1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
21#include <linux/cache.h>
22#include <linux/audit.h>
23#include <asm/uaccess.h>
24
25#include "xfrm_hash.h"
26
27struct sock *xfrm_nl;
28EXPORT_SYMBOL(xfrm_nl);
29
30u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
31EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
33u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
34EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
36u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
38
39
40
41
42
43
44
45static DEFINE_SPINLOCK(xfrm_state_lock);
46
47
48
49
50
51
52
53static LIST_HEAD(xfrm_state_all);
54static struct hlist_head *xfrm_state_bydst __read_mostly;
55static struct hlist_head *xfrm_state_bysrc __read_mostly;
56static struct hlist_head *xfrm_state_byspi __read_mostly;
57static unsigned int xfrm_state_hmask __read_mostly;
58static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
59static unsigned int xfrm_state_num;
60static unsigned int xfrm_state_genid;
61
62static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
63static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
64
65#ifdef CONFIG_AUDITSYSCALL
66static void xfrm_audit_state_replay(struct xfrm_state *x,
67 struct sk_buff *skb, __be32 net_seq);
68#else
69#define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
70#endif
71
72static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
73 xfrm_address_t *saddr,
74 u32 reqid,
75 unsigned short family)
76{
77 return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
78}
79
80static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
81 xfrm_address_t *saddr,
82 unsigned short family)
83{
84 return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
85}
86
87static inline unsigned int
88xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
89{
90 return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
91}
92
93static void xfrm_hash_transfer(struct hlist_head *list,
94 struct hlist_head *ndsttable,
95 struct hlist_head *nsrctable,
96 struct hlist_head *nspitable,
97 unsigned int nhashmask)
98{
99 struct hlist_node *entry, *tmp;
100 struct xfrm_state *x;
101
102 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
103 unsigned int h;
104
105 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
106 x->props.reqid, x->props.family,
107 nhashmask);
108 hlist_add_head(&x->bydst, ndsttable+h);
109
110 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
111 x->props.family,
112 nhashmask);
113 hlist_add_head(&x->bysrc, nsrctable+h);
114
115 if (x->id.spi) {
116 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
117 x->id.proto, x->props.family,
118 nhashmask);
119 hlist_add_head(&x->byspi, nspitable+h);
120 }
121 }
122}
123
124static unsigned long xfrm_hash_new_size(void)
125{
126 return ((xfrm_state_hmask + 1) << 1) *
127 sizeof(struct hlist_head);
128}
129
130static DEFINE_MUTEX(hash_resize_mutex);
131
132static void xfrm_hash_resize(struct work_struct *__unused)
133{
134 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
135 unsigned long nsize, osize;
136 unsigned int nhashmask, ohashmask;
137 int i;
138
139 mutex_lock(&hash_resize_mutex);
140
141 nsize = xfrm_hash_new_size();
142 ndst = xfrm_hash_alloc(nsize);
143 if (!ndst)
144 goto out_unlock;
145 nsrc = xfrm_hash_alloc(nsize);
146 if (!nsrc) {
147 xfrm_hash_free(ndst, nsize);
148 goto out_unlock;
149 }
150 nspi = xfrm_hash_alloc(nsize);
151 if (!nspi) {
152 xfrm_hash_free(ndst, nsize);
153 xfrm_hash_free(nsrc, nsize);
154 goto out_unlock;
155 }
156
157 spin_lock_bh(&xfrm_state_lock);
158
159 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
160 for (i = xfrm_state_hmask; i >= 0; i--)
161 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
162 nhashmask);
163
164 odst = xfrm_state_bydst;
165 osrc = xfrm_state_bysrc;
166 ospi = xfrm_state_byspi;
167 ohashmask = xfrm_state_hmask;
168
169 xfrm_state_bydst = ndst;
170 xfrm_state_bysrc = nsrc;
171 xfrm_state_byspi = nspi;
172 xfrm_state_hmask = nhashmask;
173
174 spin_unlock_bh(&xfrm_state_lock);
175
176 osize = (ohashmask + 1) * sizeof(struct hlist_head);
177 xfrm_hash_free(odst, osize);
178 xfrm_hash_free(osrc, osize);
179 xfrm_hash_free(ospi, osize);
180
181out_unlock:
182 mutex_unlock(&hash_resize_mutex);
183}
184
185static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
186
187DECLARE_WAIT_QUEUE_HEAD(km_waitq);
188EXPORT_SYMBOL(km_waitq);
189
190static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
191static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
192
193static struct work_struct xfrm_state_gc_work;
194static HLIST_HEAD(xfrm_state_gc_list);
195static DEFINE_SPINLOCK(xfrm_state_gc_lock);
196
197int __xfrm_state_delete(struct xfrm_state *x);
198
199int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
200void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
201
202static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
203{
204 struct xfrm_state_afinfo *afinfo;
205 if (unlikely(family >= NPROTO))
206 return NULL;
207 write_lock_bh(&xfrm_state_afinfo_lock);
208 afinfo = xfrm_state_afinfo[family];
209 if (unlikely(!afinfo))
210 write_unlock_bh(&xfrm_state_afinfo_lock);
211 return afinfo;
212}
213
214static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
215 __releases(xfrm_state_afinfo_lock)
216{
217 write_unlock_bh(&xfrm_state_afinfo_lock);
218}
219
220int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
221{
222 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
223 const struct xfrm_type **typemap;
224 int err = 0;
225
226 if (unlikely(afinfo == NULL))
227 return -EAFNOSUPPORT;
228 typemap = afinfo->type_map;
229
230 if (likely(typemap[type->proto] == NULL))
231 typemap[type->proto] = type;
232 else
233 err = -EEXIST;
234 xfrm_state_unlock_afinfo(afinfo);
235 return err;
236}
237EXPORT_SYMBOL(xfrm_register_type);
238
239int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
240{
241 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
242 const struct xfrm_type **typemap;
243 int err = 0;
244
245 if (unlikely(afinfo == NULL))
246 return -EAFNOSUPPORT;
247 typemap = afinfo->type_map;
248
249 if (unlikely(typemap[type->proto] != type))
250 err = -ENOENT;
251 else
252 typemap[type->proto] = NULL;
253 xfrm_state_unlock_afinfo(afinfo);
254 return err;
255}
256EXPORT_SYMBOL(xfrm_unregister_type);
257
258static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
259{
260 struct xfrm_state_afinfo *afinfo;
261 const struct xfrm_type **typemap;
262 const struct xfrm_type *type;
263 int modload_attempted = 0;
264
265retry:
266 afinfo = xfrm_state_get_afinfo(family);
267 if (unlikely(afinfo == NULL))
268 return NULL;
269 typemap = afinfo->type_map;
270
271 type = typemap[proto];
272 if (unlikely(type && !try_module_get(type->owner)))
273 type = NULL;
274 if (!type && !modload_attempted) {
275 xfrm_state_put_afinfo(afinfo);
276 request_module("xfrm-type-%d-%d", family, proto);
277 modload_attempted = 1;
278 goto retry;
279 }
280
281 xfrm_state_put_afinfo(afinfo);
282 return type;
283}
284
