netns xfrm: per-netns xfrm_state_byspi hash
[linux-2.6.git] / net / xfrm / xfrm_state.c
1 /*
2  * xfrm_state.c
3  *
4  * Changes:
5  *      Mitsuru KANDA @USAGI
6  *      Kazunori MIYAZAWA @USAGI
7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8  *              IPv6 support
9  *      YOSHIFUJI Hideaki @USAGI
10  *              Split up af-specific functions
11  *      Derek Atkins <derek@ihtfp.com>
12  *              Add UDP Encapsulation
13  *
14  */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <linux/cache.h>
22 #include <linux/audit.h>
23 #include <asm/uaccess.h>
24
25 #include "xfrm_hash.h"
26
27 struct sock *xfrm_nl;
28 EXPORT_SYMBOL(xfrm_nl);
29
30 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
31 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
33 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
34 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
36 u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
38 /* Each xfrm_state may be linked to two tables:
39
40    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
41    2. Hash table by (daddr,family,reqid) to find what SAs exist for given
42       destination/tunnel endpoint. (output)
43  */
44
45 static DEFINE_SPINLOCK(xfrm_state_lock);
46
47 static unsigned int xfrm_state_hmask __read_mostly;
48 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
49 static unsigned int xfrm_state_num;
50 static unsigned int xfrm_state_genid;
51
52 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
53 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
54
55 #ifdef CONFIG_AUDITSYSCALL
56 static void xfrm_audit_state_replay(struct xfrm_state *x,
57                                     struct sk_buff *skb, __be32 net_seq);
58 #else
59 #define xfrm_audit_state_replay(x, s, sq)       do { ; } while (0)
60 #endif /* CONFIG_AUDITSYSCALL */
61
62 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
63                                          xfrm_address_t *saddr,
64                                          u32 reqid,
65                                          unsigned short family)
66 {
67         return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
68 }
69
70 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
71                                          xfrm_address_t *saddr,
72                                          unsigned short family)
73 {
74         return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
75 }
76
77 static inline unsigned int
78 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
79 {
80         return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
81 }
82
83 static void xfrm_hash_transfer(struct hlist_head *list,
84                                struct hlist_head *ndsttable,
85                                struct hlist_head *nsrctable,
86                                struct hlist_head *nspitable,
87                                unsigned int nhashmask)
88 {
89         struct hlist_node *entry, *tmp;
90         struct xfrm_state *x;
91
92         hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
93                 unsigned int h;
94
95                 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
96                                     x->props.reqid, x->props.family,
97                                     nhashmask);
98                 hlist_add_head(&x->bydst, ndsttable+h);
99
100                 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
101                                     x->props.family,
102                                     nhashmask);
103                 hlist_add_head(&x->bysrc, nsrctable+h);
104
105                 if (x->id.spi) {
106                         h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
107                                             x->id.proto, x->props.family,
108                                             nhashmask);
109                         hlist_add_head(&x->byspi, nspitable+h);
110                 }
111         }
112 }
113
114 static unsigned long xfrm_hash_new_size(void)
115 {
116         return ((xfrm_state_hmask + 1) << 1) *
117                 sizeof(struct hlist_head);
118 }
119
120 static DEFINE_MUTEX(hash_resize_mutex);
121
122 static void xfrm_hash_resize(struct work_struct *__unused)
123 {
124         struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
125         unsigned long nsize, osize;
126         unsigned int nhashmask, ohashmask;
127         int i;
128
129         mutex_lock(&hash_resize_mutex);
130
131         nsize = xfrm_hash_new_size();
132         ndst = xfrm_hash_alloc(nsize);
133         if (!ndst)
134                 goto out_unlock;
135         nsrc = xfrm_hash_alloc(nsize);
136         if (!nsrc) {
137                 xfrm_hash_free(ndst, nsize);
138                 goto out_unlock;
139         }
140         nspi = xfrm_hash_alloc(nsize);
141         if (!nspi) {
142                 xfrm_hash_free(ndst, nsize);
143                 xfrm_hash_free(nsrc, nsize);
144                 goto out_unlock;
145         }
146
147         spin_lock_bh(&xfrm_state_lock);
148
149         nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
150         for (i = xfrm_state_hmask; i >= 0; i--)
151                 xfrm_hash_transfer(init_net.xfrm.state_bydst+i, ndst, nsrc, nspi,
152                                    nhashmask);
153
154         odst = init_net.xfrm.state_bydst;
155         osrc = init_net.xfrm.state_bysrc;
156         ospi = init_net.xfrm.state_byspi;
157         ohashmask = xfrm_state_hmask;
158
159         init_net.xfrm.state_bydst = ndst;
160         init_net.xfrm.state_bysrc = nsrc;
161         init_net.xfrm.state_byspi = nspi;
162         xfrm_state_hmask = nhashmask;
163
164         spin_unlock_bh(&xfrm_state_lock);
165
166         osize = (ohashmask + 1) * sizeof(struct hlist_head);
167         xfrm_hash_free(odst, osize);
168         xfrm_hash_free(osrc, osize);
169         xfrm_hash_free(ospi, osize);
170
171 out_unlock:
172         mutex_unlock(&hash_resize_mutex);
173 }
174
175 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
176
177 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
178 EXPORT_SYMBOL(km_waitq);
179
180 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
181 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
182
183 static struct work_struct xfrm_state_gc_work;
184 static HLIST_HEAD(xfrm_state_gc_list);
185 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
186
187 int __xfrm_state_delete(struct xfrm_state *x);
188
189 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
190 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
191
192 static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
193 {
194         struct xfrm_state_afinfo *afinfo;
195         if (unlikely(family >= NPROTO))
196                 return NULL;
197         write_lock_bh(&xfrm_state_afinfo_lock);
198         afinfo = xfrm_state_afinfo[family];
199         if (unlikely(!afinfo))
200                 write_unlock_bh(&xfrm_state_afinfo_lock);
201         return afinfo;
202 }
203
204 static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
205         __releases(xfrm_state_afinfo_lock)
206 {
207         write_unlock_bh(&xfrm_state_afinfo_lock);
208 }
209
210 int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
211 {
212         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
213         const struct xfrm_type **typemap;
214         int err = 0;
215
216         if (unlikely(afinfo == NULL))
217                 return -EAFNOSUPPORT;
218         typemap = afinfo->type_map;
219
220         if (likely(typemap[type->proto] == NULL))
221                 typemap[type->proto] = type;
222         else
223                 err = -EEXIST;
224         xfrm_state_unlock_afinfo(afinfo);
225         return err;
226 }
227 EXPORT_SYMBOL(xfrm_register_type);
228
229 int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
230 {
231         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
232         const struct xfrm_type **typemap;
233         int err = 0;
234
235         if (unlikely(afinfo == NULL))
236                 return -EAFNOSUPPORT;
237         typemap = afinfo->type_map;
238
239         if (unlikely(typemap[type->proto] != type))
240                 err = -ENOENT;
241         else
242                 typemap[type->proto] = NULL;
243         xfrm_state_unlock_afinfo(afinfo);
244         return err;
245 }
246 EXPORT_SYMBOL(xfrm_unregister_type);
247
248 static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
249 {
250         struct xfrm_state_afinfo *afinfo;
251         const struct xfrm_type **typemap;
252         const struct xfrm_type *type;
253         int modload_attempted = 0;
254
255 retry:
256         afinfo = xfrm_state_get_afinfo(family);
257         if (unlikely(afinfo == NULL))
258                 return NULL;
259         typemap = afinfo->type_map;
260
261         type = typemap[proto];
262         if (unlikely(type && !try_module_get(type->owner)))
263                 type = NULL;
264         if (!type && !modload_attempted) {
265                 xfrm_state_put_afinfo(afinfo);
266                 request_module("xfrm-type-%d-%d", family, proto);
267                 modload_attempted = 1;
268                 goto retry;
269         }
270
271         xfrm_state_put_afinfo(afinfo);
272         return type;
273 }
274
275 static void xfrm_put_type(const struct xfrm_type *type)
