Remove obsolete #include <linux/config.h>
[linux-2.6.git] / net / xfrm / xfrm_state.c
1 /*
2  * xfrm_state.c
3  *
4  * Changes:
5  *      Mitsuru KANDA @USAGI
6  *      Kazunori MIYAZAWA @USAGI
7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8  *              IPv6 support
9  *      YOSHIFUJI Hideaki @USAGI
10  *              Split up af-specific functions
11  *      Derek Atkins <derek@ihtfp.com>
12  *              Add UDP Encapsulation
13  *
14  */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <asm/uaccess.h>
22
23 struct sock *xfrm_nl;
24 EXPORT_SYMBOL(xfrm_nl);
25
26 u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME;
27 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
28
29 u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE;
30 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
31
32 /* Each xfrm_state may be linked to two tables:
33
34    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
35    2. Hash table by daddr to find what SAs exist for given
36       destination/tunnel endpoint. (output)
37  */
38
39 static DEFINE_SPINLOCK(xfrm_state_lock);
40
41 /* Hash table to find appropriate SA towards given target (endpoint
42  * of tunnel or destination of transport mode) allowed by selector.
43  *
44  * Main use is finding SA after policy selected tunnel or transport mode.
45  * Also, it can be used by ah/esp icmp error handler to find offending SA.
46  */
47 static struct list_head xfrm_state_bydst[XFRM_DST_HSIZE];
48 static struct list_head xfrm_state_byspi[XFRM_DST_HSIZE];
49
50 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
51 EXPORT_SYMBOL(km_waitq);
52
53 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
54 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
55
56 static struct work_struct xfrm_state_gc_work;
57 static struct list_head xfrm_state_gc_list = LIST_HEAD_INIT(xfrm_state_gc_list);
58 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
59
60 static int xfrm_state_gc_flush_bundles;
61
62 int __xfrm_state_delete(struct xfrm_state *x);
63
64 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family);
65 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
66
67 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
68 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
69
70 static void xfrm_state_gc_destroy(struct xfrm_state *x)
71 {
72         if (del_timer(&x->timer))
73                 BUG();
74         if (del_timer(&x->rtimer))
75                 BUG();
76         kfree(x->aalg);
77         kfree(x->ealg);
78         kfree(x->calg);
79         kfree(x->encap);
80         if (x->mode)
81                 xfrm_put_mode(x->mode);
82         if (x->type) {
83                 x->type->destructor(x);
84                 xfrm_put_type(x->type);
85         }
86         security_xfrm_state_free(x);
87         kfree(x);
88 }
89
90 static void xfrm_state_gc_task(void *data)
91 {
92         struct xfrm_state *x;
93         struct list_head *entry, *tmp;
94         struct list_head gc_list = LIST_HEAD_INIT(gc_list);
95
96         if (xfrm_state_gc_flush_bundles) {
97                 xfrm_state_gc_flush_bundles = 0;
98                 xfrm_flush_bundles();
99         }
100
101         spin_lock_bh(&xfrm_state_gc_lock);
102         list_splice_init(&xfrm_state_gc_list, &gc_list);
103         spin_unlock_bh(&xfrm_state_gc_lock);
104
105         list_for_each_safe(entry, tmp, &gc_list) {
106                 x = list_entry(entry, struct xfrm_state, bydst);
107                 xfrm_state_gc_destroy(x);
108         }
109         wake_up(&km_waitq);
110 }
111
112 static inline unsigned long make_jiffies(long secs)
113 {
114         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
115                 return MAX_SCHEDULE_TIMEOUT-1;
116         else
117                 return secs*HZ;
118 }
119
120 static void xfrm_timer_handler(unsigned long data)
121 {
122         struct xfrm_state *x = (struct xfrm_state*)data;
123         unsigned long now = (unsigned long)xtime.tv_sec;
124         long next = LONG_MAX;
125         int warn = 0;
126
127         spin_lock(&x->lock);
128         if (x->km.state == XFRM_STATE_DEAD)
129                 goto out;
130         if (x->km.state == XFRM_STATE_EXPIRED)
131                 goto expired;
132         if (x->lft.hard_add_expires_seconds) {
133                 long tmo = x->lft.hard_add_expires_seconds +
134                         x->curlft.add_time - now;
135                 if (tmo <= 0)
136                         goto expired;
137                 if (tmo < next)
138                         next = tmo;
139         }
140         if (x->lft.hard_use_expires_seconds) {
141                 long tmo = x->lft.hard_use_expires_seconds +
142                         (x->curlft.use_time ? : now) - now;
