1 /* 2 * xfrm_state.c 3 * 4 * Changes: 5 * Mitsuru KANDA @USAGI 6 * Kazunori MIYAZAWA @USAGI 7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 8 * IPv6 support 9 * YOSHIFUJI Hideaki @USAGI 10 * Split up af-specific functions 11 * Derek Atkins <derek@ihtfp.com> 12 * Add UDP Encapsulation 13 * 14 */ 15 16 #include <linux/workqueue.h> 17 #include <net/xfrm.h> 18 #include <linux/pfkeyv2.h> 19 #include <linux/ipsec.h> 20 #include <linux/module.h> 21 #include <linux/cache.h> 22 #include <linux/audit.h> 23 #include <asm/uaccess.h> 24 25 #include "xfrm_hash.h" 26 27 struct sock *xfrm_nl; 28 EXPORT_SYMBOL(xfrm_nl); 29 30 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME; 31 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime); 32 33 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE; 34 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth); 35 36 u32 sysctl_xfrm_acq_expires __read_mostly = 30; 37 38 /* Each xfrm_state may be linked to two tables: 39 40 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl) 41 2. Hash table by (daddr,family,reqid) to find what SAs exist for given 42 destination/tunnel endpoint. (output) 43 */ 44 45 static DEFINE_SPINLOCK(xfrm_state_lock); 46 47 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024; 48 static unsigned int xfrm_state_genid; 49 50 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family); 51 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo); 52 53 #ifdef CONFIG_AUDITSYSCALL 54 static void xfrm_audit_state_replay(struct xfrm_state *x, 55 struct sk_buff *skb, __be32 net_seq); 56 #else 57 #define xfrm_audit_state_replay(x, s, sq) do { ; } while (0) 58 #endif /* CONFIG_AUDITSYSCALL */ 59 60 static inline unsigned int xfrm_dst_hash(struct net *net, 61 xfrm_address_t *daddr, 62 xfrm_address_t *saddr, 63 u32 reqid, 64 unsigned short family) 65 { 66 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask); 67 } 68 69 static inline unsigned int xfrm_src_hash(struct net *net, 70 xfrm_address_t *daddr, 71 xfrm_address_t *saddr, 72 unsigned short family) 73 { 74 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask); 75 } 76 77 static inline unsigned int 78 xfrm_spi_hash(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family) 79 { 80 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask); 81 } 82 83 static void xfrm_hash_transfer(struct hlist_head *list, 84 struct hlist_head *ndsttable, 85 struct hlist_head *nsrctable, 86 struct hlist_head *nspitable, 87 unsigned int nhashmask) 88 { 89 struct hlist_node *entry, *tmp; 90 struct xfrm_state *x; 91 92 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) { 93 unsigned int h; 94 95 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr, 96 x->props.reqid, x->props.family, 97 nhashmask); 98 hlist_add_head(&x->bydst, ndsttable+h); 99 100 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr, 101 x->props.family, 102 nhashmask); 103 hlist_add_head(&x->bysrc, nsrctable+h); 104 105 if (x->id.spi) { 106 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi, 107 x->id.proto, x->props.family, 108 nhashmask); 109 hlist_add_head(&x->byspi, nspitable+h); 110 } 111 } 112 } 113 114 static unsigned long xfrm_hash_new_size(unsigned int state_hmask) 115 { 116 return ((state_hmask + 1) << 1) * sizeof(struct hlist_head); 117 } 118 119 static DEFINE_MUTEX(hash_resize_mutex); 120 121 static void xfrm_hash_resize(struct work_struct *work) 122 { 123 struct net *net = container_of(work, struct net, xfrm.state_hash_work); 124 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi; 125 unsigned long nsize, osize; 126 unsigned int nhashmask, ohashmask; 127 int i; 128 129 mutex_lock(&hash_resize_mutex); 130 131 nsize = xfrm_hash_new_size(net->xfrm.state_hmask); 132 ndst = xfrm_hash_alloc(nsize); 133 if (!ndst) 134 goto out_unlock; 135 nsrc = xfrm_hash_alloc(nsize); 136 if (!nsrc) { 137 xfrm_hash_free(ndst, nsize); 138 goto out_unlock; 139 } 140 nspi = xfrm_hash_alloc(nsize); 141 if (!nspi) { 142 xfrm_hash_free(ndst, nsize); 143 xfrm_hash_free(nsrc, nsize); 144 goto out_unlock; 145 } 146 147 spin_lock_bh(&xfrm_state_lock); 148 149 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U; 150 for (i = net->xfrm.state_hmask; i >= 0; i--) 151 xfrm_hash_transfer(net->xfrm.state_bydst+i, ndst, nsrc, nspi, 152 nhashmask); 153 154 odst = net->xfrm.state_bydst; 155 osrc = net->xfrm.state_bysrc; 156 ospi = net->xfrm.state_byspi; 157 ohashmask = net->xfrm.state_hmask; 158 159 net->xfrm.state_bydst = ndst; 160 net->xfrm.state_bysrc = nsrc; 161 net->xfrm.state_byspi = nspi; 162 net->xfrm.state_hmask = nhashmask; 163 164 spin_unlock_bh(&xfrm_state_lock); 165 166 osize = (ohashmask + 1) * sizeof(struct hlist_head); 167 xfrm_hash_free(odst, osize); 168 xfrm_hash_free(osrc, osize); 169 xfrm_hash_free(ospi, osize); 170 171 out_unlock: 172 mutex_unlock(&hash_resize_mutex); 173 } 174 175 static DEFINE_RWLOCK(xfrm_state_afinfo_lock); 176 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO]; 177 178 static DEFINE_SPINLOCK(xfrm_state_gc_lock); 179 180 int __xfrm_state_delete(struct xfrm_state *x); 181 182 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); 183 void km_state_expired(struct xfrm_state *x, int hard, u32 pid); 184 185 static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family) 186 { 187 struct xfrm_state_afinfo *afinfo; 188 if (unlikely(family >= NPROTO)) 189 return NULL; 190 write_lock_bh(&xfrm_state_afinfo_lock); 191 afinfo = xfrm_state_afinfo[family]; 192 if (unlikely(!afinfo)) 193 write_unlock_bh(&xfrm_state_afinfo_lock); 194 return afinfo; 195 } 196 197 static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo) 198 __releases(xfrm_state_afinfo_lock) 199 { 200 write_unlock_bh(&xfrm_state_afinfo_lock); 201 } 202 203 int xfrm_register_type(const struct xfrm_type *type, unsigned short family) 204 { 205 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family); 206 const struct xfrm_type **typemap; 207 int err = 0; 208 209 if (unlikely(afinfo == NULL)) 210 return -EAFNOSUPPORT; 211 typemap = afinfo->type_map; 212 213 if (likely(typemap[type->proto] == NULL)) 214 typemap[type->proto] = type; 215 else 216 err = -EEXIST; 217 xfrm_state_unlock_afinfo(afinfo); 218 return err; 219 } 220 EXPORT_SYMBOL(xfrm_register_type); 221 222 int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family) 223 { 224 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family); 225 const struct xfrm_type **typemap; 226 int err = 0; 227 228 if (unlikely(afinfo == NULL)) 229 return -EAFNOSUPPORT; 230 typemap = afinfo->type_map; 231 232 if (unlikely(typemap[type->proto] != type)) 233 err = -ENOENT; 234 else 235 typemap[type->proto] = NULL; 236 xfrm_state_unlock_afinfo(afinfo); 237 return err; 238 } 239 EXPORT_SYMBOL(xfrm_unregister_type); 240 241 static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family) 242 { 243 struct xfrm_state_afinfo *afinfo; 244 const struct xfrm_type **typemap; 245 const struct xfrm_type *type; 246 int modload_attempted = 0; 247 248 retry: 249 afinfo = xfrm_state_get_afinfo(family); 250 if (unlikely(afinfo == NULL)) 251 return NULL; 252 typemap = afinfo->type_map; 253 254 type = typemap[proto]; 255 if (unlikely(type && !try_module_get(type->owner))) 256 type = NULL; 257 if (!type && !modload_attempted) { 258 xfrm_state_put_afinfo(afinfo); 259 request_module("xfrm-type-%d-%d", family, proto); 260 modload_attempted = 1; 261 goto retry; 262 } 263 264 xfrm_state_put_afinfo(afinfo); 265 return type; 266 } 267 268 static void xfrm_put_type(const struct xfrm_type *type) 269 { 270 module_put(type->owner); 271 } 272 273 int xfrm_register_mode(struct xfrm_mode *mode, int