Pileus Git - ~andy/linux/blob - net/xfrm/xfrm_state.c

   1 /*
   2  * xfrm_state.c
   3  *
   4  * Changes:
   5  *      Mitsuru KANDA @USAGI
   6  *      Kazunori MIYAZAWA @USAGI
   7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
   8  *              IPv6 support
   9  *      YOSHIFUJI Hideaki @USAGI
  10  *              Split up af-specific functions
  11  *      Derek Atkins <derek@ihtfp.com>
  12  *              Add UDP Encapsulation
  13  *
  14  */
  15
  16 #include <linux/workqueue.h>
  17 #include <net/xfrm.h>
  18 #include <linux/pfkeyv2.h>
  19 #include <linux/ipsec.h>
  20 #include <linux/module.h>
  21 #include <asm/uaccess.h>
  22
  23 struct sock *xfrm_nl;
  24 EXPORT_SYMBOL(xfrm_nl);
  25
  26 u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME;
  27 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
  28
  29 u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE;
  30 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
  31
  32 /* Each xfrm_state may be linked to two tables:
  33
  34    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
  35    2. Hash table by daddr to find what SAs exist for given
  36       destination/tunnel endpoint. (output)
  37  */
  38
  39 static DEFINE_SPINLOCK(xfrm_state_lock);
  40
  41 /* Hash table to find appropriate SA towards given target (endpoint
  42  * of tunnel or destination of transport mode) allowed by selector.
  43  *
  44  * Main use is finding SA after policy selected tunnel or transport mode.
  45  * Also, it can be used by ah/esp icmp error handler to find offending SA.
  46  */
  47 static struct list_head xfrm_state_bydst[XFRM_DST_HSIZE];
  48 static struct list_head xfrm_state_bysrc[XFRM_DST_HSIZE];
  49 static struct list_head xfrm_state_byspi[XFRM_DST_HSIZE];
  50
  51 static __inline__
  52 unsigned xfrm_dst_hash(xfrm_address_t *addr, unsigned short family)
  53 {
  54         switch (family) {
  55         case AF_INET:
  56                 return __xfrm4_dst_hash(addr);
  57         case AF_INET6:
  58                 return __xfrm6_dst_hash(addr);
  59         }
  60         return 0;
  61 }
  62
  63 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
  64 EXPORT_SYMBOL(km_waitq);
  65
  66 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
  67 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
  68
  69 static struct work_struct xfrm_state_gc_work;
  70 static struct list_head xfrm_state_gc_list = LIST_HEAD_INIT(xfrm_state_gc_list);
  71 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
  72
  73 static int xfrm_state_gc_flush_bundles;
  74
  75 int __xfrm_state_delete(struct xfrm_state *x);
  76
  77 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family);
  78 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
  79
  80 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
  81 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
  82
  83 static void xfrm_state_gc_destroy(struct xfrm_state *x)
  84 {
  85         if (del_timer(&x->timer))
  86                 BUG();
  87         if (del_timer(&x->rtimer))
  88                 BUG();
  89         kfree(x->aalg);
  90         kfree(x->ealg);
  91         kfree(x->calg);
  92         kfree(x->encap);
  93         kfree(x->coaddr);
  94         if (x->mode)
  95                 xfrm_put_mode(x->mode);
  96         if (x->type) {
  97                 x->type->destructor(x);
  98                 xfrm_put_type(x->type);
  99         }
 100         security_xfrm_state_free(x);
 101         kfree(x);
 102 }
 103
 104 static void xfrm_state_gc_task(void *data)
 105 {
 106         struct xfrm_state *x;
 107         struct list_head *entry, *tmp;
 108         struct list_head gc_list = LIST_HEAD_INIT(gc_list);
 109
 110         if (xfrm_state_gc_flush_bundles) {
 111                 xfrm_state_gc_flush_bundles = 0;
 112                 xfrm_flush_bundles();
 113         }
 114
 115         spin_lock_bh(&xfrm_state_gc_lock);
 116         list_splice_init(&xfrm_state_gc_list, &gc_list);
 117         spin_unlock_bh(&xfrm_state_gc_lock);
 118
 119         list_for_each_safe(entry, tmp, &gc_list) {
 120                 x = list_entry(entry, struct xfrm_state, bydst);
 121                 xfrm_state_gc_destroy(x);
 122         }
 123         wake_up(&km_waitq);
 124 }
 125
 126 static inline unsigned long make_jiffies(long secs)
 127 {
 128         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
 129                 return MAX_SCHEDULE_TIMEOUT-1;
 130         else
 131                 return secs*HZ;
 132 }
 133
 134 static void xfrm_timer_handler(unsigned long data)
 135 {
 136         struct xfrm_state *x = (struct xfrm_state*)data;
 137         unsigned long now = (unsigned long)xtime.tv_sec;
 138         long next = LONG_MAX;
 139         int warn = 0;
 140
 141         spin_lock(&x->lock);
 142         if (x->km.state == XFRM_STATE_DEAD)
 143                 goto out;
 144         if (x->km.state == XFRM_STATE_EXPIRED)
 145                 goto expired;
 146         if (x->lft.hard_add_expires_seconds) {
 147                 long tmo = x->lft.hard_add_expires_seconds +
 148                         x->curlft.add_time - now;
 149                 if (tmo <= 0)
 150                         goto expired;
