1 /* 2 * xfrm_state.c 3 * 4 * Changes: 5 * Mitsuru KANDA @USAGI 6 * Kazunori MIYAZAWA @USAGI 7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 8 * IPv6 support 9 * YOSHIFUJI Hideaki @USAGI 10 * Split up af-specific functions 11 * Derek Atkins <derek@ihtfp.com> 12 * Add UDP Encapsulation 13 * 14 */ 15 16 #include <linux/workqueue.h> 17 #include <net/xfrm.h> 18 #include <linux/pfkeyv2.h> 19 #include <linux/ipsec.h> 20 #include <linux/module.h> 21 #include <asm/uaccess.h> 22 23 struct sock *xfrm_nl; 24 EXPORT_SYMBOL(xfrm_nl); 25 26 u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME; 27 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime); 28 29 u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE; 30 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth); 31 32 /* Each xfrm_state may be linked to two tables: 33 34 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl) 35 2. Hash table by daddr to find what SAs exist for given 36 destination/tunnel endpoint. (output) 37 */ 38 39 static DEFINE_SPINLOCK(xfrm_state_lock); 40 41 /* Hash table to find appropriate SA towards given target (endpoint 42 * of tunnel or destination of transport mode) allowed by selector. 43 * 44 * Main use is finding SA after policy selected tunnel or transport mode. 45 * Also, it can be used by ah/esp icmp error handler to find offending SA. 46 */ 47 static struct list_head xfrm_state_bydst[XFRM_DST_HSIZE]; 48 static struct list_head xfrm_state_byspi[XFRM_DST_HSIZE]; 49 50 DECLARE_WAIT_QUEUE_HEAD(km_waitq); 51 EXPORT_SYMBOL(km_waitq); 52 53 static DEFINE_RWLOCK(xfrm_state_afinfo_lock); 54 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO]; 55 56 static struct work_struct xfrm_state_gc_work; 57 static struct list_head xfrm_state_gc_list = LIST_HEAD_INIT(xfrm_state_gc_list); 58 static DEFINE_SPINLOCK(xfrm_state_gc_lock); 59 60 static int xfrm_state_gc_flush_bundles; 61 62 int __xfrm_state_delete(struct xfrm_state *x); 63 64 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family); 65 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo); 66 67 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); 68 void km_state_expired(struct xfrm_state *x, int hard, u32 pid); 69 70 static void xfrm_state_gc_destroy(struct xfrm_state *x) 71 { 72 if (del_timer(&x->timer)) 73 BUG(); 74 if (del_timer(&x->rtimer)) 75 BUG(); 76 kfree(x->aalg); 77 kfree(x->ealg); 78 kfree(x->calg); 79 kfree(x->encap); 80 if (x->mode) 81 xfrm_put_mode(x->mode); 82 if (x->type) { 83 x->type->destructor(x); 84 xfrm_put_type(x->type); 85 } 86 security_xfrm_state_free(x); 87 kfree(x); 88 } 89 90 static void xfrm_state_gc_task(void *data) 91 { 92 struct xfrm_state *x; 93 struct list_head *entry, *tmp; 94 struct list_head gc_list = LIST_HEAD_INIT(gc_list); 95 96 if (xfrm_state_gc_flush_bundles) { 97 xfrm_state_gc_flush_bundles = 0; 98 xfrm_flush_bundles(); 99 } 100 101 spin_lock_bh(&xfrm_state_gc_lock); 102 list_splice_init(&xfrm_state_gc_list, &gc_list); 103 spin_unlock_bh(&xfrm_state_gc_lock); 104 105 list_for_each_safe(entry, tmp, &gc_list) { 106 x = list_entry(entry, struct xfrm_state, bydst); 107 xfrm_state_gc_destroy(x); 108 } 109 wake_up(&km_waitq); 110 } 111 112 static inline unsigned long make_jiffies(long secs) 113 { 114 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ) 115 return MAX_SCHEDULE_TIMEOUT-1; 116 else 117 return secs*HZ; 118 } 119 120 static void xfrm_timer_handler(unsigned long data) 121 { 122 struct xfrm_state *x = (struct xfrm_state*)data; 123 unsigned long now = (unsigned long)xtime.tv_sec; 124 long next = LONG_MAX; 125 int warn = 0; 126 127 spin_lock(&x->lock); 128 if (x->km.state == XFRM_STATE_DEAD) 129 goto out; 130 if (x->km.state == XFRM_STATE_EXPIRED) 131 goto expired; 132 if (x->lft.hard_add_expires_seconds) { 133 long tmo = x->lft.hard_add_expires_seconds + 134 x->curlft.add_time - now; 135 if (tmo <= 0) 136 goto expired; 137 if (tmo < next) 138 next = tmo; 139 } 140 if (x->lft.hard_use_expires_seconds) { 141 long tmo = x->lft.hard_use_expires_seconds + 142 (x->curlft.use_time ? : now) - now; 143 if (tmo <= 0) 144 goto expired; 145 if (tmo < next) 146 next = tmo; 147 } 148 if (x->km.dying) 149 goto resched; 150 if (x->lft.soft_add_expires_seconds) { 151 long tmo = x->lft.soft_add_expires_seconds + 152 x->curlft.add_time - now; 153 if (tmo <= 0) 154 warn = 1; 155 else if (tmo < next) 156 next = tmo; 157 } 158 if (x->lft.soft_use_expires_seconds) { 159 long tmo = x->lft.soft_use_expires_seconds + 160 (x->curlft.use_time ? : now) - now; 161 if (tmo <= 0) 162 warn = 1; 163 else if (tmo < next) 164 next = tmo; 165 } 166 167 x->km.dying = warn; 168 if (warn) 169 km_state_expired(x, 0, 0); 170 resched: 171 if (next != LONG_MAX && 172 !mod_timer(&x->timer, jiffies + make_jiffies(next))) 173 xfrm_state_hold(x); 174 goto out; 175 176 expired: 177 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) { 178 x->km.state = XFRM_STATE_EXPIRED; 179 wake_up(&km_waitq); 180 next = 2; 181 goto resched; 182 } 183 if (!__xfrm_state_delete(x) && x->id.spi) 184 km_state_expired(x, 1, 0); 185 186 out: 187 spin_unlock(&x->lock); 188 xfrm_state_put(x); 189 } 190 191 static void xfrm_replay_timer_handler(unsigned long data); 192 193 struct xfrm_state *xfrm_state_alloc(void) 194 { 195 struct xfrm_state *x; 196 197 x = kmalloc(sizeof(struct xfrm_state), GFP_ATOMIC); 198 199 if (x) { 200 memset(x, 0, sizeof(struct xfrm_state)); 201 atomic_set(&x->refcnt, 1); 202 atomic_set(&x->tunnel_users, 0); 203 INIT_LIST_HEAD(&x->bydst); 204 INIT_LIST_HEAD(&x->byspi); 205 init_timer(&x->timer); 206 x->timer.function = xfrm_timer_handler; 207 x->timer.data = (unsigned long)x; 208 init_timer(&x->rtimer); 209 x->rtimer.function = xfrm_replay_timer_handler; 210 x->rtimer.data = (unsigned long)x; 211 x->curlft.add_time = (unsigned long)xtime.tv_sec; 212 x->lft.soft_byte_limit = XFRM_INF; 213 x->lft.soft_packet_limit = XFRM_INF; 214 x->lft.hard_byte_limit = XFRM_INF; 215 x->lft.hard_packet_limit = XFRM_INF; 216 x->replay_maxage = 0; 217 x->replay_maxdiff = 0; 218 spin_lock_init(&x->lock); 219 } 220 return x; 221 } 222 EXPORT_SYMBOL(xfrm_state_alloc); 223 224 void __xfrm_state_destroy(struct xfrm_state *x) 225 { 226 BUG_TRAP(x->km.state == XFRM_STATE_DEAD); 227 228 spin_lock_bh(&xfrm_state_gc_lock); 229 list_add(&x->bydst, &xfrm_state_gc_list); 230 spin_unlock_bh(&xfrm_state_gc_lock); 231 schedule_work(&xfrm_state_gc_work); 232 } 233 EXPORT_SYMBOL(__xfrm_state_destroy); 234 235 int __xfrm_state_delete(struct xfrm_state *x) 236 { 237 int err = -ESRCH; 238 239 if (x->km.state != XFRM_STATE_DEAD) { 240 x->km.state = XFRM_STATE_DEAD; 241 spin_lock(&xfrm_state_lock); 242 list_del(&x->bydst); 243 __xfrm_state_put(x); 244 if (x->id.spi) { 245 list_del(&x->byspi); 246 __xfrm_state_put(x); 247 } 248 spin_unlock(&xfrm_state_lock); 249 if (del_timer(&x->timer)) 250 __xfrm_state_put(x); 251 if (del_timer(&x->rtimer)) 252 __xfrm_state_put(x); 253 254 /* The number two in this test is the reference 255 * mentioned in the comment below plus the reference 256 * our caller holds. A larger value means that 257 * there are DSTs attached to this xfrm_state. 258 */ 259 if (atomic_read(&x->refcnt) > 2) { 260 xfrm_state_gc_flush_bundles = 1; 261 schedule_work(&xfrm_state_gc_work); 262 } 263 264 /* All xfrm_state objects are created by xfrm_state_alloc. 