285static void xfrm_put_type(const struct xfrm_type *type)
286{
287 module_put(type->owner);
288}
289
290int xfrm_register_mode(struct xfrm_mode *mode, int family)
291{
292 struct xfrm_state_afinfo *afinfo;
293 struct xfrm_mode **modemap;
294 int err;
295
296 if (unlikely(mode->encap >= XFRM_MODE_MAX))
297 return -EINVAL;
298
299 afinfo = xfrm_state_lock_afinfo(family);
300 if (unlikely(afinfo == NULL))
301 return -EAFNOSUPPORT;
302
303 err = -EEXIST;
304 modemap = afinfo->mode_map;
305 if (modemap[mode->encap])
306 goto out;
307
308 err = -ENOENT;
309 if (!try_module_get(afinfo->owner))
310 goto out;
311
312 mode->afinfo = afinfo;
313 modemap[mode->encap] = mode;
314 err = 0;
315
316out:
317 xfrm_state_unlock_afinfo(afinfo);
318 return err;
319}
320EXPORT_SYMBOL(xfrm_register_mode);
321
322int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
323{
324 struct xfrm_state_afinfo *afinfo;
325 struct xfrm_mode **modemap;
326 int err;
327
328 if (unlikely(mode->encap >= XFRM_MODE_MAX))
329 return -EINVAL;
330
331 afinfo = xfrm_state_lock_afinfo(family);
332 if (unlikely(afinfo == NULL))
333 return -EAFNOSUPPORT;
334
335 err = -ENOENT;
336 modemap = afinfo->mode_map;
337 if (likely(modemap[mode->encap] == mode)) {
338 modemap[mode->encap] = NULL;
339 module_put(mode->afinfo->owner);
340 err = 0;
341 }
342
343 xfrm_state_unlock_afinfo(afinfo);
344 return err;
345}
346EXPORT_SYMBOL(xfrm_unregister_mode);
347
348static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
349{
350 struct xfrm_state_afinfo *afinfo;
351 struct xfrm_mode *mode;
352 int modload_attempted = 0;
353
354 if (unlikely(encap >= XFRM_MODE_MAX))
355 return NULL;
356
357retry:
358 afinfo = xfrm_state_get_afinfo(family);
359 if (unlikely(afinfo == NULL))
360 return NULL;
361
362 mode = afinfo->mode_map[encap];
363 if (unlikely(mode && !try_module_get(mode->owner)))
364 mode = NULL;
365 if (!mode && !modload_attempted) {
366 xfrm_state_put_afinfo(afinfo);
367 request_module("xfrm-mode-%d-%d", family, encap);
368 modload_attempted = 1;
369 goto retry;
370 }
371
372 xfrm_state_put_afinfo(afinfo);
373 return mode;
374}
375
376static void xfrm_put_mode(struct xfrm_mode *mode)
377{
378 module_put(mode->owner);
379}
380
381static void xfrm_state_gc_destroy(struct xfrm_state *x)
382{
383 del_timer_sync(&x->timer);
384 del_timer_sync(&x->rtimer);
385 kfree(x->aalg);
386 kfree(x->ealg);
387 kfree(x->calg);
388 kfree(x->encap);
389 kfree(x->coaddr);
390 if (x->inner_mode)
391 xfrm_put_mode(x->inner_mode);
392 if (x->inner_mode_iaf)
393 xfrm_put_mode(x->inner_mode_iaf);
394 if (x->outer_mode)
395 xfrm_put_mode(x->outer_mode);
396 if (x->type) {
397 x->type->destructor(x);
398 xfrm_put_type(x->type);
399 }
400 security_xfrm_state_free(x);
401 kfree(x);
402}
403
404static void xfrm_state_gc_task(struct work_struct *data)
405{
406 struct xfrm_state *x;
407 struct hlist_node *entry, *tmp;
408 struct hlist_head gc_list;
409
410 spin_lock_bh(&xfrm_state_gc_lock);
411 hlist_move_list(&xfrm_state_gc_list, &gc_list);
412 spin_unlock_bh(&xfrm_state_gc_lock);
413
414 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
415 xfrm_state_gc_destroy(x);
416
417 wake_up(&km_waitq);
418}
419
420static inline unsigned long make_jiffies(long secs)
421{
422 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
423 return MAX_SCHEDULE_TIMEOUT-1;
424 else
425 return secs*HZ;
426}
427
428static void xfrm_timer_handler(unsigned long data)
429{
430 struct xfrm_state *x = (struct xfrm_state*)data;
431 unsigned long now = get_seconds();
432 long next = LONG_MAX;
433 int warn = 0;
434 int err = 0;
435
436 spin_lock(&x->lock);
437 if (x->km.state == XFRM_STATE_DEAD)
438 goto out;
439 if (x->km.state == XFRM_STATE_EXPIRED)
440 goto expired;
441 if (x->lft.hard_add_expires_seconds) {
442 long tmo = x->lft.hard_add_expires_seconds +
443 x->curlft.add_time - now;
444 if (tmo <= 0)
445 goto expired;
446 if (tmo < next)
447 next = tmo;
448 }
449 if (x->lft.hard_use_expires_seconds) {
450 long tmo = x->lft.hard_use_expires_seconds +
451 (x->curlft.use_time ? : now) - now;
452 if (tmo <= 0)
453 goto expired;
454 if (tmo < next)
455 next = tmo;
456 }
457 if (x->km.dying)
458 goto resched;
459 if (x->lft.soft_add_expires_seconds) {
460 long tmo = x->lft.soft_add_expires_seconds +
461 x->curlft.add_time - now;
462 if (tmo <= 0)
463 warn = 1;
464 else if (tmo < next)
465 next = tmo;
466 }
467 if (x->lft.soft_use_expires_seconds) {
468 long tmo = x->lft.soft_use_expires_seconds +
469 (x->curlft.use_time ? : now) - now;
470 if (tmo <= 0)
471 warn = 1;
472 else if (tmo < next)
473 next = tmo;
474 }
475
476 x->km.dying = warn;
477 if (warn)
478 km_state_expired(x, 0, 0);
479resched:
480 if (next != LONG_MAX)
481 mod_timer(&x->timer, jiffies + make_jiffies(next));
482
483 goto out;
484
485expired:
486 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
487 x->km.state = XFRM_STATE_EXPIRED;
488 wake_up(&km_waitq);
489 next = 2;
490 goto resched;
491 }
492
493 err = __xfrm_state_delete(x);
494 if (!err && x->id.spi)
495 km_state_expired(x, 1, 0);
496
497 xfrm_audit_state_delete(x, err ? 0 : 1,
498 audit_get_loginuid(current),
499 audit_get_sessionid(current), 0);
500
501out:
502 spin_unlock(&x->lock);
503}
504
505static void xfrm_replay_timer_handler(unsigned long data);
506
507struct xfrm_state *xfrm_state_alloc(void)
508{
509 struct xfrm_state *x;
510
511 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
512
513 if (x) {
514 atomic_set(&x->refcnt, 1);
515 atomic_set(&x->tunnel_users, 0);
516 INIT_LIST_HEAD(&x->km.all);
517 INIT_HLIST_NODE(&x->bydst);
518 INIT_HLIST_NODE(&x->bysrc);
519 INIT_HLIST_NODE(&x->byspi);
520 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
521 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
522 (unsigned long)x);
523 x->curlft.add_time = get_seconds();
524 x->lft.soft_byte_limit = XFRM_INF;
525 x->lft.soft_packet_limit = XFRM_INF;
526 x->lft.hard_byte_limit = XFRM_INF;
527 x->lft.hard_packet_limit = XFRM_INF;
528 x->replay_maxage = 0;
529 x->replay_maxdiff = 0;
530 x->inner_mode = NULL;
531 x->inner_mode_iaf = NULL;
532 spin_lock_init(&x->lock);
533 }
534 return x;
535}
536EXPORT_SYMBOL(xfrm_state_alloc);
537
538void __xfrm_state_destroy(struct xfrm_state *x)
539{
540 WARN_ON(x->km.state != XFRM_STATE_DEAD);
541
542 spin_lock_bh(&xfrm_state_gc_lock);
543 hlist_add_head(&x->gclist, &xfrm_state_gc_list);
544 spin_unlock_bh(&xfrm_state_gc_lock);
545 schedule_work(&xfrm_state_gc_work);
546}
547EXPORT_SYMBOL(__xfrm_state_destroy);
548
549int __xfrm_state_delete(struct xfrm_state *x)
550{
551 int err = -ESRCH;
552
553 if (x->km.state != XFRM_STATE_DEAD) {
554 x->km.state = XFRM_STATE_DEAD;
555 spin_lock(&xfrm_state_lock);
556 list_del(&x->km.all);
557 hlist_del(&x->bydst);
558 hlist_del(&x->bysrc);
559 if (x->id.spi)
560 hlist_del(&x->byspi);
561 xfrm_state_num--;
562 spin_unlock(&xfrm_state_lock);
563
564
565
566
567
568 xfrm_state_put(x);
569 err = 0;
570 }
571
572 return err;
573}
574EXPORT_SYMBOL(__xfrm_state_delete);
575
576int xfrm_state_delete(struct xfrm_state *x)
577{
578 int err;
579
