git://ftp.safe.ca / safe / jmp / linux-2.6 / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ipsec: Use RCU-like construct for saved state within a walk
[safe/jmp/linux-2.6] / net / xfrm / xfrm_state.c
1 /*
2  * xfrm_state.c
3  *
4  * Changes:
5  *      Mitsuru KANDA @USAGI
6  *      Kazunori MIYAZAWA @USAGI
7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8  *              IPv6 support
9  *      YOSHIFUJI Hideaki @USAGI
10  *              Split up af-specific functions
11  *      Derek Atkins <derek@ihtfp.com>
12  *              Add UDP Encapsulation
13  *
14  */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <linux/cache.h>
22 #include <linux/audit.h>
23 #include <asm/uaccess.h>
24
25 #include "xfrm_hash.h"
26
27 struct sock *xfrm_nl;
28 EXPORT_SYMBOL(xfrm_nl);
29
30 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
31 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
33 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
34 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
36 u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
38 /* Each xfrm_state may be linked to two tables:
39
40    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
41    2. Hash table by (daddr,family,reqid) to find what SAs exist for given
42       destination/tunnel endpoint. (output)
43  */
44
45 static DEFINE_SPINLOCK(xfrm_state_lock);
46
47 /* Hash table to find appropriate SA towards given target (endpoint
48  * of tunnel or destination of transport mode) allowed by selector.
49  *
50  * Main use is finding SA after policy selected tunnel or transport mode.
51  * Also, it can be used by ah/esp icmp error handler to find offending SA.
52  */
53 static LIST_HEAD(xfrm_state_all);
54 static struct hlist_head *xfrm_state_bydst __read_mostly;
55 static struct hlist_head *xfrm_state_bysrc __read_mostly;
56 static struct hlist_head *xfrm_state_byspi __read_mostly;
57 static unsigned int xfrm_state_hmask __read_mostly;
58 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
59 static unsigned int xfrm_state_num;
60 static unsigned int xfrm_state_genid;
61
62 /* Counter indicating ongoing walk, protected by xfrm_state_lock. */
63 static unsigned long xfrm_state_walk_ongoing;
64 /* Counter indicating walk completion, protected by xfrm_cfg_mutex. */
65 static unsigned long xfrm_state_walk_completed;
66
67 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
68 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
69
70 #ifdef CONFIG_AUDITSYSCALL
71 static void xfrm_audit_state_replay(struct xfrm_state *x,
72                                     struct sk_buff *skb, __be32 net_seq);
73 #else
74 #define xfrm_audit_state_replay(x, s, sq)       do { ; } while (0)
75 #endif /* CONFIG_AUDITSYSCALL */
76
77 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
78                                          xfrm_address_t *saddr,
79                                          u32 reqid,
80                                          unsigned short family)
81 {
82         return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
83 }
84
85 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
86                                          xfrm_address_t *saddr,
87                                          unsigned short family)
88 {
89         return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
90 }
91
92 static inline unsigned int
93 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
94 {
95         return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
96 }
97
98 static void xfrm_hash_transfer(struct hlist_head *list,
99                                struct hlist_head *ndsttable,
100                                struct hlist_head *nsrctable,
101                                struct hlist_head *nspitable,
102                                unsigned int nhashmask)
103 {
104         struct hlist_node *entry, *tmp;
105         struct xfrm_state *x;
106
107         hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
108                 unsigned int h;
109
110                 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
111                                     x->props.reqid, x->props.family,
112                                     nhashmask);
113                 hlist_add_head(&x->bydst, ndsttable+h);
114
115                 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
116                                     x->props.family,
117                                     nhashmask);
118                 hlist_add_head(&x->bysrc, nsrctable+h);
119
120                 if (x->id.spi) {
121                         h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
122                                             x->id.proto, x->props.family,
123                                             nhashmask);
124                         hlist_add_head(&x->byspi, nspitable+h);
125                 }
126         }
127 }
128
129 static unsigned long xfrm_hash_new_size(void)
130 {
131         return ((xfrm_state_hmask + 1) << 1) *
132                 sizeof(struct hlist_head);
133 }
134
135 static DEFINE_MUTEX(hash_resize_mutex);
136
137 static void xfrm_hash_resize(struct work_struct *__unused)
138 {
139         struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
140         unsigned long nsize, osize;
141         unsigned int nhashmask, ohashmask;
142         int i;
143
144         mutex_lock(&hash_resize_mutex);
145
146         nsize = xfrm_hash_new_size();
147         ndst = xfrm_hash_alloc(nsize);
148         if (!ndst)
149                 goto out_unlock;
150         nsrc = xfrm_hash_alloc(nsize);
151         if (!nsrc) {
152                 xfrm_hash_free(ndst, nsize);
153                 goto out_unlock;
154         }
155         nspi = xfrm_hash_alloc(nsize);
156         if (!nspi) {
157                 xfrm_hash_free(ndst, nsize);
158                 xfrm_hash_free(nsrc, nsize);
159                 goto out_unlock;
160         }
161
162         spin_lock_bh(&xfrm_state_lock);
163
164         nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
165         for (i = xfrm_state_hmask; i >= 0; i--)
166                 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
167                                    nhashmask);
168
169         odst = xfrm_state_bydst;
170         osrc = xfrm_state_bysrc;
171         ospi = xfrm_state_byspi;
172         ohashmask = xfrm_state_hmask;
173
174         xfrm_state_bydst = ndst;
175         xfrm_state_bysrc = nsrc;
176         xfrm_state_byspi = nspi;
177         xfrm_state_hmask = nhashmask;
178
179         spin_unlock_bh(&xfrm_state_lock);
180
181         osize = (ohashmask + 1) * sizeof(struct hlist_head);
182         xfrm_hash_free(odst, osize);
183         xfrm_hash_free(osrc, osize);
184         xfrm_hash_free(ospi, osize);
185
186 out_unlock:
187         mutex_unlock(&hash_resize_mutex);
188 }
189
190 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
191
192 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
193 EXPORT_SYMBOL(km_waitq);
194
195 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
196 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
197
198 static struct work_struct xfrm_state_gc_work;
199 static LIST_HEAD(xfrm_state_gc_leftovers);
200 static LIST_HEAD(xfrm_state_gc_list);
201 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
202
203 int __xfrm_state_delete(struct xfrm_state *x);
204
205 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
206 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
207
208 static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
209 {
210         struct xfrm_state_afinfo *afinfo;
211         if (unlikely(family >= NPROTO))
212                 return NULL;
213         write_lock_bh(&xfrm_state_afinfo_lock);
214         afinfo = xfrm_state_afinfo[family];
215         if (unlikely(!afinfo))
216                 write_unlock_bh(&xfrm_state_afinfo_lock);
217         return afinfo;
218 }
219
220 static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
221         __releases(xfrm_state_afinfo_lock)
222 {
223         write_unlock_bh(&xfrm_state_afinfo_lock);
224 }
225
226 int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
227 {
228         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
229         const struct xfrm_type **typemap;
230         int err = 0;
231
232         if (unlikely(afinfo == NULL))
233                 return -EAFNOSUPPORT;
234         typemap = afinfo->type_map;
235
236         if (likely(typemap[type->proto] == NULL))
237                 typemap[type->proto] = type;
238         else
239                 err = -EEXIST;
240         xfrm_state_unlock_afinfo(afinfo);
241         return err;
242 }
243 EXPORT_SYMBOL(xfrm_register_type);
244
245 int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
246 {
247         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
248         const struct xfrm_type **typemap;
249         int err = 0;
250
251         if (unlikely(afinfo == NULL))
252                 return -EAFNOSUPPORT;
253         typemap = afinfo->type_map;
254
255         if (unlikely(typemap[type->proto] != type))
256                 err = -ENOENT;
257         else
258                 typemap[type->proto] = NULL;
259         xfrm_state_unlock_afinfo(afinfo);
260         return err;
261 }
262 EXPORT_SYMBOL(xfrm_unregister_type);
263
264 static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
265 {
266         struct xfrm_state_afinfo *afinfo;
267         const struct xfrm_type **typemap;
268         const struct xfrm_type *type;
269         int modload_attempted = 0;
270
271 retry:
272         afinfo = xfrm_state_get_afinfo(family);
273         if (unlikely(afinfo == NULL))
274                 return NULL;
275         typemap = afinfo->type_map;
276
277         type = typemap[proto];
278         if (unlikely(type && !try_module_get(type->owner)))
279                 type = NULL;
280         if (!type && !modload_attempted) {
