search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
V4L: pvrusb2: Limit hor res for 24xxx devices
[linux/fpc-iii.git] / net / xfrm / xfrm_state.c
blob0021aad5db43ccc0d0356f2f5e4e28446c8b983a
1 /*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
13 *
14 */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <asm/uaccess.h>
22
23 struct sock *xfrm_nl;
24 EXPORT_SYMBOL(xfrm_nl);
25
26 u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME;
27 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
28
29 u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE;
30 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
31
32 /* Each xfrm_state may be linked to two tables:
33
34 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
35 2. Hash table by daddr to find what SAs exist for given
36 destination/tunnel endpoint. (output)
37 */
38
39 static DEFINE_SPINLOCK(xfrm_state_lock);
40
41 /* Hash table to find appropriate SA towards given target (endpoint
42 * of tunnel or destination of transport mode) allowed by selector.
43 *
44 * Main use is finding SA after policy selected tunnel or transport mode.
45 * Also, it can be used by ah/esp icmp error handler to find offending SA.
46 */
47 static struct list_head xfrm_state_bydst[XFRM_DST_HSIZE];
48 static struct list_head xfrm_state_byspi[XFRM_DST_HSIZE];
49
50 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
51 EXPORT_SYMBOL(km_waitq);
52
53 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
54 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
55
56 static struct work_struct xfrm_state_gc_work;
57 static struct list_head xfrm_state_gc_list = LIST_HEAD_INIT(xfrm_state_gc_list);
58 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
59
60 static int xfrm_state_gc_flush_bundles;
61
62 int __xfrm_state_delete(struct xfrm_state *x);
63
64 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family);
65 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
66
67 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
68 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
69
70 static void xfrm_state_gc_destroy(struct xfrm_state *x)
71 {
72 if (del_timer(&x->timer))
73 BUG();
74 if (del_timer(&x->rtimer))
75 BUG();
76 kfree(x->aalg);
77 kfree(x->ealg);
78 kfree(x->calg);
79 kfree(x->encap);
80 if (x->mode)
81 xfrm_put_mode(x->mode);
82 if (x->type) {
83 x->type->destructor(x);
84 xfrm_put_type(x->type);
85 }
86 security_xfrm_state_free(x);
87 kfree(x);
88 }
89
90 static void xfrm_state_gc_task(void *data)
91 {
92 struct xfrm_state *x;
93 struct list_head *entry, *tmp;
94 struct list_head gc_list = LIST_HEAD_INIT(gc_list);
95
96 if (xfrm_state_gc_flush_bundles) {
97 xfrm_state_gc_flush_bundles = 0;
98 xfrm_flush_bundles();
99 }
100
101 spin_lock_bh(&xfrm_state_gc_lock);
102 list_splice_init(&xfrm_state_gc_list, &gc_list);
103 spin_unlock_bh(&xfrm_state_gc_lock);
104
105 list_for_each_safe(entry, tmp, &gc_list) {
106 x = list_entry(entry, struct xfrm_state, bydst);
107 xfrm_state_gc_destroy(x);
108 }
109 wake_up(&km_waitq);
110 }
111
112 static inline unsigned long make_jiffies(long secs)
113 {
114 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
115 return MAX_SCHEDULE_TIMEOUT-1;
116 else
117 return secs*HZ;
118 }
119
120 static void xfrm_timer_handler(unsigned long data)
121 {
122 struct xfrm_state *x = (struct xfrm_state*)data;
123 unsigned long now = (unsigned long)xtime.tv_sec;
124 long next = LONG_MAX;
125 int warn = 0;
126
127 spin_lock(&x->lock);
128 if (x->km.state == XFRM_STATE_DEAD)
129 goto out;
130 if (x->km.state == XFRM_STATE_EXPIRED)
131 goto expired;
132 if (x->lft.hard_add_expires_seconds) {