143                 if (tmo <= 0)
144                         goto expired;
145                 if (tmo < next)
146                         next = tmo;
147         }
148         if (x->km.dying)
149                 goto resched;
150         if (x->lft.soft_add_expires_seconds) {
151                 long tmo = x->lft.soft_add_expires_seconds +
152                         x->curlft.add_time - now;
153                 if (tmo <= 0)
154                         warn = 1;
155                 else if (tmo < next)
156                         next = tmo;
157         }
158         if (x->lft.soft_use_expires_seconds) {
159                 long tmo = x->lft.soft_use_expires_seconds +
160                         (x->curlft.use_time ? : now) - now;
161                 if (tmo <= 0)
162                         warn = 1;
163                 else if (tmo < next)
164                         next = tmo;
165         }
166
167         x->km.dying = warn;
168         if (warn)
169                 km_state_expired(x, 0, 0);
170 resched:
171         if (next != LONG_MAX &&
172             !mod_timer(&x->timer, jiffies + make_jiffies(next)))
173                 xfrm_state_hold(x);
174         goto out;
175
176 expired:
177         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
178                 x->km.state = XFRM_STATE_EXPIRED;
179                 wake_up(&km_waitq);
180                 next = 2;
181                 goto resched;
182         }
183         if (!__xfrm_state_delete(x) && x->id.spi)
184                 km_state_expired(x, 1, 0);
185
186 out:
187         spin_unlock(&x->lock);
188         xfrm_state_put(x);
189 }
190
191 static void xfrm_replay_timer_handler(unsigned long data);
192
193 struct xfrm_state *xfrm_state_alloc(void)
194 {
195         struct xfrm_state *x;
196
197         x = kmalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
198
199         if (x) {
200                 memset(x, 0, sizeof(struct xfrm_state));
201                 atomic_set(&x->refcnt, 1);
202                 atomic_set(&x->tunnel_users, 0);
203                 INIT_LIST_HEAD(&x->bydst);
204                 INIT_LIST_HEAD(&x->byspi);
205                 init_timer(&x->timer);
206                 x->timer.function = xfrm_timer_handler;
207                 x->timer.data     = (unsigned long)x;
208                 init_timer(&x->rtimer);
209                 x->rtimer.function = xfrm_replay_timer_handler;
210                 x->rtimer.data     = (unsigned long)x;
211                 x->curlft.add_time = (unsigned long)xtime.tv_sec;
212                 x->lft.soft_byte_limit = XFRM_INF;
213                 x->lft.soft_packet_limit = XFRM_INF;
214                 x->lft.hard_byte_limit = XFRM_INF;
215                 x->lft.hard_packet_limit = XFRM_INF;
216                 x->replay_maxage = 0;
217                 x->replay_maxdiff = 0;
218                 spin_lock_init(&x->lock);
219         }
220         return x;
221 }
222 EXPORT_SYMBOL(xfrm_state_alloc);
223
224 void __xfrm_state_destroy(struct xfrm_state *x)
225 {
226         BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
227
228         spin_lock_bh(&xfrm_state_gc_lock);
229         list_add(&x->bydst, &xfrm_state_gc_list);
230         spin_unlock_bh(&xfrm_state_gc_lock);
231         schedule_work(&xfrm_state_gc_work);
232 }
233 EXPORT_SYMBOL(__xfrm_state_destroy);
234
235 int __xfrm_state_delete(struct xfrm_state *x)
236 {
237         int err = -ESRCH;
238
239         if (x->km.state != XFRM_STATE_DEAD) {
240                 x->km.state = XFRM_STATE_DEAD;
241                 spin_lock(&xfrm_state_lock);
242                 list_del(&x->bydst);
243                 __xfrm_state_put(x);
244                 if (x->id.spi) {
245                         list_del(&x->byspi);
246                         __xfrm_state_put(x);
247                 }
248                 spin_unlock(&xfrm_state_lock);
249                 if (del_timer(&x->timer))
250                         __xfrm_state_put(x);
251                 if (del_timer(&x->rtimer))
252                         __xfrm_state_put(x);
253
254                 /* The number two in this test is the reference
255                  * mentioned in the comment below plus the reference
256                  * our caller holds.  A larger value means that
257                  * there are DSTs attached to this xfrm_state.
258                  */
259                 if (atomic_read(&x->refcnt) > 2) {
260                         xfrm_state_gc_flush_bundles = 1;
261                         schedule_work(&xfrm_state_gc_work);
262                 }
263
264                 /* All xfrm_state objects are created by xfrm_state_alloc.
265                  * The xfrm_state_alloc call gives a reference, and that
266                  * is what we are dropping here.
