git://ftp.safe.ca / safe / jmp / linux-2.6 / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ipsec: Add missing list_del() in xfrm_state_gc_task().
[safe/jmp/linux-2.6] / net / xfrm / xfrm_state.c
1 /*
2  * xfrm_state.c
3  *
4  * Changes:
5  *      Mitsuru KANDA @USAGI
6  *      Kazunori MIYAZAWA @USAGI
7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8  *              IPv6 support
9  *      YOSHIFUJI Hideaki @USAGI
10  *              Split up af-specific functions
11  *      Derek Atkins <derek@ihtfp.com>
12  *              Add UDP Encapsulation
13  *
14  */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <linux/cache.h>
22 #include <linux/audit.h>
23 #include <asm/uaccess.h>
24
25 #include "xfrm_hash.h"
26
27 struct sock *xfrm_nl;
28 EXPORT_SYMBOL(xfrm_nl);
29
30 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
31 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
33 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
34 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
36 u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
38 /* Each xfrm_state may be linked to two tables:
39
40    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
41    2. Hash table by (daddr,family,reqid) to find what SAs exist for given
42       destination/tunnel endpoint. (output)
43  */
44
45 static DEFINE_SPINLOCK(xfrm_state_lock);
46
47 /* Hash table to find appropriate SA towards given target (endpoint
48  * of tunnel or destination of transport mode) allowed by selector.
49  *
50  * Main use is finding SA after policy selected tunnel or transport mode.
51  * Also, it can be used by ah/esp icmp error handler to find offending SA.
52  */
53 static LIST_HEAD(xfrm_state_all);
54 static struct hlist_head *xfrm_state_bydst __read_mostly;
55 static struct hlist_head *xfrm_state_bysrc __read_mostly;
56 static struct hlist_head *xfrm_state_byspi __read_mostly;
57 static unsigned int xfrm_state_hmask __read_mostly;
58 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
59 static unsigned int xfrm_state_num;
60 static unsigned int xfrm_state_genid;
61
62 /* Counter indicating ongoing walk, protected by xfrm_state_lock. */
63 static unsigned long xfrm_state_walk_ongoing;
64 /* Counter indicating walk completion, protected by xfrm_cfg_mutex. */
65 static unsigned long xfrm_state_walk_completed;
66
67 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
68 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
69
70 #ifdef CONFIG_AUDITSYSCALL
71 static void xfrm_audit_state_replay(struct xfrm_state *x,
72                                     struct sk_buff *skb, __be32 net_seq);
73 #else
74 #define xfrm_audit_state_replay(x, s, sq)       do { ; } while (0)
75 #endif /* CONFIG_AUDITSYSCALL */
76
77 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
78                                          xfrm_address_t *saddr,
79                                          u32 reqid,
80                                          unsigned short family)
81 {
82         return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
83 }
84
85 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
86                                          xfrm_address_t *saddr,
87                                          unsigned short family)
88 {
89         return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
90 }
91
92 static inline unsigned int
93 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
94 {
95         return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
96 }
97
98 static void xfrm_hash_transfer(struct hlist_head *list,
99                                struct hlist_head *ndsttable,
100                                struct hlist_head *nsrctable,
101                                struct hlist_head *nspitable,
102                                unsigned int nhashmask)
103 {
104         struct hlist_node *entry, *tmp;
105         struct xfrm_state *x;
106
107         hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
108                 unsigned int h;
109
110                 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
111                                     x->props.reqid, x->props.family,
112                                     nhashmask);
113                 hlist_add_head(&x->bydst, ndsttable+h);
114
115                 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
116                                     x->props.family,
117                                     nhashmask);
118                 hlist_add_head(&x->bysrc, nsrctable+h);
119
120                 if (x->id.spi) {
121                         h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
122                                             x->id.proto, x->props.family,
123                                             nhashmask);
124                         hlist_add_head(&x->byspi, nspitable+h);
125                 }
126         }
127 }
128
129 static unsigned long xfrm_hash_new_size(void)
130 {
131         return ((xfrm_state_hmask + 1) << 1) *
132                 sizeof(struct hlist_head);
133 }
134
135 static DEFINE_MUTEX(hash_resize_mutex);
136
137 static void xfrm_hash_resize(struct work_struct *__unused)
138 {
139         struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
140         unsigned long nsize, osize;
141         unsigned int nhashmask, ohashmask;
142         int i;
143
144         mutex_lock(&hash_resize_mutex);
145
146         nsize = xfrm_hash_new_size();
147         ndst = xfrm_hash_alloc(nsize);
148         if (!ndst)
149                 goto out_unlock;
150         nsrc = xfrm_hash_alloc(nsize);
151         if (!nsrc) {
152                 xfrm_hash_free(ndst, nsize);
153                 goto out_unlock;
154         }
155         nspi = xfrm_hash_alloc(nsize);
156         if (!nspi) {
157                 xfrm_hash_free(ndst, nsize);
158                 xfrm_hash_free(nsrc, nsize);
159                 goto out_unlock;
160         }
161
162         spin_lock_bh(&xfrm_state_lock);
163
164         nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
165         for (i = xfrm_state_hmask; i >= 0; i--)
166                 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
167                                    nhashmask);
168
169         odst = xfrm_state_bydst;
170         osrc = xfrm_state_bysrc;
171         ospi = xfrm_state_byspi;
172         ohashmask = xfrm_state_hmask;
173
174         xfrm_state_bydst = ndst;
175         xfrm_state_bysrc = nsrc;
176         xfrm_state_byspi = nspi;
177         xfrm_state_hmask = nhashmask;
178
179         spin_unlock_bh(&xfrm_state_lock);
180
181         osize = (ohashmask + 1) * sizeof(struct hlist_head);
182         xfrm_hash_free(odst, osize);
183         xfrm_hash_free(osrc, osize);
184         xfrm_hash_free(ospi, osize);
185
186 out_unlock:
187         mutex_unlock(&hash_resize_mutex);
188 }
189
190 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
191
192 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
193 EXPORT_SYMBOL(km_waitq);
194
195 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
196 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
197
198 static struct work_struct xfrm_state_gc_work;
199 static LIST_HEAD(xfrm_state_gc_leftovers);
200 static LIST_HEAD(xfrm_state_gc_list);
201 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
202
203 int __xfrm_state_delete(struct xfrm_state *x);
204
205 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
206 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
207
208 static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
209 {
210         struct xfrm_state_afinfo *afinfo;
211         if (unlikely(family >= NPROTO))
212                 return NULL;
213         write_lock_bh(&xfrm_state_afinfo_lock);
214         afinfo = xfrm_state_afinfo[family];
215         if (unlikely(!afinfo))
216                 write_unlock_bh(&xfrm_state_afinfo_lock);
217         return afinfo;
218 }
219
220 static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
221         __releases(xfrm_state_afinfo_lock)
222 {
223         write_unlock_bh(&xfrm_state_afinfo_lock);
224 }
225
226 int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
227 {
228         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
229         const struct xfrm_type **typemap;
230         int err = 0;
231
232         if (unlikely(afinfo == NULL))
233                 return -EAFNOSUPPORT;
234         typemap = afinfo->type_map;
235
236         if (likely(typemap[type->proto] == NULL))
237                 typemap[type->proto] = type;
238         else
239                 err = -EEXIST;
240         xfrm_state_unlock_afinfo(afinfo);
241         return err;
242 }
243 EXPORT_SYMBOL(xfrm_register_type);
244
245 int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
246 {
247         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
248         const struct xfrm_type **typemap;
249         int err = 0;
250
251         if (unlikely(afinfo == NULL))
252                 return -EAFNOSUPPORT;
253         typemap = afinfo->type_map;
254
255         if (unlikely(typemap[type->proto] != type))
256                 err = -ENOENT;
257         else
258                 typemap[type->proto] = NULL;
259         xfrm_state_unlock_afinfo(afinfo);
260         return err;
261 }
262 EXPORT_SYMBOL(xfrm_unregister_type);
263
264 static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
265 {
266         struct xfrm_state_afinfo *afinfo;
267         const struct xfrm_type **typemap;
268         const struct xfrm_type *type;
269         int modload_attempted = 0;
270
271 retry:
272         afinfo = xfrm_state_get_afinfo(family);
273         if (unlikely(afinfo == NULL))
274                 return NULL;
275         typemap = afinfo->type_map;
276
277         type = typemap[proto];
278         if (unlikely(type && !try_module_get(type->owner)))
279                 type = NULL;
280         if (!type && !modload_attempted) {
281                 xfrm_state_put_afinfo(afinfo);
