Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
[linux-2.6] / net / xfrm / xfrm_state.c
1 /*
2  * xfrm_state.c
3  *
4  * Changes:
5  *      Mitsuru KANDA @USAGI
6  *      Kazunori MIYAZAWA @USAGI
7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8  *              IPv6 support
9  *      YOSHIFUJI Hideaki @USAGI
10  *              Split up af-specific functions
11  *      Derek Atkins <derek@ihtfp.com>
12  *              Add UDP Encapsulation
13  *
14  */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <asm/uaccess.h>
22
23 struct sock *xfrm_nl;
24 EXPORT_SYMBOL(xfrm_nl);
25
26 u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME;
27 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
28
29 u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE;
30 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
31
32 /* Each xfrm_state may be linked to two tables:
33
34    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
35    2. Hash table by daddr to find what SAs exist for given
36       destination/tunnel endpoint. (output)
37  */
38
39 static DEFINE_SPINLOCK(xfrm_state_lock);
40
41 /* Hash table to find appropriate SA towards given target (endpoint
42  * of tunnel or destination of transport mode) allowed by selector.
43  *
44  * Main use is finding SA after policy selected tunnel or transport mode.
45  * Also, it can be used by ah/esp icmp error handler to find offending SA.
46  */
47 static struct list_head xfrm_state_bydst[XFRM_DST_HSIZE];
48 static struct list_head xfrm_state_byspi[XFRM_DST_HSIZE];
49
50 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
51 EXPORT_SYMBOL(km_waitq);
52
53 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
54 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
55
56 static struct work_struct xfrm_state_gc_work;
57 static struct list_head xfrm_state_gc_list = LIST_HEAD_INIT(xfrm_state_gc_list);
58 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
59
60 static int xfrm_state_gc_flush_bundles;
61
62 int __xfrm_state_delete(struct xfrm_state *x);
63
64 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family);
65 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
66
67 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
68 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
69
70 static void xfrm_state_gc_destroy(struct xfrm_state *x)
71 {
72         if (del_timer(&x->timer))
73                 BUG();
74         if (del_timer(&x->rtimer))
75                 BUG();
76         kfree(x->aalg);
77         kfree(x->ealg);
78         kfree(x->calg);
79         kfree(x->encap);
80         if (x->type) {
81                 x->type->destructor(x);
82                 xfrm_put_type(x->type);
83         }
84         security_xfrm_state_free(x);
85         kfree(x);
86 }
87
88 static void xfrm_state_gc_task(void *data)
89 {
90         struct xfrm_state *x;
91         struct list_head *entry, *tmp;
92         struct list_head gc_list = LIST_HEAD_INIT(gc_list);
93
94         if (xfrm_state_gc_flush_bundles) {
95                 xfrm_state_gc_flush_bundles = 0;
96                 xfrm_flush_bundles();
97         }
98
99         spin_lock_bh(&xfrm_state_gc_lock);
100         list_splice_init(&xfrm_state_gc_list, &gc_list);
101         spin_unlock_bh(&xfrm_state_gc_lock);
102
103         list_for_each_safe(entry, tmp, &gc_list) {
104                 x = list_entry(entry, struct xfrm_state, bydst);
105                 xfrm_state_gc_destroy(x);
106         }
107         wake_up(&km_waitq);
108 }
109
110 static inline unsigned long make_jiffies(long secs)
111 {
112         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
113                 return MAX_SCHEDULE_TIMEOUT-1;
114         else
115                 return secs*HZ;
116 }
117
118 static void xfrm_timer_handler(unsigned long data)
119 {
120         struct xfrm_state *x = (struct xfrm_state*)data;
121         unsigned long now = (unsigned long)xtime.tv_sec;
122         long next = LONG_MAX;
123         int warn = 0;
124
125         spin_lock(&x->lock);
126         if (x->km.state == XFRM_STATE_DEAD)
127                 goto out;
128         if (x->km.state == XFRM_STATE_EXPIRED)
129                 goto expired;
130         if (x->lft.hard_add_expires_seconds) {
131                 long tmo = x->lft.hard_add_expires_seconds +
132                         x->curlft.add_time - now;
133                 if (tmo <= 0)
134                         goto expired;
135                 if (tmo < next)
136                         next = tmo;
137         }
138         if (x->lft.hard_use_expires_seconds) {
139                 long tmo = x->lft.hard_use_expires_seconds +
140                         (x->curlft.use_time ? : now) - now;
141                 if (tmo <= 0)
