netns xfrm: per-netns xfrm_state_hmask
[linux-2.6.git] / net / xfrm / xfrm_state.c
1 /*
2  * xfrm_state.c
3  *
4  * Changes:
5  *      Mitsuru KANDA @USAGI
6  *      Kazunori MIYAZAWA @USAGI
7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8  *              IPv6 support
9  *      YOSHIFUJI Hideaki @USAGI
10  *              Split up af-specific functions
11  *      Derek Atkins <derek@ihtfp.com>
12  *              Add UDP Encapsulation
13  *
14  */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <linux/cache.h>
22 #include <linux/audit.h>
23 #include <asm/uaccess.h>
24
25 #include "xfrm_hash.h"
26
27 struct sock *xfrm_nl;
28 EXPORT_SYMBOL(xfrm_nl);
29
30 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
31 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
33 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
34 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
36 u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
38 /* Each xfrm_state may be linked to two tables:
39
40    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
41    2. Hash table by (daddr,family,reqid) to find what SAs exist for given
42       destination/tunnel endpoint. (output)
43  */
44
45 static DEFINE_SPINLOCK(xfrm_state_lock);
46
47 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
48 static unsigned int xfrm_state_num;
49 static unsigned int xfrm_state_genid;
50
51 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
52 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
53
54 #ifdef CONFIG_AUDITSYSCALL
55 static void xfrm_audit_state_replay(struct xfrm_state *x,
56                                     struct sk_buff *skb, __be32 net_seq);
57 #else
58 #define xfrm_audit_state_replay(x, s, sq)       do { ; } while (0)
59 #endif /* CONFIG_AUDITSYSCALL */
60
61 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
62                                          xfrm_address_t *saddr,
63                                          u32 reqid,
64                                          unsigned short family)
65 {
66         return __xfrm_dst_hash(daddr, saddr, reqid, family, init_net.xfrm.state_hmask);
67 }
68
69 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
70                                          xfrm_address_t *saddr,
71                                          unsigned short family)
72 {
73         return __xfrm_src_hash(daddr, saddr, family, init_net.xfrm.state_hmask);
74 }
75
76 static inline unsigned int
77 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
78 {
79         return __xfrm_spi_hash(daddr, spi, proto, family, init_net.xfrm.state_hmask);
80 }
81
82 static void xfrm_hash_transfer(struct hlist_head *list,
83                                struct hlist_head *ndsttable,
84                                struct hlist_head *nsrctable,
85                                struct hlist_head *nspitable,
86                                unsigned int nhashmask)
87 {
88         struct hlist_node *entry, *tmp;
89         struct xfrm_state *x;
90
91         hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
92                 unsigned int h;
93
94                 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
95                                     x->props.reqid, x->props.family,
96                                     nhashmask);
97                 hlist_add_head(&x->bydst, ndsttable+h);
98
99                 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
100                                     x->props.family,
101                                     nhashmask);
102                 hlist_add_head(&x->bysrc, nsrctable+h);
103
104                 if (x->id.spi) {
105                         h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
106                                             x->id.proto, x->props.family,
107                                             nhashmask);
108                         hlist_add_head(&x->byspi, nspitable+h);
109                 }
110         }
111 }
112
113 static unsigned long xfrm_hash_new_size(void)
114 {
115         return ((init_net.xfrm.state_hmask + 1) << 1) *
116                 sizeof(struct hlist_head);
117 }
118
119 static DEFINE_MUTEX(hash_resize_mutex);
120
121 static void xfrm_hash_resize(struct work_struct *__unused)
122 {
123         struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
124         unsigned long nsize, osize;
125         unsigned int nhashmask, ohashmask;
126         int i;
127
128         mutex_lock(&hash_resize_mutex);
129
130         nsize = xfrm_hash_new_size();
131         ndst = xfrm_hash_alloc(nsize);
132         if (!ndst)
133                 goto out_unlock;
134         nsrc = xfrm_hash_alloc(nsize);
135         if (!nsrc) {
136                 xfrm_hash_free(ndst, nsize);
137                 goto out_unlock;
138         }
139         nspi = xfrm_hash_alloc(nsize);
140         if (!nspi) {
141                 xfrm_hash_free(ndst, nsize);
142                 xfrm_hash_free(nsrc, nsize);
143                 goto out_unlock;
144         }
145
146         spin_lock_bh(&xfrm_state_lock);
147
148         nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
149         for (i = init_net.xfrm.state_hmask; i >= 0; i--)
150                 xfrm_hash_transfer(init_net.xfrm.state_bydst+i, ndst, nsrc, nspi,
151                                    nhashmask);
152
153         odst = init_net.xfrm.state_bydst;
154         osrc = init_net.xfrm.state_bysrc;
155         ospi = init_net.xfrm.state_byspi;
156         ohashmask = init_net.xfrm.state_hmask;
157
158         init_net.xfrm.state_bydst = ndst;
159         init_net.xfrm.state_bysrc = nsrc;
160         init_net.xfrm.state_byspi = nspi;
161         init_net.xfrm.state_hmask = nhashmask;
162
163         spin_unlock_bh(&xfrm_state_lock);
164
165         osize = (ohashmask + 1) * sizeof(struct hlist_head);
166         xfrm_hash_free(odst, osize);
167         xfrm_hash_free(osrc, osize);
168         xfrm_hash_free(ospi, osize);
169
170 out_unlock:
171         mutex_unlock(&hash_resize_mutex);
172 }
173
174 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
175
176 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
177 EXPORT_SYMBOL(km_waitq);
178
179 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
180 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
181
182 static struct work_struct xfrm_state_gc_work;
183 static HLIST_HEAD(xfrm_state_gc_list);
184 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
185
186 int __xfrm_state_delete(struct xfrm_state *x);
187
188 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
189 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
190
191 static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
192 {
193         struct xfrm_state_afinfo *afinfo;
194         if (unlikely(family >= NPROTO))
195                 return NULL;
196         write_lock_bh(&xfrm_state_afinfo_lock);
197         afinfo = xfrm_state_afinfo[family];
198         if (unlikely(!afinfo))
199                 write_unlock_bh(&xfrm_state_afinfo_lock);
200         return afinfo;
201 }
202
203 static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
204         __releases(xfrm_state_afinfo_lock)
205 {
206         write_unlock_bh(&xfrm_state_afinfo_lock);
207 }
208
209 int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
210 {
211         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
212         const struct xfrm_type **typemap;
213         int err = 0;
214
215         if (unlikely(afinfo == NULL))
216                 return -EAFNOSUPPORT;
217         typemap = afinfo->type_map;
218
219         if (likely(typemap[type->proto] == NULL))
220                 typemap[type->proto] = type;
221         else
222                 err = -EEXIST;
223         xfrm_state_unlock_afinfo(afinfo);
224         return err;
225 }
226 EXPORT_SYMBOL(xfrm_register_type);
227
228 int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
229 {
230         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
231         const struct xfrm_type **typemap;
232         int err = 0;
233
234         if (unlikely(afinfo == NULL))
235                 return -EAFNOSUPPORT;
236         typemap = afinfo->type_map;
237
238         if (unlikely(typemap[type->proto] != type))
239                 err = -ENOENT;
240         else
241                 typemap[type->proto] = NULL;
242         xfrm_state_unlock_afinfo(afinfo);
243         return err;
244 }
245 EXPORT_SYMBOL(xfrm_unregister_type);
246
247 static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
248 {
249         struct xfrm_state_afinfo *afinfo;
250         const struct xfrm_type **typemap;
251         const struct xfrm_type *type;
252         int modload_attempted = 0;
253
254 retry:
255         afinfo = xfrm_state_get_afinfo(family);
256         if (unlikely(afinfo == NULL))
257                 return NULL;
258         typemap = afinfo->type_map;
259
260         type = typemap[proto];
261         if (unlikely(type && !try_module_get(type->owner)))
262                 type = NULL;
263         if (!type && !modload_attempted) {
264                 xfrm_state_put_afinfo(afinfo);
265                 request_module("xfrm-type-%d-%d", family, proto);
266                 modload_attempted = 1;
267                 goto retry;
268         }
269
270         xfrm_state_put_afinfo(afinfo);
271         return type;
272 }
273
