net/xfrm/xfrm_state.c

   1 /*
   2  * xfrm_state.c
   3  *
   4  * Changes:
   5  *      Mitsuru KANDA @USAGI
   6  *      Kazunori MIYAZAWA @USAGI
   7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
   8  *              IPv6 support
   9  *      YOSHIFUJI Hideaki @USAGI
  10  *              Split up af-specific functions
  11  *      Derek Atkins <derek@ihtfp.com>
  12  *              Add UDP Encapsulation
  13  *
  14  */
  15
  16 #include <linux/workqueue.h>
  17 #include <net/xfrm.h>
  18 #include <linux/pfkeyv2.h>
  19 #include <linux/ipsec.h>
  20 #include <linux/module.h>
  21 #include <linux/cache.h>
  22 #include <asm/uaccess.h>
  23 #include <linux/audit.h>
  24
  25 #include "xfrm_hash.h"
  26
  27 struct sock *xfrm_nl;
  28 EXPORT_SYMBOL(xfrm_nl);
  29
  30 u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME;
  31 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
  32
  33 u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE;
  34 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
  35
  36 /* Each xfrm_state may be linked to two tables:
  37
  38    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
  39    2. Hash table by (daddr,family,reqid) to find what SAs exist for given
  40       destination/tunnel endpoint. (output)
  41  */
  42
  43 static DEFINE_SPINLOCK(xfrm_state_lock);
  44
  45 /* Hash table to find appropriate SA towards given target (endpoint
  46  * of tunnel or destination of transport mode) allowed by selector.
  47  *
  48  * Main use is finding SA after policy selected tunnel or transport mode.
  49  * Also, it can be used by ah/esp icmp error handler to find offending SA.
  50  */
  51 static struct hlist_head *xfrm_state_bydst __read_mostly;
  52 static struct hlist_head *xfrm_state_bysrc __read_mostly;
  53 static struct hlist_head *xfrm_state_byspi __read_mostly;
  54 static unsigned int xfrm_state_hmask __read_mostly;
  55 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
  56 static unsigned int xfrm_state_num;
  57 static unsigned int xfrm_state_genid;
  58
  59 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
  60                                          xfrm_address_t *saddr,
  61                                          u32 reqid,
  62                                          unsigned short family)
  63 {
  64         return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
  65 }
  66
  67 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
  68                                          xfrm_address_t *saddr,
  69                                          unsigned short family)
  70 {
  71         return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
  72 }
  73
  74 static inline unsigned int
  75 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
  76 {
  77         return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
  78 }
  79
  80 static void xfrm_hash_transfer(struct hlist_head *list,
  81                                struct hlist_head *ndsttable,
  82                                struct hlist_head *nsrctable,
  83                                struct hlist_head *nspitable,
  84                                unsigned int nhashmask)
  85 {
  86         struct hlist_node *entry, *tmp;
  87         struct xfrm_state *x;
  88
  89         hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
  90                 unsigned int h;
  91
  92                 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
  93                                     x->props.reqid, x->props.family,
  94                                     nhashmask);
  95                 hlist_add_head(&x->bydst, ndsttable+h);
  96
  97                 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
  98                                     x->props.family,
  99                                     nhashmask);
 100                 hlist_add_head(&x->bysrc, nsrctable+h);
 101
 102                 if (x->id.spi) {
 103                         h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
 104                                             x->id.proto, x->props.family,
 105                                             nhashmask);
 106                         hlist_add_head(&x->byspi, nspitable+h);
 107                 }
 108         }
 109 }
 110
 111 static unsigned long xfrm_hash_new_size(void)
 112 {
 113         return ((xfrm_state_hmask + 1) << 1) *
 114                 sizeof(struct hlist_head);
 115 }
 116
 117 static DEFINE_MUTEX(hash_resize_mutex);
 118
 119 static void xfrm_hash_resize(struct work_struct *__unused)
 120 {
 121         struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
 122         unsigned long nsize, osize;
 123         unsigned int nhashmask, ohashmask;
 124         int i;
 125
 126         mutex_lock(&hash_resize_mutex);
 127
 128         nsize = xfrm_hash_new_size();
 129         ndst = xfrm_hash_alloc(nsize);
 130         if (!ndst)
 131                 goto out_unlock;
 132         nsrc = xfrm_hash_alloc(nsize);
 133         if (!nsrc) {
 134                 xfrm_hash_free(ndst, nsize);
 135                 goto out_unlock;
 136         }
 137         nspi = xfrm_hash_alloc(nsize);
 138         if (!nspi) {
 139                 xfrm_hash_free(ndst, nsize);
 140                 xfrm_hash_free(nsrc, nsize);
 141                 goto out_unlock;
 142         }
 143
 144         spin_lock_bh(&xfrm_state_lock);
 145
 146         nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
 147         for (i = xfrm_state_hmask; i >= 0; i--)
 148                 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
 149                                    nhashmask);
 150
 151         odst = xfrm_state_bydst;
 152         osrc = xfrm_state_bysrc;
 153         ospi = xfrm_state_byspi;
 154         ohashmask = xfrm_state_hmask;
 155
 156         xfrm_state_bydst = ndst;
 157         xfrm_state_bysrc = nsrc;
 158         xfrm_state_byspi = nspi;
 159         xfrm_state_hmask = nhashmask;
 160
 161         spin_unlock_bh(&xfrm_state_lock);
 162
 163         osize = (ohashmask + 1) * sizeof(struct hlist_head);
 164         xfrm_hash_free(odst, osize);
 165         xfrm_hash_free(osrc, osize);
 166         xfrm_hash_free(ospi, osize);
 167
 168 out_unlock:
 169         mutex_unlock(&hash_resize_mutex);
 170 }
 171
 172 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
 173
 174 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
 175 EXPORT_SYMBOL(km_waitq);
 176
 177 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
 178 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
 179
 180 static struct work_struct xfrm_state_gc_work;
 181 static HLIST_HEAD(xfrm_state_gc_list);
 182 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
