFRM_STATE_EXPIRED;
460
461 err = __xfrm_state_delete(x);
462 if (!err)
463 km_state_expired(x, 1, 0);
464
465 xfrm_audit_state_delete(x, err ? 0 : 1,
466 audit_get_loginuid(current),
467 audit_get_sessionid(current), 0);
468
469out:
470 spin_unlock(&x->lock);
471 return HRTIMER_NORESTART;
472}
473
474static void xfrm_replay_timer_handler(unsigned long data);
475
476struct xfrm_state *xfrm_state_alloc(struct net *net)
477{
478 struct xfrm_state *x;
479
480 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
481
482 if (x) {
483 write_pnet(&x->xs_net, net);
484 atomic_set(&x->refcnt, 1);
485 atomic_set(&x->tunnel_users, 0);
486 INIT_LIST_HEAD(&x->km.all);
487 INIT_HLIST_NODE(&x->bydst);
488 INIT_HLIST_NODE(&x->bysrc);
489 INIT_HLIST_NODE(&x->byspi);
490 tasklet_hrtimer_init(&x->mtimer, xfrm_timer_handler,
491 CLOCK_BOOTTIME, HRTIMER_MODE_ABS);
492 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
493 (unsigned long)x);
494 x->curlft.add_time = get_seconds();
495 x->lft.soft_byte_limit = XFRM_INF;
496 x->lft.soft_packet_limit = XFRM_INF;
497 x->lft.hard_byte_limit = XFRM_INF;
498 x->lft.hard_packet_limit = XFRM_INF;
499 x->replay_maxage = 0;
500 x->replay_maxdiff = 0;
501 x->inner_mode = NULL;
502 x->inner_mode_iaf = NULL;
503 spin_lock_init(&x->lock);
504 }
505 return x;
506}
507EXPORT_SYMBOL(xfrm_state_alloc);
508
509void __xfrm_state_destroy(struct xfrm_state *x)
510{
511 struct net *net = xs_net(x);
512
513 WARN_ON(x->km.state != XFRM_STATE_DEAD);
514
515 spin_lock_bh(&xfrm_state_gc_lock);
516 hlist_add_head(&x->gclist, &net->xfrm.state_gc_list);
517 spin_unlock_bh(&xfrm_state_gc_lock);
518 schedule_work(&net->xfrm.state_gc_work);
519}
520EXPORT_SYMBOL(__xfrm_state_destroy);
521
522int __xfrm_state_delete(struct xfrm_state *x)
523{
524 struct net *net = xs_net(x);
525 int err = -ESRCH;
526
527 if (x->km.state != XFRM_STATE_DEAD) {
528 x->km.state = XFRM_STATE_DEAD;
529 spin_lock(&net->xfrm.xfrm_state_lock);
530 list_del(&x->km.all);
531 hlist_del(&x->bydst);
532 hlist_del(&x->bysrc);
533 if (x->id.spi)
534 hlist_del(&x->byspi);
535 net->xfrm.state_num--;
536 spin_unlock(&net->xfrm.xfrm_state_lock);
537
538
539
540
541
542 xfrm_state_put(x);
543 err = 0;
544 }
545
546 return err;
547}
548EXPORT_SYMBOL(__xfrm_state_delete);
549
550int xfrm_state_delete(struct xfrm_state *x)
551{
552 int err;
553
554 spin_lock_bh(&x->lock);
555 err = __xfrm_state_delete(x);
556 spin_unlock_bh(&x->lock);
557
558 return err;
559}
560EXPORT_SYMBOL(xfrm_state_delete);
561
562#ifdef CONFIG_SECURITY_NETWORK_XFRM
563static inline int
564xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info)
565{
566 int i, err = 0;
567
568 for (i = 0; i <= net->xfrm.state_hmask; i++) {
569 struct xfrm_state *x;
570
571 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
572 if (xfrm_id_proto_match(x->id.proto, proto) &&
573 (err = security_xfrm_state_delete(x)) != 0) {
574 xfrm_audit_state_delete(x, 0,
575 audit_info->loginuid,
576 audit_info->sessionid,
577 audit_info->secid);
578 return err;
579 }
580 }
581 }
582
583 return err;
584}
585#else
586static inline int
587xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info)
588{
589 return 0;
590}
591#endif
592
593int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info)
594{
595 int i, err = 0, cnt = 0;
596
597 spin_lock_bh(&net->xfrm.xfrm_state_lock);
598 err = xfrm_state_flush_secctx_check(net, proto, audit_info);
599 if (err)
600 goto out;
601
602 err = -ESRCH;
603 for (i = 0; i <= net->xfrm.state_hmask; i++) {
604 struct xfrm_state *x;
605restart:
606 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
607 if (!xfrm_state_kern(x) &&
608 xfrm_id_proto_match(x->id.proto, proto)) {
609 xfrm_state_hold(x);
610 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
611
612 err = xfrm_state_delete(x);
613 xfrm_audit_state_delete(x, err ? 0 : 1,
614 audit_info->loginuid,
615 audit_info->sessionid,
616 audit_info->secid);
617 xfrm_state_put(x);
618 if (!err)
619 cnt++;
620
621 spin_lock_bh(&net->xfrm.xfrm_state_lock);
622 goto restart;
623 }
624 }
625 }
626 if (cnt)
627 err = 0;
628
629out:
630 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
631 return err;
632}
633EXPORT_SYMBOL(xfrm_state_flush);
634
635void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si)
636{
637 spin_lock_bh(&net->xfrm.xfrm_state_lock);
638 si->sadcnt = net->xfrm.state_num;
639 si->sadhcnt = net->xfrm.state_hmask;
640 si->sadhmcnt = xfrm_state_hashmax;
641 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
642}
643EXPORT_SYMBOL(xfrm_sad_getinfo);
644
645static int
646xfrm_init_tempstate(struct xfrm_state *x, const struct flowi *fl,
647 const struct xfrm_tmpl *tmpl,
648 const xfrm_address_t *daddr, const xfrm_address_t *saddr,
649 unsigned short family)
650{
651 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
652 if (!afinfo)
653 return -1;
654 afinfo->init_tempsel(&x->sel, fl);
655
656 if (family != tmpl->encap_family) {
657 xfrm_state_put_afinfo(afinfo);
658 afinfo = xfrm_state_get_afinfo(tmpl->encap_family);
659 if (!afinfo)
660 return -1;
661 }
662 afinfo->init_temprop(x, tmpl, daddr, saddr);
663 xfrm_state_put_afinfo(afinfo);
664 return 0;
665}
666
667static struct xfrm_state *__xfrm_state_lookup(struct net *net, u32 mark,
668 const xfrm_address_t *daddr,
669 __be32 spi, u8 proto,
670 unsigned short family)
671{
672 unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family);
673 struct xfrm_state *x;
674
675 hlist_for_each_entry(x, net->xfrm.state_byspi+h, byspi) {
676 if (x->props.family != family ||
677 x->id.spi != spi ||
678 x->id.proto != proto ||
679 !xfrm_addr_equal(&x->id.daddr, daddr, family))
680 continue;
681
682 if ((mark & x->mark.m) != x->mark.v)
683 continue;
684 xfrm_state_hold(x);
685 return x;
686 }
687
688 return NULL;
689}
690
691static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, u32 mark,
692 const xfrm_address_t *daddr,
693 const xfrm_address_t *saddr,
694 u8 proto, unsigned short family)
695{
696 unsigned int h = xfrm_src_hash(net, daddr, saddr, family);