580 spin_lock_bh(&x->lock);
581 err = __xfrm_state_delete(x);
582 spin_unlock_bh(&x->lock);
583
584 return err;
585}
586EXPORT_SYMBOL(xfrm_state_delete);
587
588#ifdef CONFIG_SECURITY_NETWORK_XFRM
589static inline int
590xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
591{
592 int i, err = 0;
593
594 for (i = 0; i <= xfrm_state_hmask; i++) {
595 struct hlist_node *entry;
596 struct xfrm_state *x;
597
598 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
599 if (xfrm_id_proto_match(x->id.proto, proto) &&
600 (err = security_xfrm_state_delete(x)) != 0) {
601 xfrm_audit_state_delete(x, 0,
602 audit_info->loginuid,
603 audit_info->sessionid,
604 audit_info->secid);
605 return err;
606 }
607 }
608 }
609
610 return err;
611}
612#else
613static inline int
614xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
615{
616 return 0;
617}
618#endif
619
620int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
621{
622 int i, err = 0;
623
624 spin_lock_bh(&xfrm_state_lock);
625 err = xfrm_state_flush_secctx_check(proto, audit_info);
626 if (err)
627 goto out;
628
629 for (i = 0; i <= xfrm_state_hmask; i++) {
630 struct hlist_node *entry;
631 struct xfrm_state *x;
632restart:
633 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
634 if (!xfrm_state_kern(x) &&
635 xfrm_id_proto_match(x->id.proto, proto)) {
636 xfrm_state_hold(x);
637 spin_unlock_bh(&xfrm_state_lock);
638
639 err = xfrm_state_delete(x);
640 xfrm_audit_state_delete(x, err ? 0 : 1,
641 audit_info->loginuid,
642 audit_info->sessionid,
643 audit_info->secid);
644 xfrm_state_put(x);
645
646 spin_lock_bh(&xfrm_state_lock);
647 goto restart;
648 }
649 }
650 }
651 err = 0;
652
653out:
654 spin_unlock_bh(&xfrm_state_lock);
655 wake_up(&km_waitq);
656 return err;
657}
658EXPORT_SYMBOL(xfrm_state_flush);
659
660void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
661{
662 spin_lock_bh(&xfrm_state_lock);
663 si->sadcnt = xfrm_state_num;
664 si->sadhcnt = xfrm_state_hmask;
665 si->sadhmcnt = xfrm_state_hashmax;
666 spin_unlock_bh(&xfrm_state_lock);
667}
668EXPORT_SYMBOL(xfrm_sad_getinfo);
669
670static int
671xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
672 struct xfrm_tmpl *tmpl,
673 xfrm_address_t *daddr, xfrm_address_t *saddr,
674 unsigned short family)
675{
676 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
677 if (!afinfo)
678 return -1;
679 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
680 xfrm_state_put_afinfo(afinfo);
681 return 0;
682}
683
684static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
685{
686 unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
687 struct xfrm_state *x;
688 struct hlist_node *entry;
689
690 hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
691 if (x->props.family != family ||
692 x->id.spi != spi ||
693 x->id.proto != proto)
694 continue;
695
696 switch (family) {
697 case AF_INET:
698 if (x->id.daddr.a4 != daddr->a4)
699 continue;
700 break;
701 case AF_INET6:
702 if (!ipv6_addr_equal((struct in6_addr *)daddr,
703 (struct in6_addr *)
704 x->id.daddr.a6))
705 continue;
706 break;
707 }
708
709 xfrm_state_hold(x);
710 return x;
711 }
712
713 return NULL;
714}
715
716static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
717{
718 unsigned int h = xfrm_src_hash(daddr, saddr, family);
719 struct xfrm_state *x;
720 struct hlist_node *entry;
721
722 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
723 if (x->props.family != family ||
724 x->id.proto != proto)
725 continue;
726
727 switch (family) {
728 case AF_INET:
729 if (x->id.daddr.a4 != daddr->a4 ||
730 x->props.saddr.a4 != saddr->a4)
731 continue;
732 break;
733 case AF_INET6:
734 if (!ipv6_addr_equal((struct in6_addr *)daddr,
735 (struct in6_addr *)
736 x->id.daddr.a6) ||
737 !ipv6_addr_equal((struct in6_addr *)saddr,
738 (struct in6_addr *)
739 x->props.saddr.a6))
740 continue;
741 break;
742 }
743
744 xfrm_state_hold(x);
745 return x;
746 }
747
748 return NULL;
749}
750
751static inline struct xfrm_state *
752__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
753{
754 if (use_spi)
755 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
756 x->id.proto, family);
757 else
758 return __xfrm_state_lookup_byaddr(&x->id.daddr,
759 &x->props.saddr,
760 x->id.proto, family);
761}
762
763static void xfrm_hash_grow_check(int have_hash_collision)
764{
765 if (have_hash_collision &&
766 (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
767 xfrm_state_num > xfrm_state_hmask)
768 schedule_work(&xfrm_hash_work);
769}
770
771struct xfrm_state *
772xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
773 struct flowi *fl, struct xfrm_tmpl *tmpl,
774 struct xfrm_policy *pol, int *err,
775 unsigned short family)
776{
777 unsigned int h;
778 struct hlist_node *entry;
779 struct xfrm_state *x, *x0, *to_put;
780 int acquire_in_progress = 0;
781 int error = 0;
782 struct xfrm_state *best = NULL;
783
784 to_put = NULL;
785
786 spin_lock_bh(&xfrm_state_lock);
787 h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
788 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
789 if (x->props.family == family &&
790 x->props.reqid == tmpl->reqid &&
791 !(x->props.flags & XFRM_STATE_WILDRECV) &&
792 xfrm_state_addr_check(x, daddr, saddr, family) &&
793 tmpl->mode == x->props.mode &&
794 tmpl->id.proto == x->id.proto &&
795 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
796
797
798
799
800
801
802
803
804
805
806
807
808
809 if (x->km.state == XFRM_STATE_VALID) {
810 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
811 !security_xfrm_state_pol_flow_match(x, pol, fl))
812 continue;
813 if (!best ||
814 best->km.dying > x->km.dying ||
815 (best->km.dying == x->km.dying &&
816 best->curlft.add_time < x->curlft.add_time))
817 best = x;
818 } else if (x->km.state == XFRM_STATE_ACQ) {
819 acquire_in_progress = 1;
820 } else if (x->km.state == XFRM_STATE_ERROR ||
821 x->km.state == XFRM_STATE_EXPIRED) {
822 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
823 security_xfrm_state_pol_flow_match(x, pol, fl))
824 error = -ESRCH;
825 }
826 }
827 }
828
829 x = best;
830 if (!x && !error && !acquire_in_progress) {
831 if (tmpl->id.spi &&
832 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
833 tmpl->id.proto, family)) != NULL) {
834 to_put = x0;
835 error = -EEXIST;
836 goto out;
837 }
838 x = xfrm_state_alloc();
839 if (x == NULL) {
840 error = -ENOMEM;
841 goto out;
842 }
843
844
845 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
846
847 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
848 if (error) {
849 x->km.state = XFRM_STATE_DEAD;
850 to_put = x;
851 x = NULL;
852 goto out;
853 }
854
855 if (km_query(x, tmpl, pol) == 0) {
856 x->km.state = XFRM_STATE_ACQ;
857 list_add(&x->km.all, &xfrm_state_all);
858 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
859 h = xfrm_src_hash(daddr, saddr, family);
860 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
861 if (x->id.spi) {
862 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
863 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
864 }
