1 /* xfrm_user.c: User interface to configure xfrm engine. 2 * 3 * Copyright (C) 2002 David S. Miller (davem@redhat.com) 4 * 5 * Changes: 6 * Mitsuru KANDA @USAGI 7 * Kazunori MIYAZAWA @USAGI 8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 9 * IPv6 support 10 * 11 */ 12 13 #include <linux/module.h> 14 #include <linux/kernel.h> 15 #include <linux/types.h> 16 #include <linux/slab.h> 17 #include <linux/socket.h> 18 #include <linux/string.h> 19 #include <linux/net.h> 20 #include <linux/skbuff.h> 21 #include <linux/netlink.h> 22 #include <linux/rtnetlink.h> 23 #include <linux/pfkeyv2.h> 24 #include <linux/ipsec.h> 25 #include <linux/init.h> 26 #include <linux/security.h> 27 #include <net/sock.h> 28 #include <net/xfrm.h> 29 #include <asm/uaccess.h> 30 31 static struct sock *xfrm_nl; 32 33 static int verify_one_alg(struct rtattr **xfrma, enum xfrm_attr_type_t type) 34 { 35 struct rtattr *rt = xfrma[type - 1]; 36 struct xfrm_algo *algp; 37 int len; 38 39 if (!rt) 40 return 0; 41 42 len = (rt->rta_len - sizeof(*rt)) - sizeof(*algp); 43 if (len < 0) 44 return -EINVAL; 45 46 algp = RTA_DATA(rt); 47 48 len -= (algp->alg_key_len + 7U) / 8; 49 if (len < 0) 50 return -EINVAL; 51 52 switch (type) { 53 case XFRMA_ALG_AUTH: 54 if (!algp->alg_key_len && 55 strcmp(algp->alg_name, "digest_null") != 0) 56 return -EINVAL; 57 break; 58 59 case XFRMA_ALG_CRYPT: 60 if (!algp->alg_key_len && 61 strcmp(algp->alg_name, "cipher_null") != 0) 62 return -EINVAL; 63 break; 64 65 case XFRMA_ALG_COMP: 66 /* Zero length keys are legal. */ 67 break; 68 69 default: 70 return -EINVAL; 71 }; 72 73 algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0'; 74 return 0; 75 } 76 77 static int verify_encap_tmpl(struct rtattr **xfrma) 78 { 79 struct rtattr *rt = xfrma[XFRMA_ENCAP - 1]; 80 struct xfrm_encap_tmpl *encap; 81 82 if (!rt) 83 return 0; 84 85 if ((rt->rta_len - sizeof(*rt)) < sizeof(*encap)) 86 return -EINVAL; 87 88 return 0; 89 } 90 91 static int verify_newsa_info(struct xfrm_usersa_info *p, 92 struct rtattr **xfrma) 93 { 94 int err; 95 96 err = -EINVAL; 97 switch (p->family) { 98 case AF_INET: 99 break; 100 101 case AF_INET6: 102 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 103 break; 104 #else 105 err = -EAFNOSUPPORT; 106 goto out; 107 #endif 108 109 default: 110 goto out; 111 }; 112 113 err = -EINVAL; 114 switch (p->id.proto) { 115 case IPPROTO_AH: 116 if (!xfrma[XFRMA_ALG_AUTH-1] || 117 xfrma[XFRMA_ALG_CRYPT-1] || 118 xfrma[XFRMA_ALG_COMP-1]) 119 goto out; 120 break; 121 122 case IPPROTO_ESP: 123 if ((!xfrma[XFRMA_ALG_AUTH-1] && 124 !xfrma[XFRMA_ALG_CRYPT-1]) || 125 xfrma[XFRMA_ALG_COMP-1]) 126 goto out; 127 break; 128 129 case IPPROTO_COMP: 130 if (!xfrma[XFRMA_ALG_COMP-1] || 131 xfrma[XFRMA_ALG_AUTH-1] || 132 xfrma[XFRMA_ALG_CRYPT-1]) 133 goto out; 134 break; 135 136 default: 137 goto out; 138 }; 139 140 if ((err = verify_one_alg(xfrma, XFRMA_ALG_AUTH))) 141 goto out; 142 if ((err = verify_one_alg(xfrma, XFRMA_ALG_CRYPT))) 143 goto out; 144 if ((err = verify_one_alg(xfrma, XFRMA_ALG_COMP))) 145 goto out; 146 if ((err = verify_encap_tmpl(xfrma))) 147 goto out; 148 149 err = -EINVAL; 150 switch (p->mode) { 151 case 0: 152 case 1: 153 break; 154 155 default: 156 goto out; 157 }; 158 159 err = 0; 160 161 out: 162 return err; 163 } 164 165 static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, 166 struct xfrm_algo_desc *(*get_byname)(char *, int), 167 struct rtattr *u_arg) 168 { 169 struct rtattr *rta = u_arg; 170 struct xfrm_algo *p, *ualg; 171 struct xfrm_algo_desc *algo; 172 int len; 173 174 if (!rta) 175 return 0; 176 177 ualg = RTA_DATA(rta); 178 179 algo = get_byname(ualg->alg_name, 1); 180 if (!algo) 181 return -ENOSYS; 182 *props = algo->desc.sadb_alg_id; 183 184 len = sizeof(*ualg) + (ualg->alg_key_len + 7U) / 8; 185 p = kmalloc(len, GFP_KERNEL); 186 if (!p) 187 return -ENOMEM; 188 189 memcpy(p, ualg, len); 190 *algpp = p; 191 return 0; 192 } 193 194 static int attach_encap_tmpl(struct xfrm_encap_tmpl **encapp, struct rtattr *u_arg) 195 { 196 struct rtattr *rta = u_arg; 197 struct xfrm_encap_tmpl *p, *uencap; 198 199 if (!rta) 200 return 0; 201 202 uencap = RTA_DATA(rta); 203 p = kmalloc(sizeof(*p), GFP_KERNEL); 204 if (!p) 205 return -ENOMEM; 206 207 memcpy(p, uencap, sizeof(*p)); 208 *encapp = p; 209 return 0; 210 } 211 212 static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 213 { 214 memcpy(&x->id, &p->id, sizeof(x->id)); 215 memcpy(&x->sel, &p->sel, sizeof(x->sel)); 216 memcpy(&x->lft, &p->lft, sizeof(x->lft)); 217 x->props.mode = p->mode; 218 x->props.replay_window = p->replay_window; 219 x->props.reqid = p->reqid; 220 x->props.family = p->family; 221 x->props.saddr = p->saddr; 222 x->props.flags = p->flags; 223 } 224 225 static struct xfrm_state *xfrm_state_construct(struct xfrm_usersa_info *p, 226 struct rtattr **xfrma, 227 int *errp) 228 { 229 struct xfrm_state *x = xfrm_state_alloc(); 230 int err = -ENOMEM; 231 232 if (!x) 233 goto error_no_put; 234 235 copy_from_user_state(x, p); 236 237 if ((err = attach_one_algo(&x->aalg, &x->props.aalgo, 238 xfrm_aalg_get_byname, 239 xfrma[XFRMA_ALG_AUTH-1]))) 240 goto error; 241 if ((err = attach_one_algo(&x->ealg, &x->props.ealgo, 242 xfrm_ealg_get_byname, 243 xfrma[XFRMA_ALG_CRYPT-1]))) 244 goto error; 245 if ((err = attach_one_algo(&x->calg, &x->props.calgo, 246 xfrm_calg_get_byname, 247 xfrma[XFRMA_ALG_COMP-1]))) 248 goto error; 249 if ((err = attach_encap_tmpl(&x->encap, xfrma[XFRMA_ENCAP-1]))) 250 goto error; 251 252 err = -ENOENT; 253 x->type = xfrm_get_type(x->id.proto, x->props.family); 254 if (x->type == NULL) 255 goto error; 256 257 err = x->type->init_state(x, NULL); 258 if (err) 259 goto error; 260 261 x->curlft.add_time = (unsigned long) xtime.tv_sec; 262 x->km.state = XFRM_STATE_VALID; 263 x->km.seq = p->seq; 264 265 return x; 266 267 error: 268 x->km.state = XFRM_STATE_DEAD; 269 xfrm_state_put(x); 270 error_no_put: 271 *errp = err; 272 return NULL; 273 } 274 275 static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 276 { 277 struct xfrm_usersa_info *p = NLMSG_DATA(nlh); 278 struct xfrm_state *x; 279 int err; 280 struct km_event c; 281 282 err = verify_newsa_info(p, (struct rtattr **) xfrma); 283 if (err) 284 return err; 285 286 x = xfrm_state_construct(p, (struct rtattr **) xfrma, &err); 287 if (!x) 288 return err; 289 290 xfrm_state_hold(x); 291 if (nlh->nlmsg_type == XFRM_MSG_NEWSA) 292 err = xfrm_state_add(x); 293 else 294 err = xfrm_state_update(x); 295 296 if (err < 0) { 297 x->km.state = XFRM_STATE_DEAD; 298 xfrm_state_put(x); 299 return err; 300 } 301 302 c.seq = nlh->nlmsg_seq; 303 c.pid = nlh->nlmsg_pid; 304 if (nlh->nlmsg_type == XFRM_MSG_NEWSA) 305 c.event = XFRM_SAP_ADDED; 306 else 307 c.event = XFRM_SAP_UPDATED; 308 309 km_state_notify(x, &c); 310 xfrm_state_put(x); 311 312 return err; 313 } 314 315 static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 316 { 317 struct xfrm_state *x; 318 int err; 319 struct km_event c; 320 struct xfrm_usersa_id *p = NLMSG_DATA(nlh); 321 322 x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family); 323 if (x == NULL) 324 return -ESRCH; 325 326 if (xfrm_state_kern(x)) { 327 xfrm_state_put(x); 328 return -EPERM; 329 } 330 331 err = xfrm_state_delete(x); 332 if (err < 0) { 333 xfrm_state_put(x); 334 return err; 335 } 336 337 c.seq = nlh->nlmsg_seq; 338 c.pid = nlh->nlmsg_pid; 339 c.event = XFRM_SAP_DELETED; 340 km_state_notify(x, &c); 341 xfrm_state_put(x); 342 343 return err; 344 } 345 346 static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 347 { 348 memcpy(&p->id, &x->id, sizeof(p->id)); 349 memcpy(&p->sel, &x->sel, sizeof(p->sel)); 350 memcpy(&p->lft, &x->lft, sizeof(p->lft)); 351 memcpy(&p->curlft, &x->curlft, sizeof(p->curlft)); 352 memcpy(&p->stats, &x->stats, sizeof(p->stats)); 353 p->saddr = x->props.saddr; 354 p->mode = x->props.mode; 355 p->replay_window = x->props.replay_window; 356 p->reqid = x->props.reqid; 357 p->family = x->props.family; 358 p->flags = x->props.flags; 359 p->seq = x->km.seq; 360 } 361 362 struct xfrm_dump_info { 363 struct sk_buff *in_skb; 364 struct sk_buff *out_skb; 365 u32 nlmsg_seq; 366 u16 nlmsg_flags; 367 int start_idx; 368 int this_idx; 369 }; 370 371 static int dump_one_state(struct xfrm_state *x, int count, void *ptr) 372 { 373 struct xfrm_dump_info *sp = ptr; 374 struct sk_buff *in_skb = sp->in_skb; 375 struct sk_buff *skb = sp->out_skb; 376 struct xfrm_usersa_info *p; 377 struct nlmsghdr *nlh; 378 unsigned char *b = skb->tail; 379 380 if (sp->this_idx < sp->start_idx) 381 goto out; 382 383 nlh = NLMSG_PUT(skb, NETLINK_CB(in_skb).pid, 384 sp->nlmsg_seq, 385 XFRM_MSG_NEWSA, sizeof(*p)); 386 nlh->nlmsg_flags = sp->nlmsg_flags; 387 388 p = NLMSG_DATA(nlh); 389 copy_to_user_state(x, p); 390 391 if (x->aalg) 392 RTA_PUT(skb, XFRMA_ALG_AUTH, 393 sizeof(*(x->aalg))+(x->aalg->alg_key_len+7)/8, x->aalg); 394 if (x->ealg) 395 RTA_PUT(skb, XFRMA_ALG_CRYPT, 396 sizeof(*(x->ealg))+(x->ealg->alg_key_len+7)/8, x->ealg); 397 if (x->calg) 398 RTA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 399 400 if (x->encap) 401 RTA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 402 403 nlh->nlmsg_len = skb->tail - b; 404 out: 405 sp->this_idx++; 406 return 0; 407 408 nlmsg_failure: 409 rtattr_failure: 410 skb_trim(skb, b - skb->data); 411 return -1; 412 } 413 414 