 151                 if (tmo < next)
 152                         next = tmo;
 153         }
 154         if (x->lft.hard_use_expires_seconds) {
 155                 long tmo = x->lft.hard_use_expires_seconds +
 156                         (x->curlft.use_time ? : now) - now;
 157                 if (tmo <= 0)
 158                         goto expired;
 159                 if (tmo < next)
 160                         next = tmo;
 161         }
 162         if (x->km.dying)
 163                 goto resched;
 164         if (x->lft.soft_add_expires_seconds) {
 165                 long tmo = x->lft.soft_add_expires_seconds +
 166                         x->curlft.add_time - now;
 167                 if (tmo <= 0)
 168                         warn = 1;
 169                 else if (tmo < next)
 170                         next = tmo;
 171         }
 172         if (x->lft.soft_use_expires_seconds) {
 173                 long tmo = x->lft.soft_use_expires_seconds +
 174                         (x->curlft.use_time ? : now) - now;
 175                 if (tmo <= 0)
 176                         warn = 1;
 177                 else if (tmo < next)
 178                         next = tmo;
 179         }
 180
 181         x->km.dying = warn;
 182         if (warn)
 183                 km_state_expired(x, 0, 0);
 184 resched:
 185         if (next != LONG_MAX &&
 186             !mod_timer(&x->timer, jiffies + make_jiffies(next)))
 187                 xfrm_state_hold(x);
 188         goto out;
 189
 190 expired:
 191         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
 192                 x->km.state = XFRM_STATE_EXPIRED;
 193                 wake_up(&km_waitq);
 194                 next = 2;
 195                 goto resched;
 196         }
 197         if (!__xfrm_state_delete(x) && x->id.spi)
 198                 km_state_expired(x, 1, 0);
 199
 200 out:
 201         spin_unlock(&x->lock);
 202         xfrm_state_put(x);
 203 }
 204
 205 static void xfrm_replay_timer_handler(unsigned long data);
 206
 207 struct xfrm_state *xfrm_state_alloc(void)
 208 {
 209         struct xfrm_state *x;
 210
 211         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
 212
 213         if (x) {
 214                 atomic_set(&x->refcnt, 1);
 215                 atomic_set(&x->tunnel_users, 0);
 216                 INIT_LIST_HEAD(&x->bydst);
 217                 INIT_LIST_HEAD(&x->bysrc);
 218                 INIT_LIST_HEAD(&x->byspi);
 219                 init_timer(&x->timer);
 220                 x->timer.function = xfrm_timer_handler;
 221                 x->timer.data     = (unsigned long)x;
 222                 init_timer(&x->rtimer);
 223                 x->rtimer.function = xfrm_replay_timer_handler;
 224                 x->rtimer.data     = (unsigned long)x;
 225                 x->curlft.add_time = (unsigned long)xtime.tv_sec;
 226                 x->lft.soft_byte_limit = XFRM_INF;
 227                 x->lft.soft_packet_limit = XFRM_INF;
 228                 x->lft.hard_byte_limit = XFRM_INF;
 229                 x->lft.hard_packet_limit = XFRM_INF;
 230                 x->replay_maxage = 0;
 231                 x->replay_maxdiff = 0;
 232                 spin_lock_init(&x->lock);
 233         }
 234         return x;
 235 }
 236 EXPORT_SYMBOL(xfrm_state_alloc);
 237
 238 void __xfrm_state_destroy(struct xfrm_state *x)
 239 {
 240         BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
 241
 242         spin_lock_bh(&xfrm_state_gc_lock);
 243         list_add(&x->bydst, &xfrm_state_gc_list);
 244         spin_unlock_bh(&xfrm_state_gc_lock);
 245         schedule_work(&xfrm_state_gc_work);
 246 }
 247 EXPORT_SYMBOL(__xfrm_state_destroy);
 248
 249 int __xfrm_state_delete(struct xfrm_state *x)
 250 {
 251         int err = -ESRCH;
 252
 253         if (x->km.state != XFRM_STATE_DEAD) {
 254                 x->km.state = XFRM_STATE_DEAD;
 255                 spin_lock(&xfrm_state_lock);
 256                 list_del(&x->bydst);
 257                 __xfrm_state_put(x);
 258                 list_del(&x->bysrc);
 259                 __xfrm_state_put(x);
 260                 if (x->id.spi) {
 261                         list_del(&x->byspi);
 262                         __xfrm_state_put(x);
 263                 }
 264                 spin_unlock(&xfrm_state_lock);
 265                 if (del_timer(&x->timer))
 266                         __xfrm_state_put(x);
 267                 if (del_timer(&x->rtimer))
 268                         __xfrm_state_put(x);
 269
 270                 /* The number two in this test is the reference
 271                  * mentioned in the comment below plus the reference
 272                  * our caller holds.  A larger value means that
 273                  * there are DSTs attached to this xfrm_state.
 274                  */
 275                 if (atomic_read(&x->refcnt) > 2) {
 276                         xfrm_state_gc_flush_bundles = 1;
 277                         schedule_work(&xfrm_state_gc_work);
 278                 }
 279
 280                 /* All xfrm_state objects are created by xfrm_state_alloc.
 281                  * The xfrm_state_alloc call gives a reference, and that
 282                  * is what we are dropping here.