family) 274 { 275 struct xfrm_state_afinfo *afinfo; 276 struct xfrm_mode **modemap; 277 int err; 278 279 if (unlikely(mode->encap >= XFRM_MODE_MAX)) 280 return -EINVAL; 281 282 afinfo = xfrm_state_lock_afinfo(family); 283 if (unlikely(afinfo == NULL)) 284 return -EAFNOSUPPORT; 285 286 err = -EEXIST; 287 modemap = afinfo->mode_map; 288 if (modemap[mode->encap]) 289 goto out; 290 291 err = -ENOENT; 292 if (!try_module_get(afinfo->owner)) 293 goto out; 294 295 mode->afinfo = afinfo; 296 modemap[mode->encap] = mode; 297 err = 0; 298 299 out: 300 xfrm_state_unlock_afinfo(afinfo); 301 return err; 302 } 303 EXPORT_SYMBOL(xfrm_register_mode); 304 305 int xfrm_unregister_mode(struct xfrm_mode *mode, int family) 306 { 307 struct xfrm_state_afinfo *afinfo; 308 struct xfrm_mode **modemap; 309 int err; 310 311 if (unlikely(mode->encap >= XFRM_MODE_MAX)) 312 return -EINVAL; 313 314 afinfo = xfrm_state_lock_afinfo(family); 315 if (unlikely(afinfo == NULL)) 316 return -EAFNOSUPPORT; 317 318 err = -ENOENT; 319 modemap = afinfo->mode_map; 320 if (likely(modemap[mode->encap] == mode)) { 321 modemap[mode->encap] = NULL; 322 module_put(mode->afinfo->owner); 323 err = 0; 324 } 325 326 xfrm_state_unlock_afinfo(afinfo); 327 return err; 328 } 329 EXPORT_SYMBOL(xfrm_unregister_mode); 330 331 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family) 332 { 333 struct xfrm_state_afinfo *afinfo; 334 struct xfrm_mode *mode; 335 int modload_attempted = 0; 336 337 if (unlikely(encap >= XFRM_MODE_MAX)) 338 return NULL; 339 340 retry: 341 afinfo = xfrm_state_get_afinfo(family); 342 if (unlikely(afinfo == NULL)) 343 return NULL; 344 345 mode = afinfo->mode_map[encap]; 346 if (unlikely(mode && !try_module_get(mode->owner))) 347 mode = NULL; 348 if (!mode && !modload_attempted) { 349 xfrm_state_put_afinfo(afinfo); 350 request_module("xfrm-mode-%d-%d", family, encap); 351 modload_attempted = 1; 352 goto retry; 353 } 354 355 xfrm_state_put_afinfo(afinfo); 356 return mode; 357 } 358 359 static void xfrm_put_mode(struct xfrm_mode *mode) 360 { 361 module_put(mode->owner); 362 } 363 364 static void xfrm_state_gc_destroy(struct xfrm_state *x) 365 { 366 del_timer_sync(&x->timer); 367 del_timer_sync(&x->rtimer); 368 kfree(x->aalg); 369 kfree(x->ealg); 370 kfree(x->calg); 371 kfree(x->encap); 372 kfree(x->coaddr); 373 if (x->inner_mode) 374 xfrm_put_mode(x->inner_mode); 375 if (x->inner_mode_iaf) 376 xfrm_put_mode(x->inner_mode_iaf); 377 if (x->outer_mode) 378 xfrm_put_mode(x->outer_mode); 379 if (x->type) { 380 x->type->destructor(x); 381 xfrm_put_type(x->type); 382 } 383 security_xfrm_state_free(x); 384 kfree(x); 385 } 386 387 static void xfrm_state_gc_task(struct work_struct *work) 388 { 389 struct net *net = container_of(work, struct net, xfrm.state_gc_work); 390 struct xfrm_state *x; 391 struct hlist_node *entry, *tmp; 392 struct hlist_head gc_list; 393 394 spin_lock_bh(&xfrm_state_gc_lock); 395 hlist_move_list(&net->xfrm.state_gc_list, &gc_list); 396 spin_unlock_bh(&xfrm_state_gc_lock); 397 398 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist) 399 xfrm_state_gc_destroy(x); 400 401 wake_up(&net->xfrm.km_waitq); 402 } 403 404 static inline unsigned long make_jiffies(long secs) 405 { 406 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ) 407 return MAX_SCHEDULE_TIMEOUT-1; 408 else 409 return secs*HZ; 410 } 411 412 static void xfrm_timer_handler(unsigned long data) 413 { 414 struct xfrm_state *x = (struct xfrm_state*)data; 415 struct net *net = xs_net(x); 416 unsigned long now = get_seconds(); 417 long next = LONG_MAX; 418 int warn = 0; 419 int err = 0; 420 421 spin_lock(&x->lock); 422 if (x->km.state == XFRM_STATE_DEAD) 423 goto out; 424 if (x->km.state == XFRM_STATE_EXPIRED) 425 goto expired; 426 if (x->lft.hard_add_expires_seconds) { 427 long tmo = x->lft.hard_add_expires_seconds + 428 x->curlft.add_time - now; 429 if (tmo <= 0) 430 goto expired; 431 if (tmo < next) 432 next = tmo; 433 } 434 if (x->lft.hard_use_expires_seconds) { 435 long tmo = x->lft.hard_use_expires_seconds + 436 (x->curlft.use_time ? : now) - now; 437 if (tmo <= 0) 438 goto expired; 439 if (tmo < next) 440 next = tmo; 441 } 442 if (x->km.dying) 443 goto resched; 444 if (x->lft.soft_add_expires_seconds) { 445 long tmo = x->lft.soft_add_expires_seconds + 446 x->curlft.add_time - now; 447 if (tmo <= 0) 448 warn = 1; 449 else if (tmo < next) 450 next = tmo; 451 } 452 if (x->lft.soft_use_expires_seconds) { 453 long tmo = x->lft.soft_use_expires_seconds + 454 (x->curlft.use_time ? : now) - now; 455 if (tmo <= 0) 456 warn = 1; 457 else if (tmo < next) 458 next = tmo; 459 } 460 461 x->km.dying = warn; 462 if (warn) 463 km_state_expired(x, 0, 0); 464 resched: 465 if (next != LONG_MAX) 466 mod_timer(&x->timer, jiffies + make_jiffies(next)); 467 468 goto out; 469 470 expired: 471 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) { 472 x->km.state = XFRM_STATE_EXPIRED; 473 wake_up(&net->xfrm.km_waitq); 474 next = 2; 475 goto resched; 476 } 477 478 err = __xfrm_state_delete(x); 479 if (!err && x->id.spi) 480 km_state_expired(x, 1, 0); 481 482 xfrm_audit_state_delete(x, err ? 0 : 1, 483 audit_get_loginuid(current), 484 audit_get_sessionid(current), 0); 485 486 out: 487 spin_unlock(&x->lock); 488 } 489 490 static void xfrm_replay_timer_handler(unsigned long data); 491 492 struct xfrm_state *xfrm_state_alloc(struct net *net) 493 { 494 struct xfrm_state *x; 495 496 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC); 497 498 if (x) { 499 write_pnet(&x->xs_net, net); 500 atomic_set(&x->refcnt, 1); 501 atomic_set(&x->tunnel_users, 0); 502 INIT_LIST_HEAD(&x->km.all); 503 INIT_HLIST_NODE(&x->bydst); 504 INIT_HLIST_NODE(&x->bysrc); 505 INIT_HLIST_NODE(&x->byspi); 506 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x); 507 setup_timer(&x->rtimer, xfrm_replay_timer_handler, 508 (unsigned long)x); 509 x->curlft.add_time = get_seconds(); 510 x->lft.soft_byte_limit = XFRM_INF; 511 x->lft.soft_packet_limit = XFRM_INF; 512 x->lft.hard_byte_limit = XFRM_INF; 513 x->lft.hard_packet_limit = XFRM_INF; 514 x->replay_maxage = 0; 515 x->replay_maxdiff = 0; 516 x->inner_mode = NULL; 517 x->inner_mode_iaf = NULL; 518 spin_lock_init(&x->lock); 519 } 520 return x; 521 } 522 EXPORT_SYMBOL(xfrm_state_alloc); 523 524 void __xfrm_state_destroy(struct xfrm_state *x) 525 { 526 struct net *net = xs_net(x); 527 528 WARN_ON(x->km.state != XFRM_STATE_DEAD); 529 530 spin_lock_bh(&xfrm_state_gc_lock); 531 hlist_add_head(&x->gclist, &net->xfrm.state_gc_list); 532 spin_unlock_bh(&xfrm_state_gc_lock); 533 schedule_work(&net->xfrm.state_gc_work); 534 } 535 EXPORT_SYMBOL(__xfrm_state_destroy); 536 537 int __xfrm_state_delete(struct xfrm_state *x) 538 { 539 struct net *net = xs_net(x); 540 int err = -ESRCH; 541 542 if (x->km.state != XFRM_STATE_DEAD) { 543 x->km.state = XFRM_STATE_DEAD; 544 spin_lock(&xfrm_state_lock); 545 list_del(&x->km.all); 546 hlist_del(&x->bydst); 547 hlist_del(&x->bysrc); 548 if (x->id.spi) 549 hlist_del(&x->byspi); 550 net->xfrm.state_num--; 551 spin_unlock(&xfrm_state_lock); 552 553 /* All xfrm_state objects are created by xfrm_state_alloc. 