1 // SPDX-License-Identifier: GPL-2.0-only
2 /* xfrm_user.c: User interface to configure xfrm engine.
4 * Copyright (C) 2002 David S. Miller (davem@redhat.com)
8 * Kazunori MIYAZAWA @USAGI
9 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
14 #include <linux/crypto.h>
15 #include <linux/module.h>
16 #include <linux/kernel.h>
17 #include <linux/types.h>
18 #include <linux/slab.h>
19 #include <linux/socket.h>
20 #include <linux/string.h>
21 #include <linux/net.h>
22 #include <linux/skbuff.h>
23 #include <linux/pfkeyv2.h>
24 #include <linux/ipsec.h>
25 #include <linux/init.h>
26 #include <linux/security.h>
29 #include <net/netlink.h>
31 #include <linux/uaccess.h>
32 #if IS_ENABLED(CONFIG_IPV6)
33 #include <linux/in6.h>
35 #include <asm/unaligned.h>
37 static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type)
39 struct nlattr *rt = attrs[type];
40 struct xfrm_algo *algp;
46 if (nla_len(rt) < (int)xfrm_alg_len(algp))
59 algp->alg_name[sizeof(algp->alg_name) - 1] = '\0';
63 static int verify_auth_trunc(struct nlattr **attrs)
65 struct nlattr *rt = attrs[XFRMA_ALG_AUTH_TRUNC];
66 struct xfrm_algo_auth *algp;
72 if (nla_len(rt) < (int)xfrm_alg_auth_len(algp))
75 algp->alg_name[sizeof(algp->alg_name) - 1] = '\0';
79 static int verify_aead(struct nlattr **attrs)
81 struct nlattr *rt = attrs[XFRMA_ALG_AEAD];
82 struct xfrm_algo_aead *algp;
88 if (nla_len(rt) < (int)aead_len(algp))
91 algp->alg_name[sizeof(algp->alg_name) - 1] = '\0';
95 static void verify_one_addr(struct nlattr **attrs, enum xfrm_attr_type_t type,
96 xfrm_address_t **addrp)
98 struct nlattr *rt = attrs[type];
101 *addrp = nla_data(rt);
104 static inline int verify_sec_ctx_len(struct nlattr **attrs)
106 struct nlattr *rt = attrs[XFRMA_SEC_CTX];
107 struct xfrm_user_sec_ctx *uctx;
113 if (uctx->len > nla_len(rt) ||
114 uctx->len != (sizeof(struct xfrm_user_sec_ctx) + uctx->ctx_len))
120 static inline int verify_replay(struct xfrm_usersa_info *p,
121 struct nlattr **attrs)
123 struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL];
124 struct xfrm_replay_state_esn *rs;
127 return (p->flags & XFRM_STATE_ESN) ? -EINVAL : 0;
131 if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8)
134 if (nla_len(rt) < (int)xfrm_replay_state_esn_len(rs) &&
135 nla_len(rt) != sizeof(*rs))
138 /* As only ESP and AH support ESN feature. */
139 if ((p->id.proto != IPPROTO_ESP) && (p->id.proto != IPPROTO_AH))
142 if (p->replay_window != 0)
148 static int verify_newsa_info(struct xfrm_usersa_info *p,
149 struct nlattr **attrs)
159 #if IS_ENABLED(CONFIG_IPV6)
170 switch (p->sel.family) {
175 if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32)
181 #if IS_ENABLED(CONFIG_IPV6)
182 if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128)
196 switch (p->id.proto) {
198 if ((!attrs[XFRMA_ALG_AUTH] &&
199 !attrs[XFRMA_ALG_AUTH_TRUNC]) ||
200 attrs[XFRMA_ALG_AEAD] ||
201 attrs[XFRMA_ALG_CRYPT] ||
202 attrs[XFRMA_ALG_COMP] ||
208 if (attrs[XFRMA_ALG_COMP])
210 if (!attrs[XFRMA_ALG_AUTH] &&
211 !attrs[XFRMA_ALG_AUTH_TRUNC] &&
212 !attrs[XFRMA_ALG_CRYPT] &&
213 !attrs[XFRMA_ALG_AEAD])
215 if ((attrs[XFRMA_ALG_AUTH] ||
216 attrs[XFRMA_ALG_AUTH_TRUNC] ||
217 attrs[XFRMA_ALG_CRYPT]) &&
218 attrs[XFRMA_ALG_AEAD])
220 if (attrs[XFRMA_TFCPAD] &&
221 p->mode != XFRM_MODE_TUNNEL)
