1 /* xfrm_user.c: User interface to configure xfrm engine. 2 * 3 * Copyright (C) 2002 David S. Miller (davem@redhat.com) 4 * 5 * Changes: 6 * Mitsuru KANDA @USAGI 7 * Kazunori MIYAZAWA @USAGI 8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 9 * IPv6 support 10 * 11 */ 12 13 #include <linux/crypto.h> 14 #include <linux/module.h> 15 #include <linux/kernel.h> 16 #include <linux/types.h> 17 #include <linux/slab.h> 18 #include <linux/socket.h> 19 #include <linux/string.h> 20 #include <linux/net.h> 21 #include <linux/skbuff.h> 22 #include <linux/rtnetlink.h> 23 #include <linux/pfkeyv2.h> 24 #include <linux/ipsec.h> 25 #include <linux/init.h> 26 #include <linux/security.h> 27 #include <net/sock.h> 28 #include <net/xfrm.h> 29 #include <net/netlink.h> 30 #include <asm/uaccess.h> 31 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 32 #include <linux/in6.h> 33 #endif 34 #include <linux/audit.h> 35 36 static int verify_one_alg(struct rtattr **xfrma, enum xfrm_attr_type_t type) 37 { 38 struct rtattr *rt = xfrma[type - 1]; 39 struct xfrm_algo *algp; 40 int len; 41 42 if (!rt) 43 return 0; 44 45 len = (rt->rta_len - sizeof(*rt)) - sizeof(*algp); 46 if (len < 0) 47 return -EINVAL; 48 49 algp = RTA_DATA(rt); 50 51 len -= (algp->alg_key_len + 7U) / 8; 52 if (len < 0) 53 return -EINVAL; 54 55 switch (type) { 56 case XFRMA_ALG_AUTH: 57 if (!algp->alg_key_len && 58 strcmp(algp->alg_name, "digest_null") != 0) 59 return -EINVAL; 60 break; 61 62 case XFRMA_ALG_CRYPT: 63 if (!algp->alg_key_len && 64 strcmp(algp->alg_name, "cipher_null") != 0) 65 return -EINVAL; 66 break; 67 68 case XFRMA_ALG_COMP: 69 /* Zero length keys are legal. */ 70 break; 71 72 default: 73 return -EINVAL; 74 } 75 76 algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0'; 77 return 0; 78 } 79 80 static int verify_encap_tmpl(struct rtattr **xfrma) 81 { 82 struct rtattr *rt = xfrma[XFRMA_ENCAP - 1]; 83 struct xfrm_encap_tmpl *encap; 84 85 if (!rt) 86 return 0; 87 88 if ((rt->rta_len - sizeof(*rt)) < sizeof(*encap)) 89 return -EINVAL; 90 91 return 0; 92 } 93 94 static int verify_one_addr(struct rtattr **xfrma, enum xfrm_attr_type_t type, 95 xfrm_address_t **addrp) 96 { 97 struct rtattr *rt = xfrma[type - 1]; 98 99 if (!rt) 100 return 0; 101 102 if ((rt->rta_len - sizeof(*rt)) < sizeof(**addrp)) 103 return -EINVAL; 104 105 if (addrp) 106 *addrp = RTA_DATA(rt); 107 108 return 0; 109 } 110 111 static inline int verify_sec_ctx_len(struct rtattr **xfrma) 112 { 113 struct rtattr *rt = xfrma[XFRMA_SEC_CTX - 1]; 114 struct xfrm_user_sec_ctx *uctx; 115 int len = 0; 116 117 if (!rt) 118 return 0; 119 120 if (rt->rta_len < sizeof(*uctx)) 121 return -EINVAL; 122 123 uctx = RTA_DATA(rt); 124 125 len += sizeof(struct xfrm_user_sec_ctx); 126 len += uctx->ctx_len; 127 128 if (uctx->len != len) 129 return -EINVAL; 130 131 return 0; 132 } 133 134 135 static int verify_newsa_info(struct xfrm_usersa_info *p, 136 struct rtattr **xfrma) 137 { 138 int err; 139 140 err = -EINVAL; 141 switch (p->family) { 142 case AF_INET: 143 break; 144 145 case AF_INET6: 146 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 147 break; 148 #else 149 err = -EAFNOSUPPORT; 150 goto out; 151 #endif 152 153 default: 154 goto out; 155 } 156 157 err = -EINVAL; 158 switch (p->id.proto) { 159 case IPPROTO_AH: 160 if (!xfrma[XFRMA_ALG_AUTH-1] || 161 xfrma[XFRMA_ALG_CRYPT-1] || 162 xfrma[XFRMA_ALG_COMP-1]) 163 goto out; 164 break; 165 166 case IPPROTO_ESP: 167 if ((!xfrma[XFRMA_ALG_AUTH-1] && 168 !xfrma[XFRMA_ALG_CRYPT-1]) || 169 xfrma[XFRMA_ALG_COMP-1]) 170 goto out; 171 break; 172 173 case IPPROTO_COMP: 174 if (!xfrma[XFRMA_ALG_COMP-1] || 175 xfrma[XFRMA_ALG_AUTH-1] || 176 xfrma[XFRMA_ALG_CRYPT-1]) 177 goto out; 178 break; 179 180 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 181 case IPPROTO_DSTOPTS: 182 case IPPROTO_ROUTING: 183 if (xfrma[XFRMA_ALG_COMP-1] || 184 xfrma[XFRMA_ALG_AUTH-1] || 185 xfrma[XFRMA_ALG_CRYPT-1] || 186 xfrma[XFRMA_ENCAP-1] || 187 xfrma[XFRMA_SEC_CTX-1] || 188 !xfrma[XFRMA_COADDR-1]) 189 goto out; 190 break; 191 #endif 192 193 default: 194 goto out; 195 } 196 197 if ((err = verify_one_alg(xfrma, XFRMA_ALG_AUTH))) 198 goto out; 199 if ((err = verify_one_alg(xfrma, XFRMA_ALG_CRYPT))) 200 goto out; 201 if ((err = verify_one_alg(xfrma, XFRMA_ALG_COMP))) 202 goto out; 203 if ((err = verify_encap_tmpl(xfrma))) 204 goto out; 205 if ((err = verify_sec_ctx_len(xfrma))) 206 goto out; 207 if ((err = verify_one_addr(xfrma, XFRMA_COADDR, NULL))) 208 goto out; 209 210 err = -EINVAL; 211 switch (p->mode) { 212 case XFRM_MODE_TRANSPORT: 213 case XFRM_MODE_TUNNEL: 214 case XFRM_MODE_ROUTEOPTIMIZATION: 215 case XFRM_MODE_BEET: 216 break; 217 218 default: 219 goto out; 220 } 221 222 err = 0; 223 224 out: 225 return err; 226 } 227 228 static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, 229 struct xfrm_algo_desc *(*get_byname)(char *, int), 230 struct rtattr *u_arg) 231 { 232 struct rtattr *rta = u_arg; 233 struct xfrm_algo *p, *ualg; 234 struct xfrm_algo_desc *algo; 235 int len; 236 237 if (!rta) 238 return 0; 239 240 ualg = RTA_DATA(rta); 241 242 algo = get_byname(ualg->alg_name, 1); 243 if (!algo) 244 return -ENOSYS; 245 *props = algo->desc.sadb_alg_id; 246 247 len = sizeof(*ualg) + (ualg->alg_key_len + 7U) / 8; 248 p = kmemdup(ualg, len, GFP_KERNEL); 249 if (!p) 250 return -ENOMEM; 251 252 strcpy(p->alg_name, algo->name); 253 *algpp = p; 254 return 0; 255 } 256 257 static int attach_encap_tmpl(struct xfrm_encap_tmpl **encapp, struct rtattr *u_arg) 258 { 259 struct rtattr *rta = u_arg; 260 struct xfrm_encap_tmpl *p, *uencap; 261 262 if (!rta) 263 return 0; 264 265 uencap = RTA_DATA(rta); 266 p = kmemdup(uencap, sizeof(*p), GFP_KERNEL); 267 if (!p) 268 return -ENOMEM; 269 270 *encapp = p; 271 return 0; 272 } 273 274 275 static inline int xfrm_user_sec_ctx_size(struct xfrm_sec_ctx *xfrm_ctx) 276 { 277 int len = 0; 278 279 if (xfrm_ctx) { 280 len += sizeof(struct xfrm_user_sec_ctx); 281 len += xfrm_ctx->ctx_len; 282 } 283 return len; 284 } 285 286 static int attach_sec_ctx(struct xfrm_state *x, struct rtattr *u_arg) 287 { 288 struct xfrm_user_sec_ctx *uctx; 289 290 if (!u_arg) 291 return 0; 292 293 uctx = RTA_DATA(u_arg); 294 return security_xfrm_state_alloc(x, uctx); 295 } 296 297 static int attach_one_addr(xfrm_address_t **addrpp, struct rtattr *u_arg) 298 { 299 struct rtattr *rta = u_arg; 300 xfrm_address_t *p, *uaddrp; 301 302 if (!rta) 303 return 0; 304 305 uaddrp = RTA_DATA(rta); 306 p = kmemdup(uaddrp, sizeof(*p), GFP_KERNEL); 307 if (!p) 308 return -ENOMEM; 309 310 *addrpp = p; 311 return 0; 312 } 313 314 static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 315 { 316 memcpy(&x->id, &p->id, sizeof(x->id)); 317 memcpy(&x->sel, &p->sel, sizeof(x->sel)); 318 memcpy(&x->lft, &p->lft, sizeof(x->lft)); 319 x->props.mode = p->mode; 320 x->props.replay_window = p->replay_window; 321 x->props.reqid = p->reqid; 322 x->props.family = p->family; 323 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr)); 324 x->props.flags = p->flags; 325 326 /* 327 * Set inner address family if the KM left it as zero. 328 * See comment in validate_tmpl. 329 */ 330 if (!x->sel.family) 331 x->sel.family = p->family; 332 } 333 334 /* 335 * someday when pfkey also has support, we could have the code 336 * somehow made shareable and move it to xfrm_state.c - JHS 337 * 338 */ 339 static int xfrm_update_ae_params(struct xfrm_state *x, struct rtattr **xfrma) 340 { 341 int err = - EINVAL; 342 struct rtattr *rp = xfrma[XFRMA_REPLAY_VAL-1]; 343 struct rtattr *lt = xfrma[XFRMA_LTIME_VAL-1]; 344 struct rtattr *et = xfrma[XFRMA_ETIMER_THRESH-1]; 345 struct rtattr *rt = xfrma[XFRMA_REPLAY_THRESH-1]; 346 347 if (rp) { 348 struct xfrm_replay_state *replay; 349 if (RTA_PAYLOAD(rp) < sizeof(*replay)) 350 goto error; 351 replay = RTA_DATA(rp); 352 memcpy(&x->replay, replay, sizeof(*replay)); 353 memcpy(&x->preplay, replay, sizeof(*replay)); 354 } 355 356 if (lt) { 357 struct xfrm_lifetime_cur *ltime; 358 if (RTA_PAYLOAD(lt) < sizeof(*ltime)) 359 goto error; 360 ltime = RTA_DATA(lt); 361 x->curlft.bytes = ltime->bytes; 362 x->curlft.packets = ltime->packets; 363 x->curlft.add_time = ltime->add_time; 364 x->curlft.use_time = ltime->use_time; 365 } 366 367 if (et) { 368 if (RTA_PAYLOAD(et) < sizeof(u32)) 369 goto error; 370 x->replay_maxage = *(u32*)RTA_DATA(et); 371 } 372 373 if (rt) { 374 if (RTA_PAYLOAD(rt) < sizeof(u32)) 375 goto error; 376 x->replay_maxdiff = *(u32*)RTA_DATA(rt); 377 } 378 379 return 0; 380 error: 381 return err; 382 } 383 384 static struct xfrm_state *xfrm_state_construct(struct xfrm_usersa_info *p, 385 struct rtattr **xfrma, 386 int *errp) 387 { 388 struct xfrm_state *x = xfrm_state_alloc(); 389 int err = -ENOMEM; 390 391 if (!x) 392 goto error_no_put; 393 394 copy_from_user_state(x, p); 395 396 if ((err = attach_one_algo(&x->aalg, &x->props.aalgo, 397 xfrm_aalg_get_byname, 398 xfrma[XFRMA_ALG_AUTH-1]))) 399 goto error; 400 if ((err = attach_one_algo(&x->ealg, &x->props.ealgo, 401 xfrm_ealg_get_byname, 402 xfrma[XFRMA_ALG_CRYPT-1]))) 403 goto error; 404 if ((err = attach_one_algo(&x->calg, &x->props.calgo, 405 xfrm_calg_get_byname, 406 xfrma[XFRMA_ALG_COMP-1]))) 407 goto error; 408 if ((err = attach_encap_tmpl(&x->encap, xfrma[XFRMA_ENCAP-1]))) 409 goto error; 410 if ((err = attach_one_addr(&x->coaddr, xfrma[XFRMA_COADDR-1]))) 411 goto error; 412 err = xfrm_init_state(x); 413 if (err) 414 goto error; 415 416 if ((err = attach_sec_ctx(x, xfrma[XFRMA_SEC_CTX-1]))) 417 goto error; 418 419 x->km.seq = p->seq; 420 x->replay_maxdiff = sysctl_xfrm_aevent_rseqth; 421 /* sysctl_xfrm_aevent_etime is in 100ms units */ 422 x->replay_maxage = (sysctl_xfrm_aevent_etime*HZ)/XFRM_AE_ETH_M; 423 x->preplay.bitmap = 0; 424 x->preplay.seq = x->replay.seq+x->replay_maxdiff; 425 x->preplay.oseq = x->replay.oseq +x->replay_maxdiff; 426 427 /* override default values from above */ 428 429 err = xfrm_update_ae_params(x, (struct rtattr **)xfrma); 430 if (err < 0) 431 goto error; 432 433 return x; 434 435 error: 436 x->km.state = XFRM_STATE_DEAD; 437 xfrm_state_put(x); 438 error_no_put: 439 *errp = err; 440 return NULL; 441 } 442 443 static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 444 struct rtattr **xfrma) 445 { 446 struct xfrm_usersa_info *p = NLMSG_DATA(nlh); 447 struct xfrm_state *x; 448 int err; 449 struct km_event c; 450 451 err = verify_newsa_info(p, xfrma); 452 if (err) 453 return err; 454 455 x = xfrm_state_construct(p, xfrma, &err); 456 if (!x) 457 return err; 458 459 xfrm_state_hold(x); 460 if (nlh->nlmsg_type == XFRM_MSG_NEWSA) 461 err = xfrm_state_add(x); 462 else 463 err = xfrm_state_update(x); 464 465 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 466 AUDIT_MAC_IPSEC_ADDSA, err ? 0 : 1, NULL, x); 467 468 if (err < 0) { 469 x->km.state = XFRM_STATE_DEAD; 470 __xfrm_state_put(x); 471 goto out; 472 } 473 474 c.seq = nlh->nlmsg_seq; 475 c.pid = nlh->nlmsg_pid; 476 c.event = nlh->nlmsg_type; 477 478 km_state_notify(x, &c); 479 out: 480 xfrm_state_put(x); 481 return err; 482 } 483 484 static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, 485 struct rtattr **xfrma, 486 int *errp) 487 { 488 struct xfrm_state *x = NULL; 489 int err; 490 491 if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { 492 err = -ESRCH; 493 x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family); 494 } else { 495 xfrm_address_t *saddr = NULL; 496 497 err = verify_one_addr(xfrma, XFRMA_SRCADDR, &saddr); 498 if (err) 499 goto out; 500 501 if (!saddr) { 502 err = -EINVAL; 503 goto out; 504 } 505 506 err = -ESRCH; 507 x = xfrm_state_lookup_byaddr(&p->daddr, saddr, p->proto, 508 p->family); 509 } 510 511 out: 512 if (!x && errp) 513 *errp = err; 514 return x; 515 } 516 517 static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 518 struct rtattr **xfrma) 519 { 520 struct xfrm_state *x; 521 int err = -ESRCH; 522 struct km_event c; 523 struct xfrm_usersa_id *p = NLMSG_DATA(nlh); 524 525 x = xfrm_user_state_lookup(p, xfrma, &err); 526 if (x == NULL) 527 return err; 528 529 if ((err = security_xfrm_state_delete(x)) != 0) 530 goto out; 531 532 if (xfrm_state_kern(x)) { 533 err = -EPERM; 534 goto out; 535 } 536 537 err = xfrm_state_delete(x); 538 539 if (err < 0) 540 goto out; 541 542 c.seq = nlh->nlmsg_seq; 543 c.pid = nlh->nlmsg_pid; 544 c.event = nlh->nlmsg_type; 545 km_state_notify(x, &c); 546 547 out: 548 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 549 AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x); 550 xfrm_state_put(x); 551 return err; 552 } 553 554 static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 555 { 556 memcpy(&p->id, &x->id, sizeof(p->id)); 557 memcpy(&p->sel, &x->sel, sizeof(p->sel)); 558 memcpy(&p->lft, &x->lft, sizeof(p->lft)); 559 memcpy(&p->curlft, &x->curlft, sizeof(p->curlft)); 560 memcpy(&p->stats, &x->stats, sizeof(p->stats)); 561 memcpy(&p->saddr, &x->props.saddr, sizeof(p->saddr)); 562 p->mode = x->props.mode; 563 p->replay_window = x->props.replay_window; 564 p->reqid = x->props.reqid; 565 p->family = x->props.family; 566 p->flags = x->props.flags; 567 p->seq = x->km.seq; 568 } 569 570 struct xfrm_dump_info { 571 struct sk_buff *in_skb; 572 struct sk_buff *out_skb; 573 u32 nlmsg_seq; 574 u16 nlmsg_flags; 575 int start_idx; 576 int this_idx; 577 }; 578 579 static int dump_one_state(struct xfrm_state *x, int count, void *ptr) 580 { 581 struct xfrm_dump_info *sp = ptr; 582 struct sk_buff *in_skb = sp->in_skb; 583 struct sk_buff *skb = sp->out_skb; 584 struct xfrm_usersa_info *p; 585 struct nlmsghdr *nlh; 586 unsigned char *b = skb_tail_pointer(skb); 587 588 if (sp->this_idx < sp->start_idx) 589 goto out; 590 591 nlh = NLMSG_PUT(skb, NETLINK_CB(in_skb).pid, 592 sp->nlmsg_seq, 593 XFRM_MSG_NEWSA, sizeof(*p)); 594 nlh->nlmsg_flags = sp->nlmsg_flags; 595 596 p = NLMSG_DATA(nlh); 597 copy_to_user_state(x, p); 598 599 if (x->aalg) 600 RTA_PUT(skb, XFRMA_ALG_AUTH, 601 sizeof(*(x->aalg))+(x->aalg->alg_key_len+7)/8, x->aalg); 602 if (x->ealg) 603 RTA_PUT(skb, XFRMA_ALG_CRYPT, 604 sizeof(*(x->ealg))+(x->ealg->alg_key_len+7)/8, x->ealg); 605 if (x->calg) 606 RTA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 607 608 if (x->encap) 609 RTA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 610 611 if (x->security) { 612 int ctx_size = sizeof(struct xfrm_sec_ctx) + 613 x->security->ctx_len; 614 struct rtattr *rt = __RTA_PUT(skb, XFRMA_SEC_CTX, ctx_size); 615 struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt); 616 617 uctx->exttype = XFRMA_SEC_CTX; 618 uctx->len = ctx_size; 619 uctx->ctx_doi = x->security->ctx_doi; 620 uctx->ctx_alg = x->security->ctx_alg; 621 uctx->ctx_len = x->security->ctx_len; 622 memcpy(uctx + 1, x->security->ctx_str, x->security->ctx_len); 623 } 624 625 if (x->coaddr) 626 RTA_PUT(skb, XFRMA_COADDR, sizeof(*x->coaddr), x->coaddr); 627 628 if (x->lastused) 629 RTA_PUT(skb, XFRMA_LASTUSED, sizeof(x->lastused), &x->lastused); 630 631 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 632 out: 633 sp->this_idx++; 634 return 0; 635 636 nlmsg_failure: 637 rtattr_failure: 638 nlmsg_trim(skb, b); 639 return -1; 640 } 641 642 static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) 643 { 644 struct xfrm_dump_info info; 645 646 info.in_skb = cb->skb; 647 info.out_skb = skb; 648 info.nlmsg_seq = cb->nlh->nlmsg_seq; 649 info.nlmsg_flags = NLM_F_MULTI; 650 info.this_idx = 0; 651 info.start_idx = cb->args[0]; 652 (void) xfrm_state_walk(0, dump_one_state, &info); 653 cb->args[0] = info.this_idx; 654 655 return skb->len; 656 } 657 658 static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, 659 struct xfrm_state *x, u32 seq) 660 { 661 struct xfrm_dump_info info; 662 struct sk_buff *skb; 663 664 skb = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC); 665 if (!skb) 666 return ERR_PTR(-ENOMEM); 667 668 info.in_skb = in_skb; 669 info.out_skb = skb; 670 info.nlmsg_seq = seq; 671 info.nlmsg_flags = 0; 672 info.this_idx = info.start_idx = 0; 673 674 if (dump_one_state(x, 0, &info)) { 675 kfree_skb(skb); 676 return NULL; 677 } 678 679 return skb; 680 } 681 682 static int build_spdinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags) 683 { 684 struct xfrmk_spdinfo si; 685 struct xfrmu_spdinfo spc; 686 struct xfrmu_spdhinfo sph; 687 struct nlmsghdr *nlh; 688 u32 *f; 689 690 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0); 691 if (nlh == NULL) /* shouldnt really happen ... */ 692 return -EMSGSIZE; 693 694 f = nlmsg_data(nlh); 695 *f = flags; 696 xfrm_spd_getinfo(&si); 697 spc.incnt = si.incnt; 698 spc.outcnt = si.outcnt; 699 spc.fwdcnt = si.fwdcnt; 700 spc.inscnt = si.inscnt; 701 spc.outscnt = si.outscnt; 702 spc.fwdscnt = si.fwdscnt; 703 sph.spdhcnt = si.spdhcnt; 704 sph.spdhmcnt = si.spdhmcnt; 705 706 NLA_PUT(skb, XFRMA_SPD_INFO, sizeof(spc), &spc); 707 NLA_PUT(skb, XFRMA_SPD_HINFO, sizeof(sph), &sph); 708 709 return nlmsg_end(skb, nlh); 710 711 nla_put_failure: 