1 /* xfrm_user.c: User interface to configure xfrm engine. 2 * 3 * Copyright (C) 2002 David S. Miller (davem@redhat.com) 4 * 5 * Changes: 6 * Mitsuru KANDA @USAGI 7 * Kazunori MIYAZAWA @USAGI 8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 9 * IPv6 support 10 * 11 */ 12 13 #include <linux/module.h> 14 #include <linux/kernel.h> 15 #include <linux/types.h> 16 #include <linux/slab.h> 17 #include <linux/socket.h> 18 #include <linux/string.h> 19 #include <linux/net.h> 20 #include <linux/skbuff.h> 21 #include <linux/netlink.h> 22 #include <linux/rtnetlink.h> 23 #include <linux/pfkeyv2.h> 24 #include <linux/ipsec.h> 25 #include <linux/init.h> 26 #include <linux/security.h> 27 #include <net/sock.h> 28 #include <net/xfrm.h> 29 #include <asm/uaccess.h> 30 31 static struct sock *xfrm_nl; 32 33 static int verify_one_alg(struct rtattr **xfrma, enum xfrm_attr_type_t type) 34 { 35 struct rtattr *rt = xfrma[type - 1]; 36 struct xfrm_algo *algp; 37 int len; 38 39 if (!rt) 40 return 0; 41 42 len = (rt->rta_len - sizeof(*rt)) - sizeof(*algp); 43 if (len < 0) 44 return -EINVAL; 45 46 algp = RTA_DATA(rt); 47 48 len -= (algp->alg_key_len + 7U) / 8; 49 if (len < 0) 50 return -EINVAL; 51 52 switch (type) { 53 case XFRMA_ALG_AUTH: 54 if (!algp->alg_key_len && 55 strcmp(algp->alg_name, "digest_null") != 0) 56 return -EINVAL; 57 break; 58 59 case XFRMA_ALG_CRYPT: 60 if (!algp->alg_key_len && 61 strcmp(algp->alg_name, "cipher_null") != 0) 62 return -EINVAL; 63 break; 64 65 case XFRMA_ALG_COMP: 66 /* Zero length keys are legal. */ 67 break; 68 69 default: 70 return -EINVAL; 71 }; 72 73 algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0'; 74 return 0; 75 } 76 77 static int verify_encap_tmpl(struct rtattr **xfrma) 78 { 79 struct rtattr *rt = xfrma[XFRMA_ENCAP - 1]; 80 struct xfrm_encap_tmpl *encap; 81 82 if (!rt) 83 return 0; 84 85 if ((rt->rta_len - sizeof(*rt)) < sizeof(*encap)) 86 return -EINVAL; 87 88 return 0; 89 } 90 91 static int verify_newsa_info(struct xfrm_usersa_info *p, 92 struct rtattr **xfrma) 93 { 94 int err; 95 96 err = -EINVAL; 97 switch (p->family) { 98 case AF_INET: 99 break; 100 101 case AF_INET6: 102 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 103 break; 104 #else 105 err = -EAFNOSUPPORT; 106 goto out; 107 #endif 108 109 default: 110 goto out; 111 }; 112 113 err = -EINVAL; 114 switch (p->id.proto) { 115 case IPPROTO_AH: 116 if (!xfrma[XFRMA_ALG_AUTH-1] || 117 xfrma[XFRMA_ALG_CRYPT-1] || 118 xfrma[XFRMA_ALG_COMP-1]) 119 goto out; 120 break; 121 122 case IPPROTO_ESP: 123 if ((!xfrma[XFRMA_ALG_AUTH-1] && 124 !xfrma[XFRMA_ALG_CRYPT-1]) || 125 xfrma[XFRMA_ALG_COMP-1]) 126 goto out; 127 break; 128 129 case IPPROTO_COMP: 130 if (!xfrma[XFRMA_ALG_COMP-1] || 131 xfrma[XFRMA_ALG_AUTH-1] || 132 xfrma[XFRMA_ALG_CRYPT-1]) 133 goto out; 134 break; 135 136 default: 137 goto out; 138 }; 139 140 if ((err = verify_one_alg(xfrma, XFRMA_ALG_AUTH))) 141 goto out; 142 if ((err = verify_one_alg(xfrma, XFRMA_ALG_CRYPT))) 143 goto out; 144 if ((err = verify_one_alg(xfrma, XFRMA_ALG_COMP))) 145 goto out; 146 if ((err = verify_encap_tmpl(xfrma))) 147 goto out; 148 149 err = -EINVAL; 150 switch (p->mode) { 151 case 0: 152 case 1: 153 break; 154 155 default: 156 goto out; 157 }; 158 159 err = 0; 160 161 out: 162 return err; 163 } 164 165 static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, 166 struct xfrm_algo_desc *(*get_byname)(char *, int), 167 struct rtattr *u_arg) 168 { 169 struct rtattr *rta = u_arg; 170 struct xfrm_algo *p, *ualg; 171 struct xfrm_algo_desc *algo; 172 int len; 173 174 if (!rta) 175 return 0; 176 177 ualg = RTA_DATA(rta); 178 179 algo = get_byname(ualg->alg_name, 1); 180 if (!algo) 181 return -ENOSYS; 182 *props = algo->desc.sadb_alg_id; 183 184 len = sizeof(*ualg) + (ualg->alg_key_len + 7U) / 8; 185 p = kmalloc(len, GFP_KERNEL); 186 if (!p) 187 return -ENOMEM; 188 189 memcpy(p, ualg, len); 190 *algpp = p; 191 return 0; 192 } 193 194 static int attach_encap_tmpl(struct xfrm_encap_tmpl **encapp, struct rtattr *u_arg) 195 { 196 struct rtattr *rta = u_arg; 197 struct xfrm_encap_tmpl *p, *uencap; 198 199 if (!rta) 200 return 0; 201 202 uencap = RTA_DATA(rta); 203 p = kmalloc(sizeof(*p), GFP_KERNEL); 204 if (!p) 205 return -ENOMEM; 206 207 memcpy(p, uencap, sizeof(*p)); 208 *encapp = p; 209 return 0; 210 } 211 212 static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 213 { 214 memcpy(&x->id, &p->id, sizeof(x->id)); 215 memcpy(&x->sel, &p->sel, sizeof(x->sel)); 216 memcpy(&x->lft, &p->lft, sizeof(x->lft)); 217 x->props.mode = p->mode; 218 x->props.replay_window = p->replay_window; 219 x->props.reqid = p->reqid; 220 x->props.family = p->family; 221 x->props.saddr = p->saddr; 222 x->props.flags = p->flags; 223 } 224 225 static struct xfrm_state *xfrm_state_construct(struct xfrm_usersa_info *p, 226 struct rtattr **xfrma, 227 int *errp) 228 { 229 struct xfrm_state *x = xfrm_state_alloc(); 230 int err = -ENOMEM; 231 232 if (!x) 233 goto error_no_put; 234 235 copy_from_user_state(x, p); 236 237 if ((err = attach_one_algo(&x->aalg, &x->props.aalgo, 238 xfrm_aalg_get_byname, 239 xfrma[XFRMA_ALG_AUTH-1]))) 240 goto error; 241 if ((err = attach_one_algo(&x->ealg, &x->props.ealgo, 242 xfrm_ealg_get_byname, 243 xfrma[XFRMA_ALG_CRYPT-1]))) 244 goto error; 245 if ((err = attach_one_algo(&x->calg, &x->props.calgo, 246 xfrm_calg_get_byname, 247 xfrma[XFRMA_ALG_COMP-1]))) 248 goto error; 249 if ((err = attach_encap_tmpl(&x->encap, xfrma[XFRMA_ENCAP-1]))) 250 goto error; 251 252 err = xfrm_init_state(x); 253 if (err) 254 goto error; 255 256 x->km.seq = p->seq; 257 258 return x; 259 260 error: 261 x->km.state = XFRM_STATE_DEAD; 262 xfrm_state_put(x); 263 error_no_put: 264 *errp = err; 265 return NULL; 266 } 267 268 static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 269 { 270 struct xfrm_usersa_info *p = NLMSG_DATA(nlh); 271 struct xfrm_state *x; 272 int err; 273 struct km_event c; 274 275 err = verify_newsa_info(p, (struct rtattr **) xfrma); 276 if (err) 277 return err; 278 279 x = xfrm_state_construct(p, (struct rtattr **) xfrma, &err); 280 if (!x) 281 return err; 282 283 xfrm_state_hold(x); 284 if (nlh->nlmsg_type == XFRM_MSG_NEWSA) 285 err = xfrm_state_add(x); 286 else 287 err = xfrm_state_update(x); 288 289 if (err < 0) { 290 x->km.state = XFRM_STATE_DEAD; 291 xfrm_state_put(x); 292 goto out; 293 } 294 295 c.seq = nlh->nlmsg_seq; 296 c.pid = nlh->nlmsg_pid; 297 c.event = nlh->nlmsg_type; 298 299 km_state_notify(x, &c); 300 out: 301 xfrm_state_put(x); 302 return err; 303 } 304 305 static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 306 { 307 struct xfrm_state *x; 308 int err; 309 struct km_event c; 310 struct xfrm_usersa_id *p = NLMSG_DATA(nlh); 311 312 x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family); 313 if (x == NULL) 314 return -ESRCH; 315 316 if (xfrm_state_kern(x)) { 317 xfrm_state_put(x); 318 return -EPERM; 319 } 320 321 err = xfrm_state_delete(x); 322 if (err < 0) { 323 xfrm_state_put(x); 324 return err; 325 } 326 327 c.seq = nlh->nlmsg_seq; 328 c.pid = nlh->nlmsg_pid; 329 c.event = nlh->nlmsg_type; 330 km_state_notify(x, &c); 331 xfrm_state_put(x); 332 333 return err; 334 } 335 336 static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 337 { 338 memcpy(&p->id, &x->id, sizeof(p->id)); 339 memcpy(&p->sel, &x->sel, sizeof(p->sel)); 340 memcpy(&p->lft, &x->lft, sizeof(p->lft)); 341 memcpy(&p->curlft, &x->curlft, sizeof(p->curlft)); 342 memcpy(&p->stats, &x->stats, sizeof(p->stats)); 343 p->saddr = x->props.saddr; 344 p->mode = x->props.mode; 345 p->replay_window = x->props.replay_window; 346 p->reqid = x->props.reqid; 347 p->family = x->props.family; 348 p->flags = x->props.flags; 349 p->seq = x->km.seq; 350 } 351 352 struct xfrm_dump_info { 353 struct sk_buff *in_skb; 354 struct sk_buff *out_skb; 355 u32 nlmsg_seq; 356 u16 nlmsg_flags; 357 int start_idx; 358 int this_idx; 359 }; 360 361 static int dump_one_state(struct xfrm_state *x, int count, void *ptr) 362 { 363 struct xfrm_dump_info *sp = ptr; 364 struct sk_buff *in_skb = sp->in_skb; 365 struct sk_buff *skb = sp->out_skb; 366 struct xfrm_usersa_info *p; 367 struct nlmsghdr *nlh; 368 unsigned char *b = skb->tail; 369 370 if (sp->this_idx < sp->start_idx) 371 goto out; 372 373 nlh = NLMSG_PUT(skb, NETLINK_CB(in_skb).pid, 374 sp->nlmsg_seq, 375 XFRM_MSG_NEWSA, sizeof(*p)); 376 nlh->nlmsg_flags = sp->nlmsg_flags; 377 378 p = NLMSG_DATA(nlh); 379 copy_to_user_state(x, p); 380 381 if (x->aalg) 382 RTA_PUT(skb, XFRMA_ALG_AUTH, 383 sizeof(*(x->aalg))+(x->aalg->alg_key_len+7)/8, x->aalg); 384 if (x->ealg) 385 RTA_PUT(skb, XFRMA_ALG_CRYPT, 386 sizeof(*(x->ealg))+(x->ealg->alg_key_len+7)/8, x->ealg); 387 if (x->calg) 388 RTA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 389 390 if (x->encap) 391 RTA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 392 393 nlh->nlmsg_len = skb->tail - b; 394 out: 395 sp->this_idx++; 396 return 0; 397 398 nlmsg_failure: 399 rtattr_failure: 400 skb_trim(skb, b - skb->data); 401 return -1; 402 } 403 404 static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) 405 { 406 struct xfrm_dump_info info; 407 408 info.in_skb = cb->skb; 409 info.out_skb = skb; 410 info.nlmsg_seq = cb->nlh->nlmsg_seq; 411 info.nlmsg_flags = NLM_F_MULTI; 412 info.this_idx = 0; 413 info.start_idx = cb->args[0]; 414 (void) xfrm_state_walk(IPSEC_PROTO_ANY, dump_one_state, &info); 415 cb->args[0] = info.this_idx; 416 417 return