1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17#include <linux/capability.h>
18#include <linux/module.h>
19#include <linux/kernel.h>
20#include <linux/socket.h>
21#include <linux/pfkeyv2.h>
22#include <linux/ipsec.h>
23#include <linux/skbuff.h>
24#include <linux/rtnetlink.h>
25#include <linux/in.h>
26#include <linux/in6.h>
27#include <linux/proc_fs.h>
28#include <linux/init.h>
29#include <net/xfrm.h>
30
31#include <net/sock.h>
32
33#define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x))
34#define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x))
35
36
37
38static HLIST_HEAD(pfkey_table);
39static DECLARE_WAIT_QUEUE_HEAD(pfkey_table_wait);
40static DEFINE_RWLOCK(pfkey_table_lock);
41static atomic_t pfkey_table_users = ATOMIC_INIT(0);
42
43static atomic_t pfkey_socks_nr = ATOMIC_INIT(0);
44
45struct pfkey_sock {
46
47 struct sock sk;
48 int registered;
49 int promisc;
50};
51
52static inline struct pfkey_sock *pfkey_sk(struct sock *sk)
53{
54 return (struct pfkey_sock *)sk;
55}
56
57static void pfkey_sock_destruct(struct sock *sk)
58{
59 skb_queue_purge(&sk->sk_receive_queue);
60
61 if (!sock_flag(sk, SOCK_DEAD)) {
62 printk("Attempt to release alive pfkey socket: %p\n", sk);
63 return;
64 }
65
66 BUG_TRAP(!atomic_read(&sk->sk_rmem_alloc));
67 BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc));
68
69 atomic_dec(&pfkey_socks_nr);
70}
71
72static void pfkey_table_grab(void)
73{
74 write_lock_bh(&pfkey_table_lock);
75
76 if (atomic_read(&pfkey_table_users)) {
77 DECLARE_WAITQUEUE(wait, current);
78
79 add_wait_queue_exclusive(&pfkey_table_wait, &wait);
80 for(;;) {
81 set_current_state(TASK_UNINTERRUPTIBLE);
82 if (atomic_read(&pfkey_table_users) == 0)
83 break;
84 write_unlock_bh(&pfkey_table_lock);
85 schedule();
86 write_lock_bh(&pfkey_table_lock);
87 }
88
89 __set_current_state(TASK_RUNNING);
90 remove_wait_queue(&pfkey_table_wait, &wait);
91 }
92}
93
94static __inline__ void pfkey_table_ungrab(void)
95{
96 write_unlock_bh(&pfkey_table_lock);
97 wake_up(&pfkey_table_wait);
98}
99
100static __inline__ void pfkey_lock_table(void)
101{
102
103
104 read_lock(&pfkey_table_lock);
105 atomic_inc(&pfkey_table_users);
106 read_unlock(&pfkey_table_lock);
107}
108
109static __inline__ void pfkey_unlock_table(void)
110{
111 if (atomic_dec_and_test(&pfkey_table_users))
112 wake_up(&pfkey_table_wait);
113}
114
115
116static const struct proto_ops pfkey_ops;
117
118static void pfkey_insert(struct sock *sk)
119{
120 pfkey_table_grab();
121 sk_add_node(sk, &pfkey_table);
122 pfkey_table_ungrab();
123}
124
125static void pfkey_remove(struct sock *sk)
126{
127 pfkey_table_grab();
128 sk_del_node_init(sk);
129 pfkey_table_ungrab();
130}
131
132static struct proto key_proto = {
133 .name = "KEY",
134 .owner = THIS_MODULE,
135 .obj_size = sizeof(struct pfkey_sock),
136};
137
138static int pfkey_create(struct socket *sock, int protocol)
139{
140 struct sock *sk;
141 int err;
142
143 if (!capable(CAP_NET_ADMIN))
144 return -EPERM;
145 if (sock->type != SOCK_RAW)
146 return -ESOCKTNOSUPPORT;
147 if (protocol != PF_KEY_V2)
148 return -EPROTONOSUPPORT;
149
150 err = -ENOMEM;
151 sk = sk_alloc(PF_KEY, GFP_KERNEL, &key_proto, 1);
152 if (sk == NULL)
153 goto out;
154
155 sock->ops = &pfkey_ops;
156 sock_init_data(sock, sk);
157
158 sk->sk_family = PF_KEY;
159 sk->sk_destruct = pfkey_sock_destruct;
160
161 atomic_inc(&pfkey_socks_nr);
162
163 pfkey_insert(sk);
164
165 return 0;
166out:
167 return err;
168}
169
170static int pfkey_release(struct socket *sock)
171{
172 struct sock *sk = sock->sk;
173
174 if (!sk)
175 return 0;
176
177 pfkey_remove(sk);
178
179 sock_orphan(sk);
180 sock->sk = NULL;
181 skb_queue_purge(&sk->sk_write_queue);
182 sock_put(sk);
183
184 return 0;
185}
186
187static int pfkey_broadcast_one(struct sk_buff *skb, struct sk_buff **skb2,
188 gfp_t allocation, struct sock *sk)
189{
190 int err = -ENOBUFS;
191
192 sock_hold(sk);
193 if (*skb2 == NULL) {
194 if (atomic_read(&skb->users) != 1) {
195 *skb2 = skb_clone(skb, allocation);
196 } else {
197 *skb2 = skb;
198 atomic_inc(&skb->users);
199 }
200 }
201 if (*skb2 != NULL) {
202 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) {
203 skb_orphan(*skb2);
204 skb_set_owner_r(*skb2, sk);
205 skb_queue_tail(&sk->sk_receive_queue, *skb2);
206 sk->sk_data_ready(sk, (*skb2)->len);
207 *skb2 = NULL;
208 err = 0;
209 }
210 }
211 sock_put(sk);
212 return err;
213}
214
215
216#define BROADCAST_ALL 0
217#define BROADCAST_ONE 1
218#define BROADCAST_REGISTERED 2
219#define BROADCAST_PROMISC_ONLY 4
220static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
221 int broadcast_flags, struct sock *one_sk)
222{
223 struct sock *sk;
224 struct hlist_node *node;
225 struct sk_buff *skb2 = NULL;
226 int err = -ESRCH;
227
228
229
230
231 if (!skb)
232 return -ENOMEM;
233
234 pfkey_lock_table();
235 sk_for_each(sk, node, &pfkey_table) {
236 struct pfkey_sock *pfk = pfkey_sk(sk);
237 int err2;
238
239
240
241
242
243 if (pfk->promisc)
244 pfkey_broadcast_one(skb, &skb2, allocation, sk);
245
246
247 if (sk == one_sk)
248 continue;
249 if (broadcast_flags != BROADCAST_ALL) {
250 if (broadcast_flags & BROADCAST_PROMISC_ONLY)
251 continue;
252 if ((broadcast_flags & BROADCAST_REGISTERED) &&
253 !pfk->registered)
254 continue;
255 if (broadcast_flags & BROADCAST_ONE)
256 continue;
257 }
258
259 err2 = pfkey_broadcast_one(skb, &skb2, allocation, sk);
260
261
262
263 if ((broadcast_flags & BROADCAST_REGISTERED) && err)
264 err = err2;
265 }
266 pfkey_unlock_table();
267
268 if (one_sk != NULL)
269 err = pfkey_broadcast_one(skb, &skb2, allocation, one_sk);
270
271 if (skb2)
272 kfree_skb(skb2);
273 kfree_skb(skb);
274 return err;
275}
276
277static inline void pfkey_hdr_dup(struct sadb_msg *new, struct sadb_msg *orig)
278{
279 *new = *orig;
280}
281
282static int pfkey_error(struct sadb_msg *orig, int err, struct sock *sk)
283{
284 struct sk_buff *skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_KERNEL);
285 struct sadb_msg *hdr;
286
287 if (!skb)
288 return -ENOBUFS;
289
290
291
292
293 err = -err;
294 if (err == ERESTARTSYS ||
295 err == ERESTARTNOHAND ||
296 err == ERESTARTNOINTR)
297 err = EINTR;
298 if (err >= 512)
299 err = EINVAL;
300 BUG_ON(err <= 0 || err >= 256);
301
302 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
303 pfkey_hdr_dup(hdr, orig);
304 hdr->sadb_msg_errno = (uint8_t) err;
305 hdr->sadb_msg_len = (sizeof(struct sadb_msg) /
306 sizeof(uint64_t));
307
308 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ONE, sk);
309
310 return 0;
311}
312
313static u8 sadb_ext_min_len[] = {
314 [SADB_EXT_RESERVED] = (u8) 0,
315 [SADB_EXT_SA] = (u8) sizeof(struct sadb_sa),
316 [SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime),
317 [SADB_EXT_LIFETIME_HARD] = (u8) sizeof(struct sadb_lifetime),
318 [SADB_EXT_LIFETIME_SOFT] = (u8) sizeof(struct sadb_lifetime),
319 [SADB_EXT_ADDRESS_SRC] = (u8) sizeof(struct sadb_address),
320 [SADB_EXT_ADDRESS_DST] = (u8) sizeof(struct sadb_address),
321 [SADB_EXT_ADDRESS_PROXY] = (u8) sizeof(struct sadb_address),
322 [SADB_EXT_KEY_AUTH] = (u8) sizeof(struct sadb_key),
323 [SADB_EXT_KEY_ENCRYPT] = (u8) sizeof(struct sadb_key),
324 [SADB_EXT_IDENTITY_SRC] = (u8) sizeof(struct sadb_ident),
325 [SADB_EXT_IDENTITY_DST] = (u8) sizeof(struct sadb_ident),
326 [SADB_EXT_SENSITIVITY] = (u8) sizeof(struct sadb_sens),
327 [SADB_EXT_PROPOSAL] = (u8) sizeof(struct sadb_prop),
328 [SADB_EXT_SUPPORTED_AUTH] = (u8) sizeof(struct sadb_supported),
329 [SADB_EXT_SUPPORTED_ENCRYPT] = (u8) sizeof(struct sadb_supported),
330 [SADB_EXT_SPIRANGE] = (u8) sizeof(struct sadb_spirange),
331 [SADB_X_EXT_KMPRIVATE] = (u8) sizeof(struct sadb_x_kmprivate),
332 [SADB_X_EXT_POLICY] = (u8) sizeof(struct sadb_x_policy),
333 [SADB_X_EXT_SA2] = (u8) sizeof(struct sadb_x_sa2),
334 [SADB_X_EXT_NAT_T_TYPE] = (u8) sizeof(struct sadb_x_nat_t_type),
335 [SADB_X_EXT_NAT_T_SPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
336 [SADB_X_EXT_NAT_T_DPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
337 [SADB_X_EXT_NAT_T_OA] = (u8) sizeof(struct sadb_address),
338 [SADB_X_EXT_SEC_CTX] = (u8) sizeof(struct sadb_x_sec_ctx),
339};
340
341
342static int verify_address_len(void *p)
343{
344 struct sadb_address *sp = p;
345 struct sockaddr *addr = (struct sockaddr *)(sp + 1);
346 struct sockaddr_in *sin;
347#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
348 struct sockaddr_in6 *sin6;
349#endif
350 int len;
351
352 switch (addr->sa_family) {
353 case AF_INET:
354 len = sizeof(*sp) + sizeof(*sin) + (sizeof(uint64_t) - 1);
355 len /= sizeof(uint64_t);
356 if (sp->sadb_address_len != len ||
357 sp->sadb_address_prefixlen > 32)
358 return -EINVAL;
359 break;
360#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
361 case AF_INET6:
362 len = sizeof(*sp) + sizeof(*sin6) + (sizeof(uint64_t) - 1);
363 len /= sizeof(uint64_t);
364 if (sp->sadb_address_len != len ||
365 sp->sadb_address_prefixlen > 128)
366 return -EINVAL;
367 break;
368#endif
369 default:
370
371
372
373
374
375
376
377
378
379 return -EINVAL;
380 break;
381 };
382
383 return 0;
384}
385
386static inline int pfkey_sec_ctx_len(struct sadb_x_sec_ctx *sec_ctx)
387{
388 int len = 0;
389
390 len += sizeof(struct sadb_x_sec_ctx);
391 len += sec_ctx->sadb_x_ctx_len;
392 len += sizeof(uint64_t) - 1;
393 len /= sizeof(uint64_t);
394
395 return len;
396}
397
398static inline int verify_sec_ctx_len(void *p)
399{
400 struct sadb_x_sec_ctx *sec_ctx = (struct sadb_x_sec_ctx *)p;
401 int len;
402
403 if (sec_ctx->sadb_x_ctx_len > PAGE_SIZE)
404 return -EINVAL;
405
406 len = pfkey_sec_ctx_len(sec_ctx);
407
408 if (sec_ctx->sadb_x_sec_len != len)
409 return -EINVAL;
410
411 return 0;
412}
413
414static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(struct sadb_x_sec_ctx *sec_ctx)
415{
416 struct xfrm_user_sec_ctx *uctx = NULL;
417 int ctx_size = sec_ctx->sadb_x_ctx_len;
418
419 uctx = kmalloc((sizeof(*uctx)+ctx_size), GFP_KERNEL);
420
421 if (!uctx)
422 return NULL;
423
424 uctx->len = pfkey_sec_ctx_len(sec_ctx);
425 uctx->exttype = sec_ctx->sadb_x_sec_exttype;
426 uctx->ctx_doi = sec_ctx->sadb_x_ctx_doi;
427 uctx->ctx_alg = sec_ctx->sadb_x_ctx_alg;
428 uctx->ctx_len = sec_ctx->sadb_x_ctx_len;
429 memcpy(uctx + 1, sec_ctx + 1,
430 uctx->ctx_len);
431
432 return uctx;
433}
434
435static int present_and_same_family(struct sadb_address *src,
436 struct sadb_address *dst)
437{
438 struct sockaddr *s_addr, *d_addr;
439
440 if (!src || !dst)
441 return 0;
442
443 s_addr = (struct sockaddr *)(src + 1);
444 d_addr = (struct sockaddr *)(dst + 1);
445 if (s_addr->sa_family != d_addr->sa_family)
446 return 0;
447 if (s_addr->sa_family != AF_INET
448#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
449 && s_addr->sa_family != AF_INET6
450#endif
451 )
452 return 0;
453
454 return 1;
455}
456
457static int parse_exthdrs(struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
458{
459 char *p = (char *) hdr;
460 int len = skb->len;
461
462 len -= sizeof(*hdr);
463 p += sizeof(*hdr);
464 while (len > 0) {
465 struct sadb_ext *ehdr = (struct sadb_ext *) p;
466 uint16_t ext_type;
467 int ext_len;
468
469 ext_len = ehdr->sadb_ext_len;
470 ext_len *= sizeof(uint64_t);
471 ext_type = ehdr->sadb_ext_type;
472 if (ext_len < sizeof(uint64_t) ||
473 ext_len > len ||
474 ext_type == SADB_EXT_RESERVED)
475 return -EINVAL;
476
477 if (ext_type <= SADB_EXT_MAX) {
478 int min = (int) sadb_ext_min_len[ext_type];
479 if (ext_len < min)
480 return -EINVAL;
481 if (ext_hdrs[ext_type-1] != NULL)
482 return -EINVAL;
483 if (ext_type == SADB_EXT_ADDRESS_SRC ||
484 ext_type == SADB_EXT_ADDRESS_DST ||
485 ext_type == SADB_EXT_ADDRESS_PROXY ||
