search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[PATCH] orinoco_nortel: Add Symbol LA-4123 ID
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / xfrm / xfrm_state.c
blob479effc97666e92092d7e735c6cd85b113462304
1 /*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
13 *
14 */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <asm/uaccess.h>
22
23 /* Each xfrm_state may be linked to two tables:
24
25 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
26 2. Hash table by daddr to find what SAs exist for given
27 destination/tunnel endpoint. (output)
28 */
29
30 static DEFINE_SPINLOCK(xfrm_state_lock);
31
32 /* Hash table to find appropriate SA towards given target (endpoint
33 * of tunnel or destination of transport mode) allowed by selector.
34 *
35 * Main use is finding SA after policy selected tunnel or transport mode.
36 * Also, it can be used by ah/esp icmp error handler to find offending SA.
37 */
38 static struct list_head xfrm_state_bydst[XFRM_DST_HSIZE];
39 static struct list_head xfrm_state_byspi[XFRM_DST_HSIZE];
40
41 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
42 EXPORT_SYMBOL(km_waitq);
43
44 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
45 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
46
47 static struct work_struct xfrm_state_gc_work;
48 static struct list_head xfrm_state_gc_list = LIST_HEAD_INIT(xfrm_state_gc_list);
49 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
50
51 static int xfrm_state_gc_flush_bundles;
52
53 static int __xfrm_state_delete(struct xfrm_state *x);
54
55 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family);
56 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
57
58 static int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
59 static void km_state_expired(struct xfrm_state *x, int hard);
60
61 static void xfrm_state_gc_destroy(struct xfrm_state *x)
62 {
63 if (del_timer(&x->timer))
64 BUG();
65 kfree(x->aalg);
66 kfree(x->ealg);
67 kfree(x->calg);
68 kfree(x->encap);
69 if (x->type) {
70 x->type->destructor(x);
71 xfrm_put_type(x->type);
72 }
73 kfree(x);
74 }
75
76 static void xfrm_state_gc_task(void *data)
77 {
78 struct xfrm_state *x;
79 struct list_head *entry, *tmp;
80 struct list_head gc_list = LIST_HEAD_INIT(gc_list);
81
82 if (xfrm_state_gc_flush_bundles) {
83 xfrm_state_gc_flush_bundles = 0;
84 xfrm_flush_bundles();
85 }
86
87 spin_lock_bh(&xfrm_state_gc_lock);
88 list_splice_init(&xfrm_state_gc_list, &gc_list);
89 spin_unlock_bh(&xfrm_state_gc_lock);
90
91 list_for_each_safe(entry, tmp, &gc_list) {
92 x = list_entry(entry, struct xfrm_state, bydst);
93 xfrm_state_gc_destroy(x);
94 }
95 wake_up(&km_waitq);
96 }
97
98 static inline unsigned long make_jiffies(long secs)
99 {
100 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
101 return MAX_SCHEDULE_TIMEOUT-1;
102 else
103 return secs*HZ;
104 }
105
106 static void xfrm_timer_handler(unsigned long data)
107 {
108 struct xfrm_state *x = (struct xfrm_state*)data;
109 unsigned long now = (unsigned long)xtime.tv_sec;
110 long next = LONG_MAX;
111 int warn = 0;
112
113 spin_lock(&x->lock);
114 if (x->km.state == XFRM_STATE_DEAD)
115 goto out;
116 if (x->km.state == XFRM_STATE_EXPIRED)
117 goto expired;
118 if (x->lft.hard_add_expires_seconds) {
119 long tmo = x->lft.hard_add_expires_seconds +
