2fd57f8f77c1ffc304ad4a0d65724c88f3495ff1
[linux-2.6.git] / net / xfrm / xfrm_state.c
1 /*
2  * xfrm_state.c
3  *
4  * Changes:
5  *      Mitsuru KANDA @USAGI
6  *      Kazunori MIYAZAWA @USAGI
7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8  *              IPv6 support
9  *      YOSHIFUJI Hideaki @USAGI
10  *              Split up af-specific functions
11  *      Derek Atkins <derek@ihtfp.com>
12  *              Add UDP Encapsulation
13  *
14  */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <linux/cache.h>
22 #include <linux/audit.h>
23 #include <asm/uaccess.h>
24
25 #include "xfrm_hash.h"
26
27 /* Each xfrm_state may be linked to two tables:
28
29    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
30    2. Hash table by (daddr,family,reqid) to find what SAs exist for given
31       destination/tunnel endpoint. (output)
32  */
33
34 static DEFINE_SPINLOCK(xfrm_state_lock);
35
36 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
37 static unsigned int xfrm_state_genid;
38
39 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
40 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
41
42 #ifdef CONFIG_AUDITSYSCALL
43 static void xfrm_audit_state_replay(struct xfrm_state *x,
44                                     struct sk_buff *skb, __be32 net_seq);
45 #else
46 #define xfrm_audit_state_replay(x, s, sq)       do { ; } while (0)
47 #endif /* CONFIG_AUDITSYSCALL */
48
49 static inline unsigned int xfrm_dst_hash(struct net *net,
50                                          xfrm_address_t *daddr,
51                                          xfrm_address_t *saddr,
52                                          u32 reqid,
53                                          unsigned short family)
54 {
55         return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask);
56 }
57
58 static inline unsigned int xfrm_src_hash(struct net *net,
59                                          xfrm_address_t *daddr,
60                                          xfrm_address_t *saddr,
61                                          unsigned short family)
62 {
63         return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask);
64 }
65
66 static inline unsigned int
67 xfrm_spi_hash(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
68 {
69         return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask);
70 }
71
72 static void xfrm_hash_transfer(struct hlist_head *list,
73                                struct hlist_head *ndsttable,
74                                struct hlist_head *nsrctable,
75                                struct hlist_head *nspitable,
76                                unsigned int nhashmask)
77 {
78         struct hlist_node *entry, *tmp;
79         struct xfrm_state *x;
80
81         hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
82                 unsigned int h;
83
84                 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
85                                     x->props.reqid, x->props.family,
86                                     nhashmask);
87                 hlist_add_head(&x->bydst, ndsttable+h);
88
89                 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
90                                     x->props.family,
91                                     nhashmask);
92                 hlist_add_head(&x->bysrc, nsrctable+h);
93
94                 if (x->id.spi) {
95                         h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
96                                             x->id.proto, x->props.family,
97                                             nhashmask);
98                         hlist_add_head(&x->byspi, nspitable+h);
99                 }
100         }
101 }
102
103 static unsigned long xfrm_hash_new_size(unsigned int state_hmask)
104 {
105         return ((state_hmask + 1) << 1) * sizeof(struct hlist_head);
106 }
107
108 static DEFINE_MUTEX(hash_resize_mutex);
109
110 static void xfrm_hash_resize(struct work_struct *work)
111 {
112         struct net *net = container_of(work, struct net, xfrm.state_hash_work);
113         struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
114         unsigned long nsize, osize;
115         unsigned int nhashmask, ohashmask;
116         int i;
117
118         mutex_lock(&hash_resize_mutex);
119
120         nsize = xfrm_hash_new_size(net->xfrm.state_hmask);
121         ndst = xfrm_hash_alloc(nsize);
122         if (!ndst)
123                 goto out_unlock;
124         nsrc = xfrm_hash_alloc(nsize);
125         if (!nsrc) {
126                 xfrm_hash_free(ndst, nsize);
127                 goto out_unlock;
128         }
129         nspi = xfrm_hash_alloc(nsize);
130         if (!nspi) {
131                 xfrm_hash_free(ndst, nsize);
132                 xfrm_hash_free(nsrc, nsize);
133                 goto out_unlock;
134         }
135
136         spin_lock_bh(&xfrm_state_lock);
137
138         nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
139         for (i = net->xfrm.state_hmask; i >= 0; i--)
140                 xfrm_hash_transfer(net->xfrm.state_bydst+i, ndst, nsrc, nspi,
141                                    nhashmask);
142
143         odst = net->xfrm.state_bydst;
144         osrc = net->xfrm.state_bysrc;
145         ospi = net->xfrm.state_byspi;
146         ohashmask = net->xfrm.state_hmask;
147
148         net->xfrm.state_bydst = ndst;
149         net->xfrm.state_bysrc = nsrc;
150         net->xfrm.state_byspi = nspi;
151         net->xfrm.state_hmask = nhashmask;
152
153         spin_unlock_bh(&xfrm_state_lock);
154
155         osize = (ohashmask + 1) * sizeof(struct hlist_head);
156         xfrm_hash_free(odst, osize);
157         xfrm_hash_free(osrc, osize);
158         xfrm_hash_free(ospi, osize);
159
160 out_unlock:
161         mutex_unlock(&hash_resize_mutex);
162 }
163
164 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
165 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
166
167 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
168
169 int __xfrm_state_delete(struct xfrm_state *x);
170
171 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
172 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
173
174 static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
175 {
176         struct xfrm_state_afinfo *afinfo;
177         if (unlikely(family >= NPROTO))
178                 return NULL;
179         write_lock_bh(&xfrm_state_afinfo_lock);
180         afinfo = xfrm_state_afinfo[family];
181         if (unlikely(!afinfo))
182                 write_unlock_bh(&xfrm_state_afinfo_lock);
183         return afinfo;
184 }
185
186 static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
187         __releases(xfrm_state_afinfo_lock)
188 {
189         write_unlock_bh(&xfrm_state_afinfo_lock);
190 }
191
192 int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
193 {
194         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
195         const struct xfrm_type **typemap;
196         int err = 0;
197
198         if (unlikely(afinfo == NULL))
199                 return -EAFNOSUPPORT;
200         typemap = afinfo->type_map;
201
202         if (likely(typemap[type->proto] == NULL))
203                 typemap[type->proto] = type;
204         else
205                 err = -EEXIST;
206         xfrm_state_unlock_afinfo(afinfo);
207         return err;
208 }
209 EXPORT_SYMBOL(xfrm_register_type);
210
211 int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
212 {
213         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
214         const struct xfrm_type **typemap;
215         int err = 0;
216
217         if (unlikely(afinfo == NULL))
218                 return -EAFNOSUPPORT;
219         typemap = afinfo->type_map;
220
221         if (unlikely(typemap[type->proto] != type))
222                 err = -ENOENT;
223         else
224                 typemap[type->proto] = NULL;
225         xfrm_state_unlock_afinfo(afinfo);
226         return err;
227 }
228 EXPORT_SYMBOL(xfrm_unregister_type);
229
230 static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
231 {
232         struct xfrm_state_afinfo *afinfo;
233         const struct xfrm_type **typemap;
234         const struct xfrm_type *type;
235         int modload_attempted = 0;
236
237 retry:
238         afinfo = xfrm_state_get_afinfo(family);
239         if (unlikely(afinfo == NULL))
240                 return NULL;
241         typemap = afinfo->type_map;
242
243         type = typemap[proto];
244         if (unlikely(type && !try_module_get(type->owner)))
245                 type = NULL;
246         if (!type && !modload_attempted) {
247                 xfrm_state_put_afinfo(afinfo);
248                 request_module("xfrm-type-%d-%d", family, proto);
249                 modload_attempted = 1;
250                 goto retry;
251         }
252
253         xfrm_state_put_afinfo(afinfo);
254         return type;
255 }
256
257 static void xfrm_put_type(const struct xfrm_type *type)
258 {
259         module_put(type->owner);
260 }
261
262 int xfrm_register_mode(struct xfrm_mode *mode, int family)
263 {
264         struct xfrm_state_afinfo *afinfo;
265         struct xfrm_mode **modemap;
266         int err;
267
268         if (unlikely(mode->encap >= XFRM_MODE_MAX))
269                 return -EINVAL;
270
271         afinfo = xfrm_state_lock_afinfo(family);
