6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
16 #include <linux/workqueue.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <linux/cache.h>
22 #include <asm/uaccess.h>
24 #include "xfrm_hash.h"
27 EXPORT_SYMBOL(xfrm_nl);
29 u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME;
30 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32 u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE;
33 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35 /* Each xfrm_state may be linked to two tables:
37 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
38 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
39 destination/tunnel endpoint. (output)
42 static DEFINE_SPINLOCK(xfrm_state_lock);
44 /* Hash table to find appropriate SA towards given target (endpoint
45 * of tunnel or destination of transport mode) allowed by selector.
47 * Main use is finding SA after policy selected tunnel or transport mode.
48 * Also, it can be used by ah/esp icmp error handler to find offending SA.
50 static struct hlist_head *xfrm_state_bydst __read_mostly;
51 static struct hlist_head *xfrm_state_bysrc __read_mostly;
52 static struct hlist_head *xfrm_state_byspi __read_mostly;
53 static unsigned int xfrm_state_hmask __read_mostly;
54 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
55 static unsigned int xfrm_state_num;
56 static unsigned int xfrm_state_genid;
58 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
59 xfrm_address_t *saddr,
61 unsigned short family)
63 return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
66 static inline unsigned int xfrm_src_hash(xfrm_address_t *addr,
67 unsigned short family)
69 return __xfrm_src_hash(addr, family, xfrm_state_hmask);
72 static inline unsigned int
73 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
75 return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
78 static void xfrm_hash_transfer(struct hlist_head *list,
79 struct hlist_head *ndsttable,
80 struct hlist_head *nsrctable,
81 struct hlist_head *nspitable,
82 unsigned int nhashmask)
84 struct hlist_node *entry, *tmp;
87 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
90 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
91 x->props.reqid, x->props.family,
93 hlist_add_head(&x->bydst, ndsttable+h);
95 h = __xfrm_src_hash(&x->props.saddr, x->props.family,
97 hlist_add_head(&x->bysrc, nsrctable+h);
100 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
101 x->id.proto, x->props.family,
103 hlist_add_head(&x->byspi, nspitable+h);
108 static unsigned long xfrm_hash_new_size(void)
110 return ((xfrm_state_hmask + 1) << 1) *
111 sizeof(struct hlist_head);
114 static DEFINE_MUTEX(hash_resize_mutex);
116 static void xfrm_hash_resize(void *__unused)
118 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
119 unsigned long nsize, osize;
120 unsigned int nhashmask, ohashmask;
123 mutex_lock(&hash_resize_mutex);
125 nsize = xfrm_hash_new_size();
126 ndst = xfrm_hash_alloc(nsize);
129 nsrc = xfrm_hash_alloc(nsize);
131 xfrm_hash_free(ndst, nsize);
134 nspi = xfrm_hash_alloc(nsize);
136 xfrm_hash_free(ndst, nsize);
137 xfrm_hash_free(nsrc, nsize);
141 spin_lock_bh(&xfrm_state_lock);
143 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
144 for (i = xfrm_state_hmask; i >= 0; i--)
145 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
148 odst = xfrm_state_bydst;
149 osrc = xfrm_state_bysrc;
150 ospi = xfrm_state_byspi;
151 ohashmask = xfrm_state_hmask;
153 xfrm_state_bydst = ndst;
154 xfrm_state_bysrc = nsrc;
155 xfrm_state_byspi = nspi;
156 xfrm_state_hmask = nhashmask;
158 spin_unlock_bh(&xfrm_state_lock);
160 osize = (ohashmask + 1) * sizeof(struct hlist_head);
161 xfrm_hash_free(odst, osize);
162 xfrm_hash_free(osrc, osize);
163 xfrm_hash_free(ospi, osize);
166 mutex_unlock(&hash_resize_mutex);
169 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize, NULL);
171 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
172 EXPORT_SYMBOL(km_waitq);
174 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
