| xfrm_user.c (3d5271f9883cba7b54762bc4fe027d4172f06db7) | xfrm_user.c (df71837d5024e2524cd51c93621e558aa7dd9f3f) |
|---|---|
| 1/* xfrm_user.c: User interface to configure xfrm engine. 2 * 3 * Copyright (C) 2002 David S. Miller (davem@redhat.com) 4 * 5 * Changes: 6 * Mitsuru KANDA @USAGI 7 * Kazunori MIYAZAWA @USAGI 8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 9 * IPv6 support | 1/* xfrm_user.c: User interface to configure xfrm engine. 2 * 3 * Copyright (C) 2002 David S. Miller (davem@redhat.com) 4 * 5 * Changes: 6 * Mitsuru KANDA @USAGI 7 * Kazunori MIYAZAWA @USAGI 8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 9 * IPv6 support |
| 10 * | 10 * |
| 11 */ 12 13#include <linux/module.h> 14#include <linux/kernel.h> 15#include <linux/types.h> 16#include <linux/slab.h> 17#include <linux/socket.h> 18#include <linux/string.h> --- 64 unchanged lines hidden (view full) --- 83 return 0; 84 85 if ((rt->rta_len - sizeof(*rt)) < sizeof(*encap)) 86 return -EINVAL; 87 88 return 0; 89} 90 | 11 */ 12 13#include <linux/module.h> 14#include <linux/kernel.h> 15#include <linux/types.h> 16#include <linux/slab.h> 17#include <linux/socket.h> 18#include <linux/string.h> --- 64 unchanged lines hidden (view full) --- 83 return 0; 84 85 if ((rt->rta_len - sizeof(*rt)) < sizeof(*encap)) 86 return -EINVAL; 87 88 return 0; 89} 90 |
| 91 92static inline int verify_sec_ctx_len(struct rtattr **xfrma) 93{ 94 struct rtattr *rt = xfrma[XFRMA_SEC_CTX - 1]; 95 struct xfrm_user_sec_ctx *uctx; 96 int len = 0; 97 98 if (!rt) 99 return 0; 100 101 if (rt->rta_len < sizeof(*uctx)) 102 return -EINVAL; 103 104 uctx = RTA_DATA(rt); 105 106 if (uctx->ctx_len > PAGE_SIZE) 107 return -EINVAL; 108 109 len += sizeof(struct xfrm_user_sec_ctx); 110 len += uctx->ctx_len; 111 112 if (uctx->len != len) 113 return -EINVAL; 114 115 return 0; 116} 117 118 |
|
| 91static int verify_newsa_info(struct xfrm_usersa_info *p, 92 struct rtattr **xfrma) 93{ 94 int err; 95 96 err = -EINVAL; 97 switch (p->family) { 98 case AF_INET: --- 41 unchanged lines hidden (view full) --- 140 if ((err = verify_one_alg(xfrma, XFRMA_ALG_AUTH))) 141 goto out; 142 if ((err = verify_one_alg(xfrma, XFRMA_ALG_CRYPT))) 143 goto out; 144 if ((err = verify_one_alg(xfrma, XFRMA_ALG_COMP))) 145 goto out; 146 if ((err = verify_encap_tmpl(xfrma))) 147 goto out; | 119static int verify_newsa_info(struct xfrm_usersa_info *p, 120 struct rtattr **xfrma) 121{ 122 int err; 123 124 err = -EINVAL; 125 switch (p->family) { 126 case AF_INET: --- 41 unchanged lines hidden (view full) --- 168 if ((err = verify_one_alg(xfrma, XFRMA_ALG_AUTH))) 169 goto out; 170 if ((err = verify_one_alg(xfrma, XFRMA_ALG_CRYPT))) 171 goto out; 172 if ((err = verify_one_alg(xfrma, XFRMA_ALG_COMP))) 173 goto out; 174 if ((err = verify_encap_tmpl(xfrma))) 175 goto out; |
| 176 if ((err = verify_sec_ctx_len(xfrma))) 177 goto out; |
|
