1 /* 2 * xfrm_policy.c 3 * 4 * Changes: 5 * Mitsuru KANDA @USAGI 6 * Kazunori MIYAZAWA @USAGI 7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 8 * IPv6 support 9 * Kazunori MIYAZAWA @USAGI 10 * YOSHIFUJI Hideaki 11 * Split up af-specific portion 12 * Derek Atkins <derek@ihtfp.com> Add the post_input processor 13 * 14 */ 15 16 #include <linux/err.h> 17 #include <linux/slab.h> 18 #include <linux/kmod.h> 19 #include <linux/list.h> 20 #include <linux/spinlock.h> 21 #include <linux/workqueue.h> 22 #include <linux/notifier.h> 23 #include <linux/netdevice.h> 24 #include <linux/netfilter.h> 25 #include <linux/module.h> 26 #include <linux/cache.h> 27 #include <net/dst.h> 28 #include <net/xfrm.h> 29 #include <net/ip.h> 30 31 #include "xfrm_hash.h" 32 33 int sysctl_xfrm_larval_drop __read_mostly; 34 35 DEFINE_MUTEX(xfrm_cfg_mutex); 36 EXPORT_SYMBOL(xfrm_cfg_mutex); 37 38 static DEFINE_RWLOCK(xfrm_policy_lock); 39 40 unsigned int xfrm_policy_count[XFRM_POLICY_MAX*2]; 41 EXPORT_SYMBOL(xfrm_policy_count); 42 43 static DEFINE_RWLOCK(xfrm_policy_afinfo_lock); 44 static struct xfrm_policy_afinfo *xfrm_policy_afinfo[NPROTO]; 45 46 static struct kmem_cache *xfrm_dst_cache __read_mostly; 47 48 static struct work_struct xfrm_policy_gc_work; 49 static HLIST_HEAD(xfrm_policy_gc_list); 50 static DEFINE_SPINLOCK(xfrm_policy_gc_lock); 51 52 static struct xfrm_policy_afinfo *xfrm_policy_get_afinfo(unsigned short family); 53 static void xfrm_policy_put_afinfo(struct xfrm_policy_afinfo *afinfo); 54 static void xfrm_init_pmtu(struct dst_entry *dst); 55 56 static inline int 57 __xfrm4_selector_match(struct xfrm_selector *sel, struct flowi *fl) 58 { 59 return addr_match(&fl->fl4_dst, &sel->daddr, sel->prefixlen_d) && 60 addr_match(&fl->fl4_src, &sel->saddr, sel->prefixlen_s) && 61 !((xfrm_flowi_dport(fl) ^ sel->dport) & sel->dport_mask) && 62 !((xfrm_flowi_sport(fl) ^ sel->sport) & sel->sport_mask) && 63 (fl->proto == sel->proto || !sel->proto) && 64 (fl->oif == sel->ifindex || !sel->ifindex); 65 } 66 67 static inline int 68 __xfrm6_selector_match(struct xfrm_selector *sel, struct flowi *fl) 69 { 70 return addr_match(&fl->fl6_dst, &sel->daddr, sel->prefixlen_d) && 71 addr_match(&fl->fl6_src, &sel->saddr, sel->prefixlen_s) && 72 !((xfrm_flowi_dport(fl) ^ sel->dport) & sel->dport_mask) && 73 !((xfrm_flowi_sport(fl) ^ sel->sport) & sel->sport_mask) && 74 (fl->proto == sel->proto || !sel->proto) && 75 (fl->oif == sel->ifindex || !sel->ifindex); 76 } 77 78 int xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl, 79 unsigned short family) 80 { 81 switch (family) { 82 case AF_INET: 83 return __xfrm4_selector_match(sel, fl); 84 case AF_INET6: 85 return __xfrm6_selector_match(sel, fl); 86 } 87 return 0; 88 } 89 90 static inline struct dst_entry *xfrm_dst_lookup(struct xfrm_state *x, int tos, 91 int family) 92 { 93 xfrm_address_t *saddr = &x->props.saddr; 94 xfrm_address_t *daddr = &x->id.daddr; 95 struct xfrm_policy_afinfo *afinfo; 96 struct dst_entry *dst; 97 98 if (x->type->flags & XFRM_TYPE_LOCAL_COADDR) 99 saddr = x->coaddr; 100 if (x->type->flags & XFRM_TYPE_REMOTE_COADDR) 101 daddr = x->coaddr; 102 103 afinfo = xfrm_policy_get_afinfo(family); 104 if (unlikely(afinfo == NULL)) 105 return ERR_PTR(-EAFNOSUPPORT); 106 107 dst = afinfo->dst_lookup(tos, saddr, daddr); 108 xfrm_policy_put_afinfo(afinfo); 109 return dst; 110 } 111 112 static inline unsigned long make_jiffies(long secs) 113 { 114 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ) 115 return MAX_SCHEDULE_TIMEOUT-1; 116 else 117 return secs*HZ; 118 } 119 120 static void xfrm_policy_timer(unsigned long data) 121 { 122 struct xfrm_policy *xp = (struct xfrm_policy*)data; 123 unsigned long now = get_seconds(); 124 long next = LONG_MAX; 125 int warn = 0; 126 int dir; 127 128 read_lock(&xp->lock); 129 130 if (xp->dead) 131 goto out; 132 133 dir = xfrm_policy_id2dir(xp->index); 134 135 if (xp->lft.hard_add_expires_seconds) { 136 long tmo = xp->lft.hard_add_expires_seconds + 137 xp->curlft.add_time - now; 138 if (tmo <= 0) 139 goto expired; 140 if (tmo < next) 141 next = tmo; 142 } 143 if (xp->lft.hard_use_expires_seconds) { 144 long tmo = xp->lft.hard_use_expires_seconds + 145 (xp->curlft.use_time ? : xp->curlft.add_time) - now; 146 if (tmo <= 0) 147 goto expired; 148 if (tmo < next) 149 next = tmo; 150 } 151 if (xp->lft.soft_add_expires_seconds) { 152 long tmo = xp->lft.soft_add_expires_seconds + 153 xp->curlft.add_time - now; 154 if (tmo <= 0) { 155 warn = 1; 156 tmo = XFRM_KM_TIMEOUT; 157 } 158 if (tmo < next) 159 next = tmo; 160 } 161 if (xp->lft.soft_use_expires_seconds) { 162 long tmo = xp->lft.soft_use_expires_seconds + 163 (xp->curlft.use_time ? : xp->curlft.add_time) - now; 164 if (tmo <= 0) { 165 warn = 1; 166 tmo = XFRM_KM_TIMEOUT; 167 } 168 if (tmo < next) 169 next = tmo; 170 } 171 172 if (warn) 173 km_policy_expired(xp, dir, 0, 0); 174 if (next != LONG_MAX && 175 !mod_timer(&xp->timer, jiffies + make_jiffies(next))) 176 xfrm_pol_hold(xp); 177 178 out: 179 read_unlock(&xp->lock); 180 xfrm_pol_put(xp); 181 return; 182 183 expired: 184 read_unlock(&xp->lock); 185 if (!xfrm_policy_delete(xp, dir)) 186 km_policy_expired(xp, dir, 1, 0); 187 xfrm_pol_put(xp); 188 } 189 190 191 /* Allocate xfrm_policy. Not used here, it is supposed to be used by pfkeyv2 192 * SPD calls. 193 */ 194 195 struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp) 196 { 197 struct xfrm_policy *policy; 198 199 policy = kzalloc(sizeof(struct xfrm_policy), gfp); 200 201 if (policy) { 202 INIT_HLIST_NODE(&policy->bydst); 203 INIT_HLIST_NODE(&policy->byidx); 204 rwlock_init(&policy->lock); 205 atomic_set(&policy->refcnt, 1); 206 setup_timer(&policy->timer, xfrm_policy_timer, 207 (unsigned long)policy); 208 } 209 return policy; 210 } 211 EXPORT_SYMBOL(xfrm_policy_alloc); 212 213 /* Destroy xfrm_policy: descendant resources must be released to this moment. */ 214 215 void __xfrm_policy_destroy(struct xfrm_policy *policy) 216 { 217 BUG_ON(!policy->dead); 218 219 BUG_ON(policy->bundles); 220 221 if (del_timer(&policy->timer)) 222 BUG(); 223 224 security_xfrm_policy_free(policy); 225 kfree(policy); 226 } 227 EXPORT_SYMBOL(__xfrm_policy_destroy); 228 229 static void xfrm_policy_gc_kill(struct xfrm_policy *policy) 230 { 231 struct dst_entry *dst; 232 233 while ((dst = policy->bundles) != NULL) { 234 policy->bundles = dst->next; 235 dst_free(dst); 236 } 237 238 if (del_timer(&policy->timer)) 239 atomic_dec(&policy->refcnt); 240 241 if (atomic_read(&policy->refcnt) > 1) 242 flow_cache_flush(); 243 244 xfrm_pol_put(policy); 245 } 246 247 static void xfrm_policy_gc_task(struct work_struct *work) 248 { 249 struct xfrm_policy *policy; 250 struct hlist_node *entry, *tmp; 251 struct hlist_head gc_list; 252 253 spin_lock_bh(&xfrm_policy_gc_lock); 254 gc_list.first = xfrm_policy_gc_list.first; 255 INIT_HLIST_HEAD(&xfrm_policy_gc_list); 256 spin_unlock_bh(&xfrm_policy_gc_lock); 257 258 hlist_for_each_entry_safe(policy, entry, tmp, &gc_list, bydst) 259 xfrm_policy_gc_kill(policy); 260 } 261 262 /* Rule must be locked. Release descentant resources, announce 263 * entry dead. The rule must be unlinked from lists to the moment. 264 */ 265 266 static void xfrm_policy_kill(struct xfrm_policy *policy) 267 { 268 int dead; 269 270 write_lock_bh(&policy->lock); 271 dead = policy->dead; 272 policy->dead = 1; 273 write_unlock_bh(&policy->lock); 274 275 if (unlikely(dead)) { 276 WARN_ON(1); 277 return; 278 } 279 280 spin_lock(&xfrm_policy_gc_lock); 281 hlist_add_head(&policy->bydst, &xfrm_policy_gc_list); 282 spin_unlock(&xfrm_policy_gc_lock); 283 284 schedule_work(&xfrm_policy_gc_work); 285 } 286 287 struct xfrm_policy_hash { 288 struct hlist_head *table; 289 unsigned int hmask; 290 }; 291 292 static struct hlist_head xfrm_policy_inexact[XFRM_POLICY_MAX*2]; 293 static struct xfrm_policy_hash xfrm_policy_bydst[XFRM_POLICY_MAX*2] __read_mostly; 294 static struct hlist_head *xfrm_policy_byidx __read_mostly; 295 static unsigned int xfrm_idx_hmask __read_mostly; 296 static unsigned int xfrm_policy_hashmax __read_mostly = 1 * 1024 * 1024; 297 298 static inline unsigned int idx_hash(u32 index) 299 { 300 return __idx_hash(index, xfrm_idx_hmask); 301 } 302 303 static struct hlist_head *policy_hash_bysel(struct xfrm_selector *sel, unsigned short family, int dir) 304 { 305 unsigned int hmask = xfrm_policy_bydst[dir].hmask; 306 unsigned int hash = __sel_hash(sel, family, hmask); 307 308 return (hash == hmask + 1 ? 