274 static void xfrm_put_type(const struct xfrm_type *type)
275 {
276         module_put(type->owner);
277 }
278
279 int xfrm_register_mode(struct xfrm_mode *mode, int family)
280 {
281         struct xfrm_state_afinfo *afinfo;
282         struct xfrm_mode **modemap;
283         int err;
284
285         if (unlikely(mode->encap >= XFRM_MODE_MAX))
286                 return -EINVAL;
287
288         afinfo = xfrm_state_lock_afinfo(family);
289         if (unlikely(afinfo == NULL))
290                 return -EAFNOSUPPORT;
291
292         err = -EEXIST;
293         modemap = afinfo->mode_map;
294         if (modemap[mode->encap])
295                 goto out;
296
297         err = -ENOENT;
298         if (!try_module_get(afinfo->owner))
299                 goto out;
300
301         mode->afinfo = afinfo;
302         modemap[mode->encap] = mode;
303         err = 0;
304
305 out:
306         xfrm_state_unlock_afinfo(afinfo);
307         return err;
308 }
309 EXPORT_SYMBOL(xfrm_register_mode);
310
311 int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
312 {
313         struct xfrm_state_afinfo *afinfo;
314         struct xfrm_mode **modemap;
315         int err;
316
317         if (unlikely(mode->encap >= XFRM_MODE_MAX))
318                 return -EINVAL;
319
320         afinfo = xfrm_state_lock_afinfo(family);
321         if (unlikely(afinfo == NULL))
322                 return -EAFNOSUPPORT;
323
324         err = -ENOENT;
325         modemap = afinfo->mode_map;
326         if (likely(modemap[mode->encap] == mode)) {
327                 modemap[mode->encap] = NULL;
328                 module_put(mode->afinfo->owner);
329                 err = 0;
330         }
331
332         xfrm_state_unlock_afinfo(afinfo);
333         return err;
334 }
335 EXPORT_SYMBOL(xfrm_unregister_mode);
336
337 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
338 {
339         struct xfrm_state_afinfo *afinfo;
340         struct xfrm_mode *mode;
341         int modload_attempted = 0;
342
343         if (unlikely(encap >= XFRM_MODE_MAX))
344                 return NULL;
345
346 retry:
347         afinfo = xfrm_state_get_afinfo(family);
348         if (unlikely(afinfo == NULL))
349                 return NULL;
350
351         mode = afinfo->mode_map[encap];
352         if (unlikely(mode && !try_module_get(mode->owner)))
353                 mode = NULL;
354         if (!mode && !modload_attempted) {
355                 xfrm_state_put_afinfo(afinfo);
356                 request_module("xfrm-mode-%d-%d", family, encap);
357                 modload_attempted = 1;
358                 goto retry;
359         }
360
361         xfrm_state_put_afinfo(afinfo);
362         return mode;
363 }
364
365 static void xfrm_put_mode(struct xfrm_mode *mode)
366 {
367         module_put(mode->owner);
368 }
369
370 static void xfrm_state_gc_destroy(struct xfrm_state *x)
371 {
372         del_timer_sync(&x->timer);
373         del_timer_sync(&x->rtimer);
374         kfree(x->aalg);
375         kfree(x->ealg);
376         kfree(x->calg);
377         kfree(x->encap);
378         kfree(x->coaddr);
379         if (x->inner_mode)
380                 xfrm_put_mode(x->inner_mode);
381         if (x->inner_mode_iaf)
382                 xfrm_put_mode(x->inner_mode_iaf);
383         if (x->outer_mode)
384                 xfrm_put_mode(x->outer_mode);
385         if (x->type) {
386                 x->type->destructor(x);
387                 xfrm_put_type(x->type);
388         }
389         security_xfrm_state_free(x);
390         kfree(x);
391 }
392
393 static void xfrm_state_gc_task(struct work_struct *data)
394 {
395         struct xfrm_state *x;
396         struct hlist_node *entry, *tmp;
397         struct hlist_head gc_list;
398
399         spin_lock_bh(&xfrm_state_gc_lock);
400         hlist_move_list(&xfrm_state_gc_list, &gc_list);
401         spin_unlock_bh(&xfrm_state_gc_lock);
402
403         hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
404                 xfrm_state_gc_destroy(x);
405
406         wake_up(&km_waitq);
407 }
408
409 static inline unsigned long make_jiffies(long secs)
410 {
411         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
412                 return MAX_SCHEDULE_TIMEOUT-1;
413         else
414                 return secs*HZ;
415 }
416
417 static void xfrm_timer_handler(unsigned long data)
418 {
419         struct xfrm_state *x = (struct xfrm_state*)data;
420         unsigned long now = get_seconds();
421         long next = LONG_MAX;
422         int warn = 0;
423         int err = 0;
424
425         spin_lock(&x->lock);
426         if (x->km.state == XFRM_STATE_DEAD)
427                 goto out;
428         if (x->km.state == XFRM_STATE_EXPIRED)
429                 goto expired;
430         if (x->lft.hard_add_expires_seconds) {
431                 long tmo = x->lft.hard_add_expires_seconds +
432                         x->curlft.add_time - now;
433                 if (tmo <= 0)
434                         goto expired;
435                 if (tmo < next)
436                         next = tmo;
437         }
438         if (x->lft.hard_use_expires_seconds) {
439                 long tmo = x->lft.hard_use_expires_seconds +
440                         (x->curlft.use_time ? : now) - now;
441                 if (tmo <= 0)
442                         goto expired;
443                 if (tmo < next)
444                         next = tmo;
445         }
446         if (x->km.dying)
447                 goto resched;
448         if (x->lft.soft_add_expires_seconds) {
449                 long tmo = x->lft.soft_add_expires_seconds +
450                         x->curlft.add_time - now;
451                 if (tmo <= 0)
452                         warn = 1;
453                 else if (tmo < next)
454                         next = tmo;
455         }
456         if (x->lft.soft_use_expires_seconds) {
457                 long tmo = x->lft.soft_use_expires_seconds +
458                         (x->curlft.use_time ? : now) - now;
459                 if (tmo <= 0)
460                         warn = 1;
461                 else if (tmo < next)
462                         next = tmo;
463         }
464
465         x->km.dying = warn;
466         if (warn)
467                 km_state_expired(x, 0, 0);
468 resched:
469         if (next != LONG_MAX)
470                 mod_timer(&x->timer, jiffies + make_jiffies(next));
471
472         goto out;
473
474 expired:
475         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
476                 x->km.state = XFRM_STATE_EXPIRED;
477                 wake_up(&km_waitq);
478                 next = 2;
479                 goto resched;
480         }
481
482         err = __xfrm_state_delete(x);
483         if (!err && x->id.spi)
484                 km_state_expired(x, 1, 0);
485
486         xfrm_audit_state_delete(x, err ? 0 : 1,
487                                 audit_get_loginuid(current),
488                                 audit_get_sessionid(current), 0);
489
490 out:
491         spin_unlock(&x->lock);
492 }
493
494 static void xfrm_replay_timer_handler(unsigned long data);
495
496 struct xfrm_state *xfrm_state_alloc(struct net *net)
497 {
498         struct xfrm_state *x;
499
500         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
501
502         if (x) {
503                 write_pnet(&x->xs_net, net);
504                 atomic_set(&x->refcnt, 1);
505                 atomic_set(&x->tunnel_users, 0);
506                 INIT_LIST_HEAD(&x->km.all);
507                 INIT_HLIST_NODE(&x->bydst);
508                 INIT_HLIST_NODE(&x->bysrc);
509                 INIT_HLIST_NODE(&x->byspi);
510                 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
511                 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
512                                 (unsigned long)x);
513                 x->curlft.add_time = get_seconds();
514                 x->lft.soft_byte_limit = XFRM_INF;
515                 x->lft.soft_packet_limit = XFRM_INF;
516                 x->lft.hard_byte_limit = XFRM_INF;
517                 x->lft.hard_packet_limit = XFRM_INF;
518                 x->replay_maxage = 0;
519                 x->replay_maxdiff = 0;
520                 x->inner_mode = NULL;
521                 x->inner_mode_iaf = NULL;
522                 spin_lock_init(&x->lock);
523         }
524         return x;
525 }
526 EXPORT_SYMBOL(xfrm_state_alloc);
527
528 void __xfrm_state_destroy(struct xfrm_state *x)
529 {
530         WARN_ON(x->km.state != XFRM_STATE_DEAD);
531
532         spin_lock_bh(&xfrm_state_gc_lock);
533         hlist_add_head(&x->gclist, &xfrm_state_gc_list);
534         spin_unlock_bh(&xfrm_state_gc_lock);
535         schedule_work(&xfrm_state_gc_work);
536 }
537 EXPORT_SYMBOL(__xfrm_state_destroy);
538
539 int __xfrm_state_delete(struct xfrm_state *x)
540 {
541         int err = -ESRCH;
542
543         if (x->km.state != XFRM_STATE_DEAD) {
544                 x->km.state = XFRM_STATE_DEAD;
545                 spin_lock(&xfrm_state_lock);
546                 list_del(&x->km.all);
547                 hlist_del(&x->bydst);
548                 hlist_del(&x->bysrc);
549                 if (x->id.spi)
550                         hlist_del(&x->byspi);
551                 xfrm_state_num--;
552                 spin_unlock(&xfrm_state_lock);
553
554                 /* All xfrm_state objects are created by xfrm_state_alloc.