865 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
866 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
867 add_timer(&x->timer);
868 xfrm_state_num++;
869 xfrm_hash_grow_check(x->bydst.next != NULL);
870 } else {
871 x->km.state = XFRM_STATE_DEAD;
872 to_put = x;
873 x = NULL;
874 error = -ESRCH;
875 }
876 }
877out:
878 if (x)
879 xfrm_state_hold(x);
880 else
881 *err = acquire_in_progress ? -EAGAIN : error;
882 spin_unlock_bh(&xfrm_state_lock);
883 if (to_put)
884 xfrm_state_put(to_put);
885 return x;
886}
887
888struct xfrm_state *
889xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
890 unsigned short family, u8 mode, u8 proto, u32 reqid)
891{
892 unsigned int h;
893 struct xfrm_state *rx = NULL, *x = NULL;
894 struct hlist_node *entry;
895
896 spin_lock(&xfrm_state_lock);
897 h = xfrm_dst_hash(daddr, saddr, reqid, family);
898 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
899 if (x->props.family == family &&
900 x->props.reqid == reqid &&
901 !(x->props.flags & XFRM_STATE_WILDRECV) &&
902 xfrm_state_addr_check(x, daddr, saddr, family) &&
903 mode == x->props.mode &&
904 proto == x->id.proto &&
905 x->km.state == XFRM_STATE_VALID) {
906 rx = x;
907 break;
908 }
909 }
910
911 if (rx)
912 xfrm_state_hold(rx);
913 spin_unlock(&xfrm_state_lock);
914
915
916 return rx;
917}
918EXPORT_SYMBOL(xfrm_stateonly_find);
919
920static void __xfrm_state_insert(struct xfrm_state *x)
921{
922 unsigned int h;
923
924 x->genid = ++xfrm_state_genid;
925
926 list_add(&x->km.all, &xfrm_state_all);
927
928 h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
929 x->props.reqid, x->props.family);
930 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
931
932 h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
933 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
934
935 if (x->id.spi) {
936 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
937 x->props.family);
938
939 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
940 }
941
942 mod_timer(&x->timer, jiffies + HZ);
943 if (x->replay_maxage)
944 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
945
946 wake_up(&km_waitq);
947
948 xfrm_state_num++;
949
950 xfrm_hash_grow_check(x->bydst.next != NULL);
951}
952
953
954static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
955{
956 unsigned short family = xnew->props.family;
957 u32 reqid = xnew->props.reqid;
958 struct xfrm_state *x;
959 struct hlist_node *entry;
960 unsigned int h;
961
962 h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
963 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
964 if (x->props.family == family &&
965 x->props.reqid == reqid &&
966 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
967 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
968 x->genid = xfrm_state_genid;
969 }
970}
971
972void xfrm_state_insert(struct xfrm_state *x)
973{
974 spin_lock_bh(&xfrm_state_lock);
975 __xfrm_state_bump_genids(x);
976 __xfrm_state_insert(x);
977 spin_unlock_bh(&xfrm_state_lock);
978}
979EXPORT_SYMBOL(xfrm_state_insert);
980
981
982static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
983{
984 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
985 struct hlist_node *entry;
986 struct xfrm_state *x;
987
988 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
989 if (x->props.reqid != reqid ||
990 x->props.mode != mode ||
991 x->props.family != family ||
992 x->km.state != XFRM_STATE_ACQ ||
993 x->id.spi != 0 ||
994 x->id.proto != proto)
995 continue;
996
997 switch (family) {
998 case AF_INET:
999 if (x->id.daddr.a4 != daddr->a4 ||
1000 x->props.saddr.a4 != saddr->a4)
1001 continue;
1002 break;
1003 case AF_INET6:
1004 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
1005 (struct in6_addr *)daddr) ||
1006 !ipv6_addr_equal((struct in6_addr *)
1007 x->props.saddr.a6,
1008 (struct in6_addr *)saddr))
1009 continue;
1010 break;
1011 }
1012
1013 xfrm_state_hold(x);
1014 return x;
1015 }
1016
1017 if (!create)
1018 return NULL;
1019
1020 x = xfrm_state_alloc();
1021 if (likely(x)) {
1022 switch (family) {
1023 case AF_INET:
1024 x->sel.daddr.a4 = daddr->a4;
1025 x->sel.saddr.a4 = saddr->a4;
1026 x->sel.prefixlen_d = 32;
1027 x->sel.prefixlen_s = 32;
1028 x->props.saddr.a4 = saddr->a4;
1029 x->id.daddr.a4 = daddr->a4;
1030 break;
1031
1032 case AF_INET6:
1033 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1034 (struct in6_addr *)daddr);
1035 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1036 (struct in6_addr *)saddr);
1037 x->sel.prefixlen_d = 128;
1038 x->sel.prefixlen_s = 128;
1039 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1040 (struct in6_addr *)saddr);
1041 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1042 (struct in6_addr *)daddr);
1043 break;
1044 }
1045
1046 x->km.state = XFRM_STATE_ACQ;
1047 x->id.proto = proto;
1048 x->props.family = family;
1049 x->props.mode = mode;
1050 x->props.reqid = reqid;
1051 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
1052 xfrm_state_hold(x);
1053 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1054 add_timer(&x->timer);
1055 list_add(&x->km.all, &xfrm_state_all);
1056 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
1057 h = xfrm_src_hash(daddr, saddr, family);
1058 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1059
1060 xfrm_state_num++;
1061
1062 xfrm_hash_grow_check(x->bydst.next != NULL);
1063 }
1064
1065 return x;
1066}
1067
1068static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1069
1070int xfrm_state_add(struct xfrm_state *x)
1071{
1072 struct xfrm_state *x1, *to_put;
1073 int family;
1074 int err;
1075 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1076
1077 family = x->props.family;
1078
1079 to_put = NULL;
1080
1081 spin_lock_bh(&xfrm_state_lock);
1082
1083 x1 = __xfrm_state_locate(x, use_spi, family);
1084 if (x1) {
1085 to_put = x1;
1086 x1 = NULL;
1087 err = -EEXIST;
1088 goto out;
1089 }
1090
1091 if (use_spi && x->km.seq) {
1092 x1 = __xfrm_find_acq_byseq(x->km.seq);
1093 if (x1 && ((x1->id.proto != x->id.proto) ||
1094 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1095 to_put = x1;
1096 x1 = NULL;
1097 }
1098 }
1099
1100 if (use_spi && !x1)
1101 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1102 x->id.proto,
1103 &x->id.daddr, &x->props.saddr, 0);
1104
1105 __xfrm_state_bump_genids(x);
1106 __xfrm_state_insert(x);
1107 err = 0;
1108
1109out:
1110 spin_unlock_bh(&xfrm_state_lock);
1111
1112 if (x1) {
1113 xfrm_state_delete(x1);
1114 xfrm_state_put(x1);
1115 }
1116
1117 if (to_put)
1118 xfrm_state_put(to_put);
1119
1120 return err;
1121}
1122EXPORT_SYMBOL(xfrm_state_add);
1123
1124#ifdef CONFIG_XFRM_MIGRATE
1125static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1126{
1127 int err = -ENOMEM;
1128 struct xfrm_state *x = xfrm_state_alloc();
1129 if (!x)
1130 goto error;
1131
1132 memcpy(&x->id, &orig->id, sizeof(x->id));
1133 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1134 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1135 x->props.mode = orig->props.mode;
1136 x->props.replay_window = orig->props.replay_window;