554 * The xfrm_state_alloc call gives a reference, and that 555 * is what we are dropping here. 556 */ 557 xfrm_state_put(x); 558 err = 0; 559 } 560 561 return err; 562 } 563 EXPORT_SYMBOL(__xfrm_state_delete); 564 565 int xfrm_state_delete(struct xfrm_state *x) 566 { 567 int err; 568 569 spin_lock_bh(&x->lock); 570 err = __xfrm_state_delete(x); 571 spin_unlock_bh(&x->lock); 572 573 return err; 574 } 575 EXPORT_SYMBOL(xfrm_state_delete); 576 577 #ifdef CONFIG_SECURITY_NETWORK_XFRM 578 static inline int 579 xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info) 580 { 581 int i, err = 0; 582 583 for (i = 0; i <= net->xfrm.state_hmask; i++) { 584 struct hlist_node *entry; 585 struct xfrm_state *x; 586 587 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) { 588 if (xfrm_id_proto_match(x->id.proto, proto) && 589 (err = security_xfrm_state_delete(x)) != 0) { 590 xfrm_audit_state_delete(x, 0, 591 audit_info->loginuid, 592 audit_info->sessionid, 593 audit_info->secid); 594 return err; 595 } 596 } 597 } 598 599 return err; 600 } 601 #else 602 static inline int 603 xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info) 604 { 605 return 0; 606 } 607 #endif 608 609 int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info) 610 { 611 int i, err = 0; 612 613 spin_lock_bh(&xfrm_state_lock); 614 err = xfrm_state_flush_secctx_check(net, proto, audit_info); 615 if (err) 616 goto out; 617 618 for (i = 0; i <= net->xfrm.state_hmask; i++) { 619 struct hlist_node *entry; 620 struct xfrm_state *x; 621 restart: 622 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) { 623 if (!xfrm_state_kern(x) && 624 xfrm_id_proto_match(x->id.proto, proto)) { 625 xfrm_state_hold(x); 626 spin_unlock_bh(&xfrm_state_lock); 627 628 err = xfrm_state_delete(x); 629 xfrm_audit_state_delete(x, err ? 0 : 1, 630 audit_info->loginuid, 631 audit_info->sessionid, 632 audit_info->secid); 633 xfrm_state_put(x); 634 635 spin_lock_bh(&xfrm_state_lock); 636 goto restart; 637 } 638 } 639 } 640 err = 0; 641 642 out: 643 spin_unlock_bh(&xfrm_state_lock); 644 wake_up(&net->xfrm.km_waitq); 645 return err; 646 } 647 EXPORT_SYMBOL(xfrm_state_flush); 648 649 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si) 650 { 651 spin_lock_bh(&xfrm_state_lock); 652 si->sadcnt = init_net.xfrm.state_num; 653 si->sadhcnt = init_net.xfrm.state_hmask; 654 si->sadhmcnt = xfrm_state_hashmax; 655 spin_unlock_bh(&xfrm_state_lock); 656 } 657 EXPORT_SYMBOL(xfrm_sad_getinfo); 658 659 static int 660 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl, 661 struct xfrm_tmpl *tmpl, 662 xfrm_address_t *daddr, xfrm_address_t *saddr, 663 unsigned short family) 664 { 665 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 666 if (!afinfo) 667 return -1; 668 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr); 669 xfrm_state_put_afinfo(afinfo); 670 return 0; 671 } 672 673 static struct xfrm_state *__xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family) 674 { 675 unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family); 676 struct xfrm_state *x; 677 struct hlist_node *entry; 678 679 hlist_for_each_entry(x, entry, net->xfrm.state_byspi+h, byspi) { 680 if (x->props.family != family || 681 x->id.spi != spi || 682 x->id.proto != proto) 683 continue; 684 685 switch (family) { 686 case AF_INET: 687 if (x->id.daddr.a4 != daddr->a4) 688 continue; 689 break; 690 case AF_INET6: 691 if (!ipv6_addr_equal((struct in6_addr *)daddr, 692 (struct in6_addr *) 693 x->id.daddr.a6)) 694 continue; 695 break; 696 } 697 698 xfrm_state_hold(x); 699 return x; 700 } 701 702 return NULL; 703 } 704 705 static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family) 706 { 707 unsigned int h = xfrm_src_hash(net, daddr, saddr, family); 708 struct xfrm_state *x; 709 struct hlist_node *entry; 710 711 hlist_for_each_entry(x, entry, net->xfrm.state_bysrc+h, bysrc) { 712 if (x->props.family != family || 713 x->id.proto != proto) 714 continue; 715 716 switch (family) { 717 case AF_INET: 718 if (x->id.daddr.a4 != daddr->a4 || 719 x->props.saddr.a4 != saddr->a4) 720 continue; 721 break; 722 case AF_INET6: 723 if (!ipv6_addr_equal((struct in6_addr *)daddr, 724 (struct in6_addr *) 725 x->id.daddr.a6) || 726 !ipv6_addr_equal((struct in6_addr *)saddr, 727 (struct in6_addr *) 728 x->props.saddr.a6)) 729 continue; 730 break; 731 } 732 733 xfrm_state_hold(x); 734 return x; 735 } 736 737 return NULL; 738 } 739 740 static inline struct xfrm_state * 741 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family) 742 { 743 struct net *net = xs_net(x); 744 745 if (use_spi) 746 return __xfrm_state_lookup(net, &x->id.daddr, x->id.spi, 747 x->id.proto, family); 748 else 749 return __xfrm_state_lookup_byaddr(net, &x->id.daddr, 750 &x->props.saddr, 751 x->id.proto, family); 752 } 753 754 static void xfrm_hash_grow_check(struct net *net, int have_hash_collision) 755 { 756 if (have_hash_collision && 757 (net->xfrm.state_hmask + 1) < xfrm_state_hashmax && 758 net->xfrm.state_num > net->xfrm.state_hmask) 759 schedule_work(&net->xfrm.state_hash_work); 760 } 761 762 struct xfrm_state * 763 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 764 struct flowi *fl, struct xfrm_tmpl *tmpl, 765 struct xfrm_policy *pol, int *err, 766 unsigned short family) 767 { 768 struct net *net = xp_net(pol); 769 unsigned int h; 770 struct hlist_node *entry; 771 struct xfrm_state *x, *x0, *to_put; 772 int acquire_in_progress = 0; 773 int error = 0; 774 struct xfrm_state *best = NULL; 775 776 to_put = NULL; 777 778 spin_lock_bh(&xfrm_state_lock); 779 h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, family); 780 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) { 781 if (x->props.family == family && 782 x->props.reqid == tmpl->reqid && 783 !(x->props.flags & XFRM_STATE_WILDRECV) && 784 xfrm_state_addr_check(x, daddr, saddr, family) && 785 tmpl->mode == x->props.mode && 786 tmpl->id.proto == x->id.proto && 787 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) { 788 /* Resolution logic: 789 1. There is a valid state with matching selector. 790 Done. 791 2. Valid state with inappropriate selector. Skip. 792 793 Entering area of "sysdeps". 794 795 3. If state is not valid, selector is temporary, 796 it selects only session which triggered 797 previous resolution. Key manager will do 798 something to install a state with proper 799 selector. 800 */ 801 if (x->km.state == XFRM_STATE_VALID) { 802 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) || 803 !security_xfrm_state_pol_flow_match(x, pol, fl)) 804 continue; 805 if (!best || 806 best->km.dying > x->km.dying || 807 (best->km.dying == x->km.dying && 808 best->curlft.add_time < x->curlft.add_time)) 809 best = x; 810 } else if (x->km.state == XFRM_STATE_ACQ) { 811 acquire_in_progress = 1; 812 } else if (x->km.state == XFRM_STATE_ERROR || 813 x->km.state == XFRM_STATE_EXPIRED) { 814 if (xfrm_selector_match(&x->sel, fl, x->sel.family) && 815 security_xfrm_state_pol_flow_match(x, pol, fl)) 816 error = -ESRCH; 817 } 818 } 819 } 820 821 x = best; 822 if (!x && !error && !acquire_in_progress) { 823 if (tmpl->id.spi && 824 (x0 = __xfrm_state_lookup(net, daddr, tmpl->id.spi, 825 tmpl->id.proto, family)) != NULL) { 826 to_put = x0; 827 error = -EEXIST; 828 goto out; 829 } 830 x = xfrm_state_alloc(net); 831 if (x == NULL) { 832 error = -ENOMEM; 833 goto out; 834 } 835 /* Initialize temporary selector matching only 836 * to current session. */ 837 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family); 838 839 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid); 840 if (error) { 841 x->km.state = XFRM_STATE_DEAD; 842 to_put = x; 843 x = NULL; 844 goto out; 845 } 846 847 if (km_query(x, tmpl, pol) == 0) { 848 x->km.state = XFRM_STATE_ACQ; 849 list_add(&x->km.all, &net->xfrm.state_all); 850 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h); 851 h = xfrm_src_hash(net, daddr, saddr, family); 852 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h); 853 if (x->id.spi) { 854 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, family); 855 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h); 856 } 857 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires; 858 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ; 859 add_timer(&x->timer); 860 net->xfrm.state_num++; 861 xfrm_hash_grow_check(net, x->bydst.next != NULL); 862 } else { 863 x->km.state = XFRM_STATE_DEAD; 864 to_put = x; 865 x = NULL; 866 error = -ESRCH; 867 } 868 } 869 out: 870 if (x) 871 xfrm_state_hold(x); 872 else 873 *err = acquire_in_progress ? -EAGAIN : error; 874 spin_unlock_bh(&xfrm_state_lock); 875 if (to_put) 876 xfrm_state_put(to_put); 877 return x; 878 } 879 880 struct xfrm_state * 881 xfrm_stateonly_find(struct net *net, 882 xfrm_address_t *daddr, xfrm_address_t *saddr, 883 unsigned short family, u8 mode, u8 proto, u32 reqid) 884 { 885 unsigned int h; 886 struct xfrm_state *rx = NULL, *x = NULL; 887 struct hlist_node *entry; 888 889 spin_lock(&xfrm_state_lock); 890 h = xfrm_dst_hash(net, daddr, saddr, reqid, family); 891 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) { 892 if (x->props.family == family && 893 x->props.reqid == reqid && 894 !