175 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
177 static struct work_struct xfrm_state_gc_work;
178 static HLIST_HEAD(xfrm_state_gc_list);
179 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
181 int __xfrm_state_delete(struct xfrm_state *x);
183 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family);
184 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
186 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
187 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
189 static void xfrm_state_gc_destroy(struct xfrm_state *x)
191 del_timer_sync(&x->timer);
192 del_timer_sync(&x->rtimer);
199 xfrm_put_mode(x->mode);
201 x->type->destructor(x);
202 xfrm_put_type(x->type);
204 security_xfrm_state_free(x);
208 static void xfrm_state_gc_task(void *data)
210 struct xfrm_state *x;
211 struct hlist_node *entry, *tmp;
212 struct hlist_head gc_list;
214 spin_lock_bh(&xfrm_state_gc_lock);
215 gc_list.first = xfrm_state_gc_list.first;
216 INIT_HLIST_HEAD(&xfrm_state_gc_list);
217 spin_unlock_bh(&xfrm_state_gc_lock);
219 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, bydst)
220 xfrm_state_gc_destroy(x);
225 static inline unsigned long make_jiffies(long secs)
227 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
228 return MAX_SCHEDULE_TIMEOUT-1;
233 static void xfrm_timer_handler(unsigned long data)
235 struct xfrm_state *x = (struct xfrm_state*)data;
236 unsigned long now = (unsigned long)xtime.tv_sec;
237 long next = LONG_MAX;
241 if (x->km.state == XFRM_STATE_DEAD)
243 if (x->km.state == XFRM_STATE_EXPIRED)
245 if (x->lft.hard_add_expires_seconds) {
246 long tmo = x->lft.hard_add_expires_seconds +
247 x->curlft.add_time - now;
253 if (x->lft.hard_use_expires_seconds) {
254 long tmo = x->lft.hard_use_expires_seconds +
255 (x->curlft.use_time ? : now) - now;
263 if (x->lft.soft_add_expires_seconds) {
264 long tmo = x->lft.soft_add_expires_seconds +
265 x->curlft.add_time - now;
271 if (x->lft.soft_use_expires_seconds) {
272 long tmo = x->lft.soft_use_expires_seconds +
273 (x->curlft.use_time ? : now) - now;
282 km_state_expired(x, 0, 0);
284 if (next != LONG_MAX)
285 mod_timer(&x->timer, jiffies + make_jiffies(next));
290 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
291 x->km.state = XFRM_STATE_EXPIRED;
296 if (!__xfrm_state_delete(x) && x->id.spi)
297 km_state_expired(x, 1, 0);
300 spin_unlock(&x->lock);
303 static void xfrm_replay_timer_handler(unsigned long data);
305 struct xfrm_state *xfrm_state_alloc(void)
307 struct xfrm_state *x;
309 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
312 atomic_set(&x->refcnt, 1);
313 atomic_set(&x->tunnel_users, 0);
314 INIT_HLIST_NODE(&x->bydst);
315 INIT_HLIST_NODE(&x->bysrc);
316 INIT_HLIST_NODE(&x->byspi);
317 init_timer(&x->timer);
318 x->timer.function = xfrm_timer_handler;
319 x->timer.data = (unsigned long)x;
320 init_timer(&x->rtimer);
321 x->rtimer.function = xfrm_replay_timer_handler;
322 x->rtimer.data = (unsigned long)x;
323 x->curlft.add_time = (unsigned long)xtime.tv_sec;
324 x->lft.soft_byte_limit = XFRM_INF;
325 x->lft.soft_packet_limit = XFRM_INF;
326 x->lft.hard_byte_limit = XFRM_INF;
327 x->lft.hard_packet_limit = XFRM_INF;
328 x->replay_maxage = 0;
329 x->replay_maxdiff = 0;
330 spin_lock_init(&x->lock);
334 EXPORT_SYMBOL(xfrm_state_alloc);
336 void __xfrm_state_destroy(struct xfrm_state *x)
338 BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
340 spin_lock_bh(&xfrm_state_gc_lock);
341 hlist_add_head(&x->bydst, &xfrm_state_gc_list);
342 spin_unlock_bh(&xfrm_state_gc_lock);
343 schedule_work(&xfrm_state_gc_work);
345 EXPORT_SYMBOL(__xfrm_state_destroy);
347 int __xfrm_state_delete(struct xfrm_state *x)
351 if (x->km.state != XFRM_STATE_DEAD) {
352 x->km.state = XFRM_STATE_DEAD;
353 spin_lock(&xfrm_state_lock);
354 hlist_del(&x->bydst);
355 hlist_del(&x->bysrc);
357 hlist_del(&x->byspi);
359 spin_unlock(&xfrm_state_lock);
361 /* All xfrm_state objects are created by xfrm_state_alloc.
