]> pilppa.org Git - linux-2.6-omap-h63xx.git/blob - net/xfrm/xfrm_state.c
projects / linux-2.6-omap-h63xx.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
netns xfrm: per-netns xfrm_state_all list
[linux-2.6-omap-h63xx.git] / net / xfrm / xfrm_state.c
1 /*
2  * xfrm_state.c
3  *
4  * Changes:
5  *      Mitsuru KANDA @USAGI
6  *      Kazunori MIYAZAWA @USAGI
7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8  *              IPv6 support
9  *      YOSHIFUJI Hideaki @USAGI
10  *              Split up af-specific functions
11  *      Derek Atkins <derek@ihtfp.com>
12  *              Add UDP Encapsulation
13  *
14  */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <linux/cache.h>
22 #include <linux/audit.h>
23 #include <asm/uaccess.h>
24
25 #include "xfrm_hash.h"
26
27 struct sock *xfrm_nl;
28 EXPORT_SYMBOL(xfrm_nl);
29
30 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
31 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
33 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
34 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
36 u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
38 /* Each xfrm_state may be linked to two tables:
39
40    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
41    2. Hash table by (daddr,family,reqid) to find what SAs exist for given
42       destination/tunnel endpoint. (output)
43  */
44
45 static DEFINE_SPINLOCK(xfrm_state_lock);
46
47 /* Hash table to find appropriate SA towards given target (endpoint
48  * of tunnel or destination of transport mode) allowed by selector.
49  *
50  * Main use is finding SA after policy selected tunnel or transport mode.
51  * Also, it can be used by ah/esp icmp error handler to find offending SA.
52  */
53 static struct hlist_head *xfrm_state_bydst __read_mostly;
54 static struct hlist_head *xfrm_state_bysrc __read_mostly;
55 static struct hlist_head *xfrm_state_byspi __read_mostly;
56 static unsigned int xfrm_state_hmask __read_mostly;
57 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
58 static unsigned int xfrm_state_num;
59 static unsigned int xfrm_state_genid;
60
61 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
62 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
63
64 #ifdef CONFIG_AUDITSYSCALL
65 static void xfrm_audit_state_replay(struct xfrm_state *x,
66                                     struct sk_buff *skb, __be32 net_seq);
67 #else
68 #define xfrm_audit_state_replay(x, s, sq)       do { ; } while (0)
69 #endif /* CONFIG_AUDITSYSCALL */
70
71 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
72                                          xfrm_address_t *saddr,
73                                          u32 reqid,
74                                          unsigned short family)
75 {
76         return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
77 }
78
79 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
80                                          xfrm_address_t *saddr,
81                                          unsigned short family)
82 {
83         return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
84 }
85
86 static inline unsigned int
87 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
88 {
89         return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
90 }
91
92 static void xfrm_hash_transfer(struct hlist_head *list,
93                                struct hlist_head *ndsttable,
94                                struct hlist_head *nsrctable,
95                                struct hlist_head *nspitable,
96                                unsigned int nhashmask)
97 {
98         struct hlist_node *entry, *tmp;
99         struct xfrm_state *x;
100
101         hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
102                 unsigned int h;
103
104                 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
105                                     x->props.reqid, x->props.family,
106                                     nhashmask);
107                 hlist_add_head(&x->bydst, ndsttable+h);
108
109                 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
110                                     x->props.family,
111                                     nhashmask);
112                 hlist_add_head(&x->bysrc, nsrctable+h);
113
114                 if (x->id.spi) {
115                         h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
116                                             x->id.proto, x->props.family,
117                                             nhashmask);
118                         hlist_add_head(&x->byspi, nspitable+h);
119                 }
120         }
121 }
122
123 static unsigned long xfrm_hash_new_size(void)
124 {
125         return ((xfrm_state_hmask + 1) << 1) *
126                 sizeof(struct hlist_head);
127 }
128
129 static DEFINE_MUTEX(hash_resize_mutex);
130
131 static void xfrm_hash_resize(struct work_struct *__unused)
132 {
133         struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
134         unsigned long nsize, osize;
135         unsigned int nhashmask, ohashmask;
136         int i;
137
138         mutex_lock(&hash_resize_mutex);
139
140         nsize = xfrm_hash_new_size();
141         ndst = xfrm_hash_alloc(nsize);
142         if (!ndst)
143                 goto out_unlock;
144         nsrc = xfrm_hash_alloc(nsize);
145         if (!nsrc) {
146                 xfrm_hash_free(ndst, nsize);
147                 goto out_unlock;
148         }
149         nspi = xfrm_hash_alloc(nsize);
150         if (!nspi) {
151                 xfrm_hash_free(ndst, nsize);
152                 xfrm_hash_free(nsrc, nsize);
153                 goto out_unlock;
154         }
155
156         spin_lock_bh(&xfrm_state_lock);
157
158         nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
159         for (i = xfrm_state_hmask; i >= 0; i--)
160                 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
161                                    nhashmask);
162
163         odst = xfrm_state_bydst;
164         osrc = xfrm_state_bysrc;
165         ospi = xfrm_state_byspi;
166         ohashmask = xfrm_state_hmask;
167
168         xfrm_state_bydst = ndst;
169         xfrm_state_bysrc = nsrc;
170         xfrm_state_byspi = nspi;
171         xfrm_state_hmask = nhashmask;
172
173         spin_unlock_bh(&xfrm_state_lock);
174
175         osize = (ohashmask + 1) * sizeof(struct hlist_head);
176         xfrm_hash_free(odst, osize);
177         xfrm_hash_free(osrc, osize);
178         xfrm_hash_free(ospi, osize);
179
180 out_unlock:
181         mutex_unlock(&hash_resize_mutex);
182 }
183
184 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
185
186 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
187 EXPORT_SYMBOL(km_waitq);
188
189 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
190 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
191
192 static struct work_struct xfrm_state_gc_work;
193 static HLIST_HEAD(xfrm_state_gc_list);
194 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
195
196 int __xfrm_state_delete(struct xfrm_state *x);
197
198 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
199 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
200
201 static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
202 {
203         struct xfrm_state_afinfo *afinfo;
204         if (unlikely(family >= NPROTO))
205                 return NULL;
206         write_lock_bh(&xfrm_state_afinfo_lock);
207         afinfo = xfrm_state_afinfo[family];
208         if (unlikely(!afinfo))
209                 write_unlock_bh(&xfrm_state_afinfo_lock);
210         return afinfo;
211 }
212
213 static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
214         __releases(xfrm_state_afinfo_lock)
215 {
216         write_unlock_bh(&xfrm_state_afinfo_lock);
217 }
218
219 int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
220 {
221         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
222         const struct xfrm_type **typemap;
223         int err = 0;
224
225         if (unlikely(afinfo == NULL))
226                 return -EAFNOSUPPORT;
227         typemap = afinfo->type_map;
228
229         if (likely(typemap[type->proto] == NULL))
230                 typemap[type->proto] = type;
231         else
232                 err = -EEXIST;
233         xfrm_state_unlock_afinfo(afinfo);
234         return err;
235 }
236 EXPORT_SYMBOL(xfrm_register_type);
237
238 int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
239 {
240         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
241         const struct xfrm_type **typemap;
242         int err = 0;
243
244         if (unlikely(afinfo == NULL))
245                 return -EAFNOSUPPORT;
246         typemap = afinfo->type_map;
247
248         if (unlikely(typemap[type->proto] != type))
249                 err = -ENOENT;
250         else
251                 typemap[type->proto] = NULL;
252         xfrm_state_unlock_afinfo(afinfo);
253         return err;
254 }
255 EXPORT_SYMBOL(xfrm_unregister_type);
256
257 static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
258 {
259         struct xfrm_state_afinfo *afinfo;
260         const struct xfrm_type **typemap;
261         const struct xfrm_type *type;
262         int modload_attempted = 0;
263
264 retry:
265         afinfo = xfrm_state_get_afinfo(family);
266         if (unlikely(afinfo == NULL))
267                 return NULL;
268         typemap = afinfo->type_map;
269
270         type = typemap[proto];
271         if (unlikely(type && !try_module_get(type->owner)))
272                 type = NULL;
273         if (!type && !modload_attempted) {
274                 xfrm_state_put_afinfo(afinfo);