276 {
277         module_put(type->owner);
278 }
279
280 int xfrm_register_mode(struct xfrm_mode *mode, int family)
281 {
282         struct xfrm_state_afinfo *afinfo;
283         struct xfrm_mode **modemap;
284         int err;
285
286         if (unlikely(mode->encap >= XFRM_MODE_MAX))
287                 return -EINVAL;
288
289         afinfo = xfrm_state_lock_afinfo(family);
290         if (unlikely(afinfo == NULL))
291                 return -EAFNOSUPPORT;
292
293         err = -EEXIST;
294         modemap = afinfo->mode_map;
295         if (modemap[mode->encap])
296                 goto out;
297
298         err = -ENOENT;
299         if (!try_module_get(afinfo->owner))
300                 goto out;
301
302         mode->afinfo = afinfo;
303         modemap[mode->encap] = mode;
304         err = 0;
305
306 out:
307         xfrm_state_unlock_afinfo(afinfo);
308         return err;
309 }
310 EXPORT_SYMBOL(xfrm_register_mode);
311
312 int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
313 {
314         struct xfrm_state_afinfo *afinfo;
315         struct xfrm_mode **modemap;
316         int err;
317
318         if (unlikely(mode->encap >= XFRM_MODE_MAX))
319                 return -EINVAL;
320
321         afinfo = xfrm_state_lock_afinfo(family);
322         if (unlikely(afinfo == NULL))
323                 return -EAFNOSUPPORT;
324
325         err = -ENOENT;
326         modemap = afinfo->mode_map;
327         if (likely(modemap[mode->encap] == mode)) {
328                 modemap[mode->encap] = NULL;
329                 module_put(mode->afinfo->owner);
330                 err = 0;
331         }
332
333         xfrm_state_unlock_afinfo(afinfo);
334         return err;
335 }
336 EXPORT_SYMBOL(xfrm_unregister_mode);
337
338 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
339 {
340         struct xfrm_state_afinfo *afinfo;
341         struct xfrm_mode *mode;
342         int modload_attempted = 0;
343
344         if (unlikely(encap >= XFRM_MODE_MAX))
345                 return NULL;
346
347 retry:
348         afinfo = xfrm_state_get_afinfo(family);
349         if (unlikely(afinfo == NULL))
350                 return NULL;
351
352         mode = afinfo->mode_map[encap];
353         if (unlikely(mode && !try_module_get(mode->owner)))
354                 mode = NULL;
355         if (!mode && !modload_attempted) {
356                 xfrm_state_put_afinfo(afinfo);
357                 request_module("xfrm-mode-%d-%d", family, encap);
358                 modload_attempted = 1;
359                 goto retry;
360         }
361
362         xfrm_state_put_afinfo(afinfo);
363         return mode;
364 }
365
366 static void xfrm_put_mode(struct xfrm_mode *mode)
367 {
368         module_put(mode->owner);
369 }
370
371 static void xfrm_state_gc_destroy(struct xfrm_state *x)
372 {
373         del_timer_sync(&x->timer);
374         del_timer_sync(&x->rtimer);
375         kfree(x->aalg);
376         kfree(x->ealg);
377         kfree(x->calg);
378         kfree(x->encap);
379         kfree(x->coaddr);
380         if (x->inner_mode)
381                 xfrm_put_mode(x->inner_mode);
382         if (x->inner_mode_iaf)
383                 xfrm_put_mode(x->inner_mode_iaf);
384         if (x->outer_mode)
385                 xfrm_put_mode(x->outer_mode);
386         if (x->type) {
387                 x->type->destructor(x);
388                 xfrm_put_type(x->type);
389         }
390         security_xfrm_state_free(x);
391         kfree(x);
392 }
393
394 static void xfrm_state_gc_task(struct work_struct *data)
395 {
396         struct xfrm_state *x;
397         struct hlist_node *entry, *tmp;
398         struct hlist_head gc_list;
399
400         spin_lock_bh(&xfrm_state_gc_lock);
401         hlist_move_list(&xfrm_state_gc_list, &gc_list);
402         spin_unlock_bh(&xfrm_state_gc_lock);
403
404         hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
405                 xfrm_state_gc_destroy(x);
406
407         wake_up(&km_waitq);
408 }
409
410 static inline unsigned long make_jiffies(long secs)
411 {
412         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
413                 return MAX_SCHEDULE_TIMEOUT-1;
414         else
415                 return secs*HZ;
416 }
417
418 static void xfrm_timer_handler(unsigned long data)
419 {
420         struct xfrm_state *x = (struct xfrm_state*)data;
421         unsigned long now = get_seconds();
422         long next = LONG_MAX;
423         int warn = 0;
424         int err = 0;
425
426         spin_lock(&x->lock);
427         if (x->km.state == XFRM_STATE_DEAD)
428                 goto out;
429         if (x->km.state == XFRM_STATE_EXPIRED)
430                 goto expired;
431         if (x->lft.hard_add_expires_seconds) {
432                 long tmo = x->lft.hard_add_expires_seconds +
433                         x->curlft.add_time - now;
434                 if (tmo <= 0)
435                         goto expired;
436                 if (tmo < next)
437                         next = tmo;
438         }
439         if (x->lft.hard_use_expires_seconds) {
440                 long tmo = x->lft.hard_use_expires_seconds +
441                         (x->curlft.use_time ? : now) - now;
442                 if (tmo <= 0)
443                         goto expired;
444                 if (tmo < next)
445                         next = tmo;
446         }
447         if (x->km.dying)
448                 goto resched;
449         if (x->lft.soft_add_expires_seconds) {
450                 long tmo = x->lft.soft_add_expires_seconds +
451                         x->curlft.add_time - now;
452                 if (tmo <= 0)
453                         warn = 1;
454                 else if (tmo < next)
455                         next = tmo;
456         }
457         if (x->lft.soft_use_expires_seconds) {
458                 long tmo = x->lft.soft_use_expires_seconds +
459                         (x->curlft.use_time ? : now) - now;
460                 if (tmo <= 0)
461                         warn = 1;
462                 else if (tmo < next)
463                         next = tmo;
464         }
465
466         x->km.dying = warn;
467         if (warn)
468                 km_state_expired(x, 0, 0);
469 resched:
470         if (next != LONG_MAX)
471                 mod_timer(&x->timer, jiffies + make_jiffies(next));
472
473         goto out;
474
475 expired:
476         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
477                 x->km.state = XFRM_STATE_EXPIRED;
478                 wake_up(&km_waitq);
479                 next = 2;
480                 goto resched;
481         }
482
483         err = __xfrm_state_delete(x);
484         if (!err && x->id.spi)
485                 km_state_expired(x, 1, 0);
486
487         xfrm_audit_state_delete(x, err ? 0 : 1,
488                                 audit_get_loginuid(current),
489                                 audit_get_sessionid(current), 0);
490
491 out:
492         spin_unlock(&x->lock);
493 }
494
495 static void xfrm_replay_timer_handler(unsigned long data);
496
497 struct xfrm_state *xfrm_state_alloc(struct net *net)
498 {
499         struct xfrm_state *x;
500
501         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
502
503         if (x) {
504                 write_pnet(&x->xs_net, net);
505                 atomic_set(&x->refcnt, 1);
506                 atomic_set(&x->tunnel_users, 0);
507                 INIT_LIST_HEAD(&x->km.all);
508                 INIT_HLIST_NODE(&x->bydst);
509                 INIT_HLIST_NODE(&x->bysrc);
510                 INIT_HLIST_NODE(&x->byspi);
511                 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
512                 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
513                                 (unsigned long)x);
514                 x->curlft.add_time = get_seconds();
515                 x->lft.soft_byte_limit = XFRM_INF;
516                 x->lft.soft_packet_limit = XFRM_INF;
517                 x->lft.hard_byte_limit = XFRM_INF;
518                 x->lft.hard_packet_limit = XFRM_INF;
519                 x->replay_maxage = 0;
520                 x->replay_maxdiff = 0;
521                 x->inner_mode = NULL;
522                 x->inner_mode_iaf = NULL;
523                 spin_lock_init(&x->lock);
524         }
525         return x;
526 }
527 EXPORT_SYMBOL(xfrm_state_alloc);
528
529 void __xfrm_state_destroy(struct xfrm_state *x)
530 {
531         WARN_ON(x->km.state != XFRM_STATE_DEAD);
532
533         spin_lock_bh(&xfrm_state_gc_lock);
534         hlist_add_head(&x->gclist, &xfrm_state_gc_list);
535         spin_unlock_bh(&xfrm_state_gc_lock);
536         schedule_work(&xfrm_state_gc_work);
537 }
538 EXPORT_SYMBOL(__xfrm_state_destroy);
539
540 int __xfrm_state_delete(struct xfrm_state *x)
541 {
542         int err = -ESRCH;
543
544         if (x->km.state != XFRM_STATE_DEAD) {
545                 x->km.state = XFRM_STATE_DEAD;
546                 spin_lock(&xfrm_state_lock);
547                 list_del(&x->km.all);
548                 hlist_del(&x->bydst);
549                 hlist_del(&x->bysrc);
550                 if (x->id.spi)
551                         hlist_del(&x->byspi);
552                 xfrm_state_num--;
553                 spin_unlock(&xfrm_state_lock);
554
555                 /* All xfrm_state objects are created by xfrm_state_alloc.