486 ext_type == SADB_X_EXT_NAT_T_OA) {
487 if (verify_address_len(p))
488 return -EINVAL;
489 }
490 if (ext_type == SADB_X_EXT_SEC_CTX) {
491 if (verify_sec_ctx_len(p))
492 return -EINVAL;
493 }
494 ext_hdrs[ext_type-1] = p;
495 }
496 p += ext_len;
497 len -= ext_len;
498 }
499
500 return 0;
501}
502
503static uint16_t
504pfkey_satype2proto(uint8_t satype)
505{
506 switch (satype) {
507 case SADB_SATYPE_UNSPEC:
508 return IPSEC_PROTO_ANY;
509 case SADB_SATYPE_AH:
510 return IPPROTO_AH;
511 case SADB_SATYPE_ESP:
512 return IPPROTO_ESP;
513 case SADB_X_SATYPE_IPCOMP:
514 return IPPROTO_COMP;
515 break;
516 default:
517 return 0;
518 }
519
520}
521
522static uint8_t
523pfkey_proto2satype(uint16_t proto)
524{
525 switch (proto) {
526 case IPPROTO_AH:
527 return SADB_SATYPE_AH;
528 case IPPROTO_ESP:
529 return SADB_SATYPE_ESP;
530 case IPPROTO_COMP:
531 return SADB_X_SATYPE_IPCOMP;
532 break;
533 default:
534 return 0;
535 }
536
537}
538
539
540
541
542
543static uint8_t pfkey_proto_to_xfrm(uint8_t proto)
544{
545 return (proto == IPSEC_PROTO_ANY ? 0 : proto);
546}
547
548static uint8_t pfkey_proto_from_xfrm(uint8_t proto)
549{
550 return (proto ? proto : IPSEC_PROTO_ANY);
551}
552
553static int pfkey_sadb_addr2xfrm_addr(struct sadb_address *addr,
554 xfrm_address_t *xaddr)
555{
556 switch (((struct sockaddr*)(addr + 1))->sa_family) {
557 case AF_INET:
558 xaddr->a4 =
559 ((struct sockaddr_in *)(addr + 1))->sin_addr.s_addr;
560 return AF_INET;
561#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
562 case AF_INET6:
563 memcpy(xaddr->a6,
564 &((struct sockaddr_in6 *)(addr + 1))->sin6_addr,
565 sizeof(struct in6_addr));
566 return AF_INET6;
567#endif
568 default:
569 return 0;
570 }
571
572}
573
574static struct xfrm_state *pfkey_xfrm_state_lookup(struct sadb_msg *hdr, void **ext_hdrs)
575{
576 struct sadb_sa *sa;
577 struct sadb_address *addr;
578 uint16_t proto;
579 unsigned short family;
580 xfrm_address_t *xaddr;
581
582 sa = (struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1];
583 if (sa == NULL)
584 return NULL;
585
586 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
587 if (proto == 0)
588 return NULL;
589
590
591 addr = (struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1];
592 if (addr == NULL)
593 return NULL;
594
595 family = ((struct sockaddr *)(addr + 1))->sa_family;
596 switch (family) {
597 case AF_INET:
598 xaddr = (xfrm_address_t *)&((struct sockaddr_in *)(addr + 1))->sin_addr;
599 break;
600#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
601 case AF_INET6:
602 xaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(addr + 1))->sin6_addr;
603 break;
604#endif
605 default:
606 xaddr = NULL;
607 }
608
609 if (!xaddr)
610 return NULL;
611
612 return xfrm_state_lookup(xaddr, sa->sadb_sa_spi, proto, family);
613}
614
615#define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
616static int
617pfkey_sockaddr_size(sa_family_t family)
618{
619 switch (family) {
620 case AF_INET:
621 return PFKEY_ALIGN8(sizeof(struct sockaddr_in));
622#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
623 case AF_INET6:
624 return PFKEY_ALIGN8(sizeof(struct sockaddr_in6));
625#endif
626 default:
627 return 0;
628 }
629
630}
631
632static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys, int hsc)
633{
634 struct sk_buff *skb;
635 struct sadb_msg *hdr;
636 struct sadb_sa *sa;
637 struct sadb_lifetime *lifetime;
638 struct sadb_address *addr;
639 struct sadb_key *key;
640 struct sadb_x_sa2 *sa2;
641 struct sockaddr_in *sin;
642 struct sadb_x_sec_ctx *sec_ctx;
643 struct xfrm_sec_ctx *xfrm_ctx;
644 int ctx_size = 0;
645#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
646 struct sockaddr_in6 *sin6;
647#endif
648 int size;
649 int auth_key_size = 0;
650 int encrypt_key_size = 0;
651 int sockaddr_size;
652 struct xfrm_encap_tmpl *natt = NULL;
653
654
655 sockaddr_size = pfkey_sockaddr_size(x->props.family);
656 if (!sockaddr_size)
657 return ERR_PTR(-EINVAL);
658
659
660
661 size = sizeof(struct sadb_msg) +sizeof(struct sadb_sa) +
662 sizeof(struct sadb_lifetime) +
663 ((hsc & 1) ? sizeof(struct sadb_lifetime) : 0) +
664 ((hsc & 2) ? sizeof(struct sadb_lifetime) : 0) +
665 sizeof(struct sadb_address)*2 +
666 sockaddr_size*2 +
667 sizeof(struct sadb_x_sa2);
668
669 if ((xfrm_ctx = x->security)) {
670 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
671 size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
672 }
673
674
675
676 if ((x->props.family == AF_INET &&
677 x->sel.saddr.a4 != x->props.saddr.a4)
678#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
679 || (x->props.family == AF_INET6 &&
680 memcmp (x->sel.saddr.a6, x->props.saddr.a6, sizeof (struct in6_addr)))
681#endif
682 )
683 size += sizeof(struct sadb_address) + sockaddr_size;
684
685 if (add_keys) {
686 if (x->aalg && x->aalg->alg_key_len) {
687 auth_key_size =
688 PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8);
689 size += sizeof(struct sadb_key) + auth_key_size;
690 }
691 if (x->ealg && x->ealg->alg_key_len) {
692 encrypt_key_size =
693 PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8);
694 size += sizeof(struct sadb_key) + encrypt_key_size;
695 }
696 }
697 if (x->encap)
698 natt = x->encap;
699
700 if (natt && natt->encap_type) {
701 size += sizeof(struct sadb_x_nat_t_type);
702 size += sizeof(struct sadb_x_nat_t_port);
703 size += sizeof(struct sadb_x_nat_t_port);
704 }
705
706 skb = alloc_skb(size + 16, GFP_ATOMIC);
707 if (skb == NULL)
708 return ERR_PTR(-ENOBUFS);
709
710
711 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
712 memset(hdr, 0, size);
713 hdr->sadb_msg_len = size / sizeof(uint64_t);
714
715
716 sa = (struct sadb_sa *) skb_put(skb, sizeof(struct sadb_sa));
717 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
718 sa->sadb_sa_exttype = SADB_EXT_SA;
719 sa->sadb_sa_spi = x->id.spi;
720 sa->sadb_sa_replay = x->props.replay_window;
721 switch (x->km.state) {
722 case XFRM_STATE_VALID:
723 sa->sadb_sa_state = x->km.dying ?
724 SADB_SASTATE_DYING : SADB_SASTATE_MATURE;
725 break;
726 case XFRM_STATE_ACQ:
727 sa->sadb_sa_state = SADB_SASTATE_LARVAL;
728 break;
729 default:
730 sa->sadb_sa_state = SADB_SASTATE_DEAD;
731 break;
732 }
733 sa->sadb_sa_auth = 0;
734 if (x->aalg) {
735 struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
736 sa->sadb_sa_auth = a ? a->desc.sadb_alg_id : 0;
737 }
738 sa->sadb_sa_encrypt = 0;
739 BUG_ON(x->ealg && x->calg);
740 if (x->ealg) {
741 struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0);
742 sa->sadb_sa_encrypt = a ? a->desc.sadb_alg_id : 0;
743 }
744
745 if (x->calg) {
746 struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0);
747 sa->sadb_sa_encrypt = a ? a->desc.sadb_alg_id : 0;
748 }
749
750 sa->sadb_sa_flags = 0;
751 if (x->props.flags & XFRM_STATE_NOECN)
752 sa->sadb_sa_flags |= SADB_SAFLAGS_NOECN;
753 if (x->props.flags & XFRM_STATE_DECAP_DSCP)
754 sa->sadb_sa_flags |= SADB_SAFLAGS_DECAP_DSCP;
755 if (x->props.flags & XFRM_STATE_NOPMTUDISC)
756 sa->sadb_sa_flags |= SADB_SAFLAGS_NOPMTUDISC;
757
758
759 if (hsc & 2) {
760 lifetime = (struct sadb_lifetime *) skb_put(skb,
761 sizeof(struct sadb_lifetime));
762 lifetime->sadb_lifetime_len =
763 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
764 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
765 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.hard_packet_limit);
766 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.hard_byte_limit);
767 lifetime->sadb_lifetime_addtime = x->lft.hard_add_expires_seconds;
768 lifetime->sadb_lifetime_usetime = x->lft.hard_use_expires_seconds;
769 }
770
771 if (hsc & 1) {
772 lifetime = (struct sadb_lifetime *) skb_put(skb,
773 sizeof(struct sadb_lifetime));
774 lifetime->sadb_lifetime_len =
775 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
776 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
777 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.soft_packet_limit);
778 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.soft_byte_limit);
779 lifetime->sadb_lifetime_addtime = x->lft.soft_add_expires_seconds;
780 lifetime->sadb_lifetime_usetime = x->lft.soft_use_expires_seconds;
781 }
782
783 lifetime = (struct sadb_lifetime *) skb_put(skb,
784 sizeof(struct sadb_lifetime));
785 lifetime->sadb_lifetime_len =
786 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
787 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
788 lifetime->sadb_lifetime_allocations = x->curlft.packets;
789 lifetime->sadb_lifetime_bytes = x->curlft.bytes;
790 lifetime->sadb_lifetime_addtime = x->curlft.add_time;
791 lifetime->sadb_lifetime_usetime = x->curlft.use_time;
792
793 addr = (struct sadb_address*) skb_put(skb,
794 sizeof(struct sadb_address)+sockaddr_size);
795 addr->sadb_address_len =
796 (sizeof(struct sadb_address)+sockaddr_size)/
797 sizeof(uint64_t);
798 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
799
800
801
802 addr->sadb_address_proto = 0;
803 addr->sadb_address_reserved = 0;
804 if (x->props.family == AF_INET) {
805 addr->sadb_address_prefixlen = 32;
806
807 sin = (struct sockaddr_in *) (addr + 1);
808 sin->sin_family = AF_INET;
809 sin->sin_addr.s_addr = x->props.saddr.a4;
810 sin->sin_port = 0;
811 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
812 }
813#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
814 else if (x->props.family == AF_INET6) {
815 addr->sadb_address_prefixlen = 128;
816
817 sin6 = (struct sockaddr_in6 *) (addr + 1);
818 sin6->sin6_family = AF_INET6;
819 sin6->sin6_port = 0;
820 sin6->sin6_flowinfo = 0;
821 memcpy(&sin6->sin6_addr, x->props.saddr.a6,
822 sizeof(struct in6_addr));
823 sin6->sin6_scope_id = 0;
824 }
825#endif
826 else
827 BUG();
828
829
830 addr = (struct sadb_address*) skb_put(skb,
831 sizeof(struct sadb_address)+sockaddr_size);
832 addr->sadb_address_len =
833 (sizeof(struct sadb_address)+sockaddr_size)/
834 sizeof(uint64_t);
835 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
836 addr->sadb_address_proto = 0;
837 addr->sadb_address_prefixlen = 32;
838 addr->sadb_address_reserved = 0;
839 if (x->props.family == AF_INET) {
840 sin = (struct sockaddr_in *) (addr + 1);
841 sin->sin_family = AF_INET;
842 sin->sin_addr.s_addr = x->id.daddr.a4;
843 sin->sin_port = 0;
844 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
845
846 if (x->sel.saddr.a4 != x->props.saddr.a4) {
847 addr = (struct sadb_address*) skb_put(skb,
848 sizeof(struct sadb_address)+sockaddr_size);
849 addr->sadb_address_len =
850 (sizeof(struct sadb_address)+sockaddr_size)/
851 sizeof(uint64_t);
852 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;
853 addr->sadb_address_proto =
854 pfkey_proto_from_xfrm(x->sel.proto);
855 addr->sadb_address_prefixlen = x->sel.prefixlen_s;
856 addr->sadb_address_reserved = 0;
857
858 sin = (struct sockaddr_in *) (addr + 1);
859 sin->sin_family = AF_INET;
860 sin->sin_addr.s_addr = x->sel.saddr.a4;
861 sin->sin_port = x->sel.sport;
862 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
863 }
864 }
865#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
866 else if (x->props.family == AF_INET6) {
867 addr->sadb_address_prefixlen = 128;
868
869 sin6 = (struct sockaddr_in6 *) (addr + 1);
870 sin6->sin6_family = AF_INET6;
871 sin6->sin6_port = 0;
872 sin6->sin6_flowinfo = 0;
873 memcpy(&sin6->sin6_addr, x->id.daddr.a6, sizeof(struct in6_addr));
874 sin6->sin6_scope_id = 0;
875
876 if (memcmp (x->sel.saddr.a6, x->props.saddr.a6,
877 sizeof(struct in6_addr))) {
878 addr = (struct sadb_address *) skb_put(skb,
879 sizeof(struct sadb_address)+sockaddr_size);
880 addr->sadb_address_len =
881 (sizeof(struct sadb_address)+sockaddr_size)/