265 * The xfrm_state_alloc call gives a reference, and that 266 * is what we are dropping here. 267 */ 268 __xfrm_state_put(x); 269 err = 0; 270 } 271 272 return err; 273 } 274 EXPORT_SYMBOL(__xfrm_state_delete); 275 276 int xfrm_state_delete(struct xfrm_state *x) 277 { 278 int err; 279 280 spin_lock_bh(&x->lock); 281 err = __xfrm_state_delete(x); 282 spin_unlock_bh(&x->lock); 283 284 return err; 285 } 286 EXPORT_SYMBOL(xfrm_state_delete); 287 288 void xfrm_state_flush(u8 proto) 289 { 290 int i; 291 struct xfrm_state *x; 292 293 spin_lock_bh(&xfrm_state_lock); 294 for (i = 0; i < XFRM_DST_HSIZE; i++) { 295 restart: 296 list_for_each_entry(x, xfrm_state_bydst+i, bydst) { 297 if (!xfrm_state_kern(x) && 298 (proto == IPSEC_PROTO_ANY || x->id.proto == proto)) { 299 xfrm_state_hold(x); 300 spin_unlock_bh(&xfrm_state_lock); 301 302 xfrm_state_delete(x); 303 xfrm_state_put(x); 304 305 spin_lock_bh(&xfrm_state_lock); 306 goto restart; 307 } 308 } 309 } 310 spin_unlock_bh(&xfrm_state_lock); 311 wake_up(&km_waitq); 312 } 313 EXPORT_SYMBOL(xfrm_state_flush); 314 315 static int 316 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl, 317 struct xfrm_tmpl *tmpl, 318 xfrm_address_t *daddr, xfrm_address_t *saddr, 319 unsigned short family) 320 { 321 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 322 if (!afinfo) 323 return -1; 324 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr); 325 xfrm_state_put_afinfo(afinfo); 326 return 0; 327 } 328 329 struct xfrm_state * 330 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 331 struct flowi *fl, struct xfrm_tmpl *tmpl, 332 struct xfrm_policy *pol, int *err, 333 unsigned short family) 334 { 335 unsigned h = xfrm_dst_hash(daddr, family); 336 struct xfrm_state *x, *x0; 337 int acquire_in_progress = 0; 338 int error = 0; 339 struct xfrm_state *best = NULL; 340 struct xfrm_state_afinfo *afinfo; 341 342 afinfo = xfrm_state_get_afinfo(family); 343 if (afinfo == NULL) { 344 *err = -EAFNOSUPPORT; 345 return NULL; 346 } 347 348 spin_lock_bh(&xfrm_state_lock); 349 list_for_each_entry(x, xfrm_state_bydst+h, bydst) { 350 if (x->props.family == family && 351 x->props.reqid == tmpl->reqid && 352 xfrm_state_addr_check(x, daddr, saddr, family) && 353 tmpl->mode == x->props.mode && 354 tmpl->id.proto == x->id.proto && 355 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) { 356 /* Resolution logic: 357 1. There is a valid state with matching selector. 358 Done. 359 2. Valid state with inappropriate selector. Skip. 360 361 Entering area of "sysdeps". 362 363 3. If state is not valid, selector is temporary, 364 it selects only session which triggered 365 previous resolution. Key manager will do 366 something to install a state with proper 367 selector. 368 */ 369 if (x->km.state == XFRM_STATE_VALID) { 370 if (!xfrm_selector_match(&x->sel, fl, family) || 371 !xfrm_sec_ctx_match(pol->security, x->security)) 372 continue; 373 if (!best || 374 best->km.dying > x->km.dying || 375 (best->km.dying == x->km.dying && 376 best->curlft.add_time < x->curlft.add_time)) 377 best = x; 378 } else if (x->km.state == XFRM_STATE_ACQ) { 379 acquire_in_progress = 1; 380 } else if (x->km.state == XFRM_STATE_ERROR || 381 x->km.state == XFRM_STATE_EXPIRED) { 382 if (xfrm_selector_match(&x->sel, fl, family) && 383 xfrm_sec_ctx_match(pol->security, x->security)) 384 error = -ESRCH; 385 } 386 } 387 } 388 389 x = best; 390 if (!x && !error && !acquire_in_progress) { 391 if (tmpl->id.spi && 392 (x0 = afinfo->state_lookup(daddr, tmpl->id.spi, 393 tmpl->id.proto)) != NULL) { 394 xfrm_state_put(x0); 395 error = -EEXIST; 396 goto out; 397 } 398 x = xfrm_state_alloc(); 399 if (x == NULL) { 400 error = -ENOMEM; 401 goto out; 402 } 403 /* Initialize temporary selector matching only 404 * to current session. */ 405 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family); 406 407 if (km_query(x, tmpl, pol) == 0) { 408 x->km.state = XFRM_STATE_ACQ; 409 list_add_tail(&x->bydst, xfrm_state_bydst+h); 410 xfrm_state_hold(x); 411 if (x->id.spi) { 412 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family); 413 list_add(&x->byspi, xfrm_state_byspi+h); 414 xfrm_state_hold(x); 415 } 416 x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES; 417 