281                 xfrm_state_put_afinfo(afinfo);
282                 request_module("xfrm-type-%d-%d", family, proto);
283                 modload_attempted = 1;
284                 goto retry;
285         }
286
287         xfrm_state_put_afinfo(afinfo);
288         return type;
289 }
290
291 static void xfrm_put_type(const struct xfrm_type *type)
292 {
293         module_put(type->owner);
294 }
295
296 int xfrm_register_mode(struct xfrm_mode *mode, int family)
297 {
298         struct xfrm_state_afinfo *afinfo;
299         struct xfrm_mode **modemap;
300         int err;
301
302         if (unlikely(mode->encap >= XFRM_MODE_MAX))
303                 return -EINVAL;
304
305         afinfo = xfrm_state_lock_afinfo(family);
306         if (unlikely(afinfo == NULL))
307                 return -EAFNOSUPPORT;
308
309         err = -EEXIST;
310         modemap = afinfo->mode_map;
311         if (modemap[mode->encap])
312                 goto out;
313
314         err = -ENOENT;
315         if (!try_module_get(afinfo->owner))
316                 goto out;
317
318         mode->afinfo = afinfo;
319         modemap[mode->encap] = mode;
320         err = 0;
321
322 out:
323         xfrm_state_unlock_afinfo(afinfo);
324         return err;
325 }
326 EXPORT_SYMBOL(xfrm_register_mode);
327
328 int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
329 {
330         struct xfrm_state_afinfo *afinfo;
331         struct xfrm_mode **modemap;
332         int err;
333
334         if (unlikely(mode->encap >= XFRM_MODE_MAX))
335                 return -EINVAL;
336
337         afinfo = xfrm_state_lock_afinfo(family);
338         if (unlikely(afinfo == NULL))
339                 return -EAFNOSUPPORT;
340
341         err = -ENOENT;
342         modemap = afinfo->mode_map;
343         if (likely(modemap[mode->encap] == mode)) {
344                 modemap[mode->encap] = NULL;
345                 module_put(mode->afinfo->owner);
346                 err = 0;
347         }
348
349         xfrm_state_unlock_afinfo(afinfo);
350         return err;
351 }
352 EXPORT_SYMBOL(xfrm_unregister_mode);
353
354 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
355 {
356         struct xfrm_state_afinfo *afinfo;
357         struct xfrm_mode *mode;
358         int modload_attempted = 0;
359
360         if (unlikely(encap >= XFRM_MODE_MAX))
361                 return NULL;
362
363 retry:
364         afinfo = xfrm_state_get_afinfo(family);
365         if (unlikely(afinfo == NULL))
366                 return NULL;
367
368         mode = afinfo->mode_map[encap];
369         if (unlikely(mode && !try_module_get(mode->owner)))
370                 mode = NULL;
371         if (!mode && !modload_attempted) {
372                 xfrm_state_put_afinfo(afinfo);
373                 request_module("xfrm-mode-%d-%d", family, encap);
374                 modload_attempted = 1;
375                 goto retry;
376         }
377
378         xfrm_state_put_afinfo(afinfo);
379         return mode;
380 }
381
382 static void xfrm_put_mode(struct xfrm_mode *mode)
383 {
384         module_put(mode->owner);
385 }
386
387 static void xfrm_state_gc_destroy(struct xfrm_state *x)
388 {
389         del_timer_sync(&x->timer);
390         del_timer_sync(&x->rtimer);
391         kfree(x->aalg);
392         kfree(x->ealg);
393         kfree(x->calg);
394         kfree(x->encap);
395         kfree(x->coaddr);
396         if (x->inner_mode)
397                 xfrm_put_mode(x->inner_mode);
398         if (x->inner_mode_iaf)
399                 xfrm_put_mode(x->inner_mode_iaf);
400         if (x->outer_mode)
401                 xfrm_put_mode(x->outer_mode);
402         if (x->type) {
403                 x->type->destructor(x);
404                 xfrm_put_type(x->type);
405         }
406         security_xfrm_state_free(x);
407         kfree(x);
408 }
409
410 static void xfrm_state_gc_task(struct work_struct *data)
411 {
412         struct xfrm_state *x, *tmp;
413         unsigned long completed;
414
415         mutex_lock(&xfrm_cfg_mutex);
416         spin_lock_bh(&xfrm_state_gc_lock);
417         list_splice_tail_init(&xfrm_state_gc_list, &xfrm_state_gc_leftovers);
418         spin_unlock_bh(&xfrm_state_gc_lock);
419
420         completed = xfrm_state_walk_completed;
421         mutex_unlock(&xfrm_cfg_mutex);
422
423         list_for_each_entry_safe(x, tmp, &xfrm_state_gc_leftovers, gclist) {
424                 if ((long)(x->lastused - completed) > 0)
425                         break;
426                 xfrm_state_gc_destroy(x);
427         }
428
429         wake_up(&km_waitq);
430 }
431
432 static inline unsigned long make_jiffies(long secs)
433 {
434         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
435                 return MAX_SCHEDULE_TIMEOUT-1;
436         else
437                 return secs*HZ;
438 }
439
440 static void xfrm_timer_handler(unsigned long data)
441 {
442         struct xfrm_state *x = (struct xfrm_state*)data;
443         unsigned long now = get_seconds();
444         long next = LONG_MAX;
445         int warn = 0;
446         int err = 0;
447
448         spin_lock(&x->lock);
449         if (x->km.state == XFRM_STATE_DEAD)
450                 goto out;
451         if (x->km.state == XFRM_STATE_EXPIRED)
452                 goto expired;
453         if (x->lft.hard_add_expires_seconds) {
454                 long tmo = x->lft.hard_add_expires_seconds +
455                         x->curlft.add_time - now;
456                 if (tmo <= 0)
457                         goto expired;
458                 if (tmo < next)
459                         next = tmo;
460         }
461         if (x->lft.hard_use_expires_seconds) {
462                 long tmo = x->lft.hard_use_expires_seconds +
463                         (x->curlft.use_time ? : now) - now;
464                 if (tmo <= 0)
465                         goto expired;
466                 if (tmo < next)
467                         next = tmo;
468         }
469         if (x->km.dying)
470                 goto resched;
471         if (x->lft.soft_add_expires_seconds) {
472                 long tmo = x->lft.soft_add_expires_seconds +
473                         x->curlft.add_time - now;
474                 if (tmo <= 0)
475                         warn = 1;
476                 else if (tmo < next)
477                         next = tmo;
478         }
479         if (x->lft.soft_use_expires_seconds) {
480                 long tmo = x->lft.soft_use_expires_seconds +
481                         (x->curlft.use_time ? : now) - now;
482                 if (tmo <= 0)
483                         warn = 1;
484                 else if (tmo < next)
485                         next = tmo;
486         }
487
488         x->km.dying = warn;
489         if (warn)
490                 km_state_expired(x, 0, 0);
491 resched:
492         if (next != LONG_MAX)
493                 mod_timer(&x->timer, jiffies + make_jiffies(next));
494
495         goto out;
496
497 expired:
498         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
499                 x->km.state = XFRM_STATE_EXPIRED;
500                 wake_up(&km_waitq);
501                 next = 2;
502                 goto resched;
503         }
504
505         err = __xfrm_state_delete(x);
506         if (!err && x->id.spi)
507                 km_state_expired(x, 1, 0);
508
509         xfrm_audit_state_delete(x, err ? 0 : 1,
510                                 audit_get_loginuid(current),
511                                 audit_get_sessionid(current), 0);
512
513 out:
514         spin_unlock(&x->lock);
515 }
516
517 static void xfrm_replay_timer_handler(unsigned long data);
518
519 struct xfrm_state *xfrm_state_alloc(void)
520 {
521         struct xfrm_state *x;
522
523         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
524
525         if (x) {
526                 atomic_set(&x->refcnt, 1);
527                 atomic_set(&x->tunnel_users, 0);
528                 INIT_LIST_HEAD(&x->all);
529                 INIT_HLIST_NODE(&x->bydst);
530                 INIT_HLIST_NODE(&x->bysrc);
531                 INIT_HLIST_NODE(&x->byspi);
532                 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
533                 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
534                                 (unsigned long)x);
535                 x->curlft.add_time = get_seconds();
536                 x->lft.soft_byte_limit = XFRM_INF;
537                 x->lft.soft_packet_limit = XFRM_INF;
538                 x->lft.hard_byte_limit = XFRM_INF;
539                 x->lft.hard_packet_limit = XFRM_INF;
540                 x->replay_maxage = 0;
541                 x->replay_maxdiff = 0;
542                 x->inner_mode = NULL;
543                 x->inner_mode_iaf = NULL;
544                 spin_lock_init(&x->lock);
545         }
546         return x;
547 }
548 EXPORT_SYMBOL(xfrm_state_alloc);
549
550 void __xfrm_state_destroy(struct xfrm_state *x)
551 {
552         WARN_ON(x->km.state != XFRM_STATE_DEAD);
553
554         spin_lock_bh(&xfrm_state_gc_lock);
555         list_add_tail(&x->gclist, &xfrm_state_gc_list);
556         spin_unlock_bh(&xfrm_state_gc_lock);
557         schedule_work(&xfrm_state_gc_work);
558 }
559 EXPORT_SYMBOL(__xfrm_state_destroy);
560
561 int __xfrm_state_delete(struct xfrm_state *x)
562 {
563         int err = -ESRCH;
564
565         if (x->km.state != XFRM_STATE_DEAD) {
566                 x->km.state = XFRM_STATE_DEAD;
567                 spin_lock(&xfrm_state_lock);
568                 x->lastused = xfrm_state_walk_ongoing;
569                 list_del_rcu(&x->all);
570                 hlist_del(&x->bydst);
571                 hlist_del(&x->bysrc);
572                 if (x->id.spi)
573                         hlist_del(&x->byspi);
574                 xfrm_state_num--;
575                 spin_unlock(&xfrm_state_lock);
576
577                 /* All xfrm_state objects are created by xfrm_state_alloc.