 283                  */
 284                 __xfrm_state_put(x);
 285                 err = 0;
 286         }
 287
 288         return err;
 289 }
 290 EXPORT_SYMBOL(__xfrm_state_delete);
 291
 292 int xfrm_state_delete(struct xfrm_state *x)
 293 {
 294         int err;
 295
 296         spin_lock_bh(&x->lock);
 297         err = __xfrm_state_delete(x);
 298         spin_unlock_bh(&x->lock);
 299
 300         return err;
 301 }
 302 EXPORT_SYMBOL(xfrm_state_delete);
 303
 304 void xfrm_state_flush(u8 proto)
 305 {
 306         int i;
 307         struct xfrm_state *x;
 308
 309         spin_lock_bh(&xfrm_state_lock);
 310         for (i = 0; i < XFRM_DST_HSIZE; i++) {
 311 restart:
 312                 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
 313                         if (!xfrm_state_kern(x) &&
 314                             xfrm_id_proto_match(x->id.proto, proto)) {
 315                                 xfrm_state_hold(x);
 316                                 spin_unlock_bh(&xfrm_state_lock);
 317
 318                                 xfrm_state_delete(x);
 319                                 xfrm_state_put(x);
 320
 321                                 spin_lock_bh(&xfrm_state_lock);
 322                                 goto restart;
 323                         }
 324                 }
 325         }
 326         spin_unlock_bh(&xfrm_state_lock);
 327         wake_up(&km_waitq);
 328 }
 329 EXPORT_SYMBOL(xfrm_state_flush);
 330
 331 static int
 332 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
 333                   struct xfrm_tmpl *tmpl,
 334                   xfrm_address_t *daddr, xfrm_address_t *saddr,
 335                   unsigned short family)
 336 {
 337         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
 338         if (!afinfo)
 339                 return -1;
 340         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
 341         xfrm_state_put_afinfo(afinfo);
 342         return 0;
 343 }
 344
 345 struct xfrm_state *
 346 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
 347                 struct flowi *fl, struct xfrm_tmpl *tmpl,
 348                 struct xfrm_policy *pol, int *err,
 349                 unsigned short family)
 350 {
 351         unsigned h = xfrm_dst_hash(daddr, family);
 352         struct xfrm_state *x, *x0;
 353         int acquire_in_progress = 0;
 354         int error = 0;
 355         struct xfrm_state *best = NULL;
 356         struct xfrm_state_afinfo *afinfo;
 357
 358         afinfo = xfrm_state_get_afinfo(family);
 359         if (afinfo == NULL) {
 360                 *err = -EAFNOSUPPORT;
 361                 return NULL;
 362         }
 363
 364         spin_lock_bh(&xfrm_state_lock);
 365         list_for_each_entry(x, xfrm_state_bydst+h, bydst) {
 366                 if (x->props.family == family &&
 367                     x->props.reqid == tmpl->reqid &&
 368                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
 369                     xfrm_state_addr_check(x, daddr, saddr, family) &&
 370                     tmpl->mode == x->props.mode &&
 371                     tmpl->id.proto == x->id.proto &&
 372                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
 373                         /* Resolution logic:
 374                            1. There is a valid state with matching selector.
 375                               Done.
 376                            2. Valid state with inappropriate selector. Skip.
 377
 378                            Entering area of "sysdeps".
 379
 380                            3. If state is not valid, selector is temporary,
 381                               it selects only session which triggered
 382                               previous resolution. Key manager will do
 383                               something to install a state with proper
 384                               selector.
 385                          */
 386                         if (x->km.state == XFRM_STATE_VALID) {
 387                                 if (!xfrm_selector_match(&x->sel, fl, family) ||
 388                                     !security_xfrm_state_pol_flow_match(x, pol, fl))
 389                                         continue;
 390                                 if (!best ||
 391                                     best->km.dying > x->km.dying ||
 392                                     (best->km.dying == x->km.dying &&
 393                                      best->curlft.add_time < x->curlft.add_time))
 394                                         best = x;
 395                         } else if (x->km.state == XFRM_STATE_ACQ) {
 396                                 acquire_in_progress = 1;
 397                         } else if (x->km.state == XFRM_STATE_ERROR ||
 398                                    x->km.state == XFRM_STATE_EXPIRED) {
 399                                 if (xfrm_selector_match(&x->sel, fl, family) &&
 400                                     security_xfrm_state_pol_flow_match(x, pol, fl))
 401                                         error = -ESRCH;
 402                         }
 403                 }
 404         }
 405
 406         x = best;
 407         if (!x && !error && !acquire_in_progress) {
 408                 if (tmpl->id.spi &&
 409                     (x0 = afinfo->state_lookup(daddr, tmpl->id.spi,
 410                                                tmpl->id.proto)) != NULL) {
 411                         xfrm_state_put(x0);
 412                         error = -EEXIST;
 413                         goto out;
 414                 }
 415                 x = xfrm_state_alloc();
 416                 if (x == NULL) {
 417                         error = -ENOMEM;
 418                         goto out;
 419                 }
 420                 /* Initialize temporary selector matching only
 421                  * to current session. */
 422                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
 423
 424                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
 425                 if (error) {
 426                         x->km.state = XFRM_STATE_DEAD;
 427                         xfrm_state_put(x);
 428                         x = NULL;
 429                         goto out;
 430                 }
 431
 432                 if (km_query(x, tmpl, pol) == 0) {
 433                         x->km.state = XFRM_STATE_ACQ;
 434                         list_add_tail(&x->bydst, xfrm_state_bydst+h);
 435                         xfrm_state_hold(x);
 436                         list_add_tail(&x->bysrc, xfrm_state_bysrc+h);