133 long tmo = x->lft.hard_add_expires_seconds +
134 x->curlft.add_time - now;
135 if (tmo <= 0)
136 goto expired;
137 if (tmo < next)
138 next = tmo;
139 }
140 if (x->lft.hard_use_expires_seconds) {
141 long tmo = x->lft.hard_use_expires_seconds +
142 (x->curlft.use_time ? : now) - now;
143 if (tmo <= 0)
144 goto expired;
145 if (tmo < next)
146 next = tmo;
147 }
148 if (x->km.dying)
149 goto resched;
150 if (x->lft.soft_add_expires_seconds) {
151 long tmo = x->lft.soft_add_expires_seconds +
152 x->curlft.add_time - now;
153 if (tmo <= 0)
154 warn = 1;
155 else if (tmo < next)
156 next = tmo;
157 }
158 if (x->lft.soft_use_expires_seconds) {
159 long tmo = x->lft.soft_use_expires_seconds +
160 (x->curlft.use_time ? : now) - now;
161 if (tmo <= 0)
162 warn = 1;
163 else if (tmo < next)
164 next = tmo;
165 }
166
167 x->km.dying = warn;
168 if (warn)
169 km_state_expired(x, 0, 0);
170 resched:
171 if (next != LONG_MAX &&
172 !mod_timer(&x->timer, jiffies + make_jiffies(next)))
173 xfrm_state_hold(x);
174 goto out;
175
176 expired:
177 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
178 x->km.state = XFRM_STATE_EXPIRED;
179 wake_up(&km_waitq);
180 next = 2;
181 goto resched;
182 }
183 if (!__xfrm_state_delete(x) && x->id.spi)
184 km_state_expired(x, 1, 0);
185
186 out:
187 spin_unlock(&x->lock);
188 xfrm_state_put(x);
189 }
190
191 static void xfrm_replay_timer_handler(unsigned long data);
192
193 struct xfrm_state *xfrm_state_alloc(void)
194 {
195 struct xfrm_state *x;
196
197 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
198
199 if (x) {
200 atomic_set(&x->refcnt, 1);
201 atomic_set(&x->tunnel_users, 0);
202 INIT_LIST_HEAD(&x->bydst);
203 INIT_LIST_HEAD(&x->byspi);
204 init_timer(&x->timer);
205 x->timer.function = xfrm_timer_handler;
206 x->timer.data = (unsigned long)x;
207 init_timer(&x->rtimer);
208 x->rtimer.function = xfrm_replay_timer_handler;
209 x->rtimer.data = (unsigned long)x;
210 x->curlft.add_time = (unsigned long)xtime.tv_sec;
211 x->lft.soft_byte_limit = XFRM_INF;
212 x->lft.soft_packet_limit = XFRM_INF;
213 x->lft.hard_byte_limit = XFRM_INF;
214 x->lft.hard_packet_limit = XFRM_INF;
215 x->replay_maxage = 0;
216 x->replay_maxdiff = 0;
217 spin_lock_init(&x->lock);
218 }
219 return x;
220 }
221 EXPORT_SYMBOL(xfrm_state_alloc);
222
223 void __xfrm_state_destroy(struct xfrm_state *x)
224 {
225 BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
226
227 spin_lock_bh(&xfrm_state_gc_lock);
228 list_add(&x->bydst, &xfrm_state_gc_list);
229 spin_unlock_bh(&xfrm_state_gc_lock);
230 schedule_work(&xfrm_state_gc_work);
231 }
232 EXPORT_SYMBOL(__xfrm_state_destroy);
233
234 int __xfrm_state_delete(struct xfrm_state *x)
235 {
236 int err = -ESRCH;
237
238 if (x->km.state != XFRM_STATE_DEAD) {
239 x->km.state = XFRM_STATE_DEAD;
240 spin_lock(&xfrm_state_lock);
241 list_del(&x->bydst);
242 __xfrm_state_put(x);
243 if (x->id.spi) {
244 list_del(&x->byspi);
245 __xfrm_state_put(x);
246 }
247 spin_unlock(&xfrm_state_lock);
248 if (del_timer(&x->timer))
249 __xfrm_state_put(x);
250 if (del_timer(&x->rtimer))
251 __xfrm_state_put(x);
252
253 /* The number two in this test is the reference
254 * mentioned in the comment below plus the reference
255 * our caller holds. A larger value means that
256 * there are DSTs attached to this xfrm_state.
257 */
258 if (atomic_read(&x->refcnt) > 2) {
259 xfrm_state_gc_flush_bundles = 1;
260 schedule_work(&xfrm_state_gc_work);
261 }
262
263 /* All xfrm_state objects are created by xfrm_state_alloc.
264 * The xfrm_state_alloc call gives a reference, and that
265 * is what we are dropping here.