(x->props.flags & XFRM_STATE_WILDRECV) && 895 xfrm_state_addr_check(x, daddr, saddr, family) && 896 mode == x->props.mode && 897 proto == x->id.proto && 898 x->km.state == XFRM_STATE_VALID) { 899 rx = x; 900 break; 901 } 902 } 903 904 if (rx) 905 xfrm_state_hold(rx); 906 spin_unlock(&xfrm_state_lock); 907 908 909 return rx; 910 } 911 EXPORT_SYMBOL(xfrm_stateonly_find); 912 913 static void __xfrm_state_insert(struct xfrm_state *x) 914 { 915 struct net *net = xs_net(x); 916 unsigned int h; 917 918 x->genid = ++xfrm_state_genid; 919 920 list_add(&x->km.all, &net->xfrm.state_all); 921 922 h = xfrm_dst_hash(net, &x->id.daddr, &x->props.saddr, 923 x->props.reqid, x->props.family); 924 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h); 925 926 h = xfrm_src_hash(net, &x->id.daddr, &x->props.saddr, x->props.family); 927 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h); 928 929 if (x->id.spi) { 930 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, 931 x->props.family); 932 933 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h); 934 } 935 936 mod_timer(&x->timer, jiffies + HZ); 937 if (x->replay_maxage) 938 mod_timer(&x->rtimer, jiffies + x->replay_maxage); 939 940 wake_up(&net->xfrm.km_waitq); 941 942 net->xfrm.state_num++; 943 944 xfrm_hash_grow_check(net, x->bydst.next != NULL); 945 } 946 947 /* xfrm_state_lock is held */ 948 static void __xfrm_state_bump_genids(struct xfrm_state *xnew) 949 { 950 struct net *net = xs_net(xnew); 951 unsigned short family = xnew->props.family; 952 u32 reqid = xnew->props.reqid; 953 struct xfrm_state *x; 954 struct hlist_node *entry; 955 unsigned int h; 956 957 h = xfrm_dst_hash(net, &xnew->id.daddr, &xnew->props.saddr, reqid, family); 958 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) { 959 if (x->props.family == family && 960 x->props.reqid == reqid && 961 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) && 962 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family)) 963 x->genid = xfrm_state_genid; 964 } 965 } 966 967 void xfrm_state_insert(struct xfrm_state *x) 968 { 969 spin_lock_bh(&xfrm_state_lock); 970 __xfrm_state_bump_genids(x); 971 __xfrm_state_insert(x); 972 spin_unlock_bh(&xfrm_state_lock); 973 } 974 EXPORT_SYMBOL(xfrm_state_insert); 975 976 /* xfrm_state_lock is held */ 977 static struct xfrm_state *__find_acq_core(struct net *net, unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create) 978 { 979 unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family); 980 struct hlist_node *entry; 981 struct xfrm_state *x; 982 983 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) { 984 if (x->props.reqid != reqid || 985 x->props.mode != mode || 986 x->props.family != family || 987 x->km.state != XFRM_STATE_ACQ || 988 x->id.spi != 0 || 989 x->id.proto != proto) 990 continue; 991 992 switch (family) { 993 case AF_INET: 994 if (x->id.daddr.a4 != daddr->a4 || 995 x->props.saddr.a4 != saddr->a4) 996 continue; 997 break; 998 case AF_INET6: 999 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6, 1000 (struct in6_addr *)daddr) || 1001 !ipv6_addr_equal((struct in6_addr *) 1002 x->props.saddr.a6, 1003 (struct in6_addr *)saddr)) 1004 continue; 1005 break; 1006 } 1007 1008 xfrm_state_hold(x); 1009 return x; 1010 } 1011 1012 if (!create) 1013 return NULL; 1014 1015 x = xfrm_state_alloc(net); 1016 if (likely(x)) { 1017 switch (family) { 1018 case AF_INET: 1019 x->sel.daddr.a4 = daddr->a4; 1020 x->sel.saddr.a4 = saddr->a4; 1021 x->sel.prefixlen_d = 32; 1022 x->sel.prefixlen_s = 32; 1023 x->props.saddr.a4 = saddr->a4; 1024 x->id.daddr.a4 = daddr->a4; 1025 break; 1026 1027 case AF_INET6: 1028 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6, 1029 (struct in6_addr *)daddr); 1030 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6, 1031 (struct in6_addr *)saddr); 1032 x->sel.prefixlen_d = 128; 1033 x->sel.prefixlen_s = 128; 1034 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6, 1035 (struct in6_addr *)saddr); 1036 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6, 1037 (struct in6_addr *)daddr); 1038 break; 1039 } 1040 1041 x->km.state = XFRM_STATE_ACQ; 1042 x->id.proto = proto; 1043 x->props.family = family; 1044 x->props.mode = mode; 1045 x->props.reqid = reqid; 1046 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires; 1047 xfrm_state_hold(x); 1048 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ; 1049 add_timer(&x->timer); 1050 list_add(&x->km.all, &net->xfrm.state_all); 1051 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h); 1052 h = xfrm_src_hash(net, daddr, saddr, family); 1053 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h); 1054 1055 net->xfrm.state_num++; 1056 1057 xfrm_hash_grow_check(net, x->bydst.next != NULL); 1058 } 1059 1060 return x; 1061 } 1062 1063 static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 seq); 1064 1065 int xfrm_state_add(struct xfrm_state *x) 1066 { 1067 struct net *net = xs_net(x); 1068 struct xfrm_state *x1, *to_put; 1069 int family; 1070 int err; 1071 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY); 1072 1073 family = x->props.family; 1074 1075 to_put = NULL; 1076 1077 spin_lock_bh(&xfrm_state_lock); 1078 1079 x1 = __xfrm_state_locate(x, use_spi, family); 1080 if (x1) { 1081 to_put = x1; 1082 x1 = NULL; 1083 err = -EEXIST; 1084 goto out; 1085 } 1086 1087 if (use_spi && x->km.seq) { 1088 x1 = __xfrm_find_acq_byseq(net, x->km.seq); 1089 if (x1 && ((x1->id.proto != x->id.proto) || 1090 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) { 1091 to_put = x1; 1092 x1 = NULL; 1093 } 1094 } 1095 1096 if (use_spi && !x1) 1097 x1 = __find_acq_core(net, family, x->props.mode, x->props.reqid, 1098 x->id.proto, 1099 &x->id.daddr, &x->props.saddr, 0); 1100 1101 __xfrm_state_bump_genids(x); 1102 __xfrm_state_insert(x); 1103 err = 0; 1104 1105 out: 1106 spin_unlock_bh(&xfrm_state_lock); 1107 1108 if (x1) { 1109 xfrm_state_delete(x1); 1110 xfrm_state_put(x1); 1111 } 1112 1113 if (to_put) 1114 xfrm_state_put(to_put); 1115 1116 return err; 1117 } 1118 EXPORT_SYMBOL(xfrm_state_add); 1119 1120 #ifdef CONFIG_XFRM_MIGRATE 1121 static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp) 1122 { 1123 struct net *net = xs_net(orig); 1124 int err = -ENOMEM; 1125 struct xfrm_state *x = xfrm_state_alloc(net); 1126 if (!x) 1127 goto error; 1128 1129 memcpy(&x->id, &orig->id, sizeof(x->id)); 1130 memcpy(&x->sel, &orig->sel, sizeof(x->sel)); 1131 memcpy(&x->lft, &orig->lft, sizeof(x->lft)); 1132 x->props.mode = orig->props.mode; 1133 x->props.replay_window = orig->props.replay_window; 1134 x->props.reqid = orig->props.reqid; 1135 x->props.family = orig->props.family; 1136 x->props.saddr = orig->props.saddr; 1137 1138 if (orig->aalg) { 1139 x->aalg = xfrm_algo_clone(orig->aalg); 1140 if (!x->aalg) 1141 goto error; 1142 } 1143 x->props.aalgo = orig->props.aalgo; 1144 1145 if (orig->ealg) { 1146 x->ealg = xfrm_algo_clone(orig->ealg); 1147 if (!x->ealg) 1148 goto error; 1149 } 1150 x->props.ealgo = orig->props.ealgo; 1151 1152 if (orig->calg) { 1153 x->calg = xfrm_algo_clone(orig->calg); 1154 if (!x->calg) 1155 goto error; 1156 } 1157 x->props.calgo = orig->props.calgo; 1158 1159 if (orig->encap) { 1160 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL); 1161 if (!x->encap) 1162 goto error; 1163 } 1164 1165 if (orig->coaddr) { 1166 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr), 1167 GFP_KERNEL); 1168 if (!x->coaddr) 1169 goto error; 1170 } 1171 1172 err = xfrm_init_state(x); 1173 if (err) 1174 goto error; 1175 1176 x->props.flags = orig->props.flags; 1177 1178 x->curlft.add_time = orig->curlft.add_time; 1179 x->km.state = orig->km.state; 1180 x->km.seq = orig->km.seq; 1181 1182 return x; 1183 1184 error: 1185 if (errp) 1186 *errp = err; 1187 if (x) { 1188 kfree(x->aalg); 1189 kfree(x->ealg); 1190 kfree(x->calg); 1191 kfree(x->encap); 1192 kfree(x->coaddr); 1193 } 1194 kfree(x); 1195 return NULL; 1196 } 1197 1198 /* xfrm_state_lock is held */ 1199 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m) 1200 { 1201 unsigned int h; 1202 struct xfrm_state *x; 1203 struct hlist_node *entry; 1204 1205 if (m->reqid) { 1206 h = xfrm_dst_hash(&init_net, &m->old_daddr, &m->old_saddr, 1207 m->reqid, m->old_family); 1208 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) { 1209 if (x->props.mode != m->mode || 1210 x->id.proto != m->proto) 1211 continue; 1212 if (m->reqid && x->props.reqid != m->reqid) 1213 continue; 1214 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr, 1215 m->old_family) || 1216 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr, 1217 m->old_family)) 1218 continue; 1219 xfrm_state_hold(x); 1220 return x; 1221 } 1222 } else { 1223 h = xfrm_src_hash(&init_net, &m->old_daddr, &m->old_saddr, 1224 m->old_family); 1225 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) { 1226 if (x->props.mode != m->mode || 1227 x->id.proto != m->proto) 1228 continue; 1229 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr, 1230 m->old_family) || 1231 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr, 1232 m->old_family)) 1233 continue; 1234 xfrm_state_hold(x); 1235 return x; 1236 } 1237 } 1238 1239 return NULL; 1240 } 1241 EXPORT_SYMBOL(xfrm_migrate_state_find); 1242 1243 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x, 1244 struct xfrm_migrate *m) 1245 { 1246 struct xfrm_state *xc; 1247 int err; 1248 1249 xc = xfrm_state_clone(x, &err); 1250 if (!xc) 1251 return NULL; 1252 1253 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr)); 1254 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr)); 1255 1256 /* add state */ 1257 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) { 1258 /* a care is needed when the destination address of the 1259 state is to be updated as it is a part of triplet */ 1260 xfrm_state_insert(xc); 1261 } else { 1262 if ((err = xfrm_state_add(xc)) < 0) 1263 goto error; 1264 } 1265 1266 return xc; 1267 error: 1268 kfree(xc); 1269 return NULL; 1270 } 1271 EXPORT_SYMBOL(xfrm_state_migrate); 1272 #endif 1273 1274 int xfrm_state_update(struct xfrm_state *x) 1275 { 1276 struct xfrm_state *x1, *to_put; 1277 int err; 1278 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY); 1279 1280 to_put = NULL; 1281 1282 spin_lock_bh(&xfrm_state_lock); 1283 x1 = __xfrm_state_locate(x, use_spi, x->props.family); 1284 1285 err = -ESRCH; 1286 if (!x1) 1287 goto out; 1288 1289 if (xfrm_state_kern(x1)) { 1290 to_put = x1; 1291 err = -EEXIST; 1292 goto out; 1293 } 1294 1295 if (x1->km.state == XFRM_STATE_ACQ) { 1296 __xfrm_state_insert(x); 1297 x = NULL; 1298 } 1299 err = 0; 1300 1301 out: 1302 spin_unlock_bh(&xfrm_state_lock); 1303 1304 if (to_put) 1305 xfrm_state_put(to_put); 1306 1307 if (err) 1308 return err; 1309 1310 if (!x) { 1311 xfrm_state_delete(x1); 1312 xfrm_state_put(x1); 1313 return 0; 1314 } 1315 1316 err = -EINVAL; 1317 spin_lock_bh(&x1->lock); 1318 if (likely(x1->km.state == XFRM_STATE_VALID)) { 1319 if (x->encap && x1->encap) 1320 memcpy(x1->encap, x->encap, sizeof(*x1->encap)); 1321 if (x->coaddr && x1->coaddr) { 1322 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr)); 1323 } 1324 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel))) 1325 memcpy(&x1->sel, &x->sel, sizeof(x1->sel)); 1326 memcpy(&x1->lft, &x->lft, sizeof(x1->lft)); 1327 x1->km.dying = 0; 1328 1329 mod_timer(&x1->timer, jiffies + HZ); 1330 if (x1->curlft.use_time) 1331 xfrm_state_check_expire(x1); 1332 1333 err = 0; 1334 } 1335 spin_unlock_bh(&x1->lock); 1336 1337 xfrm_state_put(x1); 1338 1339 return err; 1340 } 1341 EXPORT_SYMBOL(xfrm_state_update); 1342 1343 int xfrm_state_check_expire(struct xfrm_state *x) 1344 { 1345 if (!x->curlft.use_time) 1346 x->curlft.use_time = get_seconds(); 1347 1348 if (x->km.state != XFRM_STATE_VALID) 1349 return -EINVAL; 1350 1351 if (x->curlft.bytes >= x->lft.hard_byte_limit || 1352 x->curlft.packets >= x->lft.hard_packet_limit) { 1353 x->km.state = XFRM_STATE_EXPIRED; 1354 mod_timer(&x->timer, jiffies); 1355 return -EINVAL; 1356 } 1357 1358 if (!x->km.dying && 1359 (x->curlft.bytes >= x->lft.soft_byte_limit || 1360 x->curlft.packets >= x->lft.soft_packet_limit)) { 1361 x->km.dying = 1; 1362 km_state_expired(x, 0, 0); 1363 } 1364 return 0; 1365 } 1366 EXPORT_SYMBOL(xfrm_state_check_expire); 1367 1368 struct xfrm_state * 1369 xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, 1370 unsigned short family) 1371 { 1372 struct xfrm_state *x; 1373 1374 spin_lock_bh(&xfrm_state_lock); 1375 x = __xfrm_state_lookup(net, daddr, spi, proto, family); 1376 spin_unlock_bh(&xfrm_state_lock); 1377 return x; 1378 } 1379 EXPORT_SYMBOL(xfrm_state_lookup); 1380 1381 struct xfrm_state * 1382 xfrm_state_lookup_byaddr(struct net *net, 1383 xfrm_address_t *daddr, xfrm_address_t *saddr, 1384 u8 proto, unsigned short family) 1385 { 1386 struct xfrm_state *x; 1387 1388 spin_lock_bh(&xfrm_state_lock); 1389 x = __xfrm_state_lookup_byaddr(net, daddr, saddr, proto, family); 1390 spin_unlock_bh(&xfrm_state_lock); 1391 return x; 1392 } 1393 EXPORT_SYMBOL(xfrm_state_lookup_byaddr); 1394 1395 struct xfrm_state * 1396 xfrm_find_acq(struct net *net, u8 mode, u32 reqid, u8 proto, 1397 xfrm_address_t *daddr, xfrm_address_t *saddr, 1398 int create, unsigned short family) 1399 { 1400 struct xfrm_state *x; 1401 1402 spin_lock_bh(&xfrm_state_lock); 1403 x = __find_acq_core(net, family, mode, reqid, proto, daddr, saddr, create); 1404 spin_unlock_bh(&xfrm_state_lock); 1405 1406 return x; 1407 } 1408 EXPORT_SYMBOL(xfrm_find_acq); 1409 1410 #ifdef CONFIG_XFRM_SUB_POLICY 1411 int 1412 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n, 1413 unsigned short family) 1414 { 1415 int err = 0; 1416 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 1417 if (!afinfo) 1418 return -EAFNOSUPPORT; 1419 1420 spin_lock_bh(&xfrm_state_lock); 1421 if (afinfo->tmpl_sort) 1422 err = afinfo->tmpl_sort(dst, src, n); 1423 spin_unlock_bh(&xfrm_state_lock); 1424 xfrm_state_put_afinfo(afinfo); 1425 return err; 1426 } 1427 EXPORT_SYMBOL(xfrm_tmpl_sort); 1428 1429 int 1430 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n, 1431 unsigned short family) 1432 { 1433 int err = 0; 1434 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 1435 if (!afinfo) 1436 return -EAFNOSUPPORT; 1437 1438 spin_lock_bh(&xfrm_state_lock); 