 437                         xfrm_state_hold(x);
 438                         if (x->id.spi) {
 439                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
 440                                 list_add(&x->byspi, xfrm_state_byspi+h);
 441                                 xfrm_state_hold(x);
 442                         }
 443                         x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
 444                         xfrm_state_hold(x);
 445                         x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
 446                         add_timer(&x->timer);
 447                 } else {
 448                         x->km.state = XFRM_STATE_DEAD;
 449                         xfrm_state_put(x);
 450                         x = NULL;
 451                         error = -ESRCH;
 452                 }
 453         }
 454 out:
 455         if (x)
 456                 xfrm_state_hold(x);
 457         else
 458                 *err = acquire_in_progress ? -EAGAIN : error;
 459         spin_unlock_bh(&xfrm_state_lock);
 460         xfrm_state_put_afinfo(afinfo);
 461         return x;
 462 }
 463
 464 static void __xfrm_state_insert(struct xfrm_state *x)
 465 {
 466         unsigned h = xfrm_dst_hash(&x->id.daddr, x->props.family);
 467
 468         list_add(&x->bydst, xfrm_state_bydst+h);
 469         xfrm_state_hold(x);
 470
 471         h = xfrm_src_hash(&x->props.saddr, x->props.family);
 472
 473         list_add(&x->bysrc, xfrm_state_bysrc+h);
 474         xfrm_state_hold(x);
 475
 476         if (xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY)) {
 477                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
 478                                   x->props.family);
 479
 480                 list_add(&x->byspi, xfrm_state_byspi+h);
 481                 xfrm_state_hold(x);
 482         }
 483
 484         if (!mod_timer(&x->timer, jiffies + HZ))
 485                 xfrm_state_hold(x);
 486
 487         if (x->replay_maxage &&
 488             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
 489                 xfrm_state_hold(x);
 490
 491         wake_up(&km_waitq);
 492 }
 493
 494 void xfrm_state_insert(struct xfrm_state *x)
 495 {
 496         spin_lock_bh(&xfrm_state_lock);
 497         __xfrm_state_insert(x);
 498         spin_unlock_bh(&xfrm_state_lock);
 499
 500         xfrm_flush_all_bundles();
 501 }
 502 EXPORT_SYMBOL(xfrm_state_insert);
 503
 504 /* xfrm_state_lock is held */
 505 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
 506 {
 507         unsigned int h = xfrm_dst_hash(daddr, family);
 508         struct xfrm_state *x;
 509
 510         list_for_each_entry(x, xfrm_state_bydst+h, bydst) {
 511                 if (x->props.reqid  != reqid ||
 512                     x->props.mode   != mode ||
 513                     x->props.family != family ||
 514                     x->km.state     != XFRM_STATE_ACQ ||
 515                     x->id.spi       != 0)
 516                         continue;
 517
 518                 switch (family) {
 519                 case AF_INET:
 520                         if (x->id.daddr.a4    != daddr->a4 ||
 521                             x->props.saddr.a4 != saddr->a4)
 522                                 continue;
 523                         break;
 524                 case AF_INET6:
 525                         if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
 526                                              (struct in6_addr *)daddr) ||
 527                             !ipv6_addr_equal((struct in6_addr *)
 528                                              x->props.saddr.a6,
 529                                              (struct in6_addr *)saddr))
 530                                 continue;
 531                         break;
 532                 };
 533
 534                 xfrm_state_hold(x);
 535                 return x;
 536         }
 537
 538         if (!create)
 539                 return NULL;
 540
 541         x = xfrm_state_alloc();
 542         if (likely(x)) {
 543                 switch (family) {
 544                 case AF_INET:
 545                         x->sel.daddr.a4 = daddr->a4;
 546                         x->sel.saddr.a4 = saddr->a4;
 547                         x->sel.prefixlen_d = 32;
 548                         x->sel.prefixlen_s = 32;
 549                         x->props.saddr.a4 = saddr->a4;
 550                         x->id.daddr.a4 = daddr->a4;
 551                         break;
 552
 553                 case AF_INET6:
 554                         ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
 555                                        (struct in6_addr *)daddr);
 556                         ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
 557                                        (struct in6_addr *)saddr);
 558                         x->sel.prefixlen_d = 128;
 559                         x->sel.prefixlen_s = 128;
 560                         ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
 561                                        (struct in6_addr *)saddr);
 562                         ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
 563                                        (struct in6_addr *)daddr);
 564                         break;
 565                 };
 566
 567                 x->km.state = XFRM_STATE_ACQ;
 568                 x->id.proto = proto;
 569                 x->props.family = family;
 570                 x->props.mode = mode;
 571                 x->props.reqid = reqid;
 572                 x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
 573                 xfrm_state_hold(x);
 574                 x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
 575                 add_timer(&x->timer);
 576                 xfrm_state_hold(x);
 577                 list_add_tail(&x->bydst, xfrm_state_bydst+h);
 578                 h = xfrm_src_hash(saddr, family);
 579                 xfrm_state_hold(x);
 580                 list_add_tail(&x->bysrc, xfrm_state_bysrc+h);
 581                 wake_up(&km_waitq);
 582         }
 583
 584         return x;
 585 }
 586
 587 static inline struct xfrm_state *
 588 __xfrm_state_locate(struct xfrm_state_afinfo *afinfo, struct xfrm_state *x,
 589                     int use_spi)
 590 {
 591         if (use_spi)
 592                 return afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
 593         else
 594                 return afinfo->state_lookup_byaddr(&x->id.daddr, &x->props.saddr, x->id.proto);
 595 }
 596
 597 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
