1 /* 2 * xfrm_state.c 3 * 4 * Changes: 5 * Mitsuru KANDA @USAGI 6 * Kazunori MIYAZAWA @USAGI 7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 8 * IPv6 support 9 * YOSHIFUJI Hideaki @USAGI 10 * Split up af-specific functions 11 * Derek Atkins <derek@ihtfp.com> 12 * Add UDP Encapsulation 13 * 14 */ 15 16 #include <linux/workqueue.h> 17 #include <net/xfrm.h> 18 #include <linux/pfkeyv2.h> 19 #include <linux/ipsec.h> 20 #include <linux/module.h> 21 #include <asm/uaccess.h> 22 23 /* Each xfrm_state may be linked to two tables: 24 25 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl) 26 2. Hash table by daddr to find what SAs exist for given 27 destination/tunnel endpoint. (output) 28 */ 29 30 static DEFINE_SPINLOCK(xfrm_state_lock); 31 32 /* Hash table to find appropriate SA towards given target (endpoint 33 * of tunnel or destination of transport mode) allowed by selector. 34 * 35 * Main use is finding SA after policy selected tunnel or transport mode. 36 * Also, it can be used by ah/esp icmp error handler to find offending SA. 37 */ 38 static struct list_head xfrm_state_bydst[XFRM_DST_HSIZE]; 39 static struct list_head xfrm_state_byspi[XFRM_DST_HSIZE]; 40 41 DECLARE_WAIT_QUEUE_HEAD(km_waitq); 42 EXPORT_SYMBOL(km_waitq); 43 44 static DEFINE_RWLOCK(xfrm_state_afinfo_lock); 45 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO]; 46 47 static struct work_struct xfrm_state_gc_work; 48 static struct list_head xfrm_state_gc_list = LIST_HEAD_INIT(xfrm_state_gc_list); 49 static DEFINE_SPINLOCK(xfrm_state_gc_lock); 50 51 static int xfrm_state_gc_flush_bundles; 52 53 static int __xfrm_state_delete(struct xfrm_state *x); 54 55 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family); 56 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo); 57 58 static int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); 59 static void km_state_expired(struct xfrm_state *x, int hard); 60 61 static void xfrm_state_gc_destroy(struct xfrm_state *x) 62 { 63 if (del_timer(&x->timer)) 64 BUG(); 65 if (x->aalg) 66 kfree(x->aalg); 67 if (x->ealg) 68 kfree(x->ealg); 69 if (x->calg) 70 kfree(x->calg); 71 if (x->encap) 72 kfree(x->encap); 73 if (x->type) { 74 x->type->destructor(x); 75 xfrm_put_type(x->type); 76 } 77 kfree(x); 78 } 79 80 static void xfrm_state_gc_task(void *data) 81 { 82 struct xfrm_state *x; 83 struct list_head *entry, *tmp; 84 struct list_head gc_list = LIST_HEAD_INIT(gc_list); 85 86 if (xfrm_state_gc_flush_bundles) { 87 xfrm_state_gc_flush_bundles = 0; 88 xfrm_flush_bundles(); 89 } 90 91 spin_lock_bh(&xfrm_state_gc_lock); 92 list_splice_init(&xfrm_state_gc_list, &gc_list); 93 spin_unlock_bh(&xfrm_state_gc_lock); 94 95 list_for_each_safe(entry, tmp, &gc_list) { 96 x = list_entry(entry, struct xfrm_state, bydst); 97 xfrm_state_gc_destroy(x); 98 } 99 wake_up(&km_waitq); 100 } 101 102 static inline unsigned long make_jiffies(long secs) 103 { 104 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ) 105 return MAX_SCHEDULE_TIMEOUT-1; 106 else 107 return secs*HZ; 108 } 109 110 static void xfrm_timer_handler(unsigned long data) 111 { 112 struct xfrm_state *x = (struct xfrm_state*)data; 113 unsigned long now = (unsigned long)xtime.tv_sec; 114 long next = LONG_MAX; 115 int warn = 0; 116 117 spin_lock(&x->lock); 118 if (x->km.state == XFRM_STATE_DEAD) 119 goto out; 120 if (x->km.state == XFRM_STATE_EXPIRED) 121 goto expired; 122 if (x->lft.hard_add_expires_seconds) { 123 