578                  * The xfrm_state_alloc call gives a reference, and that
579                  * is what we are dropping here.
580                  */
581                 xfrm_state_put(x);
582                 err = 0;
583         }
584
585         return err;
586 }
587 EXPORT_SYMBOL(__xfrm_state_delete);
588
589 int xfrm_state_delete(struct xfrm_state *x)
590 {
591         int err;
592
593         spin_lock_bh(&x->lock);
594         err = __xfrm_state_delete(x);
595         spin_unlock_bh(&x->lock);
596
597         return err;
598 }
599 EXPORT_SYMBOL(xfrm_state_delete);
600
601 #ifdef CONFIG_SECURITY_NETWORK_XFRM
602 static inline int
603 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
604 {
605         int i, err = 0;
606
607         for (i = 0; i <= xfrm_state_hmask; i++) {
608                 struct hlist_node *entry;
609                 struct xfrm_state *x;
610
611                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
612                         if (xfrm_id_proto_match(x->id.proto, proto) &&
613                            (err = security_xfrm_state_delete(x)) != 0) {
614                                 xfrm_audit_state_delete(x, 0,
615                                                         audit_info->loginuid,
616                                                         audit_info->sessionid,
617                                                         audit_info->secid);
618                                 return err;
619                         }
620                 }
621         }
622
623         return err;
624 }
625 #else
626 static inline int
627 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
628 {
629         return 0;
630 }
631 #endif
632
633 int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
634 {
635         int i, err = 0;
636
637         spin_lock_bh(&xfrm_state_lock);
638         err = xfrm_state_flush_secctx_check(proto, audit_info);
639         if (err)
640                 goto out;
641
642         for (i = 0; i <= xfrm_state_hmask; i++) {
643                 struct hlist_node *entry;
644                 struct xfrm_state *x;
645 restart:
646                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
647                         if (!xfrm_state_kern(x) &&
648                             xfrm_id_proto_match(x->id.proto, proto)) {
649                                 xfrm_state_hold(x);
650                                 spin_unlock_bh(&xfrm_state_lock);
651
652                                 err = xfrm_state_delete(x);
653                                 xfrm_audit_state_delete(x, err ? 0 : 1,
654                                                         audit_info->loginuid,
655                                                         audit_info->sessionid,
656                                                         audit_info->secid);
657                                 xfrm_state_put(x);
658
659                                 spin_lock_bh(&xfrm_state_lock);
660                                 goto restart;
661                         }
662                 }
663         }
664         err = 0;
665
666 out:
667         spin_unlock_bh(&xfrm_state_lock);
668         wake_up(&km_waitq);
669         return err;
670 }
671 EXPORT_SYMBOL(xfrm_state_flush);
672
673 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
674 {
675         spin_lock_bh(&xfrm_state_lock);
676         si->sadcnt = xfrm_state_num;
677         si->sadhcnt = xfrm_state_hmask;
678         si->sadhmcnt = xfrm_state_hashmax;
679         spin_unlock_bh(&xfrm_state_lock);
680 }
681 EXPORT_SYMBOL(xfrm_sad_getinfo);
682
683 static int
684 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
685                   struct xfrm_tmpl *tmpl,
686                   xfrm_address_t *daddr, xfrm_address_t *saddr,
687                   unsigned short family)
688 {
689         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
690         if (!afinfo)
691                 return -1;
692         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
693         xfrm_state_put_afinfo(afinfo);
694         return 0;
695 }
696
697 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
698 {
699         unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
700         struct xfrm_state *x;
701         struct hlist_node *entry;
702
703         hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
704                 if (x->props.family != family ||
705                     x->id.spi       != spi ||
706                     x->id.proto     != proto)
707                         continue;
708
709                 switch (family) {
710                 case AF_INET:
711                         if (x->id.daddr.a4 != daddr->a4)
712                                 continue;
713                         break;
714                 case AF_INET6:
715                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
716                                              (struct in6_addr *)
717                                              x->id.daddr.a6))
718                                 continue;
719                         break;
720                 }
721
722                 xfrm_state_hold(x);
723                 return x;
724         }
725
726         return NULL;
727 }
728
729 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
730 {
731         unsigned int h = xfrm_src_hash(daddr, saddr, family);
732         struct xfrm_state *x;
733         struct hlist_node *entry;
734
735         hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
736                 if (x->props.family != family ||
737                     x->id.proto     != proto)
738                         continue;
739
740                 switch (family) {
741                 case AF_INET:
742                         if (x->id.daddr.a4 != daddr->a4 ||
743                             x->props.saddr.a4 != saddr->a4)
744                                 continue;
745                         break;
746                 case AF_INET6:
747                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
748                                              (struct in6_addr *)
749                                              x->id.daddr.a6) ||
750                             !ipv6_addr_equal((struct in6_addr *)saddr,
751                                              (struct in6_addr *)
752                                              x->props.saddr.a6))
753                                 continue;
754                         break;
755                 }
756
757                 xfrm_state_hold(x);
758                 return x;
759         }
760
761         return NULL;
762 }
763
764 static inline struct xfrm_state *
765 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
766 {
767         if (use_spi)
768                 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
769                                            x->id.proto, family);
770         else
771                 return __xfrm_state_lookup_byaddr(&x->id.daddr,
772                                                   &x->props.saddr,
773                                                   x->id.proto, family);
774 }
775
776 static void xfrm_hash_grow_check(int have_hash_collision)
777 {
778         if (have_hash_collision &&
779             (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
780             xfrm_state_num > xfrm_state_hmask)
781                 schedule_work(&xfrm_hash_work);
782 }
783
784 struct xfrm_state *
785 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
786                 struct flowi *fl, struct xfrm_tmpl *tmpl,
787                 struct xfrm_policy *pol, int *err,
788                 unsigned short family)
789 {
790         unsigned int h;
791         struct hlist_node *entry;
792         struct xfrm_state *x, *x0, *to_put;
793         int acquire_in_progress = 0;
794         int error = 0;
795         struct xfrm_state *best = NULL;
796
797         to_put = NULL;
798
799         spin_lock_bh(&xfrm_state_lock);
800         h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
801         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
802                 if (x->props.family == family &&
803                     x->props.reqid == tmpl->reqid &&
804                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
805                     xfrm_state_addr_check(x, daddr, saddr, family) &&
806                     tmpl->mode == x->props.mode &&
807                     tmpl->id.proto == x->id.proto &&
808                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
809                         /* Resolution logic:
810                            1. There is a valid state with matching selector.
811                               Done.
812                            2. Valid state with inappropriate selector. Skip.
813
814                            Entering area of "sysdeps".
815
816                            3. If state is not valid, selector is temporary,
817                               it selects only session which triggered
818                               previous resolution. Key manager will do
819                               something to install a state with proper
820                               selector.