142                         goto expired;
143                 if (tmo < next)
144                         next = tmo;
145         }
146         if (x->km.dying)
147                 goto resched;
148         if (x->lft.soft_add_expires_seconds) {
149                 long tmo = x->lft.soft_add_expires_seconds +
150                         x->curlft.add_time - now;
151                 if (tmo <= 0)
152                         warn = 1;
153                 else if (tmo < next)
154                         next = tmo;
155         }
156         if (x->lft.soft_use_expires_seconds) {
157                 long tmo = x->lft.soft_use_expires_seconds +
158                         (x->curlft.use_time ? : now) - now;
159                 if (tmo <= 0)
160                         warn = 1;
161                 else if (tmo < next)
162                         next = tmo;
163         }
164
165         x->km.dying = warn;
166         if (warn)
167                 km_state_expired(x, 0, 0);
168 resched:
169         if (next != LONG_MAX &&
170             !mod_timer(&x->timer, jiffies + make_jiffies(next)))
171                 xfrm_state_hold(x);
172         goto out;
173
174 expired:
175         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
176                 x->km.state = XFRM_STATE_EXPIRED;
177                 wake_up(&km_waitq);
178                 next = 2;
179                 goto resched;
180         }
181         if (!__xfrm_state_delete(x) && x->id.spi)
182                 km_state_expired(x, 1, 0);
183
184 out:
185         spin_unlock(&x->lock);
186         xfrm_state_put(x);
187 }
188
189 static void xfrm_replay_timer_handler(unsigned long data);
190
191 struct xfrm_state *xfrm_state_alloc(void)
192 {
193         struct xfrm_state *x;
194
195         x = kmalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
196
197         if (x) {
198                 memset(x, 0, sizeof(struct xfrm_state));
199                 atomic_set(&x->refcnt, 1);
200                 atomic_set(&x->tunnel_users, 0);
201                 INIT_LIST_HEAD(&x->bydst);
202                 INIT_LIST_HEAD(&x->byspi);
203                 init_timer(&x->timer);
204                 x->timer.function = xfrm_timer_handler;
205                 x->timer.data     = (unsigned long)x;
206                 init_timer(&x->rtimer);
207                 x->rtimer.function = xfrm_replay_timer_handler;
208                 x->rtimer.data     = (unsigned long)x;
209                 x->curlft.add_time = (unsigned long)xtime.tv_sec;
210                 x->lft.soft_byte_limit = XFRM_INF;
211                 x->lft.soft_packet_limit = XFRM_INF;
212                 x->lft.hard_byte_limit = XFRM_INF;
213                 x->lft.hard_packet_limit = XFRM_INF;
214                 x->replay_maxage = 0;
215                 x->replay_maxdiff = 0;
216                 spin_lock_init(&x->lock);
217         }
218         return x;
219 }
220 EXPORT_SYMBOL(xfrm_state_alloc);
221
222 void __xfrm_state_destroy(struct xfrm_state *x)
223 {
224         BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
225
226         spin_lock_bh(&xfrm_state_gc_lock);
227         list_add(&x->bydst, &xfrm_state_gc_list);
228         spin_unlock_bh(&xfrm_state_gc_lock);
229         schedule_work(&xfrm_state_gc_work);
230 }
231 EXPORT_SYMBOL(__xfrm_state_destroy);
232
233 int __xfrm_state_delete(struct xfrm_state *x)
234 {
235         int err = -ESRCH;
236
237         if (x->km.state != XFRM_STATE_DEAD) {
238                 x->km.state = XFRM_STATE_DEAD;
239                 spin_lock(&xfrm_state_lock);
240                 list_del(&x->bydst);
241                 __xfrm_state_put(x);
242                 if (x->id.spi) {
243                         list_del(&x->byspi);
244                         __xfrm_state_put(x);
245                 }
246                 spin_unlock(&xfrm_state_lock);
247                 if (del_timer(&x->timer))
248                         __xfrm_state_put(x);
249                 if (del_timer(&x->rtimer))
250                         __xfrm_state_put(x);
251
252                 /* The number two in this test is the reference
253                  * mentioned in the comment below plus the reference
254                  * our caller holds.  A larger value means that
255                  * there are DSTs attached to this xfrm_state.
256                  */
257                 if (atomic_read(&x->refcnt) > 2) {
258                         xfrm_state_gc_flush_bundles = 1;
259                         schedule_work(&xfrm_state_gc_work);
260                 }
261
262                 /* All xfrm_state objects are created by xfrm_state_alloc.
263                  * The xfrm_state_alloc call gives a reference, and that
264                  * is what we are dropping here.