226 if (!attrs[XFRMA_ALG_COMP] ||
227 attrs[XFRMA_ALG_AEAD] ||
228 attrs[XFRMA_ALG_AUTH] ||
229 attrs[XFRMA_ALG_AUTH_TRUNC] ||
230 attrs[XFRMA_ALG_CRYPT] ||
231 attrs[XFRMA_TFCPAD] ||
232 (ntohl(p->id.spi) >= 0x10000))
236 #if IS_ENABLED(CONFIG_IPV6)
237 case IPPROTO_DSTOPTS:
238 case IPPROTO_ROUTING:
239 if (attrs[XFRMA_ALG_COMP] ||
240 attrs[XFRMA_ALG_AUTH] ||
241 attrs[XFRMA_ALG_AUTH_TRUNC] ||
242 attrs[XFRMA_ALG_AEAD] ||
243 attrs[XFRMA_ALG_CRYPT] ||
244 attrs[XFRMA_ENCAP] ||
245 attrs[XFRMA_SEC_CTX] ||
246 attrs[XFRMA_TFCPAD] ||
247 !attrs[XFRMA_COADDR])
256 if ((err = verify_aead(attrs)))
258 if ((err = verify_auth_trunc(attrs)))
260 if ((err = verify_one_alg(attrs, XFRMA_ALG_AUTH)))
262 if ((err = verify_one_alg(attrs, XFRMA_ALG_CRYPT)))
264 if ((err = verify_one_alg(attrs, XFRMA_ALG_COMP)))
266 if ((err = verify_sec_ctx_len(attrs)))
268 if ((err = verify_replay(p, attrs)))
273 case XFRM_MODE_TRANSPORT:
274 case XFRM_MODE_TUNNEL:
275 case XFRM_MODE_ROUTEOPTIMIZATION:
285 if (attrs[XFRMA_MTIMER_THRESH])
286 if (!attrs[XFRMA_ENCAP])
293 static int attach_one_algo(struct xfrm_algo **algpp, u8 *props,
294 struct xfrm_algo_desc *(*get_byname)(const char *, int),
297 struct xfrm_algo *p, *ualg;
298 struct xfrm_algo_desc *algo;
303 ualg = nla_data(rta);
305 algo = get_byname(ualg->alg_name, 1);
308 *props = algo->desc.sadb_alg_id;
310 p = kmemdup(ualg, xfrm_alg_len(ualg), GFP_KERNEL);
314 strcpy(p->alg_name, algo->name);
319 static int attach_crypt(struct xfrm_state *x, struct nlattr *rta)
321 struct xfrm_algo *p, *ualg;
322 struct xfrm_algo_desc *algo;
327 ualg = nla_data(rta);
329 algo = xfrm_ealg_get_byname(ualg->alg_name, 1);
332 x->props.ealgo = algo->desc.sadb_alg_id;
334 p = kmemdup(ualg, xfrm_alg_len(ualg), GFP_KERNEL);
338 strcpy(p->alg_name, algo->name);
340 x->geniv = algo->uinfo.encr.geniv;
344 static int attach_auth(struct xfrm_algo_auth **algpp, u8 *props,
347 struct xfrm_algo *ualg;
348 struct xfrm_algo_auth *p;
349 struct xfrm_algo_desc *algo;
354 ualg = nla_data(rta);
356 algo = xfrm_aalg_get_byname(ualg->alg_name, 1);
359 *props = algo->desc.sadb_alg_id;
361 p = kmalloc(sizeof(*p) + (ualg->alg_key_len + 7) / 8, GFP_KERNEL);
365 strcpy(p->alg_name, algo->name);
366 p->alg_key_len = ualg->alg_key_len;
367 p->alg_trunc_len = algo->uinfo.auth.icv_truncbits;
368 memcpy(p->alg_key, ualg->alg_key, (ualg->alg_key_len + 7) / 8);
374 static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props,
377 struct xfrm_algo_auth *p, *ualg;
378 struct xfrm_algo_desc *algo;
383 ualg = nla_data(rta);
385 algo = xfrm_aalg_get_byname(ualg->alg_name, 1);
388 if (ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits)
390 *props = algo->desc.sadb_alg_id;
392 p = kmemdup(ualg, xfrm_alg_auth_len(ualg), GFP_KERNEL);
396 strcpy(p->alg_name, algo->name);
397 if (!p->alg_trunc_len)
398 p->alg_trunc_len = algo->uinfo.auth.icv_truncbits;
404 static int attach_aead(struct xfrm_state *x, struct nlattr *rta)
406 struct xfrm_algo_aead *p, *ualg;
407 struct xfrm_algo_desc *algo;
412 ualg = nla_data(rta);
414 algo = xfrm_aead_get_byname(ualg->alg_name, ualg->alg_icv_len, 1);
417 x->props.ealgo = algo->desc.sadb_alg_id;
419 p = kmemdup(ualg, aead_len(ualg), GFP_KERNEL);
423 strcpy(p->alg_name, algo->name);
425 x->geniv = algo->uinfo.aead.geniv;