555                  * The xfrm_state_alloc call gives a reference, and that
556                  * is what we are dropping here.
557                  */
558                 xfrm_state_put(x);
559                 err = 0;
560         }
561
562         return err;
563 }
564 EXPORT_SYMBOL(__xfrm_state_delete);
565
566 int xfrm_state_delete(struct xfrm_state *x)
567 {
568         int err;
569
570         spin_lock_bh(&x->lock);
571         err = __xfrm_state_delete(x);
572         spin_unlock_bh(&x->lock);
573
574         return err;
575 }
576 EXPORT_SYMBOL(xfrm_state_delete);
577
578 #ifdef CONFIG_SECURITY_NETWORK_XFRM
579 static inline int
580 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
581 {
582         int i, err = 0;
583
584         for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
585                 struct hlist_node *entry;
586                 struct xfrm_state *x;
587
588                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
589                         if (xfrm_id_proto_match(x->id.proto, proto) &&
590                            (err = security_xfrm_state_delete(x)) != 0) {
591                                 xfrm_audit_state_delete(x, 0,
592                                                         audit_info->loginuid,
593                                                         audit_info->sessionid,
594                                                         audit_info->secid);
595                                 return err;
596                         }
597                 }
598         }
599
600         return err;
601 }
602 #else
603 static inline int
604 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
605 {
606         return 0;
607 }
608 #endif
609
610 int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
611 {
612         int i, err = 0;
613
614         spin_lock_bh(&xfrm_state_lock);
615         err = xfrm_state_flush_secctx_check(proto, audit_info);
616         if (err)
617                 goto out;
618
619         for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
620                 struct hlist_node *entry;
621                 struct xfrm_state *x;
622 restart:
623                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
624                         if (!xfrm_state_kern(x) &&
625                             xfrm_id_proto_match(x->id.proto, proto)) {
626                                 xfrm_state_hold(x);
627                                 spin_unlock_bh(&xfrm_state_lock);
628
629                                 err = xfrm_state_delete(x);
630                                 xfrm_audit_state_delete(x, err ? 0 : 1,
631                                                         audit_info->loginuid,
632                                                         audit_info->sessionid,
633                                                         audit_info->secid);
634                                 xfrm_state_put(x);
635
636                                 spin_lock_bh(&xfrm_state_lock);
637                                 goto restart;
638                         }
639                 }
640         }
641         err = 0;
642
643 out:
644         spin_unlock_bh(&xfrm_state_lock);
645         wake_up(&km_waitq);
646         return err;
647 }
648 EXPORT_SYMBOL(xfrm_state_flush);
649
650 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
651 {
652         spin_lock_bh(&xfrm_state_lock);
653         si->sadcnt = xfrm_state_num;
654         si->sadhcnt = init_net.xfrm.state_hmask;
655         si->sadhmcnt = xfrm_state_hashmax;
656         spin_unlock_bh(&xfrm_state_lock);
657 }
658 EXPORT_SYMBOL(xfrm_sad_getinfo);
659
660 static int
661 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
662                   struct xfrm_tmpl *tmpl,
663                   xfrm_address_t *daddr, xfrm_address_t *saddr,
664                   unsigned short family)
665 {
666         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
667         if (!afinfo)
668                 return -1;
669         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
670         xfrm_state_put_afinfo(afinfo);
671         return 0;
672 }
673
674 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
675 {
676         unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
677         struct xfrm_state *x;
678         struct hlist_node *entry;
679
680         hlist_for_each_entry(x, entry, init_net.xfrm.state_byspi+h, byspi) {
681                 if (x->props.family != family ||
682                     x->id.spi       != spi ||
683                     x->id.proto     != proto)
684                         continue;
685
686                 switch (family) {
687                 case AF_INET:
688                         if (x->id.daddr.a4 != daddr->a4)
689                                 continue;
690                         break;
691                 case AF_INET6:
692                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
693                                              (struct in6_addr *)
694                                              x->id.daddr.a6))
695                                 continue;
696                         break;
697                 }
698
699                 xfrm_state_hold(x);
700                 return x;
701         }
702
703         return NULL;
704 }
705
706 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
707 {
708         unsigned int h = xfrm_src_hash(daddr, saddr, family);
709         struct xfrm_state *x;
710         struct hlist_node *entry;
711
712         hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
713                 if (x->props.family != family ||
714                     x->id.proto     != proto)
715                         continue;
716
717                 switch (family) {
718                 case AF_INET:
719                         if (x->id.daddr.a4 != daddr->a4 ||
720                             x->props.saddr.a4 != saddr->a4)
721                                 continue;
722                         break;
723                 case AF_INET6:
724                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
725                                              (struct in6_addr *)
726                                              x->id.daddr.a6) ||
727                             !ipv6_addr_equal((struct in6_addr *)saddr,
728                                              (struct in6_addr *)
729                                              x->props.saddr.a6))
730                                 continue;
731                         break;
732                 }
733
734                 xfrm_state_hold(x);
735                 return x;
736         }
737
738         return NULL;
739 }
740
741 static inline struct xfrm_state *
742 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
743 {
744         if (use_spi)
745                 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
746                                            x->id.proto, family);
747         else
748                 return __xfrm_state_lookup_byaddr(&x->id.daddr,
749                                                   &x->props.saddr,
750                                                   x->id.proto, family);
751 }
752
753 static void xfrm_hash_grow_check(int have_hash_collision)
754 {
755         if (have_hash_collision &&
756             (init_net.xfrm.state_hmask + 1) < xfrm_state_hashmax &&
757             xfrm_state_num > init_net.xfrm.state_hmask)
758                 schedule_work(&xfrm_hash_work);
759 }
760
761 struct xfrm_state *
762 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
763                 struct flowi *fl, struct xfrm_tmpl *tmpl,
764                 struct xfrm_policy *pol, int *err,
765                 unsigned short family)
766 {
767         unsigned int h;
768         struct hlist_node *entry;
769         struct xfrm_state *x, *x0, *to_put;
770         int acquire_in_progress = 0;
771         int error = 0;
772         struct xfrm_state *best = NULL;
773
774         to_put = NULL;
775
776         spin_lock_bh(&xfrm_state_lock);
777         h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
778         hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
779                 if (x->props.family == family &&
780                     x->props.reqid == tmpl->reqid &&
781                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
782                     xfrm_state_addr_check(x, daddr, saddr, family) &&
783                     tmpl->mode == x->props.mode &&
784                     tmpl->id.proto == x->id.proto &&
785                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
786                         /* Resolution logic:
787                            1. There is a valid state with matching selector.
788                               Done.
789                            2. Valid state with inappropriate selector. Skip.
790
791                            Entering area of "sysdeps".
792
793                            3. If state is not valid, selector is temporary,
794                               it selects only session which triggered
795                               previous resolution. Key manager will do
796                               something to install a state with proper
797                               selector.