267                  */
268                 __xfrm_state_put(x);
269                 err = 0;
270         }
271
272         return err;
273 }
274 EXPORT_SYMBOL(__xfrm_state_delete);
275
276 int xfrm_state_delete(struct xfrm_state *x)
277 {
278         int err;
279
280         spin_lock_bh(&x->lock);
281         err = __xfrm_state_delete(x);
282         spin_unlock_bh(&x->lock);
283
284         return err;
285 }
286 EXPORT_SYMBOL(xfrm_state_delete);
287
288 void xfrm_state_flush(u8 proto)
289 {
290         int i;
291         struct xfrm_state *x;
292
293         spin_lock_bh(&xfrm_state_lock);
294         for (i = 0; i < XFRM_DST_HSIZE; i++) {
295 restart:
296                 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
297                         if (!xfrm_state_kern(x) &&
298                             (proto == IPSEC_PROTO_ANY || x->id.proto == proto)) {
299                                 xfrm_state_hold(x);
300                                 spin_unlock_bh(&xfrm_state_lock);
301
302                                 xfrm_state_delete(x);
303                                 xfrm_state_put(x);
304
305                                 spin_lock_bh(&xfrm_state_lock);
306                                 goto restart;
307                         }
308                 }
309         }
310         spin_unlock_bh(&xfrm_state_lock);
311         wake_up(&km_waitq);
312 }
313 EXPORT_SYMBOL(xfrm_state_flush);
314
315 static int
316 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
317                   struct xfrm_tmpl *tmpl,
318                   xfrm_address_t *daddr, xfrm_address_t *saddr,
319                   unsigned short family)
320 {
321         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
322         if (!afinfo)
323                 return -1;
324         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
325         xfrm_state_put_afinfo(afinfo);
326         return 0;
327 }
328
329 struct xfrm_state *
330 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 
331                 struct flowi *fl, struct xfrm_tmpl *tmpl,
332                 struct xfrm_policy *pol, int *err,
333                 unsigned short family)
334 {
335         unsigned h = xfrm_dst_hash(daddr, family);
336         struct xfrm_state *x, *x0;
337         int acquire_in_progress = 0;
338         int error = 0;
339         struct xfrm_state *best = NULL;
340         struct xfrm_state_afinfo *afinfo;
341         
342         afinfo = xfrm_state_get_afinfo(family);
343         if (afinfo == NULL) {
344                 *err = -EAFNOSUPPORT;
345                 return NULL;
346         }
347
348         spin_lock_bh(&xfrm_state_lock);
349         list_for_each_entry(x, xfrm_state_bydst+h, bydst) {
350                 if (x->props.family == family &&
351                     x->props.reqid == tmpl->reqid &&
352                     xfrm_state_addr_check(x, daddr, saddr, family) &&
353                     tmpl->mode == x->props.mode &&
354                     tmpl->id.proto == x->id.proto &&
355                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
356                         /* Resolution logic:
357                            1. There is a valid state with matching selector.
358                               Done.
359                            2. Valid state with inappropriate selector. Skip.
360
361                            Entering area of "sysdeps".
362
363                            3. If state is not valid, selector is temporary,
364                               it selects only session which triggered
365                               previous resolution. Key manager will do
366                               something to install a state with proper
367                               selector.
368                          */
369                         if (x->km.state == XFRM_STATE_VALID) {
370                                 if (!xfrm_selector_match(&x->sel, fl, family) ||
371                                     !xfrm_sec_ctx_match(pol->security, x->security))
372                                         continue;
373                                 if (!best ||
374                                     best->km.dying > x->km.dying ||
375                                     (best->km.dying == x->km.dying &&
376                                      best->curlft.add_time < x->curlft.add_time))
377                                         best = x;
378                         } else if (x->km.state == XFRM_STATE_ACQ) {
379                                 acquire_in_progress = 1;
380                         } else if (x->km.state == XFRM_STATE_ERROR ||
381                                    x->km.state == XFRM_STATE_EXPIRED) {
382                                 if (xfrm_selector_match(&x->sel, fl, family) &&
383                                     xfrm_sec_ctx_match(pol->security, x->security))
384                                         error = -ESRCH;
385                         }
386                 }
387         }
388
389         x = best;
390         if (!x && !error && !acquire_in_progress) {
391                 if (tmpl->id.spi &&
392                     (x0 = afinfo->state_lookup(daddr, tmpl->id.spi,
393                                                tmpl->id.proto)) != NULL) {
394                         xfrm_state_put(x0);
