[NET]: Fix and allocate less memory for ->priv'less netdevices
[linux-2.6] / net / xfrm / xfrm_state.c
1 /*
2  * xfrm_state.c
3  *
4  * Changes:
5  *      Mitsuru KANDA @USAGI
6  *      Kazunori MIYAZAWA @USAGI
7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8  *              IPv6 support
9  *      YOSHIFUJI Hideaki @USAGI
10  *              Split up af-specific functions
11  *      Derek Atkins <derek@ihtfp.com>
12  *              Add UDP Encapsulation
13  *
14  */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <linux/cache.h>
22 #include <linux/audit.h>
23 #include <asm/uaccess.h>
24
25 #include "xfrm_hash.h"
26
27 struct sock *xfrm_nl;
28 EXPORT_SYMBOL(xfrm_nl);
29
30 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
31 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
33 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
34 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
36 u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
38 /* Each xfrm_state may be linked to two tables:
39
40    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
41    2. Hash table by (daddr,family,reqid) to find what SAs exist for given
42       destination/tunnel endpoint. (output)
43  */
44
45 static DEFINE_SPINLOCK(xfrm_state_lock);
46
47 /* Hash table to find appropriate SA towards given target (endpoint
48  * of tunnel or destination of transport mode) allowed by selector.
49  *
50  * Main use is finding SA after policy selected tunnel or transport mode.
51  * Also, it can be used by ah/esp icmp error handler to find offending SA.
52  */
53 static LIST_HEAD(xfrm_state_all);
54 static struct hlist_head *xfrm_state_bydst __read_mostly;
55 static struct hlist_head *xfrm_state_bysrc __read_mostly;
56 static struct hlist_head *xfrm_state_byspi __read_mostly;
57 static unsigned int xfrm_state_hmask __read_mostly;
58 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
59 static unsigned int xfrm_state_num;
60 static unsigned int xfrm_state_genid;
61
62 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
63 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
64
65 #ifdef CONFIG_AUDITSYSCALL
66 static void xfrm_audit_state_replay(struct xfrm_state *x,
67                                     struct sk_buff *skb, __be32 net_seq);
68 #else
69 #define xfrm_audit_state_replay(x, s, sq)       do { ; } while (0)
70 #endif /* CONFIG_AUDITSYSCALL */
71
72 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
73                                          xfrm_address_t *saddr,
74                                          u32 reqid,
75                                          unsigned short family)
76 {
77         return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
78 }
79
80 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
81                                          xfrm_address_t *saddr,
82                                          unsigned short family)
83 {
84         return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
85 }
86
87 static inline unsigned int
88 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
89 {
90         return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
91 }
92
93 static void xfrm_hash_transfer(struct hlist_head *list,
94                                struct hlist_head *ndsttable,
95                                struct hlist_head *nsrctable,
96                                struct hlist_head *nspitable,
97                                unsigned int nhashmask)
98 {
99         struct hlist_node *entry, *tmp;
100         struct xfrm_state *x;
101
102         hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
103                 unsigned int h;
104
105                 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
106                                     x->props.reqid, x->props.family,
107                                     nhashmask);
108                 hlist_add_head(&x->bydst, ndsttable+h);
109
110                 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
111                                     x->props.family,
112                                     nhashmask);
113                 hlist_add_head(&x->bysrc, nsrctable+h);
114
115                 if (x->id.spi) {
116                         h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
117                                             x->id.proto, x->props.family,
118                                             nhashmask);
119                         hlist_add_head(&x->byspi, nspitable+h);
120                 }
121         }
122 }
123
124 static unsigned long xfrm_hash_new_size(void)
125 {
126         return ((xfrm_state_hmask + 1) << 1) *
127                 sizeof(struct hlist_head);
128 }
129
130 static DEFINE_MUTEX(hash_resize_mutex);
131
132 static void xfrm_hash_resize(struct work_struct *__unused)
133 {
134         struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
135         unsigned long nsize, osize;
136         unsigned int nhashmask, ohashmask;
137         int i;
138
139         mutex_lock(&hash_resize_mutex);
140
141         nsize = xfrm_hash_new_size();
142         ndst = xfrm_hash_alloc(nsize);
143         if (!ndst)
144                 goto out_unlock;
145         nsrc = xfrm_hash_alloc(nsize);
146         if (!nsrc) {
147                 xfrm_hash_free(ndst, nsize);
148                 goto out_unlock;
149         }
150         nspi = xfrm_hash_alloc(nsize);
151         if (!nspi) {
152                 xfrm_hash_free(ndst, nsize);
153                 xfrm_hash_free(nsrc, nsize);
154                 goto out_unlock;
155         }
156
157         spin_lock_bh(&xfrm_state_lock);
158
159         nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
160         for (i = xfrm_state_hmask; i >= 0; i--)
161                 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
162                                    nhashmask);
163
164         odst = xfrm_state_bydst;
165         osrc = xfrm_state_bysrc;
166         ospi = xfrm_state_byspi;
167         ohashmask = xfrm_state_hmask;
168
169         xfrm_state_bydst = ndst;
170         xfrm_state_bysrc = nsrc;
171         xfrm_state_byspi = nspi;
172         xfrm_state_hmask = nhashmask;
173
174         spin_unlock_bh(&xfrm_state_lock);
175
176         osize = (ohashmask + 1) * sizeof(struct hlist_head);
177         xfrm_hash_free(odst, osize);
178         xfrm_hash_free(osrc, osize);
179         xfrm_hash_free(ospi, osize);
180
181 out_unlock:
182         mutex_unlock(&hash_resize_mutex);
183 }
184
185 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
186
187 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
188 EXPORT_SYMBOL(km_waitq);
189
190 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
191 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
192
193 static struct work_struct xfrm_state_gc_work;
194 static HLIST_HEAD(xfrm_state_gc_list);
195 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
196
197 int __xfrm_state_delete(struct xfrm_state *x);
198
199 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
200 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
201
202 static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
203 {
204         struct xfrm_state_afinfo *afinfo;
205         if (unlikely(family >= NPROTO))
206                 return NULL;
207         write_lock_bh(&xfrm_state_afinfo_lock);
208         afinfo = xfrm_state_afinfo[family];
209         if (unlikely(!afinfo))
210                 write_unlock_bh(&xfrm_state_afinfo_lock);
211         return afinfo;
212 }
213
214 static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
215         __releases(xfrm_state_afinfo_lock)
216 {
217         write_unlock_bh(&xfrm_state_afinfo_lock);
218 }
219
220 int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
221 {
222         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
223         const struct xfrm_type **typemap;
224         int err = 0;
225
226         if (unlikely(afinfo == NULL))
227                 return -EAFNOSUPPORT;
228         typemap = afinfo->type_map;
229
230         if (likely(typemap[type->proto] == NULL))
231                 typemap[type->proto] = type;
232         else
233                 err = -EEXIST;
234         xfrm_state_unlock_afinfo(afinfo);
235         return err;
236 }
237 EXPORT_SYMBOL(xfrm_register_type);
238
239 int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
240 {
241         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
242         const struct xfrm_type **typemap;
243         int err = 0;
244
245         if (unlikely(afinfo == NULL))
246                 return -EAFNOSUPPORT;
247         typemap = afinfo->type_map;
248
249         if (unlikely(typemap[type->proto] != type))
250                 err = -ENOENT;
251         else
252                 typemap[type->proto] = NULL;
253         xfrm_state_unlock_afinfo(afinfo);
254         return err;
255 }
256 EXPORT_SYMBOL(xfrm_unregister_type);
257
258 static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
259 {
260         struct xfrm_state_afinfo *afinfo;
261         const struct xfrm_type **typemap;
262         const struct xfrm_type *type;
263         int modload_attempted = 0;
264
265 retry:
266         afinfo = xfrm_state_get_afinfo(family);
267         if (unlikely(afinfo == NULL))
268                 return NULL;
269         typemap = afinfo->type_map;
270
271         type = typemap[proto];
272         if (unlikely(type && !try_module_get(type->owner)))
273                 type = NULL;
274         if (!type && !modload_attempted) {
275                 xfrm_state_put_afinfo(afinfo);
276                 request_module("xfrm-type-%d-%d", family, proto);