skb->len; 418 } 419 420 static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, 421 struct xfrm_state *x, u32 seq) 422 { 423 struct xfrm_dump_info info; 424 struct sk_buff *skb; 425 426 skb = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC); 427 if (!skb) 428 return ERR_PTR(-ENOMEM); 429 430 NETLINK_CB(skb).dst_pid = NETLINK_CB(in_skb).pid; 431 info.in_skb = in_skb; 432 info.out_skb = skb; 433 info.nlmsg_seq = seq; 434 info.nlmsg_flags = 0; 435 info.this_idx = info.start_idx = 0; 436 437 if (dump_one_state(x, 0, &info)) { 438 kfree_skb(skb); 439 return NULL; 440 } 441 442 return skb; 443 } 444 445 static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 446 { 447 struct xfrm_usersa_id *p = NLMSG_DATA(nlh); 448 struct xfrm_state *x; 449 struct sk_buff *resp_skb; 450 int err; 451 452 x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family); 453 err = -ESRCH; 454 if (x == NULL) 455 goto out_noput; 456 457 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 458 if (IS_ERR(resp_skb)) { 459 err = PTR_ERR(resp_skb); 460 } else { 461 err = netlink_unicast(xfrm_nl, resp_skb, 462 NETLINK_CB(skb).pid, MSG_DONTWAIT); 463 } 464 xfrm_state_put(x); 465 out_noput: 466 return err; 467 } 468 469 static int verify_userspi_info(struct xfrm_userspi_info *p) 470 { 471 switch (p->info.id.proto) { 472 case IPPROTO_AH: 473 case IPPROTO_ESP: 474 break; 475 476 case IPPROTO_COMP: 477 /* IPCOMP spi is 16-bits. */ 478 if (p->max >= 0x10000) 479 return -EINVAL; 480 break; 481 482 default: 483 return -EINVAL; 484 }; 485 486 if (p->min > p->max) 487 return -EINVAL; 488 489 return 0; 490 } 491 492 static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 493 { 494 struct xfrm_state *x; 495 struct xfrm_userspi_info *p; 496 struct sk_buff *resp_skb; 497 xfrm_address_t *daddr; 498 int family; 499 int err; 500 501 p = NLMSG_DATA(nlh); 502 err = verify_userspi_info(p); 503 if (err) 504 goto out_noput; 505 506 family = p->info.family; 507 daddr = &p->info.id.daddr; 508 509 x = NULL; 510 if (p->info.seq) { 511 x = xfrm_find_acq_byseq(p->info.seq); 512 if (x && xfrm_addr_cmp(&x->id.daddr, daddr, family)) { 513 xfrm_state_put(x); 514 x = NULL; 515 } 516 } 517 518 if (!x) 519 x = xfrm_find_acq(p->info.mode, p->info.reqid, 520 p->info.id.proto, daddr, 521 &p->info.saddr, 1, 522 family); 523 err = -ENOENT; 524 if (x == NULL) 525 goto out_noput; 526 527 resp_skb = ERR_PTR(-ENOENT); 528 529 spin_lock_bh(&x->lock); 530 if (x->km.state != XFRM_STATE_DEAD) { 531 xfrm_alloc_spi(x, htonl(p->min), htonl(p->max)); 532 if (x->id.spi) 533 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 534 } 535 spin_unlock_bh(&x->lock); 536 537 if (IS_ERR(resp_skb)) { 538 err = PTR_ERR(resp_skb); 539 goto out; 540 } 541 542 err = netlink_unicast(xfrm_nl, resp_skb, 543 NETLINK_CB(skb).pid, MSG_DONTWAIT); 544 545 out: 546 xfrm_state_put(x); 547 out_noput: 548 return err; 549 } 550 551 static int verify_policy_dir(__u8 dir) 552 { 553 switch (dir) { 554 case XFRM_POLICY_IN: 555 case XFRM_POLICY_OUT: 556 case XFRM_POLICY_FWD: 557 break; 558 559 default: 560 return -EINVAL; 561 }; 562 563 return 0; 564 } 565 566 static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) 567 { 568 switch (p->share) { 569 case XFRM_SHARE_ANY: 570 case XFRM_SHARE_SESSION: 571 case XFRM_SHARE_USER: 572 case XFRM_SHARE_UNIQUE: 573 break; 574 575 default: 576 return -EINVAL; 577 }; 578 579 switch (p->action) { 580 case XFRM_POLICY_ALLOW: 581 case XFRM_POLICY_BLOCK: 582 break; 583 584 default: 585 return -EINVAL; 586 }; 587 588 switch (p->sel.family) { 589 case AF_INET: 590 break; 591 592 case AF_INET6: 593 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 594 break; 595 #else 596 return -EAFNOSUPPORT; 597 #endif 598 599 default: 600 return -EINVAL; 601 }; 602 603 return verify_policy_dir(p->dir); 604 } 605 606 static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, 607 int nr) 608 { 609 int i; 610 611 xp->xfrm_nr = nr; 612 for (i = 0; i < nr; i++, ut++) { 613 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 614 615 memcpy(&t->id, &ut->id, sizeof(struct xfrm_id)); 616 memcpy(&t->saddr, &ut->saddr, 617 sizeof(xfrm_address_t)); 618 t->reqid = ut->reqid; 619 t->mode = ut->mode; 620 t->share = ut->share; 621 t->optional = ut->optional; 622 t->aalgos = ut->aalgos; 623 t->ealgos = ut->ealgos; 624 t->calgos = ut->calgos; 625 } 626 } 627 628 static int copy_from_user_tmpl(struct xfrm_policy *pol, struct rtattr **xfrma) 629 { 630 struct rtattr *rt = xfrma[XFRMA_TMPL-1]; 631 struct xfrm_user_tmpl *utmpl; 632 int nr; 633 634 if (!rt) { 635 pol->xfrm_nr = 0; 636 } else { 637 nr = (rt->rta_len - sizeof(*rt)) / sizeof(*utmpl); 638 639 if (nr > XFRM_MAX_DEPTH) 640 return -EINVAL; 