1137 x->props.reqid = orig->props.reqid;
1138 x->props.family = orig->props.family;
1139 x->props.saddr = orig->props.saddr;
1140
1141 if (orig->aalg) {
1142 x->aalg = xfrm_algo_clone(orig->aalg);
1143 if (!x->aalg)
1144 goto error;
1145 }
1146 x->props.aalgo = orig->props.aalgo;
1147
1148 if (orig->ealg) {
1149 x->ealg = xfrm_algo_clone(orig->ealg);
1150 if (!x->ealg)
1151 goto error;
1152 }
1153 x->props.ealgo = orig->props.ealgo;
1154
1155 if (orig->calg) {
1156 x->calg = xfrm_algo_clone(orig->calg);
1157 if (!x->calg)
1158 goto error;
1159 }
1160 x->props.calgo = orig->props.calgo;
1161
1162 if (orig->encap) {
1163 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1164 if (!x->encap)
1165 goto error;
1166 }
1167
1168 if (orig->coaddr) {
1169 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1170 GFP_KERNEL);
1171 if (!x->coaddr)
1172 goto error;
1173 }
1174
1175 err = xfrm_init_state(x);
1176 if (err)
1177 goto error;
1178
1179 x->props.flags = orig->props.flags;
1180
1181 x->curlft.add_time = orig->curlft.add_time;
1182 x->km.state = orig->km.state;
1183 x->km.seq = orig->km.seq;
1184
1185 return x;
1186
1187 error:
1188 if (errp)
1189 *errp = err;
1190 if (x) {
1191 kfree(x->aalg);
1192 kfree(x->ealg);
1193 kfree(x->calg);
1194 kfree(x->encap);
1195 kfree(x->coaddr);
1196 }
1197 kfree(x);
1198 return NULL;
1199}
1200
1201
1202struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1203{
1204 unsigned int h;
1205 struct xfrm_state *x;
1206 struct hlist_node *entry;
1207
1208 if (m->reqid) {
1209 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1210 m->reqid, m->old_family);
1211 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1212 if (x->props.mode != m->mode ||
1213 x->id.proto != m->proto)
1214 continue;
1215 if (m->reqid && x->props.reqid != m->reqid)
1216 continue;
1217 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1218 m->old_family) ||
1219 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1220 m->old_family))
1221 continue;
1222 xfrm_state_hold(x);
1223 return x;
1224 }
1225 } else {
1226 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1227 m->old_family);
1228 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
1229 if (x->props.mode != m->mode ||
1230 x->id.proto != m->proto)
1231 continue;
1232 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1233 m->old_family) ||
1234 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1235 m->old_family))
1236 continue;
1237 xfrm_state_hold(x);
1238 return x;
1239 }
1240 }
1241
1242 return NULL;
1243}
1244EXPORT_SYMBOL(xfrm_migrate_state_find);
1245
1246struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1247 struct xfrm_migrate *m)
1248{
1249 struct xfrm_state *xc;
1250 int err;
1251
1252 xc = xfrm_state_clone(x, &err);
1253 if (!xc)
1254 return NULL;
1255
1256 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1257 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1258
1259
1260 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1261
1262
1263 xfrm_state_insert(xc);
1264 } else {
1265 if ((err = xfrm_state_add(xc)) < 0)
1266 goto error;
1267 }
1268
1269 return xc;
1270error:
1271 kfree(xc);
1272 return NULL;
1273}
1274EXPORT_SYMBOL(xfrm_state_migrate);
1275#endif
1276
1277int xfrm_state_update(struct xfrm_state *x)
1278{
1279 struct xfrm_state *x1, *to_put;
1280 int err;
1281 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1282
1283 to_put = NULL;
1284
1285 spin_lock_bh(&xfrm_state_lock);
1286 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1287
1288 err = -ESRCH;
1289 if (!x1)
1290 goto out;
1291
1292 if (xfrm_state_kern(x1)) {
1293 to_put = x1;
1294 err = -EEXIST;
1295 goto out;
1296 }
1297
1298 if (x1->km.state == XFRM_STATE_ACQ) {
1299 __xfrm_state_insert(x);
1300 x = NULL;
1301 }
1302 err = 0;
1303
1304out:
1305 spin_unlock_bh(&xfrm_state_lock);
1306
1307 if (to_put)
1308 xfrm_state_put(to_put);
1309
1310 if (err)
1311 return err;
1312
1313 if (!x) {
1314 xfrm_state_delete(x1);
1315 xfrm_state_put(x1);
1316 return 0;
1317 }
1318
1319 err = -EINVAL;
1320 spin_lock_bh(&x1->lock);
1321 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1322 if (x->encap && x1->encap)
1323 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1324 if (x->coaddr && x1->coaddr) {
1325 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1326 }
1327 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1328 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1329 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1330 x1->km.dying = 0;
1331
1332 mod_timer(&x1->timer, jiffies + HZ);
1333 if (x1->curlft.use_time)
1334 xfrm_state_check_expire(x1);
1335
1336 err = 0;
1337 }
1338 spin_unlock_bh(&x1->lock);
1339
1340 xfrm_state_put(x1);
1341
1342 return err;
1343}
1344EXPORT_SYMBOL(xfrm_state_update);
1345
1346int xfrm_state_check_expire(struct xfrm_state *x)
1347{
1348 if (!x->curlft.use_time)
1349 x->curlft.use_time = get_seconds();
1350
1351 if (x->km.state != XFRM_STATE_VALID)
1352 return -EINVAL;
1353
1354 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1355 x->curlft.packets >= x->lft.hard_packet_limit) {
1356 x->km.state = XFRM_STATE_EXPIRED;
1357 mod_timer(&x->timer, jiffies);
1358 return -EINVAL;
1359 }
1360
1361 if (!x->km.dying &&
1362 (x->curlft.bytes >= x->lft.soft_byte_limit ||
1363 x->curlft.packets >= x->lft.soft_packet_limit)) {
1364 x->km.dying = 1;
1365 km_state_expired(x, 0, 0);
1366 }
1367 return 0;
1368}
1369EXPORT_SYMBOL(xfrm_state_check_expire);
1370
1371struct xfrm_state *
1372xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1373 unsigned short family)
1374{
1375 struct xfrm_state *x;
1376
1377 spin_lock_bh(&xfrm_state_lock);
1378 x = __xfrm_state_lookup(daddr, spi, proto, family);
1379 spin_unlock_bh(&xfrm_state_lock);
1380 return x;
1381}
1382EXPORT_SYMBOL(xfrm_state_lookup);
1383
1384struct xfrm_state *
1385xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1386 u8 proto, unsigned short family)
1387{
1388 struct xfrm_state *x;
1389
1390 spin_lock_bh(&xfrm_state_lock);
1391 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
1392 spin_unlock_bh(&xfrm_state_lock);
1393 return x;
1394}
1395EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1396
1397struct xfrm_state *
1398xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1399 xfrm_address_t *daddr, xfrm_address_t *saddr,
1400 int create, unsigned short family)
1401{
1402 struct xfrm_state *x;
1403
1404 spin_lock_bh(&xfrm_state_lock);
1405 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1406 spin_unlock_bh(&xfrm_state_lock);
1407
1408 return x;
1409}
1410EXPORT_SYMBOL(xfrm_find_acq);
1411
1412#ifdef CONFIG_XFRM_SUB_POLICY
1413int
1414xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1415 unsigned short family)
1416{
1417 int err = 0;
1418 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1419 if (!afinfo)
1420 return -EAFNOSUPPORT;
1421
1422 spin_lock_bh(&xfrm_state_lock);
1423 if (afinfo->tmpl_sort)
1424 err = afinfo->tmpl_sort(dst, src, n);
1425 spin_unlock_bh(&xfrm_state_lock);
1426 xfrm_state_put_afinfo(afinfo);