277                 modload_attempted = 1;
278                 goto retry;
279         }
280
281         xfrm_state_put_afinfo(afinfo);
282         return type;
283 }
284
285 static void xfrm_put_type(const struct xfrm_type *type)
286 {
287         module_put(type->owner);
288 }
289
290 int xfrm_register_mode(struct xfrm_mode *mode, int family)
291 {
292         struct xfrm_state_afinfo *afinfo;
293         struct xfrm_mode **modemap;
294         int err;
295
296         if (unlikely(mode->encap >= XFRM_MODE_MAX))
297                 return -EINVAL;
298
299         afinfo = xfrm_state_lock_afinfo(family);
300         if (unlikely(afinfo == NULL))
301                 return -EAFNOSUPPORT;
302
303         err = -EEXIST;
304         modemap = afinfo->mode_map;
305         if (modemap[mode->encap])
306                 goto out;
307
308         err = -ENOENT;
309         if (!try_module_get(afinfo->owner))
310                 goto out;
311
312         mode->afinfo = afinfo;
313         modemap[mode->encap] = mode;
314         err = 0;
315
316 out:
317         xfrm_state_unlock_afinfo(afinfo);
318         return err;
319 }
320 EXPORT_SYMBOL(xfrm_register_mode);
321
322 int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
323 {
324         struct xfrm_state_afinfo *afinfo;
325         struct xfrm_mode **modemap;
326         int err;
327
328         if (unlikely(mode->encap >= XFRM_MODE_MAX))
329                 return -EINVAL;
330
331         afinfo = xfrm_state_lock_afinfo(family);
332         if (unlikely(afinfo == NULL))
333                 return -EAFNOSUPPORT;
334
335         err = -ENOENT;
336         modemap = afinfo->mode_map;
337         if (likely(modemap[mode->encap] == mode)) {
338                 modemap[mode->encap] = NULL;
339                 module_put(mode->afinfo->owner);
340                 err = 0;
341         }
342
343         xfrm_state_unlock_afinfo(afinfo);
344         return err;
345 }
346 EXPORT_SYMBOL(xfrm_unregister_mode);
347
348 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
349 {
350         struct xfrm_state_afinfo *afinfo;
351         struct xfrm_mode *mode;
352         int modload_attempted = 0;
353
354         if (unlikely(encap >= XFRM_MODE_MAX))
355                 return NULL;
356
357 retry:
358         afinfo = xfrm_state_get_afinfo(family);
359         if (unlikely(afinfo == NULL))
360                 return NULL;
361
362         mode = afinfo->mode_map[encap];
363         if (unlikely(mode && !try_module_get(mode->owner)))
364                 mode = NULL;
365         if (!mode && !modload_attempted) {
366                 xfrm_state_put_afinfo(afinfo);
367                 request_module("xfrm-mode-%d-%d", family, encap);
368                 modload_attempted = 1;
369                 goto retry;
370         }
371
372         xfrm_state_put_afinfo(afinfo);
373         return mode;
374 }
375
376 static void xfrm_put_mode(struct xfrm_mode *mode)
377 {
378         module_put(mode->owner);
379 }
380
381 static void xfrm_state_gc_destroy(struct xfrm_state *x)
382 {
383         del_timer_sync(&x->timer);
384         del_timer_sync(&x->rtimer);
385         kfree(x->aalg);
386         kfree(x->ealg);
387         kfree(x->calg);
388         kfree(x->encap);
389         kfree(x->coaddr);
390         if (x->inner_mode)
391                 xfrm_put_mode(x->inner_mode);
392         if (x->inner_mode_iaf)
393                 xfrm_put_mode(x->inner_mode_iaf);
394         if (x->outer_mode)
395                 xfrm_put_mode(x->outer_mode);
396         if (x->type) {
397                 x->type->destructor(x);
398                 xfrm_put_type(x->type);
399         }
400         security_xfrm_state_free(x);
401         kfree(x);
402 }
403
404 static void xfrm_state_gc_task(struct work_struct *data)
405 {
406         struct xfrm_state *x;
407         struct hlist_node *entry, *tmp;
408         struct hlist_head gc_list;
409
410         spin_lock_bh(&xfrm_state_gc_lock);
411         gc_list.first = xfrm_state_gc_list.first;
412         INIT_HLIST_HEAD(&xfrm_state_gc_list);
413         spin_unlock_bh(&xfrm_state_gc_lock);
414
415         hlist_for_each_entry_safe(x, entry, tmp, &gc_list, bydst)
416                 xfrm_state_gc_destroy(x);
417
418         wake_up(&km_waitq);
419 }
420
421 static inline unsigned long make_jiffies(long secs)
422 {
423         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
424                 return MAX_SCHEDULE_TIMEOUT-1;
425         else
426                 return secs*HZ;
427 }
428
429 static void xfrm_timer_handler(unsigned long data)
430 {
431         struct xfrm_state *x = (struct xfrm_state*)data;
432         unsigned long now = get_seconds();
433         long next = LONG_MAX;
434         int warn = 0;
435         int err = 0;
436
437         spin_lock(&x->lock);
438         if (x->km.state == XFRM_STATE_DEAD)
439                 goto out;
440         if (x->km.state == XFRM_STATE_EXPIRED)
441                 goto expired;
442         if (x->lft.hard_add_expires_seconds) {
443                 long tmo = x->lft.hard_add_expires_seconds +
444                         x->curlft.add_time - now;
445                 if (tmo <= 0)
446                         goto expired;
447                 if (tmo < next)
448                         next = tmo;
449         }
450         if (x->lft.hard_use_expires_seconds) {
451                 long tmo = x->lft.hard_use_expires_seconds +
452                         (x->curlft.use_time ? : now) - now;
453                 if (tmo <= 0)
454                         goto expired;
455                 if (tmo < next)
456                         next = tmo;
457         }
458         if (x->km.dying)
459                 goto resched;
460         if (x->lft.soft_add_expires_seconds) {
461                 long tmo = x->lft.soft_add_expires_seconds +
462                         x->curlft.add_time - now;
463                 if (tmo <= 0)
464                         warn = 1;
465                 else if (tmo < next)
466                         next = tmo;
467         }
468         if (x->lft.soft_use_expires_seconds) {
469                 long tmo = x->lft.soft_use_expires_seconds +
470                         (x->curlft.use_time ? : now) - now;
471                 if (tmo <= 0)
472                         warn = 1;
473                 else if (tmo < next)
474                         next = tmo;
475         }
476
477         x->km.dying = warn;
478         if (warn)
479                 km_state_expired(x, 0, 0);
480 resched:
481         if (next != LONG_MAX)
482                 mod_timer(&x->timer, jiffies + make_jiffies(next));
483
484         goto out;
485
486 expired:
487         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
488                 x->km.state = XFRM_STATE_EXPIRED;
489                 wake_up(&km_waitq);
490                 next = 2;
491                 goto resched;
492         }
493
494         err = __xfrm_state_delete(x);
495         if (!err && x->id.spi)
496                 km_state_expired(x, 1, 0);
497
498         xfrm_audit_state_delete(x, err ? 0 : 1,
499                                 audit_get_loginuid(current), 0);
500
501 out:
502         spin_unlock(&x->lock);
503 }
504
505 static void xfrm_replay_timer_handler(unsigned long data);
506
507 struct xfrm_state *xfrm_state_alloc(void)
508 {
509         struct xfrm_state *x;
510
511         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
512
513         if (x) {
514                 atomic_set(&x->refcnt, 1);
515                 atomic_set(&x->tunnel_users, 0);
516                 INIT_LIST_HEAD(&x->all);
517                 INIT_HLIST_NODE(&x->bydst);
518                 INIT_HLIST_NODE(&x->bysrc);
519                 INIT_HLIST_NODE(&x->byspi);
520                 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
521                 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
522                                 (unsigned long)x);
523                 x->curlft.add_time = get_seconds();
524                 x->lft.soft_byte_limit = XFRM_INF;
525                 x->lft.soft_packet_limit = XFRM_INF;
526                 x->lft.hard_byte_limit = XFRM_INF;
527                 x->lft.hard_packet_limit = XFRM_INF;
528                 x->replay_maxage = 0;
529                 x->replay_maxdiff = 0;
530                 x->inner_mode = NULL;
531                 x->inner_mode_iaf = NULL;
532                 spin_lock_init(&x->lock);
533         }
534         return x;
535 }
536 EXPORT_SYMBOL(xfrm_state_alloc);
537
538 void __xfrm_state_destroy(struct xfrm_state *x)
539 {
540         BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
541
542         spin_lock_bh(&xfrm_state_lock);
543         list_del(&x->all);
544         spin_unlock_bh(&xfrm_state_lock);
545
546         spin_lock_bh(&xfrm_state_gc_lock);
547         hlist_add_head(&x->bydst, &xfrm_state_gc_list);
548         spin_unlock_bh(&xfrm_state_gc_lock);
549         schedule_work(&xfrm_state_gc_work);
550 }
551 EXPORT_SYMBOL(__xfrm_state_destroy);
552
553 int __xfrm_state_delete(struct xfrm_state *x)
554 {
555         int err = -ESRCH;
556
557         if (x->km.state != XFRM_STATE_DEAD) {
558                 x->km.state = XFRM_STATE_DEAD;
559                 spin_lock(&xfrm_state_lock);
560                 hlist_del(&x->bydst);
561                 hlist_del(&x->bysrc);
562                 if (x->id.spi)
563                         hlist_del(&x->byspi);
564                 xfrm_state_num--;
565                 spin_unlock(&xfrm_state_lock);
566
567                 /* All xfrm_state objects are created by xfrm_state_alloc.