 183
 184 int __xfrm_state_delete(struct xfrm_state *x);
 185
 186 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
 187 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
 188
 189 static void xfrm_state_gc_destroy(struct xfrm_state *x)
 190 {
 191         del_timer_sync(&x->timer);
 192         del_timer_sync(&x->rtimer);
 193         kfree(x->aalg);
 194         kfree(x->ealg);
 195         kfree(x->calg);
 196         kfree(x->encap);
 197         kfree(x->coaddr);
 198         if (x->mode)
 199                 xfrm_put_mode(x->mode);
 200         if (x->type) {
 201                 x->type->destructor(x);
 202                 xfrm_put_type(x->type);
 203         }
 204         security_xfrm_state_free(x);
 205         kfree(x);
 206 }
 207
 208 static void xfrm_state_gc_task(struct work_struct *data)
 209 {
 210         struct xfrm_state *x;
 211         struct hlist_node *entry, *tmp;
 212         struct hlist_head gc_list;
 213
 214         spin_lock_bh(&xfrm_state_gc_lock);
 215         gc_list.first = xfrm_state_gc_list.first;
 216         INIT_HLIST_HEAD(&xfrm_state_gc_list);
 217         spin_unlock_bh(&xfrm_state_gc_lock);
 218
 219         hlist_for_each_entry_safe(x, entry, tmp, &gc_list, bydst)
 220                 xfrm_state_gc_destroy(x);
 221
 222         wake_up(&km_waitq);
 223 }
 224
 225 static inline unsigned long make_jiffies(long secs)
 226 {
 227         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
 228                 return MAX_SCHEDULE_TIMEOUT-1;
 229         else
 230                 return secs*HZ;
 231 }
 232
 233 static void xfrm_timer_handler(unsigned long data)
 234 {
 235         struct xfrm_state *x = (struct xfrm_state*)data;
 236         unsigned long now = (unsigned long)xtime.tv_sec;
 237         long next = LONG_MAX;
 238         int warn = 0;
 239         int err = 0;
 240
 241         spin_lock(&x->lock);
 242         if (x->km.state == XFRM_STATE_DEAD)
 243                 goto out;
 244         if (x->km.state == XFRM_STATE_EXPIRED)
 245                 goto expired;
 246         if (x->lft.hard_add_expires_seconds) {
 247                 long tmo = x->lft.hard_add_expires_seconds +
 248                         x->curlft.add_time - now;
 249                 if (tmo <= 0)
 250                         goto expired;
 251                 if (tmo < next)
 252                         next = tmo;
 253         }
 254         if (x->lft.hard_use_expires_seconds) {
 255                 long tmo = x->lft.hard_use_expires_seconds +
 256                         (x->curlft.use_time ? : now) - now;
 257                 if (tmo <= 0)
 258                         goto expired;
 259                 if (tmo < next)
 260                         next = tmo;
 261         }
 262         if (x->km.dying)
 263                 goto resched;
 264         if (x->lft.soft_add_expires_seconds) {
 265                 long tmo = x->lft.soft_add_expires_seconds +
 266                         x->curlft.add_time - now;
 267                 if (tmo <= 0)
 268                         warn = 1;
 269                 else if (tmo < next)
 270                         next = tmo;
 271         }
 272         if (x->lft.soft_use_expires_seconds) {
 273                 long tmo = x->lft.soft_use_expires_seconds +
 274                         (x->curlft.use_time ? : now) - now;
 275                 if (tmo <= 0)
 276                         warn = 1;
 277                 else if (tmo < next)
 278                         next = tmo;
 279         }
 280
 281         x->km.dying = warn;
 282         if (warn)
 283                 km_state_expired(x, 0, 0);
 284 resched:
 285         if (next != LONG_MAX)
 286                 mod_timer(&x->timer, jiffies + make_jiffies(next));
 287
 288         goto out;
 289
 290 expired:
 291         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
 292                 x->km.state = XFRM_STATE_EXPIRED;
 293                 wake_up(&km_waitq);
 294                 next = 2;
 295                 goto resched;
 296         }
 297
 298         err = __xfrm_state_delete(x);
 299         if (!err && x->id.spi)
 300                 km_state_expired(x, 1, 0);
 301
 302         xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
 303                        AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x);
 304
 305 out:
 306         spin_unlock(&x->lock);
 307 }
 308
 309 static void xfrm_replay_timer_handler(unsigned long data);
 310
 311 struct xfrm_state *xfrm_state_alloc(void)
 312 {
 313         struct xfrm_state *x;
 314
 315         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
 316
 317         if (x) {
 318                 atomic_set(&x->refcnt, 1);
 319                 atomic_set(&x->tunnel_users, 0);
 320                 INIT_HLIST_NODE(&x->bydst);
 321                 INIT_HLIST_NODE(&x->bysrc);
 322                 INIT_HLIST_NODE(&x->byspi);
 323                 init_timer(&x->timer);
 324                 x->timer.function = xfrm_timer_handler;
 325                 x->timer.data     = (unsigned long)x;
 326                 init_timer(&x->rtimer);
 327                 x->rtimer.function = xfrm_replay_timer_handler;
 328                 x->rtimer.data     = (unsigned long)x;
 329                 x->curlft.add_time = (unsigned long)xtime.tv_sec;
 330                 x->lft.soft_byte_limit = XFRM_INF;
 331                 x->lft.soft_packet_limit = XFRM_INF;
 332                 x->lft.hard_byte_limit = XFRM_INF;
 333                 x->lft.hard_packet_limit = XFRM_INF;
 334                 x->replay_maxage = 0;
 335                 x->replay_maxdiff = 0;
 336                 spin_lock_init(&x->lock);
 337         }
 338         return x;
 339 }
 340 EXPORT_SYMBOL(xfrm_state_alloc);
 341
 342 void __xfrm_state_destroy(struct xfrm_state *x)
 343 {
 344         BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
 345
 346         spin_lock_bh(&xfrm_state_gc_lock);
 347         hlist_add_head(&x->bydst, &xfrm_state_gc_list);
 348         spin_unlock_bh(&xfrm_state_gc_lock);
 349         schedule_work(&xfrm_state_gc_work);
 350 }
 351 EXPORT_SYMBOL(__xfrm_state_destroy);
 352
 353 int __xfrm_state_delete(struct xfrm_state *x)
 354 {
 355         int err = -ESRCH;
 356
 357         if (x->km.state != XFRM_STATE_DEAD) {
 358                 x->km.state = XFRM_STATE_DEAD;
 359                 spin_lock(&xfrm_state_lock);
 360                 hlist_del(&x->bydst);
 361                 hlist_del(&x->bysrc);
 362                 if (x->id.spi)
 363                         hlist_del(&x->byspi);
 364                 xfrm_state_num--;
 365                 spin_unlock(&xfrm_state_lock);
 366
 367                 /* All xfrm_state objects are created by xfrm_state_alloc.