275                 request_module("xfrm-type-%d-%d", family, proto);
276                 modload_attempted = 1;
277                 goto retry;
278         }
279
280         xfrm_state_put_afinfo(afinfo);
281         return type;
282 }
283
284 static void xfrm_put_type(const struct xfrm_type *type)
285 {
286         module_put(type->owner);
287 }
288
289 int xfrm_register_mode(struct xfrm_mode *mode, int family)
290 {
291         struct xfrm_state_afinfo *afinfo;
292         struct xfrm_mode **modemap;
293         int err;
294
295         if (unlikely(mode->encap >= XFRM_MODE_MAX))
296                 return -EINVAL;
297
298         afinfo = xfrm_state_lock_afinfo(family);
299         if (unlikely(afinfo == NULL))
300                 return -EAFNOSUPPORT;
301
302         err = -EEXIST;
303         modemap = afinfo->mode_map;
304         if (modemap[mode->encap])
305                 goto out;
306
307         err = -ENOENT;
308         if (!try_module_get(afinfo->owner))
309                 goto out;
310
311         mode->afinfo = afinfo;
312         modemap[mode->encap] = mode;
313         err = 0;
314
315 out:
316         xfrm_state_unlock_afinfo(afinfo);
317         return err;
318 }
319 EXPORT_SYMBOL(xfrm_register_mode);
320
321 int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
322 {
323         struct xfrm_state_afinfo *afinfo;
324         struct xfrm_mode **modemap;
325         int err;
326
327         if (unlikely(mode->encap >= XFRM_MODE_MAX))
328                 return -EINVAL;
329
330         afinfo = xfrm_state_lock_afinfo(family);
331         if (unlikely(afinfo == NULL))
332                 return -EAFNOSUPPORT;
333
334         err = -ENOENT;
335         modemap = afinfo->mode_map;
336         if (likely(modemap[mode->encap] == mode)) {
337                 modemap[mode->encap] = NULL;
338                 module_put(mode->afinfo->owner);
339                 err = 0;
340         }
341
342         xfrm_state_unlock_afinfo(afinfo);
343         return err;
344 }
345 EXPORT_SYMBOL(xfrm_unregister_mode);
346
347 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
348 {
349         struct xfrm_state_afinfo *afinfo;
350         struct xfrm_mode *mode;
351         int modload_attempted = 0;
352
353         if (unlikely(encap >= XFRM_MODE_MAX))
354                 return NULL;
355
356 retry:
357         afinfo = xfrm_state_get_afinfo(family);
358         if (unlikely(afinfo == NULL))
359                 return NULL;
360
361         mode = afinfo->mode_map[encap];
362         if (unlikely(mode && !try_module_get(mode->owner)))
363                 mode = NULL;
364         if (!mode && !modload_attempted) {
365                 xfrm_state_put_afinfo(afinfo);
366                 request_module("xfrm-mode-%d-%d", family, encap);
367                 modload_attempted = 1;
368                 goto retry;
369         }
370
371         xfrm_state_put_afinfo(afinfo);
372         return mode;
373 }
374
375 static void xfrm_put_mode(struct xfrm_mode *mode)
376 {
377         module_put(mode->owner);
378 }
379
380 static void xfrm_state_gc_destroy(struct xfrm_state *x)
381 {
382         del_timer_sync(&x->timer);
383         del_timer_sync(&x->rtimer);
384         kfree(x->aalg);
385         kfree(x->ealg);
386         kfree(x->calg);
387         kfree(x->encap);
388         kfree(x->coaddr);
389         if (x->inner_mode)
390                 xfrm_put_mode(x->inner_mode);
391         if (x->inner_mode_iaf)
392                 xfrm_put_mode(x->inner_mode_iaf);
393         if (x->outer_mode)
394                 xfrm_put_mode(x->outer_mode);
395         if (x->type) {
396                 x->type->destructor(x);
397                 xfrm_put_type(x->type);
398         }
399         security_xfrm_state_free(x);
400         kfree(x);
401 }
402
403 static void xfrm_state_gc_task(struct work_struct *data)
404 {
405         struct xfrm_state *x;
406         struct hlist_node *entry, *tmp;
407         struct hlist_head gc_list;
408
409         spin_lock_bh(&xfrm_state_gc_lock);
410         hlist_move_list(&xfrm_state_gc_list, &gc_list);
411         spin_unlock_bh(&xfrm_state_gc_lock);
412
413         hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
414                 xfrm_state_gc_destroy(x);
415
416         wake_up(&km_waitq);
417 }
418
419 static inline unsigned long make_jiffies(long secs)
420 {
421         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
422                 return MAX_SCHEDULE_TIMEOUT-1;
423         else
424                 return secs*HZ;
425 }
426
427 static void xfrm_timer_handler(unsigned long data)
428 {
429         struct xfrm_state *x = (struct xfrm_state*)data;
430         unsigned long now = get_seconds();
431         long next = LONG_MAX;
432         int warn = 0;
433         int err = 0;
434
435         spin_lock(&x->lock);
436         if (x->km.state == XFRM_STATE_DEAD)
437                 goto out;
438         if (x->km.state == XFRM_STATE_EXPIRED)
439                 goto expired;
440         if (x->lft.hard_add_expires_seconds) {
441                 long tmo = x->lft.hard_add_expires_seconds +
442                         x->curlft.add_time - now;
443                 if (tmo <= 0)
444                         goto expired;
445                 if (tmo < next)
446                         next = tmo;
447         }
448         if (x->lft.hard_use_expires_seconds) {
449                 long tmo = x->lft.hard_use_expires_seconds +
450                         (x->curlft.use_time ? : now) - now;
451                 if (tmo <= 0)
452                         goto expired;
453                 if (tmo < next)
454                         next = tmo;
455         }
456         if (x->km.dying)
457                 goto resched;
458         if (x->lft.soft_add_expires_seconds) {
459                 long tmo = x->lft.soft_add_expires_seconds +
460                         x->curlft.add_time - now;
461                 if (tmo <= 0)
462                         warn = 1;
463                 else if (tmo < next)
464                         next = tmo;
465         }
466         if (x->lft.soft_use_expires_seconds) {
467                 long tmo = x->lft.soft_use_expires_seconds +
468                         (x->curlft.use_time ? : now) - now;
469                 if (tmo <= 0)
470                         warn = 1;
471                 else if (tmo < next)
472                         next = tmo;
473         }
474
475         x->km.dying = warn;
476         if (warn)
477                 km_state_expired(x, 0, 0);
478 resched:
479         if (next != LONG_MAX)
480                 mod_timer(&x->timer, jiffies + make_jiffies(next));
481
482         goto out;
483
484 expired:
485         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
486                 x->km.state = XFRM_STATE_EXPIRED;
487                 wake_up(&km_waitq);
488                 next = 2;
489                 goto resched;
490         }
491
492         err = __xfrm_state_delete(x);
493         if (!err && x->id.spi)
494                 km_state_expired(x, 1, 0);
495
496         xfrm_audit_state_delete(x, err ? 0 : 1,
497                                 audit_get_loginuid(current),
498                                 audit_get_sessionid(current), 0);
499
500 out:
501         spin_unlock(&x->lock);
502 }
503
504 static void xfrm_replay_timer_handler(unsigned long data);
505
506 struct xfrm_state *xfrm_state_alloc(struct net *net)
507 {
508         struct xfrm_state *x;
509
510         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
511
512         if (x) {
513                 write_pnet(&x->xs_net, net);
514                 atomic_set(&x->refcnt, 1);
515                 atomic_set(&x->tunnel_users, 0);
516                 INIT_LIST_HEAD(&x->km.all);
517                 INIT_HLIST_NODE(&x->bydst);
518                 INIT_HLIST_NODE(&x->bysrc);
519                 INIT_HLIST_NODE(&x->byspi);
520                 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
521                 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
522                                 (unsigned long)x);
523                 x->curlft.add_time = get_seconds();
524                 x->lft.soft_byte_limit = XFRM_INF;
525                 x->lft.soft_packet_limit = XFRM_INF;
526                 x->lft.hard_byte_limit = XFRM_INF;
527                 x->lft.hard_packet_limit = XFRM_INF;
528                 x->replay_maxage = 0;
529                 x->replay_maxdiff = 0;
530                 x->inner_mode = NULL;
531                 x->inner_mode_iaf = NULL;
532                 spin_lock_init(&x->lock);
533         }
534         return x;
535 }
536 EXPORT_SYMBOL(xfrm_state_alloc);
537
538 void __xfrm_state_destroy(struct xfrm_state *x)
539 {
540         WARN_ON(x->km.state != XFRM_STATE_DEAD);
541
542         spin_lock_bh(&xfrm_state_gc_lock);
543         hlist_add_head(&x->gclist, &xfrm_state_gc_list);
544         spin_unlock_bh(&xfrm_state_gc_lock);
545         schedule_work(&xfrm_state_gc_work);
546 }
547 EXPORT_SYMBOL(__xfrm_state_destroy);
548
549 int __xfrm_state_delete(struct xfrm_state *x)
550 {
551         int err = -ESRCH;
552
553         if (x->km.state != XFRM_STATE_DEAD) {
554                 x->km.state = XFRM_STATE_DEAD;
555                 spin_lock(&xfrm_state_lock);
556                 list_del(&x->km.all);
557                 hlist_del(&x->bydst);
558                 hlist_del(&x->bysrc);
559                 if (x->id.spi)
560                         hlist_del(&x->byspi);
561                 xfrm_state_num--;
562                 spin_unlock(&xfrm_state_lock);
563
564                 /* All xfrm_state objects are created by xfrm_state_alloc.