120 x->curlft.add_time - now;
121 if (tmo <= 0)
122 goto expired;
123 if (tmo < next)
124 next = tmo;
125 }
126 if (x->lft.hard_use_expires_seconds) {
127 long tmo = x->lft.hard_use_expires_seconds +
128 (x->curlft.use_time ? : now) - now;
129 if (tmo <= 0)
130 goto expired;
131 if (tmo < next)
132 next = tmo;
133 }
134 if (x->km.dying)
135 goto resched;
136 if (x->lft.soft_add_expires_seconds) {
137 long tmo = x->lft.soft_add_expires_seconds +
138 x->curlft.add_time - now;
139 if (tmo <= 0)
140 warn = 1;
141 else if (tmo < next)
142 next = tmo;
143 }
144 if (x->lft.soft_use_expires_seconds) {
145 long tmo = x->lft.soft_use_expires_seconds +
146 (x->curlft.use_time ? : now) - now;
147 if (tmo <= 0)
148 warn = 1;
149 else if (tmo < next)
150 next = tmo;
151 }
152
153 x->km.dying = warn;
154 if (warn)
155 km_state_expired(x, 0);
156 resched:
157 if (next != LONG_MAX &&
158 !mod_timer(&x->timer, jiffies + make_jiffies(next)))
159 xfrm_state_hold(x);
160 goto out;
161
162 expired:
163 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
164 x->km.state = XFRM_STATE_EXPIRED;
165 wake_up(&km_waitq);
166 next = 2;
167 goto resched;
168 }
169 if (!__xfrm_state_delete(x) && x->id.spi)
170 km_state_expired(x, 1);
171
172 out:
173 spin_unlock(&x->lock);
174 xfrm_state_put(x);
175 }
176
177 struct xfrm_state *xfrm_state_alloc(void)
178 {
179 struct xfrm_state *x;
180
181 x = kmalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
182
183 if (x) {
184 memset(x, 0, sizeof(struct xfrm_state));
185 atomic_set(&x->refcnt, 1);
186 atomic_set(&x->tunnel_users, 0);
187 INIT_LIST_HEAD(&x->bydst);
188 INIT_LIST_HEAD(&x->byspi);
189 init_timer(&x->timer);
190 x->timer.function = xfrm_timer_handler;
191 x->timer.data = (unsigned long)x;
192 x->curlft.add_time = (unsigned long)xtime.tv_sec;
193 x->lft.soft_byte_limit = XFRM_INF;
194 x->lft.soft_packet_limit = XFRM_INF;
195 x->lft.hard_byte_limit = XFRM_INF;
196 x->lft.hard_packet_limit = XFRM_INF;
197 spin_lock_init(&x->lock);
198 }
199 return x;
200 }
201 EXPORT_SYMBOL(xfrm_state_alloc);
202
203 void __xfrm_state_destroy(struct xfrm_state *x)
204 {
205 BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
206
207 spin_lock_bh(&xfrm_state_gc_lock);
208 list_add(&x->bydst, &xfrm_state_gc_list);
209 spin_unlock_bh(&xfrm_state_gc_lock);
210 schedule_work(&xfrm_state_gc_work);
211 }
212 EXPORT_SYMBOL(__xfrm_state_destroy);
213
214 static int __xfrm_state_delete(struct xfrm_state *x)
215 {
216 int err = -ESRCH;
217
218 if (x->km.state != XFRM_STATE_DEAD) {
219 x->km.state = XFRM_STATE_DEAD;
220 spin_lock(&xfrm_state_lock);
221 list_del(&x->bydst);
222 atomic_dec(&x->refcnt);
223 if (x->id.spi) {
224 list_del(&x->byspi);
225 atomic_dec(&x->refcnt);
226 }
227 spin_unlock(&xfrm_state_lock);
228 if (del_timer(&x->timer))
229 atomic_dec(&x->refcnt);
230
231 /* The number two in this test is the reference
232 * mentioned in the comment below plus the reference
233 * our caller holds. A larger value means that
234 * there are DSTs attached to this xfrm_state.
235 */
236 if (atomic_read(&x->refcnt) > 2) {
237 xfrm_state_gc_flush_bundles = 1;
238 schedule_work(&xfrm_state_gc_work);
239 }
240
241 /* All xfrm_state objects are created by xfrm_state_alloc.
242 * The xfrm_state_alloc call gives a reference, and that
243 * is what we are dropping here.
