11f480b129527c7ee585303c91a7c0c7f90e13cc
[linux-2.6.git] / net / xfrm / xfrm_state.c
1 /*
2  * xfrm_state.c
3  *
4  * Changes:
5  *      Mitsuru KANDA @USAGI
6  *      Kazunori MIYAZAWA @USAGI
7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8  *              IPv6 support
9  *      YOSHIFUJI Hideaki @USAGI
10  *              Split up af-specific functions
11  *      Derek Atkins <derek@ihtfp.com>
12  *              Add UDP Encapsulation
13  *
14  */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <asm/uaccess.h>
22
23 struct sock *xfrm_nl;
24 EXPORT_SYMBOL(xfrm_nl);
25
26 u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME;
27 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
28
29 u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE;
30 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
31
32 /* Each xfrm_state may be linked to two tables:
33
34    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
35    2. Hash table by daddr to find what SAs exist for given
36       destination/tunnel endpoint. (output)
37  */
38
39 static DEFINE_SPINLOCK(xfrm_state_lock);
40
41 /* Hash table to find appropriate SA towards given target (endpoint
42  * of tunnel or destination of transport mode) allowed by selector.
43  *
44  * Main use is finding SA after policy selected tunnel or transport mode.
45  * Also, it can be used by ah/esp icmp error handler to find offending SA.
46  */
47 static struct list_head xfrm_state_bydst[XFRM_DST_HSIZE];
48 static struct list_head xfrm_state_bysrc[XFRM_DST_HSIZE];
49 static struct list_head xfrm_state_byspi[XFRM_DST_HSIZE];
50
51 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
52 EXPORT_SYMBOL(km_waitq);
53
54 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
55 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
56
57 static struct work_struct xfrm_state_gc_work;
58 static struct list_head xfrm_state_gc_list = LIST_HEAD_INIT(xfrm_state_gc_list);
59 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
60
61 static int xfrm_state_gc_flush_bundles;
62
63 int __xfrm_state_delete(struct xfrm_state *x);
64
65 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family);
66 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
67
68 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
69 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
70
71 static void xfrm_state_gc_destroy(struct xfrm_state *x)
72 {
73         if (del_timer(&x->timer))
74                 BUG();
75         if (del_timer(&x->rtimer))
76                 BUG();
77         kfree(x->aalg);
78         kfree(x->ealg);
79         kfree(x->calg);
80         kfree(x->encap);
81         if (x->mode)
82                 xfrm_put_mode(x->mode);
83         if (x->type) {
84                 x->type->destructor(x);
85                 xfrm_put_type(x->type);
86         }
87         security_xfrm_state_free(x);
88         kfree(x);
89 }
90
91 static void xfrm_state_gc_task(void *data)
92 {
93         struct xfrm_state *x;
94         struct list_head *entry, *tmp;
95         struct list_head gc_list = LIST_HEAD_INIT(gc_list);
96
97         if (xfrm_state_gc_flush_bundles) {
98                 xfrm_state_gc_flush_bundles = 0;
99                 xfrm_flush_bundles();
100         }
101
102         spin_lock_bh(&xfrm_state_gc_lock);
103         list_splice_init(&xfrm_state_gc_list, &gc_list);
104         spin_unlock_bh(&xfrm_state_gc_lock);
105
106         list_for_each_safe(entry, tmp, &gc_list) {
107                 x = list_entry(entry, struct xfrm_state, bydst);
108                 xfrm_state_gc_destroy(x);
109         }
110         wake_up(&km_waitq);
111 }
112
113 static inline unsigned long make_jiffies(long secs)
114 {
115         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
116                 return MAX_SCHEDULE_TIMEOUT-1;
117         else
118                 return secs*HZ;
119 }
120
121 static void xfrm_timer_handler(unsigned long data)
122 {
123         struct xfrm_state *x = (struct xfrm_state*)data;
124         unsigned long now = (unsigned long)xtime.tv_sec;
125         long next = LONG_MAX;
126         int warn = 0;
127
128         spin_lock(&x->lock);
129         if (x->km.state == XFRM_STATE_DEAD)
130                 goto out;
131         if (x->km.state == XFRM_STATE_EXPIRED)
132                 goto expired;
133         if (x->lft.hard_add_expires_seconds) {
134                 long tmo = x->lft.hard_add_expires_seconds +
135                         x->curlft.add_time - now;
136                 if (tmo <= 0)
137                         goto expired;
138                 if (tmo < next)
139                         next = tmo;
140         }
141         if (x->lft.hard_use_expires_seconds) {
142                 long tmo = x->lft.hard_use_expires_seconds +
143                         (x->curlft.use_time ? : now) - now;
144                 if (tmo <= 0)
145                         goto expired;
146                 if (tmo < next)
147                         next = tmo;
148         }
149         if (x->km.dying)
150                 goto resched;
151         if (x->lft.soft_add_expires_seconds) {
152                 long tmo = x->lft.soft_add_expires_seconds +
153                         x->curlft.add_time - now;
154                 if (tmo <= 0)
155                         warn = 1;
156                 else if (tmo < next)
157                         next = tmo;
158         }
159         if (x->lft.soft_use_expires_seconds) {
160                 long tmo = x->lft.soft_use_expires_seconds +
161                         (x->curlft.use_time ? : now) - now;
162                 if (tmo <= 0)
163                         warn = 1;
164                 else if (tmo < next)
165                         next = tmo;
166         }
167
168         x->km.dying = warn;
169         if (warn)
170                 km_state_expired(x, 0, 0);
171 resched:
172         if (next != LONG_MAX &&
173             !mod_timer(&x->timer, jiffies + make_jiffies(next)))
174                 xfrm_state_hold(x);
175         goto out;
176
177 expired:
178         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
179                 x->km.state = XFRM_STATE_EXPIRED;
180                 wake_up(&km_waitq);
181                 next = 2;
182                 goto resched;
183         }
184         if (!__xfrm_state_delete(x) && x->id.spi)
185                 km_state_expired(x, 1, 0);
186
187 out:
188         spin_unlock(&x->lock);
189         xfrm_state_put(x);
190 }
191
192 static void xfrm_replay_timer_handler(unsigned long data);
193
194 struct xfrm_state *xfrm_state_alloc(void)
195 {
196         struct xfrm_state *x;
197
198         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
199
200         if (x) {
201                 atomic_set(&x->refcnt, 1);
202                 atomic_set(&x->tunnel_users, 0);
203                 INIT_LIST_HEAD(&x->bydst);
204                 INIT_LIST_HEAD(&x->bysrc);
205                 INIT_LIST_HEAD(&x->byspi);
206                 init_timer(&x->timer);
207                 x->timer.function = xfrm_timer_handler;
208                 x->timer.data     = (unsigned long)x;
209                 init_timer(&x->rtimer);
210                 x->rtimer.function = xfrm_replay_timer_handler;
211                 x->rtimer.data     = (unsigned long)x;
212                 x->curlft.add_time = (unsigned long)xtime.tv_sec;
213                 x->lft.soft_byte_limit = XFRM_INF;
214                 x->lft.soft_packet_limit = XFRM_INF;
215                 x->lft.hard_byte_limit = XFRM_INF;
216                 x->lft.hard_packet_limit = XFRM_INF;
217                 x->replay_maxage = 0;
218                 x->replay_maxdiff = 0;
219                 spin_lock_init(&x->lock);
220         }
221         return x;
222 }
223 EXPORT_SYMBOL(xfrm_state_alloc);
224
225 void __xfrm_state_destroy(struct xfrm_state *x)
226 {
227         BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
228
229         spin_lock_bh(&xfrm_state_gc_lock);
230         list_add(&x->bydst, &xfrm_state_gc_list);
231         spin_unlock_bh(&xfrm_state_gc_lock);
232         schedule_work(&xfrm_state_gc_work);
233 }
234 EXPORT_SYMBOL(__xfrm_state_destroy);
235
236 int __xfrm_state_delete(struct xfrm_state *x)
237 {
238         int err = -ESRCH;
239
240         if (x->km.state != XFRM_STATE_DEAD) {
241                 x->km.state = XFRM_STATE_DEAD;
242                 spin_lock(&xfrm_state_lock);
243                 list_del(&x->bydst);
244                 __xfrm_state_put(x);
245                 list_del(&x->bysrc);
246                 __xfrm_state_put(x);
247                 if (x->id.spi) {
248                         list_del(&x->byspi);
249                         __xfrm_state_put(x);
250                 }
251                 spin_unlock(&xfrm_state_lock);
252                 if (del_timer(&x->timer))
253                         __xfrm_state_put(x);
254                 if (del_timer(&x->rtimer))
255                         __xfrm_state_put(x);
256
257                 /* The number two in this test is the reference
258                  * mentioned in the comment below plus the reference
259                  * our caller holds.  A larger value means that
260                  * there are DSTs attached to this xfrm_state.
261                  */
262                 if (atomic_read(&x->refcnt) > 2) {
263                         xfrm_state_gc_flush_bundles = 1;
264                         schedule_work(&xfrm_state_gc_work);
265                 }
266
267                 /* All xfrm_state objects are created by xfrm_state_alloc.
268                  * The xfrm_state_alloc call gives a reference, and that
269                  * is what we are dropping here.
270                  */
271                 __xfrm_state_put(x);
272                 err = 0;
273         }
274
275         return err;
276 }
277 EXPORT_SYMBOL(__xfrm_state_delete);
278
279 int xfrm_state_delete(struct xfrm_state *x)
280 {
281         int err;
282
283         spin_lock_bh(&x->lock);
284         err = __xfrm_state_delete(x);
285         spin_unlock_bh(&x->lock);
286
287         return err;
288 }
289 EXPORT_SYMBOL(xfrm_state_delete);
290
291 void xfrm_state_flush(u8 proto)
292 {
293         int i;
294         struct xfrm_state *x;
295
296         spin_lock_bh(&xfrm_state_lock);
297         for (i = 0; i < XFRM_DST_HSIZE; i++) {
298 restart:
299                 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
300                         if (!xfrm_state_kern(x) &&
301                             xfrm_id_proto_match(x->id.proto, proto)) {
302                                 xfrm_state_hold(x);
303                                 spin_unlock_bh(&xfrm_state_lock);
304
305                                 xfrm_state_delete(x);
306                                 xfrm_state_put(x);
307
308                                 spin_lock_bh(&xfrm_state_lock);
309                                 goto restart;
310                         }
311                 }
312         }
313         spin_unlock_bh(&xfrm_state_lock);
314         wake_up(&km_waitq);
315 }
316 EXPORT_SYMBOL(xfrm_state_flush);
317
318 static int
319 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
320                   struct xfrm_tmpl *tmpl,
321                   xfrm_address_t *daddr, xfrm_address_t *saddr,
322                   unsigned short family)
323 {
324         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
325         if (!afinfo)
326                 return -1;
327         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
328         xfrm_state_put_afinfo(afinfo);
329         return 0;
330 }
331
332 struct xfrm_state *
333 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 
334                 struct flowi *fl, struct xfrm_tmpl *tmpl,
335                 struct xfrm_policy *pol, int *err,
336                 unsigned short family)
337 {
338         unsigned h = xfrm_dst_hash(daddr, family);
339         struct xfrm_state *x, *x0;
340         int acquire_in_progress = 0;
341         int error = 0;
342         struct xfrm_state *best = NULL;
343         struct xfrm_state_afinfo *afinfo;
344         
345         afinfo = xfrm_state_get_afinfo(family);
346         if (afinfo == NULL) {
347                 *err = -EAFNOSUPPORT;
348                 return NULL;
349         }
350
351         spin_lock_bh(&xfrm_state_lock);
352         list_for_each_entry(x, xfrm_state_bydst+h, bydst) {
353                 if (x->props.family == family &&
354                     x->props.reqid == tmpl->reqid &&
355                     xfrm_state_addr_check(x, daddr, saddr, family) &&
356                     tmpl->mode == x->props.mode &&
357                     tmpl->id.proto == x->id.proto &&
358                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
359                         /* Resolution logic:
360                            1. There is a valid state with matching selector.
361                               Done.
362                            2. Valid state with inappropriate selector. Skip.
363
364                            Entering area of "sysdeps".
365
366                            3. If state is not valid, selector is temporary,
367                               it selects only session which triggered
368                               previous resolution. Key manager will do
369                               something to install a state with proper
370                               selector.
371                          */
372                         if (x->km.state == XFRM_STATE_VALID) {
373                                 if (!xfrm_selector_match(&x->sel, fl, family) ||
374                                     !security_xfrm_state_pol_flow_match(x, pol, fl))
375                                         continue;
376                                 if (!best ||
377                                     best->km.dying > x->km.dying ||
378                                     (best->km.dying == x->km.dying &&
379                                      best->curlft.add_time < x->curlft.add_time))
380                                         best = x;
381                         } else if (x->km.state == XFRM_STATE_ACQ) {
382                                 acquire_in_progress = 1;
383                         } else if (x->km.state == XFRM_STATE_ERROR ||
384                                    x->km.state == XFRM_STATE_EXPIRED) {
385                                 if (xfrm_selector_match(&x->sel, fl, family) &&
386                                     security_xfrm_state_pol_flow_match(x, pol, fl))
387                                         error = -ESRCH;
388                         }
389                 }
390         }
391
392         x = best;
393         if (!x && !error && !acquire_in_progress) {
394                 if (tmpl->id.spi &&
395                     (x0 = afinfo->state_lookup(daddr, tmpl->id.spi,
396                                                tmpl->id.proto)) != NULL) {
397                         xfrm_state_put(x0);
398                         error = -EEXIST;
399                         goto out;
400                 }
401                 x = xfrm_state_alloc();
402                 if (x == NULL) {
403                         error = -ENOMEM;
404                         goto out;
405                 }
406                 /* Initialize temporary selector matching only
407                  * to current session. */
408                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
409
410                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
411                 if (error) {
412                         x->km.state = XFRM_STATE_DEAD;
413                         xfrm_state_put(x);
414                         x = NULL;
415                         goto out;
416                 }
417
418                 if (km_query(x, tmpl, pol) == 0) {
419                         x->km.state = XFRM_STATE_ACQ;
420                         list_add_tail(&x->bydst, xfrm_state_bydst+h);
421                         xfrm_state_hold(x);
422                         list_add_tail(&x->bysrc, xfrm_state_bysrc+h);
423                         xfrm_state_hold(x);
424                         if (x->id.spi) {
425                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
426                                 list_add(&x->byspi, xfrm_state_byspi+h);
427                                 xfrm_state_hold(x);
428                         }
429                         x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
430                         xfrm_state_hold(x);
431                         x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
432                         add_timer(&x->timer);
433                 } else {
434                         x->km.state = XFRM_STATE_DEAD;
435                         xfrm_state_put(x);
436                         x = NULL;
437                         error = -ESRCH;
438                 }
439         }
440 out:
441         if (x)
442                 xfrm_state_hold(x);
443         else
444                 *err = acquire_in_progress ? -EAGAIN : error;
445         spin_unlock_bh(&xfrm_state_lock);
446         xfrm_state_put_afinfo(afinfo);
447         return x;
448 }
449
450 static void __xfrm_state_insert(struct xfrm_state *x)
451 {
452         unsigned h = xfrm_dst_hash(&x->id.daddr, x->props.family);
453
454         list_add(&x->bydst, xfrm_state_bydst+h);
455         xfrm_state_hold(x);
456
457         h = xfrm_src_hash(&x->props.saddr, x->props.family);
458
459         list_add(&x->bysrc, xfrm_state_bysrc+h);
460         xfrm_state_hold(x);
461
462         if (xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY)) {
463                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
464                                   x->props.family);
465
466                 list_add(&x->byspi, xfrm_state_byspi+h);
467                 xfrm_state_hold(x);
468         }
469
470         if (!mod_timer(&x->timer, jiffies + HZ))
471                 xfrm_state_hold(x);
472
473         if (x->replay_maxage &&
474             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
475                 xfrm_state_hold(x);
476
477         wake_up(&km_waitq);
478 }
479
480 void xfrm_state_insert(struct xfrm_state *x)
481 {
482         spin_lock_bh(&xfrm_state_lock);
483         __xfrm_state_insert(x);
484         spin_unlock_bh(&xfrm_state_lock);
485
486         xfrm_flush_all_bundles();
487 }
488 EXPORT_SYMBOL(xfrm_state_insert);
489
490 static inline struct xfrm_state *
491 __xfrm_state_locate(struct xfrm_state_afinfo *afinfo, struct xfrm_state *x,
492                     int use_spi)
493 {
494         if (use_spi)
495                 return afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
496         else
497                 return afinfo->state_lookup_byaddr(&x->id.daddr, &x->props.saddr, x->id.proto);
498 }
499
500 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
501
502 int xfrm_state_add(struct xfrm_state *x)
503 {
504         struct xfrm_state_afinfo *afinfo;
505         struct xfrm_state *x1;
506         int family;
507         int err;
508         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
509
510         family = x->props.family;
511         afinfo = xfrm_state_get_afinfo(family);
512         if (unlikely(afinfo == NULL))
513                 return -EAFNOSUPPORT;
514
515         spin_lock_bh(&xfrm_state_lock);
516
517         x1 = __xfrm_state_locate(afinfo, x, use_spi);
518         if (x1) {
519                 xfrm_state_put(x1);
520                 x1 = NULL;
521                 err = -EEXIST;
522                 goto out;
523         }
524
525         if (use_spi && x->km.seq) {
526                 x1 = __xfrm_find_acq_byseq(x->km.seq);
527                 if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
528                         xfrm_state_put(x1);
529                         x1 = NULL;
530                 }
531         }
532
533         if (use_spi && !x1)
534                 x1 = afinfo->find_acq(
535                         x->props.mode, x->props.reqid, x->id.proto,
536                         &x->id.daddr, &x->props.saddr, 0);
537
538         __xfrm_state_insert(x);
539         err = 0;
540
541 out:
542         spin_unlock_bh(&xfrm_state_lock);
543         xfrm_state_put_afinfo(afinfo);
544
545         if (!err)
546                 xfrm_flush_all_bundles();
547
548         if (x1) {
549                 xfrm_state_delete(x1);
550                 xfrm_state_put(x1);
551         }
552
553         return err;
554 }
555 EXPORT_SYMBOL(xfrm_state_add);
556
557 int xfrm_state_update(struct xfrm_state *x)
558 {
559         struct xfrm_state_afinfo *afinfo;
560         struct xfrm_state *x1;
561         int err;
562         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
563
564         afinfo = xfrm_state_get_afinfo(x->props.family);
565         if (unlikely(afinfo == NULL))
566                 return -EAFNOSUPPORT;
567
568         spin_lock_bh(&xfrm_state_lock);
569         x1 = __xfrm_state_locate(afinfo, x, use_spi);
570
571         err = -ESRCH;
572         if (!x1)
573                 goto out;
574
575         if (xfrm_state_kern(x1)) {
576                 xfrm_state_put(x1);
577                 err = -EEXIST;
578                 goto out;
579         }
580
581         if (x1->km.state == XFRM_STATE_ACQ) {
582                 __xfrm_state_insert(x);
583                 x = NULL;
584         }
585         err = 0;
586
587 out:
588         spin_unlock_bh(&xfrm_state_lock);
589         xfrm_state_put_afinfo(afinfo);
590
591         if (err)
592                 return err;
593
594         if (!x) {
595                 xfrm_state_delete(x1);
596                 xfrm_state_put(x1);
597                 return 0;
598         }
599
600         err = -EINVAL;
601         spin_lock_bh(&x1->lock);
602         if (likely(x1->km.state == XFRM_STATE_VALID)) {
603                 if (x->encap && x1->encap)
604                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
605                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
606                 x1->km.dying = 0;
607
608                 if (!mod_timer(&x1->timer, jiffies + HZ))
609                         xfrm_state_hold(x1);
610                 if (x1->curlft.use_time)
611                         xfrm_state_check_expire(x1);
612
613                 err = 0;
614         }
615         spin_unlock_bh(&x1->lock);
616
617         xfrm_state_put(x1);
618
619         return err;
620 }
621 EXPORT_SYMBOL(xfrm_state_update);
622
623 int xfrm_state_check_expire(struct xfrm_state *x)
624 {
625         if (!x->curlft.use_time)
626                 x->curlft.use_time = (unsigned long)xtime.tv_sec;
627
628         if (x->km.state != XFRM_STATE_VALID)
629                 return -EINVAL;
630
631         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
632             x->curlft.packets >= x->lft.hard_packet_limit) {
633                 x->km.state = XFRM_STATE_EXPIRED;
634                 if (!mod_timer(&x->timer, jiffies))
635                         xfrm_state_hold(x);
636                 return -EINVAL;
637         }
638
639         if (!x->km.dying &&
640             (x->curlft.bytes >= x->lft.soft_byte_limit ||
641              x->curlft.packets >= x->lft.soft_packet_limit)) {
642                 x->km.dying = 1;
643                 km_state_expired(x, 0, 0);
644         }
645         return 0;
646 }
647 EXPORT_SYMBOL(xfrm_state_check_expire);
648
649 static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
650 {
651         int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev)
652                 - skb_headroom(skb);
653
654         if (nhead > 0)
655                 return pskb_expand_head(skb, nhead, 0, GFP_ATOMIC);
656
657         /* Check tail too... */
658         return 0;
659 }
660
661 int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
662 {
663         int err = xfrm_state_check_expire(x);
664         if (err < 0)
665                 goto err;
666         err = xfrm_state_check_space(x, skb);
667 err:
668         return err;
669 }
670 EXPORT_SYMBOL(xfrm_state_check);
671
672 struct xfrm_state *
673 xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto,
674                   unsigned short family)
675 {
676         struct xfrm_state *x;
677         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
678         if (!afinfo)
679                 return NULL;
680
681         spin_lock_bh(&xfrm_state_lock);
682         x = afinfo->state_lookup(daddr, spi, proto);
683         spin_unlock_bh(&xfrm_state_lock);
684         xfrm_state_put_afinfo(afinfo);
685         return x;
686 }
687 EXPORT_SYMBOL(xfrm_state_lookup);
688
689 struct xfrm_state *
690 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
691                          u8 proto, unsigned short family)
692 {
693         struct xfrm_state *x;
694         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
695         if (!afinfo)
696                 return NULL;
697
698         spin_lock_bh(&xfrm_state_lock);
699         x = afinfo->state_lookup_byaddr(daddr, saddr, proto);
700         spin_unlock_bh(&xfrm_state_lock);
701         xfrm_state_put_afinfo(afinfo);
702         return x;
703 }
704 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
705
706 struct xfrm_state *
707 xfrm_find_acq(u8 mode, u32 reqid, u8 proto, 
708               xfrm_address_t *daddr, xfrm_address_t *saddr, 
709               int create, unsigned short family)
710 {
711         struct xfrm_state *x;
712         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
713         if (!afinfo)
714                 return NULL;
715
716         spin_lock_bh(&xfrm_state_lock);
717         x = afinfo->find_acq(mode, reqid, proto, daddr, saddr, create);
718         spin_unlock_bh(&xfrm_state_lock);
719         xfrm_state_put_afinfo(afinfo);
720         return x;
721 }
722 EXPORT_SYMBOL(xfrm_find_acq);
723
724 /* Silly enough, but I'm lazy to build resolution list */
725
726 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
727 {
728         int i;
729         struct xfrm_state *x;
730
731         for (i = 0; i < XFRM_DST_HSIZE; i++) {
732                 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
733                         if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
734                                 xfrm_state_hold(x);
735                                 return x;
736                         }
737                 }
738         }
739         return NULL;
740 }
741
742 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
743 {
744         struct xfrm_state *x;
745
746         spin_lock_bh(&xfrm_state_lock);
747         x = __xfrm_find_acq_byseq(seq);
748         spin_unlock_bh(&xfrm_state_lock);
749         return x;
750 }
751 EXPORT_SYMBOL(xfrm_find_acq_byseq);
752
753 u32 xfrm_get_acqseq(void)
754 {
755         u32 res;
756         static u32 acqseq;
757         static DEFINE_SPINLOCK(acqseq_lock);
758
759         spin_lock_bh(&acqseq_lock);
760         res = (++acqseq ? : ++acqseq);
761         spin_unlock_bh(&acqseq_lock);
762         return res;
763 }
764 EXPORT_SYMBOL(xfrm_get_acqseq);
765
766 void
767 xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi)
768 {
769         u32 h;
770         struct xfrm_state *x0;
771
772         if (x->id.spi)
773                 return;
774
775         if (minspi == maxspi) {
776                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
777                 if (x0) {
778                         xfrm_state_put(x0);
779                         return;
780                 }
781                 x->id.spi = minspi;
782         } else {
783                 u32 spi = 0;
784                 minspi = ntohl(minspi);
785                 maxspi = ntohl(maxspi);
786                 for (h=0; h<maxspi-minspi+1; h++) {
787                         spi = minspi + net_random()%(maxspi-minspi+1);
788                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
789                         if (x0 == NULL) {
790                                 x->id.spi = htonl(spi);
791                                 break;
792                         }
793                         xfrm_state_put(x0);
794                 }
795         }
796         if (x->id.spi) {
797                 spin_lock_bh(&xfrm_state_lock);
798                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
799                 list_add(&x->byspi, xfrm_state_byspi+h);
800                 xfrm_state_hold(x);
801                 spin_unlock_bh(&xfrm_state_lock);
802                 wake_up(&km_waitq);
803         }
804 }
805 EXPORT_SYMBOL(xfrm_alloc_spi);
806
807 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
808                     void *data)
809 {
810         int i;
811         struct xfrm_state *x;
812         int count = 0;
813         int err = 0;
814
815         spin_lock_bh(&xfrm_state_lock);
816         for (i = 0; i < XFRM_DST_HSIZE; i++) {
817                 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
818                         if (xfrm_id_proto_match(x->id.proto, proto))
819                                 count++;
820                 }
821         }
822         if (count == 0) {
823                 err = -ENOENT;
824                 goto out;
825         }
826
827         for (i = 0; i < XFRM_DST_HSIZE; i++) {
828                 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
829                         if (!xfrm_id_proto_match(x->id.proto, proto))
830                                 continue;
831                         err = func(x, --count, data);
832                         if (err)
833                                 goto out;
834                 }
835         }
836 out:
837         spin_unlock_bh(&xfrm_state_lock);
838         return err;
839 }
840 EXPORT_SYMBOL(xfrm_state_walk);
841
842
843 void xfrm_replay_notify(struct xfrm_state *x, int event)
844 {
845         struct km_event c;
846         /* we send notify messages in case
847          *  1. we updated on of the sequence numbers, and the seqno difference
848          *     is at least x->replay_maxdiff, in this case we also update the
849          *     timeout of our timer function
850          *  2. if x->replay_maxage has elapsed since last update,
851          *     and there were changes
852          *
853          *  The state structure must be locked!
854          */
855
856         switch (event) {
857         case XFRM_REPLAY_UPDATE:
858                 if (x->replay_maxdiff &&
859                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
860                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
861                         if (x->xflags & XFRM_TIME_DEFER)
862                                 event = XFRM_REPLAY_TIMEOUT;
863                         else
864                                 return;
865                 }
866
867                 break;
868
869         case XFRM_REPLAY_TIMEOUT:
870                 if ((x->replay.seq == x->preplay.seq) &&
871                     (x->replay.bitmap == x->preplay.bitmap) &&
872                     (x->replay.oseq == x->preplay.oseq)) {
873                         x->xflags |= XFRM_TIME_DEFER;
874                         return;
875                 }
876
877                 break;
878         }
879
880         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
881         c.event = XFRM_MSG_NEWAE;
882         c.data.aevent = event;
883         km_state_notify(x, &c);
884
885         if (x->replay_maxage &&
886             !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) {
887                 xfrm_state_hold(x);
888                 x->xflags &= ~XFRM_TIME_DEFER;
889         }
890 }
891 EXPORT_SYMBOL(xfrm_replay_notify);
892
893 static void xfrm_replay_timer_handler(unsigned long data)
894 {
895         struct xfrm_state *x = (struct xfrm_state*)data;
896
897         spin_lock(&x->lock);
898
899         if (x->km.state == XFRM_STATE_VALID) {
900                 if (xfrm_aevent_is_on())
901                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
902                 else
903                         x->xflags |= XFRM_TIME_DEFER;
904         }
905
906         spin_unlock(&x->lock);
907         xfrm_state_put(x);
908 }
909
910 int xfrm_replay_check(struct xfrm_state *x, u32 seq)
911 {
912         u32 diff;
913
914         seq = ntohl(seq);
915
916         if (unlikely(seq == 0))
917                 return -EINVAL;
918
919         if (likely(seq > x->replay.seq))
920                 return 0;
921
922         diff = x->replay.seq - seq;
923         if (diff >= x->props.replay_window) {
924                 x->stats.replay_window++;
925                 return -EINVAL;
926         }
927
928         if (x->replay.bitmap & (1U << diff)) {
929                 x->stats.replay++;
930                 return -EINVAL;
931         }
932         return 0;
933 }
934 EXPORT_SYMBOL(xfrm_replay_check);
935
936 void xfrm_replay_advance(struct xfrm_state *x, u32 seq)
937 {
938         u32 diff;
939
940         seq = ntohl(seq);
941
942         if (seq > x->replay.seq) {
943                 diff = seq - x->replay.seq;
944                 if (diff < x->props.replay_window)
945                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
946                 else
947                         x->replay.bitmap = 1;
948                 x->replay.seq = seq;
949         } else {
950                 diff = x->replay.seq - seq;
951                 x->replay.bitmap |= (1U << diff);
952         }
953
954         if (xfrm_aevent_is_on())
955                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
956 }
957 EXPORT_SYMBOL(xfrm_replay_advance);
958
959 static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
960 static DEFINE_RWLOCK(xfrm_km_lock);
961
962 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
963 {
964         struct xfrm_mgr *km;
965
966         read_lock(&xfrm_km_lock);
967         list_for_each_entry(km, &xfrm_km_list, list)
968                 if (km->notify_policy)
969                         km->notify_policy(xp, dir, c);
970         read_unlock(&xfrm_km_lock);
971 }
972
973 void km_state_notify(struct xfrm_state *x, struct km_event *c)
974 {
975         struct xfrm_mgr *km;
976         read_lock(&xfrm_km_lock);
977         list_for_each_entry(km, &xfrm_km_list, list)
978                 if (km->notify)
979                         km->notify(x, c);
980         read_unlock(&xfrm_km_lock);
981 }
982
983 EXPORT_SYMBOL(km_policy_notify);
984 EXPORT_SYMBOL(km_state_notify);
985
986 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
987 {
988         struct km_event c;
989
990         c.data.hard = hard;
991         c.pid = pid;
992         c.event = XFRM_MSG_EXPIRE;
993         km_state_notify(x, &c);
994
995         if (hard)
996                 wake_up(&km_waitq);
997 }
998
999 EXPORT_SYMBOL(km_state_expired);
1000 /*
1001  * We send to all registered managers regardless of failure
1002  * We are happy with one success
1003 */
1004 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1005 {
1006         int err = -EINVAL, acqret;
1007         struct xfrm_mgr *km;
1008
1009         read_lock(&xfrm_km_lock);
1010         list_for_each_entry(km, &xfrm_km_list, list) {
1011                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1012                 if (!acqret)
1013                         err = acqret;
1014         }
1015         read_unlock(&xfrm_km_lock);
1016         return err;
1017 }
1018 EXPORT_SYMBOL(km_query);
1019
1020 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport)
1021 {
1022         int err = -EINVAL;
1023         struct xfrm_mgr *km;
1024
1025         read_lock(&xfrm_km_lock);
1026         list_for_each_entry(km, &xfrm_km_list, list) {
1027                 if (km->new_mapping)
1028                         err = km->new_mapping(x, ipaddr, sport);
1029                 if (!err)
1030                         break;
1031         }
1032         read_unlock(&xfrm_km_lock);
1033         return err;
1034 }
1035 EXPORT_SYMBOL(km_new_mapping);
1036
1037 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1038 {
1039         struct km_event c;
1040
1041         c.data.hard = hard;
1042         c.pid = pid;
1043         c.event = XFRM_MSG_POLEXPIRE;
1044         km_policy_notify(pol, dir, &c);
1045
1046         if (hard)
1047                 wake_up(&km_waitq);
1048 }
1049 EXPORT_SYMBOL(km_policy_expired);
1050
1051 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1052 {
1053         int err;
1054         u8 *data;
1055         struct xfrm_mgr *km;
1056         struct xfrm_policy *pol = NULL;
1057
1058         if (optlen <= 0 || optlen > PAGE_SIZE)
1059                 return -EMSGSIZE;
1060
1061         data = kmalloc(optlen, GFP_KERNEL);
1062         if (!data)
1063                 return -ENOMEM;
1064
1065         err = -EFAULT;
1066         if (copy_from_user(data, optval, optlen))
1067                 goto out;
1068
1069         err = -EINVAL;
1070         read_lock(&xfrm_km_lock);
1071         list_for_each_entry(km, &xfrm_km_list, list) {
1072                 pol = km->compile_policy(sk, optname, data,
1073                                          optlen, &err);
1074                 if (err >= 0)
1075                         break;
1076         }
1077         read_unlock(&xfrm_km_lock);
1078
1079         if (err >= 0) {
1080                 xfrm_sk_policy_insert(sk, err, pol);
1081                 xfrm_pol_put(pol);
1082                 err = 0;
1083         }
1084
1085 out:
1086         kfree(data);
1087         return err;
1088 }
1089 EXPORT_SYMBOL(xfrm_user_policy);
1090
1091 int xfrm_register_km(struct xfrm_mgr *km)
1092 {
1093         write_lock_bh(&xfrm_km_lock);
1094         list_add_tail(&km->list, &xfrm_km_list);
1095         write_unlock_bh(&xfrm_km_lock);
1096         return 0;
1097 }
1098 EXPORT_SYMBOL(xfrm_register_km);
1099
1100 int xfrm_unregister_km(struct xfrm_mgr *km)
1101 {
1102         write_lock_bh(&xfrm_km_lock);
1103         list_del(&km->list);
1104         write_unlock_bh(&xfrm_km_lock);
1105         return 0;
1106 }
1107 EXPORT_SYMBOL(xfrm_unregister_km);
1108
1109 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1110 {
1111         int err = 0;
1112         if (unlikely(afinfo == NULL))
1113                 return -EINVAL;
1114         if (unlikely(afinfo->family >= NPROTO))
1115                 return -EAFNOSUPPORT;
1116         write_lock_bh(&xfrm_state_afinfo_lock);
1117         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1118                 err = -ENOBUFS;
1119         else {
1120                 afinfo->state_bydst = xfrm_state_bydst;
1121                 afinfo->state_bysrc = xfrm_state_bysrc;
1122                 afinfo->state_byspi = xfrm_state_byspi;
1123                 xfrm_state_afinfo[afinfo->family] = afinfo;
1124         }
1125         write_unlock_bh(&xfrm_state_afinfo_lock);
1126         return err;
1127 }
1128 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1129
1130 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1131 {
1132         int err = 0;
1133         if (unlikely(afinfo == NULL))
1134                 return -EINVAL;
1135         if (unlikely(afinfo->family >= NPROTO))
1136                 return -EAFNOSUPPORT;
1137         write_lock_bh(&xfrm_state_afinfo_lock);
1138         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1139                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1140                         err = -EINVAL;
1141                 else {
1142                         xfrm_state_afinfo[afinfo->family] = NULL;
1143                         afinfo->state_byspi = NULL;
1144                         afinfo->state_bysrc = NULL;
1145                         afinfo->state_bydst = NULL;
1146                 }
1147         }
1148         write_unlock_bh(&xfrm_state_afinfo_lock);
1149         return err;
1150 }
1151 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1152
1153 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
1154 {
1155         struct xfrm_state_afinfo *afinfo;
1156         if (unlikely(family >= NPROTO))
1157                 return NULL;
1158         read_lock(&xfrm_state_afinfo_lock);
1159         afinfo = xfrm_state_afinfo[family];
1160         if (unlikely(!afinfo))
1161                 read_unlock(&xfrm_state_afinfo_lock);
1162         return afinfo;
1163 }
1164
1165 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1166 {
1167         read_unlock(&xfrm_state_afinfo_lock);
1168 }
1169
1170 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1171 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1172 {
1173         if (x->tunnel) {
1174                 struct xfrm_state *t = x->tunnel;
1175
1176                 if (atomic_read(&t->tunnel_users) == 2)
1177                         xfrm_state_delete(t);
1178                 atomic_dec(&t->tunnel_users);
1179                 xfrm_state_put(t);
1180                 x->tunnel = NULL;
1181         }
1182 }
1183 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1184
1185 /*
1186  * This function is NOT optimal.  For example, with ESP it will give an
1187  * MTU that's usually two bytes short of being optimal.  However, it will
1188  * usually give an answer that's a multiple of 4 provided the input is
1189  * also a multiple of 4.
1190  */
1191 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1192 {
1193         int res = mtu;
1194
1195         res -= x->props.header_len;
1196
1197         for (;;) {
1198                 int m = res;
1199
1200                 if (m < 68)
1201                         return 68;
1202
1203                 spin_lock_bh(&x->lock);
1204                 if (x->km.state == XFRM_STATE_VALID &&
1205                     x->type && x->type->get_max_size)
1206                         m = x->type->get_max_size(x, m);
1207                 else
1208                         m += x->props.header_len;
1209                 spin_unlock_bh(&x->lock);
1210
1211                 if (m <= mtu)
1212                         break;
1213                 res -= (m - mtu);
1214         }
1215
1216         return res;
1217 }
1218
1219 int xfrm_init_state(struct xfrm_state *x)
1220 {
1221         struct xfrm_state_afinfo *afinfo;
1222         int family = x->props.family;
1223         int err;
1224
1225         err = -EAFNOSUPPORT;
1226         afinfo = xfrm_state_get_afinfo(family);
1227         if (!afinfo)
1228                 goto error;
1229
1230         err = 0;
1231         if (afinfo->init_flags)
1232                 err = afinfo->init_flags(x);
1233
1234         xfrm_state_put_afinfo(afinfo);
1235
1236         if (err)
1237                 goto error;
1238
1239         err = -EPROTONOSUPPORT;
1240         x->type = xfrm_get_type(x->id.proto, family);
1241         if (x->type == NULL)
1242                 goto error;
1243
1244         err = x->type->init_state(x);
1245         if (err)
1246                 goto error;
1247
1248         x->mode = xfrm_get_mode(x->props.mode, family);
1249         if (x->mode == NULL)
1250                 goto error;
1251
1252         x->km.state = XFRM_STATE_VALID;
1253
1254 error:
1255         return err;
1256 }
1257
1258 EXPORT_SYMBOL(xfrm_init_state);
1259  
1260 void __init xfrm_state_init(void)
1261 {
1262         int i;
1263
1264         for (i=0; i<XFRM_DST_HSIZE; i++) {
1265                 INIT_LIST_HEAD(&xfrm_state_bydst[i]);
1266                 INIT_LIST_HEAD(&xfrm_state_bysrc[i]);
1267                 INIT_LIST_HEAD(&xfrm_state_byspi[i]);
1268         }
1269         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task, NULL);
1270 }
1271