1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17#include <linux/capability.h>
18#include <linux/module.h>
19#include <linux/kernel.h>
20#include <linux/socket.h>
21#include <linux/pfkeyv2.h>
22#include <linux/ipsec.h>
23#include <linux/skbuff.h>
24#include <linux/rtnetlink.h>
25#include <linux/in.h>
26#include <linux/in6.h>
27#include <linux/proc_fs.h>
28#include <linux/init.h>
29#include <net/net_namespace.h>
30#include <net/netns/generic.h>
31#include <net/xfrm.h>
32
33#include <net/sock.h>
34
35#define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x))
36#define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x))
37
38static int pfkey_net_id;
39struct netns_pfkey {
40
41 struct hlist_head table;
42 atomic_t socks_nr;
43};
44static DECLARE_WAIT_QUEUE_HEAD(pfkey_table_wait);
45static DEFINE_RWLOCK(pfkey_table_lock);
46static atomic_t pfkey_table_users = ATOMIC_INIT(0);
47
48struct pfkey_sock {
49
50 struct sock sk;
51 int registered;
52 int promisc;
53
54 struct {
55 uint8_t msg_version;
56 uint32_t msg_pid;
57 int (*dump)(struct pfkey_sock *sk);
58 void (*done)(struct pfkey_sock *sk);
59 union {
60 struct xfrm_policy_walk policy;
61 struct xfrm_state_walk state;
62 } u;
63 struct sk_buff *skb;
64 } dump;
65};
66
67static inline struct pfkey_sock *pfkey_sk(struct sock *sk)
68{
69 return (struct pfkey_sock *)sk;
70}
71
72static int pfkey_can_dump(struct sock *sk)
73{
74 if (3 * atomic_read(&sk->sk_rmem_alloc) <= 2 * sk->sk_rcvbuf)
75 return 1;
76 return 0;
77}
78
79static void pfkey_terminate_dump(struct pfkey_sock *pfk)
80{
81 if (pfk->dump.dump) {
82 if (pfk->dump.skb) {
83 kfree_skb(pfk->dump.skb);
84 pfk->dump.skb = NULL;
85 }
86 pfk->dump.done(pfk);
87 pfk->dump.dump = NULL;
88 pfk->dump.done = NULL;
89 }
90}
91
92static void pfkey_sock_destruct(struct sock *sk)
93{
94 struct net *net = sock_net(sk);
95 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
96
97 pfkey_terminate_dump(pfkey_sk(sk));
98 skb_queue_purge(&sk->sk_receive_queue);
99
100 if (!sock_flag(sk, SOCK_DEAD)) {
101 printk("Attempt to release alive pfkey socket: %p\n", sk);
102 return;
103 }
104
105 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
106 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
107
108 atomic_dec(&net_pfkey->socks_nr);
109}
110
111static void pfkey_table_grab(void)
112{
113 write_lock_bh(&pfkey_table_lock);
114
115 if (atomic_read(&pfkey_table_users)) {
116 DECLARE_WAITQUEUE(wait, current);
117
118 add_wait_queue_exclusive(&pfkey_table_wait, &wait);
119 for(;;) {
120 set_current_state(TASK_UNINTERRUPTIBLE);
121 if (atomic_read(&pfkey_table_users) == 0)
122 break;
123 write_unlock_bh(&pfkey_table_lock);
124 schedule();
125 write_lock_bh(&pfkey_table_lock);
126 }
127
128 __set_current_state(TASK_RUNNING);
129 remove_wait_queue(&pfkey_table_wait, &wait);
130 }
131}
132
133static __inline__ void pfkey_table_ungrab(void)
134{
135 write_unlock_bh(&pfkey_table_lock);
136 wake_up(&pfkey_table_wait);
137}
138
139static __inline__ void pfkey_lock_table(void)
140{
141
142
143 read_lock(&pfkey_table_lock);
144 atomic_inc(&pfkey_table_users);
145 read_unlock(&pfkey_table_lock);
146}
147
148static __inline__ void pfkey_unlock_table(void)
149{
150 if (atomic_dec_and_test(&pfkey_table_users))
151 wake_up(&pfkey_table_wait);
152}
153
154
155static const struct proto_ops pfkey_ops;
156
157static void pfkey_insert(struct sock *sk)
158{
159 struct net *net = sock_net(sk);
160 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
161
162 pfkey_table_grab();
163 sk_add_node(sk, &net_pfkey->table);
164 pfkey_table_ungrab();
165}
166
167static void pfkey_remove(struct sock *sk)
168{
169 pfkey_table_grab();
170 sk_del_node_init(sk);
171 pfkey_table_ungrab();
172}
173
174static struct proto key_proto = {
175 .name = "KEY",
176 .owner = THIS_MODULE,
177 .obj_size = sizeof(struct pfkey_sock),
178};
179
180static int pfkey_create(struct net *net, struct socket *sock, int protocol)
181{
182 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
183 struct sock *sk;
184 int err;
185
186 if (!capable(CAP_NET_ADMIN))
187 return -EPERM;
188 if (sock->type != SOCK_RAW)
189 return -ESOCKTNOSUPPORT;
190 if (protocol != PF_KEY_V2)
191 return -EPROTONOSUPPORT;
192
193 err = -ENOMEM;
194 sk = sk_alloc(net, PF_KEY, GFP_KERNEL, &key_proto);
195 if (sk == NULL)
196 goto out;
197
198 sock->ops = &pfkey_ops;
199 sock_init_data(sock, sk);
200
201 sk->sk_family = PF_KEY;
202 sk->sk_destruct = pfkey_sock_destruct;
203
204 atomic_inc(&net_pfkey->socks_nr);
205
206 pfkey_insert(sk);
207
208 return 0;
209out:
210 return err;
211}
212
213static int pfkey_release(struct socket *sock)
214{
215 struct sock *sk = sock->sk;
216
217 if (!sk)
218 return 0;
219
220 pfkey_remove(sk);
221
222 sock_orphan(sk);
223 sock->sk = NULL;
224 skb_queue_purge(&sk->sk_write_queue);
225 sock_put(sk);
226
227 return 0;
228}
229
230static int pfkey_broadcast_one(struct sk_buff *skb, struct sk_buff **skb2,
231 gfp_t allocation, struct sock *sk)
232{
233 int err = -ENOBUFS;
234
235 sock_hold(sk);
236 if (*skb2 == NULL) {
237 if (atomic_read(&skb->users) != 1) {
238 *skb2 = skb_clone(skb, allocation);
239 } else {
240 *skb2 = skb;
241 atomic_inc(&skb->users);
242 }
243 }
244 if (*skb2 != NULL) {
245 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) {
246 skb_orphan(*skb2);
247 skb_set_owner_r(*skb2, sk);
248 skb_queue_tail(&sk->sk_receive_queue, *skb2);
249 sk->sk_data_ready(sk, (*skb2)->len);
250 *skb2 = NULL;
251 err = 0;
252 }
253 }
254 sock_put(sk);
255 return err;
256}
257
258
259#define BROADCAST_ALL 0
260#define BROADCAST_ONE 1
261#define BROADCAST_REGISTERED 2
262#define BROADCAST_PROMISC_ONLY 4
263static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
264 int broadcast_flags, struct sock *one_sk,
265 struct net *net)
266{
267 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
268 struct sock *sk;
269 struct hlist_node *node;
270 struct sk_buff *skb2 = NULL;
271 int err = -ESRCH;
272
273
274
275
276 if (!skb)
277 return -ENOMEM;
278
279 pfkey_lock_table();
280 sk_for_each(sk, node, &net_pfkey->table) {
281 struct pfkey_sock *pfk = pfkey_sk(sk);
282 int err2;
283
284
285
286
287
288 if (pfk->promisc)
289 pfkey_broadcast_one(skb, &skb2, allocation, sk);
290
291
292 if (sk == one_sk)
293 continue;
294 if (broadcast_flags != BROADCAST_ALL) {
295 if (broadcast_flags & BROADCAST_PROMISC_ONLY)
296 continue;
297 if ((broadcast_flags & BROADCAST_REGISTERED) &&
298 !pfk->registered)
299 continue;
300 if (broadcast_flags & BROADCAST_ONE)
301 continue;
302 }
303
304 err2 = pfkey_broadcast_one(skb, &skb2, allocation, sk);
305
306
307
308 if ((broadcast_flags & BROADCAST_REGISTERED) && err)
309 err = err2;
310 }
311 pfkey_unlock_table();
312
313 if (one_sk != NULL)
314 err = pfkey_broadcast_one(skb, &skb2, allocation, one_sk);
315
316 if (skb2)
317 kfree_skb(skb2);
318 kfree_skb(skb);
319 return err;
320}
321
322static int pfkey_do_dump(struct pfkey_sock *pfk)
323{
324 struct sadb_msg *hdr;
325 int rc;
326
327 rc = pfk->dump.dump(pfk);
328 if (rc == -ENOBUFS)
329 return 0;
330
331 if (pfk->dump.skb) {
332 if (!pfkey_can_dump(&pfk->sk))
333 return 0;
334
335 hdr = (struct sadb_msg *) pfk->dump.skb->data;
336 hdr->sadb_msg_seq = 0;
337 hdr->sadb_msg_errno = rc;
338 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
339 &pfk->sk, sock_net(&pfk->sk));
340 pfk->dump.skb = NULL;
341 }
342
343 pfkey_terminate_dump(pfk);
344 return rc;
345}
346
347static inline void pfkey_hdr_dup(struct sadb_msg *new, struct sadb_msg *orig)
348{
349 *new = *orig;
350}
351
352static int pfkey_error(struct sadb_msg *orig, int err, struct sock *sk)
353{
354 struct sk_buff *skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_KERNEL);
355 struct sadb_msg *hdr;
356
357 if (!skb)
358 return -ENOBUFS;
359
360
361
362
363 err = -err;
364 if (err == ERESTARTSYS ||
365 err == ERESTARTNOHAND ||
366 err == ERESTARTNOINTR)
367 err = EINTR;
368 if (err >= 512)
369 err = EINVAL;
370 BUG_ON(err <= 0 || err >= 256);
371
372 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
373 pfkey_hdr_dup(hdr, orig);
374 hdr->sadb_msg_errno = (uint8_t) err;
375 hdr->sadb_msg_len = (sizeof(struct sadb_msg) /
376 sizeof(uint64_t));
377
378 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ONE, sk, sock_net(sk));
379
380 return 0;
381}
382
383static u8 sadb_ext_min_len[] = {
384 [SADB_EXT_RESERVED] = (u8) 0,
385 [SADB_EXT_SA] = (u8) sizeof(struct sadb_sa),
386 [SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime),
387 [SADB_EXT_LIFETIME_HARD] = (u8) sizeof(struct sadb_lifetime),
388 [SADB_EXT_LIFETIME_SOFT] = (u8) sizeof(struct sadb_lifetime),
389 [SADB_EXT_ADDRESS_SRC] = (u8) sizeof(struct sadb_address),
390 [SADB_EXT_ADDRESS_DST] = (u8) sizeof(struct sadb_address),
391 [SADB_EXT_ADDRESS_PROXY] = (u8) sizeof(struct sadb_address),
392 [SADB_EXT_KEY_AUTH] = (u8) sizeof(struct sadb_key),
393 [SADB_EXT_KEY_ENCRYPT] = (u8) sizeof(struct sadb_key),
394 [SADB_EXT_IDENTITY_SRC] = (u8) sizeof(struct sadb_ident),
395 [SADB_EXT_IDENTITY_DST] = (u8) sizeof(struct sadb_ident),
396 [SADB_EXT_SENSITIVITY] = (u8) sizeof(struct sadb_sens),
397 [SADB_EXT_PROPOSAL] = (u8) sizeof(struct sadb_prop),
398 [SADB_EXT_SUPPORTED_AUTH] = (u8) sizeof(struct sadb_supported),
399 [SADB_EXT_SUPPORTED_ENCRYPT] = (u8) sizeof(struct sadb_supported),
400 [SADB_EXT_SPIRANGE] = (u8) sizeof(struct sadb_spirange),
401 [SADB_X_EXT_KMPRIVATE] = (u8) sizeof(struct sadb_x_kmprivate),
402 [SADB_X_EXT_POLICY] = (u8) sizeof(struct sadb_x_policy),
403 [SADB_X_EXT_SA2] = (u8) sizeof(struct sadb_x_sa2),
404 [SADB_X_EXT_NAT_T_TYPE] = (u8) sizeof(struct sadb_x_nat_t_type),
405 [SADB_X_EXT_NAT_T_SPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
406 [SADB_X_EXT_NAT_T_DPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
407 [SADB_X_EXT_NAT_T_OA] = (u8) sizeof(struct sadb_address),
408 [SADB_X_EXT_SEC_CTX] = (u8) sizeof(struct sadb_x_sec_ctx),
409 [SADB_X_EXT_KMADDRESS] = (u8) sizeof(struct sadb_x_kmaddress),
410};
411
412
413static int verify_address_len(void *p)
414{
415 struct sadb_address *sp = p;
416 struct sockaddr *addr = (struct sockaddr *)(sp + 1);
417 struct sockaddr_in *sin;
418#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
419 struct sockaddr_in6 *sin6;
420#endif
421 int len;
422
423 switch (addr->sa_family) {
424 case AF_INET:
425 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin), sizeof(uint64_t));
426 if (sp->sadb_address_len != len ||
427 sp->sadb_address_prefixlen > 32)
428 return -EINVAL;
429 break;
430#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
431 case AF_INET6:
432 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin6), sizeof(uint64_t));
433 if (sp->sadb_address_len != len ||
434 sp->sadb_address_prefixlen > 128)
435 return -EINVAL;
436 break;
437#endif
438 default:
439
440
441
442
443
444
445
446
447
448 return -EINVAL;
449 break;
450 }
451
452 return 0;
453}
454
455static inline int pfkey_sec_ctx_len(struct sadb_x_sec_ctx *sec_ctx)
456{
457 return DIV_ROUND_UP(sizeof(struct sadb_x_sec_ctx) +
458 sec_ctx->sadb_x_ctx_len,
459 sizeof(uint64_t));
460}
461
462static inline int verify_sec_ctx_len(void *p)
463{
464 struct sadb_x_sec_ctx *sec_ctx = (struct sadb_x_sec_ctx *)p;
465 int len = sec_ctx->sadb_x_ctx_len;
466
467 if (len > PAGE_SIZE)
468 return -EINVAL;
469
470 len = pfkey_sec_ctx_len(sec_ctx);
471
472 if (sec_ctx->sadb_x_sec_len != len)
473 return -EINVAL;
474
475 return 0;
476}
477
478static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(struct sadb_x_sec_ctx *sec_ctx)
479{
480 struct xfrm_user_sec_ctx *uctx = NULL;
481 int ctx_size = sec_ctx->sadb_x_ctx_len;
482
483 uctx = kmalloc((sizeof(*uctx)+ctx_size), GFP_KERNEL);
484
485 if (!uctx)
486 return NULL;
487
488 uctx->len = pfkey_sec_ctx_len(sec_ctx);
489 uctx->exttype = sec_ctx->sadb_x_sec_exttype;
490 uctx->ctx_doi = sec_ctx->sadb_x_ctx_doi;
491 uctx->ctx_alg = sec_ctx->sadb_x_ctx_alg;
492 uctx->ctx_len = sec_ctx->sadb_x_ctx_len;
493 memcpy(uctx + 1, sec_ctx + 1,
494 uctx->ctx_len);
495
496 return uctx;
497}
498
499static int present_and_same_family(struct sadb_address *src,
500 struct sadb_address *dst)
501{
502 struct sockaddr *s_addr, *d_addr;
503
504 if (!src || !dst)
505 return 0;
506
507 s_addr = (struct sockaddr *)(src + 1);
508 d_addr = (struct sockaddr *)(dst + 1);
509 if (s_addr->sa_family != d_addr->sa_family)
510 return 0;
511 if (s_addr->sa_family != AF_INET
512#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
513 && s_addr->sa_family != AF_INET6
514#endif
515 )
516 return 0;
517
518 return 1;
519}
520
521static int parse_exthdrs(struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
522{
523 char *p = (char *) hdr;
524 int len = skb->len;
525
526 len -= sizeof(*hdr);
527 p += sizeof(*hdr);
528 while (len > 0) {
529 struct sadb_ext *ehdr = (struct sadb_ext *) p;
530 uint16_t ext_type;
531 int ext_len;
532
533 ext_len = ehdr->sadb_ext_len;
534 ext_len *= sizeof(uint64_t);
535 ext_type = ehdr->sadb_ext_type;
536 if (ext_len < sizeof(uint64_t) ||
537 ext_len > len ||
538 ext_type == SADB_EXT_RESERVED)
539 return -EINVAL;
540
541 if (ext_type <= SADB_EXT_MAX) {
542 int min = (int) sadb_ext_min_len[ext_type];
543 if (ext_len < min)
544 return -EINVAL;
545 if (ext_hdrs[ext_type-1] != NULL)
546 return -EINVAL;
547 if (ext_type == SADB_EXT_ADDRESS_SRC ||
548 ext_type == SADB_EXT_ADDRESS_DST ||
549 ext_type == SADB_EXT_ADDRESS_PROXY ||
550 ext_type == SADB_X_EXT_NAT_T_OA) {
551 if (verify_address_len(p))
552 return -EINVAL;
553 }
554 if (ext_type == SADB_X_EXT_SEC_CTX) {
555 if (verify_sec_ctx_len(p))
556 return -EINVAL;