395                         error = -EEXIST;
396                         goto out;
397                 }
398                 x = xfrm_state_alloc();
399                 if (x == NULL) {
400                         error = -ENOMEM;
401                         goto out;
402                 }
403                 /* Initialize temporary selector matching only
404                  * to current session. */
405                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
406
407                 if (km_query(x, tmpl, pol) == 0) {
408                         x->km.state = XFRM_STATE_ACQ;
409                         list_add_tail(&x->bydst, xfrm_state_bydst+h);
410                         xfrm_state_hold(x);
411                         if (x->id.spi) {
412                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
413                                 list_add(&x->byspi, xfrm_state_byspi+h);
414                                 xfrm_state_hold(x);
415                         }
416                         x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
417                         xfrm_state_hold(x);
418                         x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
419                         add_timer(&x->timer);
420                 } else {
421                         x->km.state = XFRM_STATE_DEAD;
422                         xfrm_state_put(x);
423                         x = NULL;
424                         error = -ESRCH;
425                 }
426         }
427 out:
428         if (x)
429                 xfrm_state_hold(x);
430         else
431                 *err = acquire_in_progress ? -EAGAIN : error;
432         spin_unlock_bh(&xfrm_state_lock);
433         xfrm_state_put_afinfo(afinfo);
434         return x;
435 }
436
437 static void __xfrm_state_insert(struct xfrm_state *x)
438 {
439         unsigned h = xfrm_dst_hash(&x->id.daddr, x->props.family);
440
441         list_add(&x->bydst, xfrm_state_bydst+h);
442         xfrm_state_hold(x);
443
444         h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
445
446         list_add(&x->byspi, xfrm_state_byspi+h);
447         xfrm_state_hold(x);
448
449         if (!mod_timer(&x->timer, jiffies + HZ))
450                 xfrm_state_hold(x);
451
452         if (x->replay_maxage &&
453             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
454                 xfrm_state_hold(x);
455
456         wake_up(&km_waitq);
457 }
458
459 void xfrm_state_insert(struct xfrm_state *x)
460 {
461         spin_lock_bh(&xfrm_state_lock);
462         __xfrm_state_insert(x);
463         spin_unlock_bh(&xfrm_state_lock);
464
465         xfrm_flush_all_bundles();
466 }
467 EXPORT_SYMBOL(xfrm_state_insert);
468
469 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
470
471 int xfrm_state_add(struct xfrm_state *x)
472 {
473         struct xfrm_state_afinfo *afinfo;
474         struct xfrm_state *x1;
475         int family;
476         int err;
477
478         family = x->props.family;
479         afinfo = xfrm_state_get_afinfo(family);
480         if (unlikely(afinfo == NULL))
481                 return -EAFNOSUPPORT;
482
483         spin_lock_bh(&xfrm_state_lock);
484
485         x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
486         if (x1) {
487                 xfrm_state_put(x1);
488                 x1 = NULL;
489                 err = -EEXIST;
490                 goto out;
491         }
492
493         if (x->km.seq) {
494                 x1 = __xfrm_find_acq_byseq(x->km.seq);
495                 if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
496                         xfrm_state_put(x1);
497                         x1 = NULL;
498                 }
499         }
500
501         if (!x1)
502                 x1 = afinfo->find_acq(
503                         x->props.mode, x->props.reqid, x->id.proto,
504                         &x->id.daddr, &x->props.saddr, 0);
505
506         __xfrm_state_insert(x);
507         err = 0;
508
509 out:
510         spin_unlock_bh(&xfrm_state_lock);
511         xfrm_state_put_afinfo(afinfo);
512
513         if (!err)
514                 xfrm_flush_all_bundles();
515
516         if (x1) {
517                 xfrm_state_delete(x1);
518                 xfrm_state_put(x1);
519         }
520
521         return err;
522 }
523 EXPORT_SYMBOL(xfrm_state_add);
524
525 int xfrm_state_update(struct xfrm_state *x)
526 {
527         struct xfrm_state_afinfo *afinfo;
528         struct xfrm_state *x1;
529         int err;
530
531         afinfo = xfrm_state_get_afinfo(x->props.family);
532         if (unlikely(afinfo == NULL))
533                 return -EAFNOSUPPORT;
534
535         spin_lock_bh(&xfrm_state_lock);
536         x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
537
538         err = -ESRCH;
539         if (!x1)
540                 goto out;
541
542         if (xfrm_state_kern(x1)) {
543                 xfrm_state_put(x1);
544                 err = -EEXIST;
545                 goto out;
546         }
547
548         if (x1->km.state == XFRM_STATE_ACQ) {
549                 __xfrm_state_insert(x);
550                 x = NULL;
551         }
552         err = 0;
553
554 out:
555         spin_unlock_bh(&xfrm_state_lock);
556         xfrm_state_put_afinfo(afinfo);
557
558         if (err)
