git.oblomov.eu Git - linux-2.6/blob - net/xfrm/xfrm_state.c

   1 /*
   2  * xfrm_state.c
   3  *
   4  * Changes:
   5  *      Mitsuru KANDA @USAGI
   6  *      Kazunori MIYAZAWA @USAGI
   7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
   8  *              IPv6 support
   9  *      YOSHIFUJI Hideaki @USAGI
  10  *              Split up af-specific functions
  11  *      Derek Atkins <derek@ihtfp.com>
  12  *              Add UDP Encapsulation
  13  *
  14  */
  15
  16 #include <linux/workqueue.h>
  17 #include <net/xfrm.h>
  18 #include <linux/pfkeyv2.h>
  19 #include <linux/ipsec.h>
  20 #include <linux/module.h>
  21 #include <linux/cache.h>
  22 #include <asm/uaccess.h>
  23
  24 #include "xfrm_hash.h"
  25
  26 struct sock *xfrm_nl;
  27 EXPORT_SYMBOL(xfrm_nl);
  28
  29 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
  30 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
  31
  32 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
  33 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
  34
  35 u32 sysctl_xfrm_acq_expires __read_mostly = 30;
  36
  37 /* Each xfrm_state may be linked to two tables:
  38
  39    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
  40    2. Hash table by (daddr,family,reqid) to find what SAs exist for given
  41       destination/tunnel endpoint. (output)
  42  */
  43
  44 static DEFINE_SPINLOCK(xfrm_state_lock);
  45
  46 /* Hash table to find appropriate SA towards given target (endpoint
  47  * of tunnel or destination of transport mode) allowed by selector.
  48  *
  49  * Main use is finding SA after policy selected tunnel or transport mode.
  50  * Also, it can be used by ah/esp icmp error handler to find offending SA.
  51  */
  52 static struct hlist_head *xfrm_state_bydst __read_mostly;
  53 static struct hlist_head *xfrm_state_bysrc __read_mostly;
  54 static struct hlist_head *xfrm_state_byspi __read_mostly;
  55 static unsigned int xfrm_state_hmask __read_mostly;
  56 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
  57 static unsigned int xfrm_state_num;
  58 static unsigned int xfrm_state_genid;
  59
  60 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
  61 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
  62
  63 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
  64                                          xfrm_address_t *saddr,
  65                                          u32 reqid,
  66                                          unsigned short family)
  67 {
  68         return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
  69 }
  70
  71 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
  72                                          xfrm_address_t *saddr,
  73                                          unsigned short family)
  74 {
  75         return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
  76 }
  77
  78 static inline unsigned int
  79 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
  80 {
  81         return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
  82 }
  83
  84 static void xfrm_hash_transfer(struct hlist_head *list,
  85                                struct hlist_head *ndsttable,
  86                                struct hlist_head *nsrctable,
  87                                struct hlist_head *nspitable,
  88                                unsigned int nhashmask)
  89 {
  90         struct hlist_node *entry, *tmp;
  91         struct xfrm_state *x;
  92
  93         hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
  94                 unsigned int h;
  95
  96                 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
  97                                     x->props.reqid, x->props.family,
  98                                     nhashmask);
  99                 hlist_add_head(&x->bydst, ndsttable+h);
 100
 101                 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
 102                                     x->props.family,
 103                                     nhashmask);
 104                 hlist_add_head(&x->bysrc, nsrctable+h);
 105
 106                 if (x->id.spi) {
 107                         h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
 108                                             x->id.proto, x->props.family,
 109                                             nhashmask);
 110                         hlist_add_head(&x->byspi, nspitable+h);
 111                 }
 112         }
 113 }
 114
 115 static unsigned long xfrm_hash_new_size(void)
 116 {
 117         return ((xfrm_state_hmask + 1) << 1) *
 118                 sizeof(struct hlist_head);
 119 }
 120
 121 static DEFINE_MUTEX(hash_resize_mutex);
 122
 123 static void xfrm_hash_resize(struct work_struct *__unused)
 124 {
 125         struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
 126         unsigned long nsize, osize;
 127         unsigned int nhashmask, ohashmask;
 128         int i;
 129
 130         mutex_lock(&hash_resize_mutex);
 131
 132         nsize = xfrm_hash_new_size();
 133         ndst = xfrm_hash_alloc(nsize);
 134         if (!ndst)
 135                 goto out_unlock;
 136         nsrc = xfrm_hash_alloc(nsize);
 137         if (!nsrc) {
 138                 xfrm_hash_free(ndst, nsize);
 139                 goto out_unlock;
 140         }
 141         nspi = xfrm_hash_alloc(nsize);
 142         if (!nspi) {
 143                 xfrm_hash_free(ndst, nsize);
 144                 xfrm_hash_free(nsrc, nsize);
 145                 goto out_unlock;
 146         }
 147
 148         spin_lock_bh(&xfrm_state_lock);
 149
 150         nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
 151         for (i = xfrm_state_hmask; i >= 0; i--)
 152                 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
 153                                    nhashmask);
 154
 155         odst = xfrm_state_bydst;
 156         osrc = xfrm_state_bysrc;
 157         ospi = xfrm_state_byspi;
 158         ohashmask = xfrm_state_hmask;
 159
 160         xfrm_state_bydst = ndst;
 161         xfrm_state_bysrc = nsrc;
 162         xfrm_state_byspi = nspi;
 163         xfrm_state_hmask = nhashmask;
 164
 165         spin_unlock_bh(&xfrm_state_lock);
 166
 167         osize = (ohashmask + 1) * sizeof(struct hlist_head);
 168         xfrm_hash_free(odst, osize);
 169         xfrm_hash_free(osrc, osize);
 170         xfrm_hash_free(ospi, osize);
 171
 172 out_unlock:
 173         mutex_unlock(&hash_resize_mutex);
 174 }
 175
 176 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
 177
 178 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
 179 EXPORT_SYMBOL(km_waitq);
 180
 181 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
 182 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
 183
 184 static struct work_struct xfrm_state_gc_work;
 185 static HLIST_HEAD(xfrm_state_gc_list);
 186 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
 187
 188 int __xfrm_state_delete(struct xfrm_state *x);
 189
 190 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
 191 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
 192
 193 static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
 194 {
 195         struct xfrm_state_afinfo *afinfo;
 196         if (unlikely(family >= NPROTO))
 197                 return NULL;
 198         write_lock_bh(&xfrm_state_afinfo_lock);
 199         afinfo = xfrm_state_afinfo[family];
 200         if (unlikely(!afinfo))
 201                 write_unlock_bh(&xfrm_state_afinfo_lock);
 202         return afinfo;
 203 }
 204
 205 static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
 206 {
 207         write_unlock_bh(&xfrm_state_afinfo_lock);
 208 }
 209
 210 int xfrm_register_type(struct xfrm_type *type, unsigned short family)
 211 {
 212         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
 213         struct xfrm_type **typemap;
 214         int err = 0;
 215
 216         if (unlikely(afinfo == NULL))
 217                 return -EAFNOSUPPORT;
 218         typemap = afinfo->type_map;
 219
 220         if (likely(typemap[type->proto] == NULL))
 221                 typemap[type->proto] = type;
 222         else
 223                 err = -EEXIST;
 224         xfrm_state_unlock_afinfo(afinfo);
 225         return err;
 226 }
 227 EXPORT_SYMBOL(xfrm_register_type);
 228
 229 int xfrm_unregister_type(struct xfrm_type *type, unsigned short family)
 230 {
 231         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
 232         struct xfrm_type **typemap;
 233         int err = 0;
 234
 235         if (unlikely(afinfo == NULL))
 236                 return -EAFNOSUPPORT;
 237         typemap = afinfo->type_map;
 238
 239         if (unlikely(typemap[type->proto] != type))
 240                 err = -ENOENT;
 241         else
 242                 typemap[type->proto] = NULL;
 243         xfrm_state_unlock_afinfo(afinfo);
 244         return err;
 245 }
 246 EXPORT_SYMBOL(xfrm_unregister_type);
 247
 248 static struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
 249 {
 250         struct xfrm_state_afinfo *afinfo;
 251         struct xfrm_type **typemap;
 252         struct xfrm_type *type;
 253         int modload_attempted = 0;
 254
 255 retry:
 256         afinfo = xfrm_state_get_afinfo(family);
 257         if (unlikely(afinfo == NULL))
 258                 return NULL;
 259         typemap = afinfo->type_map;
 260
 261         type = typemap[proto];
 262         if (unlikely(type && !try_module_get(type->owner)))
 263                 type = NULL;
 264         if (!type && !modload_attempted) {
 265                 xfrm_state_put_afinfo(afinfo);