697 struct xfrm_state *x;
698
699 hlist_for_each_entry(x, net->xfrm.state_bysrc+h, bysrc) {
700 if (x->props.family != family ||
701 x->id.proto != proto ||
702 !xfrm_addr_equal(&x->id.daddr, daddr, family) ||
703 !xfrm_addr_equal(&x->props.saddr, saddr, family))
704 continue;
705
706 if ((mark & x->mark.m) != x->mark.v)
707 continue;
708 xfrm_state_hold(x);
709 return x;
710 }
711
712 return NULL;
713}
714
715static inline struct xfrm_state *
716__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
717{
718 struct net *net = xs_net(x);
719 u32 mark = x->mark.v & x->mark.m;
720
721 if (use_spi)
722 return __xfrm_state_lookup(net, mark, &x->id.daddr,
723 x->id.spi, x->id.proto, family);
724 else
725 return __xfrm_state_lookup_byaddr(net, mark,
726 &x->id.daddr,
727 &x->props.saddr,
728 x->id.proto, family);
729}
730
731static void xfrm_hash_grow_check(struct net *net, int have_hash_collision)
732{
733 if (have_hash_collision &&
734 (net->xfrm.state_hmask + 1) < xfrm_state_hashmax &&
735 net->xfrm.state_num > net->xfrm.state_hmask)
736 schedule_work(&net->xfrm.state_hash_work);
737}
738
739static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x,
740 const struct flowi *fl, unsigned short family,
741 struct xfrm_state **best, int *acq_in_progress,
742 int *error)
743{
744
745
746
747
748
749
750
751
752
753
754
755 if (x->km.state == XFRM_STATE_VALID) {
756 if ((x->sel.family &&
757 !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
758 !security_xfrm_state_pol_flow_match(x, pol, fl))
759 return;
760
761 if (!*best ||
762 (*best)->km.dying > x->km.dying ||
763 ((*best)->km.dying == x->km.dying &&
764 (*best)->curlft.add_time < x->curlft.add_time))
765 *best = x;
766 } else if (x->km.state == XFRM_STATE_ACQ) {
767 *acq_in_progress = 1;
768 } else if (x->km.state == XFRM_STATE_ERROR ||
769 x->km.state == XFRM_STATE_EXPIRED) {
770 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
771 security_xfrm_state_pol_flow_match(x, pol, fl))
772 *error = -ESRCH;
773 }
774}
775
776struct xfrm_state *
777xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr,
778 const struct flowi *fl, struct xfrm_tmpl *tmpl,
779 struct xfrm_policy *pol, int *err,
780 unsigned short family)
781{
782 static xfrm_address_t saddr_wildcard = { };
783 struct net *net = xp_net(pol);
784 unsigned int h, h_wildcard;
785 struct xfrm_state *x, *x0, *to_put;
786 int acquire_in_progress = 0;
787 int error = 0;
788 struct xfrm_state *best = NULL;
789 u32 mark = pol->mark.v & pol->mark.m;
790 unsigned short encap_family = tmpl->encap_family;
791
792 to_put = NULL;
793
794 spin_lock_bh(&net->xfrm.xfrm_state_lock);
795 h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, encap_family);
796 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
797 if (x->props.family == encap_family &&
798 x->props.reqid == tmpl->reqid &&
799 (mark & x->mark.m) == x->mark.v &&
800 !(x->props.flags & XFRM_STATE_WILDRECV) &&
801 xfrm_state_addr_check(x, daddr, saddr, encap_family) &&
802 tmpl->mode == x->props.mode &&
803 tmpl->id.proto == x->id.proto &&
804 (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
805 xfrm_state_look_at(pol, x, fl, encap_family,
806 &best, &acquire_in_progress, &error);
807 }
808 if (best || acquire_in_progress)
809 goto found;
810
811 h_wildcard = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, encap_family);
812 hlist_for_each_entry(x, net->xfrm.state_bydst+h_wildcard, bydst) {
813 if (x->props.family == encap_family &&
814 x->props.reqid == tmpl->reqid &&
815 (mark & x->mark.m) == x->mark.v &&
816 !(x->props.flags & XFRM_STATE_WILDRECV) &&
817 xfrm_addr_equal(&x->id.daddr, daddr, encap_family) &&
818 tmpl->mode == x->props.mode &&
819 tmpl->id.proto == x->id.proto &&
820 (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
821 xfrm_state_look_at(pol, x, fl, encap_family,
822 &best, &acquire_in_progress, &error);
823 }
824
825found:
826 x = best;
827 if (!x && !error && !acquire_in_progress) {
828 if (tmpl->id.spi &&
829 (x0 = __xfrm_state_lookup(net, mark, daddr, tmpl->id.spi,
830 tmpl->id.proto, encap_family)) != NULL) {
831 to_put = x0;
832 error = -EEXIST;
833 goto out;
834 }
835 x = xfrm_state_alloc(net);
836 if (x == NULL) {
837 error = -ENOMEM;
838 goto out;
839 }
840
841
842 xfrm_init_tempstate(x, fl, tmpl, daddr, saddr, family);
843 memcpy(&x->mark, &pol->mark, sizeof(x->mark));
844
845 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->flowi_secid);
846 if (error) {
847 x->km.state = XFRM_STATE_DEAD;
848 to_put = x;
849 x = NULL;
850 goto out;
851 }
852
853 if (km_query(x, tmpl, pol) == 0) {
854 x->km.state = XFRM_STATE_ACQ;
855 list_add(&x->km.all, &net->xfrm.state_all);
856 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
857 h = xfrm_src_hash(net, daddr, saddr, encap_family);
858 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
859 if (x->id.spi) {
860 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, encap_family);
861 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
862 }
863 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
864 tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL);
865 net->xfrm.state_num++;
866 xfrm_hash_grow_check(net, x->bydst.next != NULL);
867 } else {
868 x->km.state = XFRM_STATE_DEAD;
869 to_put = x;
870 x = NULL;
871 error = -ESRCH;
872 }
873 }
874out:
875 if (x)
876 xfrm_state_hold(x);
877 else
878 *err = acquire_in_progress ? -EAGAIN : error;
879 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
880 if (to_put)
881 xfrm_state_put(to_put);
882 return x;
883}
884
885struct xfrm_state *
886xfrm_stateonly_find(struct net *net, u32 mark,
887 xfrm_address_t *daddr, xfrm_address_t *saddr,
888 unsigned short family, u8 mode, u8 proto, u32 reqid)
889{
890 unsigned int h;
891 struct xfrm_state *rx = NULL, *x = NULL;
892
893 spin_lock_bh(&net->xfrm.xfrm_state_lock);
894 h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
895 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
896 if (x->props.family == family &&
897 x->props.reqid == reqid &&
898 (mark & x->mark.m) == x->mark.v &&