559                 return err;
560
561         if (!x) {
562                 xfrm_state_delete(x1);
563                 xfrm_state_put(x1);
564                 return 0;
565         }
566
567         err = -EINVAL;
568         spin_lock_bh(&x1->lock);
569         if (likely(x1->km.state == XFRM_STATE_VALID)) {
570                 if (x->encap && x1->encap)
571                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
572                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
573                 x1->km.dying = 0;
574
575                 if (!mod_timer(&x1->timer, jiffies + HZ))
576                         xfrm_state_hold(x1);
577                 if (x1->curlft.use_time)
578                         xfrm_state_check_expire(x1);
579
580                 err = 0;
581         }
582         spin_unlock_bh(&x1->lock);
583
584         xfrm_state_put(x1);
585
586         return err;
587 }
588 EXPORT_SYMBOL(xfrm_state_update);
589
590 int xfrm_state_check_expire(struct xfrm_state *x)
591 {
592         if (!x->curlft.use_time)
593                 x->curlft.use_time = (unsigned long)xtime.tv_sec;
594
595         if (x->km.state != XFRM_STATE_VALID)
596                 return -EINVAL;
597
598         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
599             x->curlft.packets >= x->lft.hard_packet_limit) {
600                 x->km.state = XFRM_STATE_EXPIRED;
601                 if (!mod_timer(&x->timer, jiffies))
602                         xfrm_state_hold(x);
603                 return -EINVAL;
604         }
605
606         if (!x->km.dying &&
607             (x->curlft.bytes >= x->lft.soft_byte_limit ||
608              x->curlft.packets >= x->lft.soft_packet_limit)) {
609                 x->km.dying = 1;
610                 km_state_expired(x, 0, 0);
611         }
612         return 0;
613 }
614 EXPORT_SYMBOL(xfrm_state_check_expire);
615
616 static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
617 {
618         int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev)
619                 - skb_headroom(skb);
620
621         if (nhead > 0)
622                 return pskb_expand_head(skb, nhead, 0, GFP_ATOMIC);
623
624         /* Check tail too... */
625         return 0;
626 }
627
628 int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
629 {
630         int err = xfrm_state_check_expire(x);
631         if (err < 0)
632                 goto err;
633         err = xfrm_state_check_space(x, skb);
634 err:
635         return err;
636 }
637 EXPORT_SYMBOL(xfrm_state_check);
638
639 struct xfrm_state *
640 xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto,
641                   unsigned short family)
642 {
643         struct xfrm_state *x;
644         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
645         if (!afinfo)
646                 return NULL;
647
648         spin_lock_bh(&xfrm_state_lock);
649         x = afinfo->state_lookup(daddr, spi, proto);
650         spin_unlock_bh(&xfrm_state_lock);
651         xfrm_state_put_afinfo(afinfo);
652         return x;
653 }
654 EXPORT_SYMBOL(xfrm_state_lookup);
655
656 struct xfrm_state *
657 xfrm_find_acq(u8 mode, u32 reqid, u8 proto, 
658               xfrm_address_t *daddr, xfrm_address_t *saddr, 
659               int create, unsigned short family)
660 {
661         struct xfrm_state *x;
662         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
663         if (!afinfo)
664                 return NULL;
665
666         spin_lock_bh(&xfrm_state_lock);
667         x = afinfo->find_acq(mode, reqid, proto, daddr, saddr, create);
668         spin_unlock_bh(&xfrm_state_lock);
669         xfrm_state_put_afinfo(afinfo);
670         return x;
671 }
672 EXPORT_SYMBOL(xfrm_find_acq);
673
674 /* Silly enough, but I'm lazy to build resolution list */
675
676 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
677 {
678         int i;
679         struct xfrm_state *x;
680
681         for (i = 0; i < XFRM_DST_HSIZE; i++) {
682                 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
683                         if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
684                                 xfrm_state_hold(x);
685                                 return x;
686                         }
687                 }
688         }
689         return NULL;
690 }
691
692 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
693 {
694         struct xfrm_state *x;
695
696         spin_lock_bh(&xfrm_state_lock);
697         x = __xfrm_find_acq_byseq(seq);
698         spin_unlock_bh(&xfrm_state_lock);
699         return x;
700 }
701 EXPORT_SYMBOL(xfrm_find_acq_byseq);
702
703 u32 xfrm_get_acqseq(void)
704 {
705         u32 res;
706         static u32 acqseq;
707         static DEFINE_SPINLOCK(acqseq_lock);
708
709         spin_lock_bh(&acqseq_lock);
710         res = (++acqseq ? : ++acqseq);
711         spin_unlock_bh(&acqseq_lock);
712         return res;
713 }
714 EXPORT_SYMBOL(xfrm_get_acqseq);
715
716 void
717 xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi)
718 {
719         u32 h;
720         struct xfrm_state *x0;
721
722         if (x->id.spi)
723                 return;
724
725         if (minspi == maxspi) {
726                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
727                 if (x0) {