1427 return err;
1428}
1429EXPORT_SYMBOL(xfrm_tmpl_sort);
1430
1431int
1432xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1433 unsigned short family)
1434{
1435 int err = 0;
1436 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1437 if (!afinfo)
1438 return -EAFNOSUPPORT;
1439
1440 spin_lock_bh(&xfrm_state_lock);
1441 if (afinfo->state_sort)
1442 err = afinfo->state_sort(dst, src, n);
1443 spin_unlock_bh(&xfrm_state_lock);
1444 xfrm_state_put_afinfo(afinfo);
1445 return err;
1446}
1447EXPORT_SYMBOL(xfrm_state_sort);
1448#endif
1449
1450
1451
1452static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1453{
1454 int i;
1455
1456 for (i = 0; i <= xfrm_state_hmask; i++) {
1457 struct hlist_node *entry;
1458 struct xfrm_state *x;
1459
1460 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1461 if (x->km.seq == seq &&
1462 x->km.state == XFRM_STATE_ACQ) {
1463 xfrm_state_hold(x);
1464 return x;
1465 }
1466 }
1467 }
1468 return NULL;
1469}
1470
1471struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1472{
1473 struct xfrm_state *x;
1474
1475 spin_lock_bh(&xfrm_state_lock);
1476 x = __xfrm_find_acq_byseq(seq);
1477 spin_unlock_bh(&xfrm_state_lock);
1478 return x;
1479}
1480EXPORT_SYMBOL(xfrm_find_acq_byseq);
1481
1482u32 xfrm_get_acqseq(void)
1483{
1484 u32 res;
1485 static u32 acqseq;
1486 static DEFINE_SPINLOCK(acqseq_lock);
1487
1488 spin_lock_bh(&acqseq_lock);
1489 res = (++acqseq ? : ++acqseq);
1490 spin_unlock_bh(&acqseq_lock);
1491 return res;
1492}
1493EXPORT_SYMBOL(xfrm_get_acqseq);
1494
1495int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1496{
1497 unsigned int h;
1498 struct xfrm_state *x0;
1499 int err = -ENOENT;
1500 __be32 minspi = htonl(low);
1501 __be32 maxspi = htonl(high);
1502
1503 spin_lock_bh(&x->lock);
1504 if (x->km.state == XFRM_STATE_DEAD)
1505 goto unlock;
1506
1507 err = 0;
1508 if (x->id.spi)
1509 goto unlock;
1510
1511 err = -ENOENT;
1512
1513 if (minspi == maxspi) {
1514 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1515 if (x0) {
1516 xfrm_state_put(x0);
1517 goto unlock;
1518 }
1519 x->id.spi = minspi;
1520 } else {
1521 u32 spi = 0;
1522 for (h=0; h<high-low+1; h++) {
1523 spi = low + net_random()%(high-low+1);
1524 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1525 if (x0 == NULL) {
1526 x->id.spi = htonl(spi);
1527 break;
1528 }
1529 xfrm_state_put(x0);
1530 }
1531 }
1532 if (x->id.spi) {
1533 spin_lock_bh(&xfrm_state_lock);
1534 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1535 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1536 spin_unlock_bh(&xfrm_state_lock);
1537
1538 err = 0;
1539 }
1540
1541unlock:
1542 spin_unlock_bh(&x->lock);
1543
1544 return err;
1545}
1546EXPORT_SYMBOL(xfrm_alloc_spi);
1547
1548int xfrm_state_walk(struct xfrm_state_walk *walk,
1549 int (*func)(struct xfrm_state *, int, void*),
1550 void *data)
1551{
1552 struct xfrm_state *state;
1553 struct xfrm_state_walk *x;
1554 int err = 0;
1555
1556 if (walk->seq != 0 && list_empty(&walk->all))
1557 return 0;
1558
1559 spin_lock_bh(&xfrm_state_lock);
1560 if (list_empty(&walk->all))
1561 x = list_first_entry(&xfrm_state_all, struct xfrm_state_walk, all);
1562 else
1563 x = list_entry(&walk->all, struct xfrm_state_walk, all);
1564 list_for_each_entry_from(x, &xfrm_state_all, all) {
1565 if (x->state == XFRM_STATE_DEAD)
1566 continue;
1567 state = container_of(x, struct xfrm_state, km);
1568 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
1569 continue;
1570 err = func(state, walk->seq, data);
1571 if (err) {
1572 list_move_tail(&walk->all, &x->all);
1573 goto out;
1574 }
1575 walk->seq++;
1576 }
1577 if (walk->seq == 0) {
1578 err = -ENOENT;
1579 goto out;
1580 }
1581 list_del_init(&walk->all);
1582out:
1583 spin_unlock_bh(&xfrm_state_lock);
1584 return err;
1585}
1586EXPORT_SYMBOL(xfrm_state_walk);
1587
1588void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1589{
1590 INIT_LIST_HEAD(&walk->all);
1591 walk->proto = proto;
1592 walk->state = XFRM_STATE_DEAD;
1593 walk->seq = 0;
1594}
1595EXPORT_SYMBOL(xfrm_state_walk_init);
1596
1597void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1598{
1599 if (list_empty(&walk->all))
1600 return;
1601
1602 spin_lock_bh(&xfrm_state_lock);
1603 list_del(&walk->all);
1604 spin_lock_bh(&xfrm_state_lock);
1605}
1606EXPORT_SYMBOL(xfrm_state_walk_done);
1607
1608
1609void xfrm_replay_notify(struct xfrm_state *x, int event)
1610{
1611 struct km_event c;
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622 switch (event) {
1623 case XFRM_REPLAY_UPDATE:
1624 if (x->replay_maxdiff &&
1625 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1626 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1627 if (x->xflags & XFRM_TIME_DEFER)
1628 event = XFRM_REPLAY_TIMEOUT;
1629 else
1630 return;
1631 }
1632
1633 break;
1634
1635 case XFRM_REPLAY_TIMEOUT:
1636 if ((x->replay.seq == x->preplay.seq) &&
1637 (x->replay.bitmap == x->preplay.bitmap) &&
1638 (x->replay.oseq == x->preplay.oseq)) {
1639 x->xflags |= XFRM_TIME_DEFER;
1640 return;
1641 }
1642
1643 break;
1644 }
1645
1646 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1647 c.event = XFRM_MSG_NEWAE;
1648 c.data.aevent = event;
1649 km_state_notify(x, &c);
1650
1651 if (x->replay_maxage &&
1652 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1653 x->xflags &= ~XFRM_TIME_DEFER;
1654}
1655
1656static void xfrm_replay_timer_handler(unsigned long data)
1657{
1658 struct xfrm_state *x = (struct xfrm_state*)data;
1659
1660 spin_lock(&x->lock);
1661
1662 if (x->km.state == XFRM_STATE_VALID) {
1663 if (xfrm_aevent_is_on())
1664 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1665 else
1666 x->xflags |= XFRM_TIME_DEFER;
1667 }
1668
1669 spin_unlock(&x->lock);
1670}
1671
1672int xfrm_replay_check(struct xfrm_state *x,
1673 struct sk_buff *skb, __be32 net_seq)
1674{
1675 u32 diff;
1676 u32 seq = ntohl(net_seq);
1677
1678 if (unlikely(seq == 0))
1679 goto err;
1680
1681 if (likely(seq > x->replay.seq))
1682 return 0;
1683
1684 diff = x->replay.seq - seq;
1685 if (diff >= min_t(unsigned int, x->props.replay_window,
1686 sizeof(x->replay.bitmap) * 8)) {
1687 x->stats.replay_window++;
1688 goto err;
1689 }
1690
1691 if (x->replay.bitmap & (1U << diff)) {
1692 x->stats.replay++;
1693 goto err;
1694 }
1695 return 0;
1696
1697err:
1698 xfrm_audit_state_replay(x, skb, net_seq);
1699 return -EINVAL;
1700}
1701
1702void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1703{
1704 u32 diff;
1705 u32 seq = ntohl(net_seq);
1706
1707 if (seq > x->replay.seq) {
1708 diff = seq - x->replay.seq;
1709 if (diff < x->props.replay_window)
1710 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1711 else
1712 x->replay.bitmap = 1;
1713 x->replay.seq = seq;
1714 } else {
1715 diff = x->replay.seq - seq;
1716 x->replay.bitmap |= (1U << diff);
1717 }
1718
1719 if (xfrm_aevent_is_on())
1720 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1721}
1722
1723static LIST_HEAD(xfrm_km_list);
1724static DEFINE_RWLOCK(xfrm_km_lock);
1725
1726void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1727{