429 static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_esn,
432 struct xfrm_replay_state_esn *up;
435 if (!replay_esn || !rp)
439 ulen = xfrm_replay_state_esn_len(up);
441 /* Check the overall length and the internal bitmap length to avoid
442 * potential overflow. */
443 if (nla_len(rp) < (int)ulen ||
444 xfrm_replay_state_esn_len(replay_esn) != ulen ||
445 replay_esn->bmp_len != up->bmp_len)
448 if (up->replay_window > up->bmp_len * sizeof(__u32) * 8)
454 static int xfrm_alloc_replay_state_esn(struct xfrm_replay_state_esn **replay_esn,
455 struct xfrm_replay_state_esn **preplay_esn,
458 struct xfrm_replay_state_esn *p, *pp, *up;
459 unsigned int klen, ulen;
465 klen = xfrm_replay_state_esn_len(up);
466 ulen = nla_len(rta) >= (int)klen ? klen : sizeof(*up);
468 p = kzalloc(klen, GFP_KERNEL);
472 pp = kzalloc(klen, GFP_KERNEL);
479 memcpy(pp, up, ulen);
487 static inline unsigned int xfrm_user_sec_ctx_size(struct xfrm_sec_ctx *xfrm_ctx)
489 unsigned int len = 0;
492 len += sizeof(struct xfrm_user_sec_ctx);
493 len += xfrm_ctx->ctx_len;
498 static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p)
500 memcpy(&x->id, &p->id, sizeof(x->id));
501 memcpy(&x->sel, &p->sel, sizeof(x->sel));
502 memcpy(&x->lft, &p->lft, sizeof(x->lft));
503 x->props.mode = p->mode;
504 x->props.replay_window = min_t(unsigned int, p->replay_window,
505 sizeof(x->replay.bitmap) * 8);
506 x->props.reqid = p->reqid;
507 x->props.family = p->family;
508 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr));
509 x->props.flags = p->flags;
511 if (!x->sel.family && !(p->flags & XFRM_STATE_AF_UNSPEC))
512 x->sel.family = p->family;
516 * someday when pfkey also has support, we could have the code
517 * somehow made shareable and move it to xfrm_state.c - JHS
520 static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs,
523 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL];
524 struct nlattr *re = update_esn ? attrs[XFRMA_REPLAY_ESN_VAL] : NULL;
525 struct nlattr *lt = attrs[XFRMA_LTIME_VAL];
526 struct nlattr *et = attrs[XFRMA_ETIMER_THRESH];
527 struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH];
528 struct nlattr *mt = attrs[XFRMA_MTIMER_THRESH];
530 if (re && x->replay_esn && x->preplay_esn) {
531 struct xfrm_replay_state_esn *replay_esn;
532 replay_esn = nla_data(re);
533 memcpy(x->replay_esn, replay_esn,
534 xfrm_replay_state_esn_len(replay_esn));
535 memcpy(x->preplay_esn, replay_esn,
536 xfrm_replay_state_esn_len(replay_esn));
540 struct xfrm_replay_state *replay;
541 replay = nla_data(rp);
542 memcpy(&x->replay, replay, sizeof(*replay));
543 memcpy(&x->preplay, replay, sizeof(*replay));
547 struct xfrm_lifetime_cur *ltime;
548 ltime = nla_data(lt);
549 x->curlft.bytes = ltime->bytes;
550 x->curlft.packets = ltime->packets;
551 x->curlft.add_time = ltime->add_time;
552 x->curlft.use_time = ltime->use_time;
556 x->replay_maxage = nla_get_u32(et);
559 x->replay_maxdiff = nla_get_u32(rt);
562 x->mapping_maxage = nla_get_u32(mt);
565 static void xfrm_smark_init(struct nlattr **attrs, struct xfrm_mark *m)
567 if (attrs[XFRMA_SET_MARK]) {
568 m->v = nla_get_u32(attrs[XFRMA_SET_MARK]);
569 if (attrs[XFRMA_SET_MARK_MASK])
570 m->m = nla_get_u32(attrs[XFRMA_SET_MARK_MASK]);
578 static struct xfrm_state *xfrm_state_construct(struct net *net,