266 */
267 __xfrm_state_put(x);
268 err = 0;
269 }
270
271 return err;
272 }
273 EXPORT_SYMBOL(__xfrm_state_delete);
274
275 int xfrm_state_delete(struct xfrm_state *x)
276 {
277 int err;
278
279 spin_lock_bh(&x->lock);
280 err = __xfrm_state_delete(x);
281 spin_unlock_bh(&x->lock);
282
283 return err;
284 }
285 EXPORT_SYMBOL(xfrm_state_delete);
286
287 void xfrm_state_flush(u8 proto)
288 {
289 int i;
290 struct xfrm_state *x;
291
292 spin_lock_bh(&xfrm_state_lock);
293 for (i = 0; i < XFRM_DST_HSIZE; i++) {
294 restart:
295 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
296 if (!xfrm_state_kern(x) &&
297 (proto == IPSEC_PROTO_ANY || x->id.proto == proto)) {
298 xfrm_state_hold(x);
299 spin_unlock_bh(&xfrm_state_lock);
300
301 xfrm_state_delete(x);
302 xfrm_state_put(x);
303
304 spin_lock_bh(&xfrm_state_lock);
305 goto restart;
306 }
307 }
308 }
309 spin_unlock_bh(&xfrm_state_lock);
310 wake_up(&km_waitq);
311 }
312 EXPORT_SYMBOL(xfrm_state_flush);
313
314 static int
315 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
316 struct xfrm_tmpl *tmpl,
317 xfrm_address_t *daddr, xfrm_address_t *saddr,
318 unsigned short family)
319 {
320 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
321 if (!afinfo)
322 return -1;
323 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
324 xfrm_state_put_afinfo(afinfo);
325 return 0;
326 }
327
328 struct xfrm_state *
329 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
330 struct flowi *fl, struct xfrm_tmpl *tmpl,
331 struct xfrm_policy *pol, int *err,
332 unsigned short family)
333 {
334 unsigned h = xfrm_dst_hash(daddr, family);
335 struct xfrm_state *x, *x0;
336 int acquire_in_progress = 0;
337 int error = 0;
338 struct xfrm_state *best = NULL;
339 struct xfrm_state_afinfo *afinfo;
340
341 afinfo = xfrm_state_get_afinfo(family);
342 if (afinfo == NULL) {
343 *err = -EAFNOSUPPORT;
344 return NULL;
345 }
346
347 spin_lock_bh(&xfrm_state_lock);
348 list_for_each_entry(x, xfrm_state_bydst+h, bydst) {
349 if (x->props.family == family &&
350 x->props.reqid == tmpl->reqid &&
351 xfrm_state_addr_check(x, daddr, saddr, family) &&
352 tmpl->mode == x->props.mode &&
353 tmpl->id.proto == x->id.proto &&
354 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
355 /* Resolution logic:
356 1. There is a valid state with matching selector.
357 Done.
358 2. Valid state with inappropriate selector. Skip.
359
360 Entering area of "sysdeps".
361
362 3. If state is not valid, selector is temporary,
363 it selects only session which triggered
364 previous resolution. Key manager will do
365 something to install a state with proper
366 selector.
367 */
368 if (x->km.state == XFRM_STATE_VALID) {
369 if (!xfrm_selector_match(&x->sel, fl, family) ||
370 !xfrm_sec_ctx_match(pol->security, x->security))
371 continue;
372 if (!best ||
373 best->km.dying > x->km.dying ||
374 (best->km.dying == x->km.dying &&
375 best->curlft.add_time < x->curlft.add_time))
376 best = x;
377 } else if (x->km.state == XFRM_STATE_ACQ) {
378 acquire_in_progress = 1;
379 } else if (x->km.state == XFRM_STATE_ERROR ||
380 x->km.state == XFRM_STATE_EXPIRED) {
381 if (xfrm_selector_match(&x->sel, fl, family) &&
382 xfrm_sec_ctx_match(pol->security, x->security))
383 error = -ESRCH;
384 }
385 }
386 }
387
388 x = best;
389 if (!x && !error && !acquire_in_progress) {
390 if (tmpl->id.spi &&
391 (x0 = afinfo->state_lookup(daddr, tmpl->id.spi,
392 tmpl->id.proto)) != NULL) {
393 xfrm_state_put(x0);
394 error = -EEXIST;
395 goto out;
396 }
397 x = xfrm_state_alloc();
398 if (x == NULL) {
399 error = -ENOMEM;
400 goto out;
401 }
402 /* Initialize temporary selector matching only
403 * to current session. */
404 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
405
406 if (km_query(x, tmpl, pol) == 0) {
407 x->km.state = XFRM_STATE_ACQ;
408 list_add_tail(&x->bydst, xfrm_state_bydst+h);
409 xfrm_state_hold(x);