1439 if (afinfo->state_sort) 1440 err = afinfo->state_sort(dst, src, n); 1441 spin_unlock_bh(&xfrm_state_lock); 1442 xfrm_state_put_afinfo(afinfo); 1443 return err; 1444 } 1445 EXPORT_SYMBOL(xfrm_state_sort); 1446 #endif 1447 1448 /* Silly enough, but I'm lazy to build resolution list */ 1449 1450 static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 seq) 1451 { 1452 int i; 1453 1454 for (i = 0; i <= net->xfrm.state_hmask; i++) { 1455 struct hlist_node *entry; 1456 struct xfrm_state *x; 1457 1458 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) { 1459 if (x->km.seq == seq && 1460 x->km.state == XFRM_STATE_ACQ) { 1461 xfrm_state_hold(x); 1462 return x; 1463 } 1464 } 1465 } 1466 return NULL; 1467 } 1468 1469 struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 seq) 1470 { 1471 struct xfrm_state *x; 1472 1473 spin_lock_bh(&xfrm_state_lock); 1474 x = __xfrm_find_acq_byseq(net, seq); 1475 spin_unlock_bh(&xfrm_state_lock); 1476 return x; 1477 } 1478 EXPORT_SYMBOL(xfrm_find_acq_byseq); 1479 1480 u32 xfrm_get_acqseq(void) 1481 { 1482 u32 res; 1483 static u32 acqseq; 1484 static DEFINE_SPINLOCK(acqseq_lock); 1485 1486 spin_lock_bh(&acqseq_lock); 1487 res = (++acqseq ? : ++acqseq); 1488 spin_unlock_bh(&acqseq_lock); 1489 return res; 1490 } 1491 EXPORT_SYMBOL(xfrm_get_acqseq); 1492 1493 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high) 1494 { 1495 struct net *net = xs_net(x); 1496 unsigned int h; 1497 struct xfrm_state *x0; 1498 int err = -ENOENT; 1499 __be32 minspi = htonl(low); 1500 __be32 maxspi = htonl(high); 1501 1502 spin_lock_bh(&x->lock); 1503 if (x->km.state == XFRM_STATE_DEAD) 1504 goto unlock; 1505 1506 err = 0; 1507 if (x->id.spi) 1508 goto unlock; 1509 1510 err = -ENOENT; 1511 1512 if (minspi == maxspi) { 1513 x0 = xfrm_state_lookup(net, &x->id.daddr, minspi, x->id.proto, x->props.family); 1514 if (x0) { 1515 xfrm_state_put(x0); 1516 goto unlock; 1517 } 1518 x->id.spi = minspi; 1519 } else { 1520 u32 spi = 0; 1521 for (h=0; h<high-low+1; h++) { 1522 spi = low + net_random()%(high-low+1); 1523 x0 = xfrm_state_lookup(net, &x->id.daddr, htonl(spi), x->id.proto, x->props.family); 1524 if (x0 == NULL) { 1525 x->id.spi = htonl(spi); 1526 break; 1527 } 1528 xfrm_state_put(x0); 1529 } 1530 } 1531 if (x->id.spi) { 1532 spin_lock_bh(&xfrm_state_lock); 1533 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family); 1534 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h); 1535 spin_unlock_bh(&xfrm_state_lock); 1536 1537 err = 0; 1538 } 1539 1540 unlock: 1541 spin_unlock_bh(&x->lock); 1542 1543 return err; 1544 } 1545 EXPORT_SYMBOL(xfrm_alloc_spi); 1546 1547 int xfrm_state_walk(struct xfrm_state_walk *walk, 1548 int (*func)(struct xfrm_state *, int, void*), 1549 void *data) 1550 { 1551 struct xfrm_state *state; 1552 struct xfrm_state_walk *x; 1553 int err = 0; 1554 1555 if (walk->seq != 0 && list_empty(&walk->all)) 1556 return 0; 1557 1558 spin_lock_bh(&xfrm_state_lock); 1559 if (list_empty(&walk->all)) 1560 x = list_first_entry(&init_net.xfrm.state_all, struct xfrm_state_walk, all); 1561 else 1562 x = list_entry(&walk->all, struct xfrm_state_walk, all); 1563 list_for_each_entry_from(x, &init_net.xfrm.state_all, all) { 1564 if (x->state == XFRM_STATE_DEAD) 1565 continue; 1566 state = container_of(x, struct xfrm_state, km); 1567 if (!xfrm_id_proto_match(state->id.proto, walk->proto)) 1568 continue; 1569 err = func(state, walk->seq, data); 1570 if (err) { 1571 list_move_tail(&walk->all, &x->all); 1572 goto out; 1573 } 1574 walk->seq++; 1575 } 1576 if (walk->seq == 0) { 1577 err = -ENOENT; 1578 goto out; 1579 } 1580 list_del_init(&walk->all); 1581 out: 1582 spin_unlock_bh(&xfrm_state_lock); 1583 return err; 1584 } 1585 EXPORT_SYMBOL(xfrm_state_walk); 1586 1587 void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto) 1588 { 1589 INIT_LIST_HEAD(&walk->all); 1590 walk->proto = proto; 1591 walk->state = XFRM_STATE_DEAD; 1592 walk->seq = 0; 1593 } 1594 EXPORT_SYMBOL(xfrm_state_walk_init); 1595 1596 void xfrm_state_walk_done(struct xfrm_state_walk *walk) 1597 { 1598 if (list_empty(&walk->all)) 1599 return; 1600 1601 spin_lock_bh(&xfrm_state_lock); 1602 list_del(&walk->all); 1603 spin_lock_bh(&xfrm_state_lock); 1604 } 1605 EXPORT_SYMBOL(xfrm_state_walk_done); 1606 1607 1608 void xfrm_replay_notify(struct xfrm_state *x, int event) 1609 { 1610 struct km_event c; 1611 /* we send notify messages in case 1612 * 1. we updated on of the sequence numbers, and the seqno difference 1613 * is at least x->replay_maxdiff, in this case we also update the 1614 * timeout of our timer function 1615 * 2. if x->replay_maxage has elapsed since last update, 1616 * and there were changes 1617 * 1618 * The state structure must be locked! 1619 */ 1620 1621 switch (event) { 1622 case XFRM_REPLAY_UPDATE: 1623 if (x->replay_maxdiff && 1624 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) && 1625 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) { 1626 if (x->xflags & XFRM_TIME_DEFER) 1627 event = XFRM_REPLAY_TIMEOUT; 1628 else 1629 return; 1630 } 1631 1632 break; 1633 1634 case XFRM_REPLAY_TIMEOUT: 1635 if ((x->replay.seq == x->preplay.seq) && 1636 (x->replay.bitmap == x->preplay.bitmap) && 1637 (x->replay.oseq == x->preplay.oseq)) { 1638 x->xflags |= XFRM_TIME_DEFER; 1639 return; 1640 } 1641 1642 break; 1643 } 1644 1645 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state)); 1646 c.event = XFRM_MSG_NEWAE; 1647 c.data.aevent = event; 1648 km_state_notify(x, &c); 1649 1650 if (x->replay_maxage && 1651 !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) 1652 x->xflags &= ~XFRM_TIME_DEFER; 1653 } 1654 1655 static void xfrm_replay_timer_handler(unsigned long data) 1656 { 1657 struct xfrm_state *x = (struct xfrm_state*)data; 1658 1659 spin_lock(&x->lock); 1660 1661 if (x->km.state == XFRM_STATE_VALID) { 1662 if (xfrm_aevent_is_on()) 1663 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT); 1664 else 1665 x->xflags |= XFRM_TIME_DEFER; 1666 } 1667 1668 spin_unlock(&x->lock); 1669 } 1670 1671 int xfrm_replay_check(struct xfrm_state *x, 1672 struct sk_buff *skb, __be32 net_seq) 1673 { 1674 u32 diff; 1675 u32 seq = ntohl(net_seq); 1676 1677 if (unlikely(seq == 0)) 1678 goto err; 1679 1680 if (likely(seq > x->replay.seq)) 1681 return 0; 1682 1683 diff = x->replay.seq - seq; 1684 if (diff >= min_t(unsigned int, x->props.replay_window, 1685 sizeof(x->replay.bitmap) * 8)) { 1686 x->stats.replay_window++; 1687 goto err; 1688 } 1689 1690 if (x->replay.bitmap & (1U << diff)) { 1691 x->stats.replay++; 1692 goto err; 1693 } 1694 return 0; 1695 1696 err: 1697 xfrm_audit_state_replay(x, skb, net_seq); 1698 return -EINVAL; 1699 } 1700 1701 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq) 1702 { 1703 u32 diff; 1704 u32 seq = ntohl(net_seq); 1705 1706 if (seq > x->replay.seq) { 1707 diff = seq - x->replay.seq; 1708 if (diff < x->props.replay_window) 1709 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1; 1710 else 1711 x->replay.bitmap = 1; 1712 x->replay.seq = seq; 1713 } else { 1714 diff = x->replay.seq - seq; 1715 x->replay.bitmap |= (1U << diff); 1716 } 1717 1718 if (xfrm_aevent_is_on()) 1719 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); 1720 } 1721 1722 static LIST_HEAD(xfrm_km_list); 1723 static DEFINE_RWLOCK(xfrm_km_lock); 1724 1725 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 1726 { 1727 struct xfrm_mgr *km; 1728 1729 read_lock(&xfrm_km_lock); 1730 list_for_each_entry(km, &xfrm_km_list, list) 1731 if (km->notify_policy) 1732 km->notify_policy(xp, dir, c); 1733 read_unlock(&xfrm_km_lock); 1734 } 1735 1736 void km_state_notify(struct