244 */
245 atomic_dec(&x->refcnt);
246 err = 0;
247 }
248
249 return err;
250 }
251
252 int xfrm_state_delete(struct xfrm_state *x)
253 {
254 int err;
255
256 spin_lock_bh(&x->lock);
257 err = __xfrm_state_delete(x);
258 spin_unlock_bh(&x->lock);
259
260 return err;
261 }
262 EXPORT_SYMBOL(xfrm_state_delete);
263
264 void xfrm_state_flush(u8 proto)
265 {
266 int i;
267 struct xfrm_state *x;
268
269 spin_lock_bh(&xfrm_state_lock);
270 for (i = 0; i < XFRM_DST_HSIZE; i++) {
271 restart:
272 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
273 if (!xfrm_state_kern(x) &&
274 (proto == IPSEC_PROTO_ANY || x->id.proto == proto)) {
275 xfrm_state_hold(x);
276 spin_unlock_bh(&xfrm_state_lock);
277
278 xfrm_state_delete(x);
279 xfrm_state_put(x);
280
281 spin_lock_bh(&xfrm_state_lock);
282 goto restart;
283 }
284 }
285 }
286 spin_unlock_bh(&xfrm_state_lock);
287 wake_up(&km_waitq);
288 }
289 EXPORT_SYMBOL(xfrm_state_flush);
290
291 static int
292 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
293 struct xfrm_tmpl *tmpl,
294 xfrm_address_t *daddr, xfrm_address_t *saddr,
295 unsigned short family)
296 {
297 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
298 if (!afinfo)
299 return -1;
300 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
301 xfrm_state_put_afinfo(afinfo);
302 return 0;
303 }
304
305 struct xfrm_state *
306 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
307 struct flowi *fl, struct xfrm_tmpl *tmpl,
308 struct xfrm_policy *pol, int *err,
309 unsigned short family)
310 {
311 unsigned h = xfrm_dst_hash(daddr, family);
312 struct xfrm_state *x, *x0;
313 int acquire_in_progress = 0;
314 int error = 0;
315 struct xfrm_state *best = NULL;
316 struct xfrm_state_afinfo *afinfo;
317
318 afinfo = xfrm_state_get_afinfo(family);
319 if (afinfo == NULL) {
320 *err = -EAFNOSUPPORT;
321 return NULL;
322 }
323
324 spin_lock_bh(&xfrm_state_lock);
325 list_for_each_entry(x, xfrm_state_bydst+h, bydst) {
326 if (x->props.family == family &&
327 x->props.reqid == tmpl->reqid &&
328 xfrm_state_addr_check(x, daddr, saddr, family) &&
329 tmpl->mode == x->props.mode &&
330 tmpl->id.proto == x->id.proto &&
331 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
332 /* Resolution logic:
333 1. There is a valid state with matching selector.
334 Done.
335 2. Valid state with inappropriate selector. Skip.
336
337 Entering area of "sysdeps".
338
339 3. If state is not valid, selector is temporary,
340 it selects only session which triggered
341 previous resolution. Key manager will do
342 something to install a state with proper
343 selector.
344 */
345 if (x->km.state == XFRM_STATE_VALID) {
346 if (!xfrm_selector_match(&x->sel, fl, family))
347 continue;
348 if (!best ||
349 best->km.dying > x->km.dying ||
350 (best->km.dying == x->km.dying &&
351 best->curlft.add_time < x->curlft.add_time))
352 best = x;
353 } else if (x->km.state == XFRM_STATE_ACQ) {
354 acquire_in_progress = 1;
355 } else if (x->km.state == XFRM_STATE_ERROR ||
356 x->km.state == XFRM_STATE_EXPIRED) {
357 if (xfrm_selector_match(&x->sel, fl, family))
358 error = -ESRCH;
359 }
360 }
361 }
362
363 x = best;
364 if (!x && !error && !acquire_in_progress) {
365 if (tmpl->id.spi &&
366 (x0 = afinfo->state_lookup(daddr, tmpl->id.spi,
367 tmpl->id.proto)) != NULL) {
368 xfrm_state_put(x0);
369 error = -EEXIST;
370 goto out;
371 }
372 x = xfrm_state_alloc();
373 if (x == NULL) {
374 error = -ENOMEM;
375 goto out;
376 }
377 /* Initialize temporary selector matching only