 266                 request_module("xfrm-type-%d-%d", family, proto);
 267                 modload_attempted = 1;
 268                 goto retry;
 269         }
 270
 271         xfrm_state_put_afinfo(afinfo);
 272         return type;
 273 }
 274
 275 static void xfrm_put_type(struct xfrm_type *type)
 276 {
 277         module_put(type->owner);
 278 }
 279
 280 int xfrm_register_mode(struct xfrm_mode *mode, int family)
 281 {
 282         struct xfrm_state_afinfo *afinfo;
 283         struct xfrm_mode **modemap;
 284         int err;
 285
 286         if (unlikely(mode->encap >= XFRM_MODE_MAX))
 287                 return -EINVAL;
 288
 289         afinfo = xfrm_state_lock_afinfo(family);
 290         if (unlikely(afinfo == NULL))
 291                 return -EAFNOSUPPORT;
 292
 293         err = -EEXIST;
 294         modemap = afinfo->mode_map;
 295         if (modemap[mode->encap])
 296                 goto out;
 297
 298         err = -ENOENT;
 299         if (!try_module_get(afinfo->owner))
 300                 goto out;
 301
 302         mode->afinfo = afinfo;
 303         modemap[mode->encap] = mode;
 304         err = 0;
 305
 306 out:
 307         xfrm_state_unlock_afinfo(afinfo);
 308         return err;
 309 }
 310 EXPORT_SYMBOL(xfrm_register_mode);
 311
 312 int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
 313 {
 314         struct xfrm_state_afinfo *afinfo;
 315         struct xfrm_mode **modemap;
 316         int err;
 317
 318         if (unlikely(mode->encap >= XFRM_MODE_MAX))
 319                 return -EINVAL;
 320
 321         afinfo = xfrm_state_lock_afinfo(family);
 322         if (unlikely(afinfo == NULL))
 323                 return -EAFNOSUPPORT;
 324
 325         err = -ENOENT;
 326         modemap = afinfo->mode_map;
 327         if (likely(modemap[mode->encap] == mode)) {
 328                 modemap[mode->encap] = NULL;
 329                 module_put(mode->afinfo->owner);
 330                 err = 0;
 331         }
 332
 333         xfrm_state_unlock_afinfo(afinfo);
 334         return err;
 335 }
 336 EXPORT_SYMBOL(xfrm_unregister_mode);
 337
 338 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
 339 {
 340         struct xfrm_state_afinfo *afinfo;
 341         struct xfrm_mode *mode;
 342         int modload_attempted = 0;
 343
 344         if (unlikely(encap >= XFRM_MODE_MAX))
 345                 return NULL;
 346
 347 retry:
 348         afinfo = xfrm_state_get_afinfo(family);
 349         if (unlikely(afinfo == NULL))
 350                 return NULL;
 351
 352         mode = afinfo->mode_map[encap];
 353         if (unlikely(mode && !try_module_get(mode->owner)))
 354                 mode = NULL;
 355         if (!mode && !modload_attempted) {
 356                 xfrm_state_put_afinfo(afinfo);
 357                 request_module("xfrm-mode-%d-%d", family, encap);
 358                 modload_attempted = 1;
 359                 goto retry;
 360         }
 361
 362         xfrm_state_put_afinfo(afinfo);
 363         return mode;
 364 }
 365
 366 static void xfrm_put_mode(struct xfrm_mode *mode)
 367 {
 368         module_put(mode->owner);
 369 }
 370
 371 static void xfrm_state_gc_destroy(struct xfrm_state *x)
 372 {
 373         del_timer_sync(&x->timer);
 374         del_timer_sync(&x->rtimer);
 375         kfree(x->aalg);
 376         kfree(x->ealg);
 377         kfree(x->calg);
 378         kfree(x->encap);
 379         kfree(x->coaddr);
 380         if (x->inner_mode)
 381                 xfrm_put_mode(x->inner_mode);
 382         if (x->outer_mode)
 383                 xfrm_put_mode(x->outer_mode);
 384         if (x->type) {
 385                 x->type->destructor(x);
 386                 xfrm_put_type(x->type);
 387         }
 388         security_xfrm_state_free(x);
 389         kfree(x);
 390 }
 391
 392 static void xfrm_state_gc_task(struct work_struct *data)
 393 {
 394         struct xfrm_state *x;
 395         struct hlist_node *entry, *tmp;
 396         struct hlist_head gc_list;
 397
 398         spin_lock_bh(&xfrm_state_gc_lock);
 399         gc_list.first = xfrm_state_gc_list.first;
 400         INIT_HLIST_HEAD(&xfrm_state_gc_list);
 401         spin_unlock_bh(&xfrm_state_gc_lock);
 402
 403         hlist_for_each_entry_safe(x, entry, tmp, &gc_list, bydst)
 404                 xfrm_state_gc_destroy(x);
 405
 406         wake_up(&km_waitq);
 407 }
 408
 409 static inline unsigned long make_jiffies(long secs)
 410 {
 411         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
 412                 return MAX_SCHEDULE_TIMEOUT-1;
 413         else
 414                 return secs*HZ;
 415 }
 416
 417 static void xfrm_timer_handler(unsigned long data)
 418 {
 419         struct xfrm_state *x = (struct xfrm_state*)data;
 420         unsigned long now = get_seconds();
 421         long next = LONG_MAX;
 422         int warn = 0;
 423         int err = 0;
 424
 425         spin_lock(&x->lock);
 426         if (x->km.state == XFRM_STATE_DEAD)
 427                 goto out;
 428         if (x->km.state == XFRM_STATE_EXPIRED)
 429                 goto expired;
 430         if (x->lft.hard_add_expires_seconds) {
 431                 long tmo = x->lft.hard_add_expires_seconds +
 432                         x->curlft.add_time - now;
 433                 if (tmo <= 0)
 434                         goto expired;
 435                 if (tmo < next)
 436                         next = tmo;
 437         }
 438         if (x->lft.hard_use_expires_seconds) {
 439                 long tmo = x->lft.hard_use_expires_seconds +
 440                         (x->curlft.use_time ? : now) - now;
 441                 if (tmo <= 0)
 442                         goto expired;
 443                 if (tmo < next)
 444                         next = tmo;
 445         }
 446         if (x->km.dying)
 447                 goto resched;
 448         if (x->lft.soft_add_expires_seconds) {
 449                 long tmo = x->lft.soft_add_expires_seconds +
 450                         x->curlft.add_time - now;
 451                 if (tmo <= 0)
 452                         warn = 1;
 453                 else if (tmo < next)
 454                         next = tmo;
 455         }
 456         if (x->lft.soft_use_expires_seconds) {
 457                 long tmo = x->lft.soft_use_expires_seconds +
 458                         (x->curlft.use_time ? : now) - now;
 459                 if (tmo <= 0)
 460                         warn = 1;
 461                 else if (tmo < next)
 462                         next = tmo;
 463         }
 464
 465         x->km.dying = warn;
 466         if (warn)
 467                 km_state_expired(x, 0, 0);
 468 resched:
 469         if (next != LONG_MAX)
 470                 mod_timer(&x->timer, jiffies + make_jiffies(next));
 471
 472         goto out;
 473
 474 expired:
 475         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
 476                 x->km.state = XFRM_STATE_EXPIRED;
 477                 wake_up(&km_waitq);
 478                 next = 2;
 479                 goto resched;
 480         }
 481
 482         err = __xfrm_state_delete(x);
 483         if (!err && x->id.spi)
 484                 km_state_expired(x, 1, 0);
 485
 486         xfrm_audit_state_delete(x, err ? 0 : 1,
 487                                 audit_get_loginuid(current->audit_context), 0);
 488
 489 out:
 490         spin_unlock(&x->lock);
 491 }
 492
 493 static void xfrm_replay_timer_handler(unsigned long data);
 494
 495 struct xfrm_state *xfrm_state_alloc(void)
 496 {
 497         struct xfrm_state *x;
 498
 499         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
 500
 501         if (x) {
 502                 atomic_set(&x->refcnt, 1);
 503                 atomic_set(&x->tunnel_users, 0);
 504                 INIT_HLIST_NODE(&x->bydst);
 505                 INIT_HLIST_NODE(&x->bysrc);
 506                 INIT_HLIST_NODE(&x->byspi);
 507                 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
 508                 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
 509                                 (unsigned long)x);
 510                 x->curlft.add_time = get_seconds();
 511                 x->lft.soft_byte_limit = XFRM_INF;
 512                 x->lft.soft_packet_limit = XFRM_INF;
 513                 x->lft.hard_byte_limit = XFRM_INF;
 514                 x->lft.hard_packet_limit = XFRM_INF;
 515                 x->replay_maxage = 0;
 516                 x->replay_maxdiff = 0;
 517                 spin_lock_init(&x->lock);
 518         }
 519         return x;
 520 }
 521 EXPORT_SYMBOL(xfrm_state_alloc);
 522
 523 void __xfrm_state_destroy(struct xfrm_state *x)
 524 {
 525         BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
 526
 527         spin_lock_bh(&xfrm_state_gc_lock);
 528         hlist_add_head(&x->bydst, &xfrm_state_gc_list);
 529         spin_unlock_bh(&xfrm_state_gc_lock);
 530         schedule_work(&xfrm_state_gc_work);
 531 }
 532 EXPORT_SYMBOL(__xfrm_state_destroy);
 533
 534 int __xfrm_state_delete(struct xfrm_state *x)
 535 {
 536         int err = -ESRCH;
 537
 538         if (x->km.state != XFRM_STATE_DEAD) {
 539                 x->km.state = XFRM_STATE_DEAD;
 540                 spin_lock(&xfrm_state_lock);
 541                 hlist_del(&x->bydst);
 542                 hlist_del(&x->bysrc);
 543                 if (x->id.spi)
 544                         hlist_del(&x->byspi);
 545                 xfrm_state_num--;
 546                 spin_unlock(&xfrm_state_lock);
 547
 548                 /* All xfrm_state objects are created by xfrm_state_alloc.