362 * The xfrm_state_alloc call gives a reference, and that
363 * is what we are dropping here.
371 EXPORT_SYMBOL(__xfrm_state_delete);
373 int xfrm_state_delete(struct xfrm_state *x)
377 spin_lock_bh(&x->lock);
378 err = __xfrm_state_delete(x);
379 spin_unlock_bh(&x->lock);
383 EXPORT_SYMBOL(xfrm_state_delete);
385 void xfrm_state_flush(u8 proto)
389 spin_lock_bh(&xfrm_state_lock);
390 for (i = 0; i <= xfrm_state_hmask; i++) {
391 struct hlist_node *entry;
392 struct xfrm_state *x;
394 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
395 if (!xfrm_state_kern(x) &&
396 xfrm_id_proto_match(x->id.proto, proto)) {
398 spin_unlock_bh(&xfrm_state_lock);
400 xfrm_state_delete(x);
403 spin_lock_bh(&xfrm_state_lock);
408 spin_unlock_bh(&xfrm_state_lock);
411 EXPORT_SYMBOL(xfrm_state_flush);
414 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
415 struct xfrm_tmpl *tmpl,
416 xfrm_address_t *daddr, xfrm_address_t *saddr,
417 unsigned short family)
419 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
422 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
423 xfrm_state_put_afinfo(afinfo);
427 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
429 unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
430 struct xfrm_state *x;
431 struct hlist_node *entry;
433 hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
434 if (x->props.family != family ||
436 x->id.proto != proto)
441 if (x->id.daddr.a4 != daddr->a4)
445 if (!ipv6_addr_equal((struct in6_addr *)daddr,
459 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
461 unsigned int h = xfrm_src_hash(saddr, family);
462 struct xfrm_state *x;
463 struct hlist_node *entry;
465 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
466 if (x->props.family != family ||
467 x->id.proto != proto)
472 if (x->id.daddr.a4 != daddr->a4 ||
473 x->props.saddr.a4 != saddr->a4)
477 if (!ipv6_addr_equal((struct in6_addr *)daddr,
480 !ipv6_addr_equal((struct in6_addr *)saddr,
494 static inline struct xfrm_state *
495 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
498 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
499 x->id.proto, family);
501 return __xfrm_state_lookup_byaddr(&x->id.daddr,
503 x->id.proto, family);
507 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
508 struct flowi *fl, struct xfrm_tmpl *tmpl,
509 struct xfrm_policy *pol, int *err,
510 unsigned short family)
512 unsigned int h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
513 struct hlist_node *entry;
514 struct xfrm_state *x, *x0;
515 int acquire_in_progress = 0;
517 struct xfrm_state *best = NULL;
519 spin_lock_bh(&xfrm_state_lock);
520 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
521 if (x->props.family == family &&
522 x->props.reqid == tmpl->reqid &&
523 !(x->props.flags & XFRM_STATE_WILDRECV) &&
524 xfrm_state_addr_check(x, daddr, saddr, family) &&
525 tmpl->mode == x->props.mode &&
526 tmpl->id.proto == x->id.proto &&
527 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
529 1. There is a valid state with matching selector.
531 2. Valid state with inappropriate selector. Skip.