579 struct xfrm_usersa_info *p,
580 struct nlattr **attrs,
583 struct xfrm_state *x = xfrm_state_alloc(net);
589 copy_from_user_state(x, p);
591 if (attrs[XFRMA_ENCAP]) {
592 x->encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]),
593 sizeof(*x->encap), GFP_KERNEL);
594 if (x->encap == NULL)
598 if (attrs[XFRMA_COADDR]) {
599 x->coaddr = kmemdup(nla_data(attrs[XFRMA_COADDR]),
600 sizeof(*x->coaddr), GFP_KERNEL);
601 if (x->coaddr == NULL)
605 if (attrs[XFRMA_SA_EXTRA_FLAGS])
606 x->props.extra_flags = nla_get_u32(attrs[XFRMA_SA_EXTRA_FLAGS]);
608 if ((err = attach_aead(x, attrs[XFRMA_ALG_AEAD])))
610 if ((err = attach_auth_trunc(&x->aalg, &x->props.aalgo,
611 attrs[XFRMA_ALG_AUTH_TRUNC])))
613 if (!x->props.aalgo) {
614 if ((err = attach_auth(&x->aalg, &x->props.aalgo,
615 attrs[XFRMA_ALG_AUTH])))
618 if ((err = attach_crypt(x, attrs[XFRMA_ALG_CRYPT])))
620 if ((err = attach_one_algo(&x->calg, &x->props.calgo,
621 xfrm_calg_get_byname,
622 attrs[XFRMA_ALG_COMP])))
625 if (attrs[XFRMA_TFCPAD])
626 x->tfcpad = nla_get_u32(attrs[XFRMA_TFCPAD]);
628 xfrm_mark_get(attrs, &x->mark);
630 xfrm_smark_init(attrs, &x->props.smark);
632 if (attrs[XFRMA_IF_ID])
633 x->if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
635 err = __xfrm_init_state(x, false, attrs[XFRMA_OFFLOAD_DEV]);
639 if (attrs[XFRMA_SEC_CTX]) {
640 err = security_xfrm_state_alloc(x,
641 nla_data(attrs[XFRMA_SEC_CTX]));
646 if ((err = xfrm_alloc_replay_state_esn(&x->replay_esn, &x->preplay_esn,
647 attrs[XFRMA_REPLAY_ESN_VAL])))
651 x->replay_maxdiff = net->xfrm.sysctl_aevent_rseqth;
652 /* sysctl_xfrm_aevent_etime is in 100ms units */
653 x->replay_maxage = (net->xfrm.sysctl_aevent_etime*HZ)/XFRM_AE_ETH_M;
655 if ((err = xfrm_init_replay(x)))
658 /* override default values from above */
659 xfrm_update_ae_params(x, attrs, 0);
661 /* configure the hardware if offload is requested */
662 if (attrs[XFRMA_OFFLOAD_DEV]) {
663 err = xfrm_dev_state_add(net, x,
664 nla_data(attrs[XFRMA_OFFLOAD_DEV]));
672 x->km.state = XFRM_STATE_DEAD;
679 static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
680 struct nlattr **attrs)
682 struct net *net = sock_net(skb->sk);
683 struct xfrm_usersa_info *p = nlmsg_data(nlh);
684 struct xfrm_state *x;
688 err = verify_newsa_info(p, attrs);
692 x = xfrm_state_construct(net, p, attrs, &err);
697 if (nlh->nlmsg_type == XFRM_MSG_NEWSA)
698 err = xfrm_state_add(x);
700 err = xfrm_state_update(x);
702 xfrm_audit_state_add(x, err ? 0 : 1, true);
705 x->km.state = XFRM_STATE_DEAD;
706 xfrm_dev_state_delete(x);
711 if (x->km.state == XFRM_STATE_VOID)
712 x->km.state = XFRM_STATE_VALID;
714 c.seq = nlh->nlmsg_seq;
715 c.portid = nlh->nlmsg_pid;
716 c.event = nlh->nlmsg_type;
718 km_state_notify(x, &c);
724 static struct xfrm_state *xfrm_user_state_lookup(struct net *net,
725 struct xfrm_usersa_id *p,
726 struct nlattr **attrs,
729 struct xfrm_state *x = NULL;
732 u32 mark = xfrm_mark_get(attrs, &m);
734 if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) {
736 x = xfrm_state_lookup(net, mark, &p->daddr, p->spi, p->proto, p->family);
738 xfrm_address_t *saddr = NULL;
740 verify_one_addr(attrs, XFRMA_SRCADDR, &saddr);
747 x = xfrm_state_lookup_byaddr(net, mark,
749 p->proto, p->family);
758 static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