410 if (x->id.spi) {
411 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
412 list_add(&x->byspi, xfrm_state_byspi+h);
413 xfrm_state_hold(x);
414 }
415 x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
416 xfrm_state_hold(x);
417 x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
418 add_timer(&x->timer);
419 } else {
420 x->km.state = XFRM_STATE_DEAD;
421 xfrm_state_put(x);
422 x = NULL;
423 error = -ESRCH;
424 }
425 }
426 out:
427 if (x)
428 xfrm_state_hold(x);
429 else
430 *err = acquire_in_progress ? -EAGAIN : error;
431 spin_unlock_bh(&xfrm_state_lock);
432 xfrm_state_put_afinfo(afinfo);
433 return x;
434 }
435
436 static void __xfrm_state_insert(struct xfrm_state *x)
437 {
438 unsigned h = xfrm_dst_hash(&x->id.daddr, x->props.family);
439
440 list_add(&x->bydst, xfrm_state_bydst+h);
441 xfrm_state_hold(x);
442
443 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
444
445 list_add(&x->byspi, xfrm_state_byspi+h);
446 xfrm_state_hold(x);
447
448 if (!mod_timer(&x->timer, jiffies + HZ))
449 xfrm_state_hold(x);
450
451 if (x->replay_maxage &&
452 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
453 xfrm_state_hold(x);
454
455 wake_up(&km_waitq);
456 }
457
458 void xfrm_state_insert(struct xfrm_state *x)
459 {
460 spin_lock_bh(&xfrm_state_lock);
461 __xfrm_state_insert(x);
462 spin_unlock_bh(&xfrm_state_lock);
463
464 xfrm_flush_all_bundles();
465 }
466 EXPORT_SYMBOL(xfrm_state_insert);
467
468 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
469
470 int xfrm_state_add(struct xfrm_state *x)
471 {
472 struct xfrm_state_afinfo *afinfo;
473 struct xfrm_state *x1;
474 int family;
475 int err;
476
477 family = x->props.family;
478 afinfo = xfrm_state_get_afinfo(family);
479 if (unlikely(afinfo == NULL))
480 return -EAFNOSUPPORT;
481
482 spin_lock_bh(&xfrm_state_lock);
483
484 x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
485 if (x1) {
486 xfrm_state_put(x1);
487 x1 = NULL;
488 err = -EEXIST;
489 goto out;
490 }
491
492 if (x->km.seq) {
493 x1 = __xfrm_find_acq_byseq(x->km.seq);
494 if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
495 xfrm_state_put(x1);
496 x1 = NULL;
497 }
498 }
499
500 if (!x1)
501 x1 = afinfo->find_acq(
502 x->props.mode, x->props.reqid, x->id.proto,
503 &x->id.daddr, &x->props.saddr, 0);
504
505 __xfrm_state_insert(x);
506 err = 0;
507
508 out:
509 spin_unlock_bh(&xfrm_state_lock);
510 xfrm_state_put_afinfo(afinfo);
511
512 if (!err)
513 xfrm_flush_all_bundles();
514
515 if (x1) {
516 xfrm_state_delete(x1);
517 xfrm_state_put(x1);
518 }
519
520 return err;
521 }
522 EXPORT_SYMBOL(xfrm_state_add);
523
524 int xfrm_state_update(struct xfrm_state *x)
525 {
526 struct xfrm_state_afinfo *afinfo;
527 struct xfrm_state *x1;
528 int err;
529
530 afinfo = xfrm_state_get_afinfo(x->props.family);
531 if (unlikely(afinfo == NULL))
532 return -EAFNOSUPPORT;
533
534 spin_lock_bh(&xfrm_state_lock);
535 x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
536
537 err = -ESRCH;
538 if (!x1)
539 goto out;
540
541 if (xfrm_state_kern(x1)) {
542 xfrm_state_put(x1);
543 err = -EEXIST;
544 goto out;
545 }
546
547 if (x1->km.state == XFRM_STATE_ACQ) {
548 __xfrm_state_insert(x);
549 x = NULL;
550 }
551 err = 0;
552
553 out:
554 spin_unlock_bh(&xfrm_state_lock);
555 xfrm_state_put_afinfo(afinfo);
556
557 if (err)
558 return err;
559
560 if (!x) {
561 xfrm_state_delete(x1);
562 xfrm_state_put(x1);
563 return 0;
564 }
565
566 err = -EINVAL;
567 spin_lock_bh(&x1->lock);
568 if (likely(x1->km.state == XFRM_STATE_VALID)) {
569 if (x->encap && x1->encap)
570 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
571 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
572 x1->km.dying = 0;
573
574 if (!mod_timer(&x1->timer, jiffies + HZ))
575 xfrm_state_hold(x1);
576 if (x1->curlft.use_time)
577 xfrm_state_check_expire(x1);
578
579 err = 0;
580 }
581 spin_unlock_bh(&x1->lock);
582