378 * to current session. */
379 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
380
381 if (km_query(x, tmpl, pol) == 0) {
382 x->km.state = XFRM_STATE_ACQ;
383 list_add_tail(&x->bydst, xfrm_state_bydst+h);
384 xfrm_state_hold(x);
385 if (x->id.spi) {
386 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
387 list_add(&x->byspi, xfrm_state_byspi+h);
388 xfrm_state_hold(x);
389 }
390 x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
391 xfrm_state_hold(x);
392 x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
393 add_timer(&x->timer);
394 } else {
395 x->km.state = XFRM_STATE_DEAD;
396 xfrm_state_put(x);
397 x = NULL;
398 error = -ESRCH;
399 }
400 }
401 out:
402 if (x)
403 xfrm_state_hold(x);
404 else
405 *err = acquire_in_progress ? -EAGAIN : error;
406 spin_unlock_bh(&xfrm_state_lock);
407 xfrm_state_put_afinfo(afinfo);
408 return x;
409 }
410
411 static void __xfrm_state_insert(struct xfrm_state *x)
412 {
413 unsigned h = xfrm_dst_hash(&x->id.daddr, x->props.family);
414
415 list_add(&x->bydst, xfrm_state_bydst+h);
416 xfrm_state_hold(x);
417
418 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
419
420 list_add(&x->byspi, xfrm_state_byspi+h);
421 xfrm_state_hold(x);
422
423 if (!mod_timer(&x->timer, jiffies + HZ))
424 xfrm_state_hold(x);
425
426 wake_up(&km_waitq);
427 }
428
429 void xfrm_state_insert(struct xfrm_state *x)
430 {
431 spin_lock_bh(&xfrm_state_lock);
432 __xfrm_state_insert(x);
433 spin_unlock_bh(&xfrm_state_lock);
434
435 xfrm_flush_all_bundles();
436 }
437 EXPORT_SYMBOL(xfrm_state_insert);
438
439 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
440
441 int xfrm_state_add(struct xfrm_state *x)
442 {
443 struct xfrm_state_afinfo *afinfo;
444 struct xfrm_state *x1;
445 int family;
446 int err;
447
448 family = x->props.family;
449 afinfo = xfrm_state_get_afinfo(family);
450 if (unlikely(afinfo == NULL))
451 return -EAFNOSUPPORT;
452
453 spin_lock_bh(&xfrm_state_lock);
454
455 x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
456 if (x1) {
457 xfrm_state_put(x1);
458 x1 = NULL;
459 err = -EEXIST;
460 goto out;
461 }
462
463 if (x->km.seq) {
464 x1 = __xfrm_find_acq_byseq(x->km.seq);
465 if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
466 xfrm_state_put(x1);
467 x1 = NULL;
468 }
469 }
470
471 if (!x1)
472 x1 = afinfo->find_acq(
473 x->props.mode, x->props.reqid, x->id.proto,
474 &x->id.daddr, &x->props.saddr, 0);
475
476 __xfrm_state_insert(x);
477 err = 0;
478
479 out:
480 spin_unlock_bh(&xfrm_state_lock);
481 xfrm_state_put_afinfo(afinfo);
482
483 if (!err)
484 xfrm_flush_all_bundles();
485
486 if (x1) {
487 xfrm_state_delete(x1);
488 xfrm_state_put(x1);
489 }
490
491 return err;
492 }
493 EXPORT_SYMBOL(xfrm_state_add);
494
495 int xfrm_state_update(struct xfrm_state *x)
496 {
497 struct xfrm_state_afinfo *afinfo;
498 struct xfrm_state *x1;
499 int err;
500
501 afinfo = xfrm_state_get_afinfo(x->props.family);
502 if (unlikely(afinfo == NULL))
503 return -EAFNOSUPPORT;
504
505 spin_lock_bh(&xfrm_state_lock);
506 x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
507
508 err = -ESRCH;
509 if (!x1)
510 goto out;
511
512 if (xfrm_state_kern(x1)) {
513 xfrm_state_put(x1);
514 err = -EEXIST;
515 goto out;
516 }
517
518 if (x1->km.state == XFRM_STATE_ACQ) {
519 __xfrm_state_insert(x);
520 x = NULL;
521 }
522 err = 0;
523
524 out:
525 spin_unlock_bh(&xfrm_state_lock);
526 xfrm_state_put_afinfo(afinfo);
527
528 if (err)
529 return err;
530
531 if (!x) {
532 xfrm_state_delete(x1);