759 struct nlattr **attrs)
761 struct net *net = sock_net(skb->sk);
762 struct xfrm_state *x;
765 struct xfrm_usersa_id *p = nlmsg_data(nlh);
767 x = xfrm_user_state_lookup(net, p, attrs, &err);
771 if ((err = security_xfrm_state_delete(x)) != 0)
774 if (xfrm_state_kern(x)) {
779 err = xfrm_state_delete(x);
784 c.seq = nlh->nlmsg_seq;
785 c.portid = nlh->nlmsg_pid;
786 c.event = nlh->nlmsg_type;
787 km_state_notify(x, &c);
790 xfrm_audit_state_delete(x, err ? 0 : 1, true);
795 static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p)
797 memset(p, 0, sizeof(*p));
798 memcpy(&p->id, &x->id, sizeof(p->id));
799 memcpy(&p->sel, &x->sel, sizeof(p->sel));
800 memcpy(&p->lft, &x->lft, sizeof(p->lft));
801 memcpy(&p->curlft, &x->curlft, sizeof(p->curlft));
802 put_unaligned(x->stats.replay_window, &p->stats.replay_window);
803 put_unaligned(x->stats.replay, &p->stats.replay);
804 put_unaligned(x->stats.integrity_failed, &p->stats.integrity_failed);
805 memcpy(&p->saddr, &x->props.saddr, sizeof(p->saddr));
806 p->mode = x->props.mode;
807 p->replay_window = x->props.replay_window;
808 p->reqid = x->props.reqid;
809 p->family = x->props.family;
810 p->flags = x->props.flags;
814 struct xfrm_dump_info {
815 struct sk_buff *in_skb;
816 struct sk_buff *out_skb;
821 static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb)
823 struct xfrm_user_sec_ctx *uctx;
825 int ctx_size = sizeof(*uctx) + s->ctx_len;
827 attr = nla_reserve(skb, XFRMA_SEC_CTX, ctx_size);
831 uctx = nla_data(attr);
832 uctx->exttype = XFRMA_SEC_CTX;
833 uctx->len = ctx_size;
834 uctx->ctx_doi = s->ctx_doi;
835 uctx->ctx_alg = s->ctx_alg;
836 uctx->ctx_len = s->ctx_len;
837 memcpy(uctx + 1, s->ctx_str, s->ctx_len);
842 static int copy_user_offload(struct xfrm_state_offload *xso, struct sk_buff *skb)
844 struct xfrm_user_offload *xuo;
847 attr = nla_reserve(skb, XFRMA_OFFLOAD_DEV, sizeof(*xuo));
851 xuo = nla_data(attr);
852 memset(xuo, 0, sizeof(*xuo));
853 xuo->ifindex = xso->dev->ifindex;
854 xuo->flags = xso->flags;
859 static int copy_to_user_auth(struct xfrm_algo_auth *auth, struct sk_buff *skb)
861 struct xfrm_algo *algo;
864 nla = nla_reserve(skb, XFRMA_ALG_AUTH,
865 sizeof(*algo) + (auth->alg_key_len + 7) / 8);
869 algo = nla_data(nla);
870 strncpy(algo->alg_name, auth->alg_name, sizeof(algo->alg_name));
871 memcpy(algo->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8);
872 algo->alg_key_len = auth->alg_key_len;
877 static int xfrm_smark_put(struct sk_buff *skb, struct xfrm_mark *m)
882 ret = nla_put_u32(skb, XFRMA_SET_MARK, m->v);
884 ret = nla_put_u32(skb, XFRMA_SET_MARK_MASK, m->m);
889 /* Don't change this without updating xfrm_sa_len! */
890 static int copy_to_user_state_extra(struct xfrm_state *x,
891 struct xfrm_usersa_info *p,
896 copy_to_user_state(x, p);
898 if (x->props.extra_flags) {
899 ret = nla_put_u32(skb, XFRMA_SA_EXTRA_FLAGS,
900 x->props.extra_flags);
906 ret = nla_put(skb, XFRMA_COADDR, sizeof(*x->coaddr), x->coaddr);
911 ret = nla_put_u64_64bit(skb, XFRMA_LASTUSED, x->lastused,
917 ret = nla_put(skb, XFRMA_ALG_AEAD, aead_len(x->aead), x->aead);
922 ret = copy_to_user_auth(x->aalg, skb);
924 ret = nla_put(skb, XFRMA_ALG_AUTH_TRUNC,
925 xfrm_alg_auth_len(x->aalg), x->aalg);
