1 /* xfrm_user.c: User interface to configure xfrm engine. 2 * 3 * Copyright (C) 2002 David S. Miller (davem@redhat.com) 4 * 5 * Changes: 6 * Mitsuru KANDA @USAGI 7 * Kazunori MIYAZAWA @USAGI 8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 9 * IPv6 support 10 * 11 */ 12 13 #include <linux/crypto.h> 14 #include <linux/module.h> 15 #include <linux/kernel.h> 16 #include <linux/types.h> 17 #include <linux/slab.h> 18 #include <linux/socket.h> 19 #include <linux/string.h> 20 #include <linux/net.h> 21 #include <linux/skbuff.h> 22 #include <linux/rtnetlink.h> 23 #include <linux/pfkeyv2.h> 24 #include <linux/ipsec.h> 25 #include <linux/init.h> 26 #include <linux/security.h> 27 #include <net/sock.h> 28 #include <net/xfrm.h> 29 #include <net/netlink.h> 30 #include <asm/uaccess.h> 31 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 32 #include <linux/in6.h> 33 #endif 34 #include <linux/audit.h> 35 36 static int verify_one_alg(struct rtattr **xfrma, enum xfrm_attr_type_t type) 37 { 38 struct rtattr *rt = xfrma[type - 1]; 39 struct xfrm_algo *algp; 40 int len; 41 42 if (!rt) 43 return 0; 44 45 len = (rt->rta_len - sizeof(*rt)) - sizeof(*algp); 46 if (len < 0) 47 return -EINVAL; 48 49 algp = RTA_DATA(rt); 50 51 len -= (algp->alg_key_len + 7U) / 8; 52 if (len < 0) 53 return -EINVAL; 54 55 switch (type) { 56 case XFRMA_ALG_AUTH: 57 if (!algp->alg_key_len && 58 strcmp(algp->alg_name, "digest_null") != 0) 59 return -EINVAL; 60 break; 61 62 case XFRMA_ALG_CRYPT: 63 if (!algp->alg_key_len && 64 strcmp(algp->alg_name, "cipher_null") != 0) 65 return -EINVAL; 66 break; 67 68 case XFRMA_ALG_COMP: 69 /* Zero length keys are legal. */ 70 break; 71 72 default: 73 return -EINVAL; 74 } 75 76 algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0'; 77 return 0; 78 } 79 80 static int verify_encap_tmpl(struct rtattr **xfrma) 81 { 82 struct rtattr *rt = xfrma[XFRMA_ENCAP - 1]; 83 struct xfrm_encap_tmpl *encap; 84 85 if (!rt) 86 return 0; 87 88 if ((rt->rta_len - sizeof(*rt)) < sizeof(*encap)) 89 return -EINVAL; 90 91 return 0; 92 } 93 94 static int verify_one_addr(struct rtattr **xfrma, enum xfrm_attr_type_t type, 95 xfrm_address_t **addrp) 96 { 97 struct rtattr *rt = xfrma[type - 1]; 98 99 if (!rt) 100 return 0; 101 102 if ((rt->rta_len - sizeof(*rt)) < sizeof(**addrp)) 103 return -EINVAL; 104 105 if (addrp) 106 *addrp = RTA_DATA(rt); 107 108 return 0; 109 } 110 111 static inline int verify_sec_ctx_len(struct rtattr **xfrma) 112 { 113 struct rtattr *rt = xfrma[XFRMA_SEC_CTX - 1]; 114 struct xfrm_user_sec_ctx *uctx; 115 int len = 0; 116 117 if (!rt) 118 return 0; 119 120 if (rt->rta_len < sizeof(*uctx)) 121 return -EINVAL; 122 123 uctx = RTA_DATA(rt); 124 125 len += sizeof(struct xfrm_user_sec_ctx); 126 len += uctx->ctx_len; 127 128 if (uctx->len != len) 129 return -EINVAL; 130 131 return 0; 132 } 133 134 135 static int verify_newsa_info(struct xfrm_usersa_info *p, 136 struct rtattr **xfrma) 137 { 138 int err; 139 140 err = -EINVAL; 141 switch (p->family) { 142 case AF_INET: 143 break; 144 145 case AF_INET6: 146 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 147 break; 148 #else 149 err = -EAFNOSUPPORT; 150 goto out; 151 #endif 152 153 default: 154 goto out; 155 } 156 157 err = -EINVAL; 158 switch (p->id.proto) { 159 case IPPROTO_AH: 160 if (!xfrma[XFRMA_ALG_AUTH-1] || 161 xfrma[XFRMA_ALG_CRYPT-1] || 162 xfrma[XFRMA_ALG_COMP-1]) 163 goto out; 164 break; 165 166 case IPPROTO_ESP: 167 if ((!xfrma[XFRMA_ALG_AUTH-1] && 168 !xfrma[XFRMA_ALG_CRYPT-1]) || 169 xfrma[XFRMA_ALG_COMP-1]) 170 goto out; 171 break; 172 173 case IPPROTO_COMP: 174 if (!xfrma[XFRMA_ALG_COMP-1] || 175 xfrma[XFRMA_ALG_AUTH-1] || 176 xfrma[XFRMA_ALG_CRYPT-1]) 177 goto out; 178 break; 179 180 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 181 case IPPROTO_DSTOPTS: 182 case IPPROTO_ROUTING: 183 if (xfrma[XFRMA_ALG_COMP-1] || 184 xfrma[XFRMA_ALG_AUTH-1] || 185 xfrma[XFRMA_ALG_CRYPT-1] || 186 xfrma[XFRMA_ENCAP-1] || 187 xfrma[XFRMA_SEC_CTX-1] || 188 !xfrma[XFRMA_COADDR-1]) 189 goto out; 190 break; 191 #endif 192 193 default: 194 goto out; 195 } 196 197 if ((err = verify_one_alg(xfrma, XFRMA_ALG_AUTH))) 198 goto out; 199 if ((err = verify_one_alg(xfrma, XFRMA_ALG_CRYPT))) 200 goto out; 201 if ((err = verify_one_alg(xfrma, XFRMA_ALG_COMP))) 202 goto out; 203 if ((err = verify_encap_tmpl(xfrma))) 204 goto out; 205 if ((err = verify_sec_ctx_len(xfrma))) 206 goto out; 207 if ((err = verify_one_addr(xfrma, XFRMA_COADDR, NULL))) 208 goto out; 209 210 err = -EINVAL; 211 switch (p->mode) { 212 case XFRM_MODE_TRANSPORT: 213 case XFRM_MODE_TUNNEL: 214 case XFRM_MODE_ROUTEOPTIMIZATION: 215 case XFRM_MODE_BEET: 216 break; 217 218 default: 219 goto out; 220 } 221 222 err = 0; 223 224 out: 225 return err; 226 } 227 228 static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, 229 struct xfrm_algo_desc *(*get_byname)(char *, int), 230 struct rtattr *u_arg) 231 { 232 struct rtattr *rta = u_arg; 233 struct xfrm_algo *p, *ualg; 234 struct xfrm_algo_desc *algo; 235 int len; 236 237 if (!rta) 238 return 0; 239 240 ualg = RTA_DATA(rta); 241 242 algo = get_byname(ualg->alg_name, 1); 243 if (!algo) 244 return -ENOSYS; 245 *props = algo->desc.sadb_alg_id; 246 247 len = sizeof(*ualg) + (ualg->alg_key_len + 7U) / 8; 248 p = kmemdup(ualg, len, GFP_KERNEL); 249 if (!p) 250 return -ENOMEM; 251 252 strcpy(p->alg_name, algo->name); 253 *algpp = p; 254 return 0; 255 } 256 257 static int attach_encap_tmpl(struct xfrm_encap_tmpl **encapp, struct rtattr *u_arg) 258 { 259 struct rtattr *rta = u_arg; 260 struct xfrm_encap_tmpl *p, *uencap; 261 262 if (!rta) 263 return 0; 264 265 uencap = RTA_DATA(rta); 266 p = kmemdup(uencap, sizeof(*p), GFP_KERNEL); 267 if (!p) 268 return -ENOMEM; 269 270 *encapp = p; 271 return 0; 272 } 273 274 275 static inline int xfrm_user_sec_ctx_size(struct xfrm_sec_ctx *xfrm_ctx) 276 { 277 int len = 0; 278 279 if (xfrm_ctx) { 280 len += sizeof(struct xfrm_user_sec_ctx); 281 len += xfrm_ctx->ctx_len; 282 } 283 return len; 284 } 285 286 static int attach_sec_ctx(struct xfrm_state *x, struct rtattr *u_arg) 287 { 288 struct xfrm_user_sec_ctx *uctx; 289 290 if (!u_arg) 291 return 0; 292 293 uctx = RTA_DATA(u_arg); 294 return security_xfrm_state_alloc(x, uctx); 295 } 296 297 static int attach_one_addr(xfrm_address_t **addrpp, struct rtattr *u_arg) 298 { 299 struct rtattr *rta = u_arg; 300 xfrm_address_t *p, *uaddrp; 301 302 if (!rta) 303 return 0; 304 305 uaddrp = RTA_DATA(rta); 306 p = kmemdup(uaddrp, sizeof(*p), GFP_KERNEL); 307 if (!p) 308 return -ENOMEM; 309 310 *addrpp = p; 311 return 0; 312 } 313 314 static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 315 { 316 memcpy(&x->id, &p->id, sizeof(x->id)); 317 memcpy(&x->sel, &p->sel, sizeof(x->sel)); 318 memcpy(&x->lft, &p->lft, sizeof(x->lft)); 319 x->props.mode = p->mode; 320 x->props.replay_window = p->replay_window; 321 x->props.reqid = p->reqid; 322 x->props.family = p->family; 323 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr)); 324 x->props.flags = p->flags; 325 } 326 327 /* 328 * someday when pfkey also has support, we could have the code 329 * somehow made shareable and move it to xfrm_state.c - JHS 330 * 331 */ 332 static int xfrm_update_ae_params(struct xfrm_state *x, struct rtattr **xfrma) 333 { 334 int err = - EINVAL; 335 struct rtattr *rp = xfrma[XFRMA_REPLAY_VAL-1]; 336 struct rtattr *lt = xfrma[XFRMA_LTIME_VAL-1]; 337 struct rtattr *et = xfrma[XFRMA_ETIMER_THRESH-1]; 338 struct rtattr *rt = xfrma[XFRMA_REPLAY_THRESH-1]; 339 340 if (rp) { 341 struct xfrm_replay_state *replay; 342 if (RTA_PAYLOAD(rp) < sizeof(*replay)) 343 goto error; 344 replay = RTA_DATA(rp); 345 memcpy(&x->replay, replay, sizeof(*replay)); 346 memcpy(&x->preplay, replay, sizeof(*replay)); 347 } 348 349 if (lt) { 350 struct xfrm_lifetime_cur *ltime; 351 if (RTA_PAYLOAD(lt) < sizeof(*ltime)) 352 goto error; 353 ltime = RTA_DATA(lt); 354 x->curlft.bytes = ltime->bytes; 355 x->curlft.packets = ltime->packets; 356 x->curlft.add_time = ltime->add_time; 357 x->curlft.use_time = ltime->use_time; 358 } 359 360 if (et) { 361 if (RTA_PAYLOAD(et) < sizeof(u32)) 362 goto error; 363 x->replay_maxage = *(u32*)RTA_DATA(et); 364 } 365 366 if (rt) { 367 if (RTA_PAYLOAD(rt) < sizeof(u32)) 368 goto error; 369 x->replay_maxdiff = *(u32*)RTA_DATA(rt); 370 } 371 372 return 0; 373 error: 374 return err; 375 } 376 377 static struct xfrm_state *xfrm_state_construct(struct xfrm_usersa_info *p, 378 struct rtattr **xfrma, 379 int *errp) 380 { 381 struct xfrm_state *x = xfrm_state_alloc(); 382 int err = -ENOMEM; 383 384 if (!x) 385 goto error_no_put; 386 387 copy_from_user_state(x, p); 388 389 if ((err = attach_one_algo(&x->aalg, &x->props.aalgo, 390 xfrm_aalg_get_byname, 391 xfrma[XFRMA_ALG_AUTH-1]))) 392 goto error; 393 if ((err = attach_one_algo(&x->ealg, &x->props.ealgo, 394 xfrm_ealg_get_byname, 395 xfrma[XFRMA_ALG_CRYPT-1]))) 396 goto error; 397 if ((err = attach_one_algo(&x->calg, &x->props.calgo, 398 xfrm_calg_get_byname, 399 xfrma[XFRMA_ALG_COMP-1]))) 400 goto error; 401 if ((err = attach_encap_tmpl(&x->encap, xfrma[XFRMA_ENCAP-1]))) 402 goto error; 403 if ((err = attach_one_addr(&x->coaddr, xfrma[XFRMA_COADDR-1]))) 404 goto error; 405 err = xfrm_init_state(x); 406 if (err) 407 goto error; 408 409 if ((err = attach_sec_ctx(x, xfrma[XFRMA_SEC_CTX-1]))) 410 goto error; 411 412 x->km.seq = p->seq; 413 x->replay_maxdiff = sysctl_xfrm_aevent_rseqth; 414 /* sysctl_xfrm_aevent_etime is in 100ms units */ 415 x->replay_maxage = (sysctl_xfrm_aevent_etime*HZ)/XFRM_AE_ETH_M; 416 x->preplay.bitmap = 0; 417 x->preplay.seq = x->replay.seq+x->replay_maxdiff; 418 x->preplay.oseq = x->replay.oseq +x->replay_maxdiff; 419 420 /* override default values from above */ 421 422 err = xfrm_update_ae_params(x, (struct rtattr **)xfrma); 423 if (err < 0) 424 goto error; 425 426 return x; 427 428 error: 429 x->km.state = XFRM_STATE_DEAD; 430 xfrm_state_put(x); 431 error_no_put: 432 *errp = err; 433 return NULL; 434 } 435 436 static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 437 struct rtattr **xfrma) 438 { 439 struct xfrm_usersa_info *p = NLMSG_DATA(nlh); 440 struct xfrm_state *x; 441 int err; 442 struct km_event c; 443 444 err = verify_newsa_info(p, xfrma); 445 if (err) 446 return err; 447 448 x = xfrm_state_construct(p, xfrma, &err); 449 if (!x) 450 return err; 451 452 xfrm_state_hold(x); 453 if (nlh->nlmsg_type == XFRM_MSG_NEWSA) 454 err = xfrm_state_add(x); 455 else 456 err = xfrm_state_update(x); 457 458 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 459 AUDIT_MAC_IPSEC_ADDSA, err ? 0 : 1, NULL, x); 460 461 if (err < 0) { 462 x->km.state = XFRM_STATE_DEAD; 463 __xfrm_state_put(x); 464 goto out; 465 } 466 467 c.seq = nlh->nlmsg_seq; 468 c.pid = nlh->nlmsg_pid; 469 c.event = nlh->nlmsg_type; 470 471 km_state_notify(x, &c); 472 out: 473 xfrm_state_put(x); 474 return err; 475 } 476 477 static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, 478 struct rtattr **xfrma, 479 int *errp) 480 { 481 struct xfrm_state *x = NULL; 482 int err; 483 484 if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { 485 err = -ESRCH; 486 x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family); 487 } else { 488 xfrm_address_t *saddr = NULL; 489 490 err = verify_one_addr(xfrma, XFRMA_SRCADDR, &saddr); 491 if (err) 492 goto out; 493 494 if (!saddr) { 495 err = -EINVAL; 496 goto out; 497 } 498 499 err = -ESRCH; 500 x = xfrm_state_lookup_byaddr(&p->daddr, saddr, p->proto, 501 p->family); 502 } 503 504 out: 505 if (!x && errp) 506 *errp = err; 507 return x; 508 } 509 510 static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 511 struct rtattr **xfrma) 512 { 513 struct xfrm_state *x; 514 int err = -ESRCH; 515 struct km_event c; 516 struct xfrm_usersa_id *p = NLMSG_DATA(nlh); 517 518 x = xfrm_user_state_lookup(p, xfrma, &err); 519 if (x == NULL) 520 return err; 521 522 if ((err = security_xfrm_state_delete(x)) != 0) 523 goto out; 524 525 if (xfrm_state_kern(x)) { 526 err = -EPERM; 527 goto out; 528 } 529 530 err = xfrm_state_delete(x); 531 532 if (err < 0) 533 goto out; 534 535 c.seq = nlh->nlmsg_seq; 536 c.pid = nlh->nlmsg_pid; 537 c.event = nlh->nlmsg_type; 538 km_state_notify(x, &c); 539 540 out: 541 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 542 AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x); 543 xfrm_state_put(x); 544 return err; 545 } 546 547 static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 548 { 549 memcpy(&p->id, &x->id, sizeof(p->id)); 550 memcpy(&p->sel, &x->sel, sizeof(p->sel)); 551 memcpy(&p->lft, &x->lft, sizeof(p->lft)); 552 memcpy(&p->curlft, &x->curlft, sizeof(p->curlft)); 553 memcpy(&p->stats, &x->stats, sizeof(p->stats)); 554 memcpy(&p->saddr, &x->props.saddr, sizeof(p->saddr)); 555 p->mode = x->props.mode; 556 p->replay_window = x->props.replay_window; 557 p->reqid = x->props.reqid; 558 p->family = x->props.family; 559 p->flags = x->props.flags; 560 p->seq = x->km.seq; 561 } 562 563 struct xfrm_dump_info { 564 struct sk_buff *in_skb; 565 struct sk_buff *out_skb; 566 u32 nlmsg_seq; 567 u16 nlmsg_flags; 568 int start_idx; 569 int this_idx; 570 }; 571 572 static int dump_one_state(struct xfrm_state *x, int count, void *ptr) 573 { 574 struct xfrm_dump_info *sp = ptr; 575 struct sk_buff *in_skb = sp->in_skb; 576 struct sk_buff *skb = sp->out_skb; 577 struct xfrm_usersa_info *p; 578 struct nlmsghdr *nlh; 579 unsigned char *b = skb_tail_pointer(skb); 580 581 if (sp->this_idx < sp->start_idx) 582 goto out; 583 584 nlh = NLMSG_PUT(skb, NETLINK_CB(in_skb).pid, 585 sp->nlmsg_seq, 586 XFRM_MSG_NEWSA, sizeof(*p)); 587 nlh->nlmsg_flags = sp->nlmsg_flags; 588 589 p = NLMSG_DATA(nlh); 590 copy_to_user_state(x, p); 591 592 if (x->aalg) 593 RTA_PUT(skb, XFRMA_ALG_AUTH, 594 sizeof(*(x->aalg))+(x->aalg->alg_key_len+7)/8, x->aalg); 595 if (x->ealg) 596 RTA_PUT(skb, XFRMA_ALG_CRYPT, 597 sizeof(*(x->ealg))+(x->ealg->alg_key_len+7)/8, x->ealg); 598 if (x->calg) 599 RTA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 600 601 if (x->encap) 602 RTA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 603 604 if (x->security) { 605 int ctx_size = sizeof(struct xfrm_sec_ctx) + 606 x->security->ctx_len; 607 struct rtattr *rt = __RTA_PUT(skb, XFRMA_SEC_CTX, ctx_size); 608 struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt); 609 610 uctx->exttype = XFRMA_SEC_CTX; 611 uctx->len = ctx_size; 612 uctx->ctx_doi = x->security->ctx_doi; 613 uctx->ctx_alg = x->security->ctx_alg; 614 uctx->ctx_len = x->security->ctx_len; 615 memcpy(uctx + 1, x->security->ctx_str, x->security->ctx_len); 616 } 617 618 if (x->coaddr) 619 RTA_PUT(skb, XFRMA_COADDR, sizeof(*x->coaddr), x->coaddr); 620 621 if (x->lastused) 622 RTA_PUT(skb, XFRMA_LASTUSED, sizeof(x->lastused), &x->lastused); 623 624 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 625 out: 626 sp->this_idx++; 627 return 0; 628 629 nlmsg_failure: 630 rtattr_failure: 631 nlmsg_trim(skb, b); 632 return -1; 633 } 634 635 static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) 636 { 637 struct xfrm_dump_info info; 638 639 info.in_skb = cb->skb; 640 info.out_skb = skb; 641 info.nlmsg_seq = cb->nlh->nlmsg_seq; 642 info.nlmsg_flags = NLM_F_MULTI; 643 info.this_idx = 0; 644 info.start_idx = cb->args[0]; 645 (void) xfrm_state_walk(0, dump_one_state, &info); 646 cb->args[0] = info.this_idx; 647 648 return skb->len; 649 } 650 651 static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, 652 struct xfrm_state *x, u32 seq) 653 { 654 struct xfrm_dump_info info; 655 struct sk_buff *skb; 656 657 skb = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC); 658 if (!skb) 659 return ERR_PTR(-ENOMEM); 660 661 info.in_skb = in_skb; 662 info.out_skb = skb; 663 info.nlmsg_seq = seq; 664 info.nlmsg_flags = 0; 665 info.this_idx = info.start_idx = 0; 666 667 if (dump_one_state(x, 0, &info)) { 668 kfree_skb(skb); 669 return NULL; 670 } 671 672 return skb; 673 } 674 675 static int build_spdinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags) 676 { 677 struct xfrmk_spdinfo si; 678 struct xfrmu_spdinfo spc; 679 struct xfrmu_spdhinfo sph; 680 struct nlmsghdr *nlh; 681 u32 *f; 682 683 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0); 684 if (nlh == NULL) /* shouldnt really happen ... */ 685 return -EMSGSIZE; 686 687 f = nlmsg_data(nlh); 688 *f = flags; 689 xfrm_spd_getinfo(&si); 690 spc.incnt = si.incnt; 691 spc.outcnt = si.outcnt; 692 spc.fwdcnt = si.fwdcnt; 693 spc.inscnt = si.inscnt; 694 spc.outscnt = si.outscnt; 695 spc.fwdscnt = si.fwdscnt; 696 sph.spdhcnt = si.spdhcnt; 697 sph.spdhmcnt = si.spdhmcnt; 698 699 NLA_PUT(skb, XFRMA_SPD_INFO, sizeof(spc), &spc); 700 NLA_PUT(skb, XFRMA_SPD_HINFO, sizeof(sph), &sph); 701 702 return nlmsg_end(skb, nlh); 703 704 nla_put_failure: 705 nlmsg_cancel(skb, nlh); 706 return -EMSGSIZE; 707 } 708 709 static int xfrm_get_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 