556                  * The xfrm_state_alloc call gives a reference, and that
557                  * is what we are dropping here.
558                  */
559                 xfrm_state_put(x);
560                 err = 0;
561         }
562
563         return err;
564 }
565 EXPORT_SYMBOL(__xfrm_state_delete);
566
567 int xfrm_state_delete(struct xfrm_state *x)
568 {
569         int err;
570
571         spin_lock_bh(&x->lock);
572         err = __xfrm_state_delete(x);
573         spin_unlock_bh(&x->lock);
574
575         return err;
576 }
577 EXPORT_SYMBOL(xfrm_state_delete);
578
579 #ifdef CONFIG_SECURITY_NETWORK_XFRM
580 static inline int
581 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
582 {
583         int i, err = 0;
584
585         for (i = 0; i <= xfrm_state_hmask; i++) {
586                 struct hlist_node *entry;
587                 struct xfrm_state *x;
588
589                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
590                         if (xfrm_id_proto_match(x->id.proto, proto) &&
591                            (err = security_xfrm_state_delete(x)) != 0) {
592                                 xfrm_audit_state_delete(x, 0,
593                                                         audit_info->loginuid,
594                                                         audit_info->sessionid,
595                                                         audit_info->secid);
596                                 return err;
597                         }
598                 }
599         }
600
601         return err;
602 }
603 #else
604 static inline int
605 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
606 {
607         return 0;
608 }
609 #endif
610
611 int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
612 {
613         int i, err = 0;
614
615         spin_lock_bh(&xfrm_state_lock);
616         err = xfrm_state_flush_secctx_check(proto, audit_info);
617         if (err)
618                 goto out;
619
620         for (i = 0; i <= xfrm_state_hmask; i++) {
621                 struct hlist_node *entry;
622                 struct xfrm_state *x;
623 restart:
624                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
625                         if (!xfrm_state_kern(x) &&
626                             xfrm_id_proto_match(x->id.proto, proto)) {
627                                 xfrm_state_hold(x);
628                                 spin_unlock_bh(&xfrm_state_lock);
629
630                                 err = xfrm_state_delete(x);
631                                 xfrm_audit_state_delete(x, err ? 0 : 1,
632                                                         audit_info->loginuid,
633                                                         audit_info->sessionid,
634                                                         audit_info->secid);
635                                 xfrm_state_put(x);
636
637                                 spin_lock_bh(&xfrm_state_lock);
638                                 goto restart;
639                         }
640                 }
641         }
642         err = 0;
643
644 out:
645         spin_unlock_bh(&xfrm_state_lock);
646         wake_up(&km_waitq);
647         return err;
648 }
649 EXPORT_SYMBOL(xfrm_state_flush);
650
651 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
652 {
653         spin_lock_bh(&xfrm_state_lock);
654         si->sadcnt = xfrm_state_num;
655         si->sadhcnt = xfrm_state_hmask;
656         si->sadhmcnt = xfrm_state_hashmax;
657         spin_unlock_bh(&xfrm_state_lock);
658 }
659 EXPORT_SYMBOL(xfrm_sad_getinfo);
660
661 static int
662 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
663                   struct xfrm_tmpl *tmpl,
664                   xfrm_address_t *daddr, xfrm_address_t *saddr,
665                   unsigned short family)
666 {
667         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
668         if (!afinfo)
669                 return -1;
670         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
671         xfrm_state_put_afinfo(afinfo);
672         return 0;
673 }
674
675 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
676 {
677         unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
678         struct xfrm_state *x;
679         struct hlist_node *entry;
680
681         hlist_for_each_entry(x, entry, init_net.xfrm.state_byspi+h, byspi) {
682                 if (x->props.family != family ||
683                     x->id.spi       != spi ||
684                     x->id.proto     != proto)
685                         continue;
686
687                 switch (family) {
688                 case AF_INET:
689                         if (x->id.daddr.a4 != daddr->a4)
690                                 continue;
691                         break;
692                 case AF_INET6:
693                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
694                                              (struct in6_addr *)
695                                              x->id.daddr.a6))
696                                 continue;
697                         break;
698                 }
699
700                 xfrm_state_hold(x);
701                 return x;
702         }
703
704         return NULL;
705 }
706
707 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
708 {
709         unsigned int h = xfrm_src_hash(daddr, saddr, family);
710         struct xfrm_state *x;
711         struct hlist_node *entry;
712
713         hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
714                 if (x->props.family != family ||
715                     x->id.proto     != proto)
716                         continue;
717
718                 switch (family) {
719                 case AF_INET:
720                         if (x->id.daddr.a4 != daddr->a4 ||
721                             x->props.saddr.a4 != saddr->a4)
722                                 continue;
723                         break;
724                 case AF_INET6:
725                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
726                                              (struct in6_addr *)
727                                              x->id.daddr.a6) ||
728                             !ipv6_addr_equal((struct in6_addr *)saddr,
729                                              (struct in6_addr *)
730                                              x->props.saddr.a6))
731                                 continue;
732                         break;
733                 }
734
735                 xfrm_state_hold(x);
736                 return x;
737         }
738
739         return NULL;
740 }
741
742 static inline struct xfrm_state *
743 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
744 {
745         if (use_spi)
746                 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
747                                            x->id.proto, family);
748         else
749                 return __xfrm_state_lookup_byaddr(&x->id.daddr,
750                                                   &x->props.saddr,
751                                                   x->id.proto, family);
752 }
753
754 static void xfrm_hash_grow_check(int have_hash_collision)
755 {
756         if (have_hash_collision &&
757             (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
758             xfrm_state_num > xfrm_state_hmask)
759                 schedule_work(&xfrm_hash_work);
760 }
761
762 struct xfrm_state *
763 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
764                 struct flowi *fl, struct xfrm_tmpl *tmpl,
765                 struct xfrm_policy *pol, int *err,
766                 unsigned short family)
767 {
768         unsigned int h;
769         struct hlist_node *entry;
770         struct xfrm_state *x, *x0, *to_put;
771         int acquire_in_progress = 0;
772         int error = 0;
773         struct xfrm_state *best = NULL;
774
775         to_put = NULL;
776
777         spin_lock_bh(&xfrm_state_lock);
778         h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
779         hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
780                 if (x->props.family == family &&
781                     x->props.reqid == tmpl->reqid &&
782                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
783                     xfrm_state_addr_check(x, daddr, saddr, family) &&
784                     tmpl->mode == x->props.mode &&
785                     tmpl->id.proto == x->id.proto &&
786                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
787                         /* Resolution logic:
788                            1. There is a valid state with matching selector.
789                               Done.
790                            2. Valid state with inappropriate selector. Skip.
791
792                            Entering area of "sysdeps".
793
794                            3. If state is not valid, selector is temporary,
795                               it selects only session which triggered
796                               previous resolution. Key manager will do
797                               something to install a state with proper
798                               selector.