309 &xfrm_policy_inexact[dir] : 310 xfrm_policy_bydst[dir].table + hash); 311 } 312 313 static struct hlist_head *policy_hash_direct(xfrm_address_t *daddr, xfrm_address_t *saddr, unsigned short family, int dir) 314 { 315 unsigned int hmask = xfrm_policy_bydst[dir].hmask; 316 unsigned int hash = __addr_hash(daddr, saddr, family, hmask); 317 318 return xfrm_policy_bydst[dir].table + hash; 319 } 320 321 static void xfrm_dst_hash_transfer(struct hlist_head *list, 322 struct hlist_head *ndsttable, 323 unsigned int nhashmask) 324 { 325 struct hlist_node *entry, *tmp; 326 struct xfrm_policy *pol; 327 328 hlist_for_each_entry_safe(pol, entry, tmp, list, bydst) { 329 unsigned int h; 330 331 h = __addr_hash(&pol->selector.daddr, &pol->selector.saddr, 332 pol->family, nhashmask); 333 hlist_add_head(&pol->bydst, ndsttable+h); 334 } 335 } 336 337 static void xfrm_idx_hash_transfer(struct hlist_head *list, 338 struct hlist_head *nidxtable, 339 unsigned int nhashmask) 340 { 341 struct hlist_node *entry, *tmp; 342 struct xfrm_policy *pol; 343 344 hlist_for_each_entry_safe(pol, entry, tmp, list, byidx) { 345 unsigned int h; 346 347 h = __idx_hash(pol->index, nhashmask); 348 hlist_add_head(&pol->byidx, nidxtable+h); 349 } 350 } 351 352 static unsigned long xfrm_new_hash_mask(unsigned int old_hmask) 353 { 354 return ((old_hmask + 1) << 1) - 1; 355 } 356 357 static void xfrm_bydst_resize(int dir) 358 { 359 unsigned int hmask = xfrm_policy_bydst[dir].hmask; 360 unsigned int nhashmask = xfrm_new_hash_mask(hmask); 361 unsigned int nsize = (nhashmask + 1) * sizeof(struct hlist_head); 362 struct hlist_head *odst = xfrm_policy_bydst[dir].table; 363 struct hlist_head *ndst = xfrm_hash_alloc(nsize); 364 int i; 365 366 if (!ndst) 367 return; 368 369 write_lock_bh(&xfrm_policy_lock); 370 371 for (i = hmask; i >= 0; i--) 372 xfrm_dst_hash_transfer(odst + i, ndst, nhashmask); 373 374 xfrm_policy_bydst[dir].table = ndst; 375 xfrm_policy_bydst[dir].hmask = nhashmask; 376 377 write_unlock_bh(&xfrm_policy_lock); 378 379 xfrm_hash_free(odst, (hmask + 1) * sizeof(struct hlist_head)); 380 } 381 382 static void xfrm_byidx_resize(int total) 383 { 384 unsigned int hmask = xfrm_idx_hmask; 385 unsigned int nhashmask = xfrm_new_hash_mask(hmask); 386 unsigned int nsize = (nhashmask + 1) * sizeof(struct hlist_head); 387 struct hlist_head *oidx = xfrm_policy_byidx; 388 struct hlist_head *nidx = xfrm_hash_alloc(nsize); 389 int i; 390 391 if (!nidx) 392 return; 393 394 write_lock_bh(&xfrm_policy_lock); 395 396 for (i = hmask; i >= 0; i--) 397 xfrm_idx_hash_transfer(oidx + i, nidx, nhashmask); 398 399 xfrm_policy_byidx = nidx; 400 xfrm_idx_hmask = nhashmask; 401 402 write_unlock_bh(&xfrm_policy_lock); 403 404 xfrm_hash_free(oidx, (hmask + 1) * sizeof(struct hlist_head)); 405 } 406 407 static inline int xfrm_bydst_should_resize(int dir, int *total) 408 { 409 unsigned int cnt = xfrm_policy_count[dir]; 410 unsigned int hmask = xfrm_policy_bydst[dir].hmask; 411 412 if (total) 413 *total += cnt; 414 415 if ((hmask + 1) < xfrm_policy_hashmax && 416 cnt > hmask) 417 return 1; 418 419 return 0; 420 } 421 422 static inline int xfrm_byidx_should_resize(int total) 423 { 424 unsigned int hmask = xfrm_idx_hmask; 425 426 if ((hmask + 1) < xfrm_policy_hashmax && 427 total > hmask) 428 return 1; 429 430 return 0; 431 } 432 433 void xfrm_spd_getinfo(struct xfrmk_spdinfo *si) 434 { 435 read_lock_bh(&xfrm_policy_lock); 436 si->incnt = xfrm_policy_count[XFRM_POLICY_IN]; 437 si->outcnt = xfrm_policy_count[XFRM_POLICY_OUT]; 438 si->fwdcnt = xfrm_policy_count[XFRM_POLICY_FWD]; 439 si->inscnt = xfrm_policy_count[XFRM_POLICY_IN+XFRM_POLICY_MAX]; 440 si->outscnt = xfrm_policy_count[XFRM_POLICY_OUT+XFRM_POLICY_MAX]; 441 si->fwdscnt = xfrm_policy_count[XFRM_POLICY_FWD+XFRM_POLICY_MAX]; 442 si->spdhcnt = xfrm_idx_hmask; 443 si->spdhmcnt = xfrm_policy_hashmax; 444 read_unlock_bh(&xfrm_policy_lock); 445 } 446 EXPORT_SYMBOL(xfrm_spd_getinfo); 447 448 static DEFINE_MUTEX(hash_resize_mutex); 449 static void xfrm_hash_resize(struct work_struct *__unused) 450 { 451 int dir, total; 452 453 mutex_lock(&hash_resize_mutex); 454 455 total = 0; 456 for (dir = 0; dir < XFRM_POLICY_MAX * 2; dir++) { 457 if (xfrm_bydst_should_resize(dir, &total)) 458 xfrm_bydst_resize(dir); 459 } 460 if (xfrm_byidx_should_resize(total)) 461 xfrm_byidx_resize(total); 462 463 mutex_unlock(&hash_resize_mutex); 464 } 465 466 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize); 467 468 /* Generate new index... KAME seems to generate them ordered by cost 469 * of an absolute inpredictability of ordering of rules. This will not pass. */ 470 static u32 xfrm_gen_index(u8 type, int dir) 471 { 472 static u32 idx_generator; 473 474 for (;;) { 475 struct hlist_node *entry; 476 struct hlist_head *list; 477 struct xfrm_policy *p; 478 u32 idx; 479 int found; 480 481 idx = (idx_generator | dir); 482 idx_generator += 8; 483 if (idx == 0) 484 idx = 8; 485 list = xfrm_policy_byidx + idx_hash(idx); 486 found = 0; 487 hlist_for_each_entry(p, entry, list, byidx) { 488 if (p->index == idx) { 489 found = 1; 490 break; 491 } 492 } 493 if (!found) 494 return idx; 495 } 496 } 497 498 static inline int selector_cmp(struct xfrm_selector *s1, struct xfrm_selector *s2) 499 { 500 u32 *p1 = (u32 *) s1; 501 u32 *p2 = (u32 *) s2; 502 int len = sizeof(struct xfrm_selector) / sizeof(u32); 503 int i; 504 505 for (i = 0; i < len; i++) { 506 if (p1[i] != p2[i]) 507 return 1; 508 } 509 510 return 0; 511 } 512 513 int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) 514 { 515 struct xfrm_policy *pol; 516 struct xfrm_policy *delpol; 517 struct hlist_head *chain; 518 struct hlist_node *entry, *newpos; 519 struct dst_entry *gc_list; 520 521 write_lock_bh(&xfrm_policy_lock); 522 chain = policy_hash_bysel(&policy->selector, policy->family, dir); 523 delpol = NULL; 524 newpos = NULL; 525 hlist_for_each_entry(pol, entry, chain, bydst) { 526 if (pol->type == policy->type && 527 !selector_cmp(&pol->selector, &policy->selector) && 528 xfrm_sec_ctx_match(pol->security, policy->security) && 529 !WARN_ON(delpol)) { 530 if (excl) { 531 write_unlock_bh(&xfrm_policy_lock); 532 return -EEXIST; 533 } 534 delpol = pol; 535 if (policy->priority > pol->priority) 536 continue; 537 } else if (policy->priority >= pol->priority) { 538 newpos = &pol->bydst; 539 continue; 540 } 541 if (delpol) 542 break; 543 } 544 if (newpos) 545 hlist_add_after(newpos, &policy->bydst); 546 else 547 hlist_add_head(&policy->bydst, chain); 548 xfrm_pol_hold(policy); 549 xfrm_policy_count[dir]++; 550 atomic_inc(&flow_cache_genid); 551 if (delpol) { 552 hlist_del(&delpol->bydst); 553 hlist_del(&delpol->byidx); 554 xfrm_policy_count[dir]--; 555 } 556 policy->index = delpol ? delpol->index : xfrm_gen_index(policy->type, dir); 557 hlist_add_head(&policy->byidx, xfrm_policy_byidx+idx_hash(policy->index)); 558 policy->curlft.add_time = get_seconds(); 559 policy->curlft.use_time = 0; 560 if (!mod_timer(&policy->timer, jiffies + HZ)) 561 xfrm_pol_hold(policy); 562 write_unlock_bh(&xfrm_policy_lock); 563 564 if (delpol) 565 xfrm_policy_kill(delpol); 566 else if (xfrm_bydst_should_resize(dir, NULL)) 567 schedule_work(&xfrm_hash_work); 568 569 read_lock_bh(&xfrm_policy_lock); 570 gc_list = NULL; 571 entry = &policy->bydst; 572 hlist_for_each_entry_continue(policy, entry, bydst) { 573 struct dst_entry *dst; 574 575 write_lock(&policy->lock); 576 dst = policy->bundles; 577 if (dst) { 578 struct dst_entry *tail = dst; 579 while (tail->next) 580 tail = tail->next; 581 tail->next = gc_list; 582 gc_list = dst; 583 584 policy->bundles = NULL; 585 } 586 write_unlock(&policy->lock); 587 } 588 read_unlock_bh(&xfrm_policy_lock); 589 590 while (gc_list) { 591 struct dst_entry *dst = gc_list; 592 593 gc_list = dst->next; 594 dst_free(dst); 595 } 596 597 return 0; 598 } 599 EXPORT_SYMBOL(xfrm_policy_insert); 600 601 struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, 602 struct xfrm_selector *sel, 603 struct xfrm_sec_ctx *ctx, int delete, 604 int *err) 605 { 606 struct xfrm_policy *pol, *ret; 607 struct hlist_head *chain; 608 struct hlist_node *entry; 609 610 *err = 0; 611 write_lock_bh(&xfrm_policy_lock); 612 chain = policy_hash_bysel(sel, sel->family, dir); 613 ret = NULL; 614 hlist_for_each_entry(pol, entry, chain, bydst) { 615 if (pol->type == type && 616 !selector_cmp(sel, &pol->selector) && 617 xfrm_sec_ctx_match(ctx, pol->security)) { 618 xfrm_pol_hold(pol); 619 if (delete) { 620 *err = security_xfrm_policy_delete(pol); 621 if (*err) { 622 write_unlock_bh(&xfrm_policy_lock); 623 