282                 request_module("xfrm-type-%d-%d", family, proto);
283                 modload_attempted = 1;
284                 goto retry;
285         }
286
287         xfrm_state_put_afinfo(afinfo);
288         return type;
289 }
290
291 static void xfrm_put_type(const struct xfrm_type *type)
292 {
293         module_put(type->owner);
294 }
295
296 int xfrm_register_mode(struct xfrm_mode *mode, int family)
297 {
298         struct xfrm_state_afinfo *afinfo;
299         struct xfrm_mode **modemap;
300         int err;
301
302         if (unlikely(mode->encap >= XFRM_MODE_MAX))
303                 return -EINVAL;
304
305         afinfo = xfrm_state_lock_afinfo(family);
306         if (unlikely(afinfo == NULL))
307                 return -EAFNOSUPPORT;
308
309         err = -EEXIST;
310         modemap = afinfo->mode_map;
311         if (modemap[mode->encap])
312                 goto out;
313
314         err = -ENOENT;
315         if (!try_module_get(afinfo->owner))
316                 goto out;
317
318         mode->afinfo = afinfo;
319         modemap[mode->encap] = mode;
320         err = 0;
321
322 out:
323         xfrm_state_unlock_afinfo(afinfo);
324         return err;
325 }
326 EXPORT_SYMBOL(xfrm_register_mode);
327
328 int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
329 {
330         struct xfrm_state_afinfo *afinfo;
331         struct xfrm_mode **modemap;
332         int err;
333
334         if (unlikely(mode->encap >= XFRM_MODE_MAX))
335                 return -EINVAL;
336
337         afinfo = xfrm_state_lock_afinfo(family);
338         if (unlikely(afinfo == NULL))
339                 return -EAFNOSUPPORT;
340
341         err = -ENOENT;
342         modemap = afinfo->mode_map;
343         if (likely(modemap[mode->encap] == mode)) {
344                 modemap[mode->encap] = NULL;
345                 module_put(mode->afinfo->owner);
346                 err = 0;
347         }
348
349         xfrm_state_unlock_afinfo(afinfo);
350         return err;
351 }
352 EXPORT_SYMBOL(xfrm_unregister_mode);
353
354 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
355 {
356         struct xfrm_state_afinfo *afinfo;
357         struct xfrm_mode *mode;
358         int modload_attempted = 0;
359
360         if (unlikely(encap >= XFRM_MODE_MAX))
361                 return NULL;
362
363 retry:
364         afinfo = xfrm_state_get_afinfo(family);
365         if (unlikely(afinfo == NULL))
366                 return NULL;
367
368         mode = afinfo->mode_map[encap];
369         if (unlikely(mode && !try_module_get(mode->owner)))
370                 mode = NULL;
371         if (!mode && !modload_attempted) {
372                 xfrm_state_put_afinfo(afinfo);
373                 request_module("xfrm-mode-%d-%d", family, encap);
374                 modload_attempted = 1;
375                 goto retry;
376         }
377
378         xfrm_state_put_afinfo(afinfo);
379         return mode;
380 }
381
382 static void xfrm_put_mode(struct xfrm_mode *mode)
383 {
384         module_put(mode->owner);
385 }
386
387 static void xfrm_state_gc_destroy(struct xfrm_state *x)
388 {
389         del_timer_sync(&x->timer);
390         del_timer_sync(&x->rtimer);
391         kfree(x->aalg);
392         kfree(x->ealg);
393         kfree(x->calg);
394         kfree(x->encap);
395         kfree(x->coaddr);
396         if (x->inner_mode)
397                 xfrm_put_mode(x->inner_mode);
398         if (x->inner_mode_iaf)
399                 xfrm_put_mode(x->inner_mode_iaf);
400         if (x->outer_mode)
401                 xfrm_put_mode(x->outer_mode);
402         if (x->type) {
403                 x->type->destructor(x);
404                 xfrm_put_type(x->type);
405         }
406         security_xfrm_state_free(x);
407         kfree(x);
408 }
409
410 static void xfrm_state_gc_task(struct work_struct *data)
411 {
412         struct xfrm_state *x, *tmp;
413         unsigned long completed;
414
415         mutex_lock(&xfrm_cfg_mutex);
416         spin_lock_bh(&xfrm_state_gc_lock);
417         list_splice_tail_init(&xfrm_state_gc_list, &xfrm_state_gc_leftovers);
418         spin_unlock_bh(&xfrm_state_gc_lock);
419
420         completed = xfrm_state_walk_completed;
421         mutex_unlock(&xfrm_cfg_mutex);
422
423         list_for_each_entry_safe(x, tmp, &xfrm_state_gc_leftovers, gclist) {
424                 if ((long)(x->lastused - completed) > 0)
425                         break;
426                 list_del(&x->gclist);
427                 xfrm_state_gc_destroy(x);
428         }
429
430         wake_up(&km_waitq);
431 }
432
433 static inline unsigned long make_jiffies(long secs)
434 {
435         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
436                 return MAX_SCHEDULE_TIMEOUT-1;
437         else
438                 return secs*HZ;
439 }
440
441 static void xfrm_timer_handler(unsigned long data)
442 {
443         struct xfrm_state *x = (struct xfrm_state*)data;
444         unsigned long now = get_seconds();
445         long next = LONG_MAX;
446         int warn = 0;
447         int err = 0;
448
449         spin_lock(&x->lock);
450         if (x->km.state == XFRM_STATE_DEAD)
451                 goto out;
452         if (x->km.state == XFRM_STATE_EXPIRED)
453                 goto expired;
454         if (x->lft.hard_add_expires_seconds) {
455                 long tmo = x->lft.hard_add_expires_seconds +
456                         x->curlft.add_time - now;
457                 if (tmo <= 0)
458                         goto expired;
459                 if (tmo < next)
460                         next = tmo;
461         }
462         if (x->lft.hard_use_expires_seconds) {
463                 long tmo = x->lft.hard_use_expires_seconds +
464                         (x->curlft.use_time ? : now) - now;
465                 if (tmo <= 0)
466                         goto expired;
467                 if (tmo < next)
468                         next = tmo;
469         }
470         if (x->km.dying)
471                 goto resched;
472         if (x->lft.soft_add_expires_seconds) {
473                 long tmo = x->lft.soft_add_expires_seconds +
474                         x->curlft.add_time - now;
475                 if (tmo <= 0)
476                         warn = 1;
477                 else if (tmo < next)
478                         next = tmo;
479         }
480         if (x->lft.soft_use_expires_seconds) {
481                 long tmo = x->lft.soft_use_expires_seconds +
482                         (x->curlft.use_time ? : now) - now;
483                 if (tmo <= 0)
484                         warn = 1;
485                 else if (tmo < next)
486                         next = tmo;
487         }
488
489         x->km.dying = warn;
490         if (warn)
491                 km_state_expired(x, 0, 0);
492 resched:
493         if (next != LONG_MAX)
494                 mod_timer(&x->timer, jiffies + make_jiffies(next));
495
496         goto out;
497
498 expired:
499         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
500                 x->km.state = XFRM_STATE_EXPIRED;
501                 wake_up(&km_waitq);
502                 next = 2;
503                 goto resched;
504         }
505
506         err = __xfrm_state_delete(x);
507         if (!err && x->id.spi)
508                 km_state_expired(x, 1, 0);
509
510         xfrm_audit_state_delete(x, err ? 0 : 1,
511                                 audit_get_loginuid(current),
512                                 audit_get_sessionid(current), 0);
513
514 out:
515         spin_unlock(&x->lock);
516 }
517
518 static void xfrm_replay_timer_handler(unsigned long data);
519
520 struct xfrm_state *xfrm_state_alloc(void)
521 {
522         struct xfrm_state *x;
523
524         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
525
526         if (x) {
527                 atomic_set(&x->refcnt, 1);
528                 atomic_set(&x->tunnel_users, 0);
529                 INIT_LIST_HEAD(&x->all);
530                 INIT_HLIST_NODE(&x->bydst);
531                 INIT_HLIST_NODE(&x->bysrc);
532                 INIT_HLIST_NODE(&x->byspi);
533                 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
534                 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
535                                 (unsigned long)x);
536                 x->curlft.add_time = get_seconds();
537                 x->lft.soft_byte_limit = XFRM_INF;
538                 x->lft.soft_packet_limit = XFRM_INF;
539                 x->lft.hard_byte_limit = XFRM_INF;
540                 x->lft.hard_packet_limit = XFRM_INF;
541                 x->replay_maxage = 0;
542                 x->replay_maxdiff = 0;
543                 x->inner_mode = NULL;
544                 x->inner_mode_iaf = NULL;
545                 spin_lock_init(&x->lock);
546         }
547         return x;
548 }
549 EXPORT_SYMBOL(xfrm_state_alloc);
550
551 void __xfrm_state_destroy(struct xfrm_state *x)
552 {
553         WARN_ON(x->km.state != XFRM_STATE_DEAD);
554
555         spin_lock_bh(&xfrm_state_gc_lock);
556         list_add_tail(&x->gclist, &xfrm_state_gc_list);
557         spin_unlock_bh(&xfrm_state_gc_lock);
558         schedule_work(&xfrm_state_gc_work);
559 }
560 EXPORT_SYMBOL(__xfrm_state_destroy);
561
562 int __xfrm_state_delete(struct xfrm_state *x)
563 {
564         int err = -ESRCH;
565
566         if (x->km.state != XFRM_STATE_DEAD) {
567                 x->km.state = XFRM_STATE_DEAD;
568                 spin_lock(&xfrm_state_lock);
569                 x->lastused = xfrm_state_walk_ongoing;
570                 list_del_rcu(&x->all);
571                 hlist_del(&x->bydst);
572                 hlist_del(&x->bysrc);
573                 if (x->id.spi)
574                         hlist_del(&x->byspi);
575                 xfrm_state_num--;
576                 spin_unlock(&xfrm_state_lock);
577
578                 /* All xfrm_state objects are created by xfrm_state_alloc.