882 sizeof(uint64_t);
883 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;
884 addr->sadb_address_proto =
885 pfkey_proto_from_xfrm(x->sel.proto);
886 addr->sadb_address_prefixlen = x->sel.prefixlen_s;
887 addr->sadb_address_reserved = 0;
888
889 sin6 = (struct sockaddr_in6 *) (addr + 1);
890 sin6->sin6_family = AF_INET6;
891 sin6->sin6_port = x->sel.sport;
892 sin6->sin6_flowinfo = 0;
893 memcpy(&sin6->sin6_addr, x->sel.saddr.a6,
894 sizeof(struct in6_addr));
895 sin6->sin6_scope_id = 0;
896 }
897 }
898#endif
899 else
900 BUG();
901
902
903 if (add_keys && auth_key_size) {
904 key = (struct sadb_key *) skb_put(skb,
905 sizeof(struct sadb_key)+auth_key_size);
906 key->sadb_key_len = (sizeof(struct sadb_key) + auth_key_size) /
907 sizeof(uint64_t);
908 key->sadb_key_exttype = SADB_EXT_KEY_AUTH;
909 key->sadb_key_bits = x->aalg->alg_key_len;
910 key->sadb_key_reserved = 0;
911 memcpy(key + 1, x->aalg->alg_key, (x->aalg->alg_key_len+7)/8);
912 }
913
914 if (add_keys && encrypt_key_size) {
915 key = (struct sadb_key *) skb_put(skb,
916 sizeof(struct sadb_key)+encrypt_key_size);
917 key->sadb_key_len = (sizeof(struct sadb_key) +
918 encrypt_key_size) / sizeof(uint64_t);
919 key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
920 key->sadb_key_bits = x->ealg->alg_key_len;
921 key->sadb_key_reserved = 0;
922 memcpy(key + 1, x->ealg->alg_key,
923 (x->ealg->alg_key_len+7)/8);
924 }
925
926
927 sa2 = (struct sadb_x_sa2 *) skb_put(skb, sizeof(struct sadb_x_sa2));
928 sa2->sadb_x_sa2_len = sizeof(struct sadb_x_sa2)/sizeof(uint64_t);
929 sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
930 sa2->sadb_x_sa2_mode = x->props.mode + 1;
931 sa2->sadb_x_sa2_reserved1 = 0;
932 sa2->sadb_x_sa2_reserved2 = 0;
933 sa2->sadb_x_sa2_sequence = 0;
934 sa2->sadb_x_sa2_reqid = x->props.reqid;
935
936 if (natt && natt->encap_type) {
937 struct sadb_x_nat_t_type *n_type;
938 struct sadb_x_nat_t_port *n_port;
939
940
941 n_type = (struct sadb_x_nat_t_type*) skb_put(skb, sizeof(*n_type));
942 n_type->sadb_x_nat_t_type_len = sizeof(*n_type)/sizeof(uint64_t);
943 n_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
944 n_type->sadb_x_nat_t_type_type = natt->encap_type;
945 n_type->sadb_x_nat_t_type_reserved[0] = 0;
946 n_type->sadb_x_nat_t_type_reserved[1] = 0;
947 n_type->sadb_x_nat_t_type_reserved[2] = 0;
948
949
950 n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port));
951 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
952 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
953 n_port->sadb_x_nat_t_port_port = natt->encap_sport;
954 n_port->sadb_x_nat_t_port_reserved = 0;
955
956
957 n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port));
958 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
959 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
960 n_port->sadb_x_nat_t_port_port = natt->encap_dport;
961 n_port->sadb_x_nat_t_port_reserved = 0;
962 }
963
964
965 if (xfrm_ctx) {
966 sec_ctx = (struct sadb_x_sec_ctx *) skb_put(skb,
967 sizeof(struct sadb_x_sec_ctx) + ctx_size);
968 sec_ctx->sadb_x_sec_len =
969 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
970 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
971 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
972 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
973 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
974 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
975 xfrm_ctx->ctx_len);
976 }
977
978 return skb;
979}
980
981static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr,
982 void **ext_hdrs)
983{
984 struct xfrm_state *x;
985 struct sadb_lifetime *lifetime;
986 struct sadb_sa *sa;
987 struct sadb_key *key;
988 struct sadb_x_sec_ctx *sec_ctx;
989 uint16_t proto;
990 int err;
991
992
993 sa = (struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1];
994 if (!sa ||
995 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
996 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
997 return ERR_PTR(-EINVAL);
998 if (hdr->sadb_msg_satype == SADB_SATYPE_ESP &&
999 !ext_hdrs[SADB_EXT_KEY_ENCRYPT-1])
1000 return ERR_PTR(-EINVAL);
1001 if (hdr->sadb_msg_satype == SADB_SATYPE_AH &&
1002 !ext_hdrs[SADB_EXT_KEY_AUTH-1])
1003 return ERR_PTR(-EINVAL);
1004 if (!!ext_hdrs[SADB_EXT_LIFETIME_HARD-1] !=
1005 !!ext_hdrs[SADB_EXT_LIFETIME_SOFT-1])
1006 return ERR_PTR(-EINVAL);
1007
1008 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1009 if (proto == 0)
1010 return ERR_PTR(-EINVAL);
1011
1012
1013 err = -ENOBUFS;
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027 if (sa->sadb_sa_auth > SADB_AALG_MAX ||
1028 (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP &&
1029 sa->sadb_sa_encrypt > SADB_X_CALG_MAX) ||
1030 sa->sadb_sa_encrypt > SADB_EALG_MAX)
1031 return ERR_PTR(-EINVAL);
1032 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1];
1033 if (key != NULL &&
1034 sa->sadb_sa_auth != SADB_X_AALG_NULL &&
1035 ((key->sadb_key_bits+7) / 8 == 0 ||
1036 (key->sadb_key_bits+7) / 8 > key->sadb_key_len * sizeof(uint64_t)))
1037 return ERR_PTR(-EINVAL);
1038 key = ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
1039 if (key != NULL &&
1040 sa->sadb_sa_encrypt != SADB_EALG_NULL &&
1041 ((key->sadb_key_bits+7) / 8 == 0 ||
1042 (key->sadb_key_bits+7) / 8 > key->sadb_key_len * sizeof(uint64_t)))
1043 return ERR_PTR(-EINVAL);
1044
1045 x = xfrm_state_alloc();
1046 if (x == NULL)
1047 return ERR_PTR(-ENOBUFS);
1048
1049 x->id.proto = proto;
1050 x->id.spi = sa->sadb_sa_spi;
1051 x->props.replay_window = sa->sadb_sa_replay;
1052 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOECN)
1053 x->props.flags |= XFRM_STATE_NOECN;
1054 if (sa->sadb_sa_flags & SADB_SAFLAGS_DECAP_DSCP)
1055 x->props.flags |= XFRM_STATE_DECAP_DSCP;
1056 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC)
1057 x->props.flags |= XFRM_STATE_NOPMTUDISC;
1058
1059 lifetime = (struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_HARD-1];
1060 if (lifetime != NULL) {
1061 x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1062 x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1063 x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1064 x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1065 }
1066 lifetime = (struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_SOFT-1];
1067 if (lifetime != NULL) {
1068 x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1069 x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1070 x->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1071 x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1072 }
1073
1074 sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1];
1075 if (sec_ctx != NULL) {
1076 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
1077
1078 if (!uctx)
1079 goto out;
1080
1081 err = security_xfrm_state_alloc(x, uctx);
1082 kfree(uctx);
1083
1084 if (err)
1085 goto out;
1086 }
1087
1088 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1];
1089 if (sa->sadb_sa_auth) {
1090 int keysize = 0;
1091 struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth);
1092 if (!a) {
1093 err = -ENOSYS;
1094 goto out;
1095 }
1096 if (key)
1097 keysize = (key->sadb_key_bits + 7) / 8;
1098 x->aalg = kmalloc(sizeof(*x->aalg) + keysize, GFP_KERNEL);
1099 if (!x->aalg)
1100 goto out;
1101 strcpy(x->aalg->alg_name, a->name);
1102 x->aalg->alg_key_len = 0;
1103 if (key) {
1104 x->aalg->alg_key_len = key->sadb_key_bits;
1105 memcpy(x->aalg->alg_key, key+1, keysize);
1106 }
1107 x->props.aalgo = sa->sadb_sa_auth;
1108
1109 }
1110 if (sa->sadb_sa_encrypt) {
1111 if (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
1112 struct xfrm_algo_desc *a = xfrm_calg_get_byid(sa->sadb_sa_encrypt);
1113 if (!a) {
1114 err = -ENOSYS;
1115 goto out;
1116 }
1117 x->calg = kmalloc(sizeof(*x->calg), GFP_KERNEL);
1118 if (!x->calg)
1119 goto out;
1120 strcpy(x->calg->alg_name, a->name);
1121 x->props.calgo = sa->sadb_sa_encrypt;
1122 } else {
1123 int keysize = 0;
1124 struct xfrm_algo_desc *a = xfrm_ealg_get_byid(sa->sadb_sa_encrypt);
1125 if (!a) {
1126 err = -ENOSYS;
1127 goto out;
1128 }
1129 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
1130 if (key)
1131 keysize = (key->sadb_key_bits + 7) / 8;
1132 x->ealg = kmalloc(sizeof(*x->ealg) + keysize, GFP_KERNEL);
1133 if (!x->ealg)
1134 goto out;
1135 strcpy(x->ealg->alg_name, a->name);
1136 x->ealg->alg_key_len = 0;
1137 if (key) {
1138 x->ealg->alg_key_len = key->sadb_key_bits;
1139 memcpy(x->ealg->alg_key, key+1, keysize);
1140 }
1141 x->props.ealgo = sa->sadb_sa_encrypt;
1142 }
1143 }
1144
1145
1146 x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1147 &x->props.saddr);
1148 if (!x->props.family) {
1149 err = -EAFNOSUPPORT;
1150 goto out;
1151 }
1152 pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1],
1153 &x->id.daddr);
1154
1155 if (ext_hdrs[SADB_X_EXT_SA2-1]) {
1156 struct sadb_x_sa2 *sa2 = (void*)ext_hdrs[SADB_X_EXT_SA2-1];
1157 x->props.mode = sa2->sadb_x_sa2_mode;
1158 if (x->props.mode)
1159 x->props.mode--;
1160 x->props.reqid = sa2->sadb_x_sa2_reqid;
1161 }
1162
1163 if (ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]) {
1164 struct sadb_address *addr = ext_hdrs[SADB_EXT_ADDRESS_PROXY-1];
1165
1166
1167 x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr);
1168 x->sel.prefixlen_s = addr->sadb_address_prefixlen;
1169 }
1170
1171 if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) {
1172 struct sadb_x_nat_t_type* n_type;
1173 struct xfrm_encap_tmpl *natt;
1174
1175 x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL);
1176 if (!x->encap)
1177 goto out;
1178
1179 natt = x->encap;
1180 n_type = ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1];
1181 natt->encap_type = n_type->sadb_x_nat_t_type_type;
1182
1183 if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) {
1184 struct sadb_x_nat_t_port* n_port =
1185 ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1];
1186 natt->encap_sport = n_port->sadb_x_nat_t_port_port;
1187 }
1188 if (ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]) {
1189 struct sadb_x_nat_t_port* n_port =
1190 ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1];
1191 natt->encap_dport = n_port->sadb_x_nat_t_port_port;
1192 }
1193 }
1194
1195 err = xfrm_init_state(x);
1196 if (err)
1197 goto out;
1198
1199 x->km.seq = hdr->sadb_msg_seq;
1200 return x;
1201
1202out:
1203 x->km.state = XFRM_STATE_DEAD;
1204 xfrm_state_put(x);
1205 return ERR_PTR(err);
1206}
1207
1208static int pfkey_reserved(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1209{
1210 return -EOPNOTSUPP;
1211}
1212
1213static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1214{
1215 struct sk_buff *resp_skb;
1216 struct sadb_x_sa2 *sa2;
1217 struct sadb_address *saddr, *daddr;
1218 struct sadb_msg *out_hdr;
1219 struct xfrm_state *x = NULL;
1220 u8 mode;
1221 u32 reqid;
1222 u8 proto;
1223 unsigned short family;
1224 xfrm_address_t *xsaddr = NULL, *xdaddr = NULL;
1225
1226 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1227 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1228 return -EINVAL;
1229
1230 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1231 if (proto == 0)
1232 return -EINVAL;
1233
1234 if ((sa2 = ext_hdrs[SADB_X_EXT_SA2-1]) != NULL) {
1235 mode = sa2->sadb_x_sa2_mode - 1;
1236 reqid = sa2->sadb_x_sa2_reqid;
1237 } else {
1238 mode = 0;
1239 reqid = 0;
1240 }
1241
1242 saddr = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
1243 daddr = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
1244
1245 family = ((struct sockaddr *)(saddr + 1))->sa_family;
1246 switch (family) {
1247 case AF_INET:
1248 xdaddr = (xfrm_address_t *)&((struct sockaddr_in *)(daddr + 1))->sin_addr.s_addr;