return pol; 624 } 625 hlist_del(&pol->bydst); 626 hlist_del(&pol->byidx); 627 xfrm_policy_count[dir]--; 628 } 629 ret = pol; 630 break; 631 } 632 } 633 write_unlock_bh(&xfrm_policy_lock); 634 635 if (ret && delete) { 636 atomic_inc(&flow_cache_genid); 637 xfrm_policy_kill(ret); 638 } 639 return ret; 640 } 641 EXPORT_SYMBOL(xfrm_policy_bysel_ctx); 642 643 struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete, 644 int *err) 645 { 646 struct xfrm_policy *pol, *ret; 647 struct hlist_head *chain; 648 struct hlist_node *entry; 649 650 *err = -ENOENT; 651 if (xfrm_policy_id2dir(id) != dir) 652 return NULL; 653 654 *err = 0; 655 write_lock_bh(&xfrm_policy_lock); 656 chain = xfrm_policy_byidx + idx_hash(id); 657 ret = NULL; 658 hlist_for_each_entry(pol, entry, chain, byidx) { 659 if (pol->type == type && pol->index == id) { 660 xfrm_pol_hold(pol); 661 if (delete) { 662 *err = security_xfrm_policy_delete(pol); 663 if (*err) { 664 write_unlock_bh(&xfrm_policy_lock); 665 return pol; 666 } 667 hlist_del(&pol->bydst); 668 hlist_del(&pol->byidx); 669 xfrm_policy_count[dir]--; 670 } 671 ret = pol; 672 break; 673 } 674 } 675 write_unlock_bh(&xfrm_policy_lock); 676 677 if (ret && delete) { 678 atomic_inc(&flow_cache_genid); 679 xfrm_policy_kill(ret); 680 } 681 return ret; 682 } 683 EXPORT_SYMBOL(xfrm_policy_byid); 684 685 #ifdef CONFIG_SECURITY_NETWORK_XFRM 686 static inline int 687 xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info) 688 { 689 int dir, err = 0; 690 691 for (dir = 0; dir < XFRM_POLICY_MAX; dir++) { 692 struct xfrm_policy *pol; 693 struct hlist_node *entry; 694 int i; 695 696 hlist_for_each_entry(pol, entry, 697 &xfrm_policy_inexact[dir], bydst) { 698 if (pol->type != type) 699 continue; 700 err = security_xfrm_policy_delete(pol); 701 if (err) { 702 xfrm_audit_policy_delete(pol, 0, 703 audit_info->loginuid, 704 audit_info->secid); 705 return err; 706 } 707 } 708 for (i = xfrm_policy_bydst[dir].hmask; i >= 0; i--) { 709 hlist_for_each_entry(pol, entry, 710 xfrm_policy_bydst[dir].table + i, 711 bydst) { 712 if (pol->type != type) 713 continue; 714 err = security_xfrm_policy_delete(pol); 715 if (err) { 716 xfrm_audit_policy_delete(pol, 0, 717 audit_info->loginuid, 718 audit_info->secid); 719 return err; 720 } 721 } 722 } 723 } 724 return err; 725 } 726 #else 727 static inline int 728 xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info) 729 { 730 return 0; 731 } 732 #endif 733 734 int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info) 735 { 736 int dir, err = 0; 737 738 write_lock_bh(&xfrm_policy_lock); 739 740 err = xfrm_policy_flush_secctx_check(type, audit_info); 741 if (err) 742 goto out; 743 744 for (dir = 0; dir < XFRM_POLICY_MAX; dir++) { 745 struct xfrm_policy *pol; 746 struct hlist_node *entry; 747 int i, killed; 748 749 killed = 0; 750 again1: 751 hlist_for_each_entry(pol, entry, 752 &xfrm_policy_inexact[dir], bydst) { 753 if (pol->type != type) 754 continue; 755 hlist_del(&pol->bydst); 756 hlist_del(&pol->byidx); 757 write_unlock_bh(&xfrm_policy_lock); 758 759 xfrm_audit_policy_delete(pol, 1, audit_info->loginuid, 760 audit_info->secid); 761 762 xfrm_policy_kill(pol); 763 killed++; 764 765 write_lock_bh(&xfrm_policy_lock); 766 goto again1; 767 } 768 769 for (i = xfrm_policy_bydst[dir].hmask; i >= 0; i--) { 770 again2: 771 hlist_for_each_entry(pol, entry, 772 xfrm_policy_bydst[dir].table + i, 773 bydst) { 774 if (pol->type != type) 775 continue; 776 hlist_del(&pol->bydst); 777 hlist_del(&pol->byidx); 778 write_unlock_bh(&xfrm_policy_lock); 779 780 xfrm_audit_policy_delete(pol, 1, 781 audit_info->loginuid, 782 audit_info->secid); 783 xfrm_policy_kill(pol); 784 killed++; 785 786 write_lock_bh(&xfrm_policy_lock); 787 goto again2; 788 } 789 } 790 791 xfrm_policy_count[dir] -= killed; 792 } 793 atomic_inc(&flow_cache_genid); 794 out: 795 write_unlock_bh(&xfrm_policy_lock); 796 return err; 797 } 798 EXPORT_SYMBOL(xfrm_policy_flush); 799 800 int xfrm_policy_walk(u8 type, int (*func)(struct xfrm_policy *, int, int, void*), 801 void *data) 802 { 803 struct xfrm_policy *pol, *last = NULL; 804 struct hlist_node *entry; 805 int dir, last_dir = 0, count, error; 806 807 read_lock_bh(&xfrm_policy_lock); 808 count = 0; 809 810 for (dir = 0; dir < 2*XFRM_POLICY_MAX; dir++) { 811 struct hlist_head *table = xfrm_policy_bydst[dir].table; 812 int i; 813 814 hlist_for_each_entry(pol, entry, 815 &xfrm_policy_inexact[dir], bydst) { 816 if (pol->type != type) 817 continue; 818 if (last) { 819 error = func(last, last_dir % XFRM_POLICY_MAX, 820 count, data); 821 if (error) 822 goto out; 823 } 824 last = pol; 825 last_dir = dir; 826 count++; 827 } 828 for (i = xfrm_policy_bydst[dir].hmask; i >= 0; i--) { 829 hlist_for_each_entry(pol, entry, table + i, bydst) { 830 if (pol->type != type) 831 continue; 832 if (last) { 833 error = func(last, last_dir % XFRM_POLICY_MAX, 834 count, data); 835 if (error) 836 goto out; 837 } 838 last = pol; 839 last_dir = dir; 840 count++; 841 } 842 } 843 } 844 if (count == 0) { 845 error = -ENOENT; 846 goto out; 847 } 848 error = func(last, last_dir % XFRM_POLICY_MAX, 0, data); 849 out: 850 read_unlock_bh(&xfrm_policy_lock); 851 return error; 852 } 853 EXPORT_SYMBOL(xfrm_policy_walk); 854 855 /* 856 * Find policy to apply to this flow. 857 * 858 * Returns 0 if policy found, else an -errno. 859 */ 860 static int xfrm_policy_match(struct xfrm_policy *pol, struct flowi *fl, 861 u8 type, u16 family, int dir) 862 { 863 struct xfrm_selector *sel = &pol->selector; 864 int match, ret = -ESRCH; 865 866 if (pol->family != family || 867 pol->type != type) 868 return ret; 869 870 match = xfrm_selector_match(sel, fl, family); 871 if (match) 872 ret = security_xfrm_policy_lookup(pol, fl->secid, dir); 873 874 return ret; 875 } 876 877 static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, 878 u16 family, u8 dir) 879 { 880 int err; 881 struct xfrm_policy *pol, *ret; 882 xfrm_address_t *daddr, *saddr; 883 struct hlist_node *entry; 884 struct hlist_head *chain; 885 u32 priority = ~0U; 886 887 daddr = xfrm_flowi_daddr(fl, family); 888 saddr = xfrm_flowi_saddr(fl, family); 889 if (unlikely(!daddr || !saddr)) 890 return NULL; 891 892 read_lock_bh(&xfrm_policy_lock); 893 chain = policy_hash_direct(daddr, saddr, family, dir); 894 ret = NULL; 895 hlist_for_each_entry(pol, entry, chain, bydst) { 896 err = xfrm_policy_match(pol, fl, type, family, dir); 897 if (err) { 898 if (err == -ESRCH) 899 continue; 900 else { 901 ret = ERR_PTR(err); 902 goto fail; 903 } 904 } else { 905 ret = pol; 906 priority = ret->priority; 907 break; 908 } 909 } 910 chain = &xfrm_policy_inexact[dir]; 911 hlist_for_each_entry(pol, entry, chain, bydst) { 912 err = xfrm_policy_match(pol, fl, type, family, dir); 913 if (err) { 914 if (err == -ESRCH) 915 continue; 916 else { 917 ret = ERR_PTR(err); 918 goto fail; 919 } 920 } else if (pol->priority < priority) { 921 ret = pol; 922 break; 923 } 924 } 925 if (ret) 926 xfrm_pol_hold(ret); 927 fail: 928 read_unlock_bh(&xfrm_policy_lock); 929 930 return ret; 931 } 932 933 static int xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir, 934 void **objp, atomic_t **obj_refp) 935 { 936 struct xfrm_policy *pol; 937 int err = 0; 938 939 #ifdef CONFIG_XFRM_SUB_POLICY 940 pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_SUB, fl, family, dir); 941 if (IS_ERR(pol)) { 942 err = PTR_ERR(pol); 943 pol = NULL; 944 } 945 if (pol || err) 946 goto end; 947 #endif 948 pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, fl, family, dir); 949 if (IS_ERR(pol)) { 950 err = PTR_ERR(pol); 951 pol = NULL; 952 } 953 #ifdef CONFIG_XFRM_SUB_POLICY 954 end: 955 #endif 956 if ((*objp = (void *) pol) != NULL) 957 *obj_refp = &pol->refcnt; 958 return err; 959 } 960 961 static inline int policy_to_flow_dir(int dir) 962 { 963 if (XFRM_POLICY_IN == FLOW_DIR_IN && 964 XFRM_POLICY_OUT == FLOW_DIR_OUT && 965 XFRM_POLICY_FWD == FLOW_DIR_FWD) 966 return dir; 967 switch (dir) { 968 default: 969 case XFRM_POLICY_IN: 970 return FLOW_DIR_IN; 971 case XFRM_POLICY_OUT: 972 return FLOW_DIR_OUT; 973 case XFRM_POLICY_FWD: 974 return FLOW_DIR_FWD; 975 } 976 } 977 978 static struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struct flowi *fl) 979 { 980 struct xfrm_policy *pol; 981 982 read_lock_bh(&xfrm_policy_lock); 983 if ((pol = sk->sk_policy[dir]) != NULL) { 984 int match = xfrm_selector_match(&pol->selector, fl, 985 sk->sk_family); 986 int err = 0; 987 988 if (match) { 989 err = security_xfrm_policy_lookup(pol, fl->secid, 990 