641 642 copy_templates(pol, RTA_DATA(rt), nr); 643 } 644 return 0; 645 } 646 647 static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p) 648 { 649 xp->priority = p->priority; 650 xp->index = p->index; 651 memcpy(&xp->selector, &p->sel, sizeof(xp->selector)); 652 memcpy(&xp->lft, &p->lft, sizeof(xp->lft)); 653 xp->action = p->action; 654 xp->flags = p->flags; 655 xp->family = p->sel.family; 656 /* XXX xp->share = p->share; */ 657 } 658 659 static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) 660 { 661 memcpy(&p->sel, &xp->selector, sizeof(p->sel)); 662 memcpy(&p->lft, &xp->lft, sizeof(p->lft)); 663 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); 664 p->priority = xp->priority; 665 p->index = xp->index; 666 p->sel.family = xp->family; 667 p->dir = dir; 668 p->action = xp->action; 669 p->flags = xp->flags; 670 p->share = XFRM_SHARE_ANY; /* XXX xp->share */ 671 } 672 673 static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, struct rtattr **xfrma, int *errp) 674 { 675 struct xfrm_policy *xp = xfrm_policy_alloc(GFP_KERNEL); 676 int err; 677 678 if (!xp) { 679 *errp = -ENOMEM; 680 return NULL; 681 } 682 683 copy_from_user_policy(xp, p); 684 err = copy_from_user_tmpl(xp, xfrma); 685 if (err) { 686 *errp = err; 687 kfree(xp); 688 xp = NULL; 689 } 690 691 return xp; 692 } 693 694 static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 695 { 696 struct xfrm_userpolicy_info *p = NLMSG_DATA(nlh); 697 struct xfrm_policy *xp; 698 struct km_event c; 699 int err; 700 int excl; 701 702 err = verify_newpolicy_info(p); 703 if (err) 704 return err; 705 706 xp = xfrm_policy_construct(p, (struct rtattr **) xfrma, &err); 707 if (!xp) 708 return err; 709 710 /* shouldnt excl be based on nlh flags?? 711 * Aha! this is anti-netlink really i.e more pfkey derived 712 * in netlink excl is a flag and you wouldnt need 713 * a type XFRM_MSG_UPDPOLICY - JHS */ 714 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 715 err = xfrm_policy_insert(p->dir, xp, excl); 716 if (err) { 717 kfree(xp); 718 return err; 719 } 720 721 c.event = nlh->nlmsg_type; 722 c.seq = nlh->nlmsg_seq; 723 c.pid = nlh->nlmsg_pid; 724 km_policy_notify(xp, p->dir, &c); 725 726 xfrm_pol_put(xp); 727 728 return 0; 729 } 730 731 static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) 732 { 733 struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; 734 int i; 735 736 if (xp->xfrm_nr == 0) 737 return 0; 738 739 for (i = 0; i < xp->xfrm_nr; i++) { 740 struct xfrm_user_tmpl *up = &vec[i]; 741 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 742 743 memcpy(&up->id, &kp->id, sizeof(up->id)); 744 up->family = xp->family; 745 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); 746 up->reqid = kp->reqid; 747 up->mode = kp->mode; 748 up->share = kp->share; 749 up->optional = kp->optional; 750 up->aalgos = kp->aalgos; 751 up->ealgos = kp->ealgos; 752 up->calgos = kp->calgos; 753 } 754 RTA_PUT(skb, XFRMA_TMPL, 755 (sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr), 756 vec); 757 758 return 0; 759 760 rtattr_failure: 761 return -1; 762 } 763 764 static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr) 765 { 766 struct xfrm_dump_info *sp = ptr; 767 struct xfrm_userpolicy_info *p; 768 struct sk_buff *in_skb = sp->in_skb; 769 struct sk_buff *skb = sp->out_skb; 770 struct nlmsghdr *nlh; 771 unsigned char *b = skb->tail; 772 773 if (sp->this_idx < sp->start_idx) 774 goto out; 775 776 nlh = NLMSG_PUT(skb, NETLINK_CB(in_skb).pid, 777 sp->nlmsg_seq, 778 XFRM_MSG_NEWPOLICY, sizeof(*p)); 779 p = NLMSG_DATA(nlh); 780 nlh->nlmsg_flags = sp->nlmsg_flags; 781 782 copy_to_user_policy(xp, p, dir); 783 if (copy_to_user_tmpl(xp, skb) < 0) 784 goto nlmsg_failure; 785 786 nlh->nlmsg_len = skb->tail - b; 787 out: 788 sp->this_idx++; 789 return 0; 790 791 nlmsg_failure: 792 skb_trim(skb, b - skb->data); 793 return -1; 794 } 795 796 static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) 797 { 798 struct xfrm_dump_info info; 799 800 info.in_skb = cb->skb; 801 info.out_skb = skb; 802 info.nlmsg_seq = cb->nlh->nlmsg_seq; 803 info.nlmsg_flags = NLM_F_MULTI; 804 info.this_idx = 0; 805 info.start_idx = cb->args[0]; 806 (void) xfrm_policy_walk(dump_one_policy, &info); 807 cb->args[0] = info.this_idx; 808 809 return skb->len; 810 } 811 812 static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, 813 struct xfrm_policy *xp, 814 int dir, u32 seq) 815 { 816 struct xfrm_dump_info info; 817 struct sk_buff *skb; 818 819 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 820 if (!skb) 821 return ERR_PTR(-ENOMEM); 822 823 NETLINK_CB(skb).dst_pid = NETLINK_CB(in_skb).pid; 824 info.in_skb = in_skb; 825 info.out_skb = skb; 826 info.nlmsg_seq = seq; 827 