1249 xsaddr = (xfrm_address_t *)&((struct sockaddr_in *)(saddr + 1))->sin_addr.s_addr;
1250 break;
1251#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1252 case AF_INET6:
1253 xdaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(daddr + 1))->sin6_addr;
1254 xsaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(saddr + 1))->sin6_addr;
1255 break;
1256#endif
1257 }
1258
1259 if (hdr->sadb_msg_seq) {
1260 x = xfrm_find_acq_byseq(hdr->sadb_msg_seq);
1261 if (x && xfrm_addr_cmp(&x->id.daddr, xdaddr, family)) {
1262 xfrm_state_put(x);
1263 x = NULL;
1264 }
1265 }
1266
1267 if (!x)
1268 x = xfrm_find_acq(mode, reqid, proto, xdaddr, xsaddr, 1, family);
1269
1270 if (x == NULL)
1271 return -ENOENT;
1272
1273 resp_skb = ERR_PTR(-ENOENT);
1274
1275 spin_lock_bh(&x->lock);
1276 if (x->km.state != XFRM_STATE_DEAD) {
1277 struct sadb_spirange *range = ext_hdrs[SADB_EXT_SPIRANGE-1];
1278 u32 min_spi, max_spi;
1279
1280 if (range != NULL) {
1281 min_spi = range->sadb_spirange_min;
1282 max_spi = range->sadb_spirange_max;
1283 } else {
1284 min_spi = 0x100;
1285 max_spi = 0x0fffffff;
1286 }
1287 xfrm_alloc_spi(x, htonl(min_spi), htonl(max_spi));
1288 if (x->id.spi)
1289 resp_skb = pfkey_xfrm_state2msg(x, 0, 3);
1290 }
1291 spin_unlock_bh(&x->lock);
1292
1293 if (IS_ERR(resp_skb)) {
1294 xfrm_state_put(x);
1295 return PTR_ERR(resp_skb);
1296 }
1297
1298 out_hdr = (struct sadb_msg *) resp_skb->data;
1299 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
1300 out_hdr->sadb_msg_type = SADB_GETSPI;
1301 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
1302 out_hdr->sadb_msg_errno = 0;
1303 out_hdr->sadb_msg_reserved = 0;
1304 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1305 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1306
1307 xfrm_state_put(x);
1308
1309 pfkey_broadcast(resp_skb, GFP_KERNEL, BROADCAST_ONE, sk);
1310
1311 return 0;
1312}
1313
1314static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1315{
1316 struct xfrm_state *x;
1317
1318 if (hdr->sadb_msg_len != sizeof(struct sadb_msg)/8)
1319 return -EOPNOTSUPP;
1320
1321 if (hdr->sadb_msg_seq == 0 || hdr->sadb_msg_errno == 0)
1322 return 0;
1323
1324 x = xfrm_find_acq_byseq(hdr->sadb_msg_seq);
1325 if (x == NULL)
1326 return 0;
1327
1328 spin_lock_bh(&x->lock);
1329 if (x->km.state == XFRM_STATE_ACQ) {
1330 x->km.state = XFRM_STATE_ERROR;
1331 wake_up(&km_waitq);
1332 }
1333 spin_unlock_bh(&x->lock);
1334 xfrm_state_put(x);
1335 return 0;
1336}
1337
1338static inline int event2poltype(int event)
1339{
1340 switch (event) {
1341 case XFRM_MSG_DELPOLICY:
1342 return SADB_X_SPDDELETE;
1343 case XFRM_MSG_NEWPOLICY:
1344 return SADB_X_SPDADD;
1345 case XFRM_MSG_UPDPOLICY:
1346 return SADB_X_SPDUPDATE;
1347 case XFRM_MSG_POLEXPIRE:
1348
1349 default:
1350 printk("pfkey: Unknown policy event %d\n", event);
1351 break;
1352 }
1353
1354 return 0;
1355}
1356
1357static inline int event2keytype(int event)
1358{
1359 switch (event) {
1360 case XFRM_MSG_DELSA:
1361 return SADB_DELETE;
1362 case XFRM_MSG_NEWSA:
1363 return SADB_ADD;
1364 case XFRM_MSG_UPDSA:
1365 return SADB_UPDATE;
1366 case XFRM_MSG_EXPIRE:
1367 return SADB_EXPIRE;
1368 default:
1369 printk("pfkey: Unknown SA event %d\n", event);
1370 break;
1371 }
1372
1373 return 0;
1374}
1375
1376
1377static int key_notify_sa(struct xfrm_state *x, struct km_event *c)
1378{
1379 struct sk_buff *skb;
1380 struct sadb_msg *hdr;
1381 int hsc = 3;
1382
1383 if (c->event == XFRM_MSG_DELSA)
1384 hsc = 0;
1385
1386 skb = pfkey_xfrm_state2msg(x, 0, hsc);
1387
1388 if (IS_ERR(skb))
1389 return PTR_ERR(skb);
1390
1391 hdr = (struct sadb_msg *) skb->data;
1392 hdr->sadb_msg_version = PF_KEY_V2;
1393 hdr->sadb_msg_type = event2keytype(c->event);
1394 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1395 hdr->sadb_msg_errno = 0;
1396 hdr->sadb_msg_reserved = 0;
1397 hdr->sadb_msg_seq = c->seq;
1398 hdr->sadb_msg_pid = c->pid;
1399
1400 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL);
1401
1402 return 0;
1403}
1404
1405static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1406{
1407 struct xfrm_state *x;
1408 int err;
1409 struct km_event c;
1410
1411 xfrm_probe_algs();
1412
1413 x = pfkey_msg2xfrm_state(hdr, ext_hdrs);
1414 if (IS_ERR(x))
1415 return PTR_ERR(x);
1416
1417 xfrm_state_hold(x);
1418 if (hdr->sadb_msg_type == SADB_ADD)
1419 err = xfrm_state_add(x);
1420 else
1421 err = xfrm_state_update(x);
1422
1423 if (err < 0) {
1424 x->km.state = XFRM_STATE_DEAD;
1425 __xfrm_state_put(x);
1426 goto out;
1427 }
1428
1429 if (hdr->sadb_msg_type == SADB_ADD)
1430 c.event = XFRM_MSG_NEWSA;
1431 else
1432 c.event = XFRM_MSG_UPDSA;
1433 c.seq = hdr->sadb_msg_seq;
1434 c.pid = hdr->sadb_msg_pid;
1435 km_state_notify(x, &c);
1436out:
1437 xfrm_state_put(x);
1438 return err;
1439}
1440
1441static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1442{
1443 struct xfrm_state *x;
1444 struct km_event c;
1445 int err;
1446
1447 if (!ext_hdrs[SADB_EXT_SA-1] ||
1448 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1449 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1450 return -EINVAL;
1451
1452 x = pfkey_xfrm_state_lookup(hdr, ext_hdrs);
1453 if (x == NULL)
1454 return -ESRCH;
1455
1456 if ((err = security_xfrm_state_delete(x)))
1457 goto out;
1458
1459 if (xfrm_state_kern(x)) {
1460 err = -EPERM;
1461 goto out;
1462 }
1463
1464 err = xfrm_state_delete(x);
1465 if (err < 0)
1466 goto out;
1467
1468 c.seq = hdr->sadb_msg_seq;
1469 c.pid = hdr->sadb_msg_pid;
1470 c.event = XFRM_MSG_DELSA;
1471 km_state_notify(x, &c);
1472out:
1473 xfrm_state_put(x);
1474
1475 return err;
1476}
1477
1478static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1479{
1480 __u8 proto;
1481 struct sk_buff *out_skb;
1482 struct sadb_msg *out_hdr;
1483 struct xfrm_state *x;
1484
1485 if (!ext_hdrs[SADB_EXT_SA-1] ||
1486 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1487 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1488 return -EINVAL;
1489
1490 x = pfkey_xfrm_state_lookup(hdr, ext_hdrs);
1491 if (x == NULL)
1492 return -ESRCH;
1493
1494 out_skb = pfkey_xfrm_state2msg(x, 1, 3);
1495 proto = x->id.proto;
1496 xfrm_state_put(x);
1497 if (IS_ERR(out_skb))
1498 return PTR_ERR(out_skb);
1499
1500 out_hdr = (struct sadb_msg *) out_skb->data;
1501 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
1502 out_hdr->sadb_msg_type = SADB_DUMP;
1503 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
1504 out_hdr->sadb_msg_errno = 0;
1505 out_hdr->sadb_msg_reserved = 0;
1506 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1507 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1508 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk);
1509
1510 return 0;
1511}
1512
1513static struct sk_buff *compose_sadb_supported(struct sadb_msg *orig,
1514 gfp_t allocation)
1515{
1516 struct sk_buff *skb;
1517 struct sadb_msg *hdr;
1518 int len, auth_len, enc_len, i;
1519
1520 auth_len = xfrm_count_auth_supported();
1521 if (auth_len) {
1522 auth_len *= sizeof(struct sadb_alg);
1523 auth_len += sizeof(struct sadb_supported);
1524 }
1525
1526 enc_len = xfrm_count_enc_supported();
1527 if (enc_len) {
1528 enc_len *= sizeof(struct sadb_alg);
1529 enc_len += sizeof(struct sadb_supported);
1530 }
1531
1532 len = enc_len + auth_len + sizeof(struct sadb_msg);
1533
1534 skb = alloc_skb(len + 16, allocation);
1535 if (!skb)
1536 goto out_put_algs;
1537
1538 hdr = (struct sadb_msg *) skb_put(skb, sizeof(*hdr));
1539 pfkey_hdr_dup(hdr, orig);
1540 hdr->sadb_msg_errno = 0;
1541 hdr->sadb_msg_len = len / sizeof(uint64_t);
1542
1543 if (auth_len) {
1544 struct sadb_supported *sp;
1545 struct sadb_alg *ap;
1546
1547 sp = (struct sadb_supported *) skb_put(skb, auth_len);
1548 ap = (struct sadb_alg *) (sp + 1);
1549
1550 sp->sadb_supported_len = auth_len / sizeof(uint64_t);
1551 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
1552
1553 for (i = 0; ; i++) {
1554 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
1555 if (!aalg)
1556 break;
1557 if (aalg->available)
1558 *ap++ = aalg->desc;
1559 }
1560 }
1561
1562 if (enc_len) {
1563 struct sadb_supported *sp;
1564 struct sadb_alg *ap;
1565
1566 sp = (struct sadb_supported *) skb_put(skb, enc_len);
1567 ap = (struct sadb_alg *) (sp + 1);
1568
1569 sp->sadb_supported_len = enc_len / sizeof(uint64_t);
1570 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
1571
1572 for (i = 0; ; i++) {
1573 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
1574 if (!ealg)
1575 break;
1576 if (ealg->available)
1577 *ap++ = ealg->desc;
1578 }
1579 }
1580
1581out_put_algs:
1582 return skb;
1583}
1584
1585static int pfkey_register(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1586{
1587 struct pfkey_sock *pfk = pfkey_sk(sk);
1588 struct sk_buff *supp_skb;
1589
1590 if (hdr->sadb_msg_satype > SADB_SATYPE_MAX)
1591 return -EINVAL;
1592
1593 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) {
1594 if (pfk->registered&(1<<hdr->sadb_msg_satype))
1595 return -EEXIST;
1596 pfk->registered |= (1<<hdr->sadb_msg_satype);
1597 }
1598
1599 xfrm_probe_algs();
1600
1601 supp_skb = compose_sadb_supported(hdr, GFP_KERNEL);
1602 if (!supp_skb) {
1603 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
1604 pfk->registered &= ~(1<<hdr->sadb_msg_satype);
1605
1606 return -ENOBUFS;
1607 }
1608
1609 pfkey_broadcast(supp_skb, GFP_KERNEL, BROADCAST_REGISTERED, sk);
1610
1611 return 0;
1612}
1613
1614static int key_notify_sa_flush(struct km_event *c)
1615{
1616 struct sk_buff *skb;
1617 struct sadb_msg *hdr;
1618
1619 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
1620 if (!skb)
1621 return -ENOBUFS;
1622 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
1623 hdr->sadb_msg_satype = pfkey_proto2satype(c->data.proto);
1624 hdr->sadb_msg_type = SADB_FLUSH;
1625 hdr->sadb_msg_seq = c->seq;
1626 hdr->sadb_msg_pid = c->pid;
1627 hdr->sadb_msg_version = PF_KEY_V2;
1628 hdr->sadb_msg_errno = (uint8_t) 0;
1629 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
1630
1631 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL);
1632
1633 return 0;
1634}
1635
1636static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1637{
1638 unsigned proto;
1639 struct km_event c;
1640
1641 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1642 if (proto == 0)
1643 return -EINVAL;
1644
1645 xfrm_state_flush(proto);
1646 c.data.proto = proto;
1647 c.seq = hdr->sadb_msg_seq;
1648 c.pid = hdr->sadb_msg_pid;
1649 c.event = XFRM_MSG_FLUSHSA;
1650 km_state_notify(NULL, &c);
1651
1652 return 0;
1653}
1654
1655struct pfkey_dump_data
1656{
1657 struct sk_buff *skb;
1658 struct sadb_msg *hdr;
1659 struct sock *sk;
1660};
1661
1662static int dump_sa(struct xfrm_state *x, int count, void *ptr)
1663{
1664 struct pfkey_dump_data *data = ptr;
1665 struct sk_buff *out_skb;
1666 struct sadb_msg *out_hdr;
1667
1668 out_skb = pfkey_xfrm_state2msg(x, 1, 3);
1669 if (IS_ERR(out_skb))
1670 return PTR_ERR(out_skb);
1671
1672 out_hdr = (struct sadb_msg *) out_skb->data;
1673 out_hdr->sadb_msg_version = data->hdr->sadb_msg_version;
1674 out_hdr->sadb_msg_type = SADB_DUMP;
1675 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1676 out_hdr->sadb_msg_errno = 0;
1677 out_hdr->sadb_msg_reserved = 0;
1678 out_hdr->sadb_msg_seq = count;
1679 out_hdr->sadb_msg_pid = data->hdr->sadb_msg_pid;
1680 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, data->sk);
1681 return 0;
1682}
1683
1684static int pfkey_dump(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1685{
1686 u8 proto;
1687 struct pfkey_dump_data data = { .skb = skb, .hdr = hdr, .sk = sk };
1688
1689 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1690 if (proto == 0)
