1 /* 2 * net/key/af_key.c An implementation of PF_KEYv2 sockets. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 7 * 2 of the License, or (at your option) any later version. 8 * 9 * Authors: Maxim Giryaev <gem@asplinux.ru> 10 * David S. Miller <davem@redhat.com> 11 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 12 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 13 * Kazunori MIYAZAWA / USAGI Project <miyazawa@linux-ipv6.org> 14 * Derek Atkins <derek@ihtfp.com> 15 */ 16 17 #include <linux/capability.h> 18 #include <linux/module.h> 19 #include <linux/kernel.h> 20 #include <linux/socket.h> 21 #include <linux/pfkeyv2.h> 22 #include <linux/ipsec.h> 23 #include <linux/skbuff.h> 24 #include <linux/rtnetlink.h> 25 #include <linux/in.h> 26 #include <linux/in6.h> 27 #include <linux/proc_fs.h> 28 #include <linux/init.h> 29 #include <net/xfrm.h> 30 #include <linux/audit.h> 31 32 #include <net/sock.h> 33 34 #define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x)) 35 #define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x)) 36 37 38 /* List of all pfkey sockets. */ 39 static HLIST_HEAD(pfkey_table); 40 static DECLARE_WAIT_QUEUE_HEAD(pfkey_table_wait); 41 static DEFINE_RWLOCK(pfkey_table_lock); 42 static atomic_t pfkey_table_users = ATOMIC_INIT(0); 43 44 static atomic_t pfkey_socks_nr = ATOMIC_INIT(0); 45 46 struct pfkey_sock { 47 /* struct sock must be the first member of struct pfkey_sock */ 48 struct sock sk; 49 int registered; 50 int promisc; 51 }; 52 53 static inline struct pfkey_sock *pfkey_sk(struct sock *sk) 54 { 55 return (struct pfkey_sock *)sk; 56 } 57 58 static void pfkey_sock_destruct(struct sock *sk) 59 { 60 skb_queue_purge(&sk->sk_receive_queue); 61 62 if (!sock_flag(sk, SOCK_DEAD)) { 63 printk("Attempt to release alive pfkey socket: %p\n", sk); 64 return; 65 } 66 67 BUG_TRAP(!atomic_read(&sk->sk_rmem_alloc)); 68 BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc)); 69 70 atomic_dec(&pfkey_socks_nr); 71 } 72 73 static void pfkey_table_grab(void) 74 { 75 write_lock_bh(&pfkey_table_lock); 76 77 if (atomic_read(&pfkey_table_users)) { 78 DECLARE_WAITQUEUE(wait, current); 79 80 add_wait_queue_exclusive(&pfkey_table_wait, &wait); 81 for(;;) { 82 set_current_state(TASK_UNINTERRUPTIBLE); 83 if (atomic_read(&pfkey_table_users) == 0) 84 break; 85 write_unlock_bh(&pfkey_table_lock); 86 schedule(); 87 write_lock_bh(&pfkey_table_lock); 88 } 89 90 __set_current_state(TASK_RUNNING); 91 remove_wait_queue(&pfkey_table_wait, &wait); 92 } 93 } 94 95 static __inline__ void pfkey_table_ungrab(void) 96 { 97 write_unlock_bh(&pfkey_table_lock); 98 wake_up(&pfkey_table_wait); 99 } 100 101 static __inline__ void pfkey_lock_table(void) 102 { 103 /* read_lock() synchronizes us to pfkey_table_grab */ 104 105 read_lock(&pfkey_table_lock); 106 atomic_inc(&pfkey_table_users); 107 read_unlock(&pfkey_table_lock); 108 } 109 110 static __inline__ void pfkey_unlock_table(void) 111 { 112 if (atomic_dec_and_test(&pfkey_table_users)) 113 wake_up(&pfkey_table_wait); 114 } 115 116 117 static const struct proto_ops pfkey_ops; 118 119 static void pfkey_insert(struct sock *sk) 120 { 121 pfkey_table_grab(); 122 sk_add_node(sk, &pfkey_table); 123 pfkey_table_ungrab(); 124 } 125 126 static void pfkey_remove(struct sock *sk) 127 { 128 pfkey_table_grab(); 129 sk_del_node_init(sk); 130 pfkey_table_ungrab(); 131 } 132 133 static struct proto key_proto = { 134 .name = "KEY", 135 .owner = THIS_MODULE, 136 .obj_size = sizeof(struct pfkey_sock), 137 }; 138 139 static int pfkey_create(struct socket *sock, int protocol) 140 { 141 struct sock *sk; 142 int err; 143 144 if (!capable(CAP_NET_ADMIN)) 145 return -EPERM; 146 if (sock->type != SOCK_RAW) 147 return -ESOCKTNOSUPPORT; 148 if (protocol != PF_KEY_V2) 149 return -EPROTONOSUPPORT; 150 151 err = -ENOMEM; 152 sk = sk_alloc(PF_KEY, GFP_KERNEL, &key_proto, 1); 153 if (sk == NULL) 154 goto out; 155 156 sock->ops = &pfkey_ops; 157 sock_init_data(sock, sk); 158 159 sk->sk_family = PF_KEY; 160 sk->sk_destruct = pfkey_sock_destruct; 161 162 atomic_inc(&pfkey_socks_nr); 163 164 pfkey_insert(sk); 165 166 return 0; 167 out: 168 return err; 169 } 170 171 static int pfkey_release(struct socket *sock) 172 { 173 struct sock *sk = sock->sk; 174 175 if (!sk) 176 return 0; 177 178 pfkey_remove(sk); 179 180 sock_orphan(sk); 181 sock->sk = NULL; 182 skb_queue_purge(&sk->sk_write_queue); 183 sock_put(sk); 184 185 return 0; 186 } 187 188 static int pfkey_broadcast_one(struct sk_buff *skb, struct sk_buff **skb2, 189 gfp_t allocation, struct sock *sk) 190 { 191 int err = -ENOBUFS; 192 193 sock_hold(sk); 194 if (*skb2 == NULL) { 195 if (atomic_read(&skb->users) != 1) { 196 *skb2 = skb_clone(skb, allocation); 197 } else { 198 *skb2 = skb; 199 atomic_inc(&skb->users); 200 } 201 } 202 if (*skb2 != NULL) { 203 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) { 204 skb_orphan(*skb2); 205 skb_set_owner_r(*skb2, sk); 206 skb_queue_tail(&sk->sk_receive_queue, *skb2); 207 sk->sk_data_ready(sk, (*skb2)->len); 208 *skb2 = NULL; 209 err = 0; 210 } 211 } 212 sock_put(sk); 213 return err; 214 } 215 216 /* Send SKB to all pfkey sockets matching selected criteria. */ 217 #define BROADCAST_ALL 0 218 #define BROADCAST_ONE 1 219 #define BROADCAST_REGISTERED 2 220 #define BROADCAST_PROMISC_ONLY 4 221 static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation, 222 int broadcast_flags, struct sock *one_sk) 223 { 224 struct sock *sk; 225 struct hlist_node *node; 226 struct sk_buff *skb2 = NULL; 227 int err = -ESRCH; 228 229 /* XXX Do we need something like netlink_overrun? I think 230 * XXX PF_KEY socket apps will not mind current behavior. 231 */ 232 if (!skb) 233 return -ENOMEM; 234 235 pfkey_lock_table(); 236 sk_for_each(sk, node, &pfkey_table) { 237 struct pfkey_sock *pfk = pfkey_sk(sk); 238 int err2; 239 240 /* Yes, it means that if you are meant to receive this 241 * pfkey message you receive it twice as promiscuous 242 * socket. 243 */ 244 if (pfk->promisc) 245 pfkey_broadcast_one(skb, &skb2, allocation, sk); 246 247 /* the exact target will be processed later */ 248 if (sk == one_sk) 249 continue; 250 if (broadcast_flags != BROADCAST_ALL) { 251 if (broadcast_flags & BROADCAST_PROMISC_ONLY) 252 continue; 253 if ((broadcast_flags & BROADCAST_REGISTERED) && 254 !pfk->registered) 255 continue; 256 if (broadcast_flags & BROADCAST_ONE) 257 continue; 258 } 259 260 err2 = pfkey_broadcast_one(skb, &skb2, allocation, sk); 261 262 /* Error is cleare after succecful sending to at least one 263 * registered KM */ 264 if ((broadcast_flags & BROADCAST_REGISTERED) && err) 265 err = err2; 266 } 267 pfkey_unlock_table(); 268 269 if (one_sk != NULL) 270 err = pfkey_broadcast_one(skb, &skb2, allocation, one_sk); 271 272 if (skb2) 273 kfree_skb(skb2); 274 kfree_skb(skb); 275 return err; 276 } 277 278 static inline void pfkey_hdr_dup(struct sadb_msg *new, struct sadb_msg *orig) 279 { 280 *new = *orig; 281 } 282 283 static int pfkey_error(struct sadb_msg *orig, int err, struct sock *sk) 284 { 285 struct sk_buff *skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_KERNEL); 286 struct sadb_msg *hdr; 287 288 if (!skb) 289 return -ENOBUFS; 290 291 /* Woe be to the platform trying to support PFKEY yet 292 * having normal errnos outside the 1-255 range, inclusive. 293 */ 294 err = -err; 295 if (err == ERESTARTSYS || 296 err == ERESTARTNOHAND || 297 err == ERESTARTNOINTR) 298 err = EINTR; 299 if (err >= 512) 300 err = EINVAL; 301 BUG_ON(err <= 0 || err >= 256); 302 303 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); 304 pfkey_hdr_dup(hdr, orig); 305 hdr->sadb_msg_errno = (uint8_t) err; 306 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / 307 sizeof(uint64_t)); 308 309 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ONE, sk); 310 311 return 0; 312 } 313 314 static u8 sadb_ext_min_len[] = { 315 [SADB_EXT_RESERVED] = (u8) 0, 316 [SADB_EXT_SA] = (u8) sizeof(struct sadb_sa), 317 [SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime), 318 [SADB_EXT_LIFETIME_HARD] = (u8) sizeof(struct sadb_lifetime), 319 [SADB_EXT_LIFETIME_SOFT] = (u8) sizeof(struct sadb_lifetime), 320 [SADB_EXT_ADDRESS_SRC] = (u8) sizeof(struct sadb_address), 321 [SADB_EXT_ADDRESS_DST] = (u8) sizeof(struct sadb_address), 322 [SADB_EXT_ADDRESS_PROXY] = (u8) sizeof(struct sadb_address), 323 [SADB_EXT_KEY_AUTH] = (u8) sizeof(struct sadb_key), 324 [SADB_EXT_KEY_ENCRYPT] = (u8) sizeof(struct sadb_key), 325 [SADB_EXT_IDENTITY_SRC] = (u8) sizeof(struct sadb_ident), 326 [SADB_EXT_IDENTITY_DST] = (u8) sizeof(struct sadb_ident), 327 [SADB_EXT_SENSITIVITY] = (u8) sizeof(struct sadb_sens), 328 [SADB_EXT_PROPOSAL] = (u8) sizeof(struct sadb_prop), 329 [SADB_EXT_SUPPORTED_AUTH] = (u8) sizeof(struct sadb_supported), 330 [SADB_EXT_SUPPORTED_ENCRYPT] = (u8) sizeof(struct sadb_supported), 331 [SADB_EXT_SPIRANGE] = (u8) sizeof(struct sadb_spirange), 332 [SADB_X_EXT_KMPRIVATE] = (u8) sizeof(struct sadb_x_kmprivate), 333 [SADB_X_EXT_POLICY] = (u8) sizeof(struct sadb_x_policy), 334 [SADB_X_EXT_SA2] = (u8) sizeof(struct sadb_x_sa2), 335 [SADB_X_EXT_NAT_T_TYPE] = (u8) sizeof(struct sadb_x_nat_t_type), 336 [SADB_X_EXT_NAT_T_SPORT] = (u8) sizeof(struct sadb_x_nat_t_port), 337 [SADB_X_EXT_NAT_T_DPORT] = (u8) sizeof(struct sadb_x_nat_t_port), 338 [SADB_X_EXT_NAT_T_OA] = (u8) sizeof(struct sadb_address), 339 [SADB_X_EXT_SEC_CTX] = (u8) sizeof(struct sadb_x_sec_ctx), 340 }; 341 342 /* Verify sadb_address_{len,prefixlen} against sa_family. */ 343 static int verify_address_len(void *p) 344 { 345 struct sadb_address *sp = p; 346 struct sockaddr *addr = (struct sockaddr *)(sp + 1); 347 struct sockaddr_in *sin; 348 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 349 struct sockaddr_in6 *sin6; 350 #endif 351 int len; 352 353 switch (addr->sa_family) { 354 case AF_INET: 355 len = sizeof(*sp) + sizeof(*sin) + (sizeof(uint64_t) - 1); 356 len /= sizeof(uint64_t); 357 if (sp->sadb_address_len != len || 358 sp->sadb_address_prefixlen > 32) 359 return -EINVAL; 360 break; 361 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 362 case AF_INET6: 363 len = sizeof(*sp) + sizeof(*sin6) + (sizeof(uint64_t) - 1); 364 len /= sizeof(uint64_t); 365 if (sp->sadb_address_len != len || 366 sp->sadb_address_prefixlen > 128) 367 return -EINVAL; 368 break; 369 #endif 370 default: 371 /* It is user using kernel to keep track of security 372 * associations for another protocol, such as 373 * OSPF/RSVP/RIPV2/MIP. It is user's job to verify 374 * lengths. 375 * 376 * XXX Actually, association/policy database is not yet 377 * XXX able to cope with arbitrary sockaddr families. 378 * XXX When it can, remove this -EINVAL. -DaveM 379 */ 380 return -EINVAL; 381 break; 382 } 383 384 return 0; 385 } 386 387 static inline int pfkey_sec_ctx_len(struct sadb_x_sec_ctx *sec_ctx) 388 { 389 int len = 0; 390 391 len += sizeof(struct sadb_x_sec_ctx); 392 len += sec_ctx->sadb_x_ctx_len; 393 len += sizeof(uint64_t) - 1; 394 len /= sizeof(uint64_t); 395 396 return len; 397 } 398 399 static inline int verify_sec_ctx_len(void *p) 400 { 401 struct sadb_x_sec_ctx *sec_ctx = (struct sadb_x_sec_ctx *)p; 402 int len; 403 404 if (sec_ctx->sadb_x_ctx_len > PAGE_SIZE) 405 return -EINVAL; 406 407 len = pfkey_sec_ctx_len(sec_ctx); 408 409 if (sec_ctx->sadb_x_sec_len != len) 410 return -EINVAL; 411 412 return 0; 413 } 414 415 static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(struct sadb_x_sec_ctx *sec_ctx) 416 { 417 struct xfrm_user_sec_ctx *uctx = NULL; 418 int ctx_size = sec_ctx->sadb_x_ctx_len; 419 420 uctx = kmalloc((sizeof(*uctx)+ctx_size), GFP_KERNEL); 421 422 if (!uctx) 423 return NULL; 424 425 uctx->len = pfkey_sec_ctx_len(sec_ctx); 426 uctx->exttype = sec_ctx->sadb_x_sec_exttype; 427 uctx->ctx_doi = sec_ctx->sadb_x_ctx_doi; 428 uctx->ctx_alg = sec_ctx->sadb_x_ctx_alg; 429 uctx->ctx_len = sec_ctx->sadb_x_ctx_len; 430 memcpy(uctx + 1, sec_ctx + 1, 431 uctx->ctx_len); 432 433 return uctx; 434 } 435 436 static int present_and_same_family(struct sadb_address *src, 437 struct sadb_address *dst) 438 { 439 struct sockaddr *s_addr, *d_addr; 440 441 if (!src || !dst) 442 return 0; 443 444 s_addr = (struct sockaddr *)(src + 1); 445 d_addr = (struct sockaddr *)(dst + 1); 446 if (s_addr->sa_family != d_addr->sa_family) 447 return 0; 448 if (s_addr->sa_family != AF_INET 449 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 450 && s_addr->sa_family != AF_INET6 451 #endif 452 ) 453 return 0; 454 455 return 1; 456 } 457 458 static int parse_exthdrs(struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 459 { 460 char *p = (char *) hdr; 461 int len = skb->len; 462 463 len -= sizeof(*hdr); 464 p += sizeof(*hdr); 465 while (len > 0) { 466 struct sadb_ext *ehdr = (struct sadb_ext *) p; 467 uint16_t ext_type; 468 int ext_len; 469 470 ext_len = ehdr->sadb_ext_len; 471 ext_len *= sizeof(uint64_t); 472 ext_type = ehdr->sadb_ext_type; 473 if (ext_len < sizeof(uint64_t) || 474 ext_len > len || 475 ext_type == SADB_EXT_RESERVED) 476 return -EINVAL; 477 478 if (ext_type <= SADB_EXT_MAX) { 479 int min = (int) sadb_ext_min_len[ext_type]; 480 if (ext_len < min) 481 return -EINVAL; 482 if (ext_hdrs[ext_type-1] != NULL) 483 return -EINVAL; 484 if (ext_type == SADB_EXT_ADDRESS_SRC || 485 ext_type == SADB_EXT_ADDRESS_DST || 486 ext_type == SADB_EXT_ADDRESS_PROXY || 487 ext_type == SADB_X_EXT_NAT_T_OA) { 488 if (verify_address_len(p)) 489 return -EINVAL; 490 } 491 if (ext_type == SADB_X_EXT_SEC_CTX) { 492 if (verify_sec_ctx_len(p)) 493 return -EINVAL; 494 } 495 ext_hdrs[ext_type-1] = p; 496 } 497 p += ext_len; 498 len -= ext_len; 499 } 500 501 return 0; 502 } 503 504 static uint16_t 505 pfkey_satype2proto(uint8_t satype) 506 { 507 switch (satype) { 508 case SADB_SATYPE_UNSPEC: 509 return IPSEC_PROTO_ANY; 510 case SADB_SATYPE_AH: 511 return IPPROTO_AH; 512 case SADB_SATYPE_ESP: 513 return IPPROTO_ESP; 514 case SADB_X_SATYPE_IPCOMP: 515 return IPPROTO_COMP; 516 break; 517 default: 518 return 0; 519 } 520 /* NOTREACHED */ 521 } 522 523 static uint8_t 524 pfkey_proto2satype(uint16_t proto) 525 { 526 switch (proto) { 527 case IPPROTO_AH: 528 return SADB_SATYPE_AH; 529 case IPPROTO_ESP: 530 return SADB_SATYPE_ESP; 531 case IPPROTO_COMP: 532 return SADB_X_SATYPE_IPCOMP; 533 break; 534 default: 535 return 0; 536 } 537 /* NOTREACHED */ 538 } 539 540 /* BTW, this scheme means that there is no way with PFKEY2 sockets to 541 * say specifically 'just raw sockets' as we encode them as 255. 