568                  * The xfrm_state_alloc call gives a reference, and that
569                  * is what we are dropping here.
570                  */
571                 xfrm_state_put(x);
572                 err = 0;
573         }
574
575         return err;
576 }
577 EXPORT_SYMBOL(__xfrm_state_delete);
578
579 int xfrm_state_delete(struct xfrm_state *x)
580 {
581         int err;
582
583         spin_lock_bh(&x->lock);
584         err = __xfrm_state_delete(x);
585         spin_unlock_bh(&x->lock);
586
587         return err;
588 }
589 EXPORT_SYMBOL(xfrm_state_delete);
590
591 #ifdef CONFIG_SECURITY_NETWORK_XFRM
592 static inline int
593 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
594 {
595         int i, err = 0;
596
597         for (i = 0; i <= xfrm_state_hmask; i++) {
598                 struct hlist_node *entry;
599                 struct xfrm_state *x;
600
601                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
602                         if (xfrm_id_proto_match(x->id.proto, proto) &&
603                            (err = security_xfrm_state_delete(x)) != 0) {
604                                 xfrm_audit_state_delete(x, 0,
605                                                         audit_info->loginuid,
606                                                         audit_info->secid);
607                                 return err;
608                         }
609                 }
610         }
611
612         return err;
613 }
614 #else
615 static inline int
616 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
617 {
618         return 0;
619 }
620 #endif
621
622 int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
623 {
624         int i, err = 0;
625
626         spin_lock_bh(&xfrm_state_lock);
627         err = xfrm_state_flush_secctx_check(proto, audit_info);
628         if (err)
629                 goto out;
630
631         for (i = 0; i <= xfrm_state_hmask; i++) {
632                 struct hlist_node *entry;
633                 struct xfrm_state *x;
634 restart:
635                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
636                         if (!xfrm_state_kern(x) &&
637                             xfrm_id_proto_match(x->id.proto, proto)) {
638                                 xfrm_state_hold(x);
639                                 spin_unlock_bh(&xfrm_state_lock);
640
641                                 err = xfrm_state_delete(x);
642                                 xfrm_audit_state_delete(x, err ? 0 : 1,
643                                                         audit_info->loginuid,
644                                                         audit_info->secid);
645                                 xfrm_state_put(x);
646
647                                 spin_lock_bh(&xfrm_state_lock);
648                                 goto restart;
649                         }
650                 }
651         }
652         err = 0;
653
654 out:
655         spin_unlock_bh(&xfrm_state_lock);
656         wake_up(&km_waitq);
657         return err;
658 }
659 EXPORT_SYMBOL(xfrm_state_flush);
660
661 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
662 {
663         spin_lock_bh(&xfrm_state_lock);
664         si->sadcnt = xfrm_state_num;
665         si->sadhcnt = xfrm_state_hmask;
666         si->sadhmcnt = xfrm_state_hashmax;
667         spin_unlock_bh(&xfrm_state_lock);
668 }
669 EXPORT_SYMBOL(xfrm_sad_getinfo);
670
671 static int
672 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
673                   struct xfrm_tmpl *tmpl,
674                   xfrm_address_t *daddr, xfrm_address_t *saddr,
675                   unsigned short family)
676 {
677         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
678         if (!afinfo)
679                 return -1;
680         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
681         xfrm_state_put_afinfo(afinfo);
682         return 0;
683 }
684
685 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
686 {
687         unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
688         struct xfrm_state *x;
689         struct hlist_node *entry;
690
691         hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
692                 if (x->props.family != family ||
693                     x->id.spi       != spi ||
694                     x->id.proto     != proto)
695                         continue;
696
697                 switch (family) {
698                 case AF_INET:
699                         if (x->id.daddr.a4 != daddr->a4)
700                                 continue;
701                         break;
702                 case AF_INET6:
703                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
704                                              (struct in6_addr *)
705                                              x->id.daddr.a6))
706                                 continue;
707                         break;
708                 }
709
710                 xfrm_state_hold(x);
711                 return x;
712         }
713
714         return NULL;
715 }
716
717 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
718 {
719         unsigned int h = xfrm_src_hash(daddr, saddr, family);
720         struct xfrm_state *x;
721         struct hlist_node *entry;
722
723         hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
724                 if (x->props.family != family ||
725                     x->id.proto     != proto)
726                         continue;
727
728                 switch (family) {
729                 case AF_INET:
730                         if (x->id.daddr.a4 != daddr->a4 ||
731                             x->props.saddr.a4 != saddr->a4)
732                                 continue;
733                         break;
734                 case AF_INET6:
735                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
736                                              (struct in6_addr *)
737                                              x->id.daddr.a6) ||
738                             !ipv6_addr_equal((struct in6_addr *)saddr,
739                                              (struct in6_addr *)
740                                              x->props.saddr.a6))
741                                 continue;
742                         break;
743                 }
744
745                 xfrm_state_hold(x);
746                 return x;
747         }
748
749         return NULL;
750 }
751
752 static inline struct xfrm_state *
753 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
754 {
755         if (use_spi)
756                 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
757                                            x->id.proto, family);
758         else
759                 return __xfrm_state_lookup_byaddr(&x->id.daddr,
760                                                   &x->props.saddr,
761                                                   x->id.proto, family);
762 }
763
764 static void xfrm_hash_grow_check(int have_hash_collision)
765 {
766         if (have_hash_collision &&
767             (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
768             xfrm_state_num > xfrm_state_hmask)
769                 schedule_work(&xfrm_hash_work);
770 }
771
772 struct xfrm_state *
773 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
774                 struct flowi *fl, struct xfrm_tmpl *tmpl,
775                 struct xfrm_policy *pol, int *err,
776                 unsigned short family)
777 {
778         unsigned int h;
779         struct hlist_node *entry;
780         struct xfrm_state *x, *x0;
781         int acquire_in_progress = 0;
782         int error = 0;
783         struct xfrm_state *best = NULL;
784
785         spin_lock_bh(&xfrm_state_lock);
786         h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
787         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
788                 if (x->props.family == family &&
789                     x->props.reqid == tmpl->reqid &&
790                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
791                     xfrm_state_addr_check(x, daddr, saddr, family) &&
792                     tmpl->mode == x->props.mode &&
793                     tmpl->id.proto == x->id.proto &&
794                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
795                         /* Resolution logic:
796                            1. There is a valid state with matching selector.
797                               Done.
798                            2. Valid state with inappropriate selector. Skip.
799
800                            Entering area of "sysdeps".
801
802                            3. If state is not valid, selector is temporary,
803                               it selects only session which triggered
804                               previous resolution. Key manager will do
805                               something to install a state with proper
806                               selector.