policy_to_flow_dir(dir)); 991 if (!err) 992 xfrm_pol_hold(pol); 993 else if (err == -ESRCH) 994 pol = NULL; 995 else 996 pol = ERR_PTR(err); 997 } else 998 pol = NULL; 999 } 1000 read_unlock_bh(&xfrm_policy_lock); 1001 return pol; 1002 } 1003 1004 static void __xfrm_policy_link(struct xfrm_policy *pol, int dir) 1005 { 1006 struct hlist_head *chain = policy_hash_bysel(&pol->selector, 1007 pol->family, dir); 1008 1009 hlist_add_head(&pol->bydst, chain); 1010 hlist_add_head(&pol->byidx, xfrm_policy_byidx+idx_hash(pol->index)); 1011 xfrm_policy_count[dir]++; 1012 xfrm_pol_hold(pol); 1013 1014 if (xfrm_bydst_should_resize(dir, NULL)) 1015 schedule_work(&xfrm_hash_work); 1016 } 1017 1018 static struct xfrm_policy *__xfrm_policy_unlink(struct xfrm_policy *pol, 1019 int dir) 1020 { 1021 if (hlist_unhashed(&pol->bydst)) 1022 return NULL; 1023 1024 hlist_del(&pol->bydst); 1025 hlist_del(&pol->byidx); 1026 xfrm_policy_count[dir]--; 1027 1028 return pol; 1029 } 1030 1031 int xfrm_policy_delete(struct xfrm_policy *pol, int dir) 1032 { 1033 write_lock_bh(&xfrm_policy_lock); 1034 pol = __xfrm_policy_unlink(pol, dir); 1035 write_unlock_bh(&xfrm_policy_lock); 1036 if (pol) { 1037 if (dir < XFRM_POLICY_MAX) 1038 atomic_inc(&flow_cache_genid); 1039 xfrm_policy_kill(pol); 1040 return 0; 1041 } 1042 return -ENOENT; 1043 } 1044 EXPORT_SYMBOL(xfrm_policy_delete); 1045 1046 int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol) 1047 { 1048 struct xfrm_policy *old_pol; 1049 1050 #ifdef CONFIG_XFRM_SUB_POLICY 1051 if (pol && pol->type != XFRM_POLICY_TYPE_MAIN) 1052 return -EINVAL; 1053 #endif 1054 1055 write_lock_bh(&xfrm_policy_lock); 1056 old_pol = sk->sk_policy[dir]; 1057 sk->sk_policy[dir] = pol; 1058 if (pol) { 1059 pol->curlft.add_time = get_seconds(); 1060 pol->index = xfrm_gen_index(pol->type, XFRM_POLICY_MAX+dir); 1061 __xfrm_policy_link(pol, XFRM_POLICY_MAX+dir); 1062 } 1063 if (old_pol) 1064 __xfrm_policy_unlink(old_pol, XFRM_POLICY_MAX+dir); 1065 write_unlock_bh(&xfrm_policy_lock); 1066 1067 if (old_pol) { 1068 xfrm_policy_kill(old_pol); 1069 } 1070 return 0; 1071 } 1072 1073 static struct xfrm_policy *clone_policy(struct xfrm_policy *old, int dir) 1074 { 1075 struct xfrm_policy *newp = xfrm_policy_alloc(GFP_ATOMIC); 1076 1077 if (newp) { 1078 newp->selector = old->selector; 1079 if (security_xfrm_policy_clone(old, newp)) { 1080 kfree(newp); 1081 return NULL; /* ENOMEM */ 1082 } 1083 newp->lft = old->lft; 1084 newp->curlft = old->curlft; 1085 newp->action = old->action; 1086 newp->flags = old->flags; 1087 newp->xfrm_nr = old->xfrm_nr; 1088 newp->index = old->index; 1089 newp->type = old->type; 1090 memcpy(newp->xfrm_vec, old->xfrm_vec, 1091 newp->xfrm_nr*sizeof(struct xfrm_tmpl)); 1092 write_lock_bh(&xfrm_policy_lock); 1093 __xfrm_policy_link(newp, XFRM_POLICY_MAX+dir); 1094 write_unlock_bh(&xfrm_policy_lock); 1095 xfrm_pol_put(newp); 1096 } 1097 return newp; 1098 } 1099 1100 int __xfrm_sk_clone_policy(struct sock *sk) 1101 { 1102 struct xfrm_policy *p0 = sk->sk_policy[0], 1103 *p1 = sk->sk_policy[1]; 1104 1105 sk->sk_policy[0] = sk->sk_policy[1] = NULL; 1106 if (p0 && (sk->sk_policy[0] = clone_policy(p0, 0)) == NULL) 1107 return -ENOMEM; 1108 if (p1 && (sk->sk_policy[1] = clone_policy(p1, 1)) == NULL) 1109 return -ENOMEM; 1110 return 0; 1111 } 1112 1113 static int 1114 xfrm_get_saddr(xfrm_address_t *local, xfrm_address_t *remote, 1115 unsigned short family) 1116 { 1117 int err; 1118 struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family); 1119 1120 if (unlikely(afinfo == NULL)) 1121 return -EINVAL; 1122 err = afinfo->get_saddr(local, remote); 1123 xfrm_policy_put_afinfo(afinfo); 1124 return err; 1125 } 1126 1127 /* Resolve list of templates for the flow, given policy. */ 1128 1129 static int 1130 xfrm_tmpl_resolve_one(struct xfrm_policy *policy, struct flowi *fl, 1131 struct xfrm_state **xfrm, 1132 unsigned short family) 1133 { 1134 int nx; 1135 int i, error; 1136 xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family); 1137 xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family); 1138 xfrm_address_t tmp; 1139 1140 for (nx=0, i = 0; i < policy->xfrm_nr; i++) { 1141 struct xfrm_state *x; 1142 xfrm_address_t *remote = daddr; 1143 xfrm_address_t *local = saddr; 1144 struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i]; 1145 1146 if (tmpl->mode == XFRM_MODE_TUNNEL || 1147 tmpl->mode == XFRM_MODE_BEET) { 1148 remote = &tmpl->id.daddr; 1149 local = &tmpl->saddr; 1150 family = tmpl->encap_family; 1151 if (xfrm_addr_any(local, family)) { 1152 error = xfrm_get_saddr(&tmp, remote, family); 1153 if (error) 1154 goto fail; 1155 local = &tmp; 1156 } 1157 } 1158 1159 x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family); 1160 1161 if (x && x->km.state == XFRM_STATE_VALID) { 1162 xfrm[nx++] = x; 1163 daddr = remote; 1164 saddr = local; 1165 continue; 1166 } 1167 if (x) { 1168 error = (x->km.state == XFRM_STATE_ERROR ? 1169 -EINVAL : -EAGAIN); 1170 xfrm_state_put(x); 1171 } 1172 1173 if (!tmpl->optional) 1174 goto fail; 1175 } 1176 return nx; 1177 1178 fail: 1179 for (nx--; nx>=0; nx--) 1180 xfrm_state_put(xfrm[nx]); 1181 return error; 1182 } 1183 1184 static int 1185 xfrm_tmpl_resolve(struct xfrm_policy **pols, int npols, struct flowi *fl, 1186 struct xfrm_state **xfrm, 1187 unsigned short family) 1188 { 1189 struct xfrm_state *tp[XFRM_MAX_DEPTH]; 1190 struct xfrm_state **tpp = (npols > 1) ? tp : xfrm; 1191 int cnx = 0; 1192 int error; 1193 int ret; 1194 int i; 1195 1196 for (i = 0; i < npols; i++) { 1197 if (cnx + pols[i]->xfrm_nr >= XFRM_MAX_DEPTH) { 1198 error = -ENOBUFS; 1199 goto fail; 1200 } 1201 1202 ret = xfrm_tmpl_resolve_one(pols[i], fl, &tpp[cnx], family); 1203 if (ret < 0) { 1204 error = ret; 1205 goto fail; 1206 } else 1207 cnx += ret; 1208 } 1209 1210 /* found states are sorted for outbound processing */ 1211 if (npols > 1) 1212 xfrm_state_sort(xfrm, tpp, cnx, family); 1213 1214 return cnx; 1215 1216 fail: 1217 for (cnx--; cnx>=0; cnx--) 1218 xfrm_state_put(tpp[cnx]); 1219 return error; 1220 1221 } 1222 1223 /* Check that the bundle accepts the flow and its components are 1224 * still valid. 1225 */ 1226 1227 static struct dst_entry * 1228 xfrm_find_bundle(struct flowi *fl, struct xfrm_policy *policy, unsigned short family) 1229 { 1230 struct dst_entry *x; 1231 struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family); 1232 if (unlikely(afinfo == NULL)) 1233 return ERR_PTR(-EINVAL); 1234 x = afinfo->find_bundle(fl, policy); 1235 xfrm_policy_put_afinfo(afinfo); 1236 return x; 1237 } 1238 1239 static inline int xfrm_get_tos(struct flowi *fl, int family) 1240 { 1241 struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family); 1242 int tos; 1243 1244 if (!afinfo) 1245 return -EINVAL; 1246 1247 tos = afinfo->get_tos(fl); 1248 1249 xfrm_policy_put_afinfo(afinfo); 1250 1251 return tos; 1252 } 1253 1254 static inline struct xfrm_dst *xfrm_alloc_dst(int family) 1255 { 1256 struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family); 1257 struct xfrm_dst *xdst; 1258 1259 if (!afinfo) 1260 return ERR_PTR(-EINVAL); 1261 1262 xdst = dst_alloc(afinfo->dst_ops) ?: ERR_PTR(-ENOBUFS); 1263 1264 xfrm_policy_put_afinfo(afinfo); 1265 1266 return xdst; 1267 } 1268 1269 static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev) 1270 { 1271 struct xfrm_policy_afinfo *afinfo = 1272 xfrm_policy_get_afinfo(xdst->u.dst.ops->family); 1273 int err; 1274 1275 if (!afinfo) 1276 return -EINVAL; 1277 1278 err = afinfo->fill_dst(xdst, dev); 1279 1280 xfrm_policy_put_afinfo(afinfo); 1281 1282 return err; 1283 } 1284 1285 /* Allocate chain of dst_entry's, attach known xfrm's, calculate 1286 * all the metrics... Shortly, bundle a bundle. 