930 ret = nla_put(skb, XFRMA_ALG_CRYPT, xfrm_alg_len(x->ealg), x->ealg);
935 ret = nla_put(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg);
940 ret = nla_put(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap);
945 ret = nla_put_u32(skb, XFRMA_TFCPAD, x->tfcpad);
949 ret = xfrm_mark_put(skb, &x->mark);
953 ret = xfrm_smark_put(skb, &x->props.smark);
958 ret = nla_put(skb, XFRMA_REPLAY_ESN_VAL,
959 xfrm_replay_state_esn_len(x->replay_esn),
962 ret = nla_put(skb, XFRMA_REPLAY_VAL, sizeof(x->replay),
967 ret = copy_user_offload(&x->xso, skb);
971 ret = nla_put_u32(skb, XFRMA_IF_ID, x->if_id);
976 ret = copy_sec_ctx(x->security, skb);
980 if (x->mapping_maxage)
981 ret = nla_put_u32(skb, XFRMA_MTIMER_THRESH, x->mapping_maxage);
986 static int dump_one_state(struct xfrm_state *x, int count, void *ptr)
988 struct xfrm_dump_info *sp = ptr;
989 struct sk_buff *in_skb = sp->in_skb;
990 struct sk_buff *skb = sp->out_skb;
991 struct xfrm_translator *xtr;
992 struct xfrm_usersa_info *p;
993 struct nlmsghdr *nlh;
996 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).portid, sp->nlmsg_seq,
997 XFRM_MSG_NEWSA, sizeof(*p), sp->nlmsg_flags);
1001 p = nlmsg_data(nlh);
1003 err = copy_to_user_state_extra(x, p, skb);
1005 nlmsg_cancel(skb, nlh);
1008 nlmsg_end(skb, nlh);
1010 xtr = xfrm_get_translator();
1012 err = xtr->alloc_compat(skb, nlh);
1014 xfrm_put_translator(xtr);
1016 nlmsg_cancel(skb, nlh);
1024 static int xfrm_dump_sa_done(struct netlink_callback *cb)
1026 struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1];
1027 struct sock *sk = cb->skb->sk;
1028 struct net *net = sock_net(sk);
1031 xfrm_state_walk_done(walk, net);
1035 static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb)
1037 struct net *net = sock_net(skb->sk);
1038 struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1];
1039 struct xfrm_dump_info info;
1041 BUILD_BUG_ON(sizeof(struct xfrm_state_walk) >
1042 sizeof(cb->args) - sizeof(cb->args[0]));
1044 info.in_skb = cb->skb;
1046 info.nlmsg_seq = cb->nlh->nlmsg_seq;
1047 info.nlmsg_flags = NLM_F_MULTI;
1050 struct nlattr *attrs[XFRMA_MAX+1];
1051 struct xfrm_address_filter *filter = NULL;
1055 err = nlmsg_parse_deprecated(cb->nlh, 0, attrs, XFRMA_MAX,
1056 xfrma_policy, cb->extack);
1060 if (attrs[XFRMA_ADDRESS_FILTER]) {
1061 filter = kmemdup(nla_data(attrs[XFRMA_ADDRESS_FILTER]),
1062 sizeof(*filter), GFP_KERNEL);
1066 /* see addr_match(), (prefix length >> 5) << 2
1067 * will be used to compare xfrm_address_t
1069 if (filter->splen > (sizeof(xfrm_address_t) << 3) ||
1070 filter->dplen > (sizeof(xfrm_address_t) << 3)) {
1076 if (attrs[XFRMA_PROTO])
1077 proto = nla_get_u8(attrs[XFRMA_PROTO]);
1079 xfrm_state_walk_init(walk, proto, filter);
1083 (void) xfrm_state_walk(net, walk, dump_one_state, &info);
1088 static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb,
1089 struct xfrm_state *x, u32 seq)
1091 struct xfrm_dump_info info;
1092 struct sk_buff *skb;
1095 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
1097 return ERR_PTR(-ENOMEM);
1099 info.in_skb = in_skb;
1101 info.nlmsg_seq = seq;
1102 info.nlmsg_flags = 0;
1104 err = dump_one_state(x, 0, &info);
1107 return ERR_PTR(err);
1113 /* A wrapper for nlmsg_multicast() checking that nlsk is still available.
1114 * Must be called with RCU read lock.