542 */ 543 544 static uint8_t pfkey_proto_to_xfrm(uint8_t proto) 545 { 546 return (proto == IPSEC_PROTO_ANY ? 0 : proto); 547 } 548 549 static uint8_t pfkey_proto_from_xfrm(uint8_t proto) 550 { 551 return (proto ? proto : IPSEC_PROTO_ANY); 552 } 553 554 static int pfkey_sadb_addr2xfrm_addr(struct sadb_address *addr, 555 xfrm_address_t *xaddr) 556 { 557 switch (((struct sockaddr*)(addr + 1))->sa_family) { 558 case AF_INET: 559 xaddr->a4 = 560 ((struct sockaddr_in *)(addr + 1))->sin_addr.s_addr; 561 return AF_INET; 562 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 563 case AF_INET6: 564 memcpy(xaddr->a6, 565 &((struct sockaddr_in6 *)(addr + 1))->sin6_addr, 566 sizeof(struct in6_addr)); 567 return AF_INET6; 568 #endif 569 default: 570 return 0; 571 } 572 /* NOTREACHED */ 573 } 574 575 static struct xfrm_state *pfkey_xfrm_state_lookup(struct sadb_msg *hdr, void **ext_hdrs) 576 { 577 struct sadb_sa *sa; 578 struct sadb_address *addr; 579 uint16_t proto; 580 unsigned short family; 581 xfrm_address_t *xaddr; 582 583 sa = (struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1]; 584 if (sa == NULL) 585 return NULL; 586 587 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 588 if (proto == 0) 589 return NULL; 590 591 /* sadb_address_len should be checked by caller */ 592 addr = (struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1]; 593 if (addr == NULL) 594 return NULL; 595 596 family = ((struct sockaddr *)(addr + 1))->sa_family; 597 switch (family) { 598 case AF_INET: 599 xaddr = (xfrm_address_t *)&((struct sockaddr_in *)(addr + 1))->sin_addr; 600 break; 601 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 602 case AF_INET6: 603 xaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(addr + 1))->sin6_addr; 604 break; 605 #endif 606 default: 607 xaddr = NULL; 608 } 609 610 if (!xaddr) 611 return NULL; 612 613 return xfrm_state_lookup(xaddr, sa->sadb_sa_spi, proto, family); 614 } 615 616 #define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1))) 617 static int 618 pfkey_sockaddr_size(sa_family_t family) 619 { 620 switch (family) { 621 case AF_INET: 622 return PFKEY_ALIGN8(sizeof(struct sockaddr_in)); 623 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 624 case AF_INET6: 625 return PFKEY_ALIGN8(sizeof(struct sockaddr_in6)); 626 #endif 627 default: 628 return 0; 629 } 630 /* NOTREACHED */ 631 } 632 633 static inline int pfkey_mode_from_xfrm(int mode) 634 { 635 switch(mode) { 636 case XFRM_MODE_TRANSPORT: 637 return IPSEC_MODE_TRANSPORT; 638 case XFRM_MODE_TUNNEL: 639 return IPSEC_MODE_TUNNEL; 640 case XFRM_MODE_BEET: 641 return IPSEC_MODE_BEET; 642 default: 643 return -1; 644 } 645 } 646 647 static inline int pfkey_mode_to_xfrm(int mode) 648 { 649 switch(mode) { 650 case IPSEC_MODE_ANY: /*XXX*/ 651 case IPSEC_MODE_TRANSPORT: 652 return XFRM_MODE_TRANSPORT; 653 case IPSEC_MODE_TUNNEL: 654 return XFRM_MODE_TUNNEL; 655 case IPSEC_MODE_BEET: 656 return XFRM_MODE_BEET; 657 default: 658 return -1; 659 } 660 } 661 662 static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys, int hsc) 663 { 664 struct sk_buff *skb; 665 struct sadb_msg *hdr; 666 struct sadb_sa *sa; 667 struct sadb_lifetime *lifetime; 668 struct sadb_address *addr; 669 struct sadb_key *key; 670 struct sadb_x_sa2 *sa2; 671 struct sockaddr_in *sin; 672 struct sadb_x_sec_ctx *sec_ctx; 673 struct xfrm_sec_ctx *xfrm_ctx; 674 int ctx_size = 0; 675 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 676 struct sockaddr_in6 *sin6; 677 #endif 678 int size; 679 int auth_key_size = 0; 680 int encrypt_key_size = 0; 681 int sockaddr_size; 682 struct xfrm_encap_tmpl *natt = NULL; 683 int mode; 684 685 /* address family check */ 686 sockaddr_size = pfkey_sockaddr_size(x->props.family); 687 if (!sockaddr_size) 688 return ERR_PTR(-EINVAL); 689 690 /* base, SA, (lifetime (HSC),) address(SD), (address(P),) 691 key(AE), (identity(SD),) (sensitivity)> */ 692 size = sizeof(struct sadb_msg) +sizeof(struct sadb_sa) + 693 sizeof(struct sadb_lifetime) + 694 ((hsc & 1) ? sizeof(struct sadb_lifetime) : 0) + 695 ((hsc & 2) ? sizeof(struct sadb_lifetime) : 0) + 696 sizeof(struct sadb_address)*2 + 697 sockaddr_size*2 + 698 sizeof(struct sadb_x_sa2); 699 700 if ((xfrm_ctx = x->security)) { 701 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len); 702 size += sizeof(struct sadb_x_sec_ctx) + ctx_size; 703 } 704 705 /* identity & sensitivity */ 706 707 if ((x->props.family == AF_INET && 708 x->sel.saddr.a4 != x->props.saddr.a4) 709 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 710 || (x->props.family == AF_INET6 && 711 memcmp (x->sel.saddr.a6, x->props.saddr.a6, sizeof (struct in6_addr))) 712 #endif 713 ) 714 size += sizeof(struct sadb_address) + sockaddr_size; 715 716 if (add_keys) { 717 if (x->aalg && x->aalg->alg_key_len) { 718 auth_key_size = 719 PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8); 720 size += sizeof(struct sadb_key) + auth_key_size; 721 } 722 if (x->ealg && x->ealg->alg_key_len) { 723 encrypt_key_size = 724 PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8); 725 size += sizeof(struct sadb_key) + encrypt_key_size; 726 } 727 } 728 if (x->encap) 729 natt = x->encap; 730 731 if (natt && natt->encap_type) { 732 size += sizeof(struct sadb_x_nat_t_type); 733 size += sizeof(struct sadb_x_nat_t_port); 734 size += sizeof(struct sadb_x_nat_t_port); 735 } 736 737 skb = alloc_skb(size + 16, GFP_ATOMIC); 738 if (skb == NULL) 739 return ERR_PTR(-ENOBUFS); 740 741 /* call should fill header later */ 742 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); 743 memset(hdr, 0, size); /* XXX do we need this ? */ 744 hdr->sadb_msg_len = size / sizeof(uint64_t); 745 746 /* sa */ 747 sa = (struct sadb_sa *) skb_put(skb, sizeof(struct sadb_sa)); 748 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t); 749 sa->sadb_sa_exttype = SADB_EXT_SA; 750 sa->sadb_sa_spi = x->id.spi; 751 sa->sadb_sa_replay = x->props.replay_window; 752 switch (x->km.state) { 753 case XFRM_STATE_VALID: 754 sa->sadb_sa_state = x->km.dying ? 755 SADB_SASTATE_DYING : SADB_SASTATE_MATURE; 756 break; 757 case XFRM_STATE_ACQ: 758 sa->sadb_sa_state = SADB_SASTATE_LARVAL; 759 break; 760 default: 761 sa->sadb_sa_state = SADB_SASTATE_DEAD; 762 break; 763 } 764 sa->sadb_sa_auth = 0; 765 if (x->aalg) { 766 struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0); 767 sa->sadb_sa_auth = a ? a->desc.sadb_alg_id : 0; 768 } 769 sa->sadb_sa_encrypt = 0; 770 BUG_ON(x->ealg && x->calg); 771 if (x->ealg) { 772 struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0); 773 sa->sadb_sa_encrypt = a ? a->desc.sadb_alg_id : 0; 774 } 775 /* KAME compatible: sadb_sa_encrypt is overloaded with calg id */ 776 if (x->calg) { 777 struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0); 778 sa->sadb_sa_encrypt = a ? a->desc.sadb_alg_id : 0; 779 } 780 781 sa->sadb_sa_flags = 0; 782 if (x->props.flags & XFRM_STATE_NOECN) 783 sa->sadb_sa_flags |= SADB_SAFLAGS_NOECN; 784 if (x->props.flags & XFRM_STATE_DECAP_DSCP) 785 sa->sadb_sa_flags |= SADB_SAFLAGS_DECAP_DSCP; 786 if (x->props.flags & XFRM_STATE_NOPMTUDISC) 787 sa->sadb_sa_flags |= SADB_SAFLAGS_NOPMTUDISC; 788 789 /* hard time */ 790 if (hsc & 2) { 791 lifetime = (struct sadb_lifetime *) skb_put(skb, 792 sizeof(struct sadb_lifetime)); 793 lifetime->sadb_lifetime_len = 794 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 795 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 796 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.hard_packet_limit); 797 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.hard_byte_limit); 798 lifetime->sadb_lifetime_addtime = x->lft.hard_add_expires_seconds; 799 lifetime->sadb_lifetime_usetime = x->lft.hard_use_expires_seconds; 800 } 801 /* soft time */ 802 if (hsc & 1) { 803 lifetime = (struct sadb_lifetime *) skb_put(skb, 804 sizeof(struct sadb_lifetime)); 805 lifetime->sadb_lifetime_len = 806 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 807 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 808 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.soft_packet_limit); 809 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.soft_byte_limit); 810 lifetime->sadb_lifetime_addtime = x->lft.soft_add_expires_seconds; 811 lifetime->sadb_lifetime_usetime = x->lft.soft_use_expires_seconds; 812 } 813 /* current time */ 814 lifetime = (struct sadb_lifetime *) skb_put(skb, 815 sizeof(struct sadb_lifetime)); 816 lifetime->sadb_lifetime_len = 817 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 818 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 819 lifetime->sadb_lifetime_allocations = x->curlft.packets; 820 lifetime->sadb_lifetime_bytes = x->curlft.bytes; 821 lifetime->sadb_lifetime_addtime = x->curlft.add_time; 822 lifetime->sadb_lifetime_usetime = x->curlft.use_time; 823 /* src address */ 824 addr = (struct sadb_address*) skb_put(skb, 825 sizeof(struct sadb_address)+sockaddr_size); 826 addr->sadb_address_len = 827 (sizeof(struct sadb_address)+sockaddr_size)/ 828 sizeof(uint64_t); 829 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 830 /* "if the ports are non-zero, then the sadb_address_proto field, 831 normally zero, MUST be filled in with the transport 832 protocol's number." - RFC2367 */ 833 addr->sadb_address_proto = 0; 834 addr->sadb_address_reserved = 0; 835 if (x->props.family == AF_INET) { 836 addr->sadb_address_prefixlen = 32; 837 838 sin = (struct sockaddr_in *) (addr + 1); 839 sin->sin_family = AF_INET; 840 sin->sin_addr.s_addr = x->props.saddr.a4; 841 sin->sin_port = 0; 842 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 843 } 844 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 845 else if (x->props.family == AF_INET6) { 846 addr->sadb_address_prefixlen = 128; 847 848 sin6 = (struct sockaddr_in6 *) (addr + 1); 849 sin6->sin6_family = AF_INET6; 850 sin6->sin6_port = 0; 851 sin6->sin6_flowinfo = 0; 852 memcpy(&sin6->sin6_addr, x->props.saddr.a6, 853 sizeof(struct in6_addr)); 854 sin6->sin6_scope_id = 0; 855 } 856 #endif 857 else 858 BUG(); 859 860 /* dst address */ 861 addr = (struct sadb_address*) skb_put(skb, 862 sizeof(struct sadb_address)+sockaddr_size); 863 addr->sadb_address_len = 864 (sizeof(struct sadb_address)+sockaddr_size)/ 865 sizeof(uint64_t); 866 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 867 addr->sadb_address_proto = 0; 868 addr->sadb_address_prefixlen = 32; /* XXX */ 869 addr->sadb_address_reserved = 0; 870 if (x->props.family == AF_INET) { 871 sin = (struct sockaddr_in *) (addr + 1); 872 sin->sin_family = AF_INET; 873 sin->sin_addr.s_addr = x->id.daddr.a4; 874 sin->sin_port = 0; 875 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 876 877 if (x->sel.saddr.a4 != x->props.saddr.a4) { 878 addr = (struct sadb_address*) skb_put(skb, 879 sizeof(struct sadb_address)+sockaddr_size); 880 addr->sadb_address_len = 881 (sizeof(struct sadb_address)+sockaddr_size)/ 882 sizeof(uint64_t); 883 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY; 884 addr->sadb_address_proto = 885 pfkey_proto_from_xfrm(x->sel.proto); 886 addr->sadb_address_prefixlen = x->sel.prefixlen_s; 887 addr->sadb_address_reserved = 0; 888 889 sin = (struct sockaddr_in *) (addr + 1); 890 sin->sin_family = AF_INET; 891 sin->sin_addr.s_addr = x->sel.saddr.a4; 892 sin->sin_port = x->sel.sport; 893 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 894 } 895 } 896 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 897 else if (x->props.family == AF_INET6) { 898 addr->sadb_address_prefixlen = 128; 899 900 sin6 = (struct sockaddr_in6 *) (addr + 1); 901 sin6->sin6_family = AF_INET6; 902 sin6->sin6_port = 0; 903 sin6->sin6_flowinfo = 0; 904 memcpy(&sin6->sin6_addr, x->id.daddr.a6, sizeof(struct in6_addr)); 905 sin6->sin6_scope_id = 0; 906 907 if (memcmp (x->sel.saddr.a6, x->props.saddr.a6, 908 sizeof(struct in6_addr))) { 909 addr = (struct sadb_address *) skb_put(skb, 910 sizeof(struct sadb_address)+sockaddr_size); 911 addr->sadb_address_len = 912 (sizeof(struct sadb_address)+sockaddr_size)/ 913 sizeof(uint64_t); 914 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY; 915 addr->sadb_address_proto = 916 pfkey_proto_from_xfrm(x->sel.proto); 917 addr->sadb_address_prefixlen = x->sel.prefixlen_s; 918 addr->sadb_address_reserved = 0; 919 920 sin6 = (struct sockaddr_in6 *) (addr + 1); 921 sin6->sin6_family = AF_INET6; 922 sin6->sin6_port = x->sel.sport; 923 sin6->sin6_flowinfo = 0; 924 memcpy(&sin6->sin6_addr, x->sel.saddr.a6, 925 sizeof(struct in6_addr)); 926 sin6->sin6_scope_id = 0; 927 } 928 } 929 #endif 930 else 931 BUG(); 932 933 /* auth key */ 934 if (add_keys && auth_key_size) { 935 key = (struct sadb_key *) skb_put(skb, 936 sizeof(struct sadb_key)+auth_key_size); 937 key->sadb_key_len = (sizeof(struct sadb_key) + auth_key_size) / 938 sizeof(uint64_t); 939 key->sadb_key_exttype = SADB_EXT_KEY_AUTH; 940 key->sadb_key_bits = x->aalg->alg_key_len; 941 key->sadb_key_reserved = 0; 942 memcpy(key + 1, x->aalg->alg_key, (x->aalg->alg_key_len+7)/8); 943 } 944 /* encrypt key */ 945 if (add_keys && encrypt_key_size) { 946 key = (struct sadb_key *) skb_put(skb, 947 sizeof(struct sadb_key)+encrypt_key_size); 948 key->sadb_key_len = (sizeof(struct sadb_key) + 949 encrypt_key_size) / sizeof(uint64_t); 950 key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT; 951 key->sadb_key_bits = x->ealg->alg_key_len; 952 key->sadb_key_reserved = 0; 953 memcpy(key + 1, x->ealg->alg_key, 954 (x->ealg->alg_key_len+7)/8); 955 } 956 957 /* sa */ 958 sa2 = (struct sadb_x_sa2 *) skb_put(skb, sizeof(struct sadb_x_sa2)); 959 sa2->sadb_x_sa2_len = sizeof(struct sadb_x_sa2)/sizeof(uint64_t); 960 sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 961 if ((mode = pfkey_mode_from_xfrm(x->props.mode)) < 0) { 962 kfree_skb(skb); 963 return ERR_PTR(-EINVAL); 964 } 965 sa2->sadb_x_sa2_mode = mode; 966 sa2->sadb_x_sa2_reserved1 = 0; 967 sa2->sadb_x_sa2_reserved2 = 0; 968 sa2->sadb_x_sa2_sequence = 0; 969 sa2->sadb_x_sa2_reqid = x->props.reqid; 970 971 if (natt && natt->encap_type) { 972 struct sadb_x_nat_t_type *n_type; 973 struct sadb_x_nat_t_port *n_port; 974 975 /* type */ 976 n_type = (struct sadb_x_nat_t_type*) skb_put(skb, sizeof(*n_type)); 977 