1287 */ 1288 1289 static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy, 1290 struct xfrm_state **xfrm, int nx, 1291 struct flowi *fl, 1292 struct dst_entry *dst) 1293 { 1294 unsigned long now = jiffies; 1295 struct net_device *dev; 1296 struct dst_entry *dst_prev = NULL; 1297 struct dst_entry *dst0 = NULL; 1298 int i = 0; 1299 int err; 1300 int header_len = 0; 1301 int trailer_len = 0; 1302 int tos; 1303 int family = policy->selector.family; 1304 1305 tos = xfrm_get_tos(fl, family); 1306 err = tos; 1307 if (tos < 0) 1308 goto put_states; 1309 1310 dst_hold(dst); 1311 1312 for (; i < nx; i++) { 1313 struct xfrm_dst *xdst = xfrm_alloc_dst(family); 1314 struct dst_entry *dst1 = &xdst->u.dst; 1315 1316 err = PTR_ERR(xdst); 1317 if (IS_ERR(xdst)) { 1318 dst_release(dst); 1319 goto put_states; 1320 } 1321 1322 if (!dst_prev) 1323 dst0 = dst1; 1324 else { 1325 dst_prev->child = dst_clone(dst1); 1326 dst1->flags |= DST_NOHASH; 1327 } 1328 1329 xdst->route = dst; 1330 memcpy(&dst1->metrics, &dst->metrics, sizeof(dst->metrics)); 1331 1332 if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) { 1333 family = xfrm[i]->props.family; 1334 dst = xfrm_dst_lookup(xfrm[i], tos, family); 1335 err = PTR_ERR(dst); 1336 if (IS_ERR(dst)) 1337 goto put_states; 1338 } else 1339 dst_hold(dst); 1340 1341 dst1->xfrm = xfrm[i]; 1342 xdst->genid = xfrm[i]->genid; 1343 1344 dst1->obsolete = -1; 1345 dst1->flags |= DST_HOST; 1346 dst1->lastuse = now; 1347 1348 dst1->input = dst_discard; 1349 dst1->output = xfrm[i]->outer_mode->afinfo->output; 1350 1351 dst1->next = dst_prev; 1352 dst_prev = dst1; 1353 1354 header_len += xfrm[i]->props.header_len; 1355 trailer_len += xfrm[i]->props.trailer_len; 1356 } 1357 1358 dst_prev->child = dst; 1359 dst0->path = dst; 1360 1361 err = -ENODEV; 1362 dev = dst->dev; 1363 if (!dev) 1364 goto free_dst; 1365 1366 /* Copy neighbout for reachability confirmation */ 1367 dst0->neighbour = neigh_clone(dst->neighbour); 1368 1369 xfrm_init_pmtu(dst_prev); 1370 1371 for (dst_prev = dst0; dst_prev != dst; dst_prev = dst_prev->child) { 1372 struct xfrm_dst *xdst = (struct xfrm_dst *)dst_prev; 1373 1374 err = xfrm_fill_dst(xdst, dev); 1375 if (err) 1376 goto free_dst; 1377 1378 dst_prev->header_len = header_len; 1379 dst_prev->trailer_len = trailer_len; 1380 header_len -= xdst->u.dst.xfrm->props.header_len; 1381 trailer_len -= xdst->u.dst.xfrm->props.trailer_len; 1382 } 1383 1384 out: 1385 return dst0; 1386 1387 put_states: 1388 for (; i < nx; i++) 1389 xfrm_state_put(xfrm[i]); 1390 free_dst: 1391 if (dst0) 1392 dst_free(dst0); 1393 dst0 = ERR_PTR(err); 1394 goto out; 1395 } 1396 1397 static int inline 1398 xfrm_dst_alloc_copy(void **target, void *src, int size) 1399 { 1400 if (!*target) { 1401 *target = kmalloc(size, GFP_ATOMIC); 1402 if (!*target) 1403 return -ENOMEM; 1404 } 1405 memcpy(*target, src, size); 1406 return 0; 1407 } 1408 1409 static int inline 1410 xfrm_dst_update_parent(struct dst_entry *dst, struct xfrm_selector *sel) 1411 { 1412 #ifdef CONFIG_XFRM_SUB_POLICY 1413 struct xfrm_dst *xdst = (struct xfrm_dst *)dst; 1414 return xfrm_dst_alloc_copy((void **)&(xdst->partner), 1415 sel, sizeof(*sel)); 1416 #else 1417 return 0; 1418 #endif 1419 } 1420 1421 static int inline 1422 xfrm_dst_update_origin(struct dst_entry *dst, struct flowi *fl) 1423 { 1424 #ifdef CONFIG_XFRM_SUB_POLICY 1425 struct xfrm_dst *xdst = (struct xfrm_dst *)dst; 1426 return xfrm_dst_alloc_copy((void **)&(xdst->origin), fl, sizeof(*fl)); 1427 #else 1428 return 0; 1429 #endif 1430 } 1431 1432 static int stale_bundle(struct dst_entry *dst); 1433 1434 /* Main function: finds/creates a bundle for given flow. 1435 * 1436 * At the moment we eat a raw IP route. Mostly to speed up lookups 1437 * on interfaces with disabled IPsec. 1438 */ 1439 int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, 1440 struct sock *sk, int flags) 1441 { 1442 struct xfrm_policy *policy; 1443 struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX]; 1444 int npols; 1445 int pol_dead; 1446 int xfrm_nr; 1447 int pi; 1448 struct xfrm_state *xfrm[XFRM_MAX_DEPTH]; 1449 struct dst_entry *dst, *dst_orig = *dst_p; 1450 int nx = 0; 1451 int err; 1452 u32 genid; 1453 u16 family; 1454 u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT); 1455 1456 restart: 1457 genid = atomic_read(&flow_cache_genid); 1458 policy = NULL; 1459 for (pi = 0; pi < ARRAY_SIZE(pols); pi++) 1460 pols[pi] = NULL; 1461 npols = 0; 1462 pol_dead = 0; 1463 xfrm_nr = 0; 1464 1465 if (sk && sk->sk_policy[XFRM_POLICY_OUT]) { 1466 policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl); 1467 err = PTR_ERR(policy); 1468 if (IS_ERR(policy)) 1469 goto dropdst; 1470 } 1471 1472 if (!policy) { 1473 /* To accelerate a bit... */ 1474 if ((dst_orig->flags & DST_NOXFRM) || 1475 !xfrm_policy_count[XFRM_POLICY_OUT]) 1476 return 0; 1477 1478 policy = flow_cache_lookup(fl, dst_orig->ops->family, 1479 dir, xfrm_policy_lookup); 1480 err = PTR_ERR(policy); 1481 if (IS_ERR(policy)) 1482 goto dropdst; 1483 } 1484 1485 if (!policy) 1486 return 0; 1487 1488 family = dst_orig->ops->family; 1489 policy->curlft.use_time = get_seconds(); 1490 pols[0] = policy; 1491 npols ++; 1492 xfrm_nr += pols[0]->xfrm_nr; 1493 1494 switch (policy->action) { 1495 default: 1496 case XFRM_POLICY_BLOCK: 1497 /* Prohibit the flow */ 1498 err = -EPERM; 1499 goto error; 1500 1501 case XFRM_POLICY_ALLOW: 1502 #ifndef CONFIG_XFRM_SUB_POLICY 1503 if (policy->xfrm_nr == 0) { 1504 /* Flow passes not transformed. */ 1505 xfrm_pol_put(policy); 1506 return 0; 1507 } 1508 #endif 1509 1510 /* Try to find matching bundle. 1511 * 1512 * LATER: help from flow cache. It is optional, this 1513 * is required only for output policy. 1514 */ 1515 dst = xfrm_find_bundle(fl, policy, family); 1516 if (IS_ERR(dst)) { 1517 err = PTR_ERR(dst); 1518 goto error; 1519 } 1520 1521 if (dst) 1522 break; 1523 1524 #ifdef CONFIG_XFRM_SUB_POLICY 1525 if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { 1526 pols[1] = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, 1527 fl, family, 1528 XFRM_POLICY_OUT); 1529 if (pols[1]) { 1530 if (IS_ERR(pols[1])) { 1531 err = PTR_ERR(pols[1]); 1532 goto error; 1533 } 1534 if (pols[1]->action == XFRM_POLICY_BLOCK) { 1535 err = -EPERM; 1536 goto error; 1537 } 1538 npols ++; 1539 xfrm_nr += pols[1]->xfrm_nr; 1540 } 1541 } 1542 1543 /* 1544 * Because neither flowi nor bundle information knows about 1545 * transformation template size. On more than one policy usage 1546 * we can realize whether all of them is bypass or not after 1547 * they are searched. See above not-transformed bypass 1548 * is surrounded by non-sub policy configuration, too. 1549 */ 1550 if (xfrm_nr == 0) { 1551 /* Flow passes not transformed. */ 1552 xfrm_pols_put(pols, npols); 1553 return 0; 1554 } 1555 1556 #endif 1557 nx = xfrm_tmpl_resolve(pols, npols, fl, xfrm, family); 1558 1559 if (unlikely(nx<0)) { 1560 err = nx; 1561 if (err == -EAGAIN && sysctl_xfrm_larval_drop) { 1562 /* EREMOTE tells the caller to generate 1563 * a one-shot blackhole route. 1564 */ 1565 xfrm_pol_put(policy); 1566 return -EREMOTE; 1567 } 1568 if (err == -EAGAIN && flags) { 1569 DECLARE_WAITQUEUE(wait, current); 1570 1571 add_wait_queue(&km_waitq, &wait); 1572 set_current_state(TASK_INTERRUPTIBLE); 1573 schedule(); 1574 set_current_state(TASK_RUNNING); 1575 remove_wait_queue(&km_waitq, &wait); 1576 1577 nx = xfrm_tmpl_resolve(pols, npols, fl, xfrm, family); 1578 1579 if (nx == -EAGAIN && signal_pending(current)) { 1580 err = -ERESTART; 1581 goto error; 1582 } 1583 if (nx == -EAGAIN || 1584 genid != atomic_read(&flow_cache_genid)) { 1585 xfrm_pols_put(pols, npols); 1586 goto restart; 1587 } 1588 err = nx; 1589 } 1590 if (err < 0) 1591 goto error; 1592 } 1593 if (nx == 0) { 1594 /* Flow passes not transformed. */ 1595 xfrm_pols_put(pols, npols); 1596 return 0; 1597 } 1598 1599 dst = xfrm_bundle_create(policy, xfrm, nx, fl, dst_orig); 1600 err = PTR_ERR(dst); 1601 if (IS_ERR(dst)) 1602 goto error; 1603 1604 for (pi = 0; pi < npols; pi++) { 1605 read_lock_bh(&pols[pi]->lock); 1606 pol_dead |= pols[pi]->dead; 1607 read_unlock_bh(&pols[pi]->lock); 1608 } 1609 1610 write_lock_bh(&policy->lock); 1611 if (unlikely(pol_dead || stale_bundle(dst))) { 1612 /* Wow! While we worked on resolving, this 1613 * policy has gone. Retry. It is not paranoia, 1614 * we just cannot enlist new bundle to dead object. 1615 * We can't enlist stable bundles either. 