712 nlmsg_cancel(skb, nlh); 713 return -EMSGSIZE; 714 } 715 716 static int xfrm_get_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 717 struct rtattr **xfrma) 718 { 719 struct sk_buff *r_skb; 720 u32 *flags = NLMSG_DATA(nlh); 721 u32 spid = NETLINK_CB(skb).pid; 722 u32 seq = nlh->nlmsg_seq; 723 int len = NLMSG_LENGTH(sizeof(u32)); 724 725 len += RTA_SPACE(sizeof(struct xfrmu_spdinfo)); 726 len += RTA_SPACE(sizeof(struct xfrmu_spdhinfo)); 727 728 r_skb = alloc_skb(len, GFP_ATOMIC); 729 if (r_skb == NULL) 730 return -ENOMEM; 731 732 if (build_spdinfo(r_skb, spid, seq, *flags) < 0) 733 BUG(); 734 735 return nlmsg_unicast(xfrm_nl, r_skb, spid); 736 } 737 738 static int build_sadinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags) 739 { 740 struct xfrmk_sadinfo si; 741 struct xfrmu_sadhinfo sh; 742 struct nlmsghdr *nlh; 743 u32 *f; 744 745 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSADINFO, sizeof(u32), 0); 746 if (nlh == NULL) /* shouldnt really happen ... */ 747 return -EMSGSIZE; 748 749 f = nlmsg_data(nlh); 750 *f = flags; 751 xfrm_sad_getinfo(&si); 752 753 sh.sadhmcnt = si.sadhmcnt; 754 sh.sadhcnt = si.sadhcnt; 755 756 NLA_PUT_U32(skb, XFRMA_SAD_CNT, si.sadcnt); 757 NLA_PUT(skb, XFRMA_SAD_HINFO, sizeof(sh), &sh); 758 759 return nlmsg_end(skb, nlh); 760 761 nla_put_failure: 762 nlmsg_cancel(skb, nlh); 763 return -EMSGSIZE; 764 } 765 766 static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 767 struct rtattr **xfrma) 768 { 769 struct sk_buff *r_skb; 770 u32 *flags = NLMSG_DATA(nlh); 771 u32 spid = NETLINK_CB(skb).pid; 772 u32 seq = nlh->nlmsg_seq; 773 int len = NLMSG_LENGTH(sizeof(u32)); 774 775 len += RTA_SPACE(sizeof(struct xfrmu_sadhinfo)); 776 len += RTA_SPACE(sizeof(u32)); 777 778 r_skb = alloc_skb(len, GFP_ATOMIC); 779 780 if (r_skb == NULL) 781 return -ENOMEM; 782 783 if (build_sadinfo(r_skb, spid, seq, *flags) < 0) 784 BUG(); 785 786 return nlmsg_unicast(xfrm_nl, r_skb, spid); 787 } 788 789 static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 790 struct rtattr **xfrma) 791 { 792 struct xfrm_usersa_id *p = NLMSG_DATA(nlh); 793 struct xfrm_state *x; 794 struct sk_buff *resp_skb; 795 int err = -ESRCH; 796 797 x = xfrm_user_state_lookup(p, xfrma, &err); 798 if (x == NULL) 799 goto out_noput; 800 801 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 802 if (IS_ERR(resp_skb)) { 803 err = PTR_ERR(resp_skb); 804 } else { 805 err = netlink_unicast(xfrm_nl, resp_skb, 806 NETLINK_CB(skb).pid, MSG_DONTWAIT); 807 } 808 xfrm_state_put(x); 809 out_noput: 810 return err; 811 } 812 813 static int verify_userspi_info(struct xfrm_userspi_info *p) 814 { 815 switch (p->info.id.proto) { 816 case IPPROTO_AH: 817 case IPPROTO_ESP: 818 break; 819 820 case IPPROTO_COMP: 821 /* IPCOMP spi is 16-bits. */ 822 if (p->max >= 0x10000) 823 return -EINVAL; 824 break; 825 826 default: 827 return -EINVAL; 828 } 829 830 if (p->min > p->max) 831 return -EINVAL; 832 833 return 0; 834 } 835 836 static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, 837 struct rtattr **xfrma) 838 { 839 struct xfrm_state *x; 840 struct xfrm_userspi_info *p; 841 struct sk_buff *resp_skb; 842 xfrm_address_t *daddr; 843 int family; 844 int err; 845 846 p = NLMSG_DATA(nlh); 847 err = verify_userspi_info(p); 848 if (err) 849 goto out_noput; 850 851 family = p->info.family; 852 daddr = &p->info.id.daddr; 853 854 x = NULL; 855 if (p->info.seq) { 856 x = xfrm_find_acq_byseq(p->info.seq); 857 if (x && xfrm_addr_cmp(&x->id.daddr, daddr, family)) { 858 xfrm_state_put(x); 859 x = NULL; 860 } 861 } 862 863 if (!x) 864 x = xfrm_find_acq(p->info.mode, p->info.reqid, 865 p->info.id.proto, daddr, 866 &p->info.saddr, 1, 867 family); 868 err = -ENOENT; 869 if (x == NULL) 870 goto out_noput; 871 872 resp_skb = ERR_PTR(-ENOENT); 873 874 spin_lock_bh(&x->lock); 875 if (x->km.state != XFRM_STATE_DEAD) { 876 xfrm_alloc_spi(x, htonl(p->min), htonl(p->max)); 877 if (x->id.spi) 878 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 879 } 880 spin_unlock_bh(&x->lock); 881 882 if (IS_ERR(resp_skb)) { 883 err = PTR_ERR(resp_skb); 884 goto out; 885 } 886 887 err = netlink_unicast(xfrm_nl, resp_skb, 888 NETLINK_CB(skb).pid, MSG_DONTWAIT); 889 890 out: 891 xfrm_state_put(x); 892 out_noput: 893 return err; 894 } 895 896 static int verify_policy_dir(u8 dir) 897 { 898 switch (dir) { 899 case XFRM_POLICY_IN: 900 case XFRM_POLICY_OUT: 901 case XFRM_POLICY_FWD: 902 break; 903 904 default: 905 return -EINVAL; 906 } 907 908 return 0; 909 } 910 911 static int verify_policy_type(u8 type) 912 { 913 switch (type) { 914 case XFRM_POLICY_TYPE_MAIN: 915 #ifdef CONFIG_XFRM_SUB_POLICY 916 case XFRM_POLICY_TYPE_SUB: 917 #endif 918 break; 919 920 default: 921 return -EINVAL; 922 } 923 924 return 0; 925 } 926 927 static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) 928 { 929 switch (p->share) { 930 case XFRM_SHARE_ANY: 931 case XFRM_SHARE_SESSION: 932 case XFRM_SHARE_USER: 933 case XFRM_SHARE_UNIQUE: 934 break; 935 936 default: 937 return -EINVAL; 938 } 939 940 switch (p->action) { 941 case XFRM_POLICY_ALLOW: 942 case XFRM_POLICY_BLOCK: 943 break; 944 945 default: 946 return -EINVAL; 947 } 948 949 switch (p->sel.family) { 950 case AF_INET: 951 break; 952 953 case AF_INET6: 954 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 955 break; 956 #else 957 return -EAFNOSUPPORT; 958 #endif 959 960 default: 961 return -EINVAL; 962 } 963 964 return verify_policy_dir(p->dir); 965 } 966 967 static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct rtattr **xfrma) 968 { 969 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 970 struct xfrm_user_sec_ctx *uctx; 971 972 if (!rt) 973 return 0; 974 975 uctx = RTA_DATA(rt); 976 return security_xfrm_policy_alloc(pol, uctx); 977 } 978 979 static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, 980 int nr) 981 { 982 int i; 983 984 xp->xfrm_nr = nr; 985 for (i = 0; i < nr; i++, ut++) { 986 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 987 988 memcpy(&t->id, &ut->id, sizeof(struct xfrm_id)); 989 memcpy(&t->saddr, &ut->saddr, 990 sizeof(xfrm_address_t)); 991 t->reqid = ut->reqid; 992 t->mode = ut->mode; 993 t->share = ut->share; 994 t->optional = ut->optional; 995 t->aalgos = ut->aalgos; 996 t->ealgos = ut->ealgos; 997 t->calgos = ut->calgos; 998 t->encap_family = ut->family; 999 } 1000 } 1001 1002 static int validate_tmpl(int nr, struct xfrm_user_tmpl *ut, u16 family) 1003 { 1004 int i; 1005 1006 if (nr > XFRM_MAX_DEPTH) 1007 return -EINVAL; 1008 1009 for (i = 0; i < nr; i++) { 1010 /* We never validated the ut->family value, so many 1011 * applications simply leave it at zero. The check was 1012 * never made and ut->family was ignored because all 1013 * templates could be assumed to have the same family as 1014 * the policy itself. Now that we will have ipv4-in-ipv6 1015 * and ipv6-in-ipv4 tunnels, this is no longer true. 1016 */ 1017 if (!ut[i].family) 1018 ut[i].family = family; 1019 1020 switch (ut[i].family) { 1021 case AF_INET: 1022 break; 1023 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1024 case AF_INET6: 1025 break; 1026 #endif 1027 default: 1028 return -EINVAL; 1029 } 1030 } 1031 1032 return 0; 1033 } 1034 1035 static int copy_from_user_tmpl(struct xfrm_policy *pol, struct rtattr **xfrma) 1036 { 1037 struct rtattr *rt = xfrma[XFRMA_TMPL-1]; 1038 1039 if (!rt) { 1040 pol->xfrm_nr = 0; 1041 } else { 1042 struct xfrm_user_tmpl *utmpl = RTA_DATA(rt); 1043 int nr = (rt->rta_len - sizeof(*rt)) / sizeof(*utmpl); 1044 int err; 1045 1046 err = validate_tmpl(nr, utmpl, pol->family); 1047 if (err) 1048 return err; 1049 1050 copy_templates(pol, RTA_DATA(rt), nr); 1051 } 1052 return 0; 1053 } 1054 1055 static int copy_from_user_policy_type(u8 *tp, struct rtattr **xfrma) 1056 { 1057 struct rtattr *rt = xfrma[XFRMA_POLICY_TYPE-1]; 1058 struct xfrm_userpolicy_type *upt; 1059 u8 type = XFRM_POLICY_TYPE_MAIN; 1060 int err; 1061 1062 if (rt) { 1063 if (rt->rta_len < sizeof(*upt)) 1064 return -EINVAL; 1065 1066 upt = RTA_DATA(rt); 1067 type = upt->type; 1068 } 1069 1070 err = verify_policy_type(type); 1071 if (err) 1072 return err; 1073 1074 *tp = type; 1075 return 0; 1076 } 1077 1078 static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p) 1079 { 1080 xp->priority = p->priority; 1081 xp->index = p->index; 1082 memcpy(&xp->selector, &p->sel, sizeof(xp->selector)); 1083 memcpy(&xp->lft, &p->lft, sizeof(xp->lft)); 1084 xp->action = p->action; 1085 xp->flags = p->flags; 1086 xp->family = p->sel.family; 1087 /* XXX xp->share = p->share; */ 1088 } 1089 1090 static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) 1091 { 1092 memcpy(&p->sel, &xp->selector, sizeof(p->sel)); 1093 memcpy(&p->lft, &xp->lft, sizeof(p->lft)); 1094 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); 1095 p->priority = xp->priority; 1096 p->index = xp->index; 1097 p->sel.family = xp->family; 1098 p->dir = dir; 1099 p->action = xp->action; 1100 p->flags = xp->flags; 1101 p->share = XFRM_SHARE_ANY; /* XXX xp->share */ 1102 } 1103 1104 static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, struct rtattr **xfrma, int *errp) 1105 { 1106 struct xfrm_policy *xp = xfrm_policy_alloc(GFP_KERNEL); 1107 int err; 1108 1109 if (!xp) { 1110 *errp = -ENOMEM; 1111 return NULL; 1112 } 1113 1114 copy_from_user_policy(xp, p); 1115 1116 err = copy_from_user_policy_type(&xp->type, xfrma); 1117 if (err) 1118 goto error; 1119 1120 if (!