tipc: Add support for customized subscription overlap handling
[linux-2.6] / net / xfrm / xfrm_state.c
1 /*
2  * xfrm_state.c
3  *
4  * Changes:
5  *      Mitsuru KANDA @USAGI
6  *      Kazunori MIYAZAWA @USAGI
7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8  *              IPv6 support
9  *      YOSHIFUJI Hideaki @USAGI
10  *              Split up af-specific functions
11  *      Derek Atkins <derek@ihtfp.com>
12  *              Add UDP Encapsulation
13  *
14  */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <linux/cache.h>
22 #include <linux/audit.h>
23 #include <asm/uaccess.h>
24
25 #include "xfrm_hash.h"
26
27 struct sock *xfrm_nl;
28 EXPORT_SYMBOL(xfrm_nl);
29
30 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
31 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
33 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
34 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
36 u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
38 /* Each xfrm_state may be linked to two tables:
39
40    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
41    2. Hash table by (daddr,family,reqid) to find what SAs exist for given
42       destination/tunnel endpoint. (output)
43  */
44
45 static DEFINE_SPINLOCK(xfrm_state_lock);
46
47 /* Hash table to find appropriate SA towards given target (endpoint
48  * of tunnel or destination of transport mode) allowed by selector.
49  *
50  * Main use is finding SA after policy selected tunnel or transport mode.
51  * Also, it can be used by ah/esp icmp error handler to find offending SA.
52  */
53 static LIST_HEAD(xfrm_state_all);
54 static struct hlist_head *xfrm_state_bydst __read_mostly;
55 static struct hlist_head *xfrm_state_bysrc __read_mostly;
56 static struct hlist_head *xfrm_state_byspi __read_mostly;
57 static unsigned int xfrm_state_hmask __read_mostly;
58 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
59 static unsigned int xfrm_state_num;
60 static unsigned int xfrm_state_genid;
61
62 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
63 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
64
65 #ifdef CONFIG_AUDITSYSCALL
66 static void xfrm_audit_state_replay(struct xfrm_state *x,
67                                     struct sk_buff *skb, __be32 net_seq);
68 #else
69 #define xfrm_audit_state_replay(x, s, sq)       do { ; } while (0)
70 #endif /* CONFIG_AUDITSYSCALL */
71
72 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
73                                          xfrm_address_t *saddr,
74                                          u32 reqid,
75                                          unsigned short family)
76 {
77         return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
78 }
79
80 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
81                                          xfrm_address_t *saddr,
82                                          unsigned short family)
83 {
84         return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
85 }
86
87 static inline unsigned int
88 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
89 {
90         return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
91 }
92
93 static void xfrm_hash_transfer(struct hlist_head *list,
94                                struct hlist_head *ndsttable,
95                                struct hlist_head *nsrctable,
96                                struct hlist_head *nspitable,
97                                unsigned int nhashmask)
98 {
99         struct hlist_node *entry, *tmp;
100         struct xfrm_state *x;
101
102         hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
103                 unsigned int h;
104
105                 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
106                                     x->props.reqid, x->props.family,
107                                     nhashmask);
108                 hlist_add_head(&x->bydst, ndsttable+h);
109
110                 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
111                                     x->props.family,
112                                     nhashmask);
113                 hlist_add_head(&x->bysrc, nsrctable+h);
114
115                 if (x->id.spi) {
116                         h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
117                                             x->id.proto, x->props.family,
118                                             nhashmask);
119                         hlist_add_head(&x->byspi, nspitable+h);
120                 }
121         }
122 }
123
124 static unsigned long xfrm_hash_new_size(void)
125 {
126         return ((xfrm_state_hmask + 1) << 1) *
127                 sizeof(struct hlist_head);
128 }
129
130 static DEFINE_MUTEX(hash_resize_mutex);
131
132 static void xfrm_hash_resize(struct work_struct *__unused)
133 {
134         struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
135         unsigned long nsize, osize;
136         unsigned int nhashmask, ohashmask;
137         int i;
138
139         mutex_lock(&hash_resize_mutex);
140
141         nsize = xfrm_hash_new_size();
142         ndst = xfrm_hash_alloc(nsize);
143         if (!ndst)
144                 goto out_unlock;
145         nsrc = xfrm_hash_alloc(nsize);
146         if (!nsrc) {
147                 xfrm_hash_free(ndst, nsize);
148                 goto out_unlock;
149         }
150         nspi = xfrm_hash_alloc(nsize);
151         if (!nspi) {
152                 xfrm_hash_free(ndst, nsize);
153                 xfrm_hash_free(nsrc, nsize);
154                 goto out_unlock;
155         }
156
157         spin_lock_bh(&xfrm_state_lock);
158
159         nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
160         for (i = xfrm_state_hmask; i >= 0; i--)
161                 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
162                                    nhashmask);
163
164         odst = xfrm_state_bydst;
165         osrc = xfrm_state_bysrc;
166         ospi = xfrm_state_byspi;
167         ohashmask = xfrm_state_hmask;
168
169         xfrm_state_bydst = ndst;
170         xfrm_state_bysrc = nsrc;
171         xfrm_state_byspi = nspi;
172         xfrm_state_hmask = nhashmask;
173
174         spin_unlock_bh(&xfrm_state_lock);
175
176         osize = (ohashmask + 1) * sizeof(struct hlist_head);
177         xfrm_hash_free(odst, osize);
178         xfrm_hash_free(osrc, osize);
179         xfrm_hash_free(ospi, osize);
180
181 out_unlock:
182         mutex_unlock(&hash_resize_mutex);
183 }
184
185 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
186
187 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
188 EXPORT_SYMBOL(km_waitq);
189
190 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
191 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
192
193 static struct work_struct xfrm_state_gc_work;
194 static HLIST_HEAD(xfrm_state_gc_list);
195 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
196
197 int __xfrm_state_delete(struct xfrm_state *x);
198
199 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
200 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
201
202 static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
203 {
204         struct xfrm_state_afinfo *afinfo;
205         if (unlikely(family >= NPROTO))
206                 return NULL;
207         write_lock_bh(&xfrm_state_afinfo_lock);
208         afinfo = xfrm_state_afinfo[family];
209         if (unlikely(!afinfo))
210                 write_unlock_bh(&xfrm_state_afinfo_lock);
211         return afinfo;
212 }
213
214 static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
215         __releases(xfrm_state_afinfo_lock)
216 {
217         write_unlock_bh(&xfrm_state_afinfo_lock);
218 }
219
220 int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
221 {
222         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
223         const struct xfrm_type **typemap;
224         int err = 0;
225
226         if (unlikely(afinfo == NULL))
227                 return -EAFNOSUPPORT;
228         typemap = afinfo->type_map;
229
230         if (likely(typemap[type->proto] == NULL))
231                 typemap[type->proto] = type;
232         else
233                 err = -EEXIST;
234         xfrm_state_unlock_afinfo(afinfo);
235         return err;
236 }
237 EXPORT_SYMBOL(xfrm_register_type);
238
239 int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
240 {
241         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
242         const struct xfrm_type **typemap;
243         int err = 0;
244
245         if (unlikely(afinfo == NULL))
246                 return -EAFNOSUPPORT;
247         typemap = afinfo->type_map;
248
249         if (unlikely(typemap[type->proto] != type))
250                 err = -ENOENT;
251         else
252                 typemap[type->proto] = NULL;
253         xfrm_state_unlock_afinfo(afinfo);
254         return err;
255 }
256 EXPORT_SYMBOL(xfrm_unregister_type);
257
258 static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
259 {
260         struct xfrm_state_afinfo *afinfo;
261         const struct xfrm_type **typemap;
262         const struct xfrm_type *type;
263         int modload_attempted = 0;
264
265 retry:
266         afinfo = xfrm_state_get_afinfo(family);
267         if (unlikely(afinfo == NULL))
268                 return NULL;
269         typemap = afinfo->type_map;
270
271         type = typemap[proto];
272         if (unlikely(type && !try_module_get(type->owner)))
273                 type = NULL;
274         if (!type && !modload_attempted) {
275                 xfrm_state_put_afinfo(afinfo);
276                 request_module("xfrm-type-%d-%d", family, proto);