899 !(x->props.flags & XFRM_STATE_WILDRECV) &&
900 xfrm_state_addr_check(x, daddr, saddr, family) &&
901 mode == x->props.mode &&
902 proto == x->id.proto &&
903 x->km.state == XFRM_STATE_VALID) {
904 rx = x;
905 break;
906 }
907 }
908
909 if (rx)
910 xfrm_state_hold(rx);
911 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
912
913
914 return rx;
915}
916EXPORT_SYMBOL(xfrm_stateonly_find);
917
918struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi,
919 unsigned short family)
920{
921 struct xfrm_state *x;
922 struct xfrm_state_walk *w;
923
924 spin_lock_bh(&net->xfrm.xfrm_state_lock);
925 list_for_each_entry(w, &net->xfrm.state_all, all) {
926 x = container_of(w, struct xfrm_state, km);
927 if (x->props.family != family ||
928 x->id.spi != spi)
929 continue;
930
931 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
932 xfrm_state_hold(x);
933 return x;
934 }
935 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
936 return NULL;
937}
938EXPORT_SYMBOL(xfrm_state_lookup_byspi);
939
940static void __xfrm_state_insert(struct xfrm_state *x)
941{
942 struct net *net = xs_net(x);
943 unsigned int h;
944
945 list_add(&x->km.all, &net->xfrm.state_all);
946
947 h = xfrm_dst_hash(net, &x->id.daddr, &x->props.saddr,
948 x->props.reqid, x->props.family);
949 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
950
951 h = xfrm_src_hash(net, &x->id.daddr, &x->props.saddr, x->props.family);
952 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
953
954 if (x->id.spi) {
955 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto,
956 x->props.family);
957
958 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
959 }
960
961 tasklet_hrtimer_start(&x->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL);
962 if (x->replay_maxage)
963 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
964
965 net->xfrm.state_num++;
966
967 xfrm_hash_grow_check(net, x->bydst.next != NULL);
968}
969
970
971static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
972{
973 struct net *net = xs_net(xnew);
974 unsigned short family = xnew->props.family;
975 u32 reqid = xnew->props.reqid;
976 struct xfrm_state *x;
977 unsigned int h;
978 u32 mark = xnew->mark.v & xnew->mark.m;
979
980 h = xfrm_dst_hash(net, &xnew->id.daddr, &xnew->props.saddr, reqid, family);
981 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
982 if (x->props.family == family &&
983 x->props.reqid == reqid &&
984 (mark & x->mark.m) == x->mark.v &&
985 xfrm_addr_equal(&x->id.daddr, &xnew->id.daddr, family) &&
986 xfrm_addr_equal(&x->props.saddr, &xnew->props.saddr, family))
987 x->genid++;
988 }
989}
990
991void xfrm_state_insert(struct xfrm_state *x)
992{
993 struct net *net = xs_net(x);
994
995 spin_lock_bh(&net->xfrm.xfrm_state_lock);
996 __xfrm_state_bump_genids(x);
997 __xfrm_state_insert(x);
998 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
999}
1000EXPORT_SYMBOL(xfrm_state_insert);
1001
1002
1003static struct xfrm_state *__find_acq_core(struct net *net,
1004 const struct xfrm_mark *m,
1005 unsigned short family, u8 mode,
1006 u32 reqid, u8 proto,
1007 const xfrm_address_t *daddr,
1008 const xfrm_address_t *saddr,
1009 int create)
1010{
1011 unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
1012 struct xfrm_state *x;
1013 u32 mark = m->v & m->m;
1014
1015 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
1016 if (x->props.reqid != reqid ||
1017 x->props.mode != mode ||
1018 x->props.family != family ||
1019 x->km.state != XFRM_STATE_ACQ ||
1020 x->id.spi != 0 ||
1021 x->id.proto != proto ||
1022 (mark & x->mark.m) != x->mark.v ||
1023 !xfrm_addr_equal(&x->id.daddr, daddr, family) ||
1024 !xfrm_addr_equal(&x->props.saddr, saddr, family))
1025 continue;
1026
1027 xfrm_state_hold(x);
1028 return x;
1029 }
1030
1031 if (!create)
1032 return NULL;
1033
1034 x = xfrm_state_alloc(net);
1035 if (likely(x)) {
1036 switch (family) {
1037 case AF_INET:
1038 x->sel.daddr.a4 = daddr->a4;
1039 x->sel.saddr.a4 = saddr->a4;
1040 x->sel.prefixlen_d = 32;
1041 x->sel.prefixlen_s = 32;
1042 x->props.saddr.a4 = saddr->a4;
1043 x->id.daddr.a4 = daddr->a4;
1044 break;
1045
1046 case AF_INET6:
1047 *(struct in6_addr *)x->sel.daddr.a6 = *(struct in6_addr *)daddr;
1048 *(struct in6_addr *)x->sel.saddr.a6 = *(struct in6_addr *)saddr;
1049 x->sel.prefixlen_d = 128;
1050 x->sel.prefixlen_s = 128;
1051 *(struct in6_addr *)x->props.saddr.a6 = *(struct in6_addr *)saddr;
1052 *(struct in6_addr *)x->id.daddr.a6 = *(struct in6_addr *)daddr;
1053 break;
1054 }
1055
1056 x->km.state = XFRM_STATE_ACQ;
1057 x->id.proto = proto;
1058 x->props.family = family;
1059 x->props.mode = mode;
1060 x->props.reqid = reqid;
1061 x->mark.v = m->v;
1062 x->mark.m = m->m;
1063 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
1064 xfrm_state_hold(x);
1065 tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL);
1066 list_add(&x->km.all, &net->xfrm.state_all);
1067 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
1068 h = xfrm_src_hash(net, daddr, saddr, family);
1069 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
1070
1071 net->xfrm.state_num++;
1072
1073 xfrm_hash_grow_check(net, x->bydst.next != NULL);
1074 }
1075
1076 return x;
1077}
1078
1079static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq);
1080
1081int xfrm_state_add(struct xfrm_state *x)
1082{
1083 struct net *net = xs_net(x);
1084 struct xfrm_state *x1, *to_put;
1085 int family;
1086 int err;
1087 u32 mark = x->mark.v & x->mark.m;
1088 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1089
1090 family = x->props.family;
1091
1092 to_put = NULL;
1093
1094 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1095
1096 x1 = __xfrm_state_locate(x, use_spi, family);
1097 if (x1) {
1098 to_put = x1;
1099 x1 = NULL;
1100 err = -EEXIST;
1101 goto out;
1102 }
1103
1104 if (use_spi && x->km.seq) {
1105 x1 = __xfrm_find_acq_byseq(net, mark, x->km.seq);
1106 if (x1 && ((x1->id.proto != x->id.proto) ||
1107 !xfrm_addr_equal(&x1->id.daddr, &x->id.daddr, family))) {
1108 to_put = x1;
1109 x1 = NULL;