1116 static inline int xfrm_nlmsg_multicast(struct net *net, struct sk_buff *skb,
1117 u32 pid, unsigned int group)
1119 struct sock *nlsk = rcu_dereference(net->xfrm.nlsk);
1120 struct xfrm_translator *xtr;
1127 xtr = xfrm_get_translator();
1129 int err = xtr->alloc_compat(skb, nlmsg_hdr(skb));
1131 xfrm_put_translator(xtr);
1138 return nlmsg_multicast(nlsk, skb, pid, group, GFP_ATOMIC);
1141 static inline unsigned int xfrm_spdinfo_msgsize(void)
1143 return NLMSG_ALIGN(4)
1144 + nla_total_size(sizeof(struct xfrmu_spdinfo))
1145 + nla_total_size(sizeof(struct xfrmu_spdhinfo))
1146 + nla_total_size(sizeof(struct xfrmu_spdhthresh))
1147 + nla_total_size(sizeof(struct xfrmu_spdhthresh));
1150 static int build_spdinfo(struct sk_buff *skb, struct net *net,
1151 u32 portid, u32 seq, u32 flags)
1153 struct xfrmk_spdinfo si;
1154 struct xfrmu_spdinfo spc;
1155 struct xfrmu_spdhinfo sph;
1156 struct xfrmu_spdhthresh spt4, spt6;
1157 struct nlmsghdr *nlh;
1162 nlh = nlmsg_put(skb, portid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0);
1163 if (nlh == NULL) /* shouldn't really happen ... */
1166 f = nlmsg_data(nlh);
1168 xfrm_spd_getinfo(net, &si);
1169 spc.incnt = si.incnt;
1170 spc.outcnt = si.outcnt;
1171 spc.fwdcnt = si.fwdcnt;
1172 spc.inscnt = si.inscnt;
1173 spc.outscnt = si.outscnt;
1174 spc.fwdscnt = si.fwdscnt;
1175 sph.spdhcnt = si.spdhcnt;
1176 sph.spdhmcnt = si.spdhmcnt;
1179 lseq = read_seqbegin(&net->xfrm.policy_hthresh.lock);
1181 spt4.lbits = net->xfrm.policy_hthresh.lbits4;
1182 spt4.rbits = net->xfrm.policy_hthresh.rbits4;
1183 spt6.lbits = net->xfrm.policy_hthresh.lbits6;
1184 spt6.rbits = net->xfrm.policy_hthresh.rbits6;
1185 } while (read_seqretry(&net->xfrm.policy_hthresh.lock, lseq));
1187 err = nla_put(skb, XFRMA_SPD_INFO, sizeof(spc), &spc);
1189 err = nla_put(skb, XFRMA_SPD_HINFO, sizeof(sph), &sph);
1191 err = nla_put(skb, XFRMA_SPD_IPV4_HTHRESH, sizeof(spt4), &spt4);
1193 err = nla_put(skb, XFRMA_SPD_IPV6_HTHRESH, sizeof(spt6), &spt6);
1195 nlmsg_cancel(skb, nlh);
1199 nlmsg_end(skb, nlh);
1203 static int xfrm_set_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh,
1204 struct nlattr **attrs)
1206 struct net *net = sock_net(skb->sk);
1207 struct xfrmu_spdhthresh *thresh4 = NULL;
1208 struct xfrmu_spdhthresh *thresh6 = NULL;
1210 /* selector prefixlen thresholds to hash policies */
1211 if (attrs[XFRMA_SPD_IPV4_HTHRESH]) {
1212 struct nlattr *rta = attrs[XFRMA_SPD_IPV4_HTHRESH];
1214 if (nla_len(rta) < sizeof(*thresh4))
1216 thresh4 = nla_data(rta);
1217 if (thresh4->lbits > 32 || thresh4->rbits > 32)
1220 if (attrs[XFRMA_SPD_IPV6_HTHRESH]) {
1221 struct nlattr *rta = attrs[XFRMA_SPD_IPV6_HTHRESH];
1223 if (nla_len(rta) < sizeof(*thresh6))
1225 thresh6 = nla_data(rta);
1226 if (thresh6->lbits > 128 || thresh6->rbits > 128)
1230 if (thresh4 || thresh6) {
1231 write_seqlock(&net->xfrm.policy_hthresh.lock);
1233 net->xfrm.policy_hthresh.lbits4 = thresh4->lbits;
1234 net->xfrm.policy_hthresh.rbits4 = thresh4->rbits;
1237 net->xfrm.policy_hthresh.lbits6 = thresh6->lbits;
1238 net->xfrm.policy_hthresh.rbits6 = thresh6->rbits;
1240 write_sequnlock(&net->xfrm.policy_hthresh.lock);
1242 xfrm_policy_hash_rebuild(net);
1248 static int xfrm_get_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh,
1249 struct nlattr **attrs)
1251 struct net *net = sock_net(skb->sk);
1252 struct sk_buff *r_skb;
1253 u32 *flags = nlmsg_data(nlh);
1254 u32 sportid = NETLINK_CB(skb).portid;
1255 u32 seq = nlh->nlmsg_seq;
1258 r_skb = nlmsg_new(xfrm_spdinfo_msgsize(), GFP_ATOMIC);