info.nlmsg_flags = 0; 828 info.this_idx = info.start_idx = 0; 829 830 if (dump_one_policy(xp, dir, 0, &info) < 0) { 831 kfree_skb(skb); 832 return NULL; 833 } 834 835 return skb; 836 } 837 838 static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 839 { 840 struct xfrm_policy *xp; 841 struct xfrm_userpolicy_id *p; 842 int err; 843 struct km_event c; 844 int delete; 845 846 p = NLMSG_DATA(nlh); 847 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; 848 849 err = verify_policy_dir(p->dir); 850 if (err) 851 return err; 852 853 if (p->index) 854 xp = xfrm_policy_byid(p->dir, p->index, delete); 855 else 856 xp = xfrm_policy_bysel(p->dir, &p->sel, delete); 857 if (xp == NULL) 858 return -ENOENT; 859 860 if (!delete) { 861 struct sk_buff *resp_skb; 862 863 resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq); 864 if (IS_ERR(resp_skb)) { 865 err = PTR_ERR(resp_skb); 866 } else { 867 err = netlink_unicast(xfrm_nl, resp_skb, 868 NETLINK_CB(skb).pid, 869 MSG_DONTWAIT); 870 } 871 } else { 872 c.data.byid = p->index; 873 c.event = nlh->nlmsg_type; 874 c.seq = nlh->nlmsg_seq; 875 c.pid = nlh->nlmsg_pid; 876 km_policy_notify(xp, p->dir, &c); 877 } 878 879 xfrm_pol_put(xp); 880 881 return err; 882 } 883 884 static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 885 { 886 struct km_event c; 887 struct xfrm_usersa_flush *p = NLMSG_DATA(nlh); 888 889 xfrm_state_flush(p->proto); 890 c.data.proto = p->proto; 891 c.event = nlh->nlmsg_type; 892 c.seq = nlh->nlmsg_seq; 893 c.pid = nlh->nlmsg_pid; 894 km_state_notify(NULL, &c); 895 896 return 0; 897 } 898 899 static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 900 { 901 struct km_event c; 902 903 xfrm_policy_flush(); 904 c.event = nlh->nlmsg_type; 905 c.seq = nlh->nlmsg_seq; 906 c.pid = nlh->nlmsg_pid; 907 km_policy_notify(NULL, 0, &c); 908 return 0; 909 } 910 911 #define XMSGSIZE(type) NLMSG_LENGTH(sizeof(struct type)) 912 913 static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = { 914 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 915 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 916 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 917 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 918 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 919 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 920 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info), 921 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire), 922 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire), 923 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 924 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 925 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire), 926 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), 927 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = NLMSG_LENGTH(0), 928 }; 929 930 #undef XMSGSIZE 931 932 static struct xfrm_link { 933 int (*doit)(struct sk_buff *, struct nlmsghdr *, void **); 934 int (*dump)(struct sk_buff *, struct netlink_callback *); 935 } xfrm_dispatch[XFRM_NR_MSGTYPES] = { 936 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 937 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = { .doit = xfrm_del_sa }, 938 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = { .doit = xfrm_get_sa, 939 .dump = xfrm_dump_sa }, 940 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 941 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy }, 942 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy, 943 .dump = xfrm_dump_policy }, 944 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, 945 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 946 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 947 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, 948 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy }, 949 }; 950 951 static int xfrm_done(struct netlink_callback *cb) 952 { 953 return 0; 954 } 955 956 static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, int *errp) 957 { 958 struct rtattr *xfrma[XFRMA_MAX]; 959 struct xfrm_link *link; 960 int type, min_len; 961 962 if (!