1110 }
1111 }
1112
1113 if (use_spi && !x1)
1114 x1 = __find_acq_core(net, &x->mark, family, x->props.mode,
1115 x->props.reqid, x->id.proto,
1116 &x->id.daddr, &x->props.saddr, 0);
1117
1118 __xfrm_state_bump_genids(x);
1119 __xfrm_state_insert(x);
1120 err = 0;
1121
1122out:
1123 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1124
1125 if (x1) {
1126 xfrm_state_delete(x1);
1127 xfrm_state_put(x1);
1128 }
1129
1130 if (to_put)
1131 xfrm_state_put(to_put);
1132
1133 return err;
1134}
1135EXPORT_SYMBOL(xfrm_state_add);
1136
1137#ifdef CONFIG_XFRM_MIGRATE
1138static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1139{
1140 struct net *net = xs_net(orig);
1141 int err = -ENOMEM;
1142 struct xfrm_state *x = xfrm_state_alloc(net);
1143 if (!x)
1144 goto out;
1145
1146 memcpy(&x->id, &orig->id, sizeof(x->id));
1147 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1148 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1149 x->props.mode = orig->props.mode;
1150 x->props.replay_window = orig->props.replay_window;
1151 x->props.reqid = orig->props.reqid;
1152 x->props.family = orig->props.family;
1153 x->props.saddr = orig->props.saddr;
1154
1155 if (orig->aalg) {
1156 x->aalg = xfrm_algo_auth_clone(orig->aalg);
1157 if (!x->aalg)
1158 goto error;
1159 }
1160 x->props.aalgo = orig->props.aalgo;
1161
1162 if (orig->aead) {
1163 x->aead = xfrm_algo_aead_clone(orig->aead);
1164 if (!x->aead)
1165 goto error;
1166 }
1167 if (orig->ealg) {
1168 x->ealg = xfrm_algo_clone(orig->ealg);
1169 if (!x->ealg)
1170 goto error;
1171 }
1172 x->props.ealgo = orig->props.ealgo;
1173
1174 if (orig->calg) {
1175 x->calg = xfrm_algo_clone(orig->calg);
1176 if (!x->calg)
1177 goto error;
1178 }
1179 x->props.calgo = orig->props.calgo;
1180
1181 if (orig->encap) {
1182 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1183 if (!x->encap)
1184 goto error;
1185 }
1186
1187 if (orig->coaddr) {
1188 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1189 GFP_KERNEL);
1190 if (!x->coaddr)
1191 goto error;
1192 }
1193
1194 if (orig->replay_esn) {
1195 err = xfrm_replay_clone(x, orig);
1196 if (err)
1197 goto error;
1198 }
1199
1200 memcpy(&x->mark, &orig->mark, sizeof(x->mark));
1201
1202 err = xfrm_init_state(x);
1203 if (err)
1204 goto error;
1205
1206 x->props.flags = orig->props.flags;
1207 x->props.extra_flags = orig->props.extra_flags;
1208
1209 x->tfcpad = orig->tfcpad;
1210 x->replay_maxdiff = orig->replay_maxdiff;
1211 x->replay_maxage = orig->replay_maxage;
1212 x->curlft.add_time = orig->curlft.add_time;
1213 x->km.state = orig->km.state;
1214 x->km.seq = orig->km.seq;
1215
1216 return x;
1217
1218 error:
1219 xfrm_state_put(x);
1220out:
1221 if (errp)
1222 *errp = err;
1223 return NULL;
1224}
1225
1226struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net)
1227{
1228 unsigned int h;
1229 struct xfrm_state *x = NULL;
1230
1231 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1232
1233 if (m->reqid) {
1234 h = xfrm_dst_hash(net, &m->old_daddr, &m->old_saddr,
1235 m->reqid, m->old_family);
1236 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
1237 if (x->props.mode != m->mode ||
1238 x->id.proto != m->proto)
1239 continue;
1240 if (m->reqid && x->props.reqid != m->reqid)
1241 continue;
1242 if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr,
1243 m->old_family) ||
1244 !xfrm_addr_equal(&x->props.saddr, &m->old_saddr,
1245 m->old_family))
1246 continue;
1247 xfrm_state_hold(x);
1248 break;
1249 }
1250 } else {
1251 h = xfrm_src_hash(net, &m->old_daddr, &m->old_saddr,
1252 m->old_family);
1253 hlist_for_each_entry(x, net->xfrm.state_bysrc+h, bysrc) {
1254 if (x->props.mode != m->mode ||
1255 x->id.proto != m->proto)
1256 continue;
1257 if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr,
1258 m->old_family) ||
1259 !xfrm_addr_equal(&x->props.saddr, &m->old_saddr,
1260 m->old_family))
1261 continue;
1262 xfrm_state_hold(x);
1263 break;
1264 }
1265 }
1266
1267 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1268
1269 return x;
1270}
1271EXPORT_SYMBOL(xfrm_migrate_state_find);
1272
1273struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
1274 struct xfrm_migrate *m)
1275{
1276 struct xfrm_state *xc;
1277 int err;
1278
1279 xc = xfrm_state_clone(x, &err);
1280 if (!xc)
1281 return NULL;
1282
1283 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1284 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1285
1286
1287 if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) {
1288
1289
1290 xfrm_state_insert(xc);
1291 } else {
1292 if ((err = xfrm_state_add(xc)) < 0)
1293 goto error;
1294 }
1295
1296 return xc;
1297error:
1298 xfrm_state_put(xc);
1299 return NULL;
1300}
1301EXPORT_SYMBOL(xfrm_state_migrate);
1302#endif
1303
1304int xfrm_state_update(struct xfrm_state *x)
1305{
1306 struct xfrm_state *x1, *to_put;
1307 int err;
1308 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1309 struct net *net = xs_net(x);
1310
1311 to_put = NULL;
1312
1313 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1314 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1315
1316 err = -ESRCH;
1317 if (!x1)
1318 goto out;
1319
1320 if (xfrm_state_kern(x1)) {
1321 to_put = x1;
1322 err = -EEXIST;
1323 goto out;
1324 }
1325
1326 if (x1->km.state == XFRM_STATE_ACQ) {
1327 __xfrm_state_insert(x);
1328 x = NULL;
1329 }
1330 err = 0;
1331
1332out:
1333 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1334
1335 if (to_put)
1336 xfrm_state_put(to_put);
1337
1338 if (err)
1339 return err;
1340
1341 if (!x) {
1342 xfrm_state_delete(x1);
1343 xfrm_state_put(x1);
1344 return 0;
1345 }
1346
1347 err = -EINVAL;
1348 spin_lock_bh(&x1->lock);
1349 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1350 if (x->encap && x1->encap)
1351 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1352 if (x->coaddr && x1->coaddr) {
1353 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1354 }
1355 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1356 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1357 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1358 x1->km.dying = 0;