798                          */
799                         if (x->km.state == XFRM_STATE_VALID) {
800                                 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
801                                     !security_xfrm_state_pol_flow_match(x, pol, fl))
802                                         continue;
803                                 if (!best ||
804                                     best->km.dying > x->km.dying ||
805                                     (best->km.dying == x->km.dying &&
806                                      best->curlft.add_time < x->curlft.add_time))
807                                         best = x;
808                         } else if (x->km.state == XFRM_STATE_ACQ) {
809                                 acquire_in_progress = 1;
810                         } else if (x->km.state == XFRM_STATE_ERROR ||
811                                    x->km.state == XFRM_STATE_EXPIRED) {
812                                 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
813                                     security_xfrm_state_pol_flow_match(x, pol, fl))
814                                         error = -ESRCH;
815                         }
816                 }
817         }
818
819         x = best;
820         if (!x && !error && !acquire_in_progress) {
821                 if (tmpl->id.spi &&
822                     (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
823                                               tmpl->id.proto, family)) != NULL) {
824                         to_put = x0;
825                         error = -EEXIST;
826                         goto out;
827                 }
828                 x = xfrm_state_alloc(&init_net);
829                 if (x == NULL) {
830                         error = -ENOMEM;
831                         goto out;
832                 }
833                 /* Initialize temporary selector matching only
834                  * to current session. */
835                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
836
837                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
838                 if (error) {
839                         x->km.state = XFRM_STATE_DEAD;
840                         to_put = x;
841                         x = NULL;
842                         goto out;
843                 }
844
845                 if (km_query(x, tmpl, pol) == 0) {
846                         x->km.state = XFRM_STATE_ACQ;
847                         list_add(&x->km.all, &init_net.xfrm.state_all);
848                         hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
849                         h = xfrm_src_hash(daddr, saddr, family);
850                         hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
851                         if (x->id.spi) {
852                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
853                                 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
854                         }
855                         x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
856                         x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
857                         add_timer(&x->timer);
858                         xfrm_state_num++;
859                         xfrm_hash_grow_check(x->bydst.next != NULL);
860                 } else {
861                         x->km.state = XFRM_STATE_DEAD;
862                         to_put = x;
863                         x = NULL;
864                         error = -ESRCH;
865                 }
866         }
867 out:
868         if (x)
869                 xfrm_state_hold(x);
870         else
871                 *err = acquire_in_progress ? -EAGAIN : error;
872         spin_unlock_bh(&xfrm_state_lock);
873         if (to_put)
874                 xfrm_state_put(to_put);
875         return x;
876 }
877
878 struct xfrm_state *
879 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
880                     unsigned short family, u8 mode, u8 proto, u32 reqid)
881 {
882         unsigned int h;
883         struct xfrm_state *rx = NULL, *x = NULL;
884         struct hlist_node *entry;
885
886         spin_lock(&xfrm_state_lock);
887         h = xfrm_dst_hash(daddr, saddr, reqid, family);
888         hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
889                 if (x->props.family == family &&
890                     x->props.reqid == reqid &&
891                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
892                     xfrm_state_addr_check(x, daddr, saddr, family) &&
893                     mode == x->props.mode &&
894                     proto == x->id.proto &&
895                     x->km.state == XFRM_STATE_VALID) {
896                         rx = x;
897                         break;
898                 }
899         }
900
901         if (rx)
902                 xfrm_state_hold(rx);
903         spin_unlock(&xfrm_state_lock);
904
905
906         return rx;
907 }
908 EXPORT_SYMBOL(xfrm_stateonly_find);
909
910 static void __xfrm_state_insert(struct xfrm_state *x)
911 {
912         unsigned int h;
913
914         x->genid = ++xfrm_state_genid;
915
916         list_add(&x->km.all, &init_net.xfrm.state_all);
917
918         h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
919                           x->props.reqid, x->props.family);
920         hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
921
922         h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
923         hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
924
925         if (x->id.spi) {
926                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
927                                   x->props.family);
928
929                 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
930         }
931
932         mod_timer(&x->timer, jiffies + HZ);
933         if (x->replay_maxage)
934                 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
935
936         wake_up(&km_waitq);
937
938         xfrm_state_num++;
939
940         xfrm_hash_grow_check(x->bydst.next != NULL);
941 }
942
943 /* xfrm_state_lock is held */
944 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
945 {
946         unsigned short family = xnew->props.family;
947         u32 reqid = xnew->props.reqid;
948         struct xfrm_state *x;
949         struct hlist_node *entry;
950         unsigned int h;
951
952         h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
953         hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
954                 if (x->props.family     == family &&
955                     x->props.reqid      == reqid &&
956                     !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
957                     !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
958                         x->genid = xfrm_state_genid;
959         }
960 }
961
962 void xfrm_state_insert(struct xfrm_state *x)
963 {
964         spin_lock_bh(&xfrm_state_lock);
965         __xfrm_state_bump_genids(x);
966         __xfrm_state_insert(x);
967         spin_unlock_bh(&xfrm_state_lock);
968 }
969 EXPORT_SYMBOL(xfrm_state_insert);
970
971 /* xfrm_state_lock is held */
972 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
973 {
974         unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
975         struct hlist_node *entry;
976         struct xfrm_state *x;
977
978         hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
979                 if (x->props.reqid  != reqid ||
980                     x->props.mode   != mode ||
981                     x->props.family != family ||
982                     x->km.state     != XFRM_STATE_ACQ ||
983                     x->id.spi       != 0 ||
984                     x->id.proto     != proto)
985                         continue;
986
987                 switch (family) {
988                 case AF_INET:
989                         if (x->id.daddr.a4    != daddr->a4 ||
990                             x->props.saddr.a4 != saddr->a4)
991                                 continue;
992                         break;
993                 case AF_INET6:
994                         if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
995                                              (struct in6_addr *)daddr) ||
996                             !ipv6_addr_equal((struct in6_addr *)
997                                              x->props.saddr.a6,
998                                              (struct in6_addr *)saddr))
999                                 continue;
1000                         break;
1001                 }
1002
1003                 xfrm_state_hold(x);
1004                 return x;
1005         }
1006
1007         if (!create)
1008                 return NULL;
1009
1010         x = xfrm_state_alloc(&init_net);
1011         if (likely(x)) {
1012                 switch (family) {
1013                 case AF_INET:
1014                         x->sel.daddr.a4 = daddr->a4;
1015                         x->sel.saddr.a4 = saddr->a4;
1016                         x->sel.prefixlen_d = 32;
1017                         x->sel.prefixlen_s = 32;
1018                         x->props.saddr.a4 = saddr->a4;
1019                         x->id.daddr.a4 = daddr->a4;
1020                         break;
1021
1022                 case AF_INET6:
1023                         ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1024                                        (struct in6_addr *)daddr);
1025                         ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1026                                        (struct in6_addr *)saddr);
1027                         x->sel.prefixlen_d = 128;
1028                         x->sel.prefixlen_s = 128;
1029                         ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1030                                        (struct in6_addr *)saddr);
1031                         ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1032                                        (struct in6_addr *)daddr);
1033                         break;
1034                 }
1035
1036                 x->km.state = XFRM_STATE_ACQ;
1037                 x->id.proto = proto;
1038                 x->props.family = family;
1039                 x->props.mode = mode;
1040                 x->props.reqid = reqid;
1041                 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
1042                 xfrm_state_hold(x);
1043                 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1044                 add_timer(&x->timer);
