7ecf6eeff84a3229b25a0cf56140d9398784c7f8
[linux-2.6.git] / net / xfrm / xfrm_state.c
1 /*
2  * xfrm_state.c
3  *
4  * Changes:
5  *      Mitsuru KANDA @USAGI
6  *      Kazunori MIYAZAWA @USAGI
7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8  *              IPv6 support
9  *      YOSHIFUJI Hideaki @USAGI
10  *              Split up af-specific functions
11  *      Derek Atkins <derek@ihtfp.com>
12  *              Add UDP Encapsulation
13  *
14  */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <linux/cache.h>
22 #include <linux/audit.h>
23 #include <asm/uaccess.h>
24
25 #include "xfrm_hash.h"
26
27 struct sock *xfrm_nl;
28 EXPORT_SYMBOL(xfrm_nl);
29
30 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
31 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
33 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
34 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
36 u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
38 /* Each xfrm_state may be linked to two tables:
39
40    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
41    2. Hash table by (daddr,family,reqid) to find what SAs exist for given
42       destination/tunnel endpoint. (output)
43  */
44
45 static DEFINE_SPINLOCK(xfrm_state_lock);
46
47 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
48 static unsigned int xfrm_state_genid;
49
50 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
51 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
52
53 #ifdef CONFIG_AUDITSYSCALL
54 static void xfrm_audit_state_replay(struct xfrm_state *x,
55                                     struct sk_buff *skb, __be32 net_seq);
56 #else
57 #define xfrm_audit_state_replay(x, s, sq)       do { ; } while (0)
58 #endif /* CONFIG_AUDITSYSCALL */
59
60 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
61                                          xfrm_address_t *saddr,
62                                          u32 reqid,
63                                          unsigned short family)
64 {
65         return __xfrm_dst_hash(daddr, saddr, reqid, family, init_net.xfrm.state_hmask);
66 }
67
68 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
69                                          xfrm_address_t *saddr,
70                                          unsigned short family)
71 {
72         return __xfrm_src_hash(daddr, saddr, family, init_net.xfrm.state_hmask);
73 }
74
75 static inline unsigned int
76 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
77 {
78         return __xfrm_spi_hash(daddr, spi, proto, family, init_net.xfrm.state_hmask);
79 }
80
81 static void xfrm_hash_transfer(struct hlist_head *list,
82                                struct hlist_head *ndsttable,
83                                struct hlist_head *nsrctable,
84                                struct hlist_head *nspitable,
85                                unsigned int nhashmask)
86 {
87         struct hlist_node *entry, *tmp;
88         struct xfrm_state *x;
89
90         hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
91                 unsigned int h;
92
93                 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
94                                     x->props.reqid, x->props.family,
95                                     nhashmask);
96                 hlist_add_head(&x->bydst, ndsttable+h);
97
98                 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
99                                     x->props.family,
100                                     nhashmask);
101                 hlist_add_head(&x->bysrc, nsrctable+h);
102
103                 if (x->id.spi) {
104                         h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
105                                             x->id.proto, x->props.family,
106                                             nhashmask);
107                         hlist_add_head(&x->byspi, nspitable+h);
108                 }
109         }
110 }
111
112 static unsigned long xfrm_hash_new_size(void)
113 {
114         return ((init_net.xfrm.state_hmask + 1) << 1) *
115                 sizeof(struct hlist_head);
116 }
117
118 static DEFINE_MUTEX(hash_resize_mutex);
119
120 static void xfrm_hash_resize(struct work_struct *__unused)
121 {
122         struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
123         unsigned long nsize, osize;
124         unsigned int nhashmask, ohashmask;
125         int i;
126
127         mutex_lock(&hash_resize_mutex);
128
129         nsize = xfrm_hash_new_size();
130         ndst = xfrm_hash_alloc(nsize);
131         if (!ndst)
132                 goto out_unlock;
133         nsrc = xfrm_hash_alloc(nsize);
134         if (!nsrc) {
135                 xfrm_hash_free(ndst, nsize);
136                 goto out_unlock;
137         }
138         nspi = xfrm_hash_alloc(nsize);
139         if (!nspi) {
140                 xfrm_hash_free(ndst, nsize);
141                 xfrm_hash_free(nsrc, nsize);
142                 goto out_unlock;
143         }
144
145         spin_lock_bh(&xfrm_state_lock);
146
147         nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
148         for (i = init_net.xfrm.state_hmask; i >= 0; i--)
149                 xfrm_hash_transfer(init_net.xfrm.state_bydst+i, ndst, nsrc, nspi,
150                                    nhashmask);
151
152         odst = init_net.xfrm.state_bydst;
153         osrc = init_net.xfrm.state_bysrc;
154         ospi = init_net.xfrm.state_byspi;
155         ohashmask = init_net.xfrm.state_hmask;
156
157         init_net.xfrm.state_bydst = ndst;
158         init_net.xfrm.state_bysrc = nsrc;
159         init_net.xfrm.state_byspi = nspi;
160         init_net.xfrm.state_hmask = nhashmask;
161
162         spin_unlock_bh(&xfrm_state_lock);
163
164         osize = (ohashmask + 1) * sizeof(struct hlist_head);
165         xfrm_hash_free(odst, osize);
166         xfrm_hash_free(osrc, osize);
167         xfrm_hash_free(ospi, osize);
168
169 out_unlock:
170         mutex_unlock(&hash_resize_mutex);
171 }
172
173 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
174
175 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
176 EXPORT_SYMBOL(km_waitq);
177
178 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
179 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
180
181 static struct work_struct xfrm_state_gc_work;
182 static HLIST_HEAD(xfrm_state_gc_list);
183 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
184
185 int __xfrm_state_delete(struct xfrm_state *x);
186
187 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
188 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
189
190 static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
191 {
192         struct xfrm_state_afinfo *afinfo;
193         if (unlikely(family >= NPROTO))
194                 return NULL;
195         write_lock_bh(&xfrm_state_afinfo_lock);
196         afinfo = xfrm_state_afinfo[family];
197         if (unlikely(!afinfo))
198                 write_unlock_bh(&xfrm_state_afinfo_lock);
199         return afinfo;
200 }
201
202 static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
203         __releases(xfrm_state_afinfo_lock)
204 {
205         write_unlock_bh(&xfrm_state_afinfo_lock);
206 }
207
208 int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
209 {
210         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
211         const struct xfrm_type **typemap;
212         int err = 0;
213
214         if (unlikely(afinfo == NULL))
215                 return -EAFNOSUPPORT;
216         typemap = afinfo->type_map;
217
218         if (likely(typemap[type->proto] == NULL))
219                 typemap[type->proto] = type;
220         else
221                 err = -EEXIST;
222         xfrm_state_unlock_afinfo(afinfo);
223         return err;
224 }
225 EXPORT_SYMBOL(xfrm_register_type);
226
227 int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
228 {
229         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
230         const struct xfrm_type **typemap;
231         int err = 0;
232
233         if (unlikely(afinfo == NULL))
234                 return -EAFNOSUPPORT;
235         typemap = afinfo->type_map;
236
237         if (unlikely(typemap[type->proto] != type))
238                 err = -ENOENT;
239         else
240                 typemap[type->proto] = NULL;
241         xfrm_state_unlock_afinfo(afinfo);
242         return err;
243 }
244 EXPORT_SYMBOL(xfrm_unregister_type);
245
246 static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
247 {
248         struct xfrm_state_afinfo *afinfo;
249         const struct xfrm_type **typemap;
250         const struct xfrm_type *type;
251         int modload_attempted = 0;
252
253 retry:
254         afinfo = xfrm_state_get_afinfo(family);
255         if (unlikely(afinfo == NULL))
256                 return NULL;
257         typemap = afinfo->type_map;
258
259         type = typemap[proto];
260         if (unlikely(type && !try_module_get(type->owner)))
261                 type = NULL;
262         if (!type && !modload_attempted) {
263                 xfrm_state_put_afinfo(afinfo);
264                 request_module("xfrm-type-%d-%d", family, proto);
265                 modload_attempted = 1;
266                 goto retry;
267         }
268
269         xfrm_state_put_afinfo(afinfo);
270         return type;
271 }
272
273 static void xfrm_put_type(const struct xfrm_type *type)