1359
1360 tasklet_hrtimer_start(&x1->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL);
1361 if (x1->curlft.use_time)
1362 xfrm_state_check_expire(x1);
1363
1364 err = 0;
1365 x->km.state = XFRM_STATE_DEAD;
1366 __xfrm_state_put(x);
1367 }
1368 spin_unlock_bh(&x1->lock);
1369
1370 xfrm_state_put(x1);
1371
1372 return err;
1373}
1374EXPORT_SYMBOL(xfrm_state_update);
1375
1376int xfrm_state_check_expire(struct xfrm_state *x)
1377{
1378 if (!x->curlft.use_time)
1379 x->curlft.use_time = get_seconds();
1380
1381 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1382 x->curlft.packets >= x->lft.hard_packet_limit) {
1383 x->km.state = XFRM_STATE_EXPIRED;
1384 tasklet_hrtimer_start(&x->mtimer, ktime_set(0, 0), HRTIMER_MODE_REL);
1385 return -EINVAL;
1386 }
1387
1388 if (!x->km.dying &&
1389 (x->curlft.bytes >= x->lft.soft_byte_limit ||
1390 x->curlft.packets >= x->lft.soft_packet_limit)) {
1391 x->km.dying = 1;
1392 km_state_expired(x, 0, 0);
1393 }
1394 return 0;
1395}
1396EXPORT_SYMBOL(xfrm_state_check_expire);
1397
1398struct xfrm_state *
1399xfrm_state_lookup(struct net *net, u32 mark, const xfrm_address_t *daddr, __be32 spi,
1400 u8 proto, unsigned short family)
1401{
1402 struct xfrm_state *x;
1403
1404 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1405 x = __xfrm_state_lookup(net, mark, daddr, spi, proto, family);
1406 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1407 return x;
1408}
1409EXPORT_SYMBOL(xfrm_state_lookup);
1410
1411struct xfrm_state *
1412xfrm_state_lookup_byaddr(struct net *net, u32 mark,
1413 const xfrm_address_t *daddr, const xfrm_address_t *saddr,
1414 u8 proto, unsigned short family)
1415{
1416 struct xfrm_state *x;
1417
1418 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1419 x = __xfrm_state_lookup_byaddr(net, mark, daddr, saddr, proto, family);
1420 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1421 return x;
1422}
1423EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1424
1425struct xfrm_state *
1426xfrm_find_acq(struct net *net, const struct xfrm_mark *mark, u8 mode, u32 reqid,
1427 u8 proto, const xfrm_address_t *daddr,
1428 const xfrm_address_t *saddr, int create, unsigned short family)
1429{
1430 struct xfrm_state *x;
1431
1432 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1433 x = __find_acq_core(net, mark, family, mode, reqid, proto, daddr, saddr, create);
1434 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1435
1436 return x;
1437}
1438EXPORT_SYMBOL(xfrm_find_acq);
1439
1440#ifdef CONFIG_XFRM_SUB_POLICY
1441int
1442xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1443 unsigned short family, struct net *net)
1444{
1445 int err = 0;
1446 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1447 if (!afinfo)
1448 return -EAFNOSUPPORT;
1449
1450 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1451 if (afinfo->tmpl_sort)
1452 err = afinfo->tmpl_sort(dst, src, n);
1453 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1454 xfrm_state_put_afinfo(afinfo);
1455 return err;
1456}
1457EXPORT_SYMBOL(xfrm_tmpl_sort);
1458
1459int
1460xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1461 unsigned short family)
1462{
1463 int err = 0;
1464 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1465 struct net *net = xs_net(*src);
1466
1467 if (!afinfo)
1468 return -EAFNOSUPPORT;
1469
1470 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1471 if (afinfo->state_sort)
1472 err = afinfo->state_sort(dst, src, n);
1473 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1474 xfrm_state_put_afinfo(afinfo);
1475 return err;
1476}
1477EXPORT_SYMBOL(xfrm_state_sort);
1478#endif
1479
1480
1481
1482static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq)
1483{
1484 int i;
1485
1486 for (i = 0; i <= net->xfrm.state_hmask; i++) {
1487 struct xfrm_state *x;
1488
1489 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
1490 if (x->km.seq == seq &&
1491 (mark & x->mark.m) == x->mark.v &&
1492 x->km.state == XFRM_STATE_ACQ) {
1493 xfrm_state_hold(x);
1494 return x;
1495 }
1496 }
1497 }
1498 return NULL;
1499}
1500
1501struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq)
1502{
1503 struct xfrm_state *x;
1504
1505 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1506 x = __xfrm_find_acq_byseq(net, mark, seq);
1507 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1508 return x;
1509}
1510EXPORT_SYMBOL(xfrm_find_acq_byseq);
1511
1512u32 xfrm_get_acqseq(void)
1513{
1514 u32 res;
1515 static atomic_t acqseq;
1516
1517 do {
1518 res = atomic_inc_return(&acqseq);
1519 } while (!res);
1520
1521 return res;
1522}
1523EXPORT_SYMBOL(xfrm_get_acqseq);
1524
1525int verify_spi_info(u8 proto, u32 min, u32 max)
1526{
1527 switch (proto) {
1528 case IPPROTO_AH:
1529 case IPPROTO_ESP:
1530 break;
1531
1532 case IPPROTO_COMP:
1533
1534 if (max >= 0x10000)
1535 return -EINVAL;
1536 break;
1537
1538 default:
1539 return -EINVAL;
1540 }
1541
1542 if (min > max)
1543 return -EINVAL;
1544
1545 return 0;
1546}
1547EXPORT_SYMBOL(verify_spi_info);
1548
1549int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1550{
1551 struct net *net = xs_net(x);
1552 unsigned int h;
1553 struct xfrm_state *x0;
1554 int err = -ENOENT;
1555 __be32 minspi = htonl(low);
1556 __be32 maxspi = htonl(high);
1557 u32 mark = x->mark.v & x->mark.m;
1558
1559 spin_lock_bh(&x->lock);
1560 if (x->km.state == XFRM_STATE_DEAD)
1561 goto unlock;
1562
1563 err = 0;
1564 if (x->id.spi)
1565 goto unlock;
1566
1567 err = -ENOENT;
1568
1569 if (minspi == maxspi) {
1570 x0 = xfrm_state_lookup(net, mark, &x->id.daddr, minspi, x->id.proto, x->props.family);
1571 if (x0) {
1572 xfrm_state_put(x0);
1573 goto unlock;
1574 }
1575 x->id.spi = minspi;
1576 } else {
1577 u32 spi = 0;
1578 for (h = 0; h < high-low+1; h++) {
1579 spi = low + prandom_u32()%(high-low+1);
1580 x0 = xfrm_state_lookup(net, mark, &x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1581 if (x0 == NULL) {
1582 x->id.spi = htonl(spi);
1583 break;
1584 }
1585 xfrm_state_put(x0);