xfrm_state_hold(x); 418 x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ; 419 add_timer(&x->timer); 420 } else { 421 x->km.state = XFRM_STATE_DEAD; 422 xfrm_state_put(x); 423 x = NULL; 424 error = -ESRCH; 425 } 426 } 427 out: 428 if (x) 429 xfrm_state_hold(x); 430 else 431 *err = acquire_in_progress ? -EAGAIN : error; 432 spin_unlock_bh(&xfrm_state_lock); 433 xfrm_state_put_afinfo(afinfo); 434 return x; 435 } 436 437 static void __xfrm_state_insert(struct xfrm_state *x) 438 { 439 unsigned h = xfrm_dst_hash(&x->id.daddr, x->props.family); 440 441 list_add(&x->bydst, xfrm_state_bydst+h); 442 xfrm_state_hold(x); 443 444 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family); 445 446 list_add(&x->byspi, xfrm_state_byspi+h); 447 xfrm_state_hold(x); 448 449 if (!mod_timer(&x->timer, jiffies + HZ)) 450 xfrm_state_hold(x); 451 452 if (x->replay_maxage && 453 !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) 454 xfrm_state_hold(x); 455 456 wake_up(&km_waitq); 457 } 458 459 void xfrm_state_insert(struct xfrm_state *x) 460 { 461 spin_lock_bh(&xfrm_state_lock); 462 __xfrm_state_insert(x); 463 spin_unlock_bh(&xfrm_state_lock); 464 465 xfrm_flush_all_bundles(); 466 } 467 EXPORT_SYMBOL(xfrm_state_insert); 468 469 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq); 470 471 int xfrm_state_add(struct xfrm_state *x) 472 { 473 struct xfrm_state_afinfo *afinfo; 474 struct xfrm_state *x1; 475 int family; 476 int err; 477 478 family = x->props.family; 479 afinfo = xfrm_state_get_afinfo(family); 480 if (unlikely(afinfo == NULL)) 481 return -EAFNOSUPPORT; 482 483 spin_lock_bh(&xfrm_state_lock); 484 485 x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto); 486 if (x1) { 487 xfrm_state_put(x1); 488 x1 = NULL; 489 err = -EEXIST; 490 goto out; 491 } 492 493 if (x->km.seq) { 494 x1 = __xfrm_find_acq_byseq(x->km.seq); 495 if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) { 496 xfrm_state_put(x1); 497 x1 = NULL; 498 } 499 } 500 501 if (!x1) 502 x1 = afinfo->find_acq( 503 x->props.mode, x->props.reqid, x->id.proto, 504 &x->id.daddr, &x->props.saddr, 0); 505 506 __xfrm_state_insert(x); 507 err = 0; 508 509 out: 510 spin_unlock_bh(&xfrm_state_lock); 511 xfrm_state_put_afinfo(afinfo); 512 513 if (!err) 514 xfrm_flush_all_bundles(); 515 516 if (x1) { 517 xfrm_state_delete(x1); 518 xfrm_state_put(x1); 519 } 520 521 return err; 522 } 523 EXPORT_SYMBOL(xfrm_state_add); 524 525 int xfrm_state_update(struct xfrm_state *x) 526 { 527 struct xfrm_state_afinfo *afinfo; 528 struct xfrm_state *x1; 529 int err; 530 531 afinfo = xfrm_state_get_afinfo(x->props.family); 532 if (unlikely(afinfo == NULL)) 533 return -EAFNOSUPPORT; 534 535 spin_lock_bh(&xfrm_state_lock); 536 x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto); 537 538 err = -ESRCH; 539 if (!x1) 540 goto out; 541 542 if (xfrm_state_kern(x1)) { 543 xfrm_state_put(x1); 544 err = -EEXIST; 545 goto out; 546 } 547 548 if (x1->km.state == XFRM_STATE_ACQ) { 549 __xfrm_state_insert(x); 550 x = NULL; 551 } 552 err = 0; 553 554 out: 555 spin_unlock_bh(&xfrm_state_lock); 556 xfrm_state_put_afinfo(afinfo); 557 558 if (err) 559 return err; 560 561 if (!x) { 562 xfrm_state_delete(x1); 563 xfrm_state_put(x1); 564 return 0; 565 } 566 567 err = -EINVAL; 568 spin_lock_bh(&x1->lock); 569 if (likely(x1->km.state == XFRM_STATE_VALID)) { 570 if (x->encap && x1->encap) 571 memcpy(x1->encap, x->encap, sizeof(*x1->encap)); 572 memcpy(&x1->lft, &x->lft, sizeof(x1->lft)); 573 x1->km.dying = 0; 574 575 if (!mod_timer(&x1->timer, jiffies + HZ)) 576 xfrm_state_hold(x1); 577 if (x1->curlft.use_time) 578 xfrm_state_check_expire(x1); 579 580 err = 0; 581 } 582 spin_unlock_bh(&x1->lock); 583 584 xfrm_state_put(x1); 585 586 return err; 587 } 588 EXPORT_SYMBOL(xfrm_state_update); 589 590 int xfrm_state_check_expire(struct xfrm_state *x) 591 { 592 if (!x->curlft.use_time) 