265                  */
266                 __xfrm_state_put(x);
267                 err = 0;
268         }
269
270         return err;
271 }
272 EXPORT_SYMBOL(__xfrm_state_delete);
273
274 int xfrm_state_delete(struct xfrm_state *x)
275 {
276         int err;
277
278         spin_lock_bh(&x->lock);
279         err = __xfrm_state_delete(x);
280         spin_unlock_bh(&x->lock);
281
282         return err;
283 }
284 EXPORT_SYMBOL(xfrm_state_delete);
285
286 void xfrm_state_flush(u8 proto)
287 {
288         int i;
289         struct xfrm_state *x;
290
291         spin_lock_bh(&xfrm_state_lock);
292         for (i = 0; i < XFRM_DST_HSIZE; i++) {
293 restart:
294                 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
295                         if (!xfrm_state_kern(x) &&
296                             (proto == IPSEC_PROTO_ANY || x->id.proto == proto)) {
297                                 xfrm_state_hold(x);
298                                 spin_unlock_bh(&xfrm_state_lock);
299
300                                 xfrm_state_delete(x);
301                                 xfrm_state_put(x);
302
303                                 spin_lock_bh(&xfrm_state_lock);
304                                 goto restart;
305                         }
306                 }
307         }
308         spin_unlock_bh(&xfrm_state_lock);
309         wake_up(&km_waitq);
310 }
311 EXPORT_SYMBOL(xfrm_state_flush);
312
313 static int
314 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
315                   struct xfrm_tmpl *tmpl,
316                   xfrm_address_t *daddr, xfrm_address_t *saddr,
317                   unsigned short family)
318 {
319         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
320         if (!afinfo)
321                 return -1;
322         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
323         xfrm_state_put_afinfo(afinfo);
324         return 0;
325 }
326
327 struct xfrm_state *
328 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 
329                 struct flowi *fl, struct xfrm_tmpl *tmpl,
330                 struct xfrm_policy *pol, int *err,
331                 unsigned short family)
332 {
333         unsigned h = xfrm_dst_hash(daddr, family);
334         struct xfrm_state *x, *x0;
335         int acquire_in_progress = 0;
336         int error = 0;
337         struct xfrm_state *best = NULL;
338         struct xfrm_state_afinfo *afinfo;
339         
340         afinfo = xfrm_state_get_afinfo(family);
341         if (afinfo == NULL) {
342                 *err = -EAFNOSUPPORT;
343                 return NULL;
344         }
345
346         spin_lock_bh(&xfrm_state_lock);
347         list_for_each_entry(x, xfrm_state_bydst+h, bydst) {
348                 if (x->props.family == family &&
349                     x->props.reqid == tmpl->reqid &&
350                     xfrm_state_addr_check(x, daddr, saddr, family) &&
351                     tmpl->mode == x->props.mode &&
352                     tmpl->id.proto == x->id.proto &&
353                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
354                         /* Resolution logic:
355                            1. There is a valid state with matching selector.
356                               Done.
357                            2. Valid state with inappropriate selector. Skip.
358
359                            Entering area of "sysdeps".
360
361                            3. If state is not valid, selector is temporary,
362                               it selects only session which triggered
363                               previous resolution. Key manager will do
364                               something to install a state with proper
365                               selector.
366                          */
367                         if (x->km.state == XFRM_STATE_VALID) {
368                                 if (!xfrm_selector_match(&x->sel, fl, family) ||
369                                     !xfrm_sec_ctx_match(pol->security, x->security))
370                                         continue;
371                                 if (!best ||
372                                     best->km.dying > x->km.dying ||
373                                     (best->km.dying == x->km.dying &&
374                                      best->curlft.add_time < x->curlft.add_time))
375                                         best = x;
376                         } else if (x->km.state == XFRM_STATE_ACQ) {
377                                 acquire_in_progress = 1;
378                         } else if (x->km.state == XFRM_STATE_ERROR ||
379                                    x->km.state == XFRM_STATE_EXPIRED) {
380                                 if (xfrm_selector_match(&x->sel, fl, family) &&
381                                     xfrm_sec_ctx_match(pol->security, x->security))
382                                         error = -ESRCH;
383                         }
384                 }
385         }
386
387         x = best;
388         if (!x && !error && !acquire_in_progress) {
389                 if (tmpl->id.spi &&
390                     (x0 = afinfo->state_lookup(daddr, tmpl->id.spi,
391                                                tmpl->id.proto)) != NULL) {
392                         xfrm_state_put(x0);