n_type->sadb_x_nat_t_type_len = sizeof(*n_type)/sizeof(uint64_t); 978 n_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 979 n_type->sadb_x_nat_t_type_type = natt->encap_type; 980 n_type->sadb_x_nat_t_type_reserved[0] = 0; 981 n_type->sadb_x_nat_t_type_reserved[1] = 0; 982 n_type->sadb_x_nat_t_type_reserved[2] = 0; 983 984 /* source port */ 985 n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port)); 986 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t); 987 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT; 988 n_port->sadb_x_nat_t_port_port = natt->encap_sport; 989 n_port->sadb_x_nat_t_port_reserved = 0; 990 991 /* dest port */ 992 n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port)); 993 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t); 994 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT; 995 n_port->sadb_x_nat_t_port_port = natt->encap_dport; 996 n_port->sadb_x_nat_t_port_reserved = 0; 997 } 998 999 /* security context */ 1000 if (xfrm_ctx) { 1001 sec_ctx = (struct sadb_x_sec_ctx *) skb_put(skb, 1002 sizeof(struct sadb_x_sec_ctx) + ctx_size); 1003 sec_ctx->sadb_x_sec_len = 1004 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t); 1005 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX; 1006 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi; 1007 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg; 1008 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len; 1009 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str, 1010 xfrm_ctx->ctx_len); 1011 } 1012 1013 return skb; 1014 } 1015 1016 static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr, 1017 void **ext_hdrs) 1018 { 1019 struct xfrm_state *x; 1020 struct sadb_lifetime *lifetime; 1021 struct sadb_sa *sa; 1022 struct sadb_key *key; 1023 struct sadb_x_sec_ctx *sec_ctx; 1024 uint16_t proto; 1025 int err; 1026 1027 1028 sa = (struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1]; 1029 if (!sa || 1030 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1031 ext_hdrs[SADB_EXT_ADDRESS_DST-1])) 1032 return ERR_PTR(-EINVAL); 1033 if (hdr->sadb_msg_satype == SADB_SATYPE_ESP && 1034 !ext_hdrs[SADB_EXT_KEY_ENCRYPT-1]) 1035 return ERR_PTR(-EINVAL); 1036 if (hdr->sadb_msg_satype == SADB_SATYPE_AH && 1037 !ext_hdrs[SADB_EXT_KEY_AUTH-1]) 1038 return ERR_PTR(-EINVAL); 1039 if (!!ext_hdrs[SADB_EXT_LIFETIME_HARD-1] != 1040 !!ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]) 1041 return ERR_PTR(-EINVAL); 1042 1043 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 1044 if (proto == 0) 1045 return ERR_PTR(-EINVAL); 1046 1047 /* default error is no buffer space */ 1048 err = -ENOBUFS; 1049 1050 /* RFC2367: 1051 1052 Only SADB_SASTATE_MATURE SAs may be submitted in an SADB_ADD message. 1053 SADB_SASTATE_LARVAL SAs are created by SADB_GETSPI and it is not 1054 sensible to add a new SA in the DYING or SADB_SASTATE_DEAD state. 1055 Therefore, the sadb_sa_state field of all submitted SAs MUST be 1056 SADB_SASTATE_MATURE and the kernel MUST return an error if this is 1057 not true. 1058 1059 However, KAME setkey always uses SADB_SASTATE_LARVAL. 1060 Hence, we have to _ignore_ sadb_sa_state, which is also reasonable. 1061 */ 1062 if (sa->sadb_sa_auth > SADB_AALG_MAX || 1063 (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP && 1064 sa->sadb_sa_encrypt > SADB_X_CALG_MAX) || 1065 sa->sadb_sa_encrypt > SADB_EALG_MAX) 1066 return ERR_PTR(-EINVAL); 1067 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1]; 1068 if (key != NULL && 1069 sa->sadb_sa_auth != SADB_X_AALG_NULL && 1070 ((key->sadb_key_bits+7) / 8 == 0 || 1071 (key->sadb_key_bits+7) / 8 > key->sadb_key_len * sizeof(uint64_t))) 1072 return ERR_PTR(-EINVAL); 1073 key = ext_hdrs[SADB_EXT_KEY_ENCRYPT-1]; 1074 if (key != NULL && 1075 sa->sadb_sa_encrypt != SADB_EALG_NULL && 1076 ((key->sadb_key_bits+7) / 8 == 0 || 1077 (key->sadb_key_bits+7) / 8 > key->sadb_key_len * sizeof(uint64_t))) 1078 return ERR_PTR(-EINVAL); 1079 1080 x = xfrm_state_alloc(); 1081 if (x == NULL) 1082 return ERR_PTR(-ENOBUFS); 1083 1084 x->id.proto = proto; 1085 x->id.spi = sa->sadb_sa_spi; 1086 x->props.replay_window = sa->sadb_sa_replay; 1087 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOECN) 1088 x->props.flags |= XFRM_STATE_NOECN; 1089 if (sa->sadb_sa_flags & SADB_SAFLAGS_DECAP_DSCP) 1090 x->props.flags |= XFRM_STATE_DECAP_DSCP; 1091 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC) 1092 x->props.flags |= XFRM_STATE_NOPMTUDISC; 1093 1094 lifetime = (struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_HARD-1]; 1095 if (lifetime != NULL) { 1096 x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); 1097 x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); 1098 x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime; 1099 x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime; 1100 } 1101 lifetime = (struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]; 1102 if (lifetime != NULL) { 1103 x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); 1104 x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); 1105 x->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime; 1106 x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime; 1107 } 1108 1109 sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1]; 1110 if (sec_ctx != NULL) { 1111 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx); 1112 1113 if (!uctx) 1114 goto out; 1115 1116 err = security_xfrm_state_alloc(x, uctx); 1117 kfree(uctx); 1118 1119 if (err) 1120 goto out; 1121 } 1122 1123 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1]; 1124 if (sa->sadb_sa_auth) { 1125 int keysize = 0; 1126 struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth); 1127 if (!a) { 1128 err = -ENOSYS; 1129 goto out; 1130 } 1131 if (key) 1132 keysize = (key->sadb_key_bits + 7) / 8; 1133 x->aalg = kmalloc(sizeof(*x->aalg) + keysize, GFP_KERNEL); 1134 if (!x->aalg) 1135 goto out; 1136 strcpy(x->aalg->alg_name, a->name); 1137 x->aalg->alg_key_len = 0; 1138 if (key) { 1139 x->aalg->alg_key_len = key->sadb_key_bits; 1140 memcpy(x->aalg->alg_key, key+1, keysize); 1141 } 1142 x->props.aalgo = sa->sadb_sa_auth; 1143 /* x->algo.flags = sa->sadb_sa_flags; */ 1144 } 1145 if (sa->sadb_sa_encrypt) { 1146 if (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) { 1147 struct xfrm_algo_desc *a = xfrm_calg_get_byid(sa->sadb_sa_encrypt); 1148 if (!a) { 1149 err = -ENOSYS; 1150 goto out; 1151 } 1152 x->calg = kmalloc(sizeof(*x->calg), GFP_KERNEL); 1153 if (!x->calg) 1154 goto out; 1155 strcpy(x->calg->alg_name, a->name); 1156 x->props.calgo = sa->sadb_sa_encrypt; 1157 } else { 1158 int keysize = 0; 1159 struct xfrm_algo_desc *a = xfrm_ealg_get_byid(sa->sadb_sa_encrypt); 1160 if (!a) { 1161 err = -ENOSYS; 1162 goto out; 1163 } 1164 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_ENCRYPT-1]; 1165 if (key) 1166 keysize = (key->sadb_key_bits + 7) / 8; 1167 x->ealg = kmalloc(sizeof(*x->ealg) + keysize, GFP_KERNEL); 1168 if (!x->ealg) 1169 goto out; 1170 strcpy(x->ealg->alg_name, a->name); 1171 x->ealg->alg_key_len = 0; 1172 if (key) { 1173 x->ealg->alg_key_len = key->sadb_key_bits; 1174 memcpy(x->ealg->alg_key, key+1, keysize); 1175 } 1176 x->props.ealgo = sa->sadb_sa_encrypt; 1177 } 1178 } 1179 /* x->algo.flags = sa->sadb_sa_flags; */ 1180 1181 x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1182 &x->props.saddr); 1183 if (!x->props.family) { 1184 err = -EAFNOSUPPORT; 1185 goto out; 1186 } 1187 pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1], 1188 &x->id.daddr); 1189 1190 if (ext_hdrs[SADB_X_EXT_SA2-1]) { 1191 struct sadb_x_sa2 *sa2 = (void*)ext_hdrs[SADB_X_EXT_SA2-1]; 1192 int mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode); 1193 if (mode < 0) { 1194 err = -EINVAL; 1195 goto out; 1196 } 1197 x->props.mode = mode; 1198 x->props.reqid = sa2->sadb_x_sa2_reqid; 1199 } 1200 1201 if (ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]) { 1202 struct sadb_address *addr = ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]; 1203 1204 /* Nobody uses this, but we try. */ 1205 x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr); 1206 x->sel.prefixlen_s = addr->sadb_address_prefixlen; 1207 } 1208 1209 if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) { 1210 struct sadb_x_nat_t_type* n_type; 1211 struct xfrm_encap_tmpl *natt; 1212 1213 x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL); 1214 if (!x->encap) 1215 goto out; 1216 1217 natt = x->encap; 1218 n_type = ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]; 1219 natt->encap_type = n_type->sadb_x_nat_t_type_type; 1220 1221 if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) { 1222 struct sadb_x_nat_t_port* n_port = 1223 ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]; 1224 natt->encap_sport = n_port->sadb_x_nat_t_port_port; 1225 } 1226 if (ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]) { 1227 struct sadb_x_nat_t_port* n_port = 1228 ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]; 1229 natt->encap_dport = n_port->sadb_x_nat_t_port_port; 1230 } 1231 } 1232 1233 err = xfrm_init_state(x); 1234 if (err) 1235 goto out; 1236 1237 x->km.seq = hdr->sadb_msg_seq; 1238 return x; 1239 1240 out: 1241 x->km.state = XFRM_STATE_DEAD; 1242 xfrm_state_put(x); 1243 return ERR_PTR(err); 1244 } 1245 1246 static int pfkey_reserved(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1247 { 1248 return -EOPNOTSUPP; 1249 } 1250 1251 static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1252 { 1253 struct sk_buff *resp_skb; 1254 struct sadb_x_sa2 *sa2; 1255 struct sadb_address *saddr, *daddr; 1256 struct sadb_msg *out_hdr; 1257 struct xfrm_state *x = NULL; 1258 int mode; 1259 u32 reqid; 1260 u8 proto; 1261 unsigned short family; 1262 xfrm_address_t *xsaddr = NULL, *xdaddr = NULL; 1263 1264 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1265 ext_hdrs[SADB_EXT_ADDRESS_DST-1])) 1266 return -EINVAL; 1267 1268 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 1269 if (proto == 0) 1270 return -EINVAL; 1271 1272 if ((sa2 = ext_hdrs[SADB_X_EXT_SA2-1]) != NULL) { 1273 mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode); 1274 if (mode < 0) 1275 return -EINVAL; 1276 reqid = sa2->sadb_x_sa2_reqid; 1277 } else { 1278 mode = 0; 1279 reqid = 0; 1280 } 1281 1282 saddr = ext_hdrs[SADB_EXT_ADDRESS_SRC-1]; 1283 daddr = ext_hdrs[SADB_EXT_ADDRESS_DST-1]; 1284 1285 family = ((struct sockaddr *)(saddr + 1))->sa_family; 1286 switch (family) { 1287 case AF_INET: 1288 xdaddr = (xfrm_address_t *)&((struct sockaddr_in *)(daddr + 1))->sin_addr.s_addr; 1289 xsaddr = (xfrm_address_t *)&((struct sockaddr_in *)(saddr + 1))->sin_addr.s_addr; 1290 break; 1291 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1292 case AF_INET6: 1293 xdaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(daddr + 1))->sin6_addr; 1294 xsaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(saddr + 1))->sin6_addr; 1295 break; 1296 #endif 1297 } 1298 1299 if (hdr->sadb_msg_seq) { 1300 x = xfrm_find_acq_byseq(hdr->sadb_msg_seq); 1301 if (x && xfrm_addr_cmp(&x->id.daddr, xdaddr, family)) { 1302 xfrm_state_put(x); 1303 x = NULL; 1304 } 1305 } 1306 1307 if (!x) 1308 x = xfrm_find_acq(mode, reqid, proto, xdaddr, xsaddr, 1, family); 1309 1310 if (x == NULL) 1311 return -ENOENT; 1312 1313 resp_skb = ERR_PTR(-ENOENT); 1314 1315 spin_lock_bh(&x->lock); 1316 if (x->km.state != XFRM_STATE_DEAD) { 1317 struct sadb_spirange *range = ext_hdrs[SADB_EXT_SPIRANGE-1]; 1318 u32 min_spi, max_spi; 1319 1320 if (range != NULL) { 1321 min_spi = range->sadb_spirange_min; 1322 max_spi = range->sadb_spirange_max; 1323 } else { 1324 min_spi = 0x100; 1325 max_spi = 0x0fffffff; 1326 } 1327 xfrm_alloc_spi(x, htonl(min_spi), htonl(max_spi)); 1328 if (x->id.spi) 1329 resp_skb = pfkey_xfrm_state2msg(x, 0, 3); 1330 } 1331 spin_unlock_bh(&x->lock); 1332 1333 if (IS_ERR(resp_skb)) { 1334 xfrm_state_put(x); 1335 return PTR_ERR(resp_skb); 1336 } 1337 1338 out_hdr = (struct sadb_msg *) resp_skb->data; 1339 out_hdr->sadb_msg_version = hdr->sadb_msg_version; 1340 out_hdr->sadb_msg_type = SADB_GETSPI; 1341 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto); 1342 out_hdr->sadb_msg_errno = 0; 1343 out_hdr->sadb_msg_reserved = 0; 1344 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq; 1345 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid; 1346 1347 xfrm_state_put(x); 1348 1349 pfkey_broadcast(resp_skb, GFP_KERNEL, BROADCAST_ONE, sk); 1350 1351 return 0; 1352 } 1353 1354 static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1355 { 1356 struct xfrm_state *x; 1357 1358 if (hdr->sadb_msg_len != sizeof(struct sadb_msg)/8) 1359 return -EOPNOTSUPP; 1360 1361 if (hdr->sadb_msg_seq == 0 || hdr->sadb_msg_errno == 0) 1362 return 0; 1363 1364 x = xfrm_find_acq_byseq(hdr->sadb_msg_seq); 1365 if (x == NULL) 1366 return 0; 1367 1368 spin_lock_bh(&x->lock); 1369 if (x->km.state == XFRM_STATE_ACQ) { 1370 x->km.state = XFRM_STATE_ERROR; 1371 wake_up(&km_waitq); 1372 } 1373 spin_unlock_bh(&x->lock); 1374 xfrm_state_put(x); 1375 return 0; 1376 } 1377 1378 static inline int event2poltype(int event) 1379 { 1380 switch (event) { 1381 case XFRM_MSG_DELPOLICY: 1382 return SADB_X_SPDDELETE; 1383 case XFRM_MSG_NEWPOLICY: 1384 return SADB_X_SPDADD; 1385 case XFRM_MSG_UPDPOLICY: 1386 return SADB_X_SPDUPDATE; 1387 case XFRM_MSG_POLEXPIRE: 1388 // return SADB_X_SPDEXPIRE; 1389 default: 1390 printk("pfkey: Unknown policy event %d\n", event); 1391 break; 1392 } 1393 1394 return 0; 1395 } 1396 1397 static inline int event2keytype(int event) 1398 { 1399 switch (event) { 1400 case XFRM_MSG_DELSA: 1401 return SADB_DELETE; 1402 case XFRM_MSG_NEWSA: 1403 return SADB_ADD; 1404 case XFRM_MSG_UPDSA: 1405 return SADB_UPDATE; 1406 case XFRM_MSG_EXPIRE: 1407 return SADB_EXPIRE; 1408 default: 1409 printk("pfkey: Unknown SA event %d\n", event); 1410 break; 1411 } 1412 1413 return 0; 1414 } 1415 1416 /* ADD/UPD/DEL */ 1417 static int key_notify_sa(struct xfrm_state *x, struct km_event *c) 1418 { 1419 struct sk_buff *skb; 1420 struct sadb_msg *hdr; 1421 int hsc = 3; 1422 1423 if (c->event == XFRM_MSG_DELSA) 1424 hsc = 0; 1425 1426 skb = pfkey_xfrm_state2msg(x, 0, hsc); 1427 1428 if (IS_ERR(skb)) 1429 return PTR_ERR(skb); 1430 1431 hdr = (struct sadb_msg *) skb->data; 1432 hdr->sadb_msg_version = PF_KEY_V2; 1433 hdr->sadb_msg_type = event2keytype(c->event); 1434 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); 1435 hdr->sadb_msg_errno = 0; 1436 hdr->sadb_msg_reserved = 0; 1437 hdr->sadb_msg_seq = c->seq; 1438 hdr->sadb_msg_pid = c->pid; 1439 1440 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL); 1441 1442 return 0; 1443 } 1444 1445 static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1446 { 1447 struct xfrm_state *x; 1448 int err; 1449 struct km_event c; 1450 1451 x = pfkey_msg2xfrm_state(hdr, ext_hdrs); 1452 if (IS_ERR(x)) 1453 return PTR_ERR(x); 1454 1455 xfrm_state_hold(x); 1456 if (hdr->sadb_msg_type == SADB_ADD) 1457 err = xfrm_state_add(x); 1458 else 1459 err = xfrm_state_update(x); 1460 1461 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 1462 AUDIT_MAC_IPSEC_ADDSA, err ? 