277                 modload_attempted = 1;
278                 goto retry;
279         }
280
281         xfrm_state_put_afinfo(afinfo);
282         return type;
283 }
284
285 static void xfrm_put_type(const struct xfrm_type *type)
286 {
287         module_put(type->owner);
288 }
289
290 int xfrm_register_mode(struct xfrm_mode *mode, int family)
291 {
292         struct xfrm_state_afinfo *afinfo;
293         struct xfrm_mode **modemap;
294         int err;
295
296         if (unlikely(mode->encap >= XFRM_MODE_MAX))
297                 return -EINVAL;
298
299         afinfo = xfrm_state_lock_afinfo(family);
300         if (unlikely(afinfo == NULL))
301                 return -EAFNOSUPPORT;
302
303         err = -EEXIST;
304         modemap = afinfo->mode_map;
305         if (modemap[mode->encap])
306                 goto out;
307
308         err = -ENOENT;
309         if (!try_module_get(afinfo->owner))
310                 goto out;
311
312         mode->afinfo = afinfo;
313         modemap[mode->encap] = mode;
314         err = 0;
315
316 out:
317         xfrm_state_unlock_afinfo(afinfo);
318         return err;
319 }
320 EXPORT_SYMBOL(xfrm_register_mode);
321
322 int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
323 {
324         struct xfrm_state_afinfo *afinfo;
325         struct xfrm_mode **modemap;
326         int err;
327
328         if (unlikely(mode->encap >= XFRM_MODE_MAX))
329                 return -EINVAL;
330
331         afinfo = xfrm_state_lock_afinfo(family);
332         if (unlikely(afinfo == NULL))
333                 return -EAFNOSUPPORT;
334
335         err = -ENOENT;
336         modemap = afinfo->mode_map;
337         if (likely(modemap[mode->encap] == mode)) {
338                 modemap[mode->encap] = NULL;
339                 module_put(mode->afinfo->owner);
340                 err = 0;
341         }
342
343         xfrm_state_unlock_afinfo(afinfo);
344         return err;
345 }
346 EXPORT_SYMBOL(xfrm_unregister_mode);
347
348 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
349 {
350         struct xfrm_state_afinfo *afinfo;
351         struct xfrm_mode *mode;
352         int modload_attempted = 0;
353
354         if (unlikely(encap >= XFRM_MODE_MAX))
355                 return NULL;
356
357 retry:
358         afinfo = xfrm_state_get_afinfo(family);
359         if (unlikely(afinfo == NULL))
360                 return NULL;
361
362         mode = afinfo->mode_map[encap];
363         if (unlikely(mode && !try_module_get(mode->owner)))
364                 mode = NULL;
365         if (!mode && !modload_attempted) {
366                 xfrm_state_put_afinfo(afinfo);
367                 request_module("xfrm-mode-%d-%d", family, encap);
368                 modload_attempted = 1;
369                 goto retry;
370         }
371
372         xfrm_state_put_afinfo(afinfo);
373         return mode;
374 }
375
376 static void xfrm_put_mode(struct xfrm_mode *mode)
377 {
378         module_put(mode->owner);
379 }
380
381 static void xfrm_state_gc_destroy(struct xfrm_state *x)
382 {
383         del_timer_sync(&x->timer);
384         del_timer_sync(&x->rtimer);
385         kfree(x->aalg);
386         kfree(x->ealg);
387         kfree(x->calg);
388         kfree(x->encap);
389         kfree(x->coaddr);
390         if (x->inner_mode)
391                 xfrm_put_mode(x->inner_mode);
392         if (x->inner_mode_iaf)
393                 xfrm_put_mode(x->inner_mode_iaf);
394         if (x->outer_mode)
395                 xfrm_put_mode(x->outer_mode);
396         if (x->type) {
397                 x->type->destructor(x);
398                 xfrm_put_type(x->type);
399         }
400         security_xfrm_state_free(x);
401         kfree(x);
402 }
403
404 static void xfrm_state_gc_task(struct work_struct *data)
405 {
406         struct xfrm_state *x;
407         struct hlist_node *entry, *tmp;
408         struct hlist_head gc_list;
409
410         spin_lock_bh(&xfrm_state_gc_lock);
411         gc_list.first = xfrm_state_gc_list.first;
412         INIT_HLIST_HEAD(&xfrm_state_gc_list);
413         spin_unlock_bh(&xfrm_state_gc_lock);
414
415         hlist_for_each_entry_safe(x, entry, tmp, &gc_list, bydst)
416                 xfrm_state_gc_destroy(x);
417
418         wake_up(&km_waitq);
419 }
420
421 static inline unsigned long make_jiffies(long secs)
422 {
423         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
424                 return MAX_SCHEDULE_TIMEOUT-1;
425         else
426                 return secs*HZ;
427 }
428
429 static void xfrm_timer_handler(unsigned long data)
430 {
431         struct xfrm_state *x = (struct xfrm_state*)data;
432         unsigned long now = get_seconds();
433         long next = LONG_MAX;
434         int warn = 0;
435         int err = 0;
436
437         spin_lock(&x->lock);
438         if (x->km.state == XFRM_STATE_DEAD)
439                 goto out;
440         if (x->km.state == XFRM_STATE_EXPIRED)
441                 goto expired;
442         if (x->lft.hard_add_expires_seconds) {
443                 long tmo = x->lft.hard_add_expires_seconds +
444                         x->curlft.add_time - now;
445                 if (tmo <= 0)
446                         goto expired;
447                 if (tmo < next)
448                         next = tmo;
449         }
450         if (x->lft.hard_use_expires_seconds) {
451                 long tmo = x->lft.hard_use_expires_seconds +
452                         (x->curlft.use_time ? : now) - now;
453                 if (tmo <= 0)
454                         goto expired;
455                 if (tmo < next)
456                         next = tmo;
457         }
458         if (x->km.dying)
459                 goto resched;
460         if (x->lft.soft_add_expires_seconds) {
461                 long tmo = x->lft.soft_add_expires_seconds +
462                         x->curlft.add_time - now;
463                 if (tmo <= 0)
464                         warn = 1;
465                 else if (tmo < next)
466                         next = tmo;
467         }
468         if (x->lft.soft_use_expires_seconds) {
469                 long tmo = x->lft.soft_use_expires_seconds +
470                         (x->curlft.use_time ? : now) - now;
471                 if (tmo <= 0)
472                         warn = 1;
473                 else if (tmo < next)
474                         next = tmo;
475         }
476
477         x->km.dying = warn;
478         if (warn)
479                 km_state_expired(x, 0, 0);
480 resched:
481         if (next != LONG_MAX)
482                 mod_timer(&x->timer, jiffies + make_jiffies(next));
483
484         goto out;
485
486 expired:
487         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
488                 x->km.state = XFRM_STATE_EXPIRED;
489                 wake_up(&km_waitq);
490                 next = 2;
491                 goto resched;
492         }
493
494         err = __xfrm_state_delete(x);
495         if (!err && x->id.spi)
496                 km_state_expired(x, 1, 0);
497
498         xfrm_audit_state_delete(x, err ? 0 : 1,
499                                 audit_get_loginuid(current),
500                                 audit_get_sessionid(current), 0);
501
502 out:
503         spin_unlock(&x->lock);
504 }
505
506 static void xfrm_replay_timer_handler(unsigned long data);
507
508 struct xfrm_state *xfrm_state_alloc(void)
509 {
510         struct xfrm_state *x;
511
512         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
513
514         if (x) {
515                 atomic_set(&x->refcnt, 1);
516                 atomic_set(&x->tunnel_users, 0);
517                 INIT_LIST_HEAD(&x->all);
518                 INIT_HLIST_NODE(&x->bydst);
519                 INIT_HLIST_NODE(&x->bysrc);
520                 INIT_HLIST_NODE(&x->byspi);
521                 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
522                 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
523                                 (unsigned long)x);
524                 x->curlft.add_time = get_seconds();
525                 x->lft.soft_byte_limit = XFRM_INF;
526                 x->lft.soft_packet_limit = XFRM_INF;
527                 x->lft.hard_byte_limit = XFRM_INF;
528                 x->lft.hard_packet_limit = XFRM_INF;
529                 x->replay_maxage = 0;
530                 x->replay_maxdiff = 0;
531                 x->inner_mode = NULL;
532                 x->inner_mode_iaf = NULL;
533                 spin_lock_init(&x->lock);
534         }
535         return x;
536 }
537 EXPORT_SYMBOL(xfrm_state_alloc);
538
539 void __xfrm_state_destroy(struct xfrm_state *x)
540 {
541         BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
542
543         spin_lock_bh(&xfrm_state_lock);
544         list_del(&x->all);
545         spin_unlock_bh(&xfrm_state_lock);
546
547         spin_lock_bh(&xfrm_state_gc_lock);
548         hlist_add_head(&x->bydst, &xfrm_state_gc_list);
549         spin_unlock_bh(&xfrm_state_gc_lock);
550         schedule_work(&xfrm_state_gc_work);
551 }
552 EXPORT_SYMBOL(__xfrm_state_destroy);
553
554 int __xfrm_state_delete(struct xfrm_state *x)
555 {
556         int err = -ESRCH;
557
558         if (x->km.state != XFRM_STATE_DEAD) {
559                 x->km.state = XFRM_STATE_DEAD;
560                 spin_lock(&xfrm_state_lock);
561                 hlist_del(&x->bydst);
562                 hlist_del(&x->bysrc);
563                 if (x->id.spi)
564                         hlist_del(&x->byspi);
565                 xfrm_state_num--;
566                 spin_unlock(&xfrm_state_lock);
567
568                 /* All xfrm_state objects are created by xfrm_state_alloc.