728                         xfrm_state_put(x0);
729                         return;
730                 }
731                 x->id.spi = minspi;
732         } else {
733                 u32 spi = 0;
734                 minspi = ntohl(minspi);
735                 maxspi = ntohl(maxspi);
736                 for (h=0; h<maxspi-minspi+1; h++) {
737                         spi = minspi + net_random()%(maxspi-minspi+1);
738                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
739                         if (x0 == NULL) {
740                                 x->id.spi = htonl(spi);
741                                 break;
742                         }
743                         xfrm_state_put(x0);
744                 }
745         }
746         if (x->id.spi) {
747                 spin_lock_bh(&xfrm_state_lock);
748                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
749                 list_add(&x->byspi, xfrm_state_byspi+h);
750                 xfrm_state_hold(x);
751                 spin_unlock_bh(&xfrm_state_lock);
752                 wake_up(&km_waitq);
753         }
754 }
755 EXPORT_SYMBOL(xfrm_alloc_spi);
756
757 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
758                     void *data)
759 {
760         int i;
761         struct xfrm_state *x;
762         int count = 0;
763         int err = 0;
764
765         spin_lock_bh(&xfrm_state_lock);
766         for (i = 0; i < XFRM_DST_HSIZE; i++) {
767                 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
768                         if (proto == IPSEC_PROTO_ANY || x->id.proto == proto)
769                                 count++;
770                 }
771         }
772         if (count == 0) {
773                 err = -ENOENT;
774                 goto out;
775         }
776
777         for (i = 0; i < XFRM_DST_HSIZE; i++) {
778                 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
779                         if (proto != IPSEC_PROTO_ANY && x->id.proto != proto)
780                                 continue;
781                         err = func(x, --count, data);
782                         if (err)
783                                 goto out;
784                 }
785         }
786 out:
787         spin_unlock_bh(&xfrm_state_lock);
788         return err;
789 }
790 EXPORT_SYMBOL(xfrm_state_walk);
791
792
793 void xfrm_replay_notify(struct xfrm_state *x, int event)
794 {
795         struct km_event c;
796         /* we send notify messages in case
797          *  1. we updated on of the sequence numbers, and the seqno difference
798          *     is at least x->replay_maxdiff, in this case we also update the
799          *     timeout of our timer function
800          *  2. if x->replay_maxage has elapsed since last update,
801          *     and there were changes
802          *
803          *  The state structure must be locked!
804          */
805
806         switch (event) {
807         case XFRM_REPLAY_UPDATE:
808                 if (x->replay_maxdiff &&
809                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
810                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
811                         if (x->xflags & XFRM_TIME_DEFER)
812                                 event = XFRM_REPLAY_TIMEOUT;
813                         else
814                                 return;
815                 }
816
817                 break;
818
819         case XFRM_REPLAY_TIMEOUT:
820                 if ((x->replay.seq == x->preplay.seq) &&
821                     (x->replay.bitmap == x->preplay.bitmap) &&
822                     (x->replay.oseq == x->preplay.oseq)) {
823                         x->xflags |= XFRM_TIME_DEFER;
824                         return;
825                 }
826
827                 break;
828         }
829
830         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
831         c.event = XFRM_MSG_NEWAE;
832         c.data.aevent = event;
833         km_state_notify(x, &c);
834
835         if (x->replay_maxage &&
836             !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) {
837                 xfrm_state_hold(x);
838                 x->xflags &= ~XFRM_TIME_DEFER;
839         }
840 }
841 EXPORT_SYMBOL(xfrm_replay_notify);
842
843 static void xfrm_replay_timer_handler(unsigned long data)
844 {
845         struct xfrm_state *x = (struct xfrm_state*)data;
846
847         spin_lock(&x->lock);
848
849         if (x->km.state == XFRM_STATE_VALID) {
850                 if (xfrm_aevent_is_on())
851                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
852                 else
853                         x->xflags |= XFRM_TIME_DEFER;
854         }
855
856         spin_unlock(&x->lock);
857         xfrm_state_put(x);
858 }
859
860 int xfrm_replay_check(struct xfrm_state *x, u32 seq)
861 {
862         u32 diff;
863
864         seq = ntohl(seq);
865
866         if (unlikely(seq == 0))
867                 return -EINVAL;
868
869         if (likely(seq > x->replay.seq))
870                 return 0;
871
872         diff = x->replay.seq - seq;
873         if (diff >= x->props.replay_window) {
874                 x->stats.replay_window++;
875                 return -EINVAL;
876         }
877
878         if (x->replay.bitmap & (1U << diff)) {