0 : 1, NULL, x); 1463 1464 if (err < 0) { 1465 x->km.state = XFRM_STATE_DEAD; 1466 __xfrm_state_put(x); 1467 goto out; 1468 } 1469 1470 if (hdr->sadb_msg_type == SADB_ADD) 1471 c.event = XFRM_MSG_NEWSA; 1472 else 1473 c.event = XFRM_MSG_UPDSA; 1474 c.seq = hdr->sadb_msg_seq; 1475 c.pid = hdr->sadb_msg_pid; 1476 km_state_notify(x, &c); 1477 out: 1478 xfrm_state_put(x); 1479 return err; 1480 } 1481 1482 static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1483 { 1484 struct xfrm_state *x; 1485 struct km_event c; 1486 int err; 1487 1488 if (!ext_hdrs[SADB_EXT_SA-1] || 1489 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1490 ext_hdrs[SADB_EXT_ADDRESS_DST-1])) 1491 return -EINVAL; 1492 1493 x = pfkey_xfrm_state_lookup(hdr, ext_hdrs); 1494 if (x == NULL) 1495 return -ESRCH; 1496 1497 if ((err = security_xfrm_state_delete(x))) 1498 goto out; 1499 1500 if (xfrm_state_kern(x)) { 1501 err = -EPERM; 1502 goto out; 1503 } 1504 1505 err = xfrm_state_delete(x); 1506 1507 if (err < 0) 1508 goto out; 1509 1510 c.seq = hdr->sadb_msg_seq; 1511 c.pid = hdr->sadb_msg_pid; 1512 c.event = XFRM_MSG_DELSA; 1513 km_state_notify(x, &c); 1514 out: 1515 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 1516 AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x); 1517 xfrm_state_put(x); 1518 1519 return err; 1520 } 1521 1522 static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1523 { 1524 __u8 proto; 1525 struct sk_buff *out_skb; 1526 struct sadb_msg *out_hdr; 1527 struct xfrm_state *x; 1528 1529 if (!ext_hdrs[SADB_EXT_SA-1] || 1530 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1531 ext_hdrs[SADB_EXT_ADDRESS_DST-1])) 1532 return -EINVAL; 1533 1534 x = pfkey_xfrm_state_lookup(hdr, ext_hdrs); 1535 if (x == NULL) 1536 return -ESRCH; 1537 1538 out_skb = pfkey_xfrm_state2msg(x, 1, 3); 1539 proto = x->id.proto; 1540 xfrm_state_put(x); 1541 if (IS_ERR(out_skb)) 1542 return PTR_ERR(out_skb); 1543 1544 out_hdr = (struct sadb_msg *) out_skb->data; 1545 out_hdr->sadb_msg_version = hdr->sadb_msg_version; 1546 out_hdr->sadb_msg_type = SADB_DUMP; 1547 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto); 1548 out_hdr->sadb_msg_errno = 0; 1549 out_hdr->sadb_msg_reserved = 0; 1550 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq; 1551 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid; 1552 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk); 1553 1554 return 0; 1555 } 1556 1557 static struct sk_buff *compose_sadb_supported(struct sadb_msg *orig, 1558 gfp_t allocation) 1559 { 1560 struct sk_buff *skb; 1561 struct sadb_msg *hdr; 1562 int len, auth_len, enc_len, i; 1563 1564 auth_len = xfrm_count_auth_supported(); 1565 if (auth_len) { 1566 auth_len *= sizeof(struct sadb_alg); 1567 auth_len += sizeof(struct sadb_supported); 1568 } 1569 1570 enc_len = xfrm_count_enc_supported(); 1571 if (enc_len) { 1572 enc_len *= sizeof(struct sadb_alg); 1573 enc_len += sizeof(struct sadb_supported); 1574 } 1575 1576 len = enc_len + auth_len + sizeof(struct sadb_msg); 1577 1578 skb = alloc_skb(len + 16, allocation); 1579 if (!skb) 1580 goto out_put_algs; 1581 1582 hdr = (struct sadb_msg *) skb_put(skb, sizeof(*hdr)); 1583 pfkey_hdr_dup(hdr, orig); 1584 hdr->sadb_msg_errno = 0; 1585 hdr->sadb_msg_len = len / sizeof(uint64_t); 1586 1587 if (auth_len) { 1588 struct sadb_supported *sp; 1589 struct sadb_alg *ap; 1590 1591 sp = (struct sadb_supported *) skb_put(skb, auth_len); 1592 ap = (struct sadb_alg *) (sp + 1); 1593 1594 sp->sadb_supported_len = auth_len / sizeof(uint64_t); 1595 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 1596 1597 for (i = 0; ; i++) { 1598 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); 1599 if (!aalg) 1600 break; 1601 if (aalg->available) 1602 *ap++ = aalg->desc; 1603 } 1604 } 1605 1606 if (enc_len) { 1607 struct sadb_supported *sp; 1608 struct sadb_alg *ap; 1609 1610 sp = (struct sadb_supported *) skb_put(skb, enc_len); 1611 ap = (struct sadb_alg *) (sp + 1); 1612 1613 sp->sadb_supported_len = enc_len / sizeof(uint64_t); 1614 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 1615 1616 for (i = 0; ; i++) { 1617 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); 1618 if (!ealg) 1619 break; 1620 if (ealg->available) 1621 *ap++ = ealg->desc; 1622 } 1623 } 1624 1625 out_put_algs: 1626 return skb; 1627 } 1628 1629 static int pfkey_register(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1630 { 1631 struct pfkey_sock *pfk = pfkey_sk(sk); 1632 struct sk_buff *supp_skb; 1633 1634 if (hdr->sadb_msg_satype > SADB_SATYPE_MAX) 1635 return -EINVAL; 1636 1637 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) { 1638 if (pfk->registered&(1<<hdr->sadb_msg_satype)) 1639 return -EEXIST; 1640 pfk->registered |= (1<<hdr->sadb_msg_satype); 1641 } 1642 1643 xfrm_probe_algs(); 1644 1645 supp_skb = compose_sadb_supported(hdr, GFP_KERNEL); 1646 if (!supp_skb) { 1647 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) 1648 pfk->registered &= ~(1<<hdr->sadb_msg_satype); 1649 1650 return -ENOBUFS; 1651 } 1652 1653 pfkey_broadcast(supp_skb, GFP_KERNEL, BROADCAST_REGISTERED, sk); 1654 1655 return 0; 1656 } 1657 1658 static int key_notify_sa_flush(struct km_event *c) 1659 { 1660 struct sk_buff *skb; 1661 struct sadb_msg *hdr; 1662 1663 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC); 1664 if (!skb) 1665 return -ENOBUFS; 1666 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); 1667 hdr->sadb_msg_satype = pfkey_proto2satype(c->data.proto); 1668 hdr->sadb_msg_type = SADB_FLUSH; 1669 hdr->sadb_msg_seq = c->seq; 1670 hdr->sadb_msg_pid = c->pid; 1671 hdr->sadb_msg_version = PF_KEY_V2; 1672 hdr->sadb_msg_errno = (uint8_t) 0; 1673 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t)); 1674 1675 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL); 1676 1677 return 0; 1678 } 1679 1680 static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1681 { 1682 unsigned proto; 1683 struct km_event c; 1684 struct xfrm_audit audit_info; 1685 int err; 1686 1687 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 1688 if (proto == 0) 1689 return -EINVAL; 1690 1691 audit_info.loginuid = audit_get_loginuid(current->audit_context); 1692 audit_info.secid = 0; 1693 err = xfrm_state_flush(proto, &audit_info); 1694 if (err) 1695 return err; 1696 c.data.proto = proto; 1697 c.seq = hdr->sadb_msg_seq; 1698 c.pid = hdr->sadb_msg_pid; 1699 c.event = XFRM_MSG_FLUSHSA; 1700 km_state_notify(NULL, &c); 1701 1702 return 0; 1703 } 1704 1705 struct pfkey_dump_data 1706 { 1707 struct sk_buff *skb; 1708 struct sadb_msg *hdr; 1709 struct sock *sk; 1710 }; 1711 1712 static int dump_sa(struct xfrm_state *x, int count, void *ptr) 1713 { 1714 struct pfkey_dump_data *data = ptr; 1715 struct sk_buff *out_skb; 1716 struct sadb_msg *out_hdr; 1717 1718 out_skb = pfkey_xfrm_state2msg(x, 1, 3); 1719 if (IS_ERR(out_skb)) 1720 return PTR_ERR(out_skb); 1721 1722 out_hdr = (struct sadb_msg *) out_skb->data; 1723 out_hdr->sadb_msg_version = data->hdr->sadb_msg_version; 1724 out_hdr->sadb_msg_type = SADB_DUMP; 1725 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); 1726 out_hdr->sadb_msg_errno = 0; 1727 out_hdr->sadb_msg_reserved = 0; 1728 out_hdr->sadb_msg_seq = count; 1729 out_hdr->sadb_msg_pid = data->hdr->sadb_msg_pid; 1730 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, data->sk); 1731 return 0; 1732 } 1733 1734 static int pfkey_dump(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1735 { 1736 u8 proto; 1737 struct pfkey_dump_data data = { .skb = skb, .hdr = hdr, .sk = sk }; 1738 1739 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 1740 if (proto == 0) 1741 return -EINVAL; 1742 1743 return xfrm_state_walk(proto, dump_sa, &data); 1744 } 1745 1746 static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1747 { 1748 struct pfkey_sock *pfk = pfkey_sk(sk); 1749 int satype = hdr->sadb_msg_satype; 1750 1751 if (hdr->sadb_msg_len == (sizeof(*hdr) / sizeof(uint64_t))) { 1752 /* XXX we mangle packet... */ 1753 hdr->sadb_msg_errno = 0; 1754 if (satype != 0 && satype != 1) 1755 return -EINVAL; 1756 pfk->promisc = satype; 1757 } 1758 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL, BROADCAST_ALL, NULL); 1759 return 0; 1760 } 1761 1762 static int check_reqid(struct xfrm_policy *xp, int dir, int count, void *ptr) 1763 { 1764 int i; 1765 u32 reqid = *(u32*)ptr; 1766 1767 for (i=0; i<xp->xfrm_nr; i++) { 1768 if (xp->xfrm_vec[i].reqid == reqid) 1769 return -EEXIST; 1770 } 1771 return 0; 1772 } 1773 1774 static u32 gen_reqid(void) 1775 { 1776 u32 start; 1777 static u32 reqid = IPSEC_MANUAL_REQID_MAX; 1778 1779 start = reqid; 1780 do { 1781 ++reqid; 1782 if (reqid == 0) 1783 reqid = IPSEC_MANUAL_REQID_MAX+1; 1784 if (xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, check_reqid, 1785 (void*)&reqid) != -EEXIST) 1786 return reqid; 1787 } while (reqid != start); 1788 return 0; 1789 } 1790 1791 static int 1792 parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq) 1793 { 1794 struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr; 1795 struct sockaddr_in *sin; 1796 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1797 struct sockaddr_in6 *sin6; 1798 #endif 1799 int mode; 1800 1801 if (xp->xfrm_nr >= XFRM_MAX_DEPTH) 1802 return -ELOOP; 1803 1804 if (rq->sadb_x_ipsecrequest_mode == 0) 1805 return -EINVAL; 1806 1807 t->id.proto = rq->sadb_x_ipsecrequest_proto; /* XXX check proto */ 1808 if ((mode = pfkey_mode_to_xfrm(rq->sadb_x_ipsecrequest_mode)) < 0) 1809 return -EINVAL; 1810 t->mode = mode; 1811 if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_USE) 1812 t->optional = 1; 1813 else if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_UNIQUE) { 1814 t->reqid = rq->sadb_x_ipsecrequest_reqid; 1815 if (t->reqid > IPSEC_MANUAL_REQID_MAX) 1816 t->reqid = 0; 1817 if (!t->reqid && !(t->reqid = gen_reqid())) 1818 return -ENOBUFS; 1819 } 1820 1821 /* addresses present only in tunnel mode */ 1822 if (t->mode == XFRM_MODE_TUNNEL) { 1823 struct sockaddr *sa; 1824 sa = (struct sockaddr *)(rq+1); 1825 switch(sa->sa_family) { 1826 case AF_INET: 1827 sin = (struct sockaddr_in*)sa; 1828 t->saddr.a4 = sin->sin_addr.s_addr; 1829 sin++; 1830 if (sin->sin_family != AF_INET) 1831 return -EINVAL; 1832 t->id.daddr.a4 = sin->sin_addr.s_addr; 1833 break; 1834 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1835 case AF_INET6: 1836 sin6 = (struct sockaddr_in6*)sa; 1837 memcpy(t->saddr.a6, &sin6->sin6_addr, sizeof(struct in6_addr)); 1838 sin6++; 1839 if (sin6->sin6_family != AF_INET6) 1840 return -EINVAL; 1841 memcpy(t->id.daddr.a6, &sin6->sin6_addr, sizeof(struct in6_addr)); 1842 break; 1843 #endif 1844 default: 1845 return -EINVAL; 1846 } 1847 t->encap_family = sa->sa_family; 1848 } else 1849 t->encap_family = xp->family; 1850 1851 /* No way to set this via kame pfkey */ 1852 t->aalgos = t->ealgos = t->calgos = ~0; 1853 xp->xfrm_nr++; 1854 return 0; 1855 } 1856 1857 static int 1858 parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol) 1859 { 1860 int err; 1861 int len = pol->sadb_x_policy_len*8 - sizeof(struct sadb_x_policy); 1862 struct sadb_x_ipsecrequest *rq = (void*)(pol+1); 1863 1864 while (len >= sizeof(struct sadb_x_ipsecrequest)) { 1865 if ((err = parse_ipsecrequest(xp, rq)) < 0) 1866 return err; 1867 len -= rq->sadb_x_ipsecrequest_len; 1868 rq = (void*)((u8*)rq + rq->sadb_x_ipsecrequest_len); 1869 } 1870 return 0; 1871 } 1872 1873 static inline int pfkey_xfrm_policy2sec_ctx_size(struct xfrm_policy *xp) 1874 { 1875 struct xfrm_sec_ctx *xfrm_ctx = xp->security; 1876 1877 if (xfrm_ctx) { 1878 int len = sizeof(struct sadb_x_sec_ctx); 1879 len += xfrm_ctx->ctx_len; 1880 return PFKEY_ALIGN8(len); 1881 } 1882 return 0; 1883 } 1884 1885 static int pfkey_xfrm_policy2msg_size(struct xfrm_policy *xp) 1886 { 1887 struct xfrm_tmpl *t; 1888 int sockaddr_size = pfkey_sockaddr_size(xp->family); 1889 int socklen = 0; 1890 int i; 1891 1892 for (i=0; i<xp->xfrm_nr; i++) { 1893 t = xp->xfrm_vec + i; 1894 socklen += (t->encap_family == AF_INET ? 1895 sizeof(struct sockaddr_in) : 1896 sizeof(struct sockaddr_in6)); 1897 } 1898 1899 return sizeof(struct sadb_msg) + 1900 (sizeof(struct sadb_lifetime) * 3) + 1901 (sizeof(struct sadb_address) * 2) + 1902 (sockaddr_size * 2) + 1903 sizeof(struct sadb_x_policy) + 1904 (xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) + 1905 (socklen * 2) + 1906 pfkey_xfrm_policy2sec_ctx_size(xp); 1907 } 1908 1909 static struct sk_buff * pfkey_xfrm_policy2msg_prep(struct xfrm_policy *xp) 1910 { 1911 struct sk_buff *skb; 1912 int size; 1913 1914 size = pfkey_xfrm_policy2msg_size(xp); 1915 1916 skb = alloc_skb(size + 16, GFP_ATOMIC); 1917 if (skb == NULL) 1918 return ERR_PTR(-ENOBUFS); 1919 1920 return skb; 1921 } 1922 1923 static int pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, int dir) 1924 { 1925 struct sadb_msg *hdr; 1926 struct sadb_address *addr; 1927 struct sadb_lifetime *lifetime; 1928 struct sadb_x_policy *pol; 1929 struct sockaddr_in *sin; 1930 struct sadb_x_sec_ctx *sec_ctx; 1931 struct xfrm_sec_ctx *xfrm_ctx; 1932 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1933 struct sockaddr_in6 *sin6; 1934 #endif 1935 int i; 1936 int size; 1937 int sockaddr_size = pfkey_sockaddr_size(xp->family); 1938 int socklen = (xp->family == AF_INET ? 