533 xfrm_state_put(x1);
534 return 0;
535 }
536
537 err = -EINVAL;
538 spin_lock_bh(&x1->lock);
539 if (likely(x1->km.state == XFRM_STATE_VALID)) {
540 if (x->encap && x1->encap)
541 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
542 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
543 x1->km.dying = 0;
544
545 if (!mod_timer(&x1->timer, jiffies + HZ))
546 xfrm_state_hold(x1);
547 if (x1->curlft.use_time)
548 xfrm_state_check_expire(x1);
549
550 err = 0;
551 }
552 spin_unlock_bh(&x1->lock);
553
554 xfrm_state_put(x1);
555
556 return err;
557 }
558 EXPORT_SYMBOL(xfrm_state_update);
559
560 int xfrm_state_check_expire(struct xfrm_state *x)
561 {
562 if (!x->curlft.use_time)
563 x->curlft.use_time = (unsigned long)xtime.tv_sec;
564
565 if (x->km.state != XFRM_STATE_VALID)
566 return -EINVAL;
567
568 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
569 x->curlft.packets >= x->lft.hard_packet_limit) {
570 x->km.state = XFRM_STATE_EXPIRED;
571 if (!mod_timer(&x->timer, jiffies))
572 xfrm_state_hold(x);
573 return -EINVAL;
574 }
575
576 if (!x->km.dying &&
577 (x->curlft.bytes >= x->lft.soft_byte_limit ||
578 x->curlft.packets >= x->lft.soft_packet_limit)) {
579 x->km.dying = 1;
580 km_state_expired(x, 0);
581 }
582 return 0;
583 }
584 EXPORT_SYMBOL(xfrm_state_check_expire);
585
586 static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
587 {
588 int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev)
589 - skb_headroom(skb);
590
591 if (nhead > 0)
592 return pskb_expand_head(skb, nhead, 0, GFP_ATOMIC);
593
594 /* Check tail too... */
595 return 0;
596 }
597
598 int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
599 {
600 int err = xfrm_state_check_expire(x);
601 if (err < 0)
602 goto err;
603 err = xfrm_state_check_space(x, skb);
604 err:
605 return err;
606 }
607 EXPORT_SYMBOL(xfrm_state_check);
608
609 struct xfrm_state *
610 xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto,
611 unsigned short family)
612 {
613 struct xfrm_state *x;
614 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
615 if (!afinfo)
616 return NULL;
617
618 spin_lock_bh(&xfrm_state_lock);
619 x = afinfo->state_lookup(daddr, spi, proto);
620 spin_unlock_bh(&xfrm_state_lock);
621 xfrm_state_put_afinfo(afinfo);
622 return x;
623 }
624 EXPORT_SYMBOL(xfrm_state_lookup);
625
626 struct xfrm_state *
627 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
628 xfrm_address_t *daddr, xfrm_address_t *saddr,
629 int create, unsigned short family)
630 {
631 struct xfrm_state *x;
632 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
633 if (!afinfo)
634 return NULL;
635
636 spin_lock_bh(&xfrm_state_lock);
637 x = afinfo->find_acq(mode, reqid, proto, daddr, saddr, create);
638 spin_unlock_bh(&xfrm_state_lock);
639 xfrm_state_put_afinfo(afinfo);
640 return x;
641 }
642 EXPORT_SYMBOL(xfrm_find_acq);
643
644 /* Silly enough, but I'm lazy to build resolution list */
645
646 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
647 {
648 int i;
649 struct xfrm_state *x;
650
651 for (i = 0; i < XFRM_DST_HSIZE; i++) {
652 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
653 if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
654 xfrm_state_hold(x);
655 return x;
656 }
657 }
658 }
659 return NULL;
660 }
661
662 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
663 {
664 struct xfrm_state *x;
665
666 spin_lock_bh(&xfrm_state_lock);
667 x = __xfrm_find_acq_byseq(seq);
668 spin_unlock_bh(&xfrm_state_lock);
669 return x;
670 }