1728 struct xfrm_mgr *km;
1729
1730 read_lock(&xfrm_km_lock);
1731 list_for_each_entry(km, &xfrm_km_list, list)
1732 if (km->notify_policy)
1733 km->notify_policy(xp, dir, c);
1734 read_unlock(&xfrm_km_lock);
1735}
1736
1737void km_state_notify(struct xfrm_state *x, struct km_event *c)
1738{
1739 struct xfrm_mgr *km;
1740 read_lock(&xfrm_km_lock);
1741 list_for_each_entry(km, &xfrm_km_list, list)
1742 if (km->notify)
1743 km->notify(x, c);
1744 read_unlock(&xfrm_km_lock);
1745}
1746
1747EXPORT_SYMBOL(km_policy_notify);
1748EXPORT_SYMBOL(km_state_notify);
1749
1750void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1751{
1752 struct km_event c;
1753
1754 c.data.hard = hard;
1755 c.pid = pid;
1756 c.event = XFRM_MSG_EXPIRE;
1757 km_state_notify(x, &c);
1758
1759 if (hard)
1760 wake_up(&km_waitq);
1761}
1762
1763EXPORT_SYMBOL(km_state_expired);
1764
1765
1766
1767
1768int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1769{
1770 int err = -EINVAL, acqret;
1771 struct xfrm_mgr *km;
1772
1773 read_lock(&xfrm_km_lock);
1774 list_for_each_entry(km, &xfrm_km_list, list) {
1775 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1776 if (!acqret)
1777 err = acqret;
1778 }
1779 read_unlock(&xfrm_km_lock);
1780 return err;
1781}
1782EXPORT_SYMBOL(km_query);
1783
1784int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1785{
1786 int err = -EINVAL;
1787 struct xfrm_mgr *km;
1788
1789 read_lock(&xfrm_km_lock);
1790 list_for_each_entry(km, &xfrm_km_list, list) {
1791 if (km->new_mapping)
1792 err = km->new_mapping(x, ipaddr, sport);
1793 if (!err)
1794 break;
1795 }
1796 read_unlock(&xfrm_km_lock);
1797 return err;
1798}
1799EXPORT_SYMBOL(km_new_mapping);
1800
1801void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1802{
1803 struct km_event c;
1804
1805 c.data.hard = hard;
1806 c.pid = pid;
1807 c.event = XFRM_MSG_POLEXPIRE;
1808 km_policy_notify(pol, dir, &c);
1809
1810 if (hard)
1811 wake_up(&km_waitq);
1812}
1813EXPORT_SYMBOL(km_policy_expired);
1814
1815#ifdef CONFIG_XFRM_MIGRATE
1816int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1817 struct xfrm_migrate *m, int num_migrate,
1818 struct xfrm_kmaddress *k)
1819{
1820 int err = -EINVAL;
1821 int ret;
1822 struct xfrm_mgr *km;
1823
1824 read_lock(&xfrm_km_lock);
1825 list_for_each_entry(km, &xfrm_km_list, list) {
1826 if (km->migrate) {
1827 ret = km->migrate(sel, dir, type, m, num_migrate, k);
1828 if (!ret)
1829 err = ret;
1830 }
1831 }
1832 read_unlock(&xfrm_km_lock);
1833 return err;
1834}
1835EXPORT_SYMBOL(km_migrate);
1836#endif
1837
1838int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1839{
1840 int err = -EINVAL;
1841 int ret;
1842 struct xfrm_mgr *km;
1843
1844 read_lock(&xfrm_km_lock);
1845 list_for_each_entry(km, &xfrm_km_list, list) {
1846 if (km->report) {
1847 ret = km->report(proto, sel, addr);
1848 if (!ret)
1849 err = ret;
1850 }
1851 }
1852 read_unlock(&xfrm_km_lock);
1853 return err;
1854}
1855EXPORT_SYMBOL(km_report);
1856
1857int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1858{
1859 int err;
1860 u8 *data;
1861 struct xfrm_mgr *km;
1862 struct xfrm_policy *pol = NULL;
1863
1864 if (optlen <= 0 || optlen > PAGE_SIZE)
1865 return -EMSGSIZE;
1866
1867 data = kmalloc(optlen, GFP_KERNEL);
1868 if (!data)
1869 return -ENOMEM;
1870
1871 err = -EFAULT;
1872 if (copy_from_user(data, optval, optlen))
1873 goto out;
1874
1875 err = -EINVAL;
1876 read_lock(&xfrm_km_lock);
1877 list_for_each_entry(km, &xfrm_km_list, list) {
1878 pol = km->compile_policy(sk, optname, data,
1879 optlen, &err);
1880 if (err >= 0)
1881 break;
1882 }
1883 read_unlock(&xfrm_km_lock);
1884
1885 if (err >= 0) {
1886 xfrm_sk_policy_insert(sk, err, pol);
1887 xfrm_pol_put(pol);
1888 err = 0;
1889 }
1890
1891out:
1892 kfree(data);
1893 return err;
1894}
1895EXPORT_SYMBOL(xfrm_user_policy);
1896
1897int xfrm_register_km(struct xfrm_mgr *km)
1898{
1899 write_lock_bh(&xfrm_km_lock);
1900 list_add_tail(&km->list, &xfrm_km_list);
1901 write_unlock_bh(&xfrm_km_lock);
1902 return 0;
1903}
1904EXPORT_SYMBOL(xfrm_register_km);
1905
1906int xfrm_unregister_km(struct xfrm_mgr *km)
1907{
1908 write_lock_bh(&xfrm_km_lock);
1909 list_del(&km->list);
1910 write_unlock_bh(&xfrm_km_lock);
1911 return 0;
1912}
1913EXPORT_SYMBOL(xfrm_unregister_km);
1914
1915int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1916{
1917 int err = 0;
1918 if (unlikely(afinfo == NULL))
1919 return -EINVAL;
1920 if (unlikely(afinfo->family >= NPROTO))
1921 return -EAFNOSUPPORT;
1922 write_lock_bh(&xfrm_state_afinfo_lock);
1923 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1924 err = -ENOBUFS;
1925 else
1926 xfrm_state_afinfo[afinfo->family] = afinfo;
1927 write_unlock_bh(&xfrm_state_afinfo_lock);
1928 return err;
1929}
1930EXPORT_SYMBOL(xfrm_state_register_afinfo);
1931
1932int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1933{
1934 int err = 0;
1935 if (unlikely(afinfo == NULL))
1936 return -EINVAL;
1937 if (unlikely(afinfo->family >= NPROTO))
1938 return -EAFNOSUPPORT;
1939 write_lock_bh(&xfrm_state_afinfo_lock);
1940 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1941 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1942 err = -EINVAL;
1943 else
1944 xfrm_state_afinfo[afinfo->family] = NULL;
1945 }
1946 write_unlock_bh(&xfrm_state_afinfo_lock);
1947 return err;
1948}
1949EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1950
1951static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1952{
1953 struct xfrm_state_afinfo *afinfo;
1954 if (unlikely(family >= NPROTO))
1955 return NULL;
1956 read_lock(&xfrm_state_afinfo_lock);
1957 afinfo = xfrm_state_afinfo[family];
1958 if (unlikely(!afinfo))
1959 read_unlock(&xfrm_state_afinfo_lock);
1960 return afinfo;
1961}
1962
1963static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1964 __releases(xfrm_state_afinfo_lock)
1965{
1966 read_unlock(&xfrm_state_afinfo_lock);
1967}
1968
1969
1970void xfrm_state_delete_tunnel(struct xfrm_state *x)
1971{
1972 if (x->tunnel) {
1973 struct xfrm_state *t = x->tunnel;
1974
1975 if (atomic_read(&t->tunnel_users) == 2)
1976 xfrm_state_delete(t);
1977 atomic_dec(&t->tunnel_users);
1978 xfrm_state_put(t);
1979 x->tunnel = NULL;
1980 }
1981}
1982EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1983
1984int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1985{
1986 int res;
1987
1988 spin_lock_bh(&x->lock);
1989 if (x->km.state == XFRM_STATE_VALID &&
1990 x->type && x->type->get_mtu)
1991 res = x->type->get_mtu(x, mtu);
1992 else
1993 res = mtu - x->props.header_len;
1994 spin_unlock_bh(&x->lock);
1995 return res;
1996}
1997
1998int xfrm_init_state(struct xfrm_state *x)
1999{
2000 struct xfrm_state_afinfo *afinfo;
2001 struct xfrm_mode *inner_mode;
2002 int family = x->props.family;
2003 int err;
2004
2005 err = -EAFNOSUPPORT;
2006 afinfo = xfrm_state_get_afinfo(family);
2007 if (!afinfo)
2008 goto error;
2009
2010 err = 0;
2011 if (afinfo->init_flags)
2012 err = afinfo->init_flags(x);
2013
2014 xfrm_state_put_afinfo(afinfo);
2015
2016 if (err)
2017 goto error;
2018