557 }
558 ext_hdrs[ext_type-1] = p;
559 }
560 p += ext_len;
561 len -= ext_len;
562 }
563
564 return 0;
565}
566
567static uint16_t
568pfkey_satype2proto(uint8_t satype)
569{
570 switch (satype) {
571 case SADB_SATYPE_UNSPEC:
572 return IPSEC_PROTO_ANY;
573 case SADB_SATYPE_AH:
574 return IPPROTO_AH;
575 case SADB_SATYPE_ESP:
576 return IPPROTO_ESP;
577 case SADB_X_SATYPE_IPCOMP:
578 return IPPROTO_COMP;
579 break;
580 default:
581 return 0;
582 }
583
584}
585
586static uint8_t
587pfkey_proto2satype(uint16_t proto)
588{
589 switch (proto) {
590 case IPPROTO_AH:
591 return SADB_SATYPE_AH;
592 case IPPROTO_ESP:
593 return SADB_SATYPE_ESP;
594 case IPPROTO_COMP:
595 return SADB_X_SATYPE_IPCOMP;
596 break;
597 default:
598 return 0;
599 }
600
601}
602
603
604
605
606
607static uint8_t pfkey_proto_to_xfrm(uint8_t proto)
608{
609 return (proto == IPSEC_PROTO_ANY ? 0 : proto);
610}
611
612static uint8_t pfkey_proto_from_xfrm(uint8_t proto)
613{
614 return (proto ? proto : IPSEC_PROTO_ANY);
615}
616
617static inline int pfkey_sockaddr_len(sa_family_t family)
618{
619 switch (family) {
620 case AF_INET:
621 return sizeof(struct sockaddr_in);
622#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
623 case AF_INET6:
624 return sizeof(struct sockaddr_in6);
625#endif
626 }
627 return 0;
628}
629
630static
631int pfkey_sockaddr_extract(const struct sockaddr *sa, xfrm_address_t *xaddr)
632{
633 switch (sa->sa_family) {
634 case AF_INET:
635 xaddr->a4 =
636 ((struct sockaddr_in *)sa)->sin_addr.s_addr;
637 return AF_INET;
638#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
639 case AF_INET6:
640 memcpy(xaddr->a6,
641 &((struct sockaddr_in6 *)sa)->sin6_addr,
642 sizeof(struct in6_addr));
643 return AF_INET6;
644#endif
645 }
646 return 0;
647}
648
649static
650int pfkey_sadb_addr2xfrm_addr(struct sadb_address *addr, xfrm_address_t *xaddr)
651{
652 return pfkey_sockaddr_extract((struct sockaddr *)(addr + 1),
653 xaddr);
654}
655
656static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, struct sadb_msg *hdr, void **ext_hdrs)
657{
658 struct sadb_sa *sa;
659 struct sadb_address *addr;
660 uint16_t proto;
661 unsigned short family;
662 xfrm_address_t *xaddr;
663
664 sa = (struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1];
665 if (sa == NULL)
666 return NULL;
667
668 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
669 if (proto == 0)
670 return NULL;
671
672
673 addr = (struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1];
674 if (addr == NULL)
675 return NULL;
676
677 family = ((struct sockaddr *)(addr + 1))->sa_family;
678 switch (family) {
679 case AF_INET:
680 xaddr = (xfrm_address_t *)&((struct sockaddr_in *)(addr + 1))->sin_addr;
681 break;
682#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
683 case AF_INET6:
684 xaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(addr + 1))->sin6_addr;
685 break;
686#endif
687 default:
688 xaddr = NULL;
689 }
690
691 if (!xaddr)
692 return NULL;
693
694 return xfrm_state_lookup(net, xaddr, sa->sadb_sa_spi, proto, family);
695}
696
697#define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
698
699static int
700pfkey_sockaddr_size(sa_family_t family)
701{
702 return PFKEY_ALIGN8(pfkey_sockaddr_len(family));
703}
704
705static inline int pfkey_mode_from_xfrm(int mode)
706{
707 switch(mode) {
708 case XFRM_MODE_TRANSPORT:
709 return IPSEC_MODE_TRANSPORT;
710 case XFRM_MODE_TUNNEL:
711 return IPSEC_MODE_TUNNEL;
712 case XFRM_MODE_BEET:
713 return IPSEC_MODE_BEET;
714 default:
715 return -1;
716 }
717}
718
719static inline int pfkey_mode_to_xfrm(int mode)
720{
721 switch(mode) {
722 case IPSEC_MODE_ANY:
723 case IPSEC_MODE_TRANSPORT:
724 return XFRM_MODE_TRANSPORT;
725 case IPSEC_MODE_TUNNEL:
726 return XFRM_MODE_TUNNEL;
727 case IPSEC_MODE_BEET:
728 return XFRM_MODE_BEET;
729 default:
730 return -1;
731 }
732}
733
734static unsigned int pfkey_sockaddr_fill(xfrm_address_t *xaddr, __be16 port,
735 struct sockaddr *sa,
736 unsigned short family)
737{
738 switch (family) {
739 case AF_INET:
740 {
741 struct sockaddr_in *sin = (struct sockaddr_in *)sa;
742 sin->sin_family = AF_INET;
743 sin->sin_port = port;
744 sin->sin_addr.s_addr = xaddr->a4;
745 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
746 return 32;
747 }
748#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
749 case AF_INET6:
750 {
751 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
752 sin6->sin6_family = AF_INET6;
753 sin6->sin6_port = port;
754 sin6->sin6_flowinfo = 0;
755 ipv6_addr_copy(&sin6->sin6_addr, (struct in6_addr *)xaddr->a6);
756 sin6->sin6_scope_id = 0;
757 return 128;
758 }
759#endif
760 }
761 return 0;
762}
763
764static struct sk_buff *__pfkey_xfrm_state2msg(struct xfrm_state *x,
765 int add_keys, int hsc)
766{
767 struct sk_buff *skb;
768 struct sadb_msg *hdr;
769 struct sadb_sa *sa;
770 struct sadb_lifetime *lifetime;
771 struct sadb_address *addr;
772 struct sadb_key *key;
773 struct sadb_x_sa2 *sa2;
774 struct sadb_x_sec_ctx *sec_ctx;
775 struct xfrm_sec_ctx *xfrm_ctx;
776 int ctx_size = 0;
777 int size;
778 int auth_key_size = 0;
779 int encrypt_key_size = 0;
780 int sockaddr_size;
781 struct xfrm_encap_tmpl *natt = NULL;
782 int mode;
783
784
785 sockaddr_size = pfkey_sockaddr_size(x->props.family);
786 if (!sockaddr_size)
787 return ERR_PTR(-EINVAL);
788
789
790
791 size = sizeof(struct sadb_msg) +sizeof(struct sadb_sa) +
792 sizeof(struct sadb_lifetime) +
793 ((hsc & 1) ? sizeof(struct sadb_lifetime) : 0) +
794 ((hsc & 2) ? sizeof(struct sadb_lifetime) : 0) +
795 sizeof(struct sadb_address)*2 +
796 sockaddr_size*2 +
797 sizeof(struct sadb_x_sa2);
798
799 if ((xfrm_ctx = x->security)) {
800 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
801 size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
802 }
803
804
805 if (xfrm_addr_cmp(&x->sel.saddr, &x->props.saddr, x->props.family))
806 size += sizeof(struct sadb_address) + sockaddr_size;
807
808 if (add_keys) {
809 if (x->aalg && x->aalg->alg_key_len) {
810 auth_key_size =
811 PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8);
812 size += sizeof(struct sadb_key) + auth_key_size;
813 }
814 if (x->ealg && x->ealg->alg_key_len) {
815 encrypt_key_size =
816 PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8);
817 size += sizeof(struct sadb_key) + encrypt_key_size;
818 }
819 }
820 if (x->encap)
821 natt = x->encap;
822
823 if (natt && natt->encap_type) {
824 size += sizeof(struct sadb_x_nat_t_type);
825 size += sizeof(struct sadb_x_nat_t_port);
826 size += sizeof(struct sadb_x_nat_t_port);
827 }
828
829 skb = alloc_skb(size + 16, GFP_ATOMIC);
830 if (skb == NULL)
831 return ERR_PTR(-ENOBUFS);
832
833
834 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
835 memset(hdr, 0, size);
836 hdr->sadb_msg_len = size / sizeof(uint64_t);
837
838
839 sa = (struct sadb_sa *) skb_put(skb, sizeof(struct sadb_sa));
840 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
841 sa->sadb_sa_exttype = SADB_EXT_SA;
842 sa->sadb_sa_spi = x->id.spi;
843 sa->sadb_sa_replay = x->props.replay_window;
844 switch (x->km.state) {
845 case XFRM_STATE_VALID:
846 sa->sadb_sa_state = x->km.dying ?
847 SADB_SASTATE_DYING : SADB_SASTATE_MATURE;
848 break;
849 case XFRM_STATE_ACQ:
850 sa->sadb_sa_state = SADB_SASTATE_LARVAL;
851 break;
852 default:
853 sa->sadb_sa_state = SADB_SASTATE_DEAD;
854 break;
855 }
856 sa->sadb_sa_auth = 0;
857 if (x->aalg) {
858 struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
859 sa->sadb_sa_auth = a ? a->desc.sadb_alg_id : 0;
860 }
861 sa->sadb_sa_encrypt = 0;
862 BUG_ON(x->ealg && x->calg);
863 if (x->ealg) {
864 struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0);
865 sa->sadb_sa_encrypt = a ? a->desc.sadb_alg_id : 0;
866 }
867
868 if (x->calg) {
869 struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0);
870 sa->sadb_sa_encrypt = a ? a->desc.sadb_alg_id : 0;
871 }
872
873 sa->sadb_sa_flags = 0;
874 if (x->props.flags & XFRM_STATE_NOECN)
875 sa->sadb_sa_flags |= SADB_SAFLAGS_NOECN;
876 if (x->props.flags & XFRM_STATE_DECAP_DSCP)
877 sa->sadb_sa_flags |= SADB_SAFLAGS_DECAP_DSCP;
878 if (x->props.flags & XFRM_STATE_NOPMTUDISC)
879 sa->sadb_sa_flags |= SADB_SAFLAGS_NOPMTUDISC;
880
881
882 if (hsc & 2) {
883 lifetime = (struct sadb_lifetime *) skb_put(skb,
884 sizeof(struct sadb_lifetime));
885 lifetime->sadb_lifetime_len =
886 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
887 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
888 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.hard_packet_limit);
889 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.hard_byte_limit);
890 lifetime->sadb_lifetime_addtime = x->lft.hard_add_expires_seconds;
891 lifetime->sadb_lifetime_usetime = x->lft.hard_use_expires_seconds;
892 }
893
894 if (hsc & 1) {
895 lifetime = (struct sadb_lifetime *) skb_put(skb,
896 sizeof(struct sadb_lifetime));
897 lifetime->sadb_lifetime_len =
898 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
899 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
900 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.soft_packet_limit);
901 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.soft_byte_limit);
902 lifetime->sadb_lifetime_addtime = x->lft.soft_add_expires_seconds;
903 lifetime->sadb_lifetime_usetime = x->lft.soft_use_expires_seconds;
904 }
905
906 lifetime = (struct sadb_lifetime *) skb_put(skb,
907 sizeof(struct sadb_lifetime));
908 lifetime->sadb_lifetime_len =
909 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
910 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
911 lifetime->sadb_lifetime_allocations = x->curlft.packets;
912 lifetime->sadb_lifetime_bytes = x->curlft.bytes;
913 lifetime->sadb_lifetime_addtime = x->curlft.add_time;
914 lifetime->sadb_lifetime_usetime = x->curlft.use_time;
915
916 addr = (struct sadb_address*) skb_put(skb,
917 sizeof(struct sadb_address)+sockaddr_size);
918 addr->sadb_address_len =
919 (sizeof(struct sadb_address)+sockaddr_size)/
920 sizeof(uint64_t);
921 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
922
923
924
925 addr->sadb_address_proto = 0;
926 addr->sadb_address_reserved = 0;
927
928 addr->sadb_address_prefixlen =
929 pfkey_sockaddr_fill(&x->props.saddr, 0,
930 (struct sockaddr *) (addr + 1),
931 x->props.family);
932 if (!addr->sadb_address_prefixlen)
933 BUG();
934
935
936 addr = (struct sadb_address*) skb_put(skb,
937 sizeof(struct sadb_address)+sockaddr_size);
938 addr->sadb_address_len =
939 (sizeof(struct sadb_address)+sockaddr_size)/
940 sizeof(uint64_t);
941 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
942 addr->sadb_address_proto = 0;
943 addr->sadb_address_reserved = 0;
944
945 addr->sadb_address_prefixlen =
946 pfkey_sockaddr_fill(&x->id.daddr, 0,
947 (struct sockaddr *) (addr + 1),
948 x->props.family);
949 if (!addr->sadb_address_prefixlen)
950 BUG();
951
952 if (xfrm_addr_cmp(&x->sel.saddr, &x->props.saddr,
953 x->props.family)) {
954 addr = (struct sadb_address*) skb_put(skb,
955 sizeof(struct sadb_address)+sockaddr_size);
956 addr->sadb_address_len =
957 (sizeof(struct sadb_address)+sockaddr_size)/
958 sizeof(uint64_t);
959 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;
960 addr->sadb_address_proto =
961 pfkey_proto_from_xfrm(x->sel.proto);
962 addr->sadb_address_prefixlen = x->sel.prefixlen_s;
963 addr->sadb_address_reserved = 0;
964
965 pfkey_sockaddr_fill(&x->sel.saddr, x->sel.sport,
966 (struct sockaddr *) (addr + 1),
967 x->props.family);
968 }
969
970
971 if (add_keys && auth_key_size) {
972 key = (struct sadb_key *) skb_put(skb,
973 sizeof(struct sadb_key)+auth_key_size);
974 key->sadb_key_len = (sizeof(struct sadb_key) + auth_key_size) /
975 sizeof(uint64_t);
976 key->sadb_key_exttype = SADB_EXT_KEY_AUTH;
977 key->sadb_key_bits = x->aalg->alg_key_len;
978 key->sadb_key_reserved = 0;
979 memcpy(key + 1, x->aalg->alg_key, (x->aalg->alg_key_len+7)/8);
980 }
981
982 if (add_keys && encrypt_key_size) {
983 key = (struct sadb_key *) skb_put(skb,
984 sizeof(struct sadb_key)+encrypt_key_size);
985 key->sadb_key_len = (sizeof(struct sadb_key) +
986 encrypt_key_size) / sizeof(uint64_t);
987 key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
988 key->sadb_key_bits = x->ealg->alg_key_len;
989 key->sadb_key_reserved = 0;
990 memcpy(key + 1, x->ealg->alg_key,
991 (x->ealg->alg_key_len+7)/8);
992 }
993
994
995 sa2 = (struct sadb_x_sa2 *) skb_put(skb, sizeof(struct sadb_x_sa2));
996 sa2->sadb_x_sa2_len = sizeof(struct sadb_x_sa2)/sizeof(uint64_t);
997 sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
998 if ((mode = pfkey_mode_from_xfrm(x->props.mode)) < 0) {
999 kfree_skb(skb);
1000 return ERR_PTR(-EINVAL);
1001 }
1002 sa2->sadb_x_sa2_mode = mode;
1003 sa2->sadb_x_sa2_reserved1 = 0;
1004 sa2->sadb_x_sa2_reserved2 = 0;
1005 sa2->sadb_x_sa2_sequence = 0;
1006 sa2->sadb_x_sa2_reqid = x->props.reqid;
1007
1008 if (natt && natt->encap_type) {
1009 struct sadb_x_nat_t_type *n_type;
1010 struct sadb_x_nat_t_port *n_port;
1011
1012
1013 n_type = (struct sadb_x_nat_t_type*) skb_put(skb, sizeof(*n_type));
1014 n_type->sadb_x_nat_t_type_len = sizeof(*n_type)/sizeof(uint64_t);
1015 n_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
1016 n_type->sadb_x_nat_t_type_type = natt->encap_type;
1017 n_type->sadb_x_nat_t_type_reserved[0] = 0;
1018 n_type->sadb_x_nat_t_type_reserved[1] = 0;
1019 n_type->sadb_x_nat_t_type_reserved[2] = 0;
1020
1021
1022 n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port));
1023 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
1024 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
1025 n_port->sadb_x_nat_t_port_port = natt->encap_sport;
1026 n_port->sadb_x_nat_t_port_reserved = 0;
1027
1028
1029 n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port));
1030 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
1031 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
1032 n_port->sadb_x_nat_t_port_port = natt->encap_dport;
1033 n_port->sadb_x_nat_t_port_reserved = 0;
1034 }
1035
1036
1037 if (xfrm_ctx) {
1038 sec_ctx = (struct sadb_x_sec_ctx *) skb_put(skb,
1039 sizeof(struct sadb_x_sec_ctx) + ctx_size);
1040 sec_ctx->sadb_x_sec_len =
1041 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
1042 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
1043 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
1044 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
1045 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
1046 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
1047 xfrm_ctx->ctx_len);
1048 }
1049
1050 return skb;
1051}
1052
1053
1054static inline struct sk_buff *pfkey_xfrm_state2msg(struct xfrm_state *x)
1055{
1056 struct sk_buff *skb;
1057
1058 skb = __pfkey_xfrm_state2msg(x, 1, 3);
1059
1060 return skb;
1061}
1062
1063static inline struct sk_buff *pfkey_xfrm_state2msg_expire(struct xfrm_state *x,
1064 int hsc)
1065{
1066 return __pfkey_xfrm_state2msg(x, 0, hsc);
1067}
1068
1069static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1070 struct sadb_msg *hdr,
1071 void **ext_hdrs)
1072{
1073 struct xfrm_state *x;
1074 struct sadb_lifetime *lifetime;
1075 struct sadb_sa *sa;
1076 struct sadb_key *key;
1077 struct sadb_x_sec_ctx *sec_ctx;
1078 uint16_t proto;
1079 int err;
1080
1081
1082 sa = (struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1];
1083 if (!sa ||
1084 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1085 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1086 return ERR_PTR(-EINVAL);
1087 if (hdr->sadb_msg_satype == SADB_SATYPE_ESP &&
1088 !ext_hdrs[SADB_EXT_KEY_ENCRYPT-1])
1089 return ERR_PTR(-EINVAL);
1090 if (hdr->sadb_msg_satype == SADB_SATYPE_AH &&
1091 !ext_hdrs[SADB_EXT_KEY_AUTH-1])
1092 return ERR_PTR(-EINVAL);
1093 if (!!ext_hdrs[SADB_EXT_LIFETIME_HARD-1] !=
1094 !!ext_hdrs[SADB_EXT_LIFETIME_SOFT-1])
1095 return ERR_PTR(-EINVAL);
1096
1097 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1098 if (proto == 0)
1099 return ERR_PTR(-EINVAL);
1100
1101
1102 err = -ENOBUFS;
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116 if (sa->sadb_sa_auth > SADB_AALG_MAX ||
1117 (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP &&
1118 sa->sadb_sa_encrypt > SADB_X_CALG_MAX) ||
1119 sa->sadb_sa_encrypt > SADB_EALG_MAX)
1120 return ERR_PTR(-EINVAL);
1121 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1];
1122 if (key != NULL &&
1123 sa->sadb_sa_auth != SADB_X_AALG_NULL &&
1124 ((key->sadb_key_bits+7) / 8 == 0 ||
1125 (key->sadb_key_bits+7) / 8 > key->sadb_key_len * sizeof(uint64_t)))
1126 return ERR_PTR(-EINVAL);
1127 key = ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
1128 if (key != NULL &&
1129 sa->sadb_sa_encrypt != SADB_EALG_NULL &&
1130 ((key->sadb_key_bits+7) / 8 == 0 ||
1131 (key->sadb_key_bits+7) / 8 > key->sadb_key_len * sizeof(uint64_t)))
1132 return ERR_PTR(-EINVAL);
1133
1134 x = xfrm_state_alloc(net);
1135 if (x == NULL)
1136 return ERR_PTR(-ENOBUFS);
1137
1138 x->id.proto = proto;
1139 x->id.spi = sa->sadb_sa_spi;
1140 x->props.replay_window = sa->sadb_sa_replay;
1141 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOECN)
1142 x->props.flags |= XFRM_STATE_NOECN;
1143 if (sa->sadb_sa_flags & SADB_SAFLAGS_DECAP_DSCP)
1144 x->props.flags |= XFRM_STATE_DECAP_DSCP;
1145 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC)
1146 x->props.flags |= XFRM_STATE_NOPMTUDISC;
1147
1148 lifetime = (struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_HARD-1];
1149 if (lifetime != NULL) {
1150 x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1151 x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1152 x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1153 x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1154 }
1155 lifetime = (struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_SOFT-1];
1156 if (lifetime != NULL) {
1157 x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1158 x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1159 x->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1160 x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1161 }
1162
1163 sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1];
1164 if (sec_ctx != NULL) {
1165 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
1166
1167 if (!uctx)
1168 goto out;
1169
1170 err = security_xfrm_state_alloc(x, uctx);
1171 kfree(uctx);
1172
1173 if (err)
1174 goto out;
1175 }
1176
1177 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1];
1178 if (sa->sadb_sa_auth) {
1179 int keysize = 0;
1180 struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth);
1181 if (!a) {
1182 err = -ENOSYS;
1183 goto out;
1184 }
1185 if (key)
1186 keysize = (key->sadb_key_bits + 7) / 8;
1187 x->aalg = kmalloc(sizeof(*x->aalg) + keysize, GFP_KERNEL);
1188 if (!x->aalg)
1189 goto out;
1190 strcpy(x->aalg->alg_name, a->name);
1191 x->aalg->alg_key_len = 0;
1192 if (key) {
1193 x->aalg->alg_key_len = key->sadb_key_bits;
1194 memcpy(x->aalg->alg_key, key+1, keysize);
1195 }
1196 x->props.aalgo = sa->sadb_sa_auth;
1197
1198 }
1199 if (sa->sadb_sa_encrypt) {
1200 if (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
1201 struct xfrm_algo_desc *a = xfrm_calg_get_byid(sa->sadb_sa_encrypt);
1202 if (!a) {
1203 err = -ENOSYS;
1204 goto out;
1205 }
1206 x->calg = kmalloc(sizeof(*x->calg), GFP_KERNEL);
1207 if (!x->calg)
1208 goto out;
1209 strcpy(x->calg->alg_name, a->name);
1210 x->props.calgo = sa->sadb_sa_encrypt;
1211 } else {
1212 int keysize = 0;
1213 struct xfrm_algo_desc *a = xfrm_ealg_get_byid(sa->sadb_sa_encrypt);
1214 if (!a) {
1215 err = -ENOSYS;
1216 goto out;
1217 }
1218 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
1219 if (key)
1220 keysize = (key->sadb_key_bits + 7) / 8;
1221 x->ealg = kmalloc(sizeof(*x->ealg) + keysize, GFP_KERNEL);
1222 if (!x->ealg)
1223 goto out;
1224 strcpy(x->ealg->alg_name, a->name);
1225 x->ealg->alg_key_len = 0;
1226 if (key) {
1227 x->ealg->alg_key_len = key->sadb_key_bits;
1228 memcpy(x->ealg->alg_key, key+1, keysize);
1229 }
1230 x->props.ealgo = sa->sadb_sa_encrypt;
1231 }
1232 }
1233
1234
1235 x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1236 &x->props.saddr);
1237 if (!x->props.family) {
1238 err = -EAFNOSUPPORT;
1239 goto out;
1240 }
1241 pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1],
1242 &x->id.daddr);
1243
1244 if (ext_hdrs[SADB_X_EXT_SA2-1]) {
1245 struct sadb_x_sa2 *sa2 = (void*)ext_hdrs[SADB_X_EXT_SA2-1];
1246 int mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1247 if (mode < 0) {
1248 err = -EINVAL;
1249 goto out;
1250 }
1251 x->props.mode = mode;
1252 x->props.reqid = sa2->sadb_x_sa2_reqid;
1253 }
1254
1255 if (ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]) {
1256 struct sadb_address *addr = ext_hdrs[SADB_EXT_ADDRESS_PROXY-1];
1257
1258
1259 x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr);
1260 x->sel.prefixlen_s = addr->sadb_address_prefixlen;
1261 }
1262
1263 if (!x->sel.family)
1264 x->sel.family = x->props.family;
1265
1266 if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) {
1267 struct sadb_x_nat_t_type* n_type;
1268 struct xfrm_encap_tmpl *natt;
1269
1270 x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL);
1271 if (!x->encap)
1272 goto out;
1273
1274 natt = x->encap;
1275 n_type = ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1];
1276 natt->encap_type = n_type->sadb_x_nat_t_type_type;
1277
1278 if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) {
1279 struct sadb_x_nat_t_port* n_port =
1280 ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1];
1281 natt->encap_sport = n_port->sadb_x_nat_t_port_port;
1282 }
1283 if (ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]) {
1284 struct sadb_x_nat_t_port* n_port =
1285 ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1];
1286 natt->encap_dport = n_port->sadb_x_nat_t_port_port;
1287 }
1288 memset(&natt->encap_oa, 0, sizeof(natt->encap_oa));
1289 }
1290
1291 err = xfrm_init_state(x);
1292 if (err)
1293 goto out;
1294
1295 x->km.seq = hdr->sadb_msg_seq;
1296 return x;
1297
1298out:
1299 x->km.state = XFRM_STATE_DEAD;
1300 xfrm_state_put(x);
1301 return ERR_PTR(err);
1302}
1303
1304static int pfkey_reserved(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1305{
1306 return -EOPNOTSUPP;
1307}
1308
1309static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1310{
1311 struct net *net = sock_net(sk);
1312 struct sk_buff *resp_skb;
1313 struct sadb_x_sa2 *sa2;
1314 struct sadb_address *saddr, *daddr;
1315 struct sadb_msg *out_hdr;
1316 struct sadb_spirange *range;
1317 struct xfrm_state *x = NULL;
1318 int mode;
1319 int err;
1320 u32 min_spi, max_spi;
1321 u32 reqid;
1322 u8 proto;
1323 unsigned short family;
1324 xfrm_address_t *xsaddr = NULL, *xdaddr = NULL;
1325
1326 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1327 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1328 return -EINVAL;
1329
1330 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1331 if (proto == 0)
1332 return -EINVAL;
1333
1334 if ((sa2 = ext_hdrs[SADB_X_EXT_SA2-1]) != NULL) {
1335 mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1336 if (mode < 0)
1337 return -EINVAL;
1338 reqid = sa2->sadb_x_sa2_reqid;
1339 } else {
1340 mode = 0;
1341 reqid = 0;
1342 }
1343
1344 saddr = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
1345 daddr = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
1346
1347 family = ((struct sockaddr *)(saddr + 1))->sa_family;
1348 switch (family) {
1349 case AF_INET:
1350 xdaddr = (xfrm_address_t *)&((struct sockaddr_in *)(daddr + 1))->sin_addr.s_addr;
1351 xsaddr = (xfrm_address_t *)&((struct sockaddr_in *)(saddr + 1))->sin_addr.s_addr;
1352 break;
1353#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1354 case AF_INET6:
1355 xdaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(daddr + 1))->sin6_addr;
1356 xsaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(saddr + 1))->sin6_addr;
1357 break;
1358#endif
1359 }
1360
1361 if (hdr->sadb_msg_seq) {
1362 x = xfrm_find_acq_byseq(net, hdr->sadb_msg_seq);
1363 if (x && xfrm_addr_cmp(&x->id.daddr, xdaddr, family)) {
1364 xfrm_state_put(x);
1365 x = NULL;
1366 }
1367 }
1368
1369 if (!x)
1370 x = xfrm_find_acq(net, mode, reqid, proto, xdaddr, xsaddr, 1, family);
1371
1372 if (x == NULL)
1373 return -ENOENT;
1374
1375 min_spi = 0x100;
1376 max_spi = 0x0fffffff;
1377
1378 range = ext_hdrs[SADB_EXT_SPIRANGE-1];
1379 if (range) {
1380 min_spi = range->sadb_spirange_min;
1381 max_spi = range->sadb_spirange_max;
1382 }
1383
1384 err = xfrm_alloc_spi(x, min_spi, max_spi);
1385 resp_skb = err ? ERR_PTR(err) : pfkey_xfrm_state2msg(x);
1386
1387 if (IS_ERR(resp_skb)) {
1388 xfrm_state_put(x);
1389 return PTR_ERR(resp_skb);
1390 }
1391
1392 out_hdr = (struct sadb_msg *) resp_skb->data;
1393 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
1394 out_hdr->sadb_msg_type = SADB_GETSPI;
1395 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
1396 out_hdr->sadb_msg_errno = 0;
1397 out_hdr->sadb_msg_reserved = 0;
1398 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1399 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1400
1401 xfrm_state_put(x);
1402
1403 pfkey_broadcast(resp_skb, GFP_KERNEL, BROADCAST_ONE, sk, net);
1404
1405 return 0;
1406}
1407
1408static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1409{
1410 struct net *net = sock_net(sk);
1411 struct xfrm_state *x;
1412
1413 if (hdr->sadb_msg_len != sizeof(struct sadb_msg)/8)
1414 return -EOPNOTSUPP;
1415
1416 if (hdr->sadb_msg_seq == 0 || hdr->sadb_msg_errno == 0)
1417 return 0;
1418
1419 x = xfrm_find_acq_byseq(net, hdr->sadb_msg_seq);
1420 if (x == NULL)
1421 return 0;
1422
1423 spin_lock_bh(&x->lock);
1424 if (x->km.state == XFRM_STATE_ACQ) {
1425 x->km.state = XFRM_STATE_ERROR;
1426 wake_up(&net->xfrm.km_waitq);
1427 }
1428 spin_unlock_bh(&x->lock);
1429 xfrm_state_put(x);
1430 return 0;
1431}
1432
1433static inline int event2poltype(int event)
1434{
1435 switch (event) {
1436 case XFRM_MSG_DELPOLICY:
1437 return SADB_X_SPDDELETE;
1438 case XFRM_MSG_NEWPOLICY:
1439 return SADB_X_SPDADD;
1440 case XFRM_MSG_UPDPOLICY:
1441 return SADB_X_SPDUPDATE;
1442 case XFRM_MSG_POLEXPIRE:
1443
1444 default:
1445 printk("pfkey: Unknown policy event %d\n", event);
1446 break;
1447 }
1448
1449 return 0;
1450}
1451
1452static inline int event2keytype(int event)
1453{
1454 switch (event) {
1455 case XFRM_MSG_DELSA:
1456 return SADB_DELETE;
1457 case XFRM_MSG_NEWSA:
1458 return SADB_ADD;
1459 case XFRM_MSG_UPDSA:
1460 return SADB_UPDATE;
1461 case XFRM_MSG_EXPIRE:
1462 return SADB_EXPIRE;
1463 default:
1464 printk("pfkey: Unknown SA event %d\n", event);
1465 break;
1466 }
1467
1468 return 0;
1469}
1470
1471
1472static int key_notify_sa(struct xfrm_state *x, struct km_event *c)
1473{
1474 struct sk_buff *skb;
1475 struct sadb_msg *hdr;
1476
1477 skb = pfkey_xfrm_state2msg(x);
1478
1479 if (IS_ERR(skb))
1480 return PTR_ERR(skb);
1481
1482 hdr = (struct sadb_msg *) skb->data;
1483 hdr->sadb_msg_version = PF_KEY_V2;
1484 hdr->sadb_msg_type = event2keytype(c->event);
1485 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1486 hdr->sadb_msg_errno = 0;
1487 hdr->sadb_msg_reserved = 0;
1488 hdr->sadb_msg_seq = c->seq;
1489 hdr->sadb_msg_pid = c->pid;
1490
1491 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xs_net(x));
1492
1493 return 0;
1494}
1495
1496static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1497{
1498 struct net *net = sock_net(sk);
1499 struct xfrm_state *x;
1500 int err;
1501 struct km_event c;
1502
1503 x = pfkey_msg2xfrm_state(net, hdr, ext_hdrs);
1504 if (IS_ERR(x))
1505 return PTR_ERR(x);
1506
1507 xfrm_state_hold(x);
1508 if (hdr->sadb_msg_type == SADB_ADD)
1509 err = xfrm_state_add(x);
1510 else
1511 err = xfrm_state_update(x);
1512
1513 xfrm_audit_state_add(x, err ? 0 : 1,
1514 audit_get_loginuid(current),
1515 audit_get_sessionid(current), 0);
1516
1517 if (err < 0) {
1518 x->km.state = XFRM_STATE_DEAD;
1519 __xfrm_state_put(x);
1520 goto out;
1521 }
1522
1523 if (hdr->sadb_msg_type == SADB_ADD)
1524 c.event = XFRM_MSG_NEWSA;
1525 else
1526 c.event = XFRM_MSG_UPDSA;
1527 c.seq = hdr->sadb_msg_seq;
1528 c.pid = hdr->sadb_msg_pid;
1529 km_state_notify(x, &c);
1530out:
1531 xfrm_state_put(x);
1532 return err;
1533}
1534
1535static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1536{
1537 struct net *net = sock_net(sk);
1538 struct xfrm_state *x;
1539 struct km_event c;
1540 int err;
1541
1542 if (!ext_hdrs[SADB_EXT_SA-1] ||
1543 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1544 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1545 return -EINVAL;
1546
1547 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs);
1548 if (x == NULL)
1549 return -ESRCH;
1550
1551 if ((err = security_xfrm_state_delete(x)))
1552 goto out;
1553
1554 if (xfrm_state_kern(x)) {
1555 err = -EPERM;
1556 goto out;
1557 }
1558
1559 err = xfrm_state_delete(x);
1560
1561 if (err < 0)
1562 goto out;
1563
1564 c.seq = hdr->sadb_msg_seq;
1565 c.pid = hdr->sadb_msg_pid;
1566 c.event = XFRM_MSG_DELSA;
1567 km_state_notify(x, &c);
1568out:
1569 xfrm_audit_state_delete(x, err ? 0 : 1,
1570 audit_get_loginuid(current),
1571 audit_get_sessionid(current), 0);
1572 xfrm_state_put(x);
1573
1574 return err;
1575}
1576
1577static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1578{
1579 struct net *net = sock_net(sk);
1580 __u8 proto;
1581 struct sk_buff *out_skb;
1582 struct sadb_msg *out_hdr;
1583 struct xfrm_state *x;
1584
1585 if (!ext_hdrs[SADB_EXT_SA-1] ||
1586 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1587 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1588 return -EINVAL;
1589
1590 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs);
1591 if (x == NULL)
1592 return -ESRCH;
1593
1594 out_skb = pfkey_xfrm_state2msg(x);
1595 proto = x->id.proto;
1596 xfrm_state_put(x);
1597 if (IS_ERR(out_skb))
1598 return PTR_ERR(out_skb);
1599
1600 out_hdr = (struct sadb_msg *) out_skb->data;
1601 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
1602 out_hdr->sadb_msg_type = SADB_GET;
1603 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
1604 out_hdr->sadb_msg_errno = 0;
1605 out_hdr->sadb_msg_reserved = 0;
1606 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1607 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1608 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk));
1609
1610 return 0;
1611}
1612
1613static struct sk_buff *compose_sadb_supported(struct sadb_msg *orig,
1614 gfp_t allocation)
1615{
1616 struct sk_buff *skb;
1617 struct sadb_msg *hdr;
1618 int len, auth_len, enc_len, i;
1619
1620 auth_len = xfrm_count_auth_supported();
1621 if (auth_len) {
1622 auth_len *= sizeof(struct sadb_alg);
1623 auth_len += sizeof(struct sadb_supported);
1624 }
1625
1626 enc_len = xfrm_count_enc_supported();
1627 if (enc_len) {
1628 enc_len *= sizeof(struct sadb_alg);
1629 enc_len += sizeof(struct sadb_supported);
1630 }
1631
1632 len = enc_len + auth_len + sizeof(struct sadb_msg);
1633
1634 skb = alloc_skb(len + 16, allocation);
1635 if (!skb)
1636 goto out_put_algs;
1637
1638 hdr = (struct sadb_msg *) skb_put(skb, sizeof(*hdr));
1639 pfkey_hdr_dup(hdr, orig);
1640 hdr->sadb_msg_errno = 0;
1641 hdr->sadb_msg_len = len / sizeof(uint64_t);
1642
1643 if (auth_len) {
1644 struct sadb_supported *sp;
1645 struct sadb_alg *ap;
1646
1647 sp = (struct sadb_supported *) skb_put(skb, auth_len);
1648 ap = (struct sadb_alg *) (sp + 1);
1649
1650 sp->sadb_supported_len = auth_len / sizeof(uint64_t);
1651 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
1652
1653 for (i = 0; ; i++) {
1654 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
1655 if (!aalg)
1656 break;
1657 if (aalg->available)
1658 *ap++ = aalg->desc;
1659 }
1660 }
1661
1662 if (enc_len) {
1663 struct sadb_supported *sp;
1664 struct sadb_alg *ap;
1665
1666 sp = (struct sadb_supported *) skb_put(skb, enc_len);
1667 ap = (struct sadb_alg *) (sp + 1);
1668
1669 sp->sadb_supported_len = enc_len / sizeof(uint64_t);
1670 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
1671
1672 for (i = 0; ; i++) {
1673 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
1674 if (!ealg)
1675 break;
1676 if (ealg->available)
1677 *ap++ = ealg->desc;
1678 }
1679 }
1680
1681out_put_algs:
1682 return skb;
1683}
1684
1685static int pfkey_register(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1686{
1687 struct pfkey_sock *pfk = pfkey_sk(sk);
1688 struct sk_buff *supp_skb;
1689
1690 if (hdr->sadb_msg_satype > SADB_SATYPE_MAX)
1691 return -EINVAL;
1692
1693 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) {
1694 if (pfk->registered&(1<<hdr->sadb_msg_satype))
1695 return -EEXIST;
1696 pfk->registered |= (1<<hdr->sadb_msg_satype);
1697 }
1698
1699 xfrm_probe_algs();
1700
1701 supp_skb = compose_sadb_supported(hdr, GFP_KERNEL);
1702 if (!supp_skb) {
1703 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
1704 pfk->registered &= ~(1<<hdr->sadb_msg_satype);
1705
1706 return -ENOBUFS;
1707 }
1708
1709 pfkey_broadcast(supp_skb, GFP_KERNEL, BROADCAST_REGISTERED, sk, sock_net(sk));
1710
1711 return 0;
1712}
1713
1714static int key_notify_sa_flush(struct km_event *c)
1715{
1716 struct sk_buff *skb;
1717 struct sadb_msg *hdr;
1718
1719 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
1720 if (!skb)
1721 return -ENOBUFS;
1722 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
1723 hdr->sadb_msg_satype = pfkey_proto2satype(c->data.proto);
1724 hdr->sadb_msg_type = SADB_FLUSH;
1725 hdr->sadb_msg_seq = c->seq;
1726 hdr->sadb_msg_pid = c->pid;
1727 hdr->sadb_msg_version = PF_KEY_V2;
1728 hdr->sadb_msg_errno = (uint8_t) 0;
1729 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
1730
1731 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
1732
1733 return 0;
1734}
1735
1736static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1737{
1738 struct net *net = sock_net(sk);
1739 unsigned proto;
1740 struct km_event c;
1741 struct xfrm_audit audit_info;
1742 int err;
1743
1744 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1745 if (proto == 0)
1746 return -EINVAL;
1747
1748 audit_info.loginuid = audit_get_loginuid(current);
1749 audit_info.sessionid = audit_get_sessionid(current);
1750 audit_info.secid = 0;
1751 err = xfrm_state_flush(net, proto, &audit_info);
1752 if (err)
1753 return err;
1754 c.data.proto = proto;
1755 c.seq = hdr->sadb_msg_seq;
1756 c.pid = hdr->sadb_msg_pid;
1757 c.event = XFRM_MSG_FLUSHSA;
1758 c.net = net;
1759 km_state_notify(NULL, &c);
1760
1761 return 0;
1762}
1763
1764static int dump_sa(struct xfrm_state *x, int count, void *ptr)
1765{
1766 struct pfkey_sock *pfk = ptr;
1767 struct sk_buff *out_skb;
1768 struct sadb_msg *out_hdr;
1769
1770 if (!pfkey_can_dump(&pfk->sk))
1771 return -ENOBUFS;
1772
1773 out_skb = pfkey_xfrm_state2msg(x);
1774 if (IS_ERR(out_skb))
1775 return PTR_ERR(out_skb);
1776
1777 out_hdr = (struct sadb_msg *) out_skb->data;
1778 out_hdr->sadb_msg_version = pfk->dump.msg_version;
1779 out_hdr->sadb_msg_type = SADB_DUMP;
1780 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1781 out_hdr->sadb_msg_errno = 0;
1782 out_hdr->sadb_msg_reserved = 0;
1783 out_hdr->sadb_msg_seq = count + 1;
1784 out_hdr->sadb_msg_pid = pfk->dump.msg_pid;
1785
1786 if (pfk->dump.skb)
1787 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
1788 &pfk->sk, sock_net(&pfk->sk));
1789 pfk->dump.skb = out_skb;
1790
1791 return 0;
1792}
1793
1794static int pfkey_dump_sa(struct pfkey_sock *pfk)
1795{
1796 struct net *net = sock_net(&pfk->sk);
1797 return xfrm_state_walk(net, &pfk->dump.u.state, dump_sa, (void *) pfk);
1798}
1799
1800static void pfkey_dump_sa_done(struct pfkey_sock *pfk)
1801{
1802 xfrm_state_walk_done(&pfk->dump.u.state);
1803}
1804
1805static int pfkey_dump(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1806{
1807 u8 proto;
1808 struct pfkey_sock *pfk = pfkey_sk(sk);
1809
1810 if (pfk->dump.dump != NULL)
1811 return -EBUSY;
1812
1813 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1814 if (proto == 0)
1815 return -EINVAL;
1816
1817 pfk->dump.msg_version = hdr->sadb_msg_version;
1818 pfk->dump.msg_pid = hdr->sadb_msg_pid;
1819 pfk->dump.dump = pfkey_dump_sa;
1820 pfk->dump.done = pfkey_dump_sa_done;
1821 xfrm_state_walk_init(&pfk->dump.u.state, proto);
1822
1823 return pfkey_do_dump(pfk);
1824}
1825
1826static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
1827{
1828 struct pfkey_sock *pfk = pfkey_sk(sk);
1829 int satype = hdr->sadb_msg_satype;
1830
1831 if (hdr->sadb_msg_len == (sizeof(*hdr) / sizeof(uint64_t))) {
1832
1833 hdr->sadb_msg_errno = 0;
1834 if (satype != 0 && satype != 1)
1835 return -EINVAL;
1836 pfk->promisc = satype;
1837 }
1838 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL, BROADCAST_ALL, NULL, sock_net(sk));
1839 return 0;
1840}
1841
1842static int check_reqid(struct xfrm_policy *xp, int dir, int count, void *ptr)
1843{
1844 int i;
1845 u32 reqid = *(u32*)ptr;
1846
1847 for (i=0; i<xp->xfrm_nr; i++) {
1848 if (xp->xfrm_vec[i].reqid == reqid)
1849 return -EEXIST;
1850 }
1851 return 0;
1852}
1853
1854static u32 gen_reqid(struct net *net)
1855{
1856 struct xfrm_policy_walk walk;
1857 u32 start;
1858 int rc;
1859 static u32 reqid = IPSEC_MANUAL_REQID_MAX;
1860
1861 start = reqid;
1862 do {
1863 ++reqid;
1864 if (reqid == 0)
1865 reqid = IPSEC_MANUAL_REQID_MAX+1;
1866 xfrm_policy_walk_init(&walk, XFRM_POLICY_TYPE_MAIN);
1867 rc = xfrm_policy_walk(net, &walk, check_reqid, (void*)&reqid);
1868 xfrm_policy_walk_done(&walk);
1869 if (rc != -EEXIST)
1870 return reqid;
1871 } while (reqid != start);
1872 return 0;
1873}
1874
1875static int
1876parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
1877{
1878 struct net *net = xp_net(xp);
1879 struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr;
1880 int mode;
1881
1882 if (xp->xfrm_nr >= XFRM_MAX_DEPTH)
1883 return -ELOOP;
1884
1885 if (rq->sadb_x_ipsecrequest_mode == 0)
1886 return -EINVAL;
1887
1888 t->id.proto = rq->sadb_x_ipsecrequest_proto;
1889 if ((mode = pfkey_mode_to_xfrm(rq->sadb_x_ipsecrequest_mode)) < 0)
1890 return -EINVAL;
1891 t->mode = mode;
1892 if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_USE)
1893 t->optional = 1;
1894 else if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_UNIQUE) {
1895 t->reqid = rq->sadb_x_ipsecrequest_reqid;
1896 if (t->reqid > IPSEC_MANUAL_REQID_MAX)
1897 t->reqid = 0;
1898 if (!t->reqid && !(t->reqid = gen_reqid(net)))
1899 return -ENOBUFS;
1900 }
1901
1902
1903 if (t->mode == XFRM_MODE_TUNNEL) {
1904 u8 *sa = (u8 *) (rq + 1);
1905 int family, socklen;
1906
1907 family = pfkey_sockaddr_extract((struct sockaddr *)sa,
1908 &t->saddr);
1909 if (!family)
1910 return -EINVAL;
1911
1912 socklen = pfkey_sockaddr_len(family);
1913 if (pfkey_sockaddr_extract((struct sockaddr *)(sa + socklen),
1914 &t->id.daddr) != family)
1915 return -EINVAL;
1916 t->encap_family = family;
1917 } else
1918 t->encap_family = xp->family;
1919
1920
1921 t->allalgs = 1;
1922 xp->xfrm_nr++;
1923 return 0;
1924}
1925
1926static int
1927parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol)
1928{
1929 int err;
1930 int len = pol->sadb_x_policy_len*8 - sizeof(struct sadb_x_policy);
1931 struct sadb_x_ipsecrequest *rq = (void*)(pol+1);
1932
1933 while (len >= sizeof(struct sadb_x_ipsecrequest)) {
1934 if ((err = parse_ipsecrequest(xp, rq)) < 0)
1935 return err;
1936 len -= rq->sadb_x_ipsecrequest_len;
1937 rq = (void*)((u8*)rq + rq->sadb_x_ipsecrequest_len);
1938 }
1939 return 0;
1940}
1941
1942static inline int pfkey_xfrm_policy2sec_ctx_size(struct xfrm_policy *xp)
1943{
1944 struct xfrm_sec_ctx *xfrm_ctx = xp->security;
1945
1946 if (xfrm_ctx) {
1947 int len = sizeof(struct sadb_x_sec_ctx);
1948 len += xfrm_ctx->ctx_len;
1949 return PFKEY_ALIGN8(len);
1950 }
1951 return 0;
1952}
1953
1954static int pfkey_xfrm_policy2msg_size(struct xfrm_policy *xp)
1955{
1956 struct xfrm_tmpl *t;
1957 int sockaddr_size = pfkey_sockaddr_size(xp->family);
1958 int socklen = 0;
1959 int i;
1960
1961 for (i=0; i<xp->xfrm_nr; i++) {
1962 t = xp->xfrm_vec + i;
1963 socklen += pfkey_sockaddr_len(t->encap_family);
1964 }
1965
1966 return sizeof(struct sadb_msg) +
1967 (sizeof(struct sadb_lifetime) * 3) +
1968 (sizeof(struct sadb_address) * 2) +
1969 (sockaddr_size * 2) +
1970 sizeof(struct sadb_x_policy) +
1971 (xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) +
1972 (socklen * 2) +
1973 pfkey_xfrm_policy2sec_ctx_size(xp);
1974}
1975
1976static struct sk_buff * pfkey_xfrm_policy2msg_prep(struct xfrm_policy *xp)
1977{
1978 struct sk_buff *skb;
1979 int size;
1980
1981 size = pfkey_xfrm_policy2msg_size(xp);
1982
1983 skb = alloc_skb(size + 16, GFP_ATOMIC);
1984 if (skb == NULL)
1985 return ERR_PTR(-ENOBUFS);
1986
1987 return skb;
1988}
1989
1990static int pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, int dir)
1991{
1992 struct sadb_msg *hdr;
1993 struct sadb_address *addr;
1994 struct sadb_lifetime *lifetime;
1995 struct sadb_x_policy *pol;
1996 struct sadb_x_sec_ctx *sec_ctx;
1997 struct xfrm_sec_ctx *xfrm_ctx;
1998 int i;
1999 int size;
2000 int sockaddr_size = pfkey_sockaddr_size(xp->family);
2001 int socklen = pfkey_sockaddr_len(xp->family);
2002
2003 size = pfkey_xfrm_policy2msg_size(xp);
2004
2005
2006 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
2007 memset(hdr, 0, size);
2008
2009
2010 addr = (struct sadb_address*) skb_put(skb,
2011 sizeof(struct sadb_address)+sockaddr_size);
2012 addr->sadb_address_len =
2013 (sizeof(struct sadb_address)+sockaddr_size)/
2014 sizeof(uint64_t);
2015 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
2016 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2017 addr->sadb_address_prefixlen = xp->selector.prefixlen_s;
2018 addr->sadb_address_reserved = 0;
2019 if (!pfkey_sockaddr_fill(&xp->selector.saddr,
2020 xp->selector.sport,
2021 (struct sockaddr *) (addr + 1),
2022 xp->family))
2023 BUG();
2024
2025
2026 addr = (struct sadb_address*) skb_put(skb,
2027 sizeof(struct sadb_address)+sockaddr_size);
2028 addr->sadb_address_len =
2029 (sizeof(struct sadb_address)+sockaddr_size)/
2030 sizeof(uint64_t);
2031 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
2032 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2033 addr->sadb_address_prefixlen = xp->selector.prefixlen_d;
2034 addr->sadb_address_reserved = 0;
2035
2036 pfkey_sockaddr_fill(&xp->selector.daddr, xp->selector.dport,
2037 (struct sockaddr *) (addr + 1),
2038 xp->family);
2039
2040
2041 lifetime = (struct sadb_lifetime *) skb_put(skb,
2042 sizeof(struct sadb_lifetime));
2043 lifetime->sadb_lifetime_len =
2044 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2045 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2046 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.hard_packet_limit);
2047 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.hard_byte_limit);
2048 lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds;
2049 lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds;
2050
2051 lifetime = (struct sadb_lifetime *) skb_put(skb,
2052 sizeof(struct sadb_lifetime));
2053 lifetime->sadb_lifetime_len =
2054 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2055 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
2056 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.soft_packet_limit);
2057 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.soft_byte_limit);
2058 lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds;
2059 lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds;
2060
2061 lifetime = (struct sadb_lifetime *) skb_put(skb,
2062 sizeof(struct sadb_lifetime));
2063 lifetime->sadb_lifetime_len =
2064 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2065 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2066 lifetime->sadb_lifetime_allocations = xp->curlft.packets;
2067 lifetime->sadb_lifetime_bytes = xp->curlft.bytes;
2068 lifetime->sadb_lifetime_addtime = xp->curlft.add_time;
2069 lifetime->sadb_lifetime_usetime = xp->curlft.use_time;
2070
2071 pol = (struct sadb_x_policy *) skb_put(skb, sizeof(struct sadb_x_policy));
2072 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
2073 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
2074 pol->sadb_x_policy_type = IPSEC_POLICY_DISCARD;
2075 if (xp->action == XFRM_POLICY_ALLOW) {
2076 if (xp->xfrm_nr)
2077 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
2078 else
2079 pol->sadb_x_policy_type = IPSEC_POLICY_NONE;
2080 }
2081 pol->sadb_x_policy_dir = dir+1;
2082 pol->sadb_x_policy_id = xp->index;
2083 pol->sadb_x_policy_priority = xp->priority;
2084
2085 for (i=0; i<xp->xfrm_nr; i++) {
2086 struct sadb_x_ipsecrequest *rq;
2087 struct xfrm_tmpl *t = xp->xfrm_vec + i;
2088 int req_size;
2089 int mode;
2090
2091 req_size = sizeof(struct sadb_x_ipsecrequest);
2092 if (t->mode == XFRM_MODE_TUNNEL) {
2093 socklen = pfkey_sockaddr_len(t->encap_family);
2094 req_size += socklen * 2;
2095 } else {
2096 size -= 2*socklen;
2097 }
2098 rq = (void*)skb_put(skb, req_size);
2099 pol->sadb_x_policy_len += req_size/8;
2100 memset(rq, 0, sizeof(*rq));
2101 rq->sadb_x_ipsecrequest_len = req_size;
2102 rq->sadb_x_ipsecrequest_proto = t->id.proto;
2103 if ((mode = pfkey_mode_from_xfrm(t->mode)) < 0)
2104 return -EINVAL;
2105 rq->sadb_x_ipsecrequest_mode = mode;
2106 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE;
2107 if (t->reqid)
2108 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
2109 if (t->optional)
2110 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_USE;
2111 rq->sadb_x_ipsecrequest_reqid = t->reqid;
2112
2113 if (t->mode == XFRM_MODE_TUNNEL) {
2114 u8 *sa = (void *)(rq + 1);
2115 pfkey_sockaddr_fill(&t->saddr, 0,
2116 (struct sockaddr *)sa,
2117 t->encap_family);
2118 pfkey_sockaddr_fill(&t->id.daddr, 0,
2119 (struct sockaddr *) (sa + socklen),
2120 t->encap_family);
2121 }
2122 }
2123
2124
2125 if ((xfrm_ctx = xp->security)) {
2126 int ctx_size = pfkey_xfrm_policy2sec_ctx_size(xp);
2127
2128 sec_ctx = (struct sadb_x_sec_ctx *) skb_put(skb, ctx_size);
2129 sec_ctx->sadb_x_sec_len = ctx_size / sizeof(uint64_t);
2130 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
2131 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
2132 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
2133 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
2134 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
2135 xfrm_ctx->ctx_len);
2136 }
2137
2138 hdr->sadb_msg_len = size / sizeof(uint64_t);
2139 hdr->sadb_msg_reserved = atomic_read(&xp->refcnt);
2140
2141 return 0;
2142}
2143
2144static int key_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c)
2145{
2146 struct sk_buff *out_skb;
2147 struct sadb_msg *out_hdr;
2148 int err;
2149
2150 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2151 if (IS_ERR(out_skb)) {
2152 err = PTR_ERR(out_skb);
2153 goto out;
2154 }
2155 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2156 if (err < 0)
2157 return err;
2158
2159 out_hdr = (struct sadb_msg *) out_skb->data;
2160 out_hdr->sadb_msg_version = PF_KEY_V2;
2161
2162 if (c->data.byid && c->event == XFRM_MSG_DELPOLICY)
2163 out_hdr->sadb_msg_type = SADB_X_SPDDELETE2;
2164 else
2165 out_hdr->sadb_msg_type = event2poltype(c->event);
2166 out_hdr->sadb_msg_errno = 0;
2167 out_hdr->sadb_msg_seq = c->seq;
2168 out_hdr->sadb_msg_pid = c->pid;
2169 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp));
2170out:
2171 return 0;
2172
2173}
2174
2175static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
2176{
2177 struct net *net = sock_net(sk);
2178 int err = 0;
2179 struct sadb_lifetime *lifetime;
2180 struct sadb_address *sa;
2181 struct sadb_x_policy *pol;
2182 struct xfrm_policy *xp;
2183 struct km_event c;
2184 struct sadb_x_sec_ctx *sec_ctx;
2185
2186 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2187 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
2188 !ext_hdrs[SADB_X_EXT_POLICY-1])
2189 return -EINVAL;
2190
2191 pol = ext_hdrs[SADB_X_EXT_POLICY-1];
2192 if (pol->sadb_x_policy_type > IPSEC_POLICY_IPSEC)
2193 return -EINVAL;
2194 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2195 return -EINVAL;
2196
2197 xp = xfrm_policy_alloc(net, GFP_KERNEL);
2198 if (xp == NULL)
2199 return -ENOBUFS;
2200
2201 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
2202 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
2203 xp->priority = pol->sadb_x_policy_priority;
2204
2205 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2206 xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
2207 if (!xp->family) {
2208 err = -EINVAL;
2209 goto out;
2210 }
2211 xp->selector.family = xp->family;
2212 xp->selector.prefixlen_s = sa->sadb_address_prefixlen;
2213 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2214 xp->selector.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2215 if (xp->selector.sport)
2216 xp->selector.sport_mask = htons(0xffff);
2217
2218 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1],
2219 pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr);
2220 xp->selector.prefixlen_d = sa->sadb_address_prefixlen;
2221
2222
2223
2224
2225 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2226
2227 xp->selector.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2228 if (xp->selector.dport)
2229 xp->selector.dport_mask = htons(0xffff);
2230
2231 sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1];
2232 if (sec_ctx != NULL) {
2233 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
2234
2235 if (!uctx) {
2236 err = -ENOBUFS;
2237 goto out;
2238 }
2239
2240 err = security_xfrm_policy_alloc(&xp->security, uctx);
2241 kfree(uctx);
2242
2243 if (err)
2244 goto out;
2245 }
2246
2247 xp->lft.soft_byte_limit = XFRM_INF;
2248 xp->lft.hard_byte_limit = XFRM_INF;
2249 xp->lft.soft_packet_limit = XFRM_INF;
2250 xp->lft.hard_packet_limit = XFRM_INF;
2251 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD-1]) != NULL) {
2252 xp->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2253 xp->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2254 xp->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2255 xp->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2256 }
2257 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]) != NULL) {
2258 xp->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2259 xp->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2260 xp->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2261 xp->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2262 }
2263 xp->xfrm_nr = 0;
2264 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
2265 (err = parse_ipsecrequests(xp, pol)) < 0)
2266 goto out;
2267
2268 err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp,
2269 hdr->sadb_msg_type != SADB_X_SPDUPDATE);
2270
2271 xfrm_audit_policy_add(xp, err ? 0 : 1,
2272 audit_get_loginuid(current),
2273 audit_get_sessionid(current), 0);
2274
2275 if (err)
2276 goto out;
2277
2278 if (hdr->sadb_msg_type == SADB_X_SPDUPDATE)
2279 c.event = XFRM_MSG_UPDPOLICY;
2280 else
2281 c.event = XFRM_MSG_NEWPOLICY;
2282
2283 c.seq = hdr->sadb_msg_seq;
2284 c.pid = hdr->sadb_msg_pid;
2285
2286 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2287 xfrm_pol_put(xp);
2288 return 0;
2289
2290out:
2291 xp->walk.dead = 1;
2292 xfrm_policy_destroy(xp);
2293 return err;
2294}
2295
2296static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
2297{
2298 struct net *net = sock_net(sk);
2299 int err;
2300 struct sadb_address *sa;
2301 struct sadb_x_policy *pol;
2302 struct xfrm_policy *xp;
2303 struct xfrm_selector sel;
2304 struct km_event c;
2305 struct sadb_x_sec_ctx *sec_ctx;
2306 struct xfrm_sec_ctx *pol_ctx = NULL;
2307
2308 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2309 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
2310 !ext_hdrs[SADB_X_EXT_POLICY-1])
2311 return -EINVAL;
2312
2313 pol = ext_hdrs[SADB_X_EXT_POLICY-1];
2314 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2315 return -EINVAL;
2316
2317 memset(&sel, 0, sizeof(sel));
2318
2319 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2320 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2321 sel.prefixlen_s = sa->sadb_address_prefixlen;
2322 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2323 sel.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2324 if (sel.sport)
2325 sel.sport_mask = htons(0xffff);
2326
2327 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1],
2328 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2329 sel.prefixlen_d = sa->sadb_address_prefixlen;
2330 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2331 sel.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2332 if (sel.dport)
2333 sel.dport_mask = htons(0xffff);
2334
2335 sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1];
2336 if (sec_ctx != NULL) {
2337 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
2338
2339 if (!uctx)
2340 return -ENOMEM;
2341
2342 err = security_xfrm_policy_alloc(&pol_ctx, uctx);
2343 kfree(uctx);
2344 if (err)
2345 return err;
2346 }
2347
2348 xp = xfrm_policy_bysel_ctx(net, XFRM_POLICY_TYPE_MAIN,
2349 pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
2350 1, &err);
2351 security_xfrm_policy_free(pol_ctx);
2352 if (xp == NULL)
2353 return -ENOENT;
2354
2355 xfrm_audit_policy_delete(xp, err ? 0 : 1,
2356 audit_get_loginuid(current),
2357 audit_get_sessionid(current), 0);
2358
2359 if (err)
2360 goto out;
2361
2362 c.seq = hdr->sadb_msg_seq;
2363 c.pid = hdr->sadb_msg_pid;
2364 c.data.byid = 0;
2365 c.event = XFRM_MSG_DELPOLICY;
2366 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2367
2368out:
2369 xfrm_pol_put(xp);
2370 return err;
2371}
2372
2373static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, struct sadb_msg *hdr, int dir)
2374{
2375 int err;
2376 struct sk_buff *out_skb;
2377 struct sadb_msg *out_hdr;
2378 err = 0;
2379
2380 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2381 if (IS_ERR(out_skb)) {
2382 err = PTR_ERR(out_skb);
2383 goto out;
2384 }
2385 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2386 if (err < 0)
2387 goto out;
2388
2389 out_hdr = (struct sadb_msg *) out_skb->data;
2390 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
2391 out_hdr->sadb_msg_type = hdr->sadb_msg_type;
2392 out_hdr->sadb_msg_satype = 0;
2393 out_hdr->sadb_msg_errno = 0;
2394 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
2395 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
2396 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, xp_net(xp));
2397 err = 0;
2398
2399out:
2400 return err;
2401}
2402
2403#ifdef CONFIG_NET_KEY_MIGRATE
2404static int pfkey_sockaddr_pair_size(sa_family_t family)
2405{
2406 return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2);
2407}
2408
2409static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
2410 xfrm_address_t *saddr, xfrm_address_t *daddr,
2411 u16 *family)
2412{
2413 int af, socklen;
2414
2415 if (ext_len < pfkey_sockaddr_pair_size(sa->sa_family))
2416 return -EINVAL;
2417
2418 af = pfkey_sockaddr_extract(sa, saddr);
2419 if (!af)
2420 return -EINVAL;
2421
2422 socklen = pfkey_sockaddr_len(af);
2423 if (pfkey_sockaddr_extract((struct sockaddr *) (((u8 *)sa) + socklen),
2424 daddr) != af)
2425 return -EINVAL;
2426
2427 *family = af;
2428 return 0;
2429}
2430
2431static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
2432 struct xfrm_migrate *m)
2433{
2434 int err;
2435 struct sadb_x_ipsecrequest *rq2;
2436 int mode;
2437
2438 if (len <= sizeof(struct sadb_x_ipsecrequest) ||
2439 len < rq1->sadb_x_ipsecrequest_len)
2440 return -EINVAL;
2441
2442
2443 err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1),
2444 rq1->sadb_x_ipsecrequest_len,
2445 &m->old_saddr, &m->old_daddr,
2446 &m->old_family);
2447 if (err)
2448 return err;
2449
2450 rq2 = (struct sadb_x_ipsecrequest *)((u8 *)rq1 + rq1->sadb_x_ipsecrequest_len);
2451 len -= rq1->sadb_x_ipsecrequest_len;
2452
2453 if (len <= sizeof(struct sadb_x_ipsecrequest) ||
2454 len < rq2->sadb_x_ipsecrequest_len)
2455 return -EINVAL;
2456
2457
2458 err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1),
2459 rq2->sadb_x_ipsecrequest_len,
2460 &m->new_saddr, &m->new_daddr,
2461 &m->new_family);
2462 if (err)
2463 return err;
2464
2465 if (rq1->sadb_x_ipsecrequest_proto != rq2->sadb_x_ipsecrequest_proto ||
2466 rq1->sadb_x_ipsecrequest_mode != rq2->sadb_x_ipsecrequest_mode ||
2467 rq1->sadb_x_ipsecrequest_reqid != rq2->sadb_x_ipsecrequest_reqid)
2468 return -EINVAL;
2469
2470 m->proto = rq1->sadb_x_ipsecrequest_proto;
2471 if ((mode = pfkey_mode_to_xfrm(rq1->sadb_x_ipsecrequest_mode)) < 0)
2472 return -EINVAL;
2473 m->mode = mode;
2474 m->reqid = rq1->sadb_x_ipsecrequest_reqid;
2475
2476 return ((int)(rq1->sadb_x_ipsecrequest_len +
2477 rq2->sadb_x_ipsecrequest_len));
2478}
2479
2480static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2481 struct sadb_msg *hdr, void **ext_hdrs)
2482{
2483 int i, len, ret, err = -EINVAL;
2484 u8 dir;
2485 struct sadb_address *sa;
2486 struct sadb_x_kmaddress *kma;
2487 struct sadb_x_policy *pol;
2488 struct sadb_x_ipsecrequest *rq;
2489 struct xfrm_selector sel;
2490 struct xfrm_migrate m[XFRM_MAX_DEPTH];
2491 struct xfrm_kmaddress k;
2492
2493 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1],
2494 ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) ||
2495 !ext_hdrs[SADB_X_EXT_POLICY - 1]) {
2496 err = -EINVAL;
2497 goto out;
2498 }
2499
2500 kma = ext_hdrs[SADB_X_EXT_KMADDRESS - 1];
2501 pol = ext_hdrs[SADB_X_EXT_POLICY - 1];
2502
2503 if (pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) {
2504 err = -EINVAL;
2505 goto out;
2506 }
2507
2508 if (kma) {
2509
2510 k.reserved = kma->sadb_x_kmaddress_reserved;
2511 ret = parse_sockaddr_pair((struct sockaddr *)(kma + 1),
2512 8*(kma->sadb_x_kmaddress_len) - sizeof(*kma),
2513 &k.local, &k.remote, &k.family);
2514 if (ret < 0) {
2515 err = ret;
2516 goto out;
2517 }
2518 }
2519
2520 dir = pol->sadb_x_policy_dir - 1;
2521 memset(&sel, 0, sizeof(sel));
2522
2523
2524 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC - 1];
2525 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2526 sel.prefixlen_s = sa->sadb_address_prefixlen;
2527 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2528 sel.sport = ((struct sockaddr_in *)(sa + 1))->sin_port;
2529 if (sel.sport)
2530 sel.sport_mask = htons(0xffff);
2531
2532
2533 sa = ext_hdrs[SADB_EXT_ADDRESS_DST - 1],
2534 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2535 sel.prefixlen_d = sa->sadb_address_prefixlen;
2536 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2537 sel.dport = ((struct sockaddr_in *)(sa + 1))->sin_port;
2538 if (sel.dport)
2539 sel.dport_mask = htons(0xffff);
2540
2541 rq = (struct sadb_x_ipsecrequest *)(pol + 1);
2542
2543
2544 i = 0;
2545 len = pol->sadb_x_policy_len * 8 - sizeof(struct sadb_x_policy);
2546
2547 while (len > 0 && i < XFRM_MAX_DEPTH) {
2548 ret = ipsecrequests_to_migrate(rq, len, &m[i]);
2549 if (ret < 0) {
2550 err = ret;
2551 goto out;
2552 } else {
2553 rq = (struct sadb_x_ipsecrequest *)((u8 *)rq + ret);
2554 len -= ret;
2555 i++;
2556 }
2557 }
2558
2559 if (!i || len > 0) {
2560 err = -EINVAL;
2561 goto out;
2562 }
2563
2564 return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,
2565 kma ? &k : NULL);
2566
2567 out:
2568 return err;
2569}
2570#else
2571static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2572 struct sadb_msg *hdr, void **ext_hdrs)
2573{
2574 return -ENOPROTOOPT;
2575}
2576#endif
2577
2578
2579static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
2580{
2581 struct net *net = sock_net(sk);
2582 unsigned int dir;
2583 int err = 0, delete;
2584 struct sadb_x_policy *pol;
2585 struct xfrm_policy *xp;
2586 struct km_event c;
2587
2588 if ((pol = ext_hdrs[SADB_X_EXT_POLICY-1]) == NULL)
2589 return -EINVAL;
2590
2591 dir = xfrm_policy_id2dir(pol->sadb_x_policy_id);
2592 if (dir >= XFRM_POLICY_MAX)
2593 return -EINVAL;
2594
2595 delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
2596 xp = xfrm_policy_byid(net, XFRM_POLICY_TYPE_MAIN, dir,
2597 pol->sadb_x_policy_id, delete, &err);
2598 if (xp == NULL)
2599 return -ENOENT;
2600
2601 if (delete) {
2602 xfrm_audit_policy_delete(xp, err ? 0 : 1,
2603 audit_get_loginuid(current),
2604 audit_get_sessionid(current), 0);
2605
2606 if (err)
2607 goto out;
2608 c.seq = hdr->sadb_msg_seq;
2609 c.pid = hdr->sadb_msg_pid;
2610 c.data.byid = 1;
2611 c.event = XFRM_MSG_DELPOLICY;
2612 km_policy_notify(xp, dir, &c);
2613 } else {
2614 err = key_pol_get_resp(sk, xp, hdr, dir);
2615 }
2616
2617out:
2618 xfrm_pol_put(xp);
2619 return err;
2620}
2621
2622static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr)
2623{
2624 struct pfkey_sock *pfk = ptr;
2625 struct sk_buff *out_skb;
2626 struct sadb_msg *out_hdr;
2627 int err;
2628
2629 if (!pfkey_can_dump(&pfk->sk))
2630 return -ENOBUFS;
2631
2632 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2633 if (IS_ERR(out_skb))
2634 return PTR_ERR(out_skb);
2635
2636 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2637 if (err < 0)
2638 return err;
2639
2640 out_hdr = (struct sadb_msg *) out_skb->data;
2641 out_hdr->sadb_msg_version = pfk->dump.msg_version;
2642 out_hdr->sadb_msg_type = SADB_X_SPDDUMP;
2643 out_hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
2644 out_hdr->sadb_msg_errno = 0;
2645 out_hdr->sadb_msg_seq = count + 1;
2646 out_hdr->sadb_msg_pid = pfk->dump.msg_pid;
2647
2648 if (pfk->dump.skb)
2649 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
2650 &pfk->sk, sock_net(&pfk->sk));
2651 pfk->dump.skb = out_skb;
2652
2653 return 0;
2654}
2655
2656static int pfkey_dump_sp(struct pfkey_sock *pfk)
2657{
2658 struct net *net = sock_net(&pfk->sk);
2659 return xfrm_policy_walk(net, &pfk->dump.u.policy, dump_sp, (void *) pfk);
2660}
2661
2662static void pfkey_dump_sp_done(struct pfkey_sock *pfk)
2663{
2664 xfrm_policy_walk_done(&pfk->dump.u.policy);
2665}
2666
2667static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
2668{
2669 struct pfkey_sock *pfk = pfkey_sk(sk);
2670
2671 if (pfk->dump.dump != NULL)
2672 return -EBUSY;
2673
2674 pfk->dump.msg_version = hdr->sadb_msg_version;
2675 pfk->dump.msg_pid = hdr->sadb_msg_pid;
2676 pfk->dump.dump = pfkey_dump_sp;
2677 pfk->dump.done = pfkey_dump_sp_done;
2678 xfrm_policy_walk_init(&pfk->dump.u.policy, XFRM_POLICY_TYPE_MAIN);
2679
2680 return pfkey_do_dump(pfk);
2681}
2682
2683static int key_notify_policy_flush(struct km_event *c)
2684{
2685 struct sk_buff *skb_out;
2686 struct sadb_msg *hdr;
2687
2688 skb_out = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
2689 if (!skb_out)
2690 return -ENOBUFS;
2691 hdr = (struct sadb_msg *) skb_put(skb_out, sizeof(struct sadb_msg));
2692 hdr->sadb_msg_type = SADB_X_SPDFLUSH;
2693 hdr->sadb_msg_seq = c->seq;
2694 hdr->sadb_msg_pid = c->pid;
2695 hdr->sadb_msg_version = PF_KEY_V2;
2696 hdr->sadb_msg_errno = (uint8_t) 0;
2697 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
2698 pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
2699 return 0;
2700
2701}
2702
2703static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
2704{
2705 struct net *net = sock_net(sk);
2706 struct km_event c;
2707 struct xfrm_audit audit_info;
2708 int err;
2709
2710 audit_info.loginuid = audit_get_loginuid(current);
2711 audit_info.sessionid = audit_get_sessionid(current);
2712 audit_info.secid = 0;
2713 err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
2714 if (err)
2715 return err;
2716 c.data.type = XFRM_POLICY_TYPE_MAIN;
2717 c.event = XFRM_MSG_FLUSHPOLICY;
2718 c.pid = hdr->sadb_msg_pid;
2719 c.seq = hdr->sadb_msg_seq;
2720 c.net = net;
2721 km_policy_notify(NULL, 0, &c);
2722
2723 return 0;
2724}
2725
2726typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb,
2727 struct sadb_msg *hdr, void **ext_hdrs);
2728static pfkey_handler pfkey_funcs[SADB_MAX + 1] = {
2729 [SADB_RESERVED] = pfkey_reserved,
2730 [SADB_GETSPI] = pfkey_getspi,
2731 [SADB_UPDATE] = pfkey_add,
2732 [SADB_ADD] = pfkey_add,
2733 [SADB_DELETE] = pfkey_delete,
2734 [SADB_GET] = pfkey_get,
2735 [SADB_ACQUIRE] = pfkey_acquire,
2736 [SADB_REGISTER] = pfkey_register,
2737 [SADB_EXPIRE] = NULL,
2738 [SADB_FLUSH] = pfkey_flush,
2739 [SADB_DUMP] = pfkey_dump,
2740 [SADB_X_PROMISC] = pfkey_promisc,
2741 [SADB_X_PCHANGE] = NULL,
2742 [SADB_X_SPDUPDATE] = pfkey_spdadd,
2743 [SADB_X_SPDADD] = pfkey_spdadd,
2744 [SADB_X_SPDDELETE] = pfkey_spddelete,
2745 [SADB_X_SPDGET] = pfkey_spdget,
2746 [SADB_X_SPDACQUIRE] = NULL,
2747 [SADB_X_SPDDUMP] = pfkey_spddump,
2748 [SADB_X_SPDFLUSH] = pfkey_spdflush,
2749 [SADB_X_SPDSETIDX] = pfkey_spdadd,
2750 [SADB_X_SPDDELETE2] = pfkey_spdget,
2751 [SADB_X_MIGRATE] = pfkey_migrate,
2752};
2753
2754static int pfkey_process(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr)
2755{
2756 void *ext_hdrs[SADB_EXT_MAX];
2757 int err;
2758
2759 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL,
2760 BROADCAST_PROMISC_ONLY, NULL, sock_net(sk));
2761
2762 memset(ext_hdrs, 0, sizeof(ext_hdrs));
2763 err = parse_exthdrs(skb, hdr, ext_hdrs);
2764 if (!err) {
2765 err = -EOPNOTSUPP;
2766 if (pfkey_funcs[hdr->sadb_msg_type])
2767 err = pfkey_funcs[hdr->sadb_msg_type](sk, skb, hdr, ext_hdrs);
2768 }
2769 return err;
2770}
2771
2772static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp)
2773{
2774 struct sadb_msg *hdr = NULL;
2775
2776 if (skb->len < sizeof(*hdr)) {
2777 *errp = -EMSGSIZE;
2778 } else {
2779 hdr = (struct sadb_msg *) skb->data;
2780 if (hdr->sadb_msg_version != PF_KEY_V2 ||
2781 hdr->sadb_msg_reserved != 0 ||
2782 (hdr->sadb_msg_type <= SADB_RESERVED ||
2783 hdr->sadb_msg_type > SADB_MAX)) {
2784 hdr = NULL;
2785 *errp = -EINVAL;
2786 } else if (hdr->sadb_msg_len != (skb->len /
2787 sizeof(uint64_t)) ||
2788 hdr->sadb_msg_len < (sizeof(struct sadb_msg) /
2789 sizeof(uint64_t))) {
2790 hdr = NULL;
2791 *errp = -EMSGSIZE;
2792 } else {
2793 *errp = 0;
2794 }
2795 }
2796 return hdr;
2797}
2798
2799static inline int aalg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
2800{
2801 unsigned int id = d->desc.sadb_alg_id;
2802
2803 if (id >= sizeof(t->aalgos) * 8)
2804 return 0;
2805
2806 return (t->aalgos >> id) & 1;
2807}
2808
2809static inline int ealg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
2810{
2811 unsigned int id = d->desc.sadb_alg_id;
2812
2813 if (id >= sizeof(t->ealgos) * 8)
2814 return 0;
2815
2816 return (t->ealgos >> id) & 1;
2817}
2818
2819static int count_ah_combs(struct xfrm_tmpl *t)
2820{
2821 int i, sz = 0;
2822
2823 for (i = 0; ; i++) {
2824 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2825 if (!aalg)
2826 break;
2827 if (aalg_tmpl_set(t, aalg) && aalg->available)
2828 sz += sizeof(struct sadb_comb);
2829 }
2830 return sz + sizeof(struct sadb_prop);
2831}
2832
2833static int count_esp_combs(struct xfrm_tmpl *t)
2834{
2835 int i, k, sz = 0;
2836
2837 for (i = 0; ; i++) {
2838 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2839 if (!ealg)
2840 break;
2841
2842 if (!(ealg_tmpl_set(t, ealg) && ealg->available))
2843 continue;
2844
2845 for (k = 1; ; k++) {
2846 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
2847 if (!aalg)
2848 break;
2849
2850 if (aalg_tmpl_set(t, aalg) && aalg->available)
2851 sz += sizeof(struct sadb_comb);
2852 }
2853 }
2854 return sz + sizeof(struct sadb_prop);
2855}
2856
2857static void dump_ah_combs(struct sk_buff *skb, struct xfrm_tmpl *t)
2858{
2859 struct sadb_prop *p;
2860 int i;
2861
2862 p = (struct sadb_prop*)skb_put(skb, sizeof(struct sadb_prop));
2863 p->sadb_prop_len = sizeof(struct sadb_prop)/8;
2864 p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
2865 p->sadb_prop_replay = 32;
2866 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2867
2868 for (i = 0; ; i++) {
2869 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2870 if (!aalg)
2871 break;
2872
2873 if (aalg_tmpl_set(t, aalg) && aalg->available) {
2874 struct sadb_comb *c;
2875 c = (struct sadb_comb*)skb_put(skb, sizeof(struct sadb_comb));
2876 memset(c, 0, sizeof(*c));
2877 p->sadb_prop_len += sizeof(struct sadb_comb)/8;
2878 c->sadb_comb_auth = aalg->desc.sadb_alg_id;
2879 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
2880 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
2881 c->sadb_comb_hard_addtime = 24*60*60;
2882 c->sadb_comb_soft_addtime = 20*60*60;
2883 c->sadb_comb_hard_usetime = 8*60*60;
2884 c->sadb_comb_soft_usetime = 7*60*60;
2885 }
2886 }
2887}
2888
2889static void dump_esp_combs(struct sk_buff *skb, struct xfrm_tmpl *t)
2890{
2891 struct sadb_prop *p;
2892 int i, k;
2893
2894 p = (struct sadb_prop*)skb_put(skb, sizeof(struct sadb_prop));
2895 p->sadb_prop_len = sizeof(struct sadb_prop)/8;
2896 p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
2897 p->sadb_prop_replay = 32;
2898 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2899
2900 for (i=0; ; i++) {
2901 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2902 if (!ealg)
2903 break;
2904
2905 if (!(ealg_tmpl_set(t, ealg) && ealg->available))
2906 continue;
2907
2908 for (k = 1; ; k++) {
2909 struct sadb_comb *c;
2910 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
2911 if (!aalg)
2912 break;
2913 if (!(aalg_tmpl_set(t, aalg) && aalg->available))
2914 continue;
2915 c = (struct sadb_comb*)skb_put(skb, sizeof(struct sadb_comb));
2916 memset(c, 0, sizeof(*c));
2917 p->sadb_prop_len += sizeof(struct sadb_comb)/8;
2918 c->sadb_comb_auth = aalg->desc.sadb_alg_id;
2919 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
2920 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
2921 c->sadb_comb_encrypt = ealg->desc.sadb_alg_id;
2922 c->sadb_comb_encrypt_minbits = ealg->desc.sadb_alg_minbits;
2923 c->sadb_comb_encrypt_maxbits = ealg->desc.sadb_alg_maxbits;
2924 c->sadb_comb_hard_addtime = 24*60*60;
2925 c->sadb_comb_soft_addtime = 20*60*60;
2926 c->sadb_comb_hard_usetime = 8*60*60;
2927 c->sadb_comb_soft_usetime = 7*60*60;
2928 }
2929 }
2930}
2931
2932static int key_notify_policy_expire(struct xfrm_policy *xp, struct km_event *c)
2933{
2934 return 0;
2935}
2936
2937static int key_notify_sa_expire(struct xfrm_state *x, struct km_event *c)
2938{
2939 struct sk_buff *out_skb;
2940 struct sadb_msg *out_hdr;
2941 int hard;
2942 int hsc;
2943
2944 hard = c->data.hard;
2945 if (hard)
2946 hsc = 2;
2947 else
2948 hsc = 1;
2949
2950 out_skb = pfkey_xfrm_state2msg_expire(x, hsc);
2951 if (IS_ERR(out_skb))
2952 return PTR_ERR(out_skb);
2953
2954 out_hdr = (struct sadb_msg *) out_skb->data;
2955 out_hdr->sadb_msg_version = PF_KEY_V2;
2956 out_hdr->sadb_msg_type = SADB_EXPIRE;
2957 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
2958 out_hdr->sadb_msg_errno = 0;
2959 out_hdr->sadb_msg_reserved = 0;
2960 out_hdr->sadb_msg_seq = 0;
2961 out_hdr->sadb_msg_pid = 0;
2962
2963 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL, xs_net(x));
2964 return 0;
2965}
2966
2967static int pfkey_send_notify(struct xfrm_state *x, struct km_event *c)
2968{
2969 struct net *net = x ? xs_net(x) : c->net;
2970 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
2971
2972 if (atomic_read(&net_pfkey->socks_nr) == 0)
2973 return 0;
2974
2975 switch (c->event) {
2976 case XFRM_MSG_EXPIRE:
2977 return key_notify_sa_expire(x, c);
2978 case XFRM_MSG_DELSA:
2979 case XFRM_MSG_NEWSA:
2980 case XFRM_MSG_UPDSA:
2981 return key_notify_sa(x, c);
2982 case XFRM_MSG_FLUSHSA:
2983 return key_notify_sa_flush(c);
2984 case XFRM_MSG_NEWAE:
2985 break;
2986 default:
2987 printk("pfkey: Unknown SA event %d\n", c->event);
2988 break;
2989 }
2990
2991 return 0;
2992}
2993
2994static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
2995{
2996 if (xp && xp->type != XFRM_POLICY_TYPE_MAIN)
2997 return 0;
2998
2999 switch (c->event) {
3000 case XFRM_MSG_POLEXPIRE:
3001 return key_notify_policy_expire(xp, c);
3002 case XFRM_MSG_DELPOLICY:
3003 case XFRM_MSG_NEWPOLICY:
3004 case XFRM_MSG_UPDPOLICY:
3005 return key_notify_policy(xp, dir, c);
3006 case XFRM_MSG_FLUSHPOLICY:
3007 if (c->data.type != XFRM_POLICY_TYPE_MAIN)
3008 break;
3009 return key_notify_policy_flush(c);
3010 default:
3011 printk("pfkey: Unknown policy event %d\n", c->event);
3012 break;
3013 }
3014
3015 return 0;
3016}
3017
3018static u32 get_acqseq(void)
3019{
3020 u32 res;
3021 static u32 acqseq;
3022 static DEFINE_SPINLOCK(acqseq_lock);
3023
3024 spin_lock_bh(&acqseq_lock);
3025 res = (++acqseq ? : ++acqseq);
3026 spin_unlock_bh(&acqseq_lock);
3027 return res;
3028}
3029
3030static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp, int dir)
3031{
3032 struct sk_buff *skb;
3033 struct sadb_msg *hdr;
3034 struct sadb_address *addr;
3035 struct sadb_x_policy *pol;
3036 int sockaddr_size;
3037 int size;
3038 struct sadb_x_sec_ctx *sec_ctx;
3039 struct xfrm_sec_ctx *xfrm_ctx;
3040 int ctx_size = 0;
3041
3042 sockaddr_size = pfkey_sockaddr_size(x->props.family);
3043 if (!sockaddr_size)
3044 return -EINVAL;
3045
3046 size = sizeof(struct sadb_msg) +
3047 (sizeof(struct sadb_address) * 2) +
3048 (sockaddr_size * 2) +
3049 sizeof(struct sadb_x_policy);
3050
3051 if (x->id.proto == IPPROTO_AH)
3052 size += count_ah_combs(t);
3053 else if (x->id.proto == IPPROTO_ESP)
3054 size += count_esp_combs(t);
3055
3056 if ((xfrm_ctx = x->security)) {
3057 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
3058 size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
3059 }
3060
3061 skb = alloc_skb(size + 16, GFP_ATOMIC);
3062 if (skb == NULL)
3063 return -ENOMEM;
3064
3065 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
3066 hdr->sadb_msg_version = PF_KEY_V2;
3067 hdr->sadb_msg_type = SADB_ACQUIRE;
3068 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
3069 hdr->sadb_msg_len = size / sizeof(uint64_t);
3070 hdr->sadb_msg_errno = 0;
3071 hdr->sadb_msg_reserved = 0;
3072 hdr->sadb_msg_seq = x->km.seq = get_acqseq();
3073 hdr->sadb_msg_pid = 0;
3074
3075
3076 addr = (struct sadb_address*) skb_put(skb,
3077 sizeof(struct sadb_address)+sockaddr_size);
3078 addr->sadb_address_len =
3079 (sizeof(struct sadb_address)+sockaddr_size)/
3080 sizeof(uint64_t);
3081 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3082 addr->sadb_address_proto = 0;
3083 addr->sadb_address_reserved = 0;
3084 addr->sadb_address_prefixlen =
3085 pfkey_sockaddr_fill(&x->props.saddr, 0,
3086 (struct sockaddr *) (addr + 1),
3087 x->props.family);
3088 if (!addr->sadb_address_prefixlen)
3089 BUG();
3090
3091
3092 addr = (struct sadb_address*) skb_put(skb,
3093 sizeof(struct sadb_address)+sockaddr_size);
3094 addr->sadb_address_len =
3095 (sizeof(struct sadb_address)+sockaddr_size)/
3096 sizeof(uint64_t);
3097 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3098 addr->sadb_address_proto = 0;
3099 addr->sadb_address_reserved = 0;
3100 addr->sadb_address_prefixlen =
3101 pfkey_sockaddr_fill(&x->id.daddr, 0,
3102 (struct sockaddr *) (addr + 1),
3103 x->props.family);
3104 if (!addr->sadb_address_prefixlen)
3105 BUG();
3106
3107 pol = (struct sadb_x_policy *) skb_put(skb, sizeof(struct sadb_x_policy));
3108 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
3109 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3110 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
3111 pol->sadb_x_policy_dir = dir+1;
3112 pol->sadb_x_policy_id = xp->index;
3113
3114
3115 if (x->id.proto == IPPROTO_AH)
3116 dump_ah_combs(skb, t);
3117 else if (x->id.proto == IPPROTO_ESP)
3118 dump_esp_combs(skb, t);
3119
3120
3121 if (xfrm_ctx) {
3122 sec_ctx = (struct sadb_x_sec_ctx *) skb_put(skb,
3123 sizeof(struct sadb_x_sec_ctx) + ctx_size);
3124 sec_ctx->sadb_x_sec_len =
3125 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
3126 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
3127 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
3128 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
3129 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
3130 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
3131 xfrm_ctx->ctx_len);
3132 }
3133
3134 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL, xs_net(x));
3135}
3136
3137static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
3138 u8 *data, int len, int *dir)
3139{
3140 struct net *net = sock_net(sk);
3141 struct xfrm_policy *xp;
3142 struct sadb_x_policy *pol = (struct sadb_x_policy*)data;
3143 struct sadb_x_sec_ctx *sec_ctx;
3144
3145 switch (sk->sk_family) {
3146 case AF_INET:
3147 if (opt != IP_IPSEC_POLICY) {
3148 *dir = -EOPNOTSUPP;
3149 return NULL;
3150 }
3151 break;
3152#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3153 case AF_INET6:
3154 if (opt != IPV6_IPSEC_POLICY) {
3155 *dir = -EOPNOTSUPP;
3156 return NULL;
3157 }
3158 break;
3159#endif
3160 default:
3161 *dir = -EINVAL;
3162 return NULL;
3163 }
3164
3165 *dir = -EINVAL;
3166
3167 if (len < sizeof(struct sadb_x_policy) ||
3168 pol->sadb_x_policy_len*8 > len ||
3169 pol->sadb_x_policy_type > IPSEC_POLICY_BYPASS ||
3170 (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir > IPSEC_DIR_OUTBOUND))
3171 return NULL;
3172
3173 xp = xfrm_policy_alloc(net, GFP_ATOMIC);
3174 if (xp == NULL) {
3175 *dir = -ENOBUFS;
3176 return NULL;
3177 }
3178
3179 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
3180 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
3181
3182 xp->lft.soft_byte_limit = XFRM_INF;
3183 xp->lft.hard_byte_limit = XFRM_INF;
3184 xp->lft.soft_packet_limit = XFRM_INF;
3185 xp->lft.hard_packet_limit = XFRM_INF;
3186 xp->family = sk->sk_family;
3187
3188 xp->xfrm_nr = 0;
3189 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
3190 (*dir = parse_ipsecrequests(xp, pol)) < 0)
3191 goto out;
3192
3193
3194 if (len >= (pol->sadb_x_policy_len*8 +
3195 sizeof(struct sadb_x_sec_ctx))) {
3196 char *p = (char *)pol;
3197 struct xfrm_user_sec_ctx *uctx;
3198
3199 p += pol->sadb_x_policy_len*8;
3200 sec_ctx = (struct sadb_x_sec_ctx *)p;
3201 if (len < pol->sadb_x_policy_len*8 +
3202 sec_ctx->sadb_x_sec_len) {
3203 *dir = -EINVAL;
3204 goto out;
3205 }
3206 if ((*dir = verify_sec_ctx_len(p)))
3207 goto out;
3208 uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
3209 *dir = security_xfrm_policy_alloc(&xp->security, uctx);
3210 kfree(uctx);
3211
3212 if (*dir)
3213 goto out;
3214 }
3215
3216 *dir = pol->sadb_x_policy_dir-1;
3217 return xp;
3218
3219out:
3220 xp->walk.dead = 1;
3221 xfrm_policy_destroy(xp);
3222 return NULL;
3223}
3224
3225static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
3226{
3227 struct sk_buff *skb;
3228 struct sadb_msg *hdr;
3229 struct sadb_sa *sa;
3230 struct sadb_address *addr;
3231 struct sadb_x_nat_t_port *n_port;
3232 int sockaddr_size;
3233 int size;
3234 __u8 satype = (x->id.proto == IPPROTO_ESP ? SADB_SATYPE_ESP : 0);
3235 struct xfrm_encap_tmpl *natt = NULL;
3236
3237 sockaddr_size = pfkey_sockaddr_size(x->props.family);
3238 if (!sockaddr_size)
3239 return -EINVAL;
3240
3241 if (!satype)
3242 return -EINVAL;
3243
3244 if (!x->encap)
3245 return -EINVAL;
3246
3247 natt = x->encap;
3248
3249
3250
3251
3252
3253
3254
3255 size = sizeof(struct sadb_msg) +
3256 sizeof(struct sadb_sa) +
3257 (sizeof(struct sadb_address) * 2) +
3258 (sockaddr_size * 2) +
3259 (sizeof(struct sadb_x_nat_t_port) * 2);
3260
3261 skb = alloc_skb(size + 16, GFP_ATOMIC);
3262 if (skb == NULL)
3263 return -ENOMEM;
3264
3265 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
3266 hdr->sadb_msg_version = PF_KEY_V2;
3267 hdr->sadb_msg_type = SADB_X_NAT_T_NEW_MAPPING;
3268 hdr->sadb_msg_satype = satype;
3269 hdr->sadb_msg_len = size / sizeof(uint64_t);
3270 hdr->sadb_msg_errno = 0;
3271 hdr->sadb_msg_reserved = 0;
3272 hdr->sadb_msg_seq = x->km.seq = get_acqseq();
3273 hdr->sadb_msg_pid = 0;
3274
3275
3276 sa = (struct sadb_sa *) skb_put(skb, sizeof(struct sadb_sa));
3277 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
3278 sa->sadb_sa_exttype = SADB_EXT_SA;
3279 sa->sadb_sa_spi = x->id.spi;
3280 sa->sadb_sa_replay = 0;
3281 sa->sadb_sa_state = 0;
3282 sa->sadb_sa_auth = 0;
3283 sa->sadb_sa_encrypt = 0;
3284 sa->sadb_sa_flags = 0;
3285
3286
3287 addr = (struct sadb_address*)
3288 skb_put(skb, sizeof(struct sadb_address)+sockaddr_size);
3289 addr->sadb_address_len =
3290 (sizeof(struct sadb_address)+sockaddr_size)/
3291 sizeof(uint64_t);
3292 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3293 addr->sadb_address_proto = 0;
3294 addr->sadb_address_reserved = 0;
3295 addr->sadb_address_prefixlen =
3296 pfkey_sockaddr_fill(&x->props.saddr, 0,
3297 (struct sockaddr *) (addr + 1),
3298 x->props.family);
3299 if (!addr->sadb_address_prefixlen)
3300 BUG();
3301
3302
3303 n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port));
3304 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
3305 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
3306 n_port->sadb_x_nat_t_port_port = natt->encap_sport;
3307 n_port->sadb_x_nat_t_port_reserved = 0;
3308
3309
3310 addr = (struct sadb_address*)
3311 skb_put(skb, sizeof(struct sadb_address)+sockaddr_size);
3312 addr->sadb_address_len =
3313 (sizeof(struct sadb_address)+sockaddr_size)/
3314 sizeof(uint64_t);
3315 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3316 addr->sadb_address_proto = 0;
3317 addr->sadb_address_reserved = 0;
3318 addr->sadb_address_prefixlen =
3319 pfkey_sockaddr_fill(ipaddr, 0,
3320 (struct sockaddr *) (addr + 1),
3321 x->props.family);
3322 if (!addr->sadb_address_prefixlen)
3323 BUG();
3324
3325
3326 n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port));
3327 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
3328 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
3329 n_port->sadb_x_nat_t_port_port = sport;
3330 n_port->sadb_x_nat_t_port_reserved = 0;
3331
3332 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL, xs_net(x));
3333}
3334
3335#ifdef CONFIG_NET_KEY_MIGRATE
3336static int set_sadb_address(struct sk_buff *skb, int sasize, int type,
3337 struct xfrm_selector *sel)
3338{
3339 struct sadb_address *addr;
3340 addr = (struct sadb_address *)skb_put(skb, sizeof(struct sadb_address) + sasize);
3341 addr->sadb_address_len = (sizeof(struct sadb_address) + sasize)/8;
3342 addr->sadb_address_exttype = type;
3343 addr->sadb_address_proto = sel->proto;
3344 addr->sadb_address_reserved = 0;
3345
3346 switch (type) {
3347 case SADB_EXT_ADDRESS_SRC:
3348 addr->sadb_address_prefixlen = sel->prefixlen_s;
3349 pfkey_sockaddr_fill(&sel->saddr, 0,
3350 (struct sockaddr *)(addr + 1),
3351 sel->family);
3352 break;
3353 case SADB_EXT_ADDRESS_DST:
3354 addr->sadb_address_prefixlen = sel->prefixlen_d;
3355 pfkey_sockaddr_fill(&sel->daddr, 0,
3356 (struct sockaddr *)(addr + 1),
3357 sel->family);
3358 break;
3359 default:
3360 return -EINVAL;
3361 }
3362
3363 return 0;
3364}
3365
3366
3367static int set_sadb_kmaddress(struct sk_buff *skb, struct xfrm_kmaddress *k)
3368{
3369 struct sadb_x_kmaddress *kma;
3370 u8 *sa;
3371 int family = k->family;
3372 int socklen = pfkey_sockaddr_len(family);
3373 int size_req;
3374
3375 size_req = (sizeof(struct sadb_x_kmaddress) +
3376 pfkey_sockaddr_pair_size(family));
3377
3378 kma = (struct sadb_x_kmaddress *)skb_put(skb, size_req);
3379 memset(kma, 0, size_req);
3380 kma->sadb_x_kmaddress_len = size_req / 8;
3381 kma->sadb_x_kmaddress_exttype = SADB_X_EXT_KMADDRESS;
3382 kma->sadb_x_kmaddress_reserved = k->reserved;
3383
3384 sa = (u8 *)(kma + 1);
3385 if (!pfkey_sockaddr_fill(&k->local, 0, (struct sockaddr *)sa, family) ||
3386 !pfkey_sockaddr_fill(&k->remote, 0, (struct sockaddr *)(sa+socklen), family))
3387 return -EINVAL;
3388
3389 return 0;
3390}
3391
3392static int set_ipsecrequest(struct sk_buff *skb,
3393 uint8_t proto, uint8_t mode, int level,
3394 uint32_t reqid, uint8_t family,
3395 xfrm_address_t *src, xfrm_address_t *dst)
3396{
3397 struct sadb_x_ipsecrequest *rq;
3398 u8 *sa;
3399 int socklen = pfkey_sockaddr_len(family);
3400 int size_req;
3401
3402 size_req = sizeof(struct sadb_x_ipsecrequest) +
3403 pfkey_sockaddr_pair_size(family);
3404
3405 rq = (struct sadb_x_ipsecrequest *)skb_put(skb, size_req);
3406 memset(rq, 0, size_req);
3407 rq->sadb_x_ipsecrequest_len = size_req;
3408 rq->sadb_x_ipsecrequest_proto = proto;
3409 rq->sadb_x_ipsecrequest_mode = mode;
3410 rq->sadb_x_ipsecrequest_level = level;
3411 rq->sadb_x_ipsecrequest_reqid = reqid;
3412
3413 sa = (u8 *) (rq + 1);
3414 if (!pfkey_sockaddr_fill(src, 0, (struct sockaddr *)sa, family) ||
3415 !pfkey_sockaddr_fill(dst, 0, (struct sockaddr *)(sa + socklen), family))
3416 return -EINVAL;
3417
3418 return 0;
3419}
3420#endif
3421
3422#ifdef CONFIG_NET_KEY_MIGRATE
3423static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
3424 struct xfrm_migrate *m, int num_bundles,
3425 struct xfrm_kmaddress *k)
3426{
3427 int i;
3428 int sasize_sel;
3429 int size = 0;
3430 int size_pol = 0;
3431 struct sk_buff *skb;
3432 struct sadb_msg *hdr;
3433 struct sadb_x_policy *pol;
3434 struct xfrm_migrate *mp;
3435
3436 if (type != XFRM_POLICY_TYPE_MAIN)
3437 return 0;
3438
3439 if (num_bundles <= 0 || num_bundles > XFRM_MAX_DEPTH)
3440 return -EINVAL;
3441
3442 if (k != NULL) {
3443
3444 size += PFKEY_ALIGN8(sizeof(struct sadb_x_kmaddress) +
3445 pfkey_sockaddr_pair_size(k->family));
3446 }
3447
3448
3449 sasize_sel = pfkey_sockaddr_size(sel->family);
3450 if (!sasize_sel)
3451 return -EINVAL;
3452 size += (sizeof(struct sadb_address) + sasize_sel) * 2;
3453
3454
3455 size_pol += sizeof(struct sadb_x_policy);
3456
3457
3458 for (i = 0, mp = m; i < num_bundles; i++, mp++) {
3459
3460 size_pol += sizeof(struct sadb_x_ipsecrequest) +
3461 pfkey_sockaddr_pair_size(mp->old_family);
3462
3463 size_pol += sizeof(struct sadb_x_ipsecrequest) +
3464 pfkey_sockaddr_pair_size(mp->new_family);
3465 }
3466
3467 size += sizeof(struct sadb_msg) + size_pol;
3468
3469
3470 skb = alloc_skb(size, GFP_ATOMIC);
3471 if (skb == NULL)
3472 return -ENOMEM;
3473
3474 hdr = (struct sadb_msg *)skb_put(skb, sizeof(struct sadb_msg));
3475 hdr->sadb_msg_version = PF_KEY_V2;
3476 hdr->sadb_msg_type = SADB_X_MIGRATE;
3477 hdr->sadb_msg_satype = pfkey_proto2satype(m->proto);
3478 hdr->sadb_msg_len = size / 8;
3479 hdr->sadb_msg_errno = 0;
3480 hdr->sadb_msg_reserved = 0;
3481 hdr->sadb_msg_seq = 0;
3482 hdr->sadb_msg_pid = 0;
3483
3484
3485 if (k != NULL && (set_sadb_kmaddress(skb, k) < 0))
3486 return -EINVAL;
3487
3488
3489 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_SRC, sel);
3490
3491
3492 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_DST, sel);
3493
3494
3495 pol = (struct sadb_x_policy *)skb_put(skb, sizeof(struct sadb_x_policy));
3496 pol->sadb_x_policy_len = size_pol / 8;
3497 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3498 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
3499 pol->sadb_x_policy_dir = dir + 1;
3500 pol->sadb_x_policy_id = 0;
3501 pol->sadb_x_policy_priority = 0;
3502
3503 for (i = 0, mp = m; i < num_bundles; i++, mp++) {
3504
3505 int mode = pfkey_mode_from_xfrm(mp->mode);
3506 if (mode < 0)
3507 goto err;
3508 if (set_ipsecrequest(skb, mp->proto, mode,
3509 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
3510 mp->reqid, mp->old_family,
3511 &mp->old_saddr, &mp->old_daddr) < 0)
3512 goto err;
3513
3514
3515 if (set_ipsecrequest(skb, mp->proto, mode,
3516 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
3517 mp->reqid, mp->new_family,
3518 &mp->new_saddr, &mp->new_daddr) < 0)
3519 goto err;
3520 }
3521
3522
3523 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, &init_net);
3524
3525 return 0;
3526
3527err:
3528 kfree_skb(skb);
3529 return -EINVAL;
3530}
3531#else
3532static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
3533 struct xfrm_migrate *m, int num_bundles,
3534 struct xfrm_kmaddress *k)
3535{
3536 return -ENOPROTOOPT;
3537}
3538#endif
3539
3540static int pfkey_sendmsg(struct kiocb *kiocb,
3541 struct socket *sock, struct msghdr *msg, size_t len)
3542{
3543 struct sock *sk = sock->sk;
3544 struct sk_buff *skb = NULL;
3545 struct sadb_msg *hdr = NULL;
3546 int err;
3547
3548 err = -EOPNOTSUPP;
3549 if (msg->msg_flags & MSG_OOB)
3550 goto out;
3551
3552 err = -EMSGSIZE;
3553 if ((unsigned)len > sk->sk_sndbuf - 32)
3554 goto out;
3555
3556 err = -ENOBUFS;
3557 skb = alloc_skb(len, GFP_KERNEL);
3558 if (skb == NULL)
3559 goto out;
3560
3561 err = -EFAULT;
3562 if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len))
3563 goto out;
3564
3565 hdr = pfkey_get_base_msg(skb, &err);
3566 if (!hdr)
3567 goto out;
3568
3569 mutex_lock(&xfrm_cfg_mutex);
3570 err = pfkey_process(sk, skb, hdr);
3571 mutex_unlock(&xfrm_cfg_mutex);
3572
3573out:
3574 if (err && hdr && pfkey_error(hdr, err, sk) == 0)
3575 err = 0;
3576 if (skb)
3577 kfree_skb(skb);
3578
3579 return err ? : len;
3580}
3581
3582static int pfkey_recvmsg(struct kiocb *kiocb,
3583 struct socket *sock, struct msghdr *msg, size_t len,
3584 int flags)
3585{
3586 struct sock *sk = sock->sk;
3587 struct pfkey_sock *pfk = pfkey_sk(sk);
3588 struct sk_buff *skb;
3589 int copied, err;
3590
3591 err = -EINVAL;
3592 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
3593 goto out;
3594
3595 msg->msg_namelen = 0;
3596 skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err);
3597 if (skb == NULL)
3598 goto out;
3599
3600 copied = skb->len;
3601 if (copied > len) {
3602 msg->msg_flags |= MSG_TRUNC;
3603 copied = len;
3604 }
3605
3606 skb_reset_transport_header(skb);
3607 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
3608 if (err)
3609 goto out_free;
3610
3611 sock_recv_timestamp(msg, sk, skb);
3612
3613 err = (flags & MSG_TRUNC) ? skb->len : copied;
3614
3615 if (pfk->dump.dump != NULL &&
3616 3 * atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf)
3617 pfkey_do_dump(pfk);
3618
3619out_free:
3620 skb_free_datagram(sk, skb);
3621out:
3622 return err;
3623}
3624
3625static const struct proto_ops pfkey_ops = {
3626 .family = PF_KEY,
3627 .owner = THIS_MODULE,
3628
3629 .bind = sock_no_bind,
3630 .connect = sock_no_connect,
3631 .socketpair = sock_no_socketpair,
3632 .accept = sock_no_accept,
3633 .getname = sock_no_getname,
3634 .ioctl = sock_no_ioctl,
3635 .listen = sock_no_listen,
3636 .shutdown = sock_no_shutdown,
3637 .setsockopt = sock_no_setsockopt,
3638 .getsockopt = sock_no_getsockopt,
3639 .mmap = sock_no_mmap,
3640 .sendpage = sock_no_sendpage,
3641
3642
3643 .release = pfkey_release,
3644 .poll = datagram_poll,
3645 .sendmsg = pfkey_sendmsg,
3646 .recvmsg = pfkey_recvmsg,
3647};
3648
3649static struct net_proto_family pfkey_family_ops = {
3650 .family = PF_KEY,
3651 .create = pfkey_create,
3652 .owner = THIS_MODULE,
3653};
3654
3655#ifdef CONFIG_PROC_FS
3656static int pfkey_seq_show(struct seq_file *f, void *v)
3657{
3658 struct sock *s;
3659
3660 s = (struct sock *)v;
3661 if (v == SEQ_START_TOKEN)
3662 seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n");
3663 else
3664 seq_printf(f ,"%p %-6d %-6u %-6u %-6u %-6lu\n",
3665 s,
3666 atomic_read(&s->sk_refcnt),
3667 atomic_read(&s->sk_rmem_alloc),
3668 atomic_read(&s->sk_wmem_alloc),
3669 sock_i_uid(s),
3670 sock_i_ino(s)
3671 );
3672 return 0;
3673}
3674
3675static void *pfkey_seq_start(struct seq_file *f, loff_t *ppos)
3676{
3677 struct net *net = seq_file_net(f);
3678 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3679 struct sock *s;
3680 struct hlist_node *node;
3681 loff_t pos = *ppos;
3682
3683 read_lock(&pfkey_table_lock);
3684 if (pos == 0)
3685 return SEQ_START_TOKEN;
3686
3687 sk_for_each(s, node, &net_pfkey->table)
3688 if (pos-- == 1)
3689 return s;
3690
3691 return NULL;
3692}
3693
3694static void *pfkey_seq_next(struct seq_file *f, void *v, loff_t *ppos)
3695{
3696 struct net *net = seq_file_net(f);
3697 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3698
3699 ++*ppos;
3700 return (v == SEQ_START_TOKEN) ?
3701 sk_head(&net_pfkey->table) :
3702 sk_next((struct sock *)v);
3703}
3704
3705static void pfkey_seq_stop(struct seq_file *f, void *v)
3706{
3707 read_unlock(&pfkey_table_lock);
3708}
3709
3710static struct seq_operations pfkey_seq_ops = {
3711 .start = pfkey_seq_start,
3712 .next = pfkey_seq_next,
3713 .stop = pfkey_seq_stop,
3714 .show = pfkey_seq_show,
3715};
3716
3717static int pfkey_seq_open(struct inode *inode, struct file *file)
3718{
3719 return seq_open_net(inode, file, &pfkey_seq_ops,
3720 sizeof(struct seq_net_private));
3721}
3722
3723static struct file_operations pfkey_proc_ops = {
3724 .open = pfkey_seq_open,
3725 .read = seq_read,
3726 .llseek = seq_lseek,
3727 .release = seq_release_net,
3728};
3729
3730static int __net_init pfkey_init_proc(struct net *net)
3731{
3732 struct proc_dir_entry *e;
3733
3734 e = proc_net_fops_create(net, "pfkey", 0, &pfkey_proc_ops);
3735 if (e == NULL)
3736 return -ENOMEM;
3737
3738 return 0;
3739}
3740
3741static void pfkey_exit_proc(struct net *net)
3742{
3743 proc_net_remove(net, "pfkey");
3744}
3745#else
3746static int __net_init pfkey_init_proc(struct net *net)
3747{
3748 return 0;
3749}
3750
3751static void pfkey_exit_proc(struct net *net)
3752{
3753}
3754#endif
3755
3756static struct xfrm_mgr pfkeyv2_mgr =
3757{
3758 .id = "pfkeyv2",
3759 .notify = pfkey_send_notify,
3760 .acquire = pfkey_send_acquire,
3761 .compile_policy = pfkey_compile_policy,
3762 .new_mapping = pfkey_send_new_mapping,
3763 .notify_policy = pfkey_send_policy_notify,
3764 .migrate = pfkey_send_migrate,
3765};
3766
3767static int __net_init pfkey_net_init(struct net *net)
3768{
3769 struct netns_pfkey *net_pfkey;
3770 int rv;
3771
3772 net_pfkey = kmalloc(sizeof(struct netns_pfkey), GFP_KERNEL);
3773 if (!net_pfkey) {
3774 rv = -ENOMEM;
3775 goto out_kmalloc;
3776 }
3777 INIT_HLIST_HEAD(&net_pfkey->table);
3778 atomic_set(&net_pfkey->socks_nr, 0);
3779 rv = net_assign_generic(net, pfkey_net_id, net_pfkey);
3780 if (rv < 0)
3781 goto out_assign;
3782 rv = pfkey_init_proc(net);
3783 if (rv < 0)
3784 goto out_proc;
3785 return 0;
3786
3787out_proc:
3788out_assign:
3789 kfree(net_pfkey);
3790out_kmalloc:
3791 return rv;
3792}
3793
3794static void __net_exit pfkey_net_exit(struct net *net)
3795{
3796 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3797
3798 pfkey_exit_proc(net);
3799 BUG_ON(!hlist_empty(&net_pfkey->table));
3800 kfree(net_pfkey);
3801}
3802
3803static struct pernet_operations pfkey_net_ops = {
3804 .init = pfkey_net_init,
3805 .exit = pfkey_net_exit,
3806};
3807
3808static void __exit ipsec_pfkey_exit(void)
3809{
3810 unregister_pernet_gen_subsys(pfkey_net_id, &pfkey_net_ops);
3811 xfrm_unregister_km(&pfkeyv2_mgr);
3812 sock_unregister(PF_KEY);
3813 proto_unregister(&key_proto);
3814}
3815
3816static int __init ipsec_pfkey_init(void)
3817{
3818 int err = proto_register(&key_proto, 0);
3819
3820 if (err != 0)
3821 goto out;
3822
3823 err = sock_register(&pfkey_family_ops);
3824 if (err != 0)
3825 goto out_unregister_key_proto;
3826 err = xfrm_register_km(&pfkeyv2_mgr);
3827 if (err != 0)
3828 goto out_sock_unregister;
3829 err = register_pernet_gen_subsys(&pfkey_net_id, &pfkey_net_ops);
3830 if (err != 0)
3831 goto out_xfrm_unregister_km;
3832out:
3833 return err;
3834out_xfrm_unregister_km:
3835 xfrm_unregister_km(&pfkeyv2_mgr);
3836out_sock_unregister:
3837 sock_unregister(PF_KEY);
3838out_unregister_key_proto:
3839 proto_unregister(&key_proto);
3840 goto out;
3841}
3842
3843module_init(ipsec_pfkey_init);
3844module_exit(ipsec_pfkey_exit);
3845MODULE_LICENSE("GPL");
3846MODULE_ALIAS_NETPROTO(PF_KEY);
3847