593 x->curlft.use_time = (unsigned long)xtime.tv_sec; 594 595 if (x->km.state != XFRM_STATE_VALID) 596 return -EINVAL; 597 598 if (x->curlft.bytes >= x->lft.hard_byte_limit || 599 x->curlft.packets >= x->lft.hard_packet_limit) { 600 x->km.state = XFRM_STATE_EXPIRED; 601 if (!mod_timer(&x->timer, jiffies)) 602 xfrm_state_hold(x); 603 return -EINVAL; 604 } 605 606 if (!x->km.dying && 607 (x->curlft.bytes >= x->lft.soft_byte_limit || 608 x->curlft.packets >= x->lft.soft_packet_limit)) { 609 x->km.dying = 1; 610 km_state_expired(x, 0, 0); 611 } 612 return 0; 613 } 614 EXPORT_SYMBOL(xfrm_state_check_expire); 615 616 static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb) 617 { 618 int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev) 619 - skb_headroom(skb); 620 621 if (nhead > 0) 622 return pskb_expand_head(skb, nhead, 0, GFP_ATOMIC); 623 624 /* Check tail too... */ 625 return 0; 626 } 627 628 int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb) 629 { 630 int err = xfrm_state_check_expire(x); 631 if (err < 0) 632 goto err; 633 err = xfrm_state_check_space(x, skb); 634 err: 635 return err; 636 } 637 EXPORT_SYMBOL(xfrm_state_check); 638 639 struct xfrm_state * 640 xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto, 641 unsigned short family) 642 { 643 struct xfrm_state *x; 644 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 645 if (!afinfo) 646 return NULL; 647 648 spin_lock_bh(&xfrm_state_lock); 649 x = afinfo->state_lookup(daddr, spi, proto); 650 spin_unlock_bh(&xfrm_state_lock); 651 xfrm_state_put_afinfo(afinfo); 652 return x; 653 } 654 EXPORT_SYMBOL(xfrm_state_lookup); 655 656 struct xfrm_state * 657 xfrm_find_acq(u8 mode, u32 reqid, u8 proto, 658 xfrm_address_t *daddr, xfrm_address_t *saddr, 659 int create, unsigned short family) 660 { 661 struct xfrm_state *x; 662 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 663 if (!afinfo) 664 return NULL; 665 666 spin_lock_bh(&xfrm_state_lock); 667 x = afinfo->find_acq(mode, reqid, proto, daddr, saddr, create); 668 spin_unlock_bh(&xfrm_state_lock); 669 xfrm_state_put_afinfo(afinfo); 670 return x; 671 } 672 EXPORT_SYMBOL(xfrm_find_acq); 673 674 /* Silly enough, but I'm lazy to build resolution list */ 675 676 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq) 677 { 678 int i; 679 struct xfrm_state *x; 680 681 for (i = 0; i < XFRM_DST_HSIZE; i++) { 682 list_for_each_entry(x, xfrm_state_bydst+i, bydst) { 683 if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) { 684 xfrm_state_hold(x); 685 return x; 686 } 687 } 688 } 689 return NULL; 690 } 691 692 struct xfrm_state *xfrm_find_acq_byseq(u32 seq) 693 { 694 struct xfrm_state *x; 695 696 spin_lock_bh(&xfrm_state_lock); 697 x = __xfrm_find_acq_byseq(seq); 698 spin_unlock_bh(&xfrm_state_lock); 699 return x; 700 } 701 EXPORT_SYMBOL(xfrm_find_acq_byseq); 702 703 u32 xfrm_get_acqseq(void) 704 { 705 u32 res; 706 static u32 acqseq; 707 static DEFINE_SPINLOCK(acqseq_lock); 708 709 spin_lock_bh(&acqseq_lock); 710 res = (++acqseq ? : ++acqseq); 711 spin_unlock_bh(&acqseq_lock); 712 return res; 713 } 714 EXPORT_SYMBOL(xfrm_get_acqseq); 715 716 void 717 xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi) 718 { 719 u32 h; 720 struct xfrm_state *x0; 721 722 if (x->id.spi) 723 return; 724 725 if (minspi == maxspi) { 726 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family); 727 if (x0) { 728 xfrm_state_put(x0); 729 return; 730 } 731 x->id.spi = minspi; 732 } else { 733 u32 spi = 0; 734 minspi = ntohl(minspi); 735 maxspi = ntohl(maxspi); 736 for (h=0; h<maxspi-minspi+1; h++) { 737 spi = minspi + net_random()%(maxspi-minspi+1); 738 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family); 739 if (x0 == NULL) { 740 x->id.spi = htonl(spi); 741 break; 742 } 743 xfrm_state_put(x0); 744 } 745 } 746 if (x->id.spi) { 747 spin_lock_bh(&xfrm_state_lock); 