 549                  * The xfrm_state_alloc call gives a reference, and that
 550                  * is what we are dropping here.
 551                  */
 552                 xfrm_state_put(x);
 553                 err = 0;
 554         }
 555
 556         return err;
 557 }
 558 EXPORT_SYMBOL(__xfrm_state_delete);
 559
 560 int xfrm_state_delete(struct xfrm_state *x)
 561 {
 562         int err;
 563
 564         spin_lock_bh(&x->lock);
 565         err = __xfrm_state_delete(x);
 566         spin_unlock_bh(&x->lock);
 567
 568         return err;
 569 }
 570 EXPORT_SYMBOL(xfrm_state_delete);
 571
 572 #ifdef CONFIG_SECURITY_NETWORK_XFRM
 573 static inline int
 574 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
 575 {
 576         int i, err = 0;
 577
 578         for (i = 0; i <= xfrm_state_hmask; i++) {
 579                 struct hlist_node *entry;
 580                 struct xfrm_state *x;
 581
 582                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
 583                         if (xfrm_id_proto_match(x->id.proto, proto) &&
 584                            (err = security_xfrm_state_delete(x)) != 0) {
 585                                 xfrm_audit_state_delete(x, 0,
 586                                                         audit_info->loginuid,
 587                                                         audit_info->secid);
 588                                 return err;
 589                         }
 590                 }
 591         }
 592
 593         return err;
 594 }
 595 #else
 596 static inline int
 597 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
 598 {
 599         return 0;
 600 }
 601 #endif
 602
 603 int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
 604 {
 605         int i, err = 0;
 606
 607         spin_lock_bh(&xfrm_state_lock);
 608         err = xfrm_state_flush_secctx_check(proto, audit_info);
 609         if (err)
 610                 goto out;
 611
 612         for (i = 0; i <= xfrm_state_hmask; i++) {
 613                 struct hlist_node *entry;
 614                 struct xfrm_state *x;
 615 restart:
 616                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
 617                         if (!xfrm_state_kern(x) &&
 618                             xfrm_id_proto_match(x->id.proto, proto)) {
 619                                 xfrm_state_hold(x);
 620                                 spin_unlock_bh(&xfrm_state_lock);
 621
 622                                 err = xfrm_state_delete(x);
 623                                 xfrm_audit_state_delete(x, err ? 0 : 1,
 624                                                         audit_info->loginuid,
 625                                                         audit_info->secid);
 626                                 xfrm_state_put(x);
 627
 628                                 spin_lock_bh(&xfrm_state_lock);
 629                                 goto restart;
 630                         }
 631                 }
 632         }
 633         err = 0;
 634
 635 out:
 636         spin_unlock_bh(&xfrm_state_lock);
 637         wake_up(&km_waitq);
 638         return err;
 639 }
 640 EXPORT_SYMBOL(xfrm_state_flush);
 641
 642 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
 643 {
 644         spin_lock_bh(&xfrm_state_lock);
 645         si->sadcnt = xfrm_state_num;
 646         si->sadhcnt = xfrm_state_hmask;
 647         si->sadhmcnt = xfrm_state_hashmax;
 648         spin_unlock_bh(&xfrm_state_lock);
 649 }
 650 EXPORT_SYMBOL(xfrm_sad_getinfo);
 651
 652 static int
 653 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
 654                   struct xfrm_tmpl *tmpl,
 655                   xfrm_address_t *daddr, xfrm_address_t *saddr,
 656                   unsigned short family)
 657 {
 658         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
 659         if (!afinfo)
 660                 return -1;
 661         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
 662         xfrm_state_put_afinfo(afinfo);
 663         return 0;
 664 }
 665
 666 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
 667 {
 668         unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
 669         struct xfrm_state *x;
 670         struct hlist_node *entry;
 671
 672         hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
 673                 if (x->props.family != family ||
 674                     x->id.spi       != spi ||
 675                     x->id.proto     != proto)
 676                         continue;
 677
 678                 switch (family) {
 679                 case AF_INET:
 680                         if (x->id.daddr.a4 != daddr->a4)
 681                                 continue;
 682                         break;
 683                 case AF_INET6:
 684                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
 685                                              (struct in6_addr *)
 686                                              x->id.daddr.a6))
 687                                 continue;
 688                         break;
 689                 }
 690
 691                 xfrm_state_hold(x);
 692                 return x;
 693         }
 694
 695         return NULL;
 696 }
 697
 698 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
 699 {
 700         unsigned int h = xfrm_src_hash(daddr, saddr, family);
 701         struct xfrm_state *x;
 702         struct hlist_node *entry;
 703
 704         hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
 705                 if (x->props.family != family ||
 706                     x->id.proto     != proto)
 707                         continue;
 708
 709                 switch (family) {
 710                 case AF_INET:
 711                         if (x->id.daddr.a4 != daddr->a4 ||
 712                             x->props.saddr.a4 != saddr->a4)
 713                                 continue;
 714                         break;
 715                 case AF_INET6:
 716                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
 717                                              (struct in6_addr *)
 718                                              x->id.daddr.a6) ||
 719                             !ipv6_addr_equal((struct in6_addr *)saddr,
 720                                              (struct in6_addr *)
 721                                              x->props.saddr.a6))
 722                                 continue;
 723                         break;
 724                 }
 725
 726                 xfrm_state_hold(x);
 727                 return x;
 728         }
 729
 730         return NULL;
 731 }
 732
 733 static inline struct xfrm_state *
 734 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
 735 {
 736         if (use_spi)
 737                 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
 738                                            x->id.proto, family);
 739         else
 740                 return __xfrm_state_lookup_byaddr(&x->id.daddr,
 741                                                   &x->props.saddr,
 742                                                   x->id.proto, family);
 743 }
 744
 745 static void xfrm_hash_grow_check(int have_hash_collision)
 746 {
 747         if (have_hash_collision &&
 748             (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
 749             xfrm_state_num > xfrm_state_hmask)
 750                 schedule_work(&xfrm_hash_work);
 751 }
 752
 753 struct xfrm_state *
 754 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
 755                 struct flowi *fl, struct xfrm_tmpl *tmpl,
 756                 struct xfrm_policy *pol, int *err,
 757                 unsigned short family)
 758 {
 759         unsigned int h;
 760         struct hlist_node *entry;
 761         struct xfrm_state *x, *x0;
 762         int acquire_in_progress = 0;
 763         int error = 0;
 764         struct xfrm_state *best = NULL;
 765
 766         spin_lock_bh(&xfrm_state_lock);
 767         h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
 768         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
 769                 if (x->props.family == family &&
 770                     x->props.reqid == tmpl->reqid &&
 771                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
 772                     xfrm_state_addr_check(x, daddr, saddr, family) &&
 773                     tmpl->mode == x->props.mode &&
 774                     tmpl->id.proto == x->id.proto &&
 775                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
 776                         /* Resolution logic:
 777                            1. There is a valid state with matching selector.