1939 sizeof(struct sockaddr_in) : 1940 sizeof(struct sockaddr_in6)); 1941 1942 size = pfkey_xfrm_policy2msg_size(xp); 1943 1944 /* call should fill header later */ 1945 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); 1946 memset(hdr, 0, size); /* XXX do we need this ? */ 1947 1948 /* src address */ 1949 addr = (struct sadb_address*) skb_put(skb, 1950 sizeof(struct sadb_address)+sockaddr_size); 1951 addr->sadb_address_len = 1952 (sizeof(struct sadb_address)+sockaddr_size)/ 1953 sizeof(uint64_t); 1954 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 1955 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto); 1956 addr->sadb_address_prefixlen = xp->selector.prefixlen_s; 1957 addr->sadb_address_reserved = 0; 1958 /* src address */ 1959 if (xp->family == AF_INET) { 1960 sin = (struct sockaddr_in *) (addr + 1); 1961 sin->sin_family = AF_INET; 1962 sin->sin_addr.s_addr = xp->selector.saddr.a4; 1963 sin->sin_port = xp->selector.sport; 1964 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 1965 } 1966 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1967 else if (xp->family == AF_INET6) { 1968 sin6 = (struct sockaddr_in6 *) (addr + 1); 1969 sin6->sin6_family = AF_INET6; 1970 sin6->sin6_port = xp->selector.sport; 1971 sin6->sin6_flowinfo = 0; 1972 memcpy(&sin6->sin6_addr, xp->selector.saddr.a6, 1973 sizeof(struct in6_addr)); 1974 sin6->sin6_scope_id = 0; 1975 } 1976 #endif 1977 else 1978 BUG(); 1979 1980 /* dst address */ 1981 addr = (struct sadb_address*) skb_put(skb, 1982 sizeof(struct sadb_address)+sockaddr_size); 1983 addr->sadb_address_len = 1984 (sizeof(struct sadb_address)+sockaddr_size)/ 1985 sizeof(uint64_t); 1986 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 1987 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto); 1988 addr->sadb_address_prefixlen = xp->selector.prefixlen_d; 1989 addr->sadb_address_reserved = 0; 1990 if (xp->family == AF_INET) { 1991 sin = (struct sockaddr_in *) (addr + 1); 1992 sin->sin_family = AF_INET; 1993 sin->sin_addr.s_addr = xp->selector.daddr.a4; 1994 sin->sin_port = xp->selector.dport; 1995 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 1996 } 1997 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1998 else if (xp->family == AF_INET6) { 1999 sin6 = (struct sockaddr_in6 *) (addr + 1); 2000 sin6->sin6_family = AF_INET6; 2001 sin6->sin6_port = xp->selector.dport; 2002 sin6->sin6_flowinfo = 0; 2003 memcpy(&sin6->sin6_addr, xp->selector.daddr.a6, 2004 sizeof(struct in6_addr)); 2005 sin6->sin6_scope_id = 0; 2006 } 2007 #endif 2008 else 2009 BUG(); 2010 2011 /* hard time */ 2012 lifetime = (struct sadb_lifetime *) skb_put(skb, 2013 sizeof(struct sadb_lifetime)); 2014 lifetime->sadb_lifetime_len = 2015 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 2016 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2017 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.hard_packet_limit); 2018 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.hard_byte_limit); 2019 lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds; 2020 lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds; 2021 /* soft time */ 2022 lifetime = (struct sadb_lifetime *) skb_put(skb, 2023 sizeof(struct sadb_lifetime)); 2024 lifetime->sadb_lifetime_len = 2025 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 2026 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 2027 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.soft_packet_limit); 2028 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.soft_byte_limit); 2029 lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds; 2030 lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds; 2031 /* current time */ 2032 lifetime = (struct sadb_lifetime *) skb_put(skb, 2033 sizeof(struct sadb_lifetime)); 2034 lifetime->sadb_lifetime_len = 2035 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 2036 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2037 lifetime->sadb_lifetime_allocations = xp->curlft.packets; 2038 lifetime->sadb_lifetime_bytes = xp->curlft.bytes; 2039 lifetime->sadb_lifetime_addtime = xp->curlft.add_time; 2040 lifetime->sadb_lifetime_usetime = xp->curlft.use_time; 2041 2042 pol = (struct sadb_x_policy *) skb_put(skb, sizeof(struct sadb_x_policy)); 2043 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t); 2044 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 2045 pol->sadb_x_policy_type = IPSEC_POLICY_DISCARD; 2046 if (xp->action == XFRM_POLICY_ALLOW) { 2047 if (xp->xfrm_nr) 2048 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; 2049 else 2050 pol->sadb_x_policy_type = IPSEC_POLICY_NONE; 2051 } 2052 pol->sadb_x_policy_dir = dir+1; 2053 pol->sadb_x_policy_id = xp->index; 2054 pol->sadb_x_policy_priority = xp->priority; 2055 2056 for (i=0; i<xp->xfrm_nr; i++) { 2057 struct sadb_x_ipsecrequest *rq; 2058 struct xfrm_tmpl *t = xp->xfrm_vec + i; 2059 int req_size; 2060 int mode; 2061 2062 req_size = sizeof(struct sadb_x_ipsecrequest); 2063 if (t->mode == XFRM_MODE_TUNNEL) 2064 req_size += ((t->encap_family == AF_INET ? 2065 sizeof(struct sockaddr_in) : 2066 sizeof(struct sockaddr_in6)) * 2); 2067 else 2068 size -= 2*socklen; 2069 rq = (void*)skb_put(skb, req_size); 2070 pol->sadb_x_policy_len += req_size/8; 2071 memset(rq, 0, sizeof(*rq)); 2072 rq->sadb_x_ipsecrequest_len = req_size; 2073 rq->sadb_x_ipsecrequest_proto = t->id.proto; 2074 if ((mode = pfkey_mode_from_xfrm(t->mode)) < 0) 2075 return -EINVAL; 2076 rq->sadb_x_ipsecrequest_mode = mode; 2077 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE; 2078 if (t->reqid) 2079 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE; 2080 if (t->optional) 2081 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_USE; 2082 rq->sadb_x_ipsecrequest_reqid = t->reqid; 2083 if (t->mode == XFRM_MODE_TUNNEL) { 2084 switch (t->encap_family) { 2085 case AF_INET: 2086 sin = (void*)(rq+1); 2087 sin->sin_family = AF_INET; 2088 sin->sin_addr.s_addr = t->saddr.a4; 2089 sin->sin_port = 0; 2090 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 2091 sin++; 2092 sin->sin_family = AF_INET; 2093 sin->sin_addr.s_addr = t->id.daddr.a4; 2094 sin->sin_port = 0; 2095 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 2096 break; 2097 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 2098 case AF_INET6: 2099 sin6 = (void*)(rq+1); 2100 sin6->sin6_family = AF_INET6; 2101 sin6->sin6_port = 0; 2102 sin6->sin6_flowinfo = 0; 2103 memcpy(&sin6->sin6_addr, t->saddr.a6, 2104 sizeof(struct in6_addr)); 2105 sin6->sin6_scope_id = 0; 2106 2107 sin6++; 2108 sin6->sin6_family = AF_INET6; 2109 sin6->sin6_port = 0; 2110 sin6->sin6_flowinfo = 0; 2111 memcpy(&sin6->sin6_addr, t->id.daddr.a6, 2112 sizeof(struct in6_addr)); 2113 sin6->sin6_scope_id = 0; 2114 break; 2115 #endif 2116 default: 2117 break; 2118 } 2119 } 2120 } 2121 2122 /* security context */ 2123 if ((xfrm_ctx = xp->security)) { 2124 int ctx_size = pfkey_xfrm_policy2sec_ctx_size(xp); 2125 2126 sec_ctx = (struct sadb_x_sec_ctx *) skb_put(skb, ctx_size); 2127 sec_ctx->sadb_x_sec_len = ctx_size / sizeof(uint64_t); 2128 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX; 2129 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi; 2130 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg; 2131 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len; 2132 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str, 2133 xfrm_ctx->ctx_len); 2134 } 2135 2136 hdr->sadb_msg_len = size / sizeof(uint64_t); 2137 hdr->sadb_msg_reserved = atomic_read(&xp->refcnt); 2138 2139 return 0; 2140 } 2141 2142 static int key_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) 2143 { 2144 struct sk_buff *out_skb; 2145 struct sadb_msg *out_hdr; 2146 int err; 2147 2148 out_skb = pfkey_xfrm_policy2msg_prep(xp); 2149 if (IS_ERR(out_skb)) { 2150 err = PTR_ERR(out_skb); 2151 goto out; 2152 } 2153 err = pfkey_xfrm_policy2msg(out_skb, xp, dir); 2154 if (err < 0) 2155 return err; 2156 2157 out_hdr = (struct sadb_msg *) out_skb->data; 2158 out_hdr->sadb_msg_version = PF_KEY_V2; 2159 2160 if (c->data.byid && c->event == XFRM_MSG_DELPOLICY) 2161 out_hdr->sadb_msg_type = SADB_X_SPDDELETE2; 2162 else 2163 out_hdr->sadb_msg_type = event2poltype(c->event); 2164 out_hdr->sadb_msg_errno = 0; 2165 out_hdr->sadb_msg_seq = c->seq; 2166 out_hdr->sadb_msg_pid = c->pid; 2167 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL); 2168 out: 2169 return 0; 2170 2171 } 2172 2173 static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2174 { 2175 int err = 0; 2176 struct sadb_lifetime *lifetime; 2177 struct sadb_address *sa; 2178 struct sadb_x_policy *pol; 2179 struct xfrm_policy *xp; 2180 struct km_event c; 2181 struct sadb_x_sec_ctx *sec_ctx; 2182 2183 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 2184 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) || 2185 !ext_hdrs[SADB_X_EXT_POLICY-1]) 2186 return -EINVAL; 2187 2188 pol = ext_hdrs[SADB_X_EXT_POLICY-1]; 2189 if (pol->sadb_x_policy_type > IPSEC_POLICY_IPSEC) 2190 return -EINVAL; 2191 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) 2192 return -EINVAL; 2193 2194 xp = xfrm_policy_alloc(GFP_KERNEL); 2195 if (xp == NULL) 2196 return -ENOBUFS; 2197 2198 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ? 2199 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW); 2200 xp->priority = pol->sadb_x_policy_priority; 2201 2202 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 2203 xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr); 2204 if (!xp->family) { 2205 err = -EINVAL; 2206 goto out; 2207 } 2208 xp->selector.family = xp->family; 2209 xp->selector.prefixlen_s = sa->sadb_address_prefixlen; 2210 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2211 xp->selector.sport = ((struct sockaddr_in *)(sa+1))->sin_port; 2212 if (xp->selector.sport) 2213 xp->selector.sport_mask = htons(0xffff); 2214 2215 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1], 2216 pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr); 2217 xp->selector.prefixlen_d = sa->sadb_address_prefixlen; 2218 2219 /* Amusing, we set this twice. KAME apps appear to set same value 2220 * in both addresses. 2221 */ 2222 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2223 2224 xp->selector.dport = ((struct sockaddr_in *)(sa+1))->sin_port; 2225 if (xp->selector.dport) 2226 xp->selector.dport_mask = htons(0xffff); 2227 2228 sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1]; 2229 if (sec_ctx != NULL) { 2230 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx); 2231 2232 if (!uctx) { 2233 err = -ENOBUFS; 2234 goto out; 2235 } 2236 2237 err = security_xfrm_policy_alloc(xp, uctx); 2238 kfree(uctx); 2239 2240 if (err) 2241 goto out; 2242 } 2243 2244 xp->lft.soft_byte_limit = XFRM_INF; 2245 xp->lft.hard_byte_limit = XFRM_INF; 2246 xp->lft.soft_packet_limit = XFRM_INF; 2247 xp->lft.hard_packet_limit = XFRM_INF; 2248 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD-1]) != NULL) { 2249 xp->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); 2250 xp->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); 2251 xp->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime; 2252 xp->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime; 2253 } 2254 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]) != NULL) { 2255 xp->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); 2256 xp->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); 2257 xp->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime; 2258 xp->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime; 2259 } 2260 xp->xfrm_nr = 0; 2261 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 2262 (err = parse_ipsecrequests(xp, pol)) < 0) 2263 goto out; 2264 2265 err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp, 2266 hdr->sadb_msg_type != SADB_X_SPDUPDATE); 2267 2268 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 2269 AUDIT_MAC_IPSEC_ADDSPD, err ? 0 : 1, xp, NULL); 2270 2271 if (err) 2272 goto out; 2273 2274 if (hdr->sadb_msg_type == SADB_X_SPDUPDATE) 2275 c.event = XFRM_MSG_UPDPOLICY; 2276 else 2277 c.event = XFRM_MSG_NEWPOLICY; 2278 2279 c.seq = hdr->sadb_msg_seq; 2280 c.pid = hdr->sadb_msg_pid; 2281 2282 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c); 2283 xfrm_pol_put(xp); 2284 return 0; 2285 2286 out: 2287 security_xfrm_policy_free(xp); 2288 kfree(xp); 2289 return err; 2290 } 2291 2292 static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2293 { 2294 int err; 2295 struct sadb_address *sa; 2296 struct sadb_x_policy *pol; 2297 struct xfrm_policy *xp, tmp; 2298 struct xfrm_selector sel; 2299 struct km_event c; 2300 struct sadb_x_sec_ctx *sec_ctx; 2301 2302 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 2303 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) || 2304 !ext_hdrs[SADB_X_EXT_POLICY-1]) 2305 return -EINVAL; 2306 2307 pol = ext_hdrs[SADB_X_EXT_POLICY-1]; 2308 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) 2309 return -EINVAL; 2310 2311 memset(&sel, 0, sizeof(sel)); 2312 2313 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 2314 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr); 2315 sel.prefixlen_s = sa->sadb_address_prefixlen; 2316 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2317 sel.sport = ((struct sockaddr_in *)(sa+1))->sin_port; 2318 if (sel.sport) 2319 sel.sport_mask = htons(0xffff); 2320 2321 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1], 2322 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr); 2323 sel.prefixlen_d = sa->sadb_address_prefixlen; 2324 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2325 sel.dport = ((struct sockaddr_in *)(sa+1))->sin_port; 2326 if (sel.dport) 2327 sel.dport_mask = htons(0xffff); 2328 2329 sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1]; 2330 memset(&tmp, 0, sizeof(struct xfrm_policy)); 2331 2332 if (sec_ctx != NULL) { 2333 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx); 2334 2335 if (!uctx) 2336 return -ENOMEM; 2337 2338 err = security_xfrm_policy_alloc(&tmp, uctx); 2339 kfree(uctx); 2340 2341 if (err) 2342 return err; 2343 } 2344 2345 xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1, 2346 &sel, tmp.security, 1, &err); 2347 security_xfrm_policy_free(&tmp); 2348 2349 if (xp == NULL) 2350 return -ENOENT; 2351 2352 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 2353 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); 2354 2355 if (err) 2356 goto out; 2357 2358 c.seq = hdr->sadb_msg_seq; 2359 c.pid = hdr->sadb_msg_pid; 2360 c.event = XFRM_MSG_DELPOLICY; 2361 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c); 