272         if (unlikely(afinfo == NULL))
273                 return -EAFNOSUPPORT;
274
275         err = -EEXIST;
276         modemap = afinfo->mode_map;
277         if (modemap[mode->encap])
278                 goto out;
279
280         err = -ENOENT;
281         if (!try_module_get(afinfo->owner))
282                 goto out;
283
284         mode->afinfo = afinfo;
285         modemap[mode->encap] = mode;
286         err = 0;
287
288 out:
289         xfrm_state_unlock_afinfo(afinfo);
290         return err;
291 }
292 EXPORT_SYMBOL(xfrm_register_mode);
293
294 int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
295 {
296         struct xfrm_state_afinfo *afinfo;
297         struct xfrm_mode **modemap;
298         int err;
299
300         if (unlikely(mode->encap >= XFRM_MODE_MAX))
301                 return -EINVAL;
302
303         afinfo = xfrm_state_lock_afinfo(family);
304         if (unlikely(afinfo == NULL))
305                 return -EAFNOSUPPORT;
306
307         err = -ENOENT;
308         modemap = afinfo->mode_map;
309         if (likely(modemap[mode->encap] == mode)) {
310                 modemap[mode->encap] = NULL;
311                 module_put(mode->afinfo->owner);
312                 err = 0;
313         }
314
315         xfrm_state_unlock_afinfo(afinfo);
316         return err;
317 }
318 EXPORT_SYMBOL(xfrm_unregister_mode);
319
320 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
321 {
322         struct xfrm_state_afinfo *afinfo;
323         struct xfrm_mode *mode;
324         int modload_attempted = 0;
325
326         if (unlikely(encap >= XFRM_MODE_MAX))
327                 return NULL;
328
329 retry:
330         afinfo = xfrm_state_get_afinfo(family);
331         if (unlikely(afinfo == NULL))
332                 return NULL;
333
334         mode = afinfo->mode_map[encap];
335         if (unlikely(mode && !try_module_get(mode->owner)))
336                 mode = NULL;
337         if (!mode && !modload_attempted) {
338                 xfrm_state_put_afinfo(afinfo);
339                 request_module("xfrm-mode-%d-%d", family, encap);
340                 modload_attempted = 1;
341                 goto retry;
342         }
343
344         xfrm_state_put_afinfo(afinfo);
345         return mode;
346 }
347
348 static void xfrm_put_mode(struct xfrm_mode *mode)
349 {
350         module_put(mode->owner);
351 }
352
353 static void xfrm_state_gc_destroy(struct xfrm_state *x)
354 {
355         del_timer_sync(&x->timer);
356         del_timer_sync(&x->rtimer);
357         kfree(x->aalg);
358         kfree(x->ealg);
359         kfree(x->calg);
360         kfree(x->encap);
361         kfree(x->coaddr);
362         if (x->inner_mode)
363                 xfrm_put_mode(x->inner_mode);
364         if (x->inner_mode_iaf)
365                 xfrm_put_mode(x->inner_mode_iaf);
366         if (x->outer_mode)
367                 xfrm_put_mode(x->outer_mode);
368         if (x->type) {
369                 x->type->destructor(x);
370                 xfrm_put_type(x->type);
371         }
372         security_xfrm_state_free(x);
373         kfree(x);
374 }
375
376 static void xfrm_state_gc_task(struct work_struct *work)
377 {
378         struct net *net = container_of(work, struct net, xfrm.state_gc_work);
379         struct xfrm_state *x;
380         struct hlist_node *entry, *tmp;
381         struct hlist_head gc_list;
382
383         spin_lock_bh(&xfrm_state_gc_lock);
384         hlist_move_list(&net->xfrm.state_gc_list, &gc_list);
385         spin_unlock_bh(&xfrm_state_gc_lock);
386
387         hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
388                 xfrm_state_gc_destroy(x);
389
390         wake_up(&net->xfrm.km_waitq);
391 }
392
393 static inline unsigned long make_jiffies(long secs)
394 {
395         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
396                 return MAX_SCHEDULE_TIMEOUT-1;
397         else
398                 return secs*HZ;
399 }
400
401 static void xfrm_timer_handler(unsigned long data)
402 {
403         struct xfrm_state *x = (struct xfrm_state*)data;
404         struct net *net = xs_net(x);
405         unsigned long now = get_seconds();
406         long next = LONG_MAX;
407         int warn = 0;
408         int err = 0;
409
410         spin_lock(&x->lock);
411         if (x->km.state == XFRM_STATE_DEAD)
412                 goto out;
413         if (x->km.state == XFRM_STATE_EXPIRED)
414                 goto expired;
415         if (x->lft.hard_add_expires_seconds) {
416                 long tmo = x->lft.hard_add_expires_seconds +
417                         x->curlft.add_time - now;
418                 if (tmo <= 0)
419                         goto expired;
420                 if (tmo < next)
421                         next = tmo;
422         }
423         if (x->lft.hard_use_expires_seconds) {
424                 long tmo = x->lft.hard_use_expires_seconds +
425                         (x->curlft.use_time ? : now) - now;
426                 if (tmo <= 0)
427                         goto expired;
428                 if (tmo < next)
429                         next = tmo;
430         }
431         if (x->km.dying)
432                 goto resched;
433         if (x->lft.soft_add_expires_seconds) {
434                 long tmo = x->lft.soft_add_expires_seconds +
435                         x->curlft.add_time - now;
436                 if (tmo <= 0)
437                         warn = 1;
438                 else if (tmo < next)
439                         next = tmo;
440         }
441         if (x->lft.soft_use_expires_seconds) {
442                 long tmo = x->lft.soft_use_expires_seconds +
443                         (x->curlft.use_time ? : now) - now;
444                 if (tmo <= 0)
445                         warn = 1;
446                 else if (tmo < next)
447                         next = tmo;
448         }
449
450         x->km.dying = warn;
451         if (warn)
452                 km_state_expired(x, 0, 0);
453 resched:
454         if (next != LONG_MAX)
455                 mod_timer(&x->timer, jiffies + make_jiffies(next));
456
457         goto out;
458
459 expired:
460         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
461                 x->km.state = XFRM_STATE_EXPIRED;
462                 wake_up(&net->xfrm.km_waitq);
463                 next = 2;
464                 goto resched;
465         }
466
467         err = __xfrm_state_delete(x);
468         if (!err && x->id.spi)
469                 km_state_expired(x, 1, 0);
470
471         xfrm_audit_state_delete(x, err ? 0 : 1,
472                                 audit_get_loginuid(current),
473                                 audit_get_sessionid(current), 0);
474
475 out:
476         spin_unlock(&x->lock);
477 }
478
479 static void xfrm_replay_timer_handler(unsigned long data);
480
481 struct xfrm_state *xfrm_state_alloc(struct net *net)
482 {
483         struct xfrm_state *x;
484
485         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
486
487         if (x) {
488                 write_pnet(&x->xs_net, net);
489                 atomic_set(&x->refcnt, 1);
490                 atomic_set(&x->tunnel_users, 0);
491                 INIT_LIST_HEAD(&x->km.all);
492                 INIT_HLIST_NODE(&x->bydst);
493                 INIT_HLIST_NODE(&x->bysrc);
494                 INIT_HLIST_NODE(&x->byspi);
495                 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
496                 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
497                                 (unsigned long)x);
498                 x->curlft.add_time = get_seconds();
499                 x->lft.soft_byte_limit = XFRM_INF;
500                 x->lft.soft_packet_limit = XFRM_INF;
501                 x->lft.hard_byte_limit = XFRM_INF;
502                 x->lft.hard_packet_limit = XFRM_INF;
503                 x->replay_maxage = 0;
504                 x->replay_maxdiff = 0;
505                 x->inner_mode = NULL;
506                 x->inner_mode_iaf = NULL;
507                 spin_lock_init(&x->lock);
508         }
509         return x;
510 }
511 EXPORT_SYMBOL(xfrm_state_alloc);
512
513 void __xfrm_state_destroy(struct xfrm_state *x)
514 {
515         struct net *net = xs_net(x);
516
517         WARN_ON(x->km.state != XFRM_STATE_DEAD);
518
519         spin_lock_bh(&xfrm_state_gc_lock);
520         hlist_add_head(&x->gclist, &net->xfrm.state_gc_list);
521         spin_unlock_bh(&xfrm_state_gc_lock);
522         schedule_work(&net->xfrm.state_gc_work);
523 }
524 EXPORT_SYMBOL(__xfrm_state_destroy);
525
526 int __xfrm_state_delete(struct xfrm_state *x)
527 {
528         struct net *net = xs_net(x);
529         int err = -ESRCH;
530
531         if (x->km.state != XFRM_STATE_DEAD) {
532                 x->km.state = XFRM_STATE_DEAD;
533                 spin_lock(&xfrm_state_lock);
534                 list_del(&x->km.all);
535                 hlist_del(&x->bydst);
536                 hlist_del(&x->bysrc);
537                 if (x->id.spi)
538                         hlist_del(&x->byspi);
539                 net->xfrm.state_num--;
540                 spin_unlock(&xfrm_state_lock);
541
542                 /* All xfrm_state objects are created by xfrm_state_alloc.
543                  * The xfrm_state_alloc call gives a reference, and that
544                  * is what we are dropping here.