583 xfrm_state_put(x1);
584
585 return err;
586 }
587 EXPORT_SYMBOL(xfrm_state_update);
588
589 int xfrm_state_check_expire(struct xfrm_state *x)
590 {
591 if (!x->curlft.use_time)
592 x->curlft.use_time = (unsigned long)xtime.tv_sec;
593
594 if (x->km.state != XFRM_STATE_VALID)
595 return -EINVAL;
596
597 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
598 x->curlft.packets >= x->lft.hard_packet_limit) {
599 x->km.state = XFRM_STATE_EXPIRED;
600 if (!mod_timer(&x->timer, jiffies))
601 xfrm_state_hold(x);
602 return -EINVAL;
603 }
604
605 if (!x->km.dying &&
606 (x->curlft.bytes >= x->lft.soft_byte_limit ||
607 x->curlft.packets >= x->lft.soft_packet_limit)) {
608 x->km.dying = 1;
609 km_state_expired(x, 0, 0);
610 }
611 return 0;
612 }
613 EXPORT_SYMBOL(xfrm_state_check_expire);
614
615 static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
616 {
617 int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev)
618 - skb_headroom(skb);
619
620 if (nhead > 0)
621 return pskb_expand_head(skb, nhead, 0, GFP_ATOMIC);
622
623 /* Check tail too... */
624 return 0;
625 }
626
627 int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
628 {
629 int err = xfrm_state_check_expire(x);
630 if (err < 0)
631 goto err;
632 err = xfrm_state_check_space(x, skb);
633 err:
634 return err;
635 }
636 EXPORT_SYMBOL(xfrm_state_check);
637
638 struct xfrm_state *
639 xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto,
640 unsigned short family)
641 {
642 struct xfrm_state *x;
643 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
644 if (!afinfo)
645 return NULL;
646
647 spin_lock_bh(&xfrm_state_lock);
648 x = afinfo->state_lookup(daddr, spi, proto);
649 spin_unlock_bh(&xfrm_state_lock);
650 xfrm_state_put_afinfo(afinfo);
651 return x;
652 }
653 EXPORT_SYMBOL(xfrm_state_lookup);
654
655 struct xfrm_state *
656 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
657 xfrm_address_t *daddr, xfrm_address_t *saddr,
658 int create, unsigned short family)
659 {
660 struct xfrm_state *x;
661 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
662 if (!afinfo)
663 return NULL;
664
665 spin_lock_bh(&xfrm_state_lock);
666 x = afinfo->find_acq(mode, reqid, proto, daddr, saddr, create);
667 spin_unlock_bh(&xfrm_state_lock);
668 xfrm_state_put_afinfo(afinfo);
669 return x;
670 }
671 EXPORT_SYMBOL(xfrm_find_acq);
672
673 /* Silly enough, but I'm lazy to build resolution list */
674
675 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
676 {
677 int i;
678 struct xfrm_state *x;
679
680 for (i = 0; i < XFRM_DST_HSIZE; i++) {
681 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
682 if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
683 xfrm_state_hold(x);
684 return x;
685 }
686 }
687 }
688 return NULL;
689 }
690
691 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
692 {
693 struct xfrm_state *x;
694
695 spin_lock_bh(&xfrm_state_lock);
696 x = __xfrm_find_acq_byseq(seq);
697 spin_unlock_bh(&xfrm_state_lock);
698 return x;
699 }
700 EXPORT_SYMBOL(xfrm_find_acq_byseq);
701
702 u32 xfrm_get_acqseq(void)
703 {
704 u32 res;
705 static u32 acqseq;
706 static DEFINE_SPINLOCK(acqseq_lock);
707
708 spin_lock_bh(&acqseq_lock);
709 res = (++acqseq ? : ++acqseq);
710 spin_unlock_bh(&acqseq_lock);
711 return res;
712 }
713 EXPORT_SYMBOL(xfrm_get_acqseq);
714
715 void
716 xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi)
717 {
718 u32 h;
719 struct xfrm_state *x0;
720
721 if (x->id.spi)
722 return;
723
724 if (minspi == maxspi) {
725 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
726 if (x0) {
727 xfrm_state_put(x0);
728 return;
729 }
730 x->id.spi = minspi;
731 } else {
732 u32 spi = 0;
733 minspi = ntohl(minspi);
734 maxspi = ntohl(maxspi);
735 for (h=0; h<maxspi-minspi+1; h++) {
736 spi = minspi + net_random()%(maxspi-minspi+1);
737 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
738 if (x0 == NULL) {