807                          */
808                         if (x->km.state == XFRM_STATE_VALID) {
809                                 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
810                                     !security_xfrm_state_pol_flow_match(x, pol, fl))
811                                         continue;
812                                 if (!best ||
813                                     best->km.dying > x->km.dying ||
814                                     (best->km.dying == x->km.dying &&
815                                      best->curlft.add_time < x->curlft.add_time))
816                                         best = x;
817                         } else if (x->km.state == XFRM_STATE_ACQ) {
818                                 acquire_in_progress = 1;
819                         } else if (x->km.state == XFRM_STATE_ERROR ||
820                                    x->km.state == XFRM_STATE_EXPIRED) {
821                                 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
822                                     security_xfrm_state_pol_flow_match(x, pol, fl))
823                                         error = -ESRCH;
824                         }
825                 }
826         }
827
828         x = best;
829         if (!x && !error && !acquire_in_progress) {
830                 if (tmpl->id.spi &&
831                     (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
832                                               tmpl->id.proto, family)) != NULL) {
833                         xfrm_state_put(x0);
834                         error = -EEXIST;
835                         goto out;
836                 }
837                 x = xfrm_state_alloc();
838                 if (x == NULL) {
839                         error = -ENOMEM;
840                         goto out;
841                 }
842                 /* Initialize temporary selector matching only
843                  * to current session. */
844                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
845
846                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
847                 if (error) {
848                         x->km.state = XFRM_STATE_DEAD;
849                         xfrm_state_put(x);
850                         x = NULL;
851                         goto out;
852                 }
853
854                 if (km_query(x, tmpl, pol) == 0) {
855                         x->km.state = XFRM_STATE_ACQ;
856                         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
857                         h = xfrm_src_hash(daddr, saddr, family);
858                         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
859                         if (x->id.spi) {
860                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
861                                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
862                         }
863                         x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
864                         x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
865                         add_timer(&x->timer);
866                         xfrm_state_num++;
867                         xfrm_hash_grow_check(x->bydst.next != NULL);
868                 } else {
869                         x->km.state = XFRM_STATE_DEAD;
870                         xfrm_state_put(x);
871                         x = NULL;
872                         error = -ESRCH;
873                 }
874         }
875 out:
876         if (x)
877                 xfrm_state_hold(x);
878         else
879                 *err = acquire_in_progress ? -EAGAIN : error;
880         spin_unlock_bh(&xfrm_state_lock);
881         return x;
882 }
883
884 struct xfrm_state *
885 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
886                     unsigned short family, u8 mode, u8 proto, u32 reqid)
887 {
888         unsigned int h;
889         struct xfrm_state *rx = NULL, *x = NULL;
890         struct hlist_node *entry;
891
892         spin_lock(&xfrm_state_lock);
893         h = xfrm_dst_hash(daddr, saddr, reqid, family);
894         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
895                 if (x->props.family == family &&
896                     x->props.reqid == reqid &&
897                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
898                     xfrm_state_addr_check(x, daddr, saddr, family) &&
899                     mode == x->props.mode &&
900                     proto == x->id.proto &&
901                     x->km.state == XFRM_STATE_VALID) {
902                         rx = x;
903                         break;
904                 }
905         }
906
907         if (rx)
908                 xfrm_state_hold(rx);
909         spin_unlock(&xfrm_state_lock);
910
911
912         return rx;
913 }
914 EXPORT_SYMBOL(xfrm_stateonly_find);
915
916 static void __xfrm_state_insert(struct xfrm_state *x)
917 {
918         unsigned int h;
919
920         x->genid = ++xfrm_state_genid;
921
922         list_add_tail(&x->all, &xfrm_state_all);
923
924         h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
925                           x->props.reqid, x->props.family);
926         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
927
928         h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
929         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
930
931         if (x->id.spi) {
932                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
933                                   x->props.family);
934
935                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
936         }
937
938         mod_timer(&x->timer, jiffies + HZ);
939         if (x->replay_maxage)
940                 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
941
942         wake_up(&km_waitq);
943
944         xfrm_state_num++;
945
946         xfrm_hash_grow_check(x->bydst.next != NULL);
947 }
948
949 /* xfrm_state_lock is held */
950 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
951 {
952         unsigned short family = xnew->props.family;
953         u32 reqid = xnew->props.reqid;
954         struct xfrm_state *x;
955         struct hlist_node *entry;
956         unsigned int h;
957
958         h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
959         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
960                 if (x->props.family     == family &&
961                     x->props.reqid      == reqid &&
962                     !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
963                     !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
964                         x->genid = xfrm_state_genid;
965         }
966 }
967
968 void xfrm_state_insert(struct xfrm_state *x)
969 {
970         spin_lock_bh(&xfrm_state_lock);
971         __xfrm_state_bump_genids(x);
972         __xfrm_state_insert(x);
973         spin_unlock_bh(&xfrm_state_lock);
974 }
975 EXPORT_SYMBOL(xfrm_state_insert);
976
977 /* xfrm_state_lock is held */
978 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
979 {
980         unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
981         struct hlist_node *entry;
982         struct xfrm_state *x;
983
984         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
985                 if (x->props.reqid  != reqid ||
986                     x->props.mode   != mode ||
987                     x->props.family != family ||
988                     x->km.state     != XFRM_STATE_ACQ ||
989                     x->id.spi       != 0 ||
990                     x->id.proto     != proto)
991                         continue;
992
993                 switch (family) {
994                 case AF_INET:
995                         if (x->id.daddr.a4    != daddr->a4 ||
996                             x->props.saddr.a4 != saddr->a4)
997                                 continue;
998                         break;
999                 case AF_INET6:
1000                         if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
1001                                              (struct in6_addr *)daddr) ||
1002                             !ipv6_addr_equal((struct in6_addr *)
1003                                              x->props.saddr.a6,
1004                                              (struct in6_addr *)saddr))
1005                                 continue;
1006                         break;
1007                 }
1008
1009                 xfrm_state_hold(x);
1010                 return x;
1011         }
1012
1013         if (!create)
1014                 return NULL;
1015
1016         x = xfrm_state_alloc();
1017         if (likely(x)) {
1018                 switch (family) {
1019                 case AF_INET:
1020                         x->sel.daddr.a4 = daddr->a4;
1021                         x->sel.saddr.a4 = saddr->a4;
1022                         x->sel.prefixlen_d = 32;
1023                         x->sel.prefixlen_s = 32;
1024                         x->props.saddr.a4 = saddr->a4;
1025                         x->id.daddr.a4 = daddr->a4;
1026                         break;
1027
1028                 case AF_INET6:
1029                         ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1030                                        (struct in6_addr *)daddr);
1031                         ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1032                                        (struct in6_addr *)saddr);
1033                         x->sel.prefixlen_d = 128;
1034                         x->sel.prefixlen_s = 128;
1035                         ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1036                                        (struct in6_addr *)saddr);
1037                         ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1038                                        (struct in6_addr *)daddr);
1039                         break;
1040                 }
1041
1042                 x->km.state = XFRM_STATE_ACQ;
1043                 x->id.proto = proto;
1044                 x->props.family = family;
1045                 x->props.mode = mode;
1046                 x->props.reqid = reqid;
1047                 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