1616 */ 1617 write_unlock_bh(&policy->lock); 1618 if (dst) 1619 dst_free(dst); 1620 1621 err = -EHOSTUNREACH; 1622 goto error; 1623 } 1624 1625 if (npols > 1) 1626 err = xfrm_dst_update_parent(dst, &pols[1]->selector); 1627 else 1628 err = xfrm_dst_update_origin(dst, fl); 1629 if (unlikely(err)) { 1630 write_unlock_bh(&policy->lock); 1631 if (dst) 1632 dst_free(dst); 1633 goto error; 1634 } 1635 1636 dst->next = policy->bundles; 1637 policy->bundles = dst; 1638 dst_hold(dst); 1639 write_unlock_bh(&policy->lock); 1640 } 1641 *dst_p = dst; 1642 dst_release(dst_orig); 1643 xfrm_pols_put(pols, npols); 1644 return 0; 1645 1646 error: 1647 xfrm_pols_put(pols, npols); 1648 dropdst: 1649 dst_release(dst_orig); 1650 *dst_p = NULL; 1651 return err; 1652 } 1653 EXPORT_SYMBOL(__xfrm_lookup); 1654 1655 int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, 1656 struct sock *sk, int flags) 1657 { 1658 int err = __xfrm_lookup(dst_p, fl, sk, flags); 1659 1660 if (err == -EREMOTE) { 1661 dst_release(*dst_p); 1662 *dst_p = NULL; 1663 err = -EAGAIN; 1664 } 1665 1666 return err; 1667 } 1668 EXPORT_SYMBOL(xfrm_lookup); 1669 1670 static inline int 1671 xfrm_secpath_reject(int idx, struct sk_buff *skb, struct flowi *fl) 1672 { 1673 struct xfrm_state *x; 1674 1675 if (!skb->sp || idx < 0 || idx >= skb->sp->len) 1676 return 0; 1677 x = skb->sp->xvec[idx]; 1678 if (!x->type->reject) 1679 return 0; 1680 return x->type->reject(x, skb, fl); 1681 } 1682 1683 /* When skb is transformed back to its "native" form, we have to 1684 * check policy restrictions. At the moment we make this in maximally 1685 * stupid way. Shame on me. :-) Of course, connected sockets must 1686 * have policy cached at them. 1687 */ 1688 1689 static inline int 1690 xfrm_state_ok(struct xfrm_tmpl *tmpl, struct xfrm_state *x, 1691 unsigned short family) 1692 { 1693 if (xfrm_state_kern(x)) 1694 return tmpl->optional && !xfrm_state_addr_cmp(tmpl, x, tmpl->encap_family); 1695 return x->id.proto == tmpl->id.proto && 1696 (x->id.spi == tmpl->id.spi || !tmpl->id.spi) && 1697 (x->props.reqid == tmpl->reqid || !tmpl->reqid) && 1698 x->props.mode == tmpl->mode && 1699 ((tmpl->aalgos & (1<<x->props.aalgo)) || 1700 !(xfrm_id_proto_match(tmpl->id.proto, IPSEC_PROTO_ANY))) && 1701 !(x->props.mode != XFRM_MODE_TRANSPORT && 1702 xfrm_state_addr_cmp(tmpl, x, family)); 1703 } 1704 1705 /* 1706 * 0 or more than 0 is returned when validation is succeeded (either bypass 1707 * because of optional transport mode, or next index of the mathced secpath 1708 * state with the template. 1709 * -1 is returned when no matching template is found. 1710 * Otherwise "-2 - errored_index" is returned. 1711 */ 1712 static inline int 1713 xfrm_policy_ok(struct xfrm_tmpl *tmpl, struct sec_path *sp, int start, 1714 unsigned short family) 1715 { 1716 int idx = start; 1717 1718 if (tmpl->optional) { 1719 if (tmpl->mode == XFRM_MODE_TRANSPORT) 1720 return start; 1721 } else 1722 start = -1; 1723 for (; idx < sp->len; idx++) { 1724 if (xfrm_state_ok(tmpl, sp->xvec[idx], family)) 1725 return ++idx; 1726 if (sp->xvec[idx]->props.mode != XFRM_MODE_TRANSPORT) { 1727 if (start == -1) 1728 start = -2-idx; 1729 break; 1730 } 1731 } 1732 return start; 1733 } 1734 1735 int 1736 xfrm_decode_session(struct sk_buff *skb, struct flowi *fl, unsigned short family) 1737 { 1738 struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family); 1739 int err; 1740 1741 if (unlikely(afinfo == NULL)) 1742 return -EAFNOSUPPORT; 1743 1744 afinfo->decode_session(skb, fl); 1745 err = security_xfrm_decode_session(skb, &fl->secid); 1746 xfrm_policy_put_afinfo(afinfo); 1747 return err; 1748 } 1749 EXPORT_SYMBOL(xfrm_decode_session); 1750 1751 static inline int secpath_has_nontransport(struct sec_path *sp, int k, int *idxp) 1752 { 1753 for (; k < sp->len; k++) { 1754 if (sp->xvec[k]->props.mode != XFRM_MODE_TRANSPORT) { 1755 *idxp = k; 1756 return 1; 1757 } 1758 } 1759 1760 return 0; 1761 } 1762 1763 int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, 1764 unsigned short family) 1765 { 1766 struct xfrm_policy *pol; 1767 struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX]; 1768 int npols = 0; 1769 int xfrm_nr; 1770 int pi; 1771 struct flowi fl; 1772 u8 fl_dir = policy_to_flow_dir(dir); 1773 int xerr_idx = -1; 1774 1775 if (xfrm_decode_session(skb, &fl, family) < 0) 1776 return 0; 1777 nf_nat_decode_session(skb, &fl, family); 1778 1779 /* First, check used SA against their selectors. */ 1780 if (skb->sp) { 1781 int i; 1782 1783 for (i=skb->sp->len-1; i>=0; i--) { 1784 struct xfrm_state *x = skb->sp->xvec[i]; 1785 if (!xfrm_selector_match(&x->sel, &fl, family)) 1786 return 0; 1787 } 1788 } 1789 1790 pol = NULL; 1791 if (sk && sk->sk_policy[dir]) { 1792 pol = xfrm_sk_policy_lookup(sk, dir, &fl); 1793 if (IS_ERR(pol)) 1794 return 0; 1795 } 1796 1797 if (!pol) 1798 pol = flow_cache_lookup(&fl, family, fl_dir, 1799 xfrm_policy_lookup); 1800 1801 if (IS_ERR(pol)) 1802 return 0; 1803 1804 if (!pol) { 1805 if (skb->sp && secpath_has_nontransport(skb->sp, 0, &xerr_idx)) { 1806 xfrm_secpath_reject(xerr_idx, skb, &fl); 1807 return 0; 1808 } 1809 return 1; 1810 } 1811 1812 pol->curlft.use_time = get_seconds(); 1813 1814 pols[0] = pol; 1815 npols ++; 1816 #ifdef CONFIG_XFRM_SUB_POLICY 1817 if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { 1818 pols[1] = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, 1819 &fl, family, 1820 XFRM_POLICY_IN); 1821 if (pols[1]) { 1822 if (IS_ERR(pols[1])) 1823 return 0; 1824 pols[1]->curlft.use_time = get_seconds(); 1825 npols ++; 1826 } 1827 } 1828 #endif 1829 1830 if (pol->action == XFRM_POLICY_ALLOW) { 1831 struct sec_path *sp; 1832 static struct sec_path dummy; 1833 struct xfrm_tmpl *tp[XFRM_MAX_DEPTH]; 1834 struct xfrm_tmpl *stp[XFRM_MAX_DEPTH]; 1835 struct xfrm_tmpl **tpp = tp; 1836 int ti = 0; 1837 int i, k; 1838 1839 if ((sp = skb->sp) == NULL) 1840 sp = &dummy; 1841 1842 for (pi = 0; pi < npols; pi++) { 1843 if (pols[pi] != pol && 1844 pols[pi]->action != XFRM_POLICY_ALLOW) 1845 goto reject; 1846 if (ti + pols[pi]->xfrm_nr >= XFRM_MAX_DEPTH) 1847 goto reject_error; 1848 for (i = 0; i < pols[pi]->xfrm_nr; i++) 1849 tpp[ti++] = &pols[pi]->xfrm_vec[i]; 1850 } 1851 xfrm_nr = ti; 1852 if (npols > 1) { 1853 xfrm_tmpl_sort(stp, tpp, xfrm_nr, family); 1854 tpp = stp; 1855 } 1856 1857 /* For each tunnel xfrm, find the first matching tmpl. 1858 * For each tmpl before that, find corresponding xfrm. 1859 * Order is _important_. Later we will implement 1860 * some barriers, but at the moment barriers 1861 * are implied between each two transformations. 1862 */ 1863 for (i = xfrm_nr-1, k = 0; i >= 0; i--) { 1864 k = xfrm_policy_ok(tpp[i], sp, k, family); 1865 if (k < 0) { 1866 if (k < -1) 1867 /* "-2 - errored_index" returned */ 1868 xerr_idx = -(2+k); 1869 goto reject; 1870 } 1871 } 1872 1873 if (secpath_has_nontransport(sp, k, &xerr_idx)) 1874 goto reject; 1875 1876 xfrm_pols_put(pols, npols); 1877 return 1; 1878 } 1879 1880 reject: 1881 xfrm_secpath_reject(xerr_idx, skb, &fl); 1882 reject_error: 1883 xfrm_pols_put(pols, npols); 1884 return 0; 1885 } 1886 EXPORT_SYMBOL(__xfrm_policy_check); 1887 1888 int __xfrm_route_forward(struct sk_buff *skb, unsigned short family) 1889 { 1890 struct flowi fl; 1891 1892 if (xfrm_decode_session(skb, &fl, family) < 0) 1893 return 0; 1894 1895 return xfrm_lookup(&skb->dst, &fl, NULL, 0) == 0; 1896 } 1897 EXPORT_SYMBOL(__xfrm_route_forward); 1898 1899 /* Optimize later using cookies and generation ids. */ 1900 1901 static struct dst_entry *xfrm_dst_check(struct dst_entry *dst, u32 cookie) 1902 { 1903 /* Code (such as __xfrm4_bundle_create()) sets dst->obsolete 1904 * to "-1" to force all XFRM destinations to get validated by 1905 * dst_ops->check on every use. We do this because when a 1906 * normal route referenced by an XFRM dst is obsoleted we do 1907 * not go looking around for all parent referencing XFRM dsts 1908 * so that we can invalidate them. It is just too much work. 1909 * Instead we make the checks here on every use. For example: 1910 * 1911 * XFRM dst A --> IPv4 dst X 1912 * 1913 * X is the "xdst->route" of A (X is also the "dst->path" of A 1914 * in this example). If X is marked obsolete, "A" will not 1915 * notice. That's what we are validating here via the 1916 * stale_bundle() check. 1917 * 1918 * When a policy's bundle is pruned, we dst_free() the XFRM 1919 * dst which causes it's ->obsolete field to be set to a 1920 * positive non-zero integer. If an XFRM dst has been pruned 1921 * like this, we want to force a new route lookup. 