 368                  * The xfrm_state_alloc call gives a reference, and that
 369                  * is what we are dropping here.
 370                  */
 371                 __xfrm_state_put(x);
 372                 err = 0;
 373         }
 374
 375         return err;
 376 }
 377 EXPORT_SYMBOL(__xfrm_state_delete);
 378
 379 int xfrm_state_delete(struct xfrm_state *x)
 380 {
 381         int err;
 382
 383         spin_lock_bh(&x->lock);
 384         err = __xfrm_state_delete(x);
 385         spin_unlock_bh(&x->lock);
 386
 387         return err;
 388 }
 389 EXPORT_SYMBOL(xfrm_state_delete);
 390
 391 void xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
 392 {
 393         int i;
 394         int err = 0;
 395
 396         spin_lock_bh(&xfrm_state_lock);
 397         for (i = 0; i <= xfrm_state_hmask; i++) {
 398                 struct hlist_node *entry;
 399                 struct xfrm_state *x;
 400 restart:
 401                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
 402                         if (!xfrm_state_kern(x) &&
 403                             xfrm_id_proto_match(x->id.proto, proto)) {
 404                                 xfrm_state_hold(x);
 405                                 spin_unlock_bh(&xfrm_state_lock);
 406
 407                                 err = xfrm_state_delete(x);
 408                                 xfrm_audit_log(audit_info->loginuid,
 409                                                audit_info->secid,
 410                                                AUDIT_MAC_IPSEC_DELSA,
 411                                                err ? 0 : 1, NULL, x);
 412                                 xfrm_state_put(x);
 413
 414                                 spin_lock_bh(&xfrm_state_lock);
 415                                 goto restart;
 416                         }
 417                 }
 418         }
 419         spin_unlock_bh(&xfrm_state_lock);
 420         wake_up(&km_waitq);
 421 }
 422 EXPORT_SYMBOL(xfrm_state_flush);
 423
 424 static int
 425 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
 426                   struct xfrm_tmpl *tmpl,
 427                   xfrm_address_t *daddr, xfrm_address_t *saddr,
 428                   unsigned short family)
 429 {
 430         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
 431         if (!afinfo)
 432                 return -1;
 433         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
 434         xfrm_state_put_afinfo(afinfo);
 435         return 0;
 436 }
 437
 438 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
 439 {
 440         unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
 441         struct xfrm_state *x;
 442         struct hlist_node *entry;
 443
 444         hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
 445                 if (x->props.family != family ||
 446                     x->id.spi       != spi ||
 447                     x->id.proto     != proto)
 448                         continue;
 449
 450                 switch (family) {
 451                 case AF_INET:
 452                         if (x->id.daddr.a4 != daddr->a4)
 453                                 continue;
 454                         break;
 455                 case AF_INET6:
 456                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
 457                                              (struct in6_addr *)
 458                                              x->id.daddr.a6))
 459                                 continue;
 460                         break;
 461                 };
 462
 463                 xfrm_state_hold(x);
 464                 return x;
 465         }
 466
 467         return NULL;
 468 }
 469
 470 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
 471 {
 472         unsigned int h = xfrm_src_hash(daddr, saddr, family);
 473         struct xfrm_state *x;
 474         struct hlist_node *entry;
 475
 476         hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
 477                 if (x->props.family != family ||
 478                     x->id.proto     != proto)
 479                         continue;
 480
 481                 switch (family) {
 482                 case AF_INET:
 483                         if (x->id.daddr.a4 != daddr->a4 ||
 484                             x->props.saddr.a4 != saddr->a4)
 485                                 continue;
 486                         break;
 487                 case AF_INET6:
 488                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
 489                                              (struct in6_addr *)
 490                                              x->id.daddr.a6) ||
 491                             !ipv6_addr_equal((struct in6_addr *)saddr,
 492                                              (struct in6_addr *)
 493                                              x->props.saddr.a6))
 494                                 continue;
 495                         break;
 496                 };
 497
 498                 xfrm_state_hold(x);
 499                 return x;
 500         }
 501
 502         return NULL;
 503 }
 504
 505 static inline struct xfrm_state *
 506 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
 507 {
 508         if (use_spi)
 509                 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
 510                                            x->id.proto, family);
 511         else
 512                 return __xfrm_state_lookup_byaddr(&x->id.daddr,
 513                                                   &x->props.saddr,
 514                                                   x->id.proto, family);
 515 }
 516
 517 static void xfrm_hash_grow_check(int have_hash_collision)
 518 {
 519         if (have_hash_collision &&
 520             (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
 521             xfrm_state_num > xfrm_state_hmask)
 522                 schedule_work(&xfrm_hash_work);
 523 }
 524
 525 struct xfrm_state *
 526 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
 527                 struct flowi *fl, struct xfrm_tmpl *tmpl,
 528                 struct xfrm_policy *pol, int *err,
 529                 unsigned short family)
 530 {
 531         unsigned int h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
 532         struct hlist_node *entry;
 533         struct xfrm_state *x, *x0;
 534         int acquire_in_progress = 0;
 535         int error = 0;
 536         struct xfrm_state *best = NULL;
 537
 538         spin_lock_bh(&xfrm_state_lock);
 539         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
 540                 if (x->props.family == family &&
 541                     x->props.reqid == tmpl->reqid &&
 542                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
 543                     xfrm_state_addr_check(x, daddr, saddr, family) &&
 544                     tmpl->mode == x->props.mode &&
 545                     tmpl->id.proto == x->id.proto &&
 546                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
 547                         /* Resolution logic:
 548                            1. There is a valid state with matching selector.
 549                               Done.
 550                            2. Valid state with inappropriate selector. Skip.
 551
 552                            Entering area of "sysdeps".
 553
 554                            3. If state is not valid, selector is temporary,
 555                               it selects only session which triggered
 556                               previous resolution. Key manager will do
 557                               something to install a state with proper
 558                               selector.
 559                          */
 560                         if (x->km.state == XFRM_STATE_VALID) {
 561                                 if (!xfrm_selector_match(&x->sel, fl, family) ||
 562                                     !security_xfrm_state_pol_flow_match(x, pol, fl))
 563                                         continue;
 564                                 if (!best ||
 565                                     best->km.dying > x->km.dying ||
 566                                     (best->km.dying == x->km.dying &&
 567                                      best->curlft.add_time < x->curlft.add_time))
 568                                         best = x;
 569                         } else if (x->km.state == XFRM_STATE_ACQ) {
 570                                 acquire_in_progress = 1;
 571                         } else if (x->km.state == XFRM_STATE_ERROR ||
 572                                    x->km.state == XFRM_STATE_EXPIRED) {
 573                                 if (xfrm_selector_match(&x->sel, fl, family) &&
 574                                     security_xfrm_state_pol_flow_match(x, pol, fl))
 575                                         error = -ESRCH;
 576                         }
 577                 }
 578         }
 579
 580         x = best;
 581         if (!x && !error && !acquire_in_progress) {
 582                 if (tmpl->id.spi &&
 583                     (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
 584                                               tmpl->id.proto, family)) != NULL) {
 585                         xfrm_state_put(x0);
 586                         error = -EEXIST;
 587                         goto out;
 588                 }
 589                 x = xfrm_state_alloc();
 590                 if (x == NULL) {
 591                         error = -ENOMEM;
 592                         goto out;
 593                 }
 594                 /* Initialize temporary selector matching only
 595                  * to current session. */
 596                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
 597
 598                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
 599                 if (error) {
 600                         x->km.state = XFRM_STATE_DEAD;
 601                         xfrm_state_put(x);
 602                         x = NULL;
 603                         goto out;
 604                 }
 605
 606                 if (km_query(x, tmpl, pol) == 0) {
 607                         x->km.state = XFRM_STATE_ACQ;
 608                         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
 609                         h = xfrm_src_hash(daddr, saddr, family);
 610                         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
 611                         if (x->id.spi) {
 612                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
 613                                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
 614                         }
 615                         x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
 616                         x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
 617                         add_timer(&x->timer);
 618                         xfrm_state_num++;
 619                         xfrm_hash_grow_check(x->bydst.next != NULL);
 620                 } else {
 621                         x->km.state = XFRM_STATE_DEAD;
 622                         xfrm_state_put(x);
 623                         x = NULL;
 624                         error = -ESRCH;
 625                 }
 626         }
 627 out:
 628         if (x)
 629                 xfrm_state_hold(x);
 630         else
 631                 *err = acquire_in_progress ? -EAGAIN : error;
 632         spin_unlock_bh(&xfrm_state_lock);
 633         return x;
 634 }
 635
 636 static void __xfrm_state_insert(struct xfrm_state *x)
 637 {
 638         unsigned int h;
 639
 640         x->genid = ++xfrm_state_genid;
 641
 642         h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
 643                           x->props.reqid, x->props.family);
 644         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
 645
 646         h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
 647         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
 648
 649         if (x->id.spi) {
 650                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
 651                                   x->props.family);
 652
 653                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
 654         }
 655
 656         mod_timer(&x->timer, jiffies + HZ);
 657         if (x->replay_maxage)
 658                 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
 659
 660         wake_up(&km_waitq);
 661
 662         xfrm_state_num++;
 663
 664         xfrm_hash_grow_check(x->bydst.next != NULL);
 665 }
 666
 667 /* xfrm_state_lock is held */
 668 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
 669 {
 670         unsigned short family = xnew->props.family;
 671         u32 reqid = xnew->props.reqid;
 672         struct xfrm_state *x;
 673         struct hlist_node *entry;
 674         unsigned int h;
 675
 676         h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
 677         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
 678                 if (x->props.family     == family &&
 679                     x->props.reqid      == reqid &&
 680                     !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
 681                     !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
 682                         x->genid = xfrm_state_genid;
 683         }
 684 }
 685
 686 void xfrm_state_insert(struct xfrm_state *x)
 687 {
 688         spin_lock_bh(&xfrm_state_lock);
 689         __xfrm_state_bump_genids(x);
 690         __xfrm_state_insert(x);
 691         spin_unlock_bh(&xfrm_state_lock);
 692 }
 693 EXPORT_SYMBOL(xfrm_state_insert);
 694
 695 /* xfrm_state_lock is held */
 696 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
 697 {
 698         unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
 699         struct hlist_node *entry;
 700         struct xfrm_state *x;
 701
 702         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
 703                 if (x->props.reqid  != reqid ||
 704                     x->props.mode   != mode ||
 705                     x->props.family != family ||
 706                     x->km.state     != XFRM_STATE_ACQ ||
 707                     x->id.spi       != 0)
 708                         continue;
 709
 710                 switch (family) {
 711                 case AF_INET:
 712                         if (x->id.daddr.a4    != daddr->a4 ||
 713                             x->props.saddr.a4 != saddr->a4)
 714                                 continue;
 715                         break;
 716                 case AF_INET6:
 717                         if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
 718                                              (struct in6_addr *)daddr) ||
 719                             !ipv6_addr_equal((struct in6_addr *)
 720                                              x->props.saddr.a6,
 721                                              (struct in6_addr *)saddr))
 722                                 continue;
 723                         break;
 724                 };
 725
 726                 xfrm_state_hold(x);
 727                 return x;
 728         }
 729
 730         if (!create)
 731                 return NULL;
 732
 733         x = xfrm_state_alloc();
 734         if (likely(x)) {
 735                 switch (family) {
 736                 case AF_INET:
 737                         x->sel.daddr.a4 = daddr->a4;
 738                         x->sel.saddr.a4 = saddr->a4;
 739                         x->sel.prefixlen_d = 32;
 740                         x->sel.prefixlen_s = 32;
 741                         x->props.saddr.a4 = saddr->a4;
 742                         x->id.daddr.a4 = daddr->a4;
 743                         break;
 744
 745                 case AF_INET6:
 746                         ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
 747                                        (struct in6_addr *)daddr);
 748                         ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
 749                                        (struct in6_addr *)saddr);
 750                         x->sel.prefixlen_d = 128;
 751                         x->sel.prefixlen_s = 128;
 752                         ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
 753                                        (struct in6_addr *)saddr);
 754                         ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
 755                                        (struct in6_addr *)daddr);
 756                         break;
 757                 };
 758
 759                 x->km.state = XFRM_STATE_ACQ;
 760                 x->id.proto = proto;
 761                 x->props.family = family;
 762                 x->props.mode = mode;
 763                 x->props.reqid = reqid;
 764                 x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
 765                 xfrm_state_hold(x);
 766                 x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
 767                 add_timer(&x->timer);
 768                 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
 769                 h = xfrm_src_hash(daddr, saddr, family);
 770                 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
 771                 wake_up(&km_waitq);
 772
 773                 xfrm_state_num++;
 774
 775                 xfrm_hash_grow_check(x->bydst.next != NULL);
 776         }
 777
 778         return x;
 779 }
 780
 781 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
 782
 783 int xfrm_state_add(struct xfrm_state *x)
 784 {
 785         struct xfrm_state *x1;
 786         int family;
 787         int err;
 788         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
 789
 790         family = x->props.family;
 791
 792         spin_lock_bh(&xfrm_state_lock);
 793
 794         x1 = __xfrm_state_locate(x, use_spi, family);
 795         if (x1) {
 796                 xfrm_state_put(x1);
 797                 x1 = NULL;
 798                 err = -EEXIST;
 799                 goto out;
 800         }
 801
 802         if (use_spi && x->km.seq) {
 803                 x1 = __xfrm_find_acq_byseq(x->km.seq);
 804                 if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
 805                         xfrm_state_put(x1);
 806                         x1 = NULL;
 807                 }
 808         }
 809
 810         if (use_spi && !x1)
 811                 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
 812                                      x->id.proto,
 813                                      &x->id.daddr, &x->props.saddr, 0);
 814
 815         __xfrm_state_bump_genids(x);
 816         __xfrm_state_insert(x);
 817         err = 0;
 818
 819 out:
 820         spin_unlock_bh(&xfrm_state_lock);
 821
 822         if (x1) {
 823                 xfrm_state_delete(x1);
 824                 xfrm_state_put(x1);
 825         }
 826
 827         return err;
 828 }
 829 EXPORT_SYMBOL(xfrm_state_add);
 830
 831 int xfrm_state_update(struct xfrm_state *x)
 832 {
 833         struct xfrm_state *x1;
 834         int err;
 835         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
 836
 837         spin_lock_bh(&xfrm_state_lock);
 838         x1 = __xfrm_state_locate(x, use_spi, x->props.family);
 839
 840         err = -ESRCH;
 841         if (!x1)
 842                 goto out;
 843
 844         if (xfrm_state_kern(x1)) {
 845                 xfrm_state_put(x1);
 846                 err = -EEXIST;
 847                 goto out;
 848         }
 849
 850         if (x1->km.state == XFRM_STATE_ACQ) {
 851                 __xfrm_state_insert(x);
 852                 x = NULL;
 853         }
 854         err = 0;
 855
 856 out:
 857         spin_unlock_bh(&xfrm_state_lock);
 858
 859         if (err)
 860                 return err;
 861
 862         if (!x) {
 863                 xfrm_state_delete(x1);
 864                 xfrm_state_put(x1);
 865                 return 0;
 866         }
 867
 868         err = -EINVAL;
 869         spin_lock_bh(&x1->lock);
 870         if (likely(x1->km.state == XFRM_STATE_VALID)) {
 871                 if (x->encap && x1->encap)
 872                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
 873                 if (x->coaddr && x1->coaddr) {
 874                         memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
 875                 }
 876                 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
 877                         memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
 878                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
 879                 x1->km.dying = 0;
 880
 881                 mod_timer(&x1->timer, jiffies + HZ);
 882                 if (x1->curlft.use_time)
 883                         xfrm_state_check_expire(x1);
 884
 885                 err = 0;
 886         }
 887         spin_unlock_bh(&x1->lock);
 888
 889         xfrm_state_put(x1);
 890
 891         return err;
 892 }
 893 EXPORT_SYMBOL(xfrm_state_update);
 894
 895 int xfrm_state_check_expire(struct xfrm_state *x)
 896 {
 897         if (!x->curlft.use_time)
 898                 x->curlft.use_time = (unsigned long)xtime.tv_sec;
 899
 900         if (x->km.state != XFRM_STATE_VALID)
 901                 return -EINVAL;
 902
 903         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
 904             x->curlft.packets >= x->lft.hard_packet_limit) {
 905                 x->km.state = XFRM_STATE_EXPIRED;
 906                 mod_timer(&x->timer, jiffies);
 907                 return -EINVAL;
 908         }
 909
 910         if (!x->km.dying &&
 911             (x->curlft.bytes >= x->lft.soft_byte_limit ||
 912              x->curlft.packets >= x->lft.soft_packet_limit)) {
 913                 x->km.dying = 1;
 914                 km_state_expired(x, 0, 0);
 915         }
 916         return 0;
 917 }
 918 EXPORT_SYMBOL(xfrm_state_check_expire);
 919
 920 static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
 921 {
 922         int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev)
 923                 - skb_headroom(skb);
 924
 925         if (nhead > 0)
 926                 return pskb_expand_head(skb, nhead, 0, GFP_ATOMIC);
 927
 928         /* Check tail too... */
 929         return 0;
 930 }
 931
 932 int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
 933 {
 934         int err = xfrm_state_check_expire(x);