1048                 xfrm_state_hold(x);
1049                 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1050                 add_timer(&x->timer);
1051                 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
1052                 h = xfrm_src_hash(daddr, saddr, family);
1053                 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1054
1055                 xfrm_state_num++;
1056
1057                 xfrm_hash_grow_check(x->bydst.next != NULL);
1058         }
1059
1060         return x;
1061 }
1062
1063 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1064
1065 int xfrm_state_add(struct xfrm_state *x)
1066 {
1067         struct xfrm_state *x1;
1068         int family;
1069         int err;
1070         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1071
1072         family = x->props.family;
1073
1074         spin_lock_bh(&xfrm_state_lock);
1075
1076         x1 = __xfrm_state_locate(x, use_spi, family);
1077         if (x1) {
1078                 xfrm_state_put(x1);
1079                 x1 = NULL;
1080                 err = -EEXIST;
1081                 goto out;
1082         }
1083
1084         if (use_spi && x->km.seq) {
1085                 x1 = __xfrm_find_acq_byseq(x->km.seq);
1086                 if (x1 && ((x1->id.proto != x->id.proto) ||
1087                     xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1088                         xfrm_state_put(x1);
1089                         x1 = NULL;
1090                 }
1091         }
1092
1093         if (use_spi && !x1)
1094                 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1095                                      x->id.proto,
1096                                      &x->id.daddr, &x->props.saddr, 0);
1097
1098         __xfrm_state_bump_genids(x);
1099         __xfrm_state_insert(x);
1100         err = 0;
1101
1102 out:
1103         spin_unlock_bh(&xfrm_state_lock);
1104
1105         if (x1) {
1106                 xfrm_state_delete(x1);
1107                 xfrm_state_put(x1);
1108         }
1109
1110         return err;
1111 }
1112 EXPORT_SYMBOL(xfrm_state_add);
1113
1114 #ifdef CONFIG_XFRM_MIGRATE
1115 static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1116 {
1117         int err = -ENOMEM;
1118         struct xfrm_state *x = xfrm_state_alloc();
1119         if (!x)
1120                 goto error;
1121
1122         memcpy(&x->id, &orig->id, sizeof(x->id));
1123         memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1124         memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1125         x->props.mode = orig->props.mode;
1126         x->props.replay_window = orig->props.replay_window;
1127         x->props.reqid = orig->props.reqid;
1128         x->props.family = orig->props.family;
1129         x->props.saddr = orig->props.saddr;
1130
1131         if (orig->aalg) {
1132                 x->aalg = xfrm_algo_clone(orig->aalg);
1133                 if (!x->aalg)
1134                         goto error;
1135         }
1136         x->props.aalgo = orig->props.aalgo;
1137
1138         if (orig->ealg) {
1139                 x->ealg = xfrm_algo_clone(orig->ealg);
1140                 if (!x->ealg)
1141                         goto error;
1142         }
1143         x->props.ealgo = orig->props.ealgo;
1144
1145         if (orig->calg) {
1146                 x->calg = xfrm_algo_clone(orig->calg);
1147                 if (!x->calg)
1148                         goto error;
1149         }
1150         x->props.calgo = orig->props.calgo;
1151
1152         if (orig->encap) {
1153                 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1154                 if (!x->encap)
1155                         goto error;
1156         }
1157
1158         if (orig->coaddr) {
1159                 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1160                                     GFP_KERNEL);
1161                 if (!x->coaddr)
1162                         goto error;
1163         }
1164
1165         err = xfrm_init_state(x);
1166         if (err)
1167                 goto error;
1168
1169         x->props.flags = orig->props.flags;
1170
1171         x->curlft.add_time = orig->curlft.add_time;
1172         x->km.state = orig->km.state;
1173         x->km.seq = orig->km.seq;
1174
1175         return x;
1176
1177  error:
1178         if (errp)
1179                 *errp = err;
1180         if (x) {
1181                 kfree(x->aalg);
1182                 kfree(x->ealg);
1183                 kfree(x->calg);
1184                 kfree(x->encap);
1185                 kfree(x->coaddr);
1186         }
1187         kfree(x);
1188         return NULL;
1189 }
1190
1191 /* xfrm_state_lock is held */
1192 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1193 {
1194         unsigned int h;
1195         struct xfrm_state *x;
1196         struct hlist_node *entry;
1197
1198         if (m->reqid) {
1199                 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1200                                   m->reqid, m->old_family);
1201                 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1202                         if (x->props.mode != m->mode ||
1203                             x->id.proto != m->proto)
1204                                 continue;
1205                         if (m->reqid && x->props.reqid != m->reqid)
1206                                 continue;
1207                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1208                                           m->old_family) ||
1209                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1210                                           m->old_family))
1211                                 continue;
1212                         xfrm_state_hold(x);
1213                         return x;
1214                 }
1215         } else {
1216                 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1217                                   m->old_family);
1218                 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
1219                         if (x->props.mode != m->mode ||
1220                             x->id.proto != m->proto)
1221                                 continue;
1222                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1223                                           m->old_family) ||
1224                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1225                                           m->old_family))
1226                                 continue;
1227                         xfrm_state_hold(x);
1228                         return x;
1229                 }
1230         }
1231
1232         return NULL;
1233 }
1234 EXPORT_SYMBOL(xfrm_migrate_state_find);
1235
1236 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1237                                        struct xfrm_migrate *m)
1238 {
1239         struct xfrm_state *xc;
1240         int err;
1241
1242         xc = xfrm_state_clone(x, &err);
1243         if (!xc)
1244                 return NULL;
1245
1246         memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1247         memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1248
1249         /* add state */
1250         if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1251                 /* a care is needed when the destination address of the
1252                    state is to be updated as it is a part of triplet */
1253                 xfrm_state_insert(xc);
1254         } else {
1255                 if ((err = xfrm_state_add(xc)) < 0)
1256                         goto error;
1257         }
1258
1259         return xc;
1260 error:
1261         kfree(xc);
1262         return NULL;
1263 }
1264 EXPORT_SYMBOL(xfrm_state_migrate);
1265 #endif
1266
1267 int xfrm_state_update(struct xfrm_state *x)
1268 {
1269         struct xfrm_state *x1;
1270         int err;
1271         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1272
1273         spin_lock_bh(&xfrm_state_lock);
1274         x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1275
1276         err = -ESRCH;
1277         if (!x1)
1278                 goto out;
1279
1280         if (xfrm_state_kern(x1)) {
1281                 xfrm_state_put(x1);
1282                 err = -EEXIST;
1283                 goto out;
1284         }
1285
1286         if (x1->km.state == XFRM_STATE_ACQ) {
1287                 __xfrm_state_insert(x);
1288                 x = NULL;
1289         }
1290         err = 0;
1291
1292 out:
1293         spin_unlock_bh(&xfrm_state_lock);
1294
1295         if (err)
1296                 return err;
1297
1298         if (!x) {
1299                 xfrm_state_delete(x1);
1300                 xfrm_state_put(x1);
1301                 return 0;
1302         }
1303
1304         err = -EINVAL;
1305         spin_lock_bh(&x1->lock);
1306         if (likely(x1->km.state == XFRM_STATE_VALID)) {
1307                 if (x->encap && x1->encap)
1308                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1309                 if (x->coaddr && x1->coaddr) {
1310                         memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1311                 }
1312                 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1313                         memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1314                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1315                 x1->km.dying = 0;
1316
1317                 mod_timer(&x1->timer, jiffies + HZ);
1318                 if (x1->curlft.use_time)
1319                         xfrm_state_check_expire(x1);
1320
1321                 err = 0;
1322         }
1323         spin_unlock_bh(&x1->lock);
1324
1325         xfrm_state_put(x1);
1326
1327         return err;
1328 }
1329 EXPORT_SYMBOL(xfrm_state_update);
1330
1331 int xfrm_state_check_expire(struct xfrm_state *x)
1332 {
1333         if (!x->curlft.use_time)
1334                 x->curlft.use_time = get_seconds();
1335
1336         if (x->km.state != XFRM_STATE_VALID)
1337                 return -EINVAL;
1338
1339         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1340             x->curlft.packets >= x->lft.hard_packet_limit) {
1341                 x->km.state = XFRM_STATE_EXPIRED;