274 {
275         module_put(type->owner);
276 }
277
278 int xfrm_register_mode(struct xfrm_mode *mode, int family)
279 {
280         struct xfrm_state_afinfo *afinfo;
281         struct xfrm_mode **modemap;
282         int err;
283
284         if (unlikely(mode->encap >= XFRM_MODE_MAX))
285                 return -EINVAL;
286
287         afinfo = xfrm_state_lock_afinfo(family);
288         if (unlikely(afinfo == NULL))
289                 return -EAFNOSUPPORT;
290
291         err = -EEXIST;
292         modemap = afinfo->mode_map;
293         if (modemap[mode->encap])
294                 goto out;
295
296         err = -ENOENT;
297         if (!try_module_get(afinfo->owner))
298                 goto out;
299
300         mode->afinfo = afinfo;
301         modemap[mode->encap] = mode;
302         err = 0;
303
304 out:
305         xfrm_state_unlock_afinfo(afinfo);
306         return err;
307 }
308 EXPORT_SYMBOL(xfrm_register_mode);
309
310 int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
311 {
312         struct xfrm_state_afinfo *afinfo;
313         struct xfrm_mode **modemap;
314         int err;
315
316         if (unlikely(mode->encap >= XFRM_MODE_MAX))
317                 return -EINVAL;
318
319         afinfo = xfrm_state_lock_afinfo(family);
320         if (unlikely(afinfo == NULL))
321                 return -EAFNOSUPPORT;
322
323         err = -ENOENT;
324         modemap = afinfo->mode_map;
325         if (likely(modemap[mode->encap] == mode)) {
326                 modemap[mode->encap] = NULL;
327                 module_put(mode->afinfo->owner);
328                 err = 0;
329         }
330
331         xfrm_state_unlock_afinfo(afinfo);
332         return err;
333 }
334 EXPORT_SYMBOL(xfrm_unregister_mode);
335
336 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
337 {
338         struct xfrm_state_afinfo *afinfo;
339         struct xfrm_mode *mode;
340         int modload_attempted = 0;
341
342         if (unlikely(encap >= XFRM_MODE_MAX))
343                 return NULL;
344
345 retry:
346         afinfo = xfrm_state_get_afinfo(family);
347         if (unlikely(afinfo == NULL))
348                 return NULL;
349
350         mode = afinfo->mode_map[encap];
351         if (unlikely(mode && !try_module_get(mode->owner)))
352                 mode = NULL;
353         if (!mode && !modload_attempted) {
354                 xfrm_state_put_afinfo(afinfo);
355                 request_module("xfrm-mode-%d-%d", family, encap);
356                 modload_attempted = 1;
357                 goto retry;
358         }
359
360         xfrm_state_put_afinfo(afinfo);
361         return mode;
362 }
363
364 static void xfrm_put_mode(struct xfrm_mode *mode)
365 {
366         module_put(mode->owner);
367 }
368
369 static void xfrm_state_gc_destroy(struct xfrm_state *x)
370 {
371         del_timer_sync(&x->timer);
372         del_timer_sync(&x->rtimer);
373         kfree(x->aalg);
374         kfree(x->ealg);
375         kfree(x->calg);
376         kfree(x->encap);
377         kfree(x->coaddr);
378         if (x->inner_mode)
379                 xfrm_put_mode(x->inner_mode);
380         if (x->inner_mode_iaf)
381                 xfrm_put_mode(x->inner_mode_iaf);
382         if (x->outer_mode)
383                 xfrm_put_mode(x->outer_mode);
384         if (x->type) {
385                 x->type->destructor(x);
386                 xfrm_put_type(x->type);
387         }
388         security_xfrm_state_free(x);
389         kfree(x);
390 }
391
392 static void xfrm_state_gc_task(struct work_struct *data)
393 {
394         struct xfrm_state *x;
395         struct hlist_node *entry, *tmp;
396         struct hlist_head gc_list;
397
398         spin_lock_bh(&xfrm_state_gc_lock);
399         hlist_move_list(&xfrm_state_gc_list, &gc_list);
400         spin_unlock_bh(&xfrm_state_gc_lock);
401
402         hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
403                 xfrm_state_gc_destroy(x);
404
405         wake_up(&km_waitq);
406 }
407
408 static inline unsigned long make_jiffies(long secs)
409 {
410         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
411                 return MAX_SCHEDULE_TIMEOUT-1;
412         else
413                 return secs*HZ;
414 }
415
416 static void xfrm_timer_handler(unsigned long data)
417 {
418         struct xfrm_state *x = (struct xfrm_state*)data;
419         unsigned long now = get_seconds();
420         long next = LONG_MAX;
421         int warn = 0;
422         int err = 0;
423
424         spin_lock(&x->lock);
425         if (x->km.state == XFRM_STATE_DEAD)
426                 goto out;
427         if (x->km.state == XFRM_STATE_EXPIRED)
428                 goto expired;
429         if (x->lft.hard_add_expires_seconds) {
430                 long tmo = x->lft.hard_add_expires_seconds +
431                         x->curlft.add_time - now;
432                 if (tmo <= 0)
433                         goto expired;
434                 if (tmo < next)
435                         next = tmo;
436         }
437         if (x->lft.hard_use_expires_seconds) {
438                 long tmo = x->lft.hard_use_expires_seconds +
439                         (x->curlft.use_time ? : now) - now;
440                 if (tmo <= 0)
441                         goto expired;
442                 if (tmo < next)
443                         next = tmo;
444         }
445         if (x->km.dying)
446                 goto resched;
447         if (x->lft.soft_add_expires_seconds) {
448                 long tmo = x->lft.soft_add_expires_seconds +
449                         x->curlft.add_time - now;
450                 if (tmo <= 0)
451                         warn = 1;
452                 else if (tmo < next)
453                         next = tmo;
454         }
455         if (x->lft.soft_use_expires_seconds) {
456                 long tmo = x->lft.soft_use_expires_seconds +
457                         (x->curlft.use_time ? : now) - now;
458                 if (tmo <= 0)
459                         warn = 1;
460                 else if (tmo < next)
461                         next = tmo;
462         }
463
464         x->km.dying = warn;
465         if (warn)
466                 km_state_expired(x, 0, 0);
467 resched:
468         if (next != LONG_MAX)
469                 mod_timer(&x->timer, jiffies + make_jiffies(next));
470
471         goto out;
472
473 expired:
474         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
475                 x->km.state = XFRM_STATE_EXPIRED;
476                 wake_up(&km_waitq);
477                 next = 2;
478                 goto resched;
479         }
480
481         err = __xfrm_state_delete(x);
482         if (!err && x->id.spi)
483                 km_state_expired(x, 1, 0);
484
485         xfrm_audit_state_delete(x, err ? 0 : 1,
486                                 audit_get_loginuid(current),
487                                 audit_get_sessionid(current), 0);
488
489 out:
490         spin_unlock(&x->lock);
491 }
492
493 static void xfrm_replay_timer_handler(unsigned long data);
494
495 struct xfrm_state *xfrm_state_alloc(struct net *net)
496 {
497         struct xfrm_state *x;
498
499         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
500
501         if (x) {
502                 write_pnet(&x->xs_net, net);
503                 atomic_set(&x->refcnt, 1);
504                 atomic_set(&x->tunnel_users, 0);
505                 INIT_LIST_HEAD(&x->km.all);
506                 INIT_HLIST_NODE(&x->bydst);
507                 INIT_HLIST_NODE(&x->bysrc);
508                 INIT_HLIST_NODE(&x->byspi);
509                 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
510                 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
511                                 (unsigned long)x);
512                 x->curlft.add_time = get_seconds();
513                 x->lft.soft_byte_limit = XFRM_INF;
514                 x->lft.soft_packet_limit = XFRM_INF;
515                 x->lft.hard_byte_limit = XFRM_INF;
516                 x->lft.hard_packet_limit = XFRM_INF;
517                 x->replay_maxage = 0;
518                 x->replay_maxdiff = 0;
519                 x->inner_mode = NULL;
520                 x->inner_mode_iaf = NULL;
521                 spin_lock_init(&x->lock);
522         }
523         return x;
524 }
525 EXPORT_SYMBOL(xfrm_state_alloc);
526
527 void __xfrm_state_destroy(struct xfrm_state *x)
528 {
529         WARN_ON(x->km.state != XFRM_STATE_DEAD);
530
531         spin_lock_bh(&xfrm_state_gc_lock);
532         hlist_add_head(&x->gclist, &xfrm_state_gc_list);
533         spin_unlock_bh(&xfrm_state_gc_lock);
534         schedule_work(&xfrm_state_gc_work);
535 }
536 EXPORT_SYMBOL(__xfrm_state_destroy);
537
538 int __xfrm_state_delete(struct xfrm_state *x)
539 {
540         int err = -ESRCH;
541
542         if (x->km.state != XFRM_STATE_DEAD) {
543                 x->km.state = XFRM_STATE_DEAD;
544                 spin_lock(&xfrm_state_lock);
545                 list_del(&x->km.all);
546                 hlist_del(&x->bydst);
547                 hlist_del(&x->bysrc);
548                 if (x->id.spi)
549                         hlist_del(&x->byspi);
550                 init_net.xfrm.state_num--;
551                 spin_unlock(&xfrm_state_lock);
552
553                 /* All xfrm_state objects are created by xfrm_state_alloc.