2019 err = -EPROTONOSUPPORT;
2020
2021 if (x->sel.family != AF_UNSPEC) {
2022 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2023 if (inner_mode == NULL)
2024 goto error;
2025
2026 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2027 family != x->sel.family) {
2028 xfrm_put_mode(inner_mode);
2029 goto error;
2030 }
2031
2032 x->inner_mode = inner_mode;
2033 } else {
2034 struct xfrm_mode *inner_mode_iaf;
2035
2036 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2037 if (inner_mode == NULL)
2038 goto error;
2039
2040 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2041 xfrm_put_mode(inner_mode);
2042 goto error;
2043 }
2044
2045 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2046 if (inner_mode_iaf == NULL)
2047 goto error;
2048
2049 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2050 xfrm_put_mode(inner_mode_iaf);
2051 goto error;
2052 }
2053
2054 if (x->props.family == AF_INET) {
2055 x->inner_mode = inner_mode;
2056 x->inner_mode_iaf = inner_mode_iaf;
2057 } else {
2058 x->inner_mode = inner_mode_iaf;
2059 x->inner_mode_iaf = inner_mode;
2060 }
2061 }
2062
2063 x->type = xfrm_get_type(x->id.proto, family);
2064 if (x->type == NULL)
2065 goto error;
2066
2067 err = x->type->init_state(x);
2068 if (err)
2069 goto error;
2070
2071 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2072 if (x->outer_mode == NULL)
2073 goto error;
2074
2075 x->km.state = XFRM_STATE_VALID;
2076
2077error:
2078 return err;
2079}
2080
2081EXPORT_SYMBOL(xfrm_init_state);
2082
2083void __init xfrm_state_init(void)
2084{
2085 unsigned int sz;
2086
2087 sz = sizeof(struct hlist_head) * 8;
2088
2089 xfrm_state_bydst = xfrm_hash_alloc(sz);
2090 xfrm_state_bysrc = xfrm_hash_alloc(sz);
2091 xfrm_state_byspi = xfrm_hash_alloc(sz);
2092 if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
2093 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
2094 xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2095
2096 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
2097}
2098
2099#ifdef CONFIG_AUDITSYSCALL
2100static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2101 struct audit_buffer *audit_buf)
2102{
2103 struct xfrm_sec_ctx *ctx = x->security;
2104 u32 spi = ntohl(x->id.spi);
2105
2106 if (ctx)
2107 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2108 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2109
2110 switch(x->props.family) {
2111 case AF_INET:
2112 audit_log_format(audit_buf,
2113 " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2114 NIPQUAD(x->props.saddr.a4),
2115 NIPQUAD(x->id.daddr.a4));
2116 break;
2117 case AF_INET6:
2118 audit_log_format(audit_buf,
2119 " src=" NIP6_FMT " dst=" NIP6_FMT,
2120 NIP6(*(struct in6_addr *)x->props.saddr.a6),
2121 NIP6(*(struct in6_addr *)x->id.daddr.a6));
2122 break;
2123 }
2124
2125 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2126}
2127
2128static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2129 struct audit_buffer *audit_buf)
2130{
2131 struct iphdr *iph4;
2132 struct ipv6hdr *iph6;
2133
2134 switch (family) {
2135 case AF_INET:
2136 iph4 = ip_hdr(skb);
2137 audit_log_format(audit_buf,
2138 " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2139 NIPQUAD(iph4->saddr),
2140 NIPQUAD(iph4->daddr));
2141 break;
2142 case AF_INET6:
2143 iph6 = ipv6_hdr(skb);
2144 audit_log_format(audit_buf,
2145 " src=" NIP6_FMT " dst=" NIP6_FMT
2146 " flowlbl=0x%x%02x%02x",
2147 NIP6(iph6->saddr),
2148 NIP6(iph6->daddr),
2149 iph6->flow_lbl[0] & 0x0f,
2150 iph6->flow_lbl[1],
2151 iph6->flow_lbl[2]);
2152 break;
2153 }
2154}
2155
2156void xfrm_audit_state_add(struct xfrm_state *x, int result,
2157 uid_t auid, u32 sessionid, u32 secid)
2158{
2159 struct audit_buffer *audit_buf;
2160
2161 audit_buf = xfrm_audit_start("SAD-add");
2162 if (audit_buf == NULL)
2163 return;
2164 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2165 xfrm_audit_helper_sainfo(x, audit_buf);
2166 audit_log_format(audit_buf, " res=%u", result);
2167 audit_log_end(audit_buf);
2168}
2169EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2170
2171void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2172 uid_t auid, u32 sessionid, u32 secid)
2173{
2174 struct audit_buffer *audit_buf;
2175
2176 audit_buf = xfrm_audit_start("SAD-delete");
2177 if (audit_buf == NULL)
2178 return;
2179 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2180 xfrm_audit_helper_sainfo(x, audit_buf);
2181 audit_log_format(audit_buf, " res=%u", result);
2182 audit_log_end(audit_buf);
2183}
2184EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2185
2186void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2187 struct sk_buff *skb)
2188{
2189 struct audit_buffer *audit_buf;
2190 u32 spi;
2191
2192 audit_buf = xfrm_audit_start("SA-replay-overflow");
2193 if (audit_buf == NULL)
2194 return;
2195 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2196
2197
2198 spi = ntohl(x->id.spi);
2199 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2200 audit_log_end(audit_buf);
2201}
2202EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2203
2204static void xfrm_audit_state_replay(struct xfrm_state *x,
2205 struct sk_buff *skb, __be32 net_seq)
2206{
2207 struct audit_buffer *audit_buf;
2208 u32 spi;
2209
2210 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2211 if (audit_buf == NULL)
2212 return;
2213 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2214 spi = ntohl(x->id.spi);
2215 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2216 spi, spi, ntohl(net_seq));
2217 audit_log_end(audit_buf);
2218}
2219
2220void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2221{
2222 struct audit_buffer *audit_buf;
2223
2224 audit_buf = xfrm_audit_start("SA-notfound");
2225 if (audit_buf == NULL)
2226 return;
2227 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2228 audit_log_end(audit_buf);
2229}
2230EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2231
2232void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2233 __be32 net_spi, __be32 net_seq)
2234{
2235 struct audit_buffer *audit_buf;
2236 u32 spi;
2237
2238 audit_buf = xfrm_audit_start("SA-notfound");
2239 if (audit_buf == NULL)
2240 return;
2241 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2242 spi = ntohl(net_spi);
2243 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2244 spi, spi, ntohl(net_seq));
2245 audit_log_end(audit_buf);
2246}
2247EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2248
2249void xfrm_audit_state_icvfail(struct xfrm_state *x,
2250 struct sk_buff *skb, u8 proto)
2251{
2252 struct audit_buffer *audit_buf;
2253 __be32 net_spi;
2254 __be32 net_seq;
2255
2256 audit_buf = xfrm_audit_start("SA-icv-failure");
2257 if (audit_buf == NULL)
2258 return;
2259 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2260 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2261 u32 spi = ntohl(net_spi);
2262 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2263 spi, spi, ntohl(net_seq));
2264 }
2265 audit_log_end(audit_buf);
2266}
2267EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2268#endif