xfrm_state *x, struct km_event *c) 1737 { 1738 struct xfrm_mgr *km; 1739 read_lock(&xfrm_km_lock); 1740 list_for_each_entry(km, &xfrm_km_list, list) 1741 if (km->notify) 1742 km->notify(x, c); 1743 read_unlock(&xfrm_km_lock); 1744 } 1745 1746 EXPORT_SYMBOL(km_policy_notify); 1747 EXPORT_SYMBOL(km_state_notify); 1748 1749 void km_state_expired(struct xfrm_state *x, int hard, u32 pid) 1750 { 1751 struct net *net = xs_net(x); 1752 struct km_event c; 1753 1754 c.data.hard = hard; 1755 c.pid = pid; 1756 c.event = XFRM_MSG_EXPIRE; 1757 km_state_notify(x, &c); 1758 1759 if (hard) 1760 wake_up(&net->xfrm.km_waitq); 1761 } 1762 1763 EXPORT_SYMBOL(km_state_expired); 1764 /* 1765 * We send to all registered managers regardless of failure 1766 * We are happy with one success 1767 */ 1768 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol) 1769 { 1770 int err = -EINVAL, acqret; 1771 struct xfrm_mgr *km; 1772 1773 read_lock(&xfrm_km_lock); 1774 list_for_each_entry(km, &xfrm_km_list, list) { 1775 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT); 1776 if (!acqret) 1777 err = acqret; 1778 } 1779 read_unlock(&xfrm_km_lock); 1780 return err; 1781 } 1782 EXPORT_SYMBOL(km_query); 1783 1784 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport) 1785 { 1786 int err = -EINVAL; 1787 struct xfrm_mgr *km; 1788 1789 read_lock(&xfrm_km_lock); 1790 list_for_each_entry(km, &xfrm_km_list, list) { 1791 if (km->new_mapping) 1792 err = km->new_mapping(x, ipaddr, sport); 1793 if (!err) 1794 break; 1795 } 1796 read_unlock(&xfrm_km_lock); 1797 return err; 1798 } 1799 EXPORT_SYMBOL(km_new_mapping); 1800 1801 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid) 1802 { 1803 struct net *net = xp_net(pol); 1804 struct km_event c; 1805 1806 c.data.hard = hard; 1807 c.pid = pid; 1808 c.event = XFRM_MSG_POLEXPIRE; 1809 km_policy_notify(pol, dir, &c); 1810 1811 if (hard) 1812 wake_up(&net->xfrm.km_waitq); 1813 } 1814 EXPORT_SYMBOL(km_policy_expired); 1815 1816 #ifdef CONFIG_XFRM_MIGRATE 1817 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1818 struct xfrm_migrate *m, int num_migrate, 1819 struct xfrm_kmaddress *k) 1820 { 1821 int err = -EINVAL; 1822 int ret; 1823 struct xfrm_mgr *km; 1824 1825 read_lock(&xfrm_km_lock); 1826 list_for_each_entry(km, &xfrm_km_list, list) { 1827 if (km->migrate) { 1828 ret = km->migrate(sel, dir, type, m, num_migrate, k); 1829 if (!ret) 1830 err = ret; 1831 } 1832 } 1833 read_unlock(&xfrm_km_lock); 1834 return err; 1835 } 1836 EXPORT_SYMBOL(km_migrate); 1837 #endif 1838 1839 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr) 1840 { 1841 int err = -EINVAL; 1842 int ret; 1843 struct xfrm_mgr *km; 1844 1845 read_lock(&xfrm_km_lock); 1846 list_for_each_entry(km, &xfrm_km_list, list) { 1847 if (km->report) { 1848 ret = km->report(proto, sel, addr); 1849 if (!ret) 1850 err = ret; 1851 } 1852 } 1853 read_unlock(&xfrm_km_lock); 1854 return err; 1855 } 1856 EXPORT_SYMBOL(km_report); 1857 1858 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen) 1859 { 1860 int err; 1861 u8 *data; 1862 struct xfrm_mgr *km; 1863 struct xfrm_policy *pol = NULL; 1864 1865 if (optlen <= 0 || optlen > PAGE_SIZE) 1866 return -EMSGSIZE; 1867 1868 data = kmalloc(optlen, GFP_KERNEL); 1869 if (!data) 1870 return -ENOMEM; 1871 1872 err = -EFAULT; 1873 if (copy_from_user(data, optval, optlen)) 1874 goto out; 1875 1876 err = -EINVAL; 1877 read_lock(&xfrm_km_lock); 1878 list_for_each_entry(km, &xfrm_km_list, list) { 1879 pol = km->compile_policy(sk, optname, data, 1880 optlen, &err); 1881 if (err >= 0) 1882 break; 1883 } 1884 read_unlock(&xfrm_km_lock); 1885 1886 if (err >= 0) { 1887 xfrm_sk_policy_insert(sk, err, pol); 1888 xfrm_pol_put(pol); 1889 err = 0; 1890 } 1891 1892 out: 1893 kfree(data); 1894 return err; 1895 } 1896 EXPORT_SYMBOL(xfrm_user_policy); 1897 1898 int xfrm_register_km(struct xfrm_mgr *km) 1899 { 1900 write_lock_bh(&xfrm_km_lock); 1901 list_add_tail(&km->list, &xfrm_km_list); 1902 write_unlock_bh(&xfrm_km_lock); 1903 return 0; 1904 } 1905 EXPORT_SYMBOL(xfrm_register_km); 1906 1907 int xfrm_unregister_km(struct xfrm_mgr *km) 1908 { 1909 write_lock_bh(&xfrm_km_lock); 1910 list_del(&km->list); 1911 write_unlock_bh(&xfrm_km_lock); 1912 return 0; 1913 } 1914 EXPORT_SYMBOL(xfrm_unregister_km); 1915 1916 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo) 1917 { 1918 int err = 0; 1919 if (unlikely(afinfo == NULL)) 1920 return -EINVAL; 1921 if (unlikely(afinfo->family >= NPROTO)) 1922 return -EAFNOSUPPORT; 1923 write_lock_bh(&xfrm_state_afinfo_lock); 1924 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL)) 1925 err = -ENOBUFS; 1926 else 1927 xfrm_state_afinfo[afinfo->family] = afinfo; 1928 write_unlock_bh(&xfrm_state_afinfo_lock); 1929 return err; 1930 } 1931 EXPORT_SYMBOL(xfrm_state_register_afinfo); 1932 1933 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo) 1934 { 1935 int err = 0; 1936 if (unlikely(afinfo == NULL)) 1937 return -EINVAL; 1938 if (unlikely(afinfo->family >= NPROTO)) 1939 return -EAFNOSUPPORT; 1940 write_lock_bh(&xfrm_state_afinfo_lock); 1941 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) { 1942 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo)) 1943 err = -EINVAL; 1944 else 1945 xfrm_state_afinfo[afinfo->family] = NULL; 1946 } 1947 write_unlock_bh(&xfrm_state_afinfo_lock); 1948 return err; 1949 } 1950 EXPORT_SYMBOL(xfrm_state_unregister_afinfo); 1951 1952 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family) 1953 { 1954 struct xfrm_state_afinfo *afinfo; 1955 if (unlikely(family >= NPROTO)) 1956 return NULL; 1957 read_lock(&xfrm_state_afinfo_lock); 1958 afinfo = xfrm_state_afinfo[family]; 1959 if (unlikely(!afinfo)) 1960 read_unlock(&xfrm_state_afinfo_lock); 1961 return afinfo; 1962 } 1963 1964 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo) 1965 __releases(xfrm_state_afinfo_lock) 1966 { 1967 read_unlock(&xfrm_state_afinfo_lock); 1968 } 1969 1970 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */ 1971 void xfrm_state_delete_tunnel(struct xfrm_state *x) 1972 { 1973 if (x->tunnel) { 1974 struct xfrm_state *t = x->tunnel; 1975 1976 if (atomic_read(&t->tunnel_users) == 2) 1977 xfrm_state_delete(t); 1978 atomic_dec(&t->tunnel_users); 1979 xfrm_state_put(t); 1980 x->tunnel = NULL; 1981 } 1982 } 1983 EXPORT_SYMBOL(xfrm_state_delete_tunnel); 1984 1985 int xfrm_state_mtu(struct xfrm_state *x, int mtu) 1986 { 1987 int res; 1988 1989 spin_lock_bh(&x->lock); 1990 if (x->km.state == XFRM_STATE_VALID && 1991 x->type && x->type->get_mtu) 1992 res = x->type->get_mtu(x, mtu); 1993 else 1994 res = mtu - x->props.header_len; 1995 spin_unlock_bh(&x->lock); 1996 return res; 1997 } 1998 1999 int xfrm_init_state(struct xfrm_state *x) 2000 { 2001 struct xfrm_state_afinfo *afinfo; 2002 struct xfrm_mode *inner_mode; 2003 int family = x->props.family; 2004 int err; 2005 2006 err = -EAFNOSUPPORT; 2007 afinfo = xfrm_state_get_afinfo(family); 2008 if (!afinfo) 2009 goto error; 2010 2011 err = 0; 2012 if (afinfo->init_flags) 2013 err = afinfo->init_flags(x); 2014 2015 xfrm_state_put_afinfo(afinfo); 2016 2017 if (err) 2018 goto error; 2019 2020 err = -EPROTONOSUPPORT; 2021 2022 if (x->sel.family != AF_UNSPEC) { 2023 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family); 2024 if (inner_mode == NULL) 2025 goto error; 2026 2027 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) && 2028 family != x->sel.family) { 2029 xfrm_put_mode(inner_mode); 2030 goto error; 2031 } 2032 2033 x->inner_mode = inner_mode; 2034 } else { 2035 struct xfrm_mode *inner_mode_iaf; 2036 2037 inner_mode = xfrm_get_mode(x->props.mode, AF_INET); 2038 if (inner_mode == NULL) 2039 goto error; 2040 2041 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) { 2042 xfrm_put_mode(inner_mode); 2043 goto error; 2044 } 2045 2046 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6); 2047 if (inner_mode_iaf == NULL) 2048 goto error; 2049 2050 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) { 2051 xfrm_put_mode(inner_mode_iaf); 2052 goto error; 2053 } 2054 2055 if (x->props.family == AF_INET) { 2056 x->inner_mode = inner_mode; 2057 x->inner_mode_iaf = inner_mode_iaf; 2058 } else { 2059 x->inner_mode = inner_mode_iaf; 2060 x->inner_mode_iaf = inner_mode; 2061 } 2062 } 2063 2064 x->type = xfrm_get_type(x->id.proto, family); 2065 if (x->type == NULL) 2066 goto error; 2067 2068 err = x->type->init_state(x); 2069 if (err) 2070 goto error; 2071 2072 x->outer_mode = xfrm_get_mode(x->props.mode, family); 2073 if (x->outer_mode == NULL) 2074 goto error; 2075 2076 x->km.state = XFRM_STATE_VALID; 2077 2078 error: 2079 return err; 2080 } 2081 2082 EXPORT_SYMBOL(xfrm_init_state); 2083 2084 int __net_init xfrm_state_init(struct net *net) 2085 { 2086 unsigned int sz; 2087 2088 INIT_LIST_HEAD(&net->xfrm.state_all); 2089 2090 sz = sizeof(struct hlist_head) * 8; 2091 2092 net->xfrm.state_bydst = xfrm_hash_alloc(sz); 2093 if (!net->xfrm.state_bydst) 2094 goto out_bydst; 2095 net->xfrm.state_bysrc = xfrm_hash_alloc(sz); 2096 if (!net->xfrm.state_bysrc) 2097 goto out_bysrc; 2098 net->xfrm.state_byspi = xfrm_hash_alloc(sz); 2099 if (!net->xfrm.state_byspi) 2100 goto out_byspi; 2101 net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1); 2102 2103 net->xfrm.state_num = 0; 2104 INIT_WORK(&net->xfrm.state_hash_work, xfrm_hash_resize); 2105 INIT_HLIST_HEAD(&net->xfrm.state_gc_list); 2106 INIT_WORK(&net->xfrm.state_gc_work, xfrm_state_gc_task); 2107 init_waitqueue_head(&net->xfrm.km_waitq); 2108 return 0; 2109 2110 out_byspi: 2111 xfrm_hash_free(net->xfrm.state_bysrc, sz); 2112 out_bysrc: 2113 xfrm_hash_free(net->xfrm.state_bydst, sz); 2114 out_bydst: 2115 return -ENOMEM; 2116 } 2117 2118 void xfrm_state_fini(struct net *net) 2119 { 2120 unsigned int sz; 2121 2122 WARN_ON(!list_empty(&net->xfrm.state_all)); 2123 2124 sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head); 2125 WARN_ON(!hlist_empty(net->xfrm.state_byspi)); 2126 xfrm_hash_free(net->xfrm.state_byspi, sz); 2127 WARN_ON(!hlist_empty(net->xfrm.state_bysrc)); 2128 xfrm_hash_free(net->xfrm.state_bysrc, sz); 2129 WARN_ON(!hlist_empty(net->xfrm.state_bydst)); 2130 xfrm_hash_free(net->xfrm.state_bydst, sz); 2131 } 2132 2133 #ifdef CONFIG_AUDITSYSCALL 2134 static void xfrm_audit_helper_sainfo(struct xfrm_state *x, 2135 struct audit_buffer *audit_buf) 2136 { 2137 struct xfrm_sec_ctx *ctx = x->security; 2138 u32 spi = ntohl(x->id.spi); 2139 2140 if (ctx) 2141 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s", 2142 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str); 2143 2144 switch(x->props.family) { 2145 case AF_INET: 2146 audit_log_format(audit_buf, " src=%pI4 dst=%pI4", 2147 &x->props.saddr.a4, &x->id.daddr.a4); 2148 break; 2149 case AF_INET6: 2150 audit_log_format(audit_buf, " src=%pI6 dst=%pI6", 2151 x->props.saddr.a6, x->id.daddr.a6); 2152 break; 2153 } 2154 2155 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi); 2156 } 2157 2158 static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family, 2159 struct audit_buffer *audit_buf) 2160 { 2161 struct iphdr *iph4; 2162 struct ipv6hdr *iph6; 2163 2164 switch (family) { 2165 case AF_INET: 2166 iph4 = ip_hdr(skb); 2167 audit_log_format(audit_buf, " src=%pI4 dst=%pI4", 2168 &iph4->saddr, &iph4->daddr); 2169 break; 2170 case AF_INET6: 2171 iph6 = ipv6_hdr(skb); 2172 audit_log_format(audit_buf, 2173 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x", 2174 &iph6->saddr,&iph6->daddr, 2175 iph6->flow_lbl[0] & 0x0f, 2176 iph6->flow_lbl[1], 2177 iph6->flow_lbl[2]); 2178 break; 2179 } 2180 } 2181 2182 void xfrm_audit_state_add(struct xfrm_state *x, int result, 2183 uid_t auid, u32 sessionid, u32 secid) 2184 { 2185 struct audit_buffer *audit_buf; 2186 2187 audit_buf = xfrm_audit_start("SAD-add"); 2188 if (audit_buf == NULL) 2189 return; 2190 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf); 2191 xfrm_audit_helper_sainfo(x, audit_buf); 2192 audit_log_format(audit_buf, " res=%u", result); 2193 audit_log_end(audit_buf); 2194 } 2195 EXPORT_SYMBOL_GPL(xfrm_audit_state_add); 2196 2197 void xfrm_audit_state_delete(struct xfrm_state *x, int result, 2198 uid_t auid, u32 sessionid, u32 secid) 2199 { 2200 struct audit_buffer *audit_buf; 2201 2202 audit_buf = xfrm_audit_start("SAD-delete"); 2203 if (audit_buf == NULL) 2204 return; 2205 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf); 2206 xfrm_audit_helper_sainfo(x, audit_buf); 2207 audit_log_format(audit_buf, " res=%u", result); 2208 audit_log_end(audit_buf); 2209 } 2210 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete); 2211 2212 void xfrm_audit_state_replay_overflow(struct xfrm_state *x, 2213 struct sk_buff *skb) 2214 { 2215 struct audit_buffer *audit_buf; 2216 u32 spi; 2217 2218 audit_buf = xfrm_audit_start("SA-replay-overflow"); 2219 if (audit_buf == NULL) 2220 return; 2221 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf); 2222 /* don't record the sequence number because it's inherent in this kind 2223 * of audit message */ 2224 spi = ntohl(x->id.spi); 2225 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi); 2226 audit_log_end(audit_buf); 2227 } 2228 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow); 2229 2230 static void xfrm_audit_state_replay(struct xfrm_state *x, 2231 struct sk_buff *skb, __be32 net_seq) 2232 { 2233 struct audit_buffer *audit_buf; 2234 u32 spi; 2235 2236 audit_buf = xfrm_audit_start("SA-replayed-pkt"); 2237 if (audit_buf == NULL) 2238 return; 2239 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf); 2240 spi = ntohl(x->id.spi); 2241 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u", 2242 spi, spi, ntohl(net_seq)); 2243 audit_log_end(audit_buf); 2244 } 2245 2246 void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family) 2247 { 2248 struct audit_buffer *audit_buf; 2249 2250 audit_buf = xfrm_audit_start("SA-notfound"); 2251 if (audit_buf == NULL) 2252 return; 2253 xfrm_audit_helper_pktinfo(skb, family, audit_buf); 2254 audit_log_end(audit_buf); 2255 } 2256 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple); 2257 2258 void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family, 2259 __be32 net_spi, __be32 net_seq) 2260 { 2261 struct audit_buffer *audit_buf; 2262 u32 spi; 2263 2264 audit_buf = xfrm_audit_start("SA-notfound"); 2265 if (audit_buf == NULL) 2266 return; 2267 xfrm_audit_helper_pktinfo(skb, family, audit_buf); 2268 spi = ntohl(net_spi); 2269 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u", 2270 spi, spi, ntohl(net_seq)); 2271 audit_log_end(audit_buf); 2272 } 2273 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound); 2274 2275 void xfrm_audit_state_icvfail(struct xfrm_state *x, 2276 struct sk_buff *skb, u8 proto) 2277 { 2278 struct audit_buffer *audit_buf; 2279 __be32 net_spi; 2280 __be32 net_seq; 2281 2282 audit_buf = xfrm_audit_start("SA-icv-failure"); 2283 if (audit_buf == NULL) 2284 return; 2285 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf); 2286 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) { 2287 u32 spi = ntohl(net_spi); 2288 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u", 2289 spi, spi, ntohl(net_seq)); 2290 } 2291 audit_log_end(audit_buf); 2292 } 2293 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail); 2294 #endif /* CONFIG_AUDITSYSCALL */ 2295