(nlh->nlmsg_flags & NLM_F_REQUEST)) 963 return 0; 964 965 type = nlh->nlmsg_type; 966 967 /* A control message: ignore them */ 968 if (type < XFRM_MSG_BASE) 969 return 0; 970 971 /* Unknown message: reply with EINVAL */ 972 if (type > XFRM_MSG_MAX) 973 goto err_einval; 974 975 type -= XFRM_MSG_BASE; 976 link = &xfrm_dispatch[type]; 977 978 /* All operations require privileges, even GET */ 979 if (security_netlink_recv(skb)) { 980 *errp = -EPERM; 981 return -1; 982 } 983 984 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || 985 type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) && 986 (nlh->nlmsg_flags & NLM_F_DUMP)) { 987 u32 rlen; 988 989 if (link->dump == NULL) 990 goto err_einval; 991 992 if ((*errp = netlink_dump_start(xfrm_nl, skb, nlh, 993 link->dump, 994 xfrm_done)) != 0) { 995 return -1; 996 } 997 rlen = NLMSG_ALIGN(nlh->nlmsg_len); 998 if (rlen > skb->len) 999 rlen = skb->len; 1000 skb_pull(skb, rlen); 1001 return -1; 1002 } 1003 1004 memset(xfrma, 0, sizeof(xfrma)); 1005 1006 if (nlh->nlmsg_len < (min_len = xfrm_msg_min[type])) 1007 goto err_einval; 1008 1009 if (nlh->nlmsg_len > min_len) { 1010 int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len); 1011 struct rtattr *attr = (void *) nlh + NLMSG_ALIGN(min_len); 1012 1013 while (RTA_OK(attr, attrlen)) { 1014 unsigned short flavor = attr->rta_type; 1015 if (flavor) { 1016 if (flavor > XFRMA_MAX) 1017 goto err_einval; 1018 xfrma[flavor - 1] = attr; 1019 } 1020 attr = RTA_NEXT(attr, attrlen); 1021 } 1022 } 1023 1024 if (link->doit == NULL) 1025 goto err_einval; 1026 *errp = link->doit(skb, nlh, (void **) &xfrma); 1027 1028 return *errp; 1029 1030 err_einval: 1031 *errp = -EINVAL; 1032 return -1; 1033 } 1034 1035 static int xfrm_user_rcv_skb(struct sk_buff *skb) 1036 { 1037 int err; 1038 struct nlmsghdr *nlh; 1039 1040 while (skb->len >= NLMSG_SPACE(0)) { 1041 u32 rlen; 1042 1043 nlh = (struct nlmsghdr *) skb->data; 1044 if (nlh->nlmsg_len < sizeof(*nlh) || 1045 skb->len < nlh->nlmsg_len) 1046 return 0; 1047 rlen = NLMSG_ALIGN(nlh->nlmsg_len); 1048 if (rlen > skb->len) 1049 rlen = skb->len; 1050 if (xfrm_user_rcv_msg(skb, nlh, &err) < 0) { 1051 if (err == 0) 1052 return -1; 1053 netlink_ack(skb, nlh, err); 1054 } else if (nlh->nlmsg_flags & NLM_F_ACK) 1055 netlink_ack(skb, nlh, 0); 1056 skb_pull(skb, rlen); 1057 } 1058 1059 return 0; 1060 } 1061 1062 static void xfrm_netlink_rcv(struct sock *sk, int len) 1063 { 1064 unsigned int qlen = skb_queue_len(&sk->sk_receive_queue); 1065 1066 do { 1067 struct sk_buff *skb; 1068 1069 down(&xfrm_cfg_sem); 1070 1071 if (qlen > skb_queue_len(&sk->sk_receive_queue)) 1072 qlen = skb_queue_len(&sk->sk_receive_queue); 1073 1074 for (; qlen; qlen--) { 1075 skb = skb_dequeue(&sk->sk_receive_queue); 1076 if (xfrm_user_rcv_skb(skb)) { 1077 if (skb->len) 1078 skb_queue_head(&sk->sk_receive_queue, 1079 skb); 1080 else { 1081 kfree_skb(skb); 1082 qlen--; 1083 } 1084 break; 1085 } 1086 kfree_skb(skb); 1087 } 1088 1089 up(&xfrm_cfg_sem); 1090 1091 } while (qlen); 1092 } 1093 1094 static int build_expire(struct sk_buff *skb, struct xfrm_state *x, int hard) 1095 { 1096 struct xfrm_user_expire *ue; 1097 struct nlmsghdr *nlh; 1098 unsigned char *b = skb->tail; 1099 1100 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_EXPIRE, 1101 sizeof(*ue)); 1102 ue = NLMSG_DATA(nlh); 1103 nlh->nlmsg_flags = 0; 1104 1105 copy_to_user_state(x, &ue->state); 1106 ue->hard = (hard != 0) ? 1 : 0; 1107 1108 nlh->nlmsg_len = skb->tail - b; 1109 return skb->len; 1110 1111 nlmsg_failure: 1112 skb_trim(skb, b - skb->data); 1113 return -1; 1114 } 1115 1116 static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) 1117 { 1118 struct sk_buff *skb; 1119 int len = NLMSG_LENGTH(sizeof(struct xfrm_user_expire)); 1120 1121 skb = alloc_skb(len, GFP_ATOMIC); 1122 if (skb == NULL) 1123 return -ENOMEM; 1124 1125 if (build_expire(skb, x, c->data.hard) < 0) 1126 BUG(); 1127 1128 NETLINK_CB(skb).dst_group = XFRMNLGRP_EXPIRE; 1129 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 1130 } 1131 1132 static int xfrm_notify_sa_flush(struct km_event *c) 1133 { 1134 struct xfrm_usersa_flush *p; 1135 struct nlmsghdr *nlh; 1136 struct sk_buff *skb; 1137 unsigned char *b; 1138 int len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_flush)); 1139 1140 skb = alloc_skb(len, GFP_ATOMIC); 1141 if (skb == NULL) 1142 return -ENOMEM; 1143 b = skb->tail; 1144 1145 nlh = NLMSG_PUT(skb, c->pid, c->seq, 1146 XFRM_MSG_FLUSHSA, sizeof(*p)); 1147 nlh->nlmsg_flags = 0; 1148 1149 p = NLMSG_DATA(nlh); 1150 p->proto = c->data.proto; 1151 1152 nlh->nlmsg_len = skb->tail - b; 1153 1154 NETLINK_CB(skb).dst_group = XFRMNLGRP_SA; 1155 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 1156 1157 nlmsg_failure: 1158 kfree_skb(skb); 1159 return -1; 1160 } 1161 1162 static int inline xfrm_sa_len(struct xfrm_state *x) 1163 { 1164 int l = 0; 1165 if (x->aalg) 1166 l += RTA_SPACE(sizeof(*x->aalg) + (x->aalg->alg_key_len+7)/8); 1167 if (x->ealg) 1168 l += RTA_SPACE(sizeof(*x->ealg) + (x->ealg->alg_key_len+7)/8); 1169 if (x->calg) 1170 l += RTA_SPACE(sizeof(*x->calg)); 1171 if (x->encap) 1172 l += RTA_SPACE(sizeof(*x->encap)); 1173 1174 return l; 1175 } 1176 1177 static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c) 1178 { 1179 struct xfrm_usersa_info *p; 1180 