554                  * The xfrm_state_alloc call gives a reference, and that
555                  * is what we are dropping here.
556                  */
557                 xfrm_state_put(x);
558                 err = 0;
559         }
560
561         return err;
562 }
563 EXPORT_SYMBOL(__xfrm_state_delete);
564
565 int xfrm_state_delete(struct xfrm_state *x)
566 {
567         int err;
568
569         spin_lock_bh(&x->lock);
570         err = __xfrm_state_delete(x);
571         spin_unlock_bh(&x->lock);
572
573         return err;
574 }
575 EXPORT_SYMBOL(xfrm_state_delete);
576
577 #ifdef CONFIG_SECURITY_NETWORK_XFRM
578 static inline int
579 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
580 {
581         int i, err = 0;
582
583         for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
584                 struct hlist_node *entry;
585                 struct xfrm_state *x;
586
587                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
588                         if (xfrm_id_proto_match(x->id.proto, proto) &&
589                            (err = security_xfrm_state_delete(x)) != 0) {
590                                 xfrm_audit_state_delete(x, 0,
591                                                         audit_info->loginuid,
592                                                         audit_info->sessionid,
593                                                         audit_info->secid);
594                                 return err;
595                         }
596                 }
597         }
598
599         return err;
600 }
601 #else
602 static inline int
603 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
604 {
605         return 0;
606 }
607 #endif
608
609 int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
610 {
611         int i, err = 0;
612
613         spin_lock_bh(&xfrm_state_lock);
614         err = xfrm_state_flush_secctx_check(proto, audit_info);
615         if (err)
616                 goto out;
617
618         for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
619                 struct hlist_node *entry;
620                 struct xfrm_state *x;
621 restart:
622                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
623                         if (!xfrm_state_kern(x) &&
624                             xfrm_id_proto_match(x->id.proto, proto)) {
625                                 xfrm_state_hold(x);
626                                 spin_unlock_bh(&xfrm_state_lock);
627
628                                 err = xfrm_state_delete(x);
629                                 xfrm_audit_state_delete(x, err ? 0 : 1,
630                                                         audit_info->loginuid,
631                                                         audit_info->sessionid,
632                                                         audit_info->secid);
633                                 xfrm_state_put(x);
634
635                                 spin_lock_bh(&xfrm_state_lock);
636                                 goto restart;
637                         }
638                 }
639         }
640         err = 0;
641
642 out:
643         spin_unlock_bh(&xfrm_state_lock);
644         wake_up(&km_waitq);
645         return err;
646 }
647 EXPORT_SYMBOL(xfrm_state_flush);
648
649 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
650 {
651         spin_lock_bh(&xfrm_state_lock);
652         si->sadcnt = init_net.xfrm.state_num;
653         si->sadhcnt = init_net.xfrm.state_hmask;
654         si->sadhmcnt = xfrm_state_hashmax;
655         spin_unlock_bh(&xfrm_state_lock);
656 }
657 EXPORT_SYMBOL(xfrm_sad_getinfo);
658
659 static int
660 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
661                   struct xfrm_tmpl *tmpl,
662                   xfrm_address_t *daddr, xfrm_address_t *saddr,
663                   unsigned short family)
664 {
665         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
666         if (!afinfo)
667                 return -1;
668         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
669         xfrm_state_put_afinfo(afinfo);
670         return 0;
671 }
672
673 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
674 {
675         unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
676         struct xfrm_state *x;
677         struct hlist_node *entry;
678
679         hlist_for_each_entry(x, entry, init_net.xfrm.state_byspi+h, byspi) {
680                 if (x->props.family != family ||
681                     x->id.spi       != spi ||
682                     x->id.proto     != proto)
683                         continue;
684
685                 switch (family) {
686                 case AF_INET:
687                         if (x->id.daddr.a4 != daddr->a4)
688                                 continue;
689                         break;
690                 case AF_INET6:
691                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
692                                              (struct in6_addr *)
693                                              x->id.daddr.a6))
694                                 continue;
695                         break;
696                 }
697
698                 xfrm_state_hold(x);
699                 return x;
700         }
701
702         return NULL;
703 }
704
705 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
706 {
707         unsigned int h = xfrm_src_hash(daddr, saddr, family);
708         struct xfrm_state *x;
709         struct hlist_node *entry;
710
711         hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
712                 if (x->props.family != family ||
713                     x->id.proto     != proto)
714                         continue;
715
716                 switch (family) {
717                 case AF_INET:
718                         if (x->id.daddr.a4 != daddr->a4 ||
719                             x->props.saddr.a4 != saddr->a4)
720                                 continue;
721                         break;
722                 case AF_INET6:
723                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
724                                              (struct in6_addr *)
725                                              x->id.daddr.a6) ||
726                             !ipv6_addr_equal((struct in6_addr *)saddr,
727                                              (struct in6_addr *)
728                                              x->props.saddr.a6))
729                                 continue;
730                         break;
731                 }
732
733                 xfrm_state_hold(x);
734                 return x;
735         }
736
737         return NULL;
738 }
739
740 static inline struct xfrm_state *
741 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
742 {
743         if (use_spi)
744                 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
745                                            x->id.proto, family);
746         else
747                 return __xfrm_state_lookup_byaddr(&x->id.daddr,
748                                                   &x->props.saddr,
749                                                   x->id.proto, family);
750 }
751
752 static void xfrm_hash_grow_check(int have_hash_collision)
753 {
754         if (have_hash_collision &&
755             (init_net.xfrm.state_hmask + 1) < xfrm_state_hashmax &&
756             init_net.xfrm.state_num > init_net.xfrm.state_hmask)
757                 schedule_work(&xfrm_hash_work);
758 }
759
760 struct xfrm_state *
761 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
762                 struct flowi *fl, struct xfrm_tmpl *tmpl,
763                 struct xfrm_policy *pol, int *err,
764                 unsigned short family)
765 {
766         unsigned int h;
767         struct hlist_node *entry;
768         struct xfrm_state *x, *x0, *to_put;
769         int acquire_in_progress = 0;
770         int error = 0;
771         struct xfrm_state *best = NULL;
772
773         to_put = NULL;
774
775         spin_lock_bh(&xfrm_state_lock);
776         h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
777         hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
778                 if (x->props.family == family &&
779                     x->props.reqid == tmpl->reqid &&
780                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
781                     xfrm_state_addr_check(x, daddr, saddr, family) &&
782                     tmpl->mode == x->props.mode &&
783                     tmpl->id.proto == x->id.proto &&
784                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
785                         /* Resolution logic:
786                            1. There is a valid state with matching selector.
787                               Done.
788                            2. Valid state with inappropriate selector. Skip.
789
790                            Entering area of "sysdeps".
791
792                            3. If state is not valid, selector is temporary,
793                               it selects only session which triggered
794                               previous resolution. Key manager will do
795                               something to install a state with proper
796                               selector.