1922 */ 1923 if (dst->obsolete < 0 && !stale_bundle(dst)) 1924 return dst; 1925 1926 return NULL; 1927 } 1928 1929 static int stale_bundle(struct dst_entry *dst) 1930 { 1931 return !xfrm_bundle_ok(NULL, (struct xfrm_dst *)dst, NULL, AF_UNSPEC, 0); 1932 } 1933 1934 void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev) 1935 { 1936 while ((dst = dst->child) && dst->xfrm && dst->dev == dev) { 1937 dst->dev = dev->nd_net->loopback_dev; 1938 dev_hold(dst->dev); 1939 dev_put(dev); 1940 } 1941 } 1942 EXPORT_SYMBOL(xfrm_dst_ifdown); 1943 1944 static void xfrm_link_failure(struct sk_buff *skb) 1945 { 1946 /* Impossible. Such dst must be popped before reaches point of failure. */ 1947 return; 1948 } 1949 1950 static struct dst_entry *xfrm_negative_advice(struct dst_entry *dst) 1951 { 1952 if (dst) { 1953 if (dst->obsolete) { 1954 dst_release(dst); 1955 dst = NULL; 1956 } 1957 } 1958 return dst; 1959 } 1960 1961 static void prune_one_bundle(struct xfrm_policy *pol, int (*func)(struct dst_entry *), struct dst_entry **gc_list_p) 1962 { 1963 struct dst_entry *dst, **dstp; 1964 1965 write_lock(&pol->lock); 1966 dstp = &pol->bundles; 1967 while ((dst=*dstp) != NULL) { 1968 if (func(dst)) { 1969 *dstp = dst->next; 1970 dst->next = *gc_list_p; 1971 *gc_list_p = dst; 1972 } else { 1973 dstp = &dst->next; 1974 } 1975 } 1976 write_unlock(&pol->lock); 1977 } 1978 1979 static void xfrm_prune_bundles(int (*func)(struct dst_entry *)) 1980 { 1981 struct dst_entry *gc_list = NULL; 1982 int dir; 1983 1984 read_lock_bh(&xfrm_policy_lock); 1985 for (dir = 0; dir < XFRM_POLICY_MAX * 2; dir++) { 1986 struct xfrm_policy *pol; 1987 struct hlist_node *entry; 1988 struct hlist_head *table; 1989 int i; 1990 1991 hlist_for_each_entry(pol, entry, 1992 &xfrm_policy_inexact[dir], bydst) 1993 prune_one_bundle(pol, func, &gc_list); 1994 1995 table = xfrm_policy_bydst[dir].table; 1996 for (i = xfrm_policy_bydst[dir].hmask; i >= 0; i--) { 1997 hlist_for_each_entry(pol, entry, table + i, bydst) 1998 prune_one_bundle(pol, func, &gc_list); 1999 } 2000 } 2001 read_unlock_bh(&xfrm_policy_lock); 2002 2003 while (gc_list) { 2004 struct dst_entry *dst = gc_list; 2005 gc_list = dst->next; 2006 dst_free(dst); 2007 } 2008 } 2009 2010 static int unused_bundle(struct dst_entry *dst) 2011 { 2012 return !atomic_read(&dst->__refcnt); 2013 } 2014 2015 static void __xfrm_garbage_collect(void) 2016 { 2017 xfrm_prune_bundles(unused_bundle); 2018 } 2019 2020 static int xfrm_flush_bundles(void) 2021 { 2022 xfrm_prune_bundles(stale_bundle); 2023 return 0; 2024 } 2025 2026 static void xfrm_init_pmtu(struct dst_entry *dst) 2027 { 2028 do { 2029 struct xfrm_dst *xdst = (struct xfrm_dst *)dst; 2030 u32 pmtu, route_mtu_cached; 2031 2032 pmtu = dst_mtu(dst->child); 2033 xdst->child_mtu_cached = pmtu; 2034 2035 pmtu = xfrm_state_mtu(dst->xfrm, pmtu); 2036 2037 route_mtu_cached = dst_mtu(xdst->route); 2038 xdst->route_mtu_cached = route_mtu_cached; 2039 2040 if (pmtu > route_mtu_cached) 2041 pmtu = route_mtu_cached; 2042 2043 dst->metrics[RTAX_MTU-1] = pmtu; 2044 } while ((dst = dst->next)); 2045 } 2046 2047 /* Check that the bundle accepts the flow and its components are 2048 * still valid. 2049 */ 2050 2051 int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first, 2052 struct flowi *fl, int family, int strict) 2053 { 2054 struct dst_entry *dst = &first->u.dst; 2055 struct xfrm_dst *last; 2056 u32 mtu; 2057 2058 if (!dst_check(dst->path, ((struct xfrm_dst *)dst)->path_cookie) || 2059 (dst->dev && !netif_running(dst->dev))) 2060 return 0; 2061 #ifdef CONFIG_XFRM_SUB_POLICY 2062 if (fl) { 2063 if (first->origin && !flow_cache_uli_match(first->origin, fl)) 2064 return 0; 2065 if (first->partner && 2066 !xfrm_selector_match(first->partner, fl, family)) 2067 return 0; 2068 } 2069 #endif 2070 2071 last = NULL; 2072 2073 do { 2074 struct xfrm_dst *xdst = (struct xfrm_dst *)dst; 2075 2076 if (fl && !xfrm_selector_match(&dst->xfrm->sel, fl, family)) 2077 return 0; 2078 if (fl && pol && 2079 !security_xfrm_state_pol_flow_match(dst->xfrm, pol, fl)) 2080 return 0; 2081 if (dst->xfrm->km.state != XFRM_STATE_VALID) 2082 return 0; 2083 if (xdst->genid != dst->xfrm->genid) 2084 return 0; 2085 2086 if (strict && fl && 2087 !(dst->xfrm->outer_mode->flags & XFRM_MODE_FLAG_TUNNEL) && 2088 !xfrm_state_addr_flow_check(dst->xfrm, fl, family)) 2089 return 0; 2090 2091 mtu = dst_mtu(dst->child); 2092 if (xdst->child_mtu_cached != mtu) { 2093 last = xdst; 2094 xdst->child_mtu_cached = mtu; 2095 } 2096 2097 if (!dst_check(xdst->route, xdst->route_cookie)) 2098 return 0; 2099 mtu = dst_mtu(xdst->route); 2100 if (xdst->route_mtu_cached != mtu) { 2101 last = xdst; 2102 xdst->route_mtu_cached = mtu; 2103 } 2104 2105 dst = dst->child; 2106 } while (dst->xfrm); 2107 2108 if (likely(!last)) 2109 return 1; 2110 2111 mtu = last->child_mtu_cached; 2112 for (;;) { 2113 dst = &last->u.dst; 2114 2115 mtu = xfrm_state_mtu(dst->xfrm, mtu); 2116 if (mtu > last->route_mtu_cached) 2117 mtu = last->route_mtu_cached; 2118 dst->metrics[RTAX_MTU-1] = mtu; 2119 2120 if (last == first) 2121 break; 2122 2123 last = (struct xfrm_dst *)last->u.dst.next; 2124 last->child_mtu_cached = mtu; 2125 } 2126 2127 return 1; 2128 } 2129 2130 EXPORT_SYMBOL(xfrm_bundle_ok); 2131 2132 int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) 2133 { 2134 int err = 0; 2135 if (unlikely(afinfo == NULL)) 2136 return -EINVAL; 2137 if (unlikely(afinfo->family >= NPROTO)) 2138 return -EAFNOSUPPORT; 2139 write_lock_bh(&xfrm_policy_afinfo_lock); 2140 if (unlikely(xfrm_policy_afinfo[afinfo->family] != NULL)) 2141 err = -ENOBUFS; 2142 else { 2143 struct dst_ops *dst_ops = afinfo->dst_ops; 2144 if (likely(dst_ops->kmem_cachep == NULL)) 2145 dst_ops->kmem_cachep = xfrm_dst_cache; 2146 if (likely(dst_ops->check == NULL)) 2147 dst_ops->check = xfrm_dst_check; 2148 if (likely(dst_ops->negative_advice == NULL)) 2149 dst_ops->negative_advice = xfrm_negative_advice; 2150 if (likely(dst_ops->link_failure == NULL)) 2151 dst_ops->link_failure = xfrm_link_failure; 2152 if (likely(afinfo->garbage_collect == NULL)) 2153 afinfo->garbage_collect = __xfrm_garbage_collect; 2154 xfrm_policy_afinfo[afinfo->family] = afinfo; 2155 } 2156 write_unlock_bh(&xfrm_policy_afinfo_lock); 2157 return err; 2158 } 2159 EXPORT_SYMBOL(xfrm_policy_register_afinfo); 2160 2161 int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo) 2162 { 2163 int err = 0; 2164 if (unlikely(afinfo == NULL)) 2165 return -EINVAL; 2166 if (unlikely(afinfo->family >= NPROTO)) 2167 return -EAFNOSUPPORT; 2168 write_lock_bh(&xfrm_policy_afinfo_lock); 2169 if (likely(xfrm_policy_afinfo[afinfo->family] != NULL)) { 2170 if (unlikely(xfrm_policy_afinfo[afinfo->family] != afinfo)) 2171 err = -EINVAL; 2172 else { 2173 struct dst_ops *dst_ops = afinfo->dst_ops; 2174 xfrm_policy_afinfo[afinfo->family] = NULL; 2175 dst_ops->kmem_cachep = NULL; 2176 dst_ops->check = NULL; 2177 dst_ops->negative_advice = NULL; 2178 dst_ops->link_failure = NULL; 2179 afinfo->garbage_collect = NULL; 2180 } 2181 } 2182 write_unlock_bh(&xfrm_policy_afinfo_lock); 2183 return err; 2184 } 2185 EXPORT_SYMBOL(xfrm_policy_unregister_afinfo); 2186 2187 static struct xfrm_policy_afinfo *xfrm_policy_get_afinfo(unsigned short family) 2188 { 2189 struct xfrm_policy_afinfo *afinfo; 2190 if (unlikely(family >= NPROTO)) 2191 return NULL; 2192 read_lock(&xfrm_policy_afinfo_lock); 2193 afinfo = xfrm_policy_afinfo[family]; 2194 if (unlikely(!afinfo)) 2195 read_unlock(&xfrm_policy_afinfo_lock); 2196 return afinfo; 2197 } 2198 2199 static void xfrm_policy_put_afinfo(struct xfrm_policy_afinfo *afinfo) 2200 { 2201 read_unlock(&xfrm_policy_afinfo_lock); 2202 } 2203 2204 static int xfrm_dev_event(struct notifier_block *this, unsigned long event, void *ptr) 2205 { 2206 struct net_device *dev = ptr; 2207 2208 if (dev->nd_net != &init_net) 2209 return NOTIFY_DONE; 2210 2211 switch (event) { 2212 case NETDEV_DOWN: 2213 xfrm_flush_bundles(); 2214 } 2215 return NOTIFY_DONE; 2216 } 2217 2218 static struct notifier_block xfrm_dev_notifier = { 2219 xfrm_dev_event, 2220 NULL, 2221 0 2222 }; 2223 2224 static void __init xfrm_policy_init(void) 2225 { 2226 unsigned int hmask, sz; 2227 int dir; 2228 2229 xfrm_dst_cache = kmem_cache_create("xfrm_dst_cache", 2230 sizeof(struct xfrm_dst), 2231 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, 2232 NULL); 2233 2234 hmask = 8 - 1; 2235 sz = (hmask+1) * sizeof(struct hlist_head); 2236 2237 xfrm_policy_byidx = xfrm_hash_alloc(sz); 2238 xfrm_idx_hmask = hmask; 2239 if (!xfrm_policy_byidx) 2240 panic("XFRM: failed to allocate byidx hash\n"); 2241 2242 for (dir = 0; dir < XFRM_POLICY_MAX * 2; dir++) { 2243 struct xfrm_policy_hash *htab; 2244 2245 INIT_HLIST_HEAD(&xfrm_policy_inexact[dir]); 2246 2247 htab = &xfrm_policy_bydst[dir]; 2248 htab->table = xfrm_hash_alloc(sz); 2249 htab->hmask = hmask; 2250 if (!htab->table) 2251 panic("XFRM: failed to allocate bydst hash\n"); 2252 } 2253 2254 INIT_WORK(&xfrm_policy_gc_work, xfrm_policy_gc_task); 2255 register_netdevice_notifier(&xfrm_dev_notifier); 2256 } 2257 2258 void __init xfrm_init(void) 2259 { 2260 xfrm_state_init(); 2261 xfrm_policy_init(); 2262 xfrm_input_init(); 2263 } 2264 2265 #ifdef CONFIG_AUDITSYSCALL 2266 static inline void xfrm_audit_common_policyinfo(struct xfrm_policy *xp, 2267 struct audit_buffer *audit_buf) 2268 { 2269 struct xfrm_sec_ctx *ctx = xp->security; 2270 struct xfrm_selector *sel = &xp->selector; 2271 2272 if (ctx) 2273 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s", 2274 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str); 2275 2276 switch(sel->family) { 2277 case AF_INET: 2278 audit_log_format(audit_buf, " src=" NIPQUAD_FMT, 2279 NIPQUAD(sel->saddr.a4)); 2280 if (sel->prefixlen_s != 32) 2281 audit_log_format(audit_buf, " src_prefixlen=%d", 2282 sel->prefixlen_s); 2283 audit_log_format(audit_buf, " dst=" NIPQUAD_FMT, 2284 NIPQUAD(sel->daddr.a4)); 2285 if (sel->prefixlen_d != 32) 2286 audit_log_format(audit_buf, " dst_prefixlen=%d", 2287 sel->prefixlen_d); 2288 break; 2289 case AF_INET6: 2290 audit_log_format(audit_buf, " src=" NIP6_FMT, 2291 NIP6(*(struct in6_addr *)sel->saddr.a6)); 2292 if (sel->prefixlen_s != 128) 2293 audit_log_format(audit_buf, " src_prefixlen=%d", 2294 sel->prefixlen_s); 2295 audit_log_format(audit_buf, " dst=" NIP6_FMT, 2296 NIP6(*(struct in6_addr *)sel->daddr.a6)); 2297 if (sel->prefixlen_d != 128) 2298 audit_log_format(audit_buf, " dst_prefixlen=%d", 2299 sel->prefixlen_d); 2300 break; 2301 } 2302 } 2303 2304 void 2305 xfrm_audit_policy_add(struct xfrm_policy *xp, int result, u32 auid, u32 sid) 2306 { 2307 struct audit_buffer *audit_buf; 2308 extern int audit_enabled; 2309 2310 if (audit_enabled == 0) 2311 return; 2312 audit_buf = xfrm_audit_start(auid, sid); 2313 if (audit_buf == NULL) 2314 return; 2315 audit_log_format(audit_buf, " op=SPD-add res=%u", result); 2316 xfrm_audit_common_policyinfo(xp, audit_buf); 2317 audit_log_end(audit_buf); 2318 } 2319 EXPORT_SYMBOL_GPL(xfrm_audit_policy_add); 2320 2321 void 2322 xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, u32 auid, u32 sid) 2323 { 2324 struct audit_buffer *audit_buf; 2325 extern int audit_enabled; 2326 2327 if (audit_enabled == 0) 2328 return; 2329 audit_buf = xfrm_audit_start(auid, sid); 2330 if (audit_buf == NULL) 2331 return; 2332 audit_log_format(audit_buf, " op=SPD-delete res=%u", result); 2333 xfrm_audit_common_policyinfo(xp, audit_buf); 2334 audit_log_end(audit_buf); 2335 } 2336 EXPORT_SYMBOL_GPL(xfrm_audit_policy_delete); 2337 #endif 2338 2339 #ifdef CONFIG_XFRM_MIGRATE 2340 static int xfrm_migrate_selector_match(struct xfrm_selector *sel_cmp, 2341 struct xfrm_selector *sel_tgt) 2342 { 2343 if (sel_cmp->proto == IPSEC_ULPROTO_ANY) { 2344 if (sel_tgt->family == sel_cmp->family && 2345 xfrm_addr_cmp(&sel_tgt->daddr, &sel_cmp->daddr, 2346 sel_cmp->family) == 0 && 2347 xfrm_addr_cmp(&sel_tgt->saddr, &sel_cmp->saddr, 2348 sel_cmp->family) == 0 && 2349 sel_tgt->prefixlen_d == sel_cmp->prefixlen_d && 2350 sel_tgt->prefixlen_s == sel_cmp->prefixlen_s) { 2351 return 1; 2352 } 2353 } else { 2354 if (memcmp(sel_tgt, sel_cmp, sizeof(*sel_tgt)) == 0) { 2355 return 1; 2356 } 2357 } 2358 return 0; 2359 } 2360 2361 static struct xfrm_policy * xfrm_migrate_policy_find(struct xfrm_selector *sel, 2362 u8 dir, u8 type) 2363 { 2364 struct xfrm_policy *pol, *ret = NULL; 2365 struct hlist_node *entry; 2366 struct hlist_head *chain; 2367 u32 priority = ~0U; 2368 2369 read_lock_bh(&xfrm_policy_lock); 2370 chain = policy_hash_direct(&sel->daddr, &sel->saddr, sel->family, dir); 2371 hlist_for_each_entry(pol, entry, chain, bydst) { 2372 if (xfrm_migrate_selector_match(sel, &pol->selector) && 2373 pol->type == type) { 2374 ret = pol; 2375 priority = ret->priority; 2376 break; 2377 } 2378 } 2379 chain = &xfrm_policy_inexact[dir]; 2380 hlist_for_each_entry(pol, entry, chain, bydst) { 2381 if (xfrm_migrate_selector_match(sel, &pol->selector) && 2382 pol->type == type && 2383 pol->priority < priority) { 2384 ret = pol; 2385 break; 2386 } 2387 } 2388 2389 if (ret) 2390 xfrm_pol_hold(ret); 2391 2392 read_unlock_bh(&xfrm_policy_lock); 2393 2394 return ret; 2395 } 2396 2397 static int migrate_tmpl_match(struct xfrm_migrate *m, struct xfrm_tmpl *t) 2398 { 2399 int match = 0; 2400 2401 if (t->mode == m->mode && t->id.proto == m->proto && 2402 (m->reqid == 0 || t->reqid == m->reqid)) { 2403 switch (t->mode) { 2404 case XFRM_MODE_TUNNEL: 2405 case XFRM_MODE_BEET: 2406 if (xfrm_addr_cmp(&t->id.daddr, &m->old_daddr, 2407 m->old_family) == 0 && 2408 xfrm_addr_cmp(&t->saddr, &m->old_saddr, 2409 m->old_family) == 0) { 2410 match = 1; 2411 } 2412 break; 2413 case XFRM_MODE_TRANSPORT: 2414 /* in case of transport mode, template does not store 2415 any IP addresses, hence we just compare mode and 2416 protocol */ 2417 match = 1; 2418 break; 2419 default: 2420 break; 2421 } 2422 } 2423 return match; 2424 } 2425 2426 /* update endpoint address(es) of template(s) */ 2427 static int xfrm_policy_migrate(struct xfrm_policy *pol, 2428 struct xfrm_migrate *m, int num_migrate) 2429 { 2430 struct xfrm_migrate *mp; 2431 struct dst_entry *dst; 2432 int i, j, n = 0; 2433 2434 write_lock_bh(&pol->lock); 2435 if (unlikely(pol->dead)) { 2436 /* target policy has been deleted */ 2437 write_unlock_bh(&pol->lock); 2438 return -ENOENT; 2439 } 2440 2441 for (i = 0; i < pol->xfrm_nr; i++) { 2442 for (j = 0, mp = m; j < num_migrate; j++, mp++) { 2443 if (!migrate_tmpl_match(mp, &pol->xfrm_vec[i])) 2444 continue; 2445 n++; 2446 if (pol->xfrm_vec[i].mode != XFRM_MODE_TUNNEL && 2447 pol->xfrm_vec[i].mode != XFRM_MODE_BEET) 2448 continue; 2449 /* update endpoints */ 2450 memcpy(&pol->xfrm_vec[i].id.daddr, &mp->new_daddr, 2451 sizeof(pol->xfrm_vec[i].id.daddr)); 2452 memcpy(&pol->xfrm_vec[i].saddr, &mp->new_saddr, 2453 sizeof(pol->xfrm_vec[i].saddr)); 2454 pol->xfrm_vec[i].encap_family = mp->new_family; 2455 /* flush bundles */ 2456 while ((dst = pol->bundles) != NULL) { 2457 pol->bundles = dst->next; 2458 dst_free(dst); 2459 } 2460 } 2461 } 2462 2463 write_unlock_bh(&pol->lock); 2464 2465 if (!n) 2466 return -ENODATA; 2467 2468 return 0; 2469 } 2470 2471 static int xfrm_migrate_check(struct xfrm_migrate *m, int num_migrate) 2472 { 2473 int i, j; 2474 2475 if (num_migrate < 1 || num_migrate > XFRM_MAX_DEPTH) 2476 return -EINVAL; 2477 2478 for (i = 0; i < num_migrate; i++) { 2479 if ((xfrm_addr_cmp(&m[i].old_daddr, &m[i].new_daddr, 2480 m[i].old_family) == 0) && 2481 (xfrm_addr_cmp(&m[i].old_saddr, &m[i].new_saddr, 2482 m[i].old_family) == 0)) 2483 return -EINVAL; 2484 if (xfrm_addr_any(&m[i].new_daddr, m[i].new_family) || 2485 xfrm_addr_any(&m[i].new_saddr, m[i].new_family)) 2486 return -EINVAL; 2487 2488 /* check if there is any duplicated entry */ 2489 for (j = i + 1; j < num_migrate; j++) { 2490 if (!memcmp(&m[i].old_daddr, &m[j].old_daddr, 2491 sizeof(m[i].old_daddr)) && 2492 !memcmp(&m[i].old_saddr, &m[j].old_saddr, 2493 sizeof(m[i].old_saddr)) && 2494 m[i].proto == m[j].proto && 2495 m[i].mode == m[j].mode && 2496 m[i].reqid == m[j].reqid && 2497 m[i].old_family == m[j].old_family) 2498 return -EINVAL; 2499 } 2500 } 2501 2502 return 0; 2503 } 2504 2505 int xfrm_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 2506 struct xfrm_migrate *m, int num_migrate) 2507 { 2508 int i, err, nx_cur = 0, nx_new = 0; 2509 struct xfrm_policy *pol = NULL; 2510 struct xfrm_state *x, *xc; 2511 struct xfrm_state *x_cur[XFRM_MAX_DEPTH]; 2512 struct xfrm_state *x_new[XFRM_MAX_DEPTH]; 2513 struct xfrm_migrate *mp; 2514 2515 if ((err = xfrm_migrate_check(m, num_migrate)) < 0) 2516 goto out; 2517 2518 /* Stage 1 - find policy */ 2519 if ((pol = xfrm_migrate_policy_find(sel, dir, type)) == NULL) { 2520 err = -ENOENT; 2521 goto out; 2522 } 2523 2524 /* Stage 2 - find and update state(s) */ 2525 for (i = 0, mp = m; i < num_migrate; i++, mp++) { 2526 if ((x = xfrm_migrate_state_find(mp))) { 2527 x_cur[nx_cur] = x; 2528 nx_cur++; 2529 if ((xc = xfrm_state_migrate(x, mp))) { 2530 x_new[nx_new] = xc; 2531 nx_new++; 2532 } else { 2533 err = -ENODATA; 2534 goto restore_state; 2535 } 2536 } 2537 } 2538 2539 /* Stage 3 - update policy */ 2540 if ((err = xfrm_policy_migrate(pol, m, num_migrate)) < 0) 2541 goto restore_state; 2542 2543 /* Stage 4 - delete old state(s) */ 2544 if (nx_cur) { 2545 xfrm_states_put(x_cur, nx_cur); 2546 xfrm_states_delete(x_cur, nx_cur); 2547 } 2548 2549 /* Stage 5 - announce */ 2550 km_migrate(sel, dir, type, m, num_migrate); 2551 2552 xfrm_pol_put(pol); 2553 2554 return 0; 2555 out: 2556 return err; 2557 2558 restore_state: 2559 if (pol) 2560 xfrm_pol_put(pol); 2561 if (nx_cur) 2562 xfrm_states_put(x_cur, nx_cur); 2563 if (nx_new) 2564 xfrm_states_delete(x_new, nx_new); 2565 2566 return err; 2567 } 2568 EXPORT_SYMBOL(xfrm_migrate); 2569 #endif 2570