393                         error = -EEXIST;
394                         goto out;
395                 }
396                 x = xfrm_state_alloc();
397                 if (x == NULL) {
398                         error = -ENOMEM;
399                         goto out;
400                 }
401                 /* Initialize temporary selector matching only
402                  * to current session. */
403                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
404
405                 if (km_query(x, tmpl, pol) == 0) {
406                         x->km.state = XFRM_STATE_ACQ;
407                         list_add_tail(&x->bydst, xfrm_state_bydst+h);
408                         xfrm_state_hold(x);
409                         if (x->id.spi) {
410                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
411                                 list_add(&x->byspi, xfrm_state_byspi+h);
412                                 xfrm_state_hold(x);
413                         }
414                         x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
415                         xfrm_state_hold(x);
416                         x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
417                         add_timer(&x->timer);
418                 } else {
419                         x->km.state = XFRM_STATE_DEAD;
420                         xfrm_state_put(x);
421                         x = NULL;
422                         error = -ESRCH;
423                 }
424         }
425 out:
426         if (x)
427                 xfrm_state_hold(x);
428         else
429                 *err = acquire_in_progress ? -EAGAIN : error;
430         spin_unlock_bh(&xfrm_state_lock);
431         xfrm_state_put_afinfo(afinfo);
432         return x;
433 }
434
435 static void __xfrm_state_insert(struct xfrm_state *x)
436 {
437         unsigned h = xfrm_dst_hash(&x->id.daddr, x->props.family);
438
439         list_add(&x->bydst, xfrm_state_bydst+h);
440         xfrm_state_hold(x);
441
442         h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
443
444         list_add(&x->byspi, xfrm_state_byspi+h);
445         xfrm_state_hold(x);
446
447         if (!mod_timer(&x->timer, jiffies + HZ))
448                 xfrm_state_hold(x);
449
450         if (x->replay_maxage &&
451             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
452                 xfrm_state_hold(x);
453
454         wake_up(&km_waitq);
455 }
456
457 void xfrm_state_insert(struct xfrm_state *x)
458 {
459         spin_lock_bh(&xfrm_state_lock);
460         __xfrm_state_insert(x);
461         spin_unlock_bh(&xfrm_state_lock);
462
463         xfrm_flush_all_bundles();
464 }
465 EXPORT_SYMBOL(xfrm_state_insert);
466
467 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
468
469 int xfrm_state_add(struct xfrm_state *x)
470 {
471         struct xfrm_state_afinfo *afinfo;
472         struct xfrm_state *x1;
473         int family;
474         int err;
475
476         family = x->props.family;
477         afinfo = xfrm_state_get_afinfo(family);
478         if (unlikely(afinfo == NULL))
479                 return -EAFNOSUPPORT;
480
481         spin_lock_bh(&xfrm_state_lock);
482
483         x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
484         if (x1) {
485                 xfrm_state_put(x1);
486                 x1 = NULL;
487                 err = -EEXIST;
488                 goto out;
489         }
490
491         if (x->km.seq) {
492                 x1 = __xfrm_find_acq_byseq(x->km.seq);
493                 if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
494                         xfrm_state_put(x1);
495                         x1 = NULL;
496                 }
497         }
498
499         if (!x1)
500                 x1 = afinfo->find_acq(
501                         x->props.mode, x->props.reqid, x->id.proto,
502                         &x->id.daddr, &x->props.saddr, 0);
503
504         __xfrm_state_insert(x);
505         err = 0;
506
507 out:
508         spin_unlock_bh(&xfrm_state_lock);
509         xfrm_state_put_afinfo(afinfo);
510
511         if (!err)
512                 xfrm_flush_all_bundles();
513
514         if (x1) {
515                 xfrm_state_delete(x1);
516                 xfrm_state_put(x1);
517         }
518
519         return err;
520 }
521 EXPORT_SYMBOL(xfrm_state_add);
522
523 int xfrm_state_update(struct xfrm_state *x)
524 {
525         struct xfrm_state_afinfo *afinfo;
526         struct xfrm_state *x1;
527         int err;
528
529         afinfo = xfrm_state_get_afinfo(x->props.family);
530         if (unlikely(afinfo == NULL))
531                 return -EAFNOSUPPORT;
532
533         spin_lock_bh(&xfrm_state_lock);
534         x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
535
536         err = -ESRCH;
537         if (!x1)
538                 goto out;
539
540         if (xfrm_state_kern(x1)) {
541                 xfrm_state_put(x1);
542                 err = -EEXIST;
543                 goto out;
544         }
545
546         if (x1->km.state == XFRM_STATE_ACQ) {
547                 __xfrm_state_insert(x);
548                 x = NULL;
549         }
550         err = 0;
551
552 out:
553         spin_unlock_bh(&xfrm_state_lock);
554         xfrm_state_put_afinfo(afinfo);
555
556         if (err)