797                          */
798                         if (x->km.state == XFRM_STATE_VALID) {
799                                 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
800                                     !security_xfrm_state_pol_flow_match(x, pol, fl))
801                                         continue;
802                                 if (!best ||
803                                     best->km.dying > x->km.dying ||
804                                     (best->km.dying == x->km.dying &&
805                                      best->curlft.add_time < x->curlft.add_time))
806                                         best = x;
807                         } else if (x->km.state == XFRM_STATE_ACQ) {
808                                 acquire_in_progress = 1;
809                         } else if (x->km.state == XFRM_STATE_ERROR ||
810                                    x->km.state == XFRM_STATE_EXPIRED) {
811                                 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
812                                     security_xfrm_state_pol_flow_match(x, pol, fl))
813                                         error = -ESRCH;
814                         }
815                 }
816         }
817
818         x = best;
819         if (!x && !error && !acquire_in_progress) {
820                 if (tmpl->id.spi &&
821                     (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
822                                               tmpl->id.proto, family)) != NULL) {
823                         to_put = x0;
824                         error = -EEXIST;
825                         goto out;
826                 }
827                 x = xfrm_state_alloc(&init_net);
828                 if (x == NULL) {
829                         error = -ENOMEM;
830                         goto out;
831                 }
832                 /* Initialize temporary selector matching only
833                  * to current session. */
834                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
835
836                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
837                 if (error) {
838                         x->km.state = XFRM_STATE_DEAD;
839                         to_put = x;
840                         x = NULL;
841                         goto out;
842                 }
843
844                 if (km_query(x, tmpl, pol) == 0) {
845                         x->km.state = XFRM_STATE_ACQ;
846                         list_add(&x->km.all, &init_net.xfrm.state_all);
847                         hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
848                         h = xfrm_src_hash(daddr, saddr, family);
849                         hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
850                         if (x->id.spi) {
851                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
852                                 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
853                         }
854                         x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
855                         x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
856                         add_timer(&x->timer);
857                         init_net.xfrm.state_num++;
858                         xfrm_hash_grow_check(x->bydst.next != NULL);
859                 } else {
860                         x->km.state = XFRM_STATE_DEAD;
861                         to_put = x;
862                         x = NULL;
863                         error = -ESRCH;
864                 }
865         }
866 out:
867         if (x)
868                 xfrm_state_hold(x);
869         else
870                 *err = acquire_in_progress ? -EAGAIN : error;
871         spin_unlock_bh(&xfrm_state_lock);
872         if (to_put)
873                 xfrm_state_put(to_put);
874         return x;
875 }
876
877 struct xfrm_state *
878 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
879                     unsigned short family, u8 mode, u8 proto, u32 reqid)
880 {
881         unsigned int h;
882         struct xfrm_state *rx = NULL, *x = NULL;
883         struct hlist_node *entry;
884
885         spin_lock(&xfrm_state_lock);
886         h = xfrm_dst_hash(daddr, saddr, reqid, family);
887         hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
888                 if (x->props.family == family &&
889                     x->props.reqid == reqid &&
890                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
891                     xfrm_state_addr_check(x, daddr, saddr, family) &&
892                     mode == x->props.mode &&
893                     proto == x->id.proto &&
894                     x->km.state == XFRM_STATE_VALID) {
895                         rx = x;
896                         break;
897                 }
898         }
899
900         if (rx)
901                 xfrm_state_hold(rx);
902         spin_unlock(&xfrm_state_lock);
903
904
905         return rx;
906 }
907 EXPORT_SYMBOL(xfrm_stateonly_find);
908
909 static void __xfrm_state_insert(struct xfrm_state *x)
910 {
911         unsigned int h;
912
913         x->genid = ++xfrm_state_genid;
914
915         list_add(&x->km.all, &init_net.xfrm.state_all);
916
917         h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
918                           x->props.reqid, x->props.family);
919         hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
920
921         h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
922         hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
923
924         if (x->id.spi) {
925                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
926                                   x->props.family);
927
928                 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
929         }
930
931         mod_timer(&x->timer, jiffies + HZ);
932         if (x->replay_maxage)
933                 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
934
935         wake_up(&km_waitq);
936
937         init_net.xfrm.state_num++;
938
939         xfrm_hash_grow_check(x->bydst.next != NULL);
940 }
941
942 /* xfrm_state_lock is held */
943 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
944 {
945         unsigned short family = xnew->props.family;
946         u32 reqid = xnew->props.reqid;
947         struct xfrm_state *x;
948         struct hlist_node *entry;
949         unsigned int h;
950
951         h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
952         hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
953                 if (x->props.family     == family &&
954                     x->props.reqid      == reqid &&
955                     !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
956                     !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
957                         x->genid = xfrm_state_genid;
958         }
959 }
960
961 void xfrm_state_insert(struct xfrm_state *x)
962 {
963         spin_lock_bh(&xfrm_state_lock);
964         __xfrm_state_bump_genids(x);
965         __xfrm_state_insert(x);
966         spin_unlock_bh(&xfrm_state_lock);
967 }
968 EXPORT_SYMBOL(xfrm_state_insert);
969
970 /* xfrm_state_lock is held */
971 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
972 {
973         unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
974         struct hlist_node *entry;
975         struct xfrm_state *x;
976
977         hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
978                 if (x->props.reqid  != reqid ||
979                     x->props.mode   != mode ||
980                     x->props.family != family ||
981                     x->km.state     != XFRM_STATE_ACQ ||
982                     x->id.spi       != 0 ||
983                     x->id.proto     != proto)
984                         continue;
985
986                 switch (family) {
987                 case AF_INET:
988                         if (x->id.daddr.a4    != daddr->a4 ||
989                             x->props.saddr.a4 != saddr->a4)
990                                 continue;
991                         break;
992                 case AF_INET6:
993                         if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
994                                              (struct in6_addr *)daddr) ||
995                             !ipv6_addr_equal((struct in6_addr *)
996                                              x->props.saddr.a6,
997                                              (struct in6_addr *)saddr))
998                                 continue;
999                         break;
1000                 }
1001
1002                 xfrm_state_hold(x);
1003                 return x;
1004         }
1005
1006         if (!create)
1007                 return NULL;
1008
1009         x = xfrm_state_alloc(&init_net);
1010         if (likely(x)) {
1011                 switch (family) {
1012                 case AF_INET:
1013                         x->sel.daddr.a4 = daddr->a4;
1014                         x->sel.saddr.a4 = saddr->a4;
1015                         x->sel.prefixlen_d = 32;
1016                         x->sel.prefixlen_s = 32;
1017                         x->props.saddr.a4 = saddr->a4;
1018                         x->id.daddr.a4 = daddr->a4;
1019                         break;
1020
1021                 case AF_INET6:
1022                         ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1023                                        (struct in6_addr *)daddr);
1024                         ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1025                                        (struct in6_addr *)saddr);
1026                         x->sel.prefixlen_d = 128;
1027                         x->sel.prefixlen_s = 128;
1028                         ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1029                                        (struct in6_addr *)saddr);
1030                         ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1031                                        (struct in6_addr *)daddr);
1032                         break;
1033                 }
1034
1035                 x->km.state = XFRM_STATE_ACQ;
1036                 x->id.proto = proto;
1037                 x->props.family = family;
1038                 x->props.mode = mode;
1039                 x->props.reqid = reqid;
1040                 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
1041                 xfrm_state_hold(x);
1042                 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1043                 add_timer(&x->timer);