569                  * The xfrm_state_alloc call gives a reference, and that
570                  * is what we are dropping here.
571                  */
572                 xfrm_state_put(x);
573                 err = 0;
574         }
575
576         return err;
577 }
578 EXPORT_SYMBOL(__xfrm_state_delete);
579
580 int xfrm_state_delete(struct xfrm_state *x)
581 {
582         int err;
583
584         spin_lock_bh(&x->lock);
585         err = __xfrm_state_delete(x);
586         spin_unlock_bh(&x->lock);
587
588         return err;
589 }
590 EXPORT_SYMBOL(xfrm_state_delete);
591
592 #ifdef CONFIG_SECURITY_NETWORK_XFRM
593 static inline int
594 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
595 {
596         int i, err = 0;
597
598         for (i = 0; i <= xfrm_state_hmask; i++) {
599                 struct hlist_node *entry;
600                 struct xfrm_state *x;
601
602                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
603                         if (xfrm_id_proto_match(x->id.proto, proto) &&
604                            (err = security_xfrm_state_delete(x)) != 0) {
605                                 xfrm_audit_state_delete(x, 0,
606                                                         audit_info->loginuid,
607                                                         audit_info->sessionid,
608                                                         audit_info->secid);
609                                 return err;
610                         }
611                 }
612         }
613
614         return err;
615 }
616 #else
617 static inline int
618 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
619 {
620         return 0;
621 }
622 #endif
623
624 int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
625 {
626         int i, err = 0;
627
628         spin_lock_bh(&xfrm_state_lock);
629         err = xfrm_state_flush_secctx_check(proto, audit_info);
630         if (err)
631                 goto out;
632
633         for (i = 0; i <= xfrm_state_hmask; i++) {
634                 struct hlist_node *entry;
635                 struct xfrm_state *x;
636 restart:
637                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
638                         if (!xfrm_state_kern(x) &&
639                             xfrm_id_proto_match(x->id.proto, proto)) {
640                                 xfrm_state_hold(x);
641                                 spin_unlock_bh(&xfrm_state_lock);
642
643                                 err = xfrm_state_delete(x);
644                                 xfrm_audit_state_delete(x, err ? 0 : 1,
645                                                         audit_info->loginuid,
646                                                         audit_info->sessionid,
647                                                         audit_info->secid);
648                                 xfrm_state_put(x);
649
650                                 spin_lock_bh(&xfrm_state_lock);
651                                 goto restart;
652                         }
653                 }
654         }
655         err = 0;
656
657 out:
658         spin_unlock_bh(&xfrm_state_lock);
659         wake_up(&km_waitq);
660         return err;
661 }
662 EXPORT_SYMBOL(xfrm_state_flush);
663
664 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
665 {
666         spin_lock_bh(&xfrm_state_lock);
667         si->sadcnt = xfrm_state_num;
668         si->sadhcnt = xfrm_state_hmask;
669         si->sadhmcnt = xfrm_state_hashmax;
670         spin_unlock_bh(&xfrm_state_lock);
671 }
672 EXPORT_SYMBOL(xfrm_sad_getinfo);
673
674 static int
675 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
676                   struct xfrm_tmpl *tmpl,
677                   xfrm_address_t *daddr, xfrm_address_t *saddr,
678                   unsigned short family)
679 {
680         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
681         if (!afinfo)
682                 return -1;
683         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
684         xfrm_state_put_afinfo(afinfo);
685         return 0;
686 }
687
688 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
689 {
690         unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
691         struct xfrm_state *x;
692         struct hlist_node *entry;
693
694         hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
695                 if (x->props.family != family ||
696                     x->id.spi       != spi ||
697                     x->id.proto     != proto)
698                         continue;
699
700                 switch (family) {
701                 case AF_INET:
702                         if (x->id.daddr.a4 != daddr->a4)
703                                 continue;
704                         break;
705                 case AF_INET6:
706                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
707                                              (struct in6_addr *)
708                                              x->id.daddr.a6))
709                                 continue;
710                         break;
711                 }
712
713                 xfrm_state_hold(x);
714                 return x;
715         }
716
717         return NULL;
718 }
719
720 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
721 {
722         unsigned int h = xfrm_src_hash(daddr, saddr, family);
723         struct xfrm_state *x;
724         struct hlist_node *entry;
725
726         hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
727                 if (x->props.family != family ||
728                     x->id.proto     != proto)
729                         continue;
730
731                 switch (family) {
732                 case AF_INET:
733                         if (x->id.daddr.a4 != daddr->a4 ||
734                             x->props.saddr.a4 != saddr->a4)
735                                 continue;
736                         break;
737                 case AF_INET6:
738                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
739                                              (struct in6_addr *)
740                                              x->id.daddr.a6) ||
741                             !ipv6_addr_equal((struct in6_addr *)saddr,
742                                              (struct in6_addr *)
743                                              x->props.saddr.a6))
744                                 continue;
745                         break;
746                 }
747
748                 xfrm_state_hold(x);
749                 return x;
750         }
751
752         return NULL;
753 }
754
755 static inline struct xfrm_state *
756 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
757 {
758         if (use_spi)
759                 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
760                                            x->id.proto, family);
761         else
762                 return __xfrm_state_lookup_byaddr(&x->id.daddr,
763                                                   &x->props.saddr,
764                                                   x->id.proto, family);
765 }
766
767 static void xfrm_hash_grow_check(int have_hash_collision)
768 {
769         if (have_hash_collision &&
770             (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
771             xfrm_state_num > xfrm_state_hmask)
772                 schedule_work(&xfrm_hash_work);
773 }
774
775 struct xfrm_state *
776 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
777                 struct flowi *fl, struct xfrm_tmpl *tmpl,
778                 struct xfrm_policy *pol, int *err,
779                 unsigned short family)
780 {
781         unsigned int h;
782         struct hlist_node *entry;
783         struct xfrm_state *x, *x0;
784         int acquire_in_progress = 0;
785         int error = 0;
786         struct xfrm_state *best = NULL;
787
788         spin_lock_bh(&xfrm_state_lock);
789         h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
790         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
791                 if (x->props.family == family &&
792                     x->props.reqid == tmpl->reqid &&
793                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
794                     xfrm_state_addr_check(x, daddr, saddr, family) &&
795                     tmpl->mode == x->props.mode &&
796                     tmpl->id.proto == x->id.proto &&
797                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
798                         /* Resolution logic:
799                            1. There is a valid state with matching selector.
800                               Done.
801                            2. Valid state with inappropriate selector. Skip.
802
803                            Entering area of "sysdeps".
804
805                            3. If state is not valid, selector is temporary,
806                               it selects only session which triggered
807                               previous resolution. Key manager will do
808                               something to install a state with proper
809                               selector.
810                          */
811                         if (x->km.state == XFRM_STATE_VALID) {
812                                 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
813                                     !security_xfrm_state_pol_flow_match(x, pol, fl))
814                                         continue;
815                                 if (!best ||
816                                     best->km.dying > x->km.dying ||
817                                     (best->km.dying == x->km.dying &&
818                                      best->curlft.add_time < x->curlft.add_time))
819                                         best = x;
820                         } else if (x->km.state == XFRM_STATE_ACQ) {
821                                 acquire_in_progress = 1;
822                         } else if (x->km.state == XFRM_STATE_ERROR ||
823                                    x->km.state == XFRM_STATE_EXPIRED) {
824                                 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
825                                     security_xfrm_state_pol_flow_match(x, pol, fl))
826                                         error = -ESRCH;
827                         }
828                 }
829         }
830
831         x = best;
832         if (!x && !error && !acquire_in_progress) {
833                 if (tmpl->id.spi &&
834                     (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
835                                               tmpl->id.proto, family)) != NULL) {
836                         xfrm_state_put(x0);
837                         error = -EEXIST;
838                         goto out;
839                 }
840                 x = xfrm_state_alloc();
841                 if (x == NULL) {
842                         error = -ENOMEM;
843                         goto out;
844                 }
845                 /* Initialize temporary selector matching only
846                  * to current session. */
847                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
848
849                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
850                 if (error) {
851                         x->km.state = XFRM_STATE_DEAD;
852                         xfrm_state_put(x);
853                         x = NULL;
854                         goto out;
855                 }
856
857                 if (km_query(x, tmpl, pol) == 0) {
858                         x->km.state = XFRM_STATE_ACQ;
859                         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
860                         h = xfrm_src_hash(daddr, saddr, family);
861                         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
862                         if (x->id.spi) {
863                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
864                                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
865                         }
866                         x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
867                         x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
868                         add_timer(&x->timer);
869                         xfrm_state_num++;
870                         xfrm_hash_grow_check(x->bydst.next != NULL);
871                 } else {
872                         x->km.state = XFRM_STATE_DEAD;
873                         xfrm_state_put(x);
874                         x = NULL;
875                         error = -ESRCH;
876                 }
877         }
878 out:
879         if (x)
880                 xfrm_state_hold(x);
881         else
882                 *err = acquire_in_progress ? -EAGAIN : error;
883         spin_unlock_bh(&xfrm_state_lock);
884         return x;
885 }
886
887 struct xfrm_state *
888 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
889                     unsigned short family, u8 mode, u8 proto, u32 reqid)
890 {
891         unsigned int h;
892         struct xfrm_state *rx = NULL, *x = NULL;
893         struct hlist_node *entry;
894
895         spin_lock(&xfrm_state_lock);
896         h = xfrm_dst_hash(daddr, saddr, reqid, family);
897         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
898                 if (x->props.family == family &&
899                     x->props.reqid == reqid &&
900                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
901                     xfrm_state_addr_check(x, daddr, saddr, family) &&
902                     mode == x->props.mode &&
903                     proto == x->id.proto &&
904                     x->km.state == XFRM_STATE_VALID) {
905                         rx = x;
906                         break;
907                 }
908         }
909
910         if (rx)
911                 xfrm_state_hold(rx);
912         spin_unlock(&xfrm_state_lock);
913
914
915         return rx;
916 }
917 EXPORT_SYMBOL(xfrm_stateonly_find);
918
919 static void __xfrm_state_insert(struct xfrm_state *x)
920 {
921         unsigned int h;
922
923         x->genid = ++xfrm_state_genid;
924
925         list_add_tail(&x->all, &xfrm_state_all);
926
927         h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
928                           x->props.reqid, x->props.family);
929         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
930
931         h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
932         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
933
934         if (x->id.spi) {
935                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
936                                   x->props.family);
937
938                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
939         }
940
941         mod_timer(&x->timer, jiffies + HZ);
942         if (x->replay_maxage)
943                 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
944
945         wake_up(&km_waitq);
946
947         xfrm_state_num++;
948
949         xfrm_hash_grow_check(x->bydst.next != NULL);
950 }
951
952 /* xfrm_state_lock is held */
953 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
954 {
955         unsigned short family = xnew->props.family;
956         u32 reqid = xnew->props.reqid;
957         struct xfrm_state *x;
958         struct hlist_node *entry;
959         unsigned int h;
960
961         h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
962         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
963                 if (x->props.family     == family &&
964                     x->props.reqid      == reqid &&
965                     !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
966                     !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
967                         x->genid = xfrm_state_genid;
968         }
969 }
970
971 void xfrm_state_insert(struct xfrm_state *x)
972 {
973         spin_lock_bh(&xfrm_state_lock);
974         __xfrm_state_bump_genids(x);
975         __xfrm_state_insert(x);
976         spin_unlock_bh(&xfrm_state_lock);
977 }
978 EXPORT_SYMBOL(xfrm_state_insert);
979
980 /* xfrm_state_lock is held */
981 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
982 {
983         unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
984         struct hlist_node *entry;
985         struct xfrm_state *x;
986
987         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
988                 if (x->props.reqid  != reqid ||
989                     x->props.mode   != mode ||
990                     x->props.family != family ||
991                     x->km.state     != XFRM_STATE_ACQ ||
992                     x->id.spi       != 0 ||
993                     x->id.proto     != proto)
994                         continue;
995
996                 switch (family) {
997                 case AF_INET:
998                         if (x->id.daddr.a4    != daddr->a4 ||
999                             x->props.saddr.a4 != saddr->a4)
1000                                 continue;
1001                         break;
1002                 case AF_INET6:
1003                         if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
1004                                              (struct in6_addr *)daddr) ||
1005                             !ipv6_addr_equal((struct in6_addr *)
1006                                              x->props.saddr.a6,
1007                                              (struct in6_addr *)saddr))
1008                                 continue;
1009                         break;
1010                 }
1011
1012                 xfrm_state_hold(x);
1013                 return x;
1014         }
1015
1016         if (!create)
1017                 return NULL;
1018
1019         x = xfrm_state_alloc();
1020         if (likely(x)) {
1021                 switch (family) {
1022                 case AF_INET:
1023                         x->sel.daddr.a4 = daddr->a4;
1024                         x->sel.saddr.a4 = saddr->a4;
1025                         x->sel.prefixlen_d = 32;
1026                         x->sel.prefixlen_s = 32;
1027                         x->props.saddr.a4 = saddr->a4;
1028                         x->id.daddr.a4 = daddr->a4;
1029                         break;
1030
1031                 case AF_INET6:
1032                         ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1033                                        (struct in6_addr *)daddr);
1034                         ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1035                                        (struct in6_addr *)saddr);
1036                         x->sel.prefixlen_d = 128;
1037                         x->sel.prefixlen_s = 128;
1038                         ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1039                                        (struct in6_addr *)saddr);
1040                         ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1041                                        (struct in6_addr *)daddr);
1042                         break;
1043                 }
1044
1045                 x->km.state = XFRM_STATE_ACQ;
1046                 x->id.proto = proto;
1047                 x->props.family = family;
1048                 x->props.mode = mode;
1049                 x->props.reqid = reqid;
1050                 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
1051                 xfrm_state_hold(x);
1052                 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1053                 add_timer(&x->timer);
1054                 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
1055                 h = xfrm_src_hash(daddr, saddr, family);
1056                 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1057
1058                 xfrm_state_num++;
1059
1060                 xfrm_hash_grow_check(x->bydst.next != NULL);
1061         }
1062
1063         return x;
1064 }
1065
1066 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1067
1068 int xfrm_state_add(struct xfrm_state *x)
1069 {
1070         struct xfrm_state *x1;
1071         int family;
1072         int err;
1073         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1074
1075         family = x->props.family;
1076
1077         spin_lock_bh(&xfrm_state_lock);
1078
1079         x1 = __xfrm_state_locate(x, use_spi, family);
1080         if (x1) {
1081                 xfrm_state_put(x1);
1082                 x1 = NULL;
1083                 err = -EEXIST;
1084                 goto out;
1085         }
1086
1087         if (use_spi && x->km.seq) {
1088                 x1 = __xfrm_find_acq_byseq(x->km.seq);
1089                 if (x1 && ((x1->id.proto != x->id.proto) ||
1090                     xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1091                         xfrm_state_put(x1);
1092                         x1 = NULL;
1093                 }
1094         }
1095
1096         if (use_spi && !x1)
1097                 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1098                                      x->id.proto,
1099                                      &x->id.daddr, &x->props.saddr, 0);
1100
1101         __xfrm_state_bump_genids(x);
1102         __xfrm_state_insert(x);
1103         err = 0;
1104
1105 out:
1106         spin_unlock_bh(&xfrm_state_lock);
1107
1108         if (x1) {
1109                 xfrm_state_delete(x1);
1110                 xfrm_state_put(x1);
1111         }
1112
1113         return err;
1114 }
1115 EXPORT_SYMBOL(xfrm_state_add);
1116
1117 #ifdef CONFIG_XFRM_MIGRATE
1118 static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1119 {
1120         int err = -ENOMEM;
1121         struct xfrm_state *x = xfrm_state_alloc();
1122         if (!x)
1123                 goto error;
1124
1125         memcpy(&x->id, &orig->id, sizeof(x->id));
1126         memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1127         memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1128         x->props.mode = orig->props.mode;
1129         x->props.replay_window = orig->props.replay_window;
1130         x->props.reqid = orig->props.reqid;
1131         x->props.family = orig->props.family;
1132         x->props.saddr = orig->props.saddr;
1133
1134         if (orig->aalg) {
1135                 x->aalg = xfrm_algo_clone(orig->aalg);
1136                 if (!x->aalg)
1137                         goto error;
1138         }
1139         x->props.aalgo = orig->props.aalgo;
1140
1141         if (orig->ealg) {
1142                 x->ealg = xfrm_algo_clone(orig->ealg);
1143                 if (!x->ealg)
1144                         goto error;
1145         }
1146         x->props.ealgo = orig->props.ealgo;
1147
1148         if (orig->calg) {
1149                 x->calg = xfrm_algo_clone(orig->calg);
1150                 if (!x->calg)
1151                         goto error;
1152         }
1153         x->props.calgo = orig->props.calgo;
1154
1155         if (orig->encap) {
1156                 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1157                 if (!x->encap)
1158                         goto error;
1159         }
1160
1161         if (orig->coaddr) {
1162                 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1163                                     GFP_KERNEL);
1164                 if (!x->coaddr)
1165                         goto error;
1166         }
1167
1168         err = xfrm_init_state(x);
1169         if (err)
1170                 goto error;
1171
1172         x->props.flags = orig->props.flags;
1173
1174         x->curlft.add_time = orig->curlft.add_time;
1175         x->km.state = orig->km.state;
1176         x->km.seq = orig->km.seq;
1177
1178         return x;
1179
1180  error:
1181         if (errp)
1182                 *errp = err;
1183         if (x) {
1184                 kfree(x->aalg);
1185                 kfree(x->ealg);
1186                 kfree(x->calg);
1187                 kfree(x->encap);
1188                 kfree(x->coaddr);
1189         }
1190         kfree(x);
1191         return NULL;
1192 }
1193
1194 /* xfrm_state_lock is held */
1195 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1196 {
1197         unsigned int h;
1198         struct xfrm_state *x;
1199         struct hlist_node *entry;
1200
1201         if (m->reqid) {
1202                 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1203                                   m->reqid, m->old_family);
1204                 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1205                         if (x->props.mode != m->mode ||
1206                             x->id.proto != m->proto)
1207                                 continue;
1208                         if (m->reqid && x->props.reqid != m->reqid)
1209                                 continue;
1210                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1211                                           m->old_family) ||
1212                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1213                                           m->old_family))
1214                                 continue;
1215                         xfrm_state_hold(x);
1216                         return x;
1217                 }
1218         } else {
1219                 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1220                                   m->old_family);
1221                 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
1222                         if (x->props.mode != m->mode ||
1223                             x->id.proto != m->proto)
1224                                 continue;
1225                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1226                                           m->old_family) ||
1227                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1228                                           m->old_family))
1229                                 continue;
1230                         xfrm_state_hold(x);
1231                         return x;
1232                 }
1233         }
1234
1235         return NULL;
1236 }
1237 EXPORT_SYMBOL(xfrm_migrate_state_find);
1238
1239 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1240                                        struct xfrm_migrate *m)
1241 {
1242         struct xfrm_state *xc;
1243         int err;
1244
1245         xc = xfrm_state_clone(x, &err);
1246         if (!xc)
1247                 return NULL;
1248
1249         memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1250         memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1251
1252         /* add state */
1253         if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1254                 /* a care is needed when the destination address of the
1255                    state is to be updated as it is a part of triplet */
1256                 xfrm_state_insert(xc);
1257         } else {
1258                 if ((err = xfrm_state_add(xc)) < 0)
1259                         goto error;
1260         }
1261
1262         return xc;
1263 error:
1264         kfree(xc);
1265         return NULL;
1266 }
1267 EXPORT_SYMBOL(xfrm_state_migrate);
1268 #endif
1269
1270 int xfrm_state_update(struct xfrm_state *x)
1271 {
1272         struct xfrm_state *x1;
1273         int err;
1274         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1275
1276         spin_lock_bh(&xfrm_state_lock);
1277         x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1278
1279         err = -ESRCH;
1280         if (!x1)
1281                 goto out;
1282
1283         if (xfrm_state_kern(x1)) {
1284                 xfrm_state_put(x1);
1285                 err = -EEXIST;
1286                 goto out;
1287         }
1288
1289         if (x1->km.state == XFRM_STATE_ACQ) {
1290                 __xfrm_state_insert(x);
1291                 x = NULL;
1292         }
1293         err = 0;
1294
1295 out:
1296         spin_unlock_bh(&xfrm_state_lock);
1297
1298         if (err)
1299                 return err;
1300
1301         if (!x) {
1302                 xfrm_state_delete(x1);
1303                 xfrm_state_put(x1);
1304                 return 0;
1305         }
1306
1307         err = -EINVAL;
1308         spin_lock_bh(&x1->lock);
1309         if (likely(x1->km.state == XFRM_STATE_VALID)) {
1310                 if (x->encap && x1->encap)
1311                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1312                 if (x->coaddr && x1->coaddr) {
1313                         memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1314                 }
1315                 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1316                         memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1317                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1318                 x1->km.dying = 0;
1319
1320                 mod_timer(&x1->timer, jiffies + HZ);
1321                 if (x1->curlft.use_time)
1322                         xfrm_state_check_expire(x1);
1323
1324                 err = 0;
1325         }
1326         spin_unlock_bh(&x1->lock);
1327
1328         xfrm_state_put(x1);
1329
1330         return err;
1331 }
1332 EXPORT_SYMBOL(xfrm_state_update);
1333
1334 int xfrm_state_check_expire(struct xfrm_state *x)
1335 {
1336         if (!x->curlft.use_time)
1337                 x->curlft.use_time = get_seconds();
1338
1339         if (x->km.state != XFRM_STATE_VALID)
1340                 return -EINVAL;
1341
1342         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1343             x->curlft.packets >= x->lft.hard_packet_limit) {
1344                 x->km.state = XFRM_STATE_EXPIRED;
1345                 mod_timer(&x->timer, jiffies);
1346                 return -EINVAL;
1347         }
1348
1349         if (!x->km.dying &&
1350             (x->curlft.bytes >= x->lft.soft_byte_limit ||
1351              x->curlft.packets >= x->lft.soft_packet_limit)) {
1352                 x->km.dying = 1;
1353                 km_state_expired(x, 0, 0);
1354         }
1355         return 0;
1356 }
1357 EXPORT_SYMBOL(xfrm_state_check_expire);
1358
1359 struct xfrm_state *
1360 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1361                   unsigned short family)
1362 {
1363         struct xfrm_state *x;
1364
1365         spin_lock_bh(&xfrm_state_lock);
1366         x = __xfrm_state_lookup(daddr, spi, proto, family);
1367         spin_unlock_bh(&xfrm_state_lock);
1368         return x;
1369 }
1370 EXPORT_SYMBOL(xfrm_state_lookup);
1371
1372 struct xfrm_state *
1373 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1374                          u8 proto, unsigned short family)
1375 {
1376         struct xfrm_state *x;
1377
1378         spin_lock_bh(&xfrm_state_lock);
1379         x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
1380         spin_unlock_bh(&xfrm_state_lock);
1381         return x;
1382 }
1383 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1384
1385 struct xfrm_state *
1386 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1387               xfrm_address_t *daddr, xfrm_address_t *saddr,
1388               int create, unsigned short family)
1389 {
1390         struct xfrm_state *x;
1391
1392         spin_lock_bh(&xfrm_state_lock);
1393         x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1394         spin_unlock_bh(&xfrm_state_lock);
1395
1396         return x;
1397 }
1398 EXPORT_SYMBOL(xfrm_find_acq);
1399
1400 #ifdef CONFIG_XFRM_SUB_POLICY
1401 int
1402 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1403                unsigned short family)
1404 {
1405         int err = 0;
1406         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1407         if (!afinfo)
1408                 return -EAFNOSUPPORT;
1409
1410         spin_lock_bh(&xfrm_state_lock);
1411         if (afinfo->tmpl_sort)
1412                 err = afinfo->tmpl_sort(dst, src, n);
1413         spin_unlock_bh(&xfrm_state_lock);
1414         xfrm_state_put_afinfo(afinfo);
1415         return err;
1416 }
1417 EXPORT_SYMBOL(xfrm_tmpl_sort);
1418
1419 int
1420 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1421                 unsigned short family)
1422 {
1423         int err = 0;
1424         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1425         if (!afinfo)
1426                 return -EAFNOSUPPORT;
1427
1428         spin_lock_bh(&xfrm_state_lock);
1429         if (afinfo->state_sort)
1430                 err = afinfo->state_sort(dst, src, n);
1431         spin_unlock_bh(&xfrm_state_lock);
1432         xfrm_state_put_afinfo(afinfo);
1433         return err;
1434 }
1435 EXPORT_SYMBOL(xfrm_state_sort);
1436 #endif
1437
1438 /* Silly enough, but I'm lazy to build resolution list */
1439
1440 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1441 {
1442         int i;
1443
1444         for (i = 0; i <= xfrm_state_hmask; i++) {
1445                 struct hlist_node *entry;
1446                 struct xfrm_state *x;
1447
1448                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1449                         if (x->km.seq == seq &&
1450                             x->km.state == XFRM_STATE_ACQ) {
1451                                 xfrm_state_hold(x);
1452                                 return x;
1453                         }
1454                 }
1455         }
1456         return NULL;
1457 }
1458
1459 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1460 {
1461         struct xfrm_state *x;
1462
1463         spin_lock_bh(&xfrm_state_lock);
1464         x = __xfrm_find_acq_byseq(seq);
1465         spin_unlock_bh(&xfrm_state_lock);
1466         return x;
1467 }
1468 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1469
1470 u32 xfrm_get_acqseq(void)
1471 {
1472         u32 res;
1473         static u32 acqseq;
1474         static DEFINE_SPINLOCK(acqseq_lock);
1475
1476         spin_lock_bh(&acqseq_lock);
1477         res = (++acqseq ? : ++acqseq);
1478         spin_unlock_bh(&acqseq_lock);
1479         return res;
1480 }
1481 EXPORT_SYMBOL(xfrm_get_acqseq);
1482
1483 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1484 {
1485         unsigned int h;
1486         struct xfrm_state *x0;
1487         int err = -ENOENT;
1488         __be32 minspi = htonl(low);
1489         __be32 maxspi = htonl(high);
1490
1491         spin_lock_bh(&x->lock);
1492         if (x->km.state == XFRM_STATE_DEAD)
1493                 goto unlock;
1494
1495         err = 0;
1496         if (x->id.spi)
1497                 goto unlock;
1498
1499         err = -ENOENT;
1500
1501         if (minspi == maxspi) {
1502                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1503                 if (x0) {
1504                         xfrm_state_put(x0);
1505                         goto unlock;
1506                 }
1507                 x->id.spi = minspi;
1508         } else {
1509                 u32 spi = 0;
1510                 for (h=0; h<high-low+1; h++) {
1511                         spi = low + net_random()%(high-low+1);
1512                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1513                         if (x0 == NULL) {
1514                                 x->id.spi = htonl(spi);
1515                                 break;
1516                         }
1517                         xfrm_state_put(x0);
1518                 }
1519         }
1520         if (x->id.spi) {
1521                 spin_lock_bh(&xfrm_state_lock);
1522                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1523                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1524                 spin_unlock_bh(&xfrm_state_lock);
1525
1526                 err = 0;
1527         }
1528
1529 unlock:
1530         spin_unlock_bh(&x->lock);
1531
1532         return err;
1533 }
1534 EXPORT_SYMBOL(xfrm_alloc_spi);
1535
1536 int xfrm_state_walk(struct xfrm_state_walk *walk,
1537                     int (*func)(struct xfrm_state *, int, void*),
1538                     void *data)
1539 {
1540         struct xfrm_state *old, *x, *last = NULL;
1541         int err = 0;
1542
1543         if (walk->state == NULL && walk->count != 0)
1544                 return 0;
1545
1546         old = x = walk->state;
1547         walk->state = NULL;
1548         spin_lock_bh(&xfrm_state_lock);
1549         if (x == NULL)
1550                 x = list_first_entry(&xfrm_state_all, struct xfrm_state, all);
1551         list_for_each_entry_from(x, &xfrm_state_all, all) {
1552                 if (x->km.state == XFRM_STATE_DEAD)
1553                         continue;
1554                 if (!xfrm_id_proto_match(x->id.proto, walk->proto))
1555                         continue;
1556                 if (last) {
1557                         err = func(last, walk->count, data);
1558                         if (err) {
1559                                 xfrm_state_hold(last);
1560                                 walk->state = last;
1561                                 goto out;
1562                         }
1563                 }
1564                 last = x;
1565                 walk->count++;
1566         }
1567         if (walk->count == 0) {
1568                 err = -ENOENT;
1569                 goto out;
1570         }
1571         if (last)
1572                 err = func(last, 0, data);
1573 out:
1574         spin_unlock_bh(&xfrm_state_lock);
1575         if (old != NULL)
1576                 xfrm_state_put(old);
1577         return err;
1578 }
1579 EXPORT_SYMBOL(xfrm_state_walk);
1580
1581
1582 void xfrm_replay_notify(struct xfrm_state *x, int event)
1583 {
1584         struct km_event c;
1585         /* we send notify messages in case
1586          *  1. we updated on of the sequence numbers, and the seqno difference
1587          *     is at least x->replay_maxdiff, in this case we also update the
1588          *     timeout of our timer function
1589          *  2. if x->replay_maxage has elapsed since last update,
1590          *     and there were changes
1591          *
1592          *  The state structure must be locked!
1593          */
1594
1595         switch (event) {
1596         case XFRM_REPLAY_UPDATE:
1597                 if (x->replay_maxdiff &&
1598                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1599                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1600                         if (x->xflags & XFRM_TIME_DEFER)
1601                                 event = XFRM_REPLAY_TIMEOUT;
1602                         else
1603                                 return;
1604                 }
1605
1606                 break;
1607
1608         case XFRM_REPLAY_TIMEOUT:
1609                 if ((x->replay.seq == x->preplay.seq) &&
1610                     (x->replay.bitmap == x->preplay.bitmap) &&
1611                     (x->replay.oseq == x->preplay.oseq)) {
1612                         x->xflags |= XFRM_TIME_DEFER;
1613                         return;
1614                 }
1615
1616                 break;
1617         }
1618
1619         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1620         c.event = XFRM_MSG_NEWAE;
1621         c.data.aevent = event;
1622         km_state_notify(x, &c);
1623
1624         if (x->replay_maxage &&
1625             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1626                 x->xflags &= ~XFRM_TIME_DEFER;
1627 }
1628
1629 static void xfrm_replay_timer_handler(unsigned long data)
1630 {
1631         struct xfrm_state *x = (struct xfrm_state*)data;
1632
1633         spin_lock(&x->lock);
1634
1635         if (x->km.state == XFRM_STATE_VALID) {
1636                 if (xfrm_aevent_is_on())
1637                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1638                 else
1639                         x->xflags |= XFRM_TIME_DEFER;
1640         }
1641
1642         spin_unlock(&x->lock);
1643 }
1644
1645 int xfrm_replay_check(struct xfrm_state *x,
1646                       struct sk_buff *skb, __be32 net_seq)
1647 {
1648         u32 diff;
1649         u32 seq = ntohl(net_seq);
1650
1651         if (unlikely(seq == 0))
1652                 goto err;
1653
1654         if (likely(seq > x->replay.seq))
1655                 return 0;
1656
1657         diff = x->replay.seq - seq;
1658         if (diff >= min_t(unsigned int, x->props.replay_window,
1659                           sizeof(x->replay.bitmap) * 8)) {
1660                 x->stats.replay_window++;
1661                 goto err;
1662         }
1663
1664         if (x->replay.bitmap & (1U << diff)) {
1665                 x->stats.replay++;
1666                 goto err;
1667         }
1668         return 0;
1669
1670 err:
1671         xfrm_audit_state_replay(x, skb, net_seq);
1672         return -EINVAL;
1673 }
1674
1675 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1676 {
1677         u32 diff;
1678         u32 seq = ntohl(net_seq);
1679
1680         if (seq > x->replay.seq) {
1681                 diff = seq - x->replay.seq;
1682                 if (diff < x->props.replay_window)
1683                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1684                 else
1685                         x->replay.bitmap = 1;
1686                 x->replay.seq = seq;
1687         } else {
1688                 diff = x->replay.seq - seq;
1689                 x->replay.bitmap |= (1U << diff);
1690         }
1691
1692         if (xfrm_aevent_is_on())
1693                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1694 }
1695
1696 static LIST_HEAD(xfrm_km_list);
1697 static DEFINE_RWLOCK(xfrm_km_lock);
1698
1699 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1700 {
1701         struct xfrm_mgr *km;
1702
1703         read_lock(&xfrm_km_lock);
1704         list_for_each_entry(km, &xfrm_km_list, list)
1705                 if (km->notify_policy)
1706                         km->notify_policy(xp, dir, c);
1707         read_unlock(&xfrm_km_lock);
1708 }
1709
1710 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1711 {
1712         struct xfrm_mgr *km;
1713         read_lock(&xfrm_km_lock);
1714         list_for_each_entry(km, &xfrm_km_list, list)
1715                 if (km->notify)
1716                         km->notify(x, c);
1717         read_unlock(&xfrm_km_lock);
1718 }
1719
1720 EXPORT_SYMBOL(km_policy_notify);
1721 EXPORT_SYMBOL(km_state_notify);
1722
1723 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1724 {
1725         struct km_event c;
1726
1727         c.data.hard = hard;
1728         c.pid = pid;
1729         c.event = XFRM_MSG_EXPIRE;
1730         km_state_notify(x, &c);
1731
1732         if (hard)
1733                 wake_up(&km_waitq);
1734 }
1735
1736 EXPORT_SYMBOL(km_state_expired);
1737 /*
1738  * We send to all registered managers regardless of failure
1739  * We are happy with one success
1740 */
1741 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1742 {
1743         int err = -EINVAL, acqret;
1744         struct xfrm_mgr *km;
1745
1746         read_lock(&xfrm_km_lock);
1747         list_for_each_entry(km, &xfrm_km_list, list) {
1748                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1749                 if (!acqret)
1750                         err = acqret;
1751         }
1752         read_unlock(&xfrm_km_lock);
1753         return err;
1754 }
1755 EXPORT_SYMBOL(km_query);
1756
1757 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1758 {
1759         int err = -EINVAL;
1760         struct xfrm_mgr *km;
1761
1762         read_lock(&xfrm_km_lock);
1763         list_for_each_entry(km, &xfrm_km_list, list) {
1764                 if (km->new_mapping)
1765                         err = km->new_mapping(x, ipaddr, sport);
1766                 if (!err)
1767                         break;
1768         }
1769         read_unlock(&xfrm_km_lock);
1770         return err;
1771 }
1772 EXPORT_SYMBOL(km_new_mapping);
1773
1774 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1775 {
1776         struct km_event c;
1777
1778         c.data.hard = hard;
1779         c.pid = pid;
1780         c.event = XFRM_MSG_POLEXPIRE;
1781         km_policy_notify(pol, dir, &c);
1782
1783         if (hard)
1784                 wake_up(&km_waitq);
1785 }
1786 EXPORT_SYMBOL(km_policy_expired);
1787
1788 #ifdef CONFIG_XFRM_MIGRATE
1789 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1790                struct xfrm_migrate *m, int num_migrate)
1791 {
1792         int err = -EINVAL;
1793         int ret;
1794         struct xfrm_mgr *km;
1795
1796         read_lock(&xfrm_km_lock);
1797         list_for_each_entry(km, &xfrm_km_list, list) {
1798                 if (km->migrate) {
1799                         ret = km->migrate(sel, dir, type, m, num_migrate);
1800                         if (!ret)
1801                                 err = ret;
1802                 }
1803         }
1804         read_unlock(&xfrm_km_lock);
1805         return err;
1806 }
1807 EXPORT_SYMBOL(km_migrate);
1808 #endif
1809
1810 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1811 {
1812         int err = -EINVAL;
1813         int ret;
1814         struct xfrm_mgr *km;
1815
1816         read_lock(&xfrm_km_lock);
1817         list_for_each_entry(km, &xfrm_km_list, list) {
1818                 if (km->report) {
1819                         ret = km->report(proto, sel, addr);
1820                         if (!ret)
1821                                 err = ret;
1822                 }
1823         }
1824         read_unlock(&xfrm_km_lock);
1825         return err;
1826 }
1827 EXPORT_SYMBOL(km_report);
1828
1829 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1830 {
1831         int err;
1832         u8 *data;
1833         struct xfrm_mgr *km;
1834         struct xfrm_policy *pol = NULL;
1835
1836         if (optlen <= 0 || optlen > PAGE_SIZE)
1837                 return -EMSGSIZE;
1838
1839         data = kmalloc(optlen, GFP_KERNEL);
1840         if (!data)
1841                 return -ENOMEM;
1842
1843         err = -EFAULT;
1844         if (copy_from_user(data, optval, optlen))
1845                 goto out;
1846
1847         err = -EINVAL;
1848         read_lock(&xfrm_km_lock);
1849         list_for_each_entry(km, &xfrm_km_list, list) {
1850                 pol = km->compile_policy(sk, optname, data,
1851                                          optlen, &err);
1852                 if (err >= 0)
1853                         break;
1854         }
1855         read_unlock(&xfrm_km_lock);
1856
1857         if (err >= 0) {
1858                 xfrm_sk_policy_insert(sk, err, pol);
1859                 xfrm_pol_put(pol);
1860                 err = 0;
1861         }
1862
1863 out:
1864         kfree(data);
1865         return err;
1866 }
1867 EXPORT_SYMBOL(xfrm_user_policy);
1868
1869 int xfrm_register_km(struct xfrm_mgr *km)
1870 {
1871         write_lock_bh(&xfrm_km_lock);
1872         list_add_tail(&km->list, &xfrm_km_list);
1873         write_unlock_bh(&xfrm_km_lock);
1874         return 0;
1875 }
1876 EXPORT_SYMBOL(xfrm_register_km);
1877
1878 int xfrm_unregister_km(struct xfrm_mgr *km)
1879 {
1880         write_lock_bh(&xfrm_km_lock);
1881         list_del(&km->list);
1882         write_unlock_bh(&xfrm_km_lock);
1883         return 0;
1884 }
1885 EXPORT_SYMBOL(xfrm_unregister_km);
1886
1887 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1888 {
1889         int err = 0;
1890         if (unlikely(afinfo == NULL))
1891                 return -EINVAL;
1892         if (unlikely(afinfo->family >= NPROTO))
1893                 return -EAFNOSUPPORT;
1894         write_lock_bh(&xfrm_state_afinfo_lock);
1895         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1896                 err = -ENOBUFS;
1897         else
1898                 xfrm_state_afinfo[afinfo->family] = afinfo;
1899         write_unlock_bh(&xfrm_state_afinfo_lock);
1900         return err;
1901 }
1902 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1903
1904 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1905 {
1906         int err = 0;
1907         if (unlikely(afinfo == NULL))
1908                 return -EINVAL;
1909         if (unlikely(afinfo->family >= NPROTO))
1910                 return -EAFNOSUPPORT;
1911         write_lock_bh(&xfrm_state_afinfo_lock);
1912         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1913                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1914                         err = -EINVAL;
1915                 else
1916                         xfrm_state_afinfo[afinfo->family] = NULL;
1917         }
1918         write_unlock_bh(&xfrm_state_afinfo_lock);
1919         return err;
1920 }
1921 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1922
1923 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1924 {
1925         struct xfrm_state_afinfo *afinfo;
1926         if (unlikely(family >= NPROTO))
1927                 return NULL;
1928         read_lock(&xfrm_state_afinfo_lock);
1929         afinfo = xfrm_state_afinfo[family];
1930         if (unlikely(!afinfo))
1931                 read_unlock(&xfrm_state_afinfo_lock);
1932         return afinfo;
1933 }
1934
1935 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1936         __releases(xfrm_state_afinfo_lock)
1937 {
1938         read_unlock(&xfrm_state_afinfo_lock);
1939 }
1940
1941 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1942 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1943 {
1944         if (x->tunnel) {
1945                 struct xfrm_state *t = x->tunnel;
1946
1947                 if (atomic_read(&t->tunnel_users) == 2)
1948                         xfrm_state_delete(t);
1949                 atomic_dec(&t->tunnel_users);
1950                 xfrm_state_put(t);
1951                 x->tunnel = NULL;
1952         }
1953 }
1954 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1955
1956 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1957 {
1958         int res;
1959
1960         spin_lock_bh(&x->lock);
1961         if (x->km.state == XFRM_STATE_VALID &&
1962             x->type && x->type->get_mtu)
1963                 res = x->type->get_mtu(x, mtu);
1964         else
1965                 res = mtu - x->props.header_len;
1966         spin_unlock_bh(&x->lock);
1967         return res;
1968 }
1969
1970 int xfrm_init_state(struct xfrm_state *x)
1971 {
1972         struct xfrm_state_afinfo *afinfo;
1973         struct xfrm_mode *inner_mode;
1974         int family = x->props.family;
1975         int err;
1976
1977         err = -EAFNOSUPPORT;
1978         afinfo = xfrm_state_get_afinfo(family);
1979         if (!afinfo)
1980                 goto error;
1981
1982         err = 0;
1983         if (afinfo->init_flags)
1984                 err = afinfo->init_flags(x);
1985
1986         xfrm_state_put_afinfo(afinfo);
1987
1988         if (err)
1989                 goto error;
1990
1991         err = -EPROTONOSUPPORT;
1992
1993         if (x->sel.family != AF_UNSPEC) {
1994                 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
1995                 if (inner_mode == NULL)
1996                         goto error;
1997
1998                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
1999                     family != x->sel.family) {
2000                         xfrm_put_mode(inner_mode);
2001                         goto error;
2002                 }
2003
2004                 x->inner_mode = inner_mode;
2005         } else {
2006                 struct xfrm_mode *inner_mode_iaf;
2007
2008                 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2009                 if (inner_mode == NULL)
2010                         goto error;
2011
2012                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2013                         xfrm_put_mode(inner_mode);
2014                         goto error;
2015                 }
2016
2017                 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2018                 if (inner_mode_iaf == NULL)
2019                         goto error;
2020
2021                 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2022                         xfrm_put_mode(inner_mode_iaf);
2023                         goto error;
2024                 }
2025
2026                 if (x->props.family == AF_INET) {
2027                         x->inner_mode = inner_mode;
2028                         x->inner_mode_iaf = inner_mode_iaf;
2029                 } else {
2030                         x->inner_mode = inner_mode_iaf;
2031                         x->inner_mode_iaf = inner_mode;
2032                 }
2033         }
2034
2035         x->type = xfrm_get_type(x->id.proto, family);
2036         if (x->type == NULL)
2037                 goto error;
2038
2039         err = x->type->init_state(x);
2040         if (err)
2041                 goto error;
2042
2043         x->outer_mode = xfrm_get_mode(x->props.mode, family);
2044         if (x->outer_mode == NULL)
2045                 goto error;
2046
2047         x->km.state = XFRM_STATE_VALID;
2048
2049 error:
2050         return err;
2051 }
2052
2053 EXPORT_SYMBOL(xfrm_init_state);
2054
2055 void __init xfrm_state_init(void)
2056 {
2057         unsigned int sz;
2058
2059         sz = sizeof(struct hlist_head) * 8;
2060
2061         xfrm_state_bydst = xfrm_hash_alloc(sz);
2062         xfrm_state_bysrc = xfrm_hash_alloc(sz);
2063         xfrm_state_byspi = xfrm_hash_alloc(sz);
2064         if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
2065                 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
2066         xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2067
2068         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
2069 }
2070
2071 #ifdef CONFIG_AUDITSYSCALL
2072 static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2073                                      struct audit_buffer *audit_buf)
2074 {
2075         struct xfrm_sec_ctx *ctx = x->security;
2076         u32 spi = ntohl(x->id.spi);
2077
2078         if (ctx)
2079                 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2080                                  ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2081
2082         switch(x->props.family) {
2083         case AF_INET:
2084                 audit_log_format(audit_buf,
2085                                  " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2086                                  NIPQUAD(x->props.saddr.a4),
2087                                  NIPQUAD(x->id.daddr.a4));
2088                 break;
2089         case AF_INET6:
2090                 audit_log_format(audit_buf,
2091                                  " src=" NIP6_FMT " dst=" NIP6_FMT,
2092                                  NIP6(*(struct in6_addr *)x->props.saddr.a6),
2093                                  NIP6(*(struct in6_addr *)x->id.daddr.a6));
2094                 break;
2095         }
2096
2097         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2098 }
2099
2100 static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2101                                       struct audit_buffer *audit_buf)
2102 {
2103         struct iphdr *iph4;
2104         struct ipv6hdr *iph6;
2105
2106         switch (family) {
2107         case AF_INET:
2108                 iph4 = ip_hdr(skb);
2109                 audit_log_format(audit_buf,
2110                                  " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2111                                  NIPQUAD(iph4->saddr),
2112                                  NIPQUAD(iph4->daddr));
2113                 break;
2114         case AF_INET6:
2115                 iph6 = ipv6_hdr(skb);
2116                 audit_log_format(audit_buf,
2117                                  " src=" NIP6_FMT " dst=" NIP6_FMT
2118                                  " flowlbl=0x%x%02x%02x",
2119                                  NIP6(iph6->saddr),
2120                                  NIP6(iph6->daddr),
2121                                  iph6->flow_lbl[0] & 0x0f,
2122                                  iph6->flow_lbl[1],
2123                                  iph6->flow_lbl[2]);
2124                 break;
2125         }
2126 }
2127
2128 void xfrm_audit_state_add(struct xfrm_state *x, int result,
2129                           uid_t auid, u32 sessionid, u32 secid)
2130 {
2131         struct audit_buffer *audit_buf;
2132
2133         audit_buf = xfrm_audit_start("SAD-add");
2134         if (audit_buf == NULL)
2135                 return;
2136         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2137         xfrm_audit_helper_sainfo(x, audit_buf);
2138         audit_log_format(audit_buf, " res=%u", result);
2139         audit_log_end(audit_buf);
2140 }
2141 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2142
2143 void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2144                              uid_t auid, u32 sessionid, u32 secid)
2145 {
2146         struct audit_buffer *audit_buf;
2147
2148         audit_buf = xfrm_audit_start("SAD-delete");
2149         if (audit_buf == NULL)
2150                 return;
2151         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2152         xfrm_audit_helper_sainfo(x, audit_buf);
2153         audit_log_format(audit_buf, " res=%u", result);
2154         audit_log_end(audit_buf);
2155 }
2156 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2157
2158 void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2159                                       struct sk_buff *skb)
2160 {
2161         struct audit_buffer *audit_buf;
2162         u32 spi;
2163
2164         audit_buf = xfrm_audit_start("SA-replay-overflow");
2165         if (audit_buf == NULL)
2166                 return;
2167         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2168         /* don't record the sequence number because it's inherent in this kind
2169          * of audit message */
2170         spi = ntohl(x->id.spi);
2171         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2172         audit_log_end(audit_buf);
2173 }
2174 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2175
2176 static void xfrm_audit_state_replay(struct xfrm_state *x,
2177                              struct sk_buff *skb, __be32 net_seq)
2178 {
2179         struct audit_buffer *audit_buf;
2180         u32 spi;
2181
2182         audit_buf = xfrm_audit_start("SA-replayed-pkt");
2183         if (audit_buf == NULL)
2184                 return;
2185         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2186         spi = ntohl(x->id.spi);
2187         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2188                          spi, spi, ntohl(net_seq));
2189         audit_log_end(audit_buf);
2190 }
2191
2192 void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2193 {
2194         struct audit_buffer *audit_buf;
2195
2196         audit_buf = xfrm_audit_start("SA-notfound");
2197         if (audit_buf == NULL)
2198                 return;
2199         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2200         audit_log_end(audit_buf);
2201 }
2202 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2203
2204 void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2205                                __be32 net_spi, __be32 net_seq)
2206 {
2207         struct audit_buffer *audit_buf;
2208         u32 spi;
2209
2210         audit_buf = xfrm_audit_start("SA-notfound");
2211         if (audit_buf == NULL)
2212                 return;
2213         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2214         spi = ntohl(net_spi);
2215         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2216                          spi, spi, ntohl(net_seq));
2217         audit_log_end(audit_buf);
2218 }
2219 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2220
2221 void xfrm_audit_state_icvfail(struct xfrm_state *x,
2222                               struct sk_buff *skb, u8 proto)
2223 {
2224         struct audit_buffer *audit_buf;
2225         __be32 net_spi;
2226         __be32 net_seq;
2227
2228         audit_buf = xfrm_audit_start("SA-icv-failure");
2229         if (audit_buf == NULL)
2230                 return;
2231         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2232         if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2233                 u32 spi = ntohl(net_spi);
2234                 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2235                                  spi, spi, ntohl(net_seq));
2236         }
2237         audit_log_end(audit_buf);
2238 }
2239 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2240 #endif /* CONFIG_AUDITSYSCALL */