671 EXPORT_SYMBOL(xfrm_find_acq_byseq);
672
673 u32 xfrm_get_acqseq(void)
674 {
675 u32 res;
676 static u32 acqseq;
677 static DEFINE_SPINLOCK(acqseq_lock);
678
679 spin_lock_bh(&acqseq_lock);
680 res = (++acqseq ? : ++acqseq);
681 spin_unlock_bh(&acqseq_lock);
682 return res;
683 }
684 EXPORT_SYMBOL(xfrm_get_acqseq);
685
686 void
687 xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi)
688 {
689 u32 h;
690 struct xfrm_state *x0;
691
692 if (x->id.spi)
693 return;
694
695 if (minspi == maxspi) {
696 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
697 if (x0) {
698 xfrm_state_put(x0);
699 return;
700 }
701 x->id.spi = minspi;
702 } else {
703 u32 spi = 0;
704 minspi = ntohl(minspi);
705 maxspi = ntohl(maxspi);
706 for (h=0; h<maxspi-minspi+1; h++) {
707 spi = minspi + net_random()%(maxspi-minspi+1);
708 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
709 if (x0 == NULL) {
710 x->id.spi = htonl(spi);
711 break;
712 }
713 xfrm_state_put(x0);
714 }
715 }
716 if (x->id.spi) {
717 spin_lock_bh(&xfrm_state_lock);
718 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
719 list_add(&x->byspi, xfrm_state_byspi+h);
720 xfrm_state_hold(x);
721 spin_unlock_bh(&xfrm_state_lock);
722 wake_up(&km_waitq);
723 }
724 }
725 EXPORT_SYMBOL(xfrm_alloc_spi);
726
727 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
728 void *data)
729 {
730 int i;
731 struct xfrm_state *x;
732 int count = 0;
733 int err = 0;
734
735 spin_lock_bh(&xfrm_state_lock);
736 for (i = 0; i < XFRM_DST_HSIZE; i++) {
737 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
738 if (proto == IPSEC_PROTO_ANY || x->id.proto == proto)
739 count++;
740 }
741 }
742 if (count == 0) {
743 err = -ENOENT;
744 goto out;
745 }
746
747 for (i = 0; i < XFRM_DST_HSIZE; i++) {
748 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
749 if (proto != IPSEC_PROTO_ANY && x->id.proto != proto)
750 continue;
751 err = func(x, --count, data);
752 if (err)
753 goto out;
754 }
755 }
756 out:
757 spin_unlock_bh(&xfrm_state_lock);
758 return err;
759 }
760 EXPORT_SYMBOL(xfrm_state_walk);
761
762 int xfrm_replay_check(struct xfrm_state *x, u32 seq)
763 {
764 u32 diff;
765
766 seq = ntohl(seq);
767
768 if (unlikely(seq == 0))
769 return -EINVAL;
770
771 if (likely(seq > x->replay.seq))
772 return 0;
773
774 diff = x->replay.seq - seq;
775 if (diff >= x->props.replay_window) {
776 x->stats.replay_window++;
777 return -EINVAL;
778 }
779
780 if (x->replay.bitmap & (1U << diff)) {
781 x->stats.replay++;
782 return -EINVAL;
783 }
784 return 0;
785 }
786 EXPORT_SYMBOL(xfrm_replay_check);
787
788 void xfrm_replay_advance(struct xfrm_state *x, u32 seq)
789 {
790 u32 diff;
791
792 seq = ntohl(seq);
793
794 if (seq > x->replay.seq) {
795 diff = seq - x->replay.seq;
796 if (diff < x->props.replay_window)
797 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
798 else
799 x->replay.bitmap = 1;
800 x->replay.seq = seq;
801 } else {
802 diff = x->replay.seq - seq;
803 x->replay.bitmap |= (1U << diff);
804 }
805 }
806 EXPORT_SYMBOL(xfrm_replay_advance);
807
808 static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
809 static DEFINE_RWLOCK(xfrm_km_lock);
810
811 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
812 {
813 struct xfrm_mgr *km;
814
815 read_lock(&xfrm_km_lock);
816 list_for_each_entry(km, &xfrm_km_list, list)
817 if (km->notify_policy)
818 km->notify_policy(xp, dir, c);
819 read_unlock(&xfrm_km_lock);
820 }
821
822 void km_state_notify(struct xfrm_state *x, struct km_event *c)
823 {