1044                 list_add(&x->km.all, &init_net.xfrm.state_all);
1045                 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
1046                 h = xfrm_src_hash(daddr, saddr, family);
1047                 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1048
1049                 init_net.xfrm.state_num++;
1050
1051                 xfrm_hash_grow_check(x->bydst.next != NULL);
1052         }
1053
1054         return x;
1055 }
1056
1057 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1058
1059 int xfrm_state_add(struct xfrm_state *x)
1060 {
1061         struct xfrm_state *x1, *to_put;
1062         int family;
1063         int err;
1064         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1065
1066         family = x->props.family;
1067
1068         to_put = NULL;
1069
1070         spin_lock_bh(&xfrm_state_lock);
1071
1072         x1 = __xfrm_state_locate(x, use_spi, family);
1073         if (x1) {
1074                 to_put = x1;
1075                 x1 = NULL;
1076                 err = -EEXIST;
1077                 goto out;
1078         }
1079
1080         if (use_spi && x->km.seq) {
1081                 x1 = __xfrm_find_acq_byseq(x->km.seq);
1082                 if (x1 && ((x1->id.proto != x->id.proto) ||
1083                     xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1084                         to_put = x1;
1085                         x1 = NULL;
1086                 }
1087         }
1088
1089         if (use_spi && !x1)
1090                 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1091                                      x->id.proto,
1092                                      &x->id.daddr, &x->props.saddr, 0);
1093
1094         __xfrm_state_bump_genids(x);
1095         __xfrm_state_insert(x);
1096         err = 0;
1097
1098 out:
1099         spin_unlock_bh(&xfrm_state_lock);
1100
1101         if (x1) {
1102                 xfrm_state_delete(x1);
1103                 xfrm_state_put(x1);
1104         }
1105
1106         if (to_put)
1107                 xfrm_state_put(to_put);
1108
1109         return err;
1110 }
1111 EXPORT_SYMBOL(xfrm_state_add);
1112
1113 #ifdef CONFIG_XFRM_MIGRATE
1114 static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1115 {
1116         int err = -ENOMEM;
1117         struct xfrm_state *x = xfrm_state_alloc(&init_net);
1118         if (!x)
1119                 goto error;
1120
1121         memcpy(&x->id, &orig->id, sizeof(x->id));
1122         memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1123         memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1124         x->props.mode = orig->props.mode;
1125         x->props.replay_window = orig->props.replay_window;
1126         x->props.reqid = orig->props.reqid;
1127         x->props.family = orig->props.family;
1128         x->props.saddr = orig->props.saddr;
1129
1130         if (orig->aalg) {
1131                 x->aalg = xfrm_algo_clone(orig->aalg);
1132                 if (!x->aalg)
1133                         goto error;
1134         }
1135         x->props.aalgo = orig->props.aalgo;
1136
1137         if (orig->ealg) {
1138                 x->ealg = xfrm_algo_clone(orig->ealg);
1139                 if (!x->ealg)
1140                         goto error;
1141         }
1142         x->props.ealgo = orig->props.ealgo;
1143
1144         if (orig->calg) {
1145                 x->calg = xfrm_algo_clone(orig->calg);
1146                 if (!x->calg)
1147                         goto error;
1148         }
1149         x->props.calgo = orig->props.calgo;
1150
1151         if (orig->encap) {
1152                 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1153                 if (!x->encap)
1154                         goto error;
1155         }
1156
1157         if (orig->coaddr) {
1158                 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1159                                     GFP_KERNEL);
1160                 if (!x->coaddr)
1161                         goto error;
1162         }
1163
1164         err = xfrm_init_state(x);
1165         if (err)
1166                 goto error;
1167
1168         x->props.flags = orig->props.flags;
1169
1170         x->curlft.add_time = orig->curlft.add_time;
1171         x->km.state = orig->km.state;
1172         x->km.seq = orig->km.seq;
1173
1174         return x;
1175
1176  error:
1177         if (errp)
1178                 *errp = err;
1179         if (x) {
1180                 kfree(x->aalg);
1181                 kfree(x->ealg);
1182                 kfree(x->calg);
1183                 kfree(x->encap);
1184                 kfree(x->coaddr);
1185         }
1186         kfree(x);
1187         return NULL;
1188 }
1189
1190 /* xfrm_state_lock is held */
1191 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1192 {
1193         unsigned int h;
1194         struct xfrm_state *x;
1195         struct hlist_node *entry;
1196
1197         if (m->reqid) {
1198                 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1199                                   m->reqid, m->old_family);
1200                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
1201                         if (x->props.mode != m->mode ||
1202                             x->id.proto != m->proto)
1203                                 continue;
1204                         if (m->reqid && x->props.reqid != m->reqid)
1205                                 continue;
1206                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1207                                           m->old_family) ||
1208                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1209                                           m->old_family))
1210                                 continue;
1211                         xfrm_state_hold(x);
1212                         return x;
1213                 }
1214         } else {
1215                 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1216                                   m->old_family);
1217                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
1218                         if (x->props.mode != m->mode ||
1219                             x->id.proto != m->proto)
1220                                 continue;
1221                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1222                                           m->old_family) ||
1223                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1224                                           m->old_family))
1225                                 continue;
1226                         xfrm_state_hold(x);
1227                         return x;
1228                 }
1229         }
1230
1231         return NULL;
1232 }
1233 EXPORT_SYMBOL(xfrm_migrate_state_find);
1234
1235 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1236                                        struct xfrm_migrate *m)
1237 {
1238         struct xfrm_state *xc;
1239         int err;
1240
1241         xc = xfrm_state_clone(x, &err);
1242         if (!xc)
1243                 return NULL;
1244
1245         memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1246         memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1247
1248         /* add state */
1249         if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1250                 /* a care is needed when the destination address of the
1251                    state is to be updated as it is a part of triplet */
1252                 xfrm_state_insert(xc);
1253         } else {
1254                 if ((err = xfrm_state_add(xc)) < 0)
1255                         goto error;
1256         }
1257
1258         return xc;
1259 error:
1260         kfree(xc);
1261         return NULL;
1262 }
1263 EXPORT_SYMBOL(xfrm_state_migrate);
1264 #endif
1265
1266 int xfrm_state_update(struct xfrm_state *x)
1267 {
1268         struct xfrm_state *x1, *to_put;
1269         int err;
1270         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1271
1272         to_put = NULL;
1273
1274         spin_lock_bh(&xfrm_state_lock);
1275         x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1276
1277         err = -ESRCH;
1278         if (!x1)
1279                 goto out;
1280
1281         if (xfrm_state_kern(x1)) {
1282                 to_put = x1;
1283                 err = -EEXIST;
1284                 goto out;
1285         }
1286
1287         if (x1->km.state == XFRM_STATE_ACQ) {
1288                 __xfrm_state_insert(x);
1289                 x = NULL;
1290         }
1291         err = 0;
1292
1293 out:
1294         spin_unlock_bh(&xfrm_state_lock);
1295
1296         if (to_put)
1297                 xfrm_state_put(to_put);
1298
1299         if (err)
1300                 return err;
1301
1302         if (!x) {
1303                 xfrm_state_delete(x1);
1304                 xfrm_state_put(x1);
1305                 return 0;
1306         }
1307
1308         err = -EINVAL;
1309         spin_lock_bh(&x1->lock);
1310         if (likely(x1->km.state == XFRM_STATE_VALID)) {
1311                 if (x->encap && x1->encap)
1312                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1313                 if (x->coaddr && x1->coaddr) {
1314                         memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1315                 }
1316                 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1317                         memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1318                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1319                 x1->km.dying = 0;
1320
1321                 mod_timer(&x1->timer, jiffies + HZ);
1322                 if (x1->curlft.use_time)
1323                         xfrm_state_check_expire(x1);
1324
1325                 err = 0;
1326         }
1327         spin_unlock_bh(&x1->lock);
1328
1329         xfrm_state_put(x1);
1330
1331         return err;
1332 }
1333 EXPORT_SYMBOL(xfrm_state_update);
1334
1335 int xfrm_state_check_expire(struct xfrm_state *x)
1336 {
1337         if (!x->curlft.use_time)
1338                 x->curlft.use_time = get_seconds();
1339
1340         if (x->km.state != XFRM_STATE_VALID)
1341                 return -EINVAL;
1342
1343         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1344             x->curlft.packets >= x->lft.hard_packet_limit) {
1345                 x->km.state = XFRM_STATE_EXPIRED;
1346                 mod_timer(&x->timer, jiffies);
1347                 return -EINVAL;
1348         }
1349
1350         if (!x->km.dying &&
1351             (x->curlft.bytes >= x->lft.soft_byte_limit ||
1352              x->curlft.packets >= x->lft.soft_packet_limit)) {
1353                 x->km.dying = 1;
1354                 km_state_expired(x, 0, 0);
1355         }
1356         return 0;
1357 }
1358 EXPORT_SYMBOL(xfrm_state_check_expire);
1359
1360 struct xfrm_state *
1361 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1362                   unsigned short family)
1363 {
1364         struct xfrm_state *x;
1365
1366         spin_lock_bh(&xfrm_state_lock);
1367         x = __xfrm_state_lookup(daddr, spi, proto, family);
1368         spin_unlock_bh(&xfrm_state_lock);
1369         return x;
1370 }
1371 EXPORT_SYMBOL(xfrm_state_lookup);
1372
1373 struct xfrm_state *
1374 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1375                          u8 proto, unsigned short family)
1376 {
1377         struct xfrm_state *x;
1378
1379         spin_lock_bh(&xfrm_state_lock);
1380         x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
1381         spin_unlock_bh(&xfrm_state_lock);
1382         return x;
1383 }
1384 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1385
1386 struct xfrm_state *
1387 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1388               xfrm_address_t *daddr, xfrm_address_t *saddr,
1389               int create, unsigned short family)
1390 {
1391         struct xfrm_state *x;
1392
1393         spin_lock_bh(&xfrm_state_lock);
1394         x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1395         spin_unlock_bh(&xfrm_state_lock);
1396
1397         return x;
1398 }
1399 EXPORT_SYMBOL(xfrm_find_acq);
1400
1401 #ifdef CONFIG_XFRM_SUB_POLICY
1402 int
1403 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1404                unsigned short family)
1405 {
1406         int err = 0;
1407         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1408         if (!afinfo)
1409                 return -EAFNOSUPPORT;
1410
1411         spin_lock_bh(&xfrm_state_lock);
1412         if (afinfo->tmpl_sort)
1413                 err = afinfo->tmpl_sort(dst, src, n);
1414         spin_unlock_bh(&xfrm_state_lock);
1415         xfrm_state_put_afinfo(afinfo);
1416         return err;
1417 }
1418 EXPORT_SYMBOL(xfrm_tmpl_sort);
1419
1420 int
1421 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1422                 unsigned short family)
1423 {
1424         int err = 0;
1425         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1426         if (!afinfo)
1427                 return -EAFNOSUPPORT;
1428
1429         spin_lock_bh(&xfrm_state_lock);
1430         if (afinfo->state_sort)
1431                 err = afinfo->state_sort(dst, src, n);
1432         spin_unlock_bh(&xfrm_state_lock);
1433         xfrm_state_put_afinfo(afinfo);
1434         return err;
1435 }
1436 EXPORT_SYMBOL(xfrm_state_sort);
1437 #endif
1438
1439 /* Silly enough, but I'm lazy to build resolution list */
1440
1441 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1442 {
1443         int i;
1444
1445         for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
1446                 struct hlist_node *entry;
1447                 struct xfrm_state *x;
1448
1449                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
1450                         if (x->km.seq == seq &&
1451                             x->km.state == XFRM_STATE_ACQ) {
1452                                 xfrm_state_hold(x);
1453                                 return x;
1454                         }
1455                 }
1456         }
1457         return NULL;
1458 }
1459
1460 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1461 {
1462         struct xfrm_state *x;
1463
1464         spin_lock_bh(&xfrm_state_lock);
1465         x = __xfrm_find_acq_byseq(seq);
1466         spin_unlock_bh(&xfrm_state_lock);
1467         return x;
1468 }
1469 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1470
1471 u32 xfrm_get_acqseq(void)
1472 {
1473         u32 res;
1474         static u32 acqseq;
1475         static DEFINE_SPINLOCK(acqseq_lock);
1476
1477         spin_lock_bh(&acqseq_lock);
1478         res = (++acqseq ? : ++acqseq);
1479         spin_unlock_bh(&acqseq_lock);
1480         return res;
1481 }
1482 EXPORT_SYMBOL(xfrm_get_acqseq);
1483
1484 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1485 {
1486         unsigned int h;
1487         struct xfrm_state *x0;
1488         int err = -ENOENT;
1489         __be32 minspi = htonl(low);
1490         __be32 maxspi = htonl(high);
1491
1492         spin_lock_bh(&x->lock);
1493         if (x->km.state == XFRM_STATE_DEAD)
1494                 goto unlock;
1495
1496         err = 0;
1497         if (x->id.spi)
1498                 goto unlock;
1499
1500         err = -ENOENT;
1501
1502         if (minspi == maxspi) {
1503                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1504                 if (x0) {
1505                         xfrm_state_put(x0);
1506                         goto unlock;
1507                 }
1508                 x->id.spi = minspi;
1509         } else {
1510                 u32 spi = 0;
1511                 for (h=0; h<high-low+1; h++) {
1512                         spi = low + net_random()%(high-low+1);
1513                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1514                         if (x0 == NULL) {
1515                                 x->id.spi = htonl(spi);
1516                                 break;
1517                         }
1518                         xfrm_state_put(x0);
1519                 }
1520         }
1521         if (x->id.spi) {
1522                 spin_lock_bh(&xfrm_state_lock);
1523                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1524                 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1525                 spin_unlock_bh(&xfrm_state_lock);
1526
1527                 err = 0;
1528         }
1529
1530 unlock:
1531         spin_unlock_bh(&x->lock);
1532
1533         return err;
1534 }
1535 EXPORT_SYMBOL(xfrm_alloc_spi);
1536
1537 int xfrm_state_walk(struct xfrm_state_walk *walk,
1538                     int (*func)(struct xfrm_state *, int, void*),
1539                     void *data)
1540 {
1541         struct xfrm_state *state;
1542         struct xfrm_state_walk *x;
1543         int err = 0;
1544
1545         if (walk->seq != 0 && list_empty(&walk->all))
1546                 return 0;
1547
1548         spin_lock_bh(&xfrm_state_lock);
1549         if (list_empty(&walk->all))
1550                 x = list_first_entry(&init_net.xfrm.state_all, struct xfrm_state_walk, all);
1551         else
1552                 x = list_entry(&walk->all, struct xfrm_state_walk, all);
1553         list_for_each_entry_from(x, &init_net.xfrm.state_all, all) {
1554                 if (x->state == XFRM_STATE_DEAD)
1555                         continue;
1556                 state = container_of(x, struct xfrm_state, km);
1557                 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
1558                         continue;
1559                 err = func(state, walk->seq, data);
1560                 if (err) {
1561                         list_move_tail(&walk->all, &x->all);
1562                         goto out;
1563                 }
1564                 walk->seq++;
1565         }
1566         if (walk->seq == 0) {
1567                 err = -ENOENT;
1568                 goto out;
1569         }
1570         list_del_init(&walk->all);
1571 out:
1572         spin_unlock_bh(&xfrm_state_lock);
1573         return err;
1574 }
1575 EXPORT_SYMBOL(xfrm_state_walk);
1576
1577 void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1578 {
1579         INIT_LIST_HEAD(&walk->all);
1580         walk->proto = proto;
1581         walk->state = XFRM_STATE_DEAD;
1582         walk->seq = 0;
1583 }
1584 EXPORT_SYMBOL(xfrm_state_walk_init);
1585
1586 void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1587 {
1588         if (list_empty(&walk->all))
1589                 return;
1590
1591         spin_lock_bh(&xfrm_state_lock);
1592         list_del(&walk->all);
1593         spin_lock_bh(&xfrm_state_lock);
1594 }
1595 EXPORT_SYMBOL(xfrm_state_walk_done);
1596
1597
1598 void xfrm_replay_notify(struct xfrm_state *x, int event)
1599 {
1600         struct km_event c;
1601         /* we send notify messages in case
1602          *  1. we updated on of the sequence numbers, and the seqno difference
1603          *     is at least x->replay_maxdiff, in this case we also update the
1604          *     timeout of our timer function
1605          *  2. if x->replay_maxage has elapsed since last update,
1606          *     and there were changes
1607          *
1608          *  The state structure must be locked!
1609          */
1610
1611         switch (event) {
1612         case XFRM_REPLAY_UPDATE:
1613                 if (x->replay_maxdiff &&
1614                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1615                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1616                         if (x->xflags & XFRM_TIME_DEFER)
1617                                 event = XFRM_REPLAY_TIMEOUT;
1618                         else
1619                                 return;
1620                 }
1621
1622                 break;
1623
1624         case XFRM_REPLAY_TIMEOUT:
1625                 if ((x->replay.seq == x->preplay.seq) &&
1626                     (x->replay.bitmap == x->preplay.bitmap) &&
1627                     (x->replay.oseq == x->preplay.oseq)) {
1628                         x->xflags |= XFRM_TIME_DEFER;
1629                         return;
1630                 }
1631
1632                 break;
1633         }
1634
1635         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1636         c.event = XFRM_MSG_NEWAE;
1637         c.data.aevent = event;
1638         km_state_notify(x, &c);
1639
1640         if (x->replay_maxage &&
1641             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1642                 x->xflags &= ~XFRM_TIME_DEFER;
1643 }
1644
1645 static void xfrm_replay_timer_handler(unsigned long data)
1646 {
1647         struct xfrm_state *x = (struct xfrm_state*)data;
1648
1649         spin_lock(&x->lock);
1650
1651         if (x->km.state == XFRM_STATE_VALID) {
1652                 if (xfrm_aevent_is_on())
1653                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1654                 else
1655                         x->xflags |= XFRM_TIME_DEFER;
1656         }
1657
1658         spin_unlock(&x->lock);
1659 }
1660
1661 int xfrm_replay_check(struct xfrm_state *x,
1662                       struct sk_buff *skb, __be32 net_seq)
1663 {
1664         u32 diff;
1665         u32 seq = ntohl(net_seq);
1666
1667         if (unlikely(seq == 0))
1668                 goto err;
1669
1670         if (likely(seq > x->replay.seq))
1671                 return 0;
1672
1673         diff = x->replay.seq - seq;
1674         if (diff >= min_t(unsigned int, x->props.replay_window,
1675                           sizeof(x->replay.bitmap) * 8)) {
1676                 x->stats.replay_window++;
1677                 goto err;
1678         }
1679
1680         if (x->replay.bitmap & (1U << diff)) {
1681                 x->stats.replay++;
1682                 goto err;
1683         }
1684         return 0;
1685
1686 err:
1687         xfrm_audit_state_replay(x, skb, net_seq);
1688         return -EINVAL;
1689 }
1690
1691 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1692 {
1693         u32 diff;
1694         u32 seq = ntohl(net_seq);
1695
1696         if (seq > x->replay.seq) {
1697                 diff = seq - x->replay.seq;
1698                 if (diff < x->props.replay_window)
1699                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1700                 else
1701                         x->replay.bitmap = 1;
1702                 x->replay.seq = seq;
1703         } else {
1704                 diff = x->replay.seq - seq;
1705                 x->replay.bitmap |= (1U << diff);
1706         }
1707
1708         if (xfrm_aevent_is_on())
1709                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1710 }
1711
1712 static LIST_HEAD(xfrm_km_list);
1713 static DEFINE_RWLOCK(xfrm_km_lock);
1714
1715 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1716 {
1717         struct xfrm_mgr *km;
1718
1719         read_lock(&xfrm_km_lock);
1720         list_for_each_entry(km, &xfrm_km_list, list)
1721                 if (km->notify_policy)
1722                         km->notify_policy(xp, dir, c);
1723         read_unlock(&xfrm_km_lock);
1724 }
1725
1726 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1727 {
1728         struct xfrm_mgr *km;
1729         read_lock(&xfrm_km_lock);
1730         list_for_each_entry(km, &xfrm_km_list, list)
1731                 if (km->notify)
1732                         km->notify(x, c);
1733         read_unlock(&xfrm_km_lock);
1734 }
1735
1736 EXPORT_SYMBOL(km_policy_notify);
1737 EXPORT_SYMBOL(km_state_notify);
1738
1739 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1740 {
1741         struct km_event c;
1742
1743         c.data.hard = hard;
1744         c.pid = pid;
1745         c.event = XFRM_MSG_EXPIRE;
1746         km_state_notify(x, &c);
1747
1748         if (hard)
1749                 wake_up(&km_waitq);
1750 }
1751
1752 EXPORT_SYMBOL(km_state_expired);
1753 /*
1754  * We send to all registered managers regardless of failure
1755  * We are happy with one success
1756 */
1757 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1758 {
1759         int err = -EINVAL, acqret;
1760         struct xfrm_mgr *km;
1761
1762         read_lock(&xfrm_km_lock);
1763         list_for_each_entry(km, &xfrm_km_list, list) {
1764                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1765                 if (!acqret)
1766                         err = acqret;
1767         }
1768         read_unlock(&xfrm_km_lock);
1769         return err;
1770 }
1771 EXPORT_SYMBOL(km_query);
1772
1773 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1774 {
1775         int err = -EINVAL;
1776         struct xfrm_mgr *km;
1777
1778         read_lock(&xfrm_km_lock);
1779         list_for_each_entry(km, &xfrm_km_list, list) {
1780                 if (km->new_mapping)
1781                         err = km->new_mapping(x, ipaddr, sport);
1782                 if (!err)
1783                         break;
1784         }
1785         read_unlock(&xfrm_km_lock);
1786         return err;
1787 }
1788 EXPORT_SYMBOL(km_new_mapping);
1789
1790 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1791 {
1792         struct km_event c;
1793
1794         c.data.hard = hard;
1795         c.pid = pid;
1796         c.event = XFRM_MSG_POLEXPIRE;
1797         km_policy_notify(pol, dir, &c);
1798
1799         if (hard)
1800                 wake_up(&km_waitq);
1801 }
1802 EXPORT_SYMBOL(km_policy_expired);
1803
1804 #ifdef CONFIG_XFRM_MIGRATE
1805 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1806                struct xfrm_migrate *m, int num_migrate,
1807                struct xfrm_kmaddress *k)
1808 {
1809         int err = -EINVAL;
1810         int ret;
1811         struct xfrm_mgr *km;
1812
1813         read_lock(&xfrm_km_lock);
1814         list_for_each_entry(km, &xfrm_km_list, list) {
1815                 if (km->migrate) {
1816                         ret = km->migrate(sel, dir, type, m, num_migrate, k);
1817                         if (!ret)
1818                                 err = ret;
1819                 }
1820         }
1821         read_unlock(&xfrm_km_lock);
1822         return err;
1823 }
1824 EXPORT_SYMBOL(km_migrate);
1825 #endif
1826
1827 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1828 {
1829         int err = -EINVAL;
1830         int ret;
1831         struct xfrm_mgr *km;
1832
1833         read_lock(&xfrm_km_lock);
1834         list_for_each_entry(km, &xfrm_km_list, list) {
1835                 if (km->report) {
1836                         ret = km->report(proto, sel, addr);
1837                         if (!ret)
1838                                 err = ret;
1839                 }
1840         }
1841         read_unlock(&xfrm_km_lock);
1842         return err;
1843 }
1844 EXPORT_SYMBOL(km_report);
1845
1846 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1847 {
1848         int err;
1849         u8 *data;
1850         struct xfrm_mgr *km;
1851         struct xfrm_policy *pol = NULL;
1852
1853         if (optlen <= 0 || optlen > PAGE_SIZE)
1854                 return -EMSGSIZE;
1855
1856         data = kmalloc(optlen, GFP_KERNEL);
1857         if (!data)
1858                 return -ENOMEM;
1859
1860         err = -EFAULT;
1861         if (copy_from_user(data, optval, optlen))
1862                 goto out;
1863
1864         err = -EINVAL;
1865         read_lock(&xfrm_km_lock);
1866         list_for_each_entry(km, &xfrm_km_list, list) {
1867                 pol = km->compile_policy(sk, optname, data,
1868                                          optlen, &err);
1869                 if (err >= 0)
1870                         break;
1871         }
1872         read_unlock(&xfrm_km_lock);
1873
1874         if (err >= 0) {
1875                 xfrm_sk_policy_insert(sk, err, pol);
1876                 xfrm_pol_put(pol);
1877                 err = 0;
1878         }
1879
1880 out:
1881         kfree(data);
1882         return err;
1883 }
1884 EXPORT_SYMBOL(xfrm_user_policy);
1885
1886 int xfrm_register_km(struct xfrm_mgr *km)
1887 {
1888         write_lock_bh(&xfrm_km_lock);
1889         list_add_tail(&km->list, &xfrm_km_list);
1890         write_unlock_bh(&xfrm_km_lock);
1891         return 0;
1892 }
1893 EXPORT_SYMBOL(xfrm_register_km);
1894
1895 int xfrm_unregister_km(struct xfrm_mgr *km)
1896 {
1897         write_lock_bh(&xfrm_km_lock);
1898         list_del(&km->list);
1899         write_unlock_bh(&xfrm_km_lock);
1900         return 0;
1901 }
1902 EXPORT_SYMBOL(xfrm_unregister_km);
1903
1904 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1905 {
1906         int err = 0;
1907         if (unlikely(afinfo == NULL))
1908                 return -EINVAL;
1909         if (unlikely(afinfo->family >= NPROTO))
1910                 return -EAFNOSUPPORT;
1911         write_lock_bh(&xfrm_state_afinfo_lock);
1912         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1913                 err = -ENOBUFS;
1914         else
1915                 xfrm_state_afinfo[afinfo->family] = afinfo;
1916         write_unlock_bh(&xfrm_state_afinfo_lock);
1917         return err;
1918 }
1919 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1920
1921 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1922 {
1923         int err = 0;
1924         if (unlikely(afinfo == NULL))
1925                 return -EINVAL;
1926         if (unlikely(afinfo->family >= NPROTO))
1927                 return -EAFNOSUPPORT;
1928         write_lock_bh(&xfrm_state_afinfo_lock);
1929         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1930                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1931                         err = -EINVAL;
1932                 else
1933                         xfrm_state_afinfo[afinfo->family] = NULL;
1934         }
1935         write_unlock_bh(&xfrm_state_afinfo_lock);
1936         return err;
1937 }
1938 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1939
1940 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1941 {
1942         struct xfrm_state_afinfo *afinfo;
1943         if (unlikely(family >= NPROTO))
1944                 return NULL;
1945         read_lock(&xfrm_state_afinfo_lock);
1946         afinfo = xfrm_state_afinfo[family];
1947         if (unlikely(!afinfo))
1948                 read_unlock(&xfrm_state_afinfo_lock);
1949         return afinfo;
1950 }
1951
1952 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1953         __releases(xfrm_state_afinfo_lock)
1954 {
1955         read_unlock(&xfrm_state_afinfo_lock);
1956 }
1957
1958 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1959 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1960 {
1961         if (x->tunnel) {
1962                 struct xfrm_state *t = x->tunnel;
1963
1964                 if (atomic_read(&t->tunnel_users) == 2)
1965                         xfrm_state_delete(t);
1966                 atomic_dec(&t->tunnel_users);
1967                 xfrm_state_put(t);
1968                 x->tunnel = NULL;
1969         }
1970 }
1971 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1972
1973 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1974 {
1975         int res;
1976
1977         spin_lock_bh(&x->lock);
1978         if (x->km.state == XFRM_STATE_VALID &&
1979             x->type && x->type->get_mtu)
1980                 res = x->type->get_mtu(x, mtu);
1981         else
1982                 res = mtu - x->props.header_len;
1983         spin_unlock_bh(&x->lock);
1984         return res;
1985 }
1986
1987 int xfrm_init_state(struct xfrm_state *x)
1988 {
1989         struct xfrm_state_afinfo *afinfo;
1990         struct xfrm_mode *inner_mode;
1991         int family = x->props.family;
1992         int err;
1993
1994         err = -EAFNOSUPPORT;
1995         afinfo = xfrm_state_get_afinfo(family);
1996         if (!afinfo)