821                          */
822                         if (x->km.state == XFRM_STATE_VALID) {
823                                 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
824                                     !security_xfrm_state_pol_flow_match(x, pol, fl))
825                                         continue;
826                                 if (!best ||
827                                     best->km.dying > x->km.dying ||
828                                     (best->km.dying == x->km.dying &&
829                                      best->curlft.add_time < x->curlft.add_time))
830                                         best = x;
831                         } else if (x->km.state == XFRM_STATE_ACQ) {
832                                 acquire_in_progress = 1;
833                         } else if (x->km.state == XFRM_STATE_ERROR ||
834                                    x->km.state == XFRM_STATE_EXPIRED) {
835                                 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
836                                     security_xfrm_state_pol_flow_match(x, pol, fl))
837                                         error = -ESRCH;
838                         }
839                 }
840         }
841
842         x = best;
843         if (!x && !error && !acquire_in_progress) {
844                 if (tmpl->id.spi &&
845                     (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
846                                               tmpl->id.proto, family)) != NULL) {
847                         to_put = x0;
848                         error = -EEXIST;
849                         goto out;
850                 }
851                 x = xfrm_state_alloc();
852                 if (x == NULL) {
853                         error = -ENOMEM;
854                         goto out;
855                 }
856                 /* Initialize temporary selector matching only
857                  * to current session. */
858                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
859
860                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
861                 if (error) {
862                         x->km.state = XFRM_STATE_DEAD;
863                         to_put = x;
864                         x = NULL;
865                         goto out;
866                 }
867
868                 if (km_query(x, tmpl, pol) == 0) {
869                         x->km.state = XFRM_STATE_ACQ;
870                         list_add_tail(&x->all, &xfrm_state_all);
871                         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
872                         h = xfrm_src_hash(daddr, saddr, family);
873                         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
874                         if (x->id.spi) {
875                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
876                                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
877                         }
878                         x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
879                         x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
880                         add_timer(&x->timer);
881                         xfrm_state_num++;
882                         xfrm_hash_grow_check(x->bydst.next != NULL);
883                 } else {
884                         x->km.state = XFRM_STATE_DEAD;
885                         to_put = x;
886                         x = NULL;
887                         error = -ESRCH;
888                 }
889         }
890 out:
891         if (x)
892                 xfrm_state_hold(x);
893         else
894                 *err = acquire_in_progress ? -EAGAIN : error;
895         spin_unlock_bh(&xfrm_state_lock);
896         if (to_put)
897                 xfrm_state_put(to_put);
898         return x;
899 }
900
901 struct xfrm_state *
902 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
903                     unsigned short family, u8 mode, u8 proto, u32 reqid)
904 {
905         unsigned int h;
906         struct xfrm_state *rx = NULL, *x = NULL;
907         struct hlist_node *entry;
908
909         spin_lock(&xfrm_state_lock);
910         h = xfrm_dst_hash(daddr, saddr, reqid, family);
911         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
912                 if (x->props.family == family &&
913                     x->props.reqid == reqid &&
914                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
915                     xfrm_state_addr_check(x, daddr, saddr, family) &&
916                     mode == x->props.mode &&
917                     proto == x->id.proto &&
918                     x->km.state == XFRM_STATE_VALID) {
919                         rx = x;
920                         break;
921                 }
922         }
923
924         if (rx)
925                 xfrm_state_hold(rx);
926         spin_unlock(&xfrm_state_lock);
927
928
929         return rx;
930 }
931 EXPORT_SYMBOL(xfrm_stateonly_find);
932
933 static void __xfrm_state_insert(struct xfrm_state *x)
934 {
935         unsigned int h;
936
937         x->genid = ++xfrm_state_genid;
938
939         list_add_tail(&x->all, &xfrm_state_all);
940
941         h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
942                           x->props.reqid, x->props.family);
943         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
944
945         h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
946         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
947
948         if (x->id.spi) {
949                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
950                                   x->props.family);
951
952                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
953         }
954
955         mod_timer(&x->timer, jiffies + HZ);
956         if (x->replay_maxage)
957                 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
958
959         wake_up(&km_waitq);
960
961         xfrm_state_num++;
962
963         xfrm_hash_grow_check(x->bydst.next != NULL);
964 }
965
966 /* xfrm_state_lock is held */
967 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
968 {
969         unsigned short family = xnew->props.family;
970         u32 reqid = xnew->props.reqid;
971         struct xfrm_state *x;
972         struct hlist_node *entry;
973         unsigned int h;
974
975         h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
976         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
977                 if (x->props.family     == family &&
978                     x->props.reqid      == reqid &&
979                     !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
980                     !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
981                         x->genid = xfrm_state_genid;
982         }
983 }
984
985 void xfrm_state_insert(struct xfrm_state *x)
986 {
987         spin_lock_bh(&xfrm_state_lock);
988         __xfrm_state_bump_genids(x);
989         __xfrm_state_insert(x);
990         spin_unlock_bh(&xfrm_state_lock);
991 }
992 EXPORT_SYMBOL(xfrm_state_insert);
993
994 /* xfrm_state_lock is held */
995 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
996 {
997         unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
998         struct hlist_node *entry;
999         struct xfrm_state *x;
1000
1001         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1002                 if (x->props.reqid  != reqid ||
1003                     x->props.mode   != mode ||
1004                     x->props.family != family ||
1005                     x->km.state     != XFRM_STATE_ACQ ||
1006                     x->id.spi       != 0 ||
1007                     x->id.proto     != proto)
1008                         continue;
1009
1010                 switch (family) {
1011                 case AF_INET:
1012                         if (x->id.daddr.a4    != daddr->a4 ||
1013                             x->props.saddr.a4 != saddr->a4)
1014                                 continue;
1015                         break;
1016                 case AF_INET6:
1017                         if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
1018                                              (struct in6_addr *)daddr) ||
1019                             !ipv6_addr_equal((struct in6_addr *)
1020                                              x->props.saddr.a6,
1021                                              (struct in6_addr *)saddr))
1022                                 continue;
1023                         break;
1024                 }
1025
1026                 xfrm_state_hold(x);
1027                 return x;
1028         }
1029
1030         if (!create)
1031                 return NULL;
1032
1033         x = xfrm_state_alloc();
1034         if (likely(x)) {
1035                 switch (family) {
1036                 case AF_INET:
1037                         x->sel.daddr.a4 = daddr->a4;
1038                         x->sel.saddr.a4 = saddr->a4;
1039                         x->sel.prefixlen_d = 32;
1040                         x->sel.prefixlen_s = 32;
1041                         x->props.saddr.a4 = saddr->a4;
1042                         x->id.daddr.a4 = daddr->a4;
1043                         break;
1044
1045                 case AF_INET6:
1046                         ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1047                                        (struct in6_addr *)daddr);
1048                         ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1049                                        (struct in6_addr *)saddr);
1050                         x->sel.prefixlen_d = 128;
1051                         x->sel.prefixlen_s = 128;
1052                         ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1053                                        (struct in6_addr *)saddr);
1054                         ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1055                                        (struct in6_addr *)daddr);
1056                         break;
1057                 }
1058
1059                 x->km.state = XFRM_STATE_ACQ;
1060                 x->id.proto = proto;
1061                 x->props.family = family;
1062                 x->props.mode = mode;
1063                 x->props.reqid = reqid;
1064                 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
1065                 xfrm_state_hold(x);