879                 x->stats.replay++;
880                 return -EINVAL;
881         }
882         return 0;
883 }
884 EXPORT_SYMBOL(xfrm_replay_check);
885
886 void xfrm_replay_advance(struct xfrm_state *x, u32 seq)
887 {
888         u32 diff;
889
890         seq = ntohl(seq);
891
892         if (seq > x->replay.seq) {
893                 diff = seq - x->replay.seq;
894                 if (diff < x->props.replay_window)
895                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
896                 else
897                         x->replay.bitmap = 1;
898                 x->replay.seq = seq;
899         } else {
900                 diff = x->replay.seq - seq;
901                 x->replay.bitmap |= (1U << diff);
902         }
903
904         if (xfrm_aevent_is_on())
905                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
906 }
907 EXPORT_SYMBOL(xfrm_replay_advance);
908
909 static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
910 static DEFINE_RWLOCK(xfrm_km_lock);
911
912 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
913 {
914         struct xfrm_mgr *km;
915
916         read_lock(&xfrm_km_lock);
917         list_for_each_entry(km, &xfrm_km_list, list)
918                 if (km->notify_policy)
919                         km->notify_policy(xp, dir, c);
920         read_unlock(&xfrm_km_lock);
921 }
922
923 void km_state_notify(struct xfrm_state *x, struct km_event *c)
924 {
925         struct xfrm_mgr *km;
926         read_lock(&xfrm_km_lock);
927         list_for_each_entry(km, &xfrm_km_list, list)
928                 if (km->notify)
929                         km->notify(x, c);
930         read_unlock(&xfrm_km_lock);
931 }
932
933 EXPORT_SYMBOL(km_policy_notify);
934 EXPORT_SYMBOL(km_state_notify);
935
936 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
937 {
938         struct km_event c;
939
940         c.data.hard = hard;
941         c.pid = pid;
942         c.event = XFRM_MSG_EXPIRE;
943         km_state_notify(x, &c);
944
945         if (hard)
946                 wake_up(&km_waitq);
947 }
948
949 EXPORT_SYMBOL(km_state_expired);
950 /*
951  * We send to all registered managers regardless of failure
952  * We are happy with one success
953 */
954 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
955 {
956         int err = -EINVAL, acqret;
957         struct xfrm_mgr *km;
958
959         read_lock(&xfrm_km_lock);
960         list_for_each_entry(km, &xfrm_km_list, list) {
961                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
962                 if (!acqret)
963                         err = acqret;
964         }
965         read_unlock(&xfrm_km_lock);
966         return err;
967 }
968 EXPORT_SYMBOL(km_query);
969
970 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport)
971 {
972         int err = -EINVAL;
973         struct xfrm_mgr *km;
974
975         read_lock(&xfrm_km_lock);
976         list_for_each_entry(km, &xfrm_km_list, list) {
977                 if (km->new_mapping)
978                         err = km->new_mapping(x, ipaddr, sport);
979                 if (!err)
980                         break;
981         }
982         read_unlock(&xfrm_km_lock);
983         return err;
984 }
985 EXPORT_SYMBOL(km_new_mapping);
986
987 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
988 {
989         struct km_event c;
990
991         c.data.hard = hard;
992         c.pid = pid;
993         c.event = XFRM_MSG_POLEXPIRE;
994         km_policy_notify(pol, dir, &c);
995
996         if (hard)
997                 wake_up(&km_waitq);
998 }
999 EXPORT_SYMBOL(km_policy_expired);
1000
1001 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1002 {
1003         int err;
1004         u8 *data;
1005         struct xfrm_mgr *km;
1006         struct xfrm_policy *pol = NULL;
1007
1008         if (optlen <= 0 || optlen > PAGE_SIZE)
1009                 return -EMSGSIZE;
1010
1011         data = kmalloc(optlen, GFP_KERNEL);
1012         if (!data)
1013                 return -ENOMEM;
1014
1015         err = -EFAULT;
1016         if (copy_from_user(data, optval, optlen))
1017                 goto out;
1018
1019         err = -EINVAL;
1020         read_lock(&xfrm_km_lock);
1021         list_for_each_entry(km, &xfrm_km_list, list) {
1022                 pol = km->compile_policy(sk->sk_family, optname, data,
1023                                          optlen, &err);
1024                 if (err >= 0)
1025                         break;
1026         }
1027         read_unlock(&xfrm_km_lock);
1028
1029         if (err >= 0) {
1030                 xfrm_sk_policy_insert(sk, err, pol);
1031                 xfrm_pol_put(pol);
1032                 err = 0;
1033         }
1034
1035 out:
1036         kfree(data);
1037         return err;
1038 }
1039 EXPORT_SYMBOL(xfrm_user_policy);
1040
1041 int xfrm_register_km(struct xfrm_mgr *km)
1042 {
1043         write_lock_bh(&xfrm_km_lock);
1044         list_add_tail(&km->list, &xfrm_km_list);
1045         write_unlock_bh(&xfrm_km_lock);
1046         return 0;
1047 }
1048 EXPORT_SYMBOL(xfrm_register_km);
1049
1050 int xfrm_unregister_km(struct xfrm_mgr *km)
1051 {
1052         write_lock_bh(&xfrm_km_lock);
1053         list_del(&km->list);
1054         write_unlock_bh(&xfrm_km_lock);
1055         return 0;
1056 }
1057 EXPORT_SYMBOL(xfrm_unregister_km);