557                 return err;
558
559         if (!x) {
560                 xfrm_state_delete(x1);
561                 xfrm_state_put(x1);
562                 return 0;
563         }
564
565         err = -EINVAL;
566         spin_lock_bh(&x1->lock);
567         if (likely(x1->km.state == XFRM_STATE_VALID)) {
568                 if (x->encap && x1->encap)
569                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
570                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
571                 x1->km.dying = 0;
572
573                 if (!mod_timer(&x1->timer, jiffies + HZ))
574                         xfrm_state_hold(x1);
575                 if (x1->curlft.use_time)
576                         xfrm_state_check_expire(x1);
577
578                 err = 0;
579         }
580         spin_unlock_bh(&x1->lock);
581
582         xfrm_state_put(x1);
583
584         return err;
585 }
586 EXPORT_SYMBOL(xfrm_state_update);
587
588 int xfrm_state_check_expire(struct xfrm_state *x)
589 {
590         if (!x->curlft.use_time)
591                 x->curlft.use_time = (unsigned long)xtime.tv_sec;
592
593         if (x->km.state != XFRM_STATE_VALID)
594                 return -EINVAL;
595
596         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
597             x->curlft.packets >= x->lft.hard_packet_limit) {
598                 x->km.state = XFRM_STATE_EXPIRED;
599                 if (!mod_timer(&x->timer, jiffies))
600                         xfrm_state_hold(x);
601                 return -EINVAL;
602         }
603
604         if (!x->km.dying &&
605             (x->curlft.bytes >= x->lft.soft_byte_limit ||
606              x->curlft.packets >= x->lft.soft_packet_limit)) {
607                 x->km.dying = 1;
608                 km_state_expired(x, 0, 0);
609         }
610         return 0;
611 }
612 EXPORT_SYMBOL(xfrm_state_check_expire);
613
614 static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
615 {
616         int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev)
617                 - skb_headroom(skb);
618
619         if (nhead > 0)
620                 return pskb_expand_head(skb, nhead, 0, GFP_ATOMIC);
621
622         /* Check tail too... */
623         return 0;
624 }
625
626 int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
627 {
628         int err = xfrm_state_check_expire(x);
629         if (err < 0)
630                 goto err;
631         err = xfrm_state_check_space(x, skb);
632 err:
633         return err;
634 }
635 EXPORT_SYMBOL(xfrm_state_check);
636
637 struct xfrm_state *
638 xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto,
639                   unsigned short family)
640 {
641         struct xfrm_state *x;
642         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
643         if (!afinfo)
644                 return NULL;
645
646         spin_lock_bh(&xfrm_state_lock);
647         x = afinfo->state_lookup(daddr, spi, proto);
648         spin_unlock_bh(&xfrm_state_lock);
649         xfrm_state_put_afinfo(afinfo);
650         return x;
651 }
652 EXPORT_SYMBOL(xfrm_state_lookup);
653
654 struct xfrm_state *
655 xfrm_find_acq(u8 mode, u32 reqid, u8 proto, 
656               xfrm_address_t *daddr, xfrm_address_t *saddr, 
657               int create, unsigned short family)
658 {
659         struct xfrm_state *x;
660         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
661         if (!afinfo)
662                 return NULL;
663
664         spin_lock_bh(&xfrm_state_lock);
665         x = afinfo->find_acq(mode, reqid, proto, daddr, saddr, create);
666         spin_unlock_bh(&xfrm_state_lock);
667         xfrm_state_put_afinfo(afinfo);
668         return x;
669 }
670 EXPORT_SYMBOL(xfrm_find_acq);
671
672 /* Silly enough, but I'm lazy to build resolution list */
673
674 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
675 {
676         int i;
677         struct xfrm_state *x;
678
679         for (i = 0; i < XFRM_DST_HSIZE; i++) {
680                 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
681                         if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
682                                 xfrm_state_hold(x);
683                                 return x;
684                         }
685                 }
686         }
687         return NULL;
688 }
689
690 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
691 {
692         struct xfrm_state *x;
693
694         spin_lock_bh(&xfrm_state_lock);
695         x = __xfrm_find_acq_byseq(seq);
696         spin_unlock_bh(&xfrm_state_lock);
697         return x;
698 }
699 EXPORT_SYMBOL(xfrm_find_acq_byseq);
700
701 u32 xfrm_get_acqseq(void)
702 {
703         u32 res;
704         static u32 acqseq;
705         static DEFINE_SPINLOCK(acqseq_lock);
706
707         spin_lock_bh(&acqseq_lock);
708         res = (++acqseq ? : ++acqseq);
709         spin_unlock_bh(&acqseq_lock);
710         return res;
711 }
712 EXPORT_SYMBOL(xfrm_get_acqseq);
713
714 void
715 xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi)
716 {
717         u32 h;
718         struct xfrm_state *x0;
719
720         if (x->id.spi)
721                 return;
722
723         if (minspi == maxspi) {
724                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
725                 if (x0) {