1045                 list_add(&x->km.all, &init_net.xfrm.state_all);
1046                 hlist_add_head(&x->bydst, init_net.xfrm.state_bydst+h);
1047                 h = xfrm_src_hash(daddr, saddr, family);
1048                 hlist_add_head(&x->bysrc, init_net.xfrm.state_bysrc+h);
1049
1050                 xfrm_state_num++;
1051
1052                 xfrm_hash_grow_check(x->bydst.next != NULL);
1053         }
1054
1055         return x;
1056 }
1057
1058 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1059
1060 int xfrm_state_add(struct xfrm_state *x)
1061 {
1062         struct xfrm_state *x1, *to_put;
1063         int family;
1064         int err;
1065         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1066
1067         family = x->props.family;
1068
1069         to_put = NULL;
1070
1071         spin_lock_bh(&xfrm_state_lock);
1072
1073         x1 = __xfrm_state_locate(x, use_spi, family);
1074         if (x1) {
1075                 to_put = x1;
1076                 x1 = NULL;
1077                 err = -EEXIST;
1078                 goto out;
1079         }
1080
1081         if (use_spi && x->km.seq) {
1082                 x1 = __xfrm_find_acq_byseq(x->km.seq);
1083                 if (x1 && ((x1->id.proto != x->id.proto) ||
1084                     xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1085                         to_put = x1;
1086                         x1 = NULL;
1087                 }
1088         }
1089
1090         if (use_spi && !x1)
1091                 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1092                                      x->id.proto,
1093                                      &x->id.daddr, &x->props.saddr, 0);
1094
1095         __xfrm_state_bump_genids(x);
1096         __xfrm_state_insert(x);
1097         err = 0;
1098
1099 out:
1100         spin_unlock_bh(&xfrm_state_lock);
1101
1102         if (x1) {
1103                 xfrm_state_delete(x1);
1104                 xfrm_state_put(x1);
1105         }
1106
1107         if (to_put)
1108                 xfrm_state_put(to_put);
1109
1110         return err;
1111 }
1112 EXPORT_SYMBOL(xfrm_state_add);
1113
1114 #ifdef CONFIG_XFRM_MIGRATE
1115 static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1116 {
1117         int err = -ENOMEM;
1118         struct xfrm_state *x = xfrm_state_alloc(&init_net);
1119         if (!x)
1120                 goto error;
1121
1122         memcpy(&x->id, &orig->id, sizeof(x->id));
1123         memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1124         memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1125         x->props.mode = orig->props.mode;
1126         x->props.replay_window = orig->props.replay_window;
1127         x->props.reqid = orig->props.reqid;
1128         x->props.family = orig->props.family;
1129         x->props.saddr = orig->props.saddr;
1130
1131         if (orig->aalg) {
1132                 x->aalg = xfrm_algo_clone(orig->aalg);
1133                 if (!x->aalg)
1134                         goto error;
1135         }
1136         x->props.aalgo = orig->props.aalgo;
1137
1138         if (orig->ealg) {
1139                 x->ealg = xfrm_algo_clone(orig->ealg);
1140                 if (!x->ealg)
1141                         goto error;
1142         }
1143         x->props.ealgo = orig->props.ealgo;
1144
1145         if (orig->calg) {
1146                 x->calg = xfrm_algo_clone(orig->calg);
1147                 if (!x->calg)
1148                         goto error;
1149         }
1150         x->props.calgo = orig->props.calgo;
1151
1152         if (orig->encap) {
1153                 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1154                 if (!x->encap)
1155                         goto error;
1156         }
1157
1158         if (orig->coaddr) {
1159                 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1160                                     GFP_KERNEL);
1161                 if (!x->coaddr)
1162                         goto error;
1163         }
1164
1165         err = xfrm_init_state(x);
1166         if (err)
1167                 goto error;
1168
1169         x->props.flags = orig->props.flags;
1170
1171         x->curlft.add_time = orig->curlft.add_time;
1172         x->km.state = orig->km.state;
1173         x->km.seq = orig->km.seq;
1174
1175         return x;
1176
1177  error:
1178         if (errp)
1179                 *errp = err;
1180         if (x) {
1181                 kfree(x->aalg);
1182                 kfree(x->ealg);
1183                 kfree(x->calg);
1184                 kfree(x->encap);
1185                 kfree(x->coaddr);
1186         }
1187         kfree(x);
1188         return NULL;
1189 }
1190
1191 /* xfrm_state_lock is held */
1192 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1193 {
1194         unsigned int h;
1195         struct xfrm_state *x;
1196         struct hlist_node *entry;
1197
1198         if (m->reqid) {
1199                 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1200                                   m->reqid, m->old_family);
1201                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
1202                         if (x->props.mode != m->mode ||
1203                             x->id.proto != m->proto)
1204                                 continue;
1205                         if (m->reqid && x->props.reqid != m->reqid)
1206                                 continue;
1207                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1208                                           m->old_family) ||
1209                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1210                                           m->old_family))
1211                                 continue;
1212                         xfrm_state_hold(x);
1213                         return x;
1214                 }
1215         } else {
1216                 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1217                                   m->old_family);
1218                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
1219                         if (x->props.mode != m->mode ||
1220                             x->id.proto != m->proto)
1221                                 continue;
1222                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1223                                           m->old_family) ||
1224                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1225                                           m->old_family))
1226                                 continue;
1227                         xfrm_state_hold(x);
1228                         return x;
1229                 }
1230         }
1231
1232         return NULL;
1233 }
1234 EXPORT_SYMBOL(xfrm_migrate_state_find);
1235
1236 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1237                                        struct xfrm_migrate *m)
1238 {
1239         struct xfrm_state *xc;
1240         int err;
1241
1242         xc = xfrm_state_clone(x, &err);
1243         if (!xc)
1244                 return NULL;
1245
1246         memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1247         memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1248
1249         /* add state */
1250         if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1251                 /* a care is needed when the destination address of the
1252                    state is to be updated as it is a part of triplet */
1253                 xfrm_state_insert(xc);
1254         } else {
1255                 if ((err = xfrm_state_add(xc)) < 0)
1256                         goto error;
1257         }
1258
1259         return xc;
1260 error:
1261         kfree(xc);
1262         return NULL;
1263 }
1264 EXPORT_SYMBOL(xfrm_state_migrate);
1265 #endif
1266
1267 int xfrm_state_update(struct xfrm_state *x)
1268 {
1269         struct xfrm_state *x1, *to_put;
1270         int err;
1271         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1272
1273         to_put = NULL;
1274
1275         spin_lock_bh(&xfrm_state_lock);
1276         x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1277
1278         err = -ESRCH;
1279         if (!x1)
1280                 goto out;
1281
1282         if (xfrm_state_kern(x1)) {
1283                 to_put = x1;
1284                 err = -EEXIST;
1285                 goto out;
1286         }
1287
1288         if (x1->km.state == XFRM_STATE_ACQ) {
1289                 __xfrm_state_insert(x);
1290                 x = NULL;
1291         }
1292         err = 0;
1293
1294 out:
1295         spin_unlock_bh(&xfrm_state_lock);
1296
1297         if (to_put)
1298                 xfrm_state_put(to_put);
1299
1300         if (err)
1301                 return err;
1302
1303         if (!x) {
1304                 xfrm_state_delete(x1);
1305                 xfrm_state_put(x1);
1306                 return 0;
1307         }
1308
1309         err = -EINVAL;
1310         spin_lock_bh(&x1->lock);
1311         if (likely(x1->km.state == XFRM_STATE_VALID)) {
1312                 if (x->encap && x1->encap)
1313                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1314                 if (x->coaddr && x1->coaddr) {
1315                         memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1316                 }
1317                 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1318                         memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1319                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1320                 x1->km.dying = 0;
1321
1322                 mod_timer(&x1->timer, jiffies + HZ);
1323                 if (x1->curlft.use_time)
1324                         xfrm_state_check_expire(x1);
1325
1326                 err = 0;
1327         }
1328         spin_unlock_bh(&x1->lock);
1329
1330         xfrm_state_put(x1);
1331
1332         return err;
1333 }
1334 EXPORT_SYMBOL(xfrm_state_update);
1335
1336 int xfrm_state_check_expire(struct xfrm_state *x)
1337 {
1338         if (!x->curlft.use_time)
1339                 x->curlft.use_time = get_seconds();
1340
1341         if (x->km.state != XFRM_STATE_VALID)
1342                 return -EINVAL;
1343
1344         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1345             x->curlft.packets >= x->lft.hard_packet_limit) {
1346                 x->km.state = XFRM_STATE_EXPIRED;
1347                 mod_timer(&x->timer, jiffies);
1348                 return -EINVAL;
1349         }
1350
1351         if (!x->km.dying &&