static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) 415 { 416 struct xfrm_dump_info info; 417 418 info.in_skb = cb->skb; 419 info.out_skb = skb; 420 info.nlmsg_seq = cb->nlh->nlmsg_seq; 421 info.nlmsg_flags = NLM_F_MULTI; 422 info.this_idx = 0; 423 info.start_idx = cb->args[0]; 424 (void) xfrm_state_walk(IPSEC_PROTO_ANY, dump_one_state, &info); 425 cb->args[0] = info.this_idx; 426 427 return skb->len; 428 } 429 430 static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, 431 struct xfrm_state *x, u32 seq) 432 { 433 struct xfrm_dump_info info; 434 struct sk_buff *skb; 435 436 skb = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC); 437 if (!skb) 438 return ERR_PTR(-ENOMEM); 439 440 NETLINK_CB(skb).dst_pid = NETLINK_CB(in_skb).pid; 441 info.in_skb = in_skb; 442 info.out_skb = skb; 443 info.nlmsg_seq = seq; 444 info.nlmsg_flags = 0; 445 info.this_idx = info.start_idx = 0; 446 447 if (dump_one_state(x, 0, &info)) { 448 kfree_skb(skb); 449 return NULL; 450 } 451 452 return skb; 453 } 454 455 static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 456 { 457 struct xfrm_usersa_id *p = NLMSG_DATA(nlh); 458 struct xfrm_state *x; 459 struct sk_buff *resp_skb; 460 int err; 461 462 x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family); 463 err = -ESRCH; 464 if (x == NULL) 465 goto out_noput; 466 467 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 468 if (IS_ERR(resp_skb)) { 469 err = PTR_ERR(resp_skb); 470 } else { 471 err = netlink_unicast(xfrm_nl, resp_skb, 472 NETLINK_CB(skb).pid, MSG_DONTWAIT); 473 } 474 xfrm_state_put(x); 475 out_noput: 476 return err; 477 } 478 479 static int verify_userspi_info(struct xfrm_userspi_info *p) 480 { 481 switch (p->info.id.proto) { 482 case IPPROTO_AH: 483 case IPPROTO_ESP: 484 break; 485 486 case IPPROTO_COMP: 487 /* IPCOMP spi is 16-bits. */ 488 if (p->max >= 0x10000) 489 return -EINVAL; 490 break; 491 492 default: 493 return -EINVAL; 494 }; 495 496 if (p->min > p->max) 497 return -EINVAL; 498 499 return 0; 500 } 501 502 static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 503 { 504 struct xfrm_state *x; 505 struct xfrm_userspi_info *p; 506 struct sk_buff *resp_skb; 507 xfrm_address_t *daddr; 508 int family; 509 int err; 510 511 p = NLMSG_DATA(nlh); 512 err = verify_userspi_info(p); 513 if (err) 514 goto out_noput; 515 516 family = p->info.family; 517 daddr = &p->info.id.daddr; 518 519 x = NULL; 520 if (p->info.seq) { 521 x = xfrm_find_acq_byseq(p->info.seq); 522 if (x && xfrm_addr_cmp(&x->id.daddr, daddr, family)) { 523 xfrm_state_put(x); 524 x = NULL; 525 } 526 } 527 528 if (!x) 529 x = xfrm_find_acq(p->info.mode, p->info.reqid, 530 p->info.id.proto, daddr, 531 &p->info.saddr, 1, 532 family); 533 err = -ENOENT; 534 if (x == NULL) 535 goto out_noput; 536 537 resp_skb = ERR_PTR(-ENOENT); 538 539 spin_lock_bh(&x->lock); 540 if (x->km.state != XFRM_STATE_DEAD) { 541 xfrm_alloc_spi(x, htonl(p->min), htonl(p->max)); 542 if (x->id.spi) 543 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 544 } 545 spin_unlock_bh(&x->lock); 546 547 if (IS_ERR(resp_skb)) { 548 err = PTR_ERR(resp_skb); 549 goto out; 550 } 551 552 err = netlink_unicast(xfrm_nl, resp_skb, 553 NETLINK_CB(skb).pid, MSG_DONTWAIT); 554 555 out: 556 xfrm_state_put(x); 557 out_noput: 558 return err; 559 } 560 561 static int verify_policy_dir(__u8 dir) 562 { 563 switch (dir) { 564 case XFRM_POLICY_IN: 565 case XFRM_POLICY_OUT: 566 case XFRM_POLICY_FWD: 567 break; 568 569 default: 570 return -EINVAL; 571 }; 572 573 return 0; 574 } 575 576 static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) 577 { 578 switch (p->share) { 579 case XFRM_SHARE_ANY: 580 case XFRM_SHARE_SESSION: 581 case XFRM_SHARE_USER: 582 case XFRM_SHARE_UNIQUE: 583 break; 584 585 default: 586 return -EINVAL; 587 }; 588 589 switch (p->action) { 590 case XFRM_POLICY_ALLOW: 591 case XFRM_POLICY_BLOCK: 592 break; 593 594 default: 595 return -EINVAL; 596 }; 597 598 switch (p->sel.family) { 599 case AF_INET: 600 break; 601 602 case AF_INET6: 603 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 604 break; 605 #else 606 return -EAFNOSUPPORT; 607 #endif 608 609 default: 610 return -EINVAL; 611 }; 612 613 return verify_policy_dir(p->dir); 614 } 615 616 static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, 617 int nr) 618 { 619 int i; 620 621 xp->xfrm_nr = nr; 622 for (i = 0; i < nr; i++, ut++) { 623 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 624 625 memcpy(&t->id, &ut->id, sizeof(struct xfrm_id)); 626 memcpy(&t->saddr, &ut->saddr, 627 sizeof(xfrm_address_t)); 628 t->reqid = ut->reqid; 629 t->mode = ut->mode; 630 t->share = ut->share; 631 t->optional = ut->optional; 632 t->aalgos = ut->aalgos; 633 t->ealgos = ut->ealgos; 634 t->calgos = ut->calgos; 635 } 636 } 637 638 static int copy_from_user_tmpl(struct xfrm_policy *pol, struct rtattr **xfrma) 639 { 640 struct rtattr *rt = xfrma[XFRMA_TMPL-1]; 641 struct xfrm_user_tmpl *utmpl; 642 int nr; 643 644 if (!rt) { 645 pol->xfrm_nr = 0; 646 } else { 647 nr = (rt->rta_len - sizeof(*rt)) / sizeof(*utmpl); 648 649 if (nr > XFRM_MAX_DEPTH) 650 return -EINVAL; 651 652 copy_templates(pol, RTA_DATA(rt), nr); 653 } 654 return 0; 655 } 656 657 static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p) 658 { 659 xp->priority = p->priority; 660 xp->index = p->index; 661 memcpy(&xp->selector, &p->sel, sizeof(xp->selector)); 662 memcpy(&xp->lft, &p->lft, sizeof(xp->lft)); 663 xp->action = p->action; 664 xp->flags = p->flags; 665 xp->family = p->sel.family; 666 /* XXX xp->share = p->share; */ 667 } 668 669 static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) 670 { 671 memcpy(&p->sel, &xp->selector, sizeof(p->sel)); 672 memcpy(&p->lft, &xp->lft, sizeof(p->lft)); 673 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); 674 p->priority = xp->priority; 675 p->index = xp->index; 676 p->sel.family = xp->family; 677 p->dir = dir; 678 p->action = xp->action; 679 p->flags = xp->flags; 680 p->share = XFRM_SHARE_ANY; /* XXX xp->share */ 681 } 682 683 static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, struct rtattr **xfrma, int *errp) 684 { 685 struct xfrm_policy *xp = xfrm_policy_alloc(GFP_KERNEL); 686 int err; 687 688 if (!xp) { 689 *errp = -ENOMEM; 690 return NULL; 691 } 692 693 copy_from_user_policy(xp, p); 694 err = copy_from_user_tmpl(xp, xfrma); 695 if (err) { 696 *errp = err; 697 kfree(xp); 698 xp = NULL; 699 } 700 701 return xp; 702 } 703 704 static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 705 { 706 struct xfrm_userpolicy_info *p = NLMSG_DATA(nlh); 707 struct xfrm_policy *xp; 708 struct km_event c; 709 int err; 710 int excl; 711 712 err = verify_newpolicy_info(p); 713 if (err) 714 return err; 715 716 xp = xfrm_policy_construct(p, (struct rtattr **) xfrma, &err); 717 if (!xp) 718 return err; 719 720 /* shouldnt excl be based on nlh flags?? 721 * Aha! this is anti-netlink really i.e more pfkey derived 722 * in netlink excl is a flag and you wouldnt need 723 * a type XFRM_MSG_UPDPOLICY - JHS */ 724 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 725 err = xfrm_policy_insert(p->dir, xp, excl); 726 if (err) { 727 kfree(xp); 728 return err; 729 } 730 731 if (!excl) 732 c.event = XFRM_SAP_UPDATED; 733 else 734 c.event = XFRM_SAP_ADDED; 735 736 c.seq = nlh->nlmsg_seq; 737 c.pid = nlh->nlmsg_pid; 738 km_policy_notify(xp, p->dir, &c); 739 740 xfrm_pol_put(xp); 741 742 return 0; 743 } 744 745 static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) 746 { 747 struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; 748 int i; 749 750 if (xp->xfrm_nr == 0) 751 return 0; 752 753 for (i = 0; i < xp->xfrm_nr; i++) { 754 struct xfrm_user_tmpl *up = &vec[i]; 755 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 756 757 memcpy(&up->id, &kp->id, sizeof(up->id)); 758 up->family = xp->family; 759 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); 760 up->reqid = kp->reqid; 761 up->mode = kp->mode; 762 up->share = kp->share; 763 up->optional = kp->optional; 764 up->aalgos = kp->aalgos; 765 up->ealgos = kp->ealgos; 766 up->calgos = kp->calgos; 767 } 768 RTA_PUT(skb, XFRMA_TMPL, 769 (sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr), 770 vec); 771 772 return 0; 773 774 rtattr_failure: 775 return -1; 776 } 777 778 static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr) 779 { 780 struct xfrm_dump_info *sp = ptr; 781 struct xfrm_userpolicy_info *p; 782 struct sk_buff *in_skb = sp->in_skb; 783 struct sk_buff *skb = sp->out_skb; 784 struct nlmsghdr *nlh; 785 unsigned char *b = skb->tail; 786 787 if (sp->this_idx < sp->start_idx) 788 goto out; 789 790 nlh = NLMSG_PUT(skb, NETLINK_CB(in_skb).pid, 791 sp->nlmsg_seq, 792 XFRM_MSG_NEWPOLICY, sizeof(*p)); 793 p = NLMSG_DATA(nlh); 794 nlh->nlmsg_flags = sp->nlmsg_flags; 795 796 copy_to_user_policy(xp, p, dir); 797 if (copy_to_user_tmpl(xp, skb) < 0) 798 goto nlmsg_failure; 799 800 nlh->nlmsg_len = skb->tail - b; 801 out: 802 sp->this_idx++; 803 return 0; 804 805 nlmsg_failure: 806 skb_trim(skb, b - skb->data); 807 return -1; 808 } 809 810 static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) 811 { 812 struct xfrm_dump_info info; 813 814 info.in_skb = cb->skb; 815 info.out_skb = skb; 816 info.nlmsg_seq = cb->nlh->nlmsg_seq; 817 info.nlmsg_flags = NLM_F_MULTI; 818 info.this_idx = 0; 819 info.start_idx = cb->args[0]; 820 (void) xfrm_policy_walk(dump_one_policy, &info); 821 cb->args[0] = info.this_idx; 822 823 return skb->len; 824 } 825 826 static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, 827 struct xfrm_policy *xp, 828 int dir, u32 seq) 829 { 830 struct xfrm_dump_info info; 831 struct sk_buff *skb; 832 833 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 834 if (!skb) 835 return ERR_PTR(-ENOMEM); 836 837 NETLINK_CB(skb).dst_pid = NETLINK_CB(in_skb).pid; 838 info.in_skb = in_skb; 839 info.out_skb = skb; 840 info.nlmsg_seq = seq; 841 info.nlmsg_flags = 0; 842 info.this_idx = info.start_idx = 0; 843 844 if (dump_one_policy(xp, dir, 0, &info) < 0) { 845 kfree_skb(skb); 846 return NULL; 847 } 848 849 return skb; 850 } 851 852 static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 853 { 854 struct xfrm_policy *xp; 855 struct xfrm_userpolicy_id *p; 856 int err; 857 struct km_event c; 858 int delete; 859 860 p = NLMSG_DATA(nlh); 861 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; 862 863 err = verify_policy_dir(p->dir); 864 if (err) 865 return err; 866 867 if (p->index) 868 xp = xfrm_policy_byid(p->dir, p->index, delete); 869 else 870 xp = xfrm_policy_bysel(p->dir, &p->sel, delete); 871 if (xp == NULL) 872 return -ENOENT; 873 874 if (!delete) { 875 struct sk_buff *resp_skb; 876 877 resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq); 878 if (IS_ERR(resp_skb)) { 879 err = PTR_ERR(resp_skb); 880 } else { 881 err = netlink_unicast(xfrm_nl, resp_skb, 882 NETLINK_CB(skb).pid, 883 MSG_DONTWAIT); 884 } 885 } else { 886 c.event = XFRM_SAP_DELETED; 887 c.seq = nlh->nlmsg_seq; 888 c.pid = nlh->nlmsg_pid; 889 km_policy_notify(xp, p->dir, &c); 890 } 891 892 xfrm_pol_put(xp); 893 894 return err; 895 } 896 897 static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 898 { 899 struct km_event c; 900 struct xfrm_usersa_flush *p = NLMSG_DATA(nlh); 901 902 xfrm_state_flush(p->proto); 903 c.data = p->proto; 904 c.event = XFRM_SAP_FLUSHED; 905 c.seq = nlh->nlmsg_seq; 906 c.pid = nlh->nlmsg_pid; 907 km_state_notify(NULL, &c); 908 909 return 0; 910 } 911 912 static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 913 { 914 struct km_event c; 915 916 xfrm_policy_flush(); 917 c.event = XFRM_SAP_FLUSHED; 918 c.seq = nlh->nlmsg_seq; 919 c.pid = nlh->nlmsg_pid; 920 km_policy_notify(NULL, 0, &c); 921 return 0; 922 } 923 924 #define XMSGSIZE(type) NLMSG_LENGTH(sizeof(struct type)) 925 926 static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = { 927 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 928 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 929 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 930 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 931 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 932 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 933 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info), 934 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire), 935 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire), 936 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 937 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 938 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire), 939 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), 940 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = NLMSG_LENGTH(0), 941 }; 942 943 #undef XMSGSIZE 944 945 static struct xfrm_link { 946 int (*doit)(struct sk_buff *, struct nlmsghdr *, void **); 947 int (*dump)(struct sk_buff *, struct netlink_callback *); 948 } xfrm_dispatch[XFRM_NR_MSGTYPES] = { 949 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 950 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = { .doit = xfrm_del_sa }, 951 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = { .doit = xfrm_get_sa, 952 .dump = xfrm_dump_sa }, 953 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 954 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy }, 955 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy, 956 .dump = xfrm_dump_policy }, 957 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, 958 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 959 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 960 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, 961 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy }, 962 }; 963 964 static int xfrm_done(struct netlink_callback *cb) 965 { 966 return 0; 967 } 968 969 static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, int *errp) 970 { 971 struct rtattr *xfrma[XFRMA_MAX]; 972 struct xfrm_link *link; 973 int type, min_len; 974 975 if (!