726                         xfrm_state_put(x0);
727                         return;
728                 }
729                 x->id.spi = minspi;
730         } else {
731                 u32 spi = 0;
732                 minspi = ntohl(minspi);
733                 maxspi = ntohl(maxspi);
734                 for (h=0; h<maxspi-minspi+1; h++) {
735                         spi = minspi + net_random()%(maxspi-minspi+1);
736                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
737                         if (x0 == NULL) {
738                                 x->id.spi = htonl(spi);
739                                 break;
740                         }
741                         xfrm_state_put(x0);
742                 }
743         }
744         if (x->id.spi) {
745                 spin_lock_bh(&xfrm_state_lock);
746                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
747                 list_add(&x->byspi, xfrm_state_byspi+h);
748                 xfrm_state_hold(x);
749                 spin_unlock_bh(&xfrm_state_lock);
750                 wake_up(&km_waitq);
751         }
752 }
753 EXPORT_SYMBOL(xfrm_alloc_spi);
754
755 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
756                     void *data)
757 {
758         int i;
759         struct xfrm_state *x;
760         int count = 0;
761         int err = 0;
762
763         spin_lock_bh(&xfrm_state_lock);
764         for (i = 0; i < XFRM_DST_HSIZE; i++) {
765                 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
766                         if (proto == IPSEC_PROTO_ANY || x->id.proto == proto)
767                                 count++;
768                 }
769         }
770         if (count == 0) {
771                 err = -ENOENT;
772                 goto out;
773         }
774
775         for (i = 0; i < XFRM_DST_HSIZE; i++) {
776                 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
777                         if (proto != IPSEC_PROTO_ANY && x->id.proto != proto)
778                                 continue;
779                         err = func(x, --count, data);
780                         if (err)
781                                 goto out;
782                 }
783         }
784 out:
785         spin_unlock_bh(&xfrm_state_lock);
786         return err;
787 }
788 EXPORT_SYMBOL(xfrm_state_walk);
789
790
791 void xfrm_replay_notify(struct xfrm_state *x, int event)
792 {
793         struct km_event c;
794         /* we send notify messages in case
795          *  1. we updated on of the sequence numbers, and the seqno difference
796          *     is at least x->replay_maxdiff, in this case we also update the
797          *     timeout of our timer function
798          *  2. if x->replay_maxage has elapsed since last update,
799          *     and there were changes
800          *
801          *  The state structure must be locked!
802          */
803
804         switch (event) {
805         case XFRM_REPLAY_UPDATE:
806                 if (x->replay_maxdiff &&
807                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
808                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
809                         if (x->xflags & XFRM_TIME_DEFER)
810                                 event = XFRM_REPLAY_TIMEOUT;
811                         else
812                                 return;
813                 }
814
815                 break;
816
817         case XFRM_REPLAY_TIMEOUT:
818                 if ((x->replay.seq == x->preplay.seq) &&
819                     (x->replay.bitmap == x->preplay.bitmap) &&
820                     (x->replay.oseq == x->preplay.oseq)) {
821                         x->xflags |= XFRM_TIME_DEFER;
822                         return;
823                 }
824
825                 break;
826         }
827
828         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
829         c.event = XFRM_MSG_NEWAE;
830         c.data.aevent = event;
831         km_state_notify(x, &c);
832
833         if (x->replay_maxage &&
834             !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) {
835                 xfrm_state_hold(x);
836                 x->xflags &= ~XFRM_TIME_DEFER;
837         }
838 }
839 EXPORT_SYMBOL(xfrm_replay_notify);
840
841 static void xfrm_replay_timer_handler(unsigned long data)
842 {
843         struct xfrm_state *x = (struct xfrm_state*)data;
844
845         spin_lock(&x->lock);
846
847         if (x->km.state == XFRM_STATE_VALID) {
848                 if (xfrm_aevent_is_on())
849                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
850                 else
851                         x->xflags |= XFRM_TIME_DEFER;
852         }
853
854         spin_unlock(&x->lock);
855         xfrm_state_put(x);
856 }
857
858 int xfrm_replay_check(struct xfrm_state *x, u32 seq)
859 {
860         u32 diff;
861
862         seq = ntohl(seq);
863
864         if (unlikely(seq == 0))
865                 return -EINVAL;
866
867         if (likely(seq > x->replay.seq))
868                 return 0;
869
870         diff = x->replay.seq - seq;
871         if (diff >= x->props.replay_window) {
872                 x->stats.replay_window++;
873                 return -EINVAL;
874         }
875
876         if (x->replay.bitmap & (1U << diff)) {
877                 x->stats.replay++;