748 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family); 749 list_add(&x->byspi, xfrm_state_byspi+h); 750 xfrm_state_hold(x); 751 spin_unlock_bh(&xfrm_state_lock); 752 wake_up(&km_waitq); 753 } 754 } 755 EXPORT_SYMBOL(xfrm_alloc_spi); 756 757 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*), 758 void *data) 759 { 760 int i; 761 struct xfrm_state *x; 762 int count = 0; 763 int err = 0; 764 765 spin_lock_bh(&xfrm_state_lock); 766 for (i = 0; i < XFRM_DST_HSIZE; i++) { 767 list_for_each_entry(x, xfrm_state_bydst+i, bydst) { 768 if (proto == IPSEC_PROTO_ANY || x->id.proto == proto) 769 count++; 770 } 771 } 772 if (count == 0) { 773 err = -ENOENT; 774 goto out; 775 } 776 777 for (i = 0; i < XFRM_DST_HSIZE; i++) { 778 list_for_each_entry(x, xfrm_state_bydst+i, bydst) { 779 if (proto != IPSEC_PROTO_ANY && x->id.proto != proto) 780 continue; 781 err = func(x, --count, data); 782 if (err) 783 goto out; 784 } 785 } 786 out: 787 spin_unlock_bh(&xfrm_state_lock); 788 return err; 789 } 790 EXPORT_SYMBOL(xfrm_state_walk); 791 792 793 void xfrm_replay_notify(struct xfrm_state *x, int event) 794 { 795 struct km_event c; 796 /* we send notify messages in case 797 * 1. we updated on of the sequence numbers, and the seqno difference 798 * is at least x->replay_maxdiff, in this case we also update the 799 * timeout of our timer function 800 * 2. if x->replay_maxage has elapsed since last update, 801 * and there were changes 802 * 803 * The state structure must be locked! 804 */ 805 806 switch (event) { 807 case XFRM_REPLAY_UPDATE: 808 if (x->replay_maxdiff && 809 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) && 810 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) { 811 if (x->xflags & XFRM_TIME_DEFER) 812 event = XFRM_REPLAY_TIMEOUT; 813 else 814 return; 815 } 816 817 break; 818 819 case XFRM_REPLAY_TIMEOUT: 820 if ((x->replay.seq == x->preplay.seq) && 821 (x->replay.bitmap == x->preplay.bitmap) && 822 (x->replay.oseq == x->preplay.oseq)) { 823 x->xflags |= XFRM_TIME_DEFER; 824 return; 825 } 826 827 break; 828 } 829 830 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state)); 831 c.event = XFRM_MSG_NEWAE; 832 c.data.aevent = event; 833 km_state_notify(x, &c); 834 835 if (x->replay_maxage && 836 !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) { 837 xfrm_state_hold(x); 838 x->xflags &= ~XFRM_TIME_DEFER; 839 } 840 } 841 EXPORT_SYMBOL(xfrm_replay_notify); 842 843 static void xfrm_replay_timer_handler(unsigned long data) 844 { 845 struct xfrm_state *x = (struct xfrm_state*)data; 846 847 spin_lock(&x->lock); 848 849 if (x->km.state == XFRM_STATE_VALID) { 850 if (xfrm_aevent_is_on()) 851 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT); 852 else 853 x->xflags |= XFRM_TIME_DEFER; 854 } 855 856 spin_unlock(&x->lock); 857 xfrm_state_put(x); 858 } 859 860 int xfrm_replay_check(struct xfrm_state *x, u32 seq) 861 { 862 u32 diff; 863 864 seq = ntohl(seq); 865 866 if (unlikely(seq == 0)) 867 return -EINVAL; 868 869 if (likely(seq > x->replay.seq)) 870 return 0; 871 872 diff = x->replay.seq - seq; 873 if (diff >= x->props.replay_window) { 874 x->stats.replay_window++; 875 return -EINVAL; 876 } 877 878 if (x->replay.bitmap & (1U << diff)) { 879 x->stats.replay++; 880 return -EINVAL; 881 } 882 return 0; 883 } 884 EXPORT_SYMBOL(xfrm_replay_check); 885 886 void xfrm_replay_advance(struct xfrm_state *x, u32 seq) 887 { 888 u32 diff; 889 890 seq = ntohl(seq); 891 892 if (seq > x->replay.seq) { 893 diff = seq - x->replay.seq; 894 if (diff < x->props.replay_window) 895 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1; 896 else 897 x->replay.bitmap = 1; 898 x->replay.seq = seq; 899 } else { 900 diff = x->replay.seq - seq; 901 x->replay.bitmap |= (1U << diff); 902 } 903 904 if (xfrm_aevent_is_on()) 905 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); 906 } 