(nlh->nlmsg_flags & NLM_F_REQUEST)) 976 return 0; 977 978 type = nlh->nlmsg_type; 979 980 /* A control message: ignore them */ 981 if (type < XFRM_MSG_BASE) 982 return 0; 983 984 /* Unknown message: reply with EINVAL */ 985 if (type > XFRM_MSG_MAX) 986 goto err_einval; 987 988 type -= XFRM_MSG_BASE; 989 link = &xfrm_dispatch[type]; 990 991 /* All operations require privileges, even GET */ 992 if (security_netlink_recv(skb)) { 993 *errp = -EPERM; 994 return -1; 995 } 996 997 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || 998 type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) && 999 (nlh->nlmsg_flags & NLM_F_DUMP)) { 1000 u32 rlen; 1001 1002 if (link->dump == NULL) 1003 goto err_einval; 1004 1005 if ((*errp = netlink_dump_start(xfrm_nl, skb, nlh, 1006 link->dump, 1007 xfrm_done)) != 0) { 1008 return -1; 1009 } 1010 rlen = NLMSG_ALIGN(nlh->nlmsg_len); 1011 if (rlen > skb->len) 1012 rlen = skb->len; 1013 skb_pull(skb, rlen); 1014 return -1; 1015 } 1016 1017 memset(xfrma, 0, sizeof(xfrma)); 1018 1019 if (nlh->nlmsg_len < (min_len = xfrm_msg_min[type])) 1020 goto err_einval; 1021 1022 if (nlh->nlmsg_len > min_len) { 1023 int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len); 1024 struct rtattr *attr = (void *) nlh + NLMSG_ALIGN(min_len); 1025 1026 while (RTA_OK(attr, attrlen)) { 1027 unsigned short flavor = attr->rta_type; 1028 if (flavor) { 1029 if (flavor > XFRMA_MAX) 1030 goto err_einval; 1031 xfrma[flavor - 1] = attr; 1032 } 1033 attr = RTA_NEXT(attr, attrlen); 1034 } 1035 } 1036 1037 if (link->doit == NULL) 1038 goto err_einval; 1039 *errp = link->doit(skb, nlh, (void **) &xfrma); 1040 1041 return *errp; 1042 1043 err_einval: 1044 *errp = -EINVAL; 1045 return -1; 1046 } 1047 1048 static int xfrm_user_rcv_skb(struct sk_buff *skb) 1049 { 1050 int err; 1051 struct nlmsghdr *nlh; 1052 1053 while (skb->len >= NLMSG_SPACE(0)) { 1054 u32 rlen; 1055 1056 nlh = (struct nlmsghdr *) skb->data; 1057 if (nlh->nlmsg_len < sizeof(*nlh) || 1058 skb->len < nlh->nlmsg_len) 1059 return 0; 1060 rlen = NLMSG_ALIGN(nlh->nlmsg_len); 1061 if (rlen > skb->len) 1062 rlen = skb->len; 1063 if (xfrm_user_rcv_msg(skb, nlh, &err) < 0) { 1064 if (err == 0) 1065 return -1; 1066 netlink_ack(skb, nlh, err); 1067 } else if (nlh->nlmsg_flags & NLM_F_ACK) 1068 netlink_ack(skb, nlh, 0); 1069 skb_pull(skb, rlen); 1070 } 1071 1072 return 0; 1073 } 1074 1075 static void xfrm_netlink_rcv(struct sock *sk, int len) 1076 { 1077 unsigned int qlen = skb_queue_len(&sk->sk_receive_queue); 1078 1079 do { 1080 struct sk_buff *skb; 1081 1082 down(&xfrm_cfg_sem); 1083 1084 if (qlen > skb_queue_len(&sk->sk_receive_queue)) 1085 qlen = skb_queue_len(&sk->sk_receive_queue); 1086 1087 for (; qlen; qlen--) { 1088 skb = skb_dequeue(&sk->sk_receive_queue); 1089 if (xfrm_user_rcv_skb(skb)) { 1090 if (skb->len) 1091 skb_queue_head(&sk->sk_receive_queue, 1092 skb); 1093 else { 1094 kfree_skb(skb); 1095 qlen--; 1096 } 1097 break; 1098 } 1099 kfree_skb(skb); 1100 } 1101 1102 up(&xfrm_cfg_sem); 1103 1104 } while (qlen); 1105 } 1106 1107 static int build_expire(struct sk_buff *skb, struct xfrm_state *x, int hard) 1108 { 1109 struct xfrm_user_expire *ue; 1110 struct nlmsghdr *nlh; 1111 unsigned char *b = skb->tail; 1112 1113 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_EXPIRE, 1114 sizeof(*ue)); 1115 ue = NLMSG_DATA(nlh); 1116 nlh->nlmsg_flags = 0; 1117 1118 copy_to_user_state(x, &ue->state); 1119 ue->hard = (hard != 0) ? 1 : 0; 1120 1121 nlh->nlmsg_len = skb->tail - b; 1122 return skb->len; 1123 1124 nlmsg_failure: 1125 skb_trim(skb, b - skb->data); 1126 return -1; 1127 } 1128 1129 static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) 1130 { 1131 struct sk_buff *skb; 1132 int hard = c ->data; 1133 1134 /* fix to do alloc using NLM macros */ 1135 skb = alloc_skb(sizeof(struct xfrm_user_expire) + 16, GFP_ATOMIC); 1136 if (skb == NULL) 1137 return -ENOMEM; 1138 1139 if (build_expire(skb, x, hard) < 0) 1140 BUG(); 1141 1142 NETLINK_CB(skb).dst_groups = XFRMGRP_EXPIRE; 1143 1144 return netlink_broadcast(xfrm_nl, skb, 0, XFRMGRP_EXPIRE, GFP_ATOMIC); 1145 } 1146 1147 static int xfrm_notify_sa_flush(struct km_event *c) 1148 { 1149 struct xfrm_usersa_flush *p; 1150 struct nlmsghdr *nlh; 1151 struct sk_buff *skb; 1152 unsigned char *b; 1153 int len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_flush)); 1154 1155 skb = alloc_skb(len, GFP_ATOMIC); 1156 if (skb == NULL) 1157 return -ENOMEM; 1158 b = skb->tail; 1159 1160 nlh = NLMSG_PUT(skb, c->pid, c->seq, 1161 XFRM_MSG_FLUSHSA, sizeof(*p)); 1162 nlh->nlmsg_flags = 0; 1163 1164 p = NLMSG_DATA(nlh); 1165 p->proto = c->data; 1166 1167 nlh->nlmsg_len = skb->tail - b; 1168 1169 return netlink_broadcast(xfrm_nl, skb, 