1066                 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1067                 add_timer(&x->timer);
1068                 list_add_tail(&x->all, &xfrm_state_all);
1069                 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
1070                 h = xfrm_src_hash(daddr, saddr, family);
1071                 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1072
1073                 xfrm_state_num++;
1074
1075                 xfrm_hash_grow_check(x->bydst.next != NULL);
1076         }
1077
1078         return x;
1079 }
1080
1081 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1082
1083 int xfrm_state_add(struct xfrm_state *x)
1084 {
1085         struct xfrm_state *x1, *to_put;
1086         int family;
1087         int err;
1088         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1089
1090         family = x->props.family;
1091
1092         to_put = NULL;
1093
1094         spin_lock_bh(&xfrm_state_lock);
1095
1096         x1 = __xfrm_state_locate(x, use_spi, family);
1097         if (x1) {
1098                 to_put = x1;
1099                 x1 = NULL;
1100                 err = -EEXIST;
1101                 goto out;
1102         }
1103
1104         if (use_spi && x->km.seq) {
1105                 x1 = __xfrm_find_acq_byseq(x->km.seq);
1106                 if (x1 && ((x1->id.proto != x->id.proto) ||
1107                     xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1108                         to_put = x1;
1109                         x1 = NULL;
1110                 }
1111         }
1112
1113         if (use_spi && !x1)
1114                 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1115                                      x->id.proto,
1116                                      &x->id.daddr, &x->props.saddr, 0);
1117
1118         __xfrm_state_bump_genids(x);
1119         __xfrm_state_insert(x);
1120         err = 0;
1121
1122 out:
1123         spin_unlock_bh(&xfrm_state_lock);
1124
1125         if (x1) {
1126                 xfrm_state_delete(x1);
1127                 xfrm_state_put(x1);
1128         }
1129
1130         if (to_put)
1131                 xfrm_state_put(to_put);
1132
1133         return err;
1134 }
1135 EXPORT_SYMBOL(xfrm_state_add);
1136
1137 #ifdef CONFIG_XFRM_MIGRATE
1138 static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1139 {
1140         int err = -ENOMEM;
1141         struct xfrm_state *x = xfrm_state_alloc();
1142         if (!x)
1143                 goto error;
1144
1145         memcpy(&x->id, &orig->id, sizeof(x->id));
1146         memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1147         memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1148         x->props.mode = orig->props.mode;
1149         x->props.replay_window = orig->props.replay_window;
1150         x->props.reqid = orig->props.reqid;
1151         x->props.family = orig->props.family;
1152         x->props.saddr = orig->props.saddr;
1153
1154         if (orig->aalg) {
1155                 x->aalg = xfrm_algo_clone(orig->aalg);
1156                 if (!x->aalg)
1157                         goto error;
1158         }
1159         x->props.aalgo = orig->props.aalgo;
1160
1161         if (orig->ealg) {
1162                 x->ealg = xfrm_algo_clone(orig->ealg);
1163                 if (!x->ealg)
1164                         goto error;
1165         }
1166         x->props.ealgo = orig->props.ealgo;
1167
1168         if (orig->calg) {
1169                 x->calg = xfrm_algo_clone(orig->calg);
1170                 if (!x->calg)
1171                         goto error;
1172         }
1173         x->props.calgo = orig->props.calgo;
1174
1175         if (orig->encap) {
1176                 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1177                 if (!x->encap)
1178                         goto error;
1179         }
1180
1181         if (orig->coaddr) {
1182                 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1183                                     GFP_KERNEL);
1184                 if (!x->coaddr)
1185                         goto error;
1186         }
1187
1188         err = xfrm_init_state(x);
1189         if (err)
1190                 goto error;
1191
1192         x->props.flags = orig->props.flags;
1193
1194         x->curlft.add_time = orig->curlft.add_time;
1195         x->km.state = orig->km.state;
1196         x->km.seq = orig->km.seq;
1197
1198         return x;
1199
1200  error:
1201         if (errp)
1202                 *errp = err;
1203         if (x) {
1204                 kfree(x->aalg);
1205                 kfree(x->ealg);
1206                 kfree(x->calg);
1207                 kfree(x->encap);
1208                 kfree(x->coaddr);
1209         }
1210         kfree(x);
1211         return NULL;
1212 }
1213
1214 /* xfrm_state_lock is held */
1215 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1216 {
1217         unsigned int h;
1218         struct xfrm_state *x;
1219         struct hlist_node *entry;
1220
1221         if (m->reqid) {
1222                 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1223                                   m->reqid, m->old_family);
1224                 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1225                         if (x->props.mode != m->mode ||
1226                             x->id.proto != m->proto)
1227                                 continue;
1228                         if (m->reqid && x->props.reqid != m->reqid)
1229                                 continue;
1230                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1231                                           m->old_family) ||
1232                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1233                                           m->old_family))
1234                                 continue;
1235                         xfrm_state_hold(x);
1236                         return x;
1237                 }
1238         } else {
1239                 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1240                                   m->old_family);
1241                 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
1242                         if (x->props.mode != m->mode ||
1243                             x->id.proto != m->proto)
1244                                 continue;
1245                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1246                                           m->old_family) ||
1247                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1248                                           m->old_family))
1249                                 continue;
1250                         xfrm_state_hold(x);
1251                         return x;
1252                 }
1253         }
1254
1255         return NULL;
1256 }
1257 EXPORT_SYMBOL(xfrm_migrate_state_find);
1258
1259 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1260                                        struct xfrm_migrate *m)
1261 {
1262         struct xfrm_state *xc;
1263         int err;
1264
1265         xc = xfrm_state_clone(x, &err);
1266         if (!xc)
1267                 return NULL;
1268
1269         memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1270         memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1271
1272         /* add state */
1273         if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1274                 /* a care is needed when the destination address of the
1275                    state is to be updated as it is a part of triplet */
1276                 xfrm_state_insert(xc);
1277         } else {
1278                 if ((err = xfrm_state_add(xc)) < 0)
1279                         goto error;
1280         }
1281
1282         return xc;
1283 error:
1284         kfree(xc);
1285         return NULL;
1286 }
1287 EXPORT_SYMBOL(xfrm_state_migrate);
1288 #endif
1289
1290 int xfrm_state_update(struct xfrm_state *x)
1291 {
1292         struct xfrm_state *x1, *to_put;
1293         int err;
1294         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1295
1296         to_put = NULL;
1297
1298         spin_lock_bh(&xfrm_state_lock);
1299         x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1300
1301         err = -ESRCH;
1302         if (!x1)
1303                 goto out;
1304
1305         if (xfrm_state_kern(x1)) {
1306                 to_put = x1;
1307                 err = -EEXIST;
1308                 goto out;
1309         }
1310
1311         if (x1->km.state == XFRM_STATE_ACQ) {
1312                 __xfrm_state_insert(x);
1313                 x = NULL;
1314         }
1315         err = 0;
1316
1317 out:
1318         spin_unlock_bh(&xfrm_state_lock);
1319
1320         if (to_put)
1321                 xfrm_state_put(to_put);
1322
1323         if (err)
1324                 return err;
1325
1326         if (!x) {
1327                 xfrm_state_delete(x1);
1328                 xfrm_state_put(x1);
1329                 return 0;
1330         }
1331
1332         err = -EINVAL;
1333         spin_lock_bh(&x1->lock);
1334         if (likely(x1->km.state == XFRM_STATE_VALID)) {
1335                 if (x->encap && x1->encap)
1336                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1337                 if (x->coaddr && x1->coaddr) {
1338                         memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1339                 }
1340                 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1341                         memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1342                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1343                 x1->km.dying = 0;
1344
1345                 mod_timer(&x1->timer, jiffies + HZ);
1346                 if (x1->curlft.use_time)
1347                         xfrm_state_check_expire(x1);
1348
1349                 err = 0;
1350         }
1351         spin_unlock_bh(&x1->lock);
1352
1353         xfrm_state_put(x1);
1354
1355         return err;
1356 }
1357 EXPORT_SYMBOL(xfrm_state_update);
1358
1359 int xfrm_state_check_expire(struct xfrm_state *x)
1360 {
1361         if (!x->curlft.use_time)
1362                 x->curlft.use_time = get_seconds();
1363
1364         if (x->km.state != XFRM_STATE_VALID)
1365                 return -EINVAL;
1366
1367         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1368             x->curlft.packets >= x->lft.hard_packet_limit) {
1369                 x->km.state = XFRM_STATE_EXPIRED;
1370                 mod_timer(&x->timer, jiffies);