 598
 599 int xfrm_state_add(struct xfrm_state *x)
 600 {
 601         struct xfrm_state_afinfo *afinfo;
 602         struct xfrm_state *x1;
 603         int family;
 604         int err;
 605         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
 606
 607         family = x->props.family;
 608         afinfo = xfrm_state_get_afinfo(family);
 609         if (unlikely(afinfo == NULL))
 610                 return -EAFNOSUPPORT;
 611
 612         spin_lock_bh(&xfrm_state_lock);
 613
 614         x1 = __xfrm_state_locate(afinfo, x, use_spi);
 615         if (x1) {
 616                 xfrm_state_put(x1);
 617                 x1 = NULL;
 618                 err = -EEXIST;
 619                 goto out;
 620         }
 621
 622         if (use_spi && x->km.seq) {
 623                 x1 = __xfrm_find_acq_byseq(x->km.seq);
 624                 if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
 625                         xfrm_state_put(x1);
 626                         x1 = NULL;
 627                 }
 628         }
 629
 630         if (use_spi && !x1)
 631                 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
 632                                      x->id.proto,
 633                                      &x->id.daddr, &x->props.saddr, 0);
 634
 635         __xfrm_state_insert(x);
 636         err = 0;
 637
 638 out:
 639         spin_unlock_bh(&xfrm_state_lock);
 640         xfrm_state_put_afinfo(afinfo);
 641
 642         if (!err)
 643                 xfrm_flush_all_bundles();
 644
 645         if (x1) {
 646                 xfrm_state_delete(x1);
 647                 xfrm_state_put(x1);
 648         }
 649
 650         return err;
 651 }
 652 EXPORT_SYMBOL(xfrm_state_add);
 653
 654 int xfrm_state_update(struct xfrm_state *x)
 655 {
 656         struct xfrm_state_afinfo *afinfo;
 657         struct xfrm_state *x1;
 658         int err;
 659         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
 660
 661         afinfo = xfrm_state_get_afinfo(x->props.family);
 662         if (unlikely(afinfo == NULL))
 663                 return -EAFNOSUPPORT;
 664
 665         spin_lock_bh(&xfrm_state_lock);
 666         x1 = __xfrm_state_locate(afinfo, x, use_spi);
 667
 668         err = -ESRCH;
 669         if (!x1)
 670                 goto out;
 671
 672         if (xfrm_state_kern(x1)) {
 673                 xfrm_state_put(x1);
 674                 err = -EEXIST;
 675                 goto out;
 676         }
 677
 678         if (x1->km.state == XFRM_STATE_ACQ) {
 679                 __xfrm_state_insert(x);
 680                 x = NULL;
 681         }
 682         err = 0;
 683
 684 out:
 685         spin_unlock_bh(&xfrm_state_lock);
 686         xfrm_state_put_afinfo(afinfo);
 687
 688         if (err)
 689                 return err;
 690
 691         if (!x) {
 692                 xfrm_state_delete(x1);
 693                 xfrm_state_put(x1);
 694                 return 0;
 695         }
 696
 697         err = -EINVAL;
 698         spin_lock_bh(&x1->lock);
 699         if (likely(x1->km.state == XFRM_STATE_VALID)) {
 700                 if (x->encap && x1->encap)
 701                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
 702                 if (x->coaddr && x1->coaddr) {
 703                         memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
 704                 }
 705                 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
 706                         memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
 707                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
 708                 x1->km.dying = 0;
 709
 710                 if (!mod_timer(&x1->timer, jiffies + HZ))
 711                         xfrm_state_hold(x1);
 712                 if (x1->curlft.use_time)
 713                         xfrm_state_check_expire(x1);
 714
 715                 err = 0;
 716         }
 717         spin_unlock_bh(&x1->lock);
 718
 719         xfrm_state_put(x1);
 720
 721         return err;
 722 }
 723 EXPORT_SYMBOL(xfrm_state_update);
 724
 725 int xfrm_state_check_expire(struct xfrm_state *x)
 726 {
 727         if (!x->curlft.use_time)
 728                 x->curlft.use_time = (unsigned long)xtime.tv_sec;
 729
 730         if (x->km.state != XFRM_STATE_VALID)
 731                 return -EINVAL;
 732
 733         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
 734             x->curlft.packets >= x->lft.hard_packet_limit) {
 735                 x->km.state = XFRM_STATE_EXPIRED;
 736                 if (!mod_timer(&x->timer, jiffies))
 737                         xfrm_state_hold(x);
 738                 return -EINVAL;
 739         }
 740
 741         if (!x->km.dying &&
 742             (x->curlft.bytes >= x->lft.soft_byte_limit ||
 743              x->curlft.packets >= x->lft.soft_packet_limit)) {
 744                 x->km.dying = 1;
 745                 km_state_expired(x, 0, 0);
 746         }
 747         return 0;
 748 }
 749 EXPORT_SYMBOL(xfrm_state_check_expire);
 750
 751 static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
 752 {
 753         int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev)
 754                 - skb_headroom(skb);
 755
 756         if (nhead > 0)
 757                 return pskb_expand_head(skb, nhead, 0, GFP_ATOMIC);
 758
 759         /* Check tail too... */
 760         return 0;
 761 }
 762
 763 int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
 764 {
 765         int err = xfrm_state_check_expire(x);
 766         if (err < 0)
 767                 goto err;
 768         err = xfrm_state_check_space(x, skb);
 769 err:
 770         return err;
 771 }
 772 EXPORT_SYMBOL(xfrm_state_check);
 773
 774 struct xfrm_state *
 775 xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto,
 776                   unsigned short family)
 777 {
 778         struct xfrm_state *x;
 779         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
 780         if (!afinfo)
 781                 return NULL;
 782
 783         spin_lock_bh(&xfrm_state_lock);
 784         x = afinfo->state_lookup(daddr, spi, proto);
 785         spin_unlock_bh(&xfrm_state_lock);
 786         xfrm_state_put_afinfo(afinfo);
 787         return x;
 788 }
 789 EXPORT_SYMBOL(xfrm_state_lookup);
 790
 791 struct xfrm_state *
 792 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
 793                          u8 proto, unsigned short family)
 794 {
 795         struct xfrm_state *x;
 796         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
 797         if (!afinfo)