533 Entering area of "sysdeps".
535 3. If state is not valid, selector is temporary,
536 it selects only session which triggered
537 previous resolution. Key manager will do
538 something to install a state with proper
541 if (x->km.state == XFRM_STATE_VALID) {
542 if (!xfrm_selector_match(&x->sel, fl, family) ||
543 !security_xfrm_state_pol_flow_match(x, pol, fl))
546 best->km.dying > x->km.dying ||
547 (best->km.dying == x->km.dying &&
548 best->curlft.add_time < x->curlft.add_time))
550 } else if (x->km.state == XFRM_STATE_ACQ) {
551 acquire_in_progress = 1;
552 } else if (x->km.state == XFRM_STATE_ERROR ||
553 x->km.state == XFRM_STATE_EXPIRED) {
554 if (xfrm_selector_match(&x->sel, fl, family) &&
555 security_xfrm_state_pol_flow_match(x, pol, fl))
562 if (!x && !error && !acquire_in_progress) {
564 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
565 tmpl->id.proto, family)) != NULL) {
570 x = xfrm_state_alloc();
575 /* Initialize temporary selector matching only
576 * to current session. */
577 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
579 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
581 x->km.state = XFRM_STATE_DEAD;
587 if (km_query(x, tmpl, pol) == 0) {
588 x->km.state = XFRM_STATE_ACQ;
589 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
590 h = xfrm_src_hash(saddr, family);
591 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
593 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
594 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
596 x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
597 x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
598 add_timer(&x->timer);
600 x->km.state = XFRM_STATE_DEAD;
610 *err = acquire_in_progress ? -EAGAIN : error;
611 spin_unlock_bh(&xfrm_state_lock);
615 static void __xfrm_state_insert(struct xfrm_state *x)
619 x->genid = ++xfrm_state_genid;
621 h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
622 x->props.reqid, x->props.family);
623 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
625 h = xfrm_src_hash(&x->props.saddr, x->props.family);
626 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
629 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
632 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
635 mod_timer(&x->timer, jiffies + HZ);
636 if (x->replay_maxage)
637 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
643 if (x->bydst.next != NULL &&
644 (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
645 xfrm_state_num > xfrm_state_hmask)
646 schedule_work(&xfrm_hash_work);
649 /* xfrm_state_lock is held */
650 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
652 unsigned short family = xnew->props.family;
653 u32 reqid = xnew->props.reqid;
654 struct xfrm_state *x;
655 struct hlist_node *entry;
658 h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
659 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
660 if (x->props.family == family &&
661 x->props.reqid == reqid &&
662 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
663 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
664 x->genid = xfrm_state_genid;
668 void xfrm_state_insert(struct xfrm_state *x)
670 spin_lock_bh(&xfrm_state_lock);
671 __xfrm_state_bump_genids(x);
672 __xfrm_state_insert(x);
673 spin_unlock_bh(&xfrm_state_lock);
675 EXPORT_SYMBOL(xfrm_state_insert);
677 /* xfrm_state_lock is held */
678 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
680 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
681 struct hlist_node *entry;
682 struct xfrm_state *x;
684 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
685 if (x->props.reqid != reqid ||
686 x->props.mode != mode ||
687 x->props.family != family ||
688 x->km.state != XFRM_STATE_ACQ ||
694 if (x->id.daddr.a4 != daddr->a4 ||
695 x->props.saddr.a4 != saddr->a4)
699 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
700 (struct in6_addr *)daddr) ||
701 !ipv6_addr_equal((struct in6_addr *)