1586 }
1587 }
1588 if (x->id.spi) {
1589 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1590 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1591 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
1592 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1593
1594 err = 0;
1595 }
1596
1597unlock:
1598 spin_unlock_bh(&x->lock);
1599
1600 return err;
1601}
1602EXPORT_SYMBOL(xfrm_alloc_spi);
1603
1604int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
1605 int (*func)(struct xfrm_state *, int, void*),
1606 void *data)
1607{
1608 struct xfrm_state *state;
1609 struct xfrm_state_walk *x;
1610 int err = 0;
1611
1612 if (walk->seq != 0 && list_empty(&walk->all))
1613 return 0;
1614
1615 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1616 if (list_empty(&walk->all))
1617 x = list_first_entry(&net->xfrm.state_all, struct xfrm_state_walk, all);
1618 else
1619 x = list_entry(&walk->all, struct xfrm_state_walk, all);
1620 list_for_each_entry_from(x, &net->xfrm.state_all, all) {
1621 if (x->state == XFRM_STATE_DEAD)
1622 continue;
1623 state = container_of(x, struct xfrm_state, km);
1624 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
1625 continue;
1626 err = func(state, walk->seq, data);
1627 if (err) {
1628 list_move_tail(&walk->all, &x->all);
1629 goto out;
1630 }
1631 walk->seq++;
1632 }
1633 if (walk->seq == 0) {
1634 err = -ENOENT;
1635 goto out;
1636 }
1637 list_del_init(&walk->all);
1638out:
1639 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1640 return err;
1641}
1642EXPORT_SYMBOL(xfrm_state_walk);
1643
1644void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1645{
1646 INIT_LIST_HEAD(&walk->all);
1647 walk->proto = proto;
1648 walk->state = XFRM_STATE_DEAD;
1649 walk->seq = 0;
1650}
1651EXPORT_SYMBOL(xfrm_state_walk_init);
1652
1653void xfrm_state_walk_done(struct xfrm_state_walk *walk, struct net *net)
1654{
1655 if (list_empty(&walk->all))
1656 return;
1657
1658 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1659 list_del(&walk->all);
1660 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1661}
1662EXPORT_SYMBOL(xfrm_state_walk_done);
1663
1664static void xfrm_replay_timer_handler(unsigned long data)
1665{
1666 struct xfrm_state *x = (struct xfrm_state *)data;
1667
1668 spin_lock(&x->lock);
1669
1670 if (x->km.state == XFRM_STATE_VALID) {
1671 if (xfrm_aevent_is_on(xs_net(x)))
1672 x->repl->notify(x, XFRM_REPLAY_TIMEOUT);
1673 else
1674 x->xflags |= XFRM_TIME_DEFER;
1675 }
1676
1677 spin_unlock(&x->lock);
1678}
1679
1680static LIST_HEAD(xfrm_km_list);
1681
1682void km_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
1683{
1684 struct xfrm_mgr *km;
1685
1686 rcu_read_lock();
1687 list_for_each_entry_rcu(km, &xfrm_km_list, list)
1688 if (km->notify_policy)
1689 km->notify_policy(xp, dir, c);
1690 rcu_read_unlock();
1691}
1692
1693void km_state_notify(struct xfrm_state *x, const struct km_event *c)
1694{
1695 struct xfrm_mgr *km;
1696 rcu_read_lock();
1697 list_for_each_entry_rcu(km, &xfrm_km_list, list)
1698 if (km->notify)
1699 km->notify(x, c);
1700 rcu_read_unlock();
1701}
1702
1703EXPORT_SYMBOL(km_policy_notify);
1704EXPORT_SYMBOL(km_state_notify);
1705
1706void km_state_expired(struct xfrm_state *x, int hard, u32 portid)
1707{
1708 struct km_event c;
1709
1710 c.data.hard = hard;
1711 c.portid = portid;
1712 c.event = XFRM_MSG_EXPIRE;
1713 km_state_notify(x, &c);
1714}
1715
1716EXPORT_SYMBOL(km_state_expired);
1717
1718
1719
1720
1721int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1722{
1723 int err = -EINVAL, acqret;
1724 struct xfrm_mgr *km;
1725
1726 rcu_read_lock();
1727 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1728 acqret = km->acquire(x, t, pol);
1729 if (!acqret)
1730 err = acqret;
1731 }
1732 rcu_read_unlock();
1733 return err;
1734}
1735EXPORT_SYMBOL(km_query);
1736
1737int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1738{
1739 int err = -EINVAL;
1740 struct xfrm_mgr *km;
1741
1742 rcu_read_lock();
1743 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1744 if (km->new_mapping)
1745 err = km->new_mapping(x, ipaddr, sport);
1746 if (!err)
1747 break;
1748 }
1749 rcu_read_unlock();
1750 return err;
1751}
1752EXPORT_SYMBOL(km_new_mapping);
1753
1754void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 portid)
1755{
1756 struct km_event c;
1757
1758 c.data.hard = hard;
1759 c.portid = portid;
1760 c.event = XFRM_MSG_POLEXPIRE;
1761 km_policy_notify(pol, dir, &c);
1762}
1763EXPORT_SYMBOL(km_policy_expired);
1764
1765#ifdef CONFIG_XFRM_MIGRATE
1766int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
1767 const struct xfrm_migrate *m, int num_migrate,
1768 const struct xfrm_kmaddress *k)
1769{
1770 int err = -EINVAL;
1771 int ret;
1772 struct xfrm_mgr *km;
1773
1774 rcu_read_lock();
1775 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1776 if (km->migrate) {
1777 ret = km->migrate(sel, dir, type, m, num_migrate, k);
1778 if (!ret)
1779 err = ret;
1780 }
1781 }
1782 rcu_read_unlock();
1783 return err;
1784}
1785EXPORT_SYMBOL(km_migrate);
1786#endif
1787
1788int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1789{
1790 int err = -EINVAL;
1791 int ret;
1792 struct xfrm_mgr *km;
1793
1794 rcu_read_lock();
1795 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1796 if (km->report) {
1797 ret = km->report(net, proto, sel, addr);
1798 if (!ret)
1799 err = ret;
1800 }
1801 }
1802 rcu_read_unlock();
1803 return err;
1804}
1805EXPORT_SYMBOL(km_report);
1806
1807int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1808{
1809 int err;
1810 u8 *data;
1811 struct xfrm_mgr *km;
1812 struct xfrm_policy *pol = NULL;
1813
1814 if (optlen <= 0 || optlen > PAGE_SIZE)
1815 return -EMSGSIZE;
1816
1817 data = kmalloc(optlen, GFP_KERNEL);
1818 if (!data)
1819 return -ENOMEM;
1820
1821 err = -EFAULT;
1822 if (copy_from_user(data, optval, optlen))
1823 goto out;
1824
1825 err = -EINVAL;
1826 rcu_read_lock();
1827 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1828 pol = km->compile_policy(sk, optname, data,