 935         if (err < 0)
 936                 goto err;
 937         err = xfrm_state_check_space(x, skb);
 938 err:
 939         return err;
 940 }
 941 EXPORT_SYMBOL(xfrm_state_check);
 942
 943 struct xfrm_state *
 944 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
 945                   unsigned short family)
 946 {
 947         struct xfrm_state *x;
 948
 949         spin_lock_bh(&xfrm_state_lock);
 950         x = __xfrm_state_lookup(daddr, spi, proto, family);
 951         spin_unlock_bh(&xfrm_state_lock);
 952         return x;
 953 }
 954 EXPORT_SYMBOL(xfrm_state_lookup);
 955
 956 struct xfrm_state *
 957 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
 958                          u8 proto, unsigned short family)
 959 {
 960         struct xfrm_state *x;
 961
 962         spin_lock_bh(&xfrm_state_lock);
 963         x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
 964         spin_unlock_bh(&xfrm_state_lock);
 965         return x;
 966 }
 967 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
 968
 969 struct xfrm_state *
 970 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
 971               xfrm_address_t *daddr, xfrm_address_t *saddr,
 972               int create, unsigned short family)
 973 {
 974         struct xfrm_state *x;
 975
 976         spin_lock_bh(&xfrm_state_lock);
 977         x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
 978         spin_unlock_bh(&xfrm_state_lock);
 979
 980         return x;
 981 }
 982 EXPORT_SYMBOL(xfrm_find_acq);
 983
 984 #ifdef CONFIG_XFRM_SUB_POLICY
 985 int
 986 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
 987                unsigned short family)
 988 {
 989         int err = 0;
 990         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
 991         if (!afinfo)
 992                 return -EAFNOSUPPORT;
 993
 994         spin_lock_bh(&xfrm_state_lock);
 995         if (afinfo->tmpl_sort)
 996                 err = afinfo->tmpl_sort(dst, src, n);
 997         spin_unlock_bh(&xfrm_state_lock);
 998         xfrm_state_put_afinfo(afinfo);
 999         return err;
1000 }
1001 EXPORT_SYMBOL(xfrm_tmpl_sort);
1002
1003 int
1004 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1005                 unsigned short family)
1006 {
1007         int err = 0;
1008         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1009         if (!afinfo)
1010                 return -EAFNOSUPPORT;
1011
1012         spin_lock_bh(&xfrm_state_lock);
1013         if (afinfo->state_sort)
1014                 err = afinfo->state_sort(dst, src, n);
1015         spin_unlock_bh(&xfrm_state_lock);
1016         xfrm_state_put_afinfo(afinfo);
1017         return err;
1018 }
1019 EXPORT_SYMBOL(xfrm_state_sort);
1020 #endif
1021
1022 /* Silly enough, but I'm lazy to build resolution list */
1023
1024 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1025 {
1026         int i;
1027
1028         for (i = 0; i <= xfrm_state_hmask; i++) {
1029                 struct hlist_node *entry;
1030                 struct xfrm_state *x;
1031
1032                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1033                         if (x->km.seq == seq &&
1034                             x->km.state == XFRM_STATE_ACQ) {
1035                                 xfrm_state_hold(x);
1036                                 return x;
1037                         }
1038                 }
1039         }
1040         return NULL;
1041 }
1042
1043 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1044 {
1045         struct xfrm_state *x;
1046
1047         spin_lock_bh(&xfrm_state_lock);
1048         x = __xfrm_find_acq_byseq(seq);
1049         spin_unlock_bh(&xfrm_state_lock);
1050         return x;
1051 }
1052 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1053
1054 u32 xfrm_get_acqseq(void)
1055 {
1056         u32 res;
1057         static u32 acqseq;
1058         static DEFINE_SPINLOCK(acqseq_lock);
1059
1060         spin_lock_bh(&acqseq_lock);
1061         res = (++acqseq ? : ++acqseq);
1062         spin_unlock_bh(&acqseq_lock);
1063         return res;
1064 }
1065 EXPORT_SYMBOL(xfrm_get_acqseq);
1066
1067 void
1068 xfrm_alloc_spi(struct xfrm_state *x, __be32 minspi, __be32 maxspi)
1069 {
1070         unsigned int h;
1071         struct xfrm_state *x0;
1072
1073         if (x->id.spi)
1074                 return;
1075
1076         if (minspi == maxspi) {
1077                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1078                 if (x0) {
1079                         xfrm_state_put(x0);
1080                         return;
1081                 }
1082                 x->id.spi = minspi;
1083         } else {
1084                 u32 spi = 0;
1085                 u32 low = ntohl(minspi);
1086                 u32 high = ntohl(maxspi);
1087                 for (h=0; h<high-low+1; h++) {
1088                         spi = low + net_random()%(high-low+1);
1089                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1090                         if (x0 == NULL) {
1091                                 x->id.spi = htonl(spi);
1092                                 break;
1093                         }
1094                         xfrm_state_put(x0);
1095                 }
1096         }
1097         if (x->id.spi) {
1098                 spin_lock_bh(&xfrm_state_lock);
1099                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1100                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1101                 spin_unlock_bh(&xfrm_state_lock);
1102                 wake_up(&km_waitq);
1103         }
1104 }
1105 EXPORT_SYMBOL(xfrm_alloc_spi);
1106
1107 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
1108                     void *data)
1109 {
1110         int i;
1111         struct xfrm_state *x, *last = NULL;
1112         struct hlist_node *entry;
1113         int count = 0;
1114         int err = 0;
1115
1116         spin_lock_bh(&xfrm_state_lock);
1117         for (i = 0; i <= xfrm_state_hmask; i++) {
1118                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1119                         if (!xfrm_id_proto_match(x->id.proto, proto))
1120                                 continue;
1121                         if (last) {
1122                                 err = func(last, count, data);
1123                                 if (err)
1124                                         goto out;
1125                         }
1126                         last = x;
1127                         count++;
1128                 }
1129         }
1130         if (count == 0) {
1131                 err = -ENOENT;
1132                 goto out;
1133         }
1134         err = func(last, 0, data);
1135 out:
1136         spin_unlock_bh(&xfrm_state_lock);
1137         return err;
1138 }
1139 EXPORT_SYMBOL(xfrm_state_walk);
1140
1141
1142 void xfrm_replay_notify(struct xfrm_state *x, int event)
1143 {
1144         struct km_event c;
1145         /* we send notify messages in case
1146          *  1. we updated on of the sequence numbers, and the seqno difference
1147          *     is at least x->replay_maxdiff, in this case we also update the
1148          *     timeout of our timer function
1149          *  2. if x->replay_maxage has elapsed since last update,
1150          *     and there were changes
1151          *
1152          *  The state structure must be locked!