 798                 return NULL;
 799
 800         spin_lock_bh(&xfrm_state_lock);
 801         x = afinfo->state_lookup_byaddr(daddr, saddr, proto);
 802         spin_unlock_bh(&xfrm_state_lock);
 803         xfrm_state_put_afinfo(afinfo);
 804         return x;
 805 }
 806 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
 807
 808 struct xfrm_state *
 809 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
 810               xfrm_address_t *daddr, xfrm_address_t *saddr,
 811               int create, unsigned short family)
 812 {
 813         struct xfrm_state *x;
 814
 815         spin_lock_bh(&xfrm_state_lock);
 816         x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
 817         spin_unlock_bh(&xfrm_state_lock);
 818
 819         return x;
 820 }
 821 EXPORT_SYMBOL(xfrm_find_acq);
 822
 823 #ifdef CONFIG_XFRM_SUB_POLICY
 824 int
 825 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
 826                unsigned short family)
 827 {
 828         int err = 0;
 829         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
 830         if (!afinfo)
 831                 return -EAFNOSUPPORT;
 832
 833         spin_lock_bh(&xfrm_state_lock);
 834         if (afinfo->tmpl_sort)
 835                 err = afinfo->tmpl_sort(dst, src, n);
 836         spin_unlock_bh(&xfrm_state_lock);
 837         xfrm_state_put_afinfo(afinfo);
 838         return err;
 839 }
 840 EXPORT_SYMBOL(xfrm_tmpl_sort);
 841
 842 int
 843 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
 844                 unsigned short family)
 845 {
 846         int err = 0;
 847         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
 848         if (!afinfo)
 849                 return -EAFNOSUPPORT;
 850
 851         spin_lock_bh(&xfrm_state_lock);
 852         if (afinfo->state_sort)
 853                 err = afinfo->state_sort(dst, src, n);
 854         spin_unlock_bh(&xfrm_state_lock);
 855         xfrm_state_put_afinfo(afinfo);
 856         return err;
 857 }
 858 EXPORT_SYMBOL(xfrm_state_sort);
 859 #endif
 860
 861 /* Silly enough, but I'm lazy to build resolution list */
 862
 863 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
 864 {
 865         int i;
 866         struct xfrm_state *x;
 867
 868         for (i = 0; i < XFRM_DST_HSIZE; i++) {
 869                 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
 870                         if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
 871                                 xfrm_state_hold(x);
 872                                 return x;
 873                         }
 874                 }
 875         }
 876         return NULL;
 877 }
 878
 879 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
 880 {
 881         struct xfrm_state *x;
 882
 883         spin_lock_bh(&xfrm_state_lock);
 884         x = __xfrm_find_acq_byseq(seq);
 885         spin_unlock_bh(&xfrm_state_lock);
 886         return x;
 887 }
 888 EXPORT_SYMBOL(xfrm_find_acq_byseq);
 889
 890 u32 xfrm_get_acqseq(void)
 891 {
 892         u32 res;
 893         static u32 acqseq;
 894         static DEFINE_SPINLOCK(acqseq_lock);
 895
 896         spin_lock_bh(&acqseq_lock);
 897         res = (++acqseq ? : ++acqseq);
 898         spin_unlock_bh(&acqseq_lock);
 899         return res;
 900 }
 901 EXPORT_SYMBOL(xfrm_get_acqseq);
 902
 903 void
 904 xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi)
 905 {
 906         u32 h;
 907         struct xfrm_state *x0;
 908
 909         if (x->id.spi)
 910                 return;
 911
 912         if (minspi == maxspi) {
 913                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
 914                 if (x0) {
 915                         xfrm_state_put(x0);
 916                         return;
 917                 }
 918                 x->id.spi = minspi;
 919         } else {
 920                 u32 spi = 0;
 921                 minspi = ntohl(minspi);
 922                 maxspi = ntohl(maxspi);
 923                 for (h=0; h<maxspi-minspi+1; h++) {
 924                         spi = minspi + net_random()%(maxspi-minspi+1);
 925                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
 926                         if (x0 == NULL) {
 927                                 x->id.spi = htonl(spi);
 928                                 break;
 929                         }
 930                         xfrm_state_put(x0);
 931                 }
 932         }
 933         if (x->id.spi) {
 934                 spin_lock_bh(&xfrm_state_lock);
 935                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
 936                 list_add(&x->byspi, xfrm_state_byspi+h);
 937                 xfrm_state_hold(x);
 938                 spin_unlock_bh(&xfrm_state_lock);
 939                 wake_up(&km_waitq);
 940         }
 941 }
 942 EXPORT_SYMBOL(xfrm_alloc_spi);
 943
 944 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
 945                     void *data)
 946 {
 947         int i;
 948         struct xfrm_state *x;
 949         int count = 0;
 950         int err = 0;
 951
 952         spin_lock_bh(&xfrm_state_lock);
 953         for (i = 0; i < XFRM_DST_HSIZE; i++) {
 954                 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
 955                         if (xfrm_id_proto_match(x->id.proto, proto))
 956                                 count++;
 957                 }
 958         }
 959         if (count == 0) {
 960                 err = -ENOENT;
 961                 goto out;
 962         }
 963
 964         for (i = 0; i < XFRM_DST_HSIZE; i++) {
 965                 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
 966                         if (!xfrm_id_proto_match(x->id.proto, proto))
 967                                 continue;
 968                         err = func(x, --count, data);
 969                         if (err)
 970                                 goto out;
 971                 }
 972         }
 973 out:
 974         spin_unlock_bh(&xfrm_state_lock);
 975         return err;
 976 }
 977 EXPORT_SYMBOL(xfrm_state_walk);
 978
 979
 980 void xfrm_replay_notify(struct xfrm_state *x, int event)
 981 {
 982         struct km_event c;
 983         /* we send notify messages in case
 984          *  1. we updated on of the sequence numbers, and the seqno difference
 985          *     is at least x->replay_maxdiff, in this case we also update the
 986          *     timeout of our timer function
 987          *  2. if x->replay_maxage has elapsed since last update,
 988          *     and there were changes
 989          *
 990          *  The state structure must be locked!