703 (struct in6_addr *)saddr))
715 x = xfrm_state_alloc();
719 x->sel.daddr.a4 = daddr->a4;
720 x->sel.saddr.a4 = saddr->a4;
721 x->sel.prefixlen_d = 32;
722 x->sel.prefixlen_s = 32;
723 x->props.saddr.a4 = saddr->a4;
724 x->id.daddr.a4 = daddr->a4;
728 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
729 (struct in6_addr *)daddr);
730 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
731 (struct in6_addr *)saddr);
732 x->sel.prefixlen_d = 128;
733 x->sel.prefixlen_s = 128;
734 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
735 (struct in6_addr *)saddr);
736 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
737 (struct in6_addr *)daddr);
741 x->km.state = XFRM_STATE_ACQ;
743 x->props.family = family;
744 x->props.mode = mode;
745 x->props.reqid = reqid;
746 x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
748 x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
749 add_timer(&x->timer);
750 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
751 h = xfrm_src_hash(saddr, family);
752 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
759 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
761 int xfrm_state_add(struct xfrm_state *x)
763 struct xfrm_state *x1;
766 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
768 family = x->props.family;
770 spin_lock_bh(&xfrm_state_lock);
772 x1 = __xfrm_state_locate(x, use_spi, family);
780 if (use_spi && x->km.seq) {
781 x1 = __xfrm_find_acq_byseq(x->km.seq);
782 if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
789 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
791 &x->id.daddr, &x->props.saddr, 0);
793 __xfrm_state_bump_genids(x);
794 __xfrm_state_insert(x);
798 spin_unlock_bh(&xfrm_state_lock);
801 xfrm_state_delete(x1);
807 EXPORT_SYMBOL(xfrm_state_add);
809 int xfrm_state_update(struct xfrm_state *x)
811 struct xfrm_state *x1;
813 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
815 spin_lock_bh(&xfrm_state_lock);
816 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
822 if (xfrm_state_kern(x1)) {
828 if (x1->km.state == XFRM_STATE_ACQ) {
829 __xfrm_state_insert(x);
835 spin_unlock_bh(&xfrm_state_lock);
841 xfrm_state_delete(x1);
847 spin_lock_bh(&x1->lock);
848 if (likely(x1->km.state == XFRM_STATE_VALID)) {
849 if (x->encap && x1->encap)
850 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
851 if (x->coaddr && x1->coaddr) {
852 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
854 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
855 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
856 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
859 mod_timer(&x1->timer, jiffies + HZ);
860 if (x1->curlft.use_time)
861 xfrm_state_check_expire(x1);
865 spin_unlock_bh(&x1->lock);
871 EXPORT_SYMBOL(xfrm_state_update);
873 int xfrm_state_check_expire(struct xfrm_state *x)
875 if (!x->curlft.use_time)
876 x->curlft.use_time = (unsigned long)xtime.tv_sec;
878 if (x->km.state != XFRM_STATE_VALID)
881 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
882 x->curlft.packets >= x->lft.hard_packet_limit) {
883 x->km.state = XFRM_STATE_EXPIRED;
884 mod_timer(&x->timer, jiffies);
889 (x->curlft.bytes >= x->lft.soft_byte_limit ||
890 x->curlft.packets >= x->lft.soft_packet_limit)) {
892 km_state_expired(x, 0, 0);
896 EXPORT_SYMBOL(xfrm_state_check_expire);
898 static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
900 int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev)
904 return pskb_expand_head(skb, nhead, 0, GFP_ATOMIC);
906 /* Check tail too... */
910 int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
912 int err = xfrm_state_check_expire(x);
915 err = xfrm_state_check_space(x, skb);
919 EXPORT_SYMBOL(xfrm_state_check);
922 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
923 unsigned short family)
925 struct xfrm_state *x;
927 spin_lock_bh(&xfrm_state_lock);
928 x = __xfrm_state_lookup(daddr, spi, proto, family);
929 spin_unlock_bh(&xfrm_state_lock);