2362 2363 out: 2364 xfrm_pol_put(xp); 2365 return err; 2366 } 2367 2368 static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, struct sadb_msg *hdr, int dir) 2369 { 2370 int err; 2371 struct sk_buff *out_skb; 2372 struct sadb_msg *out_hdr; 2373 err = 0; 2374 2375 out_skb = pfkey_xfrm_policy2msg_prep(xp); 2376 if (IS_ERR(out_skb)) { 2377 err = PTR_ERR(out_skb); 2378 goto out; 2379 } 2380 err = pfkey_xfrm_policy2msg(out_skb, xp, dir); 2381 if (err < 0) 2382 goto out; 2383 2384 out_hdr = (struct sadb_msg *) out_skb->data; 2385 out_hdr->sadb_msg_version = hdr->sadb_msg_version; 2386 out_hdr->sadb_msg_type = hdr->sadb_msg_type; 2387 out_hdr->sadb_msg_satype = 0; 2388 out_hdr->sadb_msg_errno = 0; 2389 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq; 2390 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid; 2391 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk); 2392 err = 0; 2393 2394 out: 2395 return err; 2396 } 2397 2398 #ifdef CONFIG_NET_KEY_MIGRATE 2399 static int pfkey_sockaddr_pair_size(sa_family_t family) 2400 { 2401 switch (family) { 2402 case AF_INET: 2403 return PFKEY_ALIGN8(sizeof(struct sockaddr_in) * 2); 2404 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 2405 case AF_INET6: 2406 return PFKEY_ALIGN8(sizeof(struct sockaddr_in6) * 2); 2407 #endif 2408 default: 2409 return 0; 2410 } 2411 /* NOTREACHED */ 2412 } 2413 2414 static int parse_sockaddr_pair(struct sadb_x_ipsecrequest *rq, 2415 xfrm_address_t *saddr, xfrm_address_t *daddr, 2416 u16 *family) 2417 { 2418 struct sockaddr *sa = (struct sockaddr *)(rq + 1); 2419 if (rq->sadb_x_ipsecrequest_len < 2420 pfkey_sockaddr_pair_size(sa->sa_family)) 2421 return -EINVAL; 2422 2423 switch (sa->sa_family) { 2424 case AF_INET: 2425 { 2426 struct sockaddr_in *sin; 2427 sin = (struct sockaddr_in *)sa; 2428 if ((sin+1)->sin_family != AF_INET) 2429 return -EINVAL; 2430 memcpy(&saddr->a4, &sin->sin_addr, sizeof(saddr->a4)); 2431 sin++; 2432 memcpy(&daddr->a4, &sin->sin_addr, sizeof(daddr->a4)); 2433 *family = AF_INET; 2434 break; 2435 } 2436 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 2437 case AF_INET6: 2438 { 2439 struct sockaddr_in6 *sin6; 2440 sin6 = (struct sockaddr_in6 *)sa; 2441 if ((sin6+1)->sin6_family != AF_INET6) 2442 return -EINVAL; 2443 memcpy(&saddr->a6, &sin6->sin6_addr, 2444 sizeof(saddr->a6)); 2445 sin6++; 2446 memcpy(&daddr->a6, &sin6->sin6_addr, 2447 sizeof(daddr->a6)); 2448 *family = AF_INET6; 2449 break; 2450 } 2451 #endif 2452 default: 2453 return -EINVAL; 2454 } 2455 2456 return 0; 2457 } 2458 2459 static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len, 2460 struct xfrm_migrate *m) 2461 { 2462 int err; 2463 struct sadb_x_ipsecrequest *rq2; 2464 int mode; 2465 2466 if (len <= sizeof(struct sadb_x_ipsecrequest) || 2467 len < rq1->sadb_x_ipsecrequest_len) 2468 return -EINVAL; 2469 2470 /* old endoints */ 2471 err = parse_sockaddr_pair(rq1, &m->old_saddr, &m->old_daddr, 2472 &m->old_family); 2473 if (err) 2474 return err; 2475 2476 rq2 = (struct sadb_x_ipsecrequest *)((u8 *)rq1 + rq1->sadb_x_ipsecrequest_len); 2477 len -= rq1->sadb_x_ipsecrequest_len; 2478 2479 if (len <= sizeof(struct sadb_x_ipsecrequest) || 2480 len < rq2->sadb_x_ipsecrequest_len) 2481 return -EINVAL; 2482 2483 /* new endpoints */ 2484 err = parse_sockaddr_pair(rq2, &m->new_saddr, &m->new_daddr, 2485 &m->new_family); 2486 if (err) 2487 return err; 2488 2489 if (rq1->sadb_x_ipsecrequest_proto != rq2->sadb_x_ipsecrequest_proto || 2490 rq1->sadb_x_ipsecrequest_mode != rq2->sadb_x_ipsecrequest_mode || 2491 rq1->sadb_x_ipsecrequest_reqid != rq2->sadb_x_ipsecrequest_reqid) 2492 return -EINVAL; 2493 2494 m->proto = rq1->sadb_x_ipsecrequest_proto; 2495 if ((mode = pfkey_mode_to_xfrm(rq1->sadb_x_ipsecrequest_mode)) < 0) 2496 return -EINVAL; 2497 m->mode = mode; 2498 m->reqid = rq1->sadb_x_ipsecrequest_reqid; 2499 2500 return ((int)(rq1->sadb_x_ipsecrequest_len + 2501 rq2->sadb_x_ipsecrequest_len)); 2502 } 2503 2504 static int pfkey_migrate(struct sock *sk, struct sk_buff *skb, 2505 struct sadb_msg *hdr, void **ext_hdrs) 2506 { 2507 int i, len, ret, err = -EINVAL; 2508 u8 dir; 2509 struct sadb_address *sa; 2510 struct sadb_x_policy *pol; 2511 struct sadb_x_ipsecrequest *rq; 2512 struct xfrm_selector sel; 2513 struct xfrm_migrate m[XFRM_MAX_DEPTH]; 2514 2515 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1], 2516 ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) || 2517 !ext_hdrs[SADB_X_EXT_POLICY - 1]) { 2518 err = -EINVAL; 2519 goto out; 2520 } 2521 2522 pol = ext_hdrs[SADB_X_EXT_POLICY - 1]; 2523 if (!pol) { 2524 err = -EINVAL; 2525 goto out; 2526 } 2527 2528 if (pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) { 2529 err = -EINVAL; 2530 goto out; 2531 } 2532 2533 dir = pol->sadb_x_policy_dir - 1; 2534 memset(&sel, 0, sizeof(sel)); 2535 2536 /* set source address info of selector */ 2537 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC - 1]; 2538 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr); 2539 sel.prefixlen_s = sa->sadb_address_prefixlen; 2540 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2541 sel.sport = ((struct sockaddr_in *)(sa + 1))->sin_port; 2542 if (sel.sport) 2543 sel.sport_mask = htons(0xffff); 2544 2545 /* set destination address info of selector */ 2546 sa = ext_hdrs[SADB_EXT_ADDRESS_DST - 1], 2547 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr); 2548 sel.prefixlen_d = sa->sadb_address_prefixlen; 2549 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2550 sel.dport = ((struct sockaddr_in *)(sa + 1))->sin_port; 2551 if (sel.dport) 2552 sel.dport_mask = htons(0xffff); 2553 2554 rq = (struct sadb_x_ipsecrequest *)(pol + 1); 2555 2556 /* extract ipsecrequests */ 2557 i = 0; 2558 len = pol->sadb_x_policy_len * 8 - sizeof(struct sadb_x_policy); 2559 2560 while (len > 0 && i < XFRM_MAX_DEPTH) { 2561 ret = ipsecrequests_to_migrate(rq, len, &m[i]); 2562 if (ret < 0) { 2563 err = ret; 2564 goto out; 2565 } else { 2566 rq = (struct sadb_x_ipsecrequest *)((u8 *)rq + ret); 2567 len -= ret; 2568 i++; 2569 } 2570 } 2571 2572 if (!i || len > 0) { 2573 err = -EINVAL; 2574 goto out; 2575 } 2576 2577 return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i); 2578 2579 out: 2580 return err; 2581 } 2582 #else 2583 static int pfkey_migrate(struct sock *sk, struct sk_buff *skb, 2584 struct sadb_msg *hdr, void **ext_hdrs) 2585 { 2586 return -ENOPROTOOPT; 2587 } 2588 #endif 2589 2590 2591 static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2592 { 2593 unsigned int dir; 2594 int err = 0, delete; 2595 struct sadb_x_policy *pol; 2596 struct xfrm_policy *xp; 2597 struct km_event c; 2598 2599 if ((pol = ext_hdrs[SADB_X_EXT_POLICY-1]) == NULL) 2600 return -EINVAL; 2601 2602 dir = xfrm_policy_id2dir(pol->sadb_x_policy_id); 2603 if (dir >= XFRM_POLICY_MAX) 2604 return -EINVAL; 2605 2606 delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2); 2607 xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir, pol->sadb_x_policy_id, 2608 delete, &err); 2609 if (xp == NULL) 2610 return -ENOENT; 2611 2612 if (delete) { 2613 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 2614 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); 2615 2616 if (err) 2617 goto out; 2618 c.seq = hdr->sadb_msg_seq; 2619 c.pid = hdr->sadb_msg_pid; 2620 c.data.byid = 1; 2621 c.event = XFRM_MSG_DELPOLICY; 2622 km_policy_notify(xp, dir, &c); 2623 } else { 2624 err = key_pol_get_resp(sk, xp, hdr, dir); 2625 } 2626 2627 out: 2628 xfrm_pol_put(xp); 2629 return err; 2630 } 2631 2632 static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr) 2633 { 2634 struct pfkey_dump_data *data = ptr; 2635 struct sk_buff *out_skb; 2636 struct sadb_msg *out_hdr; 2637 int err; 2638 2639 out_skb = pfkey_xfrm_policy2msg_prep(xp); 2640 if (IS_ERR(out_skb)) 2641 return PTR_ERR(out_skb); 2642 2643 err = pfkey_xfrm_policy2msg(out_skb, xp, dir); 2644 if (err < 0) 2645 return err; 2646 2647 out_hdr = (struct sadb_msg *) out_skb->data; 2648 out_hdr->sadb_msg_version = data->hdr->sadb_msg_version; 2649 out_hdr->sadb_msg_type = SADB_X_SPDDUMP; 2650 out_hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC; 2651 out_hdr->sadb_msg_errno = 0; 2652 out_hdr->sadb_msg_seq = count; 2653 out_hdr->sadb_msg_pid = data->hdr->sadb_msg_pid; 2654 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, data->sk); 2655 return 0; 2656 } 2657 2658 static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2659 { 2660 struct pfkey_dump_data data = { .skb = skb, .hdr = hdr, .sk = sk }; 2661 2662 return xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, dump_sp, &data); 2663 } 2664 2665 static int key_notify_policy_flush(struct km_event *c) 2666 { 2667 struct sk_buff *skb_out; 2668 struct sadb_msg *hdr; 2669 2670 skb_out = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC); 2671 if (!skb_out) 2672 return -ENOBUFS; 2673 hdr = (struct sadb_msg *) skb_put(skb_out, sizeof(struct sadb_msg)); 2674 hdr->sadb_msg_type = SADB_X_SPDFLUSH; 2675 hdr->sadb_msg_seq = c->seq; 2676 hdr->sadb_msg_pid = c->pid; 2677 hdr->sadb_msg_version = PF_KEY_V2; 2678 hdr->sadb_msg_errno = (uint8_t) 0; 2679 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t)); 2680 pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL); 2681 return 0; 2682 2683 } 2684 2685 static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2686 { 2687 struct km_event c; 2688 struct xfrm_audit audit_info; 2689 int err; 2690 2691 audit_info.loginuid = audit_get_loginuid(current->audit_context); 2692 audit_info.secid = 0; 2693 err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info); 2694 if (err) 2695 return err; 2696 c.data.type = XFRM_POLICY_TYPE_MAIN; 2697 c.event = XFRM_MSG_FLUSHPOLICY; 2698 c.pid = hdr->sadb_msg_pid; 2699 c.seq = hdr->sadb_msg_seq; 2700 km_policy_notify(NULL, 0, &c); 2701 2702 return 0; 2703 } 2704 2705 typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb, 2706 struct sadb_msg *hdr, void **ext_hdrs); 2707 static pfkey_handler pfkey_funcs[SADB_MAX + 1] = { 2708 [SADB_RESERVED] = pfkey_reserved, 2709 [SADB_GETSPI] = pfkey_getspi, 2710 [SADB_UPDATE] = pfkey_add, 2711 [SADB_ADD] = pfkey_add, 2712 [SADB_DELETE] = pfkey_delete, 2713 [SADB_GET] = pfkey_get, 2714 [SADB_ACQUIRE] = pfkey_acquire, 2715 [SADB_REGISTER] = pfkey_register, 2716 [SADB_EXPIRE] = NULL, 2717 [SADB_FLUSH] = pfkey_flush, 2718 [SADB_DUMP] = pfkey_dump, 2719 [SADB_X_PROMISC] = pfkey_promisc, 2720 [SADB_X_PCHANGE] = NULL, 2721 [SADB_X_SPDUPDATE] = pfkey_spdadd, 2722 [SADB_X_SPDADD] = pfkey_spdadd, 2723 [SADB_X_SPDDELETE] = pfkey_spddelete, 2724 [SADB_X_SPDGET] = pfkey_spdget, 2725 [SADB_X_SPDACQUIRE] = NULL, 2726 [SADB_X_SPDDUMP] = pfkey_spddump, 2727 [SADB_X_SPDFLUSH] = pfkey_spdflush, 2728 [SADB_X_SPDSETIDX] = pfkey_spdadd, 2729 [SADB_X_SPDDELETE2] = pfkey_spdget, 2730 [SADB_X_MIGRATE] = pfkey_migrate, 2731 }; 2732 2733 static int pfkey_process(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr) 2734 { 2735 void *ext_hdrs[SADB_EXT_MAX]; 2736 int err; 2737 2738 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL, 2739 BROADCAST_PROMISC_ONLY, NULL); 2740 2741 memset(ext_hdrs, 0, sizeof(ext_hdrs)); 2742 err = parse_exthdrs(skb, hdr, ext_hdrs); 2743 if (!err) { 2744 err = -EOPNOTSUPP; 2745 if (pfkey_funcs[hdr->sadb_msg_type]) 2746 err = pfkey_funcs[hdr->sadb_msg_type](sk, skb, hdr, ext_hdrs); 2747 } 2748 return err; 2749 } 2750 2751 static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp) 2752 { 2753 struct sadb_msg *hdr = NULL; 2754 2755 if (skb->len < sizeof(*hdr)) { 2756 *errp = -EMSGSIZE; 2757 } else { 2758 hdr = (struct sadb_msg *) skb->data; 2759 if (hdr->sadb_msg_version != PF_KEY_V2 || 2760 hdr->sadb_msg_reserved != 0 || 2761 (hdr->sadb_msg_type <= SADB_RESERVED || 2762 hdr->sadb_msg_type > SADB_MAX)) { 2763 hdr = NULL; 2764 *errp = -EINVAL; 2765 } else if (hdr->sadb_msg_len != (skb->len / 2766 sizeof(uint64_t)) || 2767 hdr->sadb_msg_len < (sizeof(struct sadb_msg) / 2768 sizeof(uint64_t))) { 2769 hdr = NULL; 2770 *errp = -EMSGSIZE; 2771 } else { 2772 *errp = 0; 2773 } 2774 } 2775 return hdr; 2776 } 2777 2778 static inline int aalg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d) 2779 { 2780 return t->aalgos & (1 << d->desc.sadb_alg_id); 2781 } 2782 2783 static inline int ealg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d) 2784 { 2785 return t->ealgos & (1 << d->desc.sadb_alg_id); 2786 } 2787 2788 static int count_ah_combs(struct xfrm_tmpl *t) 2789 { 2790 int i, sz = 0; 2791 2792 for (i = 0; ; i++) { 2793 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); 2794 if (!aalg) 2795 break; 2796 if (aalg_tmpl_set(t, aalg) && aalg->available) 2797 sz += sizeof(struct sadb_comb); 2798 } 2799 return sz + sizeof(struct sadb_prop); 2800 } 2801 2802 static int count_esp_combs(struct xfrm_tmpl *t) 2803 { 2804 int i, k, sz = 0; 2805 2806 for (i = 0; ; i++) { 2807 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); 2808 if (!ealg) 2809 break; 2810 2811 if (!(ealg_tmpl_set(t, ealg) && ealg->available)) 2812 continue; 2813 2814 for (k = 1; ; k++) { 2815 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); 2816 if (!aalg) 2817 break; 2818 2819 if (aalg_tmpl_set(t, aalg) && aalg->available) 2820 sz += sizeof(struct sadb_comb); 2821 } 2822 } 2823 return sz + sizeof(struct sadb_prop); 2824 } 2825 2826 static void dump_ah_combs(struct sk_buff *skb, struct xfrm_tmpl *t) 2827 { 2828 struct sadb_prop *p; 2829 int i; 2830 2831 p = (struct sadb_prop*)skb_put(skb, sizeof(struct sadb_prop)); 2832 p->sadb_prop_len = sizeof(struct sadb_prop)/8; 2833 p->sadb_prop_exttype = SADB_EXT_PROPOSAL; 2834 p->sadb_prop_replay = 32; 2835 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved)); 2836 2837 for (i = 0; ; i++) { 2838 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); 2839 if (!aalg) 2840 break; 2841 2842 if (aalg_tmpl_set(t, aalg) && aalg->available) { 2843 struct sadb_comb *c; 2844 c = (struct sadb_comb*)skb_put(skb, sizeof(struct sadb_comb)); 2845 memset(c, 0, sizeof(*c)); 2846 p->sadb_prop_len += sizeof(struct sadb_comb)/8; 2847 c->sadb_comb_auth = aalg->desc.sadb_alg_id; 2848 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits; 2849 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits; 2850 c->sadb_comb_hard_addtime = 24*60*60; 2851 c->sadb_comb_soft_addtime = 20*60*60; 2852 c->sadb_comb_hard_usetime = 8*60*60; 2853 c->sadb_comb_soft_usetime = 7*60*60; 2854 } 2855 } 2856 } 2857 2858 static void dump_esp_combs(struct sk_buff *skb, struct xfrm_tmpl *t) 2859 { 2860 struct sadb_prop *p; 2861 int i, k; 2862 2863 p = (struct sadb_prop*)skb_put(skb, sizeof(struct sadb_prop)); 2864 p->sadb_prop_len = sizeof(struct sadb_prop)/8; 2865 p->sadb_prop_exttype = SADB_EXT_PROPOSAL; 2866 p->sadb_prop_replay = 32; 2867 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved)); 2868 2869 for (i=0; ; i++) { 2870 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); 2871 if (!ealg) 2872 break; 2873 2874 if (!(ealg_tmpl_set(t, ealg) && ealg->available)) 2875 continue; 2876 2877 for (k = 1; ; k++) { 2878 struct sadb_comb *c; 2879 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); 2880 if (!aalg) 2881 break; 2882 if (!(aalg_tmpl_set(t, aalg) && aalg->available)) 2883 continue; 2884 c = (struct sadb_comb*)skb_put(skb, sizeof(struct sadb_comb)); 2885 memset(c, 0, sizeof(*c)); 2886 p->sadb_prop_len += sizeof(struct sadb_comb)/8; 2887 c->sadb_comb_auth = aalg->desc.sadb_alg_id; 2888 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits; 2889 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits; 2890 c->sadb_comb_encrypt = ealg->desc.sadb_alg_id; 2891 c->sadb_comb_encrypt_minbits = ealg->desc.sadb_alg_minbits; 2892 c->sadb_comb_encrypt_maxbits = ealg->desc.sadb_alg_maxbits; 2893 c->sadb_comb_hard_addtime = 24*60*60; 2894 c->sadb_comb_soft_addtime = 20*60*60; 2895 c->sadb_comb_hard_usetime = 8*60*60; 2896 c->sadb_comb_soft_usetime = 7*60*60; 2897 } 2898 } 2899 } 2900 2901 static int key_notify_policy_expire(struct xfrm_policy *xp, struct km_event *c) 2902 { 2903 return 0; 2904 } 2905 2906 static int key_notify_sa_expire(struct xfrm_state *x, struct km_event *c) 2907 { 2908 struct sk_buff *out_skb; 2909 struct sadb_msg *out_hdr; 2910 int hard; 2911 int hsc; 2912 2913 hard = c->data.hard; 2914 if (hard) 2915 hsc = 2; 2916 else 2917 hsc = 1; 2918 2919 out_skb = pfkey_xfrm_state2msg(x, 0, hsc); 2920 if (IS_ERR(out_skb)) 2921 return PTR_ERR(out_skb); 2922 2923 out_hdr = (struct sadb_msg *) out_skb->data; 2924 out_hdr->sadb_msg_version = PF_KEY_V2; 2925 out_hdr->sadb_msg_type = SADB_EXPIRE; 2926 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); 2927 out_hdr->sadb_msg_errno = 0; 2928 out_hdr->sadb_msg_reserved = 0; 2929 out_hdr->sadb_msg_seq = 0; 2930 out_hdr->sadb_msg_pid = 0; 2931 2932 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL); 2933 return 0; 2934 } 2935 2936 static int pfkey_send_notify(struct xfrm_state *x, struct km_event *c) 2937 { 2938 switch (c->event) { 2939 case XFRM_MSG_EXPIRE: 2940 return key_notify_sa_expire(x, c); 2941 case XFRM_MSG_DELSA: 2942 case XFRM_MSG_NEWSA: 2943 case XFRM_MSG_UPDSA: 2944 return key_notify_sa(x, c); 2945 case XFRM_MSG_FLUSHSA: 2946 return key_notify_sa_flush(c); 2947 case XFRM_MSG_NEWAE: /* not yet supported */ 2948 break; 2949 default: 2950 printk("pfkey: Unknown SA event %d\n", c->event); 2951 break; 2952 } 2953 2954 return 0; 2955 } 2956 2957 static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2958 { 2959 if (xp && xp->type != XFRM_POLICY_TYPE_MAIN) 2960 return 0; 2961 2962 switch (c->event) { 2963 case XFRM_MSG_POLEXPIRE: 2964 return key_notify_policy_expire(xp, c); 2965 case XFRM_MSG_DELPOLICY: 2966 case XFRM_MSG_NEWPOLICY: 2967 case XFRM_MSG_UPDPOLICY: 2968 return key_notify_policy(xp, dir, c); 2969 case XFRM_MSG_FLUSHPOLICY: 2970 if (c->data.type != XFRM_POLICY_TYPE_MAIN) 2971 break; 2972 return key_notify_policy_flush(c); 2973 default: 2974 printk("pfkey: Unknown policy event %d\n", c->event); 2975 break; 2976 } 2977 2978 return 0; 2979 } 2980 2981 static u32 get_acqseq(void) 2982 { 2983 u32 res; 2984 static u32 acqseq; 2985 static DEFINE_SPINLOCK(acqseq_lock); 2986 2987 spin_lock_bh(&acqseq_lock); 2988 res = (++acqseq ? : ++acqseq); 2989 spin_unlock_bh(&acqseq_lock); 2990 return res; 2991 } 2992 2993 static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp, int dir) 2994 { 2995 struct sk_buff *skb; 2996 struct sadb_msg *hdr; 2997 struct sadb_address *addr; 2998 struct sadb_x_policy *pol; 2999 struct sockaddr_in *sin; 3000 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3001 struct sockaddr_in6 *sin6; 3002 #endif 3003 int sockaddr_size; 3004 int size; 3005 struct sadb_x_sec_ctx *sec_ctx; 3006 struct xfrm_sec_ctx *xfrm_ctx; 3007 int ctx_size = 0; 3008 3009 sockaddr_size = pfkey_sockaddr_size(x->props.family); 3010 if (!sockaddr_size) 3011 return -EINVAL; 3012 3013 size = sizeof(struct sadb_msg) + 3014 (sizeof(struct sadb_address) * 2) + 3015 (sockaddr_size * 2) + 3016 sizeof(struct sadb_x_policy); 3017 3018 if (x->id.proto == IPPROTO_AH) 3019 size += count_ah_combs(t); 3020 else if (x->id.proto == IPPROTO_ESP) 3021 size += count_esp_combs(t); 3022 3023 if ((xfrm_ctx = x->security)) { 3024 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len); 3025 size += sizeof(struct sadb_x_sec_ctx) + ctx_size; 3026 } 3027 3028 skb = alloc_skb(size + 16, GFP_ATOMIC); 3029 if (skb == NULL) 3030 return -ENOMEM; 3031 3032 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); 3033 hdr->sadb_msg_version = PF_KEY_V2; 3034 hdr->sadb_msg_type = SADB_ACQUIRE; 3035 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); 3036 hdr->sadb_msg_len = size / sizeof(uint64_t); 3037 hdr->sadb_msg_errno = 0; 3038 hdr->sadb_msg_reserved = 0; 3039 hdr->sadb_msg_seq = x->km.seq = get_acqseq(); 3040 hdr->sadb_msg_pid = 0; 3041 3042 /* src address */ 3043 addr = (struct sadb_address*) skb_put(skb, 3044 sizeof(struct sadb_address)+sockaddr_size); 3045 addr->sadb_address_len = 3046 (sizeof(struct sadb_address)+sockaddr_size)/ 3047 sizeof(uint64_t); 3048 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 3049 addr->sadb_address_proto = 0; 3050 addr->sadb_address_reserved = 0; 3051 if (x->props.family == AF_INET) { 3052 addr->sadb_address_prefixlen = 32; 3053 3054 sin = (struct sockaddr_in *) (addr + 1); 3055 sin->sin_family = AF_INET; 3056 sin->sin_addr.s_addr = x->props.saddr.a4; 3057 sin->sin_port = 0; 3058 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 3059 } 3060 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3061 else if (x->props.family == AF_INET6) { 3062 addr->sadb_address_prefixlen = 128; 3063 3064 sin6 = (struct sockaddr_in6 *) (addr + 1); 3065 sin6->sin6_family = AF_INET6; 3066 sin6->sin6_port = 0; 3067 sin6->sin6_flowinfo = 0; 3068 memcpy(&sin6->sin6_addr, 3069 x->props.saddr.a6, sizeof(struct in6_addr)); 3070 sin6->sin6_scope_id = 0; 3071 } 3072 #endif 3073 else 3074 BUG(); 3075 3076 /* dst address */ 3077 addr = (struct sadb_address*) skb_put(skb, 3078 sizeof(struct sadb_address)+sockaddr_size); 3079 addr->sadb_address_len = 3080 (sizeof(struct sadb_address)+sockaddr_size)/ 3081 sizeof(uint64_t); 3082 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 3083 addr->sadb_address_proto = 0; 3084 addr->sadb_address_reserved = 0; 3085 if (x->props.family == AF_INET) { 3086 addr->sadb_address_prefixlen = 32; 3087 3088 sin = (struct sockaddr_in *) (addr + 1); 3089 sin->sin_family = AF_INET; 3090 sin->sin_addr.s_addr = x->id.daddr.a4; 3091 sin->sin_port = 0; 3092 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 3093 } 3094 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3095 else if (x->props.family == AF_INET6) { 3096 addr->sadb_address_prefixlen = 128; 3097 3098 sin6 = (struct sockaddr_in6 *) (addr + 1); 3099 sin6->sin6_family = AF_INET6; 3100 sin6->sin6_port = 0; 3101 sin6->sin6_flowinfo = 0; 3102 memcpy(&sin6->sin6_addr, 3103 x->id.daddr.a6, sizeof(struct in6_addr)); 3104 sin6->sin6_scope_id = 0; 3105 } 3106 #endif 3107 else 3108 BUG(); 3109 3110 pol = (struct sadb_x_policy *) skb_put(skb, sizeof(struct sadb_x_policy)); 3111 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t); 3112 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 3113 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; 3114 pol->sadb_x_policy_dir = dir+1; 3115 pol->sadb_x_policy_id = xp->index; 3116 3117 /* Set sadb_comb's. */ 3118 if (x->id.proto == IPPROTO_AH) 3119 dump_ah_combs(skb, t); 3120 else if (x->id.proto == IPPROTO_ESP) 3121 dump_esp_combs(skb, t); 3122 3123 /* security context */ 3124 if (xfrm_ctx) { 3125 sec_ctx = (struct sadb_x_sec_ctx *) skb_put(skb, 3126 sizeof(struct sadb_x_sec_ctx) + ctx_size); 3127 sec_ctx->sadb_x_sec_len = 3128 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t); 3129 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX; 3130 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi; 3131 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg; 3132 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len; 3133 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str, 3134 xfrm_ctx->ctx_len); 3135 } 3136 3137 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL); 3138 } 3139 3140 static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt, 3141 u8 *data, int len, int *dir) 3142 { 3143 struct xfrm_policy *xp; 3144 struct sadb_x_policy *pol = (struct sadb_x_policy*)data; 3145 struct sadb_x_sec_ctx *sec_ctx; 3146 3147 switch (sk->sk_family) { 3148 case AF_INET: 3149 if (opt != IP_IPSEC_POLICY) { 3150 *dir = -EOPNOTSUPP; 3151 return NULL; 3152 } 3153 break; 3154 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3155 case AF_INET6: 3156 if (opt != IPV6_IPSEC_POLICY) { 3157 *dir = -EOPNOTSUPP; 3158 return NULL; 3159 } 3160 break; 3161 #endif 3162 default: 3163 *dir = -EINVAL; 3164 return NULL; 3165 } 3166 3167 *dir = -EINVAL; 3168 3169 if (len < sizeof(struct sadb_x_policy) || 3170 pol->sadb_x_policy_len*8 > len || 3171 pol->sadb_x_policy_type > IPSEC_POLICY_BYPASS || 3172 (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir > IPSEC_DIR_OUTBOUND)) 3173 return NULL; 3174 3175 xp = xfrm_policy_alloc(GFP_ATOMIC); 3176 if (xp == NULL) { 3177 *dir = -ENOBUFS; 3178 return NULL; 3179 } 3180 3181 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ? 3182 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW); 3183 3184 xp->lft.soft_byte_limit = XFRM_INF; 3185 xp->lft.hard_byte_limit = XFRM_INF; 3186 xp->lft.soft_packet_limit = XFRM_INF; 3187 xp->lft.hard_packet_limit = XFRM_INF; 3188 xp->family = sk->sk_family; 3189 3190 xp->xfrm_nr = 0; 3191 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 3192 (*dir = parse_ipsecrequests(xp, pol)) < 0) 3193 goto out; 3194 3195 /* security context too */ 3196 if (len >= (pol->sadb_x_policy_len*8 + 3197 sizeof(struct sadb_x_sec_ctx))) { 3198 char *p = (char *)pol; 3199 struct xfrm_user_sec_ctx *uctx; 3200 3201 p += pol->sadb_x_policy_len*8; 3202 sec_ctx = (struct sadb_x_sec_ctx *)p; 3203 if (len < pol->sadb_x_policy_len*8 + 3204 sec_ctx->sadb_x_sec_len) { 3205 *dir = -EINVAL; 3206 goto out; 3207 } 3208 if ((*dir = verify_sec_ctx_len(p))) 3209 goto out; 3210 uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx); 3211 *dir = security_xfrm_policy_alloc(xp, uctx); 3212 kfree(uctx); 3213 3214 if (*dir) 3215 goto out; 3216 } 3217 3218 *dir = pol->sadb_x_policy_dir-1; 3219 return xp; 3220 3221 out: 3222 security_xfrm_policy_free(xp); 3223 kfree(xp); 3224 return NULL; 3225 } 3226 3227 static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport) 3228 { 3229 struct sk_buff *skb; 3230 struct sadb_msg *hdr; 3231 struct sadb_sa *sa; 3232 struct sadb_address *addr; 3233 struct sadb_x_nat_t_port *n_port; 3234 struct sockaddr_in *sin; 3235 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3236 struct sockaddr_in6 *sin6; 3237 #endif 3238 int sockaddr_size; 3239 int size; 3240 __u8 satype = (x->id.proto == IPPROTO_ESP ? SADB_SATYPE_ESP : 0); 3241 struct xfrm_encap_tmpl *natt = NULL; 3242 3243 sockaddr_size = pfkey_sockaddr_size(x->props.family); 3244 if (!sockaddr_size) 3245 return -EINVAL; 3246 3247 if (!satype) 3248 return -EINVAL; 3249 3250 if (!x->encap) 3251 return -EINVAL; 3252 3253 natt = x->encap; 3254 3255 /* Build an SADB_X_NAT_T_NEW_MAPPING message: 3256 * 3257 * HDR | SA | ADDRESS_SRC (old addr) | NAT_T_SPORT (old port) | 3258 * ADDRESS_DST (new addr) | NAT_T_DPORT (new port) 3259 */ 3260 3261 size = sizeof(struct sadb_msg) + 3262 sizeof(struct sadb_sa) + 3263 (sizeof(struct sadb_address) * 2) + 3264 (sockaddr_size * 2) + 3265 (sizeof(struct sadb_x_nat_t_port) * 2); 3266 3267 skb = alloc_skb(size + 16, GFP_ATOMIC); 3268 if (skb == NULL) 3269 return -ENOMEM; 3270 3271 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); 3272 hdr->sadb_msg_version = PF_KEY_V2; 3273 hdr->sadb_msg_type = SADB_X_NAT_T_NEW_MAPPING; 3274 hdr->sadb_msg_satype = satype; 3275 hdr->sadb_msg_len = size / sizeof(uint64_t); 3276 hdr->sadb_msg_errno = 0; 3277 hdr->sadb_msg_reserved = 0; 3278 hdr->sadb_msg_seq = x->km.seq = get_acqseq(); 3279 hdr->sadb_msg_pid = 0; 3280 3281 /* SA */ 3282 sa = (struct sadb_sa *) skb_put(skb, sizeof(struct sadb_sa)); 3283 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t); 3284 sa->sadb_sa_exttype = SADB_EXT_SA; 3285 sa->sadb_sa_spi = x->id.spi; 3286 sa->sadb_sa_replay = 0; 3287 sa->sadb_sa_state = 0; 3288 sa->sadb_sa_auth = 0; 3289 sa->sadb_sa_encrypt = 0; 3290 sa->sadb_sa_flags = 0; 3291 3292 /* ADDRESS_SRC (old addr) */ 3293 addr = (struct sadb_address*) 3294 skb_put(skb, sizeof(struct sadb_address)+sockaddr_size); 3295 addr->sadb_address_len = 3296 (sizeof(struct sadb_address)+sockaddr_size)/ 3297 sizeof(uint64_t); 3298 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 3299 addr->sadb_address_proto = 0; 3300 addr->sadb_address_reserved = 0; 3301 if (x->props.family == AF_INET) { 3302 addr->sadb_address_prefixlen = 32; 3303 3304 sin = (struct sockaddr_in *) (addr + 1); 3305 sin->sin_family = AF_INET; 3306 sin->sin_addr.s_addr = x->props.saddr.a4; 3307 sin->sin_port = 0; 3308 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 3309 } 3310 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3311 else if (x->props.family == AF_INET6) { 3312 addr->sadb_address_prefixlen = 128; 3313 3314 sin6 = (struct sockaddr_in6 *) (addr + 1); 3315 sin6->sin6_family = AF_INET6; 3316 sin6->sin6_port = 0; 3317 sin6->sin6_flowinfo = 0; 3318 memcpy(&sin6->sin6_addr, 3319 x->props.saddr.a6, sizeof(struct in6_addr)); 3320 sin6->sin6_scope_id = 0; 3321 } 3322 #endif 3323 else 3324 BUG(); 3325 3326 /* NAT_T_SPORT (old port) */ 3327 n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port)); 3328 