1058
1059 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1060 {
1061         int err = 0;
1062         if (unlikely(afinfo == NULL))
1063                 return -EINVAL;
1064         if (unlikely(afinfo->family >= NPROTO))
1065                 return -EAFNOSUPPORT;
1066         write_lock_bh(&xfrm_state_afinfo_lock);
1067         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1068                 err = -ENOBUFS;
1069         else {
1070                 afinfo->state_bydst = xfrm_state_bydst;
1071                 afinfo->state_byspi = xfrm_state_byspi;
1072                 xfrm_state_afinfo[afinfo->family] = afinfo;
1073         }
1074         write_unlock_bh(&xfrm_state_afinfo_lock);
1075         return err;
1076 }
1077 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1078
1079 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1080 {
1081         int err = 0;
1082         if (unlikely(afinfo == NULL))
1083                 return -EINVAL;
1084         if (unlikely(afinfo->family >= NPROTO))
1085                 return -EAFNOSUPPORT;
1086         write_lock_bh(&xfrm_state_afinfo_lock);
1087         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1088                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1089                         err = -EINVAL;
1090                 else {
1091                         xfrm_state_afinfo[afinfo->family] = NULL;
1092                         afinfo->state_byspi = NULL;
1093                         afinfo->state_bydst = NULL;
1094                 }
1095         }
1096         write_unlock_bh(&xfrm_state_afinfo_lock);
1097         return err;
1098 }
1099 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1100
1101 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
1102 {
1103         struct xfrm_state_afinfo *afinfo;
1104         if (unlikely(family >= NPROTO))
1105                 return NULL;
1106         read_lock(&xfrm_state_afinfo_lock);
1107         afinfo = xfrm_state_afinfo[family];
1108         if (unlikely(!afinfo))
1109                 read_unlock(&xfrm_state_afinfo_lock);
1110         return afinfo;
1111 }
1112
1113 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1114 {
1115         read_unlock(&xfrm_state_afinfo_lock);
1116 }
1117
1118 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1119 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1120 {
1121         if (x->tunnel) {
1122                 struct xfrm_state *t = x->tunnel;
1123
1124                 if (atomic_read(&t->tunnel_users) == 2)
1125                         xfrm_state_delete(t);
1126                 atomic_dec(&t->tunnel_users);
1127                 xfrm_state_put(t);
1128                 x->tunnel = NULL;
1129         }
1130 }
1131 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1132
1133 /*
1134  * This function is NOT optimal.  For example, with ESP it will give an
1135  * MTU that's usually two bytes short of being optimal.  However, it will
1136  * usually give an answer that's a multiple of 4 provided the input is
1137  * also a multiple of 4.
1138  */
1139 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1140 {
1141         int res = mtu;
1142
1143         res -= x->props.header_len;
1144
1145         for (;;) {
1146                 int m = res;
1147
1148                 if (m < 68)
1149                         return 68;
1150
1151                 spin_lock_bh(&x->lock);
1152                 if (x->km.state == XFRM_STATE_VALID &&
1153                     x->type && x->type->get_max_size)
1154                         m = x->type->get_max_size(x, m);
1155                 else
1156                         m += x->props.header_len;
1157                 spin_unlock_bh(&x->lock);
1158
1159                 if (m <= mtu)
1160                         break;
1161                 res -= (m - mtu);
1162         }
1163
1164         return res;
1165 }
1166
1167 int xfrm_init_state(struct xfrm_state *x)
1168 {
1169         struct xfrm_state_afinfo *afinfo;
1170         int family = x->props.family;
1171         int err;
1172
1173         err = -EAFNOSUPPORT;
1174         afinfo = xfrm_state_get_afinfo(family);
1175         if (!afinfo)
1176                 goto error;
1177
1178         err = 0;
1179         if (afinfo->init_flags)
1180                 err = afinfo->init_flags(x);
1181
1182         xfrm_state_put_afinfo(afinfo);
1183
1184         if (err)
1185                 goto error;
1186
1187         err = -EPROTONOSUPPORT;
1188         x->type = xfrm_get_type(x->id.proto, family);
1189         if (x->type == NULL)
1190                 goto error;
1191
1192         err = x->type->init_state(x);
1193         if (err)
1194                 goto error;
1195
1196         x->mode = xfrm_get_mode(x->props.mode, family);
1197         if (x->mode == NULL)
1198                 goto error;
1199
1200         x->km.state = XFRM_STATE_VALID;
1201
1202 error:
1203         return err;
1204 }
1205
1206 EXPORT_SYMBOL(xfrm_init_state);
1207  
1208 void __init xfrm_state_init(void)
1209 {
1210         int i;
1211
1212         for (i=0; i<XFRM_DST_HSIZE; i++) {
1213                 INIT_LIST_HEAD(&xfrm_state_bydst[i]);
1214                 INIT_LIST_HEAD(&xfrm_state_byspi[i]);
1215         }
1216         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task, NULL);
1217 }
1218