1153          */
1154
1155         switch (event) {
1156         case XFRM_REPLAY_UPDATE:
1157                 if (x->replay_maxdiff &&
1158                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1159                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1160                         if (x->xflags & XFRM_TIME_DEFER)
1161                                 event = XFRM_REPLAY_TIMEOUT;
1162                         else
1163                                 return;
1164                 }
1165
1166                 break;
1167
1168         case XFRM_REPLAY_TIMEOUT:
1169                 if ((x->replay.seq == x->preplay.seq) &&
1170                     (x->replay.bitmap == x->preplay.bitmap) &&
1171                     (x->replay.oseq == x->preplay.oseq)) {
1172                         x->xflags |= XFRM_TIME_DEFER;
1173                         return;
1174                 }
1175
1176                 break;
1177         }
1178
1179         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1180         c.event = XFRM_MSG_NEWAE;
1181         c.data.aevent = event;
1182         km_state_notify(x, &c);
1183
1184         if (x->replay_maxage &&
1185             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1186                 x->xflags &= ~XFRM_TIME_DEFER;
1187 }
1188 EXPORT_SYMBOL(xfrm_replay_notify);
1189
1190 static void xfrm_replay_timer_handler(unsigned long data)
1191 {
1192         struct xfrm_state *x = (struct xfrm_state*)data;
1193
1194         spin_lock(&x->lock);
1195
1196         if (x->km.state == XFRM_STATE_VALID) {
1197                 if (xfrm_aevent_is_on())
1198                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1199                 else
1200                         x->xflags |= XFRM_TIME_DEFER;
1201         }
1202
1203         spin_unlock(&x->lock);
1204 }
1205
1206 int xfrm_replay_check(struct xfrm_state *x, __be32 net_seq)
1207 {
1208         u32 diff;
1209         u32 seq = ntohl(net_seq);
1210
1211         if (unlikely(seq == 0))
1212                 return -EINVAL;
1213
1214         if (likely(seq > x->replay.seq))
1215                 return 0;
1216
1217         diff = x->replay.seq - seq;
1218         if (diff >= x->props.replay_window) {
1219                 x->stats.replay_window++;
1220                 return -EINVAL;
1221         }
1222
1223         if (x->replay.bitmap & (1U << diff)) {
1224                 x->stats.replay++;
1225                 return -EINVAL;
1226         }
1227         return 0;
1228 }
1229 EXPORT_SYMBOL(xfrm_replay_check);
1230
1231 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1232 {
1233         u32 diff;
1234         u32 seq = ntohl(net_seq);
1235
1236         if (seq > x->replay.seq) {
1237                 diff = seq - x->replay.seq;
1238                 if (diff < x->props.replay_window)
1239                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1240                 else
1241                         x->replay.bitmap = 1;
1242                 x->replay.seq = seq;
1243         } else {
1244                 diff = x->replay.seq - seq;
1245                 x->replay.bitmap |= (1U << diff);
1246         }
1247
1248         if (xfrm_aevent_is_on())
1249                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1250 }
1251 EXPORT_SYMBOL(xfrm_replay_advance);
1252
1253 static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
1254 static DEFINE_RWLOCK(xfrm_km_lock);
1255
1256 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1257 {
1258         struct xfrm_mgr *km;
1259
1260         read_lock(&xfrm_km_lock);
1261         list_for_each_entry(km, &xfrm_km_list, list)
1262                 if (km->notify_policy)
1263                         km->notify_policy(xp, dir, c);
1264         read_unlock(&xfrm_km_lock);
1265 }
1266
1267 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1268 {
1269         struct xfrm_mgr *km;
1270         read_lock(&xfrm_km_lock);
1271         list_for_each_entry(km, &xfrm_km_list, list)
1272                 if (km->notify)
1273                         km->notify(x, c);
1274         read_unlock(&xfrm_km_lock);
1275 }
1276
1277 EXPORT_SYMBOL(km_policy_notify);
1278 EXPORT_SYMBOL(km_state_notify);
1279
1280 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1281 {
1282         struct km_event c;
1283
1284         c.data.hard = hard;
1285         c.pid = pid;
1286         c.event = XFRM_MSG_EXPIRE;
1287         km_state_notify(x, &c);
1288
1289         if (hard)
1290                 wake_up(&km_waitq);
1291 }
1292
1293 EXPORT_SYMBOL(km_state_expired);
1294 /*
1295  * We send to all registered managers regardless of failure
1296  * We are happy with one success
1297 */
1298 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1299 {
1300         int err = -EINVAL, acqret;
1301         struct xfrm_mgr *km;
1302
1303         read_lock(&xfrm_km_lock);
1304         list_for_each_entry(km, &xfrm_km_list, list) {
1305                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1306                 if (!acqret)
1307                         err = acqret;
1308         }
1309         read_unlock(&xfrm_km_lock);
1310         return err;
1311 }
1312 EXPORT_SYMBOL(km_query);
1313
1314 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1315 {
1316         int err = -EINVAL;
1317         struct xfrm_mgr *km;
1318
1319         read_lock(&xfrm_km_lock);
1320         list_for_each_entry(km, &xfrm_km_list, list) {
1321                 if (km->new_mapping)
1322                         err = km->new_mapping(x, ipaddr, sport);
1323                 if (!err)
1324                         break;
1325         }
1326         read_unlock(&xfrm_km_lock);
1327         return err;
1328 }
1329 EXPORT_SYMBOL(km_new_mapping);
1330
1331 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1332 {
1333         struct km_event c;
1334
1335         c.data.hard = hard;
1336         c.pid = pid;
1337         c.event = XFRM_MSG_POLEXPIRE;
1338         km_policy_notify(pol, dir, &c);
1339
1340         if (hard)
1341                 wake_up(&km_waitq);
1342 }
1343 EXPORT_SYMBOL(km_policy_expired);
1344
1345 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1346 {
1347         int err = -EINVAL;
1348         int ret;
1349         struct xfrm_mgr *km;
1350
1351         read_lock(&xfrm_km_lock);
1352         list_for_each_entry(km, &xfrm_km_list, list) {
1353                 if (km->report) {
1354                         ret = km->report(proto, sel, addr);
1355                         if (!ret)
1356                                 err = ret;
1357                 }
1358         }
1359         read_unlock(&xfrm_km_lock);
1360         return err;
1361 }
1362 EXPORT_SYMBOL(km_report);
1363
1364 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1365 {
1366         int err;
1367         u8 *data;
1368         struct xfrm_mgr *km;
1369         struct xfrm_policy *pol = NULL;