1342                 mod_timer(&x->timer, jiffies);
1343                 return -EINVAL;
1344         }
1345
1346         if (!x->km.dying &&
1347             (x->curlft.bytes >= x->lft.soft_byte_limit ||
1348              x->curlft.packets >= x->lft.soft_packet_limit)) {
1349                 x->km.dying = 1;
1350                 km_state_expired(x, 0, 0);
1351         }
1352         return 0;
1353 }
1354 EXPORT_SYMBOL(xfrm_state_check_expire);
1355
1356 struct xfrm_state *
1357 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1358                   unsigned short family)
1359 {
1360         struct xfrm_state *x;
1361
1362         spin_lock_bh(&xfrm_state_lock);
1363         x = __xfrm_state_lookup(daddr, spi, proto, family);
1364         spin_unlock_bh(&xfrm_state_lock);
1365         return x;
1366 }
1367 EXPORT_SYMBOL(xfrm_state_lookup);
1368
1369 struct xfrm_state *
1370 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1371                          u8 proto, unsigned short family)
1372 {
1373         struct xfrm_state *x;
1374
1375         spin_lock_bh(&xfrm_state_lock);
1376         x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
1377         spin_unlock_bh(&xfrm_state_lock);
1378         return x;
1379 }
1380 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1381
1382 struct xfrm_state *
1383 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1384               xfrm_address_t *daddr, xfrm_address_t *saddr,
1385               int create, unsigned short family)
1386 {
1387         struct xfrm_state *x;
1388
1389         spin_lock_bh(&xfrm_state_lock);
1390         x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1391         spin_unlock_bh(&xfrm_state_lock);
1392
1393         return x;
1394 }
1395 EXPORT_SYMBOL(xfrm_find_acq);
1396
1397 #ifdef CONFIG_XFRM_SUB_POLICY
1398 int
1399 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1400                unsigned short family)
1401 {
1402         int err = 0;
1403         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1404         if (!afinfo)
1405                 return -EAFNOSUPPORT;
1406
1407         spin_lock_bh(&xfrm_state_lock);
1408         if (afinfo->tmpl_sort)
1409                 err = afinfo->tmpl_sort(dst, src, n);
1410         spin_unlock_bh(&xfrm_state_lock);
1411         xfrm_state_put_afinfo(afinfo);
1412         return err;
1413 }
1414 EXPORT_SYMBOL(xfrm_tmpl_sort);
1415
1416 int
1417 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1418                 unsigned short family)
1419 {
1420         int err = 0;
1421         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1422         if (!afinfo)
1423                 return -EAFNOSUPPORT;
1424
1425         spin_lock_bh(&xfrm_state_lock);
1426         if (afinfo->state_sort)
1427                 err = afinfo->state_sort(dst, src, n);
1428         spin_unlock_bh(&xfrm_state_lock);
1429         xfrm_state_put_afinfo(afinfo);
1430         return err;
1431 }
1432 EXPORT_SYMBOL(xfrm_state_sort);
1433 #endif
1434
1435 /* Silly enough, but I'm lazy to build resolution list */
1436
1437 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1438 {
1439         int i;
1440
1441         for (i = 0; i <= xfrm_state_hmask; i++) {
1442                 struct hlist_node *entry;
1443                 struct xfrm_state *x;
1444
1445                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1446                         if (x->km.seq == seq &&
1447                             x->km.state == XFRM_STATE_ACQ) {
1448                                 xfrm_state_hold(x);
1449                                 return x;
1450                         }
1451                 }
1452         }
1453         return NULL;
1454 }
1455
1456 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1457 {
1458         struct xfrm_state *x;
1459
1460         spin_lock_bh(&xfrm_state_lock);
1461         x = __xfrm_find_acq_byseq(seq);
1462         spin_unlock_bh(&xfrm_state_lock);
1463         return x;
1464 }
1465 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1466
1467 u32 xfrm_get_acqseq(void)
1468 {
1469         u32 res;
1470         static u32 acqseq;
1471         static DEFINE_SPINLOCK(acqseq_lock);
1472
1473         spin_lock_bh(&acqseq_lock);
1474         res = (++acqseq ? : ++acqseq);
1475         spin_unlock_bh(&acqseq_lock);
1476         return res;
1477 }
1478 EXPORT_SYMBOL(xfrm_get_acqseq);
1479
1480 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1481 {
1482         unsigned int h;
1483         struct xfrm_state *x0;
1484         int err = -ENOENT;
1485         __be32 minspi = htonl(low);
1486         __be32 maxspi = htonl(high);
1487
1488         spin_lock_bh(&x->lock);
1489         if (x->km.state == XFRM_STATE_DEAD)
1490                 goto unlock;
1491
1492         err = 0;
1493         if (x->id.spi)
1494                 goto unlock;
1495
1496         err = -ENOENT;
1497
1498         if (minspi == maxspi) {
1499                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1500                 if (x0) {
1501                         xfrm_state_put(x0);
1502                         goto unlock;
1503                 }
1504                 x->id.spi = minspi;
1505         } else {
1506                 u32 spi = 0;
1507                 for (h=0; h<high-low+1; h++) {
1508                         spi = low + net_random()%(high-low+1);
1509                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1510                         if (x0 == NULL) {
1511                                 x->id.spi = htonl(spi);
1512                                 break;
1513                         }
1514                         xfrm_state_put(x0);
1515                 }
1516         }
1517         if (x->id.spi) {
1518                 spin_lock_bh(&xfrm_state_lock);
1519                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1520                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1521                 spin_unlock_bh(&xfrm_state_lock);
1522
1523                 err = 0;
1524         }
1525
1526 unlock:
1527         spin_unlock_bh(&x->lock);
1528
1529         return err;
1530 }
1531 EXPORT_SYMBOL(xfrm_alloc_spi);
1532
1533 int xfrm_state_walk(struct xfrm_state_walk *walk,
1534                     int (*func)(struct xfrm_state *, int, void*),
1535                     void *data)
1536 {
1537         struct xfrm_state *old, *x, *last = NULL;
1538         int err = 0;
1539
1540         if (walk->state == NULL && walk->count != 0)
1541                 return 0;
1542
1543         old = x = walk->state;
1544         walk->state = NULL;
1545         spin_lock_bh(&xfrm_state_lock);
1546         if (x == NULL)
1547                 x = list_first_entry(&xfrm_state_all, struct xfrm_state, all);
1548         list_for_each_entry_from(x, &xfrm_state_all, all) {
1549                 if (x->km.state == XFRM_STATE_DEAD)
1550                         continue;
1551                 if (!xfrm_id_proto_match(x->id.proto, walk->proto))
1552                         continue;
1553                 if (last) {
1554                         err = func(last, walk->count, data);
1555                         if (err) {
1556                                 xfrm_state_hold(last);
1557                                 walk->state = last;
1558                                 goto out;
1559                         }
1560                 }
1561                 last = x;
1562                 walk->count++;
1563         }
1564         if (walk->count == 0) {
1565                 err = -ENOENT;
1566                 goto out;
1567         }
1568         if (last)
1569                 err = func(last, 0, data);
1570 out:
1571         spin_unlock_bh(&xfrm_state_lock);
1572         if (old != NULL)
1573                 xfrm_state_put(old);
1574         return err;
1575 }
1576 EXPORT_SYMBOL(xfrm_state_walk);
1577
1578
1579 void xfrm_replay_notify(struct xfrm_state *x, int event)
1580 {
1581         struct km_event c;
1582         /* we send notify messages in case
1583          *  1. we updated on of the sequence numbers, and the seqno difference
1584          *     is at least x->replay_maxdiff, in this case we also update the
1585          *     timeout of our timer function
1586          *  2. if x->replay_maxage has elapsed since last update,
1587          *     and there were changes
1588          *
1589          *  The state structure must be locked!
1590          */
1591
1592         switch (event) {
1593         case XFRM_REPLAY_UPDATE:
1594                 if (x->replay_maxdiff &&
1595                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1596                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1597                         if (x->xflags & XFRM_TIME_DEFER)
1598                                 event = XFRM_REPLAY_TIMEOUT;
1599                         else
1600                                 return;
1601                 }
1602
1603                 break;
1604
1605         case XFRM_REPLAY_TIMEOUT:
1606                 if ((x->replay.seq == x->preplay.seq) &&
1607                     (x->replay.bitmap == x->preplay.bitmap) &&
1608                     (x->replay.oseq == x->preplay.oseq)) {
1609                         x->xflags |= XFRM_TIME_DEFER;
1610                         return;
1611                 }
1612
1613                 break;
1614         }
1615
1616         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1617         c.event = XFRM_MSG_NEWAE;
1618         c.data.aevent = event;
1619         km_state_notify(x, &c);
1620
1621         if (x->replay_maxage &&
1622             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1623                 x->xflags &= ~XFRM_TIME_DEFER;
1624 }
1625
1626 static void xfrm_replay_timer_handler(unsigned long data)
1627 {
1628         struct xfrm_state *x = (struct xfrm_state*)data;
1629
1630         spin_lock(&x->lock);
1631
1632         if (x->km.state == XFRM_STATE_VALID) {
1633                 if (xfrm_aevent_is_on())
1634                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1635                 else
1636                         x->xflags |= XFRM_TIME_DEFER;
1637         }
1638
1639         spin_unlock(&x->lock);
1640 }
1641
1642 int xfrm_replay_check(struct xfrm_state *x,
1643                       struct sk_buff *skb, __be32 net_seq)
1644 {
1645         u32 diff;
1646         u32 seq = ntohl(net_seq);
1647
1648         if (unlikely(seq == 0))
1649                 goto err;
1650
1651         if (likely(seq > x->replay.seq))
1652                 return 0;
1653
1654         diff = x->replay.seq - seq;
1655         if (diff >= min_t(unsigned int, x->props.replay_window,
1656                           sizeof(x->replay.bitmap) * 8)) {
1657                 x->stats.replay_window++;
1658                 goto err;
1659         }
1660
1661         if (x->replay.bitmap & (1U << diff)) {
1662                 x->stats.replay++;
1663                 goto err;
1664         }
1665         return 0;
1666
1667 err:
1668         xfrm_audit_state_replay(x, skb, net_seq);
1669         return -EINVAL;
1670 }
1671
1672 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1673 {
1674         u32 diff;
1675         u32 seq = ntohl(net_seq);
1676
1677         if (seq > x->replay.seq) {
1678                 diff = seq - x->replay.seq;
1679                 if (diff < x->props.replay_window)
1680                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1681                 else
1682                         x->replay.bitmap = 1;
1683                 x->replay.seq = seq;
1684         } else {
1685                 diff = x->replay.seq - seq;
1686                 x->replay.bitmap |= (1U << diff);
1687         }
1688
1689         if (xfrm_aevent_is_on())
1690                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1691 }
1692
1693 static LIST_HEAD(xfrm_km_list);
1694 static DEFINE_RWLOCK(xfrm_km_lock);
1695
1696 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1697 {
1698         struct xfrm_mgr *km;
1699
1700         read_lock(&xfrm_km_lock);
1701         list_for_each_entry(km, &xfrm_km_list, list)
1702                 if (km->notify_policy)
1703                         km->notify_policy(xp, dir, c);
1704         read_unlock(&xfrm_km_lock);
1705 }
1706
1707 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1708 {
1709         struct xfrm_mgr *km;
1710         read_lock(&xfrm_km_lock);
1711         list_for_each_entry(km, &xfrm_km_list, list)
1712                 if (km->notify)
1713                         km->notify(x, c);
1714         read_unlock(&xfrm_km_lock);
1715 }
1716
1717 EXPORT_SYMBOL(km_policy_notify);
1718 EXPORT_SYMBOL(km_state_notify);
1719
1720 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1721 {
1722         struct km_event c;
1723
1724         c.data.hard = hard;
1725         c.pid = pid;
1726         c.event = XFRM_MSG_EXPIRE;
1727         km_state_notify(x, &c);
1728
1729         if (hard)
1730                 wake_up(&km_waitq);
1731 }
1732
1733 EXPORT_SYMBOL(km_state_expired);
1734 /*
1735  * We send to all registered managers regardless of failure
1736  * We are happy with one success
1737 */
1738 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1739 {
1740         int err = -EINVAL, acqret;
1741         struct xfrm_mgr *km;
1742
1743         read_lock(&xfrm_km_lock);
1744         list_for_each_entry(km, &xfrm_km_list, list) {
1745                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1746                 if (!acqret)
1747                         err = acqret;
1748         }
1749         read_unlock(&xfrm_km_lock);
1750         return err;
1751 }
1752 EXPORT_SYMBOL(km_query);
1753
1754 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1755 {
1756         int err = -EINVAL;
1757         struct xfrm_mgr *km;
1758
1759         read_lock(&xfrm_km_lock);
1760         list_for_each_entry(km, &xfrm_km_list, list) {
1761                 if (km->new_mapping)
1762                         err = km->new_mapping(x, ipaddr, sport);
1763                 if (!err)
1764                         break;
1765         }
1766         read_unlock(&xfrm_km_lock);
1767         return err;
1768 }
1769 EXPORT_SYMBOL(km_new_mapping);
1770
1771 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1772 {
1773         struct km_event c;
1774
1775         c.data.hard = hard;
1776         c.pid = pid;
1777         c.event = XFRM_MSG_POLEXPIRE;
1778         km_policy_notify(pol, dir, &c);
1779
1780         if (hard)
1781                 wake_up(&km_waitq);
1782 }
1783 EXPORT_SYMBOL(km_policy_expired);
1784
1785 #ifdef CONFIG_XFRM_MIGRATE
1786 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1787                struct xfrm_migrate *m, int num_migrate)
1788 {
1789         int err = -EINVAL;
1790         int ret;
1791         struct xfrm_mgr *km;
1792
1793         read_lock(&xfrm_km_lock);
1794         list_for_each_entry(km, &xfrm_km_list, list) {
1795                 if (km->migrate) {
1796                         ret = km->migrate(sel, dir, type, m, num_migrate);
1797                         if (!ret)
1798                                 err = ret;
1799                 }
1800         }
1801         read_unlock(&xfrm_km_lock);
1802         return err;
1803 }
1804 EXPORT_SYMBOL(km_migrate);
1805 #endif
1806
1807 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1808 {
1809         int err = -EINVAL;
1810         int ret;
1811         struct xfrm_mgr *km;
1812
1813         read_lock(&xfrm_km_lock);
1814         list_for_each_entry(km, &xfrm_km_list, list) {
1815                 if (km->report) {
1816                         ret = km->report(proto, sel, addr);
1817                         if (!ret)
1818                                 err = ret;
1819                 }
1820         }
1821         read_unlock(&xfrm_km_lock);
1822         return err;
1823 }
1824 EXPORT_SYMBOL(km_report);
1825
1826 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1827 {
1828         int err;
1829         u8 *data;
1830         struct xfrm_mgr *km;
1831         struct xfrm_policy *pol = NULL;
1832
1833         if (optlen <= 0 || optlen > PAGE_SIZE)
1834                 return -EMSGSIZE;
1835
1836         data = kmalloc(optlen, GFP_KERNEL);
1837         if (!data)
1838                 return -ENOMEM;
1839
1840         err = -EFAULT;
1841         if (copy_from_user(data, optval, optlen))
1842                 goto out;
1843
1844         err = -EINVAL;
1845         read_lock(&xfrm_km_lock);
1846         list_for_each_entry(km, &xfrm_km_list, list) {
1847                 pol = km->compile_policy(sk, optname, data,
1848                                          optlen, &err);
1849                 if (err >= 0)
1850                         break;
1851         }
1852         read_unlock(&xfrm_km_lock);
1853
1854         if (err >= 0) {
1855                 xfrm_sk_policy_insert(sk, err, pol);
1856                 xfrm_pol_put(pol);
1857                 err = 0;
1858         }
1859
1860 out:
1861         kfree(data);
1862         return err;
1863 }
1864 EXPORT_SYMBOL(xfrm_user_policy);
1865
1866 int xfrm_register_km(struct xfrm_mgr *km)
1867 {
1868         write_lock_bh(&xfrm_km_lock);
1869         list_add_tail(&km->list, &xfrm_km_list);
1870         write_unlock_bh(&xfrm_km_lock);
1871         return 0;
1872 }
1873 EXPORT_SYMBOL(xfrm_register_km);
1874
1875 int xfrm_unregister_km(struct xfrm_mgr *km)
1876 {
1877         write_lock_bh(&xfrm_km_lock);
1878         list_del(&km->list);
1879         write_unlock_bh(&xfrm_km_lock);
1880         return 0;
1881 }
1882 EXPORT_SYMBOL(xfrm_unregister_km);
1883
1884 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1885 {
1886         int err = 0;
1887         if (unlikely(afinfo == NULL))
1888                 return -EINVAL;
1889         if (unlikely(afinfo->family >= NPROTO))
1890                 return -EAFNOSUPPORT;
1891         write_lock_bh(&xfrm_state_afinfo_lock);
1892         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1893                 err = -ENOBUFS;
1894         else
1895                 xfrm_state_afinfo[afinfo->family] = afinfo;
1896         write_unlock_bh(&xfrm_state_afinfo_lock);
1897         return err;
1898 }
1899 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1900
1901 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1902 {
1903         int err = 0;
1904         if (unlikely(afinfo == NULL))
1905                 return -EINVAL;
1906         if (unlikely(afinfo->family >= NPROTO))
1907                 return -EAFNOSUPPORT;
1908         write_lock_bh(&xfrm_state_afinfo_lock);
1909         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1910                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1911                         err = -EINVAL;
1912                 else
1913                         xfrm_state_afinfo[afinfo->family] = NULL;
1914         }
1915         write_unlock_bh(&xfrm_state_afinfo_lock);
1916         return err;
1917 }
1918 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1919
1920 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1921 {
1922         struct xfrm_state_afinfo *afinfo;
1923         if (unlikely(family >= NPROTO))
1924                 return NULL;
1925         read_lock(&xfrm_state_afinfo_lock);
1926         afinfo = xfrm_state_afinfo[family];
1927         if (unlikely(!afinfo))
1928                 read_unlock(&xfrm_state_afinfo_lock);
1929         return afinfo;
1930 }
1931
1932 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1933         __releases(xfrm_state_afinfo_lock)
1934 {
1935         read_unlock(&xfrm_state_afinfo_lock);
1936 }
1937
1938 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1939 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1940 {
1941         if (x->tunnel) {
1942                 struct xfrm_state *t = x->tunnel;
1943
1944                 if (atomic_read(&t->tunnel_users) == 2)
1945                         xfrm_state_delete(t);
1946                 atomic_dec(&t->tunnel_users);
1947                 xfrm_state_put(t);
1948                 x->tunnel = NULL;
1949         }
1950 }
1951 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1952
1953 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1954 {
1955         int res;
1956
1957         spin_lock_bh(&x->lock);
1958         if (x->km.state == XFRM_STATE_VALID &&
1959             x->type && x->type->get_mtu)
1960                 res = x->type->get_mtu(x, mtu);
1961         else
1962                 res = mtu - x->props.header_len;
1963         spin_unlock_bh(&x->lock);
1964         return res;
1965 }
1966
1967 int xfrm_init_state(struct xfrm_state *x)