1371                 return -EINVAL;
1372         }
1373
1374         if (!x->km.dying &&
1375             (x->curlft.bytes >= x->lft.soft_byte_limit ||
1376              x->curlft.packets >= x->lft.soft_packet_limit)) {
1377                 x->km.dying = 1;
1378                 km_state_expired(x, 0, 0);
1379         }
1380         return 0;
1381 }
1382 EXPORT_SYMBOL(xfrm_state_check_expire);
1383
1384 struct xfrm_state *
1385 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1386                   unsigned short family)
1387 {
1388         struct xfrm_state *x;
1389
1390         spin_lock_bh(&xfrm_state_lock);
1391         x = __xfrm_state_lookup(daddr, spi, proto, family);
1392         spin_unlock_bh(&xfrm_state_lock);
1393         return x;
1394 }
1395 EXPORT_SYMBOL(xfrm_state_lookup);
1396
1397 struct xfrm_state *
1398 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1399                          u8 proto, unsigned short family)
1400 {
1401         struct xfrm_state *x;
1402
1403         spin_lock_bh(&xfrm_state_lock);
1404         x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
1405         spin_unlock_bh(&xfrm_state_lock);
1406         return x;
1407 }
1408 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1409
1410 struct xfrm_state *
1411 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1412               xfrm_address_t *daddr, xfrm_address_t *saddr,
1413               int create, unsigned short family)
1414 {
1415         struct xfrm_state *x;
1416
1417         spin_lock_bh(&xfrm_state_lock);
1418         x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1419         spin_unlock_bh(&xfrm_state_lock);
1420
1421         return x;
1422 }
1423 EXPORT_SYMBOL(xfrm_find_acq);
1424
1425 #ifdef CONFIG_XFRM_SUB_POLICY
1426 int
1427 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1428                unsigned short family)
1429 {
1430         int err = 0;
1431         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1432         if (!afinfo)
1433                 return -EAFNOSUPPORT;
1434
1435         spin_lock_bh(&xfrm_state_lock);
1436         if (afinfo->tmpl_sort)
1437                 err = afinfo->tmpl_sort(dst, src, n);
1438         spin_unlock_bh(&xfrm_state_lock);
1439         xfrm_state_put_afinfo(afinfo);
1440         return err;
1441 }
1442 EXPORT_SYMBOL(xfrm_tmpl_sort);
1443
1444 int
1445 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1446                 unsigned short family)
1447 {
1448         int err = 0;
1449         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1450         if (!afinfo)
1451                 return -EAFNOSUPPORT;
1452
1453         spin_lock_bh(&xfrm_state_lock);
1454         if (afinfo->state_sort)
1455                 err = afinfo->state_sort(dst, src, n);
1456         spin_unlock_bh(&xfrm_state_lock);
1457         xfrm_state_put_afinfo(afinfo);
1458         return err;
1459 }
1460 EXPORT_SYMBOL(xfrm_state_sort);
1461 #endif
1462
1463 /* Silly enough, but I'm lazy to build resolution list */
1464
1465 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1466 {
1467         int i;
1468
1469         for (i = 0; i <= xfrm_state_hmask; i++) {
1470                 struct hlist_node *entry;
1471                 struct xfrm_state *x;
1472
1473                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1474                         if (x->km.seq == seq &&
1475                             x->km.state == XFRM_STATE_ACQ) {
1476                                 xfrm_state_hold(x);
1477                                 return x;
1478                         }
1479                 }
1480         }
1481         return NULL;
1482 }
1483
1484 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1485 {
1486         struct xfrm_state *x;
1487
1488         spin_lock_bh(&xfrm_state_lock);
1489         x = __xfrm_find_acq_byseq(seq);
1490         spin_unlock_bh(&xfrm_state_lock);
1491         return x;
1492 }
1493 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1494
1495 u32 xfrm_get_acqseq(void)
1496 {
1497         u32 res;
1498         static u32 acqseq;
1499         static DEFINE_SPINLOCK(acqseq_lock);
1500
1501         spin_lock_bh(&acqseq_lock);
1502         res = (++acqseq ? : ++acqseq);
1503         spin_unlock_bh(&acqseq_lock);
1504         return res;
1505 }
1506 EXPORT_SYMBOL(xfrm_get_acqseq);
1507
1508 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1509 {
1510         unsigned int h;
1511         struct xfrm_state *x0;
1512         int err = -ENOENT;
1513         __be32 minspi = htonl(low);
1514         __be32 maxspi = htonl(high);
1515
1516         spin_lock_bh(&x->lock);
1517         if (x->km.state == XFRM_STATE_DEAD)
1518                 goto unlock;
1519
1520         err = 0;
1521         if (x->id.spi)
1522                 goto unlock;
1523
1524         err = -ENOENT;
1525
1526         if (minspi == maxspi) {
1527                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1528                 if (x0) {
1529                         xfrm_state_put(x0);
1530                         goto unlock;
1531                 }
1532                 x->id.spi = minspi;
1533         } else {
1534                 u32 spi = 0;
1535                 for (h=0; h<high-low+1; h++) {
1536                         spi = low + net_random()%(high-low+1);
1537                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1538                         if (x0 == NULL) {
1539                                 x->id.spi = htonl(spi);
1540                                 break;
1541                         }
1542                         xfrm_state_put(x0);
1543                 }
1544         }
1545         if (x->id.spi) {
1546                 spin_lock_bh(&xfrm_state_lock);
1547                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1548                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1549                 spin_unlock_bh(&xfrm_state_lock);
1550
1551                 err = 0;
1552         }
1553
1554 unlock:
1555         spin_unlock_bh(&x->lock);
1556
1557         return err;
1558 }
1559 EXPORT_SYMBOL(xfrm_alloc_spi);
1560
1561 int xfrm_state_walk(struct xfrm_state_walk *walk,
1562                     int (*func)(struct xfrm_state *, int, void*),
1563                     void *data)
1564 {
1565         struct xfrm_state *old, *x, *last = NULL;
1566         int err = 0;
1567
1568         if (walk->state == NULL && walk->count != 0)
1569                 return 0;
1570
1571         old = x = walk->state;
1572         walk->state = NULL;
1573         spin_lock_bh(&xfrm_state_lock);
1574         if (x == NULL)
1575                 x = list_first_entry(&xfrm_state_all, struct xfrm_state, all);
1576         list_for_each_entry_from(x, &xfrm_state_all, all) {
1577                 if (x->km.state == XFRM_STATE_DEAD)
1578                         continue;
1579                 if (!xfrm_id_proto_match(x->id.proto, walk->proto))
1580                         continue;
1581                 if (last) {
1582                         err = func(last, walk->count, data);
1583                         if (err) {
1584                                 xfrm_state_hold(last);
1585                                 walk->state = last;
1586                                 xfrm_state_walk_ongoing++;
1587                                 goto out;
1588                         }
1589                 }
1590                 last = x;
1591                 walk->count++;
1592         }
1593         if (walk->count == 0) {
1594                 err = -ENOENT;
1595                 goto out;
1596         }
1597         if (last)
1598                 err = func(last, 0, data);
1599 out:
1600         spin_unlock_bh(&xfrm_state_lock);
1601         if (old != NULL) {
1602                 xfrm_state_put(old);
1603                 xfrm_state_walk_completed++;
1604                 if (!list_empty(&xfrm_state_gc_leftovers))
1605                         schedule_work(&xfrm_state_gc_work);
1606         }
1607         return err;
1608 }
1609 EXPORT_SYMBOL(xfrm_state_walk);
1610
1611 void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1612 {
1613         if (walk->state != NULL) {
1614                 xfrm_state_put(walk->state);
1615                 walk->state = NULL;
1616                 xfrm_state_walk_completed++;
1617                 if (!list_empty(&xfrm_state_gc_leftovers))
1618                         schedule_work(&xfrm_state_gc_work);
1619         }
1620 }
1621 EXPORT_SYMBOL(xfrm_state_walk_done);
1622
1623
1624 void xfrm_replay_notify(struct xfrm_state *x, int event)
1625 {
1626         struct km_event c;
1627         /* we send notify messages in case
1628          *  1. we updated on of the sequence numbers, and the seqno difference
1629          *     is at least x->replay_maxdiff, in this case we also update the
1630          *     timeout of our timer function
1631          *  2. if x->replay_maxage has elapsed since last update,
1632          *     and there were changes
1633          *
1634          *  The state structure must be locked!
1635          */
1636
1637         switch (event) {
1638         case XFRM_REPLAY_UPDATE:
1639                 if (x->replay_maxdiff &&
1640                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1641                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1642                         if (x->xflags & XFRM_TIME_DEFER)
1643                                 event = XFRM_REPLAY_TIMEOUT;
1644                         else
1645                                 return;
1646                 }
1647
1648                 break;
1649
1650         case XFRM_REPLAY_TIMEOUT:
1651                 if ((x->replay.seq == x->preplay.seq) &&
1652                     (x->replay.bitmap == x->preplay.bitmap) &&
1653                     (x->replay.oseq == x->preplay.oseq)) {
1654                         x->xflags |= XFRM_TIME_DEFER;
1655                         return;
1656                 }
1657
1658                 break;
1659         }
1660
1661         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1662         c.event = XFRM_MSG_NEWAE;
1663         c.data.aevent = event;
1664         km_state_notify(x, &c);
1665
1666         if (x->replay_maxage &&
1667             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1668                 x->xflags &= ~XFRM_TIME_DEFER;
1669 }
1670
1671 static void xfrm_replay_timer_handler(unsigned long data)
1672 {
1673         struct xfrm_state *x = (struct xfrm_state*)data;
1674
1675         spin_lock(&x->lock);
1676