0, XFRMGRP_SA, GFP_ATOMIC); 1170 1171 nlmsg_failure: 1172 kfree_skb(skb); 1173 return -1; 1174 } 1175 1176 static int inline xfrm_sa_len(struct xfrm_state *x) 1177 { 1178 int l = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)); 1179 if (x->aalg) 1180 l += RTA_SPACE(sizeof(*x->aalg) + (x->aalg->alg_key_len+7)/8); 1181 if (x->ealg) 1182 l += RTA_SPACE(sizeof(*x->ealg) + (x->ealg->alg_key_len+7)/8); 1183 if (x->calg) 1184 l += RTA_SPACE(sizeof(*x->calg)); 1185 if (x->encap) 1186 l += RTA_SPACE(sizeof(*x->encap)); 1187 1188 return l; 1189 } 1190 1191 static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c) 1192 { 1193 struct xfrm_usersa_info *p; 1194 struct nlmsghdr *nlh; 1195 struct sk_buff *skb; 1196 u32 nlt; 1197 unsigned char *b; 1198 int len = xfrm_sa_len(x); 1199 1200 skb = alloc_skb(len, GFP_ATOMIC); 1201 if (skb == NULL) 1202 return -ENOMEM; 1203 b = skb->tail; 1204 1205 if (c->event == XFRM_SAP_ADDED) 1206 nlt = XFRM_MSG_NEWSA; 1207 else if (c->event == XFRM_SAP_UPDATED) 1208 nlt = XFRM_MSG_UPDSA; 1209 else if (c->event == XFRM_SAP_DELETED) 1210 nlt = XFRM_MSG_DELSA; 1211 else 1212 goto nlmsg_failure; 1213 1214 nlh = NLMSG_PUT(skb, c->pid, c->seq, nlt, sizeof(*p)); 1215 nlh->nlmsg_flags = 0; 1216 1217 p = NLMSG_DATA(nlh); 1218 copy_to_user_state(x, p); 1219 1220 if (x->aalg) 1221 RTA_PUT(skb, XFRMA_ALG_AUTH, 1222 sizeof(*(x->aalg))+(x->aalg->alg_key_len+7)/8, x->aalg); 1223 if (x->ealg) 1224 RTA_PUT(skb, XFRMA_ALG_CRYPT, 1225 sizeof(*(x->ealg))+(x->ealg->alg_key_len+7)/8, x->ealg); 1226 if (x->calg) 1227 RTA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 1228 1229 if (x->encap) 1230 RTA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 1231 1232 nlh->nlmsg_len = skb->tail - b; 1233 1234 return netlink_broadcast(xfrm_nl, skb, 0, XFRMGRP_SA, GFP_ATOMIC); 1235 1236 nlmsg_failure: 1237 rtattr_failure: 1238 kfree_skb(skb); 1239 return -1; 1240 } 1241 1242 static int xfrm_send_state_notify(struct xfrm_state *x, struct km_event *c) 1243 { 1244 1245 switch (c->event) { 1246 case XFRM_SAP_EXPIRED: 1247 return xfrm_exp_state_notify(x, c); 1248 case XFRM_SAP_DELETED: 1249 case XFRM_SAP_UPDATED: 1250 case XFRM_SAP_ADDED: 1251 return xfrm_notify_sa(x, c); 1252 case XFRM_SAP_FLUSHED: 1253 return xfrm_notify_sa_flush(c); 1254 default: 1255 printk("xfrm_user: Unknown SA event %d\n", c->event); 1256 break; 1257 } 1258 1259 return 0; 1260 1261 } 1262 1263 static int build_acquire(struct sk_buff *skb, struct xfrm_state *x, 1264 struct xfrm_tmpl *xt, struct xfrm_policy *xp, 1265 int dir) 1266 { 1267 struct xfrm_user_acquire *ua; 1268 struct nlmsghdr *nlh; 1269 unsigned char *b = skb->tail; 1270 __u32 seq = xfrm_get_acqseq(); 1271 1272 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_ACQUIRE, 1273 sizeof(*ua)); 1274 ua = NLMSG_DATA(nlh); 1275 nlh->nlmsg_flags = 0; 1276 1277 memcpy(&ua->id, &x->id, sizeof(ua->id)); 1278 memcpy(&ua->saddr, &x->props.saddr, sizeof(ua->saddr)); 1279 memcpy(&ua->sel, &x->sel, sizeof(ua->sel)); 1280 copy_to_user_policy(xp, &ua->policy, dir); 1281 ua->aalgos = xt->aalgos; 1282 ua->ealgos = xt->ealgos; 1283 ua->calgos = xt->calgos; 1284 ua->seq = x->km.seq = seq; 1285 1286 if (copy_to_user_tmpl(xp, skb) < 0) 1287 goto nlmsg_failure; 1288 1289 nlh->nlmsg_len = skb->tail - b; 1290 return skb->len; 1291 1292 nlmsg_failure: 1293 skb_trim(skb, b - skb->data); 1294 return -1; 1295 } 1296 1297 static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, 1298 struct xfrm_policy *xp, int dir) 1299 { 1300 struct sk_buff *skb; 1301 size_t len; 1302 1303 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 1304 len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire)); 1305 skb = alloc_skb(len, GFP_ATOMIC); 1306 if (skb == NULL) 1307 return -ENOMEM; 1308 1309 if (build_acquire(skb, x, xt, xp, dir) < 0) 1310 BUG(); 1311 1312 NETLINK_CB(skb).dst_groups = XFRMGRP_ACQUIRE; 1313 1314 return netlink_broadcast(xfrm_nl, skb, 0, XFRMGRP_ACQUIRE, GFP_ATOMIC); 1315 } 1316 1317 /* User gives us xfrm_user_policy_info followed by an array of 0 1318 * or more templates. 