1370
1371         if (optlen <= 0 || optlen > PAGE_SIZE)
1372                 return -EMSGSIZE;
1373
1374         data = kmalloc(optlen, GFP_KERNEL);
1375         if (!data)
1376                 return -ENOMEM;
1377
1378         err = -EFAULT;
1379         if (copy_from_user(data, optval, optlen))
1380                 goto out;
1381
1382         err = -EINVAL;
1383         read_lock(&xfrm_km_lock);
1384         list_for_each_entry(km, &xfrm_km_list, list) {
1385                 pol = km->compile_policy(sk, optname, data,
1386                                          optlen, &err);
1387                 if (err >= 0)
1388                         break;
1389         }
1390         read_unlock(&xfrm_km_lock);
1391
1392         if (err >= 0) {
1393                 xfrm_sk_policy_insert(sk, err, pol);
1394                 xfrm_pol_put(pol);
1395                 err = 0;
1396         }
1397
1398 out:
1399         kfree(data);
1400         return err;
1401 }
1402 EXPORT_SYMBOL(xfrm_user_policy);
1403
1404 int xfrm_register_km(struct xfrm_mgr *km)
1405 {
1406         write_lock_bh(&xfrm_km_lock);
1407         list_add_tail(&km->list, &xfrm_km_list);
1408         write_unlock_bh(&xfrm_km_lock);
1409         return 0;
1410 }
1411 EXPORT_SYMBOL(xfrm_register_km);
1412
1413 int xfrm_unregister_km(struct xfrm_mgr *km)
1414 {
1415         write_lock_bh(&xfrm_km_lock);
1416         list_del(&km->list);
1417         write_unlock_bh(&xfrm_km_lock);
1418         return 0;
1419 }
1420 EXPORT_SYMBOL(xfrm_unregister_km);
1421
1422 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1423 {
1424         int err = 0;
1425         if (unlikely(afinfo == NULL))
1426                 return -EINVAL;
1427         if (unlikely(afinfo->family >= NPROTO))
1428                 return -EAFNOSUPPORT;
1429         write_lock_bh(&xfrm_state_afinfo_lock);
1430         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1431                 err = -ENOBUFS;
1432         else
1433                 xfrm_state_afinfo[afinfo->family] = afinfo;
1434         write_unlock_bh(&xfrm_state_afinfo_lock);
1435         return err;
1436 }
1437 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1438
1439 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1440 {
1441         int err = 0;
1442         if (unlikely(afinfo == NULL))
1443                 return -EINVAL;
1444         if (unlikely(afinfo->family >= NPROTO))
1445                 return -EAFNOSUPPORT;
1446         write_lock_bh(&xfrm_state_afinfo_lock);
1447         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1448                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1449                         err = -EINVAL;
1450                 else
1451                         xfrm_state_afinfo[afinfo->family] = NULL;
1452         }
1453         write_unlock_bh(&xfrm_state_afinfo_lock);
1454         return err;
1455 }
1456 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1457
1458 struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
1459 {
1460         struct xfrm_state_afinfo *afinfo;
1461         if (unlikely(family >= NPROTO))
1462                 return NULL;
1463         read_lock(&xfrm_state_afinfo_lock);
1464         afinfo = xfrm_state_afinfo[family];
1465         if (unlikely(!afinfo))
1466                 read_unlock(&xfrm_state_afinfo_lock);
1467         return afinfo;
1468 }
1469
1470 void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1471 {
1472         read_unlock(&xfrm_state_afinfo_lock);
1473 }
1474
1475 EXPORT_SYMBOL(xfrm_state_get_afinfo);
1476 EXPORT_SYMBOL(xfrm_state_put_afinfo);
1477
1478 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1479 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1480 {
1481         if (x->tunnel) {
1482                 struct xfrm_state *t = x->tunnel;
1483
1484                 if (atomic_read(&t->tunnel_users) == 2)
1485                         xfrm_state_delete(t);
1486                 atomic_dec(&t->tunnel_users);
1487                 xfrm_state_put(t);
1488                 x->tunnel = NULL;
1489         }
1490 }
1491 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1492
1493 /*
1494  * This function is NOT optimal.  For example, with ESP it will give an
1495  * MTU that's usually two bytes short of being optimal.  However, it will
1496  * usually give an answer that's a multiple of 4 provided the input is
1497  * also a multiple of 4.
1498  */
1499 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1500 {
1501         int res = mtu;
1502
1503         res -= x->props.header_len;
1504
1505         for (;;) {
1506                 int m = res;
1507
1508                 if (m < 68)
1509                         return 68;
1510
1511                 spin_lock_bh(&x->lock);
1512                 if (x->km.state == XFRM_STATE_VALID &&
1513                     x->type && x->type->get_max_size)
1514                         m = x->type->get_max_size(x, m);
1515                 else
1516                         m += x->props.header_len;
1517                 spin_unlock_bh(&x->lock);
1518
1519                 if (m <= mtu)
1520                         break;
1521                 res -= (m - mtu);
1522         }
1523
1524         return res;
1525 }
1526
1527 int xfrm_init_state(struct xfrm_state *x)
1528 {
1529         struct xfrm_state_afinfo *afinfo;
1530         int family = x->props.family;
1531         int err;
1532
1533         err = -EAFNOSUPPORT;
1534         afinfo = xfrm_state_get_afinfo(family);
1535         if (!afinfo)
1536                 goto error;
1537
1538         err = 0;
1539         if (afinfo->init_flags)
1540                 err = afinfo->init_flags(x);
1541
1542         xfrm_state_put_afinfo(afinfo);
1543
1544         if (err)
1545                 goto error;
1546
1547         err = -EPROTONOSUPPORT;
1548         x->type = xfrm_get_type(x->id.proto, family);
1549         if (x->type == NULL)
1550                 goto error;
1551
1552         err = x->type->init_state(x);
1553         if (err)
1554                 goto error;
1555
1556         x->mode = xfrm_get_mode(x->props.mode, family);
1557         if (x->mode == NULL)
1558                 goto error;
1559
1560         x->km.state = XFRM_STATE_VALID;
1561
1562 error:
1563         return err;
1564 }
1565
1566 EXPORT_SYMBOL(xfrm_init_state);
1567
1568 void __init xfrm_state_init(void)
1569 {
1570         unsigned int sz;
1571
1572         sz = sizeof(struct hlist_head) * 8;
1573
1574         xfrm_state_bydst = xfrm_hash_alloc(sz);
1575         xfrm_state_bysrc = xfrm_hash_alloc(sz);
1576         xfrm_state_byspi = xfrm_hash_alloc(sz);
1577         if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
1578                 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
1579         xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1580
1581         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
1582 }
1583