824 struct xfrm_mgr *km;
825 read_lock(&xfrm_km_lock);
826 list_for_each_entry(km, &xfrm_km_list, list)
827 if (km->notify)
828 km->notify(x, c);
829 read_unlock(&xfrm_km_lock);
830 }
831
832 EXPORT_SYMBOL(km_policy_notify);
833 EXPORT_SYMBOL(km_state_notify);
834
835 static void km_state_expired(struct xfrm_state *x, int hard)
836 {
837 struct km_event c;
838
839 c.data.hard = hard;
840 c.event = XFRM_MSG_EXPIRE;
841 km_state_notify(x, &c);
842
843 if (hard)
844 wake_up(&km_waitq);
845 }
846
847 /*
848 * We send to all registered managers regardless of failure
849 * We are happy with one success
850 */
851 static int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
852 {
853 int err = -EINVAL, acqret;
854 struct xfrm_mgr *km;
855
856 read_lock(&xfrm_km_lock);
857 list_for_each_entry(km, &xfrm_km_list, list) {
858 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
859 if (!acqret)
860 err = acqret;
861 }
862 read_unlock(&xfrm_km_lock);
863 return err;
864 }
865
866 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport)
867 {
868 int err = -EINVAL;
869 struct xfrm_mgr *km;
870
871 read_lock(&xfrm_km_lock);
872 list_for_each_entry(km, &xfrm_km_list, list) {
873 if (km->new_mapping)
874 err = km->new_mapping(x, ipaddr, sport);
875 if (!err)
876 break;
877 }
878 read_unlock(&xfrm_km_lock);
879 return err;
880 }
881 EXPORT_SYMBOL(km_new_mapping);
882
883 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard)
884 {
885 struct km_event c;
886
887 c.data.hard = hard;
888 c.event = XFRM_MSG_POLEXPIRE;
889 km_policy_notify(pol, dir, &c);
890
891 if (hard)
892 wake_up(&km_waitq);
893 }
894
895 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
896 {
897 int err;
898 u8 *data;
899 struct xfrm_mgr *km;
900 struct xfrm_policy *pol = NULL;
901
902 if (optlen <= 0 || optlen > PAGE_SIZE)
903 return -EMSGSIZE;
904
905 data = kmalloc(optlen, GFP_KERNEL);
906 if (!data)
907 return -ENOMEM;
908
909 err = -EFAULT;
910 if (copy_from_user(data, optval, optlen))
911 goto out;
912
913 err = -EINVAL;
914 read_lock(&xfrm_km_lock);
915 list_for_each_entry(km, &xfrm_km_list, list) {
916 pol = km->compile_policy(sk->sk_family, optname, data,
917 optlen, &err);
918 if (err >= 0)
919 break;
920 }
921 read_unlock(&xfrm_km_lock);
922
923 if (err >= 0) {
924 xfrm_sk_policy_insert(sk, err, pol);
925 xfrm_pol_put(pol);
926 err = 0;
927 }
928
929 out:
930 kfree(data);
931 return err;
932 }
933 EXPORT_SYMBOL(xfrm_user_policy);
934
935 int xfrm_register_km(struct xfrm_mgr *km)
936 {
937 write_lock_bh(&xfrm_km_lock);
938 list_add_tail(&km->list, &xfrm_km_list);
939 write_unlock_bh(&xfrm_km_lock);
940 return 0;
941 }
942 EXPORT_SYMBOL(xfrm_register_km);
943
944 int xfrm_unregister_km(struct xfrm_mgr *km)
945 {
946 write_lock_bh(&xfrm_km_lock);
947 list_del(&km->list);
948 write_unlock_bh(&xfrm_km_lock);
949 return 0;
950 }
951 EXPORT_SYMBOL(xfrm_unregister_km);
952
953 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
954 {
955 int err = 0;
956 if (unlikely(afinfo == NULL))
957 return -EINVAL;
958 if (unlikely(afinfo->family >= NPROTO))
959 return -EAFNOSUPPORT;
960 write_lock(&xfrm_state_afinfo_lock);
961 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
962 err = -ENOBUFS;
963 else {
964 afinfo->state_bydst = xfrm_state_bydst;
965 afinfo->state_byspi = xfrm_state_byspi;
966 xfrm_state_afinfo[afinfo->family] = afinfo;
967 }
968 write_unlock(&xfrm_state_afinfo_lock);
969 return err;
970 }
971 EXPORT_SYMBOL(xfrm_state_register_afinfo);
972