565                  * The xfrm_state_alloc call gives a reference, and that
566                  * is what we are dropping here.
567                  */
568                 xfrm_state_put(x);
569                 err = 0;
570         }
571
572         return err;
573 }
574 EXPORT_SYMBOL(__xfrm_state_delete);
575
576 int xfrm_state_delete(struct xfrm_state *x)
577 {
578         int err;
579
580         spin_lock_bh(&x->lock);
581         err = __xfrm_state_delete(x);
582         spin_unlock_bh(&x->lock);
583
584         return err;
585 }
586 EXPORT_SYMBOL(xfrm_state_delete);
587
588 #ifdef CONFIG_SECURITY_NETWORK_XFRM
589 static inline int
590 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
591 {
592         int i, err = 0;
593
594         for (i = 0; i <= xfrm_state_hmask; i++) {
595                 struct hlist_node *entry;
596                 struct xfrm_state *x;
597
598                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
599                         if (xfrm_id_proto_match(x->id.proto, proto) &&
600                            (err = security_xfrm_state_delete(x)) != 0) {
601                                 xfrm_audit_state_delete(x, 0,
602                                                         audit_info->loginuid,
603                                                         audit_info->sessionid,
604                                                         audit_info->secid);
605                                 return err;
606                         }
607                 }
608         }
609
610         return err;
611 }
612 #else
613 static inline int
614 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
615 {
616         return 0;
617 }
618 #endif
619
620 int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
621 {
622         int i, err = 0;
623
624         spin_lock_bh(&xfrm_state_lock);
625         err = xfrm_state_flush_secctx_check(proto, audit_info);
626         if (err)
627                 goto out;
628
629         for (i = 0; i <= xfrm_state_hmask; i++) {
630                 struct hlist_node *entry;
631                 struct xfrm_state *x;
632 restart:
633                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
634                         if (!xfrm_state_kern(x) &&
635                             xfrm_id_proto_match(x->id.proto, proto)) {
636                                 xfrm_state_hold(x);
637                                 spin_unlock_bh(&xfrm_state_lock);
638
639                                 err = xfrm_state_delete(x);
640                                 xfrm_audit_state_delete(x, err ? 0 : 1,
641                                                         audit_info->loginuid,
642                                                         audit_info->sessionid,
643                                                         audit_info->secid);
644                                 xfrm_state_put(x);
645
646                                 spin_lock_bh(&xfrm_state_lock);
647                                 goto restart;
648                         }
649                 }
650         }
651         err = 0;
652
653 out:
654         spin_unlock_bh(&xfrm_state_lock);
655         wake_up(&km_waitq);
656         return err;
657 }
658 EXPORT_SYMBOL(xfrm_state_flush);
659
660 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
661 {
662         spin_lock_bh(&xfrm_state_lock);
663         si->sadcnt = xfrm_state_num;
664         si->sadhcnt = xfrm_state_hmask;
665         si->sadhmcnt = xfrm_state_hashmax;
666         spin_unlock_bh(&xfrm_state_lock);
667 }
668 EXPORT_SYMBOL(xfrm_sad_getinfo);
669
670 static int
671 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
672                   struct xfrm_tmpl *tmpl,
673                   xfrm_address_t *daddr, xfrm_address_t *saddr,
674                   unsigned short family)
675 {
676         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
677         if (!afinfo)
678                 return -1;
679         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
680         xfrm_state_put_afinfo(afinfo);
681         return 0;
682 }
683
684 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
685 {
686         unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
687         struct xfrm_state *x;
688         struct hlist_node *entry;
689
690         hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
691                 if (x->props.family != family ||
692                     x->id.spi       != spi ||
693                     x->id.proto     != proto)
694                         continue;
695
696                 switch (family) {
697                 case AF_INET:
698                         if (x->id.daddr.a4 != daddr->a4)
699                                 continue;
700                         break;
701                 case AF_INET6:
702                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
703                                              (struct in6_addr *)
704                                              x->id.daddr.a6))
705                                 continue;
706                         break;
707                 }
708
709                 xfrm_state_hold(x);
710                 return x;
711         }
712
713         return NULL;
714 }
715
716 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
717 {
718         unsigned int h = xfrm_src_hash(daddr, saddr, family);
719         struct xfrm_state *x;
720         struct hlist_node *entry;
721
722         hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
723                 if (x->props.family != family ||
724                     x->id.proto     != proto)
725                         continue;
726
727                 switch (family) {
728                 case AF_INET:
729                         if (x->id.daddr.a4 != daddr->a4 ||
730                             x->props.saddr.a4 != saddr->a4)
731                                 continue;
732                         break;
733                 case AF_INET6:
734                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
735                                              (struct in6_addr *)
736                                              x->id.daddr.a6) ||
737                             !ipv6_addr_equal((struct in6_addr *)saddr,
738                                              (struct in6_addr *)
739                                              x->props.saddr.a6))
740                                 continue;
741                         break;
742                 }
743
744                 xfrm_state_hold(x);
745                 return x;
746         }
747
748         return NULL;
749 }
750
751 static inline struct xfrm_state *
752 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
753 {
754         if (use_spi)
755                 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
756                                            x->id.proto, family);
757         else
758                 return __xfrm_state_lookup_byaddr(&x->id.daddr,
759                                                   &x->props.saddr,
760                                                   x->id.proto, family);
761 }
762
763 static void xfrm_hash_grow_check(int have_hash_collision)
764 {
765         if (have_hash_collision &&
766             (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
767             xfrm_state_num > xfrm_state_hmask)
768                 schedule_work(&xfrm_hash_work);
769 }
770
771 struct xfrm_state *
772 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
773                 struct flowi *fl, struct xfrm_tmpl *tmpl,
774                 struct xfrm_policy *pol, int *err,
775                 unsigned short family)
776 {
777         unsigned int h;
778         struct hlist_node *entry;
779         struct xfrm_state *x, *x0, *to_put;
780         int acquire_in_progress = 0;
781         int error = 0;
782         struct xfrm_state *best = NULL;
783
784         to_put = NULL;
785
786         spin_lock_bh(&xfrm_state_lock);
787         h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
788         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
789                 if (x->props.family == family &&
790                     x->props.reqid == tmpl->reqid &&
791                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
792                     xfrm_state_addr_check(x, daddr, saddr, family) &&
793                     tmpl->mode == x->props.mode &&
794                     tmpl->id.proto == x->id.proto &&
795                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
796                         /* Resolution logic:
797                            1. There is a valid state with matching selector.
798                               Done.
799                            2. Valid state with inappropriate selector. Skip.
800
801                            Entering area of "sysdeps".
802
803                            3. If state is not valid, selector is temporary,
804                               it selects only session which triggered
805                               previous resolution. Key manager will do
806                               something to install a state with proper
807                               selector.