| 148 149 err = -EINVAL; 150 switch (p->mode) { 151 case 0: 152 case 1: 153 break; 154 155 default: --- 48 unchanged lines hidden (view full) --- 204 if (!p) 205 return -ENOMEM; 206 207 memcpy(p, uencap, sizeof(*p)); 208 *encapp = p; 209 return 0; 210} 211 | 178 179 err = -EINVAL; 180 switch (p->mode) { 181 case 0: 182 case 1: 183 break; 184 185 default: --- 48 unchanged lines hidden (view full) --- 234 if (!p) 235 return -ENOMEM; 236 237 memcpy(p, uencap, sizeof(*p)); 238 *encapp = p; 239 return 0; 240} 241 |
| 242 243static inline int xfrm_user_sec_ctx_size(struct xfrm_policy *xp) 244{ 245 struct xfrm_sec_ctx *xfrm_ctx = xp->security; 246 int len = 0; 247 248 if (xfrm_ctx) { 249 len += sizeof(struct xfrm_user_sec_ctx); 250 len += xfrm_ctx->ctx_len; 251 } 252 return len; 253} 254 255static int attach_sec_ctx(struct xfrm_state *x, struct rtattr *u_arg) 256{ 257 struct xfrm_user_sec_ctx *uctx; 258 259 if (!u_arg) 260 return 0; 261 262 uctx = RTA_DATA(u_arg); 263 return security_xfrm_state_alloc(x, uctx); 264} 265 |
|
| 212static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 213{ 214 memcpy(&x->id, &p->id, sizeof(x->id)); 215 memcpy(&x->sel, &p->sel, sizeof(x->sel)); 216 memcpy(&x->lft, &p->lft, sizeof(x->lft)); 217 x->props.mode = p->mode; 218 x->props.replay_window = p->replay_window; 219 x->props.reqid = p->reqid; --- 28 unchanged lines hidden (view full) --- 248 goto error; 249 if ((err = attach_encap_tmpl(&x->encap, xfrma[XFRMA_ENCAP-1]))) 250 goto error; 251 252 err = xfrm_init_state(x); 253 if (err) 254 goto error; 255 | 266static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 267{ 268 memcpy(&x->id, &p->id, sizeof(x->id)); 269 memcpy(&x->sel, &p->sel, sizeof(x->sel)); 270 memcpy(&x->lft, &p->lft, sizeof(x->lft)); 271 x->props.mode = p->mode; 272 x->props.replay_window = p->replay_window; 273 x->props.reqid = p->reqid; --- 28 unchanged lines hidden (view full) --- 302 goto error; 303 if ((err = attach_encap_tmpl(&x->encap, xfrma[XFRMA_ENCAP-1]))) 304 goto error; 305 306 err = xfrm_init_state(x); 307 if (err) 308 goto error; 309 |
| 310 if ((err = attach_sec_ctx(x, xfrma[XFRMA_SEC_CTX-1]))) 311 goto error; 312 |
|
| 256 x->km.seq = p->seq; 257 258 return x; 259 260error: 261 x->km.state = XFRM_STATE_DEAD; 262 xfrm_state_put(x); 263error_no_put: 264 *errp = err; 265 return NULL; 266} 267 268static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 269{ 270 struct xfrm_usersa_info *p = NLMSG_DATA(nlh); 271 struct xfrm_state *x; 272 int err; 273 struct km_event c; 274 | 313 x->km.seq = p->seq; 314 315 return x; 316 317error: 318 x->km.state = XFRM_STATE_DEAD; 319 xfrm_state_put(x); 320error_no_put: 321 *errp = err; 322 return NULL; 323} 324 325static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 326{ 327 struct xfrm_usersa_info *p = NLMSG_DATA(nlh); 328 struct xfrm_state *x; 329 int err; 330 struct km_event c; 331 |
| 275 err = verify_newsa_info(p, (struct rtattr **) xfrma); | 332 err = verify_newsa_info(p, (struct rtattr **)xfrma); |
| 276 if (err) 277 return err; 278 | 333 if (err) 334 return err; 335 |
| 279 x = xfrm_state_construct(p, (struct rtattr **) xfrma, &err); | 336 x = xfrm_state_construct(p, (struct rtattr **)xfrma, &err); |