710 struct rtattr **xfrma) 711 { 712 struct sk_buff *r_skb; 713 u32 *flags = NLMSG_DATA(nlh); 714 u32 spid = NETLINK_CB(skb).pid; 715 u32 seq = nlh->nlmsg_seq; 716 int len = NLMSG_LENGTH(sizeof(u32)); 717 718 len += RTA_SPACE(sizeof(struct xfrmu_spdinfo)); 719 len += RTA_SPACE(sizeof(struct xfrmu_spdhinfo)); 720 721 r_skb = alloc_skb(len, GFP_ATOMIC); 722 if (r_skb == NULL) 723 return -ENOMEM; 724 725 if (build_spdinfo(r_skb, spid, seq, *flags) < 0) 726 BUG(); 727 728 return nlmsg_unicast(xfrm_nl, r_skb, spid); 729 } 730 731 static int build_sadinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags) 732 { 733 struct xfrmk_sadinfo si; 734 struct xfrmu_sadhinfo sh; 735 struct nlmsghdr *nlh; 736 u32 *f; 737 738 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSADINFO, sizeof(u32), 0); 739 if (nlh == NULL) /* shouldnt really happen ... */ 740 return -EMSGSIZE; 741 742 f = nlmsg_data(nlh); 743 *f = flags; 744 xfrm_sad_getinfo(&si); 745 746 sh.sadhmcnt = si.sadhmcnt; 747 sh.sadhcnt = si.sadhcnt; 748 749 NLA_PUT_U32(skb, XFRMA_SAD_CNT, si.sadcnt); 750 NLA_PUT(skb, XFRMA_SAD_HINFO, sizeof(sh), &sh); 751 752 return nlmsg_end(skb, nlh); 753 754 nla_put_failure: 755 nlmsg_cancel(skb, nlh); 756 return -EMSGSIZE; 757 } 758 759 static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 760 struct rtattr **xfrma) 761 { 762 struct sk_buff *r_skb; 763 u32 *flags = NLMSG_DATA(nlh); 764 u32 spid = NETLINK_CB(skb).pid; 765 u32 seq = nlh->nlmsg_seq; 766 int len = NLMSG_LENGTH(sizeof(u32)); 767 768 len += RTA_SPACE(sizeof(struct xfrmu_sadhinfo)); 769 len += RTA_SPACE(sizeof(u32)); 770 771 r_skb = alloc_skb(len, GFP_ATOMIC); 772 773 if (r_skb == NULL) 774 return -ENOMEM; 775 776 if (build_sadinfo(r_skb, spid, seq, *flags) < 0) 777 BUG(); 778 779 return nlmsg_unicast(xfrm_nl, r_skb, spid); 780 } 781 782 static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 783 struct rtattr **xfrma) 784 { 785 struct xfrm_usersa_id *p = NLMSG_DATA(nlh); 786 struct xfrm_state *x; 787 struct sk_buff *resp_skb; 788 int err = -ESRCH; 789 790 x = xfrm_user_state_lookup(p, xfrma, &err); 791 if (x == NULL) 792 goto out_noput; 793 794 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 795 if (IS_ERR(resp_skb)) { 796 err = PTR_ERR(resp_skb); 797 } else { 798 err = netlink_unicast(xfrm_nl, resp_skb, 799 NETLINK_CB(skb).pid, MSG_DONTWAIT); 800 } 801 xfrm_state_put(x); 802 out_noput: 803 return err; 804 } 805 806 static int verify_userspi_info(struct xfrm_userspi_info *p) 807 { 808 switch (p->info.id.proto) { 809 case IPPROTO_AH: 810 case IPPROTO_ESP: 811 break; 812 813 case IPPROTO_COMP: 814 /* IPCOMP spi is 16-bits. */ 815 if (p->max >= 0x10000) 816 return -EINVAL; 817 break; 818 819 default: 820 return -EINVAL; 821 } 822 823 if (p->min > p->max) 824 return -EINVAL; 825 826 return 0; 827 } 828 829 static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, 830 struct rtattr **xfrma) 831 { 832 struct xfrm_state *x; 833 struct xfrm_userspi_info *p; 834 struct sk_buff *resp_skb; 835 xfrm_address_t *daddr; 836 int family; 837 int err; 838 839 p = NLMSG_DATA(nlh); 840 err = verify_userspi_info(p); 841 if (err) 842 goto out_noput; 843 844 family = p->info.family; 845 daddr = &p->info.id.daddr; 846 847 x = NULL; 848 if (p->info.seq) { 849 x = xfrm_find_acq_byseq(p->info.seq); 850 if (x && xfrm_addr_cmp(&x->id.daddr, daddr, family)) { 851 xfrm_state_put(x); 852 x = NULL; 853 } 854 } 855 856 if (!x) 857 x = xfrm_find_acq(p->info.mode, p->info.reqid, 858 p->info.id.proto, daddr, 859 &p->info.saddr, 1, 860 family); 861 err = -ENOENT; 862 if (x == NULL) 863 goto out_noput; 864 865 resp_skb = ERR_PTR(-ENOENT); 866 867 spin_lock_bh(&x->lock); 868 if (x->km.state != XFRM_STATE_DEAD) { 869 xfrm_alloc_spi(x, htonl(p->min), htonl(p->max)); 870 if (x->id.spi) 871 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 872 } 873 spin_unlock_bh(&x->lock); 874 875 if (IS_ERR(resp_skb)) { 876 err = PTR_ERR(resp_skb); 877 goto out; 878 } 879 880 err = netlink_unicast(xfrm_nl, resp_skb, 881 NETLINK_CB(skb).pid, MSG_DONTWAIT); 882 883 out: 884 xfrm_state_put(x); 885 out_noput: 886 return err; 887 } 888 889 static int verify_policy_dir(u8 dir) 890 { 891 switch (dir) { 892 case XFRM_POLICY_IN: 893 case XFRM_POLICY_OUT: 894 case XFRM_POLICY_FWD: 895 break; 896 897 default: 898 return -EINVAL; 899 } 900 901 return 0; 902 } 903 904 static int verify_policy_type(u8 type) 905 { 906 switch (type) { 907 case XFRM_POLICY_TYPE_MAIN: 908 #ifdef CONFIG_XFRM_SUB_POLICY 909 case XFRM_POLICY_TYPE_SUB: 910 #endif 911 break; 912 913 default: 914 return -EINVAL; 915 } 916 917 return 0; 918 } 919 920 static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) 921 { 922 switch (p->share) { 923 case XFRM_SHARE_ANY: 924 case XFRM_SHARE_SESSION: 925 case XFRM_SHARE_USER: 926 case XFRM_SHARE_UNIQUE: 927 break; 928 929 default: 930 return -EINVAL; 931 } 932 933 switch (p->action) { 934 case XFRM_POLICY_ALLOW: 935 case XFRM_POLICY_BLOCK: 936 break; 937 938 default: 939 return -EINVAL; 940 } 941 942 switch (p->sel.family) { 943 case AF_INET: 944 break; 945 946 case AF_INET6: 947 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 948 break; 949 #else 950 return -EAFNOSUPPORT; 951 #endif 952 953 default: 954 return -EINVAL; 955 } 956 957 return verify_policy_dir(p->dir); 958 } 959 960 static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct rtattr **xfrma) 961 { 962 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 963 struct xfrm_user_sec_ctx *uctx; 964 965 if (!rt) 966 return 0; 967 968 uctx = RTA_DATA(rt); 969 return security_xfrm_policy_alloc(pol, uctx); 970 } 971 972 static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, 973 int nr) 974 { 975 int i; 976 977 xp->xfrm_nr = nr; 978 for (i = 0; i < nr; i++, ut++) { 979 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 980 981 memcpy(&t->id, &ut->id, sizeof(struct xfrm_id)); 982 memcpy(&t->saddr, &ut->saddr, 983 sizeof(xfrm_address_t)); 984 t->reqid = ut->reqid; 985 t->mode = ut->mode; 986 t->share = ut->share; 987 t->optional = ut->optional; 988 t->aalgos = ut->aalgos; 989 t->ealgos = ut->ealgos; 990 t->calgos = ut->calgos; 991 t->encap_family = ut->family; 992 } 993 } 994 995 static int validate_tmpl(int nr, struct xfrm_user_tmpl *ut, u16 family) 996 { 997 int i; 998 999 if (nr > XFRM_MAX_DEPTH) 1000 return -EINVAL; 1001 1002 for (i = 0; i < nr; i++) { 1003 /* We never validated the ut->family value, so many 1004 * applications simply leave it at zero. The check was 1005 * never made and ut->family was ignored because all 1006 * templates could be assumed to have the same family as 1007 * the policy itself. Now that we will have ipv4-in-ipv6 1008 * and ipv6-in-ipv4 tunnels, this is no longer true. 1009 */ 1010 if (!ut[i].family) 1011 ut[i].family = family; 1012 1013 switch (ut[i].family) { 1014 case AF_INET: 1015 break; 1016 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1017 case AF_INET6: 1018 break; 1019 #endif 1020 default: 1021 return -EINVAL; 1022 } 1023 } 1024 1025 return 0; 1026 } 1027 1028 static int copy_from_user_tmpl(struct xfrm_policy *pol, struct rtattr **xfrma) 1029 { 1030 struct rtattr *rt = xfrma[XFRMA_TMPL-1]; 1031 1032 if (!rt) { 1033 pol->xfrm_nr = 0; 1034 } else { 1035 struct xfrm_user_tmpl *utmpl = RTA_DATA(rt); 1036 int nr = (rt->rta_len - sizeof(*rt)) / sizeof(*utmpl); 1037 int err; 1038 1039 err = validate_tmpl(nr, utmpl, pol->family); 1040 if (err) 1041 return err; 1042 1043 copy_templates(pol, RTA_DATA(rt), nr); 1044 } 1045 return 0; 1046 } 1047 1048 static int copy_from_user_policy_type(u8 *tp, struct rtattr **xfrma) 1049 { 1050 struct rtattr *rt = xfrma[XFRMA_POLICY_TYPE-1]; 1051 struct xfrm_userpolicy_type *upt; 1052 u8 type = XFRM_POLICY_TYPE_MAIN; 1053 int err; 1054 1055 if (rt) { 1056 if (rt->rta_len < sizeof(*upt)) 1057 return -EINVAL; 1058 1059 upt = RTA_DATA(rt); 1060 type = upt->type; 1061 } 1062 1063 err = verify_policy_type(type); 1064 if (err) 1065 return err; 1066 1067 *tp = type; 1068 return 0; 1069 } 1070 1071 static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p) 1072 { 1073 xp->priority = p->priority; 1074 xp->index = p->index; 1075 memcpy(&xp->selector, &p->sel, sizeof(xp->selector)); 1076 memcpy(&xp->lft, &p->lft, sizeof(xp->lft)); 1077 xp->action = p->action; 1078 xp->flags = p->flags; 1079 xp->family = p->sel.family; 1080 /* XXX xp->share = p->share; */ 1081 } 1082 1083 static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) 1084 { 1085 memcpy(&p->sel, &xp->selector, sizeof(p->sel)); 1086 memcpy(&p->lft, &xp->lft, sizeof(p->lft)); 1087 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); 1088 p->priority = xp->priority; 1089 p->index = xp->index; 1090 p->sel.family = xp->family; 1091 p->dir = dir; 1092 p->action = xp->action; 1093 p->flags = xp->flags; 1094 p->share = XFRM_SHARE_ANY; /* XXX xp->share */ 1095 } 1096 1097 static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, struct rtattr **xfrma, int *errp) 1098 { 1099 struct xfrm_policy *xp = xfrm_policy_alloc(GFP_KERNEL); 1100 int err; 1101 1102 if (!xp) { 1103 *errp = -ENOMEM; 1104 return NULL; 1105 } 1106 1107 copy_from_user_policy(xp, p); 1108 1109 err = copy_from_user_policy_type(&xp->type, xfrma); 1110 if (err) 1111 goto error; 1112 1113 if (!(err = copy_from_user_tmpl(xp, xfrma))) 1114 err = copy_from_user_sec_ctx(xp, xfrma); 1115 if (err) 1116 goto error; 1117 1118 return xp; 1119 error: 1120 *errp = err; 1121 kfree(xp); 1122 return NULL; 1123 } 1124 1125 static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1126 struct rtattr **xfrma) 1127 { 1128 struct xfrm_userpolicy_info *p = NLMSG_DATA(nlh); 1129 struct xfrm_policy *xp; 1130 struct km_event c; 1131 int err; 1132 int excl; 1133 1134 err = verify_newpolicy_info(p); 1135 if (err) 1136 return err; 1137 err = verify_sec_ctx_len(xfrma); 1138 if (err) 1139 return err; 1140 1141 xp = xfrm_policy_construct(p, xfrma, &err); 1142 if (!xp) 1143 return err; 1144 1145 /* shouldnt excl be based on nlh flags?? 1146 * Aha! this is anti-netlink really i.e more pfkey derived 1147 * in netlink excl is a flag and you wouldnt need 1148 * a type XFRM_MSG_UPDPOLICY - JHS */ 1149 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 1150 err = xfrm_policy_insert(p->dir, xp, excl); 1151 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 1152 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); 1153 1154 if (err) { 1155 security_xfrm_policy_free(xp); 1156 kfree(xp); 1157 return err; 1158 } 1159 1160 c.event = nlh->nlmsg_type; 1161 c.seq = nlh->nlmsg_seq; 1162 c.pid = nlh->nlmsg_pid; 1163 km_policy_notify(xp, p->dir, &c); 1164 1165 xfrm_pol_put(xp); 1166 1167 return 0; 1168 } 1169 1170 static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) 1171 { 1172 struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; 1173 int i; 1174 1175 if (xp->xfrm_nr == 0) 1176 return 0; 1177 1178 for (i = 0; i < xp->xfrm_nr; i++) { 1179 struct xfrm_user_tmpl *up = &vec[i]; 1180 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 1181 1182 memcpy(&up->id, &kp->id, sizeof(up->id)); 1183 up->family = kp->encap_family; 1184 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); 1185 up->reqid = kp->reqid; 1186 up->mode = kp->mode; 1187 up->share = kp->share; 1188 up->optional = kp->optional; 1189 up->aalgos = kp->aalgos; 1190 up->ealgos = kp->ealgos; 1191 up->calgos = kp->calgos; 1192 } 1193 RTA_PUT(skb, XFRMA_TMPL, 1194 (sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr), 1195 vec); 1196 1197 return 0; 1198 1199 rtattr_failure: 1200 return -1; 1201 } 1202 1203 static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb) 1204 { 1205 int ctx_size = sizeof(struct xfrm_sec_ctx) + s->ctx_len; 1206 struct rtattr *rt = __RTA_PUT(skb, XFRMA_SEC_CTX, ctx_size); 1207 struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt); 1208 1209 uctx->exttype = XFRMA_SEC_CTX; 1210 uctx->len = ctx_size; 1211 uctx->ctx_doi = s->ctx_doi; 1212 uctx->ctx_alg = s->ctx_alg; 1213 uctx->ctx_len = s->ctx_len; 1214 memcpy(uctx + 1, s->ctx_str, s->ctx_len); 1215 return 0; 1216 1217 rtattr_failure: 1218 return -1; 1219 } 1220 1221 static inline int copy_to_user_state_sec_ctx(struct xfrm_state *x, struct sk_buff *skb) 1222 { 1223 if (x->security) { 1224 return copy_sec_ctx(x->security, skb); 1225 } 1226 return 0; 1227 } 1228 1229 static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *skb) 1230 { 1231 if (xp->security) { 1232 return copy_sec_ctx(xp->security, skb); 1233 } 1234 return 0; 1235 } 1236 1237 #ifdef CONFIG_XFRM_SUB_POLICY 1238 static int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1239 { 1240 struct xfrm_userpolicy_type upt; 1241 1242 memset(&upt, 0, sizeof(upt)); 1243 upt.type = type; 1244 1245 RTA_PUT(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt); 1246 1247 return 0; 1248 1249 rtattr_failure: 1250 return -1; 1251 } 1252 1253 #else 1254 static inline int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1255 { 1256 return 0; 1257 } 1258 #endif 1259 1260 static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr) 1261 { 1262 struct xfrm_dump_info *sp = ptr; 1263 struct xfrm_userpolicy_info *p; 1264 struct sk_buff *in_skb = sp->in_skb; 1265 struct sk_buff *skb = sp->out_skb; 1266 struct nlmsghdr *nlh; 1267 unsigned char *b = skb_tail_pointer(skb); 1268 1269 if (sp->this_idx < sp->start_idx) 1270 goto out; 1271 1272 nlh = NLMSG_PUT(skb, NETLINK_CB(in_skb).pid, 1273 sp->nlmsg_seq, 1274 XFRM_MSG_NEWPOLICY, sizeof(*p)); 1275 p = NLMSG_DATA(nlh); 1276 nlh->nlmsg_flags = sp->nlmsg_flags; 1277 1278 copy_to_user_policy(xp, p, dir); 1279 if (copy_to_user_tmpl(xp, skb) < 0) 1280 goto nlmsg_failure; 1281 if (copy_to_user_sec_ctx(xp, skb)) 1282 goto nlmsg_failure; 1283 if (copy_to_user_policy_type(xp->type, skb) < 0) 1284 goto nlmsg_failure; 1285 1286 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 1287 out: 1288 sp->this_idx++; 1289 return 0; 1290 1291 nlmsg_failure: 1292 nlmsg_trim(skb, b); 1293 return -1; 1294 } 1295 1296 static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) 1297 { 1298 struct xfrm_dump_info info; 1299 1300 info.in_skb = cb->skb; 1301 info.out_skb = skb; 1302 info.nlmsg_seq = cb->nlh->nlmsg_seq; 1303 info.nlmsg_flags = NLM_F_MULTI; 1304 info.this_idx = 0; 1305 info.start_idx = cb->args[0]; 1306 (void) xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, dump_one_policy, &info); 1307 #ifdef CONFIG_XFRM_SUB_POLICY 1308 (void) xfrm_policy_walk(XFRM_POLICY_TYPE_SUB, dump_one_policy, &info); 1309 #endif 1310 cb->args[0] = info.this_idx; 1311 1312 return skb->len; 1313 } 1314 1315 static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, 1316 struct xfrm_policy *xp, 1317 int dir, u32 seq) 1318 { 1319 struct xfrm_dump_info info; 1320 struct sk_buff *skb; 1321 1322 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 1323 if (!skb) 1324 return ERR_PTR(-ENOMEM); 1325 1326 info.in_skb = in_skb; 1327 info.out_skb = skb; 1328 info.nlmsg_seq = seq; 1329 info.nlmsg_flags = 0; 1330 info.this_idx = info.start_idx = 0; 1331 1332 if (dump_one_policy(xp, dir, 0, &info) < 0) { 1333 kfree_skb(skb); 1334 return NULL; 1335 } 1336 1337 return skb; 1338 } 1339 1340 static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1341 struct rtattr **xfrma) 1342 { 1343 struct xfrm_policy *xp; 1344 struct xfrm_userpolicy_id *p; 1345 u8 type = XFRM_POLICY_TYPE_MAIN; 1346 int err; 1347 struct km_event c; 1348 int delete; 1349 1350 p = NLMSG_DATA(nlh); 1351 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; 1352 1353 err = copy_from_user_policy_type(&type, xfrma); 1354 if (err) 1355 return err; 1356 1357 err = verify_policy_dir(p->dir); 1358 if (err) 1359 return err; 1360 1361 if (p->index) 1362 xp = xfrm_policy_byid(type, p->dir, p->index, delete, &err); 1363 else { 1364 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 1365 struct xfrm_policy tmp; 1366 1367 err = verify_sec_ctx_len(xfrma); 1368 if (err) 1369 return err; 1370 1371 memset(&tmp, 0, sizeof(struct xfrm_policy)); 1372 if (rt) { 1373 struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt); 1374 1375 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1376 return err; 1377 } 1378 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 1379 delete, &err); 1380 security_xfrm_policy_free(&tmp); 1381 } 1382 if (xp == NULL) 1383 return -ENOENT; 1384 1385 if (!delete) { 1386 struct sk_buff *resp_skb; 1387 1388 resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq); 1389 if (IS_ERR(resp_skb)) { 1390 err = PTR_ERR(resp_skb); 1391 } else { 1392 err = netlink_unicast(xfrm_nl, resp_skb, 1393 NETLINK_CB(skb).pid, 1394 MSG_DONTWAIT); 1395 } 1396 } else { 1397 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 1398 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); 1399 1400 if (err != 0) 1401 goto out; 1402 1403 c.data.byid = p->index; 1404 c.event = nlh->nlmsg_type; 1405 c.seq = nlh->nlmsg_seq; 1406 c.pid = nlh->nlmsg_pid; 1407 km_policy_notify(xp, p->dir, &c); 1408 } 1409 1410 out: 1411 xfrm_pol_put(xp); 1412 return err; 1413 } 1414 1415 static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 1416 struct rtattr **xfrma) 1417 { 1418 struct km_event c; 1419 struct xfrm_usersa_flush *p = NLMSG_DATA(nlh); 1420 struct xfrm_audit audit_info; 1421 int err; 1422 1423 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1424 audit_info.secid = NETLINK_CB(skb).sid; 1425 err = xfrm_state_flush(p->proto, &audit_info); 1426 if (err) 1427 return err; 1428 c.data.proto = p->proto; 1429 c.event = nlh->nlmsg_type; 1430 c.seq = nlh->nlmsg_seq; 1431 c.pid = nlh->nlmsg_pid; 1432 km_state_notify(NULL, &c); 1433 1434 return 0; 1435 } 1436 1437 1438 static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) 1439 { 1440 struct xfrm_aevent_id *id; 1441 struct nlmsghdr *nlh; 1442 struct xfrm_lifetime_cur ltime; 1443 unsigned char *b = skb_tail_pointer(skb); 1444 1445 nlh = NLMSG_PUT(skb, c->pid, c->seq, XFRM_MSG_NEWAE, sizeof(*id)); 1446 id = NLMSG_DATA(nlh); 1447 nlh->nlmsg_flags = 0; 1448 1449 memcpy(&id->sa_id.daddr, &x->id.daddr,sizeof(x->id.daddr)); 1450 id->sa_id.spi = x->id.spi; 1451 id->sa_id.family = x->props.family; 1452 id->sa_id.proto = x->id.proto; 1453 memcpy(&id->saddr, &x->props.saddr,sizeof(x->props.saddr)); 1454 id->reqid = x->props.reqid; 1455 id->flags = c->data.aevent; 1456 1457 RTA_PUT(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), &x->replay); 1458 1459 ltime.bytes = x->curlft.bytes; 1460 ltime.packets = x->curlft.packets; 1461 ltime.add_time = x->curlft.add_time; 1462 ltime.use_time = x->curlft.use_time; 1463 1464 RTA_PUT(skb, XFRMA_LTIME_VAL, sizeof(struct xfrm_lifetime_cur), <ime); 1465 1466 if (id->flags&XFRM_AE_RTHR) { 1467 RTA_PUT(skb,XFRMA_REPLAY_THRESH,sizeof(u32),&x->replay_maxdiff); 1468 } 1469 1470 if (id->flags&XFRM_AE_ETHR) { 1471 u32 etimer = x->replay_maxage*10/HZ; 1472 RTA_PUT(skb,XFRMA_ETIMER_THRESH,sizeof(u32),&etimer); 1473 } 1474 1475 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 1476 return skb->len; 1477 1478 rtattr_failure: 1479 nlmsg_failure: 1480 nlmsg_trim(skb, b); 1481 return -1; 1482 } 1483 1484 static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 1485 struct rtattr **xfrma) 1486 { 1487 struct xfrm_state *x; 1488 struct sk_buff *r_skb; 1489 int err; 1490 struct km_event c; 1491 struct xfrm_aevent_id *p = NLMSG_DATA(nlh); 1492 int len = NLMSG_LENGTH(sizeof(struct xfrm_aevent_id)); 1493 struct xfrm_usersa_id *id = &p->sa_id; 1494 1495 len += RTA_SPACE(sizeof(struct xfrm_replay_state)); 1496 len += RTA_SPACE(sizeof(struct xfrm_lifetime_cur)); 1497 1498 if (p->flags&XFRM_AE_RTHR) 1499 len+=RTA_SPACE(sizeof(u32)); 1500 1501 if (p->flags&XFRM_AE_ETHR) 1502 len+=RTA_SPACE(sizeof(u32)); 1503 1504 r_skb = alloc_skb(len, GFP_ATOMIC); 1505 if (r_skb == NULL) 1506 return -ENOMEM; 1507 1508 x = xfrm_state_lookup(&id->daddr, id->spi, id->proto, id->family); 1509 if (x == NULL) { 1510 kfree_skb(r_skb); 1511 return -ESRCH; 1512 } 1513 1514 /* 1515 * XXX: is this lock really needed - none of the other 1516 * gets lock (the concern is things getting updated 1517 * while we are still reading) - jhs 1518 */ 1519 spin_lock_bh(&x->lock); 1520 c.data.aevent = p->flags; 1521 c.seq = nlh->nlmsg_seq; 1522 c.pid = nlh->nlmsg_pid; 1523 1524 if (build_aevent(r_skb, x, &c) < 0) 1525 BUG(); 1526 err = netlink_unicast(xfrm_nl, r_skb, 1527 NETLINK_CB(skb).pid, MSG_DONTWAIT); 1528 spin_unlock_bh(&x->lock); 1529 xfrm_state_put(x); 1530 return err; 1531 } 1532 1533 static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 1534 struct rtattr **xfrma) 1535 { 1536 struct xfrm_state *x; 1537 struct km_event c; 1538 int err = - EINVAL; 1539 struct xfrm_aevent_id *p = NLMSG_DATA(nlh); 1540 struct rtattr *rp = xfrma[XFRMA_REPLAY_VAL-1]; 1541 struct rtattr *lt = xfrma[XFRMA_LTIME_VAL-1]; 1542 1543 if (!lt && !rp) 1544 return err; 1545 1546 /* pedantic mode - thou shalt sayeth replaceth */ 1547 if (!(nlh->nlmsg_flags&NLM_F_REPLACE)) 1548 return err; 1549 1550 x = xfrm_state_lookup(&p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family); 1551 if (x == NULL) 1552 return -ESRCH; 1553 1554 if (x->km.state != XFRM_STATE_VALID) 1555 goto out; 1556 1557 spin_lock_bh(&x->lock); 1558 err = xfrm_update_ae_params(x, xfrma); 1559 spin_unlock_bh(&x->lock); 1560 if (err < 0) 1561 goto out; 1562 1563 c.event = nlh->nlmsg_type; 1564 c.seq = nlh->nlmsg_seq; 1565 c.pid = nlh->nlmsg_pid; 1566 c.data.aevent = XFRM_AE_CU; 1567 km_state_notify(x, &c); 1568 err = 0; 1569 out: 1570 xfrm_state_put(x); 1571 return err; 1572 } 1573 1574 static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1575 struct rtattr **xfrma) 1576 { 1577 struct km_event c; 1578 u8 type = XFRM_POLICY_TYPE_MAIN; 1579 int err; 1580 struct xfrm_audit audit_info; 1581 1582 err = copy_from_user_policy_type(&type, xfrma); 1583 if (err) 1584 return err; 1585 1586 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1587 audit_info.secid = NETLINK_CB(skb).sid; 1588 err = xfrm_policy_flush(type, &audit_info); 1589 if (err) 1590 return err; 1591 c.data.type = type; 1592 c.event = nlh->nlmsg_type; 1593 c.seq = nlh->nlmsg_seq; 1594 c.pid = nlh->nlmsg_pid; 1595 km_policy_notify(NULL, 0, &c); 1596 return 0; 1597 } 1598 1599 static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 1600 struct rtattr **xfrma) 1601 { 1602 struct xfrm_policy *xp; 1603 struct xfrm_user_polexpire *up = NLMSG_DATA(nlh); 1604 struct xfrm_userpolicy_info *p = &up->pol; 1605 u8 type = XFRM_POLICY_TYPE_MAIN; 1606 int err = -ENOENT; 1607 1608 err = copy_from_user_policy_type(&type, xfrma); 1609 if (err) 1610 return err; 1611 1612 if (p->index) 1613 xp = xfrm_policy_byid(type, p->dir, p->index, 0, &err); 1614 else { 1615 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 1616 struct xfrm_policy tmp; 1617 1618 err = verify_sec_ctx_len(xfrma); 1619 if (err) 1620 return err; 1621 1622 memset(&tmp, 0, sizeof(struct xfrm_policy)); 1623 if (rt) { 1624 struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt); 1625 1626 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1627 return err; 1628 } 1629 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 1630 0, &err); 1631 security_xfrm_policy_free(&tmp); 1632 } 1633 1634 if (xp == NULL) 1635 return -ENOENT; 1636 read_lock(&xp->lock); 1637 if (xp->dead) { 1638 read_unlock(&xp->lock); 1639 goto out; 1640 } 1641 1642 read_unlock(&xp->lock); 1643 err = 0; 1644 if (up->hard) { 1645 xfrm_policy_delete(xp, p->dir); 1646 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 1647 AUDIT_MAC_IPSEC_DELSPD, 1, xp, NULL); 1648 1649 } else { 1650 // reset the timers here? 1651 printk("Dont know what to do with soft policy expire\n"); 1652 } 1653 km_policy_expired(xp, p->dir, up->hard, current->pid); 1654 1655 out: 1656 xfrm_pol_put(xp); 1657 return err; 1658 } 1659 1660 static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 1661 struct rtattr **xfrma) 1662 { 1663 struct xfrm_state *x; 1664 int err; 1665 struct xfrm_user_expire *ue = NLMSG_DATA(nlh); 1666 struct xfrm_usersa_info *p = &ue->state; 1667 1668 x = xfrm_state_lookup(&p->id.daddr, p->id.spi, p->id.proto, p->family); 1669 1670 err = -ENOENT; 1671 if (x == NULL) 1672 return err; 1673 1674 spin_lock_bh(&x->lock); 1675 err = -EINVAL; 1676 if (x->km.state != XFRM_STATE_VALID) 1677 goto out; 1678 km_state_expired(x, ue->hard, current->pid); 1679 1680 if (ue->hard) { 1681 __xfrm_state_delete(x); 1682 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 1683 AUDIT_MAC_IPSEC_DELSA, 1, NULL, x); 1684 } 1685 err = 0; 1686 out: 1687 spin_unlock_bh(&x->lock); 1688 xfrm_state_put(x); 1689 return err; 1690 } 1691 1692 static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, 1693 struct rtattr **xfrma) 1694 { 1695 struct xfrm_policy *xp; 1696 struct xfrm_user_tmpl *ut; 1697 int i; 1698 struct rtattr *rt = xfrma[XFRMA_TMPL-1]; 1699 1700 struct xfrm_user_acquire *ua = NLMSG_DATA(nlh); 1701 struct xfrm_state *x = xfrm_state_alloc(); 1702 int err = -ENOMEM; 1703 1704 if (!x) 1705 return err; 1706 1707 err = verify_newpolicy_info(&ua->policy); 1708 if (err) { 1709 printk("BAD policy passed\n"); 1710 kfree(x); 1711 return err; 1712 } 1713 1714 /* build an XP */ 1715 xp = xfrm_policy_construct(&ua->policy, (struct rtattr **) xfrma, &err); 1716 if (!xp) { 1717 kfree(x); 1718 return err; 1719 } 1720 1721 memcpy(&x->id, &ua->id, sizeof(ua->id)); 1722 memcpy(&x->props.saddr, &ua->saddr, sizeof(ua->saddr)); 1723 memcpy(&x->sel, &ua->sel, sizeof(ua->sel)); 1724 1725 ut = RTA_DATA(rt); 1726 /* extract the templates and for each call km_key */ 1727 for (i = 0; i < xp->xfrm_nr; i++, ut++) { 1728 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 1729 memcpy(&x->id, &t->id, sizeof(x->id)); 1730 x->props.mode = t->mode; 1731 x->props.reqid = t->reqid; 1732 x->props.family = ut->family; 1733 t->aalgos = ua->aalgos; 1734 t->ealgos = ua->ealgos; 1735 t->calgos = ua->calgos; 1736 err = km_query(x, t, xp); 1737 1738 } 1739 1740 kfree(x); 1741 kfree(xp); 1742 1743 return 0; 1744 } 1745 1746 #ifdef CONFIG_XFRM_MIGRATE 1747 static int verify_user_migrate(struct rtattr **xfrma) 1748 { 1749 struct rtattr *rt = xfrma[XFRMA_MIGRATE-1]; 1750 struct xfrm_user_migrate *um; 1751 1752 if (!rt) 1753 return -EINVAL; 1754 1755 if ((rt->rta_len - sizeof(*rt)) < sizeof(*um)) 1756 return -EINVAL; 1757 1758 return 0; 1759 } 1760 1761 static int copy_from_user_migrate(struct xfrm_migrate *ma, 1762 struct rtattr **xfrma, int *num) 1763 { 1764 struct rtattr *rt = xfrma[XFRMA_MIGRATE-1]; 1765 struct xfrm_user_migrate *um; 1766 int i, num_migrate; 1767 1768 um = RTA_DATA(rt); 1769 num_migrate = (rt->rta_len - sizeof(*rt)) / sizeof(*um); 1770 1771 if (num_migrate <= 0 || num_migrate > XFRM_MAX_DEPTH) 1772 return -EINVAL; 1773 1774 for (i = 0; i < num_migrate; i++, um++, ma++) { 1775 memcpy(&ma->old_daddr, &um->old_daddr, sizeof(ma->old_daddr)); 1776 memcpy(&ma->old_saddr, &um->old_saddr, sizeof(ma->old_saddr)); 1777 memcpy(&ma->new_daddr, &um->new_daddr, sizeof(ma->new_daddr)); 1778 memcpy(&ma->new_saddr, &um->new_saddr, sizeof(ma->new_saddr)); 1779 1780 ma->proto = um->proto; 1781 ma->mode = um->mode; 1782 ma->reqid = um->reqid; 1783 1784 ma->old_family = um->old_family; 1785 ma->new_family = um->new_family; 1786 } 1787 1788 *num = i; 1789 return 0; 1790 } 1791 1792 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 1793 struct rtattr **xfrma) 1794 { 1795 struct xfrm_userpolicy_id *pi = NLMSG_DATA(nlh); 1796 struct xfrm_migrate m[XFRM_MAX_DEPTH]; 1797 u8 type; 1798 int err; 1799 int n = 0; 1800 1801 err = verify_user_migrate((struct rtattr **)xfrma); 1802 if (err) 1803 return err; 1804 1805 err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma); 1806 if (err) 1807 return err; 1808 1809 err = copy_from_user_migrate((struct xfrm_migrate *)m, 1810 (struct rtattr **)xfrma, &n); 1811 if (err) 1812 return err; 1813 1814 if (!n) 1815 return 0; 1816 1817 xfrm_migrate(&pi->sel, pi->dir, type, m, n); 1818 1819 return 0; 1820 } 1821 #else 1822 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 1823 struct rtattr **xfrma) 1824 { 1825 return -ENOPROTOOPT; 1826 } 1827 #endif 1828 1829 #ifdef CONFIG_XFRM_MIGRATE 1830 static int copy_to_user_migrate(struct xfrm_migrate *m, struct sk_buff *skb) 1831 { 1832 struct xfrm_user_migrate um; 1833 1834 memset(&um, 0, sizeof(um)); 1835 um.proto = m->proto; 1836 um.mode = m->mode; 1837 um.reqid = m->reqid; 1838 um.old_family = m->old_family; 1839 memcpy(&um.old_daddr, &m->old_daddr, sizeof(um.old_daddr)); 1840 memcpy(&um.old_saddr, &m->old_saddr, sizeof(um.old_saddr)); 1841 um.new_family = m->new_family; 1842 memcpy(&um.new_daddr, &m->new_daddr, sizeof(um.new_daddr)); 1843 memcpy(&um.new_saddr, &m->new_saddr, sizeof(um.new_saddr)); 1844 1845 RTA_PUT(skb, XFRMA_MIGRATE, sizeof(um), &um); 1846 return 0; 1847 1848 rtattr_failure: 1849 return -1; 1850 } 1851 1852 static int build_migrate(struct sk_buff *skb, struct xfrm_migrate *m, 1853 int num_migrate, struct xfrm_selector *sel, 1854 u8 dir, u8 type) 1855 { 1856 struct xfrm_migrate *mp; 1857 struct xfrm_userpolicy_id *pol_id; 1858 struct nlmsghdr *nlh; 1859 unsigned char *b = skb_tail_pointer(skb); 1860 int i; 1861 1862 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_MIGRATE, sizeof(*pol_id)); 1863 pol_id = NLMSG_DATA(nlh); 1864 nlh->nlmsg_flags = 0; 1865 1866 /* copy data from selector, dir, and type to the pol_id */ 1867 memset(pol_id, 0, sizeof(*pol_id)); 1868 memcpy(&pol_id->sel, sel, sizeof(pol_id->sel)); 1869 pol_id->dir = dir; 1870 1871 if (copy_to_user_policy_type(type, skb) < 0) 1872 goto nlmsg_failure; 1873 1874 for (i = 0, mp = m ; i < num_migrate; i++, mp++) { 1875 if (copy_to_user_migrate(mp, skb) < 0) 1876 goto nlmsg_failure; 1877 } 1878 1879 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 1880 return skb->len; 1881 nlmsg_failure: 1882 nlmsg_trim(skb, b); 1883 return -1; 1884 } 1885 1886 static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1887 struct xfrm_migrate *m, int num_migrate) 1888 { 1889 struct sk_buff *skb; 1890 size_t len; 1891 1892 len = RTA_SPACE(sizeof(struct xfrm_user_migrate) * num_migrate); 1893 len += NLMSG_SPACE(sizeof(struct xfrm_userpolicy_id)); 1894 #ifdef CONFIG_XFRM_SUB_POLICY 1895 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); 1896 #endif 1897 skb = alloc_skb(len, GFP_ATOMIC); 1898 if (skb == NULL) 1899 return -ENOMEM; 1900 1901 /* build migrate */ 1902 if (build_migrate(skb, m, num_migrate, sel, dir, type) < 0) 1903 BUG(); 1904 1905 NETLINK_CB(skb).dst_group = XFRMNLGRP_MIGRATE; 1906 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_MIGRATE, 1907 GFP_ATOMIC); 1908 } 1909 #else 1910 static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1911 struct xfrm_migrate *m, int num_migrate) 1912 { 1913 return -ENOPROTOOPT; 1914 } 1915 #endif 1916 1917 #define XMSGSIZE(type) NLMSG_LENGTH(sizeof(struct type)) 1918 1919 static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = { 1920 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 1921 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 1922 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 1923 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 1924 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1925 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1926 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info), 1927 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire), 1928 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire), 1929 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 1930 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 1931 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire), 1932 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), 1933 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = NLMSG_LENGTH(0), 1934 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 1935 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 1936 [XFRM_MSG_REPORT - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_report), 1937 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1938 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = NLMSG_LENGTH(sizeof(u32)), 1939 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = NLMSG_LENGTH(sizeof(u32)), 1940 }; 1941 1942 #undef XMSGSIZE 1943 1944 static struct xfrm_link { 1945 int (*doit)(struct sk_buff *, struct nlmsghdr *, struct rtattr **); 1946 int (*dump)(struct sk_buff *, struct netlink_callback *); 1947 } xfrm_dispatch[XFRM_NR_MSGTYPES] = { 1948 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 1949 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = { .doit = xfrm_del_sa }, 1950 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = { .doit = xfrm_get_sa, 1951 .dump = xfrm_dump_sa }, 1952 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 1953 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy }, 1954 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy, 1955 .dump = xfrm_dump_policy }, 1956 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, 1957 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire }, 1958 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire }, 1959 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 1960 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 1961 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_pol_expire}, 1962 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, 1963 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy }, 1964 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = { .doit = xfrm_new_ae }, 1965 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = { .doit = xfrm_get_ae }, 1966 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = { .doit = xfrm_do_migrate }, 1967 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_sadinfo }, 1968 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_spdinfo }, 1969 }; 1970 1971 static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 1972 { 1973 struct rtattr *xfrma[XFRMA_MAX]; 1974 struct xfrm_link *link; 1975 int type, min_len; 1976 1977 type = nlh->nlmsg_type; 1978 if (type > XFRM_MSG_MAX) 1979 return -EINVAL; 1980 1981 type -= XFRM_MSG_BASE; 1982 link = &xfrm_dispatch[type]; 1983 1984 /* All operations require privileges, even GET */ 1985 if (security_netlink_recv(skb, CAP_NET_ADMIN)) 1986 return -EPERM; 1987 1988 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || 1989 type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) && 1990 (nlh->nlmsg_flags & NLM_F_DUMP)) { 1991 if (link->dump == NULL) 1992 return -EINVAL; 1993 1994 return netlink_dump_start(xfrm_nl, skb, nlh, link->dump, NULL); 1995 } 1996 1997 memset(xfrma, 0, sizeof(xfrma)); 1998 1999 if (nlh->nlmsg_len < (min_len = xfrm_msg_min[type])) 2000 return -EINVAL; 2001 2002 if (nlh->nlmsg_len > min_len) { 2003 int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len); 2004 struct rtattr *attr = (void *) nlh + NLMSG_ALIGN(min_len); 2005 2006 while (RTA_OK(attr, attrlen)) { 2007 unsigned short flavor = attr->rta_type; 2008 if (flavor) { 2009 if (flavor > XFRMA_MAX) 2010 return -EINVAL; 2011 xfrma[flavor - 1] = attr; 2012 } 2013 attr = RTA_NEXT(attr, attrlen); 2014 } 2015 } 2016 2017 if (link->doit == NULL) 2018 return -EINVAL; 2019 2020 return link->doit(skb, nlh, xfrma); 2021 } 2022 2023 static void xfrm_netlink_rcv(struct sock *sk, int len) 2024 { 2025 unsigned int qlen = 0; 2026 2027 do { 2028 mutex_lock(&xfrm_cfg_mutex); 2029 netlink_run_queue(sk, &qlen, &xfrm_user_rcv_msg); 2030 mutex_unlock(&xfrm_cfg_mutex); 2031 2032 } while (qlen); 2033 } 2034 2035 static int build_expire(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) 2036 { 2037 struct xfrm_user_expire *ue; 2038 struct nlmsghdr *nlh; 2039 unsigned char *b = skb_tail_pointer(skb); 2040 2041 nlh = NLMSG_PUT(skb, c->pid, 0, XFRM_MSG_EXPIRE, 2042 sizeof(*ue)); 2043 ue = NLMSG_DATA(nlh); 2044 nlh->nlmsg_flags = 0; 2045 2046 copy_to_user_state(x, &ue->state); 2047 ue->hard = (c->data.hard != 0) ? 1 : 0; 2048 2049 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 2050 return skb->len; 2051 2052 nlmsg_failure: 2053 nlmsg_trim(skb, b); 2054 return -1; 2055 } 2056 2057 static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) 2058 { 2059 struct sk_buff *skb; 2060 int len = NLMSG_LENGTH(sizeof(struct xfrm_user_expire)); 2061 2062 skb = alloc_skb(len, GFP_ATOMIC); 2063 if (skb == NULL) 2064 return -ENOMEM; 2065 2066 if (build_expire(skb, x, c) < 0) 2067 BUG(); 2068 2069 NETLINK_CB(skb).dst_group = XFRMNLGRP_EXPIRE; 2070 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 2071 } 2072 2073 static int xfrm_aevent_state_notify(struct xfrm_state *x, struct km_event *c) 2074 { 2075 struct sk_buff *skb; 2076 int len = NLMSG_LENGTH(sizeof(struct xfrm_aevent_id)); 2077 2078 len += RTA_SPACE(sizeof(struct xfrm_replay_state)); 2079 len += RTA_SPACE(sizeof(struct xfrm_lifetime_cur)); 2080 skb = alloc_skb(len, GFP_ATOMIC); 2081 if (skb == NULL) 2082 return -ENOMEM; 2083 2084 if (build_aevent(skb, x, c) < 0) 2085 BUG(); 2086 2087 NETLINK_CB(skb).dst_group = XFRMNLGRP_AEVENTS; 2088 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_AEVENTS, GFP_ATOMIC); 2089 } 2090 2091 static int xfrm_notify_sa_flush(struct km_event *c) 2092 { 2093 struct xfrm_usersa_flush *p; 2094 struct nlmsghdr *nlh; 2095 struct sk_buff *skb; 2096 sk_buff_data_t b; 2097 int len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_flush)); 2098 2099 skb = alloc_skb(len, GFP_ATOMIC); 2100 if (skb == NULL) 2101 return -ENOMEM; 2102 b = skb->tail; 2103 2104 nlh = NLMSG_PUT(skb, c->pid, c->seq, 2105 XFRM_MSG_FLUSHSA, sizeof(*p)); 2106 nlh->nlmsg_flags = 0; 2107 2108 p = NLMSG_DATA(nlh); 2109 p->proto = c->data.proto; 2110 2111 nlh->nlmsg_len = skb->tail - b; 2112 2113 NETLINK_CB(skb).dst_group = XFRMNLGRP_SA; 2114 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 2115 2116 nlmsg_failure: 2117 kfree_skb(skb); 2118 return -1; 2119 } 2120 2121 static inline int xfrm_sa_len(struct xfrm_state *x) 2122 { 2123 int l = 0; 2124 if (x->aalg) 2125 l += RTA_SPACE(sizeof(*x->aalg) + (x->aalg->alg_key_len+7)/8); 2126 if (x->ealg) 2127 l += RTA_SPACE(sizeof(*x->ealg) + (x->ealg->alg_key_len+7)/8); 2128 if (x->calg) 2129 l += RTA_SPACE(sizeof(*x->calg)); 2130 if (x->encap) 2131 l += RTA_SPACE(sizeof(*x->encap)); 2132 2133 return l; 2134 } 2135 2136 static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c) 2137 { 2138 struct xfrm_usersa_info *p; 2139 struct xfrm_usersa_id *id; 2140 struct nlmsghdr *nlh; 2141 struct sk_buff *skb; 2142 sk_buff_data_t b; 2143 int len = xfrm_sa_len(x); 2144 int headlen; 2145 2146 headlen = sizeof(*p); 2147 if (c->event == XFRM_MSG_DELSA) { 2148 len += RTA_SPACE(headlen); 2149 headlen = sizeof(*id); 2150 } 2151 len += NLMSG_SPACE(headlen); 2152 2153 skb = alloc_skb(len, GFP_ATOMIC); 2154 if (skb == NULL) 2155 return -ENOMEM; 2156 b = skb->tail; 2157 2158 nlh = NLMSG_PUT(skb, c->pid, c->seq, c->event, headlen); 2159 nlh->nlmsg_flags = 0; 2160 2161 p = NLMSG_DATA(nlh); 2162 if (c->event == XFRM_MSG_DELSA) { 2163 id = NLMSG_DATA(nlh); 2164 memcpy(&id->daddr, &x->id.daddr, sizeof(id->daddr)); 2165 id->spi = x->id.spi; 2166 id->family = x->props.family; 2167 id->proto = x->id.proto; 2168 2169 p = RTA_DATA(__RTA_PUT(skb, XFRMA_SA, sizeof(*p))); 2170 } 2171 2172 copy_to_user_state(x, p); 2173 2174 if (x->aalg) 2175 RTA_PUT(skb, XFRMA_ALG_AUTH, 2176 sizeof(*(x->aalg))+(x->aalg->alg_key_len+7)/8, x->aalg); 2177 if (x->ealg) 2178 RTA_PUT(skb, XFRMA_ALG_CRYPT, 2179 sizeof(*(x->ealg))+(x->ealg->alg_key_len+7)/8, x->ealg); 2180 if (x->calg) 2181 RTA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 2182 2183 if (x->encap) 2184 RTA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 2185 2186 nlh->nlmsg_len = skb->tail - b; 2187 2188 NETLINK_CB(skb).dst_group = XFRMNLGRP_SA; 2189 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 2190 2191 nlmsg_failure: 2192 rtattr_failure: 2193 kfree_skb(skb); 2194 return -1; 2195 } 2196 2197 static int xfrm_send_state_notify(struct xfrm_state *x, struct km_event *c) 2198 { 2199 2200 switch (c->event) { 2201 case XFRM_MSG_EXPIRE: 2202 return xfrm_exp_state_notify(x, c); 2203 case XFRM_MSG_NEWAE: 2204 return xfrm_aevent_state_notify(x, c); 2205 case XFRM_MSG_DELSA: 2206 case XFRM_MSG_UPDSA: 2207 case XFRM_MSG_NEWSA: 2208 return xfrm_notify_sa(x, c); 2209 case XFRM_MSG_FLUSHSA: 2210 return xfrm_notify_sa_flush(c); 2211 default: 2212 printk("xfrm_user: Unknown SA event %d\n", c->event); 2213 break; 2214 } 2215 2216 return 0; 2217 2218 } 2219 2220 static int build_acquire(struct sk_buff *skb, struct xfrm_state *x, 2221 struct xfrm_tmpl *xt, struct xfrm_policy *xp, 2222 int dir) 2223 { 2224 struct xfrm_user_acquire *ua; 2225 struct nlmsghdr *nlh; 2226 unsigned char *b = skb_tail_pointer(skb); 2227 __u32 seq = xfrm_get_acqseq(); 2228 2229 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_ACQUIRE, 2230 sizeof(*ua)); 2231 ua = NLMSG_DATA(nlh); 2232 nlh->nlmsg_flags = 0; 2233 2234 memcpy(&ua->id, &x->id, sizeof(ua->id)); 2235 memcpy(&ua->saddr, &x->props.saddr, sizeof(ua->saddr)); 2236 memcpy(&ua->sel, &x->sel, sizeof(ua->sel)); 2237 copy_to_user_policy(xp, &ua->policy, dir); 2238 ua->aalgos = xt->aalgos; 2239 ua->ealgos = xt->ealgos; 2240 ua->calgos = xt->calgos; 2241 ua->seq = x->km.seq = seq; 2242 2243 if (copy_to_user_tmpl(xp, skb) < 0) 2244 goto nlmsg_failure; 2245 if (copy_to_user_state_sec_ctx(x, skb)) 2246 goto nlmsg_failure; 2247 if (copy_to_user_policy_type(xp->type, skb) < 0) 2248 goto nlmsg_failure; 2249 2250 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 2251 return skb->len; 2252 2253 nlmsg_failure: 2254 nlmsg_trim(skb, b); 2255 return -1; 2256 } 2257 2258 static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, 2259 struct xfrm_policy *xp, int dir) 2260 { 2261 struct sk_buff *skb; 2262 size_t len; 2263 2264 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 2265 len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire)); 2266 len += RTA_SPACE(xfrm_user_sec_ctx_size(x->security)); 2267 #ifdef CONFIG_XFRM_SUB_POLICY 2268 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); 2269 #endif 2270 skb = alloc_skb(len, GFP_ATOMIC); 2271 if (skb == NULL) 2272 return -ENOMEM; 2273 2274 if (build_acquire(skb, x, xt, xp, dir) < 0) 2275 BUG(); 2276 2277 NETLINK_CB(skb).dst_group = XFRMNLGRP_ACQUIRE; 2278 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_ACQUIRE, GFP_ATOMIC); 2279 } 2280 2281 /* User gives us xfrm_user_policy_info followed by an array of 0 2282 * or more templates. 2283 */ 2284 static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, 2285 u8 *data, int len, int *dir) 2286 { 2287 struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; 2288 struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); 2289 struct xfrm_policy *xp; 2290 int nr; 2291 2292 switch (sk->sk_family) { 2293 case AF_INET: 2294 if (opt != IP_XFRM_POLICY) { 2295 *dir = -EOPNOTSUPP; 2296 return NULL; 2297 } 2298 break; 2299 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 2300 case AF_INET6: 2301 if (opt != IPV6_XFRM_POLICY) { 2302 *dir = -EOPNOTSUPP; 2303 return NULL; 2304 } 2305 break; 2306 #endif 2307 default: 2308 *dir = -EINVAL; 2309 return NULL; 2310 } 2311 2312 *dir = -EINVAL; 2313 2314 if (len < sizeof(*p) || 2315 verify_newpolicy_info(p)) 2316 return NULL; 2317 2318 nr = ((len - sizeof(*p)) / sizeof(*ut)); 2319 if (validate_tmpl(nr, ut, p->sel.family)) 2320 return NULL; 2321 2322 if (p->dir > XFRM_POLICY_OUT) 2323 return NULL; 2324 2325 xp = xfrm_policy_alloc(GFP_KERNEL); 2326 if (xp == NULL) { 2327 *dir = -ENOBUFS; 2328 return NULL; 2329 } 2330 2331 copy_from_user_policy(xp, p); 2332 xp->type = XFRM_POLICY_TYPE_MAIN; 2333 copy_templates(xp, ut, nr); 2334 2335 *dir = p->dir; 2336 2337 return xp; 2338 } 2339 2340 static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, 2341 int dir, struct km_event *c) 2342 { 2343 struct xfrm_user_polexpire *upe; 2344 struct nlmsghdr *nlh; 2345 int hard = c->data.hard; 2346 unsigned char *b = skb_tail_pointer(skb); 2347 2348 nlh = NLMSG_PUT(skb, c->pid, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe)); 2349 upe = NLMSG_DATA(nlh); 2350 nlh->nlmsg_flags = 0; 2351 2352 copy_to_user_policy(xp, &upe->pol, dir); 2353 if (copy_to_user_tmpl(xp, skb) < 0) 2354 goto nlmsg_failure; 2355 if (copy_to_user_sec_ctx(xp, skb)) 2356 goto nlmsg_failure; 2357 if (copy_to_user_policy_type(xp->type, skb) < 0) 2358 goto nlmsg_failure; 2359 upe->hard = !!hard; 2360 2361 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 2362 return skb->len; 2363 2364 nlmsg_failure: 2365 nlmsg_trim(skb, b); 2366 return -1; 2367 } 2368 2369 static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2370 { 2371 struct sk_buff *skb; 2372 size_t len; 2373 2374 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 2375 len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire)); 2376 len += RTA_SPACE(xfrm_user_sec_ctx_size(xp->security)); 2377 #ifdef CONFIG_XFRM_SUB_POLICY 2378 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); 2379 #endif 2380 skb = alloc_skb(len, GFP_ATOMIC); 2381 if (skb == NULL) 2382 return -ENOMEM; 2383 2384 if (build_polexpire(skb, xp, dir, c) < 0) 2385 BUG(); 2386 2387 NETLINK_CB(skb).dst_group = XFRMNLGRP_EXPIRE; 2388 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 2389 } 2390 2391 static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) 2392 { 2393 struct xfrm_userpolicy_info *p; 2394 struct xfrm_userpolicy_id *id; 2395 struct nlmsghdr *nlh; 2396 struct sk_buff *skb; 2397 sk_buff_data_t b; 2398 int len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 2399 int headlen; 2400 2401 headlen = sizeof(*p); 2402 if (c->event == XFRM_MSG_DELPOLICY) { 2403 len += RTA_SPACE(headlen); 2404 headlen = sizeof(*id); 2405 } 2406 #ifdef CONFIG_XFRM_SUB_POLICY 2407 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); 2408 #endif 2409 len += NLMSG_SPACE(headlen); 2410 2411 skb = alloc_skb(len, GFP_ATOMIC); 2412 if (skb == NULL) 2413 return -ENOMEM; 2414 b = skb->tail; 2415 2416 nlh = NLMSG_PUT(skb, c->pid, c->seq, c->event, headlen); 2417 2418 p = NLMSG_DATA(nlh); 2419 if (c->event == XFRM_MSG_DELPOLICY) { 2420 id = NLMSG_DATA(nlh); 2421 memset(id, 0, sizeof(*id)); 2422 id->dir = dir; 2423 if (c->data.byid) 2424 id->index = xp->index; 2425 else 2426 memcpy(&id->sel, &xp->selector, sizeof(id->sel)); 2427 2428 p = RTA_DATA(__RTA_PUT(skb, XFRMA_POLICY, sizeof(*p))); 2429 } 2430 2431 nlh->nlmsg_flags = 0; 2432 2433 copy_to_user_policy(xp, p, dir); 2434 if (copy_to_user_tmpl(xp, skb) < 0) 2435 goto nlmsg_failure; 2436 if (copy_to_user_policy_type(xp->type, skb) < 0) 2437 goto nlmsg_failure; 2438 2439 nlh->nlmsg_len = skb->tail - b; 2440 2441 NETLINK_CB(skb).dst_group = XFRMNLGRP_POLICY; 2442 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2443 2444 nlmsg_failure: 2445 rtattr_failure: 2446 kfree_skb(skb); 2447 return -1; 2448 } 2449 2450 static int xfrm_notify_policy_flush(struct km_event *c) 2451 { 2452 struct nlmsghdr *nlh; 2453 struct sk_buff *skb; 2454 sk_buff_data_t b; 2455 int len = 0; 2456 #ifdef CONFIG_XFRM_SUB_POLICY 2457 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); 2458 #endif 2459 len += NLMSG_LENGTH(0); 2460 2461 skb = alloc_skb(len, GFP_ATOMIC); 2462 if (skb == NULL) 2463 return -ENOMEM; 2464 b = skb->tail; 2465 2466 2467 nlh = NLMSG_PUT(skb, c->pid, c->seq, XFRM_MSG_FLUSHPOLICY, 0); 2468 nlh->nlmsg_flags = 0; 2469 if (copy_to_user_policy_type(c->data.type, skb) < 0) 2470 goto nlmsg_failure; 2471 2472 nlh->nlmsg_len = skb->tail - b; 2473 2474 NETLINK_CB(skb).dst_group = XFRMNLGRP_POLICY; 2475 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2476 2477 nlmsg_failure: 2478 kfree_skb(skb); 2479 return -1; 2480 } 2481 2482 static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2483 { 2484 2485 switch (c->event) { 2486 case XFRM_MSG_NEWPOLICY: 2487 case XFRM_MSG_UPDPOLICY: 2488 case XFRM_MSG_DELPOLICY: 2489 return xfrm_notify_policy(xp, dir, c); 2490 case XFRM_MSG_FLUSHPOLICY: 2491 return xfrm_notify_policy_flush(c); 2492 case XFRM_MSG_POLEXPIRE: 2493 return xfrm_exp_policy_notify(xp, dir, c); 2494 default: 2495 printk("xfrm_user: Unknown Policy event %d\n", c->event); 2496 } 2497 2498 return 0; 2499 2500 } 2501 2502 static int build_report(struct sk_buff *skb, u8 proto, 2503 struct xfrm_selector *sel, xfrm_address_t *addr) 2504 { 2505 struct xfrm_user_report *ur; 2506 struct nlmsghdr *nlh; 2507 unsigned char *b = skb_tail_pointer(skb); 2508 2509 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_REPORT, sizeof(*ur)); 2510 ur = NLMSG_DATA(nlh); 2511 nlh->nlmsg_flags = 0; 2512 2513 ur->proto = proto; 2514 memcpy(&ur->sel, sel, sizeof(ur->sel)); 2515 2516 if (addr) 2517 RTA_PUT(skb, XFRMA_COADDR, sizeof(*addr), addr); 2518 2519 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 2520 return skb->len; 2521 2522 nlmsg_failure: 2523 rtattr_failure: 2524 nlmsg_trim(skb, b); 2525 return -1; 2526 } 2527 2528 static int xfrm_send_report(u8 proto, struct xfrm_selector *sel, 2529 xfrm_address_t *addr) 2530 { 2531 struct sk_buff *skb; 2532 size_t len; 2533 2534 len = NLMSG_ALIGN(NLMSG_LENGTH(sizeof(struct xfrm_user_report))); 2535 skb = alloc_skb(len, GFP_ATOMIC); 2536 if (skb == NULL) 2537 return -ENOMEM; 2538 2539 if (build_report(skb, proto, sel, addr) < 0) 2540 BUG(); 2541 2542 NETLINK_CB(skb).dst_group = XFRMNLGRP_REPORT; 2543 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_REPORT, GFP_ATOMIC); 2544 } 2545 2546 static struct xfrm_mgr netlink_mgr = { 2547 .id = "netlink", 2548 .notify = xfrm_send_state_notify, 2549 .acquire = xfrm_send_acquire, 2550 .compile_policy = xfrm_compile_policy, 2551 .notify_policy = xfrm_send_policy_notify, 2552 .report = xfrm_send_report, 2553 .migrate = xfrm_send_migrate, 2554 }; 2555 2556 static int __init xfrm_user_init(void) 2557 { 2558 struct sock *nlsk; 2559 2560 printk(KERN_INFO "Initializing XFRM netlink socket\n"); 2561 2562 nlsk = netlink_kernel_create(NETLINK_XFRM, XFRMNLGRP_MAX, 2563 xfrm_netlink_rcv, NULL, THIS_MODULE); 2564 if (nlsk == NULL) 2565 return -ENOMEM; 2566 rcu_assign_pointer(xfrm_nl, nlsk); 2567 2568 xfrm_register_km(&netlink_mgr); 2569 2570 return 0; 2571 } 2572 2573 static void __exit xfrm_user_exit(void) 2574 { 2575 struct sock *nlsk = xfrm_nl; 2576 2577 xfrm_unregister_km(&netlink_mgr); 2578 rcu_assign_pointer(xfrm_nl, NULL); 2579 synchronize_rcu(); 2580 sock_release(nlsk->sk_socket); 2581 } 2582 2583 module_init(xfrm_user_init); 2584 module_exit(xfrm_user_exit); 2585 MODULE_LICENSE("GPL"); 2586 MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_XFRM); 2587 2588