1829 optlen, &err);
1830 if (err >= 0)
1831 break;
1832 }
1833 rcu_read_unlock();
1834
1835 if (err >= 0) {
1836 xfrm_sk_policy_insert(sk, err, pol);
1837 xfrm_pol_put(pol);
1838 err = 0;
1839 }
1840
1841out:
1842 kfree(data);
1843 return err;
1844}
1845EXPORT_SYMBOL(xfrm_user_policy);
1846
1847static DEFINE_SPINLOCK(xfrm_km_lock);
1848
1849int xfrm_register_km(struct xfrm_mgr *km)
1850{
1851 spin_lock_bh(&xfrm_km_lock);
1852 list_add_tail_rcu(&km->list, &xfrm_km_list);
1853 spin_unlock_bh(&xfrm_km_lock);
1854 return 0;
1855}
1856EXPORT_SYMBOL(xfrm_register_km);
1857
1858int xfrm_unregister_km(struct xfrm_mgr *km)
1859{
1860 spin_lock_bh(&xfrm_km_lock);
1861 list_del_rcu(&km->list);
1862 spin_unlock_bh(&xfrm_km_lock);
1863 synchronize_rcu();
1864 return 0;
1865}
1866EXPORT_SYMBOL(xfrm_unregister_km);
1867
1868int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1869{
1870 int err = 0;
1871 if (unlikely(afinfo == NULL))
1872 return -EINVAL;
1873 if (unlikely(afinfo->family >= NPROTO))
1874 return -EAFNOSUPPORT;
1875 spin_lock_bh(&xfrm_state_afinfo_lock);
1876 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1877 err = -ENOBUFS;
1878 else
1879 rcu_assign_pointer(xfrm_state_afinfo[afinfo->family], afinfo);
1880 spin_unlock_bh(&xfrm_state_afinfo_lock);
1881 return err;
1882}
1883EXPORT_SYMBOL(xfrm_state_register_afinfo);
1884
1885int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1886{
1887 int err = 0;
1888 if (unlikely(afinfo == NULL))
1889 return -EINVAL;
1890 if (unlikely(afinfo->family >= NPROTO))
1891 return -EAFNOSUPPORT;
1892 spin_lock_bh(&xfrm_state_afinfo_lock);
1893 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1894 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1895 err = -EINVAL;
1896 else
1897 RCU_INIT_POINTER(xfrm_state_afinfo[afinfo->family], NULL);
1898 }
1899 spin_unlock_bh(&xfrm_state_afinfo_lock);
1900 synchronize_rcu();
1901 return err;
1902}
1903EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1904
1905struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1906{
1907 struct xfrm_state_afinfo *afinfo;
1908 if (unlikely(family >= NPROTO))
1909 return NULL;
1910 rcu_read_lock();
1911 afinfo = rcu_dereference(xfrm_state_afinfo[family]);
1912 if (unlikely(!afinfo))
1913 rcu_read_unlock();
1914 return afinfo;
1915}
1916
1917void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1918{
1919 rcu_read_unlock();
1920}
1921
1922
1923void xfrm_state_delete_tunnel(struct xfrm_state *x)
1924{
1925 if (x->tunnel) {
1926 struct xfrm_state *t = x->tunnel;
1927
1928 if (atomic_read(&t->tunnel_users) == 2)
1929 xfrm_state_delete(t);
1930 atomic_dec(&t->tunnel_users);
1931 xfrm_state_put(t);
1932 x->tunnel = NULL;
1933 }
1934}
1935EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1936
1937int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1938{
1939 int res;
1940
1941 spin_lock_bh(&x->lock);
1942 if (x->km.state == XFRM_STATE_VALID &&
1943 x->type && x->type->get_mtu)
1944 res = x->type->get_mtu(x, mtu);
1945 else
1946 res = mtu - x->props.header_len;
1947 spin_unlock_bh(&x->lock);
1948 return res;
1949}
1950
1951int __xfrm_init_state(struct xfrm_state *x, bool init_replay)
1952{
1953 struct xfrm_state_afinfo *afinfo;
1954 struct xfrm_mode *inner_mode;
1955 int family = x->props.family;
1956 int err;
1957
1958 err = -EAFNOSUPPORT;
1959 afinfo = xfrm_state_get_afinfo(family);
1960 if (!afinfo)
1961 goto error;
1962
1963 err = 0;
1964 if (afinfo->init_flags)
1965 err = afinfo->init_flags(x);
1966
1967 xfrm_state_put_afinfo(afinfo);
1968
1969 if (err)
1970 goto error;
1971
1972 err = -EPROTONOSUPPORT;
1973
1974 if (x->sel.family != AF_UNSPEC) {
1975 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
1976 if (inner_mode == NULL)
1977 goto error;
1978
1979 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
1980 family != x->sel.family) {
1981 xfrm_put_mode(inner_mode);
1982 goto error;
1983 }
1984
1985 x->inner_mode = inner_mode;
1986 } else {
1987 struct xfrm_mode *inner_mode_iaf;
1988 int iafamily = AF_INET;
1989
1990 inner_mode = xfrm_get_mode(x->props.mode, x->props.family);
1991 if (inner_mode == NULL)
1992 goto error;
1993
1994 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
1995 xfrm_put_mode(inner_mode);
1996 goto error;
1997 }
1998 x->inner_mode = inner_mode;
1999
2000 if (x->props.family == AF_INET)
2001 iafamily = AF_INET6;
2002
2003 inner_mode_iaf = xfrm_get_mode(x->props.mode, iafamily);
2004 if (inner_mode_iaf) {
2005 if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)
2006 x->inner_mode_iaf = inner_mode_iaf;
2007 else
2008 xfrm_put_mode(inner_mode_iaf);
2009 }
2010 }
2011
2012 x->type = xfrm_get_type(x->id.proto, family);
2013 if (x->type == NULL)
2014 goto error;
2015
2016 err = x->type->init_state(x);
2017 if (err)
2018 goto error;
2019
2020 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2021 if (x->outer_mode == NULL) {
2022 err = -EPROTONOSUPPORT;
2023 goto error;
2024 }
2025
2026 if (init_replay) {
2027 err = xfrm_init_replay(x);
2028 if (err)
2029 goto error;
2030 }
2031
2032 x->km.state = XFRM_STATE_VALID;
2033
2034error:
2035 return err;
2036}
2037
2038EXPORT_SYMBOL(__xfrm_init_state);
2039
2040int xfrm_init_state(struct xfrm_state *x)
2041{
2042 return __xfrm_init_state(x, true);
2043}
2044
2045EXPORT_SYMBOL(xfrm_init_state);
2046
2047int __net_init xfrm_state_init(struct net *net)
2048{
2049 unsigned int sz;
2050
2051 INIT_LIST_HEAD(&net->xfrm.state_all);
2052
2053 sz = sizeof(struct hlist_head) * 8;
2054
2055 net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2056 if (!net->xfrm.state_bydst)
2057 goto out_bydst;
2058 net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2059 if (!net->xfrm.state_bysrc)
2060 goto out_bysrc;
2061 net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2062 if (!net->xfrm.state_byspi)
2063 goto out_byspi;
2064 net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2065
2066 net->xfrm.state_num = 0;
2067 INIT_WORK(&net->xfrm.state_hash_work, xfrm_hash_resize);
2068 INIT_HLIST_HEAD(&net->xfrm.state_gc_list);