808                          */
809                         if (x->km.state == XFRM_STATE_VALID) {
810                                 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
811                                     !security_xfrm_state_pol_flow_match(x, pol, fl))
812                                         continue;
813                                 if (!best ||
814                                     best->km.dying > x->km.dying ||
815                                     (best->km.dying == x->km.dying &&
816                                      best->curlft.add_time < x->curlft.add_time))
817                                         best = x;
818                         } else if (x->km.state == XFRM_STATE_ACQ) {
819                                 acquire_in_progress = 1;
820                         } else if (x->km.state == XFRM_STATE_ERROR ||
821                                    x->km.state == XFRM_STATE_EXPIRED) {
822                                 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
823                                     security_xfrm_state_pol_flow_match(x, pol, fl))
824                                         error = -ESRCH;
825                         }
826                 }
827         }
828
829         x = best;
830         if (!x && !error && !acquire_in_progress) {
831                 if (tmpl->id.spi &&
832                     (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
833                                               tmpl->id.proto, family)) != NULL) {
834                         to_put = x0;
835                         error = -EEXIST;
836                         goto out;
837                 }
838                 x = xfrm_state_alloc(&init_net);
839                 if (x == NULL) {
840                         error = -ENOMEM;
841                         goto out;
842                 }
843                 /* Initialize temporary selector matching only
844                  * to current session. */
845                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
846
847                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
848                 if (error) {
849                         x->km.state = XFRM_STATE_DEAD;
850                         to_put = x;
851                         x = NULL;
852                         goto out;
853                 }
854
855                 if (km_query(x, tmpl, pol) == 0) {
856                         x->km.state = XFRM_STATE_ACQ;
857                         list_add(&x->km.all, &init_net.xfrm.state_all);
858                         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
859                         h = xfrm_src_hash(daddr, saddr, family);
860                         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
861                         if (x->id.spi) {
862                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
863                                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
864                         }
865                         x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
866                         x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
867                         add_timer(&x->timer);
868                         xfrm_state_num++;
869                         xfrm_hash_grow_check(x->bydst.next != NULL);
870                 } else {
871                         x->km.state = XFRM_STATE_DEAD;
872                         to_put = x;
873                         x = NULL;
874                         error = -ESRCH;
875                 }
876         }
877 out:
878         if (x)
879                 xfrm_state_hold(x);
880         else
881                 *err = acquire_in_progress ? -EAGAIN : error;
882         spin_unlock_bh(&xfrm_state_lock);
883         if (to_put)
884                 xfrm_state_put(to_put);
885         return x;
886 }
887
888 struct xfrm_state *
889 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
890                     unsigned short family, u8 mode, u8 proto, u32 reqid)
891 {
892         unsigned int h;
893         struct xfrm_state *rx = NULL, *x = NULL;
894         struct hlist_node *entry;
895
896         spin_lock(&xfrm_state_lock);
897         h = xfrm_dst_hash(daddr, saddr, reqid, family);
898         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
899                 if (x->props.family == family &&
900                     x->props.reqid == reqid &&
901                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
902                     xfrm_state_addr_check(x, daddr, saddr, family) &&
903                     mode == x->props.mode &&
904                     proto == x->id.proto &&
905                     x->km.state == XFRM_STATE_VALID) {
906                         rx = x;
907                         break;
908                 }
909         }
910
911         if (rx)
912                 xfrm_state_hold(rx);
913         spin_unlock(&xfrm_state_lock);
914
915
916         return rx;
917 }
918 EXPORT_SYMBOL(xfrm_stateonly_find);
919
920 static void __xfrm_state_insert(struct xfrm_state *x)
921 {
922         unsigned int h;
923
924         x->genid = ++xfrm_state_genid;
925
926         list_add(&x->km.all, &init_net.xfrm.state_all);
927
928         h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
929                           x->props.reqid, x->props.family);
930         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
931
932         h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
933         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
934
935         if (x->id.spi) {
936                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
937                                   x->props.family);
938
939                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
940         }
941
942         mod_timer(&x->timer, jiffies + HZ);
943         if (x->replay_maxage)
944                 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
945
946         wake_up(&km_waitq);
947
948         xfrm_state_num++;
949
950         xfrm_hash_grow_check(x->bydst.next != NULL);
951 }
952
953 /* xfrm_state_lock is held */
954 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
955 {
956         unsigned short family = xnew->props.family;
957         u32 reqid = xnew->props.reqid;
958         struct xfrm_state *x;
959         struct hlist_node *entry;
960         unsigned int h;
961
962         h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
963         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
964                 if (x->props.family     == family &&
965                     x->props.reqid      == reqid &&
966                     !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
967                     !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
968                         x->genid = xfrm_state_genid;
969         }
970 }
971
972 void xfrm_state_insert(struct xfrm_state *x)
973 {
974         spin_lock_bh(&xfrm_state_lock);
975         __xfrm_state_bump_genids(x);
976         __xfrm_state_insert(x);
977         spin_unlock_bh(&xfrm_state_lock);
978 }
979 EXPORT_SYMBOL(xfrm_state_insert);
980
981 /* xfrm_state_lock is held */
982 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
983 {
984         unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
985         struct hlist_node *entry;
986         struct xfrm_state *x;
987
988         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
989                 if (x->props.reqid  != reqid ||
990                     x->props.mode   != mode ||
991                     x->props.family != family ||
992                     x->km.state     != XFRM_STATE_ACQ ||
993                     x->id.spi       != 0 ||
994                     x->id.proto     != proto)
995                         continue;
996
997                 switch (family) {
998                 case AF_INET:
999                         if (x->id.daddr.a4    != daddr->a4 ||
1000                             x->props.saddr.a4 != saddr->a4)
1001                                 continue;
1002                         break;
1003                 case AF_INET6:
1004                         if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
1005                                              (struct in6_addr *)daddr) ||
1006                             !ipv6_addr_equal((struct in6_addr *)
1007                                              x->props.saddr.a6,
1008                                              (struct in6_addr *)saddr))
1009                                 continue;
1010                         break;
1011                 }
1012
1013                 xfrm_state_hold(x);
1014                 return x;
1015         }
1016
1017         if (!create)
1018                 return NULL;
1019
1020         x = xfrm_state_alloc(&init_net);
1021         if (likely(x)) {
1022                 switch (family) {
1023                 case AF_INET:
1024                         x->sel.daddr.a4 = daddr->a4;
1025                         x->sel.saddr.a4 = saddr->a4;
1026                         x->sel.prefixlen_d = 32;
1027                         x->sel.prefixlen_s = 32;
1028                         x->props.saddr.a4 = saddr->a4;
1029                         x->id.daddr.a4 = daddr->a4;
1030                         break;
1031
1032                 case AF_INET6:
1033                         ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1034                                        (struct in6_addr *)daddr);
1035                         ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1036                                        (struct in6_addr *)saddr);
1037                         x->sel.prefixlen_d = 128;
1038                         x->sel.prefixlen_s = 128;
1039                         ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1040                                        (struct in6_addr *)saddr);
1041                         ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1042                                        (struct in6_addr *)daddr);
1043                         break;
1044                 }
1045
1046                 x->km.state = XFRM_STATE_ACQ;
1047                 x->id.proto = proto;
1048                 x->props.family = family;
1049                 x->props.mode = mode;
1050                 x->props.reqid = reqid;
1051                 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