739 x->id.spi = htonl(spi);
740 break;
741 }
742 xfrm_state_put(x0);
743 }
744 }
745 if (x->id.spi) {
746 spin_lock_bh(&xfrm_state_lock);
747 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
748 list_add(&x->byspi, xfrm_state_byspi+h);
749 xfrm_state_hold(x);
750 spin_unlock_bh(&xfrm_state_lock);
751 wake_up(&km_waitq);
752 }
753 }
754 EXPORT_SYMBOL(xfrm_alloc_spi);
755
756 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
757 void *data)
758 {
759 int i;
760 struct xfrm_state *x;
761 int count = 0;
762 int err = 0;
763
764 spin_lock_bh(&xfrm_state_lock);
765 for (i = 0; i < XFRM_DST_HSIZE; i++) {
766 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
767 if (proto == IPSEC_PROTO_ANY || x->id.proto == proto)
768 count++;
769 }
770 }
771 if (count == 0) {
772 err = -ENOENT;
773 goto out;
774 }
775
776 for (i = 0; i < XFRM_DST_HSIZE; i++) {
777 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
778 if (proto != IPSEC_PROTO_ANY && x->id.proto != proto)
779 continue;
780 err = func(x, --count, data);
781 if (err)
782 goto out;
783 }
784 }
785 out:
786 spin_unlock_bh(&xfrm_state_lock);
787 return err;
788 }
789 EXPORT_SYMBOL(xfrm_state_walk);
790
791
792 void xfrm_replay_notify(struct xfrm_state *x, int event)
793 {
794 struct km_event c;
795 /* we send notify messages in case
796 * 1. we updated on of the sequence numbers, and the seqno difference
797 * is at least x->replay_maxdiff, in this case we also update the
798 * timeout of our timer function
799 * 2. if x->replay_maxage has elapsed since last update,
800 * and there were changes
801 *
802 * The state structure must be locked!
803 */
804
805 switch (event) {
806 case XFRM_REPLAY_UPDATE:
807 if (x->replay_maxdiff &&
808 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
809 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
810 if (x->xflags & XFRM_TIME_DEFER)
811 event = XFRM_REPLAY_TIMEOUT;
812 else
813 return;
814 }
815
816 break;
817
818 case XFRM_REPLAY_TIMEOUT:
819 if ((x->replay.seq == x->preplay.seq) &&
820 (x->replay.bitmap == x->preplay.bitmap) &&
821 (x->replay.oseq == x->preplay.oseq)) {
822 x->xflags |= XFRM_TIME_DEFER;
823 return;
824 }
825
826 break;
827 }
828
829 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
830 c.event = XFRM_MSG_NEWAE;
831 c.data.aevent = event;
832 km_state_notify(x, &c);
833
834 if (x->replay_maxage &&
835 !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) {
836 xfrm_state_hold(x);
837 x->xflags &= ~XFRM_TIME_DEFER;
838 }
839 }
840 EXPORT_SYMBOL(xfrm_replay_notify);
841
842 static void xfrm_replay_timer_handler(unsigned long data)
843 {
844 struct xfrm_state *x = (struct xfrm_state*)data;
845
846 spin_lock(&x->lock);
847
848 if (x->km.state == XFRM_STATE_VALID) {
849 if (xfrm_aevent_is_on())
850 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
851 else
852 x->xflags |= XFRM_TIME_DEFER;
853 }
854
855 spin_unlock(&x->lock);
856 xfrm_state_put(x);
857 }
858
859 int xfrm_replay_check(struct xfrm_state *x, u32 seq)
860 {
861 u32 diff;
862
863 seq = ntohl(seq);
864
865 if (unlikely(seq == 0))
866 return -EINVAL;
867
868 if (likely(seq > x->replay.seq))
869 return 0;
870
871 diff = x->replay.seq - seq;
872 if (diff >= x->props.replay_window) {
873 x->stats.replay_window++;
874 return -EINVAL;
875 }
876
877 if (x->replay.bitmap & (1U << diff)) {
878 x->stats.replay++;
879 return -EINVAL;
880 }
881 return 0;
882 }
883 EXPORT_SYMBOL(xfrm_replay_check);
884
885 void xfrm_replay_advance(struct xfrm_state *x, u32 seq)
886 {
887 u32 diff;
888
889 seq = ntohl(seq);
890
891 if (seq > x->replay.seq) {
892 diff = seq - x->replay.seq;
893 if (diff < x->props.replay_window)
894 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
895 else
896 x->replay.bitmap = 1;
897 x->replay.seq = seq;
898 } else {
899 diff = x->replay.seq - seq;
900 x->replay.bitmap |= (1U << diff);
901 }
902
903 if (xfrm_aevent_is_on())