799                          */
800                         if (x->km.state == XFRM_STATE_VALID) {
801                                 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
802                                     !security_xfrm_state_pol_flow_match(x, pol, fl))
803                                         continue;
804                                 if (!best ||
805                                     best->km.dying > x->km.dying ||
806                                     (best->km.dying == x->km.dying &&
807                                      best->curlft.add_time < x->curlft.add_time))
808                                         best = x;
809                         } else if (x->km.state == XFRM_STATE_ACQ) {
810                                 acquire_in_progress = 1;
811                         } else if (x->km.state == XFRM_STATE_ERROR ||
812                                    x->km.state == XFRM_STATE_EXPIRED) {
813                                 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
814                                     security_xfrm_state_pol_flow_match(x, pol, fl))
815                                         error = -ESRCH;
816                         }
817                 }
818         }
819
820         x = best;
821         if (!x && !error && !acquire_in_progress) {
822                 if (tmpl->id.spi &&
823                     (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
824                                               tmpl->id.proto, family)) != NULL) {
825                         to_put = x0;
826                         error = -EEXIST;
827                         goto out;
828                 }
829                 x = xfrm_state_alloc(&init_net);
830                 if (x == NULL) {
831                         error = -ENOMEM;
832                         goto out;
833                 }
834                 /* Initialize temporary selector matching only
835                  * to current session. */
836                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
837
838                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
839                 if (error) {
840                         x->km.state = XFRM_STATE_DEAD;
841                         to_put = x;
842                         x = NULL;
843                         goto out;
844                 }
845
846                 if (km_query(x, tmpl, pol) == 0) {
847                         x->km.state = XFRM_STATE_ACQ;
848                         list_add(&x->km.all, &init_net.xfrm.state_all);
849                         hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
850                         h = xfrm_src_hash(daddr, saddr, family);
851                         hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
852                         if (x->id.spi) {
853                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
854                                 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
855                         }
856                         x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
857                         x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
858                         add_timer(&x->timer);
859                         xfrm_state_num++;
860                         xfrm_hash_grow_check(x->bydst.next != NULL);
861                 } else {
862                         x->km.state = XFRM_STATE_DEAD;
863                         to_put = x;
864                         x = NULL;
865                         error = -ESRCH;
866                 }
867         }
868 out:
869         if (x)
870                 xfrm_state_hold(x);
871         else
872                 *err = acquire_in_progress ? -EAGAIN : error;
873         spin_unlock_bh(&xfrm_state_lock);
874         if (to_put)
875                 xfrm_state_put(to_put);
876         return x;
877 }
878
879 struct xfrm_state *
880 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
881                     unsigned short family, u8 mode, u8 proto, u32 reqid)
882 {
883         unsigned int h;
884         struct xfrm_state *rx = NULL, *x = NULL;
885         struct hlist_node *entry;
886
887         spin_lock(&xfrm_state_lock);
888         h = xfrm_dst_hash(daddr, saddr, reqid, family);
889         hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
890                 if (x->props.family == family &&
891                     x->props.reqid == reqid &&
892                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
893                     xfrm_state_addr_check(x, daddr, saddr, family) &&
894                     mode == x->props.mode &&
895                     proto == x->id.proto &&
896                     x->km.state == XFRM_STATE_VALID) {
897                         rx = x;
898                         break;
899                 }
900         }
901
902         if (rx)
903                 xfrm_state_hold(rx);
904         spin_unlock(&xfrm_state_lock);
905
906
907         return rx;
908 }
909 EXPORT_SYMBOL(xfrm_stateonly_find);
910
911 static void __xfrm_state_insert(struct xfrm_state *x)
912 {
913         unsigned int h;
914
915         x->genid = ++xfrm_state_genid;
916
917         list_add(&x->km.all, &init_net.xfrm.state_all);
918
919         h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
920                           x->props.reqid, x->props.family);
921         hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
922
923         h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
924         hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
925
926         if (x->id.spi) {
927                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
928                                   x->props.family);
929
930                 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
931         }
932
933         mod_timer(&x->timer, jiffies + HZ);
934         if (x->replay_maxage)
935                 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
936
937         wake_up(&km_waitq);
938
939         xfrm_state_num++;
940
941         xfrm_hash_grow_check(x->bydst.next != NULL);
942 }
943
944 /* xfrm_state_lock is held */
945 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
946 {
947         unsigned short family = xnew->props.family;
948         u32 reqid = xnew->props.reqid;
949         struct xfrm_state *x;
950         struct hlist_node *entry;
951         unsigned int h;
952
953         h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
954         hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
955                 if (x->props.family     == family &&
956                     x->props.reqid      == reqid &&
957                     !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
958                     !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
959                         x->genid = xfrm_state_genid;
960         }
961 }
962
963 void xfrm_state_insert(struct xfrm_state *x)
964 {
965         spin_lock_bh(&xfrm_state_lock);
966         __xfrm_state_bump_genids(x);
967         __xfrm_state_insert(x);
968         spin_unlock_bh(&xfrm_state_lock);
969 }
970 EXPORT_SYMBOL(xfrm_state_insert);
971
972 /* xfrm_state_lock is held */
973 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
974 {
975         unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
976         struct hlist_node *entry;
977         struct xfrm_state *x;
978
979         hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
980                 if (x->props.reqid  != reqid ||
981                     x->props.mode   != mode ||
982                     x->props.family != family ||
983                     x->km.state     != XFRM_STATE_ACQ ||
984                     x->id.spi       != 0 ||
985                     x->id.proto     != proto)
986                         continue;
987
988                 switch (family) {
989                 case AF_INET:
990                         if (x->id.daddr.a4    != daddr->a4 ||
991                             x->props.saddr.a4 != saddr->a4)
992                                 continue;
993                         break;
994                 case AF_INET6:
995                         if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
996                                              (struct in6_addr *)daddr) ||
997                             !ipv6_addr_equal((struct in6_addr *)
998                                              x->props.saddr.a6,
999                                              (struct in6_addr *)saddr))
1000                                 continue;
1001                         break;
1002                 }
1003
1004                 xfrm_state_hold(x);
1005                 return x;
1006         }
1007
1008         if (!create)
1009                 return NULL;
1010
1011         x = xfrm_state_alloc(&init_net);
1012         if (likely(x)) {
1013                 switch (family) {
1014                 case AF_INET:
1015                         x->sel.daddr.a4 = daddr->a4;
1016                         x->sel.saddr.a4 = saddr->a4;
1017                         x->sel.prefixlen_d = 32;
1018                         x->sel.prefixlen_s = 32;
1019                         x->props.saddr.a4 = saddr->a4;
1020                         x->id.daddr.a4 = daddr->a4;
1021                         break;
1022
1023                 case AF_INET6:
1024                         ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1025                                        (struct in6_addr *)daddr);
1026                         ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1027                                        (struct in6_addr *)saddr);
1028                         x->sel.prefixlen_d = 128;
1029                         x->sel.prefixlen_s = 128;
1030                         ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1031                                        (struct in6_addr *)saddr);
1032                         ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1033                                        (struct in6_addr *)daddr);
1034                         break;
1035                 }
1036
1037                 x->km.state = XFRM_STATE_ACQ;
1038                 x->id.proto = proto;
1039                 x->props.family = family;
1040                 x->props.mode = mode;
1041                 x->props.reqid = reqid;
1042                 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
1043                 xfrm_state_hold(x);
1044                 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1045                 add_timer(&x->timer);
1046                 list_add(&x->km.all, &init_net.xfrm.state_all);
1047                 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
1048                 h = xfrm_src_hash(daddr, saddr, family);
1049                 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1050
1051                 xfrm_state_num++;
1052
1053                 xfrm_hash_grow_check(x->bydst.next != NULL);
1054         }
1055
1056         return x;
1057 }
1058
1059 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1060
1061 int xfrm_state_add(struct xfrm_state *x)
1062 {
1063         struct xfrm_state *x1, *to_put;
1064         int family;
1065         int err;
1066         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1067
1068         family = x->props.family;
1069
1070         to_put = NULL;
1071
1072         spin_lock_bh(&xfrm_state_lock);
1073
1074         x1 = __xfrm_state_locate(x, use_spi, family);
1075         if (x1) {
1076                 to_put = x1;
1077                 x1 = NULL;
1078                 err = -EEXIST;
1079                 goto out;
1080         }
1081
1082         if (use_spi && x->km.seq) {
1083                 x1 = __xfrm_find_acq_byseq(x->km.seq);
1084                 if (x1 && ((x1->id.proto != x->id.proto) ||
1085                     xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1086                         to_put = x1;
1087                         x1 = NULL;
1088                 }
1089         }
1090
1091         if (use_spi && !x1)
1092                 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1093                                      x->id.proto,
1094                                      &x->id.daddr, &x->props.saddr, 0);
1095
1096         __xfrm_state_bump_genids(x);
1097         __xfrm_state_insert(x);
1098         err = 0;
1099
1100 out:
1101         spin_unlock_bh(&xfrm_state_lock);
1102
1103         if (x1) {
1104                 xfrm_state_delete(x1);
1105                 xfrm_state_put(x1);
1106         }
1107
1108         if (to_put)
1109                 xfrm_state_put(to_put);
1110
1111         return err;
1112 }
1113 EXPORT_SYMBOL(xfrm_state_add);
1114
1115 #ifdef CONFIG_XFRM_MIGRATE
1116 static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1117 {
1118         int err = -ENOMEM;
1119         struct xfrm_state *x = xfrm_state_alloc(&init_net);
1120         if (!x)
1121                 goto error;
1122
1123         memcpy(&x->id, &orig->id, sizeof(x->id));
1124         memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1125         memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1126         x->props.mode = orig->props.mode;
1127         x->props.replay_window = orig->props.replay_window;
1128         x->props.reqid = orig->props.reqid;
1129         x->props.family = orig->props.family;
1130         x->props.saddr = orig->props.saddr;
1131
1132         if (orig->aalg) {
1133                 x->aalg = xfrm_algo_clone(orig->aalg);
1134                 if (!x->aalg)
1135                         goto error;
1136         }
1137         x->props.aalgo = orig->props.aalgo;
1138
1139         if (orig->ealg) {
1140                 x->ealg = xfrm_algo_clone(orig->ealg);
1141                 if (!x->ealg)
1142                         goto error;
1143         }
1144         x->props.ealgo = orig->props.ealgo;
1145
1146         if (orig->calg) {
1147                 x->calg = xfrm_algo_clone(orig->calg);
1148                 if (!x->calg)
1149                         goto error;
1150         }
1151         x->props.calgo = orig->props.calgo;
1152
1153         if (orig->encap) {
1154                 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1155                 if (!x->encap)
1156                         goto error;
1157         }
1158
1159         if (orig->coaddr) {
1160                 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1161                                     GFP_KERNEL);
1162                 if (!x->coaddr)
1163                         goto error;
1164         }
1165
1166         err = xfrm_init_state(x);
1167         if (err)
1168                 goto error;
1169
1170         x->props.flags = orig->props.flags;
1171
1172         x->curlft.add_time = orig->curlft.add_time;
1173         x->km.state = orig->km.state;
1174         x->km.seq = orig->km.seq;
1175
1176         return x;
1177
1178  error:
1179         if (errp)
1180                 *errp = err;
1181         if (x) {
1182                 kfree(x->aalg);
1183                 kfree(x->ealg);
1184                 kfree(x->calg);
1185                 kfree(x->encap);
1186                 kfree(x->coaddr);
1187         }
1188         kfree(x);
1189         return NULL;
1190 }
1191
1192 /* xfrm_state_lock is held */
1193 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1194 {
1195         unsigned int h;
1196         struct xfrm_state *x;
1197         struct hlist_node *entry;
1198
1199         if (m->reqid) {
1200                 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1201                                   m->reqid, m->old_family);
1202                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
1203                         if (x->props.mode != m->mode ||
1204                             x->id.proto != m->proto)
1205                                 continue;
1206                         if (m->reqid && x->props.reqid != m->reqid)
1207                                 continue;
1208                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1209                                           m->old_family) ||
1210                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1211                                           m->old_family))
1212                                 continue;
1213                         xfrm_state_hold(x);
1214                         return x;
1215                 }
1216         } else {
1217                 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1218                                   m->old_family);
1219                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
1220                         if (x->props.mode != m->mode ||
1221                             x->id.proto != m->proto)
1222                                 continue;
1223                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1224                                           m->old_family) ||
1225                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1226                                           m->old_family))
1227                                 continue;
1228                         xfrm_state_hold(x);
1229                         return x;
1230                 }
1231         }
1232
1233         return NULL;
1234 }
1235 EXPORT_SYMBOL(xfrm_migrate_state_find);
1236
1237 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1238                                        struct xfrm_migrate *m)
1239 {
1240         struct xfrm_state *xc;
1241         int err;
1242
1243         xc = xfrm_state_clone(x, &err);
1244         if (!xc)
1245                 return NULL;
1246
1247         memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1248         memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1249
1250         /* add state */
1251         if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1252                 /* a care is needed when the destination address of the
1253                    state is to be updated as it is a part of triplet */
1254                 xfrm_state_insert(xc);
1255         } else {
1256                 if ((err = xfrm_state_add(xc)) < 0)
1257                         goto error;
1258         }
1259
1260         return xc;
1261 error:
1262         kfree(xc);
1263         return NULL;
1264 }
1265 EXPORT_SYMBOL(xfrm_state_migrate);
1266 #endif
1267
1268 int xfrm_state_update(struct xfrm_state *x)
1269 {
1270         struct xfrm_state *x1, *to_put;
1271         int err;
1272         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1273
1274         to_put = NULL;
1275
1276         spin_lock_bh(&xfrm_state_lock);
1277         x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1278
1279         err = -ESRCH;
1280         if (!x1)
1281                 goto out;
1282
1283         if (xfrm_state_kern(x1)) {
1284                 to_put = x1;
1285                 err = -EEXIST;
1286                 goto out;
1287         }
1288
1289         if (x1->km.state == XFRM_STATE_ACQ) {
1290                 __xfrm_state_insert(x);
1291                 x = NULL;
1292         }
1293         err = 0;
1294
1295 out:
1296         spin_unlock_bh(&xfrm_state_lock);
1297
1298         if (to_put)
1299                 xfrm_state_put(to_put);
1300
1301         if (err)
1302                 return err;
1303
1304         if (!x) {
1305                 xfrm_state_delete(x1);
1306                 xfrm_state_put(x1);
1307                 return 0;
1308         }
1309
1310         err = -EINVAL;
1311         spin_lock_bh(&x1->lock);
1312         if (likely(x1->km.state == XFRM_STATE_VALID)) {
1313                 if (x->encap && x1->encap)
1314                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1315                 if (x->coaddr && x1->coaddr) {
1316                         memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1317                 }
1318                 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1319                         memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1320                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1321                 x1->km.dying = 0;
1322
1323                 mod_timer(&x1->timer, jiffies + HZ);
1324                 if (x1->curlft.use_time)
1325                         xfrm_state_check_expire(x1);
1326
1327                 err = 0;
1328         }
1329         spin_unlock_bh(&x1->lock);
1330
1331         xfrm_state_put(x1);
1332
1333         return err;
1334 }
1335 EXPORT_SYMBOL(xfrm_state_update);
1336
1337 int xfrm_state_check_expire(struct xfrm_state *x)
1338 {
1339         if (!x->curlft.use_time)
1340                 x->curlft.use_time = get_seconds();
1341
1342         if (x->km.state != XFRM_STATE_VALID)
1343                 return -EINVAL;
1344
1345         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1346             x->curlft.packets >= x->lft.hard_packet_limit) {
1347                 x->km.state = XFRM_STATE_EXPIRED;
1348                 mod_timer(&x->timer, jiffies);
1349                 return -EINVAL;
1350         }
1351
1352         if (!x->km.dying &&
1353             (x->curlft.bytes >= x->lft.soft_byte_limit ||
1354              x->curlft.packets >= x->lft.soft_packet_limit)) {
1355                 x->km.dying = 1;
1356                 km_state_expired(x, 0, 0);
1357         }
1358         return 0;
1359 }
1360 EXPORT_SYMBOL(xfrm_state_check_expire);
1361
1362 struct xfrm_state *
1363 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1364                   unsigned short family)
1365 {
1366         struct xfrm_state *x;
1367
1368         spin_lock_bh(&xfrm_state_lock);
1369         x = __xfrm_state_lookup(daddr, spi, proto, family);
1370         spin_unlock_bh(&xfrm_state_lock);
1371         return x;
1372 }
1373 EXPORT_SYMBOL(xfrm_state_lookup);
1374
1375 struct xfrm_state *
1376 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1377                          u8 proto, unsigned short family)
1378 {
1379         struct xfrm_state *x;
1380
1381         spin_lock_bh(&xfrm_state_lock);
1382         x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
1383         spin_unlock_bh(&xfrm_state_lock);
1384         return x;
1385 }
1386 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1387
1388 struct xfrm_state *
1389 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1390               xfrm_address_t *daddr, xfrm_address_t *saddr,
1391               int create, unsigned short family)
1392 {
1393         struct xfrm_state *x;
1394
1395         spin_lock_bh(&xfrm_state_lock);
1396         x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1397         spin_unlock_bh(&xfrm_state_lock);
1398
1399         return x;
1400 }
1401 EXPORT_SYMBOL(xfrm_find_acq);
1402
1403 #ifdef CONFIG_XFRM_SUB_POLICY
1404 int
1405 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1406                unsigned short family)
1407 {
1408         int err = 0;
1409         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1410         if (!afinfo)
1411                 return -EAFNOSUPPORT;
1412
1413         spin_lock_bh(&xfrm_state_lock);
1414         if (afinfo->tmpl_sort)
1415                 err = afinfo->tmpl_sort(dst, src, n);
1416         spin_unlock_bh(&xfrm_state_lock);
1417         xfrm_state_put_afinfo(afinfo);
1418         return err;
1419 }
1420 EXPORT_SYMBOL(xfrm_tmpl_sort);
1421
1422 int
1423 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1424                 unsigned short family)
1425 {
1426         int err = 0;
1427         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1428         if (!afinfo)
1429                 return -EAFNOSUPPORT;
1430
1431         spin_lock_bh(&xfrm_state_lock);
1432         if (afinfo->state_sort)
1433                 err = afinfo->state_sort(dst, src, n);
1434         spin_unlock_bh(&xfrm_state_lock);
1435         xfrm_state_put_afinfo(afinfo);
1436         return err;
1437 }
1438 EXPORT_SYMBOL(xfrm_state_sort);
1439 #endif
1440
1441 /* Silly enough, but I'm lazy to build resolution list */
1442
1443 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1444 {
1445         int i;
1446
1447         for (i = 0; i <= xfrm_state_hmask; i++) {
1448                 struct hlist_node *entry;
1449                 struct xfrm_state *x;
1450
1451                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
1452                         if (x->km.seq == seq &&
1453                             x->km.state == XFRM_STATE_ACQ) {
1454                                 xfrm_state_hold(x);
1455                                 return x;
1456                         }
1457                 }
1458         }
1459         return NULL;
1460 }
1461
1462 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1463 {
1464         struct xfrm_state *x;
1465
1466         spin_lock_bh(&xfrm_state_lock);
1467         x = __xfrm_find_acq_byseq(seq);
1468         spin_unlock_bh(&xfrm_state_lock);
1469         return x;
1470 }
1471 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1472
1473 u32 xfrm_get_acqseq(void)
1474 {
1475         u32 res;
1476         static u32 acqseq;
1477         static DEFINE_SPINLOCK(acqseq_lock);
1478
1479         spin_lock_bh(&acqseq_lock);
1480         res = (++acqseq ? : ++acqseq);
1481         spin_unlock_bh(&acqseq_lock);
1482         return res;
1483 }
1484 EXPORT_SYMBOL(xfrm_get_acqseq);
1485
1486 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1487 {
1488         unsigned int h;
1489         struct xfrm_state *x0;
1490         int err = -ENOENT;
1491         __be32 minspi = htonl(low);
1492         __be32 maxspi = htonl(high);
1493
1494         spin_lock_bh(&x->lock);
1495         if (x->km.state == XFRM_STATE_DEAD)
1496                 goto unlock;
1497
1498         err = 0;
1499         if (x->id.spi)
1500                 goto unlock;
1501
1502         err = -ENOENT;
1503
1504         if (minspi == maxspi) {
1505                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1506                 if (x0) {
1507                         xfrm_state_put(x0);
1508                         goto unlock;
1509                 }
1510                 x->id.spi = minspi;
1511         } else {
1512                 u32 spi = 0;
1513                 for (h=0; h<high-low+1; h++) {
1514                         spi = low + net_random()%(high-low+1);
1515                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1516                         if (x0 == NULL) {
1517                                 x->id.spi = htonl(spi);
1518                                 break;
1519                         }
1520                         xfrm_state_put(x0);
1521                 }
1522         }
1523         if (x->id.spi) {
1524                 spin_lock_bh(&xfrm_state_lock);
1525                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1526                 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1527                 spin_unlock_bh(&xfrm_state_lock);
1528
1529                 err = 0;
1530         }
1531
1532 unlock:
1533         spin_unlock_bh(&x->lock);
1534
1535         return err;
1536 }
1537 EXPORT_SYMBOL(xfrm_alloc_spi);
1538
1539 int xfrm_state_walk(struct xfrm_state_walk *walk,
1540                     int (*func)(struct xfrm_state *, int, void*),
1541                     void *data)
1542 {
1543         struct xfrm_state *state;
1544         struct xfrm_state_walk *x;
1545         int err = 0;
1546
1547         if (walk->seq != 0 && list_empty(&walk->all))
1548                 return 0;
1549
1550         spin_lock_bh(&xfrm_state_lock);
1551         if (list_empty(&walk->all))
1552                 x = list_first_entry(&init_net.xfrm.state_all, struct xfrm_state_walk, all);
1553         else
1554                 x = list_entry(&walk->all, struct xfrm_state_walk, all);
1555         list_for_each_entry_from(x, &init_net.xfrm.state_all, all) {
1556                 if (x->state == XFRM_STATE_DEAD)
1557                         continue;
1558                 state = container_of(x, struct xfrm_state, km);
1559                 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
1560                         continue;
1561                 err = func(state, walk->seq, data);
1562                 if (err) {
1563                         list_move_tail(&walk->all, &x->all);
1564                         goto out;
1565                 }
1566                 walk->seq++;
1567         }
1568         if (walk->seq == 0) {
1569                 err = -ENOENT;
1570                 goto out;
1571         }
1572         list_del_init(&walk->all);
1573 out:
1574         spin_unlock_bh(&xfrm_state_lock);
1575         return err;
1576 }
1577 EXPORT_SYMBOL(xfrm_state_walk);
1578
1579 void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1580 {
1581         INIT_LIST_HEAD(&walk->all);
1582         walk->proto = proto;
1583         walk->state = XFRM_STATE_DEAD;
1584         walk->seq = 0;
1585 }
1586 EXPORT_SYMBOL(xfrm_state_walk_init);
1587
1588 void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1589 {
1590         if (list_empty(&walk->all))
1591                 return;
1592
1593         spin_lock_bh(&xfrm_state_lock);
1594         list_del(&walk->all);
1595         spin_lock_bh(&xfrm_state_lock);
1596 }
1597 EXPORT_SYMBOL(xfrm_state_walk_done);
1598
1599
1600 void xfrm_replay_notify(struct xfrm_state *x, int event)
1601 {
1602         struct km_event c;
1603         /* we send notify messages in case
1604          *  1. we updated on of the sequence numbers, and the seqno difference
1605          *     is at least x->replay_maxdiff, in this case we also update the
1606          *     timeout of our timer function
1607          *  2. if x->replay_maxage has elapsed since last update,
1608          *     and there were changes
1609          *
1610          *  The state structure must be locked!
1611          */
1612
1613         switch (event) {
1614         case XFRM_REPLAY_UPDATE:
1615                 if (x->replay_maxdiff &&
1616                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1617                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1618                         if (x->xflags & XFRM_TIME_DEFER)
1619                                 event = XFRM_REPLAY_TIMEOUT;
1620                         else
1621                                 return;
1622                 }
1623
1624                 break;
1625
1626         case XFRM_REPLAY_TIMEOUT:
1627                 if ((x->replay.seq == x->preplay.seq) &&
1628                     (x->replay.bitmap == x->preplay.bitmap) &&
1629                     (x->replay.oseq == x->preplay.oseq)) {
1630                         x->xflags |= XFRM_TIME_DEFER;
1631                         return;
1632                 }
1633
1634                 break;
1635         }
1636
1637         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1638         c.event = XFRM_MSG_NEWAE;
1639         c.data.aevent = event;
1640         km_state_notify(x, &c);
1641
1642         if (x->replay_maxage &&
1643             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1644                 x->xflags &= ~XFRM_TIME_DEFER;
1645 }
1646
1647 static void xfrm_replay_timer_handler(unsigned long data)
1648 {
1649         struct xfrm_state *x = (struct xfrm_state*)data;
1650
1651         spin_lock(&x->lock);
1652
1653         if (x->km.state == XFRM_STATE_VALID) {
1654                 if (xfrm_aevent_is_on())
1655                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1656                 else
1657                         x->xflags |= XFRM_TIME_DEFER;
1658         }
1659
1660         spin_unlock(&x->lock);
1661 }
1662
1663 int xfrm_replay_check(struct xfrm_state *x,
1664                       struct sk_buff *skb, __be32 net_seq)
1665 {
1666         u32 diff;
1667         u32 seq = ntohl(net_seq);
1668
1669         if (unlikely(seq == 0))
1670                 goto err;
1671
1672         if (likely(seq > x->replay.seq))
1673                 return 0;
1674
1675         diff = x->replay.seq - seq;
1676         if (diff >= min_t(unsigned int, x->props.replay_window,
1677                           sizeof(x->replay.bitmap) * 8)) {
1678                 x->stats.replay_window++;
1679                 goto err;
1680         }
1681
1682         if (x->replay.bitmap & (1U << diff)) {
1683                 x->stats.replay++;
1684                 goto err;
1685         }
1686         return 0;
1687
1688 err:
1689         xfrm_audit_state_replay(x, skb, net_seq);
1690         return -EINVAL;
1691 }
1692
1693 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1694 {
1695         u32 diff;
1696         u32 seq = ntohl(net_seq);
1697
1698         if (seq > x->replay.seq) {
1699                 diff = seq - x->replay.seq;
1700                 if (diff < x->props.replay_window)
1701                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1702                 else
1703                         x->replay.bitmap = 1;
1704                 x->replay.seq = seq;
1705         } else {
1706                 diff = x->replay.seq - seq;
1707                 x->replay.bitmap |= (1U << diff);
1708         }
1709
1710         if (xfrm_aevent_is_on())
1711                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1712 }
1713
1714 static LIST_HEAD(xfrm_km_list);
1715 static DEFINE_RWLOCK(xfrm_km_lock);
1716
1717 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1718 {
1719         struct xfrm_mgr *km;
1720
1721         read_lock(&xfrm_km_lock);
1722         list_for_each_entry(km, &xfrm_km_list, list)
1723                 if (km->notify_policy)
1724                         km->notify_policy(xp, dir, c);
1725         read_unlock(&xfrm_km_lock);
1726 }
1727
1728 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1729 {
1730         struct xfrm_mgr *km;
1731         read_lock(&xfrm_km_lock);
1732         list_for_each_entry(km, &xfrm_km_list, list)
1733                 if (km->notify)
1734                         km->notify(x, c);
1735         read_unlock(&xfrm_km_lock);
1736 }
1737
1738 EXPORT_SYMBOL(km_policy_notify);
1739 EXPORT_SYMBOL(km_state_notify);
1740
1741 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1742 {
1743         struct km_event c;
1744
1745         c.data.hard = hard;
1746         c.pid = pid;
1747         c.event = XFRM_MSG_EXPIRE;
1748         km_state_notify(x, &c);
1749
1750         if (hard)
1751                 wake_up(&km_waitq);
1752 }
1753
1754 EXPORT_SYMBOL(km_state_expired);
1755 /*
1756  * We send to all registered managers regardless of failure
1757  * We are happy with one success
1758 */
1759 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1760 {
1761         int err = -EINVAL, acqret;
1762         struct xfrm_mgr *km;
1763
1764         read_lock(&xfrm_km_lock);
1765         list_for_each_entry(km, &xfrm_km_list, list) {
1766                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1767                 if (!acqret)
1768                         err = acqret;
1769         }
1770         read_unlock(&xfrm_km_lock);
1771         return err;
1772 }
1773 EXPORT_SYMBOL(km_query);
1774
1775 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1776 {
1777         int err = -EINVAL;
1778         struct xfrm_mgr *km;
1779
1780         read_lock(&xfrm_km_lock);
1781         list_for_each_entry(km, &xfrm_km_list, list) {
1782                 if (km->new_mapping)
1783                         err = km->new_mapping(x, ipaddr, sport);
1784                 if (!err)
1785                         break;
1786         }
1787         read_unlock(&xfrm_km_lock);
1788         return err;
1789 }
1790 EXPORT_SYMBOL(km_new_mapping);
1791
1792 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1793 {
1794         struct km_event c;
1795
1796         c.data.hard = hard;
1797         c.pid = pid;
1798         c.event = XFRM_MSG_POLEXPIRE;
1799         km_policy_notify(pol, dir, &c);
1800
1801         if (hard)
1802                 wake_up(&km_waitq);
1803 }
1804 EXPORT_SYMBOL(km_policy_expired);
1805
1806 #ifdef CONFIG_XFRM_MIGRATE
1807 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1808                struct xfrm_migrate *m, int num_migrate,
1809                struct xfrm_kmaddress *k)
1810 {
1811         int err = -EINVAL;
1812         int ret;
1813         struct xfrm_mgr *km;
1814
1815         read_lock(&xfrm_km_lock);
1816         list_for_each_entry(km, &xfrm_km_list, list) {
1817                 if (km->migrate) {
1818                         ret = km->migrate(sel, dir, type, m, num_migrate, k);
1819                         if (!ret)
1820                                 err = ret;
1821                 }
1822         }
1823         read_unlock(&xfrm_km_lock);
1824         return err;
1825 }
1826 EXPORT_SYMBOL(km_migrate);
1827 #endif
1828
1829 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1830 {
1831         int err = -EINVAL;
1832         int ret;
1833         struct xfrm_mgr *km;
1834
1835         read_lock(&xfrm_km_lock);
1836         list_for_each_entry(km, &xfrm_km_list, list) {
1837                 if (km->report) {
1838                         ret = km->report(proto, sel, addr);
1839                         if (!ret)
1840                                 err = ret;
1841                 }
1842         }
1843         read_unlock(&xfrm_km_lock);
1844         return err;
1845 }
1846 EXPORT_SYMBOL(km_report);
1847
1848 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1849 {
1850         int err;
1851         u8 *data;
1852         struct xfrm_mgr *km;
1853         struct xfrm_policy *pol = NULL;
1854
1855         if (optlen <= 0 || optlen > PAGE_SIZE)
1856                 return -EMSGSIZE;
1857
1858         data = kmalloc(optlen, GFP_KERNEL);
1859         if (!data)
1860                 return -ENOMEM;
1861
1862         err = -EFAULT;
1863         if (copy_from_user(data, optval, optlen))
1864                 goto out;
1865
1866         err = -EINVAL;
1867         read_lock(&xfrm_km_lock);
1868         list_for_each_entry(km, &xfrm_km_list, list) {
1869                 pol = km->compile_policy(sk, optname, data,
1870                                          optlen, &err);
1871                 if (err >= 0)
1872                         break;
1873         }
1874         read_unlock(&xfrm_km_lock);
1875
1876         if (err >= 0) {
1877                 xfrm_sk_policy_insert(sk, err, pol);
1878                 xfrm_pol_put(pol);
1879                 err = 0;
1880         }
1881
1882 out:
1883         kfree(data);
1884         return err;
1885 }
1886 EXPORT_SYMBOL(xfrm_user_policy);
1887
1888 int xfrm_register_km(struct xfrm_mgr *km)
1889 {
1890         write_lock_bh(&xfrm_km_lock);
1891         list_add_tail(&km->list, &xfrm_km_list);
1892         write_unlock_bh(&xfrm_km_lock);
1893         return 0;
1894 }
1895 EXPORT_SYMBOL(xfrm_register_km);
1896
1897 int xfrm_unregister_km(struct xfrm_mgr *km)
1898 {
1899         write_lock_bh(&xfrm_km_lock);
1900         list_del(&km->list);
1901         write_unlock_bh(&xfrm_km_lock);
1902         return 0;
1903 }
1904 EXPORT_SYMBOL(xfrm_unregister_km);
1905
1906 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1907 {
1908         int err = 0;
1909         if (unlikely(afinfo == NULL))
1910                 return -EINVAL;
1911         if (unlikely(afinfo->family >= NPROTO))
1912                 return -EAFNOSUPPORT;
1913         write_lock_bh(&xfrm_state_afinfo_lock);
1914         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1915                 err = -ENOBUFS;
1916         else
1917                 xfrm_state_afinfo[afinfo->family] = afinfo;
1918         write_unlock_bh(&xfrm_state_afinfo_lock);
1919         return err;
1920 }
1921 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1922
1923 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1924 {
1925         int err = 0;
1926         if (unlikely(afinfo == NULL))
1927                 return -EINVAL;
1928         if (unlikely(afinfo->family >= NPROTO))
1929                 return -EAFNOSUPPORT;
1930         write_lock_bh(&xfrm_state_afinfo_lock);
1931         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1932                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1933                         err = -EINVAL;
1934                 else
1935                         xfrm_state_afinfo[afinfo->family] = NULL;
1936         }
1937         write_unlock_bh(&xfrm_state_afinfo_lock);
1938         return err;
1939 }
1940 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1941
1942 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1943 {
1944         struct xfrm_state_afinfo *afinfo;
1945         if (unlikely(family >= NPROTO))
1946                 return NULL;
1947         read_lock(&xfrm_state_afinfo_lock);
1948         afinfo = xfrm_state_afinfo[family];
1949         if (unlikely(!afinfo))
1950                 read_unlock(&xfrm_state_afinfo_lock);
1951         return afinfo;
1952 }
1953
1954 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1955         __releases(xfrm_state_afinfo_lock)
1956 {
1957         read_unlock(&xfrm_state_afinfo_lock);
1958 }
1959
1960 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1961 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1962 {
1963         if (x->tunnel) {
1964                 struct xfrm_state *t = x->tunnel;
1965
1966                 if (atomic_read(&t->tunnel_users) == 2)
1967                         xfrm_state_delete(t);
1968                 atomic_dec(&t->tunnel_users);
1969                 xfrm_state_put(t);
1970                 x->tunnel = NULL;
1971         }
1972 }
1973 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1974
1975 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1976 {
1977         int res;
1978
1979         spin_lock_bh(&x->lock);
1980         if (x->km.state == XFRM_STATE_VALID &&
1981             x->type && x->type->get_mtu)
1982                 res = x->type->get_mtu(x, mtu);
1983         else
1984                 res = mtu - x->props.header_len;
1985         spin_unlock_bh(&x->lock);
1986         return res;
1987 }
1988
1989 int xfrm_init_state(struct xfrm_state *x)
1990 {
1991         struct xfrm_state_afinfo *afinfo;
1992         struct xfrm_mode *inner_mode;
1993         int family = x->props.family;
1994         int err;
1995
1996         err = -EAFNOSUPPORT;
1997         afinfo = xfrm_state_get_afinfo(family);
1998         if (!afinfo)
1999                 goto error;
2000
2001         err = 0;
2002         if (afinfo->init_flags)
2003                 err = afinfo->init_flags(x);
2004
2005         xfrm_state_put_afinfo(afinfo);
2006
2007         if (err)
2008                 goto error;
2009
2010         err = -EPROTONOSUPPORT;
2011
2012         if (x->sel.family != AF_UNSPEC) {
2013                 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2014                 if (inner_mode == NULL)
2015                         goto error;
2016
2017                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2018                     family != x->sel.family) {
2019                         xfrm_put_mode(inner_mode);
2020                         goto error;
2021                 }
2022
2023                 x->inner_mode = inner_mode;
2024         } else {
2025                 struct xfrm_mode *inner_mode_iaf;
2026
2027                 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2028                 if (inner_mode == NULL)
2029                         goto error;
2030
2031                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2032                         xfrm_put_mode(inner_mode);
2033                         goto error;
2034                 }
2035
2036                 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2037                 if (inner_mode_iaf == NULL)
2038                         goto error;
2039
2040                 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2041                         xfrm_put_mode(inner_mode_iaf);
2042                         goto error;
2043                 }
2044
2045                 if (x->props.family == AF_INET) {
2046                         x->inner_mode = inner_mode;
2047                         x->inner_mode_iaf = inner_mode_iaf;
2048                 } else {
2049                         x->inner_mode = inner_mode_iaf;
2050                         x->inner_mode_iaf = inner_mode;
2051                 }
2052         }
2053
2054         x->type = xfrm_get_type(x->id.proto, family);
2055         if (x->type == NULL)
2056                 goto error;
2057
2058         err = x->type->init_state(x);
2059         if (err)
2060                 goto error;
2061
2062         x->outer_mode = xfrm_get_mode(x->props.mode, family);
2063         if (x->outer_mode == NULL)
2064                 goto error;
2065
2066         x->km.state = XFRM_STATE_VALID;
2067
2068 error:
2069         return err;
2070 }
2071
2072 EXPORT_SYMBOL(xfrm_init_state);
2073
2074 int __net_init xfrm_state_init(struct net *net)
2075 {
2076         unsigned int sz;
2077
2078         INIT_LIST_HEAD(&net->xfrm.state_all);
2079
2080         sz = sizeof(struct hlist_head) * 8;
2081
2082         net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2083         if (!net->xfrm.state_bydst)
2084                 goto out_bydst;
2085         net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2086         if (!net->xfrm.state_bysrc)
2087                 goto out_bysrc;
2088         net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2089         if (!net->xfrm.state_byspi)
2090                 goto out_byspi;
2091         xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2092
2093         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
2094         return 0;
2095
2096 out_byspi:
2097         xfrm_hash_free(net->xfrm.state_bysrc, sz);
2098 out_bysrc:
2099         xfrm_hash_free(net->xfrm.state_bydst, sz);
2100 out_bydst:
2101         return -ENOMEM;
2102 }
2103
2104 void xfrm_state_fini(struct net *net)
2105 {
2106         unsigned int sz;
2107
2108         WARN_ON(!list_empty(&net->xfrm.state_all));
2109
2110         sz = (xfrm_state_hmask + 1) * sizeof(struct hlist_head);
2111         WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2112         xfrm_hash_free(net->xfrm.state_byspi, sz);
2113         WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2114         xfrm_hash_free(net->xfrm.state_bysrc, sz);
2115         WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2116         xfrm_hash_free(net->xfrm.state_bydst, sz);
2117 }
2118
2119 #ifdef CONFIG_AUDITSYSCALL
2120 static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2121                                      struct audit_buffer *audit_buf)
2122 {
2123         struct xfrm_sec_ctx *ctx = x->security;
2124         u32 spi = ntohl(x->id.spi);
2125
2126         if (ctx)
2127                 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2128                                  ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2129
2130         switch(x->props.family) {
2131         case AF_INET:
2132                 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2133                                  &x->props.saddr.a4, &x->id.daddr.a4);
2134                 break;
2135         case AF_INET6:
2136                 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
2137                                  x->props.saddr.a6, x->id.daddr.a6);
2138                 break;
2139         }
2140
2141         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2142 }
2143
2144 static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2145                                       struct audit_buffer *audit_buf)
2146 {
2147         struct iphdr *iph4;
2148         struct ipv6hdr *iph6;
2149
2150         switch (family) {
2151         case AF_INET:
2152                 iph4 = ip_hdr(skb);
2153                 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2154                                  &iph4->saddr, &iph4->daddr);
2155                 break;
2156         case AF_INET6:
2157                 iph6 = ipv6_hdr(skb);
2158                 audit_log_format(audit_buf,
2159                                  " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
2160                                  &iph6->saddr,&iph6->daddr,
2161                                  iph6->flow_lbl[0] & 0x0f,
2162                                  iph6->flow_lbl[1],
2163                                  iph6->flow_lbl[2]);
2164                 break;
2165         }
2166 }
2167
2168 void xfrm_audit_state_add(struct xfrm_state *x, int result,
2169                           uid_t auid, u32 sessionid, u32 secid)
2170 {
2171         struct audit_buffer *audit_buf;
2172
2173         audit_buf = xfrm_audit_start("SAD-add");
2174         if (audit_buf == NULL)
2175                 return;
2176         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2177         xfrm_audit_helper_sainfo(x, audit_buf);
2178         audit_log_format(audit_buf, " res=%u", result);
2179         audit_log_end(audit_buf);
2180 }
2181 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2182
2183 void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2184                              uid_t auid, u32 sessionid, u32 secid)
2185 {
2186         struct audit_buffer *audit_buf;
2187
2188         audit_buf = xfrm_audit_start("SAD-delete");
2189         if (audit_buf == NULL)
2190                 return;
2191         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2192         xfrm_audit_helper_sainfo(x, audit_buf);
2193         audit_log_format(audit_buf, " res=%u", result);
2194         audit_log_end(audit_buf);
2195 }
2196 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2197
2198 void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2199                                       struct sk_buff *skb)
2200 {
2201         struct audit_buffer *audit_buf;
2202         u32 spi;
2203
2204         audit_buf = xfrm_audit_start("SA-replay-overflow");
2205         if (audit_buf == NULL)
2206                 return;
2207         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2208         /* don't record the sequence number because it's inherent in this kind
2209          * of audit message */
2210         spi = ntohl(x->id.spi);
2211         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2212         audit_log_end(audit_buf);
2213 }
2214 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2215
2216 static void xfrm_audit_state_replay(struct xfrm_state *x,
2217                              struct sk_buff *skb, __be32 net_seq)
2218 {
2219         struct audit_buffer *audit_buf;
2220         u32 spi;
2221
2222         audit_buf = xfrm_audit_start("SA-replayed-pkt");
2223         if (audit_buf == NULL)
2224                 return;
2225         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2226         spi = ntohl(x->id.spi);
2227         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2228                          spi, spi, ntohl(net_seq));
2229         audit_log_end(audit_buf);
2230 }
2231
2232 void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2233 {
2234         struct audit_buffer *audit_buf;
2235
2236         audit_buf = xfrm_audit_start("SA-notfound");
2237         if (audit_buf == NULL)
2238                 return;
2239         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2240         audit_log_end(audit_buf);
2241 }
2242 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2243
2244 void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2245                                __be32 net_spi, __be32 net_seq)
2246 {
2247         struct audit_buffer *audit_buf;
2248         u32 spi;
2249
2250         audit_buf = xfrm_audit_start("SA-notfound");
2251         if (audit_buf == NULL)
2252                 return;
2253         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2254         spi = ntohl(net_spi);
2255         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2256                          spi, spi, ntohl(net_seq));
2257         audit_log_end(audit_buf);
2258 }
2259 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2260
2261 void xfrm_audit_state_icvfail(struct xfrm_state *x,
2262                               struct sk_buff *skb, u8 proto)
2263 {
2264         struct audit_buffer *audit_buf;
2265         __be32 net_spi;
2266         __be32 net_seq;
2267
2268         audit_buf = xfrm_audit_start("SA-icv-failure");
2269         if (audit_buf == NULL)
2270                 return;
2271         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2272         if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2273                 u32 spi = ntohl(net_spi);
2274                 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2275                                  spi, spi, ntohl(net_seq));
2276         }
2277         audit_log_end(audit_buf);
2278 }
2279 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2280 #endif /* CONFIG_AUDITSYSCALL */