 778                               Done.
 779                            2. Valid state with inappropriate selector. Skip.
 780
 781                            Entering area of "sysdeps".
 782
 783                            3. If state is not valid, selector is temporary,
 784                               it selects only session which triggered
 785                               previous resolution. Key manager will do
 786                               something to install a state with proper
 787                               selector.
 788                          */
 789                         if (x->km.state == XFRM_STATE_VALID) {
 790                                 if (!xfrm_selector_match(&x->sel, fl, x->sel.family) ||
 791                                     !security_xfrm_state_pol_flow_match(x, pol, fl))
 792                                         continue;
 793                                 if (!best ||
 794                                     best->km.dying > x->km.dying ||
 795                                     (best->km.dying == x->km.dying &&
 796                                      best->curlft.add_time < x->curlft.add_time))
 797                                         best = x;
 798                         } else if (x->km.state == XFRM_STATE_ACQ) {
 799                                 acquire_in_progress = 1;
 800                         } else if (x->km.state == XFRM_STATE_ERROR ||
 801                                    x->km.state == XFRM_STATE_EXPIRED) {
 802                                 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
 803                                     security_xfrm_state_pol_flow_match(x, pol, fl))
 804                                         error = -ESRCH;
 805                         }
 806                 }
 807         }
 808
 809         x = best;
 810         if (!x && !error && !acquire_in_progress) {
 811                 if (tmpl->id.spi &&
 812                     (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
 813                                               tmpl->id.proto, family)) != NULL) {
 814                         xfrm_state_put(x0);
 815                         error = -EEXIST;
 816                         goto out;
 817                 }
 818                 x = xfrm_state_alloc();
 819                 if (x == NULL) {
 820                         error = -ENOMEM;
 821                         goto out;
 822                 }
 823                 /* Initialize temporary selector matching only
 824                  * to current session. */
 825                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
 826
 827                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
 828                 if (error) {
 829                         x->km.state = XFRM_STATE_DEAD;
 830                         xfrm_state_put(x);
 831                         x = NULL;
 832                         goto out;
 833                 }
 834
 835                 if (km_query(x, tmpl, pol) == 0) {
 836                         x->km.state = XFRM_STATE_ACQ;
 837                         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
 838                         h = xfrm_src_hash(daddr, saddr, family);
 839                         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
 840                         if (x->id.spi) {
 841                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
 842                                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
 843                         }
 844                         x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
 845                         x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
 846                         add_timer(&x->timer);
 847                         xfrm_state_num++;
 848                         xfrm_hash_grow_check(x->bydst.next != NULL);
 849                 } else {
 850                         x->km.state = XFRM_STATE_DEAD;
 851                         xfrm_state_put(x);
 852                         x = NULL;
 853                         error = -ESRCH;
 854                 }
 855         }
 856 out:
 857         if (x)
 858                 xfrm_state_hold(x);
 859         else
 860                 *err = acquire_in_progress ? -EAGAIN : error;
 861         spin_unlock_bh(&xfrm_state_lock);
 862         return x;
 863 }
 864
 865 struct xfrm_state *
 866 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
 867                     unsigned short family, u8 mode, u8 proto, u32 reqid)
 868 {
 869         unsigned int h;
 870         struct xfrm_state *rx = NULL, *x = NULL;
 871         struct hlist_node *entry;
 872
 873         spin_lock(&xfrm_state_lock);
 874         h = xfrm_dst_hash(daddr, saddr, reqid, family);
 875         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
 876                 if (x->props.family == family &&
 877                     x->props.reqid == reqid &&
 878                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
 879                     xfrm_state_addr_check(x, daddr, saddr, family) &&
 880                     mode == x->props.mode &&
 881                     proto == x->id.proto &&
 882                     x->km.state == XFRM_STATE_VALID) {
 883                         rx = x;
 884                         break;
 885                 }
 886         }
 887
 888         if (rx)
 889                 xfrm_state_hold(rx);
 890         spin_unlock(&xfrm_state_lock);
 891
 892
 893         return rx;
 894 }
 895 EXPORT_SYMBOL(xfrm_stateonly_find);
 896
 897 static void __xfrm_state_insert(struct xfrm_state *x)
 898 {
 899         unsigned int h;
 900
 901         x->genid = ++xfrm_state_genid;
 902
 903         h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
 904                           x->props.reqid, x->props.family);
 905         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
 906
 907         h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
 908         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
 909
 910         if (x->id.spi) {
 911                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
 912                                   x->props.family);
 913
 914                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
 915         }
 916
 917         mod_timer(&x->timer, jiffies + HZ);
 918         if (x->replay_maxage)
 919                 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
 920
 921         wake_up(&km_waitq);
 922
 923         xfrm_state_num++;
 924
 925         xfrm_hash_grow_check(x->bydst.next != NULL);
 926 }
 927
 928 /* xfrm_state_lock is held */
 929 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
 930 {
 931         unsigned short family = xnew->props.family;
 932         u32 reqid = xnew->props.reqid;
 933         struct xfrm_state *x;
 934         struct hlist_node *entry;
 935         unsigned int h;
 936
 937         h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
 938         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
 939                 if (x->props.family     == family &&
 940                     x->props.reqid      == reqid &&
 941                     !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
 942                     !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
 943                         x->genid = xfrm_state_genid;
 944         }
 945 }
 946
 947 void xfrm_state_insert(struct xfrm_state *x)
 948 {
 949         spin_lock_bh(&xfrm_state_lock);
 950         __xfrm_state_bump_genids(x);
 951         __xfrm_state_insert(x);
 952         spin_unlock_bh(&xfrm_state_lock);
 953 }
 954 EXPORT_SYMBOL(xfrm_state_insert);
 955
 956 /* xfrm_state_lock is held */
 957 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
 958 {
 959         unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
 960         struct hlist_node *entry;
 961         struct xfrm_state *x;
 962
 963         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
 964                 if (x->props.reqid  != reqid ||
 965                     x->props.mode   != mode ||
 966                     x->props.family != family ||
 967                     x->km.state     != XFRM_STATE_ACQ ||
 968                     x->id.spi       != 0 ||
 969                     x->id.proto     != proto)
 970                         continue;
 971
 972                 switch (family) {
 973                 case AF_INET:
 974                         if (x->id.daddr.a4    != daddr->a4 ||
 975                             x->props.saddr.a4 != saddr->a4)
 976                                 continue;
 977                         break;
 978                 case AF_INET6:
 979                         if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
 980                                              (struct in6_addr *)daddr) ||
 981                             !ipv6_addr_equal((struct in6_addr *)
 982                                              x->props.saddr.a6,
 983                                              (struct in6_addr *)saddr))
 984                                 continue;
 985                         break;
 986                 }
 987
 988                 xfrm_state_hold(x);
 989                 return x;
 990         }
 991
 992         if (!create)
 993                 return NULL;
 994
 995         x = xfrm_state_alloc();
 996         if (likely(x)) {
 997                 switch (family) {
 998                 case AF_INET:
 999                         x->sel.daddr.a4 = daddr->a4;
1000                         x->sel.saddr.a4 = saddr->a4;
1001                         x->sel.prefixlen_d = 32;
1002                         x->sel.prefixlen_s = 32;