 991          */
 992
 993         switch (event) {
 994         case XFRM_REPLAY_UPDATE:
 995                 if (x->replay_maxdiff &&
 996                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
 997                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
 998                         if (x->xflags & XFRM_TIME_DEFER)
 999                                 event = XFRM_REPLAY_TIMEOUT;
1000                         else
1001                                 return;
1002                 }
1003
1004                 break;
1005
1006         case XFRM_REPLAY_TIMEOUT:
1007                 if ((x->replay.seq == x->preplay.seq) &&
1008                     (x->replay.bitmap == x->preplay.bitmap) &&
1009                     (x->replay.oseq == x->preplay.oseq)) {
1010                         x->xflags |= XFRM_TIME_DEFER;
1011                         return;
1012                 }
1013
1014                 break;
1015         }
1016
1017         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1018         c.event = XFRM_MSG_NEWAE;
1019         c.data.aevent = event;
1020         km_state_notify(x, &c);
1021
1022         if (x->replay_maxage &&
1023             !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) {
1024                 xfrm_state_hold(x);
1025                 x->xflags &= ~XFRM_TIME_DEFER;
1026         }
1027 }
1028 EXPORT_SYMBOL(xfrm_replay_notify);
1029
1030 static void xfrm_replay_timer_handler(unsigned long data)
1031 {
1032         struct xfrm_state *x = (struct xfrm_state*)data;
1033
1034         spin_lock(&x->lock);
1035
1036         if (x->km.state == XFRM_STATE_VALID) {
1037                 if (xfrm_aevent_is_on())
1038                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1039                 else
1040                         x->xflags |= XFRM_TIME_DEFER;
1041         }
1042
1043         spin_unlock(&x->lock);
1044         xfrm_state_put(x);
1045 }
1046
1047 int xfrm_replay_check(struct xfrm_state *x, u32 seq)
1048 {
1049         u32 diff;
1050
1051         seq = ntohl(seq);
1052
1053         if (unlikely(seq == 0))
1054                 return -EINVAL;
1055
1056         if (likely(seq > x->replay.seq))
1057                 return 0;
1058
1059         diff = x->replay.seq - seq;
1060         if (diff >= x->props.replay_window) {
1061                 x->stats.replay_window++;
1062                 return -EINVAL;
1063         }
1064
1065         if (x->replay.bitmap & (1U << diff)) {
1066                 x->stats.replay++;
1067                 return -EINVAL;
1068         }
1069         return 0;
1070 }
1071 EXPORT_SYMBOL(xfrm_replay_check);
1072
1073 void xfrm_replay_advance(struct xfrm_state *x, u32 seq)
1074 {
1075         u32 diff;
1076
1077         seq = ntohl(seq);
1078
1079         if (seq > x->replay.seq) {
1080                 diff = seq - x->replay.seq;
1081                 if (diff < x->props.replay_window)
1082                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1083                 else
1084                         x->replay.bitmap = 1;
1085                 x->replay.seq = seq;
1086         } else {
1087                 diff = x->replay.seq - seq;
1088                 x->replay.bitmap |= (1U << diff);
1089         }
1090
1091         if (xfrm_aevent_is_on())
1092                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1093 }
1094 EXPORT_SYMBOL(xfrm_replay_advance);
1095
1096 static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
1097 static DEFINE_RWLOCK(xfrm_km_lock);
1098
1099 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1100 {
1101         struct xfrm_mgr *km;
1102
1103         read_lock(&xfrm_km_lock);
1104         list_for_each_entry(km, &xfrm_km_list, list)
1105                 if (km->notify_policy)
1106                         km->notify_policy(xp, dir, c);
1107         read_unlock(&xfrm_km_lock);
1108 }
1109
1110 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1111 {
1112         struct xfrm_mgr *km;
1113         read_lock(&xfrm_km_lock);
1114         list_for_each_entry(km, &xfrm_km_list, list)
1115                 if (km->notify)
1116                         km->notify(x, c);
1117         read_unlock(&xfrm_km_lock);
1118 }
1119
1120 EXPORT_SYMBOL(km_policy_notify);
1121 EXPORT_SYMBOL(km_state_notify);
1122
1123 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1124 {
1125         struct km_event c;
1126
1127         c.data.hard = hard;
1128         c.pid = pid;
1129         c.event = XFRM_MSG_EXPIRE;
1130         km_state_notify(x, &c);
1131
1132         if (hard)
1133                 wake_up(&km_waitq);
1134 }
1135
1136 EXPORT_SYMBOL(km_state_expired);
1137 /*
1138  * We send to all registered managers regardless of failure
1139  * We are happy with one success
1140 */
1141 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1142 {
1143         int err = -EINVAL, acqret;
1144         struct xfrm_mgr *km;
1145
1146         read_lock(&xfrm_km_lock);
1147         list_for_each_entry(km, &xfrm_km_list, list) {
1148                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1149                 if (!acqret)
1150                         err = acqret;
1151         }
1152         read_unlock(&xfrm_km_lock);
1153         return err;
1154 }
1155 EXPORT_SYMBOL(km_query);
1156
1157 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport)
1158 {
1159         int err = -EINVAL;
1160         struct xfrm_mgr *km;
1161
1162         read_lock(&xfrm_km_lock);
1163         list_for_each_entry(km, &xfrm_km_list, list) {
1164                 if (km->new_mapping)
1165                         err = km->new_mapping(x, ipaddr, sport);
1166                 if (!err)
1167                         break;
1168         }
1169         read_unlock(&xfrm_km_lock);
1170         return err;
1171 }
1172 EXPORT_SYMBOL(km_new_mapping);
1173
1174 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1175 {
1176         struct km_event c;
1177
1178         c.data.hard = hard;
1179         c.pid = pid;
1180         c.event = XFRM_MSG_POLEXPIRE;
1181         km_policy_notify(pol, dir, &c);
1182
1183         if (hard)
1184                 wake_up(&km_waitq);
1185 }
1186 EXPORT_SYMBOL(km_policy_expired);
1187
1188 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1189 {
1190         int err = -EINVAL;
1191         int ret;
1192         struct xfrm_mgr *km;
1193
1194         read_lock(&xfrm_km_lock);
1195         list_for_each_entry(km, &xfrm_km_list, list) {
1196                 if (km->report) {
1197                         ret = km->report(proto, sel, addr);
1198                         if (!ret)
1199                                 err = ret;
1200                 }
1201         }
1202         read_unlock(&xfrm_km_lock);
1203         return err;
1204 }
1205 EXPORT_SYMBOL(km_report);
1206
1207 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1208 {
1209         int err;
1210         u8 *data;
1211         struct xfrm_mgr *km;