907 EXPORT_SYMBOL(xfrm_replay_advance); 908 909 static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list); 910 static DEFINE_RWLOCK(xfrm_km_lock); 911 912 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 913 { 914 struct xfrm_mgr *km; 915 916 read_lock(&xfrm_km_lock); 917 list_for_each_entry(km, &xfrm_km_list, list) 918 if (km->notify_policy) 919 km->notify_policy(xp, dir, c); 920 read_unlock(&xfrm_km_lock); 921 } 922 923 void km_state_notify(struct xfrm_state *x, struct km_event *c) 924 { 925 struct xfrm_mgr *km; 926 read_lock(&xfrm_km_lock); 927 list_for_each_entry(km, &xfrm_km_list, list) 928 if (km->notify) 929 km->notify(x, c); 930 read_unlock(&xfrm_km_lock); 931 } 932 933 EXPORT_SYMBOL(km_policy_notify); 934 EXPORT_SYMBOL(km_state_notify); 935 936 void km_state_expired(struct xfrm_state *x, int hard, u32 pid) 937 { 938 struct km_event c; 939 940 c.data.hard = hard; 941 c.pid = pid; 942 c.event = XFRM_MSG_EXPIRE; 943 km_state_notify(x, &c); 944 945 if (hard) 946 wake_up(&km_waitq); 947 } 948 949 EXPORT_SYMBOL(km_state_expired); 950 /* 951 * We send to all registered managers regardless of failure 952 * We are happy with one success 953 */ 954 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol) 955 { 956 int err = -EINVAL, acqret; 957 struct xfrm_mgr *km; 958 959 read_lock(&xfrm_km_lock); 960 list_for_each_entry(km, &xfrm_km_list, list) { 961 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT); 962 if (!acqret) 963 err = acqret; 964 } 965 read_unlock(&xfrm_km_lock); 966 return err; 967 } 968 EXPORT_SYMBOL(km_query); 969 970 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport) 971 { 972 int err = -EINVAL; 973 struct xfrm_mgr *km; 974 975 read_lock(&xfrm_km_lock); 976 list_for_each_entry(km, &xfrm_km_list, list) { 977 if (km->new_mapping) 978 err = km->new_mapping(x, ipaddr, sport); 979 if (!err) 980 break; 981 } 982 read_unlock(&xfrm_km_lock); 983 return err; 984 } 985 EXPORT_SYMBOL(km_new_mapping); 986 987 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid) 988 { 989 struct km_event c; 990 991 c.data.hard = hard; 992 c.pid = pid; 993 c.event = XFRM_MSG_POLEXPIRE; 994 km_policy_notify(pol, dir, &c); 995 996 if (hard) 997 wake_up(&km_waitq); 998 } 999 EXPORT_SYMBOL(km_policy_expired); 1000 1001 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen) 1002 { 1003 int err; 1004 u8 *data; 1005 struct xfrm_mgr *km; 1006 struct xfrm_policy *pol = NULL; 1007 1008 if (optlen <= 0 || optlen > PAGE_SIZE) 1009 return -EMSGSIZE; 1010 1011 data = kmalloc(optlen, GFP_KERNEL); 1012 if (!data) 1013 return -ENOMEM; 1014 1015 err = -EFAULT; 1016 if (copy_from_user(data, optval, optlen)) 1017 goto out; 1018 1019 err = -EINVAL; 1020 read_lock(&xfrm_km_lock); 1021 list_for_each_entry(km, &xfrm_km_list, list) { 1022 pol = km->compile_policy(sk->sk_family, optname, data, 1023 optlen, &err); 1024 if (err >= 0) 1025 break; 1026 } 1027 read_unlock(&xfrm_km_lock); 1028 1029 if (err >= 0) { 1030 xfrm_sk_policy_insert(sk, err, pol); 1031 xfrm_pol_put(pol); 1032 err = 0; 1033 } 1034 1035 out: 1036 kfree(data); 1037 return err; 1038 } 1039 EXPORT_SYMBOL(xfrm_user_policy); 1040 1041 int xfrm_register_km(struct xfrm_mgr *km) 1042 { 1043 write_lock_bh(&xfrm_km_lock); 1044 list_add_tail(&km->list, &xfrm_km_list); 1045 write_unlock_bh(&xfrm_km_lock); 1046 return 0; 1047 } 1048 EXPORT_SYMBOL(xfrm_register_km); 1049 1050 int xfrm_unregister_km(struct xfrm_mgr *km) 1051 { 1052 write_lock_bh(&xfrm_km_lock); 1053 list_del(&km->list); 1054 write_unlock_bh(&xfrm_km_lock); 1055 return 0; 1056 } 1057 EXPORT_SYMBOL(xfrm_unregister_km); 1058 1059 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo) 1060 { 1061 int err = 0; 1062 if (unlikely(afinfo == NULL)) 1063 return -EINVAL; 1064 if (unlikely(afinfo->family >= NPROTO)) 1065 return -EAFNOSUPPORT; 1066 write_lock_bh(&xfrm_state_afinfo_lock); 