struct xfrm_usersa_id *id; 1181 struct nlmsghdr *nlh; 1182 struct sk_buff *skb; 1183 unsigned char *b; 1184 int len = xfrm_sa_len(x); 1185 int headlen; 1186 1187 headlen = sizeof(*p); 1188 if (c->event == XFRM_MSG_DELSA) { 1189 len += RTA_SPACE(headlen); 1190 headlen = sizeof(*id); 1191 } 1192 len += NLMSG_SPACE(headlen); 1193 1194 skb = alloc_skb(len, GFP_ATOMIC); 1195 if (skb == NULL) 1196 return -ENOMEM; 1197 b = skb->tail; 1198 1199 nlh = NLMSG_PUT(skb, c->pid, c->seq, c->event, headlen); 1200 nlh->nlmsg_flags = 0; 1201 1202 p = NLMSG_DATA(nlh); 1203 if (c->event == XFRM_MSG_DELSA) { 1204 id = NLMSG_DATA(nlh); 1205 memcpy(&id->daddr, &x->id.daddr, sizeof(id->daddr)); 1206 id->spi = x->id.spi; 1207 id->family = x->props.family; 1208 id->proto = x->id.proto; 1209 1210 p = RTA_DATA(__RTA_PUT(skb, XFRMA_SA, sizeof(*p))); 1211 } 1212 1213 copy_to_user_state(x, p); 1214 1215 if (x->aalg) 1216 RTA_PUT(skb, XFRMA_ALG_AUTH, 1217 sizeof(*(x->aalg))+(x->aalg->alg_key_len+7)/8, x->aalg); 1218 if (x->ealg) 1219 RTA_PUT(skb, XFRMA_ALG_CRYPT, 1220 sizeof(*(x->ealg))+(x->ealg->alg_key_len+7)/8, x->ealg); 1221 if (x->calg) 1222 RTA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 1223 1224 if (x->encap) 1225 RTA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 1226 1227 nlh->nlmsg_len = skb->tail - b; 1228 1229 NETLINK_CB(skb).dst_group = XFRMNLGRP_SA; 1230 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 1231 1232 nlmsg_failure: 1233 rtattr_failure: 1234 kfree_skb(skb); 1235 return -1; 1236 } 1237 1238 static int xfrm_send_state_notify(struct xfrm_state *x, struct km_event *c) 1239 { 1240 1241 switch (c->event) { 1242 case XFRM_MSG_EXPIRE: 1243 return xfrm_exp_state_notify(x, c); 1244 case XFRM_MSG_DELSA: 1245 case XFRM_MSG_UPDSA: 1246 case XFRM_MSG_NEWSA: 1247 return xfrm_notify_sa(x, c); 1248 case XFRM_MSG_FLUSHSA: 1249 return xfrm_notify_sa_flush(c); 1250 default: 1251 printk("xfrm_user: Unknown SA event %d\n", c->event); 1252 break; 1253 } 1254 1255 return 0; 1256 1257 } 1258 1259 static int build_acquire(struct sk_buff *skb, struct xfrm_state *x, 1260 struct xfrm_tmpl *xt, struct xfrm_policy *xp, 1261 int dir) 1262 { 1263 struct xfrm_user_acquire *ua; 1264 struct nlmsghdr *nlh; 1265 unsigned char *b = skb->tail; 1266 __u32 seq = xfrm_get_acqseq(); 1267 1268 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_ACQUIRE, 1269 sizeof(*ua)); 1270 ua = NLMSG_DATA(nlh); 1271 nlh->nlmsg_flags = 0; 1272 1273 memcpy(&ua->id, &x->id, sizeof(ua->id)); 1274 memcpy(&ua->saddr, &x->props.saddr, sizeof(ua->saddr)); 1275 memcpy(&ua->sel, &x->sel, sizeof(ua->sel)); 1276 copy_to_user_policy(xp, &ua->policy, dir); 1277 ua->aalgos = xt->aalgos; 1278 ua->ealgos = xt->ealgos; 1279 ua->calgos = xt->calgos; 1280 ua->seq = x->km.seq = seq; 1281 1282 if (copy_to_user_tmpl(xp, skb) < 0) 1283 goto nlmsg_failure; 1284 1285 nlh->nlmsg_len = skb->tail - b; 1286 return skb->len; 1287 1288 nlmsg_failure: 1289 skb_trim(skb, b - skb->data); 1290 return -1; 1291 } 1292 1293 static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, 1294 struct xfrm_policy *xp, int dir) 1295 { 1296 struct sk_buff *skb; 1297 size_t len; 1298 1299 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 1300 len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire)); 1301 skb = alloc_skb(len, GFP_ATOMIC); 1302 if (skb == NULL) 1303 return -ENOMEM; 1304 1305 if (build_acquire(skb, x, xt, xp, dir) < 0) 1306 BUG(); 1307 1308 NETLINK_CB(skb).dst_group = XFRMNLGRP_ACQUIRE; 1309 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_ACQUIRE, GFP_ATOMIC); 1310 } 1311 1312 /* User gives us xfrm_user_policy_info followed by an array of 0 1313 * or more templates. 1314 */ 1315 static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt, 1316 u8 *data, int len, int *dir) 1317 { 1318 struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; 1319 struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); 1320 struct xfrm_policy *xp; 1321 int nr; 1322 1323 switch (family) { 1324 case AF_INET: 1325 if (opt != IP_XFRM_POLICY) { 1326 *dir = -EOPNOTSUPP; 1327 return NULL; 1328 } 1329 break; 1330 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1331 case AF_INET6: 1332 if (opt != IPV6_XFRM_POLICY) { 1333 *dir = -EOPNOTSUPP; 1334 return NULL; 1335 } 1336 break; 1337 #endif 1338 default: 1339 *dir = -EINVAL; 1340 return NULL; 1341 } 1342 1343 *dir = -EINVAL; 1344 1345 if (len < sizeof(*p) || 1346 verify_newpolicy_info(p)) 1347 return NULL; 1348 1349 nr = ((len - sizeof(*p)) / sizeof(*ut)); 1350 if (nr > XFRM_MAX_DEPTH) 1351 return NULL; 1352 1353 if (p->dir > XFRM_POLICY_OUT) 1354 return NULL; 1355 1356 xp = xfrm_policy_alloc(GFP_KERNEL); 1357 if (xp == NULL) { 1358 *dir = -ENOBUFS; 1359 return NULL; 1360 } 1361 1362 copy_from_user_policy(xp, p); 1363 copy_templates(xp, ut, nr); 1364 1365 *dir = p->dir; 1366 1367 return xp; 1368 } 1369 1370 static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, 1371 int dir, int hard) 1372 { 1373 struct xfrm_user_polexpire *upe; 1374 struct nlmsghdr *nlh; 1375 unsigned char *b = skb->tail; 1376 1377 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe)); 1378 upe = NLMSG_DATA(nlh); 1379 nlh->nlmsg_flags = 0; 1380 1381 copy_to_user_policy(xp, &upe->pol, dir); 1382 if (copy_to_user_tmpl(xp, skb) < 0) 1383 goto nlmsg_failure; 1384 upe->hard = !!hard; 1385 1386 nlh->nlmsg_len = skb->tail - b; 1387 return skb->len; 1388 1389 nlmsg_failure: 1390 skb_trim(skb, b - skb->data); 1391 return -1; 1392 } 1393 1394 static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 1395 { 1396 struct sk_buff *skb; 1397 size_t len; 1398 1399 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 1400 len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire)); 1401 skb = alloc_skb(len, GFP_ATOMIC); 1402 if (skb == NULL) 1403 return -ENOMEM; 1404 1405 if (build_polexpire(skb, xp, dir, c->data.hard) < 0) 1406 BUG(); 1407 1408 NETLINK_CB(skb).dst_group = XFRMNLGRP_EXPIRE; 1409 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 1410 } 1411 1412 static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) 1413 { 1414 struct xfrm_userpolicy_info *p; 1415 struct xfrm_userpolicy_id *id; 1416 struct nlmsghdr *nlh; 1417 struct sk_buff *skb; 1418 unsigned char *b; 1419 int len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 1420 int headlen; 1421 1422 headlen = sizeof(*p); 1423 if (c->event == XFRM_MSG_DELPOLICY) { 1424 len += RTA_SPACE(headlen); 1425 headlen = sizeof(*id); 1426 } 1427 len += NLMSG_SPACE(headlen); 1428 1429 skb = alloc_skb(len, GFP_ATOMIC); 1430 if (skb == NULL) 1431 return -ENOMEM; 1432 b = skb->tail; 1433 1434 nlh = NLMSG_PUT(skb, c->pid, c->seq, c->event, headlen); 1435 1436 p = NLMSG_DATA(nlh); 1437 if (c->event == XFRM_MSG_DELPOLICY) { 1438 id = NLMSG_DATA(nlh); 1439 memset(id, 0, sizeof(*id)); 1440 id->dir = dir; 1441 if (c->data.byid) 1442 id->index = xp->index; 1443 else 1444 memcpy(&id->sel, &xp->selector, sizeof(id->sel)); 1445 1446 p = RTA_DATA(__RTA_PUT(skb, XFRMA_POLICY, sizeof(*p))); 1447 } 1448 1449 nlh->nlmsg_flags = 0; 1450 1451 copy_to_user_policy(xp, p, dir); 1452 if (copy_to_user_tmpl(xp, skb) < 0) 1453 goto nlmsg_failure; 1454 1455 nlh->nlmsg_len = skb->tail - b; 1456 1457 NETLINK_CB(skb).dst_group = XFRMNLGRP_POLICY; 1458 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 1459 1460 nlmsg_failure: 1461 rtattr_failure: 1462 kfree_skb(skb); 1463 return -1; 1464 } 1465 1466 static int xfrm_notify_policy_flush(struct km_event *c) 1467 { 1468 struct nlmsghdr *nlh; 1469 struct sk_buff *skb; 1470 unsigned char *b; 1471 int len = NLMSG_LENGTH(0); 1472 1473 skb = alloc_skb(len, GFP_ATOMIC); 1474 if (skb == NULL) 1475 return -ENOMEM; 1476 b = skb->tail; 1477 1478 1479 nlh = NLMSG_PUT(skb, c->pid, c->seq, XFRM_MSG_FLUSHPOLICY, 0); 1480 1481 nlh->nlmsg_len = skb->tail - b; 1482 1483 NETLINK_CB(skb).dst_group = XFRMNLGRP_POLICY; 1484 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 1485 1486 nlmsg_failure: 1487 kfree_skb(skb); 1488 return -1; 1489 } 1490 1491 static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 1492 { 1493 1494 switch (c->event) { 1495 case XFRM_MSG_NEWPOLICY: 1496 case XFRM_MSG_UPDPOLICY: 1497 case XFRM_MSG_DELPOLICY: 1498 return xfrm_notify_policy(xp, dir, c); 1499 case XFRM_MSG_FLUSHPOLICY: 1500 return xfrm_notify_policy_flush(c); 1501 case XFRM_MSG_POLEXPIRE: 1502 return xfrm_exp_policy_notify(xp, dir, c); 1503 default: 1504 printk("xfrm_user: Unknown Policy event %d\n", c->event); 1505 } 1506 1507 return 0; 1508 1509 } 1510 1511 static struct xfrm_mgr netlink_mgr = { 1512 .id = "netlink", 1513 .notify = xfrm_send_state_notify, 1514 .acquire = xfrm_send_acquire, 1515 .compile_policy = xfrm_compile_policy, 1516 .notify_policy = xfrm_send_policy_notify, 1517 }; 1518 1519 static int __init xfrm_user_init(void) 1520 { 1521 printk(KERN_INFO "Initializing IPsec netlink socket\n"); 1522 1523 xfrm_nl = netlink_kernel_create(NETLINK_XFRM, XFRMNLGRP_MAX, 1524 xfrm_netlink_rcv, THIS_MODULE); 1525 if (xfrm_nl == NULL) 1526 return -ENOMEM; 1527 1528 xfrm_register_km(&netlink_mgr); 1529 1530 return 0; 1531 } 1532 1533 static void __exit xfrm_user_exit(void) 1534 { 1535 xfrm_unregister_km(&netlink_mgr); 1536 sock_release(xfrm_nl->sk_socket); 1537 } 1538 1539 module_init(xfrm_user_init); 1540 module_exit(xfrm_user_exit); 1541 MODULE_LICENSE("GPL"); 1542 MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_XFRM); 1543