545                  */
546                 xfrm_state_put(x);
547                 err = 0;
548         }
549
550         return err;
551 }
552 EXPORT_SYMBOL(__xfrm_state_delete);
553
554 int xfrm_state_delete(struct xfrm_state *x)
555 {
556         int err;
557
558         spin_lock_bh(&x->lock);
559         err = __xfrm_state_delete(x);
560         spin_unlock_bh(&x->lock);
561
562         return err;
563 }
564 EXPORT_SYMBOL(xfrm_state_delete);
565
566 #ifdef CONFIG_SECURITY_NETWORK_XFRM
567 static inline int
568 xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info)
569 {
570         int i, err = 0;
571
572         for (i = 0; i <= net->xfrm.state_hmask; i++) {
573                 struct hlist_node *entry;
574                 struct xfrm_state *x;
575
576                 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) {
577                         if (xfrm_id_proto_match(x->id.proto, proto) &&
578                            (err = security_xfrm_state_delete(x)) != 0) {
579                                 xfrm_audit_state_delete(x, 0,
580                                                         audit_info->loginuid,
581                                                         audit_info->sessionid,
582                                                         audit_info->secid);
583                                 return err;
584                         }
585                 }
586         }
587
588         return err;
589 }
590 #else
591 static inline int
592 xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info)
593 {
594         return 0;
595 }
596 #endif
597
598 int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info)
599 {
600         int i, err = 0;
601
602         spin_lock_bh(&xfrm_state_lock);
603         err = xfrm_state_flush_secctx_check(net, proto, audit_info);
604         if (err)
605                 goto out;
606
607         for (i = 0; i <= net->xfrm.state_hmask; i++) {
608                 struct hlist_node *entry;
609                 struct xfrm_state *x;
610 restart:
611                 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) {
612                         if (!xfrm_state_kern(x) &&
613                             xfrm_id_proto_match(x->id.proto, proto)) {
614                                 xfrm_state_hold(x);
615                                 spin_unlock_bh(&xfrm_state_lock);
616
617                                 err = xfrm_state_delete(x);
618                                 xfrm_audit_state_delete(x, err ? 0 : 1,
619                                                         audit_info->loginuid,
620                                                         audit_info->sessionid,
621                                                         audit_info->secid);
622                                 xfrm_state_put(x);
623
624                                 spin_lock_bh(&xfrm_state_lock);
625                                 goto restart;
626                         }
627                 }
628         }
629         err = 0;
630
631 out:
632         spin_unlock_bh(&xfrm_state_lock);
633         wake_up(&net->xfrm.km_waitq);
634         return err;
635 }
636 EXPORT_SYMBOL(xfrm_state_flush);
637
638 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
639 {
640         spin_lock_bh(&xfrm_state_lock);
641         si->sadcnt = init_net.xfrm.state_num;
642         si->sadhcnt = init_net.xfrm.state_hmask;
643         si->sadhmcnt = xfrm_state_hashmax;
644         spin_unlock_bh(&xfrm_state_lock);
645 }
646 EXPORT_SYMBOL(xfrm_sad_getinfo);
647
648 static int
649 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
650                   struct xfrm_tmpl *tmpl,
651                   xfrm_address_t *daddr, xfrm_address_t *saddr,
652                   unsigned short family)
653 {
654         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
655         if (!afinfo)
656                 return -1;
657         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
658         xfrm_state_put_afinfo(afinfo);
659         return 0;
660 }
661
662 static struct xfrm_state *__xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
663 {
664         unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family);
665         struct xfrm_state *x;
666         struct hlist_node *entry;
667
668         hlist_for_each_entry(x, entry, net->xfrm.state_byspi+h, byspi) {
669                 if (x->props.family != family ||
670                     x->id.spi       != spi ||
671                     x->id.proto     != proto)
672                         continue;
673
674                 switch (family) {
675                 case AF_INET:
676                         if (x->id.daddr.a4 != daddr->a4)
677                                 continue;
678                         break;
679                 case AF_INET6:
680                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
681                                              (struct in6_addr *)
682                                              x->id.daddr.a6))
683                                 continue;
684                         break;
685                 }
686
687                 xfrm_state_hold(x);
688                 return x;
689         }
690
691         return NULL;
692 }
693
694 static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
695 {
696         unsigned int h = xfrm_src_hash(net, daddr, saddr, family);
697         struct xfrm_state *x;
698         struct hlist_node *entry;
699
700         hlist_for_each_entry(x, entry, net->xfrm.state_bysrc+h, bysrc) {
701                 if (x->props.family != family ||
702                     x->id.proto     != proto)
703                         continue;
704
705                 switch (family) {
706                 case AF_INET:
707                         if (x->id.daddr.a4 != daddr->a4 ||
708                             x->props.saddr.a4 != saddr->a4)
709                                 continue;
710                         break;
711                 case AF_INET6:
712                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
713                                              (struct in6_addr *)
714                                              x->id.daddr.a6) ||
715                             !ipv6_addr_equal((struct in6_addr *)saddr,
716                                              (struct in6_addr *)
717                                              x->props.saddr.a6))
718                                 continue;
719                         break;
720                 }
721
722                 xfrm_state_hold(x);
723                 return x;
724         }
725
726         return NULL;
727 }
728
729 static inline struct xfrm_state *
730 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
731 {
732         struct net *net = xs_net(x);
733
734         if (use_spi)
735                 return __xfrm_state_lookup(net, &x->id.daddr, x->id.spi,
736                                            x->id.proto, family);
737         else
738                 return __xfrm_state_lookup_byaddr(net, &x->id.daddr,
739                                                   &x->props.saddr,
740                                                   x->id.proto, family);
741 }
742
743 static void xfrm_hash_grow_check(struct net *net, int have_hash_collision)
744 {
745         if (have_hash_collision &&
746             (net->xfrm.state_hmask + 1) < xfrm_state_hashmax &&
747             net->xfrm.state_num > net->xfrm.state_hmask)
748                 schedule_work(&net->xfrm.state_hash_work);
749 }
750
751 struct xfrm_state *
752 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
753                 struct flowi *fl, struct xfrm_tmpl *tmpl,
754                 struct xfrm_policy *pol, int *err,
755                 unsigned short family)
756 {
757         struct net *net = xp_net(pol);
758         unsigned int h;
759         struct hlist_node *entry;
760         struct xfrm_state *x, *x0, *to_put;
761         int acquire_in_progress = 0;
762         int error = 0;
763         struct xfrm_state *best = NULL;
764
765         to_put = NULL;
766
767         spin_lock_bh(&xfrm_state_lock);
768         h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, family);
769         hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
770                 if (x->props.family == family &&
771                     x->props.reqid == tmpl->reqid &&
772                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
773                     xfrm_state_addr_check(x, daddr, saddr, family) &&
774                     tmpl->mode == x->props.mode &&
775                     tmpl->id.proto == x->id.proto &&
776                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
777                         /* Resolution logic:
778                            1. There is a valid state with matching selector.
779                               Done.
780                            2. Valid state with inappropriate selector. Skip.
781
782                            Entering area of "sysdeps".
783
784                            3. If state is not valid, selector is temporary,
785                               it selects only session which triggered
786                               previous resolution. Key manager will do
787                               something to install a state with proper
788                               selector.
789                          */
790                         if (x->km.state == XFRM_STATE_VALID) {
791                                 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
792                                     !security_xfrm_state_pol_flow_match(x, pol, fl))
793                                         continue;
794                                 if (!best ||
795                                     best->km.dying > x->km.dying ||
796                                     (best->km.dying == x->km.dying &&
797                                      best->curlft.add_time < x->curlft.add_time))
798                                         best = x;
799                         } else if (x->km.state == XFRM_STATE_ACQ) {
800                                 acquire_in_progress = 1;
801                         } else if (x->km.state == XFRM_STATE_ERROR ||
802                                    x->km.state == XFRM_STATE_EXPIRED) {
803                                 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
804                                     security_xfrm_state_pol_flow_match(x, pol, fl))
805                                         error = -ESRCH;
806                         }
807                 }
808         }
809
810         x = best;
811         if (!x && !error && !acquire_in_progress) {
812                 if (tmpl->id.spi &&
813                     (x0 = __xfrm_state_lookup(net, daddr, tmpl->id.spi,
814                                               tmpl->id.proto, family)) != NULL) {
815                         to_put = x0;
816                         error = -EEXIST;
817                         goto out;
818                 }
819                 x = xfrm_state_alloc(net);
820                 if (x == NULL) {
821                         error = -ENOMEM;
822                         goto out;
823                 }
824                 /* Initialize temporary selector matching only
825                  * to current session. */
826                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
827
828                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
829                 if (error) {
830                         x->km.state = XFRM_STATE_DEAD;
831                         to_put = x;
832                         x = NULL;
833                         goto out;
834                 }
835
836                 if (km_query(x, tmpl, pol) == 0) {
837                         x->km.state = XFRM_STATE_ACQ;
838                         list_add(&x->km.all, &net->xfrm.state_all);
839                         hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
840                         h = xfrm_src_hash(net, daddr, saddr, family);
841                         hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
842                         if (x->id.spi) {
843                                 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, family);
844                                 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
845                         }
846                         x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
847                         x->timer.expires = jiffies + net->xfrm.sysctl_acq_expires*HZ;
848                         add_timer(&x->timer);
849                         net->xfrm.state_num++;
850                         xfrm_hash_grow_check(net, x->bydst.next != NULL);
851                 } else {
852                         x->km.state = XFRM_STATE_DEAD;
853                         to_put = x;
854                         x = NULL;
855                         error = -ESRCH;
856                 }
857         }
858 out:
859         if (x)
860                 xfrm_state_hold(x);
861         else
862                 *err = acquire_in_progress ? -EAGAIN : error;
863         spin_unlock_bh(&xfrm_state_lock);
864         if (to_put)
865                 xfrm_state_put(to_put);
866         return x;
867 }
868
869 struct xfrm_state *
870 xfrm_stateonly_find(struct net *net,
871                     xfrm_address_t *daddr, xfrm_address_t *saddr,
872                     unsigned short family, u8 mode, u8 proto, u32 reqid)
873 {
874         unsigned int h;
875         struct xfrm_state *rx = NULL, *x = NULL;
876         struct hlist_node *entry;
877
878         spin_lock(&xfrm_state_lock);
879         h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
880         hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
881                 if (x->props.family == family &&
882                     x->props.reqid == reqid &&
883                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
884                     xfrm_state_addr_check(x, daddr, saddr, family) &&
885                     mode == x->props.mode &&
886                     proto == x->id.proto &&
887                     x->km.state == XFRM_STATE_VALID) {
888                         rx = x;
889                         break;
890                 }
891         }
892
893         if (rx)
894                 xfrm_state_hold(rx);
895         spin_unlock(&xfrm_state_lock);
896
897
898         return rx;
899 }
900 EXPORT_SYMBOL(xfrm_stateonly_find);
901
902 static void __xfrm_state_insert(struct xfrm_state *x)
903 {
904         struct net *net = xs_net(x);
905         unsigned int h;
906
907         x->genid = ++xfrm_state_genid;
908
909         list_add(&x->km.all, &net->xfrm.state_all);
910
911         h = xfrm_dst_hash(net, &x->id.daddr, &x->props.saddr,
912                           x->props.reqid, x->props.family);
913         hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
914
915         h = xfrm_src_hash(net, &x->id.daddr, &x->props.saddr, x->props.family);
916         hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
917
918         if (x->id.spi) {
919                 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto,
920                                   x->props.family);
921
922                 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
923         }
924
925         mod_timer(&x->timer, jiffies + HZ);
926         if (x->replay_maxage)
927                 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
928
929         wake_up(&net->xfrm.km_waitq);
930
931         net->xfrm.state_num++;
932
933         xfrm_hash_grow_check(net, x->bydst.next != NULL);
934 }
935
936 /* xfrm_state_lock is held */
937 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
938 {
939         struct net *net = xs_net(xnew);
940         unsigned short family = xnew->props.family;
941         u32 reqid = xnew->props.reqid;
942         struct xfrm_state *x;
943         struct hlist_node *entry;
944         unsigned int h;
945
946         h = xfrm_dst_hash(net, &xnew->id.daddr, &xnew->props.saddr, reqid, family);
947         hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
948                 if (x->props.family     == family &&
949                     x->props.reqid      == reqid &&
950                     !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
951                     !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
952                         x->genid = xfrm_state_genid;
953         }
954 }
955
956 void xfrm_state_insert(struct xfrm_state *x)
957 {
958         spin_lock_bh(&xfrm_state_lock);
959         __xfrm_state_bump_genids(x);
960         __xfrm_state_insert(x);
961         spin_unlock_bh(&xfrm_state_lock);
962 }
963 EXPORT_SYMBOL(xfrm_state_insert);
964
965 /* xfrm_state_lock is held */
966 static struct xfrm_state *__find_acq_core(struct net *net, unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
967 {
968         unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
969         struct hlist_node *entry;
970         struct xfrm_state *x;
971
972         hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
973                 if (x->props.reqid  != reqid ||
974                     x->props.mode   != mode ||
975                     x->props.family != family ||
976                     x->km.state     != XFRM_STATE_ACQ ||
977                     x->id.spi       != 0 ||
978                     x->id.proto     != proto)
979                         continue;
980
981                 switch (family) {
982                 case AF_INET:
983                         if (x->id.daddr.a4    != daddr->a4 ||
984                             x->props.saddr.a4 != saddr->a4)
985                                 continue;
986                         break;
987                 case AF_INET6:
988                         if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
989                                              (struct in6_addr *)daddr) ||
990                             !ipv6_addr_equal((struct in6_addr *)
991                                              x->props.saddr.a6,
992                                              (struct in6_addr *)saddr))
993                                 continue;
994                         break;
995                 }
996
997                 xfrm_state_hold(x);
998                 return x;
999         }
1000
1001         if (!create)
1002                 return NULL;
1003
1004         x = xfrm_state_alloc(net);
1005         if (likely(x)) {
1006                 switch (family) {
1007                 case AF_INET:
1008                         x->sel.daddr.a4 = daddr->a4;
1009                         x->sel.saddr.a4 = saddr->a4;
1010                         x->sel.prefixlen_d = 32;
1011                         x->sel.prefixlen_s = 32;
1012                         x->props.saddr.a4 = saddr->a4;
1013                         x->id.daddr.a4 = daddr->a4;
1014                         break;
1015
1016                 case AF_INET6:
1017                         ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1018                                        (struct in6_addr *)daddr);
1019                         ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1020                                        (struct in6_addr *)saddr);
1021                         x->sel.prefixlen_d = 128;
1022                         x->sel.prefixlen_s = 128;
1023                         ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1024                                        (struct in6_addr *)saddr);
1025                         ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1026                                        (struct in6_addr *)daddr);
1027                         break;
1028                 }
1029
1030                 x->km.state = XFRM_STATE_ACQ;
1031                 x->id.proto = proto;
1032                 x->props.family = family;
1033                 x->props.mode = mode;
1034                 x->props.reqid = reqid;
1035                 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
1036                 xfrm_state_hold(x);
1037                 x->timer.expires = jiffies + net->xfrm.sysctl_acq_expires*HZ;
1038                 add_timer(&x->timer);
1039                 list_add(&x->km.all, &net->xfrm.state_all);
1040                 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
1041                 h = xfrm_src_hash(net, daddr, saddr, family);
1042                 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
1043
1044                 net->xfrm.state_num++;
1045
1046                 xfrm_hash_grow_check(net, x->bydst.next != NULL);
1047         }
1048
1049         return x;
1050 }
1051
1052 static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 seq);
1053
1054 int xfrm_state_add(struct xfrm_state *x)
1055 {
1056         struct net *net = xs_net(x);
1057         struct xfrm_state *x1, *to_put;
1058         int family;
1059         int err;
1060         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1061
1062         family = x->props.family;
1063
1064         to_put = NULL;
1065
1066         spin_lock_bh(&xfrm_state_lock);
1067
1068         x1 = __xfrm_state_locate(x, use_spi, family);
1069         if (x1) {
1070                 to_put = x1;
1071                 x1 = NULL;
1072                 err = -EEXIST;
1073                 goto out;
1074         }
1075
1076         if (use_spi && x->km.seq) {
1077                 x1 = __xfrm_find_acq_byseq(net, x->km.seq);
1078                 if (x1 && ((x1->id.proto != x->id.proto) ||
1079                     xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1080                         to_put = x1;
1081                         x1 = NULL;
1082                 }
1083         }
1084
1085         if (use_spi && !x1)
1086                 x1 = __find_acq_core(net, family, x->props.mode, x->props.reqid,
1087                                      x->id.proto,
1088                                      &x->id.daddr, &x->props.saddr, 0);
1089
1090         __xfrm_state_bump_genids(x);
1091         __xfrm_state_insert(x);
1092         err = 0;
1093
1094 out:
1095         spin_unlock_bh(&xfrm_state_lock);
1096
1097         if (x1) {
1098                 xfrm_state_delete(x1);
1099                 xfrm_state_put(x1);
1100         }
1101
1102         if (to_put)
1103                 xfrm_state_put(to_put);
1104
1105         return err;
1106 }
1107 EXPORT_SYMBOL(xfrm_state_add);
1108
1109 #ifdef CONFIG_XFRM_MIGRATE
1110 static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1111 {
1112         struct net *net = xs_net(orig);
1113         int err = -ENOMEM;
1114         struct xfrm_state *x = xfrm_state_alloc(net);
1115         if (!x)
1116                 goto error;
1117
1118         memcpy(&x->id, &orig->id, sizeof(x->id));
1119         memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1120         memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1121         x->props.mode = orig->props.mode;
1122         x->props.replay_window = orig->props.replay_window;
1123         x->props.reqid = orig->props.reqid;
1124         x->props.family = orig->props.family;
1125         x->props.saddr = orig->props.saddr;
1126
1127         if (orig->aalg) {
1128                 x->aalg = xfrm_algo_clone(orig->aalg);
1129                 if (!x->aalg)
1130                         goto error;
1131         }
1132         x->props.aalgo = orig->props.aalgo;
1133
1134         if (orig->ealg) {
1135                 x->ealg = xfrm_algo_clone(orig->ealg);
1136                 if (!x->ealg)
1137                         goto error;
1138         }
1139         x->props.ealgo = orig->props.ealgo;
1140
1141         if (orig->calg) {
1142                 x->calg = xfrm_algo_clone(orig->calg);
1143                 if (!x->calg)
1144                         goto error;
1145         }
1146         x->props.calgo = orig->props.calgo;
1147
1148         if (orig->encap) {
1149                 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1150                 if (!x->encap)
1151                         goto error;
1152         }
1153
1154         if (orig->coaddr) {
1155                 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1156                                     GFP_KERNEL);
1157                 if (!x->coaddr)
1158                         goto error;
1159         }
1160
1161         err = xfrm_init_state(x);
1162         if (err)
1163                 goto error;
1164
1165         x->props.flags = orig->props.flags;
1166
1167         x->curlft.add_time = orig->curlft.add_time;
1168         x->km.state = orig->km.state;
1169         x->km.seq = orig->km.seq;
1170
1171         return x;
1172
1173  error:
1174         if (errp)
1175                 *errp = err;
1176         if (x) {
1177                 kfree(x->aalg);
1178                 kfree(x->ealg);
1179                 kfree(x->calg);
1180                 kfree(x->encap);
1181                 kfree(x->coaddr);
1182         }
1183         kfree(x);
1184         return NULL;
1185 }
1186
1187 /* xfrm_state_lock is held */
1188 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1189 {
1190         unsigned int h;
1191         struct xfrm_state *x;
1192         struct hlist_node *entry;
1193
1194         if (m->reqid) {
1195                 h = xfrm_dst_hash(&init_net, &m->old_daddr, &m->old_saddr,
1196                                   m->reqid, m->old_family);
1197                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
1198                         if (x->props.mode != m->mode ||
1199                             x->id.proto != m->proto)
1200                                 continue;
1201                         if (m->reqid && x->props.reqid != m->reqid)
1202                                 continue;
1203                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1204                                           m->old_family) ||
1205                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1206                                           m->old_family))
1207                                 continue;
1208                         xfrm_state_hold(x);
1209                         return x;
1210                 }
1211         } else {
1212                 h = xfrm_src_hash(&init_net, &m->old_daddr, &m->old_saddr,
1213                                   m->old_family);
1214                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
1215                         if (x->props.mode != m->mode ||
1216                             x->id.proto != m->proto)
1217                                 continue;
1218                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1219                                           m->old_family) ||
1220                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1221                                           m->old_family))
1222                                 continue;
1223                         xfrm_state_hold(x);
1224                         return x;
1225                 }
1226         }
1227
1228         return NULL;
1229 }
1230 EXPORT_SYMBOL(xfrm_migrate_state_find);
1231
1232 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1233                                        struct xfrm_migrate *m)
1234 {
1235         struct xfrm_state *xc;
1236         int err;
1237
1238         xc = xfrm_state_clone(x, &err);
1239         if (!xc)
1240                 return NULL;
1241
1242         memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1243         memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1244
1245         /* add state */
1246         if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1247                 /* a care is needed when the destination address of the
1248                    state is to be updated as it is a part of triplet */
1249                 xfrm_state_insert(xc);
1250         } else {
1251                 if ((err = xfrm_state_add(xc)) < 0)
1252                         goto error;
1253         }
1254
1255         return xc;
1256 error:
1257         kfree(xc);
1258         return NULL;
1259 }
1260 EXPORT_SYMBOL(xfrm_state_migrate);
1261 #endif
1262
1263 int xfrm_state_update(struct xfrm_state *x)
1264 {
1265         struct xfrm_state *x1, *to_put;
1266         int err;
1267         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1268
1269         to_put = NULL;
1270
1271         spin_lock_bh(&xfrm_state_lock);
1272         x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1273
1274         err = -ESRCH;
1275         if (!x1)
1276                 goto out;
1277
1278         if (xfrm_state_kern(x1)) {
1279                 to_put = x1;
1280                 err = -EEXIST;
1281                 goto out;
1282         }
1283
1284         if (x1->km.state == XFRM_STATE_ACQ) {
1285                 __xfrm_state_insert(x);
1286                 x = NULL;
1287         }
1288         err = 0;
1289
1290 out:
1291         spin_unlock_bh(&xfrm_state_lock);
1292
1293         if (to_put)
1294                 xfrm_state_put(to_put);
1295
1296         if (err)
1297                 return err;
1298
1299         if (!x) {
1300                 xfrm_state_delete(x1);
1301                 xfrm_state_put(x1);
1302                 return 0;
1303         }
1304
1305         err = -EINVAL;
1306         spin_lock_bh(&x1->lock);
1307         if (likely(x1->km.state == XFRM_STATE_VALID)) {
1308                 if (x->encap && x1->encap)
1309                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1310                 if (x->coaddr && x1->coaddr) {
1311                         memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1312                 }
1313                 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1314                         memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1315                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1316                 x1->km.dying = 0;
1317
1318                 mod_timer(&x1->timer, jiffies + HZ);
1319                 if (x1->curlft.use_time)
1320                         xfrm_state_check_expire(x1);
1321
1322                 err = 0;
1323         }
1324         spin_unlock_bh(&x1->lock);
1325
1326         xfrm_state_put(x1);
1327
1328         return err;
1329 }
1330 EXPORT_SYMBOL(xfrm_state_update);
1331
1332 int xfrm_state_check_expire(struct xfrm_state *x)
1333 {
1334         if (!x->curlft.use_time)
1335                 x->curlft.use_time = get_seconds();
1336
1337         if (x->km.state != XFRM_STATE_VALID)
1338                 return -EINVAL;
1339
1340         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1341             x->curlft.packets >= x->lft.hard_packet_limit) {
1342                 x->km.state = XFRM_STATE_EXPIRED;
1343                 mod_timer(&x->timer, jiffies);
1344                 return -EINVAL;
1345         }
1346
1347         if (!x->km.dying &&
1348             (x->curlft.bytes >= x->lft.soft_byte_limit ||
1349              x->curlft.packets >= x->lft.soft_packet_limit)) {
1350                 x->km.dying = 1;
1351                 km_state_expired(x, 0, 0);
1352         }
1353         return 0;
1354 }
1355 EXPORT_SYMBOL(xfrm_state_check_expire);
1356
1357 struct xfrm_state *
1358 xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto,
1359                   unsigned short family)
1360 {
1361         struct xfrm_state *x;
1362
1363         spin_lock_bh(&xfrm_state_lock);
1364         x = __xfrm_state_lookup(net, daddr, spi, proto, family);
1365         spin_unlock_bh(&xfrm_state_lock);
1366         return x;
1367 }
1368 EXPORT_SYMBOL(xfrm_state_lookup);
1369
1370 struct xfrm_state *
1371 xfrm_state_lookup_byaddr(struct net *net,
1372                          xfrm_address_t *daddr, xfrm_address_t *saddr,
1373                          u8 proto, unsigned short family)
1374 {
1375         struct xfrm_state *x;
1376
1377         spin_lock_bh(&xfrm_state_lock);
1378         x = __xfrm_state_lookup_byaddr(net, daddr, saddr, proto, family);
1379         spin_unlock_bh(&xfrm_state_lock);
1380         return x;
1381 }
1382 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1383
1384 struct xfrm_state *
1385 xfrm_find_acq(struct net *net, u8 mode, u32 reqid, u8 proto,
1386               xfrm_address_t *daddr, xfrm_address_t *saddr,
1387               int create, unsigned short family)
1388 {
1389         struct xfrm_state *x;
1390
1391         spin_lock_bh(&xfrm_state_lock);
1392         x = __find_acq_core(net, family, mode, reqid, proto, daddr, saddr, create);
1393         spin_unlock_bh(&xfrm_state_lock);
1394
1395         return x;
1396 }
1397 EXPORT_SYMBOL(xfrm_find_acq);
1398
1399 #ifdef CONFIG_XFRM_SUB_POLICY
1400 int
1401 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1402                unsigned short family)
1403 {
1404         int err = 0;
1405         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1406         if (!afinfo)
1407                 return -EAFNOSUPPORT;
1408
1409         spin_lock_bh(&xfrm_state_lock);
1410         if (afinfo->tmpl_sort)
1411                 err = afinfo->tmpl_sort(dst, src, n);
1412         spin_unlock_bh(&xfrm_state_lock);
1413         xfrm_state_put_afinfo(afinfo);
1414         return err;
1415 }
1416 EXPORT_SYMBOL(xfrm_tmpl_sort);
1417
1418 int
1419 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1420                 unsigned short family)
1421 {
1422         int err = 0;
1423         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1424         if (!afinfo)
1425                 return -EAFNOSUPPORT;
1426
1427         spin_lock_bh(&xfrm_state_lock);
1428         if (afinfo->state_sort)
1429                 err = afinfo->state_sort(dst, src, n);
1430         spin_unlock_bh(&xfrm_state_lock);
1431         xfrm_state_put_afinfo(afinfo);
1432         return err;
1433 }
1434 EXPORT_SYMBOL(xfrm_state_sort);
1435 #endif
1436
1437 /* Silly enough, but I'm lazy to build resolution list */
1438
1439 static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 seq)
1440 {
1441         int i;
1442
1443         for (i = 0; i <= net->xfrm.state_hmask; i++) {
1444                 struct hlist_node *entry;
1445                 struct xfrm_state *x;
1446
1447                 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) {
1448                         if (x->km.seq == seq &&
1449                             x->km.state == XFRM_STATE_ACQ) {
1450                                 xfrm_state_hold(x);
1451                                 return x;
1452                         }
1453                 }
1454         }
1455         return NULL;
1456 }
1457
1458 struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 seq)
1459 {
1460         struct xfrm_state *x;
1461
1462         spin_lock_bh(&xfrm_state_lock);
1463         x = __xfrm_find_acq_byseq(net, seq);
1464         spin_unlock_bh(&xfrm_state_lock);
1465         return x;
1466 }
1467 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1468
1469 u32 xfrm_get_acqseq(void)
1470 {
1471         u32 res;
1472         static u32 acqseq;
1473         static DEFINE_SPINLOCK(acqseq_lock);
1474
1475         spin_lock_bh(&acqseq_lock);
1476         res = (++acqseq ? : ++acqseq);
1477         spin_unlock_bh(&acqseq_lock);
1478         return res;
1479 }
1480 EXPORT_SYMBOL(xfrm_get_acqseq);
1481
1482 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1483 {
1484         struct net *net = xs_net(x);
1485         unsigned int h;
1486         struct xfrm_state *x0;
1487         int err = -ENOENT;
1488         __be32 minspi = htonl(low);
1489         __be32 maxspi = htonl(high);
1490
1491         spin_lock_bh(&x->lock);
1492         if (x->km.state == XFRM_STATE_DEAD)
1493                 goto unlock;
1494
1495         err = 0;
1496         if (x->id.spi)
1497                 goto unlock;
1498
1499         err = -ENOENT;
1500
1501         if (minspi == maxspi) {
1502                 x0 = xfrm_state_lookup(net, &x->id.daddr, minspi, x->id.proto, x->props.family);
1503                 if (x0) {
1504                         xfrm_state_put(x0);
1505                         goto unlock;
1506                 }
1507                 x->id.spi = minspi;
1508         } else {
1509                 u32 spi = 0;
1510                 for (h=0; h<high-low+1; h++) {
1511                         spi = low + net_random()%(high-low+1);
1512                         x0 = xfrm_state_lookup(net, &x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1513                         if (x0 == NULL) {
1514                                 x->id.spi = htonl(spi);
1515                                 break;
1516                         }
1517                         xfrm_state_put(x0);
1518                 }
1519         }
1520         if (x->id.spi) {
1521                 spin_lock_bh(&xfrm_state_lock);
1522                 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1523                 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
1524                 spin_unlock_bh(&xfrm_state_lock);
1525
1526                 err = 0;
1527         }
1528
1529 unlock:
1530         spin_unlock_bh(&x->lock);
1531
1532         return err;
1533 }
1534 EXPORT_SYMBOL(xfrm_alloc_spi);
1535
1536 int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
1537                     int (*func)(struct xfrm_state *, int, void*),
1538                     void *data)
1539 {
1540         struct xfrm_state *state;
1541         struct xfrm_state_walk *x;
1542         int err = 0;
1543
1544         if (walk->seq != 0 && list_empty(&walk->all))
1545                 return 0;
1546
1547         spin_lock_bh(&xfrm_state_lock);
1548         if (list_empty(&walk->all))
1549                 x = list_first_entry(&net->xfrm.state_all, struct xfrm_state_walk, all);
1550         else
1551                 x = list_entry(&walk->all, struct xfrm_state_walk, all);
1552         list_for_each_entry_from(x, &net->xfrm.state_all, all) {
1553                 if (x->state == XFRM_STATE_DEAD)
1554                         continue;
1555                 state = container_of(x, struct xfrm_state, km);
1556                 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
1557                         continue;
1558                 err = func(state, walk->seq, data);
1559                 if (err) {
1560                         list_move_tail(&walk->all, &x->all);
1561                         goto out;
1562                 }
1563                 walk->seq++;
1564         }
1565         if (walk->seq == 0) {
1566                 err = -ENOENT;
1567                 goto out;
1568         }
1569         list_del_init(&walk->all);
1570 out:
1571         spin_unlock_bh(&xfrm_state_lock);
1572         return err;
1573 }
1574 EXPORT_SYMBOL(xfrm_state_walk);
1575
1576 void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1577 {
1578         INIT_LIST_HEAD(&walk->all);
1579         walk->proto = proto;
1580         walk->state = XFRM_STATE_DEAD;
1581         walk->seq = 0;
1582 }
1583 EXPORT_SYMBOL(xfrm_state_walk_init);
1584
1585 void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1586 {
1587         if (list_empty(&walk->all))
1588                 return;
1589
1590         spin_lock_bh(&xfrm_state_lock);
1591         list_del(&walk->all);
1592         spin_lock_bh(&xfrm_state_lock);
1593 }
1594 EXPORT_SYMBOL(xfrm_state_walk_done);
1595
1596
1597 void xfrm_replay_notify(struct xfrm_state *x, int event)
1598 {
1599         struct km_event c;
1600         /* we send notify messages in case
1601          *  1. we updated on of the sequence numbers, and the seqno difference
1602          *     is at least x->replay_maxdiff, in this case we also update the
1603          *     timeout of our timer function
1604          *  2. if x->replay_maxage has elapsed since last update,
1605          *     and there were changes
1606          *
1607          *  The state structure must be locked!
1608          */
1609
1610         switch (event) {
1611         case XFRM_REPLAY_UPDATE:
1612                 if (x->replay_maxdiff &&
1613                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1614                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1615                         if (x->xflags & XFRM_TIME_DEFER)
1616                                 event = XFRM_REPLAY_TIMEOUT;
1617                         else
1618                                 return;
1619                 }
1620
1621                 break;
1622
1623         case XFRM_REPLAY_TIMEOUT:
1624                 if ((x->replay.seq == x->preplay.seq) &&
1625                     (x->replay.bitmap == x->preplay.bitmap) &&
1626                     (x->replay.oseq == x->preplay.oseq)) {
1627                         x->xflags |= XFRM_TIME_DEFER;
1628                         return;
1629                 }
1630
1631                 break;
1632         }
1633
1634         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1635         c.event = XFRM_MSG_NEWAE;
1636         c.data.aevent = event;
1637         km_state_notify(x, &c);
1638
1639         if (x->replay_maxage &&
1640             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1641                 x->xflags &= ~XFRM_TIME_DEFER;
1642 }
1643
1644 static void xfrm_replay_timer_handler(unsigned long data)
1645 {
1646         struct xfrm_state *x = (struct xfrm_state*)data;
1647
1648         spin_lock(&x->lock);
1649
1650         if (x->km.state == XFRM_STATE_VALID) {
1651                 if (xfrm_aevent_is_on(xs_net(x)))
1652                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1653                 else
1654                         x->xflags |= XFRM_TIME_DEFER;
1655         }
1656
1657         spin_unlock(&x->lock);
1658 }
1659
1660 int xfrm_replay_check(struct xfrm_state *x,
1661                       struct sk_buff *skb, __be32 net_seq)
1662 {
1663         u32 diff;
1664         u32 seq = ntohl(net_seq);
1665
1666         if (unlikely(seq == 0))
1667                 goto err;
1668
1669         if (likely(seq > x->replay.seq))
1670                 return 0;
1671
1672         diff = x->replay.seq - seq;
1673         if (diff >= min_t(unsigned int, x->props.replay_window,
1674                           sizeof(x->replay.bitmap) * 8)) {
1675                 x->stats.replay_window++;
1676                 goto err;
1677         }
1678
1679         if (x->replay.bitmap & (1U << diff)) {
1680                 x->stats.replay++;
1681                 goto err;
1682         }
1683         return 0;
1684
1685 err:
1686         xfrm_audit_state_replay(x, skb, net_seq);
1687         return -EINVAL;
1688 }
1689
1690 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1691 {
1692         u32 diff;
1693         u32 seq = ntohl(net_seq);
1694
1695         if (seq > x->replay.seq) {
1696                 diff = seq - x->replay.seq;
1697                 if (diff < x->props.replay_window)
1698                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1699                 else
1700                         x->replay.bitmap = 1;
1701                 x->replay.seq = seq;
1702         } else {
1703                 diff = x->replay.seq - seq;
1704                 x->replay.bitmap |= (1U << diff);
1705         }
1706
1707         if (xfrm_aevent_is_on(xs_net(x)))
1708                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1709 }
1710
1711 static LIST_HEAD(xfrm_km_list);
1712 static DEFINE_RWLOCK(xfrm_km_lock);
1713
1714 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1715 {
1716         struct xfrm_mgr *km;
1717
1718         read_lock(&xfrm_km_lock);
1719         list_for_each_entry(km, &xfrm_km_list, list)
1720                 if (km->notify_policy)
1721                         km->notify_policy(xp, dir, c);
1722         read_unlock(&xfrm_km_lock);
1723 }
1724
1725 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1726 {
1727         struct xfrm_mgr *km;
1728         read_lock(&xfrm_km_lock);
1729         list_for_each_entry(km, &xfrm_km_list, list)
1730                 if (km->notify)
1731                         km->notify(x, c);
1732         read_unlock(&xfrm_km_lock);
1733 }
1734
1735 EXPORT_SYMBOL(km_policy_notify);
1736 EXPORT_SYMBOL(km_state_notify);
1737
1738 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1739 {
1740         struct net *net = xs_net(x);
1741         struct km_event c;
1742
1743         c.data.hard = hard;
1744         c.pid = pid;
1745         c.event = XFRM_MSG_EXPIRE;
1746         km_state_notify(x, &c);
1747
1748         if (hard)
1749                 wake_up(&net->xfrm.km_waitq);
1750 }
1751
1752 EXPORT_SYMBOL(km_state_expired);
1753 /*
1754  * We send to all registered managers regardless of failure
1755  * We are happy with one success
1756 */
1757 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1758 {
1759         int err = -EINVAL, acqret;
1760         struct xfrm_mgr *km;
1761
1762         read_lock(&xfrm_km_lock);
1763         list_for_each_entry(km, &xfrm_km_list, list) {
1764                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1765                 if (!acqret)
1766                         err = acqret;
1767         }
1768         read_unlock(&xfrm_km_lock);
1769         return err;
1770 }
1771 EXPORT_SYMBOL(km_query);
1772
1773 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1774 {
1775         int err = -EINVAL;
1776         struct xfrm_mgr *km;
1777
1778         read_lock(&xfrm_km_lock);
1779         list_for_each_entry(km, &xfrm_km_list, list) {
1780                 if (km->new_mapping)
1781                         err = km->new_mapping(x, ipaddr, sport);
1782                 if (!err)
1783                         break;
1784         }
1785         read_unlock(&xfrm_km_lock);
1786         return err;
1787 }
1788 EXPORT_SYMBOL(km_new_mapping);
1789
1790 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1791 {
1792         struct net *net = xp_net(pol);
1793         struct km_event c;
1794
1795         c.data.hard = hard;
1796         c.pid = pid;
1797         c.event = XFRM_MSG_POLEXPIRE;
1798         km_policy_notify(pol, dir, &c);
1799
1800         if (hard)
1801                 wake_up(&net->xfrm.km_waitq);
1802 }
1803 EXPORT_SYMBOL(km_policy_expired);
1804
1805 #ifdef CONFIG_XFRM_MIGRATE
1806 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1807                struct xfrm_migrate *m, int num_migrate,
1808                struct xfrm_kmaddress *k)
1809 {
1810         int err = -EINVAL;
1811         int ret;
1812         struct xfrm_mgr *km;
1813
1814         read_lock(&xfrm_km_lock);
1815         list_for_each_entry(km, &xfrm_km_list, list) {
1816                 if (km->migrate) {
1817                         ret = km->migrate(sel, dir, type, m, num_migrate, k);
1818                         if (!ret)
1819                                 err = ret;
1820                 }
1821         }
1822         read_unlock(&xfrm_km_lock);
1823         return err;
1824 }
1825 EXPORT_SYMBOL(km_migrate);
1826 #endif
1827
1828 int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1829 {
1830         int err = -EINVAL;
1831         int ret;
1832         struct xfrm_mgr *km;
1833
1834         read_lock(&xfrm_km_lock);
1835         list_for_each_entry(km, &xfrm_km_list, list) {
1836                 if (km->report) {
1837                         ret = km->report(net, proto, sel, addr);
1838                         if (!ret)
1839                                 err = ret;
1840                 }
1841         }
1842         read_unlock(&xfrm_km_lock);
1843         return err;
1844 }
1845 EXPORT_SYMBOL(km_report);
1846
1847 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1848 {
1849         int err;
1850         u8 *data;
1851         struct xfrm_mgr *km;
1852         struct xfrm_policy *pol = NULL;
1853
1854         if (optlen <= 0 || optlen > PAGE_SIZE)
1855                 return -EMSGSIZE;
1856
1857         data = kmalloc(optlen, GFP_KERNEL);
1858         if (!data)
1859                 return -ENOMEM;
1860
1861         err = -EFAULT;
1862         if (copy_from_user(data, optval, optlen))
1863                 goto out;
1864
1865         err = -EINVAL;
1866         read_lock(&xfrm_km_lock);
1867         list_for_each_entry(km, &xfrm_km_list, list) {
1868                 pol = km->compile_policy(sk, optname, data,
1869                                          optlen, &err);
1870                 if (err >= 0)
1871                         break;
1872         }
1873         read_unlock(&xfrm_km_lock);
1874
1875         if (err >= 0) {
1876                 xfrm_sk_policy_insert(sk, err, pol);
1877                 xfrm_pol_put(pol);
1878                 err = 0;
1879         }
1880
1881 out:
1882         kfree(data);
1883         return err;
1884 }
1885 EXPORT_SYMBOL(xfrm_user_policy);
1886
1887 int xfrm_register_km(struct xfrm_mgr *km)
1888 {
1889         write_lock_bh(&xfrm_km_lock);
1890         list_add_tail(&km->list, &xfrm_km_list);
1891         write_unlock_bh(&xfrm_km_lock);
1892         return 0;
1893 }
1894 EXPORT_SYMBOL(xfrm_register_km);
1895
1896 int xfrm_unregister_km(struct xfrm_mgr *km)
1897 {
1898         write_lock_bh(&xfrm_km_lock);
1899         list_del(&km->list);
1900         write_unlock_bh(&xfrm_km_lock);
1901         return 0;
1902 }
1903 EXPORT_SYMBOL(xfrm_unregister_km);
1904
1905 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1906 {
1907         int err = 0;
1908         if (unlikely(afinfo == NULL))
1909                 return -EINVAL;
1910         if (unlikely(afinfo->family >= NPROTO))
1911                 return -EAFNOSUPPORT;
1912         write_lock_bh(&xfrm_state_afinfo_lock);
1913         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1914                 err = -ENOBUFS;
1915         else
1916                 xfrm_state_afinfo[afinfo->family] = afinfo;
1917         write_unlock_bh(&xfrm_state_afinfo_lock);
1918         return err;
1919 }
1920 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1921
1922 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1923 {
1924         int err = 0;
1925         if (unlikely(afinfo == NULL))
1926                 return -EINVAL;
1927         if (unlikely(afinfo->family >= NPROTO))
1928                 return -EAFNOSUPPORT;
1929         write_lock_bh(&xfrm_state_afinfo_lock);
1930         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1931                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1932                         err = -EINVAL;
1933                 else
1934                         xfrm_state_afinfo[afinfo->family] = NULL;
1935         }
1936         write_unlock_bh(&xfrm_state_afinfo_lock);
1937         return err;
1938 }
1939 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1940
1941 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1942 {
1943         struct xfrm_state_afinfo *afinfo;
1944         if (unlikely(family >= NPROTO))
1945                 return NULL;
1946         read_lock(&xfrm_state_afinfo_lock);
1947         afinfo = xfrm_state_afinfo[family];
1948         if (unlikely(!afinfo))
1949                 read_unlock(&xfrm_state_afinfo_lock);
1950         return afinfo;
1951 }
1952
1953 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1954         __releases(xfrm_state_afinfo_lock)
1955 {
1956         read_unlock(&xfrm_state_afinfo_lock);
1957 }
1958
1959 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1960 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1961 {
1962         if (x->tunnel) {
1963                 struct xfrm_state *t = x->tunnel;
1964
1965                 if (atomic_read(&t->tunnel_users) == 2)
1966                         xfrm_state_delete(t);
1967                 atomic_dec(&t->tunnel_users);
1968                 xfrm_state_put(t);
1969                 x->tunnel = NULL;
1970         }
1971 }
1972 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1973
1974 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1975 {
1976         int res;
1977
1978         spin_lock_bh(&x->lock);
1979         if (x->km.state == XFRM_STATE_VALID &&
1980             x->type && x->type->get_mtu)
1981                 res = x->type->get_mtu(x, mtu);
1982         else
1983                 res = mtu - x->props.header_len;
1984         spin_unlock_bh(&x->lock);
1985         return res;
1986 }
1987
1988 int xfrm_init_state(struct xfrm_state *x)
1989 {
1990         struct xfrm_state_afinfo *afinfo;
1991         struct xfrm_mode *inner_mode;
1992         int family = x->props.family;
1993         int err;
1994
1995         err = -EAFNOSUPPORT;
1996         afinfo = xfrm_state_get_afinfo(family);
1997         if (!afinfo)
1998                 goto error;
1999
2000         err = 0;
2001         if (afinfo->init_flags)
2002                 err = afinfo->init_flags(x);
2003
2004         xfrm_state_put_afinfo(afinfo);
2005
2006         if (err)
2007                 goto error;
2008
2009         err = -EPROTONOSUPPORT;
2010
2011         if (x->sel.family != AF_UNSPEC) {
2012                 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2013                 if (inner_mode == NULL)
2014                         goto error;
2015
2016                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2017                     family != x->sel.family) {
2018                         xfrm_put_mode(inner_mode);
2019                         goto error;
2020                 }
2021
2022                 x->inner_mode = inner_mode;
2023         } else {
2024                 struct xfrm_mode *inner_mode_iaf;
2025
2026                 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2027                 if (inner_mode == NULL)
2028                         goto error;
2029
2030                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2031                         xfrm_put_mode(inner_mode);
2032                         goto error;
2033                 }
2034
2035                 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2036                 if (inner_mode_iaf == NULL)
2037                         goto error;
2038
2039                 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2040                         xfrm_put_mode(inner_mode_iaf);
2041                         goto error;
2042                 }
2043
2044                 if (x->props.family == AF_INET) {
2045                         x->inner_mode = inner_mode;
2046                         x->inner_mode_iaf = inner_mode_iaf;
2047                 } else {
2048                         x->inner_mode = inner_mode_iaf;
2049                         x->inner_mode_iaf = inner_mode;
2050                 }
2051         }
2052
2053         x->type = xfrm_get_type(x->id.proto, family);
2054         if (x->type == NULL)
2055                 goto error;
2056
2057         err = x->type->init_state(x);
2058         if (err)
2059                 goto error;
2060
2061         x->outer_mode = xfrm_get_mode(x->props.mode, family);
2062         if (x->outer_mode == NULL)
2063                 goto error;
2064
2065         x->km.state = XFRM_STATE_VALID;
2066
2067 error:
2068         return err;
2069 }
2070
2071 EXPORT_SYMBOL(xfrm_init_state);
2072
2073 int __net_init xfrm_state_init(struct net *net)
2074 {
2075         unsigned int sz;
2076
2077         INIT_LIST_HEAD(&net->xfrm.state_all);
2078
2079         sz = sizeof(struct hlist_head) * 8;
2080
2081         net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2082         if (!net->xfrm.state_bydst)
2083                 goto out_bydst;
2084         net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2085         if (!net->xfrm.state_bysrc)
2086                 goto out_bysrc;
2087         net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2088         if (!net->xfrm.state_byspi)
2089                 goto out_byspi;
2090         net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2091
2092         net->xfrm.state_num = 0;
2093         INIT_WORK(&net->xfrm.state_hash_work, xfrm_hash_resize);
2094         INIT_HLIST_HEAD(&net->xfrm.state_gc_list);
2095         INIT_WORK(&net->xfrm.state_gc_work, xfrm_state_gc_task);
2096         init_waitqueue_head(&net->xfrm.km_waitq);
2097         return 0;
2098
2099 out_byspi:
2100         xfrm_hash_free(net->xfrm.state_bysrc, sz);
2101 out_bysrc:
2102         xfrm_hash_free(net->xfrm.state_bydst, sz);
2103 out_bydst:
2104         return -ENOMEM;
2105 }
2106
2107 void xfrm_state_fini(struct net *net)
2108 {
2109         struct xfrm_audit audit_info;
2110         unsigned int sz;
2111
2112         flush_work(&net->xfrm.state_hash_work);
2113         audit_info.loginuid = -1;
2114         audit_info.sessionid = -1;
2115         audit_info.secid = 0;
2116         xfrm_state_flush(net, IPSEC_PROTO_ANY, &audit_info);
2117         flush_work(&net->xfrm.state_gc_work);
2118
2119         WARN_ON(!list_empty(&net->xfrm.state_all));
2120
2121         sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
2122         WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2123         xfrm_hash_free(net->xfrm.state_byspi, sz);
2124         WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2125         xfrm_hash_free(net->xfrm.state_bysrc, sz);
2126         WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2127         xfrm_hash_free(net->xfrm.state_bydst, sz);
2128 }
2129
2130 #ifdef CONFIG_AUDITSYSCALL
2131 static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2132                                      struct audit_buffer *audit_buf)
2133 {
2134         struct xfrm_sec_ctx *ctx = x->security;
2135         u32 spi = ntohl(x->id.spi);
2136
2137         if (ctx)
2138                 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2139                                  ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2140
2141         switch(x->props.family) {
2142         case AF_INET:
2143                 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2144                                  &x->props.saddr.a4, &x->id.daddr.a4);
2145                 break;
2146         case AF_INET6:
2147                 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
2148                                  x->props.saddr.a6, x->id.daddr.a6);
2149                 break;
2150         }
2151
2152         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2153 }
2154
2155 static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2156                                       struct audit_buffer *audit_buf)
2157 {
2158         struct iphdr *iph4;
2159         struct ipv6hdr *iph6;
2160
2161         switch (family) {
2162         case AF_INET:
2163                 iph4 = ip_hdr(skb);
2164                 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2165                                  &iph4->saddr, &iph4->daddr);
2166                 break;
2167         case AF_INET6:
2168                 iph6 = ipv6_hdr(skb);
2169                 audit_log_format(audit_buf,
2170                                  " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
2171                                  &iph6->saddr,&iph6->daddr,
2172                                  iph6->flow_lbl[0] & 0x0f,
2173                                  iph6->flow_lbl[1],
2174                                  iph6->flow_lbl[2]);
2175                 break;
2176         }
2177 }
2178
2179 void xfrm_audit_state_add(struct xfrm_state *x, int result,
2180                           uid_t auid, u32 sessionid, u32 secid)
2181 {
2182         struct audit_buffer *audit_buf;
2183
2184         audit_buf = xfrm_audit_start("SAD-add");
2185         if (audit_buf == NULL)
2186                 return;
2187         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2188         xfrm_audit_helper_sainfo(x, audit_buf);
2189         audit_log_format(audit_buf, " res=%u", result);
2190         audit_log_end(audit_buf);
2191 }
2192 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2193
2194 void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2195                              uid_t auid, u32 sessionid, u32 secid)
2196 {
2197         struct audit_buffer *audit_buf;
2198
2199         audit_buf = xfrm_audit_start("SAD-delete");
2200         if (audit_buf == NULL)
2201                 return;
2202         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2203         xfrm_audit_helper_sainfo(x, audit_buf);
2204         audit_log_format(audit_buf, " res=%u", result);
2205         audit_log_end(audit_buf);
2206 }
2207 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2208
2209 void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2210                                       struct sk_buff *skb)
2211 {
2212         struct audit_buffer *audit_buf;
2213         u32 spi;
2214
2215         audit_buf = xfrm_audit_start("SA-replay-overflow");
2216         if (audit_buf == NULL)
2217                 return;
2218         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2219         /* don't record the sequence number because it's inherent in this kind
2220          * of audit message */
2221         spi = ntohl(x->id.spi);
2222         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2223         audit_log_end(audit_buf);
2224 }
2225 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2226
2227 static void xfrm_audit_state_replay(struct xfrm_state *x,
2228                              struct sk_buff *skb, __be32 net_seq)
2229 {
2230         struct audit_buffer *audit_buf;
2231         u32 spi;
2232
2233         audit_buf = xfrm_audit_start("SA-replayed-pkt");
2234         if (audit_buf == NULL)
2235                 return;
2236         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2237         spi = ntohl(x->id.spi);
2238         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2239                          spi, spi, ntohl(net_seq));
2240         audit_log_end(audit_buf);
2241 }
2242
2243 void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2244 {
2245         struct audit_buffer *audit_buf;
2246
2247         audit_buf = xfrm_audit_start("SA-notfound");
2248         if (audit_buf == NULL)
2249                 return;
2250         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2251         audit_log_end(audit_buf);
2252 }
2253 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2254
2255 void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2256                                __be32 net_spi, __be32 net_seq)
2257 {
2258         struct audit_buffer *audit_buf;
2259         u32 spi;
2260
2261         audit_buf = xfrm_audit_start("SA-notfound");
2262         if (audit_buf == NULL)
2263                 return;
2264         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2265         spi = ntohl(net_spi);
2266         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2267                          spi, spi, ntohl(net_seq));
2268         audit_log_end(audit_buf);
2269 }
2270 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2271
2272 void xfrm_audit_state_icvfail(struct xfrm_state *x,
2273                               struct sk_buff *skb, u8 proto)
2274 {
2275         struct audit_buffer *audit_buf;
2276         __be32 net_spi;
2277         __be32 net_seq;
2278
2279         audit_buf = xfrm_audit_start("SA-icv-failure");
2280         if (audit_buf == NULL)
2281                 return;
2282         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2283         if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2284                 u32 spi = ntohl(net_spi);
2285                 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2286                                  spi, spi, ntohl(net_seq));
2287         }
2288         audit_log_end(audit_buf);
2289 }
2290 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2291 #endif /* CONFIG_AUDITSYSCALL */