1212         struct xfrm_policy *pol = NULL;
1213
1214         if (optlen <= 0 || optlen > PAGE_SIZE)
1215                 return -EMSGSIZE;
1216
1217         data = kmalloc(optlen, GFP_KERNEL);
1218         if (!data)
1219                 return -ENOMEM;
1220
1221         err = -EFAULT;
1222         if (copy_from_user(data, optval, optlen))
1223                 goto out;
1224
1225         err = -EINVAL;
1226         read_lock(&xfrm_km_lock);
1227         list_for_each_entry(km, &xfrm_km_list, list) {
1228                 pol = km->compile_policy(sk, optname, data,
1229                                          optlen, &err);
1230                 if (err >= 0)
1231                         break;
1232         }
1233         read_unlock(&xfrm_km_lock);
1234
1235         if (err >= 0) {
1236                 xfrm_sk_policy_insert(sk, err, pol);
1237                 xfrm_pol_put(pol);
1238                 err = 0;
1239         }
1240
1241 out:
1242         kfree(data);
1243         return err;
1244 }
1245 EXPORT_SYMBOL(xfrm_user_policy);
1246
1247 int xfrm_register_km(struct xfrm_mgr *km)
1248 {
1249         write_lock_bh(&xfrm_km_lock);
1250         list_add_tail(&km->list, &xfrm_km_list);
1251         write_unlock_bh(&xfrm_km_lock);
1252         return 0;
1253 }
1254 EXPORT_SYMBOL(xfrm_register_km);
1255
1256 int xfrm_unregister_km(struct xfrm_mgr *km)
1257 {
1258         write_lock_bh(&xfrm_km_lock);
1259         list_del(&km->list);
1260         write_unlock_bh(&xfrm_km_lock);
1261         return 0;
1262 }
1263 EXPORT_SYMBOL(xfrm_unregister_km);
1264
1265 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1266 {
1267         int err = 0;
1268         if (unlikely(afinfo == NULL))
1269                 return -EINVAL;
1270         if (unlikely(afinfo->family >= NPROTO))
1271                 return -EAFNOSUPPORT;
1272         write_lock_bh(&xfrm_state_afinfo_lock);
1273         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1274                 err = -ENOBUFS;
1275         else {
1276                 afinfo->state_bysrc = xfrm_state_bysrc;
1277                 afinfo->state_byspi = xfrm_state_byspi;
1278                 xfrm_state_afinfo[afinfo->family] = afinfo;
1279         }
1280         write_unlock_bh(&xfrm_state_afinfo_lock);
1281         return err;
1282 }
1283 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1284
1285 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1286 {
1287         int err = 0;
1288         if (unlikely(afinfo == NULL))
1289                 return -EINVAL;
1290         if (unlikely(afinfo->family >= NPROTO))
1291                 return -EAFNOSUPPORT;
1292         write_lock_bh(&xfrm_state_afinfo_lock);
1293         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1294                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1295                         err = -EINVAL;
1296                 else {
1297                         xfrm_state_afinfo[afinfo->family] = NULL;
1298                         afinfo->state_byspi = NULL;
1299                         afinfo->state_bysrc = NULL;
1300                 }
1301         }
1302         write_unlock_bh(&xfrm_state_afinfo_lock);
1303         return err;
1304 }
1305 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1306
1307 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
1308 {
1309         struct xfrm_state_afinfo *afinfo;
1310         if (unlikely(family >= NPROTO))
1311                 return NULL;
1312         read_lock(&xfrm_state_afinfo_lock);
1313         afinfo = xfrm_state_afinfo[family];
1314         if (unlikely(!afinfo))
1315                 read_unlock(&xfrm_state_afinfo_lock);
1316         return afinfo;
1317 }
1318
1319 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1320 {
1321         read_unlock(&xfrm_state_afinfo_lock);
1322 }
1323
1324 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1325 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1326 {
1327         if (x->tunnel) {
1328                 struct xfrm_state *t = x->tunnel;
1329
1330                 if (atomic_read(&t->tunnel_users) == 2)
1331                         xfrm_state_delete(t);
1332                 atomic_dec(&t->tunnel_users);
1333                 xfrm_state_put(t);
1334                 x->tunnel = NULL;
1335         }
1336 }
1337 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1338
1339 /*
1340  * This function is NOT optimal.  For example, with ESP it will give an
1341  * MTU that's usually two bytes short of being optimal.  However, it will
1342  * usually give an answer that's a multiple of 4 provided the input is
1343  * also a multiple of 4.
1344  */
1345 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1346 {
1347         int res = mtu;
1348
1349         res -= x->props.header_len;
1350
1351         for (;;) {
1352                 int m = res;
1353
1354                 if (m < 68)
1355                         return 68;
1356
1357                 spin_lock_bh(&x->lock);
1358                 if (x->km.state == XFRM_STATE_VALID &&
1359                     x->type && x->type->get_max_size)
1360                         m = x->type->get_max_size(x, m);
1361                 else
1362                         m += x->props.header_len;
1363                 spin_unlock_bh(&x->lock);
1364
1365                 if (m <= mtu)
1366                         break;
1367                 res -= (m - mtu);
1368         }
1369
1370         return res;
1371 }
1372
1373 int xfrm_init_state(struct xfrm_state *x)
1374 {
1375         struct xfrm_state_afinfo *afinfo;
1376         int family = x->props.family;
1377         int err;
1378
1379         err = -EAFNOSUPPORT;
1380         afinfo = xfrm_state_get_afinfo(family);
1381         if (!afinfo)
1382                 goto error;
1383
1384         err = 0;
1385         if (afinfo->init_flags)
1386                 err = afinfo->init_flags(x);
1387
1388         xfrm_state_put_afinfo(afinfo);
1389
1390         if (err)
1391                 goto error;
1392
1393         err = -EPROTONOSUPPORT;
1394         x->type = xfrm_get_type(x->id.proto, family);
1395         if (x->type == NULL)
1396                 goto error;
1397
1398         err = x->type->init_state(x);
1399         if (err)
1400                 goto error;
1401
1402         x->mode = xfrm_get_mode(x->props.mode, family);
1403         if (x->mode == NULL)
1404                 goto error;
1405
1406         x->km.state = XFRM_STATE_VALID;
1407
1408 error:
1409         return err;
1410 }
1411
1412 EXPORT_SYMBOL(xfrm_init_state);
1413
1414 void __init xfrm_state_init(void)
1415 {
1416         int i;
1417
1418         for (i=0; i<XFRM_DST_HSIZE; i++) {
1419                 INIT_LIST_HEAD(&xfrm_state_bydst[i]);
1420                 INIT_LIST_HEAD(&xfrm_state_bysrc[i]);
1421                 INIT_LIST_HEAD(&xfrm_state_byspi[i]);
1422         }
1423         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task, NULL);
1424 }
1425