(err = copy_from_user_tmpl(xp, xfrma))) 1121 err = copy_from_user_sec_ctx(xp, xfrma); 1122 if (err) 1123 goto error; 1124 1125 return xp; 1126 error: 1127 *errp = err; 1128 kfree(xp); 1129 return NULL; 1130 } 1131 1132 static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1133 struct rtattr **xfrma) 1134 { 1135 struct xfrm_userpolicy_info *p = NLMSG_DATA(nlh); 1136 struct xfrm_policy *xp; 1137 struct km_event c; 1138 int err; 1139 int excl; 1140 1141 err = verify_newpolicy_info(p); 1142 if (err) 1143 return err; 1144 err = verify_sec_ctx_len(xfrma); 1145 if (err) 1146 return err; 1147 1148 xp = xfrm_policy_construct(p, xfrma, &err); 1149 if (!xp) 1150 return err; 1151 1152 /* shouldnt excl be based on nlh flags?? 1153 * Aha! this is anti-netlink really i.e more pfkey derived 1154 * in netlink excl is a flag and you wouldnt need 1155 * a type XFRM_MSG_UPDPOLICY - JHS */ 1156 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 1157 err = xfrm_policy_insert(p->dir, xp, excl); 1158 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 1159 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); 1160 1161 if (err) { 1162 security_xfrm_policy_free(xp); 1163 kfree(xp); 1164 return err; 1165 } 1166 1167 c.event = nlh->nlmsg_type; 1168 c.seq = nlh->nlmsg_seq; 1169 c.pid = nlh->nlmsg_pid; 1170 km_policy_notify(xp, p->dir, &c); 1171 1172 xfrm_pol_put(xp); 1173 1174 return 0; 1175 } 1176 1177 static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) 1178 { 1179 struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; 1180 int i; 1181 1182 if (xp->xfrm_nr == 0) 1183 return 0; 1184 1185 for (i = 0; i < xp->xfrm_nr; i++) { 1186 struct xfrm_user_tmpl *up = &vec[i]; 1187 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 1188 1189 memcpy(&up->id, &kp->id, sizeof(up->id)); 1190 up->family = kp->encap_family; 1191 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); 1192 up->reqid = kp->reqid; 1193 up->mode = kp->mode; 1194 up->share = kp->share; 1195 up->optional = kp->optional; 1196 up->aalgos = kp->aalgos; 1197 up->ealgos = kp->ealgos; 1198 up->calgos = kp->calgos; 1199 } 1200 RTA_PUT(skb, XFRMA_TMPL, 1201 (sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr), 1202 vec); 1203 1204 return 0; 1205 1206 rtattr_failure: 1207 return -1; 1208 } 1209 1210 static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb) 1211 { 1212 int ctx_size = sizeof(struct xfrm_sec_ctx) + s->ctx_len; 1213 struct rtattr *rt = __RTA_PUT(skb, XFRMA_SEC_CTX, ctx_size); 1214 struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt); 1215 1216 uctx->exttype = XFRMA_SEC_CTX; 1217 uctx->len = ctx_size; 1218 uctx->ctx_doi = s->ctx_doi; 1219 uctx->ctx_alg = s->ctx_alg; 1220 uctx->ctx_len = s->ctx_len; 1221 memcpy(uctx + 1, s->ctx_str, s->ctx_len); 1222 return 0; 1223 1224 rtattr_failure: 1225 return -1; 1226 } 1227 1228 static inline int copy_to_user_state_sec_ctx(struct xfrm_state *x, struct sk_buff *skb) 1229 { 1230 if (x->security) { 1231 return copy_sec_ctx(x->security, skb); 1232 } 1233 return 0; 1234 } 1235 1236 static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *skb) 1237 { 1238 if (xp->security) { 1239 return copy_sec_ctx(xp->security, skb); 1240 } 1241 return 0; 1242 } 1243 1244 #ifdef CONFIG_XFRM_SUB_POLICY 1245 static int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1246 { 1247 struct xfrm_userpolicy_type upt; 1248 1249 memset(&upt, 0, sizeof(upt)); 1250 upt.type = type; 1251 1252 RTA_PUT(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt); 1253 1254 return 0; 1255 1256 rtattr_failure: 1257 return -1; 1258 } 1259 1260 #else 1261 static inline int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1262 { 1263 return 0; 1264 } 1265 #endif 1266 1267 static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr) 1268 { 1269 struct xfrm_dump_info *sp = ptr; 1270 struct xfrm_userpolicy_info *p; 1271 struct sk_buff *in_skb = sp->in_skb; 1272 struct sk_buff *skb = sp->out_skb; 1273 struct nlmsghdr *nlh; 1274 unsigned char *b = skb_tail_pointer(skb); 1275 1276 if (sp->this_idx < sp->start_idx) 1277 goto out; 1278 1279 nlh = NLMSG_PUT(skb, NETLINK_CB(in_skb).pid, 1280 sp->nlmsg_seq, 1281 XFRM_MSG_NEWPOLICY, sizeof(*p)); 1282 p = NLMSG_DATA(nlh); 1283 nlh->nlmsg_flags = sp->nlmsg_flags; 1284 1285 copy_to_user_policy(xp, p, dir); 1286 if (copy_to_user_tmpl(xp, skb) < 0) 1287 goto nlmsg_failure; 1288 if (copy_to_user_sec_ctx(xp, skb)) 1289 goto nlmsg_failure; 1290 if (copy_to_user_policy_type(xp->type, skb) < 0) 1291 goto nlmsg_failure; 1292 1293 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 1294 out: 1295 sp->this_idx++; 1296 return 0; 1297 1298 nlmsg_failure: 1299 nlmsg_trim(skb, b); 1300 return -1; 1301 } 1302 1303 static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) 1304 { 1305 struct xfrm_dump_info info; 1306 1307 info.in_skb = cb->skb; 1308 info.out_skb = skb; 1309 info.nlmsg_seq = cb->nlh->nlmsg_seq; 1310 info.nlmsg_flags = NLM_F_MULTI; 1311 info.this_idx = 0; 1312 info.start_idx = cb->args[0]; 1313 (void) xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, dump_one_policy, &info); 1314 #ifdef CONFIG_XFRM_SUB_POLICY 1315 (void) xfrm_policy_walk(XFRM_POLICY_TYPE_SUB, dump_one_policy, &info); 1316 #endif 1317 cb->args[0] = info.this_idx; 1318 1319 return skb->len; 1320 } 1321 1322 static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, 1323 struct xfrm_policy *xp, 1324 int dir, u32 seq) 1325 { 1326 struct xfrm_dump_info info; 1327 struct sk_buff *skb; 1328 1329 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 1330 if (!skb) 1331 return ERR_PTR(-ENOMEM); 1332 1333 info.in_skb = in_skb; 1334 info.out_skb = skb; 1335 info.nlmsg_seq = seq; 1336 info.nlmsg_flags = 0; 1337 info.this_idx = info.start_idx = 0; 1338 1339 if (dump_one_policy(xp, dir, 0, &info) < 0) { 1340 kfree_skb(skb); 1341 return NULL; 1342 } 1343 1344 return skb; 1345 } 1346 1347 static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1348 struct rtattr **xfrma) 1349 { 1350 struct xfrm_policy *xp; 1351 struct xfrm_userpolicy_id *p; 1352 u8 type = XFRM_POLICY_TYPE_MAIN; 1353 int err; 1354 struct km_event c; 1355 int delete; 1356 1357 p = NLMSG_DATA(nlh); 1358 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; 1359 1360 err = copy_from_user_policy_type(&type, xfrma); 1361 if (err) 1362 return err; 1363 1364 err = verify_policy_dir(p->dir); 1365 if (err) 1366 return err; 1367 1368 if (p->index) 1369 xp = xfrm_policy_byid(type, p->dir, p->index, delete, &err); 1370 else { 1371 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 1372 struct xfrm_policy tmp; 1373 1374 err = verify_sec_ctx_len(xfrma); 1375 if (err) 1376 return err; 1377 1378 memset(&tmp, 0, sizeof(struct xfrm_policy)); 1379 if (rt) { 1380 struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt); 1381 1382 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1383 return err; 1384 } 1385 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 1386 delete, &err); 1387 security_xfrm_policy_free(&tmp); 1388 } 1389 if (xp == NULL) 1390 return -ENOENT; 1391 1392 if (!delete) { 1393 struct sk_buff *resp_skb; 1394 1395 resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq); 1396 if (IS_ERR(resp_skb)) { 1397 err = PTR_ERR(resp_skb); 1398 } else { 1399 err = netlink_unicast(xfrm_nl, resp_skb, 1400 NETLINK_CB(skb).pid, 1401 MSG_DONTWAIT); 1402 } 1403 } else { 1404 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 1405 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); 1406 1407 