long tmo = x->lft.hard_add_expires_seconds + 124 x->curlft.add_time - now; 125 if (tmo <= 0) 126 goto expired; 127 if (tmo < next) 128 next = tmo; 129 } 130 if (x->lft.hard_use_expires_seconds) { 131 long tmo = x->lft.hard_use_expires_seconds + 132 (x->curlft.use_time ? : now) - now; 133 if (tmo <= 0) 134 goto expired; 135 if (tmo < next) 136 next = tmo; 137 } 138 if (x->km.dying) 139 goto resched; 140 if (x->lft.soft_add_expires_seconds) { 141 long tmo = x->lft.soft_add_expires_seconds + 142 x->curlft.add_time - now; 143 if (tmo <= 0) 144 warn = 1; 145 else if (tmo < next) 146 next = tmo; 147 } 148 if (x->lft.soft_use_expires_seconds) { 149 long tmo = x->lft.soft_use_expires_seconds + 150 (x->curlft.use_time ? : now) - now; 151 if (tmo <= 0) 152 warn = 1; 153 else if (tmo < next) 154 next = tmo; 155 } 156 157 x->km.dying = warn; 158 if (warn) 159 km_state_expired(x, 0); 160 resched: 161 if (next != LONG_MAX && 162 !mod_timer(&x->timer, jiffies + make_jiffies(next))) 163 xfrm_state_hold(x); 164 goto out; 165 166 expired: 167 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) { 168 x->km.state = XFRM_STATE_EXPIRED; 169 wake_up(&km_waitq); 170 next = 2; 171 goto resched; 172 } 173 if (!__xfrm_state_delete(x) && x->id.spi) 174 km_state_expired(x, 1); 175 176 out: 177 spin_unlock(&x->lock); 178 xfrm_state_put(x); 179 } 180 181 struct xfrm_state *xfrm_state_alloc(void) 182 { 183 struct xfrm_state *x; 184 185 x = kmalloc(sizeof(struct xfrm_state), GFP_ATOMIC); 186 187 if (x) { 188 memset(x, 0, sizeof(struct xfrm_state)); 189 atomic_set(&x->refcnt, 1); 190 atomic_set(&x->tunnel_users, 0); 191 INIT_LIST_HEAD(&x->bydst); 192 INIT_LIST_HEAD(&x->byspi); 193 init_timer(&x->timer); 194 x->timer.function = xfrm_timer_handler; 195 x->timer.data = (unsigned long)x; 196 x->curlft.add_time = (unsigned long)xtime.tv_sec; 197 x->lft.soft_byte_limit = XFRM_INF; 198 x->lft.soft_packet_limit = XFRM_INF; 199 x->lft.hard_byte_limit = XFRM_INF; 200 x->lft.hard_packet_limit = XFRM_INF; 201 spin_lock_init(&x->lock); 202 } 203 return x; 204 } 205 EXPORT_SYMBOL(xfrm_state_alloc); 206 207 void __xfrm_state_destroy(struct xfrm_state *x) 208 { 209 BUG_TRAP(x->km.state == XFRM_STATE_DEAD); 210 211 spin_lock_bh(&xfrm_state_gc_lock); 212 list_add(&x->bydst, &xfrm_state_gc_list); 213 spin_unlock_bh(&xfrm_state_gc_lock); 214 schedule_work(&xfrm_state_gc_work); 215 } 216 EXPORT_SYMBOL(__xfrm_state_destroy); 217 218 static int __xfrm_state_delete(struct xfrm_state *x) 219 { 220 int err = -ESRCH; 221 222 if (x->km.state != XFRM_STATE_DEAD) { 223 x->km.state = XFRM_STATE_DEAD; 224 spin_lock(&xfrm_state_lock); 225 list_del(&x->bydst); 226 atomic_dec(&x->refcnt); 227 if (x->id.spi) { 228 list_del(&x->byspi); 229 atomic_dec(&x->refcnt); 230 } 231 spin_unlock(&xfrm_state_lock); 232 if (del_timer(&x->timer)) 233 atomic_dec(&x->refcnt); 234 235 /* The number two in this test is the reference 236 * mentioned in the comment below plus the reference 237 * our caller holds. A larger value means that 238 * there are DSTs attached to this xfrm_state. 239 */ 240 if (atomic_read(&x->refcnt) > 2) { 241 xfrm_state_gc_flush_bundles = 1; 242 schedule_work(&xfrm_state_gc_work); 243 } 244 245 /* All xfrm_state objects are created by xfrm_state_alloc. 