904 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
905 }
906 EXPORT_SYMBOL(xfrm_replay_advance);
907
908 static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
909 static DEFINE_RWLOCK(xfrm_km_lock);
910
911 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
912 {
913 struct xfrm_mgr *km;
914
915 read_lock(&xfrm_km_lock);
916 list_for_each_entry(km, &xfrm_km_list, list)
917 if (km->notify_policy)
918 km->notify_policy(xp, dir, c);
919 read_unlock(&xfrm_km_lock);
920 }
921
922 void km_state_notify(struct xfrm_state *x, struct km_event *c)
923 {
924 struct xfrm_mgr *km;
925 read_lock(&xfrm_km_lock);
926 list_for_each_entry(km, &xfrm_km_list, list)
927 if (km->notify)
928 km->notify(x, c);
929 read_unlock(&xfrm_km_lock);
930 }
931
932 EXPORT_SYMBOL(km_policy_notify);
933 EXPORT_SYMBOL(km_state_notify);
934
935 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
936 {
937 struct km_event c;
938
939 c.data.hard = hard;
940 c.pid = pid;
941 c.event = XFRM_MSG_EXPIRE;
942 km_state_notify(x, &c);
943
944 if (hard)
945 wake_up(&km_waitq);
946 }
947
948 EXPORT_SYMBOL(km_state_expired);
949 /*
950 * We send to all registered managers regardless of failure
951 * We are happy with one success
952 */
953 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
954 {
955 int err = -EINVAL, acqret;
956 struct xfrm_mgr *km;
957
958 read_lock(&xfrm_km_lock);
959 list_for_each_entry(km, &xfrm_km_list, list) {
960 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
961 if (!acqret)
962 err = acqret;
963 }
964 read_unlock(&xfrm_km_lock);
965 return err;
966 }
967 EXPORT_SYMBOL(km_query);
968
969 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport)
970 {
971 int err = -EINVAL;
972 struct xfrm_mgr *km;
973
974 read_lock(&xfrm_km_lock);
975 list_for_each_entry(km, &xfrm_km_list, list) {
976 if (km->new_mapping)
977 err = km->new_mapping(x, ipaddr, sport);
978 if (!err)
979 break;
980 }
981 read_unlock(&xfrm_km_lock);
982 return err;
983 }
984 EXPORT_SYMBOL(km_new_mapping);
985
986 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
987 {
988 struct km_event c;
989
990 c.data.hard = hard;
991 c.pid = pid;
992 c.event = XFRM_MSG_POLEXPIRE;
993 km_policy_notify(pol, dir, &c);
994
995 if (hard)
996 wake_up(&km_waitq);
997 }
998 EXPORT_SYMBOL(km_policy_expired);
999
1000 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1001 {
1002 int err;
1003 u8 *data;
1004 struct xfrm_mgr *km;
1005 struct xfrm_policy *pol = NULL;
1006
1007 if (optlen <= 0 || optlen > PAGE_SIZE)
1008 return -EMSGSIZE;
1009
1010 data = kmalloc(optlen, GFP_KERNEL);
1011 if (!data)
1012 return -ENOMEM;
1013
1014 err = -EFAULT;
1015 if (copy_from_user(data, optval, optlen))
1016 goto out;
1017
1018 err = -EINVAL;
1019 read_lock(&xfrm_km_lock);
1020 list_for_each_entry(km, &xfrm_km_list, list) {
1021 pol = km->compile_policy(sk->sk_family, optname, data,
1022 optlen, &err);
1023 if (err >= 0)
1024 break;
1025 }
1026 read_unlock(&xfrm_km_lock);
1027
1028 if (err >= 0) {
1029 xfrm_sk_policy_insert(sk, err, pol);
1030 xfrm_pol_put(pol);
1031 err = 0;
1032 }
1033
1034 out:
1035 kfree(data);
1036 return err;
1037 }
1038 EXPORT_SYMBOL(xfrm_user_policy);
1039
1040 int xfrm_register_km(struct xfrm_mgr *km)
1041 {
1042 write_lock_bh(&xfrm_km_lock);
1043 list_add_tail(&km->list, &xfrm_km_list);
1044 write_unlock_bh(&xfrm_km_lock);
1045 return 0;
1046 }
1047 EXPORT_SYMBOL(xfrm_register_km);
1048
1049 int xfrm_unregister_km(struct xfrm_mgr *km)
1050 {
1051 write_lock_bh(&xfrm_km_lock);
1052 list_del(&km->list);
1053 write_unlock_bh(&xfrm_km_lock);
1054 return 0;
1055 }
1056 EXPORT_SYMBOL(xfrm_unregister_km);
1057
1058 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1059 {
1060 int err = 0;
1061 if (unlikely(afinfo == NULL))
1062 return -EINVAL;
1063 if (unlikely(afinfo->family >= NPROTO))
1064 return -EAFNOSUPPORT;
1065 write_lock_bh(&xfrm_state_afinfo_lock);
