1 /* 2 * xfrm_state.c 3 * 4 * Changes: 5 * Mitsuru KANDA @USAGI 6 * Kazunori MIYAZAWA @USAGI 7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 8 * IPv6 support 9 * YOSHIFUJI Hideaki @USAGI 10 * Split up af-specific functions 11 * Derek Atkins <derek@ihtfp.com> 12 * Add UDP Encapsulation 13 * 14 */ 15 16 #include <linux/workqueue.h> 17 #include <net/xfrm.h> 18 #include <linux/pfkeyv2.h> 19 #include <linux/ipsec.h> 20 #include <linux/module.h> 21 #include <linux/cache.h> 22 #include <asm/uaccess.h> 23 24 #include "xfrm_hash.h" 25 26 struct sock *xfrm_nl; 27 EXPORT_SYMBOL(xfrm_nl); 28 29 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME; 30 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime); 31 32 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE; 33 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth); 34 35 u32 sysctl_xfrm_acq_expires __read_mostly = 30; 36 37 /* Each xfrm_state may be linked to two tables: 38 39 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl) 40 2. Hash table by (daddr,family,reqid) to find what SAs exist for given 41 destination/tunnel endpoint. (output) 42 */ 43 44 static DEFINE_SPINLOCK(xfrm_state_lock); 45 46 /* Hash table to find appropriate SA towards given target (endpoint 47 * of tunnel or destination of transport mode) allowed by selector. 48 * 49 * Main use is finding SA after policy selected tunnel or transport mode. 50 * Also, it can be used by ah/esp icmp error handler to find offending SA. 51 */ 52 static struct hlist_head *xfrm_state_bydst __read_mostly; 53 static struct hlist_head *xfrm_state_bysrc __read_mostly; 54 static struct hlist_head *xfrm_state_byspi __read_mostly; 55 static unsigned int xfrm_state_hmask __read_mostly; 56 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024; 57 static unsigned int xfrm_state_num; 58 static unsigned int xfrm_state_genid; 59 60 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr, 61 xfrm_address_t *saddr, 62 u32 reqid, 63 unsigned short family) 64 { 65 return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask); 66 } 67 68 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr, 69 xfrm_address_t *saddr, 70 unsigned short family) 71 { 72 return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask); 73 } 74 75 static inline unsigned int 76 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family) 77 { 78 return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask); 79 } 80 81 static void xfrm_hash_transfer(struct hlist_head *list, 82 struct hlist_head *ndsttable, 83 struct hlist_head *nsrctable, 84 struct hlist_head *nspitable, 85 unsigned int nhashmask) 86 { 87 struct hlist_node *entry, *tmp; 88 struct xfrm_state *x; 89 90 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) { 91 unsigned int h; 92 93 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr, 94 x->props.reqid, x->props.family, 95 nhashmask); 96 hlist_add_head(&x->bydst, ndsttable+h); 97 98 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr, 99 x->props.family, 100 nhashmask); 101 hlist_add_head(&x->bysrc, nsrctable+h); 102 103 if (x->id.spi) { 104 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi, 105 x->id.proto, x->props.family, 106 nhashmask); 107 hlist_add_head(&x->byspi, nspitable+h); 108 } 109 } 110 } 111 112 static unsigned long xfrm_hash_new_size(void) 113 { 114 return ((xfrm_state_hmask + 1) << 1) * 115 sizeof(struct hlist_head); 116 } 117 118 static DEFINE_MUTEX(hash_resize_mutex); 119 120 static void xfrm_hash_resize(struct work_struct *__unused) 121 { 122 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi; 123 unsigned long nsize, osize; 124 unsigned int nhashmask, ohashmask; 125 int i; 126 127 mutex_lock(&hash_resize_mutex); 128 129 nsize = xfrm_hash_new_size(); 130 ndst = xfrm_hash_alloc(nsize); 131 if (!ndst) 132 goto out_unlock; 133 nsrc = xfrm_hash_alloc(nsize); 134 if (!nsrc) { 135 xfrm_hash_free(ndst, nsize); 136 goto out_unlock; 137 } 138 nspi = xfrm_hash_alloc(nsize); 139 if (!nspi) { 140 xfrm_hash_free(ndst, nsize); 141 xfrm_hash_free(nsrc, nsize); 142 goto out_unlock; 143 } 144 145 spin_lock_bh(&xfrm_state_lock); 146 147 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U; 148 for (i = xfrm_state_hmask; i >= 0; i--) 149 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi, 150 nhashmask); 151 152 odst = xfrm_state_bydst; 153 osrc = xfrm_state_bysrc; 154 ospi = xfrm_state_byspi; 155 ohashmask = xfrm_state_hmask; 156 157 xfrm_state_bydst = ndst; 158 xfrm_state_bysrc = nsrc; 159 xfrm_state_byspi = nspi; 160 xfrm_state_hmask = nhashmask; 161 162 spin_unlock_bh(&xfrm_state_lock); 163 164 osize = (ohashmask + 1) * sizeof(struct hlist_head); 165 xfrm_hash_free(odst, osize); 166 xfrm_hash_free(osrc, osize); 167 xfrm_hash_free(ospi, osize); 168 169 out_unlock: 170 mutex_unlock(&hash_resize_mutex); 171 } 172 173 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize); 174 175 DECLARE_WAIT_QUEUE_HEAD(km_waitq); 176 EXPORT_SYMBOL(km_waitq); 177 178 static DEFINE_RWLOCK(xfrm_state_afinfo_lock); 179 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO]; 180 181 static struct work_struct xfrm_state_gc_work; 182 static HLIST_HEAD(xfrm_state_gc_list); 183 static DEFINE_SPINLOCK(xfrm_state_gc_lock); 184 185 int __xfrm_state_delete(struct xfrm_state *x); 186 187 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); 188 void km_state_expired(struct xfrm_state *x, int hard, u32 pid); 189 190 static void xfrm_state_gc_destroy(struct xfrm_state *x) 191 { 192 del_timer_sync(&x->timer); 193 del_timer_sync(&x->rtimer); 194 kfree(x->aalg); 195 kfree(x->ealg); 196 kfree(x->calg); 197 kfree(x->encap); 198 kfree(x->coaddr); 199 if (x->mode) 200 xfrm_put_mode(x->mode); 201 if (x->type) { 202 x->type->destructor(x); 203 xfrm_put_type(x->type); 204 } 205 security_xfrm_state_free(x); 206 kfree(x); 207 } 208 209 static void xfrm_state_gc_task(struct work_struct *data) 210 { 211 struct xfrm_state *x; 212 struct hlist_node *entry, *tmp; 213 struct hlist_head gc_list; 214 215 spin_lock_bh(&xfrm_state_gc_lock); 216 gc_list.first = xfrm_state_gc_list.first; 217 INIT_HLIST_HEAD(&xfrm_state_gc_list); 