932 EXPORT_SYMBOL(xfrm_state_lookup);
935 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
936 u8 proto, unsigned short family)
938 struct xfrm_state *x;
940 spin_lock_bh(&xfrm_state_lock);
941 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
942 spin_unlock_bh(&xfrm_state_lock);
945 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
948 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
949 xfrm_address_t *daddr, xfrm_address_t *saddr,
950 int create, unsigned short family)
952 struct xfrm_state *x;
954 spin_lock_bh(&xfrm_state_lock);
955 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
956 spin_unlock_bh(&xfrm_state_lock);
960 EXPORT_SYMBOL(xfrm_find_acq);
962 #ifdef CONFIG_XFRM_SUB_POLICY
964 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
965 unsigned short family)
968 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
970 return -EAFNOSUPPORT;
972 spin_lock_bh(&xfrm_state_lock);
973 if (afinfo->tmpl_sort)
974 err = afinfo->tmpl_sort(dst, src, n);
975 spin_unlock_bh(&xfrm_state_lock);
976 xfrm_state_put_afinfo(afinfo);
979 EXPORT_SYMBOL(xfrm_tmpl_sort);
982 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
983 unsigned short family)
986 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
988 return -EAFNOSUPPORT;
990 spin_lock_bh(&xfrm_state_lock);
991 if (afinfo->state_sort)
992 err = afinfo->state_sort(dst, src, n);
993 spin_unlock_bh(&xfrm_state_lock);
994 xfrm_state_put_afinfo(afinfo);
997 EXPORT_SYMBOL(xfrm_state_sort);
1000 /* Silly enough, but I'm lazy to build resolution list */
1002 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1006 for (i = 0; i <= xfrm_state_hmask; i++) {
1007 struct hlist_node *entry;
1008 struct xfrm_state *x;
1010 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1011 if (x->km.seq == seq &&
1012 x->km.state == XFRM_STATE_ACQ) {
1021 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1023 struct xfrm_state *x;
1025 spin_lock_bh(&xfrm_state_lock);
1026 x = __xfrm_find_acq_byseq(seq);
1027 spin_unlock_bh(&xfrm_state_lock);
1030 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1032 u32 xfrm_get_acqseq(void)
1036 static DEFINE_SPINLOCK(acqseq_lock);
1038 spin_lock_bh(&acqseq_lock);
1039 res = (++acqseq ? : ++acqseq);
1040 spin_unlock_bh(&acqseq_lock);
1043 EXPORT_SYMBOL(xfrm_get_acqseq);
1046 xfrm_alloc_spi(struct xfrm_state *x, __be32 minspi, __be32 maxspi)
1049 struct xfrm_state *x0;
1054 if (minspi == maxspi) {
1055 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1063 u32 low = ntohl(minspi);
1064 u32 high = ntohl(maxspi);
1065 for (h=0; h<high-low+1; h++) {
1066 spi = low + net_random()%(high-low+1);
1067 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1069 x->id.spi = htonl(spi);
1076 spin_lock_bh(&xfrm_state_lock);
1077 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1078 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1079 spin_unlock_bh(&xfrm_state_lock);
1083 EXPORT_SYMBOL(xfrm_alloc_spi);
1085 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
1089 struct xfrm_state *x;
1090 struct hlist_node *entry;
1094 spin_lock_bh(&xfrm_state_lock);
1095 for (i = 0; i <= xfrm_state_hmask; i++) {
1096 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1097 if (xfrm_id_proto_match(x->id.proto, proto))
1106 for (i = 0; i <= xfrm_state_hmask; i++) {
1107 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1108 if (!xfrm_id_proto_match(x->id.proto, proto))
1110 err = func(x, --count, data);
1116 spin_unlock_bh(&xfrm_state_lock);
1119 EXPORT_SYMBOL(xfrm_state_walk);
1122 void xfrm_replay_notify(struct xfrm_state *x, int event)
1125 /* we send notify messages in case
1126 * 1. we updated on of the sequence numbers, and the seqno difference
1127 * is at least x->replay_maxdiff, in this case we also update the
1128 * timeout of our timer function
1129 * 2. if x->replay_maxage has elapsed since last update,
1130 * and there were changes
1132 * The state structure must be locked!