1066 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1067 err = -ENOBUFS;
1068 else {
1069 afinfo->state_bydst = xfrm_state_bydst;
1070 afinfo->state_byspi = xfrm_state_byspi;
1071 xfrm_state_afinfo[afinfo->family] = afinfo;
1072 }
1073 write_unlock_bh(&xfrm_state_afinfo_lock);
1074 return err;
1075 }
1076 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1077
1078 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1079 {
1080 int err = 0;
1081 if (unlikely(afinfo == NULL))
1082 return -EINVAL;
1083 if (unlikely(afinfo->family >= NPROTO))
1084 return -EAFNOSUPPORT;
1085 write_lock_bh(&xfrm_state_afinfo_lock);
1086 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1087 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1088 err = -EINVAL;
1089 else {
1090 xfrm_state_afinfo[afinfo->family] = NULL;
1091 afinfo->state_byspi = NULL;
1092 afinfo->state_bydst = NULL;
1093 }
1094 }
1095 write_unlock_bh(&xfrm_state_afinfo_lock);
1096 return err;
1097 }
1098 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1099
1100 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
1101 {
1102 struct xfrm_state_afinfo *afinfo;
1103 if (unlikely(family >= NPROTO))
1104 return NULL;
1105 read_lock(&xfrm_state_afinfo_lock);
1106 afinfo = xfrm_state_afinfo[family];
1107 if (unlikely(!afinfo))
1108 read_unlock(&xfrm_state_afinfo_lock);
1109 return afinfo;
1110 }
1111
1112 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1113 {
1114 read_unlock(&xfrm_state_afinfo_lock);
1115 }
1116
1117 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1118 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1119 {
1120 if (x->tunnel) {
1121 struct xfrm_state *t = x->tunnel;
1122
1123 if (atomic_read(&t->tunnel_users) == 2)
1124 xfrm_state_delete(t);
1125 atomic_dec(&t->tunnel_users);
1126 xfrm_state_put(t);
1127 x->tunnel = NULL;
1128 }
1129 }
1130 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1131
1132 /*
1133 * This function is NOT optimal. For example, with ESP it will give an
1134 * MTU that's usually two bytes short of being optimal. However, it will
1135 * usually give an answer that's a multiple of 4 provided the input is
1136 * also a multiple of 4.
1137 */
1138 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1139 {
1140 int res = mtu;
1141
1142 res -= x->props.header_len;
1143
1144 for (;;) {
1145 int m = res;
1146
1147 if (m < 68)
1148 return 68;
1149
1150 spin_lock_bh(&x->lock);
1151 if (x->km.state == XFRM_STATE_VALID &&
1152 x->type && x->type->get_max_size)
1153 m = x->type->get_max_size(x, m);
1154 else
1155 m += x->props.header_len;
1156 spin_unlock_bh(&x->lock);
1157
1158 if (m <= mtu)
1159 break;
1160 res -= (m - mtu);
1161 }
1162
1163 return res;
1164 }
1165
1166 int xfrm_init_state(struct xfrm_state *x)
1167 {
1168 struct xfrm_state_afinfo *afinfo;
1169 int family = x->props.family;
1170 int err;
1171
1172 err = -EAFNOSUPPORT;
1173 afinfo = xfrm_state_get_afinfo(family);
1174 if (!afinfo)
1175 goto error;
1176
1177 err = 0;
1178 if (afinfo->init_flags)
1179 err = afinfo->init_flags(x);
1180
1181 xfrm_state_put_afinfo(afinfo);
1182
1183 if (err)
1184 goto error;
1185
1186 err = -EPROTONOSUPPORT;
1187 x->type = xfrm_get_type(x->id.proto, family);
1188 if (x->type == NULL)
1189 goto error;
1190
1191 err = x->type->init_state(x);
1192 if (err)
1193 goto error;
1194
1195 x->mode = xfrm_get_mode(x->props.mode, family);
1196 if (x->mode == NULL)
1197 goto error;
1198
1199 x->km.state = XFRM_STATE_VALID;
1200
1201 error:
1202 return err;
1203 }
1204
1205 EXPORT_SYMBOL(xfrm_init_state);
1206
1207 void __init xfrm_state_init(void)
1208 {
1209 int i;
1210
1211 for (i=0; i<XFRM_DST_HSIZE; i++) {
1212 INIT_LIST_HEAD(&xfrm_state_bydst[i]);
1213 INIT_LIST_HEAD(&xfrm_state_byspi[i]);
1214 }
1215 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task, NULL);
1216 }
1217
Linux with added FPC-III support