1003                         x->props.saddr.a4 = saddr->a4;
1004                         x->id.daddr.a4 = daddr->a4;
1005                         break;
1006
1007                 case AF_INET6:
1008                         ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1009                                        (struct in6_addr *)daddr);
1010                         ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1011                                        (struct in6_addr *)saddr);
1012                         x->sel.prefixlen_d = 128;
1013                         x->sel.prefixlen_s = 128;
1014                         ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1015                                        (struct in6_addr *)saddr);
1016                         ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1017                                        (struct in6_addr *)daddr);
1018                         break;
1019                 }
1020
1021                 x->km.state = XFRM_STATE_ACQ;
1022                 x->id.proto = proto;
1023                 x->props.family = family;
1024                 x->props.mode = mode;
1025                 x->props.reqid = reqid;
1026                 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
1027                 xfrm_state_hold(x);
1028                 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1029                 add_timer(&x->timer);
1030                 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
1031                 h = xfrm_src_hash(daddr, saddr, family);
1032                 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1033
1034                 xfrm_state_num++;
1035
1036                 xfrm_hash_grow_check(x->bydst.next != NULL);
1037         }
1038
1039         return x;
1040 }
1041
1042 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1043
1044 int xfrm_state_add(struct xfrm_state *x)
1045 {
1046         struct xfrm_state *x1;
1047         int family;
1048         int err;
1049         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1050
1051         family = x->props.family;
1052
1053         spin_lock_bh(&xfrm_state_lock);
1054
1055         x1 = __xfrm_state_locate(x, use_spi, family);
1056         if (x1) {
1057                 xfrm_state_put(x1);
1058                 x1 = NULL;
1059                 err = -EEXIST;
1060                 goto out;
1061         }
1062
1063         if (use_spi && x->km.seq) {
1064                 x1 = __xfrm_find_acq_byseq(x->km.seq);
1065                 if (x1 && ((x1->id.proto != x->id.proto) ||
1066                     xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1067                         xfrm_state_put(x1);
1068                         x1 = NULL;
1069                 }
1070         }
1071
1072         if (use_spi && !x1)
1073                 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1074                                      x->id.proto,
1075                                      &x->id.daddr, &x->props.saddr, 0);
1076
1077         __xfrm_state_bump_genids(x);
1078         __xfrm_state_insert(x);
1079         err = 0;
1080
1081 out:
1082         spin_unlock_bh(&xfrm_state_lock);
1083
1084         if (x1) {
1085                 xfrm_state_delete(x1);
1086                 xfrm_state_put(x1);
1087         }
1088
1089         return err;
1090 }
1091 EXPORT_SYMBOL(xfrm_state_add);
1092
1093 #ifdef CONFIG_XFRM_MIGRATE
1094 struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1095 {
1096         int err = -ENOMEM;
1097         struct xfrm_state *x = xfrm_state_alloc();
1098         if (!x)
1099                 goto error;
1100
1101         memcpy(&x->id, &orig->id, sizeof(x->id));
1102         memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1103         memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1104         x->props.mode = orig->props.mode;
1105         x->props.replay_window = orig->props.replay_window;
1106         x->props.reqid = orig->props.reqid;
1107         x->props.family = orig->props.family;
1108         x->props.saddr = orig->props.saddr;
1109
1110         if (orig->aalg) {
1111                 x->aalg = xfrm_algo_clone(orig->aalg);
1112                 if (!x->aalg)
1113                         goto error;
1114         }
1115         x->props.aalgo = orig->props.aalgo;
1116
1117         if (orig->ealg) {
1118                 x->ealg = xfrm_algo_clone(orig->ealg);
1119                 if (!x->ealg)
1120                         goto error;
1121         }
1122         x->props.ealgo = orig->props.ealgo;
1123
1124         if (orig->calg) {
1125                 x->calg = xfrm_algo_clone(orig->calg);
1126                 if (!x->calg)
1127                         goto error;
1128         }
1129         x->props.calgo = orig->props.calgo;
1130
1131         if (orig->encap) {
1132                 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1133                 if (!x->encap)
1134                         goto error;
1135         }
1136
1137         if (orig->coaddr) {
1138                 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1139                                     GFP_KERNEL);
1140                 if (!x->coaddr)
1141                         goto error;
1142         }
1143
1144         err = xfrm_init_state(x);
1145         if (err)
1146                 goto error;
1147
1148         x->props.flags = orig->props.flags;
1149
1150         x->curlft.add_time = orig->curlft.add_time;
1151         x->km.state = orig->km.state;
1152         x->km.seq = orig->km.seq;
1153
1154         return x;
1155
1156  error:
1157         if (errp)
1158                 *errp = err;
1159         if (x) {
1160                 kfree(x->aalg);
1161                 kfree(x->ealg);
1162                 kfree(x->calg);
1163                 kfree(x->encap);
1164                 kfree(x->coaddr);
1165         }
1166         kfree(x);
1167         return NULL;
1168 }
1169 EXPORT_SYMBOL(xfrm_state_clone);
1170
1171 /* xfrm_state_lock is held */
1172 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1173 {
1174         unsigned int h;
1175         struct xfrm_state *x;
1176         struct hlist_node *entry;
1177
1178         if (m->reqid) {
1179                 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1180                                   m->reqid, m->old_family);
1181                 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1182                         if (x->props.mode != m->mode ||
1183                             x->id.proto != m->proto)
1184                                 continue;
1185                         if (m->reqid && x->props.reqid != m->reqid)
1186                                 continue;
1187                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1188                                           m->old_family) ||
1189                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1190                                           m->old_family))
1191                                 continue;
1192                         xfrm_state_hold(x);
1193                         return x;
1194                 }
1195         } else {
1196                 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1197                                   m->old_family);
1198                 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
1199                         if (x->props.mode != m->mode ||
1200                             x->id.proto != m->proto)
1201                                 continue;
1202                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1203                                           m->old_family) ||
1204                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1205                                           m->old_family))
1206                                 continue;
1207                         xfrm_state_hold(x);
1208                         return x;
1209                 }
1210         }
1211
1212         return NULL;
1213 }
1214 EXPORT_SYMBOL(xfrm_migrate_state_find);
1215
1216 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1217                                        struct xfrm_migrate *m)
1218 {
1219         struct xfrm_state *xc;
1220         int err;
1221
1222         xc = xfrm_state_clone(x, &err);
1223         if (!xc)
1224                 return NULL;
1225
1226         memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1227         memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1228
1229         /* add state */
1230         if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1231                 /* a care is needed when the destination address of the
1232                    state is to be updated as it is a part of triplet */
1233                 xfrm_state_insert(xc);
1234         } else {
1235                 if ((err = xfrm_state_add(xc)) < 0)
1236                         goto error;
1237         }
1238
1239         return xc;
1240 error:
1241         kfree(xc);
1242         return NULL;
1243 }
1244 EXPORT_SYMBOL(xfrm_state_migrate);
1245 #endif
1246
1247 int xfrm_state_update(struct xfrm_state *x)
1248 {
1249         struct xfrm_state *x1;
1250         int err;
1251         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1252
1253         spin_lock_bh(&xfrm_state_lock);
1254         x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1255
1256         err = -ESRCH;
1257         if (!x1)
1258                 goto out;
1259
1260         if (xfrm_state_kern(x1)) {
1261                 xfrm_state_put(x1);
1262                 err = -EEXIST;
1263                 goto out;
1264         }
1265
1266         if (x1->km.state == XFRM_STATE_ACQ) {
1267                 __xfrm_state_insert(x);
1268                 x = NULL;
1269         }
1270         err = 0;
1271
1272 out:
1273         spin_unlock_bh(&xfrm_state_lock);
1274
1275         if (err)
1276                 return err;
1277
1278         if (!x) {
1279                 xfrm_state_delete(x1);
1280                 xfrm_state_put(x1);
1281                 return 0;
1282         }
1283
1284         err = -EINVAL;
1285         spin_lock_bh(&x1->lock);
1286         if (likely(x1->km.state == XFRM_STATE_VALID)) {
1287                 if (x->encap && x1->encap)
1288                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1289                 if (x->coaddr && x1->coaddr) {
1290                         memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1291                 }
1292                 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1293                         memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1294                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1295                 x1->km.dying = 0;
1296
1297                 mod_timer(&x1->timer, jiffies + HZ);
1298                 if (x1->curlft.use_time)
1299                         xfrm_state_check_expire(x1);
1300
1301                 err = 0;
1302         }
1303         spin_unlock_bh(&x1->lock);
1304
1305         xfrm_state_put(x1);
1306
1307         return err;
1308 }
1309 EXPORT_SYMBOL(xfrm_state_update);
1310
1311 int xfrm_state_check_expire(struct xfrm_state *x)
1312 {
1313         if (!x->curlft.use_time)
1314                 x->curlft.use_time = get_seconds();
1315
1316         if (x->km.state != XFRM_STATE_VALID)
1317                 return -EINVAL;
1318
1319         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1320             x->curlft.packets >= x->lft.hard_packet_limit) {
1321                 x->km.state = XFRM_STATE_EXPIRED;
1322                 mod_timer(&x->timer, jiffies);
1323                 return -EINVAL;
1324         }
1325
1326         if (!x->km.dying &&
1327             (x->curlft.bytes >= x->lft.soft_byte_limit ||
1328              x->curlft.packets >= x->lft.soft_packet_limit)) {
1329                 x->km.dying = 1;
1330                 km_state_expired(x, 0, 0);
1331         }
1332         return 0;
1333 }
1334 EXPORT_SYMBOL(xfrm_state_check_expire);
1335
1336 struct xfrm_state *
1337 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1338                   unsigned short family)
1339 {
1340         struct xfrm_state *x;
1341
1342         spin_lock_bh(&xfrm_state_lock);
1343         x = __xfrm_state_lookup(daddr, spi, proto, family);
1344         spin_unlock_bh(&xfrm_state_lock);
1345         return x;
1346 }
1347 EXPORT_SYMBOL(xfrm_state_lookup);
1348
1349 struct xfrm_state *
1350 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1351                          u8 proto, unsigned short family)
1352 {
1353         struct xfrm_state *x;
1354
1355         spin_lock_bh(&xfrm_state_lock);
1356         x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
1357         spin_unlock_bh(&xfrm_state_lock);
1358         return x;
1359 }
1360 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1361
1362 struct xfrm_state *
1363 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1364               xfrm_address_t *daddr, xfrm_address_t *saddr,
1365               int create, unsigned short family)
1366 {
1367         struct xfrm_state *x;
1368
1369         spin_lock_bh(&xfrm_state_lock);
1370         x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1371         spin_unlock_bh(&xfrm_state_lock);
1372
1373         return x;
1374 }
1375 EXPORT_SYMBOL(xfrm_find_acq);
1376
1377 #ifdef CONFIG_XFRM_SUB_POLICY
1378 int
1379 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1380                unsigned short family)
1381 {
1382         int err = 0;
1383         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1384         if (!afinfo)
1385                 return -EAFNOSUPPORT;
1386
1387         spin_lock_bh(&xfrm_state_lock);
1388         if (afinfo->tmpl_sort)
1389                 err = afinfo->tmpl_sort(dst, src, n);
1390         spin_unlock_bh(&xfrm_state_lock);
1391         xfrm_state_put_afinfo(afinfo);
1392         return err;
1393 }
1394 EXPORT_SYMBOL(xfrm_tmpl_sort);
1395
1396 int
1397 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1398                 unsigned short family)
1399 {
1400         int err = 0;
1401         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1402         if (!afinfo)
1403                 return -EAFNOSUPPORT;
1404
1405         spin_lock_bh(&xfrm_state_lock);
1406         if (afinfo->state_sort)
1407                 err = afinfo->state_sort(dst, src, n);
1408         spin_unlock_bh(&xfrm_state_lock);
1409         xfrm_state_put_afinfo(afinfo);
1410         return err;
1411 }
1412 EXPORT_SYMBOL(xfrm_state_sort);
1413 #endif
1414
1415 /* Silly enough, but I'm lazy to build resolution list */
1416
1417 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1418 {
1419         int i;
1420
1421         for (i = 0; i <= xfrm_state_hmask; i++) {
1422                 struct hlist_node *entry;
1423                 struct xfrm_state *x;
1424
1425                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1426                         if (x->km.seq == seq &&
1427                             x->km.state == XFRM_STATE_ACQ) {
1428                                 xfrm_state_hold(x);
1429                                 return x;
1430                         }
1431                 }
1432         }
1433         return NULL;
1434 }
1435
1436 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1437 {
1438         struct xfrm_state *x;
1439
1440         spin_lock_bh(&xfrm_state_lock);
1441         x = __xfrm_find_acq_byseq(seq);
1442         spin_unlock_bh(&xfrm_state_lock);
1443         return x;
1444 }
1445 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1446
1447 u32 xfrm_get_acqseq(void)
1448 {
1449         u32 res;
1450         static u32 acqseq;
1451         static DEFINE_SPINLOCK(acqseq_lock);
1452
1453         spin_lock_bh(&acqseq_lock);
1454         res = (++acqseq ? : ++acqseq);
1455         spin_unlock_bh(&acqseq_lock);
1456         return res;
1457 }
1458 EXPORT_SYMBOL(xfrm_get_acqseq);
1459
1460 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1461 {
1462         unsigned int h;
1463         struct xfrm_state *x0;
1464         int err = -ENOENT;
1465         __be32 minspi = htonl(low);
1466         __be32 maxspi = htonl(high);
1467
1468         spin_lock_bh(&x->lock);
1469         if (x->km.state == XFRM_STATE_DEAD)
1470                 goto unlock;
1471
1472         err = 0;
1473         if (x->id.spi)
1474                 goto unlock;
1475
1476         err = -ENOENT;
1477
1478         if (minspi == maxspi) {
1479                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1480                 if (x0) {
1481                         xfrm_state_put(x0);
1482                         goto unlock;
1483                 }
1484                 x->id.spi = minspi;
1485         } else {
1486                 u32 spi = 0;
1487                 for (h=0; h<high-low+1; h++) {
1488                         spi = low + net_random()%(high-low+1);
1489                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1490                         if (x0 == NULL) {
1491                                 x->id.spi = htonl(spi);
1492                                 break;
1493                         }
1494                         xfrm_state_put(x0);
1495                 }
1496         }
1497         if (x->id.spi) {
1498                 spin_lock_bh(&xfrm_state_lock);
1499                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1500                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1501                 spin_unlock_bh(&xfrm_state_lock);
1502
1503                 err = 0;
1504         }
1505
1506 unlock:
1507         spin_unlock_bh(&x->lock);
1508
1509         return err;
1510 }
1511 EXPORT_SYMBOL(xfrm_alloc_spi);
1512
1513 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
1514                     void *data)
1515 {
1516         int i;
1517         struct xfrm_state *x, *last = NULL;
1518         struct hlist_node *entry;
1519         int count = 0;
1520         int err = 0;
1521
1522         spin_lock_bh(&xfrm_state_lock);
1523         for (i = 0; i <= xfrm_state_hmask; i++) {
1524                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1525                         if (!xfrm_id_proto_match(x->id.proto, proto))
1526                                 continue;
1527                         if (last) {
1528                                 err = func(last, count, data);
1529                                 if (err)
1530                                         goto out;
1531                         }
1532                         last = x;
1533                         count++;
1534                 }
1535         }
1536         if (count == 0) {
1537                 err = -ENOENT;
1538                 goto out;
1539         }
1540         err = func(last, 0, data);
1541 out:
1542         spin_unlock_bh(&xfrm_state_lock);
1543         return err;
1544 }
1545 EXPORT_SYMBOL(xfrm_state_walk);
1546
1547
1548 void xfrm_replay_notify(struct xfrm_state *x, int event)
1549 {
1550         struct km_event c;
1551         /* we send notify messages in case
1552          *  1. we updated on of the sequence numbers, and the seqno difference
1553          *     is at least x->replay_maxdiff, in this case we also update the
1554          *     timeout of our timer function
1555          *  2. if x->replay_maxage has elapsed since last update,
1556          *     and there were changes
1557          *
1558          *  The state structure must be locked!
1559          */
1560
1561         switch (event) {
1562         case XFRM_REPLAY_UPDATE:
1563                 if (x->replay_maxdiff &&
1564                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1565                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1566                         if (x->xflags & XFRM_TIME_DEFER)
1567                                 event = XFRM_REPLAY_TIMEOUT;
1568                         else
1569                                 return;
1570                 }
1571
1572                 break;
1573
1574         case XFRM_REPLAY_TIMEOUT:
1575                 if ((x->replay.seq == x->preplay.seq) &&
1576                     (x->replay.bitmap == x->preplay.bitmap) &&
1577                     (x->replay.oseq == x->preplay.oseq)) {
1578                         x->xflags |= XFRM_TIME_DEFER;
1579                         return;
1580                 }
1581
1582                 break;
1583         }
1584
1585         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1586         c.event = XFRM_MSG_NEWAE;
1587         c.data.aevent = event;
1588         km_state_notify(x, &c);
1589
1590         if (x->replay_maxage &&
1591             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1592                 x->xflags &= ~XFRM_TIME_DEFER;
1593 }
1594
1595 static void xfrm_replay_timer_handler(unsigned long data)
1596 {
1597         struct xfrm_state *x = (struct xfrm_state*)data;
1598
1599         spin_lock(&x->lock);
1600
1601         if (x->km.state == XFRM_STATE_VALID) {
1602                 if (xfrm_aevent_is_on())
1603                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1604                 else
1605                         x->xflags |= XFRM_TIME_DEFER;
1606         }
1607
1608         spin_unlock(&x->lock);
1609 }
1610
1611 int xfrm_replay_check(struct xfrm_state *x, __be32 net_seq)
1612 {
1613         u32 diff;
1614         u32 seq = ntohl(net_seq);
1615
1616         if (unlikely(seq == 0))
1617                 return -EINVAL;
1618
1619         if (likely(seq > x->replay.seq))
1620                 return 0;
1621
1622         diff = x->replay.seq - seq;
1623         if (diff >= min_t(unsigned int, x->props.replay_window,
1624                           sizeof(x->replay.bitmap) * 8)) {
1625                 x->stats.replay_window++;
1626                 return -EINVAL;
1627         }
1628
1629         if (x->replay.bitmap & (1U << diff)) {
1630                 x->stats.replay++;
1631                 return -EINVAL;
1632         }
1633         return 0;
1634 }
1635 EXPORT_SYMBOL(xfrm_replay_check);
1636
1637 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1638 {
1639         u32 diff;
1640         u32 seq = ntohl(net_seq);
1641
1642         if (seq > x->replay.seq) {
1643                 diff = seq - x->replay.seq;
1644                 if (diff < x->props.replay_window)
1645                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1646                 else
1647                         x->replay.bitmap = 1;
1648                 x->replay.seq = seq;
1649         } else {
1650                 diff = x->replay.seq - seq;
1651                 x->replay.bitmap |= (1U << diff);
1652         }
1653
1654         if (xfrm_aevent_is_on())
1655                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1656 }
1657 EXPORT_SYMBOL(xfrm_replay_advance);
1658
1659 static LIST_HEAD(xfrm_km_list);
1660 static DEFINE_RWLOCK(xfrm_km_lock);
1661
1662 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1663 {
1664         struct xfrm_mgr *km;
1665
1666         read_lock(&xfrm_km_lock);
1667         list_for_each_entry(km, &xfrm_km_list, list)
1668                 if (km->notify_policy)
1669                         km->notify_policy(xp, dir, c);
1670         read_unlock(&xfrm_km_lock);
1671 }
1672
1673 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1674 {
1675         struct xfrm_mgr *km;
1676         read_lock(&xfrm_km_lock);
1677         list_for_each_entry(km, &xfrm_km_list, list)
1678                 if (km->notify)
1679                         km->notify(x, c);
1680         read_unlock(&xfrm_km_lock);
1681 }
1682
1683 EXPORT_SYMBOL(km_policy_notify);
1684 EXPORT_SYMBOL(km_state_notify);
1685
1686 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1687 {
1688         struct km_event c;
1689
1690         c.data.hard = hard;
1691         c.pid = pid;
1692         c.event = XFRM_MSG_EXPIRE;
1693         km_state_notify(x, &c);
1694
1695         if (hard)
1696                 wake_up(&km_waitq);
1697 }
1698
1699 EXPORT_SYMBOL(km_state_expired);
1700 /*
1701  * We send to all registered managers regardless of failure
1702  * We are happy with one success
1703 */
1704 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1705 {
1706         int err = -EINVAL, acqret;
1707         struct xfrm_mgr *km;
1708
1709         read_lock(&xfrm_km_lock);
1710         list_for_each_entry(km, &xfrm_km_list, list) {
1711                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1712                 if (!acqret)
1713                         err = acqret;
1714         }
1715         read_unlock(&xfrm_km_lock);
1716         return err;
1717 }
1718 EXPORT_SYMBOL(km_query);
1719
1720 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1721 {
1722         int err = -EINVAL;
1723         struct xfrm_mgr *km;
1724
1725         read_lock(&xfrm_km_lock);
1726         list_for_each_entry(km, &xfrm_km_list, list) {
1727                 if (km->new_mapping)
1728                         err = km->new_mapping(x, ipaddr, sport);
1729                 if (!err)
1730                         break;
1731         }
1732         read_unlock(&xfrm_km_lock);
1733         return err;
1734 }
1735 EXPORT_SYMBOL(km_new_mapping);
1736
1737 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1738 {
1739         struct km_event c;
1740
1741         c.data.hard = hard;
1742         c.pid = pid;
1743         c.event = XFRM_MSG_POLEXPIRE;
1744         km_policy_notify(pol, dir, &c);
1745
1746         if (hard)
1747                 wake_up(&km_waitq);
1748 }
1749 EXPORT_SYMBOL(km_policy_expired);
1750
1751 #ifdef CONFIG_XFRM_MIGRATE
1752 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1753                struct xfrm_migrate *m, int num_migrate)
1754 {
1755         int err = -EINVAL;
1756         int ret;
1757         struct xfrm_mgr *km;
1758
1759         read_lock(&xfrm_km_lock);
1760         list_for_each_entry(km, &xfrm_km_list, list) {
1761                 if (km->migrate) {
1762                         ret = km->migrate(sel, dir, type, m, num_migrate);
1763                         if (!ret)
1764                                 err = ret;
1765                 }
1766         }
1767         read_unlock(&xfrm_km_lock);
1768         return err;
1769 }
1770 EXPORT_SYMBOL(km_migrate);
1771 #endif
1772
1773 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1774 {
1775         int err = -EINVAL;
1776         int ret;
1777         struct xfrm_mgr *km;
1778
1779         read_lock(&xfrm_km_lock);
1780         list_for_each_entry(km, &xfrm_km_list, list) {
1781                 if (km->report) {
1782                         ret = km->report(proto, sel, addr);
1783                         if (!ret)
1784                                 err = ret;
1785                 }
1786         }
1787         read_unlock(&xfrm_km_lock);
1788         return err;
1789 }
1790 EXPORT_SYMBOL(km_report);
1791
1792 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1793 {
1794         int err;
1795         u8 *data;
1796         struct xfrm_mgr *km;
1797         struct xfrm_policy *pol = NULL;
1798
1799         if (optlen <= 0 || optlen > PAGE_SIZE)
1800                 return -EMSGSIZE;
1801
1802         data = kmalloc(optlen, GFP_KERNEL);
1803         if (!data)
1804                 return -ENOMEM;
1805
1806         err = -EFAULT;
1807         if (copy_from_user(data, optval, optlen))
1808                 goto out;
1809
1810         err = -EINVAL;
1811         read_lock(&xfrm_km_lock);
1812         list_for_each_entry(km, &xfrm_km_list, list) {
1813                 pol = km->compile_policy(sk, optname, data,
1814                                          optlen, &err);
1815                 if (err >= 0)
1816                         break;
1817         }
1818         read_unlock(&xfrm_km_lock);
1819
1820         if (err >= 0) {
1821                 xfrm_sk_policy_insert(sk, err, pol);
1822                 xfrm_pol_put(pol);
1823                 err = 0;
1824         }
1825
1826 out:
1827         kfree(data);
1828         return err;
1829 }
1830 EXPORT_SYMBOL(xfrm_user_policy);
1831
1832 int xfrm_register_km(struct xfrm_mgr *km)
1833 {
1834         write_lock_bh(&xfrm_km_lock);
1835         list_add_tail(&km->list, &xfrm_km_list);
1836         write_unlock_bh(&xfrm_km_lock);
1837         return 0;
1838 }
1839 EXPORT_SYMBOL(xfrm_register_km);
1840
1841 int xfrm_unregister_km(struct xfrm_mgr *km)
1842 {
1843         write_lock_bh(&xfrm_km_lock);
1844         list_del(&km->list);
1845         write_unlock_bh(&xfrm_km_lock);
1846         return 0;
1847 }
1848 EXPORT_SYMBOL(xfrm_unregister_km);
1849
1850 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1851 {
1852         int err = 0;
1853         if (unlikely(afinfo == NULL))
1854                 return -EINVAL;
1855         if (unlikely(afinfo->family >= NPROTO))
1856                 return -EAFNOSUPPORT;
1857         write_lock_bh(&xfrm_state_afinfo_lock);
1858         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1859                 err = -ENOBUFS;
1860         else
1861                 xfrm_state_afinfo[afinfo->family] = afinfo;
1862         write_unlock_bh(&xfrm_state_afinfo_lock);
1863         return err;
1864 }
1865 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1866
1867 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1868 {
1869         int err = 0;
1870         if (unlikely(afinfo == NULL))
1871                 return -EINVAL;
1872         if (unlikely(afinfo->family >= NPROTO))
1873                 return -EAFNOSUPPORT;
1874         write_lock_bh(&xfrm_state_afinfo_lock);
1875         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1876                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1877                         err = -EINVAL;
1878                 else
1879                         xfrm_state_afinfo[afinfo->family] = NULL;
1880         }
1881         write_unlock_bh(&xfrm_state_afinfo_lock);
1882         return err;
1883 }
1884 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1885
1886 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1887 {
1888         struct xfrm_state_afinfo *afinfo;
1889         if (unlikely(family >= NPROTO))
1890                 return NULL;
1891         read_lock(&xfrm_state_afinfo_lock);
1892         afinfo = xfrm_state_afinfo[family];
1893         if (unlikely(!afinfo))
1894                 read_unlock(&xfrm_state_afinfo_lock);
1895         return afinfo;
1896 }
1897
1898 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1899 {
1900         read_unlock(&xfrm_state_afinfo_lock);
1901 }
1902
1903 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1904 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1905 {
1906         if (x->tunnel) {
1907                 struct xfrm_state *t = x->tunnel;
1908
1909                 if (atomic_read(&t->tunnel_users) == 2)
1910                         xfrm_state_delete(t);
1911                 atomic_dec(&t->tunnel_users);
1912                 xfrm_state_put(t);
1913                 x->tunnel = NULL;
1914         }
1915 }
1916 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1917
1918 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1919 {
1920         int res;
1921
1922         spin_lock_bh(&x->lock);
1923         if (x->km.state == XFRM_STATE_VALID &&
1924             x->type && x->type->get_mtu)
1925                 res = x->type->get_mtu(x, mtu);
1926         else
1927                 res = mtu - x->props.header_len;
1928         spin_unlock_bh(&x->lock);
1929         return res;
1930 }
1931
1932 int xfrm_init_state(struct xfrm_state *x)
1933 {
1934         struct xfrm_state_afinfo *afinfo;
1935         int family = x->props.family;
1936         int err;
1937
1938         err = -EAFNOSUPPORT;
1939         afinfo = xfrm_state_get_afinfo(family);
1940         if (!afinfo)
1941                 goto error;
1942
1943         err = 0;
1944         if (afinfo->init_flags)
1945                 err = afinfo->init_flags(x);
1946
1947         xfrm_state_put_afinfo(afinfo);
1948
1949         if (err)
1950                 goto error;
1951
1952         err = -EPROTONOSUPPORT;
1953         x->inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
1954         if (x->inner_mode == NULL)
1955                 goto error;
1956
1957         if (!(x->inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
1958             family != x->sel.family)
1959                 goto error;
1960
1961         x->type = xfrm_get_type(x->id.proto, family);
1962         if (x->type == NULL)
1963                 goto error;
1964
1965         err = x->type->init_state(x);
1966         if (err)
1967                 goto error;
1968
1969         x->outer_mode = xfrm_get_mode(x->props.mode, family);
1970         if (x->outer_mode == NULL)
1971                 goto error;
1972
1973         x->km.state = XFRM_STATE_VALID;
1974
1975 error:
1976         return err;
1977 }
1978
1979 EXPORT_SYMBOL(xfrm_init_state);
1980
1981 void __init xfrm_state_init(void)
1982 {
1983         unsigned int sz;
1984
1985         sz = sizeof(struct hlist_head) * 8;
1986
1987         xfrm_state_bydst = xfrm_hash_alloc(sz);
1988         xfrm_state_bysrc = xfrm_hash_alloc(sz);
1989         xfrm_state_byspi = xfrm_hash_alloc(sz);
1990         if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
1991                 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
1992         xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1993
1994         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
1995 }
1996
1997 #ifdef CONFIG_AUDITSYSCALL
1998 static inline void xfrm_audit_common_stateinfo(struct xfrm_state *x,
1999                                                struct audit_buffer *audit_buf)
2000 {
2001         if (x->security)
2002                 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2003                                  x->security->ctx_alg, x->security->ctx_doi,
2004                                  x->security->ctx_str);
2005
2006         switch(x->props.family) {
2007         case AF_INET:
2008                 audit_log_format(audit_buf, " src=%u.%u.%u.%u dst=%u.%u.%u.%u",
2009                                  NIPQUAD(x->props.saddr.a4),
2010                                  NIPQUAD(x->id.daddr.a4));
2011                 break;
2012         case AF_INET6:
2013                 {
2014                         struct in6_addr saddr6, daddr6;
2015
2016                         memcpy(&saddr6, x->props.saddr.a6,
2017                                 sizeof(struct in6_addr));
2018                         memcpy(&daddr6, x->id.daddr.a6,
2019                                 sizeof(struct in6_addr));
2020                         audit_log_format(audit_buf,
2021                                          " src=" NIP6_FMT " dst=" NIP6_FMT,
2022                                          NIP6(saddr6), NIP6(daddr6));
2023                 }
2024                 break;
2025         }
2026 }
2027
2028 void
2029 xfrm_audit_state_add(struct xfrm_state *x, int result, u32 auid, u32 sid)
2030 {
2031         struct audit_buffer *audit_buf;
2032         u32 spi;
2033         extern int audit_enabled;
2034
2035         if (audit_enabled == 0)
2036                 return;
2037         audit_buf = xfrm_audit_start(auid, sid);
2038         if (audit_buf == NULL)
2039                 return;
2040         audit_log_format(audit_buf, " op=SAD-add res=%u",result);
2041         xfrm_audit_common_stateinfo(x, audit_buf);
2042         spi = ntohl(x->id.spi);
2043         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2044         audit_log_end(audit_buf);
2045 }
2046 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2047
2048 void
2049 xfrm_audit_state_delete(struct xfrm_state *x, int result, u32 auid, u32 sid)
2050 {
2051         struct audit_buffer *audit_buf;
2052         u32 spi;
2053         extern int audit_enabled;
2054
2055         if (audit_enabled == 0)
2056                 return;
2057         audit_buf = xfrm_audit_start(auid, sid);
2058         if (audit_buf == NULL)
2059                 return;
2060         audit_log_format(audit_buf, " op=SAD-delete res=%u",result);
2061         xfrm_audit_common_stateinfo(x, audit_buf);
2062         spi = ntohl(x->id.spi);
2063         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2064         audit_log_end(audit_buf);
2065 }
2066 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2067 #endif /* CONFIG_AUDITSYSCALL */