| 280 if (!x) 281 return err; 282 283 xfrm_state_hold(x); 284 if (nlh->nlmsg_type == XFRM_MSG_NEWSA) 285 err = xfrm_state_add(x); 286 else 287 err = xfrm_state_update(x); --- 97 unchanged lines hidden (view full) --- 385 RTA_PUT(skb, XFRMA_ALG_CRYPT, 386 sizeof(*(x->ealg))+(x->ealg->alg_key_len+7)/8, x->ealg); 387 if (x->calg) 388 RTA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 389 390 if (x->encap) 391 RTA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 392 | 337 if (!x) 338 return err; 339 340 xfrm_state_hold(x); 341 if (nlh->nlmsg_type == XFRM_MSG_NEWSA) 342 err = xfrm_state_add(x); 343 else 344 err = xfrm_state_update(x); --- 97 unchanged lines hidden (view full) --- 442 RTA_PUT(skb, XFRMA_ALG_CRYPT, 443 sizeof(*(x->ealg))+(x->ealg->alg_key_len+7)/8, x->ealg); 444 if (x->calg) 445 RTA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 446 447 if (x->encap) 448 RTA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 449 |
| 450 if (x->security) { 451 int ctx_size = sizeof(struct xfrm_sec_ctx) + 452 x->security->ctx_len; 453 struct rtattr *rt = __RTA_PUT(skb, XFRMA_SEC_CTX, ctx_size); 454 struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt); 455 456 uctx->exttype = XFRMA_SEC_CTX; 457 uctx->len = ctx_size; 458 uctx->ctx_doi = x->security->ctx_doi; 459 uctx->ctx_alg = x->security->ctx_alg; 460 uctx->ctx_len = x->security->ctx_len; 461 memcpy(uctx + 1, x->security->ctx_str, x->security->ctx_len); 462 } |
|
| 393 nlh->nlmsg_len = skb->tail - b; 394out: 395 sp->this_idx++; 396 return 0; 397 398nlmsg_failure: 399rtattr_failure: 400 skb_trim(skb, b - skb->data); --- 197 unchanged lines hidden (view full) --- 598 599 default: 600 return -EINVAL; 601 }; 602 603 return verify_policy_dir(p->dir); 604} 605 | 463 nlh->nlmsg_len = skb->tail - b; 464out: 465 sp->this_idx++; 466 return 0; 467 468nlmsg_failure: 469rtattr_failure: 470 skb_trim(skb, b - skb->data); --- 197 unchanged lines hidden (view full) --- 668 669 default: 670 return -EINVAL; 671 }; 672 673 return verify_policy_dir(p->dir); 674} 675 |
| 676static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct rtattr **xfrma) 677{ 678 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 679 struct xfrm_user_sec_ctx *uctx; 680 681 if (!rt) 682 return 0; 683 684 uctx = RTA_DATA(rt); 685 return security_xfrm_policy_alloc(pol, uctx); 686} 687 |
|
| 606static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, 607 int nr) 608{ 609 int i; 610 611 xp->xfrm_nr = nr; 612 for (i = 0; i < nr; i++, ut++) { 613 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; --- 62 unchanged lines hidden (view full) --- 676 int err; 677 678 if (!xp) { 679 *errp = -ENOMEM; 680 return NULL; 681 } 682 683 copy_from_user_policy(xp, p); | 688static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, 689 int nr) 690{ 691 int i; 692 693 xp->xfrm_nr = nr; 694 for (i = 0; i < nr; i++, ut++) { 695 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; --- 62 unchanged lines hidden (view full) --- 758 int err; 759 760 if (!xp) { 761 *errp = -ENOMEM; 762 return NULL; 763 } 764 765 copy_from_user_policy(xp, p); |
| 684 err = copy_from_user_tmpl(xp, xfrma); | 766 767 if (!(err = copy_from_user_tmpl(xp, xfrma))) 768 err = copy_from_user_sec_ctx(xp, xfrma); 769 |