878                 return -EINVAL;
879         }
880         return 0;
881 }
882 EXPORT_SYMBOL(xfrm_replay_check);
883
884 void xfrm_replay_advance(struct xfrm_state *x, u32 seq)
885 {
886         u32 diff;
887
888         seq = ntohl(seq);
889
890         if (seq > x->replay.seq) {
891                 diff = seq - x->replay.seq;
892                 if (diff < x->props.replay_window)
893                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
894                 else
895                         x->replay.bitmap = 1;
896                 x->replay.seq = seq;
897         } else {
898                 diff = x->replay.seq - seq;
899                 x->replay.bitmap |= (1U << diff);
900         }
901
902         if (xfrm_aevent_is_on())
903                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
904 }
905 EXPORT_SYMBOL(xfrm_replay_advance);
906
907 static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
908 static DEFINE_RWLOCK(xfrm_km_lock);
909
910 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
911 {
912         struct xfrm_mgr *km;
913
914         read_lock(&xfrm_km_lock);
915         list_for_each_entry(km, &xfrm_km_list, list)
916                 if (km->notify_policy)
917                         km->notify_policy(xp, dir, c);
918         read_unlock(&xfrm_km_lock);
919 }
920
921 void km_state_notify(struct xfrm_state *x, struct km_event *c)
922 {
923         struct xfrm_mgr *km;
924         read_lock(&xfrm_km_lock);
925         list_for_each_entry(km, &xfrm_km_list, list)
926                 if (km->notify)
927                         km->notify(x, c);
928         read_unlock(&xfrm_km_lock);
929 }
930
931 EXPORT_SYMBOL(km_policy_notify);
932 EXPORT_SYMBOL(km_state_notify);
933
934 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
935 {
936         struct km_event c;
937
938         c.data.hard = hard;
939         c.pid = pid;
940         c.event = XFRM_MSG_EXPIRE;
941         km_state_notify(x, &c);
942
943         if (hard)
944                 wake_up(&km_waitq);
945 }
946
947 EXPORT_SYMBOL(km_state_expired);
948 /*
949  * We send to all registered managers regardless of failure
950  * We are happy with one success
951 */
952 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
953 {
954         int err = -EINVAL, acqret;
955         struct xfrm_mgr *km;
956
957         read_lock(&xfrm_km_lock);
958         list_for_each_entry(km, &xfrm_km_list, list) {
959                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
960                 if (!acqret)
961                         err = acqret;
962         }
963         read_unlock(&xfrm_km_lock);
964         return err;
965 }
966 EXPORT_SYMBOL(km_query);
967
968 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport)
969 {
970         int err = -EINVAL;
971         struct xfrm_mgr *km;
972
973         read_lock(&xfrm_km_lock);
974         list_for_each_entry(km, &xfrm_km_list, list) {
975                 if (km->new_mapping)
976                         err = km->new_mapping(x, ipaddr, sport);
977                 if (!err)
978                         break;
979         }
980         read_unlock(&xfrm_km_lock);
981         return err;
982 }
983 EXPORT_SYMBOL(km_new_mapping);
984
985 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
986 {
987         struct km_event c;
988
989         c.data.hard = hard;
990         c.pid = pid;
991         c.event = XFRM_MSG_POLEXPIRE;
992         km_policy_notify(pol, dir, &c);
993
994         if (hard)
995                 wake_up(&km_waitq);
996 }
997 EXPORT_SYMBOL(km_policy_expired);
998
999 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1000 {
1001         int err;
1002         u8 *data;
1003         struct xfrm_mgr *km;
1004         struct xfrm_policy *pol = NULL;
1005
1006         if (optlen <= 0 || optlen > PAGE_SIZE)
1007                 return -EMSGSIZE;
1008
1009         data = kmalloc(optlen, GFP_KERNEL);
1010         if (!data)
1011                 return -ENOMEM;
1012
1013         err = -EFAULT;
1014         if (copy_from_user(data, optval, optlen))
1015                 goto out;
1016
1017         err = -EINVAL;
1018         read_lock(&xfrm_km_lock);
1019         list_for_each_entry(km, &xfrm_km_list, list) {
1020                 pol = km->compile_policy(sk->sk_family, optname, data,
1021                                          optlen, &err);
1022                 if (err >= 0)
1023                         break;
1024         }
1025         read_unlock(&xfrm_km_lock);
1026
1027         if (err >= 0) {
1028                 xfrm_sk_policy_insert(sk, err, pol);
1029                 xfrm_pol_put(pol);
1030                 err = 0;
1031         }
1032
1033 out:
1034         kfree(data);
1035         return err;
1036 }
1037 EXPORT_SYMBOL(xfrm_user_policy);
1038
1039 int xfrm_register_km(struct xfrm_mgr *km)
1040 {
1041         write_lock_bh(&xfrm_km_lock);
1042         list_add_tail(&km->list, &xfrm_km_list);
1043         write_unlock_bh(&xfrm_km_lock);
1044         return 0;
1045 }
1046 EXPORT_SYMBOL(xfrm_register_km);
1047
1048 int xfrm_unregister_km(struct xfrm_mgr *km)
1049 {
1050         write_lock_bh(&xfrm_km_lock);
1051         list_del(&km->list);
1052         write_unlock_bh(&xfrm_km_lock);
1053         return 0;
1054 }
1055 EXPORT_SYMBOL(xfrm_unregister_km);