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t); 3329 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT; 3330 n_port->sadb_x_nat_t_port_port = natt->encap_sport; 3331 n_port->sadb_x_nat_t_port_reserved = 0; 3332 3333 /* ADDRESS_DST (new addr) */ 3334 addr = (struct sadb_address*) 3335 skb_put(skb, sizeof(struct sadb_address)+sockaddr_size); 3336 addr->sadb_address_len = 3337 (sizeof(struct sadb_address)+sockaddr_size)/ 3338 sizeof(uint64_t); 3339 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 3340 addr->sadb_address_proto = 0; 3341 addr->sadb_address_reserved = 0; 3342 if (x->props.family == AF_INET) { 3343 addr->sadb_address_prefixlen = 32; 3344 3345 sin = (struct sockaddr_in *) (addr + 1); 3346 sin->sin_family = AF_INET; 3347 sin->sin_addr.s_addr = ipaddr->a4; 3348 sin->sin_port = 0; 3349 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 3350 } 3351 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3352 else if (x->props.family == AF_INET6) { 3353 addr->sadb_address_prefixlen = 128; 3354 3355 sin6 = (struct sockaddr_in6 *) (addr + 1); 3356 sin6->sin6_family = AF_INET6; 3357 sin6->sin6_port = 0; 3358 sin6->sin6_flowinfo = 0; 3359 memcpy(&sin6->sin6_addr, &ipaddr->a6, sizeof(struct in6_addr)); 3360 sin6->sin6_scope_id = 0; 3361 } 3362 #endif 3363 else 3364 BUG(); 3365 3366 /* NAT_T_DPORT (new port) */ 3367 n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port)); 3368 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t); 3369 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT; 3370 n_port->sadb_x_nat_t_port_port = sport; 3371 n_port->sadb_x_nat_t_port_reserved = 0; 3372 3373 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL); 3374 } 3375 3376 #ifdef CONFIG_NET_KEY_MIGRATE 3377 static int set_sadb_address(struct sk_buff *skb, int sasize, int type, 3378 struct xfrm_selector *sel) 3379 { 3380 struct sadb_address *addr; 3381 struct sockaddr_in *sin; 3382 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3383 struct sockaddr_in6 *sin6; 3384 #endif 3385 addr = (struct sadb_address *)skb_put(skb, sizeof(struct sadb_address) + sasize); 3386 addr->sadb_address_len = (sizeof(struct sadb_address) + sasize)/8; 3387 addr->sadb_address_exttype = type; 3388 addr->sadb_address_proto = sel->proto; 3389 addr->sadb_address_reserved = 0; 3390 3391 switch (type) { 3392 case SADB_EXT_ADDRESS_SRC: 3393 if (sel->family == AF_INET) { 3394 addr->sadb_address_prefixlen = sel->prefixlen_s; 3395 sin = (struct sockaddr_in *)(addr + 1); 3396 sin->sin_family = AF_INET; 3397 memcpy(&sin->sin_addr.s_addr, &sel->saddr, 3398 sizeof(sin->sin_addr.s_addr)); 3399 sin->sin_port = 0; 3400 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 3401 } 3402 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3403 else if (sel->family == AF_INET6) { 3404 addr->sadb_address_prefixlen = sel->prefixlen_s; 3405 sin6 = (struct sockaddr_in6 *)(addr + 1); 3406 sin6->sin6_family = AF_INET6; 3407 sin6->sin6_port = 0; 3408 sin6->sin6_flowinfo = 0; 3409 sin6->sin6_scope_id = 0; 3410 memcpy(&sin6->sin6_addr.s6_addr, &sel->saddr, 3411 sizeof(sin6->sin6_addr.s6_addr)); 3412 } 3413 #endif 3414 break; 3415 case SADB_EXT_ADDRESS_DST: 3416 if (sel->family == AF_INET) { 3417 addr->sadb_address_prefixlen = sel->prefixlen_d; 3418 sin = (struct sockaddr_in *)(addr + 1); 3419 sin->sin_family = AF_INET; 3420 memcpy(&sin->sin_addr.s_addr, &sel->daddr, 3421 sizeof(sin->sin_addr.s_addr)); 3422 sin->sin_port = 0; 3423 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 3424 } 3425 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3426 else if (sel->family == AF_INET6) { 3427 addr->sadb_address_prefixlen = sel->prefixlen_d; 3428 sin6 = (struct sockaddr_in6 *)(addr + 1); 3429 sin6->sin6_family = AF_INET6; 3430 sin6->sin6_port = 0; 3431 sin6->sin6_flowinfo = 0; 3432 sin6->sin6_scope_id = 0; 3433 memcpy(&sin6->sin6_addr.s6_addr, &sel->daddr, 3434 sizeof(sin6->sin6_addr.s6_addr)); 3435 } 3436 #endif 3437 break; 3438 default: 3439 return -EINVAL; 3440 } 3441 3442 return 0; 3443 } 3444 3445 static int set_ipsecrequest(struct sk_buff *skb, 3446 uint8_t proto, uint8_t mode, int level, 3447 uint32_t reqid, uint8_t family, 3448 xfrm_address_t *src, xfrm_address_t *dst) 3449 { 3450 struct sadb_x_ipsecrequest *rq; 3451 struct sockaddr_in *sin; 3452 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3453 struct sockaddr_in6 *sin6; 3454 #endif 3455 int size_req; 3456 3457 size_req = sizeof(struct sadb_x_ipsecrequest) + 3458 pfkey_sockaddr_pair_size(family); 3459 3460 rq = (struct sadb_x_ipsecrequest *)skb_put(skb, size_req); 3461 memset(rq, 0, size_req); 3462 rq->sadb_x_ipsecrequest_len = size_req; 3463 rq->sadb_x_ipsecrequest_proto = proto; 3464 rq->sadb_x_ipsecrequest_mode = mode; 3465 rq->sadb_x_ipsecrequest_level = level; 3466 rq->sadb_x_ipsecrequest_reqid = reqid; 3467 3468 switch (family) { 3469 case AF_INET: 3470 sin = (struct sockaddr_in *)(rq + 1); 3471 sin->sin_family = AF_INET; 3472 memcpy(&sin->sin_addr.s_addr, src, 3473 sizeof(sin->sin_addr.s_addr)); 3474 sin++; 3475 sin->sin_family = AF_INET; 3476 memcpy(&sin->sin_addr.s_addr, dst, 3477 sizeof(sin->sin_addr.s_addr)); 3478 break; 3479 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3480 case AF_INET6: 3481 sin6 = (struct sockaddr_in6 *)(rq + 1); 3482 sin6->sin6_family = AF_INET6; 3483 sin6->sin6_port = 0; 3484 sin6->sin6_flowinfo = 0; 3485 sin6->sin6_scope_id = 0; 3486 memcpy(&sin6->sin6_addr.s6_addr, src, 3487 sizeof(sin6->sin6_addr.s6_addr)); 3488 sin6++; 3489 sin6->sin6_family = AF_INET6; 3490 sin6->sin6_port = 0; 3491 sin6->sin6_flowinfo = 0; 3492 sin6->sin6_scope_id = 0; 3493 memcpy(&sin6->sin6_addr.s6_addr, dst, 3494 sizeof(sin6->sin6_addr.s6_addr)); 3495 break; 3496 #endif 3497 default: 3498 return -EINVAL; 3499 } 3500 3501 return 0; 3502 } 3503 #endif 3504 3505 #ifdef CONFIG_NET_KEY_MIGRATE 3506 static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 3507 struct xfrm_migrate *m, int num_bundles) 3508 { 3509 int i; 3510 int sasize_sel; 3511 int size = 0; 3512 int size_pol = 0; 3513 struct sk_buff *skb; 3514 struct sadb_msg *hdr; 3515 struct sadb_x_policy *pol; 3516 struct xfrm_migrate *mp; 3517 3518 if (type != XFRM_POLICY_TYPE_MAIN) 3519 return 0; 3520 3521 if (num_bundles <= 0 || num_bundles > XFRM_MAX_DEPTH) 3522 return -EINVAL; 3523 3524 /* selector */ 3525 sasize_sel = pfkey_sockaddr_size(sel->family); 3526 if (!sasize_sel) 3527 return -EINVAL; 3528 size += (sizeof(struct sadb_address) + sasize_sel) * 2; 3529 3530 /* policy info */ 3531 size_pol += sizeof(struct sadb_x_policy); 3532 3533 /* ipsecrequests */ 3534 for (i = 0, mp = m; i < num_bundles; i++, mp++) { 3535 /* old locator pair */ 3536 size_pol += sizeof(struct sadb_x_ipsecrequest) + 3537 pfkey_sockaddr_pair_size(mp->old_family); 3538 /* new locator pair */ 3539 size_pol += sizeof(struct sadb_x_ipsecrequest) + 3540 pfkey_sockaddr_pair_size(mp->new_family); 3541 } 3542 3543 size += sizeof(struct sadb_msg) + size_pol; 3544 3545 /* alloc buffer */ 3546 skb = alloc_skb(size, GFP_ATOMIC); 3547 if (skb == NULL) 3548 return -ENOMEM; 3549 3550 hdr = (struct sadb_msg *)skb_put(skb, sizeof(struct sadb_msg)); 3551 hdr->sadb_msg_version = PF_KEY_V2; 3552 hdr->sadb_msg_type = SADB_X_MIGRATE; 3553 hdr->sadb_msg_satype = pfkey_proto2satype(m->proto); 3554 hdr->sadb_msg_len = size / 8; 3555 hdr->sadb_msg_errno = 0; 3556 hdr->sadb_msg_reserved = 0; 3557 hdr->sadb_msg_seq = 0; 3558 hdr->sadb_msg_pid = 0; 3559 3560 /* selector src */ 3561 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_SRC, sel); 3562 3563 /* selector dst */ 3564 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_DST, sel); 3565 3566 /* policy information */ 3567 pol = (struct sadb_x_policy *)skb_put(skb, sizeof(struct sadb_x_policy)); 3568 pol->sadb_x_policy_len = size_pol / 8; 3569 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 3570 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; 3571 pol->sadb_x_policy_dir = dir + 1; 3572 pol->sadb_x_policy_id = 0; 3573 pol->sadb_x_policy_priority = 0; 3574 3575 for (i = 0, mp = m; i < num_bundles; i++, mp++) { 3576 /* old ipsecrequest */ 3577 int mode = pfkey_mode_from_xfrm(mp->mode); 3578 if (mode < 0) 3579 return -EINVAL; 3580 if (set_ipsecrequest(skb, mp->proto, mode, 3581 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), 3582 mp->reqid, mp->old_family, 3583 &mp->old_saddr, &mp->old_daddr) < 0) { 3584 return -EINVAL; 3585 } 3586 3587 /* new ipsecrequest */ 3588 if (set_ipsecrequest(skb, mp->proto, mode, 3589 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), 3590 mp->reqid, mp->new_family, 3591 &mp->new_saddr, &mp->new_daddr) < 0) { 3592 return -EINVAL; 3593 } 3594 } 3595 3596 /* broadcast migrate message to sockets */ 3597 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL); 3598 3599 return 0; 3600 } 3601 #else 3602 static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 3603 struct xfrm_migrate *m, int num_bundles) 3604 { 3605 return -ENOPROTOOPT; 3606 } 3607 #endif 3608 3609 static int pfkey_sendmsg(struct kiocb *kiocb, 3610 struct socket *sock, struct msghdr *msg, size_t len) 3611 { 3612 struct sock *sk = sock->sk; 3613 struct sk_buff *skb = NULL; 3614 struct sadb_msg *hdr = NULL; 3615 int err; 3616 3617 err = -EOPNOTSUPP; 3618 if (msg->msg_flags & MSG_OOB) 3619 goto out; 3620 3621 err = -EMSGSIZE; 3622 if ((unsigned)len > sk->sk_sndbuf - 32) 3623 goto out; 3624 3625 err = -ENOBUFS; 3626 skb = alloc_skb(len, GFP_KERNEL); 3627 if (skb == NULL) 3628 goto out; 3629 3630 err = -EFAULT; 3631 if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len)) 3632 goto out; 3633 3634 hdr = pfkey_get_base_msg(skb, &err); 3635 if (!hdr) 3636 goto out; 3637 3638 mutex_lock(&xfrm_cfg_mutex); 3639 err = pfkey_process(sk, skb, hdr); 3640 mutex_unlock(&xfrm_cfg_mutex); 3641 3642 out: 3643 if (err && hdr && pfkey_error(hdr, err, sk) == 0) 3644 err = 0; 3645 if (skb) 3646 kfree_skb(skb); 3647 3648 return err ? : len; 3649 } 3650 3651 static int pfkey_recvmsg(struct kiocb *kiocb, 3652 struct socket *sock, struct msghdr *msg, size_t len, 3653 int flags) 3654 { 3655 struct sock *sk = sock->sk; 3656 struct sk_buff *skb; 3657 int copied, err; 3658 3659 err = -EINVAL; 3660 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT)) 3661 goto out; 3662 3663 msg->msg_namelen = 0; 3664 skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); 3665 if (skb == NULL) 3666 goto out; 3667 3668 copied = skb->len; 3669 if (copied > len) { 3670 msg->msg_flags |= MSG_TRUNC; 3671 copied = len; 3672 } 3673 3674 skb_reset_transport_header(skb); 3675 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 3676 if (err) 3677 goto out_free; 3678 3679 sock_recv_timestamp(msg, sk, skb); 3680 3681 err = (flags & MSG_TRUNC) ? skb->len : copied; 3682 3683 out_free: 3684 skb_free_datagram(sk, skb); 3685 out: 3686 return err; 3687 } 3688 3689 static const struct proto_ops pfkey_ops = { 3690 .family = PF_KEY, 3691 .owner = THIS_MODULE, 3692 /* Operations that make no sense on pfkey sockets. */ 3693 .bind = sock_no_bind, 3694 .connect = sock_no_connect, 3695 .socketpair = sock_no_socketpair, 3696 .accept = sock_no_accept, 3697 .getname = sock_no_getname, 3698 .ioctl = sock_no_ioctl, 3699 .listen = sock_no_listen, 3700 .shutdown = sock_no_shutdown, 3701 .setsockopt = sock_no_setsockopt, 3702 .getsockopt = sock_no_getsockopt, 3703 .mmap = sock_no_mmap, 3704 .sendpage = sock_no_sendpage, 3705 3706 /* Now the operations that really occur. */ 3707 .release = pfkey_release, 3708 .poll = datagram_poll, 3709 .sendmsg = pfkey_sendmsg, 3710 .recvmsg = pfkey_recvmsg, 3711 }; 3712 3713 static struct net_proto_family pfkey_family_ops = { 3714 .family = PF_KEY, 3715 .create = pfkey_create, 3716 .owner = THIS_MODULE, 3717 }; 3718 3719 #ifdef CONFIG_PROC_FS 3720 static int pfkey_read_proc(char *buffer, char **start, off_t offset, 3721 int length, int *eof, void *data) 3722 { 3723 off_t pos = 0; 3724 off_t begin = 0; 3725 int len = 0; 3726 struct sock *s; 3727 struct hlist_node *node; 3728 3729 len += sprintf(buffer,"sk RefCnt Rmem Wmem User Inode\n"); 3730 3731 read_lock(&pfkey_table_lock); 3732 3733 sk_for_each(s, node, &pfkey_table) { 3734 len += sprintf(buffer+len,"%p %-6d %-6u %-6u %-6u %-6lu", 3735 s, 3736 atomic_read(&s->sk_refcnt), 3737 atomic_read(&s->sk_rmem_alloc), 3738 atomic_read(&s->sk_wmem_alloc), 3739 sock_i_uid(s), 3740 sock_i_ino(s) 3741 ); 3742 3743 buffer[len++] = '\n'; 3744 3745 pos = begin + len; 3746 if (pos < offset) { 3747 len = 0; 3748 begin = pos; 3749 } 3750 if(pos > offset + length) 3751 goto done; 3752 } 3753 *eof = 1; 3754 3755 done: 3756 read_unlock(&pfkey_table_lock); 3757 3758 *start = buffer + (offset - begin); 3759 len -= (offset - begin); 3760 3761 if (len > length) 3762 len = length; 3763 if (len < 0) 3764 len = 0; 3765 3766 return len; 3767 } 3768 #endif 3769 3770 static struct xfrm_mgr pfkeyv2_mgr = 3771 { 3772 .id = "pfkeyv2", 3773 .notify = pfkey_send_notify, 3774 .acquire = pfkey_send_acquire, 3775 .compile_policy = pfkey_compile_policy, 3776 .new_mapping = pfkey_send_new_mapping, 3777 .notify_policy = pfkey_send_policy_notify, 3778 .migrate = pfkey_send_migrate, 3779 }; 3780 3781 static void __exit ipsec_pfkey_exit(void) 3782 { 3783 xfrm_unregister_km(&pfkeyv2_mgr); 3784 remove_proc_entry("net/pfkey", NULL); 3785 sock_unregister(PF_KEY); 3786 proto_unregister(&key_proto); 3787 } 3788 3789 static int __init ipsec_pfkey_init(void) 3790 { 3791 int err = proto_register(&key_proto, 0); 3792 3793 if (err != 0) 3794 goto out; 3795 3796 err = sock_register(&pfkey_family_ops); 3797 if (err != 0) 3798 goto out_unregister_key_proto; 3799 #ifdef CONFIG_PROC_FS 3800 err = -ENOMEM; 3801 if (create_proc_read_entry("net/pfkey", 0, NULL, pfkey_read_proc, NULL) == NULL) 3802 goto out_sock_unregister; 3803 #endif 3804 err = xfrm_register_km(&pfkeyv2_mgr); 3805 if (err != 0) 3806 goto out_remove_proc_entry; 3807 out: 3808 return err; 3809 out_remove_proc_entry: 3810 #ifdef CONFIG_PROC_FS 3811 remove_proc_entry("net/pfkey", NULL); 3812 out_sock_unregister: 3813 #endif 3814 sock_unregister(PF_KEY); 3815 out_unregister_key_proto: 3816 proto_unregister(&key_proto); 3817 goto out; 3818 } 3819 3820 module_init(ipsec_pfkey_init); 3821 module_exit(ipsec_pfkey_exit); 3822 MODULE_LICENSE("GPL"); 3823 MODULE_ALIAS_NETPROTO(PF_KEY); 3824