1052                 xfrm_state_hold(x);
1053                 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1054                 add_timer(&x->timer);
1055                 list_add(&x->km.all, &init_net.xfrm.state_all);
1056                 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
1057                 h = xfrm_src_hash(daddr, saddr, family);
1058                 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1059
1060                 xfrm_state_num++;
1061
1062                 xfrm_hash_grow_check(x->bydst.next != NULL);
1063         }
1064
1065         return x;
1066 }
1067
1068 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1069
1070 int xfrm_state_add(struct xfrm_state *x)
1071 {
1072         struct xfrm_state *x1, *to_put;
1073         int family;
1074         int err;
1075         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1076
1077         family = x->props.family;
1078
1079         to_put = NULL;
1080
1081         spin_lock_bh(&xfrm_state_lock);
1082
1083         x1 = __xfrm_state_locate(x, use_spi, family);
1084         if (x1) {
1085                 to_put = x1;
1086                 x1 = NULL;
1087                 err = -EEXIST;
1088                 goto out;
1089         }
1090
1091         if (use_spi && x->km.seq) {
1092                 x1 = __xfrm_find_acq_byseq(x->km.seq);
1093                 if (x1 && ((x1->id.proto != x->id.proto) ||
1094                     xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1095                         to_put = x1;
1096                         x1 = NULL;
1097                 }
1098         }
1099
1100         if (use_spi && !x1)
1101                 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1102                                      x->id.proto,
1103                                      &x->id.daddr, &x->props.saddr, 0);
1104
1105         __xfrm_state_bump_genids(x);
1106         __xfrm_state_insert(x);
1107         err = 0;
1108
1109 out:
1110         spin_unlock_bh(&xfrm_state_lock);
1111
1112         if (x1) {
1113                 xfrm_state_delete(x1);
1114                 xfrm_state_put(x1);
1115         }
1116
1117         if (to_put)
1118                 xfrm_state_put(to_put);
1119
1120         return err;
1121 }
1122 EXPORT_SYMBOL(xfrm_state_add);
1123
1124 #ifdef CONFIG_XFRM_MIGRATE
1125 static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1126 {
1127         int err = -ENOMEM;
1128         struct xfrm_state *x = xfrm_state_alloc(&init_net);
1129         if (!x)
1130                 goto error;
1131
1132         memcpy(&x->id, &orig->id, sizeof(x->id));
1133         memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1134         memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1135         x->props.mode = orig->props.mode;
1136         x->props.replay_window = orig->props.replay_window;
1137         x->props.reqid = orig->props.reqid;
1138         x->props.family = orig->props.family;
1139         x->props.saddr = orig->props.saddr;
1140
1141         if (orig->aalg) {
1142                 x->aalg = xfrm_algo_clone(orig->aalg);
1143                 if (!x->aalg)
1144                         goto error;
1145         }
1146         x->props.aalgo = orig->props.aalgo;
1147
1148         if (orig->ealg) {
1149                 x->ealg = xfrm_algo_clone(orig->ealg);
1150                 if (!x->ealg)
1151                         goto error;
1152         }
1153         x->props.ealgo = orig->props.ealgo;
1154
1155         if (orig->calg) {
1156                 x->calg = xfrm_algo_clone(orig->calg);
1157                 if (!x->calg)
1158                         goto error;
1159         }
1160         x->props.calgo = orig->props.calgo;
1161
1162         if (orig->encap) {
1163                 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1164                 if (!x->encap)
1165                         goto error;
1166         }
1167
1168         if (orig->coaddr) {
1169                 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1170                                     GFP_KERNEL);
1171                 if (!x->coaddr)
1172                         goto error;
1173         }
1174
1175         err = xfrm_init_state(x);
1176         if (err)
1177                 goto error;
1178
1179         x->props.flags = orig->props.flags;
1180
1181         x->curlft.add_time = orig->curlft.add_time;
1182         x->km.state = orig->km.state;
1183         x->km.seq = orig->km.seq;
1184
1185         return x;
1186
1187  error:
1188         if (errp)
1189                 *errp = err;
1190         if (x) {
1191                 kfree(x->aalg);
1192                 kfree(x->ealg);
1193                 kfree(x->calg);
1194                 kfree(x->encap);
1195                 kfree(x->coaddr);
1196         }
1197         kfree(x);
1198         return NULL;
1199 }
1200
1201 /* xfrm_state_lock is held */
1202 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1203 {
1204         unsigned int h;
1205         struct xfrm_state *x;
1206         struct hlist_node *entry;
1207
1208         if (m->reqid) {
1209                 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1210                                   m->reqid, m->old_family);
1211                 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1212                         if (x->props.mode != m->mode ||
1213                             x->id.proto != m->proto)
1214                                 continue;
1215                         if (m->reqid && x->props.reqid != m->reqid)
1216                                 continue;
1217                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1218                                           m->old_family) ||
1219                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1220                                           m->old_family))
1221                                 continue;
1222                         xfrm_state_hold(x);
1223                         return x;
1224                 }
1225         } else {
1226                 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1227                                   m->old_family);
1228                 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
1229                         if (x->props.mode != m->mode ||
1230                             x->id.proto != m->proto)
1231                                 continue;
1232                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1233                                           m->old_family) ||
1234                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1235                                           m->old_family))
1236                                 continue;
1237                         xfrm_state_hold(x);
1238                         return x;
1239                 }
1240         }
1241
1242         return NULL;
1243 }
1244 EXPORT_SYMBOL(xfrm_migrate_state_find);
1245
1246 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1247                                        struct xfrm_migrate *m)
1248 {
1249         struct xfrm_state *xc;
1250         int err;
1251
1252         xc = xfrm_state_clone(x, &err);
1253         if (!xc)
1254                 return NULL;
1255
1256         memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1257         memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1258
1259         /* add state */
1260         if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1261                 /* a care is needed when the destination address of the
1262                    state is to be updated as it is a part of triplet */
1263                 xfrm_state_insert(xc);
1264         } else {
1265                 if ((err = xfrm_state_add(xc)) < 0)
1266                         goto error;
1267         }
1268
1269         return xc;
1270 error:
1271         kfree(xc);
1272         return NULL;
1273 }
1274 EXPORT_SYMBOL(xfrm_state_migrate);
1275 #endif
1276
1277 int xfrm_state_update(struct xfrm_state *x)
1278 {
1279         struct xfrm_state *x1, *to_put;
1280         int err;
1281         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1282
1283         to_put = NULL;
1284
1285         spin_lock_bh(&xfrm_state_lock);
1286         x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1287
1288         err = -ESRCH;
1289         if (!x1)
1290                 goto out;
1291
1292         if (xfrm_state_kern(x1)) {
1293                 to_put = x1;
1294                 err = -EEXIST;
1295                 goto out;
1296         }
1297
1298         if (x1->km.state == XFRM_STATE_ACQ) {
1299                 __xfrm_state_insert(x);
1300                 x = NULL;
1301         }
1302         err = 0;
1303
1304 out:
1305         spin_unlock_bh(&xfrm_state_lock);
1306
1307         if (to_put)
1308                 xfrm_state_put(to_put);
1309
1310         if (err)
1311                 return err;
1312
1313         if (!x) {
1314                 xfrm_state_delete(x1);
1315                 xfrm_state_put(x1);
1316                 return 0;
1317         }
1318
1319         err = -EINVAL;
1320         spin_lock_bh(&x1->lock);
1321         if (likely(x1->km.state == XFRM_STATE_VALID)) {
1322                 if (x->encap && x1->encap)
1323                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1324                 if (x->coaddr && x1->coaddr) {
1325                         memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1326                 }
1327                 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1328                         memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1329                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1330                 x1->km.dying = 0;
1331
1332                 mod_timer(&x1->timer, jiffies + HZ);
1333                 if (x1->curlft.use_time)
1334                         xfrm_state_check_expire(x1);
1335
1336                 err = 0;
1337         }
1338         spin_unlock_bh(&x1->lock);
1339
1340         xfrm_state_put(x1);
1341
1342         return err;
1343 }
1344 EXPORT_SYMBOL(xfrm_state_update);
1345
1346 int xfrm_state_check_expire(struct xfrm_state *x)
1347 {
1348         if (!x->curlft.use_time)
1349                 x->curlft.use_time = get_seconds();
1350
1351         if (x->km.state != XFRM_STATE_VALID)
1352                 return -EINVAL;
1353
1354         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1355             x->curlft.packets >= x->lft.hard_packet_limit) {
1356                 x->km.state = XFRM_STATE_EXPIRED;
1357                 mod_timer(&x->timer, jiffies);
1358                 return -EINVAL;
1359         }
1360
1361         if (!x->km.dying &&
1362             (x->curlft.bytes >= x->lft.soft_byte_limit ||
1363              x->curlft.packets >= x->lft.soft_packet_limit)) {
1364                 x->km.dying = 1;
1365                 km_state_expired(x, 0, 0);
1366         }
1367         return 0;
1368 }
1369 EXPORT_SYMBOL(xfrm_state_check_expire);
1370
1371 struct xfrm_state *
1372 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1373                   unsigned short family)
1374 {
1375         struct xfrm_state *x;
1376
1377         spin_lock_bh(&xfrm_state_lock);
1378         x = __xfrm_state_lookup(daddr, spi, proto, family);
1379         spin_unlock_bh(&xfrm_state_lock);
1380         return x;
1381 }
1382 EXPORT_SYMBOL(xfrm_state_lookup);
1383
1384 struct xfrm_state *
1385 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1386                          u8 proto, unsigned short family)
1387 {
1388         struct xfrm_state *x;
1389
1390         spin_lock_bh(&xfrm_state_lock);
1391         x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
1392         spin_unlock_bh(&xfrm_state_lock);
1393         return x;
1394 }
1395 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1396
1397 struct xfrm_state *
1398 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1399               xfrm_address_t *daddr, xfrm_address_t *saddr,
1400               int create, unsigned short family)
1401 {
1402         struct xfrm_state *x;
1403
1404         spin_lock_bh(&xfrm_state_lock);
1405         x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1406         spin_unlock_bh(&xfrm_state_lock);
1407
1408         return x;
1409 }
1410 EXPORT_SYMBOL(xfrm_find_acq);
1411
1412 #ifdef CONFIG_XFRM_SUB_POLICY
1413 int
1414 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1415                unsigned short family)
1416 {
1417         int err = 0;
1418         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1419         if (!afinfo)
1420                 return -EAFNOSUPPORT;
1421
1422         spin_lock_bh(&xfrm_state_lock);
1423         if (afinfo->tmpl_sort)
1424                 err = afinfo->tmpl_sort(dst, src, n);
1425         spin_unlock_bh(&xfrm_state_lock);
1426         xfrm_state_put_afinfo(afinfo);
1427         return err;
1428 }
1429 EXPORT_SYMBOL(xfrm_tmpl_sort);
1430
1431 int
1432 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1433                 unsigned short family)
1434 {
1435         int err = 0;
1436         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1437         if (!afinfo)
1438                 return -EAFNOSUPPORT;
1439
1440         spin_lock_bh(&xfrm_state_lock);
1441         if (afinfo->state_sort)
1442                 err = afinfo->state_sort(dst, src, n);
1443         spin_unlock_bh(&xfrm_state_lock);
1444         xfrm_state_put_afinfo(afinfo);
1445         return err;
1446 }
1447 EXPORT_SYMBOL(xfrm_state_sort);
1448 #endif
1449
1450 /* Silly enough, but I'm lazy to build resolution list */
1451
1452 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1453 {
1454         int i;
1455
1456         for (i = 0; i <= xfrm_state_hmask; i++) {
1457                 struct hlist_node *entry;
1458                 struct xfrm_state *x;
1459
1460                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1461                         if (x->km.seq == seq &&
1462                             x->km.state == XFRM_STATE_ACQ) {
1463                                 xfrm_state_hold(x);
1464                                 return x;
1465                         }
1466                 }
1467         }
1468         return NULL;
1469 }
1470
1471 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1472 {
1473         struct xfrm_state *x;
1474
1475         spin_lock_bh(&xfrm_state_lock);
1476         x = __xfrm_find_acq_byseq(seq);
1477         spin_unlock_bh(&xfrm_state_lock);
1478         return x;
1479 }
1480 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1481
1482 u32 xfrm_get_acqseq(void)
1483 {
1484         u32 res;
1485         static u32 acqseq;
1486         static DEFINE_SPINLOCK(acqseq_lock);
1487
1488         spin_lock_bh(&acqseq_lock);
1489         res = (++acqseq ? : ++acqseq);
1490         spin_unlock_bh(&acqseq_lock);
1491         return res;
1492 }
1493 EXPORT_SYMBOL(xfrm_get_acqseq);
1494
1495 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1496 {
1497         unsigned int h;
1498         struct xfrm_state *x0;
1499         int err = -ENOENT;
1500         __be32 minspi = htonl(low);
1501         __be32 maxspi = htonl(high);
1502
1503         spin_lock_bh(&x->lock);
1504         if (x->km.state == XFRM_STATE_DEAD)
1505                 goto unlock;
1506
1507         err = 0;
1508         if (x->id.spi)
1509                 goto unlock;
1510
1511         err = -ENOENT;
1512
1513         if (minspi == maxspi) {
1514                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1515                 if (x0) {
1516                         xfrm_state_put(x0);
1517                         goto unlock;
1518                 }
1519                 x->id.spi = minspi;
1520         } else {
1521                 u32 spi = 0;
1522                 for (h=0; h<high-low+1; h++) {
1523                         spi = low + net_random()%(high-low+1);
1524                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1525                         if (x0 == NULL) {
1526                                 x->id.spi = htonl(spi);
1527                                 break;
1528                         }
1529                         xfrm_state_put(x0);
1530                 }
1531         }
1532         if (x->id.spi) {
1533                 spin_lock_bh(&xfrm_state_lock);
1534                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1535                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1536                 spin_unlock_bh(&xfrm_state_lock);
1537
1538                 err = 0;
1539         }
1540
1541 unlock:
1542         spin_unlock_bh(&x->lock);
1543
1544         return err;
1545 }
1546 EXPORT_SYMBOL(xfrm_alloc_spi);
1547
1548 int xfrm_state_walk(struct xfrm_state_walk *walk,
1549                     int (*func)(struct xfrm_state *, int, void*),
1550                     void *data)
1551 {
1552         struct xfrm_state *state;
1553         struct xfrm_state_walk *x;
1554         int err = 0;
1555
1556         if (walk->seq != 0 && list_empty(&walk->all))
1557                 return 0;
1558
1559         spin_lock_bh(&xfrm_state_lock);
1560         if (list_empty(&walk->all))
1561                 x = list_first_entry(&init_net.xfrm.state_all, struct xfrm_state_walk, all);
1562         else
1563                 x = list_entry(&walk->all, struct xfrm_state_walk, all);
1564         list_for_each_entry_from(x, &init_net.xfrm.state_all, all) {
1565                 if (x->state == XFRM_STATE_DEAD)
1566                         continue;
1567                 state = container_of(x, struct xfrm_state, km);
1568                 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
1569                         continue;
1570                 err = func(state, walk->seq, data);
1571                 if (err) {
1572                         list_move_tail(&walk->all, &x->all);
1573                         goto out;
1574                 }
1575                 walk->seq++;
1576         }
1577         if (walk->seq == 0) {
1578                 err = -ENOENT;
1579                 goto out;
1580         }
1581         list_del_init(&walk->all);
1582 out:
1583         spin_unlock_bh(&xfrm_state_lock);
1584         return err;
1585 }
1586 EXPORT_SYMBOL(xfrm_state_walk);
1587
1588 void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1589 {
1590         INIT_LIST_HEAD(&walk->all);
1591         walk->proto = proto;
1592         walk->state = XFRM_STATE_DEAD;
1593         walk->seq = 0;
1594 }
1595 EXPORT_SYMBOL(xfrm_state_walk_init);
1596
1597 void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1598 {
1599         if (list_empty(&walk->all))
1600                 return;
1601
1602         spin_lock_bh(&xfrm_state_lock);
1603         list_del(&walk->all);
1604         spin_lock_bh(&xfrm_state_lock);
1605 }
1606 EXPORT_SYMBOL(xfrm_state_walk_done);
1607
1608
1609 void xfrm_replay_notify(struct xfrm_state *x, int event)
1610 {
1611         struct km_event c;
1612         /* we send notify messages in case
1613          *  1. we updated on of the sequence numbers, and the seqno difference
1614          *     is at least x->replay_maxdiff, in this case we also update the
1615          *     timeout of our timer function
1616          *  2. if x->replay_maxage has elapsed since last update,
1617          *     and there were changes
1618          *
1619          *  The state structure must be locked!
1620          */
1621
1622         switch (event) {
1623         case XFRM_REPLAY_UPDATE:
1624                 if (x->replay_maxdiff &&
1625                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1626                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1627                         if (x->xflags & XFRM_TIME_DEFER)
1628                                 event = XFRM_REPLAY_TIMEOUT;
1629                         else
1630                                 return;
1631                 }
1632
1633                 break;
1634
1635         case XFRM_REPLAY_TIMEOUT:
1636                 if ((x->replay.seq == x->preplay.seq) &&
1637                     (x->replay.bitmap == x->preplay.bitmap) &&
1638                     (x->replay.oseq == x->preplay.oseq)) {
1639                         x->xflags |= XFRM_TIME_DEFER;
1640                         return;
1641                 }
1642
1643                 break;
1644         }
1645
1646         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1647         c.event = XFRM_MSG_NEWAE;
1648         c.data.aevent = event;
1649         km_state_notify(x, &c);
1650
1651         if (x->replay_maxage &&
1652             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1653                 x->xflags &= ~XFRM_TIME_DEFER;
1654 }
1655
1656 static void xfrm_replay_timer_handler(unsigned long data)
1657 {
1658         struct xfrm_state *x = (struct xfrm_state*)data;
1659
1660         spin_lock(&x->lock);
1661
1662         if (x->km.state == XFRM_STATE_VALID) {
1663                 if (xfrm_aevent_is_on())
1664                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1665                 else
1666                         x->xflags |= XFRM_TIME_DEFER;
1667         }
1668
1669         spin_unlock(&x->lock);
1670 }
1671
1672 int xfrm_replay_check(struct xfrm_state *x,
1673                       struct sk_buff *skb, __be32 net_seq)
1674 {
1675         u32 diff;
1676         u32 seq = ntohl(net_seq);
1677
1678         if (unlikely(seq == 0))
1679                 goto err;
1680
1681         if (likely(seq > x->replay.seq))
1682                 return 0;
1683
1684         diff = x->replay.seq - seq;
1685         if (diff >= min_t(unsigned int, x->props.replay_window,
1686                           sizeof(x->replay.bitmap) * 8)) {
1687                 x->stats.replay_window++;
1688                 goto err;
1689         }
1690
1691         if (x->replay.bitmap & (1U << diff)) {
1692                 x->stats.replay++;
1693                 goto err;
1694         }
1695         return 0;
1696
1697 err:
1698         xfrm_audit_state_replay(x, skb, net_seq);
1699         return -EINVAL;
1700 }
1701
1702 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1703 {
1704         u32 diff;
1705         u32 seq = ntohl(net_seq);
1706
1707         if (seq > x->replay.seq) {
1708                 diff = seq - x->replay.seq;
1709                 if (diff < x->props.replay_window)
1710                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1711                 else
1712                         x->replay.bitmap = 1;
1713                 x->replay.seq = seq;
1714         } else {
1715                 diff = x->replay.seq - seq;
1716                 x->replay.bitmap |= (1U << diff);
1717         }
1718
1719         if (xfrm_aevent_is_on())
1720                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1721 }
1722
1723 static LIST_HEAD(xfrm_km_list);
1724 static DEFINE_RWLOCK(xfrm_km_lock);
1725
1726 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1727 {
1728         struct xfrm_mgr *km;
1729
1730         read_lock(&xfrm_km_lock);
1731         list_for_each_entry(km, &xfrm_km_list, list)
1732                 if (km->notify_policy)
1733                         km->notify_policy(xp, dir, c);
1734         read_unlock(&xfrm_km_lock);
1735 }
1736
1737 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1738 {
1739         struct xfrm_mgr *km;
1740         read_lock(&xfrm_km_lock);
1741         list_for_each_entry(km, &xfrm_km_list, list)
1742                 if (km->notify)
1743                         km->notify(x, c);
1744         read_unlock(&xfrm_km_lock);
1745 }
1746
1747 EXPORT_SYMBOL(km_policy_notify);
1748 EXPORT_SYMBOL(km_state_notify);
1749
1750 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1751 {
1752         struct km_event c;
1753
1754         c.data.hard = hard;
1755         c.pid = pid;
1756         c.event = XFRM_MSG_EXPIRE;
1757         km_state_notify(x, &c);
1758
1759         if (hard)
1760                 wake_up(&km_waitq);
1761 }
1762
1763 EXPORT_SYMBOL(km_state_expired);
1764 /*
1765  * We send to all registered managers regardless of failure
1766  * We are happy with one success
1767 */
1768 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1769 {
1770         int err = -EINVAL, acqret;
1771         struct xfrm_mgr *km;
1772
1773         read_lock(&xfrm_km_lock);
1774         list_for_each_entry(km, &xfrm_km_list, list) {
1775                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1776                 if (!acqret)
1777                         err = acqret;
1778         }
1779         read_unlock(&xfrm_km_lock);
1780         return err;
1781 }
1782 EXPORT_SYMBOL(km_query);
1783
1784 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1785 {
1786         int err = -EINVAL;
1787         struct xfrm_mgr *km;
1788
1789         read_lock(&xfrm_km_lock);
1790         list_for_each_entry(km, &xfrm_km_list, list) {
1791                 if (km->new_mapping)
1792                         err = km->new_mapping(x, ipaddr, sport);
1793                 if (!err)
1794                         break;
1795         }
1796         read_unlock(&xfrm_km_lock);
1797         return err;
1798 }
1799 EXPORT_SYMBOL(km_new_mapping);
1800
1801 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1802 {
1803         struct km_event c;
1804
1805         c.data.hard = hard;
1806         c.pid = pid;
1807         c.event = XFRM_MSG_POLEXPIRE;
1808         km_policy_notify(pol, dir, &c);
1809
1810         if (hard)
1811                 wake_up(&km_waitq);
1812 }
1813 EXPORT_SYMBOL(km_policy_expired);
1814
1815 #ifdef CONFIG_XFRM_MIGRATE
1816 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1817                struct xfrm_migrate *m, int num_migrate,
1818                struct xfrm_kmaddress *k)
1819 {
1820         int err = -EINVAL;
1821         int ret;
1822         struct xfrm_mgr *km;
1823
1824         read_lock(&xfrm_km_lock);
1825         list_for_each_entry(km, &xfrm_km_list, list) {
1826                 if (km->migrate) {
1827                         ret = km->migrate(sel, dir, type, m, num_migrate, k);
1828                         if (!ret)
1829                                 err = ret;
1830                 }
1831         }
1832         read_unlock(&xfrm_km_lock);
1833         return err;
1834 }
1835 EXPORT_SYMBOL(km_migrate);
1836 #endif
1837
1838 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1839 {
1840         int err = -EINVAL;
1841         int ret;
1842         struct xfrm_mgr *km;
1843
1844         read_lock(&xfrm_km_lock);
1845         list_for_each_entry(km, &xfrm_km_list, list) {
1846                 if (km->report) {
1847                         ret = km->report(proto, sel, addr);
1848                         if (!ret)
1849                                 err = ret;
1850                 }
1851         }
1852         read_unlock(&xfrm_km_lock);
1853         return err;
1854 }
1855 EXPORT_SYMBOL(km_report);
1856
1857 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1858 {
1859         int err;
1860         u8 *data;
1861         struct xfrm_mgr *km;
1862         struct xfrm_policy *pol = NULL;
1863
1864         if (optlen <= 0 || optlen > PAGE_SIZE)
1865                 return -EMSGSIZE;
1866
1867         data = kmalloc(optlen, GFP_KERNEL);
1868         if (!data)
1869                 return -ENOMEM;
1870
1871         err = -EFAULT;
1872         if (copy_from_user(data, optval, optlen))
1873                 goto out;
1874
1875         err = -EINVAL;
1876         read_lock(&xfrm_km_lock);
1877         list_for_each_entry(km, &xfrm_km_list, list) {
1878                 pol = km->compile_policy(sk, optname, data,
1879                                          optlen, &err);
1880                 if (err >= 0)
1881                         break;
1882         }
1883         read_unlock(&xfrm_km_lock);
1884
1885         if (err >= 0) {
1886                 xfrm_sk_policy_insert(sk, err, pol);
1887                 xfrm_pol_put(pol);
1888                 err = 0;
1889         }
1890
1891 out:
1892         kfree(data);
1893         return err;
1894 }
1895 EXPORT_SYMBOL(xfrm_user_policy);
1896
1897 int xfrm_register_km(struct xfrm_mgr *km)
1898 {
1899         write_lock_bh(&xfrm_km_lock);
1900         list_add_tail(&km->list, &xfrm_km_list);
1901         write_unlock_bh(&xfrm_km_lock);
1902         return 0;
1903 }
1904 EXPORT_SYMBOL(xfrm_register_km);
1905
1906 int xfrm_unregister_km(struct xfrm_mgr *km)
1907 {
1908         write_lock_bh(&xfrm_km_lock);
1909         list_del(&km->list);
1910         write_unlock_bh(&xfrm_km_lock);
1911         return 0;
1912 }
1913 EXPORT_SYMBOL(xfrm_unregister_km);
1914
1915 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1916 {
1917         int err = 0;
1918         if (unlikely(afinfo == NULL))
1919                 return -EINVAL;
1920         if (unlikely(afinfo->family >= NPROTO))
1921                 return -EAFNOSUPPORT;
1922         write_lock_bh(&xfrm_state_afinfo_lock);
1923         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1924                 err = -ENOBUFS;
1925         else
1926                 xfrm_state_afinfo[afinfo->family] = afinfo;
1927         write_unlock_bh(&xfrm_state_afinfo_lock);
1928         return err;
1929 }
1930 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1931
1932 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1933 {
1934         int err = 0;
1935         if (unlikely(afinfo == NULL))
1936                 return -EINVAL;
1937         if (unlikely(afinfo->family >= NPROTO))
1938                 return -EAFNOSUPPORT;
1939         write_lock_bh(&xfrm_state_afinfo_lock);
1940         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1941                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1942                         err = -EINVAL;
1943                 else
1944                         xfrm_state_afinfo[afinfo->family] = NULL;
1945         }
1946         write_unlock_bh(&xfrm_state_afinfo_lock);
1947         return err;
1948 }
1949 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1950
1951 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1952 {
1953         struct xfrm_state_afinfo *afinfo;
1954         if (unlikely(family >= NPROTO))
1955                 return NULL;
1956         read_lock(&xfrm_state_afinfo_lock);
1957         afinfo = xfrm_state_afinfo[family];
1958         if (unlikely(!afinfo))
1959                 read_unlock(&xfrm_state_afinfo_lock);
1960         return afinfo;
1961 }
1962
1963 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1964         __releases(xfrm_state_afinfo_lock)
1965 {
1966         read_unlock(&xfrm_state_afinfo_lock);
1967 }
1968
1969 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1970 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1971 {
1972         if (x->tunnel) {
1973                 struct xfrm_state *t = x->tunnel;
1974
1975                 if (atomic_read(&t->tunnel_users) == 2)
1976                         xfrm_state_delete(t);
1977                 atomic_dec(&t->tunnel_users);
1978                 xfrm_state_put(t);
1979                 x->tunnel = NULL;
1980         }
1981 }
1982 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1983
1984 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1985 {
1986         int res;
1987
1988         spin_lock_bh(&x->lock);