1319 */ 1320 static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt, 1321 u8 *data, int len, int *dir) 1322 { 1323 struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; 1324 struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); 1325 struct xfrm_policy *xp; 1326 int nr; 1327 1328 switch (family) { 1329 case AF_INET: 1330 if (opt != IP_XFRM_POLICY) { 1331 *dir = -EOPNOTSUPP; 1332 return NULL; 1333 } 1334 break; 1335 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1336 case AF_INET6: 1337 if (opt != IPV6_XFRM_POLICY) { 1338 *dir = -EOPNOTSUPP; 1339 return NULL; 1340 } 1341 break; 1342 #endif 1343 default: 1344 *dir = -EINVAL; 1345 return NULL; 1346 } 1347 1348 *dir = -EINVAL; 1349 1350 if (len < sizeof(*p) || 1351 verify_newpolicy_info(p)) 1352 return NULL; 1353 1354 nr = ((len - sizeof(*p)) / sizeof(*ut)); 1355 if (nr > XFRM_MAX_DEPTH) 1356 return NULL; 1357 1358 xp = xfrm_policy_alloc(GFP_KERNEL); 1359 if (xp == NULL) { 1360 *dir = -ENOBUFS; 1361 return NULL; 1362 } 1363 1364 copy_from_user_policy(xp, p); 1365 copy_templates(xp, ut, nr); 1366 1367 *dir = p->dir; 1368 1369 return xp; 1370 } 1371 1372 static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, 1373 int dir, int hard) 1374 { 1375 struct xfrm_user_polexpire *upe; 1376 struct nlmsghdr *nlh; 1377 unsigned char *b = skb->tail; 1378 1379 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe)); 1380 upe = NLMSG_DATA(nlh); 1381 nlh->nlmsg_flags = 0; 1382 1383 copy_to_user_policy(xp, &upe->pol, dir); 1384 if (copy_to_user_tmpl(xp, skb) < 0) 1385 goto nlmsg_failure; 1386 upe->hard = !!hard; 1387 1388 nlh->nlmsg_len = skb->tail - b; 1389 return skb->len; 1390 1391 nlmsg_failure: 1392 skb_trim(skb, b - skb->data); 1393 return -1; 1394 } 1395 1396 static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 1397 { 1398 struct sk_buff *skb; 1399 size_t len; 1400 1401 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 1402 len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire)); 1403 skb = alloc_skb(len, GFP_ATOMIC); 1404 if (skb == NULL) 1405 return -ENOMEM; 1406 1407 if (build_polexpire(skb, xp, dir, c->data) < 0) 1408 BUG(); 1409 1410 NETLINK_CB(skb).dst_groups = XFRMGRP_EXPIRE; 1411 1412 return netlink_broadcast(xfrm_nl, skb, 0, XFRMGRP_EXPIRE, GFP_ATOMIC); 1413 } 1414 1415 static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) 1416 { 1417 struct xfrm_userpolicy_info *p; 1418 struct nlmsghdr *nlh; 1419 struct sk_buff *skb; 1420 u32 nlt = 0 ; 1421 unsigned char *b; 1422 int len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 1423 len += NLMSG_SPACE(sizeof(struct xfrm_userpolicy_info)); 1424 1425 skb = alloc_skb(len, GFP_ATOMIC); 1426 if (skb == NULL) 1427 return -ENOMEM; 1428 b = skb->tail; 1429 1430 if (c->event == XFRM_SAP_ADDED) 1431 nlt = XFRM_MSG_NEWPOLICY; 1432 else if (c->event == XFRM_SAP_UPDATED) 1433 nlt = XFRM_MSG_UPDPOLICY; 1434 else if (c->event == XFRM_SAP_DELETED) 1435 nlt = XFRM_MSG_DELPOLICY; 1436 else 1437 goto nlmsg_failure; 1438 1439 nlh = NLMSG_PUT(skb, c->pid, c->seq, nlt, sizeof(*p)); 1440 1441 p = NLMSG_DATA(nlh); 1442 1443 nlh->nlmsg_flags = 0; 1444 1445 copy_to_user_policy(xp, p, dir); 1446 if (copy_to_user_tmpl(xp, skb) < 0) 1447 goto nlmsg_failure; 1448 1449 nlh->nlmsg_len = skb->tail - b; 1450 1451 return netlink_broadcast(xfrm_nl, skb, 0, XFRMGRP_POLICY, GFP_ATOMIC); 1452 1453 nlmsg_failure: 1454 kfree_skb(skb); 1455 return -1; 1456 } 1457 1458 static int xfrm_notify_policy_flush(struct km_event *c) 1459 { 1460 struct nlmsghdr *nlh; 1461 struct sk_buff *skb; 1462 unsigned char *b; 1463 int len = NLMSG_LENGTH(0); 1464 1465 skb = alloc_skb(len, GFP_ATOMIC); 1466 if (skb == NULL) 1467 return -ENOMEM; 1468 b = skb->tail; 1469 1470 1471 nlh = NLMSG_PUT(skb, c->pid, c->seq, XFRM_MSG_FLUSHPOLICY, 0); 1472 1473 nlh->nlmsg_len = skb->tail - b; 1474 1475 return netlink_broadcast(xfrm_nl, skb, 0, XFRMGRP_POLICY, GFP_ATOMIC); 1476 1477 nlmsg_failure: 1478 kfree_skb(skb); 1479 return -1; 1480 } 1481 1482 static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 1483 { 1484 1485 switch (c->event) { 1486 case XFRM_SAP_ADDED: 1487 case XFRM_SAP_UPDATED: 1488 case XFRM_SAP_DELETED: 1489 return xfrm_notify_policy(xp, dir, c); 1490 case XFRM_SAP_FLUSHED: 1491 return xfrm_notify_policy_flush(c); 1492 case XFRM_SAP_EXPIRED: 1493 return xfrm_exp_policy_notify(xp, dir, c); 1494 default: 1495 printk("xfrm_user: Unknown Policy event %d\n", c->event); 1496 } 1497 1498 return 0; 1499 1500 } 1501 1502 static struct xfrm_mgr netlink_mgr = { 1503 .id = "netlink", 1504 .notify = xfrm_send_state_notify, 1505 .acquire = xfrm_send_acquire, 1506 .compile_policy = xfrm_compile_policy, 1507 .notify_policy = xfrm_send_policy_notify, 1508 }; 1509 1510 static int __init xfrm_user_init(void) 1511 { 1512 printk(KERN_INFO "Initializing IPsec netlink socket\n"); 1513 1514 xfrm_nl = netlink_kernel_create(NETLINK_XFRM, xfrm_netlink_rcv); 1515 if (xfrm_nl == NULL) 1516 return -ENOMEM; 1517 1518 xfrm_register_km(&netlink_mgr); 1519 1520 return 0; 1521 } 1522 1523 static void __exit xfrm_user_exit(void) 1524 { 1525 xfrm_unregister_km(&netlink_mgr); 1526 sock_release(xfrm_nl->sk_socket); 1527 } 1528 1529 module_init(xfrm_user_init); 1530 module_exit(xfrm_user_exit); 1531 MODULE_LICENSE("GPL"); 1532