579                  * The xfrm_state_alloc call gives a reference, and that
580                  * is what we are dropping here.
581                  */
582                 xfrm_state_put(x);
583                 err = 0;
584         }
585
586         return err;
587 }
588 EXPORT_SYMBOL(__xfrm_state_delete);
589
590 int xfrm_state_delete(struct xfrm_state *x)
591 {
592         int err;
593
594         spin_lock_bh(&x->lock);
595         err = __xfrm_state_delete(x);
596         spin_unlock_bh(&x->lock);
597
598         return err;
599 }
600 EXPORT_SYMBOL(xfrm_state_delete);
601
602 #ifdef CONFIG_SECURITY_NETWORK_XFRM
603 static inline int
604 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
605 {
606         int i, err = 0;
607
608         for (i = 0; i <= xfrm_state_hmask; i++) {
609                 struct hlist_node *entry;
610                 struct xfrm_state *x;
611
612                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
613                         if (xfrm_id_proto_match(x->id.proto, proto) &&
614                            (err = security_xfrm_state_delete(x)) != 0) {
615                                 xfrm_audit_state_delete(x, 0,
616                                                         audit_info->loginuid,
617                                                         audit_info->sessionid,
618                                                         audit_info->secid);
619                                 return err;
620                         }
621                 }
622         }
623
624         return err;
625 }
626 #else
627 static inline int
628 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
629 {
630         return 0;
631 }
632 #endif
633
634 int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
635 {
636         int i, err = 0;
637
638         spin_lock_bh(&xfrm_state_lock);
639         err = xfrm_state_flush_secctx_check(proto, audit_info);
640         if (err)
641                 goto out;
642
643         for (i = 0; i <= xfrm_state_hmask; i++) {
644                 struct hlist_node *entry;
645                 struct xfrm_state *x;
646 restart:
647                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
648                         if (!xfrm_state_kern(x) &&
649                             xfrm_id_proto_match(x->id.proto, proto)) {
650                                 xfrm_state_hold(x);
651                                 spin_unlock_bh(&xfrm_state_lock);
652
653                                 err = xfrm_state_delete(x);
654                                 xfrm_audit_state_delete(x, err ? 0 : 1,
655                                                         audit_info->loginuid,
656                                                         audit_info->sessionid,
657                                                         audit_info->secid);
658                                 xfrm_state_put(x);
659
660                                 spin_lock_bh(&xfrm_state_lock);
661                                 goto restart;
662                         }
663                 }
664         }
665         err = 0;
666
667 out:
668         spin_unlock_bh(&xfrm_state_lock);
669         wake_up(&km_waitq);
670         return err;
671 }
672 EXPORT_SYMBOL(xfrm_state_flush);
673
674 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
675 {
676         spin_lock_bh(&xfrm_state_lock);
677         si->sadcnt = xfrm_state_num;
678         si->sadhcnt = xfrm_state_hmask;
679         si->sadhmcnt = xfrm_state_hashmax;
680         spin_unlock_bh(&xfrm_state_lock);
681 }
682 EXPORT_SYMBOL(xfrm_sad_getinfo);
683
684 static int
685 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
686                   struct xfrm_tmpl *tmpl,
687                   xfrm_address_t *daddr, xfrm_address_t *saddr,
688                   unsigned short family)
689 {
690         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
691         if (!afinfo)
692                 return -1;
693         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
694         xfrm_state_put_afinfo(afinfo);
695         return 0;
696 }
697
698 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
699 {
700         unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
701         struct xfrm_state *x;
702         struct hlist_node *entry;
703
704         hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
705                 if (x->props.family != family ||
706                     x->id.spi       != spi ||
707                     x->id.proto     != proto)
708                         continue;
709
710                 switch (family) {
711                 case AF_INET:
712                         if (x->id.daddr.a4 != daddr->a4)
713                                 continue;
714                         break;
715                 case AF_INET6:
716                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
717                                              (struct in6_addr *)
718                                              x->id.daddr.a6))
719                                 continue;
720                         break;
721                 }
722
723                 xfrm_state_hold(x);
724                 return x;
725         }
726
727         return NULL;
728 }
729
730 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
731 {
732         unsigned int h = xfrm_src_hash(daddr, saddr, family);
733         struct xfrm_state *x;
734         struct hlist_node *entry;
735
736         hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
737                 if (x->props.family != family ||
738                     x->id.proto     != proto)
739                         continue;
740
741                 switch (family) {
742                 case AF_INET:
743                         if (x->id.daddr.a4 != daddr->a4 ||
744                             x->props.saddr.a4 != saddr->a4)
745                                 continue;
746                         break;
747                 case AF_INET6:
748                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
749                                              (struct in6_addr *)
750                                              x->id.daddr.a6) ||
751                             !ipv6_addr_equal((struct in6_addr *)saddr,
752                                              (struct in6_addr *)
753                                              x->props.saddr.a6))
754                                 continue;
755                         break;
756                 }
757
758                 xfrm_state_hold(x);
759                 return x;
760         }
761
762         return NULL;
763 }
764
765 static inline struct xfrm_state *
766 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
767 {
768         if (use_spi)
769                 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
770                                            x->id.proto, family);
771         else
772                 return __xfrm_state_lookup_byaddr(&x->id.daddr,
773                                                   &x->props.saddr,
774                                                   x->id.proto, family);
775 }
776
777 static void xfrm_hash_grow_check(int have_hash_collision)
778 {
779         if (have_hash_collision &&
780             (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
781             xfrm_state_num > xfrm_state_hmask)
782                 schedule_work(&xfrm_hash_work);
783 }
784
785 struct xfrm_state *
786 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
787                 struct flowi *fl, struct xfrm_tmpl *tmpl,
788                 struct xfrm_policy *pol, int *err,
789                 unsigned short family)
790 {
791         unsigned int h;
792         struct hlist_node *entry;
793         struct xfrm_state *x, *x0, *to_put;
794         int acquire_in_progress = 0;
795         int error = 0;
796         struct xfrm_state *best = NULL;
797
798         to_put = NULL;
799
800         spin_lock_bh(&xfrm_state_lock);
801         h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
802         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
803                 if (x->props.family == family &&
804                     x->props.reqid == tmpl->reqid &&
805                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
806                     xfrm_state_addr_check(x, daddr, saddr, family) &&
807                     tmpl->mode == x->props.mode &&
808                     tmpl->id.proto == x->id.proto &&
809                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
810                         /* Resolution logic:
811                            1. There is a valid state with matching selector.
812                               Done.
813                            2. Valid state with inappropriate selector. Skip.
814
815                            Entering area of "sysdeps".
816
817                            3. If state is not valid, selector is temporary,
818                               it selects only session which triggered
819                               previous resolution. Key manager will do
820                               something to install a state with proper
821                               selector.