1136 case XFRM_REPLAY_UPDATE:
1137 if (x->replay_maxdiff &&
1138 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1139 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1140 if (x->xflags & XFRM_TIME_DEFER)
1141 event = XFRM_REPLAY_TIMEOUT;
1148 case XFRM_REPLAY_TIMEOUT:
1149 if ((x->replay.seq == x->preplay.seq) &&
1150 (x->replay.bitmap == x->preplay.bitmap) &&
1151 (x->replay.oseq == x->preplay.oseq)) {
1152 x->xflags |= XFRM_TIME_DEFER;
1159 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1160 c.event = XFRM_MSG_NEWAE;
1161 c.data.aevent = event;
1162 km_state_notify(x, &c);
1164 if (x->replay_maxage &&
1165 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1166 x->xflags &= ~XFRM_TIME_DEFER;
1168 EXPORT_SYMBOL(xfrm_replay_notify);
1170 static void xfrm_replay_timer_handler(unsigned long data)
1172 struct xfrm_state *x = (struct xfrm_state*)data;
1174 spin_lock(&x->lock);
1176 if (x->km.state == XFRM_STATE_VALID) {
1177 if (xfrm_aevent_is_on())
1178 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1180 x->xflags |= XFRM_TIME_DEFER;
1183 spin_unlock(&x->lock);
1186 int xfrm_replay_check(struct xfrm_state *x, __be32 net_seq)
1189 u32 seq = ntohl(net_seq);
1191 if (unlikely(seq == 0))
1194 if (likely(seq > x->replay.seq))
1197 diff = x->replay.seq - seq;
1198 if (diff >= x->props.replay_window) {
1199 x->stats.replay_window++;
1203 if (x->replay.bitmap & (1U << diff)) {
1209 EXPORT_SYMBOL(xfrm_replay_check);
1211 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1214 u32 seq = ntohl(net_seq);
1216 if (seq > x->replay.seq) {
1217 diff = seq - x->replay.seq;
1218 if (diff < x->props.replay_window)
1219 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1221 x->replay.bitmap = 1;
1222 x->replay.seq = seq;
1224 diff = x->replay.seq - seq;
1225 x->replay.bitmap |= (1U << diff);
1228 if (xfrm_aevent_is_on())
1229 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1231 EXPORT_SYMBOL(xfrm_replay_advance);
1233 static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
1234 static DEFINE_RWLOCK(xfrm_km_lock);
1236 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1238 struct xfrm_mgr *km;
1240 read_lock(&xfrm_km_lock);
1241 list_for_each_entry(km, &xfrm_km_list, list)
1242 if (km->notify_policy)
1243 km->notify_policy(xp, dir, c);
1244 read_unlock(&xfrm_km_lock);
1247 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1249 struct xfrm_mgr *km;
1250 read_lock(&xfrm_km_lock);
1251 list_for_each_entry(km, &xfrm_km_list, list)
1254 read_unlock(&xfrm_km_lock);
1257 EXPORT_SYMBOL(km_policy_notify);
1258 EXPORT_SYMBOL(km_state_notify);
1260 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1266 c.event = XFRM_MSG_EXPIRE;
1267 km_state_notify(x, &c);
1273 EXPORT_SYMBOL(km_state_expired);
1275 * We send to all registered managers regardless of failure
1276 * We are happy with one success
1278 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1280 int err = -EINVAL, acqret;
1281 struct xfrm_mgr *km;
1283 read_lock(&xfrm_km_lock);
1284 list_for_each_entry(km, &xfrm_km_list, list) {
1285 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1289 read_unlock(&xfrm_km_lock);
1292 EXPORT_SYMBOL(km_query);
1294 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport)
1297 struct xfrm_mgr *km;
1299 read_lock(&xfrm_km_lock);
1300 list_for_each_entry(km, &xfrm_km_list, list) {
1301 if (km->new_mapping)
1302 err = km->new_mapping(x, ipaddr, sport);
1306 read_unlock(&xfrm_km_lock);
1309 EXPORT_SYMBOL(km_new_mapping);
1311 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1317 c.event = XFRM_MSG_POLEXPIRE;
1318 km_policy_notify(pol, dir, &c);
1323 EXPORT_SYMBOL(km_policy_expired);
1325 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1329 struct xfrm_mgr *km;
1331 read_lock(&xfrm_km_lock);
1332 list_for_each_entry(km, &xfrm_km_list, list) {
1334 ret = km->report(proto, sel, addr);
1339 read_unlock(&xfrm_km_lock);
1342 EXPORT_SYMBOL(km_report);
1344 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1348 struct xfrm_mgr *km;