1067 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL)) 1068 err = -ENOBUFS; 1069 else { 1070 afinfo->state_bydst = xfrm_state_bydst; 1071 afinfo->state_byspi = xfrm_state_byspi; 1072 xfrm_state_afinfo[afinfo->family] = afinfo; 1073 } 1074 write_unlock_bh(&xfrm_state_afinfo_lock); 1075 return err; 1076 } 1077 EXPORT_SYMBOL(xfrm_state_register_afinfo); 1078 1079 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo) 1080 { 1081 int err = 0; 1082 if (unlikely(afinfo == NULL)) 1083 return -EINVAL; 1084 if (unlikely(afinfo->family >= NPROTO)) 1085 return -EAFNOSUPPORT; 1086 write_lock_bh(&xfrm_state_afinfo_lock); 1087 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) { 1088 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo)) 1089 err = -EINVAL; 1090 else { 1091 xfrm_state_afinfo[afinfo->family] = NULL; 1092 afinfo->state_byspi = NULL; 1093 afinfo->state_bydst = NULL; 1094 } 1095 } 1096 write_unlock_bh(&xfrm_state_afinfo_lock); 1097 return err; 1098 } 1099 EXPORT_SYMBOL(xfrm_state_unregister_afinfo); 1100 1101 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family) 1102 { 1103 struct xfrm_state_afinfo *afinfo; 1104 if (unlikely(family >= NPROTO)) 1105 return NULL; 1106 read_lock(&xfrm_state_afinfo_lock); 1107 afinfo = xfrm_state_afinfo[family]; 1108 if (unlikely(!afinfo)) 1109 read_unlock(&xfrm_state_afinfo_lock); 1110 return afinfo; 1111 } 1112 1113 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo) 1114 { 1115 read_unlock(&xfrm_state_afinfo_lock); 1116 } 1117 1118 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */ 1119 void xfrm_state_delete_tunnel(struct xfrm_state *x) 1120 { 1121 if (x->tunnel) { 1122 struct xfrm_state *t = x->tunnel; 1123 1124 if (atomic_read(&t->tunnel_users) == 2) 1125 xfrm_state_delete(t); 1126 atomic_dec(&t->tunnel_users); 1127 xfrm_state_put(t); 1128 x->tunnel = NULL; 1129 } 1130 } 1131 EXPORT_SYMBOL(xfrm_state_delete_tunnel); 1132 1133 /* 1134 * This function is NOT optimal. For example, with ESP it will give an 1135 * MTU that's usually two bytes short of being optimal. However, it will 1136 * usually give an answer that's a multiple of 4 provided the input is 1137 * also a multiple of 4. 1138 */ 1139 int xfrm_state_mtu(struct xfrm_state *x, int mtu) 1140 { 1141 int res = mtu; 1142 1143 res -= x->props.header_len; 1144 1145 for (;;) { 1146 int m = res; 1147 1148 if (m < 68) 1149 return 68; 1150 1151 spin_lock_bh(&x->lock); 1152 if (x->km.state == XFRM_STATE_VALID && 1153 x->type && x->type->get_max_size) 1154 m = x->type->get_max_size(x, m); 1155 else 1156 m += x->props.header_len; 1157 spin_unlock_bh(&x->lock); 1158 1159 if (m <= mtu) 1160 break; 1161 res -= (m - mtu); 1162 } 1163 1164 return res; 1165 } 1166 1167 int xfrm_init_state(struct xfrm_state *x) 1168 { 1169 struct xfrm_state_afinfo *afinfo; 1170 int family = x->props.family; 1171 int err; 1172 1173 err = -EAFNOSUPPORT; 1174 afinfo = xfrm_state_get_afinfo(family); 1175 if (!afinfo) 1176 goto error; 1177 1178 err = 0; 1179 if (afinfo->init_flags) 1180 err = afinfo->init_flags(x); 1181 1182 xfrm_state_put_afinfo(afinfo); 1183 1184 if (err) 1185 goto error; 1186 1187 err = -EPROTONOSUPPORT; 1188 x->type = xfrm_get_type(x->id.proto, family); 1189 if (x->type == NULL) 1190 goto error; 1191 1192 err = x->type->init_state(x); 1193 if (err) 1194 goto error; 1195 1196 x->mode = xfrm_get_mode(x->props.mode, family); 1197 if (x->mode == NULL) 1198 goto error; 1199 1200 x->km.state = XFRM_STATE_VALID; 1201 1202 error: 1203 return err; 1204 } 1205 1206 EXPORT_SYMBOL(xfrm_init_state); 1207 1208 void __init xfrm_state_init(void) 1209 { 1210 int i; 1211 1212 for (i=0; i<XFRM_DST_HSIZE; i++) { 1213 INIT_LIST_HEAD(&xfrm_state_bydst[i]); 1214 INIT_LIST_HEAD(&xfrm_state_byspi[i]); 1215 } 1216 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task, NULL); 1217 } 1218 1219