246 * The xfrm_state_alloc call gives a reference, and that 247 * is what we are dropping here. 248 */ 249 atomic_dec(&x->refcnt); 250 err = 0; 251 } 252 253 return err; 254 } 255 256 int xfrm_state_delete(struct xfrm_state *x) 257 { 258 int err; 259 260 spin_lock_bh(&x->lock); 261 err = __xfrm_state_delete(x); 262 spin_unlock_bh(&x->lock); 263 264 return err; 265 } 266 EXPORT_SYMBOL(xfrm_state_delete); 267 268 void xfrm_state_flush(u8 proto) 269 { 270 int i; 271 struct xfrm_state *x; 272 273 spin_lock_bh(&xfrm_state_lock); 274 for (i = 0; i < XFRM_DST_HSIZE; i++) { 275 restart: 276 list_for_each_entry(x, xfrm_state_bydst+i, bydst) { 277 if (!xfrm_state_kern(x) && 278 (proto == IPSEC_PROTO_ANY || x->id.proto == proto)) { 279 xfrm_state_hold(x); 280 spin_unlock_bh(&xfrm_state_lock); 281 282 xfrm_state_delete(x); 283 xfrm_state_put(x); 284 285 spin_lock_bh(&xfrm_state_lock); 286 goto restart; 287 } 288 } 289 } 290 spin_unlock_bh(&xfrm_state_lock); 291 wake_up(&km_waitq); 292 } 293 EXPORT_SYMBOL(xfrm_state_flush); 294 295 static int 296 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl, 297 struct xfrm_tmpl *tmpl, 298 xfrm_address_t *daddr, xfrm_address_t *saddr, 299 unsigned short family) 300 { 301 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 302 if (!afinfo) 303 return -1; 304 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr); 305 xfrm_state_put_afinfo(afinfo); 306 return 0; 307 } 308 309 struct xfrm_state * 310 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 311 struct flowi *fl, struct xfrm_tmpl *tmpl, 312 struct xfrm_policy *pol, int *err, 313 unsigned short family) 314 { 315 unsigned h = xfrm_dst_hash(daddr, family); 316 struct xfrm_state *x, *x0; 317 int acquire_in_progress = 0; 318 int error = 0; 319 struct xfrm_state *best = NULL; 320 struct xfrm_state_afinfo *afinfo; 321 322 afinfo = xfrm_state_get_afinfo(family); 323 if (afinfo == NULL) { 324 *err = -EAFNOSUPPORT; 325 return NULL; 326 } 327 328 spin_lock_bh(&xfrm_state_lock); 329 list_for_each_entry(x, xfrm_state_bydst+h, bydst) { 330 if (x->props.family == family && 331 x->props.reqid == tmpl->reqid && 332 xfrm_state_addr_check(x, daddr, saddr, family) && 333 tmpl->mode == x->props.mode && 334 tmpl->id.proto == x->id.proto && 335 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) { 336 /* Resolution logic: 337 1. There is a valid state with matching selector. 338 Done. 339 2. Valid state with inappropriate selector. Skip. 340 341 Entering area of "sysdeps". 342 343 3. If state is not valid, selector is temporary, 344 it selects only session which triggered 345 previous resolution. Key manager will do 346 something to install a state with proper 347 selector. 348 */ 349 if (x->km.state == XFRM_STATE_VALID) { 350 if (!xfrm_selector_match(&x->sel, fl, family)) 351 continue; 352 if (!best || 353 best->km.dying > x->km.dying || 354 (best->km.dying == x->km.dying && 355 best->curlft.add_time < x->curlft.add_time)) 356 best = x; 357 } else if (x->km.state == XFRM_STATE_ACQ) { 358 acquire_in_progress = 1; 359 } else if (x->km.state == XFRM_STATE_ERROR || 360 x->km.state == XFRM_STATE_EXPIRED) { 361 if (xfrm_selector_match(&x->sel, fl, family)) 362 error = -ESRCH; 363 } 364 } 365 } 366 367 x = best; 368 if (!x && !error && !acquire_in_progress) { 369 if (tmpl->id.spi && 370 (x0 = afinfo->state_lookup(daddr, tmpl->id.spi, 371 tmpl->id.proto)) != NULL) { 372 xfrm_state_put(x0); 373 error = -EEXIST; 374 goto out; 375 } 376 x = xfrm_state_alloc(); 377 if (x == NULL) { 378 error = -ENOMEM; 379 goto out; 380 } 381 /* Initialize temporary selector matching only 