1349 struct xfrm_policy *pol = NULL;
1351 if (optlen <= 0 || optlen > PAGE_SIZE)
1354 data = kmalloc(optlen, GFP_KERNEL);
1359 if (copy_from_user(data, optval, optlen))
1363 read_lock(&xfrm_km_lock);
1364 list_for_each_entry(km, &xfrm_km_list, list) {
1365 pol = km->compile_policy(sk, optname, data,
1370 read_unlock(&xfrm_km_lock);
1373 xfrm_sk_policy_insert(sk, err, pol);
1382 EXPORT_SYMBOL(xfrm_user_policy);
1384 int xfrm_register_km(struct xfrm_mgr *km)
1386 write_lock_bh(&xfrm_km_lock);
1387 list_add_tail(&km->list, &xfrm_km_list);
1388 write_unlock_bh(&xfrm_km_lock);
1391 EXPORT_SYMBOL(xfrm_register_km);
1393 int xfrm_unregister_km(struct xfrm_mgr *km)
1395 write_lock_bh(&xfrm_km_lock);
1396 list_del(&km->list);
1397 write_unlock_bh(&xfrm_km_lock);
1400 EXPORT_SYMBOL(xfrm_unregister_km);
1402 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1405 if (unlikely(afinfo == NULL))
1407 if (unlikely(afinfo->family >= NPROTO))
1408 return -EAFNOSUPPORT;
1409 write_lock_bh(&xfrm_state_afinfo_lock);
1410 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1413 xfrm_state_afinfo[afinfo->family] = afinfo;
1414 write_unlock_bh(&xfrm_state_afinfo_lock);
1417 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1419 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1422 if (unlikely(afinfo == NULL))
1424 if (unlikely(afinfo->family >= NPROTO))
1425 return -EAFNOSUPPORT;
1426 write_lock_bh(&xfrm_state_afinfo_lock);
1427 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1428 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1431 xfrm_state_afinfo[afinfo->family] = NULL;
1433 write_unlock_bh(&xfrm_state_afinfo_lock);
1436 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1438 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
1440 struct xfrm_state_afinfo *afinfo;
1441 if (unlikely(family >= NPROTO))
1443 read_lock(&xfrm_state_afinfo_lock);
1444 afinfo = xfrm_state_afinfo[family];
1445 if (unlikely(!afinfo))
1446 read_unlock(&xfrm_state_afinfo_lock);
1450 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1452 read_unlock(&xfrm_state_afinfo_lock);
1455 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1456 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1459 struct xfrm_state *t = x->tunnel;
1461 if (atomic_read(&t->tunnel_users) == 2)
1462 xfrm_state_delete(t);
1463 atomic_dec(&t->tunnel_users);
1468 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1471 * This function is NOT optimal. For example, with ESP it will give an
1472 * MTU that's usually two bytes short of being optimal. However, it will
1473 * usually give an answer that's a multiple of 4 provided the input is
1474 * also a multiple of 4.
1476 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1480 res -= x->props.header_len;
1488 spin_lock_bh(&x->lock);
1489 if (x->km.state == XFRM_STATE_VALID &&
1490 x->type && x->type->get_max_size)
1491 m = x->type->get_max_size(x, m);
1493 m += x->props.header_len;
1494 spin_unlock_bh(&x->lock);
1504 int xfrm_init_state(struct xfrm_state *x)
1506 struct xfrm_state_afinfo *afinfo;
1507 int family = x->props.family;
1510 err = -EAFNOSUPPORT;
1511 afinfo = xfrm_state_get_afinfo(family);
1516 if (afinfo->init_flags)
1517 err = afinfo->init_flags(x);
1519 xfrm_state_put_afinfo(afinfo);
1524 err = -EPROTONOSUPPORT;
1525 x->type = xfrm_get_type(x->id.proto, family);
1526 if (x->type == NULL)
1529 err = x->type->init_state(x);
1533 x->mode = xfrm_get_mode(x->props.mode, family);
1534 if (x->mode == NULL)
1537 x->km.state = XFRM_STATE_VALID;
1543 EXPORT_SYMBOL(xfrm_init_state);
1545 void __init xfrm_state_init(void)
1549 sz = sizeof(struct hlist_head) * 8;
1551 xfrm_state_bydst = xfrm_hash_alloc(sz);
1552 xfrm_state_bysrc = xfrm_hash_alloc(sz);
1553 xfrm_state_byspi = xfrm_hash_alloc(sz);
1554 if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
1555 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
1556 xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1558 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task, NULL);