1 /* xfrm_user.c: User interface to configure xfrm engine. 2 * 3 * Copyright (C) 2002 David S. Miller (davem@redhat.com) 4 * 5 * Changes: 6 * Mitsuru KANDA @USAGI 7 * Kazunori MIYAZAWA @USAGI 8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 9 * IPv6 support 10 * 11 */ 12 13 #include <linux/module.h> 14 #include <linux/kernel.h> 15 #include <linux/types.h> 16 #include <linux/slab.h> 17 #include <linux/socket.h> 18 #include <linux/string.h> 19 #include <linux/net.h> 20 #include <linux/skbuff.h> 21 #include <linux/rtnetlink.h> 22 #include <linux/pfkeyv2.h> 23 #include <linux/ipsec.h> 24 #include <linux/init.h> 25 #include <linux/security.h> 26 #include <net/sock.h> 27 #include <net/xfrm.h> 28 #include <net/netlink.h> 29 #include <asm/uaccess.h> 30 31 static struct sock *xfrm_nl; 32 33 static int verify_one_alg(struct rtattr **xfrma, enum xfrm_attr_type_t type) 34 { 35 struct rtattr *rt = xfrma[type - 1]; 36 struct xfrm_algo *algp; 37 int len; 38 39 if (!rt) 40 return 0; 41 42 len = (rt->rta_len - sizeof(*rt)) - sizeof(*algp); 43 if (len < 0) 44 return -EINVAL; 45 46 algp = RTA_DATA(rt); 47 48 len -= (algp->alg_key_len + 7U) / 8; 49 if (len < 0) 50 return -EINVAL; 51 52 switch (type) { 53 case XFRMA_ALG_AUTH: 54 if (!algp->alg_key_len && 55 strcmp(algp->alg_name, "digest_null") != 0) 56 return -EINVAL; 57 break; 58 59 case XFRMA_ALG_CRYPT: 60 if (!algp->alg_key_len && 61 strcmp(algp->alg_name, "cipher_null") != 0) 62 return -EINVAL; 63 break; 64 65 case XFRMA_ALG_COMP: 66 /* Zero length keys are legal. */ 67 break; 68 69 default: 70 return -EINVAL; 71 }; 72 73 algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0'; 74 return 0; 75 } 76 77 static int verify_encap_tmpl(struct rtattr **xfrma) 78 { 79 struct rtattr *rt = xfrma[XFRMA_ENCAP - 1]; 80 struct xfrm_encap_tmpl *encap; 81 82 if (!rt) 83 return 0; 84 85 if ((rt->rta_len - sizeof(*rt)) < sizeof(*encap)) 86 return -EINVAL; 87 88 return 0; 89 } 90 91 static int verify_newsa_info(struct xfrm_usersa_info *p, 92 struct rtattr **xfrma) 93 { 94 int err; 95 96 err = -EINVAL; 97 switch (p->family) { 98 case AF_INET: 99 break; 100 101 case AF_INET6: 102 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 103 break; 104 #else 105 err = -EAFNOSUPPORT; 106 goto out; 107 #endif 108 109 default: 110 goto out; 111 }; 112 113 err = -EINVAL; 114 switch (p->id.proto) { 115 case IPPROTO_AH: 116 if (!xfrma[XFRMA_ALG_AUTH-1] || 117 xfrma[XFRMA_ALG_CRYPT-1] || 118 xfrma[XFRMA_ALG_COMP-1]) 119 goto out; 120 break; 121 122 case IPPROTO_ESP: 123 if ((!xfrma[XFRMA_ALG_AUTH-1] && 124 !xfrma[XFRMA_ALG_CRYPT-1]) || 125 xfrma[XFRMA_ALG_COMP-1]) 126 goto out; 127 break; 128 129 case IPPROTO_COMP: 130 if (!xfrma[XFRMA_ALG_COMP-1] || 131 xfrma[XFRMA_ALG_AUTH-1] || 132 xfrma[XFRMA_ALG_CRYPT-1]) 133 goto out; 134 break; 135 136 default: 137 goto out; 138 }; 139 140 if ((err = verify_one_alg(xfrma, XFRMA_ALG_AUTH))) 141 goto out; 142 if ((err = verify_one_alg(xfrma, XFRMA_ALG_CRYPT))) 143 goto out; 144 if ((err = verify_one_alg(xfrma, XFRMA_ALG_COMP))) 145 goto out; 146 if ((err = verify_encap_tmpl(xfrma))) 147 goto out; 148 149 err = -EINVAL; 150 switch (p->mode) { 151 case 0: 152 case 1: 153 break; 154 155 default: 156 goto out; 157 }; 158 159 err = 0; 160 161 out: 162 return err; 163 } 164 165 static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, 166 struct xfrm_algo_desc *(*get_byname)(char *, int), 167 struct rtattr *u_arg) 168 { 169 struct rtattr *rta = u_arg; 170 struct xfrm_algo *p, *ualg; 171 struct xfrm_algo_desc *algo; 172 int len; 173 174 if (!rta) 175 return 0; 176 177 ualg = RTA_DATA(rta); 178 179 algo = get_byname(ualg->alg_name, 1); 180 if (!algo) 181 return -ENOSYS; 182 *props = algo->desc.sadb_alg_id; 183 184 len = sizeof(*ualg) + (ualg->alg_key_len + 7U) / 8; 185 p = kmalloc(len, GFP_KERNEL); 186 if (!p) 187 return -ENOMEM; 188 189 memcpy(p, ualg, len); 190 *algpp = p; 191 return 0; 192 } 193 194 static int attach_encap_tmpl(struct xfrm_encap_tmpl **encapp, struct rtattr *u_arg) 195 { 196 struct rtattr *rta = u_arg; 197 struct xfrm_encap_tmpl *p, *uencap; 198 199 if (!rta) 200 return 0; 201 202 uencap = RTA_DATA(rta); 203 p = kmalloc(sizeof(*p), GFP_KERNEL); 204 if (!p) 205 return -ENOMEM; 206 207 memcpy(p, uencap, sizeof(*p)); 208 *encapp = p; 209 return 0; 210 } 211 212 static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 213 { 214 memcpy(&x->id, &p->id, sizeof(x->id)); 215 memcpy(&x->sel, &p->sel, sizeof(x->sel)); 216 memcpy(&x->lft, &p->lft, sizeof(x->lft)); 217 x->props.mode = p->mode; 218 x->props.replay_window = p->replay_window; 219 x->props.reqid = p->reqid; 220 x->props.family = p->family; 221 x->props.saddr = p->saddr; 222 x->props.flags = p->flags; 223 } 224 225 static struct xfrm_state *xfrm_state_construct(struct xfrm_usersa_info *p, 226 struct rtattr **xfrma, 227 int *errp) 228 { 229 struct xfrm_state *x = xfrm_state_alloc(); 230 int err = -ENOMEM; 231 232 if (!x) 233 goto error_no_put; 234 235 copy_from_user_state(x, p); 236 237 if ((err = attach_one_algo(&x->aalg, &x->props.aalgo, 238 xfrm_aalg_get_byname, 239 xfrma[XFRMA_ALG_AUTH-1]))) 240 goto error; 241 if ((err = attach_one_algo(&x->ealg, &x->props.ealgo, 242 xfrm_ealg_get_byname, 243 xfrma[XFRMA_ALG_CRYPT-1]))) 244 goto error; 245 if ((err = attach_one_algo(&x->calg, &x->props.calgo, 246 xfrm_calg_get_byname, 247 xfrma[XFRMA_ALG_COMP-1]))) 248 goto error; 249 if ((err = attach_encap_tmpl(&x->encap, xfrma[XFRMA_ENCAP-1]))) 250 goto error; 251 252 err = xfrm_init_state(x); 253 if (err) 254 goto error; 255 256 x->km.seq = p->seq; 257 258 return x; 259 260 error: 261 x->km.state = XFRM_STATE_DEAD; 262 xfrm_state_put(x); 263 error_no_put: 264 *errp = err; 265 return NULL; 266 } 267 268 static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 269 { 270 struct xfrm_usersa_info *p = NLMSG_DATA(nlh); 271 struct xfrm_state *x; 272 int err; 273 struct km_event c; 274 275 err = verify_newsa_info(p, (struct rtattr **) xfrma); 276 if (err) 277 return err; 278 279 x = xfrm_state_construct(p, (struct rtattr **) xfrma, &err); 280 if (!x) 281 return err; 282 283 xfrm_state_hold(x); 284 if (nlh->nlmsg_type == XFRM_MSG_NEWSA) 285 err = xfrm_state_add(x); 286 else 287 err = xfrm_state_update(x); 288 289 if (err < 0) { 290 x->km.state = XFRM_STATE_DEAD; 291 xfrm_state_put(x); 292 goto out; 293 } 294 295 c.seq = nlh->nlmsg_seq; 296 c.pid = nlh->nlmsg_pid; 297 c.event = nlh->nlmsg_type; 298 299 km_state_notify(x, &c); 300 out: 301 xfrm_state_put(x); 302 return err; 303 } 304 305 static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 306 { 307 struct xfrm_state *x; 308 int err; 309 struct km_event c; 310 struct xfrm_usersa_id *p = NLMSG_DATA(nlh); 311 312 x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family); 313 if (x == NULL) 314 return -ESRCH; 315 316 if (xfrm_state_kern(x)) { 317 xfrm_state_put(x); 318 return -EPERM; 319 } 320 321 err = xfrm_state_delete(x); 322 if (err < 0) { 323 xfrm_state_put(x); 324 return err; 325 } 326 327 c.seq = nlh->nlmsg_seq; 328 c.pid = nlh->nlmsg_pid; 329 c.event = nlh->nlmsg_type; 330 km_state_notify(x, &c); 331 xfrm_state_put(x); 332 333 return err; 334 } 335 336 static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 337 { 338 memcpy(&p->id, &x->id, sizeof(p->id)); 339 memcpy(&p->sel, &x->sel, sizeof(p->sel)); 340 memcpy(&p->lft, &x->lft, sizeof(p->lft)); 341 memcpy(&p->curlft, &x->curlft, sizeof(p->curlft)); 342 memcpy(&p->stats, &x->stats, sizeof(p->stats)); 343 p->saddr = x->props.saddr; 344 p->mode = x->props.mode; 345 p->replay_window = x->props.replay_window; 346 p->reqid = x->props.reqid; 347 p->family = x->props.family; 348 p->flags = x->props.flags; 349 p->seq = x->km.seq; 350 } 351 352 struct xfrm_dump_info { 353 struct sk_buff *in_skb; 354 struct sk_buff *out_skb; 355 u32 nlmsg_seq; 356 u16 nlmsg_flags; 357 int start_idx; 358 int this_idx; 359 }; 360 361 static int dump_one_state(struct xfrm_state *x, int count, void *ptr) 362 { 363 struct xfrm_dump_info *sp = ptr; 364 struct sk_buff *in_skb = sp->in_skb; 365 struct sk_buff *skb = sp->out_skb; 366 struct xfrm_usersa_info *p; 367 struct nlmsghdr *nlh; 368 unsigned char *b = skb->tail; 369 370 if (sp->this_idx < sp->start_idx) 371 goto out; 372 373 nlh = NLMSG_PUT(skb, NETLINK_CB(in_skb).pid, 374 sp->nlmsg_seq, 375 XFRM_MSG_NEWSA, sizeof(*p)); 376 nlh->nlmsg_flags = sp->nlmsg_flags; 377 378 p = NLMSG_DATA(nlh); 379 copy_to_user_state(x, p); 380 381 if (x->aalg) 382 RTA_PUT(skb, XFRMA_ALG_AUTH, 383 sizeof(*(x->aalg))+(x->aalg->alg_key_len+7)/8, x->aalg); 384 if (x->ealg) 385 RTA_PUT(skb, XFRMA_ALG_CRYPT, 386 sizeof(*(x->ealg))+(x->ealg->alg_key_len+7)/8, x->ealg); 387 if (x->calg) 388 RTA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 389 390 if (x->encap) 391 RTA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 392 393 nlh->nlmsg_len = skb->tail - b; 394 out: 395 sp->this_idx++; 396 return 0; 397 398 nlmsg_failure: 399 rtattr_failure: 400 skb_trim(skb, b - skb->data); 401 return -1; 402 } 403 404 static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) 405 { 406 struct xfrm_dump_info info; 407 408 info.in_skb = cb->skb; 409 info.out_skb = skb; 410 info.nlmsg_seq = cb->nlh->nlmsg_seq; 411 info.nlmsg_flags = NLM_F_MULTI; 412 info.this_idx = 0; 413 info.start_idx = cb->args[0]; 414 (void) xfrm_state_walk(IPSEC_PROTO_ANY, dump_one_state, &info); 415 cb->args[0] = info.this_idx; 416 417 return skb->len; 418 } 419 420 static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, 421 struct xfrm_state *x, u32 seq) 422 { 423 struct xfrm_dump_info info; 424 struct sk_buff *skb; 425 426 skb = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC); 427 if (!skb) 428 return ERR_PTR(-ENOMEM); 429 430 NETLINK_CB(skb).dst_pid = NETLINK_CB(in_skb).pid; 431 info.in_skb = in_skb; 432 info.out_skb = skb; 433 info.nlmsg_seq = seq; 434 info.nlmsg_flags = 0; 435 info.this_idx = info.start_idx = 0; 436 437 if (dump_one_state(x, 0, &info)) { 438 kfree_skb(skb); 439 return NULL; 440 } 441 442 return skb; 443 } 444 445 static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 446 { 447 struct xfrm_usersa_id *p = NLMSG_DATA(nlh); 448 struct xfrm_state *x; 449 struct sk_buff *resp_skb; 450 int err; 451 452 x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family); 453 err = -ESRCH; 454 if (x == NULL) 455 goto out_noput; 456 457 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 458 if (IS_ERR(resp_skb)) { 459 err = PTR_ERR(resp_skb); 460 } else { 461 err = netlink_unicast(xfrm_nl, resp_skb, 462 NETLINK_CB(skb).pid, MSG_DONTWAIT); 463 } 464 xfrm_state_put(x); 465 out_noput: 466 return err; 467 } 468 469 static int verify_userspi_info(struct xfrm_userspi_info *p) 470 { 471 switch (p->info.id.proto) { 472 case IPPROTO_AH: 473 case IPPROTO_ESP: 474 break; 475 476 case IPPROTO_COMP: 477 /* IPCOMP spi is 16-bits. */ 478 if (p->max >= 0x10000) 479 return -EINVAL; 480 break; 481 482 default: 483 return -EINVAL; 484 }; 485 486 if (p->min > p->max) 487 return -EINVAL; 488 489 return 0; 490 } 491 492 static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 493 { 494 struct xfrm_state *x; 495 struct xfrm_userspi_info *p; 496 struct sk_buff *resp_skb; 497 xfrm_address_t *daddr; 498 int family; 499 int err; 500 501 p = NLMSG_DATA(nlh); 502 err = verify_userspi_info(p); 503 if (err) 504 goto out_noput; 505 506 family = p->info.family; 507 daddr = &p->info.id.daddr; 508 509 x = NULL; 510 if (p->info.seq) { 511 x = xfrm_find_acq_byseq(p->info.seq); 512 if (x && xfrm_addr_cmp(&x->id.daddr, daddr, family)) { 513 xfrm_state_put(x); 514 x = NULL; 515 } 516 } 517 518 if (!x) 519 x = xfrm_find_acq(p->info.mode, p->info.reqid, 520 p->info.id.proto, daddr, 521 &p->info.saddr, 1, 522 family); 523 err = -ENOENT; 524 if (x == NULL) 525 goto out_noput; 526 527 resp_skb = ERR_PTR(-ENOENT); 528 529 spin_lock_bh(&x->lock); 530 if (x->km.state != XFRM_STATE_DEAD) { 531 xfrm_alloc_spi(x, htonl(p->min), htonl(p->max)); 532 if (x->id.spi) 533 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 534 } 535 spin_unlock_bh(&x->lock); 536 537 if (IS_ERR(resp_skb)) { 538 err = PTR_ERR(resp_skb); 539 goto out; 540 } 541 542 err = netlink_unicast(xfrm_nl, resp_skb, 543 NETLINK_CB(skb).pid, MSG_DONTWAIT); 544 545 out: 546 xfrm_state_put(x); 547 out_noput: 548 return err; 549 } 550 551 static int verify_policy_dir(__u8 dir) 552 { 553 switch (dir) { 554 case XFRM_POLICY_IN: 555 case XFRM_POLICY_OUT: 556 case XFRM_POLICY_FWD: 557 break; 558 559 default: 560 return -EINVAL; 561 }; 562 563 return 0; 564 } 565 566 static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) 567 { 568 switch (p->share) { 569 case XFRM_SHARE_ANY: 570 case XFRM_SHARE_SESSION: 571 case XFRM_SHARE_USER: 572 case XFRM_SHARE_UNIQUE: 573 break; 574 575 default: 576 return -EINVAL; 577 }; 578 579 switch (p->action) { 580 case XFRM_POLICY_ALLOW: 581 case XFRM_POLICY_BLOCK: 582 break; 583 584 default: 585 return -EINVAL; 586 }; 587 588 switch (p->sel.family) { 589 case AF_INET: 590 break; 591 592 case AF_INET6: 593 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 594 break; 595 #else 596 return -EAFNOSUPPORT; 597 #endif 598 599 default: 600 return -EINVAL; 601 }; 602 603 return verify_policy_dir(p->dir); 604 } 605 606 static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, 607 int nr) 608 { 609 int i; 610 611 xp->xfrm_nr = nr; 612 for (i = 0; i < nr; i++, ut++) { 613 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 614 615 memcpy(&t->id, &ut->id, sizeof(struct xfrm_id)); 616 memcpy(&t->saddr, &ut->saddr, 617 sizeof(xfrm_address_t)); 618 t->reqid = ut->reqid; 619 t->mode = ut->mode; 620 t->share = ut->share; 621 t->optional = ut->optional; 622 t->aalgos = ut->aalgos; 623 t->ealgos = ut->ealgos; 624 t->calgos = ut->calgos; 625 } 626 } 627 628 static int copy_from_user_tmpl(struct xfrm_policy *pol, struct rtattr **xfrma) 629 { 630 struct rtattr *rt = xfrma[XFRMA_TMPL-1]; 631 struct xfrm_user_tmpl *utmpl; 632 int nr; 633 634 if (!rt) { 635 pol->xfrm_nr = 0; 636 } else { 637 nr = (rt->rta_len - sizeof(*rt)) / sizeof(*utmpl); 638 639 if (nr > XFRM_MAX_DEPTH) 640 return -EINVAL; 641 642 copy_templates(pol, RTA_DATA(rt), nr); 643 } 644 return 0; 645 } 646 647 static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p) 648 { 649 xp->priority = p->priority; 650 xp->index = p->index; 651 memcpy(&xp->selector, &p->sel, sizeof(xp->selector)); 652 memcpy(&xp->lft, &p->lft, sizeof(xp->lft)); 653 xp->action = p->action; 654 xp->flags = p->flags; 655 xp->family = p->sel.family; 656 /* XXX xp->share = p->share; */ 657 } 658 659 static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) 660 { 661 memcpy(&p->sel, &xp->selector, sizeof(p->sel)); 662 memcpy(&p->lft, &xp->lft, sizeof(p->lft)); 663 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); 664 p->priority = xp->priority; 665 p->index = xp->index; 666 p->sel.family = xp->family; 667 p->dir = dir; 668 p->action = xp->action; 669 p->flags = xp->flags; 670 p->share = XFRM_SHARE_ANY; /* XXX xp->share */ 671 } 672 673 static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, struct rtattr **xfrma, int *errp) 674 { 675 struct xfrm_policy *xp = xfrm_policy_alloc(GFP_KERNEL); 676 int err; 677 678 if (!xp) { 679 *errp = -ENOMEM; 680 return NULL; 681 } 682 683 copy_from_user_policy(xp, p); 684 err = copy_from_user_tmpl(xp, xfrma); 685 if (err) { 686 *errp = err; 687 kfree(xp); 688 xp = NULL; 689 } 690 691 return xp; 692 } 693 694 static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 695 { 696 struct xfrm_userpolicy_info *p = NLMSG_DATA(nlh); 697 struct xfrm_policy *xp; 698 struct km_event c; 699 int err; 700 int excl; 701 702 err = verify_newpolicy_info(p); 703 if (err) 704 return err; 705 706 xp = xfrm_policy_construct(p, (struct rtattr **) xfrma, &err); 707 if (!xp) 708 return err; 709 710 /* shouldnt excl be based on nlh flags?? 711 * Aha! this is anti-netlink really i.e more pfkey derived 712 * in netlink excl is a flag and you wouldnt need 713 * a type XFRM_MSG_UPDPOLICY - JHS */ 714 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 715 err = xfrm_policy_insert(p->dir, xp, excl); 716 if (err) { 717 kfree(xp); 718 return err; 719 } 720 721 c.event = nlh->nlmsg_type; 722 c.seq = nlh->nlmsg_seq; 723 c.pid = nlh->nlmsg_pid; 724 km_policy_notify(xp, p->dir, &c); 725 726 xfrm_pol_put(xp); 727 728 return 0; 729 } 730 731 static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) 732 { 733 struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; 734 int i; 735 736 if (xp->xfrm_nr == 0) 737 return 0; 738 739 for (i = 0; i < xp->xfrm_nr; i++) { 740 struct xfrm_user_tmpl *up = &vec[i]; 741 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 742 743 memcpy(&up->id, &kp->id, sizeof(up->id)); 744 up->family = xp->family; 745 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); 746 up->reqid = kp->reqid; 747 up->mode = kp->mode; 748 up->share = kp->share; 749 up->optional = kp->optional; 750 up->aalgos = kp->aalgos; 751 up->ealgos = kp->ealgos; 752 up->calgos = kp->calgos; 753 } 754 RTA_PUT(skb, XFRMA_TMPL, 755 (sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr), 756 vec); 757 758 return 0; 759 760 rtattr_failure: 761 return -1; 762 } 763 764 static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr) 765 { 766 struct xfrm_dump_info *sp = ptr; 767 struct xfrm_userpolicy_info *p; 768 struct sk_buff *in_skb = sp->in_skb; 769 struct sk_buff *skb = sp->out_skb; 770 struct nlmsghdr *nlh; 771 unsigned char *b = skb->tail; 772 773 if (sp->this_idx < sp->start_idx) 774 goto out; 775 776 nlh = NLMSG_PUT(skb, NETLINK_CB(in_skb).pid, 777 sp->nlmsg_seq, 778 XFRM_MSG_NEWPOLICY, sizeof(*p)); 779 p = NLMSG_DATA(nlh); 780 nlh->nlmsg_flags = sp->nlmsg_flags; 781 782 copy_to_user_policy(xp, p, dir); 783 if (copy_to_user_tmpl(xp, skb) < 0) 784 goto nlmsg_failure; 785 786 nlh->nlmsg_len = skb->tail - b; 787 out: 788 sp->this_idx++; 789 return 0; 790 791 nlmsg_failure: 792 skb_trim(skb, b - skb->data); 793 return -1; 794 } 795 796 static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) 797 { 798 struct xfrm_dump_info info; 799 800 info.in_skb = cb->skb; 801 info.out_skb = skb; 802 info.nlmsg_seq = cb->nlh->nlmsg_seq; 803 info.nlmsg_flags = NLM_F_MULTI; 804 info.this_idx = 0; 805 info.start_idx = cb->args[0]; 806 (void) xfrm_policy_walk(dump_one_policy, &info); 807 cb->args[0] = info.this_idx; 808 809 return skb->len; 810 } 811 812 static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, 813 struct xfrm_policy *xp, 814 int dir, u32 seq) 815 { 816 struct xfrm_dump_info info; 817 struct sk_buff *skb; 818 819 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 820 if (!skb) 821 return ERR_PTR(-ENOMEM); 822 823 NETLINK_CB(skb).dst_pid = NETLINK_CB(in_skb).pid; 824 info.in_skb = in_skb; 825 info.out_skb = skb; 826 info.nlmsg_seq = seq; 827 info.nlmsg_flags = 0; 828 info.this_idx = info.start_idx = 0; 829 830 if (dump_one_policy(xp, dir, 0, &info) < 0) { 831 kfree_skb(skb); 832 return NULL; 833 } 834 835 return skb; 836 } 837 838 static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 839 { 840 struct xfrm_policy *xp; 841 struct xfrm_userpolicy_id *p; 842 int err; 843 struct km_event c; 844 int delete; 845 846 p = NLMSG_DATA(nlh); 847 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; 848 849 err = verify_policy_dir(p->dir); 850 if (err) 851 return err; 852 853 if (p->index) 854 xp = xfrm_policy_byid(p->dir, p->index, delete); 855 else 856 xp = xfrm_policy_bysel(p->dir, &p->sel, delete); 857 if (xp == NULL) 858 return -ENOENT; 859 860 if (!delete) { 861 struct sk_buff *resp_skb; 862 863 resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq); 864 if (IS_ERR(resp_skb)) { 865 err = PTR_ERR(resp_skb); 866 } else { 867 err = netlink_unicast(xfrm_nl, resp_skb, 868 NETLINK_CB(skb).pid, 869 MSG_DONTWAIT); 870 } 871 } else { 872 c.data.byid = p->index; 873 c.event = nlh->nlmsg_type; 874 c.seq = nlh->nlmsg_seq; 875 c.pid = nlh->nlmsg_pid; 876 km_policy_notify(xp, p->dir, &c); 877 } 878 879 xfrm_pol_put(xp); 880 881 return err; 882 } 883 884 static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 885 { 886 struct km_event c; 887 struct xfrm_usersa_flush *p = NLMSG_DATA(nlh); 888 889 xfrm_state_flush(p->proto); 890 c.data.proto = p->proto; 891 c.event = nlh->nlmsg_type; 892 c.seq = nlh->nlmsg_seq; 893 c.pid = nlh->nlmsg_pid; 894 km_state_notify(NULL, &c); 895 896 return 0; 897 } 898 899 static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 900 { 901 struct km_event c; 902 903 xfrm_policy_flush(); 904 c.event = nlh->nlmsg_type; 905 c.seq = nlh->nlmsg_seq; 906 c.pid = nlh->nlmsg_pid; 907 km_policy_notify(NULL, 0, &c); 908 return 0; 909 } 910 911 #define XMSGSIZE(type) NLMSG_LENGTH(sizeof(struct type)) 912 913 static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = { 914 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 915 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 916 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 917 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 918 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 919 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 920 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info), 921 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire), 922 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire), 923 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 924 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 925 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire), 926 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), 927 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = NLMSG_LENGTH(0), 928 }; 929 930 #undef XMSGSIZE 931 932 static struct xfrm_link { 933 int (*doit)(struct sk_buff *, struct nlmsghdr *, void **); 934 int (*dump)(struct sk_buff *, struct netlink_callback *); 935 } xfrm_dispatch[XFRM_NR_MSGTYPES] = { 936 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 937 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = { .doit = xfrm_del_sa }, 938 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = { .doit = xfrm_get_sa, 939 .dump = xfrm_dump_sa }, 940 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 941 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy }, 942 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy, 943 .dump = xfrm_dump_policy }, 944 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, 945 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 946 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 947 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, 948 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy }, 949 }; 950 951 static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, int *errp) 952 { 953 struct rtattr *xfrma[XFRMA_MAX]; 954 struct xfrm_link *link; 955 int type, min_len; 956 957 if (!(nlh->nlmsg_flags & NLM_F_REQUEST)) 958 return 0; 959 960 type = nlh->nlmsg_type; 961 962 /* A control message: ignore them */ 963 if (type < XFRM_MSG_BASE) 964 return 0; 965 966 /* Unknown message: reply with EINVAL */ 967 if (type > XFRM_MSG_MAX) 968 goto err_einval; 969 970 type -= XFRM_MSG_BASE; 971 link = &xfrm_dispatch[type]; 972 973 /* All operations require privileges, even GET */ 974 if (security_netlink_recv(skb)) { 975 *errp = -EPERM; 976 return -1; 977 } 978 979 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || 980 type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) && 981 (nlh->nlmsg_flags & NLM_F_DUMP)) { 982 if (link->dump == NULL) 983 goto err_einval; 984 985 if ((*errp = netlink_dump_start(xfrm_nl, skb, nlh, 986 link->dump, NULL)) != 0) { 987 return -1; 988 } 989 990 netlink_queue_skip(nlh, skb); 991 return -1; 992 } 993 994 memset(xfrma, 0, sizeof(xfrma)); 995 996 if (nlh->nlmsg_len < (min_len = xfrm_msg_min[type])) 997 goto err_einval; 998 999 if (nlh->nlmsg_len > min_len) { 1000 int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len); 1001 struct rtattr *attr = (void *) nlh + NLMSG_ALIGN(min_len); 1002 1003 while (RTA_OK(attr, attrlen)) { 1004 unsigned short flavor = attr->rta_type; 1005 if (flavor) { 1006 if (flavor > XFRMA_MAX) 1007 goto err_einval; 1008 xfrma[flavor - 1] = attr; 1009 } 1010 attr = RTA_NEXT(attr, attrlen); 1011 } 1012 } 1013 1014 if (link->doit == NULL) 1015 goto err_einval; 1016 *errp = link->doit(skb, nlh, (void **) &xfrma); 1017 1018 return *errp; 1019 1020 err_einval: 1021 *errp = -EINVAL; 1022 return -1; 1023 } 1024 1025 static void xfrm_netlink_rcv(struct sock *sk, int len) 1026 { 1027 unsigned int qlen = 0; 1028 1029 do { 1030 down(&xfrm_cfg_sem); 1031 netlink_run_queue(sk, &qlen, &xfrm_user_rcv_msg); 1032 up(&xfrm_cfg_sem); 1033 1034 } while (qlen); 1035 } 1036 1037 static int build_expire(struct sk_buff *skb, struct xfrm_state *x, int hard) 1038 { 1039 struct xfrm_user_expire *ue; 1040 struct nlmsghdr *nlh; 1041 unsigned char *b = skb->tail; 1042 1043 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_EXPIRE, 1044 sizeof(*ue)); 1045 ue = NLMSG_DATA(nlh); 1046 nlh->nlmsg_flags = 0; 1047 1048 copy_to_user_state(x, &ue->state); 1049 ue->hard = (hard != 0) ? 1 : 0; 1050 1051 nlh->nlmsg_len = skb->tail - b; 1052 return skb->len; 1053 1054 nlmsg_failure: 1055 skb_trim(skb, b - skb->data); 1056 return -1; 1057 } 1058 1059 static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) 1060 { 1061 struct sk_buff *skb; 1062 int len = NLMSG_LENGTH(sizeof(struct xfrm_user_expire)); 1063 1064 skb = alloc_skb(len, GFP_ATOMIC); 1065 if (skb == NULL) 1066 return -ENOMEM; 1067 1068 if (build_expire(skb, x, c->data.hard) < 0) 1069 BUG(); 1070 1071 NETLINK_CB(skb).dst_group = XFRMNLGRP_EXPIRE; 1072 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 1073 } 1074 1075 static int xfrm_notify_sa_flush(struct km_event *c) 1076 { 1077 struct xfrm_usersa_flush *p; 1078 struct nlmsghdr *nlh; 1079 struct sk_buff *skb; 1080 unsigned char *b; 1081 int len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_flush)); 1082 1083 skb = alloc_skb(len, GFP_ATOMIC); 1084 if (skb == NULL) 1085 return -ENOMEM; 1086 b = skb->tail; 1087 1088 nlh = NLMSG_PUT(skb, c->pid, c->seq, 1089 XFRM_MSG_FLUSHSA, sizeof(*p)); 1090 nlh->nlmsg_flags = 0; 1091 1092 p = NLMSG_DATA(nlh); 1093 p->proto = c->data.proto; 1094 1095 nlh->nlmsg_len = skb->tail - b; 1096 1097 NETLINK_CB(skb).dst_group = XFRMNLGRP_SA; 1098 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 1099 1100 nlmsg_failure: 1101 kfree_skb(skb); 1102 return -1; 1103 } 1104 1105 static int inline xfrm_sa_len(struct xfrm_state *x) 1106 { 1107 int l = 0; 1108 if (x->aalg) 1109 l += RTA_SPACE(sizeof(*x->aalg) + (x->aalg->alg_key_len+7)/8); 1110 if (x->ealg) 1111 l += RTA_SPACE(sizeof(*x->ealg) + (x->ealg->alg_key_len+7)/8); 1112 if (x->calg) 1113 l += RTA_SPACE(sizeof(*x->calg)); 1114 if (x->encap) 1115 l += RTA_SPACE(sizeof(*x->encap)); 1116 1117 return l; 1118 } 1119 1120 static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c) 1121 { 1122 struct xfrm_usersa_info *p; 1123 struct xfrm_usersa_id *id; 1124 struct nlmsghdr *nlh; 1125 struct sk_buff *skb; 1126 unsigned char *b; 1127 int len = xfrm_sa_len(x); 1128 int headlen; 1129 1130 headlen = sizeof(*p); 1131 if (c->event == XFRM_MSG_DELSA) { 1132 len += RTA_SPACE(headlen); 1133 headlen = sizeof(*id); 1134 } 1135 len += NLMSG_SPACE(headlen); 1136 1137 skb = alloc_skb(len, GFP_ATOMIC); 1138 if (skb == NULL) 1139 return -ENOMEM; 1140 b = skb->tail; 1141 1142 nlh = NLMSG_PUT(skb, c->pid, c->seq, c->event, headlen); 1143 nlh->nlmsg_flags = 0; 1144 1145 p = NLMSG_DATA(nlh); 1146 if (c->event == XFRM_MSG_DELSA) { 1147 id = NLMSG_DATA(nlh); 1148 memcpy(&id->daddr, &x->id.daddr, sizeof(id->daddr)); 1149 id->spi = x->id.spi; 1150 id->family = x->props.family; 1151 id->proto = x->id.proto; 1152 1153 p = RTA_DATA(__RTA_PUT(skb, XFRMA_SA, sizeof(*p))); 1154 } 1155 1156 copy_to_user_state(x, p); 1157 1158 if (x->aalg) 1159 RTA_PUT(skb, XFRMA_ALG_AUTH, 1160 sizeof(*(x->aalg))+(x->aalg->alg_key_len+7)/8, x->aalg); 1161 if (x->ealg) 1162 RTA_PUT(skb, XFRMA_ALG_CRYPT, 1163 sizeof(*(x->ealg))+(x->ealg->alg_key_len+7)/8, x->ealg); 1164 if (x->calg) 1165 RTA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 1166 1167 if (x->encap) 1168 RTA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 1169 1170 nlh->nlmsg_len = skb->tail - b; 1171 1172 NETLINK_CB(skb).dst_group = XFRMNLGRP_SA; 1173 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 1174 1175 nlmsg_failure: 1176 rtattr_failure: 1177 kfree_skb(skb); 1178 return -1; 1179 } 1180 1181 static int xfrm_send_state_notify(struct xfrm_state *x, struct km_event *c) 1182 { 1183 1184 switch (c->event) { 1185 case XFRM_MSG_EXPIRE: 1186 return xfrm_exp_state_notify(x, c); 1187 case XFRM_MSG_DELSA: 1188 case XFRM_MSG_UPDSA: 1189 case XFRM_MSG_NEWSA: 1190 return xfrm_notify_sa(x, c); 1191 case XFRM_MSG_FLUSHSA: 1192 return xfrm_notify_sa_flush(c); 1193 default: 1194 printk("xfrm_user: Unknown SA event %d\n", c->event); 1195 break; 1196 } 1197 1198 return 0; 1199 1200 } 1201 1202 static int build_acquire(struct sk_buff *skb, struct xfrm_state *x, 1203 struct xfrm_tmpl *xt, struct xfrm_policy *xp, 1204 int dir) 1205 { 1206 struct xfrm_user_acquire *ua; 1207 struct nlmsghdr *nlh; 1208 unsigned char *b = skb->tail; 1209 __u32 seq = xfrm_get_acqseq(); 1210 1211 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_ACQUIRE, 1212 sizeof(*ua)); 1213 ua = NLMSG_DATA(nlh); 1214 nlh->nlmsg_flags = 0; 1215 1216 memcpy(&ua->id, &x->id, sizeof(ua->id)); 1217 memcpy(&ua->saddr, &x->props.saddr, sizeof(ua->saddr)); 1218 memcpy(&ua->sel, &x->sel, sizeof(ua->sel)); 1219 copy_to_user_policy(xp, &ua->policy, dir); 1220 ua->aalgos = xt->aalgos; 1221 ua->ealgos = xt->ealgos; 1222 ua->calgos = xt->calgos; 1223 ua->seq = x->km.seq = seq; 1224 1225 if (copy_to_user_tmpl(xp, skb) < 0) 1226 goto nlmsg_failure; 1227 1228 nlh->nlmsg_len = skb->tail - b; 1229 return skb->len; 1230 1231 nlmsg_failure: 1232 skb_trim(skb, b - skb->data); 1233 return -1; 1234 } 1235 1236 static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, 1237 struct xfrm_policy *xp, int dir) 1238 { 1239 struct sk_buff *skb; 1240 size_t len; 1241 1242 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 1243 len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire)); 1244 skb = alloc_skb(len, GFP_ATOMIC); 1245 if (skb == NULL) 1246 return -ENOMEM; 1247 1248 if (build_acquire(skb, x, xt, xp, dir) < 0) 1249 BUG(); 1250 1251 NETLINK_CB(skb).dst_group = XFRMNLGRP_ACQUIRE; 1252 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_ACQUIRE, GFP_ATOMIC); 1253 } 1254 1255 /* User gives us xfrm_user_policy_info followed by an array of 0 1256 * or more templates. 1257 */ 1258 static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt, 1259 u8 *data, int len, int *dir) 1260 { 1261 struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; 1262 struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); 1263 struct xfrm_policy *xp; 1264 int nr; 1265 1266 switch (family) { 1267 case AF_INET: 1268 if (opt != IP_XFRM_POLICY) { 1269 *dir = -EOPNOTSUPP; 1270 return NULL; 1271 } 1272 break; 1273 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1274 case AF_INET6: 1275 if (opt != IPV6_XFRM_POLICY) { 1276 *dir = -EOPNOTSUPP; 1277 return NULL; 1278 } 1279 break; 1280 #endif 1281 default: 1282 *dir = -EINVAL; 1283 return NULL; 1284 } 1285 1286 *dir = -EINVAL; 1287 1288 if (len < sizeof(*p) || 1289 verify_newpolicy_info(p)) 1290 return NULL; 1291 1292 nr = ((len - sizeof(*p)) / sizeof(*ut)); 1293 if (nr > XFRM_MAX_DEPTH) 1294 return NULL; 1295 1296 if (p->dir > XFRM_POLICY_OUT) 1297 return NULL; 1298 1299 xp = xfrm_policy_alloc(GFP_KERNEL); 1300 if (xp == NULL) { 1301 *dir = -ENOBUFS; 1302 return NULL; 1303 } 1304 1305 copy_from_user_policy(xp, p); 1306 copy_templates(xp, ut, nr); 1307 1308 *dir = p->dir; 1309 1310 return xp; 1311 } 1312 1313 static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, 1314 int dir, int hard) 1315 { 1316 struct xfrm_user_polexpire *upe; 1317 struct nlmsghdr *nlh; 1318 unsigned char *b = skb->tail; 1319 1320 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe)); 1321 upe = NLMSG_DATA(nlh); 1322 nlh->nlmsg_flags = 0; 1323 1324 copy_to_user_policy(xp, &upe->pol, dir); 1325 if (copy_to_user_tmpl(xp, skb) < 0) 1326 goto nlmsg_failure; 1327 upe->hard = !!hard; 1328 1329 nlh->nlmsg_len = skb->tail - b; 1330 return skb->len; 1331 1332 nlmsg_failure: 1333 skb_trim(skb, b - skb->data); 1334 return -1; 1335 } 1336 1337 static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 1338 { 1339 struct sk_buff *skb; 1340 size_t len; 1341 1342 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 1343 len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire)); 1344 skb = alloc_skb(len, GFP_ATOMIC); 1345 if (skb == NULL) 1346 return -ENOMEM; 1347 1348 if (build_polexpire(skb, xp, dir, c->data.hard) < 0) 1349 BUG(); 1350 1351 NETLINK_CB(skb).dst_group = XFRMNLGRP_EXPIRE; 1352 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 1353 } 1354 1355 static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) 1356 { 1357 struct xfrm_userpolicy_info *p; 1358 struct xfrm_userpolicy_id *id; 1359 struct nlmsghdr *nlh; 1360 struct sk_buff *skb; 1361 unsigned char *b; 1362 int len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 1363 int headlen; 1364 1365 headlen = sizeof(*p); 1366 if (c->event == XFRM_MSG_DELPOLICY) { 1367 len += RTA_SPACE(headlen); 1368 headlen = sizeof(*id); 1369 } 1370 len += NLMSG_SPACE(headlen); 1371 1372 skb = alloc_skb(len, GFP_ATOMIC); 1373 if (skb == NULL) 1374 return -ENOMEM; 1375 b = skb->tail; 1376 1377 nlh = NLMSG_PUT(skb, c->pid, c->seq, c->event, headlen); 1378 1379 p = NLMSG_DATA(nlh); 1380 if (c->event == XFRM_MSG_DELPOLICY) { 1381 id = NLMSG_DATA(nlh); 1382 memset(id, 0, sizeof(*id)); 1383 id->dir = dir; 1384 if (c->data.byid) 1385 id->index = xp->index; 1386 else 1387 memcpy(&id->sel, &xp->selector, sizeof(id->sel)); 1388 1389 p = RTA_DATA(__RTA_PUT(skb, XFRMA_POLICY, sizeof(*p))); 1390 } 1391 1392 nlh->nlmsg_flags = 0; 1393 1394 copy_to_user_policy(xp, p, dir); 1395 if (copy_to_user_tmpl(xp, skb) < 0) 1396 goto nlmsg_failure; 1397 1398 nlh->nlmsg_len = skb->tail - b; 1399 1400 NETLINK_CB(skb).dst_group = XFRMNLGRP_POLICY; 1401 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 1402 1403 nlmsg_failure: 1404 rtattr_failure: 1405 kfree_skb(skb); 1406 return -1; 1407 } 1408 1409 static int xfrm_notify_policy_flush(struct km_event *c) 1410 { 1411 struct nlmsghdr *nlh; 1412 struct sk_buff *skb; 1413 unsigned char *b; 1414 int len = NLMSG_LENGTH(0); 1415 1416 skb = alloc_skb(len, GFP_ATOMIC); 1417 if (skb == NULL) 1418 return -ENOMEM; 1419 b = skb->tail; 1420 1421 1422 nlh = NLMSG_PUT(skb, c->pid, c->seq, XFRM_MSG_FLUSHPOLICY, 0); 1423 1424 nlh->nlmsg_len = skb->tail - b; 1425 1426 NETLINK_CB(skb).dst_group = XFRMNLGRP_POLICY; 1427 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 1428 1429 nlmsg_failure: 1430 kfree_skb(skb); 1431 return -1; 1432 } 1433 1434 static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 1435 { 1436 1437 switch (c->event) { 1438 case XFRM_MSG_NEWPOLICY: 1439 case XFRM_MSG_UPDPOLICY: 1440 case XFRM_MSG_DELPOLICY: 1441 return xfrm_notify_policy(xp, dir, c); 1442 case XFRM_MSG_FLUSHPOLICY: 1443 return xfrm_notify_policy_flush(c); 1444 case XFRM_MSG_POLEXPIRE: 1445 return xfrm_exp_policy_notify(xp, dir, c); 1446 default: 1447 printk("xfrm_user: Unknown Policy event %d\n", c->event); 1448 } 1449 1450 return 0; 1451 1452 } 1453 1454 static struct xfrm_mgr netlink_mgr = { 1455 .id = "netlink", 1456 .notify = xfrm_send_state_notify, 1457 .acquire = xfrm_send_acquire, 1458 .compile_policy = xfrm_compile_policy, 1459 .notify_policy = xfrm_send_policy_notify, 1460 }; 1461 1462 static int __init xfrm_user_init(void) 1463 { 1464 printk(KERN_INFO "Initializing IPsec netlink socket\n"); 1465 1466 xfrm_nl = netlink_kernel_create(NETLINK_XFRM, XFRMNLGRP_MAX, 1467 xfrm_netlink_rcv, THIS_MODULE); 1468 if (xfrm_nl == NULL) 1469 return -ENOMEM; 1470 1471 xfrm_register_km(&netlink_mgr); 1472 1473 return 0; 1474 } 1475 1476 static void __exit xfrm_user_exit(void) 1477 { 1478 xfrm_unregister_km(&netlink_mgr); 1479 sock_release(xfrm_nl->sk_socket); 1480 } 1481 1482 module_init(xfrm_user_init); 1483 module_exit(xfrm_user_exit); 1484 MODULE_LICENSE("GPL"); 1485 MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_XFRM); 1486