1677         if (x->km.state == XFRM_STATE_VALID) {
1678                 if (xfrm_aevent_is_on())
1679                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1680                 else
1681                         x->xflags |= XFRM_TIME_DEFER;
1682         }
1683
1684         spin_unlock(&x->lock);
1685 }
1686
1687 int xfrm_replay_check(struct xfrm_state *x,
1688                       struct sk_buff *skb, __be32 net_seq)
1689 {
1690         u32 diff;
1691         u32 seq = ntohl(net_seq);
1692
1693         if (unlikely(seq == 0))
1694                 goto err;
1695
1696         if (likely(seq > x->replay.seq))
1697                 return 0;
1698
1699         diff = x->replay.seq - seq;
1700         if (diff >= min_t(unsigned int, x->props.replay_window,
1701                           sizeof(x->replay.bitmap) * 8)) {
1702                 x->stats.replay_window++;
1703                 goto err;
1704         }
1705
1706         if (x->replay.bitmap & (1U << diff)) {
1707                 x->stats.replay++;
1708                 goto err;
1709         }
1710         return 0;
1711
1712 err:
1713         xfrm_audit_state_replay(x, skb, net_seq);
1714         return -EINVAL;
1715 }
1716
1717 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1718 {
1719         u32 diff;
1720         u32 seq = ntohl(net_seq);
1721
1722         if (seq > x->replay.seq) {
1723                 diff = seq - x->replay.seq;
1724                 if (diff < x->props.replay_window)
1725                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1726                 else
1727                         x->replay.bitmap = 1;
1728                 x->replay.seq = seq;
1729         } else {
1730                 diff = x->replay.seq - seq;
1731                 x->replay.bitmap |= (1U << diff);
1732         }
1733
1734         if (xfrm_aevent_is_on())
1735                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1736 }
1737
1738 static LIST_HEAD(xfrm_km_list);
1739 static DEFINE_RWLOCK(xfrm_km_lock);
1740
1741 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1742 {
1743         struct xfrm_mgr *km;
1744
1745         read_lock(&xfrm_km_lock);
1746         list_for_each_entry(km, &xfrm_km_list, list)
1747                 if (km->notify_policy)
1748                         km->notify_policy(xp, dir, c);
1749         read_unlock(&xfrm_km_lock);
1750 }
1751
1752 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1753 {
1754         struct xfrm_mgr *km;
1755         read_lock(&xfrm_km_lock);
1756         list_for_each_entry(km, &xfrm_km_list, list)
1757                 if (km->notify)
1758                         km->notify(x, c);
1759         read_unlock(&xfrm_km_lock);
1760 }
1761
1762 EXPORT_SYMBOL(km_policy_notify);
1763 EXPORT_SYMBOL(km_state_notify);
1764
1765 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1766 {
1767         struct km_event c;
1768
1769         c.data.hard = hard;
1770         c.pid = pid;
1771         c.event = XFRM_MSG_EXPIRE;
1772         km_state_notify(x, &c);
1773
1774         if (hard)
1775                 wake_up(&km_waitq);
1776 }
1777
1778 EXPORT_SYMBOL(km_state_expired);
1779 /*
1780  * We send to all registered managers regardless of failure
1781  * We are happy with one success
1782 */
1783 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1784 {
1785         int err = -EINVAL, acqret;
1786         struct xfrm_mgr *km;
1787
1788         read_lock(&xfrm_km_lock);
1789         list_for_each_entry(km, &xfrm_km_list, list) {
1790                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1791                 if (!acqret)
1792                         err = acqret;
1793         }
1794         read_unlock(&xfrm_km_lock);
1795         return err;
1796 }
1797 EXPORT_SYMBOL(km_query);
1798
1799 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1800 {
1801         int err = -EINVAL;
1802         struct xfrm_mgr *km;
1803
1804         read_lock(&xfrm_km_lock);
1805         list_for_each_entry(km, &xfrm_km_list, list) {
1806                 if (km->new_mapping)
1807                         err = km->new_mapping(x, ipaddr, sport);
1808                 if (!err)
1809                         break;
1810         }
1811         read_unlock(&xfrm_km_lock);
1812         return err;
1813 }
1814 EXPORT_SYMBOL(km_new_mapping);
1815
1816 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1817 {
1818         struct km_event c;
1819
1820         c.data.hard = hard;
1821         c.pid = pid;
1822         c.event = XFRM_MSG_POLEXPIRE;
1823         km_policy_notify(pol, dir, &c);
1824
1825         if (hard)
1826                 wake_up(&km_waitq);
1827 }
1828 EXPORT_SYMBOL(km_policy_expired);
1829
1830 #ifdef CONFIG_XFRM_MIGRATE
1831 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1832                struct xfrm_migrate *m, int num_migrate)
1833 {
1834         int err = -EINVAL;
1835         int ret;
1836         struct xfrm_mgr *km;
1837
1838         read_lock(&xfrm_km_lock);
1839         list_for_each_entry(km, &xfrm_km_list, list) {
1840                 if (km->migrate) {
1841                         ret = km->migrate(sel, dir, type, m, num_migrate);
1842                         if (!ret)
1843                                 err = ret;
1844                 }
1845         }
1846         read_unlock(&xfrm_km_lock);
1847         return err;
1848 }
1849 EXPORT_SYMBOL(km_migrate);
1850 #endif
1851
1852 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1853 {
1854         int err = -EINVAL;
1855         int ret;
1856         struct xfrm_mgr *km;
1857
1858         read_lock(&xfrm_km_lock);
1859         list_for_each_entry(km, &xfrm_km_list, list) {
1860                 if (km->report) {
1861                         ret = km->report(proto, sel, addr);
1862                         if (!ret)
1863                                 err = ret;
1864                 }
1865         }
1866         read_unlock(&xfrm_km_lock);
1867         return err;
1868 }
1869 EXPORT_SYMBOL(km_report);
1870
1871 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1872 {
1873         int err;
1874         u8 *data;
1875         struct xfrm_mgr *km;
1876         struct xfrm_policy *pol = NULL;
1877
1878         if (optlen <= 0 || optlen > PAGE_SIZE)
1879                 return -EMSGSIZE;
1880
1881         data = kmalloc(optlen, GFP_KERNEL);
1882         if (!data)
1883                 return -ENOMEM;
1884
1885         err = -EFAULT;
1886         if (copy_from_user(data, optval, optlen))
1887                 goto out;
1888
1889         err = -EINVAL;
1890         read_lock(&xfrm_km_lock);
1891         list_for_each_entry(km, &xfrm_km_list, list) {
1892                 pol = km->compile_policy(sk, optname, data,
1893                                          optlen, &err);
1894                 if (err >= 0)
1895                         break;
1896         }
1897         read_unlock(&xfrm_km_lock);
1898
1899         if (err >= 0) {
1900                 xfrm_sk_policy_insert(sk, err, pol);
1901                 xfrm_pol_put(pol);
1902                 err = 0;
1903         }
1904
1905 out:
1906         kfree(data);
1907         return err;
1908 }
1909 EXPORT_SYMBOL(xfrm_user_policy);
1910
1911 int xfrm_register_km(struct xfrm_mgr *km)
1912 {
1913         write_lock_bh(&xfrm_km_lock);
1914         list_add_tail(&km->list, &xfrm_km_list);
1915         write_unlock_bh(&xfrm_km_lock);
1916         return 0;
1917 }
1918 EXPORT_SYMBOL(xfrm_register_km);
1919
1920 int xfrm_unregister_km(struct xfrm_mgr *km)
1921 {
1922         write_lock_bh(&xfrm_km_lock);
1923         list_del(&km->list);
1924         write_unlock_bh(&xfrm_km_lock);
1925         return 0;
1926 }
1927 EXPORT_SYMBOL(xfrm_unregister_km);
1928
1929 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1930 {
1931         int err = 0;
1932         if (unlikely(afinfo == NULL))
1933                 return -EINVAL;
1934         if (unlikely(afinfo->family >= NPROTO))
1935                 return -EAFNOSUPPORT;
1936         write_lock_bh(&xfrm_state_afinfo_lock);
1937         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1938                 err = -ENOBUFS;
1939         else
1940                 xfrm_state_afinfo[afinfo->family] = afinfo;
1941         write_unlock_bh(&xfrm_state_afinfo_lock);
1942         return err;
1943 }
1944 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1945
1946 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1947 {
1948         int err = 0;
1949         if (unlikely(afinfo == NULL))
1950                 return -EINVAL;
1951         if (unlikely(afinfo->family >= NPROTO))
1952                 return -EAFNOSUPPORT;
1953         write_lock_bh(&xfrm_state_afinfo_lock);
1954         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1955                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1956                         err = -EINVAL;
1957                 else
1958                         xfrm_state_afinfo[afinfo->family] = NULL;
1959         }
1960         write_unlock_bh(&xfrm_state_afinfo_lock);
1961         return err;
1962 }
1963 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1964
1965 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1966 {
1967         struct xfrm_state_afinfo *afinfo;
1968         if (unlikely(family >= NPROTO))
1969                 return NULL;
1970         read_lock(&xfrm_state_afinfo_lock);
1971         afinfo = xfrm_state_afinfo[family];
1972         if (unlikely(!afinfo))
1973                 read_unlock(&xfrm_state_afinfo_lock);
1974         return afinfo;
1975 }
1976
1977 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1978         __releases(xfrm_state_afinfo_lock)
1979 {
1980         read_unlock(&xfrm_state_afinfo_lock);
1981 }
1982
1983 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1984 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1985 {
1986         if (x->tunnel) {
1987                 struct xfrm_state *t = x->tunnel;
1988
1989                 if (atomic_read(&t->tunnel_users) == 2)
1990                         xfrm_state_delete(t);
1991                 atomic_dec(&t->tunnel_users);
1992                 xfrm_state_put(t);
1993                 x->tunnel = NULL;
1994         }
1995 }
1996 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1997
1998 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1999 {
2000         int res;
2001
2002         spin_lock_bh(&x->lock);
2003         if (x->km.state == XFRM_STATE_VALID &&
2004             x->type && x->type->get_mtu)
2005                 res = x->type->get_mtu(x, mtu);
2006         else
2007                 res = mtu - x->props.header_len;
2008         spin_unlock_bh(&x->lock);
2009         return res;
2010 }
2011
2012 int xfrm_init_state(struct xfrm_state *x)
2013 {
2014         struct xfrm_state_afinfo *afinfo;
2015         struct xfrm_mode *inner_mode;
2016         int family = x->props.family;
2017         int err;
2018
2019         err = -EAFNOSUPPORT;
2020         afinfo = xfrm_state_get_afinfo(family);
2021         if (!afinfo)
2022                 goto error;
2023
2024         err = 0;
2025         if (afinfo->init_flags)
2026                 err = afinfo->init_flags(x);
2027
2028         xfrm_state_put_afinfo(afinfo);
2029
2030         if (err)
2031                 goto error;
2032
2033         err = -EPROTONOSUPPORT;
2034
2035         if (x->sel.family != AF_UNSPEC) {
2036                 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2037                 if (inner_mode == NULL)
2038                         goto error;
2039
2040                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2041                     family != x->sel.family) {
2042                         xfrm_put_mode(inner_mode);
2043                         goto error;
2044                 }
2045
2046                 x->inner_mode = inner_mode;
2047         } else {
2048                 struct xfrm_mode *inner_mode_iaf;
2049
2050                 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2051                 if (inner_mode == NULL)
2052                         goto error;
2053
2054                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2055                         xfrm_put_mode(inner_mode);
2056                         goto error;
2057                 }
2058
2059                 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2060                 if (inner_mode_iaf == NULL)
2061                         goto error;
2062
2063                 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2064                         xfrm_put_mode(inner_mode_iaf);
2065                         goto error;
2066                 }
2067
2068                 if (x->props.family == AF_INET) {
2069                         x->inner_mode = inner_mode;
2070                         x->inner_mode_iaf = inner_mode_iaf;
2071                 } else {
2072                         x->inner_mode = inner_mode_iaf;
2073                         x->inner_mode_iaf = inner_mode;
2074                 }
2075         }
2076
2077         x->type = xfrm_get_type(x->id.proto, family);
2078         if (x->type == NULL)
2079                 goto error;
2080
2081         err = x->type->init_state(x);
2082         if (err)
2083                 goto error;
2084
2085         x->outer_mode = xfrm_get_mode(x->props.mode, family);
2086         if (x->outer_mode == NULL)
2087                 goto error;
2088
2089         x->km.state = XFRM_STATE_VALID;
2090
2091 error:
2092         return err;
2093 }
2094
2095 EXPORT_SYMBOL(xfrm_init_state);
2096
2097 void __init xfrm_state_init(void)
2098 {
2099         unsigned int sz;
2100
2101         sz = sizeof(struct hlist_head) * 8;
2102
2103         xfrm_state_bydst = xfrm_hash_alloc(sz);
2104         xfrm_state_bysrc = xfrm_hash_alloc(sz);
2105         xfrm_state_byspi = xfrm_hash_alloc(sz);
2106         if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
2107                 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
2108         xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2109
2110         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
2111 }
2112
2113 #ifdef CONFIG_AUDITSYSCALL
2114 static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2115                                      struct audit_buffer *audit_buf)
2116 {
2117         struct xfrm_sec_ctx *ctx = x->security;
2118         u32 spi = ntohl(x->id.spi);
2119
2120         if (ctx)
2121                 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2122                                  ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2123
2124         switch(x->props.family) {
2125         case AF_INET:
2126                 audit_log_format(audit_buf,
2127                                  " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2128                                  NIPQUAD(x->props.saddr.a4),
2129                                  NIPQUAD(x->id.daddr.a4));
2130                 break;
2131         case AF_INET6:
2132                 audit_log_format(audit_buf,
2133                                  " src=" NIP6_FMT " dst=" NIP6_FMT,
2134                                  NIP6(*(struct in6_addr *)x->props.saddr.a6),
2135                                  NIP6(*(struct in6_addr *)x->id.daddr.a6));
2136                 break;
2137         }
2138
2139         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2140 }
2141
2142 static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2143                                       struct audit_buffer *audit_buf)
2144 {
2145         struct iphdr *iph4;
2146         struct ipv6hdr *iph6;
2147
2148         switch (family) {
2149         case AF_INET:
2150                 iph4 = ip_hdr(skb);
2151                 audit_log_format(audit_buf,
2152                                  " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2153                                  NIPQUAD(iph4->saddr),
2154                                  NIPQUAD(iph4->daddr));
2155                 break;
2156         case AF_INET6:
2157                 iph6 = ipv6_hdr(skb);
2158                 audit_log_format(audit_buf,
2159                                  " src=" NIP6_FMT " dst=" NIP6_FMT
2160                                  " flowlbl=0x%x%02x%02x",
2161                                  NIP6(iph6->saddr),
2162                                  NIP6(iph6->daddr),
2163                                  iph6->flow_lbl[0] & 0x0f,
2164                                  iph6->flow_lbl[1],
2165                                  iph6->flow_lbl[2]);
2166                 break;
2167         }
2168 }
2169
2170 void xfrm_audit_state_add(struct xfrm_state *x, int result,
2171                           uid_t auid, u32 sessionid, u32 secid)
2172 {
2173         struct audit_buffer *audit_buf;
2174
2175         audit_buf = xfrm_audit_start("SAD-add");
2176         if (audit_buf == NULL)
2177                 return;
2178         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2179         xfrm_audit_helper_sainfo(x, audit_buf);
2180         audit_log_format(audit_buf, " res=%u", result);
2181         audit_log_end(audit_buf);
2182 }
2183 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2184
2185 void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2186                              uid_t auid, u32 sessionid, u32 secid)
2187 {
2188         struct audit_buffer *audit_buf;
2189
2190         audit_buf = xfrm_audit_start("SAD-delete");
2191         if (audit_buf == NULL)
2192                 return;
2193         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2194         xfrm_audit_helper_sainfo(x, audit_buf);
2195         audit_log_format(audit_buf, " res=%u", result);
2196         audit_log_end(audit_buf);
2197 }
2198 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2199
2200 void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2201                                       struct sk_buff *skb)
2202 {
2203         struct audit_buffer *audit_buf;
2204         u32 spi;
2205
2206         audit_buf = xfrm_audit_start("SA-replay-overflow");
2207         if (audit_buf == NULL)
2208                 return;
2209         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2210         /* don't record the sequence number because it's inherent in this kind
2211          * of audit message */
2212         spi = ntohl(x->id.spi);
2213         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2214         audit_log_end(audit_buf);
2215 }
2216 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2217
2218 static void xfrm_audit_state_replay(struct xfrm_state *x,
2219                              struct sk_buff *skb, __be32 net_seq)
2220 {
2221         struct audit_buffer *audit_buf;
2222         u32 spi;
2223
2224         audit_buf = xfrm_audit_start("SA-replayed-pkt");
2225         if (audit_buf == NULL)
2226                 return;
2227         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2228         spi = ntohl(x->id.spi);
2229         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2230                          spi, spi, ntohl(net_seq));
2231         audit_log_end(audit_buf);
2232 }
2233
2234 void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2235 {
2236         struct audit_buffer *audit_buf;
2237
2238         audit_buf = xfrm_audit_start("SA-notfound");
2239         if (audit_buf == NULL)
2240                 return;
2241         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2242         audit_log_end(audit_buf);
2243 }
2244 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2245
2246 void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2247                                __be32 net_spi, __be32 net_seq)
2248 {
2249         struct audit_buffer *audit_buf;
2250         u32 spi;
2251
2252         audit_buf = xfrm_audit_start("SA-notfound");
2253         if (audit_buf == NULL)
2254                 return;
2255         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2256         spi = ntohl(net_spi);
2257         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2258                          spi, spi, ntohl(net_seq));
2259         audit_log_end(audit_buf);
2260 }
2261 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2262
2263 void xfrm_audit_state_icvfail(struct xfrm_state *x,
2264                               struct sk_buff *skb, u8 proto)
2265 {
2266         struct audit_buffer *audit_buf;
2267         __be32 net_spi;
2268         __be32 net_seq;
2269
2270         audit_buf = xfrm_audit_start("SA-icv-failure");
2271         if (audit_buf == NULL)
2272                 return;
2273         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2274         if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2275                 u32 spi = ntohl(net_spi);
2276                 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2277                                  spi, spi, ntohl(net_seq));
2278         }
2279         audit_log_end(audit_buf);
2280 }
2281 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2282 #endif /* CONFIG_AUDITSYSCALL */
Full containers within linux kernel