382 * to current session. */ 383 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family); 384 385 if (km_query(x, tmpl, pol) == 0) { 386 x->km.state = XFRM_STATE_ACQ; 387 list_add_tail(&x->bydst, xfrm_state_bydst+h); 388 xfrm_state_hold(x); 389 if (x->id.spi) { 390 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family); 391 list_add(&x->byspi, xfrm_state_byspi+h); 392 xfrm_state_hold(x); 393 } 394 x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES; 395 xfrm_state_hold(x); 396 x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ; 397 add_timer(&x->timer); 398 } else { 399 x->km.state = XFRM_STATE_DEAD; 400 xfrm_state_put(x); 401 x = NULL; 402 error = -ESRCH; 403 } 404 } 405 out: 406 if (x) 407 xfrm_state_hold(x); 408 else 409 *err = acquire_in_progress ? -EAGAIN : error; 410 spin_unlock_bh(&xfrm_state_lock); 411 xfrm_state_put_afinfo(afinfo); 412 return x; 413 } 414 415 static void __xfrm_state_insert(struct xfrm_state *x) 416 { 417 unsigned h = xfrm_dst_hash(&x->id.daddr, x->props.family); 418 419 list_add(&x->bydst, xfrm_state_bydst+h); 420 xfrm_state_hold(x); 421 422 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family); 423 424 list_add(&x->byspi, xfrm_state_byspi+h); 425 xfrm_state_hold(x); 426 427 if (!mod_timer(&x->timer, jiffies + HZ)) 428 xfrm_state_hold(x); 429 430 wake_up(&km_waitq); 431 } 432 433 void xfrm_state_insert(struct xfrm_state *x) 434 { 435 spin_lock_bh(&xfrm_state_lock); 436 __xfrm_state_insert(x); 437 spin_unlock_bh(&xfrm_state_lock); 438 } 439 EXPORT_SYMBOL(xfrm_state_insert); 440 441 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq); 442 443 int xfrm_state_add(struct xfrm_state *x) 444 { 445 struct xfrm_state_afinfo *afinfo; 446 struct xfrm_state *x1; 447 int family; 448 int err; 449 450 family = x->props.family; 451 afinfo = xfrm_state_get_afinfo(family); 452 if (unlikely(afinfo == NULL)) 453 return -EAFNOSUPPORT; 454 455 spin_lock_bh(&xfrm_state_lock); 456 457 x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto); 458 if (x1) { 459 xfrm_state_put(x1); 460 x1 = NULL; 461 err = -EEXIST; 462 goto out; 463 } 464 465 if (x->km.seq) { 466 x1 = __xfrm_find_acq_byseq(x->km.seq); 467 if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) { 468 xfrm_state_put(x1); 469 x1 = NULL; 470 } 471 } 472 473 if (!x1) 474 x1 = afinfo->find_acq( 475 x->props.mode, x->props.reqid, x->id.proto, 476 &x->id.daddr, &x->props.saddr, 0); 477 478 __xfrm_state_insert(x); 479 err = 0; 480 481 out: 482 spin_unlock_bh(&xfrm_state_lock); 483 xfrm_state_put_afinfo(afinfo); 484 485 if (x1) { 486 xfrm_state_delete(x1); 487 xfrm_state_put(x1); 488 } 489 490 return err; 491 } 492 EXPORT_SYMBOL(xfrm_state_add); 493 494 int xfrm_state_update(struct xfrm_state *x) 495 { 496 struct xfrm_state_afinfo *afinfo; 497 struct xfrm_state *x1; 498 int err; 499 500 afinfo = xfrm_state_get_afinfo(x->props.family); 501 if (unlikely(afinfo == NULL)) 502 return -EAFNOSUPPORT; 503 504 spin_lock_bh(&xfrm_state_lock); 505 x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto); 506 507 err = -ESRCH; 508 if (!x1) 509 goto out; 510 511 if (xfrm_state_kern(x1)) { 512 xfrm_state_put(x1); 513 err = -EEXIST; 514 goto out; 515 } 516 517 if (x1->km.state == XFRM_STATE_ACQ) { 518 __xfrm_state_insert(x); 519 x = NULL; 520 } 521 err = 0; 522 523 out: 524 spin_unlock_bh(&xfrm_state_lock); 525 xfrm_state_put_afinfo(afinfo); 526 527 if (err) 528 return err; 529 530 if (!x) { 531 xfrm_state_delete(x1); 532 xfrm_state_put(x1); 533 return 0; 534 } 535 536 err = -EINVAL; 537 spin_lock_bh(&x1->lock); 538 if (likely(x1->km.state == XFRM_STATE_VALID)) { 539 if (x->encap && x1->encap) 540 memcpy(x1->encap, x->encap, sizeof(*x1->encap)); 541 memcpy(&x1->lft, &x->lft, sizeof(x1->lft)); 542 x1->km.dying = 0; 543 544 if (!mod_timer(&x1->timer, jiffies + HZ)) 545 xfrm_state_hold(x1); 546 if (x1->curlft.use_time) 547 xfrm_state_check_expire(x1); 548 549 err = 0; 550 } 551 spin_unlock_bh(&x1->lock); 552 553 xfrm_state_put(x1); 554 555 return err; 556 } 557 EXPORT_SYMBOL(xfrm_state_update); 558 559 int xfrm_state_check_expire(struct xfrm_state *x) 560 { 561 if (!x->curlft.use_time) 562 x->curlft.use_time = (unsigned long)xtime.tv_sec; 563 564 if (x->km.state != XFRM_STATE_VALID) 565 return -EINVAL; 566 567 if (x->curlft.bytes >= x->lft.hard_byte_limit || 568 x->curlft.packets >= x->lft.hard_packet_limit) { 569 x->km.state = XFRM_STATE_EXPIRED; 570 if (!mod_timer(&x->timer, jiffies)) 571 xfrm_state_hold(x); 572 return -EINVAL; 573 } 574 575 if (!x->km.dying && 576 (x->curlft.bytes >= x->lft.soft_byte_limit || 577 x->curlft.packets >= x->lft.soft_packet_limit)) { 578 x->km.dying = 1; 579 km_state_expired(x, 0); 580 } 581 return 0; 582 } 583 EXPORT_SYMBOL(xfrm_state_check_expire); 584 585 static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb) 586 { 587 int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev) 588 - skb_headroom(skb); 589 590 if (nhead > 0) 591 return pskb_expand_head(skb, nhead, 0, GFP_ATOMIC); 592 593 /* Check tail too... */ 594 return 0; 595 } 596 597 int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb) 598 { 599 int err = xfrm_state_check_expire(x); 600 if (err < 0) 601 goto err; 602 err = xfrm_state_check_space(x, skb); 603 err: 604 return err; 605 } 606 EXPORT_SYMBOL(xfrm_state_check); 607 608 struct xfrm_state * 609 xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto, 610 unsigned short family) 611 { 612 struct xfrm_state *x; 613 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 614 if (!afinfo) 615 return NULL; 616 617 spin_lock_bh(&xfrm_state_lock); 618 x = afinfo->state_lookup(daddr, spi, proto); 619 spin_unlock_bh(&xfrm_state_lock); 620 xfrm_state_put_afinfo(afinfo); 621 return x; 622 } 623 EXPORT_SYMBOL(xfrm_state_lookup); 624 625 struct xfrm_state * 626 xfrm_find_acq(u8 mode, u32 reqid, u8 proto, 627 xfrm_address_t *daddr, xfrm_address_t *saddr, 628 int create, unsigned short family) 629 { 630 struct xfrm_state *x; 631 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 632 if (!afinfo) 633 return NULL; 634 635 spin_lock_bh(&xfrm_state_lock); 636 x = afinfo->find_acq(mode, reqid, proto, daddr, saddr, create); 637 spin_unlock_bh(&xfrm_state_lock); 638 xfrm_state_put_afinfo(afinfo); 639 return x; 640 } 641 EXPORT_SYMBOL(xfrm_find_acq); 642 643 /* Silly enough, but I'm lazy to build resolution list */ 644 645 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq) 646 { 647 int i; 648 struct xfrm_state *x; 649 650 for (i = 0; i < XFRM_DST_HSIZE; i++) { 651 list_for_each_entry(x, xfrm_state_bydst+i, bydst) { 652 if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) { 653 xfrm_state_hold(x); 654 return x; 655 } 656 } 657 } 658 return NULL; 659 } 660 661 struct xfrm_state *xfrm_find_acq_byseq(u32 seq) 662 { 663 struct xfrm_state *x; 664 665 spin_lock_bh(&xfrm_state_lock); 666 x = __xfrm_find_acq_byseq(seq); 667 spin_unlock_bh(&xfrm_state_lock); 668 return x; 669 } 670 EXPORT_SYMBOL(xfrm_find_acq_byseq); 671 672 u32 xfrm_get_acqseq(void) 673 { 674 u32 res; 675 static u32 acqseq; 676 static DEFINE_SPINLOCK(acqseq_lock); 677 678 spin_lock_bh(&acqseq_lock); 679 res = (++acqseq ? : ++acqseq); 680 spin_unlock_bh(&acqseq_lock); 681 return res; 682 } 683 EXPORT_SYMBOL(xfrm_get_acqseq); 684 685 void 686 xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi) 687 { 688 u32 h; 689 struct xfrm_state *x0; 690 691 if (x->id.spi) 692 return; 693 694 if (minspi == maxspi) { 695 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family); 696 if (x0) { 697 xfrm_state_put(x0); 698 return; 699 } 700 x->id.spi = minspi; 701 } else { 702 u32 spi = 0; 703 minspi = ntohl(minspi); 704 maxspi = ntohl(maxspi); 705 for (h=0; h<maxspi-minspi+1; h++) { 706 spi = minspi + net_random()%(maxspi-minspi+1); 707 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family); 708 if (x0 == NULL) { 709 x->id.spi = htonl(spi); 710 break; 711 } 712 xfrm_state_put(x0); 713 } 714 } 715 if (x->id.spi) { 716 spin_lock_bh(&xfrm_state_lock); 717 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family); 718 list_add(&x->byspi, xfrm_state_byspi+h); 719 xfrm_state_hold(x); 720 spin_unlock_bh(&xfrm_state_lock); 721 wake_up(&km_waitq); 722 } 723 } 724 EXPORT_SYMBOL(xfrm_alloc_spi); 725 726 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*), 727 void *data) 728 { 729 int i; 730 struct xfrm_state *x; 731 int count = 0; 732 int err = 0; 733 734 spin_lock_bh(&xfrm_state_lock); 735 for (i = 0; i < XFRM_DST_HSIZE; i++) { 736 list_for_each_entry(x, xfrm_state_bydst+i, bydst) { 737 if (proto == IPSEC_PROTO_ANY || x->id.proto == proto) 738 count++; 739 } 740 } 741 if (count == 0) { 742 err = -ENOENT; 743 goto out; 744 } 745 746 for (i = 0; i < XFRM_DST_HSIZE; i++) { 747 list_for_each_entry(x, xfrm_state_bydst+i, bydst) { 748 if (proto != IPSEC_PROTO_ANY && x->id.proto != proto) 749 continue; 750 err = func(x, --count, data); 751 if (err) 752 goto out; 753 } 754 } 755 out: 756 spin_unlock_bh(&xfrm_state_lock); 757 return err; 758 } 759 EXPORT_SYMBOL(xfrm_state_walk); 760 761 int xfrm_replay_check(struct xfrm_state *x, u32 seq) 762 { 763 u32 diff; 764 765 seq = ntohl(seq); 766 767 if (unlikely(seq == 0)) 768 return -EINVAL; 769 770 if (likely(seq > x->replay.seq)) 771 return 0; 772 773 diff = x->replay.seq - seq; 774 if (diff >= x->props.replay_window) { 775 x->stats.replay_window++; 776 return -EINVAL; 777 } 778 779 if (x->replay.bitmap & (1U << diff)) { 780 x->stats.replay++; 781 return -EINVAL; 782 } 783 return 0; 784 } 785 EXPORT_SYMBOL(xfrm_replay_check); 786 787 void xfrm_replay_advance(struct xfrm_state *x, u32 seq) 788 { 789 u32 diff; 790 791 seq = ntohl(seq); 792 793 if (seq > x->replay.seq) { 794 diff = seq - x->replay.seq; 795 if (diff < x->props.replay_window) 796 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1; 797 else 798 x->replay.bitmap = 1; 799 x->replay.seq = seq; 800 } else { 801 diff = x->replay.seq - seq; 802 x->replay.bitmap |= (1U << diff); 803 } 804 } 805 EXPORT_SYMBOL(xfrm_replay_advance); 806 807 static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list); 808 static DEFINE_RWLOCK(xfrm_km_lock); 809 810 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 811 { 812 struct xfrm_mgr *km; 813 814 read_lock(&xfrm_km_lock); 815 list_for_each_entry(km, &xfrm_km_list, list) 816 