1691 return -EINVAL;
1692
1693 return xfrm_state_walk(proto, dump_sa, &data);
1694}
1695
1696static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1697{
1698 struct pfkey_sock *pfk = pfkey_sk(sk);
1699 int satype = hdr->sadb_msg_satype;
1700
1701 if (hdr->sadb_msg_len == (sizeof(*hdr) / sizeof(uint64_t))) {
1702
1703 hdr->sadb_msg_errno = 0;
1704 if (satype != 0 && satype != 1)
1705 return -EINVAL;
1706 pfk->promisc = satype;
1707 }
1708 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL, BROADCAST_ALL, NULL);
1709 return 0;
1710}
1711
1712static int check_reqid(struct xfrm_policy *xp, int dir, int count, void *ptr)
1713{
1714 int i;
1715 u32 reqid = *(u32*)ptr;
1716
1717 for (i=0; i<xp->xfrm_nr; i++) {
1718 if (xp->xfrm_vec[i].reqid == reqid)
1719 return -EEXIST;
1720 }
1721 return 0;
1722}
1723
1724static u32 gen_reqid(void)
1725{
1726 u32 start;
1727 static u32 reqid = IPSEC_MANUAL_REQID_MAX;
1728
1729 start = reqid;
1730 do {
1731 ++reqid;
1732 if (reqid == 0)
1733 reqid = IPSEC_MANUAL_REQID_MAX+1;
1734 if (xfrm_policy_walk(check_reqid, (void*)&reqid) != -EEXIST)
1735 return reqid;
1736 } while (reqid != start);
1737 return 0;
1738}
1739
1740static int
1741parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
1742{
1743 struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr;
1744 struct sockaddr_in *sin;
1745#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1746 struct sockaddr_in6 *sin6;
1747#endif
1748
1749 if (xp->xfrm_nr >= XFRM_MAX_DEPTH)
1750 return -ELOOP;
1751
1752 if (rq->sadb_x_ipsecrequest_mode == 0)
1753 return -EINVAL;
1754
1755 t->id.proto = rq->sadb_x_ipsecrequest_proto;
1756 t->mode = rq->sadb_x_ipsecrequest_mode-1;
1757 if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_USE)
1758 t->optional = 1;
1759 else if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_UNIQUE) {
1760 t->reqid = rq->sadb_x_ipsecrequest_reqid;
1761 if (t->reqid > IPSEC_MANUAL_REQID_MAX)
1762 t->reqid = 0;
1763 if (!t->reqid && !(t->reqid = gen_reqid()))
1764 return -ENOBUFS;
1765 }
1766
1767
1768 if (t->mode) {
1769 switch (xp->family) {
1770 case AF_INET:
1771 sin = (void*)(rq+1);
1772 if (sin->sin_family != AF_INET)
1773 return -EINVAL;
1774 t->saddr.a4 = sin->sin_addr.s_addr;
1775 sin++;
1776 if (sin->sin_family != AF_INET)
1777 return -EINVAL;
1778 t->id.daddr.a4 = sin->sin_addr.s_addr;
1779 break;
1780#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1781 case AF_INET6:
1782 sin6 = (void *)(rq+1);
1783 if (sin6->sin6_family != AF_INET6)
1784 return -EINVAL;
1785 memcpy(t->saddr.a6, &sin6->sin6_addr, sizeof(struct in6_addr));
1786 sin6++;
1787 if (sin6->sin6_family != AF_INET6)
1788 return -EINVAL;
1789 memcpy(t->id.daddr.a6, &sin6->sin6_addr, sizeof(struct in6_addr));
1790 break;
1791#endif
1792 default:
1793 return -EINVAL;
1794 }
1795 }
1796
1797 t->aalgos = t->ealgos = t->calgos = ~0;
1798 xp->xfrm_nr++;
1799 return 0;
1800}
1801
1802static int
1803parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol)
1804{
1805 int err;
1806 int len = pol->sadb_x_policy_len*8 - sizeof(struct sadb_x_policy);
1807 struct sadb_x_ipsecrequest *rq = (void*)(pol+1);
1808
1809 while (len >= sizeof(struct sadb_x_ipsecrequest)) {
1810 if ((err = parse_ipsecrequest(xp, rq)) < 0)
1811 return err;
1812 len -= rq->sadb_x_ipsecrequest_len;
1813 rq = (void*)((u8*)rq + rq->sadb_x_ipsecrequest_len);
1814 }
1815 return 0;
1816}
1817
1818static inline int pfkey_xfrm_policy2sec_ctx_size(struct xfrm_policy *xp)
1819{
1820 struct xfrm_sec_ctx *xfrm_ctx = xp->security;
1821
1822 if (xfrm_ctx) {
1823 int len = sizeof(struct sadb_x_sec_ctx);
1824 len += xfrm_ctx->ctx_len;
1825 return PFKEY_ALIGN8(len);
1826 }
1827 return 0;
1828}
1829
1830static int pfkey_xfrm_policy2msg_size(struct xfrm_policy *xp)
1831{
1832 int sockaddr_size = pfkey_sockaddr_size(xp->family);
1833 int socklen = (xp->family == AF_INET ?
1834 sizeof(struct sockaddr_in) :
1835 sizeof(struct sockaddr_in6));
1836
1837 return sizeof(struct sadb_msg) +
1838 (sizeof(struct sadb_lifetime) * 3) +
1839 (sizeof(struct sadb_address) * 2) +
1840 (sockaddr_size * 2) +
1841 sizeof(struct sadb_x_policy) +
1842 (xp->xfrm_nr * (sizeof(struct sadb_x_ipsecrequest) +
1843 (socklen * 2))) +
1844 pfkey_xfrm_policy2sec_ctx_size(xp);
1845}
1846
1847static struct sk_buff * pfkey_xfrm_policy2msg_prep(struct xfrm_policy *xp)
1848{
1849 struct sk_buff *skb;
1850 int size;
1851
1852 size = pfkey_xfrm_policy2msg_size(xp);
1853
1854 skb = alloc_skb(size + 16, GFP_ATOMIC);
1855 if (skb == NULL)
1856 return ERR_PTR(-ENOBUFS);
1857
1858 return skb;
1859}
1860
1861static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, int dir)
1862{
1863 struct sadb_msg *hdr;
1864 struct sadb_address *addr;
1865 struct sadb_lifetime *lifetime;
1866 struct sadb_x_policy *pol;
1867 struct sockaddr_in *sin;
1868 struct sadb_x_sec_ctx *sec_ctx;
1869 struct xfrm_sec_ctx *xfrm_ctx;
1870#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1871 struct sockaddr_in6 *sin6;
1872#endif
1873 int i;
1874 int size;
1875 int sockaddr_size = pfkey_sockaddr_size(xp->family);
1876 int socklen = (xp->family == AF_INET ?
1877 sizeof(struct sockaddr_in) :
1878 sizeof(struct sockaddr_in6));
1879
1880 size = pfkey_xfrm_policy2msg_size(xp);
1881
1882
1883 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
1884 memset(hdr, 0, size);
1885
1886
1887 addr = (struct sadb_address*) skb_put(skb,
1888 sizeof(struct sadb_address)+sockaddr_size);
1889 addr->sadb_address_len =
1890 (sizeof(struct sadb_address)+sockaddr_size)/
1891 sizeof(uint64_t);
1892 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
1893 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
1894 addr->sadb_address_prefixlen = xp->selector.prefixlen_s;
1895 addr->sadb_address_reserved = 0;
1896
1897 if (xp->family == AF_INET) {
1898 sin = (struct sockaddr_in *) (addr + 1);
1899 sin->sin_family = AF_INET;
1900 sin->sin_addr.s_addr = xp->selector.saddr.a4;
1901 sin->sin_port = xp->selector.sport;
1902 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
1903 }
1904#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1905 else if (xp->family == AF_INET6) {
1906 sin6 = (struct sockaddr_in6 *) (addr + 1);
1907 sin6->sin6_family = AF_INET6;
1908 sin6->sin6_port = xp->selector.sport;
1909 sin6->sin6_flowinfo = 0;
1910 memcpy(&sin6->sin6_addr, xp->selector.saddr.a6,
1911 sizeof(struct in6_addr));
1912 sin6->sin6_scope_id = 0;
1913 }
1914#endif
1915 else
1916 BUG();
1917
1918
1919 addr = (struct sadb_address*) skb_put(skb,
1920 sizeof(struct sadb_address)+sockaddr_size);
1921 addr->sadb_address_len =
1922 (sizeof(struct sadb_address)+sockaddr_size)/
1923 sizeof(uint64_t);
1924 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
1925 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
1926 addr->sadb_address_prefixlen = xp->selector.prefixlen_d;
1927 addr->sadb_address_reserved = 0;
1928 if (xp->family == AF_INET) {
1929 sin = (struct sockaddr_in *) (addr + 1);
1930 sin->sin_family = AF_INET;
1931 sin->sin_addr.s_addr = xp->selector.daddr.a4;
1932 sin->sin_port = xp->selector.dport;
1933 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
1934 }
1935#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1936 else if (xp->family == AF_INET6) {
1937 sin6 = (struct sockaddr_in6 *) (addr + 1);
1938 sin6->sin6_family = AF_INET6;
1939 sin6->sin6_port = xp->selector.dport;
1940 sin6->sin6_flowinfo = 0;
1941 memcpy(&sin6->sin6_addr, xp->selector.daddr.a6,
1942 sizeof(struct in6_addr));
1943 sin6->sin6_scope_id = 0;
1944 }
1945#endif
1946 else
1947 BUG();
1948
1949
1950 lifetime = (struct sadb_lifetime *) skb_put(skb,
1951 sizeof(struct sadb_lifetime));
1952 lifetime->sadb_lifetime_len =
1953 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
1954 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
1955 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.hard_packet_limit);
1956 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.hard_byte_limit);
1957 lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds;
1958 lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds;
1959
1960 lifetime = (struct sadb_lifetime *) skb_put(skb,
1961 sizeof(struct sadb_lifetime));
1962 lifetime->sadb_lifetime_len =
1963 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
1964 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
1965 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.soft_packet_limit);
1966 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.soft_byte_limit);
1967 lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds;
1968 lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds;
1969
1970 lifetime = (struct sadb_lifetime *) skb_put(skb,
1971 sizeof(struct sadb_lifetime));
1972 lifetime->sadb_lifetime_len =
1973 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
1974 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
1975 lifetime->sadb_lifetime_allocations = xp->curlft.packets;
1976 lifetime->sadb_lifetime_bytes = xp->curlft.bytes;
1977 lifetime->sadb_lifetime_addtime = xp->curlft.add_time;
1978 lifetime->sadb_lifetime_usetime = xp->curlft.use_time;
1979
1980 pol = (struct sadb_x_policy *) skb_put(skb, sizeof(struct sadb_x_policy));
1981 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
1982 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
1983 pol->sadb_x_policy_type = IPSEC_POLICY_DISCARD;
1984 if (xp->action == XFRM_POLICY_ALLOW) {
1985 if (xp->xfrm_nr)
1986 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
1987 else
1988 pol->sadb_x_policy_type = IPSEC_POLICY_NONE;
1989 }
1990 pol->sadb_x_policy_dir = dir+1;
1991 pol->sadb_x_policy_id = xp->index;
1992 pol->sadb_x_policy_priority = xp->priority;
1993
1994 for (i=0; i<xp->xfrm_nr; i++) {
1995 struct sadb_x_ipsecrequest *rq;
1996 struct xfrm_tmpl *t = xp->xfrm_vec + i;
1997 int req_size;
1998
1999 req_size = sizeof(struct sadb_x_ipsecrequest);
2000 if (t->mode)
2001 req_size += 2*socklen;
2002 else
2003 size -= 2*socklen;
2004 rq = (void*)skb_put(skb, req_size);
2005 pol->sadb_x_policy_len += req_size/8;
2006 memset(rq, 0, sizeof(*rq));
2007 rq->sadb_x_ipsecrequest_len = req_size;
2008 rq->sadb_x_ipsecrequest_proto = t->id.proto;
2009 rq->sadb_x_ipsecrequest_mode = t->mode+1;
2010 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE;
2011 if (t->reqid)
2012 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
2013 if (t->optional)
2014 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_USE;
2015 rq->sadb_x_ipsecrequest_reqid = t->reqid;
2016 if (t->mode) {
2017 switch (xp->family) {
2018 case AF_INET:
2019 sin = (void*)(rq+1);
2020 sin->sin_family = AF_INET;
2021 sin->sin_addr.s_addr = t->saddr.a4;
2022 sin->sin_port = 0;
2023 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
2024 sin++;
2025 sin->sin_family = AF_INET;
2026 sin->sin_addr.s_addr = t->id.daddr.a4;
2027 sin->sin_port = 0;
2028 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
2029 break;
2030#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2031 case AF_INET6:
2032 sin6 = (void*)(rq+1);
2033 sin6->sin6_family = AF_INET6;
2034 sin6->sin6_port = 0;
2035 sin6->sin6_flowinfo = 0;
2036 memcpy(&sin6->sin6_addr, t->saddr.a6,
2037 sizeof(struct in6_addr));
2038 sin6->sin6_scope_id = 0;
2039
2040 sin6++;
2041 sin6->sin6_family = AF_INET6;
2042 sin6->sin6_port = 0;
2043 sin6->sin6_flowinfo = 0;
2044 memcpy(&sin6->sin6_addr, t->id.daddr.a6,
2045 sizeof(struct in6_addr));
2046 sin6->sin6_scope_id = 0;
2047 break;
2048#endif
2049 default:
2050 break;
2051 }
2052 }
2053 }
2054
2055
2056 if ((xfrm_ctx = xp->security)) {
2057 int ctx_size = pfkey_xfrm_policy2sec_ctx_size(xp);
2058