1352             (x->curlft.bytes >= x->lft.soft_byte_limit ||
1353              x->curlft.packets >= x->lft.soft_packet_limit)) {
1354                 x->km.dying = 1;
1355                 km_state_expired(x, 0, 0);
1356         }
1357         return 0;
1358 }
1359 EXPORT_SYMBOL(xfrm_state_check_expire);
1360
1361 struct xfrm_state *
1362 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1363                   unsigned short family)
1364 {
1365         struct xfrm_state *x;
1366
1367         spin_lock_bh(&xfrm_state_lock);
1368         x = __xfrm_state_lookup(daddr, spi, proto, family);
1369         spin_unlock_bh(&xfrm_state_lock);
1370         return x;
1371 }
1372 EXPORT_SYMBOL(xfrm_state_lookup);
1373
1374 struct xfrm_state *
1375 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1376                          u8 proto, unsigned short family)
1377 {
1378         struct xfrm_state *x;
1379
1380         spin_lock_bh(&xfrm_state_lock);
1381         x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
1382         spin_unlock_bh(&xfrm_state_lock);
1383         return x;
1384 }
1385 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1386
1387 struct xfrm_state *
1388 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1389               xfrm_address_t *daddr, xfrm_address_t *saddr,
1390               int create, unsigned short family)
1391 {
1392         struct xfrm_state *x;
1393
1394         spin_lock_bh(&xfrm_state_lock);
1395         x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1396         spin_unlock_bh(&xfrm_state_lock);
1397
1398         return x;
1399 }
1400 EXPORT_SYMBOL(xfrm_find_acq);
1401
1402 #ifdef CONFIG_XFRM_SUB_POLICY
1403 int
1404 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1405                unsigned short family)
1406 {
1407         int err = 0;
1408         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1409         if (!afinfo)
1410                 return -EAFNOSUPPORT;
1411
1412         spin_lock_bh(&xfrm_state_lock);
1413         if (afinfo->tmpl_sort)
1414                 err = afinfo->tmpl_sort(dst, src, n);
1415         spin_unlock_bh(&xfrm_state_lock);
1416         xfrm_state_put_afinfo(afinfo);
1417         return err;
1418 }
1419 EXPORT_SYMBOL(xfrm_tmpl_sort);
1420
1421 int
1422 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1423                 unsigned short family)
1424 {
1425         int err = 0;
1426         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1427         if (!afinfo)
1428                 return -EAFNOSUPPORT;
1429
1430         spin_lock_bh(&xfrm_state_lock);
1431         if (afinfo->state_sort)
1432                 err = afinfo->state_sort(dst, src, n);
1433         spin_unlock_bh(&xfrm_state_lock);
1434         xfrm_state_put_afinfo(afinfo);
1435         return err;
1436 }
1437 EXPORT_SYMBOL(xfrm_state_sort);
1438 #endif
1439
1440 /* Silly enough, but I'm lazy to build resolution list */
1441
1442 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1443 {
1444         int i;
1445
1446         for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
1447                 struct hlist_node *entry;
1448                 struct xfrm_state *x;
1449
1450                 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
1451                         if (x->km.seq == seq &&
1452                             x->km.state == XFRM_STATE_ACQ) {
1453                                 xfrm_state_hold(x);
1454                                 return x;
1455                         }
1456                 }
1457         }
1458         return NULL;
1459 }
1460
1461 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1462 {
1463         struct xfrm_state *x;
1464
1465         spin_lock_bh(&xfrm_state_lock);
1466         x = __xfrm_find_acq_byseq(seq);
1467         spin_unlock_bh(&xfrm_state_lock);
1468         return x;
1469 }
1470 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1471
1472 u32 xfrm_get_acqseq(void)
1473 {
1474         u32 res;
1475         static u32 acqseq;
1476         static DEFINE_SPINLOCK(acqseq_lock);
1477
1478         spin_lock_bh(&acqseq_lock);
1479         res = (++acqseq ? : ++acqseq);
1480         spin_unlock_bh(&acqseq_lock);
1481         return res;
1482 }
1483 EXPORT_SYMBOL(xfrm_get_acqseq);
1484
1485 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1486 {
1487         unsigned int h;
1488         struct xfrm_state *x0;
1489         int err = -ENOENT;
1490         __be32 minspi = htonl(low);
1491         __be32 maxspi = htonl(high);
1492
1493         spin_lock_bh(&x->lock);
1494         if (x->km.state == XFRM_STATE_DEAD)
1495                 goto unlock;
1496
1497         err = 0;
1498         if (x->id.spi)
1499                 goto unlock;
1500
1501         err = -ENOENT;
1502
1503         if (minspi == maxspi) {
1504                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1505                 if (x0) {
1506                         xfrm_state_put(x0);
1507                         goto unlock;
1508                 }
1509                 x->id.spi = minspi;
1510         } else {
1511                 u32 spi = 0;
1512                 for (h=0; h<high-low+1; h++) {
1513                         spi = low + net_random()%(high-low+1);
1514                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1515                         if (x0 == NULL) {
1516                                 x->id.spi = htonl(spi);
1517                                 break;
1518                         }
1519                         xfrm_state_put(x0);
1520                 }
1521         }
1522         if (x->id.spi) {
1523                 spin_lock_bh(&xfrm_state_lock);
1524                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1525                 hlist_add_head(&x->byspi, init_net.xfrm.state_byspi+h);
1526                 spin_unlock_bh(&xfrm_state_lock);
1527
1528                 err = 0;
1529         }
1530
1531 unlock:
1532         spin_unlock_bh(&x->lock);
1533
1534         return err;
1535 }
1536 EXPORT_SYMBOL(xfrm_alloc_spi);
1537
1538 int xfrm_state_walk(struct xfrm_state_walk *walk,
1539                     int (*func)(struct xfrm_state *, int, void*),
1540                     void *data)
1541 {
1542         struct xfrm_state *state;
1543         struct xfrm_state_walk *x;
1544         int err = 0;
1545
1546         if (walk->seq != 0 && list_empty(&walk->all))
1547                 return 0;
1548
1549         spin_lock_bh(&xfrm_state_lock);
1550         if (list_empty(&walk->all))
1551                 x = list_first_entry(&init_net.xfrm.state_all, struct xfrm_state_walk, all);
1552         else
1553                 x = list_entry(&walk->all, struct xfrm_state_walk, all);
1554         list_for_each_entry_from(x, &init_net.xfrm.state_all, all) {
1555                 if (x->state == XFRM_STATE_DEAD)
1556                         continue;
1557                 state = container_of(x, struct xfrm_state, km);
1558                 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
1559                         continue;
1560                 err = func(state, walk->seq, data);
1561                 if (err) {
1562                         list_move_tail(&walk->all, &x->all);
1563                         goto out;
1564                 }
1565                 walk->seq++;
1566         }
1567         if (walk->seq == 0) {
1568                 err = -ENOENT;
1569                 goto out;
1570         }
1571         list_del_init(&walk->all);
1572 out:
1573         spin_unlock_bh(&xfrm_state_lock);
1574         return err;
1575 }
1576 EXPORT_SYMBOL(xfrm_state_walk);
1577
1578 void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1579 {
1580         INIT_LIST_HEAD(&walk->all);
1581         walk->proto = proto;
1582         walk->state = XFRM_STATE_DEAD;
1583         walk->seq = 0;
1584 }
1585 EXPORT_SYMBOL(xfrm_state_walk_init);
1586
1587 void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1588 {
1589         if (list_empty(&walk->all))
1590                 return;
1591
1592         spin_lock_bh(&xfrm_state_lock);
1593         list_del(&walk->all);
1594         spin_lock_bh(&xfrm_state_lock);
1595 }
1596 EXPORT_SYMBOL(xfrm_state_walk_done);
1597
1598
1599 void xfrm_replay_notify(struct xfrm_state *x, int event)
1600 {
1601         struct km_event c;
1602         /* we send notify messages in case
1603          *  1. we updated on of the sequence numbers, and the seqno difference
1604          *     is at least x->replay_maxdiff, in this case we also update the
1605          *     timeout of our timer function
1606          *  2. if x->replay_maxage has elapsed since last update,
1607          *     and there were changes
1608          *
1609          *  The state structure must be locked!
1610          */
1611
1612         switch (event) {
1613         case XFRM_REPLAY_UPDATE:
1614                 if (x->replay_maxdiff &&
1615                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1616                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1617                         if (x->xflags & XFRM_TIME_DEFER)
1618                                 event = XFRM_REPLAY_TIMEOUT;
1619                         else
1620                                 return;
1621                 }
1622
1623                 break;
1624
1625         case XFRM_REPLAY_TIMEOUT:
1626                 if ((x->replay.seq == x->preplay.seq) &&
1627                     (x->replay.bitmap == x->preplay.bitmap) &&
1628                     (x->replay.oseq == x->preplay.oseq)) {
1629                         x->xflags |= XFRM_TIME_DEFER;
1630                         return;
1631                 }
1632
1633                 break;
1634         }
1635
1636         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1637         c.event = XFRM_MSG_NEWAE;
1638         c.data.aevent = event;
1639         km_state_notify(x, &c);
1640
1641         if (x->replay_maxage &&
1642             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1643                 x->xflags &= ~XFRM_TIME_DEFER;
1644 }
1645
1646 static void xfrm_replay_timer_handler(unsigned long data)
1647 {
1648         struct xfrm_state *x = (struct xfrm_state*)data;
1649
1650         spin_lock(&x->lock);
1651
1652         if (x->km.state == XFRM_STATE_VALID) {
1653                 if (xfrm_aevent_is_on())
1654                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1655                 else
1656                         x->xflags |= XFRM_TIME_DEFER;
1657         }
1658
1659         spin_unlock(&x->lock);
1660 }
1661
1662 int xfrm_replay_check(struct xfrm_state *x,
1663                       struct sk_buff *skb, __be32 net_seq)
1664 {
1665         u32 diff;
1666         u32 seq = ntohl(net_seq);
1667
1668         if (unlikely(seq == 0))
1669                 goto err;
1670
1671         if (likely(seq > x->replay.seq))
1672                 return 0;
1673
1674         diff = x->replay.seq - seq;
1675         if (diff >= min_t(unsigned int, x->props.replay_window,
1676                           sizeof(x->replay.bitmap) * 8)) {
1677                 x->stats.replay_window++;
1678                 goto err;
1679         }
1680
1681         if (x->replay.bitmap & (1U << diff)) {
1682                 x->stats.replay++;
1683                 goto err;
1684         }
1685         return 0;
1686
1687 err:
1688         xfrm_audit_state_replay(x, skb, net_seq);
1689         return -EINVAL;
1690 }
1691
1692 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1693 {
1694         u32 diff;
1695         u32 seq = ntohl(net_seq);
1696
1697         if (seq > x->replay.seq) {
1698                 diff = seq - x->replay.seq;
1699                 if (diff < x->props.replay_window)
1700                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1701                 else
1702                         x->replay.bitmap = 1;
1703                 x->replay.seq = seq;
1704         } else {
1705                 diff = x->replay.seq - seq;
1706                 x->replay.bitmap |= (1U << diff);
1707         }
1708
1709         if (xfrm_aevent_is_on())
1710                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1711 }
1712
1713 static LIST_HEAD(xfrm_km_list);
1714 static DEFINE_RWLOCK(xfrm_km_lock);
1715
1716 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1717 {
1718         struct xfrm_mgr *km;
1719
1720         read_lock(&xfrm_km_lock);
1721         list_for_each_entry(km, &xfrm_km_list, list)
1722                 if (km->notify_policy)
1723                         km->notify_policy(xp, dir, c);
1724         read_unlock(&xfrm_km_lock);
1725 }
1726
1727 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1728 {
1729         struct xfrm_mgr *km;
1730         read_lock(&xfrm_km_lock);
1731         list_for_each_entry(km, &xfrm_km_list, list)
1732                 if (km->notify)
1733                         km->notify(x, c);
1734         read_unlock(&xfrm_km_lock);
1735 }
1736
1737 EXPORT_SYMBOL(km_policy_notify);
1738 EXPORT_SYMBOL(km_state_notify);
1739
1740 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1741 {
1742         struct km_event c;
1743
1744         c.data.hard = hard;
1745         c.pid = pid;
1746         c.event = XFRM_MSG_EXPIRE;
1747         km_state_notify(x, &c);
1748
1749         if (hard)
1750                 wake_up(&km_waitq);
1751 }
1752
1753 EXPORT_SYMBOL(km_state_expired);
1754 /*
1755  * We send to all registered managers regardless of failure
1756  * We are happy with one success
1757 */
1758 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1759 {
1760         int err = -EINVAL, acqret;
1761         struct xfrm_mgr *km;
1762
1763         read_lock(&xfrm_km_lock);
1764         list_for_each_entry(km, &xfrm_km_list, list) {
1765                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1766                 if (!acqret)
1767                         err = acqret;
1768         }
1769         read_unlock(&xfrm_km_lock);
1770         return err;
1771 }
1772 EXPORT_SYMBOL(km_query);
1773
1774 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1775 {
1776         int err = -EINVAL;
1777         struct xfrm_mgr *km;
1778
1779         read_lock(&xfrm_km_lock);
1780         list_for_each_entry(km, &xfrm_km_list, list) {
1781                 if (km->new_mapping)
1782                         err = km->new_mapping(x, ipaddr, sport);
1783                 if (!err)
1784                         break;
1785         }
1786         read_unlock(&xfrm_km_lock);
1787         return err;
1788 }
1789 EXPORT_SYMBOL(km_new_mapping);
1790
1791 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1792 {
1793         struct km_event c;
1794
1795         c.data.hard = hard;
1796         c.pid = pid;
1797         c.event = XFRM_MSG_POLEXPIRE;
1798         km_policy_notify(pol, dir, &c);
1799
1800         if (hard)
1801                 wake_up(&km_waitq);
1802 }
1803 EXPORT_SYMBOL(km_policy_expired);
1804
1805 #ifdef CONFIG_XFRM_MIGRATE
1806 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1807                struct xfrm_migrate *m, int num_migrate,
1808                struct xfrm_kmaddress *k)
1809 {
1810         int err = -EINVAL;
1811         int ret;
1812         struct xfrm_mgr *km;
1813
1814         read_lock(&xfrm_km_lock);
1815         list_for_each_entry(km, &xfrm_km_list, list) {
1816                 if (km->migrate) {
1817                         ret = km->migrate(sel, dir, type, m, num_migrate, k);
1818                         if (!ret)
1819                                 err = ret;
1820                 }
1821         }
1822         read_unlock(&xfrm_km_lock);
1823         return err;
1824 }
1825 EXPORT_SYMBOL(km_migrate);
1826 #endif
1827
1828 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1829 {
1830         int err = -EINVAL;
1831         int ret;
1832         struct xfrm_mgr *km;
1833
1834         read_lock(&xfrm_km_lock);
1835         list_for_each_entry(km, &xfrm_km_list, list) {
1836                 if (km->report) {
1837                         ret = km->report(proto, sel, addr);
1838                         if (!ret)
1839                                 err = ret;
1840                 }
1841         }
1842         read_unlock(&xfrm_km_lock);
1843         return err;
1844 }
1845 EXPORT_SYMBOL(km_report);
1846
1847 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1848 {
1849         int err;
1850         u8 *data;
1851         struct xfrm_mgr *km;
1852         struct xfrm_policy *pol = NULL;
1853
1854         if (optlen <= 0 || optlen > PAGE_SIZE)
1855                 return -EMSGSIZE;
1856
1857         data = kmalloc(optlen, GFP_KERNEL);
1858         if (!data)
1859                 return -ENOMEM;
1860
1861         err = -EFAULT;
1862         if (copy_from_user(data, optval, optlen))
1863                 goto out;
1864
1865         err = -EINVAL;
1866         read_lock(&xfrm_km_lock);
1867         list_for_each_entry(km, &xfrm_km_list, list) {
1868                 pol = km->compile_policy(sk, optname, data,
1869                                          optlen, &err);
1870                 if (err >= 0)
1871                         break;
1872         }
1873         read_unlock(&xfrm_km_lock);
1874
1875         if (err >= 0) {
1876                 xfrm_sk_policy_insert(sk, err, pol);
1877                 xfrm_pol_put(pol);
1878                 err = 0;
1879         }
1880
1881 out:
1882         kfree(data);
1883         return err;
1884 }
1885 EXPORT_SYMBOL(xfrm_user_policy);
1886
1887 int xfrm_register_km(struct xfrm_mgr *km)
1888 {
1889         write_lock_bh(&xfrm_km_lock);
1890         list_add_tail(&km->list, &xfrm_km_list);
1891         write_unlock_bh(&xfrm_km_lock);
1892         return 0;
1893 }
1894 EXPORT_SYMBOL(xfrm_register_km);
1895
1896 int xfrm_unregister_km(struct xfrm_mgr *km)
1897 {
1898         write_lock_bh(&xfrm_km_lock);
1899         list_del(&km->list);
1900         write_unlock_bh(&xfrm_km_lock);
1901         return 0;
1902 }
1903 EXPORT_SYMBOL(xfrm_unregister_km);
1904
1905 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1906 {
1907         int err = 0;
1908         if (unlikely(afinfo == NULL))
1909                 return -EINVAL;
1910         if (unlikely(afinfo->family >= NPROTO))
1911                 return -EAFNOSUPPORT;
1912         write_lock_bh(&xfrm_state_afinfo_lock);
1913         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1914                 err = -ENOBUFS;
1915         else
1916                 xfrm_state_afinfo[afinfo->family] = afinfo;
1917         write_unlock_bh(&xfrm_state_afinfo_lock);
1918         return err;
1919 }
1920 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1921
1922 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1923 {
1924         int err = 0;
1925         if (unlikely(afinfo == NULL))
1926                 return -EINVAL;
1927         if (unlikely(afinfo->family >= NPROTO))
1928                 return -EAFNOSUPPORT;
1929         write_lock_bh(&xfrm_state_afinfo_lock);
1930         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1931                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1932                         err = -EINVAL;
1933                 else
1934                         xfrm_state_afinfo[afinfo->family] = NULL;
1935         }
1936         write_unlock_bh(&xfrm_state_afinfo_lock);
1937         return err;
1938 }
1939 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1940
1941 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1942 {
1943         struct xfrm_state_afinfo *afinfo;
1944         if (unlikely(family >= NPROTO))
1945                 return NULL;
1946         read_lock(&xfrm_state_afinfo_lock);
1947         afinfo = xfrm_state_afinfo[family];
1948         if (unlikely(!afinfo))
1949                 read_unlock(&xfrm_state_afinfo_lock);
1950         return afinfo;
1951 }
1952
1953 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1954         __releases(xfrm_state_afinfo_lock)
1955 {
1956         read_unlock(&xfrm_state_afinfo_lock);
1957 }
1958
1959 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1960 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1961 {
1962         if (x->tunnel) {
1963                 struct xfrm_state *t = x->tunnel;
1964
1965                 if (atomic_read(&t->tunnel_users) == 2)
1966                         xfrm_state_delete(t);
1967                 atomic_dec(&t->tunnel_users);
1968                 xfrm_state_put(t);
1969                 x->tunnel = NULL;
1970         }
1971 }
1972 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1973
1974 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1975 {
1976         int res;
1977
1978         spin_lock_bh(&x->lock);
1979         if (x->km.state == XFRM_STATE_VALID &&
1980             x->type && x->type->get_mtu)
1981                 res = x->type->get_mtu(x, mtu);
1982         else
1983                 res = mtu - x->props.header_len;
1984         spin_unlock_bh(&x->lock);
1985         return res;
1986 }
1987
1988 int xfrm_init_state(struct xfrm_state *x)
1989 {
1990         struct xfrm_state_afinfo *afinfo;
1991         struct xfrm_mode *inner_mode;
1992         int family = x->props.family;
1993         int err;
1994
1995         err = -EAFNOSUPPORT;
1996         afinfo = xfrm_state_get_afinfo(family);
1997         if (!afinfo)
1998                 goto error;
1999
2000         err = 0;
2001         if (afinfo->init_flags)
2002                 err = afinfo->init_flags(x);
2003
2004         xfrm_state_put_afinfo(afinfo);
2005
2006         if (err)
2007                 goto error;
2008
2009         err = -EPROTONOSUPPORT;
2010
2011         if (x->sel.family != AF_UNSPEC) {
2012                 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2013                 if (inner_mode == NULL)
2014                         goto error;
2015
2016                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2017                     family != x->sel.family) {
2018                         xfrm_put_mode(inner_mode);
2019                         goto error;
2020                 }
2021
2022                 x->inner_mode = inner_mode;
2023         } else {
2024                 struct xfrm_mode *inner_mode_iaf;
2025
2026                 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2027                 if (inner_mode == NULL)
2028                         goto error;
2029
2030                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2031                         xfrm_put_mode(inner_mode);
2032                         goto error;
2033                 }
2034
2035                 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2036                 if (inner_mode_iaf == NULL)
2037                         goto error;
2038
2039                 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2040                         xfrm_put_mode(inner_mode_iaf);
2041                         goto error;
2042                 }
2043
2044                 if (x->props.family == AF_INET) {
2045                         x->inner_mode = inner_mode;
2046                         x->inner_mode_iaf = inner_mode_iaf;
2047                 } else {
2048                         x->inner_mode = inner_mode_iaf;
2049                         x->inner_mode_iaf = inner_mode;
2050                 }
2051         }
2052
2053         x->type = xfrm_get_type(x->id.proto, family);
2054         if (x->type == NULL)
2055                 goto error;
2056
2057         err = x->type->init_state(x);
2058         if (err)
2059                 goto error;
2060
2061         x->outer_mode = xfrm_get_mode(x->props.mode, family);
2062         if (x->outer_mode == NULL)
2063                 goto error;
2064
2065         x->km.state = XFRM_STATE_VALID;
2066
2067 error:
2068         return err;
2069 }
2070
2071 EXPORT_SYMBOL(xfrm_init_state);
2072
2073 int __net_init xfrm_state_init(struct net *net)
2074 {
2075         unsigned int sz;
2076
2077         INIT_LIST_HEAD(&net->xfrm.state_all);
2078
2079         sz = sizeof(struct hlist_head) * 8;
2080
2081         net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2082         if (!net->xfrm.state_bydst)
2083                 goto out_bydst;
2084         net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2085         if (!net->xfrm.state_bysrc)
2086                 goto out_bysrc;
2087         net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2088         if (!net->xfrm.state_byspi)
2089                 goto out_byspi;
2090         net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2091
2092         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
2093         return 0;
2094
2095 out_byspi:
2096         xfrm_hash_free(net->xfrm.state_bysrc, sz);
2097 out_bysrc:
2098         xfrm_hash_free(net->xfrm.state_bydst, sz);
2099 out_bydst:
2100         return -ENOMEM;
2101 }
2102
2103 void xfrm_state_fini(struct net *net)
2104 {
2105         unsigned int sz;
2106
2107         WARN_ON(!list_empty(&net->xfrm.state_all));
2108
2109         sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
2110         WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2111         xfrm_hash_free(net->xfrm.state_byspi, sz);
2112         WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2113         xfrm_hash_free(net->xfrm.state_bysrc, sz);
2114         WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2115         xfrm_hash_free(net->xfrm.state_bydst, sz);
2116 }
2117
2118 #ifdef CONFIG_AUDITSYSCALL
2119 static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2120                                      struct audit_buffer *audit_buf)
2121 {
2122         struct xfrm_sec_ctx *ctx = x->security;
2123         u32 spi = ntohl(x->id.spi);
2124
2125         if (ctx)
2126                 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2127                                  ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2128
2129         switch(x->props.family) {
2130         case AF_INET:
2131                 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2132                                  &x->props.saddr.a4, &x->id.daddr.a4);
2133                 break;
2134         case AF_INET6:
2135                 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
2136                                  x->props.saddr.a6, x->id.daddr.a6);
2137                 break;
2138         }
2139
2140         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2141 }
2142
2143 static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2144                                       struct audit_buffer *audit_buf)
2145 {
2146         struct iphdr *iph4;
2147         struct ipv6hdr *iph6;
2148
2149         switch (family) {
2150         case AF_INET:
2151                 iph4 = ip_hdr(skb);
2152                 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2153                                  &iph4->saddr, &iph4->daddr);
2154                 break;
2155         case AF_INET6:
2156                 iph6 = ipv6_hdr(skb);
2157                 audit_log_format(audit_buf,
2158                                  " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
2159                                  &iph6->saddr,&iph6->daddr,
2160                                  iph6->flow_lbl[0] & 0x0f,
2161                                  iph6->flow_lbl[1],
2162                                  iph6->flow_lbl[2]);
2163                 break;
2164         }
2165 }
2166
2167 void xfrm_audit_state_add(struct xfrm_state *x, int result,
2168                           uid_t auid, u32 sessionid, u32 secid)
2169 {
2170         struct audit_buffer *audit_buf;
2171
2172         audit_buf = xfrm_audit_start("SAD-add");
2173         if (audit_buf == NULL)
2174                 return;
2175         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2176         xfrm_audit_helper_sainfo(x, audit_buf);
2177         audit_log_format(audit_buf, " res=%u", result);
2178         audit_log_end(audit_buf);
2179 }
2180 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2181
2182 void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2183                              uid_t auid, u32 sessionid, u32 secid)
2184 {
2185         struct audit_buffer *audit_buf;
2186
2187         audit_buf = xfrm_audit_start("SAD-delete");
2188         if (audit_buf == NULL)
2189                 return;
2190         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2191         xfrm_audit_helper_sainfo(x, audit_buf);
2192         audit_log_format(audit_buf, " res=%u", result);
2193         audit_log_end(audit_buf);
2194 }
2195 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2196
2197 void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2198                                       struct sk_buff *skb)
2199 {
2200         struct audit_buffer *audit_buf;
2201         u32 spi;
2202
2203         audit_buf = xfrm_audit_start("SA-replay-overflow");
2204         if (audit_buf == NULL)
2205                 return;
2206         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2207         /* don't record the sequence number because it's inherent in this kind
2208          * of audit message */
2209         spi = ntohl(x->id.spi);
2210         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2211         audit_log_end(audit_buf);
2212 }
2213 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2214
2215 static void xfrm_audit_state_replay(struct xfrm_state *x,
2216                              struct sk_buff *skb, __be32 net_seq)
2217 {
2218         struct audit_buffer *audit_buf;
2219         u32 spi;
2220
2221         audit_buf = xfrm_audit_start("SA-replayed-pkt");
2222         if (audit_buf == NULL)
2223                 return;
2224         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2225         spi = ntohl(x->id.spi);
2226         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2227                          spi, spi, ntohl(net_seq));
2228         audit_log_end(audit_buf);
2229 }
2230
2231 void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2232 {
2233         struct audit_buffer *audit_buf;
2234
2235         audit_buf = xfrm_audit_start("SA-notfound");
2236         if (audit_buf == NULL)
2237                 return;
2238         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2239         audit_log_end(audit_buf);
2240 }
2241 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2242
2243 void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2244                                __be32 net_spi, __be32 net_seq)
2245 {
2246         struct audit_buffer *audit_buf;
2247         u32 spi;
2248
2249         audit_buf = xfrm_audit_start("SA-notfound");
2250         if (audit_buf == NULL)
2251                 return;
2252         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2253         spi = ntohl(net_spi);
2254         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2255                          spi, spi, ntohl(net_seq));
2256         audit_log_end(audit_buf);
2257 }
2258 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2259
2260 void xfrm_audit_state_icvfail(struct xfrm_state *x,
2261                               struct sk_buff *skb, u8 proto)
2262 {
2263         struct audit_buffer *audit_buf;
2264         __be32 net_spi;
2265         __be32 net_seq;
2266
2267         audit_buf = xfrm_audit_start("SA-icv-failure");
2268         if (audit_buf == NULL)
2269                 return;
2270         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2271         if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2272                 u32 spi = ntohl(net_spi);
2273                 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2274                                  spi, spi, ntohl(net_seq));
2275         }
2276         audit_log_end(audit_buf);
2277 }
2278 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2279 #endif /* CONFIG_AUDITSYSCALL */