973 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
974 {
975 int err = 0;
976 if (unlikely(afinfo == NULL))
977 return -EINVAL;
978 if (unlikely(afinfo->family >= NPROTO))
979 return -EAFNOSUPPORT;
980 write_lock(&xfrm_state_afinfo_lock);
981 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
982 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
983 err = -EINVAL;
984 else {
985 xfrm_state_afinfo[afinfo->family] = NULL;
986 afinfo->state_byspi = NULL;
987 afinfo->state_bydst = NULL;
988 }
989 }
990 write_unlock(&xfrm_state_afinfo_lock);
991 return err;
992 }
993 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
994
995 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
996 {
997 struct xfrm_state_afinfo *afinfo;
998 if (unlikely(family >= NPROTO))
999 return NULL;
1000 read_lock(&xfrm_state_afinfo_lock);
1001 afinfo = xfrm_state_afinfo[family];
1002 if (likely(afinfo != NULL))
1003 read_lock(&afinfo->lock);
1004 read_unlock(&xfrm_state_afinfo_lock);
1005 return afinfo;
1006 }
1007
1008 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1009 {
1010 if (unlikely(afinfo == NULL))
1011 return;
1012 read_unlock(&afinfo->lock);
1013 }
1014
1015 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1016 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1017 {
1018 if (x->tunnel) {
1019 struct xfrm_state *t = x->tunnel;
1020
1021 if (atomic_read(&t->tunnel_users) == 2)
1022 xfrm_state_delete(t);
1023 atomic_dec(&t->tunnel_users);
1024 xfrm_state_put(t);
1025 x->tunnel = NULL;
1026 }
1027 }
1028 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1029
1030 /*
1031 * This function is NOT optimal. For example, with ESP it will give an
1032 * MTU that's usually two bytes short of being optimal. However, it will
1033 * usually give an answer that's a multiple of 4 provided the input is
1034 * also a multiple of 4.
1035 */
1036 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1037 {
1038 int res = mtu;
1039
1040 res -= x->props.header_len;
1041
1042 for (;;) {
1043 int m = res;
1044
1045 if (m < 68)
1046 return 68;
1047
1048 spin_lock_bh(&x->lock);
1049 if (x->km.state == XFRM_STATE_VALID &&
1050 x->type && x->type->get_max_size)
1051 m = x->type->get_max_size(x, m);
1052 else
1053 m += x->props.header_len;
1054 spin_unlock_bh(&x->lock);
1055
1056 if (m <= mtu)
1057 break;
1058 res -= (m - mtu);
1059 }
1060
1061 return res;
1062 }
1063
1064 EXPORT_SYMBOL(xfrm_state_mtu);
1065
1066 int xfrm_init_state(struct xfrm_state *x)
1067 {
1068 struct xfrm_state_afinfo *afinfo;
1069 int family = x->props.family;
1070 int err;
1071
1072 err = -EAFNOSUPPORT;
1073 afinfo = xfrm_state_get_afinfo(family);
1074 if (!afinfo)
1075 goto error;
1076
1077 err = 0;
1078 if (afinfo->init_flags)
1079 err = afinfo->init_flags(x);
1080
1081 xfrm_state_put_afinfo(afinfo);
1082
1083 if (err)
1084 goto error;
1085
1086 err = -EPROTONOSUPPORT;
1087 x->type = xfrm_get_type(x->id.proto, family);
1088 if (x->type == NULL)
1089 goto error;
1090
1091 err = x->type->init_state(x);
1092 if (err)
1093 goto error;
1094
1095 x->km.state = XFRM_STATE_VALID;
1096
1097 error:
1098 return err;
1099 }
1100
1101 EXPORT_SYMBOL(xfrm_init_state);
1102
1103 void __init xfrm_state_init(void)
1104 {
1105 int i;
1106
1107 for (i=0; i<XFRM_DST_HSIZE; i++) {
1108 INIT_LIST_HEAD(&xfrm_state_bydst[i]);
1109 INIT_LIST_HEAD(&xfrm_state_byspi[i]);
1110 }
1111 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task, NULL);
1112 }
1113
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree