blob: 0021aad5db43ccc0d0356f2f5e4e28446c8b983a [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
Trent Jaegerdf718372005-12-13 23:12:27 -080013 *
Linus Torvalds1da177e2005-04-16 15:20:36 -070014 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
21#include <asm/uaccess.h>
22
David S. Milleree857a72006-03-20 19:18:37 -080023struct sock *xfrm_nl;
24EXPORT_SYMBOL(xfrm_nl);
25
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -080026u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME;
David S. Millera70fcb02006-03-20 19:18:52 -080027EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
28
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -080029u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE;
David S. Millera70fcb02006-03-20 19:18:52 -080030EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
31
Linus Torvalds1da177e2005-04-16 15:20:36 -070032/* Each xfrm_state may be linked to two tables:
33
34 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
35 2. Hash table by daddr to find what SAs exist for given
36 destination/tunnel endpoint. (output)
37 */
38
39static DEFINE_SPINLOCK(xfrm_state_lock);
40
41/* Hash table to find appropriate SA towards given target (endpoint
42 * of tunnel or destination of transport mode) allowed by selector.
43 *
44 * Main use is finding SA after policy selected tunnel or transport mode.
45 * Also, it can be used by ah/esp icmp error handler to find offending SA.
46 */
47static struct list_head xfrm_state_bydst[XFRM_DST_HSIZE];
48static struct list_head xfrm_state_byspi[XFRM_DST_HSIZE];
49
50DECLARE_WAIT_QUEUE_HEAD(km_waitq);
51EXPORT_SYMBOL(km_waitq);
52
53static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
54static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
55
56static struct work_struct xfrm_state_gc_work;
57static struct list_head xfrm_state_gc_list = LIST_HEAD_INIT(xfrm_state_gc_list);
58static DEFINE_SPINLOCK(xfrm_state_gc_lock);
59
60static int xfrm_state_gc_flush_bundles;
61
Jamal Hadi Salim53bc6b42006-03-20 19:17:03 -080062int __xfrm_state_delete(struct xfrm_state *x);
Linus Torvalds1da177e2005-04-16 15:20:36 -070063
64static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family);
65static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
66
Jamal Hadi Salim980ebd22006-03-20 19:16:40 -080067int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
Jamal Hadi Salim53bc6b42006-03-20 19:17:03 -080068void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
Linus Torvalds1da177e2005-04-16 15:20:36 -070069
70static void xfrm_state_gc_destroy(struct xfrm_state *x)
71{
72 if (del_timer(&x->timer))
73 BUG();
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -080074 if (del_timer(&x->rtimer))
75 BUG();
Jesper Juhla51482b2005-11-08 09:41:34 -080076 kfree(x->aalg);
77 kfree(x->ealg);
78 kfree(x->calg);
79 kfree(x->encap);
Herbert Xub59f45d2006-05-27 23:05:54 -070080 if (x->mode)
81 xfrm_put_mode(x->mode);
Linus Torvalds1da177e2005-04-16 15:20:36 -070082 if (x->type) {
83 x->type->destructor(x);
84 xfrm_put_type(x->type);
85 }
Trent Jaegerdf718372005-12-13 23:12:27 -080086 security_xfrm_state_free(x);
Linus Torvalds1da177e2005-04-16 15:20:36 -070087 kfree(x);
88}
89
90static void xfrm_state_gc_task(void *data)
91{
92 struct xfrm_state *x;
93 struct list_head *entry, *tmp;
94 struct list_head gc_list = LIST_HEAD_INIT(gc_list);
95
96 if (xfrm_state_gc_flush_bundles) {
97 xfrm_state_gc_flush_bundles = 0;
98 xfrm_flush_bundles();
99 }
100
101 spin_lock_bh(&xfrm_state_gc_lock);
102 list_splice_init(&xfrm_state_gc_list, &gc_list);
103 spin_unlock_bh(&xfrm_state_gc_lock);
104
105 list_for_each_safe(entry, tmp, &gc_list) {
106 x = list_entry(entry, struct xfrm_state, bydst);
107 xfrm_state_gc_destroy(x);
108 }
109 wake_up(&km_waitq);
110}
111
112static inline unsigned long make_jiffies(long secs)
113{
114 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
115 return MAX_SCHEDULE_TIMEOUT-1;
116 else
117 return secs*HZ;
118}
119
120static void xfrm_timer_handler(unsigned long data)
121{
122 struct xfrm_state *x = (struct xfrm_state*)data;
123 unsigned long now = (unsigned long)xtime.tv_sec;
124 long next = LONG_MAX;
125 int warn = 0;
126
127 spin_lock(&x->lock);
128 if (x->km.state == XFRM_STATE_DEAD)
129 goto out;
130 if (x->km.state == XFRM_STATE_EXPIRED)
131 goto expired;
132 if (x->lft.hard_add_expires_seconds) {
133 long tmo = x->lft.hard_add_expires_seconds +
134 x->curlft.add_time - now;
135 if (tmo <= 0)
136 goto expired;
137 if (tmo < next)
138 next = tmo;
139 }
140 if (x->lft.hard_use_expires_seconds) {
141 long tmo = x->lft.hard_use_expires_seconds +
142 (x->curlft.use_time ? : now) - now;
143 if (tmo <= 0)
144 goto expired;
145 if (tmo < next)
146 next = tmo;
147 }
148 if (x->km.dying)
149 goto resched;
150 if (x->lft.soft_add_expires_seconds) {
151 long tmo = x->lft.soft_add_expires_seconds +
152 x->curlft.add_time - now;
153 if (tmo <= 0)
154 warn = 1;
155 else if (tmo < next)
156 next = tmo;
157 }
158 if (x->lft.soft_use_expires_seconds) {
159 long tmo = x->lft.soft_use_expires_seconds +
160 (x->curlft.use_time ? : now) - now;
161 if (tmo <= 0)
162 warn = 1;
163 else if (tmo < next)
164 next = tmo;
165 }
166
Herbert Xu4666faa2005-06-18 22:43:22 -0700167 x->km.dying = warn;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700168 if (warn)
Jamal Hadi Salim53bc6b42006-03-20 19:17:03 -0800169 km_state_expired(x, 0, 0);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700170resched:
171 if (next != LONG_MAX &&
172 !mod_timer(&x->timer, jiffies + make_jiffies(next)))
173 xfrm_state_hold(x);
174 goto out;
175
176expired:
177 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
178 x->km.state = XFRM_STATE_EXPIRED;
179 wake_up(&km_waitq);
180 next = 2;
181 goto resched;
182 }
Herbert Xu4666faa2005-06-18 22:43:22 -0700183 if (!__xfrm_state_delete(x) && x->id.spi)
Jamal Hadi Salim53bc6b42006-03-20 19:17:03 -0800184 km_state_expired(x, 1, 0);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700185
186out:
187 spin_unlock(&x->lock);
188 xfrm_state_put(x);
189}
190
David S. Miller0ac84752006-03-20 19:18:23 -0800191static void xfrm_replay_timer_handler(unsigned long data);
192
Linus Torvalds1da177e2005-04-16 15:20:36 -0700193struct xfrm_state *xfrm_state_alloc(void)
194{
195 struct xfrm_state *x;
196
Panagiotis Issaris0da974f2006-07-21 14:51:30 -0700197 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700198
199 if (x) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700200 atomic_set(&x->refcnt, 1);
201 atomic_set(&x->tunnel_users, 0);
202 INIT_LIST_HEAD(&x->bydst);
203 INIT_LIST_HEAD(&x->byspi);
204 init_timer(&x->timer);
205 x->timer.function = xfrm_timer_handler;
206 x->timer.data = (unsigned long)x;
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -0800207 init_timer(&x->rtimer);
208 x->rtimer.function = xfrm_replay_timer_handler;
209 x->rtimer.data = (unsigned long)x;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700210 x->curlft.add_time = (unsigned long)xtime.tv_sec;
211 x->lft.soft_byte_limit = XFRM_INF;
212 x->lft.soft_packet_limit = XFRM_INF;
213 x->lft.hard_byte_limit = XFRM_INF;
214 x->lft.hard_packet_limit = XFRM_INF;
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -0800215 x->replay_maxage = 0;
216 x->replay_maxdiff = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700217 spin_lock_init(&x->lock);
218 }
219 return x;
220}
221EXPORT_SYMBOL(xfrm_state_alloc);
222
223void __xfrm_state_destroy(struct xfrm_state *x)
224{
225 BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
226
227 spin_lock_bh(&xfrm_state_gc_lock);
228 list_add(&x->bydst, &xfrm_state_gc_list);
229 spin_unlock_bh(&xfrm_state_gc_lock);
230 schedule_work(&xfrm_state_gc_work);
231}
232EXPORT_SYMBOL(__xfrm_state_destroy);
233
Jamal Hadi Salim53bc6b42006-03-20 19:17:03 -0800234int __xfrm_state_delete(struct xfrm_state *x)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700235{
Jamal Hadi Salim26b15da2005-06-18 22:42:13 -0700236 int err = -ESRCH;
237
Linus Torvalds1da177e2005-04-16 15:20:36 -0700238 if (x->km.state != XFRM_STATE_DEAD) {
239 x->km.state = XFRM_STATE_DEAD;
240 spin_lock(&xfrm_state_lock);
241 list_del(&x->bydst);
Herbert Xu21380b82006-02-22 14:47:13 -0800242 __xfrm_state_put(x);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700243 if (x->id.spi) {
244 list_del(&x->byspi);
Herbert Xu21380b82006-02-22 14:47:13 -0800245 __xfrm_state_put(x);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700246 }
247 spin_unlock(&xfrm_state_lock);
248 if (del_timer(&x->timer))
Herbert Xu21380b82006-02-22 14:47:13 -0800249 __xfrm_state_put(x);
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -0800250 if (del_timer(&x->rtimer))
251 __xfrm_state_put(x);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700252
253 /* The number two in this test is the reference
254 * mentioned in the comment below plus the reference
255 * our caller holds. A larger value means that
256 * there are DSTs attached to this xfrm_state.
257 */
258 if (atomic_read(&x->refcnt) > 2) {
259 xfrm_state_gc_flush_bundles = 1;
260 schedule_work(&xfrm_state_gc_work);
261 }
262
263 /* All xfrm_state objects are created by xfrm_state_alloc.
264 * The xfrm_state_alloc call gives a reference, and that
265 * is what we are dropping here.
266 */
Herbert Xu21380b82006-02-22 14:47:13 -0800267 __xfrm_state_put(x);
Jamal Hadi Salim26b15da2005-06-18 22:42:13 -0700268 err = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700269 }
Jamal Hadi Salim26b15da2005-06-18 22:42:13 -0700270
271 return err;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700272}
Jamal Hadi Salim53bc6b42006-03-20 19:17:03 -0800273EXPORT_SYMBOL(__xfrm_state_delete);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700274
Jamal Hadi Salim26b15da2005-06-18 22:42:13 -0700275int xfrm_state_delete(struct xfrm_state *x)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700276{
Jamal Hadi Salim26b15da2005-06-18 22:42:13 -0700277 int err;
278
Linus Torvalds1da177e2005-04-16 15:20:36 -0700279 spin_lock_bh(&x->lock);
Jamal Hadi Salim26b15da2005-06-18 22:42:13 -0700280 err = __xfrm_state_delete(x);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700281 spin_unlock_bh(&x->lock);
Jamal Hadi Salim26b15da2005-06-18 22:42:13 -0700282
283 return err;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700284}
285EXPORT_SYMBOL(xfrm_state_delete);
286
287void xfrm_state_flush(u8 proto)
288{
289 int i;
290 struct xfrm_state *x;
291
292 spin_lock_bh(&xfrm_state_lock);
293 for (i = 0; i < XFRM_DST_HSIZE; i++) {
294restart:
295 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
296 if (!xfrm_state_kern(x) &&
297 (proto == IPSEC_PROTO_ANY || x->id.proto == proto)) {
298 xfrm_state_hold(x);
299 spin_unlock_bh(&xfrm_state_lock);
300
301 xfrm_state_delete(x);
302 xfrm_state_put(x);
303
304 spin_lock_bh(&xfrm_state_lock);
305 goto restart;
306 }
307 }
308 }
309 spin_unlock_bh(&xfrm_state_lock);
310 wake_up(&km_waitq);
311}
312EXPORT_SYMBOL(xfrm_state_flush);
313
314static int
315xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
316 struct xfrm_tmpl *tmpl,
317 xfrm_address_t *daddr, xfrm_address_t *saddr,
318 unsigned short family)
319{
320 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
321 if (!afinfo)
322 return -1;
323 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
324 xfrm_state_put_afinfo(afinfo);
325 return 0;
326}
327
328struct xfrm_state *
329xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
330 struct flowi *fl, struct xfrm_tmpl *tmpl,
331 struct xfrm_policy *pol, int *err,
332 unsigned short family)
333{
334 unsigned h = xfrm_dst_hash(daddr, family);
335 struct xfrm_state *x, *x0;
336 int acquire_in_progress = 0;
337 int error = 0;
338 struct xfrm_state *best = NULL;
339 struct xfrm_state_afinfo *afinfo;
340
341 afinfo = xfrm_state_get_afinfo(family);
342 if (afinfo == NULL) {
343 *err = -EAFNOSUPPORT;
344 return NULL;
345 }
346
347 spin_lock_bh(&xfrm_state_lock);
348 list_for_each_entry(x, xfrm_state_bydst+h, bydst) {
349 if (x->props.family == family &&
350 x->props.reqid == tmpl->reqid &&
351 xfrm_state_addr_check(x, daddr, saddr, family) &&
352 tmpl->mode == x->props.mode &&
353 tmpl->id.proto == x->id.proto &&
354 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
355 /* Resolution logic:
356 1. There is a valid state with matching selector.
357 Done.
358 2. Valid state with inappropriate selector. Skip.
359
360 Entering area of "sysdeps".
361
362 3. If state is not valid, selector is temporary,
363 it selects only session which triggered
364 previous resolution. Key manager will do
365 something to install a state with proper
366 selector.
367 */
368 if (x->km.state == XFRM_STATE_VALID) {
Trent Jaegerdf718372005-12-13 23:12:27 -0800369 if (!xfrm_selector_match(&x->sel, fl, family) ||
370 !xfrm_sec_ctx_match(pol->security, x->security))
Linus Torvalds1da177e2005-04-16 15:20:36 -0700371 continue;
372 if (!best ||
373 best->km.dying > x->km.dying ||
374 (best->km.dying == x->km.dying &&
375 best->curlft.add_time < x->curlft.add_time))
376 best = x;
377 } else if (x->km.state == XFRM_STATE_ACQ) {
378 acquire_in_progress = 1;
379 } else if (x->km.state == XFRM_STATE_ERROR ||
380 x->km.state == XFRM_STATE_EXPIRED) {
Trent Jaegerdf718372005-12-13 23:12:27 -0800381 if (xfrm_selector_match(&x->sel, fl, family) &&
382 xfrm_sec_ctx_match(pol->security, x->security))
Linus Torvalds1da177e2005-04-16 15:20:36 -0700383 error = -ESRCH;
384 }
385 }
386 }
387
388 x = best;
389 if (!x && !error && !acquire_in_progress) {
Patrick McHardy5c5d2812005-04-21 20:12:32 -0700390 if (tmpl->id.spi &&
391 (x0 = afinfo->state_lookup(daddr, tmpl->id.spi,
392 tmpl->id.proto)) != NULL) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700393 xfrm_state_put(x0);
394 error = -EEXIST;
395 goto out;
396 }
397 x = xfrm_state_alloc();
398 if (x == NULL) {
399 error = -ENOMEM;
400 goto out;
401 }
402 /* Initialize temporary selector matching only
403 * to current session. */
404 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
405
406 if (km_query(x, tmpl, pol) == 0) {
407 x->km.state = XFRM_STATE_ACQ;
408 list_add_tail(&x->bydst, xfrm_state_bydst+h);
409 xfrm_state_hold(x);
410 if (x->id.spi) {
411 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
412 list_add(&x->byspi, xfrm_state_byspi+h);
413 xfrm_state_hold(x);
414 }
415 x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
416 xfrm_state_hold(x);
417 x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
418 add_timer(&x->timer);
419 } else {
420 x->km.state = XFRM_STATE_DEAD;
421 xfrm_state_put(x);
422 x = NULL;
423 error = -ESRCH;
424 }
425 }
426out:
427 if (x)
428 xfrm_state_hold(x);
429 else
430 *err = acquire_in_progress ? -EAGAIN : error;
431 spin_unlock_bh(&xfrm_state_lock);
432 xfrm_state_put_afinfo(afinfo);
433 return x;
434}
435
436static void __xfrm_state_insert(struct xfrm_state *x)
437{
438 unsigned h = xfrm_dst_hash(&x->id.daddr, x->props.family);
439
440 list_add(&x->bydst, xfrm_state_bydst+h);
441 xfrm_state_hold(x);
442
443 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
444
445 list_add(&x->byspi, xfrm_state_byspi+h);
446 xfrm_state_hold(x);
447
448 if (!mod_timer(&x->timer, jiffies + HZ))
449 xfrm_state_hold(x);
450
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -0800451 if (x->replay_maxage &&
452 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
453 xfrm_state_hold(x);
454
Linus Torvalds1da177e2005-04-16 15:20:36 -0700455 wake_up(&km_waitq);
456}
457
458void xfrm_state_insert(struct xfrm_state *x)
459{
460 spin_lock_bh(&xfrm_state_lock);
461 __xfrm_state_insert(x);
462 spin_unlock_bh(&xfrm_state_lock);
David S. Miller399c1802005-12-19 14:23:23 -0800463
464 xfrm_flush_all_bundles();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700465}
466EXPORT_SYMBOL(xfrm_state_insert);
467
468static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
469
470int xfrm_state_add(struct xfrm_state *x)
471{
472 struct xfrm_state_afinfo *afinfo;
473 struct xfrm_state *x1;
474 int family;
475 int err;
476
477 family = x->props.family;
478 afinfo = xfrm_state_get_afinfo(family);
479 if (unlikely(afinfo == NULL))
480 return -EAFNOSUPPORT;
481
482 spin_lock_bh(&xfrm_state_lock);
483
484 x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
485 if (x1) {
486 xfrm_state_put(x1);
487 x1 = NULL;
488 err = -EEXIST;
489 goto out;
490 }
491
492 if (x->km.seq) {
493 x1 = __xfrm_find_acq_byseq(x->km.seq);
494 if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
495 xfrm_state_put(x1);
496 x1 = NULL;
497 }
498 }
499
500 if (!x1)
501 x1 = afinfo->find_acq(
502 x->props.mode, x->props.reqid, x->id.proto,
503 &x->id.daddr, &x->props.saddr, 0);
504
505 __xfrm_state_insert(x);
506 err = 0;
507
508out:
509 spin_unlock_bh(&xfrm_state_lock);
510 xfrm_state_put_afinfo(afinfo);
511
David S. Miller399c1802005-12-19 14:23:23 -0800512 if (!err)
513 xfrm_flush_all_bundles();
514
Linus Torvalds1da177e2005-04-16 15:20:36 -0700515 if (x1) {
516 xfrm_state_delete(x1);
517 xfrm_state_put(x1);
518 }
519
520 return err;
521}
522EXPORT_SYMBOL(xfrm_state_add);
523
524int xfrm_state_update(struct xfrm_state *x)
525{
526 struct xfrm_state_afinfo *afinfo;
527 struct xfrm_state *x1;
528 int err;
529
530 afinfo = xfrm_state_get_afinfo(x->props.family);
531 if (unlikely(afinfo == NULL))
532 return -EAFNOSUPPORT;
533
534 spin_lock_bh(&xfrm_state_lock);
535 x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
536
537 err = -ESRCH;
538 if (!x1)
539 goto out;
540
541 if (xfrm_state_kern(x1)) {
542 xfrm_state_put(x1);
543 err = -EEXIST;
544 goto out;
545 }
546
547 if (x1->km.state == XFRM_STATE_ACQ) {
548 __xfrm_state_insert(x);
549 x = NULL;
550 }
551 err = 0;
552
553out:
554 spin_unlock_bh(&xfrm_state_lock);
555 xfrm_state_put_afinfo(afinfo);
556
557 if (err)
558 return err;
559
560 if (!x) {
561 xfrm_state_delete(x1);
562 xfrm_state_put(x1);
563 return 0;
564 }
565
566 err = -EINVAL;
567 spin_lock_bh(&x1->lock);
568 if (likely(x1->km.state == XFRM_STATE_VALID)) {
569 if (x->encap && x1->encap)
570 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
571 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
572 x1->km.dying = 0;
573
574 if (!mod_timer(&x1->timer, jiffies + HZ))
575 xfrm_state_hold(x1);
576 if (x1->curlft.use_time)
577 xfrm_state_check_expire(x1);
578
579 err = 0;
580 }
581 spin_unlock_bh(&x1->lock);
582
583 xfrm_state_put(x1);
584
585 return err;
586}
587EXPORT_SYMBOL(xfrm_state_update);
588
589int xfrm_state_check_expire(struct xfrm_state *x)
590{
591 if (!x->curlft.use_time)
592 x->curlft.use_time = (unsigned long)xtime.tv_sec;
593
594 if (x->km.state != XFRM_STATE_VALID)
595 return -EINVAL;
596
597 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
598 x->curlft.packets >= x->lft.hard_packet_limit) {
Herbert Xu4666faa2005-06-18 22:43:22 -0700599 x->km.state = XFRM_STATE_EXPIRED;
600 if (!mod_timer(&x->timer, jiffies))
Linus Torvalds1da177e2005-04-16 15:20:36 -0700601 xfrm_state_hold(x);
602 return -EINVAL;
603 }
604
605 if (!x->km.dying &&
606 (x->curlft.bytes >= x->lft.soft_byte_limit ||
Herbert Xu4666faa2005-06-18 22:43:22 -0700607 x->curlft.packets >= x->lft.soft_packet_limit)) {
608 x->km.dying = 1;
Jamal Hadi Salim53bc6b42006-03-20 19:17:03 -0800609 km_state_expired(x, 0, 0);
Herbert Xu4666faa2005-06-18 22:43:22 -0700610 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700611 return 0;
612}
613EXPORT_SYMBOL(xfrm_state_check_expire);
614
615static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
616{
617 int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev)
618 - skb_headroom(skb);
619
620 if (nhead > 0)
621 return pskb_expand_head(skb, nhead, 0, GFP_ATOMIC);
622
623 /* Check tail too... */
624 return 0;
625}
626
627int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
628{
629 int err = xfrm_state_check_expire(x);
630 if (err < 0)
631 goto err;
632 err = xfrm_state_check_space(x, skb);
633err:
634 return err;
635}
636EXPORT_SYMBOL(xfrm_state_check);
637
638struct xfrm_state *
639xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto,
640 unsigned short family)
641{
642 struct xfrm_state *x;
643 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
644 if (!afinfo)
645 return NULL;
646
647 spin_lock_bh(&xfrm_state_lock);
648 x = afinfo->state_lookup(daddr, spi, proto);
649 spin_unlock_bh(&xfrm_state_lock);
650 xfrm_state_put_afinfo(afinfo);
651 return x;
652}
653EXPORT_SYMBOL(xfrm_state_lookup);
654
655struct xfrm_state *
656xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
657 xfrm_address_t *daddr, xfrm_address_t *saddr,
658 int create, unsigned short family)
659{
660 struct xfrm_state *x;
661 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
662 if (!afinfo)
663 return NULL;
664
665 spin_lock_bh(&xfrm_state_lock);
666 x = afinfo->find_acq(mode, reqid, proto, daddr, saddr, create);
667 spin_unlock_bh(&xfrm_state_lock);
668 xfrm_state_put_afinfo(afinfo);
669 return x;
670}
671EXPORT_SYMBOL(xfrm_find_acq);
672
673/* Silly enough, but I'm lazy to build resolution list */
674
675static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
676{
677 int i;
678 struct xfrm_state *x;
679
680 for (i = 0; i < XFRM_DST_HSIZE; i++) {
681 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
682 if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
683 xfrm_state_hold(x);
684 return x;
685 }
686 }
687 }
688 return NULL;
689}
690
691struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
692{
693 struct xfrm_state *x;
694
695 spin_lock_bh(&xfrm_state_lock);
696 x = __xfrm_find_acq_byseq(seq);
697 spin_unlock_bh(&xfrm_state_lock);
698 return x;
699}
700EXPORT_SYMBOL(xfrm_find_acq_byseq);
701
702u32 xfrm_get_acqseq(void)
703{
704 u32 res;
705 static u32 acqseq;
706 static DEFINE_SPINLOCK(acqseq_lock);
707
708 spin_lock_bh(&acqseq_lock);
709 res = (++acqseq ? : ++acqseq);
710 spin_unlock_bh(&acqseq_lock);
711 return res;
712}
713EXPORT_SYMBOL(xfrm_get_acqseq);
714
715void
716xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi)
717{
718 u32 h;
719 struct xfrm_state *x0;
720
721 if (x->id.spi)
722 return;
723
724 if (minspi == maxspi) {
725 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
726 if (x0) {
727 xfrm_state_put(x0);
728 return;
729 }
730 x->id.spi = minspi;
731 } else {
732 u32 spi = 0;
733 minspi = ntohl(minspi);
734 maxspi = ntohl(maxspi);
735 for (h=0; h<maxspi-minspi+1; h++) {
736 spi = minspi + net_random()%(maxspi-minspi+1);
737 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
738 if (x0 == NULL) {
739 x->id.spi = htonl(spi);
740 break;
741 }
742 xfrm_state_put(x0);
743 }
744 }
745 if (x->id.spi) {
746 spin_lock_bh(&xfrm_state_lock);
747 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
748 list_add(&x->byspi, xfrm_state_byspi+h);
749 xfrm_state_hold(x);
750 spin_unlock_bh(&xfrm_state_lock);
751 wake_up(&km_waitq);
752 }
753}
754EXPORT_SYMBOL(xfrm_alloc_spi);
755
756int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
757 void *data)
758{
759 int i;
760 struct xfrm_state *x;
761 int count = 0;
762 int err = 0;
763
764 spin_lock_bh(&xfrm_state_lock);
765 for (i = 0; i < XFRM_DST_HSIZE; i++) {
766 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
767 if (proto == IPSEC_PROTO_ANY || x->id.proto == proto)
768 count++;
769 }
770 }
771 if (count == 0) {
772 err = -ENOENT;
773 goto out;
774 }
775
776 for (i = 0; i < XFRM_DST_HSIZE; i++) {
777 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
778 if (proto != IPSEC_PROTO_ANY && x->id.proto != proto)
779 continue;
780 err = func(x, --count, data);
781 if (err)
782 goto out;
783 }
784 }
785out:
786 spin_unlock_bh(&xfrm_state_lock);
787 return err;
788}
789EXPORT_SYMBOL(xfrm_state_walk);
790
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -0800791
792void xfrm_replay_notify(struct xfrm_state *x, int event)
793{
794 struct km_event c;
795 /* we send notify messages in case
796 * 1. we updated on of the sequence numbers, and the seqno difference
797 * is at least x->replay_maxdiff, in this case we also update the
798 * timeout of our timer function
799 * 2. if x->replay_maxage has elapsed since last update,
800 * and there were changes
801 *
802 * The state structure must be locked!
803 */
804
805 switch (event) {
806 case XFRM_REPLAY_UPDATE:
807 if (x->replay_maxdiff &&
808 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
Jamal Hadi Salim27170962006-04-14 15:03:05 -0700809 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
810 if (x->xflags & XFRM_TIME_DEFER)
811 event = XFRM_REPLAY_TIMEOUT;
812 else
813 return;
814 }
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -0800815
816 break;
817
818 case XFRM_REPLAY_TIMEOUT:
819 if ((x->replay.seq == x->preplay.seq) &&
820 (x->replay.bitmap == x->preplay.bitmap) &&
Jamal Hadi Salim27170962006-04-14 15:03:05 -0700821 (x->replay.oseq == x->preplay.oseq)) {
822 x->xflags |= XFRM_TIME_DEFER;
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -0800823 return;
Jamal Hadi Salim27170962006-04-14 15:03:05 -0700824 }
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -0800825
826 break;
827 }
828
829 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
830 c.event = XFRM_MSG_NEWAE;
831 c.data.aevent = event;
832 km_state_notify(x, &c);
833
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -0800834 if (x->replay_maxage &&
Jamal Hadi Salim27170962006-04-14 15:03:05 -0700835 !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) {
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -0800836 xfrm_state_hold(x);
Jamal Hadi Salim27170962006-04-14 15:03:05 -0700837 x->xflags &= ~XFRM_TIME_DEFER;
838 }
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -0800839}
David S. Millera70fcb02006-03-20 19:18:52 -0800840EXPORT_SYMBOL(xfrm_replay_notify);
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -0800841
842static void xfrm_replay_timer_handler(unsigned long data)
843{
844 struct xfrm_state *x = (struct xfrm_state*)data;
845
846 spin_lock(&x->lock);
847
Jamal Hadi Salim27170962006-04-14 15:03:05 -0700848 if (x->km.state == XFRM_STATE_VALID) {
849 if (xfrm_aevent_is_on())
850 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
851 else
852 x->xflags |= XFRM_TIME_DEFER;
853 }
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -0800854
855 spin_unlock(&x->lock);
Jamal Hadi Salim27170962006-04-14 15:03:05 -0700856 xfrm_state_put(x);
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -0800857}
858
Linus Torvalds1da177e2005-04-16 15:20:36 -0700859int xfrm_replay_check(struct xfrm_state *x, u32 seq)
860{
861 u32 diff;
862
863 seq = ntohl(seq);
864
865 if (unlikely(seq == 0))
866 return -EINVAL;
867
868 if (likely(seq > x->replay.seq))
869 return 0;
870
871 diff = x->replay.seq - seq;
872 if (diff >= x->props.replay_window) {
873 x->stats.replay_window++;
874 return -EINVAL;
875 }
876
877 if (x->replay.bitmap & (1U << diff)) {
878 x->stats.replay++;
879 return -EINVAL;
880 }
881 return 0;
882}
883EXPORT_SYMBOL(xfrm_replay_check);
884
885void xfrm_replay_advance(struct xfrm_state *x, u32 seq)
886{
887 u32 diff;
888
889 seq = ntohl(seq);
890
891 if (seq > x->replay.seq) {
892 diff = seq - x->replay.seq;
893 if (diff < x->props.replay_window)
894 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
895 else
896 x->replay.bitmap = 1;
897 x->replay.seq = seq;
898 } else {
899 diff = x->replay.seq - seq;
900 x->replay.bitmap |= (1U << diff);
901 }
Jamal Hadi Salimf8cd5482006-03-20 19:15:11 -0800902
903 if (xfrm_aevent_is_on())
904 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700905}
906EXPORT_SYMBOL(xfrm_replay_advance);
907
908static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
909static DEFINE_RWLOCK(xfrm_km_lock);
910
Jamal Hadi Salim26b15da2005-06-18 22:42:13 -0700911void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700912{
913 struct xfrm_mgr *km;
914
Jamal Hadi Salim26b15da2005-06-18 22:42:13 -0700915 read_lock(&xfrm_km_lock);
916 list_for_each_entry(km, &xfrm_km_list, list)
917 if (km->notify_policy)
918 km->notify_policy(xp, dir, c);
919 read_unlock(&xfrm_km_lock);
920}
921
922void km_state_notify(struct xfrm_state *x, struct km_event *c)
923{
924 struct xfrm_mgr *km;
925 read_lock(&xfrm_km_lock);
926 list_for_each_entry(km, &xfrm_km_list, list)
927 if (km->notify)
928 km->notify(x, c);
929 read_unlock(&xfrm_km_lock);
930}
931
932EXPORT_SYMBOL(km_policy_notify);
933EXPORT_SYMBOL(km_state_notify);
934
Jamal Hadi Salim53bc6b42006-03-20 19:17:03 -0800935void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
Jamal Hadi Salim26b15da2005-06-18 22:42:13 -0700936{
937 struct km_event c;
938
Herbert Xubf088672005-06-18 22:44:00 -0700939 c.data.hard = hard;
Jamal Hadi Salim53bc6b42006-03-20 19:17:03 -0800940 c.pid = pid;
Herbert Xuf60f6b82005-06-18 22:44:37 -0700941 c.event = XFRM_MSG_EXPIRE;
Jamal Hadi Salim26b15da2005-06-18 22:42:13 -0700942 km_state_notify(x, &c);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700943
944 if (hard)
945 wake_up(&km_waitq);
946}
947
Jamal Hadi Salim53bc6b42006-03-20 19:17:03 -0800948EXPORT_SYMBOL(km_state_expired);
Jamal Hadi Salim26b15da2005-06-18 22:42:13 -0700949/*
950 * We send to all registered managers regardless of failure
951 * We are happy with one success
952*/
Jamal Hadi Salim980ebd22006-03-20 19:16:40 -0800953int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700954{
Jamal Hadi Salim26b15da2005-06-18 22:42:13 -0700955 int err = -EINVAL, acqret;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700956 struct xfrm_mgr *km;
957
958 read_lock(&xfrm_km_lock);
959 list_for_each_entry(km, &xfrm_km_list, list) {
Jamal Hadi Salim26b15da2005-06-18 22:42:13 -0700960 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
961 if (!acqret)
962 err = acqret;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700963 }
964 read_unlock(&xfrm_km_lock);
965 return err;
966}
Jamal Hadi Salim980ebd22006-03-20 19:16:40 -0800967EXPORT_SYMBOL(km_query);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700968
969int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport)
970{
971 int err = -EINVAL;
972 struct xfrm_mgr *km;
973
974 read_lock(&xfrm_km_lock);
975 list_for_each_entry(km, &xfrm_km_list, list) {
976 if (km->new_mapping)
977 err = km->new_mapping(x, ipaddr, sport);
978 if (!err)
979 break;
980 }
981 read_unlock(&xfrm_km_lock);
982 return err;
983}
984EXPORT_SYMBOL(km_new_mapping);
985
Jamal Hadi Salim6c5c8ca2006-03-20 19:17:25 -0800986void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700987{
Jamal Hadi Salim26b15da2005-06-18 22:42:13 -0700988 struct km_event c;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700989
Herbert Xubf088672005-06-18 22:44:00 -0700990 c.data.hard = hard;
Jamal Hadi Salim6c5c8ca2006-03-20 19:17:25 -0800991 c.pid = pid;
Herbert Xuf60f6b82005-06-18 22:44:37 -0700992 c.event = XFRM_MSG_POLEXPIRE;
Jamal Hadi Salim26b15da2005-06-18 22:42:13 -0700993 km_policy_notify(pol, dir, &c);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700994
995 if (hard)
996 wake_up(&km_waitq);
997}
David S. Millera70fcb02006-03-20 19:18:52 -0800998EXPORT_SYMBOL(km_policy_expired);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700999
1000int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1001{
1002 int err;
1003 u8 *data;
1004 struct xfrm_mgr *km;
1005 struct xfrm_policy *pol = NULL;
1006
1007 if (optlen <= 0 || optlen > PAGE_SIZE)
1008 return -EMSGSIZE;
1009
1010 data = kmalloc(optlen, GFP_KERNEL);
1011 if (!data)
1012 return -ENOMEM;
1013
1014 err = -EFAULT;
1015 if (copy_from_user(data, optval, optlen))
1016 goto out;
1017
1018 err = -EINVAL;
1019 read_lock(&xfrm_km_lock);
1020 list_for_each_entry(km, &xfrm_km_list, list) {
1021 pol = km->compile_policy(sk->sk_family, optname, data,
1022 optlen, &err);
1023 if (err >= 0)
1024 break;
1025 }
1026 read_unlock(&xfrm_km_lock);
1027
1028 if (err >= 0) {
1029 xfrm_sk_policy_insert(sk, err, pol);
1030 xfrm_pol_put(pol);
1031 err = 0;
1032 }
1033
1034out:
1035 kfree(data);
1036 return err;
1037}
1038EXPORT_SYMBOL(xfrm_user_policy);
1039
1040int xfrm_register_km(struct xfrm_mgr *km)
1041{
1042 write_lock_bh(&xfrm_km_lock);
1043 list_add_tail(&km->list, &xfrm_km_list);
1044 write_unlock_bh(&xfrm_km_lock);
1045 return 0;
1046}
1047EXPORT_SYMBOL(xfrm_register_km);
1048
1049int xfrm_unregister_km(struct xfrm_mgr *km)
1050{
1051 write_lock_bh(&xfrm_km_lock);
1052 list_del(&km->list);
1053 write_unlock_bh(&xfrm_km_lock);
1054 return 0;
1055}
1056EXPORT_SYMBOL(xfrm_unregister_km);
1057
1058int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1059{
1060 int err = 0;
1061 if (unlikely(afinfo == NULL))
1062 return -EINVAL;
1063 if (unlikely(afinfo->family >= NPROTO))
1064 return -EAFNOSUPPORT;
Ingo Molnarf3111502006-04-28 15:30:03 -07001065 write_lock_bh(&xfrm_state_afinfo_lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001066 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1067 err = -ENOBUFS;
1068 else {
1069 afinfo->state_bydst = xfrm_state_bydst;
1070 afinfo->state_byspi = xfrm_state_byspi;
1071 xfrm_state_afinfo[afinfo->family] = afinfo;
1072 }
Ingo Molnarf3111502006-04-28 15:30:03 -07001073 write_unlock_bh(&xfrm_state_afinfo_lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001074 return err;
1075}
1076EXPORT_SYMBOL(xfrm_state_register_afinfo);
1077
1078int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1079{
1080 int err = 0;
1081 if (unlikely(afinfo == NULL))
1082 return -EINVAL;
1083 if (unlikely(afinfo->family >= NPROTO))
1084 return -EAFNOSUPPORT;
Ingo Molnarf3111502006-04-28 15:30:03 -07001085 write_lock_bh(&xfrm_state_afinfo_lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001086 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1087 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1088 err = -EINVAL;
1089 else {
1090 xfrm_state_afinfo[afinfo->family] = NULL;
1091 afinfo->state_byspi = NULL;
1092 afinfo->state_bydst = NULL;
1093 }
1094 }
Ingo Molnarf3111502006-04-28 15:30:03 -07001095 write_unlock_bh(&xfrm_state_afinfo_lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001096 return err;
1097}
1098EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1099
1100static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
1101{
1102 struct xfrm_state_afinfo *afinfo;
1103 if (unlikely(family >= NPROTO))
1104 return NULL;
1105 read_lock(&xfrm_state_afinfo_lock);
1106 afinfo = xfrm_state_afinfo[family];
Herbert Xu546be242006-05-27 23:03:58 -07001107 if (unlikely(!afinfo))
1108 read_unlock(&xfrm_state_afinfo_lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001109 return afinfo;
1110}
1111
1112static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1113{
Herbert Xu546be242006-05-27 23:03:58 -07001114 read_unlock(&xfrm_state_afinfo_lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001115}
1116
1117/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1118void xfrm_state_delete_tunnel(struct xfrm_state *x)
1119{
1120 if (x->tunnel) {
1121 struct xfrm_state *t = x->tunnel;
1122
1123 if (atomic_read(&t->tunnel_users) == 2)
1124 xfrm_state_delete(t);
1125 atomic_dec(&t->tunnel_users);
1126 xfrm_state_put(t);
1127 x->tunnel = NULL;
1128 }
1129}
1130EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1131
Herbert Xu80b30c12005-10-15 10:58:30 +10001132/*
1133 * This function is NOT optimal. For example, with ESP it will give an
1134 * MTU that's usually two bytes short of being optimal. However, it will
1135 * usually give an answer that's a multiple of 4 provided the input is
1136 * also a multiple of 4.
1137 */
Linus Torvalds1da177e2005-04-16 15:20:36 -07001138int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1139{
1140 int res = mtu;
1141
1142 res -= x->props.header_len;
1143
1144 for (;;) {
1145 int m = res;
1146
1147 if (m < 68)
1148 return 68;
1149
1150 spin_lock_bh(&x->lock);
1151 if (x->km.state == XFRM_STATE_VALID &&
1152 x->type && x->type->get_max_size)
1153 m = x->type->get_max_size(x, m);
1154 else
1155 m += x->props.header_len;
1156 spin_unlock_bh(&x->lock);
1157
1158 if (m <= mtu)
1159 break;
1160 res -= (m - mtu);
1161 }
1162
1163 return res;
1164}
1165
Herbert Xu72cb6962005-06-20 13:18:08 -07001166int xfrm_init_state(struct xfrm_state *x)
1167{
Herbert Xud094cd82005-06-20 13:19:41 -07001168 struct xfrm_state_afinfo *afinfo;
1169 int family = x->props.family;
Herbert Xu72cb6962005-06-20 13:18:08 -07001170 int err;
1171
Herbert Xud094cd82005-06-20 13:19:41 -07001172 err = -EAFNOSUPPORT;
1173 afinfo = xfrm_state_get_afinfo(family);
1174 if (!afinfo)
1175 goto error;
1176
1177 err = 0;
1178 if (afinfo->init_flags)
1179 err = afinfo->init_flags(x);
1180
1181 xfrm_state_put_afinfo(afinfo);
1182
1183 if (err)
1184 goto error;
1185
1186 err = -EPROTONOSUPPORT;
1187 x->type = xfrm_get_type(x->id.proto, family);
Herbert Xu72cb6962005-06-20 13:18:08 -07001188 if (x->type == NULL)
1189 goto error;
1190
1191 err = x->type->init_state(x);
1192 if (err)
1193 goto error;
1194
Herbert Xub59f45d2006-05-27 23:05:54 -07001195 x->mode = xfrm_get_mode(x->props.mode, family);
1196 if (x->mode == NULL)
1197 goto error;
1198
Herbert Xu72cb6962005-06-20 13:18:08 -07001199 x->km.state = XFRM_STATE_VALID;
1200
1201error:
1202 return err;
1203}
1204
1205EXPORT_SYMBOL(xfrm_init_state);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001206
1207void __init xfrm_state_init(void)
1208{
1209 int i;
1210
1211 for (i=0; i<XFRM_DST_HSIZE; i++) {
1212 INIT_LIST_HEAD(&xfrm_state_bydst[i]);
1213 INIT_LIST_HEAD(&xfrm_state_byspi[i]);
1214 }
1215 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task, NULL);
1216}
1217