1989         if (x->km.state == XFRM_STATE_VALID &&
1990             x->type && x->type->get_mtu)
1991                 res = x->type->get_mtu(x, mtu);
1992         else
1993                 res = mtu - x->props.header_len;
1994         spin_unlock_bh(&x->lock);
1995         return res;
1996 }
1997
1998 int xfrm_init_state(struct xfrm_state *x)
1999 {
2000         struct xfrm_state_afinfo *afinfo;
2001         struct xfrm_mode *inner_mode;
2002         int family = x->props.family;
2003         int err;
2004
2005         err = -EAFNOSUPPORT;
2006         afinfo = xfrm_state_get_afinfo(family);
2007         if (!afinfo)
2008                 goto error;
2009
2010         err = 0;
2011         if (afinfo->init_flags)
2012                 err = afinfo->init_flags(x);
2013
2014         xfrm_state_put_afinfo(afinfo);
2015
2016         if (err)
2017                 goto error;
2018
2019         err = -EPROTONOSUPPORT;
2020
2021         if (x->sel.family != AF_UNSPEC) {
2022                 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2023                 if (inner_mode == NULL)
2024                         goto error;
2025
2026                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2027                     family != x->sel.family) {
2028                         xfrm_put_mode(inner_mode);
2029                         goto error;
2030                 }
2031
2032                 x->inner_mode = inner_mode;
2033         } else {
2034                 struct xfrm_mode *inner_mode_iaf;
2035
2036                 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2037                 if (inner_mode == NULL)
2038                         goto error;
2039
2040                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2041                         xfrm_put_mode(inner_mode);
2042                         goto error;
2043                 }
2044
2045                 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2046                 if (inner_mode_iaf == NULL)
2047                         goto error;
2048
2049                 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2050                         xfrm_put_mode(inner_mode_iaf);
2051                         goto error;
2052                 }
2053
2054                 if (x->props.family == AF_INET) {
2055                         x->inner_mode = inner_mode;
2056                         x->inner_mode_iaf = inner_mode_iaf;
2057                 } else {
2058                         x->inner_mode = inner_mode_iaf;
2059                         x->inner_mode_iaf = inner_mode;
2060                 }
2061         }
2062
2063         x->type = xfrm_get_type(x->id.proto, family);
2064         if (x->type == NULL)
2065                 goto error;
2066
2067         err = x->type->init_state(x);
2068         if (err)
2069                 goto error;
2070
2071         x->outer_mode = xfrm_get_mode(x->props.mode, family);
2072         if (x->outer_mode == NULL)
2073                 goto error;
2074
2075         x->km.state = XFRM_STATE_VALID;
2076
2077 error:
2078         return err;
2079 }
2080
2081 EXPORT_SYMBOL(xfrm_init_state);
2082
2083 int __net_init xfrm_state_init(struct net *net)
2084 {
2085         unsigned int sz;
2086
2087         INIT_LIST_HEAD(&net->xfrm.state_all);
2088
2089         sz = sizeof(struct hlist_head) * 8;
2090
2091         xfrm_state_bydst = xfrm_hash_alloc(sz);
2092         xfrm_state_bysrc = xfrm_hash_alloc(sz);
2093         xfrm_state_byspi = xfrm_hash_alloc(sz);
2094         if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
2095                 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
2096         xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2097
2098         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
2099         return 0;
2100 }
2101
2102 void xfrm_state_fini(struct net *net)
2103 {
2104         WARN_ON(!list_empty(&net->xfrm.state_all));
2105 }
2106
2107 #ifdef CONFIG_AUDITSYSCALL
2108 static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2109                                      struct audit_buffer *audit_buf)
2110 {
2111         struct xfrm_sec_ctx *ctx = x->security;
2112         u32 spi = ntohl(x->id.spi);
2113
2114         if (ctx)
2115                 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2116                                  ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2117
2118         switch(x->props.family) {
2119         case AF_INET:
2120                 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2121                                  &x->props.saddr.a4, &x->id.daddr.a4);
2122                 break;
2123         case AF_INET6:
2124                 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
2125                                  x->props.saddr.a6, x->id.daddr.a6);
2126                 break;
2127         }
2128
2129         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2130 }
2131
2132 static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2133                                       struct audit_buffer *audit_buf)
2134 {
2135         struct iphdr *iph4;
2136         struct ipv6hdr *iph6;
2137
2138         switch (family) {
2139         case AF_INET:
2140                 iph4 = ip_hdr(skb);
2141                 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2142                                  &iph4->saddr, &iph4->daddr);
2143                 break;
2144         case AF_INET6:
2145                 iph6 = ipv6_hdr(skb);
2146                 audit_log_format(audit_buf,
2147                                  " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
2148                                  &iph6->saddr,&iph6->daddr,
2149                                  iph6->flow_lbl[0] & 0x0f,
2150                                  iph6->flow_lbl[1],
2151                                  iph6->flow_lbl[2]);
2152                 break;
2153         }
2154 }
2155
2156 void xfrm_audit_state_add(struct xfrm_state *x, int result,
2157                           uid_t auid, u32 sessionid, u32 secid)
2158 {
2159         struct audit_buffer *audit_buf;
2160
2161         audit_buf = xfrm_audit_start("SAD-add");
2162         if (audit_buf == NULL)
2163                 return;
2164         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2165         xfrm_audit_helper_sainfo(x, audit_buf);
2166         audit_log_format(audit_buf, " res=%u", result);
2167         audit_log_end(audit_buf);
2168 }
2169 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2170
2171 void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2172                              uid_t auid, u32 sessionid, u32 secid)
2173 {
2174         struct audit_buffer *audit_buf;
2175
2176         audit_buf = xfrm_audit_start("SAD-delete");
2177         if (audit_buf == NULL)
2178                 return;
2179         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2180         xfrm_audit_helper_sainfo(x, audit_buf);
2181         audit_log_format(audit_buf, " res=%u", result);
2182         audit_log_end(audit_buf);
2183 }
2184 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2185
2186 void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2187                                       struct sk_buff *skb)
2188 {
2189         struct audit_buffer *audit_buf;
2190         u32 spi;
2191
2192         audit_buf = xfrm_audit_start("SA-replay-overflow");
2193         if (audit_buf == NULL)
2194                 return;
2195         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2196         /* don't record the sequence number because it's inherent in this kind
2197          * of audit message */
2198         spi = ntohl(x->id.spi);
2199         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2200         audit_log_end(audit_buf);
2201 }
2202 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2203
2204 static void xfrm_audit_state_replay(struct xfrm_state *x,
2205                              struct sk_buff *skb, __be32 net_seq)
2206 {
2207         struct audit_buffer *audit_buf;
2208         u32 spi;
2209
2210         audit_buf = xfrm_audit_start("SA-replayed-pkt");
2211         if (audit_buf == NULL)
2212                 return;
2213         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2214         spi = ntohl(x->id.spi);
2215         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2216                          spi, spi, ntohl(net_seq));
2217         audit_log_end(audit_buf);
2218 }
2219
2220 void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2221 {
2222         struct audit_buffer *audit_buf;
2223
2224         audit_buf = xfrm_audit_start("SA-notfound");
2225         if (audit_buf == NULL)
2226                 return;
2227         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2228         audit_log_end(audit_buf);
2229 }
2230 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2231
2232 void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2233                                __be32 net_spi, __be32 net_seq)
2234 {
2235         struct audit_buffer *audit_buf;
2236         u32 spi;
2237
2238         audit_buf = xfrm_audit_start("SA-notfound");
2239         if (audit_buf == NULL)
2240                 return;
2241         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2242         spi = ntohl(net_spi);
2243         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2244                          spi, spi, ntohl(net_seq));
2245         audit_log_end(audit_buf);
2246 }
2247 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2248
2249 void xfrm_audit_state_icvfail(struct xfrm_state *x,
2250                               struct sk_buff *skb, u8 proto)
2251 {
2252         struct audit_buffer *audit_buf;
2253         __be32 net_spi;
2254         __be32 net_seq;
2255
2256         audit_buf = xfrm_audit_start("SA-icv-failure");
2257         if (audit_buf == NULL)
2258                 return;
2259         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2260         if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2261                 u32 spi = ntohl(net_spi);
2262                 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2263                                  spi, spi, ntohl(net_seq));
2264         }
2265         audit_log_end(audit_buf);
2266 }
2267 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2268 #endif /* CONFIG_AUDITSYSCALL */
Unnamed repository; edit this file 'description' to name the repository.