2059 sec_ctx = (struct sadb_x_sec_ctx *) skb_put(skb, ctx_size);
2060 sec_ctx->sadb_x_sec_len = ctx_size / sizeof(uint64_t);
2061 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
2062 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
2063 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
2064 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
2065 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
2066 xfrm_ctx->ctx_len);
2067 }
2068
2069 hdr->sadb_msg_len = size / sizeof(uint64_t);
2070 hdr->sadb_msg_reserved = atomic_read(&xp->refcnt);
2071}
2072
2073static int key_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c)
2074{
2075 struct sk_buff *out_skb;
2076 struct sadb_msg *out_hdr;
2077 int err;
2078
2079 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2080 if (IS_ERR(out_skb)) {
2081 err = PTR_ERR(out_skb);
2082 goto out;
2083 }
2084 pfkey_xfrm_policy2msg(out_skb, xp, dir);
2085
2086 out_hdr = (struct sadb_msg *) out_skb->data;
2087 out_hdr->sadb_msg_version = PF_KEY_V2;
2088
2089 if (c->data.byid && c->event == XFRM_MSG_DELPOLICY)
2090 out_hdr->sadb_msg_type = SADB_X_SPDDELETE2;
2091 else
2092 out_hdr->sadb_msg_type = event2poltype(c->event);
2093 out_hdr->sadb_msg_errno = 0;
2094 out_hdr->sadb_msg_seq = c->seq;
2095 out_hdr->sadb_msg_pid = c->pid;
2096 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL);
2097out:
2098 return 0;
2099
2100}
2101
2102static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
2103{
2104 int err = 0;
2105 struct sadb_lifetime *lifetime;
2106 struct sadb_address *sa;
2107 struct sadb_x_policy *pol;
2108 struct xfrm_policy *xp;
2109 struct km_event c;
2110 struct sadb_x_sec_ctx *sec_ctx;
2111
2112 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2113 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
2114 !ext_hdrs[SADB_X_EXT_POLICY-1])
2115 return -EINVAL;
2116
2117 pol = ext_hdrs[SADB_X_EXT_POLICY-1];
2118 if (pol->sadb_x_policy_type > IPSEC_POLICY_IPSEC)
2119 return -EINVAL;
2120 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2121 return -EINVAL;
2122
2123 xp = xfrm_policy_alloc(GFP_KERNEL);
2124 if (xp == NULL)
2125 return -ENOBUFS;
2126
2127 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
2128 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
2129 xp->priority = pol->sadb_x_policy_priority;
2130
2131 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2132 xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
2133 if (!xp->family) {
2134 err = -EINVAL;
2135 goto out;
2136 }
2137 xp->selector.family = xp->family;
2138 xp->selector.prefixlen_s = sa->sadb_address_prefixlen;
2139 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2140 xp->selector.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2141 if (xp->selector.sport)
2142 xp->selector.sport_mask = ~0;
2143
2144 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1],
2145 pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr);
2146 xp->selector.prefixlen_d = sa->sadb_address_prefixlen;
2147
2148
2149
2150
2151 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2152
2153 xp->selector.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2154 if (xp->selector.dport)
2155 xp->selector.dport_mask = ~0;
2156
2157 sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1];
2158 if (sec_ctx != NULL) {
2159 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
2160
2161 if (!uctx) {
2162 err = -ENOBUFS;
2163 goto out;
2164 }
2165
2166 err = security_xfrm_policy_alloc(xp, uctx);
2167 kfree(uctx);
2168
2169 if (err)
2170 goto out;
2171 }
2172
2173 xp->lft.soft_byte_limit = XFRM_INF;
2174 xp->lft.hard_byte_limit = XFRM_INF;
2175 xp->lft.soft_packet_limit = XFRM_INF;
2176 xp->lft.hard_packet_limit = XFRM_INF;
2177 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD-1]) != NULL) {
2178 xp->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2179 xp->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2180 xp->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2181 xp->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2182 }
2183 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]) != NULL) {
2184 xp->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2185 xp->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2186 xp->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2187 xp->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2188 }
2189 xp->xfrm_nr = 0;
2190 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
2191 (err = parse_ipsecrequests(xp, pol)) < 0)
2192 goto out;
2193
2194 err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp,
2195 hdr->sadb_msg_type != SADB_X_SPDUPDATE);
2196
2197 if (err)
2198 goto out;
2199
2200 if (hdr->sadb_msg_type == SADB_X_SPDUPDATE)
2201 c.event = XFRM_MSG_UPDPOLICY;
2202 else
2203 c.event = XFRM_MSG_NEWPOLICY;
2204
2205 c.seq = hdr->sadb_msg_seq;
2206 c.pid = hdr->sadb_msg_pid;
2207
2208 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2209 xfrm_pol_put(xp);
2210 return 0;
2211
2212out:
2213 security_xfrm_policy_free(xp);
2214 kfree(xp);
2215 return err;
2216}
2217
2218static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
2219{
2220 int err;
2221 struct sadb_address *sa;
2222 struct sadb_x_policy *pol;
2223 struct xfrm_policy *xp, tmp;
2224 struct xfrm_selector sel;
2225 struct km_event c;
2226 struct sadb_x_sec_ctx *sec_ctx;
2227
2228 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2229 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
2230 !ext_hdrs[SADB_X_EXT_POLICY-1])
2231 return -EINVAL;
2232
2233 pol = ext_hdrs[SADB_X_EXT_POLICY-1];
2234 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2235 return -EINVAL;
2236
2237 memset(&sel, 0, sizeof(sel));
2238
2239 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2240 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2241 sel.prefixlen_s = sa->sadb_address_prefixlen;
2242 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2243 sel.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2244 if (sel.sport)
2245 sel.sport_mask = ~0;
2246
2247 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1],
2248 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2249 sel.prefixlen_d = sa->sadb_address_prefixlen;
2250 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2251 sel.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2252 if (sel.dport)
2253 sel.dport_mask = ~0;
2254
2255 sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1];
2256 memset(&tmp, 0, sizeof(struct xfrm_policy));
2257
2258 if (sec_ctx != NULL) {
2259 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
2260
2261 if (!uctx)
2262 return -ENOMEM;
2263
2264 err = security_xfrm_policy_alloc(&tmp, uctx);
2265 kfree(uctx);
2266
2267 if (err)
2268 return err;
2269 }
2270
2271 xp = xfrm_policy_bysel_ctx(pol->sadb_x_policy_dir-1, &sel, tmp.security, 1);
2272 security_xfrm_policy_free(&tmp);
2273 if (xp == NULL)
2274 return -ENOENT;
2275
2276 err = 0;
2277
2278 if ((err = security_xfrm_policy_delete(xp)))
2279 goto out;
2280 c.seq = hdr->sadb_msg_seq;
2281 c.pid = hdr->sadb_msg_pid;
2282 c.event = XFRM_MSG_DELPOLICY;
2283 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2284
2285out:
2286 xfrm_pol_put(xp);
2287 return err;
2288}
2289
2290static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, struct sadb_msg *hdr, int dir)
2291{
2292 int err;
2293 struct sk_buff *out_skb;
2294 struct sadb_msg *out_hdr;
2295 err = 0;
2296
2297 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2298 if (IS_ERR(out_skb)) {
2299 err = PTR_ERR(out_skb);
2300 goto out;
2301 }
2302 pfkey_xfrm_policy2msg(out_skb, xp, dir);
2303
2304 out_hdr = (struct sadb_msg *) out_skb->data;
2305 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
2306 out_hdr->sadb_msg_type = hdr->sadb_msg_type;
2307 out_hdr->sadb_msg_satype = 0;
2308 out_hdr->sadb_msg_errno = 0;
2309 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
2310 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
2311 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk);
2312 err = 0;
2313
2314out:
2315 return err;
2316}
2317
2318static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
2319{
2320 unsigned int dir;
2321 int err;
2322 struct sadb_x_policy *pol;
2323 struct xfrm_policy *xp;
2324 struct km_event c;
2325
2326 if ((pol = ext_hdrs[SADB_X_EXT_POLICY-1]) == NULL)
2327 return -EINVAL;
2328
2329 dir = xfrm_policy_id2dir(pol->sadb_x_policy_id);
2330 if (dir >= XFRM_POLICY_MAX)
2331 return -EINVAL;
2332
2333 xp = xfrm_policy_byid(dir, pol->sadb_x_policy_id,
2334 hdr->sadb_msg_type == SADB_X_SPDDELETE2);
2335 if (xp == NULL)
2336 return -ENOENT;
2337
2338 err = 0;
2339
2340 c.seq = hdr->sadb_msg_seq;
2341 c.pid = hdr->sadb_msg_pid;
2342 if (hdr->sadb_msg_type == SADB_X_SPDDELETE2) {
2343 c.data.byid = 1;
2344 c.event = XFRM_MSG_DELPOLICY;
2345 km_policy_notify(xp, dir, &c);
2346 } else {
2347 err = key_pol_get_resp(sk, xp, hdr, dir);
2348 }
2349
2350 xfrm_pol_put(xp);
2351 return err;
2352}
2353
2354static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr)
2355{
2356 struct pfkey_dump_data *data = ptr;
2357 struct sk_buff *out_skb;
2358 struct sadb_msg *out_hdr;
2359
2360 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2361 if (IS_ERR(out_skb))
2362 return PTR_ERR(out_skb);
2363
2364 pfkey_xfrm_policy2msg(out_skb, xp, dir);
2365
2366 out_hdr = (struct sadb_msg *) out_skb->data;
2367 out_hdr->sadb_msg_version = data->hdr->sadb_msg_version;
2368 out_hdr->sadb_msg_type = SADB_X_SPDDUMP;
2369 out_hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
2370 out_hdr->sadb_msg_errno = 0;
2371 out_hdr->sadb_msg_seq = count;
2372 out_hdr->sadb_msg_pid = data->hdr->sadb_msg_pid;
2373 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, data->sk);
2374 return 0;
2375}
2376
2377static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
2378{
2379 struct pfkey_dump_data data = { .skb = skb, .hdr = hdr, .sk = sk };
2380
2381 return xfrm_policy_walk(dump_sp, &data);
2382}
2383
2384static int key_notify_policy_flush(struct km_event *c)
2385{
2386 struct sk_buff *skb_out;
2387 struct sadb_msg *hdr;
2388
2389 skb_out = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
2390 if (!skb_out)
2391 return -ENOBUFS;
2392 hdr = (struct sadb_msg *) skb_put(skb_out, sizeof(struct sadb_msg));
2393 hdr->sadb_msg_type = SADB_X_SPDFLUSH;
2394 hdr->sadb_msg_seq = c->seq;
2395 hdr->sadb_msg_pid = c->pid;
2396 hdr->sadb_msg_version = PF_KEY_V2;
2397 hdr->sadb_msg_errno = (uint8_t) 0;
2398 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
2399 pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL);
2400 return 0;
2401
2402}
2403
2404static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
2405{
2406 struct km_event c;
2407
2408 xfrm_policy_flush();
2409 c.event = XFRM_MSG_FLUSHPOLICY;
2410 c.pid = hdr->sadb_msg_pid;
2411 c.seq = hdr->sadb_msg_seq;
2412 km_policy_notify(NULL, 0, &c);
2413
2414 return 0;
2415}
2416
2417typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb,
2418 struct sadb_msg *hdr, void **ext_hdrs);
2419static pfkey_handler pfkey_funcs[SADB_MAX + 1] = {
2420 [SADB_RESERVED] = pfkey_reserved,
2421 [SADB_GETSPI] = pfkey_getspi,
2422 [SADB_UPDATE] = pfkey_add,
2423 [SADB_ADD] = pfkey_add,
2424 [SADB_DELETE] = pfkey_delete,
2425 [SADB_GET] = pfkey_get,
2426 [SADB_ACQUIRE] = pfkey_acquire,
2427 [SADB_REGISTER] = pfkey_register,
2428 [SADB_EXPIRE] = NULL,
2429 [SADB_FLUSH] = pfkey_flush,
2430 [SADB_DUMP] = pfkey_dump,
2431 [SADB_X_PROMISC] = pfkey_promisc,
2432 [SADB_X_PCHANGE] = NULL,
2433 [SADB_X_SPDUPDATE] = pfkey_spdadd,
2434 [SADB_X_SPDADD] = pfkey_spdadd,
2435 [SADB_X_SPDDELETE] = pfkey_spddelete,
2436 [SADB_X_SPDGET] = pfkey_spdget,