| 685 if (err) { 686 *errp = err; 687 kfree(xp); 688 xp = NULL; 689 } 690 691 return xp; 692} --- 4 unchanged lines hidden (view full) --- 697 struct xfrm_policy *xp; 698 struct km_event c; 699 int err; 700 int excl; 701 702 err = verify_newpolicy_info(p); 703 if (err) 704 return err; | 770 if (err) { 771 *errp = err; 772 kfree(xp); 773 xp = NULL; 774 } 775 776 return xp; 777} --- 4 unchanged lines hidden (view full) --- 782 struct xfrm_policy *xp; 783 struct km_event c; 784 int err; 785 int excl; 786 787 err = verify_newpolicy_info(p); 788 if (err) 789 return err; |
| 790 err = verify_sec_ctx_len((struct rtattr **)xfrma); 791 if (err) 792 return err; |
|
| 705 | 793 |
| 706 xp = xfrm_policy_construct(p, (struct rtattr **) xfrma, &err); | 794 xp = xfrm_policy_construct(p, (struct rtattr **)xfrma, &err); |
| 707 if (!xp) 708 return err; 709 710 /* shouldnt excl be based on nlh flags?? 711 * Aha! this is anti-netlink really i.e more pfkey derived 712 * in netlink excl is a flag and you wouldnt need 713 * a type XFRM_MSG_UPDPOLICY - JHS */ 714 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; --- 41 unchanged lines hidden (view full) --- 756 vec); 757 758 return 0; 759 760rtattr_failure: 761 return -1; 762} 763 | 795 if (!xp) 796 return err; 797 798 /* shouldnt excl be based on nlh flags?? 799 * Aha! this is anti-netlink really i.e more pfkey derived 800 * in netlink excl is a flag and you wouldnt need 801 * a type XFRM_MSG_UPDPOLICY - JHS */ 802 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; --- 41 unchanged lines hidden (view full) --- 844 vec); 845 846 return 0; 847 848rtattr_failure: 849 return -1; 850} 851 |
| 852static int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *skb) 853{ 854 if (xp->security) { 855 int ctx_size = sizeof(struct xfrm_sec_ctx) + 856 xp->security->ctx_len; 857 struct rtattr *rt = __RTA_PUT(skb, XFRMA_SEC_CTX, ctx_size); 858 struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt); 859 860 uctx->exttype = XFRMA_SEC_CTX; 861 uctx->len = ctx_size; 862 uctx->ctx_doi = xp->security->ctx_doi; 863 uctx->ctx_alg = xp->security->ctx_alg; 864 uctx->ctx_len = xp->security->ctx_len; 865 memcpy(uctx + 1, xp->security->ctx_str, xp->security->ctx_len); 866 } 867 return 0; 868 869 rtattr_failure: 870 return -1; 871} 872 |
|
| 764static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr) 765{ 766 struct xfrm_dump_info *sp = ptr; 767 struct xfrm_userpolicy_info *p; 768 struct sk_buff *in_skb = sp->in_skb; 769 struct sk_buff *skb = sp->out_skb; 770 struct nlmsghdr *nlh; 771 unsigned char *b = skb->tail; --- 5 unchanged lines hidden (view full) --- 777 sp->nlmsg_seq, 778 XFRM_MSG_NEWPOLICY, sizeof(*p)); 779 p = NLMSG_DATA(nlh); 780 nlh->nlmsg_flags = sp->nlmsg_flags; 781 782 copy_to_user_policy(xp, p, dir); 783 if (copy_to_user_tmpl(xp, skb) < 0) 784 goto nlmsg_failure; | 873static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr) 874{ 875 struct xfrm_dump_info *sp = ptr; 876 struct xfrm_userpolicy_info *p; 877 struct sk_buff *in_skb = sp->in_skb; 878 struct sk_buff *skb = sp->out_skb; 879 struct nlmsghdr *nlh; 880 unsigned char *b = skb->tail; --- 5 unchanged lines hidden (view full) --- 886 sp->nlmsg_seq, 887 XFRM_MSG_NEWPOLICY, sizeof(*p)); 888 p = NLMSG_DATA(nlh); 889 nlh->nlmsg_flags = sp->nlmsg_flags; 890 891 copy_to_user_policy(xp, p, dir); 892 if (copy_to_user_tmpl(xp, skb) < 0) 893 goto nlmsg_failure; |
| 894 if (copy_to_user_sec_ctx(xp, skb)) 895 goto nlmsg_failure; |
|
| 785 786 nlh->nlmsg_len = skb->tail - b; 787out: 788 sp->this_idx++; 789 return 0; 790 791nlmsg_failure: 792 skb_trim(skb, b - skb->data); --- 54 unchanged lines hidden (view full) --- 847 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; 848 849 err = verify_policy_dir(p->dir); 850 if (err) 851 return err; 852 853 if (p->index) 854 xp = xfrm_policy_byid(p->dir, p->index, delete); | 896 897 nlh->nlmsg_len = skb->tail - b; 898out: 899 sp->this_idx++; 900 return 0; 901 902nlmsg_failure: 903 skb_trim(skb, b - skb->data); --- 54 unchanged lines hidden (view full) --- 958 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; 959 960 err = verify_policy_dir(p->dir); 961 if (err) 962 return err; 963 964 if (p->index) 965 xp = xfrm_policy_byid(p->dir, p->index, delete); |
| 855 else 856 xp = xfrm_policy_bysel(p->dir, &p->sel, delete); | 966 else { 967 struct rtattr **rtattrs = (struct rtattr **)xfrma; 968 struct rtattr *rt = rtattrs[XFRMA_SEC_CTX-1]; 969 struct xfrm_policy tmp; 970 971 err = verify_sec_ctx_len(rtattrs); 972 if (err) 973 return err; 974 975 memset(&tmp, 0, sizeof(struct xfrm_policy)); 976 if (rt) { 977 struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt); 978 979 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 980 return err; 981 } 982 xp = xfrm_policy_bysel_ctx(p->dir, &p->sel, tmp.security, delete); 983 security_xfrm_policy_free(&tmp); 984 } |
| 857 if (xp == NULL) 858 return -ENOENT; 859 860 if (!delete) { 861 struct sk_buff *resp_skb; 862 863 resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq); 864 if (IS_ERR(resp_skb)) { --- 354 unchanged lines hidden (view full) --- 1219 copy_to_user_policy(xp, &ua->policy, dir); 1220 ua->aalgos = xt->aalgos; 1221 ua->ealgos = xt->ealgos; 1222 ua->calgos = xt->calgos; 1223 ua->seq = x->km.seq = seq; 1224 1225 if (copy_to_user_tmpl(xp, skb) < 0) 1226 goto nlmsg_failure; | 985 if (xp == NULL) 986 return -ENOENT; 987 988 if (!delete) { 989 struct sk_buff *resp_skb; 990 991 resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq); 992 if (IS_ERR(resp_skb)) { --- 354 unchanged lines hidden (view full) --- 1347 copy_to_user_policy(xp, &ua->policy, dir); 1348 ua->aalgos = xt->aalgos; 1349 ua->ealgos = xt->ealgos; 1350 ua->calgos = xt->calgos; 1351 ua->seq = x->km.seq = seq; 1352 1353 if (copy_to_user_tmpl(xp, skb) < 0) 1354 goto nlmsg_failure; |
| 1355 if (copy_to_user_sec_ctx(xp, skb)) 1356 goto nlmsg_failure; |
|
| 1227 1228 nlh->nlmsg_len = skb->tail - b; 1229 return skb->len; 1230 1231nlmsg_failure: 1232 skb_trim(skb, b - skb->data); 1233 return -1; 1234} 1235 1236static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, 1237 struct xfrm_policy *xp, int dir) 1238{ 1239 struct sk_buff *skb; 1240 size_t len; 1241 1242 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 1243 len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire)); | 1357 1358 nlh->nlmsg_len = skb->tail - b; 1359 return skb->len; 1360 1361nlmsg_failure: 1362 skb_trim(skb, b - skb->data); 1363 return -1; 1364} 1365 1366static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, 1367 struct xfrm_policy *xp, int dir) 1368{ 1369 struct sk_buff *skb; 1370 size_t len; 1371 1372 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 1373 len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire)); |
| 1374 len += RTA_SPACE(xfrm_user_sec_ctx_size(xp)); |
|
| 1244 skb = alloc_skb(len, GFP_ATOMIC); 1245 if (skb == NULL) 1246 return -ENOMEM; 1247 1248 if (build_acquire(skb, x, xt, xp, dir) < 0) 1249 BUG(); 1250 1251 NETLINK_CB(skb).dst_group = XFRMNLGRP_ACQUIRE; --- 67 unchanged lines hidden (view full) --- 1319 1320 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe)); 1321 upe = NLMSG_DATA(nlh); 1322 nlh->nlmsg_flags = 0; 1323 1324 copy_to_user_policy(xp, &upe->pol, dir); 1325 if (copy_to_user_tmpl(xp, skb) < 0) 1326 goto nlmsg_failure; | 1375 skb = alloc_skb(len, GFP_ATOMIC); 1376 if (skb == NULL) 1377 return -ENOMEM; 1378 1379 if (build_acquire(skb, x, xt, xp, dir) < 0) 1380 BUG(); 1381 1382 NETLINK_CB(skb).dst_group = XFRMNLGRP_ACQUIRE; --- 67 unchanged lines hidden (view full) --- 1450 1451 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe)); 1452 upe = NLMSG_DATA(nlh); 1453 nlh->nlmsg_flags = 0; 1454 1455 copy_to_user_policy(xp, &upe->pol, dir); 1456 if (copy_to_user_tmpl(xp, skb) < 0) 1457 goto nlmsg_failure; |
| 1458 if (copy_to_user_sec_ctx(xp, skb)) 1459 goto nlmsg_failure; |
|
| 1327 upe->hard = !!hard; 1328 1329 nlh->nlmsg_len = skb->tail - b; 1330 return skb->len; 1331 1332nlmsg_failure: 1333 skb_trim(skb, b - skb->data); 1334 return -1; 1335} 1336 1337static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 1338{ 1339 struct sk_buff *skb; 1340 size_t len; 1341 1342 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 1343 len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire)); | 1460 upe->hard = !!hard; 1461 1462 nlh->nlmsg_len = skb->tail - b; 1463 return skb->len; 1464 1465nlmsg_failure: 1466 skb_trim(skb, b - skb->data); 1467 return -1; 1468} 1469 1470static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 1471{ 1472 struct sk_buff *skb; 1473 size_t len; 1474 1475 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 1476 len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire)); |
| 1477 len += RTA_SPACE(xfrm_user_sec_ctx_size(xp)); |
|
| 1344 skb = alloc_skb(len, GFP_ATOMIC); 1345 if (skb == NULL) 1346 return -ENOMEM; 1347 1348 if (build_polexpire(skb, xp, dir, c->data.hard) < 0) 1349 BUG(); 1350 1351 NETLINK_CB(skb).dst_group = XFRMNLGRP_EXPIRE; --- 134 unchanged lines hidden --- | 1478 skb = alloc_skb(len, GFP_ATOMIC); 1479 if (skb == NULL) 1480 return -ENOMEM; 1481 1482 if (build_polexpire(skb, xp, dir, c->data.hard) < 0) 1483 BUG(); 1484 1485 NETLINK_CB(skb).dst_group = XFRMNLGRP_EXPIRE; --- 134 unchanged lines hidden --- |