218 spin_unlock_bh(&xfrm_state_gc_lock); 219 220 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, bydst) 221 xfrm_state_gc_destroy(x); 222 223 wake_up(&km_waitq); 224 } 225 226 static inline unsigned long make_jiffies(long secs) 227 { 228 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ) 229 return MAX_SCHEDULE_TIMEOUT-1; 230 else 231 return secs*HZ; 232 } 233 234 static void xfrm_timer_handler(unsigned long data) 235 { 236 struct xfrm_state *x = (struct xfrm_state*)data; 237 unsigned long now = get_seconds(); 238 long next = LONG_MAX; 239 int warn = 0; 240 int err = 0; 241 242 spin_lock(&x->lock); 243 if (x->km.state == XFRM_STATE_DEAD) 244 goto out; 245 if (x->km.state == XFRM_STATE_EXPIRED) 246 goto expired; 247 if (x->lft.hard_add_expires_seconds) { 248 long tmo = x->lft.hard_add_expires_seconds + 249 x->curlft.add_time - now; 250 if (tmo <= 0) 251 goto expired; 252 if (tmo < next) 253 next = tmo; 254 } 255 if (x->lft.hard_use_expires_seconds) { 256 long tmo = x->lft.hard_use_expires_seconds + 257 (x->curlft.use_time ? : now) - now; 258 if (tmo <= 0) 259 goto expired; 260 if (tmo < next) 261 next = tmo; 262 } 263 if (x->km.dying) 264 goto resched; 265 if (x->lft.soft_add_expires_seconds) { 266 long tmo = x->lft.soft_add_expires_seconds + 267 x->curlft.add_time - now; 268 if (tmo <= 0) 269 warn = 1; 270 else if (tmo < next) 271 next = tmo; 272 } 273 if (x->lft.soft_use_expires_seconds) { 274 long tmo = x->lft.soft_use_expires_seconds + 275 (x->curlft.use_time ? : now) - now; 276 if (tmo <= 0) 277 warn = 1; 278 else if (tmo < next) 279 next = tmo; 280 } 281 282 x->km.dying = warn; 283 if (warn) 284 km_state_expired(x, 0, 0); 285 resched: 286 if (next != LONG_MAX) 287 mod_timer(&x->timer, jiffies + make_jiffies(next)); 288 289 goto out; 290 291 expired: 292 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) { 293 x->km.state = XFRM_STATE_EXPIRED; 294 wake_up(&km_waitq); 295 next = 2; 296 goto resched; 297 } 298 299 err = __xfrm_state_delete(x); 300 if (!err && x->id.spi) 301 km_state_expired(x, 1, 0); 302 303 xfrm_audit_state_delete(x, err ? 0 : 1, 304 audit_get_loginuid(current->audit_context), 0); 305 306 out: 307 spin_unlock(&x->lock); 308 } 309 310 static void xfrm_replay_timer_handler(unsigned long data); 311 312 struct xfrm_state *xfrm_state_alloc(void) 313 { 314 struct xfrm_state *x; 315 316 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC); 317 318 if (x) { 319 atomic_set(&x->refcnt, 1); 320 atomic_set(&x->tunnel_users, 0); 321 INIT_HLIST_NODE(&x->bydst); 322 INIT_HLIST_NODE(&x->bysrc); 323 INIT_HLIST_NODE(&x->byspi); 324 init_timer(&x->timer); 325 x->timer.function = xfrm_timer_handler; 326 x->timer.data = (unsigned long)x; 327 init_timer(&x->rtimer); 328 x->rtimer.function = xfrm_replay_timer_handler; 329 x->rtimer.data = (unsigned long)x; 330 x->curlft.add_time = get_seconds(); 331 x->lft.soft_byte_limit = XFRM_INF; 332 x->lft.soft_packet_limit = XFRM_INF; 333 x->lft.hard_byte_limit = XFRM_INF; 334 x->lft.hard_packet_limit = XFRM_INF; 335 x->replay_maxage = 0; 336 x->replay_maxdiff = 0; 337 spin_lock_init(&x->lock); 338 } 339 return x; 340 } 341 EXPORT_SYMBOL(xfrm_state_alloc); 342 343 void __xfrm_state_destroy(struct xfrm_state *x) 344 { 345 BUG_TRAP(x->km.state == XFRM_STATE_DEAD); 346 347 spin_lock_bh(&xfrm_state_gc_lock); 348 hlist_add_head(&x->bydst, &xfrm_state_gc_list); 349 spin_unlock_bh(&xfrm_state_gc_lock); 350 schedule_work(&xfrm_state_gc_work); 351 } 352 EXPORT_SYMBOL(__xfrm_state_destroy); 353 354 int __xfrm_state_delete(struct xfrm_state *x) 355 { 356 int err = -ESRCH; 357 358 if (x->km.state != XFRM_STATE_DEAD) { 359 x->km.state = XFRM_STATE_DEAD; 360 spin_lock(&xfrm_state_lock); 361 hlist_del(&x->bydst); 362 hlist_del(&x->bysrc); 363 if (x->id.spi) 364 hlist_del(&x->byspi); 365 xfrm_state_num--; 366 spin_unlock(&xfrm_state_lock); 367 368 /* All xfrm_state objects are created by xfrm_state_alloc. 369 * The xfrm_state_alloc call gives a reference, and that 370 * is what we are dropping here. 371 */ 372 __xfrm_state_put(x); 373 err = 0; 374 } 375 376 return err; 377 } 378 EXPORT_SYMBOL(__xfrm_state_delete); 379 380 int xfrm_state_delete(struct xfrm_state *x) 381 { 382 int err; 383 384 spin_lock_bh(&x->lock); 385 err = __xfrm_state_delete(x); 386 spin_unlock_bh(&x->lock); 387 388 return err; 389 } 390 EXPORT_SYMBOL(xfrm_state_delete); 391 392 #ifdef CONFIG_SECURITY_NETWORK_XFRM 393 static inline int 394 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info) 395 { 396 int i, err = 0; 397 398 for (i = 0; i <= xfrm_state_hmask; i++) { 399 struct hlist_node *entry; 400 struct xfrm_state *x; 401 402 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) { 403 if (xfrm_id_proto_match(x->id.proto, proto) && 404 (err = security_xfrm_state_delete(x)) != 0) { 405 xfrm_audit_state_delete(x, 0, 406 audit_info->loginuid, 407 audit_info->secid); 408 return err; 409 } 410 } 411 } 412 413 return err; 414 } 415 #else 416 static inline int 417 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info) 418 { 419 return 0; 420 } 421 #endif 422 423 int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info) 424 { 425 int i, err = 0; 426 427 spin_lock_bh(&xfrm_state_lock); 428 err = xfrm_state_flush_secctx_check(proto, audit_info); 429 if (err) 430 goto out; 431 432 for (i = 0; i <= xfrm_state_hmask; i++) { 433 struct hlist_node *entry; 434 struct xfrm_state *x; 435 restart: 436 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) { 437 if (!xfrm_state_kern(x) && 438 xfrm_id_proto_match(x->id.proto, proto)) { 439 xfrm_state_hold(x); 440 spin_unlock_bh(&xfrm_state_lock); 441 442 err = xfrm_state_delete(x); 443 xfrm_audit_state_delete(x, err ? 