1968 {
1969         struct xfrm_state_afinfo *afinfo;
1970         struct xfrm_mode *inner_mode;
1971         int family = x->props.family;
1972         int err;
1973
1974         err = -EAFNOSUPPORT;
1975         afinfo = xfrm_state_get_afinfo(family);
1976         if (!afinfo)
1977                 goto error;
1978
1979         err = 0;
1980         if (afinfo->init_flags)
1981                 err = afinfo->init_flags(x);
1982
1983         xfrm_state_put_afinfo(afinfo);
1984
1985         if (err)
1986                 goto error;
1987
1988         err = -EPROTONOSUPPORT;
1989
1990         if (x->sel.family != AF_UNSPEC) {
1991                 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
1992                 if (inner_mode == NULL)
1993                         goto error;
1994
1995                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
1996                     family != x->sel.family) {
1997                         xfrm_put_mode(inner_mode);
1998                         goto error;
1999                 }
2000
2001                 x->inner_mode = inner_mode;
2002         } else {
2003                 struct xfrm_mode *inner_mode_iaf;
2004
2005                 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2006                 if (inner_mode == NULL)
2007                         goto error;
2008
2009                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2010                         xfrm_put_mode(inner_mode);
2011                         goto error;
2012                 }
2013
2014                 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2015                 if (inner_mode_iaf == NULL)
2016                         goto error;
2017
2018                 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2019                         xfrm_put_mode(inner_mode_iaf);
2020                         goto error;
2021                 }
2022
2023                 if (x->props.family == AF_INET) {
2024                         x->inner_mode = inner_mode;
2025                         x->inner_mode_iaf = inner_mode_iaf;
2026                 } else {
2027                         x->inner_mode = inner_mode_iaf;
2028                         x->inner_mode_iaf = inner_mode;
2029                 }
2030         }
2031
2032         x->type = xfrm_get_type(x->id.proto, family);
2033         if (x->type == NULL)
2034                 goto error;
2035
2036         err = x->type->init_state(x);
2037         if (err)
2038                 goto error;
2039
2040         x->outer_mode = xfrm_get_mode(x->props.mode, family);
2041         if (x->outer_mode == NULL)
2042                 goto error;
2043
2044         x->km.state = XFRM_STATE_VALID;
2045
2046 error:
2047         return err;
2048 }
2049
2050 EXPORT_SYMBOL(xfrm_init_state);
2051
2052 void __init xfrm_state_init(void)
2053 {
2054         unsigned int sz;
2055
2056         sz = sizeof(struct hlist_head) * 8;
2057
2058         xfrm_state_bydst = xfrm_hash_alloc(sz);
2059         xfrm_state_bysrc = xfrm_hash_alloc(sz);
2060         xfrm_state_byspi = xfrm_hash_alloc(sz);
2061         if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
2062                 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
2063         xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2064
2065         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
2066 }
2067
2068 #ifdef CONFIG_AUDITSYSCALL
2069 static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2070                                      struct audit_buffer *audit_buf)
2071 {
2072         struct xfrm_sec_ctx *ctx = x->security;
2073         u32 spi = ntohl(x->id.spi);
2074
2075         if (ctx)
2076                 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2077                                  ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2078
2079         switch(x->props.family) {
2080         case AF_INET:
2081                 audit_log_format(audit_buf,
2082                                  " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2083                                  NIPQUAD(x->props.saddr.a4),
2084                                  NIPQUAD(x->id.daddr.a4));
2085                 break;
2086         case AF_INET6:
2087                 audit_log_format(audit_buf,
2088                                  " src=" NIP6_FMT " dst=" NIP6_FMT,
2089                                  NIP6(*(struct in6_addr *)x->props.saddr.a6),
2090                                  NIP6(*(struct in6_addr *)x->id.daddr.a6));
2091                 break;
2092         }
2093
2094         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2095 }
2096
2097 static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2098                                       struct audit_buffer *audit_buf)
2099 {
2100         struct iphdr *iph4;
2101         struct ipv6hdr *iph6;
2102
2103         switch (family) {
2104         case AF_INET:
2105                 iph4 = ip_hdr(skb);
2106                 audit_log_format(audit_buf,
2107                                  " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2108                                  NIPQUAD(iph4->saddr),
2109                                  NIPQUAD(iph4->daddr));
2110                 break;
2111         case AF_INET6:
2112                 iph6 = ipv6_hdr(skb);
2113                 audit_log_format(audit_buf,
2114                                  " src=" NIP6_FMT " dst=" NIP6_FMT
2115                                  " flowlbl=0x%x%x%x",
2116                                  NIP6(iph6->saddr),
2117                                  NIP6(iph6->daddr),
2118                                  iph6->flow_lbl[0] & 0x0f,
2119                                  iph6->flow_lbl[1],
2120                                  iph6->flow_lbl[2]);
2121                 break;
2122         }
2123 }
2124
2125 void xfrm_audit_state_add(struct xfrm_state *x, int result,
2126                           u32 auid, u32 secid)
2127 {
2128         struct audit_buffer *audit_buf;
2129
2130         audit_buf = xfrm_audit_start("SAD-add");
2131         if (audit_buf == NULL)
2132                 return;
2133         xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
2134         xfrm_audit_helper_sainfo(x, audit_buf);
2135         audit_log_format(audit_buf, " res=%u", result);
2136         audit_log_end(audit_buf);
2137 }
2138 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2139
2140 void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2141                              u32 auid, u32 secid)
2142 {
2143         struct audit_buffer *audit_buf;
2144
2145         audit_buf = xfrm_audit_start("SAD-delete");
2146         if (audit_buf == NULL)
2147                 return;
2148         xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
2149         xfrm_audit_helper_sainfo(x, audit_buf);
2150         audit_log_format(audit_buf, " res=%u", result);
2151         audit_log_end(audit_buf);
2152 }
2153 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2154
2155 void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2156                                       struct sk_buff *skb)
2157 {
2158         struct audit_buffer *audit_buf;
2159         u32 spi;
2160
2161         audit_buf = xfrm_audit_start("SA-replay-overflow");
2162         if (audit_buf == NULL)
2163                 return;
2164         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2165         /* don't record the sequence number because it's inherent in this kind
2166          * of audit message */
2167         spi = ntohl(x->id.spi);
2168         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2169         audit_log_end(audit_buf);
2170 }
2171 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2172
2173 static void xfrm_audit_state_replay(struct xfrm_state *x,
2174                              struct sk_buff *skb, __be32 net_seq)
2175 {
2176         struct audit_buffer *audit_buf;
2177         u32 spi;
2178
2179         audit_buf = xfrm_audit_start("SA-replayed-pkt");
2180         if (audit_buf == NULL)
2181                 return;
2182         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2183         spi = ntohl(x->id.spi);
2184         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2185                          spi, spi, ntohl(net_seq));
2186         audit_log_end(audit_buf);
2187 }
2188
2189 void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2190 {
2191         struct audit_buffer *audit_buf;
2192
2193         audit_buf = xfrm_audit_start("SA-notfound");
2194         if (audit_buf == NULL)
2195                 return;
2196         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2197         audit_log_end(audit_buf);
2198 }
2199 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2200
2201 void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2202                                __be32 net_spi, __be32 net_seq)
2203 {
2204         struct audit_buffer *audit_buf;
2205         u32 spi;
2206
2207         audit_buf = xfrm_audit_start("SA-notfound");
2208         if (audit_buf == NULL)
2209                 return;
2210         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2211         spi = ntohl(net_spi);
2212         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2213                          spi, spi, ntohl(net_seq));
2214         audit_log_end(audit_buf);
2215 }
2216 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2217
2218 void xfrm_audit_state_icvfail(struct xfrm_state *x,
2219                               struct sk_buff *skb, u8 proto)
2220 {
2221         struct audit_buffer *audit_buf;
2222         __be32 net_spi;
2223         __be32 net_seq;
2224
2225         audit_buf = xfrm_audit_start("SA-icv-failure");
2226         if (audit_buf == NULL)
2227                 return;
2228         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2229         if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2230                 u32 spi = ntohl(net_spi);
2231                 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2232                                  spi, spi, ntohl(net_seq));
2233         }
2234         audit_log_end(audit_buf);
2235 }
2236 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2237 #endif /* CONFIG_AUDITSYSCALL */