2069 INIT_WORK(&net->xfrm.state_gc_work, xfrm_state_gc_task);
2070 spin_lock_init(&net->xfrm.xfrm_state_lock);
2071 return 0;
2072
2073out_byspi:
2074 xfrm_hash_free(net->xfrm.state_bysrc, sz);
2075out_bysrc:
2076 xfrm_hash_free(net->xfrm.state_bydst, sz);
2077out_bydst:
2078 return -ENOMEM;
2079}
2080
2081void xfrm_state_fini(struct net *net)
2082{
2083 struct xfrm_audit audit_info;
2084 unsigned int sz;
2085
2086 flush_work(&net->xfrm.state_hash_work);
2087 audit_info.loginuid = INVALID_UID;
2088 audit_info.sessionid = (unsigned int)-1;
2089 audit_info.secid = 0;
2090 xfrm_state_flush(net, IPSEC_PROTO_ANY, &audit_info);
2091 flush_work(&net->xfrm.state_gc_work);
2092
2093 WARN_ON(!list_empty(&net->xfrm.state_all));
2094
2095 sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
2096 WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2097 xfrm_hash_free(net->xfrm.state_byspi, sz);
2098 WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2099 xfrm_hash_free(net->xfrm.state_bysrc, sz);
2100 WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2101 xfrm_hash_free(net->xfrm.state_bydst, sz);
2102}
2103
2104#ifdef CONFIG_AUDITSYSCALL
2105static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2106 struct audit_buffer *audit_buf)
2107{
2108 struct xfrm_sec_ctx *ctx = x->security;
2109 u32 spi = ntohl(x->id.spi);
2110
2111 if (ctx)
2112 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2113 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2114
2115 switch (x->props.family) {
2116 case AF_INET:
2117 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2118 &x->props.saddr.a4, &x->id.daddr.a4);
2119 break;
2120 case AF_INET6:
2121 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
2122 x->props.saddr.a6, x->id.daddr.a6);
2123 break;
2124 }
2125
2126 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2127}
2128
2129static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2130 struct audit_buffer *audit_buf)
2131{
2132 const struct iphdr *iph4;
2133 const struct ipv6hdr *iph6;
2134
2135 switch (family) {
2136 case AF_INET:
2137 iph4 = ip_hdr(skb);
2138 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2139 &iph4->saddr, &iph4->daddr);
2140 break;
2141 case AF_INET6:
2142 iph6 = ipv6_hdr(skb);
2143 audit_log_format(audit_buf,
2144 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
2145 &iph6->saddr, &iph6->daddr,
2146 iph6->flow_lbl[0] & 0x0f,
2147 iph6->flow_lbl[1],
2148 iph6->flow_lbl[2]);
2149 break;
2150 }
2151}
2152
2153void xfrm_audit_state_add(struct xfrm_state *x, int result,
2154 kuid_t auid, unsigned int sessionid, u32 secid)
2155{
2156 struct audit_buffer *audit_buf;
2157
2158 audit_buf = xfrm_audit_start("SAD-add");
2159 if (audit_buf == NULL)
2160 return;
2161 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2162 xfrm_audit_helper_sainfo(x, audit_buf);
2163 audit_log_format(audit_buf, " res=%u", result);
2164 audit_log_end(audit_buf);
2165}
2166EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2167
2168void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2169 kuid_t auid, unsigned int sessionid, u32 secid)
2170{
2171 struct audit_buffer *audit_buf;
2172
2173 audit_buf = xfrm_audit_start("SAD-delete");
2174 if (audit_buf == NULL)
2175 return;
2176 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2177 xfrm_audit_helper_sainfo(x, audit_buf);
2178 audit_log_format(audit_buf, " res=%u", result);
2179 audit_log_end(audit_buf);
2180}
2181EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2182
2183void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2184 struct sk_buff *skb)
2185{
2186 struct audit_buffer *audit_buf;
2187 u32 spi;
2188
2189 audit_buf = xfrm_audit_start("SA-replay-overflow");
2190 if (audit_buf == NULL)
2191 return;
2192 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2193
2194
2195 spi = ntohl(x->id.spi);
2196 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2197 audit_log_end(audit_buf);
2198}
2199EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2200
2201void xfrm_audit_state_replay(struct xfrm_state *x,
2202 struct sk_buff *skb, __be32 net_seq)
2203{
2204 struct audit_buffer *audit_buf;
2205 u32 spi;
2206
2207 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2208 if (audit_buf == NULL)
2209 return;
2210 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2211 spi = ntohl(x->id.spi);
2212 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2213 spi, spi, ntohl(net_seq));
2214 audit_log_end(audit_buf);
2215}
2216EXPORT_SYMBOL_GPL(xfrm_audit_state_replay);
2217
2218void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2219{
2220 struct audit_buffer *audit_buf;
2221
2222 audit_buf = xfrm_audit_start("SA-notfound");
2223 if (audit_buf == NULL)
2224 return;
2225 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2226 audit_log_end(audit_buf);
2227}
2228EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2229
2230void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2231 __be32 net_spi, __be32 net_seq)
2232{
2233 struct audit_buffer *audit_buf;
2234 u32 spi;
2235
2236 audit_buf = xfrm_audit_start("SA-notfound");
2237 if (audit_buf == NULL)
2238 return;
2239 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2240 spi = ntohl(net_spi);
2241 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2242 spi, spi, ntohl(net_seq));
2243 audit_log_end(audit_buf);
2244}
2245EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2246
2247void xfrm_audit_state_icvfail(struct xfrm_state *x,
2248 struct sk_buff *skb, u8 proto)
2249{
2250 struct audit_buffer *audit_buf;
2251 __be32 net_spi;
2252 __be32 net_seq;
2253
2254 audit_buf = xfrm_audit_start("SA-icv-failure");
2255 if (audit_buf == NULL)
2256 return;
2257 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2258 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2259 u32 spi = ntohl(net_spi);
2260 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2261 spi, spi, ntohl(net_seq));
2262 }
2263 audit_log_end(audit_buf);
2264}
2265EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2266#endif
2267