if (km->notify_policy) 817 km->notify_policy(xp, dir, c); 818 read_unlock(&xfrm_km_lock); 819 } 820 821 void km_state_notify(struct xfrm_state *x, struct km_event *c) 822 { 823 struct xfrm_mgr *km; 824 read_lock(&xfrm_km_lock); 825 list_for_each_entry(km, &xfrm_km_list, list) 826 if (km->notify) 827 km->notify(x, c); 828 read_unlock(&xfrm_km_lock); 829 } 830 831 EXPORT_SYMBOL(km_policy_notify); 832 EXPORT_SYMBOL(km_state_notify); 833 834 static void km_state_expired(struct xfrm_state *x, int hard) 835 { 836 struct km_event c; 837 838 c.data.hard = hard; 839 c.event = XFRM_MSG_EXPIRE; 840 km_state_notify(x, &c); 841 842 if (hard) 843 wake_up(&km_waitq); 844 } 845 846 /* 847 * We send to all registered managers regardless of failure 848 * We are happy with one success 849 */ 850 static int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol) 851 { 852 int err = -EINVAL, acqret; 853 struct xfrm_mgr *km; 854 855 read_lock(&xfrm_km_lock); 856 list_for_each_entry(km, &xfrm_km_list, list) { 857 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT); 858 if (!acqret) 859 err = acqret; 860 } 861 read_unlock(&xfrm_km_lock); 862 return err; 863 } 864 865 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport) 866 { 867 int err = -EINVAL; 868 struct xfrm_mgr *km; 869 870 read_lock(&xfrm_km_lock); 871 list_for_each_entry(km, &xfrm_km_list, list) { 872 if (km->new_mapping) 873 err = km->new_mapping(x, ipaddr, sport); 874 if (!err) 875 break; 876 } 877 read_unlock(&xfrm_km_lock); 878 return err; 879 } 880 EXPORT_SYMBOL(km_new_mapping); 881 882 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard) 883 { 884 struct km_event c; 885 886 c.data.hard = hard; 887 c.event = XFRM_MSG_POLEXPIRE; 888 km_policy_notify(pol, dir, &c); 889 890 if (hard) 891 wake_up(&km_waitq); 892 } 893 894 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen) 895 { 896 int err; 897 u8 *data; 898 struct xfrm_mgr *km; 899 struct xfrm_policy *pol = NULL; 900 901 if (optlen <= 0 || optlen > PAGE_SIZE) 902 return -EMSGSIZE; 903 904 data = kmalloc(optlen, GFP_KERNEL); 905 if (!data) 906 return -ENOMEM; 907 908 err = -EFAULT; 909 if (copy_from_user(data, optval, optlen)) 910 goto out; 911 912 err = -EINVAL; 913 read_lock(&xfrm_km_lock); 914 list_for_each_entry(km, &xfrm_km_list, list) { 915 pol = km->compile_policy(sk->sk_family, optname, data, 916 optlen, &err); 917 if (err >= 0) 918 break; 919 } 920 read_unlock(&xfrm_km_lock); 921 922 if (err >= 0) { 923 xfrm_sk_policy_insert(sk, err, pol); 924 xfrm_pol_put(pol); 925 err = 0; 926 } 927 928 out: 929 kfree(data); 930 return err; 931 } 932 EXPORT_SYMBOL(xfrm_user_policy); 933 934 int xfrm_register_km(struct xfrm_mgr *km) 935 { 936 write_lock_bh(&xfrm_km_lock); 937 list_add_tail(&km->list, &xfrm_km_list); 938 write_unlock_bh(&xfrm_km_lock); 939 return 0; 940 } 941 EXPORT_SYMBOL(xfrm_register_km); 942 943 int xfrm_unregister_km(struct xfrm_mgr *km) 944 { 945 write_lock_bh(&xfrm_km_lock); 946 list_del(&km->list); 947 write_unlock_bh(&xfrm_km_lock); 948 return 0; 949 } 950 EXPORT_SYMBOL(xfrm_unregister_km); 951 952 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo) 953 { 954 int err = 0; 955 if (unlikely(afinfo == NULL)) 956 return -EINVAL; 957 if (unlikely(afinfo->family >= NPROTO)) 958 return -EAFNOSUPPORT; 959 write_lock(&xfrm_state_afinfo_lock); 960 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL)) 961 err = -ENOBUFS; 962 else { 963 afinfo->state_bydst = xfrm_state_bydst; 964 afinfo->state_byspi = xfrm_state_byspi; 965 xfrm_state_afinfo[afinfo->family] = afinfo; 966 } 967 write_unlock(&xfrm_state_afinfo_lock); 968 return err; 969 } 970 EXPORT_SYMBOL(xfrm_state_register_afinfo); 971 972 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo) 973 { 974 int err = 0; 975 if (unlikely(afinfo == NULL)) 976 return -EINVAL; 977 if (unlikely(afinfo->family >= NPROTO)) 978 return -EAFNOSUPPORT; 979 write_lock(&xfrm_state_afinfo_lock); 980 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) { 981 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo)) 982 err = -EINVAL; 983 else { 984 xfrm_state_afinfo[afinfo->family] = NULL; 985 afinfo->state_byspi = NULL; 986 afinfo->state_bydst = NULL; 987 } 988 } 989 write_unlock(&xfrm_state_afinfo_lock); 990 return err; 991 } 992 EXPORT_SYMBOL(xfrm_state_unregister_afinfo); 993 994 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family) 995 { 996 struct xfrm_state_afinfo *afinfo; 997 if (unlikely(family >= NPROTO)) 998 return NULL; 999 read_lock(&xfrm_state_afinfo_lock); 1000 afinfo = xfrm_state_afinfo[family]; 1001 if (likely(afinfo != NULL)) 1002 read_lock(&afinfo->lock); 1003 read_unlock(&xfrm_state_afinfo_lock); 1004 return afinfo; 1005 } 1006 1007 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo) 1008 { 1009 if (unlikely(afinfo == NULL)) 1010 return; 1011 read_unlock(&afinfo->lock); 1012 } 1013 1014 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */ 1015 void xfrm_state_delete_tunnel(struct xfrm_state *x) 1016 { 1017 if (x->tunnel) { 1018 struct xfrm_state *t = x->tunnel; 1019 1020 if (atomic_read(&t->tunnel_users) == 2) 1021 xfrm_state_delete(t); 1022 atomic_dec(&t->tunnel_users); 1023 xfrm_state_put(t); 1024 x->tunnel = NULL; 1025 } 1026 } 1027 EXPORT_SYMBOL(xfrm_state_delete_tunnel); 1028 1029 int xfrm_state_mtu(struct xfrm_state *x, int mtu) 1030 { 1031 int res = mtu; 1032 1033 res -= x->props.header_len; 1034 1035 for (;;) { 1036 int m = res; 1037 1038 if (m < 68) 1039 return 68; 1040 1041 spin_lock_bh(&x->lock); 1042 if (x->km.state == XFRM_STATE_VALID && 1043 x->type && x->type->get_max_size) 1044 m = x->type->get_max_size(x, m); 1045 else 1046 m += x->props.header_len; 1047 spin_unlock_bh(&x->lock); 1048 1049 if (m <= mtu) 1050 break; 1051 res -= (m - mtu); 1052 } 1053 1054 return res; 1055 } 1056 1057 EXPORT_SYMBOL(xfrm_state_mtu); 1058 1059 int xfrm_init_state(struct xfrm_state *x) 1060 { 1061 struct xfrm_state_afinfo *afinfo; 1062 int family = x->props.family; 1063 int err; 1064 1065 err = -EAFNOSUPPORT; 1066 afinfo = xfrm_state_get_afinfo(family); 1067 if (!afinfo) 1068 goto error; 1069 1070 err = 0; 1071 if (afinfo->init_flags) 1072 err = afinfo->init_flags(x); 1073 1074 xfrm_state_put_afinfo(afinfo); 1075 1076 if (err) 1077 goto error; 1078 1079 err = -EPROTONOSUPPORT; 1080 x->type = xfrm_get_type(x->id.proto, family); 1081 if (x->type == NULL) 1082 goto error; 1083 1084 err = x->type->init_state(x); 1085 if (err) 1086 goto error; 1087 1088 x->km.state = XFRM_STATE_VALID; 1089 1090 error: 1091 return err; 1092 } 1093 1094 EXPORT_SYMBOL(xfrm_init_state); 1095 1096 void __init xfrm_state_init(void) 1097 { 1098 int i; 1099 1100 for (i=0; i<XFRM_DST_HSIZE; i++) { 1101 INIT_LIST_HEAD(&xfrm_state_bydst[i]); 1102 INIT_LIST_HEAD(&xfrm_state_byspi[i]); 1103 } 1104 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task, NULL); 1105 } 1106 1107