2437 [SADB_X_SPDACQUIRE] = NULL,
2438 [SADB_X_SPDDUMP] = pfkey_spddump,
2439 [SADB_X_SPDFLUSH] = pfkey_spdflush,
2440 [SADB_X_SPDSETIDX] = pfkey_spdadd,
2441 [SADB_X_SPDDELETE2] = pfkey_spdget,
2442};
2443
2444static int pfkey_process(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr)
2445{
2446 void *ext_hdrs[SADB_EXT_MAX];
2447 int err;
2448
2449 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL,
2450 BROADCAST_PROMISC_ONLY, NULL);
2451
2452 memset(ext_hdrs, 0, sizeof(ext_hdrs));
2453 err = parse_exthdrs(skb, hdr, ext_hdrs);
2454 if (!err) {
2455 err = -EOPNOTSUPP;
2456 if (pfkey_funcs[hdr->sadb_msg_type])
2457 err = pfkey_funcs[hdr->sadb_msg_type](sk, skb, hdr, ext_hdrs);
2458 }
2459 return err;
2460}
2461
2462static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp)
2463{
2464 struct sadb_msg *hdr = NULL;
2465
2466 if (skb->len < sizeof(*hdr)) {
2467 *errp = -EMSGSIZE;
2468 } else {
2469 hdr = (struct sadb_msg *) skb->data;
2470 if (hdr->sadb_msg_version != PF_KEY_V2 ||
2471 hdr->sadb_msg_reserved != 0 ||
2472 (hdr->sadb_msg_type <= SADB_RESERVED ||
2473 hdr->sadb_msg_type > SADB_MAX)) {
2474 hdr = NULL;
2475 *errp = -EINVAL;
2476 } else if (hdr->sadb_msg_len != (skb->len /
2477 sizeof(uint64_t)) ||
2478 hdr->sadb_msg_len < (sizeof(struct sadb_msg) /
2479 sizeof(uint64_t))) {
2480 hdr = NULL;
2481 *errp = -EMSGSIZE;
2482 } else {
2483 *errp = 0;
2484 }
2485 }
2486 return hdr;
2487}
2488
2489static inline int aalg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
2490{
2491 return t->aalgos & (1 << d->desc.sadb_alg_id);
2492}
2493
2494static inline int ealg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
2495{
2496 return t->ealgos & (1 << d->desc.sadb_alg_id);
2497}
2498
2499static int count_ah_combs(struct xfrm_tmpl *t)
2500{
2501 int i, sz = 0;
2502
2503 for (i = 0; ; i++) {
2504 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2505 if (!aalg)
2506 break;
2507 if (aalg_tmpl_set(t, aalg) && aalg->available)
2508 sz += sizeof(struct sadb_comb);
2509 }
2510 return sz + sizeof(struct sadb_prop);
2511}
2512
2513static int count_esp_combs(struct xfrm_tmpl *t)
2514{
2515 int i, k, sz = 0;
2516
2517 for (i = 0; ; i++) {
2518 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2519 if (!ealg)
2520 break;
2521
2522 if (!(ealg_tmpl_set(t, ealg) && ealg->available))
2523 continue;
2524
2525 for (k = 1; ; k++) {
2526 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
2527 if (!aalg)
2528 break;
2529
2530 if (aalg_tmpl_set(t, aalg) && aalg->available)
2531 sz += sizeof(struct sadb_comb);
2532 }
2533 }
2534 return sz + sizeof(struct sadb_prop);
2535}
2536
2537static void dump_ah_combs(struct sk_buff *skb, struct xfrm_tmpl *t)
2538{
2539 struct sadb_prop *p;
2540 int i;
2541
2542 p = (struct sadb_prop*)skb_put(skb, sizeof(struct sadb_prop));
2543 p->sadb_prop_len = sizeof(struct sadb_prop)/8;
2544 p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
2545 p->sadb_prop_replay = 32;
2546 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2547
2548 for (i = 0; ; i++) {
2549 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2550 if (!aalg)
2551 break;
2552
2553 if (aalg_tmpl_set(t, aalg) && aalg->available) {
2554 struct sadb_comb *c;
2555 c = (struct sadb_comb*)skb_put(skb, sizeof(struct sadb_comb));
2556 memset(c, 0, sizeof(*c));
2557 p->sadb_prop_len += sizeof(struct sadb_comb)/8;
2558 c->sadb_comb_auth = aalg->desc.sadb_alg_id;
2559 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
2560 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
2561 c->sadb_comb_hard_addtime = 24*60*60;
2562 c->sadb_comb_soft_addtime = 20*60*60;
2563 c->sadb_comb_hard_usetime = 8*60*60;
2564 c->sadb_comb_soft_usetime = 7*60*60;
2565 }
2566 }
2567}
2568
2569static void dump_esp_combs(struct sk_buff *skb, struct xfrm_tmpl *t)
2570{
2571 struct sadb_prop *p;
2572 int i, k;
2573
2574 p = (struct sadb_prop*)skb_put(skb, sizeof(struct sadb_prop));
2575 p->sadb_prop_len = sizeof(struct sadb_prop)/8;
2576 p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
2577 p->sadb_prop_replay = 32;
2578 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2579
2580 for (i=0; ; i++) {
2581 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2582 if (!ealg)
2583 break;
2584
2585 if (!(ealg_tmpl_set(t, ealg) && ealg->available))
2586 continue;
2587
2588 for (k = 1; ; k++) {
2589 struct sadb_comb *c;
2590 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
2591 if (!aalg)
2592 break;
2593 if (!(aalg_tmpl_set(t, aalg) && aalg->available))
2594 continue;
2595 c = (struct sadb_comb*)skb_put(skb, sizeof(struct sadb_comb));
2596 memset(c, 0, sizeof(*c));
2597 p->sadb_prop_len += sizeof(struct sadb_comb)/8;
2598 c->sadb_comb_auth = aalg->desc.sadb_alg_id;
2599 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
2600 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
2601 c->sadb_comb_encrypt = ealg->desc.sadb_alg_id;
2602 c->sadb_comb_encrypt_minbits = ealg->desc.sadb_alg_minbits;
2603 c->sadb_comb_encrypt_maxbits = ealg->desc.sadb_alg_maxbits;
2604 c->sadb_comb_hard_addtime = 24*60*60;
2605 c->sadb_comb_soft_addtime = 20*60*60;
2606 c->sadb_comb_hard_usetime = 8*60*60;
2607 c->sadb_comb_soft_usetime = 7*60*60;
2608 }
2609 }
2610}
2611
2612static int key_notify_policy_expire(struct xfrm_policy *xp, struct km_event *c)
2613{
2614 return 0;
2615}
2616
2617static int key_notify_sa_expire(struct xfrm_state *x, struct km_event *c)
2618{
2619 struct sk_buff *out_skb;
2620 struct sadb_msg *out_hdr;
2621 int hard;
2622 int hsc;
2623
2624 hard = c->data.hard;
2625 if (hard)
2626 hsc = 2;
2627 else
2628 hsc = 1;
2629
2630 out_skb = pfkey_xfrm_state2msg(x, 0, hsc);
2631 if (IS_ERR(out_skb))
2632 return PTR_ERR(out_skb);
2633
2634 out_hdr = (struct sadb_msg *) out_skb->data;
2635 out_hdr->sadb_msg_version = PF_KEY_V2;
2636 out_hdr->sadb_msg_type = SADB_EXPIRE;
2637 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
2638 out_hdr->sadb_msg_errno = 0;
2639 out_hdr->sadb_msg_reserved = 0;
2640 out_hdr->sadb_msg_seq = 0;
2641 out_hdr->sadb_msg_pid = 0;
2642
2643 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL);
2644 return 0;
2645}
2646
2647static int pfkey_send_notify(struct xfrm_state *x, struct km_event *c)
2648{
2649 switch (c->event) {
2650 case XFRM_MSG_EXPIRE:
2651 return key_notify_sa_expire(x, c);
2652 case XFRM_MSG_DELSA:
2653 case XFRM_MSG_NEWSA:
2654 case XFRM_MSG_UPDSA:
2655 return key_notify_sa(x, c);
2656 case XFRM_MSG_FLUSHSA:
2657 return key_notify_sa_flush(c);
2658 case XFRM_MSG_NEWAE:
2659 break;
2660 default:
2661 printk("pfkey: Unknown SA event %d\n", c->event);
2662 break;
2663 }
2664
2665 return 0;
2666}
2667
2668static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
2669{
2670 switch (c->event) {
2671 case XFRM_MSG_POLEXPIRE:
2672 return key_notify_policy_expire(xp, c);
2673 case XFRM_MSG_DELPOLICY:
2674 case XFRM_MSG_NEWPOLICY:
2675 case XFRM_MSG_UPDPOLICY:
2676 return key_notify_policy(xp, dir, c);
2677 case XFRM_MSG_FLUSHPOLICY:
2678 return key_notify_policy_flush(c);
2679 default:
2680 printk("pfkey: Unknown policy event %d\n", c->event);
2681 break;
2682 }
2683
2684 return 0;
2685}
2686
2687static u32 get_acqseq(void)
2688{
2689 u32 res;
2690 static u32 acqseq;
2691 static DEFINE_SPINLOCK(acqseq_lock);
2692
2693 spin_lock_bh(&acqseq_lock);
2694 res = (++acqseq ? : ++acqseq);
2695 spin_unlock_bh(&acqseq_lock);
2696 return res;
2697}
2698
2699static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp, int dir)
2700{
2701 struct sk_buff *skb;
2702 struct sadb_msg *hdr;
2703 struct sadb_address *addr;
2704 struct sadb_x_policy *pol;
2705 struct sockaddr_in *sin;
2706#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2707 struct sockaddr_in6 *sin6;
2708#endif
2709 int sockaddr_size;
2710 int size;
2711
2712 sockaddr_size = pfkey_sockaddr_size(x->props.family);
2713 if (!sockaddr_size)
2714 return -EINVAL;
2715
2716 size = sizeof(struct sadb_msg) +
2717 (sizeof(struct sadb_address) * 2) +
2718 (sockaddr_size * 2) +
2719 sizeof(struct sadb_x_policy);
2720
2721 if (x->id.proto == IPPROTO_AH)
2722 size += count_ah_combs(t);
2723 else if (x->id.proto == IPPROTO_ESP)
2724 size += count_esp_combs(t);
2725
2726 skb = alloc_skb(size + 16, GFP_ATOMIC);
2727 if (skb == NULL)
2728 return -ENOMEM;
2729
2730 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
2731 hdr->sadb_msg_version = PF_KEY_V2;
2732 hdr->sadb_msg_type = SADB_ACQUIRE;
2733 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
2734 hdr->sadb_msg_len = size / sizeof(uint64_t);
2735 hdr->sadb_msg_errno = 0;
2736 hdr->sadb_msg_reserved = 0;
2737 hdr->sadb_msg_seq = x->km.seq = get_acqseq();
2738 hdr->sadb_msg_pid = 0;
2739
2740
2741 addr = (struct sadb_address*) skb_put(skb,
2742 sizeof(struct sadb_address)+sockaddr_size);
2743 addr->sadb_address_len =
2744 (sizeof(struct sadb_address)+sockaddr_size)/
2745 sizeof(uint64_t);
2746 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
2747 addr->sadb_address_proto = 0;
2748 addr->sadb_address_reserved = 0;
2749 if (x->props.family == AF_INET) {
2750 addr->sadb_address_prefixlen = 32;
2751
2752 sin = (struct sockaddr_in *) (addr + 1);
2753 sin->sin_family = AF_INET;
2754 sin->sin_addr.s_addr = x->props.saddr.a4;
2755 sin->sin_port = 0;
2756 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
2757 }
2758#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2759 else if (x->props.family == AF_INET6) {
2760 addr->sadb_address_prefixlen = 128;
2761
2762 sin6 = (struct sockaddr_in6 *) (addr + 1);
2763 sin6->sin6_family = AF_INET6;
2764 sin6->sin6_port = 0;
2765 sin6->sin6_flowinfo = 0;
2766 memcpy(&sin6->sin6_addr,
2767 x->props.saddr.a6, sizeof(struct in6_addr));
2768 sin6->sin6_scope_id = 0;
2769 }
2770#endif
2771 else
2772 BUG();
2773
2774
2775 addr = (struct sadb_address*) skb_put(skb,
2776 sizeof(struct sadb_address)+sockaddr_size);
2777 addr->sadb_address_len =
2778 (sizeof(struct sadb_address)+sockaddr_size)/
2779 sizeof(uint64_t);
2780 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
2781 addr->sadb_address_proto = 0;
2782 addr->sadb_address_reserved = 0;
2783 if (x->props.family == AF_INET) {
2784 addr->sadb_address_prefixlen = 32;
2785
2786 sin = (struct sockaddr_in *) (addr + 1);
2787 sin->sin_family = AF_INET;
2788 sin->sin_addr.s_addr = x->id.daddr.a4;
2789 sin->sin_port = 0;
2790 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
2791 }
2792#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2793 else if (x->props.family == AF_INET6) {
2794 addr->sadb_address_prefixlen = 128;
2795
2796 sin6 = (struct sockaddr_in6 *) (addr + 1);
2797 sin6->sin6_family = AF_INET6;
2798 sin6->sin6_port = 0;
2799 sin6->sin6_flowinfo = 0;
2800 memcpy(&sin6->sin6_addr,
2801 x->id.daddr.a6, sizeof(struct in6_addr));
2802 sin6->sin6_scope_id = 0;
2803 }
2804#endif
2805 else
2806 BUG();
2807
2808 pol = (struct sadb_x_policy *) skb_put(skb, sizeof(struct sadb_x_policy));
2809 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
2810 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
2811 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
2812 pol->sadb_x_policy_dir = dir+1;
2813 pol->sadb_x_policy_id = xp->index;
2814
2815
2816 if (x->id.proto == IPPROTO_AH)
2817 dump_ah_combs(skb, t);
2818 else if (x->id.proto == IPPROTO_ESP)
2819 dump_esp_combs(skb, t);
2820
2821 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL);
2822}
2823
2824static struct xfrm_policy *pfkey_compile_policy(u16 family, int opt,
2825 u8 *data, int len, int *dir)
2826{
2827 struct xfrm_policy *xp;
2828 struct sadb_x_policy *pol = (struct sadb_x_policy*)data;
2829 struct sadb_x_sec_ctx *sec_ctx;
2830
2831 switch (family) {
2832 case AF_INET:
2833 if (opt != IP_IPSEC_POLICY) {
2834 *dir = -EOPNOTSUPP;
2835 return NULL;
2836 }
2837 break;
2838#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2839 case AF_INET6:
2840 if (opt != IPV6_IPSEC_POLICY) {
2841 *dir = -EOPNOTSUPP;
2842 return NULL;
2843 }
2844 break;
2845#endif
2846 default:
2847 *dir = -EINVAL;
2848 return NULL;
2849 }
2850
2851 *dir = -EINVAL;
2852
2853 if (len < sizeof(struct sadb_x_policy) ||
2854 pol->sadb_x_policy_len*8 > len ||
2855 pol->sadb_x_policy_type > IPSEC_POLICY_BYPASS ||
2856 (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir > IPSEC_DIR_OUTBOUND))
2857 return NULL;
2858
2859 xp = xfrm_policy_alloc(GFP_ATOMIC);
2860 if (xp == NULL) {
2861 *dir = -ENOBUFS;
2862 return NULL;
2863 }
2864
2865 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
2866 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
2867
2868 xp->lft.soft_byte_limit = XFRM_INF;
2869 xp->lft.hard_byte_limit = XFRM_INF;
2870 xp->lft.soft_packet_limit = XFRM_INF;
2871 xp->lft.hard_packet_limit = XFRM_INF;
2872 xp->family = family;
2873
2874 xp->xfrm_nr = 0;
2875 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
2876 (*dir = parse_ipsecrequests(xp, pol)) < 0)
2877 goto out;
2878
2879
2880 if (len >= (pol->sadb_x_policy_len*8 +
2881 sizeof(struct sadb_x_sec_ctx))) {
2882 char *p = (char *)pol;
2883 struct xfrm_user_sec_ctx *uctx;
2884
2885 p += pol->sadb_x_policy_len*8;
2886 sec_ctx = (struct sadb_x_sec_ctx *)p;
2887 if (len < pol->sadb_x_policy_len*8 +
2888 sec_ctx->sadb_x_sec_len)
2889 goto out;
2890 if ((*dir = verify_sec_ctx_len(p)))
2891 goto out;
2892 uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
2893 *dir = security_xfrm_policy_alloc(xp, uctx);
2894 kfree(uctx);
2895
2896 if (*dir)
2897 goto out;
2898 }
2899
2900 *dir = pol->sadb_x_policy_dir-1;
2901 return xp;
2902
2903out:
2904 security_xfrm_policy_free(xp);
2905 kfree(xp);
2906 return NULL;
2907}
2908
2909static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport)
2910{
2911 struct sk_buff *skb;
2912 struct sadb_msg *hdr;
2913 struct sadb_sa *sa;
2914 struct sadb_address *addr;
2915 struct sadb_x_nat_t_port *n_port;
2916 struct sockaddr_in *sin;
2917#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2918 struct sockaddr_in6 *sin6;
2919#endif
2920 int sockaddr_size;
2921 int size;
2922 __u8 satype = (x->id.proto == IPPROTO_ESP ? SADB_SATYPE_ESP : 0);
2923 struct xfrm_encap_tmpl *natt = NULL;
2924
2925 sockaddr_size = pfkey_sockaddr_size(x->props.family);
2926 if (!sockaddr_size)
2927 return -EINVAL;
2928
2929 if (!satype)
2930 return -EINVAL;
2931
2932 if (!x->encap)
2933 return -EINVAL;
2934
2935 natt = x->encap;
2936
2937
2938
2939
2940
2941
2942
2943 size = sizeof(struct sadb_msg) +
2944 sizeof(struct sadb_sa) +
2945 (sizeof(struct sadb_address) * 2) +
2946 (sockaddr_size * 2) +
2947 (sizeof(struct sadb_x_nat_t_port) * 2);
2948
2949 skb = alloc_skb(size + 16, GFP_ATOMIC);
2950 if (skb == NULL)
2951 return -ENOMEM;
2952
2953 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
2954 hdr->sadb_msg_version = PF_KEY_V2;
2955 hdr->sadb_msg_type = SADB_X_NAT_T_NEW_MAPPING;
2956 hdr->sadb_msg_satype = satype;
2957 hdr->sadb_msg_len = size / sizeof(uint64_t);
2958 hdr->sadb_msg_errno = 0;
2959 hdr->sadb_msg_reserved = 0;
2960 hdr->sadb_msg_seq = x->km.seq = get_acqseq();
2961 hdr->sadb_msg_pid = 0;
2962
2963
2964 sa = (struct sadb_sa *) skb_put(skb, sizeof(struct sadb_sa));
2965 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
2966 sa->sadb_sa_exttype = SADB_EXT_SA;
2967 sa->sadb_sa_spi = x->id.spi;
2968 sa->sadb_sa_replay = 0;
2969 sa->sadb_sa_state = 0;
2970 sa->sadb_sa_auth = 0;
2971 sa->sadb_sa_encrypt = 0;
2972 sa->sadb_sa_flags = 0;
2973
2974
2975 addr = (struct sadb_address*)
2976 skb_put(skb, sizeof(struct sadb_address)+sockaddr_size);
2977 addr->sadb_address_len =
2978 (sizeof(struct sadb_address)+sockaddr_size)/
2979 sizeof(uint64_t);
2980 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
2981 addr->sadb_address_proto = 0;
2982 addr->sadb_address_reserved = 0;
2983 if (x->props.family == AF_INET) {
2984 addr->sadb_address_prefixlen = 32;
2985
2986 sin = (struct sockaddr_in *) (addr + 1);
2987 sin->sin_family = AF_INET;
2988 sin->sin_addr.s_addr = x->props.saddr.a4;
2989 sin->sin_port = 0;
2990 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
2991 }
2992#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2993 else if (x->props.family == AF_INET6) {
2994 addr->sadb_address_prefixlen = 128;
2995
2996 sin6 = (struct sockaddr_in6 *) (addr + 1);
2997 sin6->sin6_family = AF_INET6;
2998 sin6->sin6_port = 0;
2999 sin6->sin6_flowinfo = 0;
3000 memcpy(&sin6->sin6_addr,
3001 x->props.saddr.a6, sizeof(struct in6_addr));
3002 sin6->sin6_scope_id = 0;
3003 }
3004#endif
3005 else
3006 BUG();
3007
3008
3009 n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port));
3010 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
3011 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
3012 n_port->sadb_x_nat_t_port_port = natt->encap_sport;
3013 n_port->sadb_x_nat_t_port_reserved = 0;
3014
3015
3016 addr = (struct sadb_address*)
3017 skb_put(skb, sizeof(struct sadb_address)+sockaddr_size);
3018 addr->sadb_address_len =
3019 (sizeof(struct sadb_address)+sockaddr_size)/
3020 sizeof(uint64_t);
3021 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3022 addr->sadb_address_proto = 0;
3023 addr->sadb_address_reserved = 0;
3024 if (x->props.family == AF_INET) {
3025 addr->sadb_address_prefixlen = 32;
3026
3027 sin = (struct sockaddr_in *) (addr + 1);
3028 sin->sin_family = AF_INET;
3029 sin->sin_addr.s_addr = ipaddr->a4;
3030 sin->sin_port = 0;
3031 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
3032 }
3033#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3034 else if (x->props.family == AF_INET6) {
3035 addr->sadb_address_prefixlen = 128;
3036
3037 sin6 = (struct sockaddr_in6 *) (addr + 1);
3038 sin6->sin6_family = AF_INET6;
3039 sin6->sin6_port = 0;
3040 sin6->sin6_flowinfo = 0;
3041 memcpy(&sin6->sin6_addr, &ipaddr->a6, sizeof(struct in6_addr));
3042 sin6->sin6_scope_id = 0;
3043 }
3044#endif
3045 else
3046 BUG();
3047
3048
3049 n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port));
3050 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
3051 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
3052 n_port->sadb_x_nat_t_port_port = sport;
3053 n_port->sadb_x_nat_t_port_reserved = 0;
3054
3055 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL);
3056}
3057
3058static int pfkey_sendmsg(struct kiocb *kiocb,
3059 struct socket *sock, struct msghdr *msg, size_t len)
3060{
3061 struct sock *sk = sock->sk;
3062 struct sk_buff *skb = NULL;
3063 struct sadb_msg *hdr = NULL;
3064 int err;
3065
3066 err = -EOPNOTSUPP;
3067 if (msg->msg_flags & MSG_OOB)
3068 goto out;
3069
3070 err = -EMSGSIZE;
3071 if ((unsigned)len > sk->sk_sndbuf - 32)
3072 goto out;
3073
3074 err = -ENOBUFS;
3075 skb = alloc_skb(len, GFP_KERNEL);
3076 if (skb == NULL)
3077 goto out;
3078
3079 err = -EFAULT;
3080 if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len))
3081 goto out;
3082
3083 hdr = pfkey_get_base_msg(skb, &err);
3084 if (!hdr)
3085 goto out;
3086
3087 mutex_lock(&xfrm_cfg_mutex);
3088 err = pfkey_process(sk, skb, hdr);
3089 mutex_unlock(&xfrm_cfg_mutex);
3090
3091out:
3092 if (err && hdr && pfkey_error(hdr, err, sk) == 0)
3093 err = 0;
3094 if (skb)
3095 kfree_skb(skb);
3096
3097 return err ? : len;
3098}
3099
3100static int pfkey_recvmsg(struct kiocb *kiocb,
3101 struct socket *sock, struct msghdr *msg, size_t len,
3102 int flags)
3103{
3104 struct sock *sk = sock->sk;
3105 struct sk_buff *skb;
3106 int copied, err;
3107
3108 err = -EINVAL;
3109 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
3110 goto out;
3111
3112 msg->msg_namelen = 0;
3113 skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err);
3114 if (skb == NULL)
3115 goto out;
3116
3117 copied = skb->len;
3118 if (copied > len) {
3119 msg->msg_flags |= MSG_TRUNC;
3120 copied = len;
3121 }
3122
3123 skb->h.raw = skb->data;
3124 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
3125 if (err)
3126 goto out_free;
3127
3128 sock_recv_timestamp(msg, sk, skb);
3129
3130 err = (flags & MSG_TRUNC) ? skb->len : copied;
3131
3132out_free:
3133 skb_free_datagram(sk, skb);
3134out:
3135 return err;
3136}
3137
3138static const struct proto_ops pfkey_ops = {
3139 .family = PF_KEY,
3140 .owner = THIS_MODULE,
3141
3142 .bind = sock_no_bind,
3143 .connect = sock_no_connect,
3144 .socketpair = sock_no_socketpair,
3145 .accept = sock_no_accept,
3146 .getname = sock_no_getname,
3147 .ioctl = sock_no_ioctl,
3148 .listen = sock_no_listen,
3149 .shutdown = sock_no_shutdown,
3150 .setsockopt = sock_no_setsockopt,
3151 .getsockopt = sock_no_getsockopt,
3152 .mmap = sock_no_mmap,
3153 .sendpage = sock_no_sendpage,
3154
3155
3156 .release = pfkey_release,
3157 .poll = datagram_poll,
3158 .sendmsg = pfkey_sendmsg,
3159 .recvmsg = pfkey_recvmsg,
3160};
3161
3162static struct net_proto_family pfkey_family_ops = {
3163 .family = PF_KEY,
3164 .create = pfkey_create,
3165 .owner = THIS_MODULE,
3166};
3167
3168#ifdef CONFIG_PROC_FS
3169static int pfkey_read_proc(char *buffer, char **start, off_t offset,
3170 int length, int *eof, void *data)
3171{
3172 off_t pos = 0;
3173 off_t begin = 0;
3174 int len = 0;
3175 struct sock *s;
3176 struct hlist_node *node;
3177
3178 len += sprintf(buffer,"sk RefCnt Rmem Wmem User Inode\n");
3179
3180 read_lock(&pfkey_table_lock);
3181
3182 sk_for_each(s, node, &pfkey_table) {
3183 len += sprintf(buffer+len,"%p %-6d %-6u %-6u %-6u %-6lu",
3184 s,
3185 atomic_read(&s->sk_refcnt),
3186 atomic_read(&s->sk_rmem_alloc),
3187 atomic_read(&s->sk_wmem_alloc),
3188 sock_i_uid(s),
3189 sock_i_ino(s)
3190 );
3191
3192 buffer[len++] = '\n';
3193
3194 pos = begin + len;
3195 if (pos < offset) {
3196 len = 0;
3197 begin = pos;
3198 }
3199 if(pos > offset + length)
3200 goto done;
3201 }
3202 *eof = 1;
3203
3204done:
3205 read_unlock(&pfkey_table_lock);
3206
3207 *start = buffer + (offset - begin);
3208 len -= (offset - begin);
3209
3210 if (len > length)
3211 len = length;
3212 if (len < 0)
3213 len = 0;
3214
3215 return len;
3216}
3217#endif
3218
3219static struct xfrm_mgr pfkeyv2_mgr =
3220{
3221 .id = "pfkeyv2",
3222 .notify = pfkey_send_notify,
3223 .acquire = pfkey_send_acquire,
3224 .compile_policy = pfkey_compile_policy,
3225 .new_mapping = pfkey_send_new_mapping,
3226 .notify_policy = pfkey_send_policy_notify,
3227};
3228
3229static void __exit ipsec_pfkey_exit(void)
3230{
3231 xfrm_unregister_km(&pfkeyv2_mgr);
3232 remove_proc_entry("net/pfkey", NULL);
3233 sock_unregister(PF_KEY);
3234 proto_unregister(&key_proto);
3235}
3236
3237static int __init ipsec_pfkey_init(void)
3238{
3239 int err = proto_register(&key_proto, 0);
3240
3241 if (err != 0)
3242 goto out;
3243
3244 err = sock_register(&pfkey_family_ops);
3245 if (err != 0)
3246 goto out_unregister_key_proto;
3247#ifdef CONFIG_PROC_FS
3248 err = -ENOMEM;
3249 if (create_proc_read_entry("net/pfkey", 0, NULL, pfkey_read_proc, NULL) == NULL)
3250 goto out_sock_unregister;
3251#endif
3252 err = xfrm_register_km(&pfkeyv2_mgr);
3253 if (err != 0)
3254 goto out_remove_proc_entry;
3255out:
3256 return err;
3257out_remove_proc_entry:
3258#ifdef CONFIG_PROC_FS
3259 remove_proc_entry("net/pfkey", NULL);
3260out_sock_unregister:
3261#endif
3262 sock_unregister(PF_KEY);
3263out_unregister_key_proto:
3264 proto_unregister(&key_proto);
3265 goto out;
3266}
3267
3268module_init(ipsec_pfkey_init);
3269module_exit(ipsec_pfkey_exit);
3270MODULE_LICENSE("GPL");
3271MODULE_ALIAS_NETPROTO(PF_KEY);
3272
