git://ftp.safe.ca / safe / jmp / linux-2.6 / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
warn: Turn the netdev timeout WARN_ON() into a WARN()
[safe/jmp/linux-2.6] / net / xfrm / xfrm_state.c
1 /*
2  * xfrm_state.c
3  *
4  * Changes:
5  *      Mitsuru KANDA @USAGI
6  *      Kazunori MIYAZAWA @USAGI
7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8  *              IPv6 support
9  *      YOSHIFUJI Hideaki @USAGI
10  *              Split up af-specific functions
11  *      Derek Atkins <derek@ihtfp.com>
12  *              Add UDP Encapsulation
13  *
14  */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <linux/cache.h>
22 #include <linux/audit.h>
23 #include <asm/uaccess.h>
24
25 #include "xfrm_hash.h"
26
27 struct sock *xfrm_nl;
28 EXPORT_SYMBOL(xfrm_nl);
29
30 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
31 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
33 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
34 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
36 u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
38 /* Each xfrm_state may be linked to two tables:
39
40    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
41    2. Hash table by (daddr,family,reqid) to find what SAs exist for given
42       destination/tunnel endpoint. (output)
43  */
44
45 static DEFINE_SPINLOCK(xfrm_state_lock);
46
47 /* Hash table to find appropriate SA towards given target (endpoint
48  * of tunnel or destination of transport mode) allowed by selector.
49  *
50  * Main use is finding SA after policy selected tunnel or transport mode.
51  * Also, it can be used by ah/esp icmp error handler to find offending SA.
52  */
53 static LIST_HEAD(xfrm_state_all);
54 static struct hlist_head *xfrm_state_bydst __read_mostly;
55 static struct hlist_head *xfrm_state_bysrc __read_mostly;
56 static struct hlist_head *xfrm_state_byspi __read_mostly;
57 static unsigned int xfrm_state_hmask __read_mostly;
58 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
59 static unsigned int xfrm_state_num;
60 static unsigned int xfrm_state_genid;
61
62 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
63 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
64
65 #ifdef CONFIG_AUDITSYSCALL
66 static void xfrm_audit_state_replay(struct xfrm_state *x,
67                                     struct sk_buff *skb, __be32 net_seq);
68 #else
69 #define xfrm_audit_state_replay(x, s, sq)       do { ; } while (0)
70 #endif /* CONFIG_AUDITSYSCALL */
71
72 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
73                                          xfrm_address_t *saddr,
74                                          u32 reqid,
75                                          unsigned short family)
76 {
77         return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
78 }
79
80 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
81                                          xfrm_address_t *saddr,
82                                          unsigned short family)
83 {
84         return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
85 }
86
87 static inline unsigned int
88 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
89 {
90         return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
91 }
92
93 static void xfrm_hash_transfer(struct hlist_head *list,
94                                struct hlist_head *ndsttable,
95                                struct hlist_head *nsrctable,
96                                struct hlist_head *nspitable,
97                                unsigned int nhashmask)
98 {
99         struct hlist_node *entry, *tmp;
100         struct xfrm_state *x;
101
102         hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
103                 unsigned int h;
104
105                 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
106                                     x->props.reqid, x->props.family,
107                                     nhashmask);
108                 hlist_add_head(&x->bydst, ndsttable+h);
109
110                 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
111                                     x->props.family,
112                                     nhashmask);
113                 hlist_add_head(&x->bysrc, nsrctable+h);
114
115                 if (x->id.spi) {
116                         h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
117                                             x->id.proto, x->props.family,
118                                             nhashmask);
119                         hlist_add_head(&x->byspi, nspitable+h);
120                 }
121         }
122 }
123
124 static unsigned long xfrm_hash_new_size(void)
125 {
126         return ((xfrm_state_hmask + 1) << 1) *
127                 sizeof(struct hlist_head);
128 }
129
130 static DEFINE_MUTEX(hash_resize_mutex);
131
132 static void xfrm_hash_resize(struct work_struct *__unused)
133 {
134         struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
135         unsigned long nsize, osize;
136         unsigned int nhashmask, ohashmask;
137         int i;
138
139         mutex_lock(&hash_resize_mutex);
140
141         nsize = xfrm_hash_new_size();
142         ndst = xfrm_hash_alloc(nsize);
143         if (!ndst)
144                 goto out_unlock;
145         nsrc = xfrm_hash_alloc(nsize);
146         if (!nsrc) {
147                 xfrm_hash_free(ndst, nsize);
148                 goto out_unlock;
149         }
150         nspi = xfrm_hash_alloc(nsize);
151         if (!nspi) {
152                 xfrm_hash_free(ndst, nsize);
153                 xfrm_hash_free(nsrc, nsize);
154                 goto out_unlock;
155         }
156
157         spin_lock_bh(&xfrm_state_lock);
158
159         nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
160         for (i = xfrm_state_hmask; i >= 0; i--)
161                 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
162                                    nhashmask);
163
164         odst = xfrm_state_bydst;
165         osrc = xfrm_state_bysrc;
166         ospi = xfrm_state_byspi;
167         ohashmask = xfrm_state_hmask;
168
169         xfrm_state_bydst = ndst;
170         xfrm_state_bysrc = nsrc;
171         xfrm_state_byspi = nspi;
172         xfrm_state_hmask = nhashmask;
173
174         spin_unlock_bh(&xfrm_state_lock);
175
176         osize = (ohashmask + 1) * sizeof(struct hlist_head);
177         xfrm_hash_free(odst, osize);
178         xfrm_hash_free(osrc, osize);
179         xfrm_hash_free(ospi, osize);
180
181 out_unlock:
182         mutex_unlock(&hash_resize_mutex);
183 }
184
185 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
186
187 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
188 EXPORT_SYMBOL(km_waitq);
189
190 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
191 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
192
193 static struct work_struct xfrm_state_gc_work;
194 static HLIST_HEAD(xfrm_state_gc_list);
195 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
196
197 int __xfrm_state_delete(struct xfrm_state *x);
198
199 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
200 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
201
202 static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
203 {
204         struct xfrm_state_afinfo *afinfo;
205         if (unlikely(family >= NPROTO))
206                 return NULL;
207         write_lock_bh(&xfrm_state_afinfo_lock);
208         afinfo = xfrm_state_afinfo[family];
209         if (unlikely(!afinfo))
210                 write_unlock_bh(&xfrm_state_afinfo_lock);
211         return afinfo;
212 }
213
214 static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
215         __releases(xfrm_state_afinfo_lock)
216 {
217         write_unlock_bh(&xfrm_state_afinfo_lock);
218 }
219
220 int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
221 {
222         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
223         const struct xfrm_type **typemap;
224         int err = 0;
225
226         if (unlikely(afinfo == NULL))
227                 return -EAFNOSUPPORT;
228         typemap = afinfo->type_map;
229
230         if (likely(typemap[type->proto] == NULL))
231                 typemap[type->proto] = type;
232         else
233                 err = -EEXIST;
234         xfrm_state_unlock_afinfo(afinfo);
235         return err;
236 }
237 EXPORT_SYMBOL(xfrm_register_type);
238
239 int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
240 {
241         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
242         const struct xfrm_type **typemap;
243         int err = 0;
244
245         if (unlikely(afinfo == NULL))
246                 return -EAFNOSUPPORT;
247         typemap = afinfo->type_map;
248
249         if (unlikely(typemap[type->proto] != type))
250                 err = -ENOENT;
251         else
252                 typemap[type->proto] = NULL;
253         xfrm_state_unlock_afinfo(afinfo);
254         return err;
255 }
256 EXPORT_SYMBOL(xfrm_unregister_type);
257
258 static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
259 {
260         struct xfrm_state_afinfo *afinfo;
261         const struct xfrm_type **typemap;
262         const struct xfrm_type *type;
263         int modload_attempted = 0;
264
265 retry:
266         afinfo = xfrm_state_get_afinfo(family);
267         if (unlikely(afinfo == NULL))
268                 return NULL;
269         typemap = afinfo->type_map;
270
271         type = typemap[proto];
272         if (unlikely(type && !try_module_get(type->owner)))
273                 type = NULL;
274         if (!type && !modload_attempted) {
275                 xfrm_state_put_afinfo(afinfo);
276                 request_module("xfrm-type-%d-%d", family, proto);
277                 modload_attempted = 1;
278                 goto retry;
279         }
280
281         xfrm_state_put_afinfo(afinfo);
282         return type;
283 }
284
285 static void xfrm_put_type(const struct xfrm_type *type)
286 {
287         module_put(type->owner);
288 }
289
290 int xfrm_register_mode(struct xfrm_mode *mode, int family)
291 {
292         struct xfrm_state_afinfo *afinfo;
293         struct xfrm_mode **modemap;
294         int err;
295
296         if (unlikely(mode->encap >= XFRM_MODE_MAX))
297                 return -EINVAL;
298
299         afinfo = xfrm_state_lock_afinfo(family);
300         if (unlikely(afinfo == NULL))
301                 return -EAFNOSUPPORT;
302
303         err = -EEXIST;
304         modemap = afinfo->mode_map;
305         if (modemap[mode->encap])
306                 goto out;
307
308         err = -ENOENT;
309         if (!try_module_get(afinfo->owner))
310                 goto out;
311
312         mode->afinfo = afinfo;
313         modemap[mode->encap] = mode;
314         err = 0;
315
316 out:
317         xfrm_state_unlock_afinfo(afinfo);
318         return err;
319 }
320 EXPORT_SYMBOL(xfrm_register_mode);
321
322 int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
323 {
324         struct xfrm_state_afinfo *afinfo;
325         struct xfrm_mode **modemap;
326         int err;
327
328         if (unlikely(mode->encap >= XFRM_MODE_MAX))
329                 return -EINVAL;
330
331         afinfo = xfrm_state_lock_afinfo(family);
332         if (unlikely(afinfo == NULL))
333                 return -EAFNOSUPPORT;
334
335         err = -ENOENT;
336         modemap = afinfo->mode_map;
337         if (likely(modemap[mode->encap] == mode)) {
338                 modemap[mode->encap] = NULL;
339                 module_put(mode->afinfo->owner);
340                 err = 0;
341         }
342
343         xfrm_state_unlock_afinfo(afinfo);
344         return err;
345 }
346 EXPORT_SYMBOL(xfrm_unregister_mode);
347
348 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
349 {
350         struct xfrm_state_afinfo *afinfo;
351         struct xfrm_mode *mode;
352         int modload_attempted = 0;
353
354         if (unlikely(encap >= XFRM_MODE_MAX))
355                 return NULL;
356
357 retry:
358         afinfo = xfrm_state_get_afinfo(family);
359         if (unlikely(afinfo == NULL))
360                 return NULL;
361
362         mode = afinfo->mode_map[encap];
363         if (unlikely(mode && !try_module_get(mode->owner)))
364                 mode = NULL;
365         if (!mode && !modload_attempted) {
366                 xfrm_state_put_afinfo(afinfo);
367                 request_module("xfrm-mode-%d-%d", family, encap);
368                 modload_attempted = 1;
369                 goto retry;
370         }
371
372         xfrm_state_put_afinfo(afinfo);
373         return mode;
374 }
375
376 static void xfrm_put_mode(struct xfrm_mode *mode)
377 {
378         module_put(mode->owner);
379 }
380
381 static void xfrm_state_gc_destroy(struct xfrm_state *x)
382 {
383         del_timer_sync(&x->timer);
384         del_timer_sync(&x->rtimer);
385         kfree(x->aalg);
386         kfree(x->ealg);
387         kfree(x->calg);
388         kfree(x->encap);
389         kfree(x->coaddr);
390         if (x->inner_mode)
391                 xfrm_put_mode(x->inner_mode);
392         if (x->inner_mode_iaf)
393                 xfrm_put_mode(x->inner_mode_iaf);
394         if (x->outer_mode)
395                 xfrm_put_mode(x->outer_mode);
396         if (x->type) {
397                 x->type->destructor(x);
398                 xfrm_put_type(x->type);
399         }
400         security_xfrm_state_free(x);
401         kfree(x);
402 }
403
404 static void xfrm_state_gc_task(struct work_struct *data)
405 {
406         struct xfrm_state *x;
407         struct hlist_node *entry, *tmp;
408         struct hlist_head gc_list;
409
410         spin_lock_bh(&xfrm_state_gc_lock);
411         gc_list.first = xfrm_state_gc_list.first;
412         INIT_HLIST_HEAD(&xfrm_state_gc_list);
413         spin_unlock_bh(&xfrm_state_gc_lock);
414
415         hlist_for_each_entry_safe(x, entry, tmp, &gc_list, bydst)
416                 xfrm_state_gc_destroy(x);
417
418         wake_up(&km_waitq);
419 }
420
421 static inline unsigned long make_jiffies(long secs)
422 {
423         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
424                 return MAX_SCHEDULE_TIMEOUT-1;
425         else
426                 return secs*HZ;
427 }
428
429 static void xfrm_timer_handler(unsigned long data)
430 {
431         struct xfrm_state *x = (struct xfrm_state*)data;
432         unsigned long now = get_seconds();
433         long next = LONG_MAX;
434         int warn = 0;
435         int err = 0;
436
437         spin_lock(&x->lock);
438         if (x->km.state == XFRM_STATE_DEAD)
439                 goto out;
440         if (x->km.state == XFRM_STATE_EXPIRED)
441                 goto expired;
442         if (x->lft.hard_add_expires_seconds) {
443                 long tmo = x->lft.hard_add_expires_seconds +
444                         x->curlft.add_time - now;
445                 if (tmo <= 0)
446                         goto expired;
447                 if (tmo < next)
448                         next = tmo;
449         }
450         if (x->lft.hard_use_expires_seconds) {
451                 long tmo = x->lft.hard_use_expires_seconds +
452                         (x->curlft.use_time ? : now) - now;
453                 if (tmo <= 0)
454                         goto expired;
455                 if (tmo < next)
456                         next = tmo;
457         }
458         if (x->km.dying)
459                 goto resched;
460         if (x->lft.soft_add_expires_seconds) {
461                 long tmo = x->lft.soft_add_expires_seconds +
462                         x->curlft.add_time - now;
463                 if (tmo <= 0)
464                         warn = 1;
465                 else if (tmo < next)
466                         next = tmo;
467         }
468         if (x->lft.soft_use_expires_seconds) {
469                 long tmo = x->lft.soft_use_expires_seconds +
470                         (x->curlft.use_time ? : now) - now;
471                 if (tmo <= 0)
472                         warn = 1;
473                 else if (tmo < next)
474                         next = tmo;
475         }
476
477         x->km.dying = warn;
478         if (warn)
479                 km_state_expired(x, 0, 0);
480 resched:
481         if (next != LONG_MAX)
482                 mod_timer(&x->timer, jiffies + make_jiffies(next));
483
484         goto out;
485
486 expired:
487         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
488                 x->km.state = XFRM_STATE_EXPIRED;
489                 wake_up(&km_waitq);
490                 next = 2;
491                 goto resched;
492         }
493
494         err = __xfrm_state_delete(x);
495         if (!err && x->id.spi)
496                 km_state_expired(x, 1, 0);
497
498         xfrm_audit_state_delete(x, err ? 0 : 1,
499                                 audit_get_loginuid(current),
500                                 audit_get_sessionid(current), 0);
501
502 out:
503         spin_unlock(&x->lock);
504 }
505
506 static void xfrm_replay_timer_handler(unsigned long data);
507
508 struct xfrm_state *xfrm_state_alloc(void)
509 {
510         struct xfrm_state *x;
511
512         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
513
514         if (x) {
515                 atomic_set(&x->refcnt, 1);
516                 atomic_set(&x->tunnel_users, 0);
517                 INIT_LIST_HEAD(&x->all);
518                 INIT_HLIST_NODE(&x->bydst);
519                 INIT_HLIST_NODE(&x->bysrc);
520                 INIT_HLIST_NODE(&x->byspi);
521                 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
522                 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
523                                 (unsigned long)x);
524                 x->curlft.add_time = get_seconds();
525                 x->lft.soft_byte_limit = XFRM_INF;
526                 x->lft.soft_packet_limit = XFRM_INF;
527                 x->lft.hard_byte_limit = XFRM_INF;
528                 x->lft.hard_packet_limit = XFRM_INF;
529                 x->replay_maxage = 0;
530                 x->replay_maxdiff = 0;
531                 x->inner_mode = NULL;
532                 x->inner_mode_iaf = NULL;
533                 spin_lock_init(&x->lock);
534         }
535         return x;
536 }
537 EXPORT_SYMBOL(xfrm_state_alloc);
538
539 void __xfrm_state_destroy(struct xfrm_state *x)
540 {
541         WARN_ON(x->km.state != XFRM_STATE_DEAD);
542
543         spin_lock_bh(&xfrm_state_lock);
544         list_del(&x->all);
545         spin_unlock_bh(&xfrm_state_lock);
546
547         spin_lock_bh(&xfrm_state_gc_lock);
548         hlist_add_head(&x->bydst, &xfrm_state_gc_list);
549         spin_unlock_bh(&xfrm_state_gc_lock);
550         schedule_work(&xfrm_state_gc_work);
551 }
552 EXPORT_SYMBOL(__xfrm_state_destroy);
553
554 int __xfrm_state_delete(struct xfrm_state *x)
555 {
556         int err = -ESRCH;
557
558         if (x->km.state != XFRM_STATE_DEAD) {
559                 x->km.state = XFRM_STATE_DEAD;
560                 spin_lock(&xfrm_state_lock);
561                 hlist_del(&x->bydst);
562                 hlist_del(&x->bysrc);
563                 if (x->id.spi)
564                         hlist_del(&x->byspi);
565                 xfrm_state_num--;
566                 spin_unlock(&xfrm_state_lock);
567
568                 /* All xfrm_state objects are created by xfrm_state_alloc.
569                  * The xfrm_state_alloc call gives a reference, and that
570                  * is what we are dropping here.
571                  */
572                 xfrm_state_put(x);
573                 err = 0;
574         }
575
576         return err;
577 }
578 EXPORT_SYMBOL(__xfrm_state_delete);
579
580 int xfrm_state_delete(struct xfrm_state *x)
581 {
582         int err;
583
584         spin_lock_bh(&x->lock);
585         err = __xfrm_state_delete(x);
586         spin_unlock_bh(&x->lock);
587
588         return err;
589 }
590 EXPORT_SYMBOL(xfrm_state_delete);
591
592 #ifdef CONFIG_SECURITY_NETWORK_XFRM
593 static inline int
594 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
595 {
596         int i, err = 0;
597
598         for (i = 0; i <= xfrm_state_hmask; i++) {
599                 struct hlist_node *entry;
600                 struct xfrm_state *x;
601
602                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
603                         if (xfrm_id_proto_match(x->id.proto, proto) &&
604                            (err = security_xfrm_state_delete(x)) != 0) {
605                                 xfrm_audit_state_delete(x, 0,
606                                                         audit_info->loginuid,
607                                                         audit_info->sessionid,
608                                                         audit_info->secid);
609                                 return err;
610                         }
611                 }
612         }
613
614         return err;
615 }
616 #else
617 static inline int
618 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
619 {
620         return 0;
621 }
622 #endif
623
624 int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
625 {
626         int i, err = 0;
627
628         spin_lock_bh(&xfrm_state_lock);
629         err = xfrm_state_flush_secctx_check(proto, audit_info);
630         if (err)
631                 goto out;
632
633         for (i = 0; i <= xfrm_state_hmask; i++) {
634                 struct hlist_node *entry;
635                 struct xfrm_state *x;
636 restart:
637                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
638                         if (!xfrm_state_kern(x) &&
639                             xfrm_id_proto_match(x->id.proto, proto)) {
640                                 xfrm_state_hold(x);
641                                 spin_unlock_bh(&xfrm_state_lock);
642
643                                 err = xfrm_state_delete(x);
644                                 xfrm_audit_state_delete(x, err ? 0 : 1,
645                                                         audit_info->loginuid,
646                                                         audit_info->sessionid,
647                                                         audit_info->secid);
648                                 xfrm_state_put(x);
649
650                                 spin_lock_bh(&xfrm_state_lock);
651                                 goto restart;
652                         }
653                 }
654         }
655         err = 0;
656
657 out:
658         spin_unlock_bh(&xfrm_state_lock);
659         wake_up(&km_waitq);
660         return err;
661 }
662 EXPORT_SYMBOL(xfrm_state_flush);
663
664 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
665 {
666         spin_lock_bh(&xfrm_state_lock);
667         si->sadcnt = xfrm_state_num;
668         si->sadhcnt = xfrm_state_hmask;
669         si->sadhmcnt = xfrm_state_hashmax;
670         spin_unlock_bh(&xfrm_state_lock);
671 }
672 EXPORT_SYMBOL(xfrm_sad_getinfo);
673
674 static int
675 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
676                   struct xfrm_tmpl *tmpl,
677                   xfrm_address_t *daddr, xfrm_address_t *saddr,
678                   unsigned short family)
679 {
680         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
681         if (!afinfo)
682                 return -1;
683         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
684         xfrm_state_put_afinfo(afinfo);
685         return 0;
686 }
687
688 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
689 {
690         unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
691         struct xfrm_state *x;
692         struct hlist_node *entry;
693
694         hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
695                 if (x->props.family != family ||
696                     x->id.spi       != spi ||
697                     x->id.proto     != proto)
698                         continue;
699
700                 switch (family) {
701                 case AF_INET:
702                         if (x->id.daddr.a4 != daddr->a4)
703                                 continue;
704                         break;
705                 case AF_INET6:
706                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
707                                              (struct in6_addr *)
708                                              x->id.daddr.a6))
709                                 continue;
710                         break;
711                 }
712
713                 xfrm_state_hold(x);
714                 return x;
715         }
716
717         return NULL;
718 }
719
720 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
721 {
722         unsigned int h = xfrm_src_hash(daddr, saddr, family);
723         struct xfrm_state *x;
724         struct hlist_node *entry;
725
726         hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
727                 if (x->props.family != family ||
728                     x->id.proto     != proto)
729                         continue;
730
731                 switch (family) {
732                 case AF_INET:
733                         if (x->id.daddr.a4 != daddr->a4 ||
734                             x->props.saddr.a4 != saddr->a4)
735                                 continue;
736                         break;
737                 case AF_INET6:
738                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
739                                              (struct in6_addr *)
740                                              x->id.daddr.a6) ||
741                             !ipv6_addr_equal((struct in6_addr *)saddr,
742                                              (struct in6_addr *)
743                                              x->props.saddr.a6))
744                                 continue;
745                         break;
746                 }
747
748                 xfrm_state_hold(x);
749                 return x;
750         }
751
752         return NULL;
753 }
754
755 static inline struct xfrm_state *
756 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
757 {
758         if (use_spi)
759                 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
760                                            x->id.proto, family);
761         else
762                 return __xfrm_state_lookup_byaddr(&x->id.daddr,
763                                                   &x->props.saddr,
764                                                   x->id.proto, family);
765 }
766
767 static void xfrm_hash_grow_check(int have_hash_collision)
768 {
769         if (have_hash_collision &&
770             (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
771             xfrm_state_num > xfrm_state_hmask)
772                 schedule_work(&xfrm_hash_work);
773 }
774
775 struct xfrm_state *
776 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
777                 struct flowi *fl, struct xfrm_tmpl *tmpl,
778                 struct xfrm_policy *pol, int *err,
779                 unsigned short family)
780 {
781         unsigned int h;
782         struct hlist_node *entry;
783         struct xfrm_state *x, *x0, *to_put;
784         int acquire_in_progress = 0;
785         int error = 0;
786         struct xfrm_state *best = NULL;
787
788         to_put = NULL;
789
790         spin_lock_bh(&xfrm_state_lock);
791         h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
792         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
793                 if (x->props.family == family &&
794                     x->props.reqid == tmpl->reqid &&
795                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
796                     xfrm_state_addr_check(x, daddr, saddr, family) &&
797                     tmpl->mode == x->props.mode &&
798                     tmpl->id.proto == x->id.proto &&
799                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
800                         /* Resolution logic:
801                            1. There is a valid state with matching selector.
802                               Done.
803                            2. Valid state with inappropriate selector. Skip.
804
805                            Entering area of "sysdeps".
806
807                            3. If state is not valid, selector is temporary,
808                               it selects only session which triggered
809                               previous resolution. Key manager will do
810                               something to install a state with proper
811                               selector.
812                          */
813                         if (x->km.state == XFRM_STATE_VALID) {
814                                 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
815                                     !security_xfrm_state_pol_flow_match(x, pol, fl))
816                                         continue;
817                                 if (!best ||
818                                     best->km.dying > x->km.dying ||
819                                     (best->km.dying == x->km.dying &&
820                                      best->curlft.add_time < x->curlft.add_time))
821                                         best = x;
822                         } else if (x->km.state == XFRM_STATE_ACQ) {
823                                 acquire_in_progress = 1;
824                         } else if (x->km.state == XFRM_STATE_ERROR ||
825                                    x->km.state == XFRM_STATE_EXPIRED) {
826                                 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
827                                     security_xfrm_state_pol_flow_match(x, pol, fl))
828                                         error = -ESRCH;
829                         }
830                 }
831         }
832
833         x = best;
834         if (!x && !error && !acquire_in_progress) {
835                 if (tmpl->id.spi &&
836                     (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
837                                               tmpl->id.proto, family)) != NULL) {
838                         to_put = x0;
839                         error = -EEXIST;
840                         goto out;
841                 }
842                 x = xfrm_state_alloc();
843                 if (x == NULL) {
844                         error = -ENOMEM;
845                         goto out;
846                 }
847                 /* Initialize temporary selector matching only
848                  * to current session. */
849                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
850
851                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
852                 if (error) {
853                         x->km.state = XFRM_STATE_DEAD;
854                         to_put = x;
855                         x = NULL;
856                         goto out;
857                 }
858
859                 if (km_query(x, tmpl, pol) == 0) {
860                         x->km.state = XFRM_STATE_ACQ;
861                         list_add_tail(&x->all, &xfrm_state_all);
862                         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
863                         h = xfrm_src_hash(daddr, saddr, family);
864                         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
865                         if (x->id.spi) {
866                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
867                                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
868                         }
869                         x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
870                         x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
871                         add_timer(&x->timer);
872                         xfrm_state_num++;
873                         xfrm_hash_grow_check(x->bydst.next != NULL);
874                 } else {
875                         x->km.state = XFRM_STATE_DEAD;
876                         to_put = x;
877                         x = NULL;
878                         error = -ESRCH;
879                 }
880         }
881 out:
882         if (x)
883                 xfrm_state_hold(x);
884         else
885                 *err = acquire_in_progress ? -EAGAIN : error;
886         spin_unlock_bh(&xfrm_state_lock);
887         if (to_put)
888                 xfrm_state_put(to_put);
889         return x;
890 }
891
892 struct xfrm_state *
893 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
894                     unsigned short family, u8 mode, u8 proto, u32 reqid)
895 {
896         unsigned int h;
897         struct xfrm_state *rx = NULL, *x = NULL;
898         struct hlist_node *entry;
899
900         spin_lock(&xfrm_state_lock);
901         h = xfrm_dst_hash(daddr, saddr, reqid, family);
902         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
903                 if (x->props.family == family &&
904                     x->props.reqid == reqid &&
905                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
906                     xfrm_state_addr_check(x, daddr, saddr, family) &&
907                     mode == x->props.mode &&
908                     proto == x->id.proto &&
909                     x->km.state == XFRM_STATE_VALID) {
910                         rx = x;
911                         break;
912                 }
913         }
914
915         if (rx)
916                 xfrm_state_hold(rx);
917         spin_unlock(&xfrm_state_lock);
918
919
920         return rx;
921 }
922 EXPORT_SYMBOL(xfrm_stateonly_find);
923
924 static void __xfrm_state_insert(struct xfrm_state *x)
925 {
926         unsigned int h;
927
928         x->genid = ++xfrm_state_genid;
929
930         list_add_tail(&x->all, &xfrm_state_all);
931
932         h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
933                           x->props.reqid, x->props.family);
934         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
935
936         h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
937         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
938
939         if (x->id.spi) {
940                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
941                                   x->props.family);
942
943                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
944         }
945
946         mod_timer(&x->timer, jiffies + HZ);
947         if (x->replay_maxage)
948                 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
949
950         wake_up(&km_waitq);
951
952         xfrm_state_num++;
953
954         xfrm_hash_grow_check(x->bydst.next != NULL);
955 }
956
957 /* xfrm_state_lock is held */
958 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
959 {
960         unsigned short family = xnew->props.family;
961         u32 reqid = xnew->props.reqid;
962         struct xfrm_state *x;
963         struct hlist_node *entry;
964         unsigned int h;
965
966         h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
967         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
968                 if (x->props.family     == family &&
969                     x->props.reqid      == reqid &&
970                     !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
971                     !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
972                         x->genid = xfrm_state_genid;
973         }
974 }
975
976 void xfrm_state_insert(struct xfrm_state *x)
977 {
978         spin_lock_bh(&xfrm_state_lock);
979         __xfrm_state_bump_genids(x);
980         __xfrm_state_insert(x);
981         spin_unlock_bh(&xfrm_state_lock);
982 }
983 EXPORT_SYMBOL(xfrm_state_insert);
984
985 /* xfrm_state_lock is held */
986 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
987 {
988         unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
989         struct hlist_node *entry;
990         struct xfrm_state *x;
991
992         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
993                 if (x->props.reqid  != reqid ||
994                     x->props.mode   != mode ||
995                     x->props.family != family ||
996                     x->km.state     != XFRM_STATE_ACQ ||
997                     x->id.spi       != 0 ||
998                     x->id.proto     != proto)
999                         continue;
1000
1001                 switch (family) {
1002                 case AF_INET:
1003                         if (x->id.daddr.a4    != daddr->a4 ||
1004                             x->props.saddr.a4 != saddr->a4)
1005                                 continue;
1006                         break;
1007                 case AF_INET6:
1008                         if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
1009                                              (struct in6_addr *)daddr) ||
1010                             !ipv6_addr_equal((struct in6_addr *)
1011                                              x->props.saddr.a6,
1012                                              (struct in6_addr *)saddr))
1013                                 continue;
1014                         break;
1015                 }
1016
1017                 xfrm_state_hold(x);
1018                 return x;
1019         }
1020
1021         if (!create)
1022                 return NULL;
1023
1024         x = xfrm_state_alloc();
1025         if (likely(x)) {
1026                 switch (family) {
1027                 case AF_INET:
1028                         x->sel.daddr.a4 = daddr->a4;
1029                         x->sel.saddr.a4 = saddr->a4;
1030                         x->sel.prefixlen_d = 32;
1031                         x->sel.prefixlen_s = 32;
1032                         x->props.saddr.a4 = saddr->a4;
1033                         x->id.daddr.a4 = daddr->a4;
1034                         break;
1035
1036                 case AF_INET6:
1037                         ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1038                                        (struct in6_addr *)daddr);
1039                         ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1040                                        (struct in6_addr *)saddr);
1041                         x->sel.prefixlen_d = 128;
1042                         x->sel.prefixlen_s = 128;
1043                         ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1044                                        (struct in6_addr *)saddr);
1045                         ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1046                                        (struct in6_addr *)daddr);
1047                         break;
1048                 }
1049
1050                 x->km.state = XFRM_STATE_ACQ;
1051                 x->id.proto = proto;
1052                 x->props.family = family;
1053                 x->props.mode = mode;
1054                 x->props.reqid = reqid;
1055                 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
1056                 xfrm_state_hold(x);
1057                 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1058                 add_timer(&x->timer);
1059                 list_add_tail(&x->all, &xfrm_state_all);
1060                 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
1061                 h = xfrm_src_hash(daddr, saddr, family);
1062                 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1063
1064                 xfrm_state_num++;
1065
1066                 xfrm_hash_grow_check(x->bydst.next != NULL);
1067         }
1068
1069         return x;
1070 }
1071
1072 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1073
1074 int xfrm_state_add(struct xfrm_state *x)
1075 {
1076         struct xfrm_state *x1, *to_put;
1077         int family;
1078         int err;
1079         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1080
1081         family = x->props.family;
1082
1083         to_put = NULL;
1084
1085         spin_lock_bh(&xfrm_state_lock);
1086
1087         x1 = __xfrm_state_locate(x, use_spi, family);
1088         if (x1) {
1089                 to_put = x1;
1090                 x1 = NULL;
1091                 err = -EEXIST;
1092                 goto out;
1093         }
1094
1095         if (use_spi && x->km.seq) {
1096                 x1 = __xfrm_find_acq_byseq(x->km.seq);
1097                 if (x1 && ((x1->id.proto != x->id.proto) ||
1098                     xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1099                         to_put = x1;
1100                         x1 = NULL;
1101                 }
1102         }
1103
1104         if (use_spi && !x1)
1105                 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1106                                      x->id.proto,
1107                                      &x->id.daddr, &x->props.saddr, 0);
1108
1109         __xfrm_state_bump_genids(x);
1110         __xfrm_state_insert(x);
1111         err = 0;
1112
1113 out:
1114         spin_unlock_bh(&xfrm_state_lock);
1115
1116         if (x1) {
1117                 xfrm_state_delete(x1);
1118                 xfrm_state_put(x1);
1119         }
1120
1121         if (to_put)
1122                 xfrm_state_put(to_put);
1123
1124         return err;
1125 }
1126 EXPORT_SYMBOL(xfrm_state_add);
1127
1128 #ifdef CONFIG_XFRM_MIGRATE
1129 static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1130 {
1131         int err = -ENOMEM;
1132         struct xfrm_state *x = xfrm_state_alloc();
1133         if (!x)
1134                 goto error;
1135
1136         memcpy(&x->id, &orig->id, sizeof(x->id));
1137         memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1138         memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1139         x->props.mode = orig->props.mode;
1140         x->props.replay_window = orig->props.replay_window;
1141         x->props.reqid = orig->props.reqid;
1142         x->props.family = orig->props.family;
1143         x->props.saddr = orig->props.saddr;
1144
1145         if (orig->aalg) {
1146                 x->aalg = xfrm_algo_clone(orig->aalg);
1147                 if (!x->aalg)
1148                         goto error;
1149         }
1150         x->props.aalgo = orig->props.aalgo;
1151
1152         if (orig->ealg) {
1153                 x->ealg = xfrm_algo_clone(orig->ealg);
1154                 if (!x->ealg)
1155                         goto error;
1156         }
1157         x->props.ealgo = orig->props.ealgo;
1158
1159         if (orig->calg) {
1160                 x->calg = xfrm_algo_clone(orig->calg);
1161                 if (!x->calg)
1162                         goto error;
1163         }
1164         x->props.calgo = orig->props.calgo;
1165
1166         if (orig->encap) {
1167                 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1168                 if (!x->encap)
1169                         goto error;
1170         }
1171
1172         if (orig->coaddr) {
1173                 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1174                                     GFP_KERNEL);
1175                 if (!x->coaddr)
1176                         goto error;
1177         }
1178
1179         err = xfrm_init_state(x);
1180         if (err)
1181                 goto error;
1182
1183         x->props.flags = orig->props.flags;
1184
1185         x->curlft.add_time = orig->curlft.add_time;
1186         x->km.state = orig->km.state;
1187         x->km.seq = orig->km.seq;
1188
1189         return x;
1190
1191  error:
1192         if (errp)
1193                 *errp = err;
1194         if (x) {
1195                 kfree(x->aalg);
1196                 kfree(x->ealg);
1197                 kfree(x->calg);
1198                 kfree(x->encap);
1199                 kfree(x->coaddr);
1200         }
1201         kfree(x);
1202         return NULL;
1203 }
1204
1205 /* xfrm_state_lock is held */
1206 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1207 {
1208         unsigned int h;
1209         struct xfrm_state *x;
1210         struct hlist_node *entry;
1211
1212         if (m->reqid) {
1213                 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1214                                   m->reqid, m->old_family);
1215                 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1216                         if (x->props.mode != m->mode ||
1217                             x->id.proto != m->proto)
1218                                 continue;
1219                         if (m->reqid && x->props.reqid != m->reqid)
1220                                 continue;
1221                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1222                                           m->old_family) ||
1223                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1224                                           m->old_family))
1225                                 continue;
1226                         xfrm_state_hold(x);
1227                         return x;
1228                 }
1229         } else {
1230                 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1231                                   m->old_family);
1232                 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
1233                         if (x->props.mode != m->mode ||
1234                             x->id.proto != m->proto)
1235                                 continue;
1236                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1237                                           m->old_family) ||
1238                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1239                                           m->old_family))
1240                                 continue;
1241                         xfrm_state_hold(x);
1242                         return x;
1243                 }
1244         }
1245
1246         return NULL;
1247 }
1248 EXPORT_SYMBOL(xfrm_migrate_state_find);
1249
1250 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1251                                        struct xfrm_migrate *m)
1252 {
1253         struct xfrm_state *xc;
1254         int err;
1255
1256         xc = xfrm_state_clone(x, &err);
1257         if (!xc)
1258                 return NULL;
1259
1260         memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1261         memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1262
1263         /* add state */
1264         if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1265                 /* a care is needed when the destination address of the
1266                    state is to be updated as it is a part of triplet */
1267                 xfrm_state_insert(xc);
1268         } else {
1269                 if ((err = xfrm_state_add(xc)) < 0)
1270                         goto error;
1271         }
1272
1273         return xc;
1274 error:
1275         kfree(xc);
1276         return NULL;
1277 }
1278 EXPORT_SYMBOL(xfrm_state_migrate);
1279 #endif
1280
1281 int xfrm_state_update(struct xfrm_state *x)
1282 {
1283         struct xfrm_state *x1, *to_put;
1284         int err;
1285         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1286
1287         to_put = NULL;
1288
1289         spin_lock_bh(&xfrm_state_lock);
1290         x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1291
1292         err = -ESRCH;
1293         if (!x1)
1294                 goto out;
1295
1296         if (xfrm_state_kern(x1)) {
1297                 to_put = x1;
1298                 err = -EEXIST;
1299                 goto out;
1300         }
1301
1302         if (x1->km.state == XFRM_STATE_ACQ) {
1303                 __xfrm_state_insert(x);
1304                 x = NULL;
1305         }
1306         err = 0;
1307
1308 out:
1309         spin_unlock_bh(&xfrm_state_lock);
1310
1311         if (to_put)
1312                 xfrm_state_put(to_put);
1313
1314         if (err)
1315                 return err;
1316
1317         if (!x) {
1318                 xfrm_state_delete(x1);
1319                 xfrm_state_put(x1);
1320                 return 0;
1321         }
1322
1323         err = -EINVAL;
1324         spin_lock_bh(&x1->lock);
1325         if (likely(x1->km.state == XFRM_STATE_VALID)) {
1326                 if (x->encap && x1->encap)
1327                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1328                 if (x->coaddr && x1->coaddr) {
1329                         memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1330                 }
1331                 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1332                         memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1333                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1334                 x1->km.dying = 0;
1335
1336                 mod_timer(&x1->timer, jiffies + HZ);
1337                 if (x1->curlft.use_time)
1338                         xfrm_state_check_expire(x1);
1339
1340                 err = 0;
1341         }
1342         spin_unlock_bh(&x1->lock);
1343
1344         xfrm_state_put(x1);
1345
1346         return err;
1347 }
1348 EXPORT_SYMBOL(xfrm_state_update);
1349
1350 int xfrm_state_check_expire(struct xfrm_state *x)
1351 {
1352         if (!x->curlft.use_time)
1353                 x->curlft.use_time = get_seconds();
1354
1355         if (x->km.state != XFRM_STATE_VALID)
1356                 return -EINVAL;
1357
1358         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1359             x->curlft.packets >= x->lft.hard_packet_limit) {
1360                 x->km.state = XFRM_STATE_EXPIRED;
1361                 mod_timer(&x->timer, jiffies);
1362                 return -EINVAL;
1363         }
1364
1365         if (!x->km.dying &&
1366             (x->curlft.bytes >= x->lft.soft_byte_limit ||
1367              x->curlft.packets >= x->lft.soft_packet_limit)) {
1368                 x->km.dying = 1;
1369                 km_state_expired(x, 0, 0);
1370         }
1371         return 0;
1372 }
1373 EXPORT_SYMBOL(xfrm_state_check_expire);
1374
1375 struct xfrm_state *
1376 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1377                   unsigned short family)
1378 {
1379         struct xfrm_state *x;
1380
1381         spin_lock_bh(&xfrm_state_lock);
1382         x = __xfrm_state_lookup(daddr, spi, proto, family);
1383         spin_unlock_bh(&xfrm_state_lock);
1384         return x;
1385 }
1386 EXPORT_SYMBOL(xfrm_state_lookup);
1387
1388 struct xfrm_state *
1389 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1390                          u8 proto, unsigned short family)
1391 {
1392         struct xfrm_state *x;
1393
1394         spin_lock_bh(&xfrm_state_lock);
1395         x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
1396         spin_unlock_bh(&xfrm_state_lock);
1397         return x;
1398 }
1399 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1400
1401 struct xfrm_state *
1402 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1403               xfrm_address_t *daddr, xfrm_address_t *saddr,
1404               int create, unsigned short family)
1405 {
1406         struct xfrm_state *x;
1407
1408         spin_lock_bh(&xfrm_state_lock);
1409         x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1410         spin_unlock_bh(&xfrm_state_lock);
1411
1412         return x;
1413 }
1414 EXPORT_SYMBOL(xfrm_find_acq);
1415
1416 #ifdef CONFIG_XFRM_SUB_POLICY
1417 int
1418 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1419                unsigned short family)
1420 {
1421         int err = 0;
1422         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1423         if (!afinfo)
1424                 return -EAFNOSUPPORT;
1425
1426         spin_lock_bh(&xfrm_state_lock);
1427         if (afinfo->tmpl_sort)
1428                 err = afinfo->tmpl_sort(dst, src, n);
1429         spin_unlock_bh(&xfrm_state_lock);
1430         xfrm_state_put_afinfo(afinfo);
1431         return err;
1432 }
1433 EXPORT_SYMBOL(xfrm_tmpl_sort);
1434
1435 int
1436 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1437                 unsigned short family)
1438 {
1439         int err = 0;
1440         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1441         if (!afinfo)
1442                 return -EAFNOSUPPORT;
1443
1444         spin_lock_bh(&xfrm_state_lock);
1445         if (afinfo->state_sort)
1446                 err = afinfo->state_sort(dst, src, n);
1447         spin_unlock_bh(&xfrm_state_lock);
1448         xfrm_state_put_afinfo(afinfo);
1449         return err;
1450 }
1451 EXPORT_SYMBOL(xfrm_state_sort);
1452 #endif
1453
1454 /* Silly enough, but I'm lazy to build resolution list */
1455
1456 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1457 {
1458         int i;
1459
1460         for (i = 0; i <= xfrm_state_hmask; i++) {
1461                 struct hlist_node *entry;
1462                 struct xfrm_state *x;
1463
1464                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1465                         if (x->km.seq == seq &&
1466                             x->km.state == XFRM_STATE_ACQ) {
1467                                 xfrm_state_hold(x);
1468                                 return x;
1469                         }
1470                 }
1471         }
1472         return NULL;
1473 }
1474
1475 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1476 {
1477         struct xfrm_state *x;
1478
1479         spin_lock_bh(&xfrm_state_lock);
1480         x = __xfrm_find_acq_byseq(seq);
1481         spin_unlock_bh(&xfrm_state_lock);
1482         return x;
1483 }
1484 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1485
1486 u32 xfrm_get_acqseq(void)
1487 {
1488         u32 res;
1489         static u32 acqseq;
1490         static DEFINE_SPINLOCK(acqseq_lock);
1491
1492         spin_lock_bh(&acqseq_lock);
1493         res = (++acqseq ? : ++acqseq);
1494         spin_unlock_bh(&acqseq_lock);
1495         return res;
1496 }
1497 EXPORT_SYMBOL(xfrm_get_acqseq);
1498
1499 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1500 {
1501         unsigned int h;
1502         struct xfrm_state *x0;
1503         int err = -ENOENT;
1504         __be32 minspi = htonl(low);
1505         __be32 maxspi = htonl(high);
1506
1507         spin_lock_bh(&x->lock);
1508         if (x->km.state == XFRM_STATE_DEAD)
1509                 goto unlock;
1510
1511         err = 0;
1512         if (x->id.spi)
1513                 goto unlock;
1514
1515         err = -ENOENT;
1516
1517         if (minspi == maxspi) {
1518                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1519                 if (x0) {
1520                         xfrm_state_put(x0);
1521                         goto unlock;
1522                 }
1523                 x->id.spi = minspi;
1524         } else {
1525                 u32 spi = 0;
1526                 for (h=0; h<high-low+1; h++) {
1527                         spi = low + net_random()%(high-low+1);
1528                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1529                         if (x0 == NULL) {
1530                                 x->id.spi = htonl(spi);
1531                                 break;
1532                         }
1533                         xfrm_state_put(x0);
1534                 }
1535         }
1536         if (x->id.spi) {
1537                 spin_lock_bh(&xfrm_state_lock);
1538                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1539                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1540                 spin_unlock_bh(&xfrm_state_lock);
1541
1542                 err = 0;
1543         }
1544
1545 unlock:
1546         spin_unlock_bh(&x->lock);
1547
1548         return err;
1549 }
1550 EXPORT_SYMBOL(xfrm_alloc_spi);
1551
1552 int xfrm_state_walk(struct xfrm_state_walk *walk,
1553                     int (*func)(struct xfrm_state *, int, void*),
1554                     void *data)
1555 {
1556         struct xfrm_state *old, *x, *last = NULL;
1557         int err = 0;
1558
1559         if (walk->state == NULL && walk->count != 0)
1560                 return 0;
1561
1562         old = x = walk->state;
1563         walk->state = NULL;
1564         spin_lock_bh(&xfrm_state_lock);
1565         if (x == NULL)
1566                 x = list_first_entry(&xfrm_state_all, struct xfrm_state, all);
1567         list_for_each_entry_from(x, &xfrm_state_all, all) {
1568                 if (x->km.state == XFRM_STATE_DEAD)
1569                         continue;
1570                 if (!xfrm_id_proto_match(x->id.proto, walk->proto))
1571                         continue;
1572                 if (last) {
1573                         err = func(last, walk->count, data);
1574                         if (err) {
1575                                 xfrm_state_hold(last);
1576                                 walk->state = last;
1577                                 goto out;
1578                         }
1579                 }
1580                 last = x;
1581                 walk->count++;
1582         }
1583         if (walk->count == 0) {
1584                 err = -ENOENT;
1585                 goto out;
1586         }
1587         if (last)
1588                 err = func(last, 0, data);
1589 out:
1590         spin_unlock_bh(&xfrm_state_lock);
1591         if (old != NULL)
1592                 xfrm_state_put(old);
1593         return err;
1594 }
1595 EXPORT_SYMBOL(xfrm_state_walk);
1596
1597
1598 void xfrm_replay_notify(struct xfrm_state *x, int event)
1599 {
1600         struct km_event c;
1601         /* we send notify messages in case
1602          *  1. we updated on of the sequence numbers, and the seqno difference
1603          *     is at least x->replay_maxdiff, in this case we also update the
1604          *     timeout of our timer function
1605          *  2. if x->replay_maxage has elapsed since last update,
1606          *     and there were changes
1607          *
1608          *  The state structure must be locked!
1609          */
1610
1611         switch (event) {
1612         case XFRM_REPLAY_UPDATE:
1613                 if (x->replay_maxdiff &&
1614                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1615                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1616                         if (x->xflags & XFRM_TIME_DEFER)
1617                                 event = XFRM_REPLAY_TIMEOUT;
1618                         else
1619                                 return;
1620                 }
1621
1622                 break;
1623
1624         case XFRM_REPLAY_TIMEOUT:
1625                 if ((x->replay.seq == x->preplay.seq) &&
1626                     (x->replay.bitmap == x->preplay.bitmap) &&
1627                     (x->replay.oseq == x->preplay.oseq)) {
1628                         x->xflags |= XFRM_TIME_DEFER;
1629                         return;
1630                 }
1631
1632                 break;
1633         }
1634
1635         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1636         c.event = XFRM_MSG_NEWAE;
1637         c.data.aevent = event;
1638         km_state_notify(x, &c);
1639
1640         if (x->replay_maxage &&
1641             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1642                 x->xflags &= ~XFRM_TIME_DEFER;
1643 }
1644
1645 static void xfrm_replay_timer_handler(unsigned long data)
1646 {
1647         struct xfrm_state *x = (struct xfrm_state*)data;
1648
1649         spin_lock(&x->lock);
1650
1651         if (x->km.state == XFRM_STATE_VALID) {
1652                 if (xfrm_aevent_is_on())
1653                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1654                 else
1655                         x->xflags |= XFRM_TIME_DEFER;
1656         }
1657
1658         spin_unlock(&x->lock);
1659 }
1660
1661 int xfrm_replay_check(struct xfrm_state *x,
1662                       struct sk_buff *skb, __be32 net_seq)
1663 {
1664         u32 diff;
1665         u32 seq = ntohl(net_seq);
1666
1667         if (unlikely(seq == 0))
1668                 goto err;
1669
1670         if (likely(seq > x->replay.seq))
1671                 return 0;
1672
1673         diff = x->replay.seq - seq;
1674         if (diff >= min_t(unsigned int, x->props.replay_window,
1675                           sizeof(x->replay.bitmap) * 8)) {
1676                 x->stats.replay_window++;
1677                 goto err;
1678         }
1679
1680         if (x->replay.bitmap & (1U << diff)) {
1681                 x->stats.replay++;
1682                 goto err;
1683         }
1684         return 0;
1685
1686 err:
1687         xfrm_audit_state_replay(x, skb, net_seq);
1688         return -EINVAL;
1689 }
1690
1691 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1692 {
1693         u32 diff;
1694         u32 seq = ntohl(net_seq);
1695
1696         if (seq > x->replay.seq) {
1697                 diff = seq - x->replay.seq;
1698                 if (diff < x->props.replay_window)
1699                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1700                 else
1701                         x->replay.bitmap = 1;
1702                 x->replay.seq = seq;
1703         } else {
1704                 diff = x->replay.seq - seq;
1705                 x->replay.bitmap |= (1U << diff);
1706         }
1707
1708         if (xfrm_aevent_is_on())
1709                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1710 }
1711
1712 static LIST_HEAD(xfrm_km_list);
1713 static DEFINE_RWLOCK(xfrm_km_lock);
1714
1715 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1716 {
1717         struct xfrm_mgr *km;
1718
1719         read_lock(&xfrm_km_lock);
1720         list_for_each_entry(km, &xfrm_km_list, list)
1721                 if (km->notify_policy)
1722                         km->notify_policy(xp, dir, c);
1723         read_unlock(&xfrm_km_lock);
1724 }
1725
1726 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1727 {
1728         struct xfrm_mgr *km;
1729         read_lock(&xfrm_km_lock);
1730         list_for_each_entry(km, &xfrm_km_list, list)
1731                 if (km->notify)
1732                         km->notify(x, c);
1733         read_unlock(&xfrm_km_lock);
1734 }
1735
1736 EXPORT_SYMBOL(km_policy_notify);
1737 EXPORT_SYMBOL(km_state_notify);
1738
1739 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1740 {
1741         struct km_event c;
1742
1743         c.data.hard = hard;
1744         c.pid = pid;
1745         c.event = XFRM_MSG_EXPIRE;
1746         km_state_notify(x, &c);
1747
1748         if (hard)
1749                 wake_up(&km_waitq);
1750 }
1751
1752 EXPORT_SYMBOL(km_state_expired);
1753 /*
1754  * We send to all registered managers regardless of failure
1755  * We are happy with one success
1756 */
1757 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1758 {
1759         int err = -EINVAL, acqret;
1760         struct xfrm_mgr *km;
1761
1762         read_lock(&xfrm_km_lock);
1763         list_for_each_entry(km, &xfrm_km_list, list) {
1764                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1765                 if (!acqret)
1766                         err = acqret;
1767         }
1768         read_unlock(&xfrm_km_lock);
1769         return err;
1770 }
1771 EXPORT_SYMBOL(km_query);
1772
1773 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1774 {
1775         int err = -EINVAL;
1776         struct xfrm_mgr *km;
1777
1778         read_lock(&xfrm_km_lock);
1779         list_for_each_entry(km, &xfrm_km_list, list) {
1780                 if (km->new_mapping)
1781                         err = km->new_mapping(x, ipaddr, sport);
1782                 if (!err)
1783                         break;
1784         }
1785         read_unlock(&xfrm_km_lock);
1786         return err;
1787 }
1788 EXPORT_SYMBOL(km_new_mapping);
1789
1790 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1791 {
1792         struct km_event c;
1793
1794         c.data.hard = hard;
1795         c.pid = pid;
1796         c.event = XFRM_MSG_POLEXPIRE;
1797         km_policy_notify(pol, dir, &c);
1798
1799         if (hard)
1800                 wake_up(&km_waitq);
1801 }
1802 EXPORT_SYMBOL(km_policy_expired);
1803
1804 #ifdef CONFIG_XFRM_MIGRATE
1805 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1806                struct xfrm_migrate *m, int num_migrate)
1807 {
1808         int err = -EINVAL;
1809         int ret;
1810         struct xfrm_mgr *km;
1811
1812         read_lock(&xfrm_km_lock);
1813         list_for_each_entry(km, &xfrm_km_list, list) {
1814                 if (km->migrate) {
1815                         ret = km->migrate(sel, dir, type, m, num_migrate);
1816                         if (!ret)
1817                                 err = ret;
1818                 }
1819         }
1820         read_unlock(&xfrm_km_lock);
1821         return err;
1822 }
1823 EXPORT_SYMBOL(km_migrate);
1824 #endif
1825
1826 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1827 {
1828         int err = -EINVAL;
1829         int ret;
1830         struct xfrm_mgr *km;
1831
1832         read_lock(&xfrm_km_lock);
1833         list_for_each_entry(km, &xfrm_km_list, list) {
1834                 if (km->report) {
1835                         ret = km->report(proto, sel, addr);
1836                         if (!ret)
1837                                 err = ret;
1838                 }
1839         }
1840         read_unlock(&xfrm_km_lock);
1841         return err;
1842 }
1843 EXPORT_SYMBOL(km_report);
1844
1845 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1846 {
1847         int err;
1848         u8 *data;
1849         struct xfrm_mgr *km;
1850         struct xfrm_policy *pol = NULL;
1851
1852         if (optlen <= 0 || optlen > PAGE_SIZE)
1853                 return -EMSGSIZE;
1854
1855         data = kmalloc(optlen, GFP_KERNEL);
1856         if (!data)
1857                 return -ENOMEM;
1858
1859         err = -EFAULT;
1860         if (copy_from_user(data, optval, optlen))
1861                 goto out;
1862
1863         err = -EINVAL;
1864         read_lock(&xfrm_km_lock);
1865         list_for_each_entry(km, &xfrm_km_list, list) {
1866                 pol = km->compile_policy(sk, optname, data,
1867                                          optlen, &err);
1868                 if (err >= 0)
1869                         break;
1870         }
1871         read_unlock(&xfrm_km_lock);
1872
1873         if (err >= 0) {
1874                 xfrm_sk_policy_insert(sk, err, pol);
1875                 xfrm_pol_put(pol);
1876                 err = 0;
1877         }
1878
1879 out:
1880         kfree(data);
1881         return err;
1882 }
1883 EXPORT_SYMBOL(xfrm_user_policy);
1884
1885 int xfrm_register_km(struct xfrm_mgr *km)
1886 {
1887         write_lock_bh(&xfrm_km_lock);
1888         list_add_tail(&km->list, &xfrm_km_list);
1889         write_unlock_bh(&xfrm_km_lock);
1890         return 0;
1891 }
1892 EXPORT_SYMBOL(xfrm_register_km);
1893
1894 int xfrm_unregister_km(struct xfrm_mgr *km)
1895 {
1896         write_lock_bh(&xfrm_km_lock);
1897         list_del(&km->list);
1898         write_unlock_bh(&xfrm_km_lock);
1899         return 0;
1900 }
1901 EXPORT_SYMBOL(xfrm_unregister_km);
1902
1903 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1904 {
1905         int err = 0;
1906         if (unlikely(afinfo == NULL))
1907                 return -EINVAL;
1908         if (unlikely(afinfo->family >= NPROTO))
1909                 return -EAFNOSUPPORT;
1910         write_lock_bh(&xfrm_state_afinfo_lock);
1911         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1912                 err = -ENOBUFS;
1913         else
1914                 xfrm_state_afinfo[afinfo->family] = afinfo;
1915         write_unlock_bh(&xfrm_state_afinfo_lock);
1916         return err;
1917 }
1918 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1919
1920 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1921 {
1922         int err = 0;
1923         if (unlikely(afinfo == NULL))
1924                 return -EINVAL;
1925         if (unlikely(afinfo->family >= NPROTO))
1926                 return -EAFNOSUPPORT;
1927         write_lock_bh(&xfrm_state_afinfo_lock);
1928         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1929                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1930                         err = -EINVAL;
1931                 else
1932                         xfrm_state_afinfo[afinfo->family] = NULL;
1933         }
1934         write_unlock_bh(&xfrm_state_afinfo_lock);
1935         return err;
1936 }
1937 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1938
1939 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1940 {
1941         struct xfrm_state_afinfo *afinfo;
1942         if (unlikely(family >= NPROTO))
1943                 return NULL;
1944         read_lock(&xfrm_state_afinfo_lock);
1945         afinfo = xfrm_state_afinfo[family];
1946         if (unlikely(!afinfo))
1947                 read_unlock(&xfrm_state_afinfo_lock);
1948         return afinfo;
1949 }
1950
1951 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1952         __releases(xfrm_state_afinfo_lock)
1953 {
1954         read_unlock(&xfrm_state_afinfo_lock);
1955 }
1956
1957 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1958 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1959 {
1960         if (x->tunnel) {
1961                 struct xfrm_state *t = x->tunnel;
1962
1963                 if (atomic_read(&t->tunnel_users) == 2)
1964                         xfrm_state_delete(t);
1965                 atomic_dec(&t->tunnel_users);
1966                 xfrm_state_put(t);
1967                 x->tunnel = NULL;
1968         }
1969 }
1970 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1971
1972 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1973 {
1974         int res;
1975
1976         spin_lock_bh(&x->lock);
1977         if (x->km.state == XFRM_STATE_VALID &&
1978             x->type && x->type->get_mtu)
1979                 res = x->type->get_mtu(x, mtu);
1980         else
1981                 res = mtu - x->props.header_len;
1982         spin_unlock_bh(&x->lock);
1983         return res;
1984 }
1985
1986 int xfrm_init_state(struct xfrm_state *x)
1987 {
1988         struct xfrm_state_afinfo *afinfo;
1989         struct xfrm_mode *inner_mode;
1990         int family = x->props.family;
1991         int err;
1992
1993         err = -EAFNOSUPPORT;
1994         afinfo = xfrm_state_get_afinfo(family);
1995         if (!afinfo)
1996                 goto error;
1997
1998         err = 0;
1999         if (afinfo->init_flags)
2000                 err = afinfo->init_flags(x);
2001
2002         xfrm_state_put_afinfo(afinfo);
2003
2004         if (err)
2005                 goto error;
2006
2007         err = -EPROTONOSUPPORT;
2008
2009         if (x->sel.family != AF_UNSPEC) {
2010                 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2011                 if (inner_mode == NULL)
2012                         goto error;
2013
2014                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2015                     family != x->sel.family) {
2016                         xfrm_put_mode(inner_mode);
2017                         goto error;
2018                 }
2019
2020                 x->inner_mode = inner_mode;
2021         } else {
2022                 struct xfrm_mode *inner_mode_iaf;
2023
2024                 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2025                 if (inner_mode == NULL)
2026                         goto error;
2027
2028                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2029                         xfrm_put_mode(inner_mode);
2030                         goto error;
2031                 }
2032
2033                 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2034                 if (inner_mode_iaf == NULL)
2035                         goto error;
2036
2037                 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2038                         xfrm_put_mode(inner_mode_iaf);
2039                         goto error;
2040                 }
2041
2042                 if (x->props.family == AF_INET) {
2043                         x->inner_mode = inner_mode;
2044                         x->inner_mode_iaf = inner_mode_iaf;
2045                 } else {
2046                         x->inner_mode = inner_mode_iaf;
2047                         x->inner_mode_iaf = inner_mode;
2048                 }
2049         }
2050
2051         x->type = xfrm_get_type(x->id.proto, family);
2052         if (x->type == NULL)
2053                 goto error;
2054
2055         err = x->type->init_state(x);
2056         if (err)
2057                 goto error;
2058
2059         x->outer_mode = xfrm_get_mode(x->props.mode, family);
2060         if (x->outer_mode == NULL)
2061                 goto error;
2062
2063         x->km.state = XFRM_STATE_VALID;
2064
2065 error:
2066         return err;
2067 }
2068
2069 EXPORT_SYMBOL(xfrm_init_state);
2070
2071 void __init xfrm_state_init(void)
2072 {
2073         unsigned int sz;
2074
2075         sz = sizeof(struct hlist_head) * 8;
2076
2077         xfrm_state_bydst = xfrm_hash_alloc(sz);
2078         xfrm_state_bysrc = xfrm_hash_alloc(sz);
2079         xfrm_state_byspi = xfrm_hash_alloc(sz);
2080         if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
2081                 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
2082         xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2083
2084         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
2085 }
2086
2087 #ifdef CONFIG_AUDITSYSCALL
2088 static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2089                                      struct audit_buffer *audit_buf)
2090 {
2091         struct xfrm_sec_ctx *ctx = x->security;
2092         u32 spi = ntohl(x->id.spi);
2093
2094         if (ctx)
2095                 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2096                                  ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2097
2098         switch(x->props.family) {
2099         case AF_INET:
2100                 audit_log_format(audit_buf,
2101                                  " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2102                                  NIPQUAD(x->props.saddr.a4),
2103                                  NIPQUAD(x->id.daddr.a4));
2104                 break;
2105         case AF_INET6:
2106                 audit_log_format(audit_buf,
2107                                  " src=" NIP6_FMT " dst=" NIP6_FMT,
2108                                  NIP6(*(struct in6_addr *)x->props.saddr.a6),
2109                                  NIP6(*(struct in6_addr *)x->id.daddr.a6));
2110                 break;
2111         }
2112
2113         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2114 }
2115
2116 static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2117                                       struct audit_buffer *audit_buf)
2118 {
2119         struct iphdr *iph4;
2120         struct ipv6hdr *iph6;
2121
2122         switch (family) {
2123         case AF_INET:
2124                 iph4 = ip_hdr(skb);
2125                 audit_log_format(audit_buf,
2126                                  " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2127                                  NIPQUAD(iph4->saddr),
2128                                  NIPQUAD(iph4->daddr));
2129                 break;
2130         case AF_INET6:
2131                 iph6 = ipv6_hdr(skb);
2132                 audit_log_format(audit_buf,
2133                                  " src=" NIP6_FMT " dst=" NIP6_FMT
2134                                  " flowlbl=0x%x%02x%02x",
2135                                  NIP6(iph6->saddr),
2136                                  NIP6(iph6->daddr),
2137                                  iph6->flow_lbl[0] & 0x0f,
2138                                  iph6->flow_lbl[1],
2139                                  iph6->flow_lbl[2]);
2140                 break;
2141         }
2142 }
2143
2144 void xfrm_audit_state_add(struct xfrm_state *x, int result,
2145                           uid_t auid, u32 sessionid, u32 secid)
2146 {
2147         struct audit_buffer *audit_buf;
2148
2149         audit_buf = xfrm_audit_start("SAD-add");
2150         if (audit_buf == NULL)
2151                 return;
2152         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2153         xfrm_audit_helper_sainfo(x, audit_buf);
2154         audit_log_format(audit_buf, " res=%u", result);
2155         audit_log_end(audit_buf);
2156 }
2157 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2158
2159 void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2160                              uid_t auid, u32 sessionid, u32 secid)
2161 {
2162         struct audit_buffer *audit_buf;
2163
2164         audit_buf = xfrm_audit_start("SAD-delete");
2165         if (audit_buf == NULL)
2166                 return;
2167         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2168         xfrm_audit_helper_sainfo(x, audit_buf);
2169         audit_log_format(audit_buf, " res=%u", result);
2170         audit_log_end(audit_buf);
2171 }
2172 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2173
2174 void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2175                                       struct sk_buff *skb)
2176 {
2177         struct audit_buffer *audit_buf;
2178         u32 spi;
2179
2180         audit_buf = xfrm_audit_start("SA-replay-overflow");
2181         if (audit_buf == NULL)
2182                 return;
2183         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2184         /* don't record the sequence number because it's inherent in this kind
2185          * of audit message */
2186         spi = ntohl(x->id.spi);
2187         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2188         audit_log_end(audit_buf);
2189 }
2190 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2191
2192 static void xfrm_audit_state_replay(struct xfrm_state *x,
2193                              struct sk_buff *skb, __be32 net_seq)
2194 {
2195         struct audit_buffer *audit_buf;
2196         u32 spi;
2197
2198         audit_buf = xfrm_audit_start("SA-replayed-pkt");
2199         if (audit_buf == NULL)
2200                 return;
2201         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2202         spi = ntohl(x->id.spi);
2203         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2204                          spi, spi, ntohl(net_seq));
2205         audit_log_end(audit_buf);
2206 }
2207
2208 void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2209 {
2210         struct audit_buffer *audit_buf;
2211
2212         audit_buf = xfrm_audit_start("SA-notfound");
2213         if (audit_buf == NULL)
2214                 return;
2215         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2216         audit_log_end(audit_buf);
2217 }
2218 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2219
2220 void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2221                                __be32 net_spi, __be32 net_seq)
2222 {
2223         struct audit_buffer *audit_buf;
2224         u32 spi;
2225
2226         audit_buf = xfrm_audit_start("SA-notfound");
2227         if (audit_buf == NULL)
2228                 return;
2229         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2230         spi = ntohl(net_spi);
2231         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2232                          spi, spi, ntohl(net_seq));
2233         audit_log_end(audit_buf);
2234 }
2235 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2236
2237 void xfrm_audit_state_icvfail(struct xfrm_state *x,
2238                               struct sk_buff *skb, u8 proto)
2239 {
2240         struct audit_buffer *audit_buf;
2241         __be32 net_spi;
2242         __be32 net_seq;
2243
2244         audit_buf = xfrm_audit_start("SA-icv-failure");
2245         if (audit_buf == NULL)
2246                 return;
2247         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2248         if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2249                 u32 spi = ntohl(net_spi);
2250                 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2251                                  spi, spi, ntohl(net_seq));
2252         }
2253         audit_log_end(audit_buf);
2254 }
2255 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2256 #endif /* CONFIG_AUDITSYSCALL */
Full containers within linux kernel