1997                 goto error;
1998
1999         err = 0;
2000         if (afinfo->init_flags)
2001                 err = afinfo->init_flags(x);
2002
2003         xfrm_state_put_afinfo(afinfo);
2004
2005         if (err)
2006                 goto error;
2007
2008         err = -EPROTONOSUPPORT;
2009
2010         if (x->sel.family != AF_UNSPEC) {
2011                 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2012                 if (inner_mode == NULL)
2013                         goto error;
2014
2015                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2016                     family != x->sel.family) {
2017                         xfrm_put_mode(inner_mode);
2018                         goto error;
2019                 }
2020
2021                 x->inner_mode = inner_mode;
2022         } else {
2023                 struct xfrm_mode *inner_mode_iaf;
2024
2025                 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2026                 if (inner_mode == NULL)
2027                         goto error;
2028
2029                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2030                         xfrm_put_mode(inner_mode);
2031                         goto error;
2032                 }
2033
2034                 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2035                 if (inner_mode_iaf == NULL)
2036                         goto error;
2037
2038                 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2039                         xfrm_put_mode(inner_mode_iaf);
2040                         goto error;
2041                 }
2042
2043                 if (x->props.family == AF_INET) {
2044                         x->inner_mode = inner_mode;
2045                         x->inner_mode_iaf = inner_mode_iaf;
2046                 } else {
2047                         x->inner_mode = inner_mode_iaf;
2048                         x->inner_mode_iaf = inner_mode;
2049                 }
2050         }
2051
2052         x->type = xfrm_get_type(x->id.proto, family);
2053         if (x->type == NULL)
2054                 goto error;
2055
2056         err = x->type->init_state(x);
2057         if (err)
2058                 goto error;
2059
2060         x->outer_mode = xfrm_get_mode(x->props.mode, family);
2061         if (x->outer_mode == NULL)
2062                 goto error;
2063
2064         x->km.state = XFRM_STATE_VALID;
2065
2066 error:
2067         return err;
2068 }
2069
2070 EXPORT_SYMBOL(xfrm_init_state);
2071
2072 int __net_init xfrm_state_init(struct net *net)
2073 {
2074         unsigned int sz;
2075
2076         INIT_LIST_HEAD(&net->xfrm.state_all);
2077
2078         sz = sizeof(struct hlist_head) * 8;
2079
2080         net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2081         if (!net->xfrm.state_bydst)
2082                 goto out_bydst;
2083         net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2084         if (!net->xfrm.state_bysrc)
2085                 goto out_bysrc;
2086         net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2087         if (!net->xfrm.state_byspi)
2088                 goto out_byspi;
2089         net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2090
2091         net->xfrm.state_num = 0;
2092         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
2093         return 0;
2094
2095 out_byspi:
2096         xfrm_hash_free(net->xfrm.state_bysrc, sz);
2097 out_bysrc:
2098         xfrm_hash_free(net->xfrm.state_bydst, sz);
2099 out_bydst:
2100         return -ENOMEM;
2101 }
2102
2103 void xfrm_state_fini(struct net *net)
2104 {
2105         unsigned int sz;
2106
2107         WARN_ON(!list_empty(&net->xfrm.state_all));
2108
2109         sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
2110         WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2111         xfrm_hash_free(net->xfrm.state_byspi, sz);
2112         WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2113         xfrm_hash_free(net->xfrm.state_bysrc, sz);
2114         WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2115         xfrm_hash_free(net->xfrm.state_bydst, sz);
2116 }
2117
2118 #ifdef CONFIG_AUDITSYSCALL
2119 static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2120                                      struct audit_buffer *audit_buf)
2121 {
2122         struct xfrm_sec_ctx *ctx = x->security;
2123         u32 spi = ntohl(x->id.spi);
2124
2125         if (ctx)
2126                 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2127                                  ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2128
2129         switch(x->props.family) {
2130         case AF_INET:
2131                 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2132                                  &x->props.saddr.a4, &x->id.daddr.a4);
2133                 break;
2134         case AF_INET6:
2135                 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
2136                                  x->props.saddr.a6, x->id.daddr.a6);
2137                 break;
2138         }
2139
2140         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2141 }
2142
2143 static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2144                                       struct audit_buffer *audit_buf)
2145 {
2146         struct iphdr *iph4;
2147         struct ipv6hdr *iph6;
2148
2149         switch (family) {
2150         case AF_INET:
2151                 iph4 = ip_hdr(skb);
2152                 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2153                                  &iph4->saddr, &iph4->daddr);
2154                 break;
2155         case AF_INET6:
2156                 iph6 = ipv6_hdr(skb);
2157                 audit_log_format(audit_buf,
2158                                  " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
2159                                  &iph6->saddr,&iph6->daddr,
2160                                  iph6->flow_lbl[0] & 0x0f,
2161                                  iph6->flow_lbl[1],
2162                                  iph6->flow_lbl[2]);
2163                 break;
2164         }
2165 }
2166
2167 void xfrm_audit_state_add(struct xfrm_state *x, int result,
2168                           uid_t auid, u32 sessionid, u32 secid)
2169 {
2170         struct audit_buffer *audit_buf;
2171
2172         audit_buf = xfrm_audit_start("SAD-add");
2173         if (audit_buf == NULL)
2174                 return;
2175         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2176         xfrm_audit_helper_sainfo(x, audit_buf);
2177         audit_log_format(audit_buf, " res=%u", result);
2178         audit_log_end(audit_buf);
2179 }
2180 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2181
2182 void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2183                              uid_t auid, u32 sessionid, u32 secid)
2184 {
2185         struct audit_buffer *audit_buf;
2186
2187         audit_buf = xfrm_audit_start("SAD-delete");
2188         if (audit_buf == NULL)
2189                 return;
2190         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2191         xfrm_audit_helper_sainfo(x, audit_buf);
2192         audit_log_format(audit_buf, " res=%u", result);
2193         audit_log_end(audit_buf);
2194 }
2195 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2196
2197 void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2198                                       struct sk_buff *skb)
2199 {
2200         struct audit_buffer *audit_buf;
2201         u32 spi;
2202
2203         audit_buf = xfrm_audit_start("SA-replay-overflow");
2204         if (audit_buf == NULL)
2205                 return;
2206         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2207         /* don't record the sequence number because it's inherent in this kind
2208          * of audit message */
2209         spi = ntohl(x->id.spi);
2210         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2211         audit_log_end(audit_buf);
2212 }
2213 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2214
2215 static void xfrm_audit_state_replay(struct xfrm_state *x,
2216                              struct sk_buff *skb, __be32 net_seq)
2217 {
2218         struct audit_buffer *audit_buf;
2219         u32 spi;
2220
2221         audit_buf = xfrm_audit_start("SA-replayed-pkt");
2222         if (audit_buf == NULL)
2223                 return;
2224         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2225         spi = ntohl(x->id.spi);
2226         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2227                          spi, spi, ntohl(net_seq));
2228         audit_log_end(audit_buf);
2229 }
2230
2231 void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2232 {
2233         struct audit_buffer *audit_buf;
2234
2235         audit_buf = xfrm_audit_start("SA-notfound");
2236         if (audit_buf == NULL)
2237                 return;
2238         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2239         audit_log_end(audit_buf);
2240 }
2241 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2242
2243 void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2244                                __be32 net_spi, __be32 net_seq)
2245 {
2246         struct audit_buffer *audit_buf;
2247         u32 spi;
2248
2249         audit_buf = xfrm_audit_start("SA-notfound");
2250         if (audit_buf == NULL)
2251                 return;
2252         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2253         spi = ntohl(net_spi);
2254         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2255                          spi, spi, ntohl(net_seq));
2256         audit_log_end(audit_buf);
2257 }
2258 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2259
2260 void xfrm_audit_state_icvfail(struct xfrm_state *x,
2261                               struct sk_buff *skb, u8 proto)
2262 {
2263         struct audit_buffer *audit_buf;
2264         __be32 net_spi;
2265         __be32 net_seq;
2266
2267         audit_buf = xfrm_audit_start("SA-icv-failure");
2268         if (audit_buf == NULL)
2269                 return;
2270         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2271         if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2272                 u32 spi = ntohl(net_spi);
2273                 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2274                                  spi, spi, ntohl(net_seq));
2275         }
2276         audit_log_end(audit_buf);
2277 }
2278 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2279 #endif /* CONFIG_AUDITSYSCALL */