1056
1057 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1058 {
1059         int err = 0;
1060         if (unlikely(afinfo == NULL))
1061                 return -EINVAL;
1062         if (unlikely(afinfo->family >= NPROTO))
1063                 return -EAFNOSUPPORT;
1064         write_lock_bh(&xfrm_state_afinfo_lock);
1065         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1066                 err = -ENOBUFS;
1067         else {
1068                 afinfo->state_bydst = xfrm_state_bydst;
1069                 afinfo->state_byspi = xfrm_state_byspi;
1070                 xfrm_state_afinfo[afinfo->family] = afinfo;
1071         }
1072         write_unlock_bh(&xfrm_state_afinfo_lock);
1073         return err;
1074 }
1075 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1076
1077 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1078 {
1079         int err = 0;
1080         if (unlikely(afinfo == NULL))
1081                 return -EINVAL;
1082         if (unlikely(afinfo->family >= NPROTO))
1083                 return -EAFNOSUPPORT;
1084         write_lock_bh(&xfrm_state_afinfo_lock);
1085         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1086                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1087                         err = -EINVAL;
1088                 else {
1089                         xfrm_state_afinfo[afinfo->family] = NULL;
1090                         afinfo->state_byspi = NULL;
1091                         afinfo->state_bydst = NULL;
1092                 }
1093         }
1094         write_unlock_bh(&xfrm_state_afinfo_lock);
1095         return err;
1096 }
1097 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1098
1099 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
1100 {
1101         struct xfrm_state_afinfo *afinfo;
1102         if (unlikely(family >= NPROTO))
1103                 return NULL;
1104         read_lock(&xfrm_state_afinfo_lock);
1105         afinfo = xfrm_state_afinfo[family];
1106         if (likely(afinfo != NULL))
1107                 read_lock(&afinfo->lock);
1108         read_unlock(&xfrm_state_afinfo_lock);
1109         return afinfo;
1110 }
1111
1112 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1113 {
1114         if (unlikely(afinfo == NULL))
1115                 return;
1116         read_unlock(&afinfo->lock);
1117 }
1118
1119 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1120 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1121 {
1122         if (x->tunnel) {
1123                 struct xfrm_state *t = x->tunnel;
1124
1125                 if (atomic_read(&t->tunnel_users) == 2)
1126                         xfrm_state_delete(t);
1127                 atomic_dec(&t->tunnel_users);
1128                 xfrm_state_put(t);
1129                 x->tunnel = NULL;
1130         }
1131 }
1132 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1133
1134 /*
1135  * This function is NOT optimal.  For example, with ESP it will give an
1136  * MTU that's usually two bytes short of being optimal.  However, it will
1137  * usually give an answer that's a multiple of 4 provided the input is
1138  * also a multiple of 4.
1139  */
1140 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1141 {
1142         int res = mtu;
1143
1144         res -= x->props.header_len;
1145
1146         for (;;) {
1147                 int m = res;
1148
1149                 if (m < 68)
1150                         return 68;
1151
1152                 spin_lock_bh(&x->lock);
1153                 if (x->km.state == XFRM_STATE_VALID &&
1154                     x->type && x->type->get_max_size)
1155                         m = x->type->get_max_size(x, m);
1156                 else
1157                         m += x->props.header_len;
1158                 spin_unlock_bh(&x->lock);
1159
1160                 if (m <= mtu)
1161                         break;
1162                 res -= (m - mtu);
1163         }
1164
1165         return res;
1166 }
1167
1168 EXPORT_SYMBOL(xfrm_state_mtu);
1169
1170 int xfrm_init_state(struct xfrm_state *x)
1171 {
1172         struct xfrm_state_afinfo *afinfo;
1173         int family = x->props.family;
1174         int err;
1175
1176         err = -EAFNOSUPPORT;
1177         afinfo = xfrm_state_get_afinfo(family);
1178         if (!afinfo)
1179                 goto error;
1180
1181         err = 0;
1182         if (afinfo->init_flags)
1183                 err = afinfo->init_flags(x);
1184
1185         xfrm_state_put_afinfo(afinfo);
1186
1187         if (err)
1188                 goto error;
1189
1190         err = -EPROTONOSUPPORT;
1191         x->type = xfrm_get_type(x->id.proto, family);
1192         if (x->type == NULL)
1193                 goto error;
1194
1195         err = x->type->init_state(x);
1196         if (err)
1197                 goto error;
1198
1199         x->km.state = XFRM_STATE_VALID;
1200
1201 error:
1202         return err;
1203 }
1204
1205 EXPORT_SYMBOL(xfrm_init_state);
1206  
1207 void __init xfrm_state_init(void)
1208 {
1209         int i;
1210
1211         for (i=0; i<XFRM_DST_HSIZE; i++) {
1212                 INIT_LIST_HEAD(&xfrm_state_bydst[i]);
1213                 INIT_LIST_HEAD(&xfrm_state_byspi[i]);
1214         }
1215         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task, NULL);
1216 }
1217