822                          */
823                         if (x->km.state == XFRM_STATE_VALID) {
824                                 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
825                                     !security_xfrm_state_pol_flow_match(x, pol, fl))
826                                         continue;
827                                 if (!best ||
828                                     best->km.dying > x->km.dying ||
829                                     (best->km.dying == x->km.dying &&
830                                      best->curlft.add_time < x->curlft.add_time))
831                                         best = x;
832                         } else if (x->km.state == XFRM_STATE_ACQ) {
833                                 acquire_in_progress = 1;
834                         } else if (x->km.state == XFRM_STATE_ERROR ||
835                                    x->km.state == XFRM_STATE_EXPIRED) {
836                                 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
837                                     security_xfrm_state_pol_flow_match(x, pol, fl))
838                                         error = -ESRCH;
839                         }
840                 }
841         }
842
843         x = best;
844         if (!x && !error && !acquire_in_progress) {
845                 if (tmpl->id.spi &&
846                     (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
847                                               tmpl->id.proto, family)) != NULL) {
848                         to_put = x0;
849                         error = -EEXIST;
850                         goto out;
851                 }
852                 x = xfrm_state_alloc();
853                 if (x == NULL) {
854                         error = -ENOMEM;
855                         goto out;
856                 }
857                 /* Initialize temporary selector matching only
858                  * to current session. */
859                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
860
861                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
862                 if (error) {
863                         x->km.state = XFRM_STATE_DEAD;
864                         to_put = x;
865                         x = NULL;
866                         goto out;
867                 }
868
869                 if (km_query(x, tmpl, pol) == 0) {
870                         x->km.state = XFRM_STATE_ACQ;
871                         list_add_tail(&x->all, &xfrm_state_all);
872                         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
873                         h = xfrm_src_hash(daddr, saddr, family);
874                         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
875                         if (x->id.spi) {
876                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
877                                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
878                         }
879                         x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
880                         x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
881                         add_timer(&x->timer);
882                         xfrm_state_num++;
883                         xfrm_hash_grow_check(x->bydst.next != NULL);
884                 } else {
885                         x->km.state = XFRM_STATE_DEAD;
886                         to_put = x;
887                         x = NULL;
888                         error = -ESRCH;
889                 }
890         }
891 out:
892         if (x)
893                 xfrm_state_hold(x);
894         else
895                 *err = acquire_in_progress ? -EAGAIN : error;
896         spin_unlock_bh(&xfrm_state_lock);
897         if (to_put)
898                 xfrm_state_put(to_put);
899         return x;
900 }
901
902 struct xfrm_state *
903 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
904                     unsigned short family, u8 mode, u8 proto, u32 reqid)
905 {
906         unsigned int h;
907         struct xfrm_state *rx = NULL, *x = NULL;
908         struct hlist_node *entry;
909
910         spin_lock(&xfrm_state_lock);
911         h = xfrm_dst_hash(daddr, saddr, reqid, family);
912         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
913                 if (x->props.family == family &&
914                     x->props.reqid == reqid &&
915                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
916                     xfrm_state_addr_check(x, daddr, saddr, family) &&
917                     mode == x->props.mode &&
918                     proto == x->id.proto &&
919                     x->km.state == XFRM_STATE_VALID) {
920                         rx = x;
921                         break;
922                 }
923         }
924
925         if (rx)
926                 xfrm_state_hold(rx);
927         spin_unlock(&xfrm_state_lock);
928
929
930         return rx;
931 }
932 EXPORT_SYMBOL(xfrm_stateonly_find);
933
934 static void __xfrm_state_insert(struct xfrm_state *x)
935 {
936         unsigned int h;
937
938         x->genid = ++xfrm_state_genid;
939
940         list_add_tail(&x->all, &xfrm_state_all);
941
942         h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
943                           x->props.reqid, x->props.family);
944         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
945
946         h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
947         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
948
949         if (x->id.spi) {
950                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
951                                   x->props.family);
952
953                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
954         }
955
956         mod_timer(&x->timer, jiffies + HZ);
957         if (x->replay_maxage)
958                 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
959
960         wake_up(&km_waitq);
961
962         xfrm_state_num++;
963
964         xfrm_hash_grow_check(x->bydst.next != NULL);
965 }
966
967 /* xfrm_state_lock is held */
968 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
969 {
970         unsigned short family = xnew->props.family;
971         u32 reqid = xnew->props.reqid;
972         struct xfrm_state *x;
973         struct hlist_node *entry;
974         unsigned int h;
975
976         h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
977         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
978                 if (x->props.family     == family &&
979                     x->props.reqid      == reqid &&
980                     !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
981                     !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
982                         x->genid = xfrm_state_genid;
983         }
984 }
985
986 void xfrm_state_insert(struct xfrm_state *x)
987 {
988         spin_lock_bh(&xfrm_state_lock);
989         __xfrm_state_bump_genids(x);
990         __xfrm_state_insert(x);
991         spin_unlock_bh(&xfrm_state_lock);
992 }
993 EXPORT_SYMBOL(xfrm_state_insert);
994
995 /* xfrm_state_lock is held */
996 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
997 {
998         unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
999         struct hlist_node *entry;
1000         struct xfrm_state *x;
1001
1002         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1003                 if (x->props.reqid  != reqid ||
1004                     x->props.mode   != mode ||
1005                     x->props.family != family ||
1006                     x->km.state     != XFRM_STATE_ACQ ||
1007                     x->id.spi       != 0 ||
1008                     x->id.proto     != proto)
1009                         continue;
1010
1011                 switch (family) {
1012                 case AF_INET:
1013                         if (x->id.daddr.a4    != daddr->a4 ||
1014                             x->props.saddr.a4 != saddr->a4)
1015                                 continue;
1016                         break;
1017                 case AF_INET6:
1018                         if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
1019                                              (struct in6_addr *)daddr) ||
1020                             !ipv6_addr_equal((struct in6_addr *)
1021                                              x->props.saddr.a6,
1022                                              (struct in6_addr *)saddr))
1023                                 continue;
1024                         break;
1025                 }
1026
1027                 xfrm_state_hold(x);
1028                 return x;
1029         }
1030
1031         if (!create)
1032                 return NULL;
1033
1034         x = xfrm_state_alloc();
1035         if (likely(x)) {
1036                 switch (family) {
1037                 case AF_INET:
1038                         x->sel.daddr.a4 = daddr->a4;
1039                         x->sel.saddr.a4 = saddr->a4;
1040                         x->sel.prefixlen_d = 32;
1041                         x->sel.prefixlen_s = 32;
1042                         x->props.saddr.a4 = saddr->a4;
1043                         x->id.daddr.a4 = daddr->a4;
1044                         break;
1045
1046                 case AF_INET6:
1047                         ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1048                                        (struct in6_addr *)daddr);
1049                         ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1050                                        (struct in6_addr *)saddr);
1051                         x->sel.prefixlen_d = 128;
1052                         x->sel.prefixlen_s = 128;
1053                         ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1054                                        (struct in6_addr *)saddr);
1055                         ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1056                                        (struct in6_addr *)daddr);
1057                         break;
1058                 }
1059
1060                 x->km.state = XFRM_STATE_ACQ;
1061                 x->id.proto = proto;
1062                 x->props.family = family;
1063                 x->props.mode = mode;
1064                 x->props.reqid = reqid;
1065                 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
1066                 xfrm_state_hold(x);
1067                 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1068                 add_timer(&x->timer);
1069                 list_add_tail(&x->all, &xfrm_state_all);
1070                 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
1071                 h = xfrm_src_hash(daddr, saddr, family);
1072                 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1073
1074                 xfrm_state_num++;
1075
1076                 xfrm_hash_grow_check(x->bydst.next != NULL);
1077         }
1078
1079         return x;
1080 }
1081
1082 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1083
1084 int xfrm_state_add(struct xfrm_state *x)
1085 {
1086         struct xfrm_state *x1, *to_put;
1087         int family;
1088         int err;
1089         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1090
1091         family = x->props.family;
1092
1093         to_put = NULL;
1094
1095         spin_lock_bh(&xfrm_state_lock);
1096
1097         x1 = __xfrm_state_locate(x, use_spi, family);
1098         if (x1) {
1099                 to_put = x1;
1100                 x1 = NULL;
1101                 err = -EEXIST;
1102                 goto out;
1103         }
1104
1105         if (use_spi && x->km.seq) {
1106                 x1 = __xfrm_find_acq_byseq(x->km.seq);
1107                 if (x1 && ((x1->id.proto != x->id.proto) ||
1108                     xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1109                         to_put = x1;
1110                         x1 = NULL;
1111                 }
1112         }
1113
1114         if (use_spi && !x1)
1115                 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1116                                      x->id.proto,
1117                                      &x->id.daddr, &x->props.saddr, 0);
1118
1119         __xfrm_state_bump_genids(x);
1120         __xfrm_state_insert(x);
1121         err = 0;
1122
1123 out:
1124         spin_unlock_bh(&xfrm_state_lock);
1125
1126         if (x1) {
1127                 xfrm_state_delete(x1);
1128                 xfrm_state_put(x1);
1129         }
1130
1131         if (to_put)
1132                 xfrm_state_put(to_put);
1133
1134         return err;
1135 }
1136 EXPORT_SYMBOL(xfrm_state_add);
1137
1138 #ifdef CONFIG_XFRM_MIGRATE
1139 static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1140 {
1141         int err = -ENOMEM;
1142         struct xfrm_state *x = xfrm_state_alloc();
1143         if (!x)
1144                 goto error;
1145
1146         memcpy(&x->id, &orig->id, sizeof(x->id));
1147         memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1148         memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1149         x->props.mode = orig->props.mode;
1150         x->props.replay_window = orig->props.replay_window;
1151         x->props.reqid = orig->props.reqid;
1152         x->props.family = orig->props.family;
1153         x->props.saddr = orig->props.saddr;
1154
1155         if (orig->aalg) {
1156                 x->aalg = xfrm_algo_clone(orig->aalg);
1157                 if (!x->aalg)
1158                         goto error;
1159         }
1160         x->props.aalgo = orig->props.aalgo;
1161
1162         if (orig->ealg) {
1163                 x->ealg = xfrm_algo_clone(orig->ealg);
1164                 if (!x->ealg)
1165                         goto error;
1166         }
1167         x->props.ealgo = orig->props.ealgo;
1168
1169         if (orig->calg) {
1170                 x->calg = xfrm_algo_clone(orig->calg);
1171                 if (!x->calg)
1172                         goto error;
1173         }
1174         x->props.calgo = orig->props.calgo;
1175
1176         if (orig->encap) {
1177                 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1178                 if (!x->encap)
1179                         goto error;
1180         }
1181
1182         if (orig->coaddr) {
1183                 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1184                                     GFP_KERNEL);
1185                 if (!x->coaddr)
1186                         goto error;
1187         }
1188
1189         err = xfrm_init_state(x);
1190         if (err)
1191                 goto error;
1192
1193         x->props.flags = orig->props.flags;
1194
1195         x->curlft.add_time = orig->curlft.add_time;
1196         x->km.state = orig->km.state;
1197         x->km.seq = orig->km.seq;
1198
1199         return x;
1200
1201  error:
1202         if (errp)
1203                 *errp = err;
1204         if (x) {
1205                 kfree(x->aalg);
1206                 kfree(x->ealg);
1207                 kfree(x->calg);
1208                 kfree(x->encap);
1209                 kfree(x->coaddr);
1210         }
1211         kfree(x);
1212         return NULL;
1213 }
1214
1215 /* xfrm_state_lock is held */
1216 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1217 {
1218         unsigned int h;
1219         struct xfrm_state *x;
1220         struct hlist_node *entry;
1221
1222         if (m->reqid) {
1223                 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1224                                   m->reqid, m->old_family);
1225                 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1226                         if (x->props.mode != m->mode ||
1227                             x->id.proto != m->proto)
1228                                 continue;
1229                         if (m->reqid && x->props.reqid != m->reqid)
1230                                 continue;
1231                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1232                                           m->old_family) ||
1233                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1234                                           m->old_family))
1235                                 continue;
1236                         xfrm_state_hold(x);
1237                         return x;
1238                 }
1239         } else {
1240                 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1241                                   m->old_family);
1242                 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
1243                         if (x->props.mode != m->mode ||
1244                             x->id.proto != m->proto)
1245                                 continue;
1246                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1247                                           m->old_family) ||
1248                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1249                                           m->old_family))
1250                                 continue;
1251                         xfrm_state_hold(x);
1252                         return x;
1253                 }
1254         }
1255
1256         return NULL;
1257 }
1258 EXPORT_SYMBOL(xfrm_migrate_state_find);
1259
1260 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1261                                        struct xfrm_migrate *m)
1262 {
1263         struct xfrm_state *xc;
1264         int err;
1265
1266         xc = xfrm_state_clone(x, &err);
1267         if (!xc)
1268                 return NULL;
1269
1270         memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1271         memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1272
1273         /* add state */
1274         if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1275                 /* a care is needed when the destination address of the
1276                    state is to be updated as it is a part of triplet */
1277                 xfrm_state_insert(xc);
1278         } else {
1279                 if ((err = xfrm_state_add(xc)) < 0)
1280                         goto error;
1281         }
1282
1283         return xc;
1284 error:
1285         kfree(xc);
1286         return NULL;
1287 }
1288 EXPORT_SYMBOL(xfrm_state_migrate);
1289 #endif
1290
1291 int xfrm_state_update(struct xfrm_state *x)
1292 {
1293         struct xfrm_state *x1, *to_put;
1294         int err;
1295         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1296
1297         to_put = NULL;
1298
1299         spin_lock_bh(&xfrm_state_lock);
1300         x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1301
1302         err = -ESRCH;
1303         if (!x1)
1304                 goto out;
1305
1306         if (xfrm_state_kern(x1)) {
1307                 to_put = x1;
1308                 err = -EEXIST;
1309                 goto out;
1310         }
1311
1312         if (x1->km.state == XFRM_STATE_ACQ) {
1313                 __xfrm_state_insert(x);
1314                 x = NULL;
1315         }
1316         err = 0;
1317
1318 out:
1319         spin_unlock_bh(&xfrm_state_lock);
1320
1321         if (to_put)
1322                 xfrm_state_put(to_put);
1323
1324         if (err)
1325                 return err;
1326
1327         if (!x) {
1328                 xfrm_state_delete(x1);
1329                 xfrm_state_put(x1);
1330                 return 0;
1331         }
1332
1333         err = -EINVAL;
1334         spin_lock_bh(&x1->lock);
1335         if (likely(x1->km.state == XFRM_STATE_VALID)) {
1336                 if (x->encap && x1->encap)
1337                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1338                 if (x->coaddr && x1->coaddr) {
1339                         memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1340                 }
1341                 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1342                         memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1343                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1344                 x1->km.dying = 0;
1345
1346                 mod_timer(&x1->timer, jiffies + HZ);
1347                 if (x1->curlft.use_time)
1348                         xfrm_state_check_expire(x1);
1349
1350                 err = 0;
1351         }
1352         spin_unlock_bh(&x1->lock);
1353
1354         xfrm_state_put(x1);
1355
1356         return err;
1357 }
1358 EXPORT_SYMBOL(xfrm_state_update);
1359
1360 int xfrm_state_check_expire(struct xfrm_state *x)
1361 {
1362         if (!x->curlft.use_time)
1363                 x->curlft.use_time = get_seconds();
1364
1365         if (x->km.state != XFRM_STATE_VALID)
1366                 return -EINVAL;
1367
1368         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1369             x->curlft.packets >= x->lft.hard_packet_limit) {
1370                 x->km.state = XFRM_STATE_EXPIRED;
1371                 mod_timer(&x->timer, jiffies);
1372                 return -EINVAL;
1373         }
1374
1375         if (!x->km.dying &&
1376             (x->curlft.bytes >= x->lft.soft_byte_limit ||
1377              x->curlft.packets >= x->lft.soft_packet_limit)) {
1378                 x->km.dying = 1;
1379                 km_state_expired(x, 0, 0);
1380         }
1381         return 0;
1382 }
1383 EXPORT_SYMBOL(xfrm_state_check_expire);
1384
1385 struct xfrm_state *
1386 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1387                   unsigned short family)
1388 {
1389         struct xfrm_state *x;
1390
1391         spin_lock_bh(&xfrm_state_lock);
1392         x = __xfrm_state_lookup(daddr, spi, proto, family);
1393         spin_unlock_bh(&xfrm_state_lock);
1394         return x;
1395 }
1396 EXPORT_SYMBOL(xfrm_state_lookup);
1397
1398 struct xfrm_state *
1399 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1400                          u8 proto, unsigned short family)
1401 {
1402         struct xfrm_state *x;
1403
1404         spin_lock_bh(&xfrm_state_lock);
1405         x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
1406         spin_unlock_bh(&xfrm_state_lock);
1407         return x;
1408 }
1409 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1410
1411 struct xfrm_state *
1412 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1413               xfrm_address_t *daddr, xfrm_address_t *saddr,
1414               int create, unsigned short family)
1415 {
1416         struct xfrm_state *x;
1417
1418         spin_lock_bh(&xfrm_state_lock);
1419         x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1420         spin_unlock_bh(&xfrm_state_lock);
1421
1422         return x;
1423 }
1424 EXPORT_SYMBOL(xfrm_find_acq);
1425
1426 #ifdef CONFIG_XFRM_SUB_POLICY
1427 int
1428 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1429                unsigned short family)
1430 {
1431         int err = 0;
1432         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1433         if (!afinfo)
1434                 return -EAFNOSUPPORT;
1435
1436         spin_lock_bh(&xfrm_state_lock);
1437         if (afinfo->tmpl_sort)
1438                 err = afinfo->tmpl_sort(dst, src, n);
1439         spin_unlock_bh(&xfrm_state_lock);
1440         xfrm_state_put_afinfo(afinfo);
1441         return err;
1442 }
1443 EXPORT_SYMBOL(xfrm_tmpl_sort);
1444
1445 int
1446 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1447                 unsigned short family)
1448 {
1449         int err = 0;
1450         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1451         if (!afinfo)
1452                 return -EAFNOSUPPORT;
1453
1454         spin_lock_bh(&xfrm_state_lock);
1455         if (afinfo->state_sort)
1456                 err = afinfo->state_sort(dst, src, n);
1457         spin_unlock_bh(&xfrm_state_lock);
1458         xfrm_state_put_afinfo(afinfo);
1459         return err;
1460 }
1461 EXPORT_SYMBOL(xfrm_state_sort);
1462 #endif
1463
1464 /* Silly enough, but I'm lazy to build resolution list */
1465
1466 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1467 {
1468         int i;
1469
1470         for (i = 0; i <= xfrm_state_hmask; i++) {
1471                 struct hlist_node *entry;
1472                 struct xfrm_state *x;
1473
1474                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1475                         if (x->km.seq == seq &&
1476                             x->km.state == XFRM_STATE_ACQ) {
1477                                 xfrm_state_hold(x);
1478                                 return x;
1479                         }
1480                 }
1481         }
1482         return NULL;
1483 }
1484
1485 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1486 {
1487         struct xfrm_state *x;
1488
1489         spin_lock_bh(&xfrm_state_lock);
1490         x = __xfrm_find_acq_byseq(seq);
1491         spin_unlock_bh(&xfrm_state_lock);
1492         return x;
1493 }
1494 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1495
1496 u32 xfrm_get_acqseq(void)
1497 {
1498         u32 res;
1499         static u32 acqseq;
1500         static DEFINE_SPINLOCK(acqseq_lock);
1501
1502         spin_lock_bh(&acqseq_lock);
1503         res = (++acqseq ? : ++acqseq);
1504         spin_unlock_bh(&acqseq_lock);
1505         return res;
1506 }
1507 EXPORT_SYMBOL(xfrm_get_acqseq);
1508
1509 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1510 {
1511         unsigned int h;
1512         struct xfrm_state *x0;
1513         int err = -ENOENT;
1514         __be32 minspi = htonl(low);
1515         __be32 maxspi = htonl(high);
1516
1517         spin_lock_bh(&x->lock);
1518         if (x->km.state == XFRM_STATE_DEAD)
1519                 goto unlock;
1520
1521         err = 0;
1522         if (x->id.spi)
1523                 goto unlock;
1524
1525         err = -ENOENT;
1526
1527         if (minspi == maxspi) {
1528                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1529                 if (x0) {
1530                         xfrm_state_put(x0);
1531                         goto unlock;
1532                 }
1533                 x->id.spi = minspi;
1534         } else {
1535                 u32 spi = 0;
1536                 for (h=0; h<high-low+1; h++) {
1537                         spi = low + net_random()%(high-low+1);
1538                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1539                         if (x0 == NULL) {
1540                                 x->id.spi = htonl(spi);
1541                                 break;
1542                         }
1543                         xfrm_state_put(x0);
1544                 }
1545         }
1546         if (x->id.spi) {
1547                 spin_lock_bh(&xfrm_state_lock);
1548                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1549                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1550                 spin_unlock_bh(&xfrm_state_lock);
1551
1552                 err = 0;
1553         }
1554
1555 unlock:
1556         spin_unlock_bh(&x->lock);
1557
1558         return err;
1559 }
1560 EXPORT_SYMBOL(xfrm_alloc_spi);
1561
1562 int xfrm_state_walk(struct xfrm_state_walk *walk,
1563                     int (*func)(struct xfrm_state *, int, void*),
1564                     void *data)
1565 {
1566         struct xfrm_state *old, *x, *last = NULL;
1567         int err = 0;
1568
1569         if (walk->state == NULL && walk->count != 0)
1570                 return 0;
1571
1572         old = x = walk->state;
1573         walk->state = NULL;
1574         spin_lock_bh(&xfrm_state_lock);
1575         if (x == NULL)
1576                 x = list_first_entry(&xfrm_state_all, struct xfrm_state, all);
1577         list_for_each_entry_from(x, &xfrm_state_all, all) {
1578                 if (x->km.state == XFRM_STATE_DEAD)
1579                         continue;
1580                 if (!xfrm_id_proto_match(x->id.proto, walk->proto))
1581                         continue;
1582                 if (last) {
1583                         err = func(last, walk->count, data);
1584                         if (err) {
1585                                 xfrm_state_hold(last);
1586                                 walk->state = last;
1587                                 xfrm_state_walk_ongoing++;
1588                                 goto out;
1589                         }
1590                 }
1591                 last = x;
1592                 walk->count++;
1593         }
1594         if (walk->count == 0) {
1595                 err = -ENOENT;
1596                 goto out;
1597         }
1598         if (last)
1599                 err = func(last, 0, data);
1600 out:
1601         spin_unlock_bh(&xfrm_state_lock);
1602         if (old != NULL) {
1603                 xfrm_state_put(old);
1604                 xfrm_state_walk_completed++;
1605                 if (!list_empty(&xfrm_state_gc_leftovers))
1606                         schedule_work(&xfrm_state_gc_work);
1607         }
1608         return err;
1609 }
1610 EXPORT_SYMBOL(xfrm_state_walk);
1611
1612 void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1613 {
1614         if (walk->state != NULL) {
1615                 xfrm_state_put(walk->state);
1616                 walk->state = NULL;
1617                 xfrm_state_walk_completed++;
1618                 if (!list_empty(&xfrm_state_gc_leftovers))
1619                         schedule_work(&xfrm_state_gc_work);
1620         }
1621 }
1622 EXPORT_SYMBOL(xfrm_state_walk_done);
1623
1624
1625 void xfrm_replay_notify(struct xfrm_state *x, int event)
1626 {
1627         struct km_event c;
1628         /* we send notify messages in case
1629          *  1. we updated on of the sequence numbers, and the seqno difference
1630          *     is at least x->replay_maxdiff, in this case we also update the
1631          *     timeout of our timer function
1632          *  2. if x->replay_maxage has elapsed since last update,
1633          *     and there were changes
1634          *
1635          *  The state structure must be locked!
1636          */
1637
1638         switch (event) {
1639         case XFRM_REPLAY_UPDATE:
1640                 if (x->replay_maxdiff &&
1641                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1642                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1643                         if (x->xflags & XFRM_TIME_DEFER)
1644                                 event = XFRM_REPLAY_TIMEOUT;
1645                         else
1646                                 return;
1647                 }
1648
1649                 break;
1650
1651         case XFRM_REPLAY_TIMEOUT:
1652                 if ((x->replay.seq == x->preplay.seq) &&
1653                     (x->replay.bitmap == x->preplay.bitmap) &&
1654                     (x->replay.oseq == x->preplay.oseq)) {
1655                         x->xflags |= XFRM_TIME_DEFER;
1656                         return;
1657                 }
1658
1659                 break;
1660         }
1661
1662         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1663         c.event = XFRM_MSG_NEWAE;
1664         c.data.aevent = event;
1665         km_state_notify(x, &c);
1666
1667         if (x->replay_maxage &&
1668             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1669                 x->xflags &= ~XFRM_TIME_DEFER;
1670 }
1671
1672 static void xfrm_replay_timer_handler(unsigned long data)
1673 {
1674         struct xfrm_state *x = (struct xfrm_state*)data;
1675
1676         spin_lock(&x->lock);
1677
1678         if (x->km.state == XFRM_STATE_VALID) {
1679                 if (xfrm_aevent_is_on())
1680                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1681                 else
1682                         x->xflags |= XFRM_TIME_DEFER;
1683         }
1684
1685         spin_unlock(&x->lock);
1686 }
1687
1688 int xfrm_replay_check(struct xfrm_state *x,
1689                       struct sk_buff *skb, __be32 net_seq)
1690 {
1691         u32 diff;
1692         u32 seq = ntohl(net_seq);
1693
1694         if (unlikely(seq == 0))
1695                 goto err;
1696
1697         if (likely(seq > x->replay.seq))
1698                 return 0;
1699
1700         diff = x->replay.seq - seq;
1701         if (diff >= min_t(unsigned int, x->props.replay_window,
1702                           sizeof(x->replay.bitmap) * 8)) {
1703                 x->stats.replay_window++;
1704                 goto err;
1705         }
1706
1707         if (x->replay.bitmap & (1U << diff)) {
1708                 x->stats.replay++;
1709                 goto err;
1710         }
1711         return 0;
1712
1713 err:
1714         xfrm_audit_state_replay(x, skb, net_seq);
1715         return -EINVAL;
1716 }
1717
1718 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1719 {
1720         u32 diff;
1721         u32 seq = ntohl(net_seq);
1722
1723         if (seq > x->replay.seq) {
1724                 diff = seq - x->replay.seq;
1725                 if (diff < x->props.replay_window)
1726                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1727                 else
1728                         x->replay.bitmap = 1;
1729                 x->replay.seq = seq;
1730         } else {
1731                 diff = x->replay.seq - seq;
1732                 x->replay.bitmap |= (1U << diff);
1733         }
1734
1735         if (xfrm_aevent_is_on())
1736                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1737 }
1738
1739 static LIST_HEAD(xfrm_km_list);
1740 static DEFINE_RWLOCK(xfrm_km_lock);
1741
1742 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1743 {
1744         struct xfrm_mgr *km;
1745
1746         read_lock(&xfrm_km_lock);
1747         list_for_each_entry(km, &xfrm_km_list, list)
1748                 if (km->notify_policy)
1749                         km->notify_policy(xp, dir, c);
1750         read_unlock(&xfrm_km_lock);
1751 }
1752
1753 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1754 {
1755         struct xfrm_mgr *km;
1756         read_lock(&xfrm_km_lock);
1757         list_for_each_entry(km, &xfrm_km_list, list)
1758                 if (km->notify)
1759                         km->notify(x, c);
1760         read_unlock(&xfrm_km_lock);
1761 }
1762
1763 EXPORT_SYMBOL(km_policy_notify);
1764 EXPORT_SYMBOL(km_state_notify);
1765
1766 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1767 {
1768         struct km_event c;
1769
1770         c.data.hard = hard;
1771         c.pid = pid;
1772         c.event = XFRM_MSG_EXPIRE;
1773         km_state_notify(x, &c);
1774
1775         if (hard)
1776                 wake_up(&km_waitq);
1777 }
1778
1779 EXPORT_SYMBOL(km_state_expired);
1780 /*
1781  * We send to all registered managers regardless of failure
1782  * We are happy with one success
1783 */
1784 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1785 {
1786         int err = -EINVAL, acqret;
1787         struct xfrm_mgr *km;
1788
1789         read_lock(&xfrm_km_lock);
1790         list_for_each_entry(km, &xfrm_km_list, list) {
1791                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1792                 if (!acqret)
1793                         err = acqret;
1794         }
1795         read_unlock(&xfrm_km_lock);
1796         return err;
1797 }
1798 EXPORT_SYMBOL(km_query);
1799
1800 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1801 {
1802         int err = -EINVAL;
1803         struct xfrm_mgr *km;
1804
1805         read_lock(&xfrm_km_lock);
1806         list_for_each_entry(km, &xfrm_km_list, list) {
1807                 if (km->new_mapping)
1808                         err = km->new_mapping(x, ipaddr, sport);
1809                 if (!err)
1810                         break;
1811         }
1812         read_unlock(&xfrm_km_lock);
1813         return err;
1814 }
1815 EXPORT_SYMBOL(km_new_mapping);
1816
1817 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1818 {
1819         struct km_event c;
1820
1821         c.data.hard = hard;
1822         c.pid = pid;
1823         c.event = XFRM_MSG_POLEXPIRE;
1824         km_policy_notify(pol, dir, &c);
1825
1826         if (hard)
1827                 wake_up(&km_waitq);
1828 }
1829 EXPORT_SYMBOL(km_policy_expired);
1830
1831 #ifdef CONFIG_XFRM_MIGRATE
1832 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1833                struct xfrm_migrate *m, int num_migrate)
1834 {
1835         int err = -EINVAL;
1836         int ret;
1837         struct xfrm_mgr *km;
1838
1839         read_lock(&xfrm_km_lock);
1840         list_for_each_entry(km, &xfrm_km_list, list) {
1841                 if (km->migrate) {
1842                         ret = km->migrate(sel, dir, type, m, num_migrate);
1843                         if (!ret)
1844                                 err = ret;
1845                 }
1846         }
1847         read_unlock(&xfrm_km_lock);
1848         return err;
1849 }
1850 EXPORT_SYMBOL(km_migrate);
1851 #endif
1852
1853 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1854 {
1855         int err = -EINVAL;
1856         int ret;
1857         struct xfrm_mgr *km;
1858
1859         read_lock(&xfrm_km_lock);
1860         list_for_each_entry(km, &xfrm_km_list, list) {
1861                 if (km->report) {
1862                         ret = km->report(proto, sel, addr);
1863                         if (!ret)
1864                                 err = ret;
1865                 }
1866         }
1867         read_unlock(&xfrm_km_lock);
1868         return err;
1869 }
1870 EXPORT_SYMBOL(km_report);
1871
1872 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1873 {
1874         int err;
1875         u8 *data;
1876         struct xfrm_mgr *km;
1877         struct xfrm_policy *pol = NULL;
1878
1879         if (optlen <= 0 || optlen > PAGE_SIZE)
1880                 return -EMSGSIZE;
1881
1882         data = kmalloc(optlen, GFP_KERNEL);
1883         if (!data)
1884                 return -ENOMEM;
1885
1886         err = -EFAULT;
1887         if (copy_from_user(data, optval, optlen))
1888                 goto out;
1889
1890         err = -EINVAL;
1891         read_lock(&xfrm_km_lock);
1892         list_for_each_entry(km, &xfrm_km_list, list) {
1893                 pol = km->compile_policy(sk, optname, data,
1894                                          optlen, &err);
1895                 if (err >= 0)
1896                         break;
1897         }
1898         read_unlock(&xfrm_km_lock);
1899
1900         if (err >= 0) {
1901                 xfrm_sk_policy_insert(sk, err, pol);
1902                 xfrm_pol_put(pol);
1903                 err = 0;
1904         }
1905
1906 out:
1907         kfree(data);
1908         return err;
1909 }
1910 EXPORT_SYMBOL(xfrm_user_policy);
1911
1912 int xfrm_register_km(struct xfrm_mgr *km)
1913 {
1914         write_lock_bh(&xfrm_km_lock);
1915         list_add_tail(&km->list, &xfrm_km_list);
1916         write_unlock_bh(&xfrm_km_lock);
1917         return 0;
1918 }
1919 EXPORT_SYMBOL(xfrm_register_km);
1920
1921 int xfrm_unregister_km(struct xfrm_mgr *km)
1922 {
1923         write_lock_bh(&xfrm_km_lock);
1924         list_del(&km->list);
1925         write_unlock_bh(&xfrm_km_lock);
1926         return 0;
1927 }
1928 EXPORT_SYMBOL(xfrm_unregister_km);
1929
1930 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1931 {
1932         int err = 0;
1933         if (unlikely(afinfo == NULL))
1934                 return -EINVAL;
1935         if (unlikely(afinfo->family >= NPROTO))
1936                 return -EAFNOSUPPORT;
1937         write_lock_bh(&xfrm_state_afinfo_lock);
1938         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1939                 err = -ENOBUFS;
1940         else
1941                 xfrm_state_afinfo[afinfo->family] = afinfo;
1942         write_unlock_bh(&xfrm_state_afinfo_lock);
1943         return err;
1944 }
1945 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1946
1947 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1948 {
1949         int err = 0;
1950         if (unlikely(afinfo == NULL))
1951                 return -EINVAL;
1952         if (unlikely(afinfo->family >= NPROTO))
1953                 return -EAFNOSUPPORT;
1954         write_lock_bh(&xfrm_state_afinfo_lock);
1955         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1956                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1957                         err = -EINVAL;
1958                 else
1959                         xfrm_state_afinfo[afinfo->family] = NULL;
1960         }
1961         write_unlock_bh(&xfrm_state_afinfo_lock);
1962         return err;
1963 }
1964 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1965
1966 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1967 {
1968         struct xfrm_state_afinfo *afinfo;
1969         if (unlikely(family >= NPROTO))
1970                 return NULL;
1971         read_lock(&xfrm_state_afinfo_lock);
1972         afinfo = xfrm_state_afinfo[family];
1973         if (unlikely(!afinfo))
1974                 read_unlock(&xfrm_state_afinfo_lock);
1975         return afinfo;
1976 }
1977
1978 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1979         __releases(xfrm_state_afinfo_lock)
1980 {
1981         read_unlock(&xfrm_state_afinfo_lock);
1982 }
1983
1984 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1985 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1986 {
1987         if (x->tunnel) {
1988                 struct xfrm_state *t = x->tunnel;
1989
1990                 if (atomic_read(&t->tunnel_users) == 2)
1991                         xfrm_state_delete(t);
1992                 atomic_dec(&t->tunnel_users);
1993                 xfrm_state_put(t);
1994                 x->tunnel = NULL;
1995         }
1996 }
1997 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1998
1999 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
2000 {
2001         int res;
2002
2003         spin_lock_bh(&x->lock);
2004         if (x->km.state == XFRM_STATE_VALID &&
2005             x->type && x->type->get_mtu)
2006                 res = x->type->get_mtu(x, mtu);
2007         else
2008                 res = mtu - x->props.header_len;
2009         spin_unlock_bh(&x->lock);
2010         return res;
2011 }
2012
2013 int xfrm_init_state(struct xfrm_state *x)
2014 {
2015         struct xfrm_state_afinfo *afinfo;
2016         struct xfrm_mode *inner_mode;
2017         int family = x->props.family;
2018         int err;
2019
2020         err = -EAFNOSUPPORT;
2021         afinfo = xfrm_state_get_afinfo(family);
2022         if (!afinfo)
2023                 goto error;
2024
2025         err = 0;
2026         if (afinfo->init_flags)
2027                 err = afinfo->init_flags(x);
2028
2029         xfrm_state_put_afinfo(afinfo);
2030
2031         if (err)
2032                 goto error;
2033
2034         err = -EPROTONOSUPPORT;
2035
2036         if (x->sel.family != AF_UNSPEC) {
2037                 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2038                 if (inner_mode == NULL)
2039                         goto error;
2040
2041                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2042                     family != x->sel.family) {
2043                         xfrm_put_mode(inner_mode);
2044                         goto error;
2045                 }
2046
2047                 x->inner_mode = inner_mode;
2048         } else {
2049                 struct xfrm_mode *inner_mode_iaf;
2050
2051                 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2052                 if (inner_mode == NULL)
2053                         goto error;
2054
2055                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2056                         xfrm_put_mode(inner_mode);
2057                         goto error;
2058                 }
2059
2060                 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2061                 if (inner_mode_iaf == NULL)
2062                         goto error;
2063
2064                 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2065                         xfrm_put_mode(inner_mode_iaf);
2066                         goto error;
2067                 }
2068
2069                 if (x->props.family == AF_INET) {
2070                         x->inner_mode = inner_mode;
2071                         x->inner_mode_iaf = inner_mode_iaf;
2072                 } else {
2073                         x->inner_mode = inner_mode_iaf;
2074                         x->inner_mode_iaf = inner_mode;
2075                 }
2076         }
2077
2078         x->type = xfrm_get_type(x->id.proto, family);
2079         if (x->type == NULL)
2080                 goto error;
2081
2082         err = x->type->init_state(x);
2083         if (err)
2084                 goto error;
2085
2086         x->outer_mode = xfrm_get_mode(x->props.mode, family);
2087         if (x->outer_mode == NULL)
2088                 goto error;
2089
2090         x->km.state = XFRM_STATE_VALID;
2091
2092 error:
2093         return err;
2094 }
2095
2096 EXPORT_SYMBOL(xfrm_init_state);
2097
2098 void __init xfrm_state_init(void)
2099 {
2100         unsigned int sz;
2101
2102         sz = sizeof(struct hlist_head) * 8;
2103
2104         xfrm_state_bydst = xfrm_hash_alloc(sz);
2105         xfrm_state_bysrc = xfrm_hash_alloc(sz);
2106         xfrm_state_byspi = xfrm_hash_alloc(sz);
2107         if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
2108                 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
2109         xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2110
2111         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
2112 }
2113
2114 #ifdef CONFIG_AUDITSYSCALL
2115 static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2116                                      struct audit_buffer *audit_buf)
2117 {
2118         struct xfrm_sec_ctx *ctx = x->security;
2119         u32 spi = ntohl(x->id.spi);
2120
2121         if (ctx)
2122                 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2123                                  ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2124
2125         switch(x->props.family) {
2126         case AF_INET:
2127                 audit_log_format(audit_buf,
2128                                  " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2129                                  NIPQUAD(x->props.saddr.a4),
2130                                  NIPQUAD(x->id.daddr.a4));
2131                 break;
2132         case AF_INET6:
2133                 audit_log_format(audit_buf,
2134                                  " src=" NIP6_FMT " dst=" NIP6_FMT,
2135                                  NIP6(*(struct in6_addr *)x->props.saddr.a6),
2136                                  NIP6(*(struct in6_addr *)x->id.daddr.a6));
2137                 break;
2138         }
2139
2140         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2141 }
2142
2143 static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2144                                       struct audit_buffer *audit_buf)
2145 {
2146         struct iphdr *iph4;
2147         struct ipv6hdr *iph6;
2148
2149         switch (family) {
2150         case AF_INET:
2151                 iph4 = ip_hdr(skb);
2152                 audit_log_format(audit_buf,
2153                                  " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2154                                  NIPQUAD(iph4->saddr),
2155                                  NIPQUAD(iph4->daddr));
2156                 break;
2157         case AF_INET6:
2158                 iph6 = ipv6_hdr(skb);
2159                 audit_log_format(audit_buf,
2160                                  " src=" NIP6_FMT " dst=" NIP6_FMT
2161                                  " flowlbl=0x%x%02x%02x",
2162                                  NIP6(iph6->saddr),
2163                                  NIP6(iph6->daddr),
2164                                  iph6->flow_lbl[0] & 0x0f,
2165                                  iph6->flow_lbl[1],
2166                                  iph6->flow_lbl[2]);
2167                 break;
2168         }
2169 }
2170
2171 void xfrm_audit_state_add(struct xfrm_state *x, int result,
2172                           uid_t auid, u32 sessionid, u32 secid)
2173 {
2174         struct audit_buffer *audit_buf;
2175
2176         audit_buf = xfrm_audit_start("SAD-add");
2177         if (audit_buf == NULL)
2178                 return;
2179         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2180         xfrm_audit_helper_sainfo(x, audit_buf);
2181         audit_log_format(audit_buf, " res=%u", result);
2182         audit_log_end(audit_buf);
2183 }
2184 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2185
2186 void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2187                              uid_t auid, u32 sessionid, u32 secid)
2188 {
2189         struct audit_buffer *audit_buf;
2190
2191         audit_buf = xfrm_audit_start("SAD-delete");
2192         if (audit_buf == NULL)
2193                 return;
2194         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2195         xfrm_audit_helper_sainfo(x, audit_buf);
2196         audit_log_format(audit_buf, " res=%u", result);
2197         audit_log_end(audit_buf);
2198 }
2199 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2200
2201 void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2202                                       struct sk_buff *skb)
2203 {
2204         struct audit_buffer *audit_buf;
2205         u32 spi;
2206
2207         audit_buf = xfrm_audit_start("SA-replay-overflow");
2208         if (audit_buf == NULL)
2209                 return;
2210         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2211         /* don't record the sequence number because it's inherent in this kind
2212          * of audit message */
2213         spi = ntohl(x->id.spi);
2214         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2215         audit_log_end(audit_buf);
2216 }
2217 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2218
2219 static void xfrm_audit_state_replay(struct xfrm_state *x,
2220                              struct sk_buff *skb, __be32 net_seq)
2221 {
2222         struct audit_buffer *audit_buf;
2223         u32 spi;
2224
2225         audit_buf = xfrm_audit_start("SA-replayed-pkt");
2226         if (audit_buf == NULL)
2227                 return;
2228         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2229         spi = ntohl(x->id.spi);
2230         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2231                          spi, spi, ntohl(net_seq));
2232         audit_log_end(audit_buf);
2233 }
2234
2235 void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2236 {
2237         struct audit_buffer *audit_buf;
2238
2239         audit_buf = xfrm_audit_start("SA-notfound");
2240         if (audit_buf == NULL)
2241                 return;
2242         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2243         audit_log_end(audit_buf);
2244 }
2245 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2246
2247 void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2248                                __be32 net_spi, __be32 net_seq)
2249 {
2250         struct audit_buffer *audit_buf;
2251         u32 spi;
2252
2253         audit_buf = xfrm_audit_start("SA-notfound");
2254         if (audit_buf == NULL)
2255                 return;
2256         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2257         spi = ntohl(net_spi);
2258         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2259                          spi, spi, ntohl(net_seq));
2260         audit_log_end(audit_buf);
2261 }
2262 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2263
2264 void xfrm_audit_state_icvfail(struct xfrm_state *x,
2265                               struct sk_buff *skb, u8 proto)
2266 {
2267         struct audit_buffer *audit_buf;
2268         __be32 net_spi;
2269         __be32 net_seq;
2270
2271         audit_buf = xfrm_audit_start("SA-icv-failure");
2272         if (audit_buf == NULL)
2273                 return;
2274         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2275         if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2276                 u32 spi = ntohl(net_spi);
2277                 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2278                                  spi, spi, ntohl(net_seq));
2279         }
2280         audit_log_end(audit_buf);
2281 }
2282 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2283 #endif /* CONFIG_AUDITSYSCALL */
Full containers within linux kernel