0 : 1, 444 audit_info->loginuid, 445 audit_info->secid); 446 xfrm_state_put(x); 447 448 spin_lock_bh(&xfrm_state_lock); 449 goto restart; 450 } 451 } 452 } 453 err = 0; 454 455 out: 456 spin_unlock_bh(&xfrm_state_lock); 457 wake_up(&km_waitq); 458 return err; 459 } 460 EXPORT_SYMBOL(xfrm_state_flush); 461 462 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si) 463 { 464 spin_lock_bh(&xfrm_state_lock); 465 si->sadcnt = xfrm_state_num; 466 si->sadhcnt = xfrm_state_hmask; 467 si->sadhmcnt = xfrm_state_hashmax; 468 spin_unlock_bh(&xfrm_state_lock); 469 } 470 EXPORT_SYMBOL(xfrm_sad_getinfo); 471 472 static int 473 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl, 474 struct xfrm_tmpl *tmpl, 475 xfrm_address_t *daddr, xfrm_address_t *saddr, 476 unsigned short family) 477 { 478 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 479 if (!afinfo) 480 return -1; 481 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr); 482 xfrm_state_put_afinfo(afinfo); 483 return 0; 484 } 485 486 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family) 487 { 488 unsigned int h = xfrm_spi_hash(daddr, spi, proto, family); 489 struct xfrm_state *x; 490 struct hlist_node *entry; 491 492 hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) { 493 if (x->props.family != family || 494 x->id.spi != spi || 495 x->id.proto != proto) 496 continue; 497 498 switch (family) { 499 case AF_INET: 500 if (x->id.daddr.a4 != daddr->a4) 501 continue; 502 break; 503 case AF_INET6: 504 if (!ipv6_addr_equal((struct in6_addr *)daddr, 505 (struct in6_addr *) 506 x->id.daddr.a6)) 507 continue; 508 break; 509 } 510 511 xfrm_state_hold(x); 512 return x; 513 } 514 515 return NULL; 516 } 517 518 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family) 519 { 520 unsigned int h = xfrm_src_hash(daddr, saddr, family); 521 struct xfrm_state *x; 522 struct hlist_node *entry; 523 524 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) { 525 if (x->props.family != family || 526 x->id.proto != proto) 527 continue; 528 529 switch (family) { 530 case AF_INET: 531 if (x->id.daddr.a4 != daddr->a4 || 532 x->props.saddr.a4 != saddr->a4) 533 continue; 534 break; 535 case AF_INET6: 536 if (!ipv6_addr_equal((struct in6_addr *)daddr, 537 (struct in6_addr *) 538 x->id.daddr.a6) || 539 !ipv6_addr_equal((struct in6_addr *)saddr, 540 (struct in6_addr *) 541 x->props.saddr.a6)) 542 continue; 543 break; 544 } 545 546 xfrm_state_hold(x); 547 return x; 548 } 549 550 return NULL; 551 } 552 553 static inline struct xfrm_state * 554 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family) 555 { 556 if (use_spi) 557 return __xfrm_state_lookup(&x->id.daddr, x->id.spi, 558 x->id.proto, family); 559 else 560 return __xfrm_state_lookup_byaddr(&x->id.daddr, 561 &x->props.saddr, 562 x->id.proto, family); 563 } 564 565 static void xfrm_hash_grow_check(int have_hash_collision) 566 { 567 if (have_hash_collision && 568 (xfrm_state_hmask + 1) < xfrm_state_hashmax && 569 xfrm_state_num > xfrm_state_hmask) 570 schedule_work(&xfrm_hash_work); 571 } 572 573 struct xfrm_state * 574 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 575 struct flowi *fl, struct xfrm_tmpl *tmpl, 576 struct xfrm_policy *pol, int *err, 577 unsigned short family) 578 { 579 unsigned int h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family); 580 struct hlist_node *entry; 581 struct xfrm_state *x, *x0; 582 int acquire_in_progress = 0; 583 int error = 0; 584 struct xfrm_state *best = NULL; 585 586 spin_lock_bh(&xfrm_state_lock); 587 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) { 588 if (x->props.family == family && 589 x->props.reqid == tmpl->reqid && 590 !(x->props.flags & XFRM_STATE_WILDRECV) && 591 xfrm_state_addr_check(x, daddr, saddr, family) && 592 tmpl->mode == x->props.mode && 593 tmpl->id.proto == x->id.proto && 594 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) { 595 /* Resolution logic: 596 1. There is a valid state with matching selector. 597 Done. 598 2. Valid state with inappropriate selector. Skip. 599 600 Entering area of "sysdeps". 601 602 3. If state is not valid, selector is temporary, 603 it selects only session which triggered 604 previous resolution. Key manager will do 605 something to install a state with proper 606 selector. 607 */ 608 if (x->km.state == XFRM_STATE_VALID) { 609 if (!xfrm_selector_match(&x->sel, fl, x->sel.family) || 610 !security_xfrm_state_pol_flow_match(x, pol, fl)) 611 continue; 612 if (!best || 613 best->km.dying > x->km.dying || 614 (best->km.dying == x->km.dying && 615 best->curlft.add_time < x->curlft.add_time)) 616 best = x; 617 } else if (x->km.state == XFRM_STATE_ACQ) { 618 acquire_in_progress = 1; 619 } else if (x->km.state == XFRM_STATE_ERROR || 620 x->km.state == XFRM_STATE_EXPIRED) { 621 if (xfrm_selector_match(&x->sel, fl, x->sel.family) && 622 security_xfrm_state_pol_flow_match(x, pol, fl)) 623 error = -ESRCH; 624 } 625 } 626 } 627 628 x = best; 629 if (!x && !error && !acquire_in_progress) { 630 if (tmpl->id.spi && 631 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi, 632 tmpl->id.proto, family)) != NULL) { 633 xfrm_state_put(x0); 634 error = -EEXIST; 635 goto out; 636 } 637 x = xfrm_state_alloc(); 638 if (x == NULL) { 639 error = -ENOMEM; 640 goto out; 641 } 642 /* Initialize temporary selector matching only 643 * to current session. */ 644 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family); 645 646 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid); 647 if (error) { 648 x->km.state = XFRM_STATE_DEAD; 649 xfrm_state_put(x); 650 x = NULL; 651 goto out; 652 } 653 654 if (km_query(x, tmpl, pol) == 0) { 655 x->km.state = XFRM_STATE_ACQ; 656 hlist_add_head(&x->bydst, xfrm_state_bydst+h); 657 h = xfrm_src_hash(daddr, saddr, family); 658 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h); 659 if (x->id.spi) { 660 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family); 661 hlist_add_head(&x->byspi, xfrm_state_byspi+h); 662 } 663 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires; 664 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ; 665 add_timer(&x->timer); 666 xfrm_state_num++; 667 xfrm_hash_grow_check(x->bydst.next != NULL); 668 } else { 669 x->km.state = XFRM_STATE_DEAD; 670 xfrm_state_put(x); 671 x = NULL; 672 error = -ESRCH; 673 } 674 } 675 out: 676 if (x) 677 xfrm_state_hold(x); 678 else 679 *err = acquire_in_progress ? -EAGAIN : error; 680 spin_unlock_bh(&xfrm_state_lock); 681 return x; 682 } 683 684 struct xfrm_state * 685 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 686 unsigned short family, u8 mode, u8 proto, u32 reqid) 687 { 688 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family); 689 struct xfrm_state *rx = NULL, *x = NULL; 690 struct hlist_node *entry; 691 692 spin_lock(&xfrm_state_lock); 693 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) { 694 if (x->props.family == family && 695 x->props.reqid == reqid && 696 !(x->props.flags & XFRM_STATE_WILDRECV) && 697 xfrm_state_addr_check(x, daddr, saddr, family) && 698 mode == x->props.mode && 699 proto == x->id.proto && 700 x->km.state == XFRM_STATE_VALID) { 701 rx = x; 702 break; 703 } 704 } 705 706 if (rx) 707 xfrm_state_hold(rx); 708 spin_unlock(&xfrm_state_lock); 709 710 711 return rx; 712 } 713 EXPORT_SYMBOL(xfrm_stateonly_find); 714 715 static void __xfrm_state_insert(struct xfrm_state *x) 716 { 717 unsigned int h; 718 719 x->genid = ++xfrm_state_genid; 720 721 h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr, 722 x->props.reqid, x->props.family); 723 hlist_add_head(&x->bydst, xfrm_state_bydst+h); 724 725 h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family); 726 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h); 727 728 if (x->id.spi) { 729 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, 730 x->props.family); 731 732 hlist_add_head(&x->byspi, xfrm_state_byspi+h); 733 } 734 735 mod_timer(&x->timer, jiffies + HZ); 736 if (x->replay_maxage) 737 mod_timer(&x->rtimer, jiffies + x->replay_maxage); 738 739 wake_up(&km_waitq); 740 741 xfrm_state_num++; 742 743 xfrm_hash_grow_check(x->bydst.next != NULL); 744 } 745 746 /* xfrm_state_lock is held */ 747 static void __xfrm_state_bump_genids(struct xfrm_state *xnew) 748 { 749 unsigned short family = xnew->props.family; 750 u32 reqid = xnew->props.reqid; 751 struct xfrm_state *x; 752 struct hlist_node *entry; 753 unsigned int h; 754 755 h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family); 756 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) { 757 if (x->props.family == family && 758 x->props.reqid == reqid && 759 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) && 760 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family)) 761 x->genid = xfrm_state_genid; 762 } 763 } 764 765 void xfrm_state_insert(struct xfrm_state *x) 766 { 767 spin_lock_bh(&xfrm_state_lock); 768 __xfrm_state_bump_genids(x); 769 __xfrm_state_insert(x); 770 spin_unlock_bh(&xfrm_state_lock); 771 } 772 EXPORT_SYMBOL(xfrm_state_insert); 773 774 /* xfrm_state_lock is held */ 775 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create) 776 { 777 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family); 778 struct hlist_node *entry; 779 struct xfrm_state *x; 780 781 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) { 782 if (x->props.reqid != reqid || 783 x->props.mode != mode || 784 x->props.family != family || 785 x->km.state != XFRM_STATE_ACQ || 786 x->id.spi != 0 || 787 x->id.proto != proto) 788 continue; 789 790 switch (family) { 791 case AF_INET: 792 if (x->id.daddr.a4 != daddr->a4 || 793 x->props.saddr.a4 != saddr->a4) 794 continue; 795 break; 796 case AF_INET6: 797 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6, 798 (struct in6_addr *)daddr) || 799 !ipv6_addr_equal((struct in6_addr *) 800 x->props.saddr.a6, 801 (struct in6_addr *)saddr)) 802 continue; 803 break; 804 } 805 806 xfrm_state_hold(x); 807 return x; 808 } 809 810 if (!create) 811 return NULL; 812 813 x = xfrm_state_alloc(); 814 if (likely(x)) { 815 switch (family) { 816 case AF_INET: 817 x->sel.daddr.a4 = daddr->a4; 818 x->sel.saddr.a4 = saddr->a4; 819 x->sel.prefixlen_d = 32; 820 x->sel.prefixlen_s = 32; 821 x->props.saddr.a4 = saddr->a4; 822 x->id.daddr.a4 = daddr->a4; 823 break; 824 825 case AF_INET6: 826 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6, 827 (struct in6_addr *)daddr); 828 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6, 829 (struct in6_addr *)saddr); 830 x->sel.prefixlen_d = 128; 831 x->sel.prefixlen_s = 128; 832 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6, 833 (struct in6_addr *)saddr); 834 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6, 835 (struct in6_addr *)daddr); 836 break; 837 } 838 839 x->km.state = XFRM_STATE_ACQ; 840 x->id.proto = proto; 841 x->props.family = family; 842 x->props.mode = mode; 843 x->props.reqid = reqid; 844 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires; 845 xfrm_state_hold(x); 846 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ; 847 add_timer(&x->timer); 848 hlist_add_head(&x->bydst, xfrm_state_bydst+h); 849 h = xfrm_src_hash(daddr, saddr, family); 850 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h); 851 852 xfrm_state_num++; 853 854 xfrm_hash_grow_check(x->bydst.next != NULL); 855 } 856 857 return x; 858 } 859 860 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq); 861 862 int xfrm_state_add(struct xfrm_state *x) 863 { 864 struct xfrm_state *x1; 865 int family; 866 int err; 867 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY); 868 869 family = x->props.family; 870 871 spin_lock_bh(&xfrm_state_lock); 872 873 x1 = __xfrm_state_locate(x, use_spi, family); 874 if (x1) { 875 xfrm_state_put(x1); 876 x1 = NULL; 877 err = -EEXIST; 878 goto out; 879 } 880 881 if (use_spi && x->km.seq) { 882 x1 = __xfrm_find_acq_byseq(x->km.seq); 883 if (x1 && ((x1->id.proto != x->id.proto) || 884 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) { 885 xfrm_state_put(x1); 886 x1 = NULL; 887 } 888 } 889 890 if (use_spi && !x1) 891 x1 = __find_acq_core(family, x->props.mode, x->props.reqid, 892 x->id.proto, 893 &x->id.daddr, &x->props.saddr, 0); 894 895 __xfrm_state_bump_genids(x); 896 __xfrm_state_insert(x); 897 err = 0; 898 899 out: 900 spin_unlock_bh(&xfrm_state_lock); 901 902 if (x1) { 903 xfrm_state_delete(x1); 904 xfrm_state_put(x1); 905 } 906 907 return err; 908 } 909 EXPORT_SYMBOL(xfrm_state_add); 910 911 #ifdef CONFIG_XFRM_MIGRATE 912 struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp) 913 { 914 int err = -ENOMEM; 915 struct xfrm_state *x = xfrm_state_alloc(); 916 if (!x) 917 goto error; 918 919 memcpy(&x->id, &orig->id, sizeof(x->id)); 920 memcpy(&x->sel, &orig->sel, sizeof(x->sel)); 921 memcpy(&x->lft, &orig->lft, sizeof(x->lft)); 922 x->props.mode = orig->props.mode; 923 x->props.replay_window = orig->props.replay_window; 924 x->props.reqid = orig->props.reqid; 925 x->props.family = orig->props.family; 926 x->props.saddr = orig->props.saddr; 927 928 if (orig->aalg) { 929 x->aalg = xfrm_algo_clone(orig->aalg); 930 if (!x->aalg) 931 goto error; 932 } 933 x->props.aalgo = orig->props.aalgo; 934 935 if (orig->ealg) { 936 x->ealg = xfrm_algo_clone(orig->ealg); 937 if (!x->ealg) 938 goto error; 939 } 940 x->props.ealgo = orig->props.ealgo; 941 942 if (orig->calg) { 943 x->calg = xfrm_algo_clone(orig->calg); 944 if (!x->calg) 945 goto error; 946 } 947 x->props.calgo = orig->props.calgo; 948 949 if (orig->encap) { 950 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL); 951 if (!x->encap) 952 goto error; 953 } 954 955 if (orig->coaddr) { 956 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr), 957 GFP_KERNEL); 958 if (!x->coaddr) 959 goto error; 960 } 961 962 err = xfrm_init_state(x); 963 if (err) 964 goto error; 965 966 x->props.flags = orig->props.flags; 967 968 x->curlft.add_time = orig->curlft.add_time; 969 x->km.state = orig->km.state; 970 x->km.seq = orig->km.seq; 971 972 return x; 973 974 error: 975 if (errp) 976 *errp = err; 977 if (x) { 978 kfree(x->aalg); 979 kfree(x->ealg); 980 kfree(x->calg); 981 kfree(x->encap); 982 kfree(x->coaddr); 983 } 984 kfree(x); 985 return NULL; 986 } 987 EXPORT_SYMBOL(xfrm_state_clone); 988 989 /* xfrm_state_lock is held */ 990 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m) 991 { 992 unsigned int h; 993 struct xfrm_state *x; 994 struct hlist_node *entry; 995 996 if (m->reqid) { 997 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr, 998 m->reqid, m->old_family); 999 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) { 1000 if (x->props.mode != m->mode || 1001 x->id.proto != m->proto) 1002 continue; 1003 if (m->reqid && x->props.reqid != m->reqid) 1004 continue; 1005 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr, 1006 m->old_family) || 1007 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr, 1008 m->old_family)) 1009 continue; 1010 xfrm_state_hold(x); 1011 return x; 1012 } 1013 } else { 1014 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr, 1015 m->old_family); 1016 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) { 1017 if (x->props.mode != m->mode || 1018 x->id.proto != m->proto) 1019 continue; 1020 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr, 1021 m->old_family) || 1022 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr, 1023 m->old_family)) 1024 continue; 1025 xfrm_state_hold(x); 1026 return x; 1027 } 1028 } 1029 1030 return NULL; 1031 } 1032 EXPORT_SYMBOL(xfrm_migrate_state_find); 1033 1034 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x, 1035 struct xfrm_migrate *m) 1036 { 1037 struct xfrm_state *xc; 1038 int err; 1039 1040 xc = xfrm_state_clone(x, &err); 1041 if (!xc) 1042 return NULL; 1043 1044 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr)); 1045 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr)); 1046 1047 /* add state */ 1048 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) { 1049 /* a care is needed when the destination address of the 1050 state is to be updated as it is a part of triplet */ 1051 xfrm_state_insert(xc); 1052 } else { 1053 if ((err = xfrm_state_add(xc)) < 0) 1054 goto error; 1055 } 1056 1057 return xc; 1058 error: 1059 kfree(xc); 1060 return NULL; 1061 } 1062 EXPORT_SYMBOL(xfrm_state_migrate); 1063 #endif 1064 1065 int xfrm_state_update(struct xfrm_state *x) 1066 { 1067 struct xfrm_state *x1; 1068 int err; 1069 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY); 1070 1071 spin_lock_bh(&xfrm_state_lock); 1072 x1 = __xfrm_state_locate(x, use_spi, x->props.family); 1073 1074 err = -ESRCH; 1075 if (!x1) 1076 goto out; 1077 1078 if (xfrm_state_kern(x1)) { 1079 xfrm_state_put(x1); 1080 err = -EEXIST; 1081 goto out; 1082 } 1083 1084 if (x1->km.state == XFRM_STATE_ACQ) { 1085 __xfrm_state_insert(x); 1086 x = NULL; 1087 } 1088 err = 0; 1089 1090 out: 1091 spin_unlock_bh(&xfrm_state_lock); 1092 1093 if (err) 1094 return err; 1095 1096 if (!x) { 1097 xfrm_state_delete(x1); 1098 xfrm_state_put(x1); 1099 return 0; 1100 } 1101 1102 err = -EINVAL; 1103 spin_lock_bh(&x1->lock); 1104 if (likely(x1->km.state == XFRM_STATE_VALID)) { 1105 if (x->encap && x1->encap) 1106 memcpy(x1->encap, x->encap, sizeof(*x1->encap)); 1107 if (x->coaddr && x1->coaddr) { 1108 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr)); 1109 } 1110 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel))) 1111 memcpy(&x1->sel, &x->sel, sizeof(x1->sel)); 1112 memcpy(&x1->lft, &x->lft, sizeof(x1->lft)); 1113 x1->km.dying = 0; 1114 1115 mod_timer(&x1->timer, jiffies + HZ); 1116 if (x1->curlft.use_time) 1117 xfrm_state_check_expire(x1); 1118 1119 err = 0; 1120 } 1121 spin_unlock_bh(&x1->lock); 1122 1123 xfrm_state_put(x1); 1124 1125 return err; 1126 } 1127 EXPORT_SYMBOL(xfrm_state_update); 1128 1129 int xfrm_state_check_expire(struct xfrm_state *x) 1130 { 1131 if (!x->curlft.use_time) 1132 x->curlft.use_time = get_seconds(); 1133 1134 if (x->km.state != XFRM_STATE_VALID) 1135 return -EINVAL; 1136 1137 if (x->curlft.bytes >= x->lft.hard_byte_limit || 1138 x->curlft.packets >= x->lft.hard_packet_limit) { 1139 x->km.state = XFRM_STATE_EXPIRED; 1140 mod_timer(&x->timer, jiffies); 1141 return -EINVAL; 1142 } 1143 1144 if (!x->km.dying && 1145 (x->curlft.bytes >= x->lft.soft_byte_limit || 1146 x->curlft.packets >= x->lft.soft_packet_limit)) { 1147 x->km.dying = 1; 1148 km_state_expired(x, 0, 0); 1149 } 1150 return 0; 1151 } 1152 EXPORT_SYMBOL(xfrm_state_check_expire); 1153 1154 struct xfrm_state * 1155 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, 1156 unsigned short family) 1157 { 1158 struct xfrm_state *x; 1159 1160 spin_lock_bh(&xfrm_state_lock); 1161 x = __xfrm_state_lookup(daddr, spi, proto, family); 1162 spin_unlock_bh(&xfrm_state_lock); 1163 return x; 1164 } 1165 EXPORT_SYMBOL(xfrm_state_lookup); 1166 1167 struct xfrm_state * 1168 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, 1169 u8 proto, unsigned short family) 1170 { 1171 struct xfrm_state *x; 1172 1173 spin_lock_bh(&xfrm_state_lock); 1174 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family); 1175 spin_unlock_bh(&xfrm_state_lock); 1176 return x; 1177 } 1178 EXPORT_SYMBOL(xfrm_state_lookup_byaddr); 1179 1180 struct xfrm_state * 1181 xfrm_find_acq(u8 mode, u32 reqid, u8 proto, 1182 xfrm_address_t *daddr, xfrm_address_t *saddr, 1183 int create, unsigned short family) 1184 { 1185 struct xfrm_state *x; 1186 1187 spin_lock_bh(&xfrm_state_lock); 1188 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create); 1189 spin_unlock_bh(&xfrm_state_lock); 1190 1191 return x; 1192 } 1193 EXPORT_SYMBOL(xfrm_find_acq); 1194 1195 #ifdef CONFIG_XFRM_SUB_POLICY 1196 int 1197 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n, 1198 unsigned short family) 1199 { 1200 int err = 0; 1201 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 1202 if (!afinfo) 1203 return -EAFNOSUPPORT; 1204 1205 spin_lock_bh(&xfrm_state_lock); 1206 if (afinfo->tmpl_sort) 1207 err = afinfo->tmpl_sort(dst, src, n); 1208 spin_unlock_bh(&xfrm_state_lock); 1209 xfrm_state_put_afinfo(afinfo); 1210 return err; 1211 } 1212 EXPORT_SYMBOL(xfrm_tmpl_sort); 1213 1214 int 1215 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n, 1216 unsigned short family) 1217 { 1218 int err = 0; 1219 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 1220 if (!afinfo) 1221 return -EAFNOSUPPORT; 1222 1223 spin_lock_bh(&xfrm_state_lock); 1224 if (afinfo->state_sort) 1225 err = afinfo->state_sort(dst, src, n); 1226 spin_unlock_bh(&xfrm_state_lock); 1227 xfrm_state_put_afinfo(afinfo); 1228 return err; 1229 } 1230 EXPORT_SYMBOL(xfrm_state_sort); 1231 #endif 1232 1233 /* Silly enough, but I'm lazy to build resolution list */ 1234 1235 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq) 1236 { 1237 int i; 1238 1239 for (i = 0; i <= xfrm_state_hmask; i++) { 1240 struct hlist_node *entry; 1241 struct xfrm_state *x; 1242 1243 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) { 1244 if (x->km.seq == seq && 1245 x->km.state == XFRM_STATE_ACQ) { 1246 xfrm_state_hold(x); 1247 return x; 1248 } 1249 } 1250 } 1251 return NULL; 1252 } 1253 1254 struct xfrm_state *xfrm_find_acq_byseq(u32 seq) 1255 { 1256 struct xfrm_state *x; 1257 1258 spin_lock_bh(&xfrm_state_lock); 1259 x = __xfrm_find_acq_byseq(seq); 1260 spin_unlock_bh(&xfrm_state_lock); 1261 return x; 1262 } 1263 EXPORT_SYMBOL(xfrm_find_acq_byseq); 1264 1265 u32 xfrm_get_acqseq(void) 1266 { 1267 u32 res; 1268 static u32 acqseq; 1269 static DEFINE_SPINLOCK(acqseq_lock); 1270 1271 spin_lock_bh(&acqseq_lock); 1272 res = (++acqseq ? : ++acqseq); 1273 spin_unlock_bh(&acqseq_lock); 1274 return res; 1275 } 1276 EXPORT_SYMBOL(xfrm_get_acqseq); 1277 1278 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high) 1279 { 1280 unsigned int h; 1281 struct xfrm_state *x0; 1282 int err = -ENOENT; 1283 __be32 minspi = htonl(low); 1284 __be32 maxspi = htonl(high); 1285 1286 spin_lock_bh(&x->lock); 1287 if (x->km.state == XFRM_STATE_DEAD) 1288 goto unlock; 1289 1290 err = 0; 1291 if (x->id.spi) 1292 goto unlock; 1293 1294 err = -ENOENT; 1295 1296 if (minspi == maxspi) { 1297 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family); 1298 if (x0) { 1299 xfrm_state_put(x0); 1300 goto unlock; 1301 } 1302 x->id.spi = minspi; 1303 } else { 1304 u32 spi = 0; 1305 for (h=0; h<high-low+1; h++) { 1306 spi = low + net_random()%(high-low+1); 1307 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family); 1308 if (x0 == NULL) { 1309 x->id.spi = htonl(spi); 1310 break; 1311 } 1312 xfrm_state_put(x0); 1313 } 1314 } 1315 if (x->id.spi) { 1316 spin_lock_bh(&xfrm_state_lock); 1317 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family); 1318 hlist_add_head(&x->byspi, xfrm_state_byspi+h); 1319 spin_unlock_bh(&xfrm_state_lock); 1320 1321 err = 0; 1322 } 1323 1324 unlock: 1325 spin_unlock_bh(&x->lock); 1326 1327 return err; 1328 } 1329 EXPORT_SYMBOL(xfrm_alloc_spi); 1330 1331 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*), 1332 void *data) 1333 { 1334 int i; 1335 struct xfrm_state *x, *last = NULL; 1336 struct hlist_node *entry; 1337 int count = 0; 1338 int err = 0; 1339 1340 spin_lock_bh(&xfrm_state_lock); 1341 for (i = 0; i <= xfrm_state_hmask; i++) { 1342 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) { 1343 if (!xfrm_id_proto_match(x->id.proto, proto)) 1344 continue; 1345 if (last) { 1346 err = func(last, count, data); 1347 if (err) 1348 goto out; 1349 } 1350 last = x; 1351 count++; 1352 } 1353 } 1354 if (count == 0) { 1355 err = -ENOENT; 1356 goto out; 1357 } 1358 err = func(last, 0, data); 1359 out: 1360 spin_unlock_bh(&xfrm_state_lock); 1361 return err; 1362 } 1363 EXPORT_SYMBOL(xfrm_state_walk); 1364 1365 1366 void xfrm_replay_notify(struct xfrm_state *x, int event) 1367 { 1368 struct km_event c; 1369 /* we send notify messages in case 1370 * 1. we updated on of the sequence numbers, and the seqno difference 1371 * is at least x->replay_maxdiff, in this case we also update the 1372 * timeout of our timer function 1373 * 2. if x->replay_maxage has elapsed since last update, 1374 * and there were changes 1375 * 1376 * The state structure must be locked! 1377 */ 1378 1379 switch (event) { 1380 case XFRM_REPLAY_UPDATE: 1381 if (x->replay_maxdiff && 1382 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) && 1383 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) { 1384 if (x->xflags & XFRM_TIME_DEFER) 1385 event = XFRM_REPLAY_TIMEOUT; 1386 else 1387 return; 1388 } 1389 1390 break; 1391 1392 case XFRM_REPLAY_TIMEOUT: 1393 if ((x->replay.seq == x->preplay.seq) && 1394 (x->replay.bitmap == x->preplay.bitmap) && 1395 (x->replay.oseq == x->preplay.oseq)) { 1396 x->xflags |= XFRM_TIME_DEFER; 1397 return; 1398 } 1399 1400 break; 1401 } 1402 1403 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state)); 1404 c.event = XFRM_MSG_NEWAE; 1405 c.data.aevent = event; 1406 km_state_notify(x, &c); 1407 1408 if (x->replay_maxage && 1409 !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) 1410 x->xflags &= ~XFRM_TIME_DEFER; 1411 } 1412 1413 static void xfrm_replay_timer_handler(unsigned long data) 1414 { 1415 struct xfrm_state *x = (struct xfrm_state*)data; 1416 1417 spin_lock(&x->lock); 1418 1419 if (x->km.state == XFRM_STATE_VALID) { 1420 if (xfrm_aevent_is_on()) 1421 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT); 1422 else 1423 x->xflags |= XFRM_TIME_DEFER; 1424 } 1425 1426 spin_unlock(&x->lock); 1427 } 1428 1429 int xfrm_replay_check(struct xfrm_state *x, __be32 net_seq) 1430 { 1431 u32 diff; 1432 u32 seq = ntohl(net_seq); 1433 1434 if (unlikely(seq == 0)) 1435 return -EINVAL; 1436 1437 if (likely(seq > x->replay.seq)) 1438 return 0; 1439 1440 diff = x->replay.seq - seq; 1441 if (diff >= min_t(unsigned int, x->props.replay_window, 1442 sizeof(x->replay.bitmap) * 8)) { 1443 x->stats.replay_window++; 1444 return -EINVAL; 1445 } 1446 1447 if (x->replay.bitmap & (1U << diff)) { 1448 x->stats.replay++; 1449 return -EINVAL; 1450 } 1451 return 0; 1452 } 1453 EXPORT_SYMBOL(xfrm_replay_check); 1454 1455 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq) 1456 { 1457 u32 diff; 1458 u32 seq = ntohl(net_seq); 1459 1460 if (seq > x->replay.seq) { 1461 diff = seq - x->replay.seq; 1462 if (diff < x->props.replay_window) 1463 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1; 1464 else 1465 x->replay.bitmap = 1; 1466 x->replay.seq = seq; 1467 } else { 1468 diff = x->replay.seq - seq; 1469 x->replay.bitmap |= (1U << diff); 1470 } 1471 1472 if (xfrm_aevent_is_on()) 1473 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); 1474 } 1475 EXPORT_SYMBOL(xfrm_replay_advance); 1476 1477 static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list); 1478 static DEFINE_RWLOCK(xfrm_km_lock); 1479 1480 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 1481 { 1482 struct xfrm_mgr *km; 1483 1484 read_lock(&xfrm_km_lock); 1485 list_for_each_entry(km, &xfrm_km_list, list) 1486 if (km->notify_policy) 1487 km->notify_policy(xp, dir, c); 1488 read_unlock(&xfrm_km_lock); 1489 } 1490 1491 void km_state_notify(struct xfrm_state *x, struct km_event *c) 1492 { 1493 struct xfrm_mgr *km; 1494 read_lock(&xfrm_km_lock); 1495 list_for_each_entry(km, &xfrm_km_list, list) 1496 if (km->notify) 1497 km->notify(x, c); 1498 read_unlock(&xfrm_km_lock); 1499 } 1500 1501 EXPORT_SYMBOL(km_policy_notify); 1502 EXPORT_SYMBOL(km_state_notify); 1503 1504 void km_state_expired(struct xfrm_state *x, int hard, u32 pid) 1505 { 1506 struct km_event c; 1507 1508 c.data.hard = hard; 1509 c.pid = pid; 1510 c.event = XFRM_MSG_EXPIRE; 1511 km_state_notify(x, &c); 1512 1513 if (hard) 1514 wake_up(&km_waitq); 1515 } 1516 1517 EXPORT_SYMBOL(km_state_expired); 1518 /* 1519 * We send to all registered managers regardless of failure 1520 * We are happy with one success 1521 */ 1522 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol) 1523 { 1524 int err = -EINVAL, acqret; 1525 struct xfrm_mgr *km; 1526 1527 read_lock(&xfrm_km_lock); 1528 list_for_each_entry(km, &xfrm_km_list, list) { 1529 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT); 1530 if (!acqret) 1531 err = acqret; 1532 } 1533 read_unlock(&xfrm_km_lock); 1534 return err; 1535 } 1536 EXPORT_SYMBOL(km_query); 1537 1538 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport) 1539 { 1540 int err = -EINVAL; 1541 struct xfrm_mgr *km; 1542 1543 read_lock(&xfrm_km_lock); 1544 list_for_each_entry(km, &xfrm_km_list, list) { 1545 if (km->new_mapping) 1546 err = km->new_mapping(x, ipaddr, sport); 1547 if (!err) 1548 break; 1549 } 1550 read_unlock(&xfrm_km_lock); 1551 return err; 1552 } 1553 EXPORT_SYMBOL(km_new_mapping); 1554 1555 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid) 1556 { 1557 struct km_event c; 1558 1559 c.data.hard = hard; 1560 c.pid = pid; 1561 c.event = XFRM_MSG_POLEXPIRE; 1562 km_policy_notify(pol, dir, &c); 1563 1564 if (hard) 1565 wake_up(&km_waitq); 1566 } 1567 EXPORT_SYMBOL(km_policy_expired); 1568 1569 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1570 struct xfrm_migrate *m, int num_migrate) 1571 { 1572 int err = -EINVAL; 1573 int ret; 1574 struct xfrm_mgr *km; 1575 1576 read_lock(&xfrm_km_lock); 1577 list_for_each_entry(km, &xfrm_km_list, list) { 1578 if (km->migrate) { 1579 ret = km->migrate(sel, dir, type, m, num_migrate); 1580 if (!ret) 1581 err = ret; 1582 } 1583 } 1584 read_unlock(&xfrm_km_lock); 1585 return err; 1586 } 1587 EXPORT_SYMBOL(km_migrate); 1588 1589 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr) 1590 { 1591 int err = -EINVAL; 1592 int ret; 1593 struct xfrm_mgr *km; 1594 1595 read_lock(&xfrm_km_lock); 1596 list_for_each_entry(km, &xfrm_km_list, list) { 1597 if (km->report) { 1598 ret = km->report(proto, sel, addr); 1599 if (!ret) 1600 err = ret; 1601 } 1602 } 1603 read_unlock(&xfrm_km_lock); 1604 return err; 1605 } 1606 EXPORT_SYMBOL(km_report); 1607 1608 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen) 1609 { 1610 int err; 1611 u8 *data; 1612 struct xfrm_mgr *km; 1613 struct xfrm_policy *pol = NULL; 1614 1615 if (optlen <= 0 || optlen > PAGE_SIZE) 1616 return -EMSGSIZE; 1617 1618 data = kmalloc(optlen, GFP_KERNEL); 1619 if (!data) 1620 return -ENOMEM; 1621 1622 err = -EFAULT; 1623 if (copy_from_user(data, optval, optlen)) 1624 goto out; 1625 1626 err = -EINVAL; 1627 read_lock(&xfrm_km_lock); 1628 list_for_each_entry(km, &xfrm_km_list, list) { 1629 pol = km->compile_policy(sk, optname, data, 1630 optlen, &err); 1631 if (err >= 0) 1632 break; 1633 } 1634 read_unlock(&xfrm_km_lock); 1635 1636 if (err >= 0) { 1637 xfrm_sk_policy_insert(sk, err, pol); 1638 xfrm_pol_put(pol); 1639 err = 0; 1640 } 1641 1642 out: 1643 kfree(data); 1644 return err; 1645 } 1646 EXPORT_SYMBOL(xfrm_user_policy); 1647 1648 int xfrm_register_km(struct xfrm_mgr *km) 1649 { 1650 write_lock_bh(&xfrm_km_lock); 1651 list_add_tail(&km->list, &xfrm_km_list); 1652 write_unlock_bh(&xfrm_km_lock); 1653 return 0; 1654 } 1655 EXPORT_SYMBOL(xfrm_register_km); 1656 1657 int xfrm_unregister_km(struct xfrm_mgr *km) 1658 { 1659 write_lock_bh(&xfrm_km_lock); 1660 list_del(&km->list); 1661 write_unlock_bh(&xfrm_km_lock); 1662 return 0; 1663 } 1664 EXPORT_SYMBOL(xfrm_unregister_km); 1665 1666 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo) 1667 { 1668 int err = 0; 1669 if (unlikely(afinfo == NULL)) 1670 return -EINVAL; 1671 if (unlikely(afinfo->family >= NPROTO)) 1672 return -EAFNOSUPPORT; 1673 write_lock_bh(&xfrm_state_afinfo_lock); 1674 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL)) 1675 err = -ENOBUFS; 1676 else 1677 xfrm_state_afinfo[afinfo->family] = afinfo; 1678 write_unlock_bh(&xfrm_state_afinfo_lock); 1679 return err; 1680 } 1681 EXPORT_SYMBOL(xfrm_state_register_afinfo); 1682 1683 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo) 1684 { 1685 int err = 0; 1686 if (unlikely(afinfo == NULL)) 1687 return -EINVAL; 1688 if (unlikely(afinfo->family >= NPROTO)) 1689 return -EAFNOSUPPORT; 1690 write_lock_bh(&xfrm_state_afinfo_lock); 1691 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) { 1692 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo)) 1693 err = -EINVAL; 1694 else 1695 xfrm_state_afinfo[afinfo->family] = NULL; 1696 } 1697 write_unlock_bh(&xfrm_state_afinfo_lock); 1698 return err; 1699 } 1700 EXPORT_SYMBOL(xfrm_state_unregister_afinfo); 1701 1702 struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family) 1703 { 1704 struct xfrm_state_afinfo *afinfo; 1705 if (unlikely(family >= NPROTO)) 1706 return NULL; 1707 read_lock(&xfrm_state_afinfo_lock); 1708 afinfo = xfrm_state_afinfo[family]; 1709 if (unlikely(!afinfo)) 1710 read_unlock(&xfrm_state_afinfo_lock); 1711 return afinfo; 1712 } 1713 1714 void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo) 1715 { 1716 read_unlock(&xfrm_state_afinfo_lock); 1717 } 1718 1719 EXPORT_SYMBOL(xfrm_state_get_afinfo); 1720 EXPORT_SYMBOL(xfrm_state_put_afinfo); 1721 1722 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */ 1723 void xfrm_state_delete_tunnel(struct xfrm_state *x) 1724 { 1725 if (x->tunnel) { 1726 struct xfrm_state *t = x->tunnel; 1727 1728 if (atomic_read(&t->tunnel_users) == 2) 1729 xfrm_state_delete(t); 1730 atomic_dec(&t->tunnel_users); 1731 xfrm_state_put(t); 1732 x->tunnel = NULL; 1733 } 1734 } 1735 EXPORT_SYMBOL(xfrm_state_delete_tunnel); 1736 1737 int xfrm_state_mtu(struct xfrm_state *x, int mtu) 1738 { 1739 int res; 1740 1741 spin_lock_bh(&x->lock); 1742 if (x->km.state == XFRM_STATE_VALID && 1743 x->type && x->type->get_mtu) 1744 res = x->type->get_mtu(x, mtu); 1745 else 1746 res = mtu - x->props.header_len; 1747 spin_unlock_bh(&x->lock); 1748 return res; 1749 } 1750 1751 int xfrm_init_state(struct xfrm_state *x) 1752 { 1753 struct xfrm_state_afinfo *afinfo; 1754 int family = x->props.family; 1755 int err; 1756 1757 err = -EAFNOSUPPORT; 1758 afinfo = xfrm_state_get_afinfo(family); 1759 if (!afinfo) 1760 goto error; 1761 1762 err = 0; 1763 if (afinfo->init_flags) 1764 err = afinfo->init_flags(x); 1765 1766 xfrm_state_put_afinfo(afinfo); 1767 1768 if (err) 1769 goto error; 1770 1771 err = -EPROTONOSUPPORT; 1772 x->type = xfrm_get_type(x->id.proto, family); 1773 if (x->type == NULL) 1774 goto error; 1775 1776 err = x->type->init_state(x); 1777 if (err) 1778 goto error; 1779 1780 x->mode = xfrm_get_mode(x->props.mode, family); 1781 if (x->mode == NULL) 1782 goto error; 1783 1784 x->km.state = XFRM_STATE_VALID; 1785 1786 error: 1787 return err; 1788 } 1789 1790 EXPORT_SYMBOL(xfrm_init_state); 1791 1792 void __init xfrm_state_init(void) 1793 { 1794 unsigned int sz; 1795 1796 sz = sizeof(struct hlist_head) * 8; 1797 1798 xfrm_state_bydst = xfrm_hash_alloc(sz); 1799 xfrm_state_bysrc = xfrm_hash_alloc(sz); 1800 xfrm_state_byspi = xfrm_hash_alloc(sz); 1801 if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi) 1802 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes."); 1803 xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1); 1804 1805 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task); 1806 } 1807 1808 #ifdef CONFIG_AUDITSYSCALL 1809 static inline void xfrm_audit_common_stateinfo(struct xfrm_state *x, 1810 struct audit_buffer *audit_buf) 1811 { 1812 if (x->security) 1813 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s", 1814 x->security->ctx_alg, x->security->ctx_doi, 1815 x->security->ctx_str); 1816 1817 switch(x->props.family) { 1818 case AF_INET: 1819 audit_log_format(audit_buf, " src=%u.%u.%u.%u dst=%u.%u.%u.%u", 1820 NIPQUAD(x->props.saddr.a4), 1821 NIPQUAD(x->id.daddr.a4)); 1822 break; 1823 case AF_INET6: 1824 { 1825 struct in6_addr saddr6, daddr6; 1826 1827 memcpy(&saddr6, x->props.saddr.a6, 1828 sizeof(struct in6_addr)); 1829 memcpy(&daddr6, x->id.daddr.a6, 1830 sizeof(struct in6_addr)); 1831 audit_log_format(audit_buf, 1832 " src=" NIP6_FMT " dst=" NIP6_FMT, 1833 NIP6(saddr6), NIP6(daddr6)); 1834 } 1835 break; 1836 } 1837 } 1838 1839 void 1840 xfrm_audit_state_add(struct xfrm_state *x, int result, u32 auid, u32 sid) 1841 { 1842 struct audit_buffer *audit_buf; 1843 extern int audit_enabled; 1844 1845 if (audit_enabled == 0) 1846 return; 1847 audit_buf = xfrm_audit_start(sid, auid); 1848 if (audit_buf == NULL) 1849 return; 1850 audit_log_format(audit_buf, " op=SAD-add res=%u",result); 1851 xfrm_audit_common_stateinfo(x, audit_buf); 1852 audit_log_format(audit_buf, " spi=%lu(0x%lx)", 1853 (unsigned long)x->id.spi, (unsigned long)x->id.spi); 1854 audit_log_end(audit_buf); 1855 } 1856 EXPORT_SYMBOL_GPL(xfrm_audit_state_add); 1857 1858 void 1859 xfrm_audit_state_delete(struct xfrm_state *x, int result, u32 auid, u32 sid) 1860 { 1861 struct audit_buffer *audit_buf; 1862 extern int audit_enabled; 1863 1864 if (audit_enabled == 0) 1865 return; 1866 audit_buf = xfrm_audit_start(sid, auid); 1867 if (audit_buf == NULL) 1868 return; 1869 audit_log_format(audit_buf, " op=SAD-delete res=%u",result); 1870 xfrm_audit_common_stateinfo(x, audit_buf); 1871 audit_log_format(audit_buf, " spi=%lu(0x%lx)", 1872 (unsigned long)x->id.spi, (unsigned long)x->id.spi); 1873 audit_log_end(audit_buf); 1874 } 1875 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete); 1876 #endif /* CONFIG_AUDITSYSCALL */ 1877