if (err != 0) 1408 goto out; 1409 1410 c.data.byid = p->index; 1411 c.event = nlh->nlmsg_type; 1412 c.seq = nlh->nlmsg_seq; 1413 c.pid = nlh->nlmsg_pid; 1414 km_policy_notify(xp, p->dir, &c); 1415 } 1416 1417 out: 1418 xfrm_pol_put(xp); 1419 return err; 1420 } 1421 1422 static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 1423 struct rtattr **xfrma) 1424 { 1425 struct km_event c; 1426 struct xfrm_usersa_flush *p = NLMSG_DATA(nlh); 1427 struct xfrm_audit audit_info; 1428 int err; 1429 1430 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1431 audit_info.secid = NETLINK_CB(skb).sid; 1432 err = xfrm_state_flush(p->proto, &audit_info); 1433 if (err) 1434 return err; 1435 c.data.proto = p->proto; 1436 c.event = nlh->nlmsg_type; 1437 c.seq = nlh->nlmsg_seq; 1438 c.pid = nlh->nlmsg_pid; 1439 km_state_notify(NULL, &c); 1440 1441 return 0; 1442 } 1443 1444 1445 static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) 1446 { 1447 struct xfrm_aevent_id *id; 1448 struct nlmsghdr *nlh; 1449 struct xfrm_lifetime_cur ltime; 1450 unsigned char *b = skb_tail_pointer(skb); 1451 1452 nlh = NLMSG_PUT(skb, c->pid, c->seq, XFRM_MSG_NEWAE, sizeof(*id)); 1453 id = NLMSG_DATA(nlh); 1454 nlh->nlmsg_flags = 0; 1455 1456 memcpy(&id->sa_id.daddr, &x->id.daddr,sizeof(x->id.daddr)); 1457 id->sa_id.spi = x->id.spi; 1458 id->sa_id.family = x->props.family; 1459 id->sa_id.proto = x->id.proto; 1460 memcpy(&id->saddr, &x->props.saddr,sizeof(x->props.saddr)); 1461 id->reqid = x->props.reqid; 1462 id->flags = c->data.aevent; 1463 1464 RTA_PUT(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), &x->replay); 1465 1466 ltime.bytes = x->curlft.bytes; 1467 ltime.packets = x->curlft.packets; 1468 ltime.add_time = x->curlft.add_time; 1469 ltime.use_time = x->curlft.use_time; 1470 1471 RTA_PUT(skb, XFRMA_LTIME_VAL, sizeof(struct xfrm_lifetime_cur), <ime); 1472 1473 if (id->flags&XFRM_AE_RTHR) { 1474 RTA_PUT(skb,XFRMA_REPLAY_THRESH,sizeof(u32),&x->replay_maxdiff); 1475 } 1476 1477 if (id->flags&XFRM_AE_ETHR) { 1478 u32 etimer = x->replay_maxage*10/HZ; 1479 RTA_PUT(skb,XFRMA_ETIMER_THRESH,sizeof(u32),&etimer); 1480 } 1481 1482 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 1483 return skb->len; 1484 1485 rtattr_failure: 1486 nlmsg_failure: 1487 nlmsg_trim(skb, b); 1488 return -1; 1489 } 1490 1491 static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 1492 struct rtattr **xfrma) 1493 { 1494 struct xfrm_state *x; 1495 struct sk_buff *r_skb; 1496 int err; 1497 struct km_event c; 1498 struct xfrm_aevent_id *p = NLMSG_DATA(nlh); 1499 int len = NLMSG_LENGTH(sizeof(struct xfrm_aevent_id)); 1500 struct xfrm_usersa_id *id = &p->sa_id; 1501 1502 len += RTA_SPACE(sizeof(struct xfrm_replay_state)); 1503 len += RTA_SPACE(sizeof(struct xfrm_lifetime_cur)); 1504 1505 if (p->flags&XFRM_AE_RTHR) 1506 len+=RTA_SPACE(sizeof(u32)); 1507 1508 if (p->flags&XFRM_AE_ETHR) 1509 len+=RTA_SPACE(sizeof(u32)); 1510 1511 r_skb = alloc_skb(len, GFP_ATOMIC); 1512 if (r_skb == NULL) 1513 return -ENOMEM; 1514 1515 x = xfrm_state_lookup(&id->daddr, id->spi, id->proto, id->family); 1516 if (x == NULL) { 1517 kfree_skb(r_skb); 1518 return -ESRCH; 1519 } 1520 1521 /* 1522 * XXX: is this lock really needed - none of the other 1523 * gets lock (the concern is things getting updated 1524 * while we are still reading) - jhs 1525 */ 1526 spin_lock_bh(&x->lock); 1527 c.data.aevent = p->flags; 1528 c.seq = nlh->nlmsg_seq; 1529 c.pid = nlh->nlmsg_pid; 1530 1531 if (build_aevent(r_skb, x, &c) < 0) 1532 BUG(); 1533 err = netlink_unicast(xfrm_nl, r_skb, 1534 NETLINK_CB(skb).pid, MSG_DONTWAIT); 1535 spin_unlock_bh(&x->lock); 1536 xfrm_state_put(x); 1537 return err; 1538 } 1539 1540 static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 1541 struct rtattr **xfrma) 1542 { 1543 struct xfrm_state *x; 1544 struct km_event c; 1545 int err = - EINVAL; 1546 struct xfrm_aevent_id *p = NLMSG_DATA(nlh); 1547 struct rtattr *rp = xfrma[XFRMA_REPLAY_VAL-1]; 1548 struct rtattr *lt = xfrma[XFRMA_LTIME_VAL-1]; 1549 1550 if (!lt && !rp) 1551 return err; 1552 1553 /* pedantic mode - thou shalt sayeth replaceth */ 1554 if (!(nlh->nlmsg_flags&NLM_F_REPLACE)) 1555 return err; 1556 1557 x = xfrm_state_lookup(&p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family); 1558 if (x == NULL) 1559 return -ESRCH; 1560 1561 if (x->km.state != XFRM_STATE_VALID) 1562 goto out; 1563 1564 spin_lock_bh(&x->lock); 1565 err = xfrm_update_ae_params(x, xfrma); 1566 spin_unlock_bh(&x->lock); 1567 if (err < 0) 1568 goto out; 1569 1570 c.event = nlh->nlmsg_type; 1571 c.seq = nlh->nlmsg_seq; 1572 c.pid = nlh->nlmsg_pid; 1573 c.data.aevent = XFRM_AE_CU; 1574 km_state_notify(x, &c); 1575 err = 0; 1576 out: 1577 xfrm_state_put(x); 1578 return err; 1579 } 1580 1581 static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1582 struct rtattr **xfrma) 1583 { 1584 struct km_event c; 1585 u8 type = XFRM_POLICY_TYPE_MAIN; 1586 int err; 1587 struct xfrm_audit audit_info; 1588 1589 err = copy_from_user_policy_type(&type, xfrma); 1590 if (err) 1591 return err; 1592 1593 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1594 audit_info.secid = NETLINK_CB(skb).sid; 1595 err = xfrm_policy_flush(type, &audit_info); 1596 if (err) 1597 return err; 1598 c.data.type = type; 1599 c.event = nlh->nlmsg_type; 1600 c.seq = nlh->nlmsg_seq; 1601 c.pid = nlh->nlmsg_pid; 1602 km_policy_notify(NULL, 0, &c); 1603 return 0; 1604 } 1605 1606 static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 1607 struct rtattr **xfrma) 1608 { 1609 struct xfrm_policy *xp; 1610 struct xfrm_user_polexpire *up = NLMSG_DATA(nlh); 1611 struct xfrm_userpolicy_info *p = &up->pol; 1612 u8 type = XFRM_POLICY_TYPE_MAIN; 1613 int err = -ENOENT; 1614 1615 err = copy_from_user_policy_type(&type, xfrma); 1616 if (err) 1617 return err; 1618 1619 if (p->index) 1620 xp = xfrm_policy_byid(type, p->dir, p->index, 0, &err); 1621 else { 1622 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 1623 struct xfrm_policy tmp; 1624 1625 err = verify_sec_ctx_len(xfrma); 1626 if (err) 1627 return err; 1628 1629 memset(&tmp, 0, sizeof(struct xfrm_policy)); 1630 if (rt) { 1631 struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt); 1632 1633 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1634 return err; 1635 } 1636 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 1637 0, &err); 1638 security_xfrm_policy_free(&tmp); 1639 } 1640 1641 if (xp == NULL) 1642 return -ENOENT; 1643 read_lock(&xp->lock); 1644 if (xp->dead) { 1645 read_unlock(&xp->lock); 1646 goto out; 1647 } 1648 1649 read_unlock(&xp->lock); 1650 err = 0; 1651 if (up->hard) { 1652 xfrm_policy_delete(xp, p->dir); 1653 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 1654 AUDIT_MAC_IPSEC_DELSPD, 1, xp, NULL); 1655 1656 } else { 1657 // reset the timers here? 1658 printk("Dont know what to do with soft policy expire\n"); 1659 } 1660 km_policy_expired(xp, p->dir, up->hard, current->pid); 1661 1662 out: 1663 xfrm_pol_put(xp); 1664 return err; 1665 } 1666 1667 static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 1668 struct rtattr **xfrma) 1669 { 1670 struct xfrm_state *x; 1671 int err; 1672 struct xfrm_user_expire *ue = NLMSG_DATA(nlh); 1673 struct xfrm_usersa_info *p = &ue->state; 1674 1675 x = xfrm_state_lookup(&p->id.daddr, p->id.spi, p->id.proto, p->family); 1676 1677 err = -ENOENT; 1678 if (x == NULL) 1679 return err; 1680 1681 spin_lock_bh(&x->lock); 1682 err = -EINVAL; 1683 if (x->km.state != XFRM_STATE_VALID) 1684 goto out; 1685 km_state_expired(x, ue->hard, current->pid); 1686 1687 if (ue->hard) { 1688 __xfrm_state_delete(x); 1689 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 1690 AUDIT_MAC_IPSEC_DELSA, 1, NULL, x); 1691 } 1692 err = 0; 1693 out: 1694 spin_unlock_bh(&x->lock); 1695 xfrm_state_put(x); 1696 return err; 1697 } 1698 1699 static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, 1700 struct rtattr **xfrma) 1701 { 1702 struct xfrm_policy *xp; 1703 struct xfrm_user_tmpl *ut; 1704 int i; 1705 struct rtattr *rt = xfrma[XFRMA_TMPL-1]; 1706 1707 struct xfrm_user_acquire *ua = NLMSG_DATA(nlh); 1708 struct xfrm_state *x = xfrm_state_alloc(); 1709 int err = -ENOMEM; 1710 1711 if (!x) 1712 return err; 1713 1714 err = verify_newpolicy_info(&ua->policy); 1715 if (err) { 1716 printk("BAD policy passed\n"); 1717 kfree(x); 1718 return err; 1719 } 1720 1721 /* build an XP */ 1722 xp = xfrm_policy_construct(&ua->policy, (struct rtattr **) xfrma, &err); 1723 if (!xp) { 1724 kfree(x); 1725 return err; 1726 } 1727 1728 memcpy(&x->id, &ua->id, sizeof(ua->id)); 1729 memcpy(&x->props.saddr, &ua->saddr, sizeof(ua->saddr)); 1730 memcpy(&x->sel, &ua->sel, sizeof(ua->sel)); 1731 1732 ut = RTA_DATA(rt); 1733 /* extract the templates and for each call km_key */ 1734 for (i = 0; i < xp->xfrm_nr; i++, ut++) { 1735 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 1736 memcpy(&x->id, &t->id, sizeof(x->id)); 1737 x->props.mode = t->mode; 1738 x->props.reqid = t->reqid; 1739 x->props.family = ut->family; 1740 t->aalgos = ua->aalgos; 1741 t->ealgos = ua->ealgos; 1742 t->calgos = ua->calgos; 1743 err = km_query(x, t, xp); 1744 1745 } 1746 1747 kfree(x); 1748 kfree(xp); 1749 1750 return 0; 1751 } 1752 1753 #ifdef CONFIG_XFRM_MIGRATE 1754 static int verify_user_migrate(struct rtattr **xfrma) 1755 { 1756 struct rtattr *rt = xfrma[XFRMA_MIGRATE-1]; 1757 struct xfrm_user_migrate *um; 1758 1759 if (!rt) 1760 return -EINVAL; 1761 1762 if ((rt->rta_len - sizeof(*rt)) < sizeof(*um)) 1763 return -EINVAL; 1764 1765 return 0; 1766 } 1767 1768 static int copy_from_user_migrate(struct xfrm_migrate *ma, 1769 struct rtattr **xfrma, int *num) 1770 { 1771 struct rtattr *rt = xfrma[XFRMA_MIGRATE-1]; 1772 struct xfrm_user_migrate *um; 1773 int i, num_migrate; 1774 1775 um = RTA_DATA(rt); 1776 num_migrate = (rt->rta_len - sizeof(*rt)) / sizeof(*um); 1777 1778 if (num_migrate <= 0 || num_migrate > XFRM_MAX_DEPTH) 1779 return -EINVAL; 1780 1781 for (i = 0; i < num_migrate; i++, um++, ma++) { 1782 memcpy(&ma->old_daddr, &um->old_daddr, sizeof(ma->old_daddr)); 1783 memcpy(&ma->old_saddr, &um->old_saddr, sizeof(ma->old_saddr)); 1784 memcpy(&ma->new_daddr, &um->new_daddr, sizeof(ma->new_daddr)); 1785 memcpy(&ma->new_saddr, &um->new_saddr, sizeof(ma->new_saddr)); 1786 1787 ma->proto = um->proto; 1788 ma->mode = um->mode; 1789 ma->reqid = um->reqid; 1790 1791 ma->old_family = um->old_family; 1792 ma->new_family = um->new_family; 1793 } 1794 1795 *num = i; 1796 return 0; 1797 } 1798 1799 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 1800 struct rtattr **xfrma) 1801 { 1802 struct xfrm_userpolicy_id *pi = NLMSG_DATA(nlh); 1803 struct xfrm_migrate m[XFRM_MAX_DEPTH]; 1804 u8 type; 1805 int err; 1806 int n = 0; 1807 1808 err = verify_user_migrate((struct rtattr **)xfrma); 1809 if (err) 1810 return err; 1811 1812 err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma); 1813 if (err) 1814 return err; 1815 1816 err = copy_from_user_migrate((struct xfrm_migrate *)m, 1817 (struct rtattr **)xfrma, &n); 1818 if (err) 1819 return err; 1820 1821 if (!n) 1822 return 0; 1823 1824 xfrm_migrate(&pi->sel, pi->dir, type, m, n); 1825 1826 return 0; 1827 } 1828 #else 1829 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 1830 struct rtattr **xfrma) 1831 { 1832 return -ENOPROTOOPT; 1833 } 1834 #endif 1835 1836 #ifdef CONFIG_XFRM_MIGRATE 1837 static int copy_to_user_migrate(struct xfrm_migrate *m, struct sk_buff *skb) 1838 { 1839 struct xfrm_user_migrate um; 1840 1841 memset(&um, 0, sizeof(um)); 1842 um.proto = m->proto; 1843 um.mode = m->mode; 1844 um.reqid = m->reqid; 1845 um.old_family = m->old_family; 1846 memcpy(&um.old_daddr, &m->old_daddr, sizeof(um.old_daddr)); 1847 memcpy(&um.old_saddr, &m->old_saddr, sizeof(um.old_saddr)); 1848 um.new_family = m->new_family; 1849 memcpy(&um.new_daddr, &m->new_daddr, sizeof(um.new_daddr)); 1850 memcpy(&um.new_saddr, &m->new_saddr, sizeof(um.new_saddr)); 1851 1852 RTA_PUT(skb, XFRMA_MIGRATE, sizeof(um), &um); 1853 return 0; 1854 1855 rtattr_failure: 1856 return -1; 1857 } 1858 1859 static int build_migrate(struct sk_buff *skb, struct xfrm_migrate *m, 1860 int num_migrate, struct xfrm_selector *sel, 1861 u8 dir, u8 type) 1862 { 1863 struct xfrm_migrate *mp; 1864 struct xfrm_userpolicy_id *pol_id; 1865 struct nlmsghdr *nlh; 1866 unsigned char *b = skb_tail_pointer(skb); 1867 int i; 1868 1869 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_MIGRATE, sizeof(*pol_id)); 1870 pol_id = NLMSG_DATA(nlh); 1871 nlh->nlmsg_flags = 0; 1872 1873 /* copy data from selector, dir, and type to the pol_id */ 1874 memset(pol_id, 0, sizeof(*pol_id)); 1875 memcpy(&pol_id->sel, sel, sizeof(pol_id->sel)); 1876 pol_id->dir = dir; 1877 1878 if (copy_to_user_policy_type(type, skb) < 0) 1879 goto nlmsg_failure; 1880 1881 for (i = 0, mp = m ; i < num_migrate; i++, mp++) { 1882 if (copy_to_user_migrate(mp, skb) < 0) 1883 goto nlmsg_failure; 1884 } 1885 1886 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 1887 return skb->len; 1888 nlmsg_failure: 1889 nlmsg_trim(skb, b); 1890 return -1; 1891 } 1892 1893 static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1894 struct xfrm_migrate *m, int num_migrate) 1895 { 1896 struct sk_buff *skb; 1897 size_t len; 1898 1899 len = RTA_SPACE(sizeof(struct xfrm_user_migrate) * num_migrate); 1900 len += NLMSG_SPACE(sizeof(struct xfrm_userpolicy_id)); 1901 #ifdef CONFIG_XFRM_SUB_POLICY 1902 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); 1903 #endif 1904 skb = alloc_skb(len, GFP_ATOMIC); 1905 if (skb == NULL) 1906 return -ENOMEM; 1907 1908 /* build migrate */ 1909 if (build_migrate(skb, m, num_migrate, sel, dir, type) < 0) 1910 BUG(); 1911 1912 NETLINK_CB(skb).dst_group = XFRMNLGRP_MIGRATE; 1913 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_MIGRATE, 1914 GFP_ATOMIC); 1915 } 1916 #else 1917 static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1918 struct xfrm_migrate *m, int num_migrate) 1919 { 1920 return -ENOPROTOOPT; 1921 } 1922 #endif 1923 1924 #define XMSGSIZE(type) NLMSG_LENGTH(sizeof(struct type)) 1925 1926 static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = { 1927 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 1928 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 1929 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 1930 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 1931 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1932 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1933 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info), 1934 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire), 1935 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire), 1936 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 1937 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 1938 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire), 1939 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), 1940 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = NLMSG_LENGTH(0), 1941 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 1942 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 1943 [XFRM_MSG_REPORT - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_report), 1944 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1945 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = NLMSG_LENGTH(sizeof(u32)), 1946 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = NLMSG_LENGTH(sizeof(u32)), 1947 }; 1948 1949 #undef XMSGSIZE 1950 1951 static struct xfrm_link { 1952 int (*doit)(struct sk_buff *, struct nlmsghdr *, struct rtattr **); 1953 int (*dump)(struct sk_buff *, struct netlink_callback *); 1954 } xfrm_dispatch[XFRM_NR_MSGTYPES] = { 1955 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 1956 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = { .doit = xfrm_del_sa }, 1957 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = { .doit = xfrm_get_sa, 1958 .dump = xfrm_dump_sa }, 1959 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 1960 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy }, 1961 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy, 1962 .dump = xfrm_dump_policy }, 1963 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, 1964 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire }, 1965 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire }, 1966 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 1967 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 1968 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_pol_expire}, 1969 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, 1970 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy }, 1971 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = { .doit = xfrm_new_ae }, 1972 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = { .doit = xfrm_get_ae }, 1973 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = { .doit = xfrm_do_migrate }, 1974 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_sadinfo }, 1975 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_spdinfo }, 1976 }; 1977 1978 static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 1979 { 1980 struct rtattr *xfrma[XFRMA_MAX]; 1981 struct xfrm_link *link; 1982 int type, min_len; 1983 1984 type = nlh->nlmsg_type; 1985 if (type > XFRM_MSG_MAX) 1986 return -EINVAL; 1987 1988 type -= XFRM_MSG_BASE; 1989 link = &xfrm_dispatch[type]; 1990 1991 /* All operations require privileges, even GET */ 1992 if (security_netlink_recv(skb, CAP_NET_ADMIN)) 1993 return -EPERM; 1994 1995 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || 1996 type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) && 1997 (nlh->nlmsg_flags & NLM_F_DUMP)) { 1998 if (link->dump == NULL) 1999 return -EINVAL; 2000 2001 return netlink_dump_start(xfrm_nl, skb, nlh, link->dump, NULL); 2002 } 2003 2004 memset(xfrma, 0, sizeof(xfrma)); 2005 2006 if (nlh->nlmsg_len < (min_len = xfrm_msg_min[type])) 2007 return -EINVAL; 2008 2009 if (nlh->nlmsg_len > min_len) { 2010 int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len); 2011 struct rtattr *attr = (void *) nlh + NLMSG_ALIGN(min_len); 2012 2013 while (RTA_OK(attr, attrlen)) { 2014 unsigned short flavor = attr->rta_type; 2015 if (flavor) { 2016 if (flavor > XFRMA_MAX) 2017 return -EINVAL; 2018 xfrma[flavor - 1] = attr; 2019 } 2020 attr = RTA_NEXT(attr, attrlen); 2021 } 2022 } 2023 2024 if (link->doit == NULL) 2025 return -EINVAL; 2026 2027 return link->doit(skb, nlh, xfrma); 2028 } 2029 2030 static void xfrm_netlink_rcv(struct sock *sk, int len) 2031 { 2032 unsigned int qlen = 0; 2033 2034 do { 2035 mutex_lock(&xfrm_cfg_mutex); 2036 netlink_run_queue(sk, &qlen, &xfrm_user_rcv_msg); 2037 mutex_unlock(&xfrm_cfg_mutex); 2038 2039 } while (qlen); 2040 } 2041 2042 static int build_expire(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) 2043 { 2044 struct xfrm_user_expire *ue; 2045 struct nlmsghdr *nlh; 2046 unsigned char *b = skb_tail_pointer(skb); 2047 2048 nlh = NLMSG_PUT(skb, c->pid, 0, XFRM_MSG_EXPIRE, 2049 sizeof(*ue)); 2050 ue = NLMSG_DATA(nlh); 2051 nlh->nlmsg_flags = 0; 2052 2053 copy_to_user_state(x, &ue->state); 2054 ue->hard = (c->data.hard != 0) ? 1 : 0; 2055 2056 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 2057 return skb->len; 2058 2059 nlmsg_failure: 2060 nlmsg_trim(skb, b); 2061 return -1; 2062 } 2063 2064 static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) 2065 { 2066 struct sk_buff *skb; 2067 int len = NLMSG_LENGTH(sizeof(struct xfrm_user_expire)); 2068 2069 skb = alloc_skb(len, GFP_ATOMIC); 2070 if (skb == NULL) 2071 return -ENOMEM; 2072 2073 if (build_expire(skb, x, c) < 0) 2074 BUG(); 2075 2076 NETLINK_CB(skb).dst_group = XFRMNLGRP_EXPIRE; 2077 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 2078 } 2079 2080 static int xfrm_aevent_state_notify(struct xfrm_state *x, struct km_event *c) 2081 { 2082 struct sk_buff *skb; 2083 int len = NLMSG_LENGTH(sizeof(struct xfrm_aevent_id)); 2084 2085 len += RTA_SPACE(sizeof(struct xfrm_replay_state)); 2086 len += RTA_SPACE(sizeof(struct xfrm_lifetime_cur)); 2087 skb = alloc_skb(len, GFP_ATOMIC); 2088 if (skb == NULL) 2089 return -ENOMEM; 2090 2091 if (build_aevent(skb, x, c) < 0) 2092 BUG(); 2093 2094 NETLINK_CB(skb).dst_group = XFRMNLGRP_AEVENTS; 2095 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_AEVENTS, GFP_ATOMIC); 2096 } 2097 2098 static int xfrm_notify_sa_flush(struct km_event *c) 2099 { 2100 struct xfrm_usersa_flush *p; 2101 struct nlmsghdr *nlh; 2102 struct sk_buff *skb; 2103 sk_buff_data_t b; 2104 int len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_flush)); 2105 2106 skb = alloc_skb(len, GFP_ATOMIC); 2107 if (skb == NULL) 2108 return -ENOMEM; 2109 b = skb->tail; 2110 2111 nlh = NLMSG_PUT(skb, c->pid, c->seq, 2112 XFRM_MSG_FLUSHSA, sizeof(*p)); 2113 nlh->nlmsg_flags = 0; 2114 2115 p = NLMSG_DATA(nlh); 2116 p->proto = c->data.proto; 2117 2118 nlh->nlmsg_len = skb->tail - b; 2119 2120 NETLINK_CB(skb).dst_group = XFRMNLGRP_SA; 2121 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 2122 2123 nlmsg_failure: 2124 kfree_skb(skb); 2125 return -1; 2126 } 2127 2128 static inline int xfrm_sa_len(struct xfrm_state *x) 2129 { 2130 int l = 0; 2131 if (x->aalg) 2132 l += RTA_SPACE(sizeof(*x->aalg) + (x->aalg->alg_key_len+7)/8); 2133 if (x->ealg) 2134 l += RTA_SPACE(sizeof(*x->ealg) + (x->ealg->alg_key_len+7)/8); 2135 if (x->calg) 2136 l += RTA_SPACE(sizeof(*x->calg)); 2137 if (x->encap) 2138 l += RTA_SPACE(sizeof(*x->encap)); 2139 2140 return l; 2141 } 2142 2143 static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c) 2144 { 2145 struct xfrm_usersa_info *p; 2146 struct xfrm_usersa_id *id; 2147 struct nlmsghdr *nlh; 2148 struct sk_buff *skb; 2149 sk_buff_data_t b; 2150 int len = xfrm_sa_len(x); 2151 int headlen; 2152 2153 headlen = sizeof(*p); 2154 if (c->event == XFRM_MSG_DELSA) { 2155 len += RTA_SPACE(headlen); 2156 headlen = sizeof(*id); 2157 } 2158 len += NLMSG_SPACE(headlen); 2159 2160 skb = alloc_skb(len, GFP_ATOMIC); 2161 if (skb == NULL) 2162 return -ENOMEM; 2163 b = skb->tail; 2164 2165 nlh = NLMSG_PUT(skb, c->pid, c->seq, c->event, headlen); 2166 nlh->nlmsg_flags = 0; 2167 2168 p = NLMSG_DATA(nlh); 2169 if (c->event == XFRM_MSG_DELSA) { 2170 id = NLMSG_DATA(nlh); 2171 memcpy(&id->daddr, &x->id.daddr, sizeof(id->daddr)); 2172 id->spi = x->id.spi; 2173 id->family = x->props.family; 2174 id->proto = x->id.proto; 2175 2176 p = RTA_DATA(__RTA_PUT(skb, XFRMA_SA, sizeof(*p))); 2177 } 2178 2179 copy_to_user_state(x, p); 2180 2181 if (x->aalg) 2182 RTA_PUT(skb, XFRMA_ALG_AUTH, 2183 sizeof(*(x->aalg))+(x->aalg->alg_key_len+7)/8, x->aalg); 2184 if (x->ealg) 2185 RTA_PUT(skb, XFRMA_ALG_CRYPT, 2186 sizeof(*(x->ealg))+(x->ealg->alg_key_len+7)/8, x->ealg); 2187 if (x->calg) 2188 RTA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 2189 2190 if (x->encap) 2191 RTA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 2192 2193 nlh->nlmsg_len = skb->tail - b; 2194 2195 NETLINK_CB(skb).dst_group = XFRMNLGRP_SA; 2196 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 2197 2198 nlmsg_failure: 2199 rtattr_failure: 2200 kfree_skb(skb); 2201 return -1; 2202 } 2203 2204 static int xfrm_send_state_notify(struct xfrm_state *x, struct km_event *c) 2205 { 2206 2207 switch (c->event) { 2208 case XFRM_MSG_EXPIRE: 2209 return xfrm_exp_state_notify(x, c); 2210 case XFRM_MSG_NEWAE: 2211 return xfrm_aevent_state_notify(x, c); 2212 case XFRM_MSG_DELSA: 2213 case XFRM_MSG_UPDSA: 2214 case XFRM_MSG_NEWSA: 2215 return xfrm_notify_sa(x, c); 2216 case XFRM_MSG_FLUSHSA: 2217 return xfrm_notify_sa_flush(c); 2218 default: 2219 printk("xfrm_user: Unknown SA event %d\n", c->event); 2220 break; 2221 } 2222 2223 return 0; 2224 2225 } 2226 2227 static int build_acquire(struct sk_buff *skb, struct xfrm_state *x, 2228 struct xfrm_tmpl *xt, struct xfrm_policy *xp, 2229 int dir) 2230 { 2231 struct xfrm_user_acquire *ua; 2232 struct nlmsghdr *nlh; 2233 unsigned char *b = skb_tail_pointer(skb); 2234 __u32 seq = xfrm_get_acqseq(); 2235 2236 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_ACQUIRE, 2237 sizeof(*ua)); 2238 ua = NLMSG_DATA(nlh); 2239 nlh->nlmsg_flags = 0; 2240 2241 memcpy(&ua->id, &x->id, sizeof(ua->id)); 2242 memcpy(&ua->saddr, &x->props.saddr, sizeof(ua->saddr)); 2243 memcpy(&ua->sel, &x->sel, sizeof(ua->sel)); 2244 copy_to_user_policy(xp, &ua->policy, dir); 2245 ua->aalgos = xt->aalgos; 2246 ua->ealgos = xt->ealgos; 2247 ua->calgos = xt->calgos; 2248 ua->seq = x->km.seq = seq; 2249 2250 if (copy_to_user_tmpl(xp, skb) < 0) 2251 goto nlmsg_failure; 2252 if (copy_to_user_state_sec_ctx(x, skb)) 2253 goto nlmsg_failure; 2254 if (copy_to_user_policy_type(xp->type, skb) < 0) 2255 goto nlmsg_failure; 2256 2257 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 2258 return skb->len; 2259 2260 nlmsg_failure: 2261 nlmsg_trim(skb, b); 2262 return -1; 2263 } 2264 2265 static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, 2266 struct xfrm_policy *xp, int dir) 2267 { 2268 struct sk_buff *skb; 2269 size_t len; 2270 2271 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 2272 len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire)); 2273 len += RTA_SPACE(xfrm_user_sec_ctx_size(x->security)); 2274 #ifdef CONFIG_XFRM_SUB_POLICY 2275 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); 2276 #endif 2277 skb = alloc_skb(len, GFP_ATOMIC); 2278 if (skb == NULL) 2279 return -ENOMEM; 2280 2281 if (build_acquire(skb, x, xt, xp, dir) < 0) 2282 BUG(); 2283 2284 NETLINK_CB(skb).dst_group = XFRMNLGRP_ACQUIRE; 2285 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_ACQUIRE, GFP_ATOMIC); 2286 } 2287 2288 /* User gives us xfrm_user_policy_info followed by an array of 0 2289 * or more templates. 2290 */ 2291 static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, 2292 u8 *data, int len, int *dir) 2293 { 2294 struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; 2295 struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); 2296 struct xfrm_policy *xp; 2297 int nr; 2298 2299 switch (sk->sk_family) { 2300 case AF_INET: 2301 if (opt != IP_XFRM_POLICY) { 2302 *dir = -EOPNOTSUPP; 2303 return NULL; 2304 } 2305 break; 2306 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 2307 case AF_INET6: 2308 if (opt != IPV6_XFRM_POLICY) { 2309 *dir = -EOPNOTSUPP; 2310 return NULL; 2311 } 2312 break; 2313 #endif 2314 default: 2315 *dir = -EINVAL; 2316 return NULL; 2317 } 2318 2319 *dir = -EINVAL; 2320 2321 if (len < sizeof(*p) || 2322 verify_newpolicy_info(p)) 2323 return NULL; 2324 2325 nr = ((len - sizeof(*p)) / sizeof(*ut)); 2326 if (validate_tmpl(nr, ut, p->sel.family)) 2327 return NULL; 2328 2329 if (p->dir > XFRM_POLICY_OUT) 2330 return NULL; 2331 2332 xp = xfrm_policy_alloc(GFP_KERNEL); 2333 if (xp == NULL) { 2334 *dir = -ENOBUFS; 2335 return NULL; 2336 } 2337 2338 copy_from_user_policy(xp, p); 2339 xp->type = XFRM_POLICY_TYPE_MAIN; 2340 copy_templates(xp, ut, nr); 2341 2342 *dir = p->dir; 2343 2344 return xp; 2345 } 2346 2347 static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, 2348 int dir, struct km_event *c) 2349 { 2350 struct xfrm_user_polexpire *upe; 2351 struct nlmsghdr *nlh; 2352 int hard = c->data.hard; 2353 unsigned char *b = skb_tail_pointer(skb); 2354 2355 nlh = NLMSG_PUT(skb, c->pid, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe)); 2356 upe = NLMSG_DATA(nlh); 2357 nlh->nlmsg_flags = 0; 2358 2359 copy_to_user_policy(xp, &upe->pol, dir); 2360 if (copy_to_user_tmpl(xp, skb) < 0) 2361 goto nlmsg_failure; 2362 if (copy_to_user_sec_ctx(xp, skb)) 2363 goto nlmsg_failure; 2364 if (copy_to_user_policy_type(xp->type, skb) < 0) 2365 goto nlmsg_failure; 2366 upe->hard = !!hard; 2367 2368 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 2369 return skb->len; 2370 2371 nlmsg_failure: 2372 nlmsg_trim(skb, b); 2373 return -1; 2374 } 2375 2376 static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2377 { 2378 struct sk_buff *skb; 2379 size_t len; 2380 2381 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 2382 len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire)); 2383 len += RTA_SPACE(xfrm_user_sec_ctx_size(xp->security)); 2384 #ifdef CONFIG_XFRM_SUB_POLICY 2385 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); 2386 #endif 2387 skb = alloc_skb(len, GFP_ATOMIC); 2388 if (skb == NULL) 2389 return -ENOMEM; 2390 2391 if (build_polexpire(skb, xp, dir, c) < 0) 2392 BUG(); 2393 2394 NETLINK_CB(skb).dst_group = XFRMNLGRP_EXPIRE; 2395 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 2396 } 2397 2398 static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) 2399 { 2400 struct xfrm_userpolicy_info *p; 2401 struct xfrm_userpolicy_id *id; 2402 struct nlmsghdr *nlh; 2403 struct sk_buff *skb; 2404 sk_buff_data_t b; 2405 int len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 2406 int headlen; 2407 2408 headlen = sizeof(*p); 2409 if (c->event == XFRM_MSG_DELPOLICY) { 2410 len += RTA_SPACE(headlen); 2411 headlen = sizeof(*id); 2412 } 2413 #ifdef CONFIG_XFRM_SUB_POLICY 2414 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); 2415 #endif 2416 len += NLMSG_SPACE(headlen); 2417 2418 skb = alloc_skb(len, GFP_ATOMIC); 2419 if (skb == NULL) 2420 return -ENOMEM; 2421 b = skb->tail; 2422 2423 nlh = NLMSG_PUT(skb, c->pid, c->seq, c->event, headlen); 2424 2425 p = NLMSG_DATA(nlh); 2426 if (c->event == XFRM_MSG_DELPOLICY) { 2427 id = NLMSG_DATA(nlh); 2428 memset(id, 0, sizeof(*id)); 2429 id->dir = dir; 2430 if (c->data.byid) 2431 id->index = xp->index; 2432 else 2433 memcpy(&id->sel, &xp->selector, sizeof(id->sel)); 2434 2435 p = RTA_DATA(__RTA_PUT(skb, XFRMA_POLICY, sizeof(*p))); 2436 } 2437 2438 nlh->nlmsg_flags = 0; 2439 2440 copy_to_user_policy(xp, p, dir); 2441 if (copy_to_user_tmpl(xp, skb) < 0) 2442 goto nlmsg_failure; 2443 if (copy_to_user_policy_type(xp->type, skb) < 0) 2444 goto nlmsg_failure; 2445 2446 nlh->nlmsg_len = skb->tail - b; 2447 2448 NETLINK_CB(skb).dst_group = XFRMNLGRP_POLICY; 2449 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2450 2451 nlmsg_failure: 2452 rtattr_failure: 2453 kfree_skb(skb); 2454 return -1; 2455 } 2456 2457 static int xfrm_notify_policy_flush(struct km_event *c) 2458 { 2459 struct nlmsghdr *nlh; 2460 struct sk_buff *skb; 2461 sk_buff_data_t b; 2462 int len = 0; 2463 #ifdef CONFIG_XFRM_SUB_POLICY 2464 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); 2465 #endif 2466 len += NLMSG_LENGTH(0); 2467 2468 skb = alloc_skb(len, GFP_ATOMIC); 2469 if (skb == NULL) 2470 return -ENOMEM; 2471 b = skb->tail; 2472 2473 2474 nlh = NLMSG_PUT(skb, c->pid, c->seq, XFRM_MSG_FLUSHPOLICY, 0); 2475 nlh->nlmsg_flags = 0; 2476 if (copy_to_user_policy_type(c->data.type, skb) < 0) 2477 goto nlmsg_failure; 2478 2479 nlh->nlmsg_len = skb->tail - b; 2480 2481 NETLINK_CB(skb).dst_group = XFRMNLGRP_POLICY; 2482 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2483 2484 nlmsg_failure: 2485 kfree_skb(skb); 2486 return -1; 2487 } 2488 2489 static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2490 { 2491 2492 switch (c->event) { 2493 case XFRM_MSG_NEWPOLICY: 2494 case XFRM_MSG_UPDPOLICY: 2495 case XFRM_MSG_DELPOLICY: 2496 return xfrm_notify_policy(xp, dir, c); 2497 case XFRM_MSG_FLUSHPOLICY: 2498 return xfrm_notify_policy_flush(c); 2499 case XFRM_MSG_POLEXPIRE: 2500 return xfrm_exp_policy_notify(xp, dir, c); 2501 default: 2502 printk("xfrm_user: Unknown Policy event %d\n", c->event); 2503 } 2504 2505 return 0; 2506 2507 } 2508 2509 static int build_report(struct sk_buff *skb, u8 proto, 2510 struct xfrm_selector *sel, xfrm_address_t *addr) 2511 { 2512 struct xfrm_user_report *ur; 2513 struct nlmsghdr *nlh; 2514 unsigned char *b = skb_tail_pointer(skb); 2515 2516 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_REPORT, sizeof(*ur)); 2517 ur = NLMSG_DATA(nlh); 2518 nlh->nlmsg_flags = 0; 2519 2520 ur->proto = proto; 2521 memcpy(&ur->sel, sel, sizeof(ur->sel)); 2522 2523 if (addr) 2524 RTA_PUT(skb, XFRMA_COADDR, sizeof(*addr), addr); 2525 2526 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 2527 return skb->len; 2528 2529 nlmsg_failure: 2530 rtattr_failure: 2531 nlmsg_trim(skb, b); 2532 return -1; 2533 } 2534 2535 static int xfrm_send_report(u8 proto, struct xfrm_selector *sel, 2536 xfrm_address_t *addr) 2537 { 2538 struct sk_buff *skb; 2539 size_t len; 2540 2541 len = NLMSG_ALIGN(NLMSG_LENGTH(sizeof(struct xfrm_user_report))); 2542 skb = alloc_skb(len, GFP_ATOMIC); 2543 if (skb == NULL) 2544 return -ENOMEM; 2545 2546 if (build_report(skb, proto, sel, addr) < 0) 2547 BUG(); 2548 2549 NETLINK_CB(skb).dst_group = XFRMNLGRP_REPORT; 2550 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_REPORT, GFP_ATOMIC); 2551 } 2552 2553 static struct xfrm_mgr netlink_mgr = { 2554 .id = "netlink", 2555 .notify = xfrm_send_state_notify, 2556 .acquire = xfrm_send_acquire, 2557 .compile_policy = xfrm_compile_policy, 2558 .notify_policy = xfrm_send_policy_notify, 2559 .report = xfrm_send_report, 2560 .migrate = xfrm_send_migrate, 2561 }; 2562 2563 static int __init xfrm_user_init(void) 2564 { 2565 struct sock *nlsk; 2566 2567 printk(KERN_INFO "Initializing XFRM netlink socket\n"); 2568 2569 nlsk = netlink_kernel_create(NETLINK_XFRM, XFRMNLGRP_MAX, 2570 xfrm_netlink_rcv, NULL, THIS_MODULE); 2571 if (nlsk == NULL) 2572 return -ENOMEM; 2573 rcu_assign_pointer(xfrm_nl, nlsk); 2574 2575 xfrm_register_km(&netlink_mgr); 2576 2577 return 0; 2578 } 2579 2580 static void __exit xfrm_user_exit(void) 2581 { 2582 struct sock *nlsk = xfrm_nl; 2583 2584 xfrm_unregister_km(&netlink_mgr); 2585 rcu_assign_pointer(xfrm_nl, NULL); 2586 synchronize_rcu(); 2587 sock_release(nlsk->sk_socket); 2588 } 2589 2590 module_init(xfrm_user_init); 2591 module_exit(xfrm_user_exit); 2592 MODULE_LICENSE("GPL"); 2593 MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_XFRM); 2594 2595