1262 err = build_spdinfo(r_skb, net, sportid, seq, *flags);
1265 return nlmsg_unicast(net->xfrm.nlsk, r_skb, sportid);
1268 static inline unsigned int xfrm_sadinfo_msgsize(void)
1270 return NLMSG_ALIGN(4)
1271 + nla_total_size(sizeof(struct xfrmu_sadhinfo))
1272 + nla_total_size(4); /* XFRMA_SAD_CNT */
1275 static int build_sadinfo(struct sk_buff *skb, struct net *net,
1276 u32 portid, u32 seq, u32 flags)
1278 struct xfrmk_sadinfo si;
1279 struct xfrmu_sadhinfo sh;
1280 struct nlmsghdr *nlh;
1284 nlh = nlmsg_put(skb, portid, seq, XFRM_MSG_NEWSADINFO, sizeof(u32), 0);
1285 if (nlh == NULL) /* shouldn't really happen ... */
1288 f = nlmsg_data(nlh);
1290 xfrm_sad_getinfo(net, &si);
1292 sh.sadhmcnt = si.sadhmcnt;
1293 sh.sadhcnt = si.sadhcnt;
1295 err = nla_put_u32(skb, XFRMA_SAD_CNT, si.sadcnt);
1297 err = nla_put(skb, XFRMA_SAD_HINFO, sizeof(sh), &sh);
1299 nlmsg_cancel(skb, nlh);
1303 nlmsg_end(skb, nlh);
1307 static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh,
1308 struct nlattr **attrs)
1310 struct net *net = sock_net(skb->sk);
1311 struct sk_buff *r_skb;
1312 u32 *flags = nlmsg_data(nlh);
1313 u32 sportid = NETLINK_CB(skb).portid;
1314 u32 seq = nlh->nlmsg_seq;
1317 r_skb = nlmsg_new(xfrm_sadinfo_msgsize(), GFP_ATOMIC);
1321 err = build_sadinfo(r_skb, net, sportid, seq, *flags);
1324 return nlmsg_unicast(net->xfrm.nlsk, r_skb, sportid);
1327 static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
1328 struct nlattr **attrs)
1330 struct net *net = sock_net(skb->sk);
1331 struct xfrm_usersa_id *p = nlmsg_data(nlh);
1332 struct xfrm_state *x;
1333 struct sk_buff *resp_skb;
1336 x = xfrm_user_state_lookup(net, p, attrs, &err);
1340 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq);
1341 if (IS_ERR(resp_skb)) {
1342 err = PTR_ERR(resp_skb);
1344 err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, NETLINK_CB(skb).portid);
1351 static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh,
1352 struct nlattr **attrs)
1354 struct net *net = sock_net(skb->sk);
1355 struct xfrm_state *x;
1356 struct xfrm_userspi_info *p;
1357 struct xfrm_translator *xtr;
1358 struct sk_buff *resp_skb;
1359 xfrm_address_t *daddr;
1366 p = nlmsg_data(nlh);
1367 err = verify_spi_info(p->info.id.proto, p->min, p->max);
1371 family = p->info.family;
1372 daddr = &p->info.id.daddr;
1376 mark = xfrm_mark_get(attrs, &m);
1378 if (attrs[XFRMA_IF_ID])
1379 if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
1382 x = xfrm_find_acq_byseq(net, mark, p->info.seq);
1383 if (x && !xfrm_addr_equal(&x->id.daddr, daddr, family)) {
1390 x = xfrm_find_acq(net, &m, p->info.mode, p->info.reqid,
1391 if_id, p->info.id.proto, daddr,
1398 err = xfrm_alloc_spi(x, p->min, p->max);
1402 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq);
1403 if (IS_ERR(resp_skb)) {
1404 err = PTR_ERR(resp_skb);
1408 xtr = xfrm_get_translator();
1410 err = xtr->alloc_compat(skb, nlmsg_hdr(skb));
1412 xfrm_put_translator(xtr);
1414 kfree_skb(resp_skb);
1419 err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, NETLINK_CB(skb).portid);
1427 static int verify_policy_dir(u8 dir)
1430 case XFRM_POLICY_IN:
1431 case XFRM_POLICY_OUT:
1432 case XFRM_POLICY_FWD:
1442 static int verify_policy_type(u8 type)
1445 case XFRM_POLICY_TYPE_MAIN:
1446 #ifdef CONFIG_XFRM_SUB_POLICY
1447 case XFRM_POLICY_TYPE_SUB:
1458 static int verify_newpolicy_info(struct xfrm_userpolicy_info *p)
1463 case XFRM_SHARE_ANY:
1464 case XFRM_SHARE_SESSION:
1465 case XFRM_SHARE_USER:
1466 case XFRM_SHARE_UNIQUE:
1473 switch (p->action) {
1474 case XFRM_POLICY_ALLOW:
1475 case XFRM_POLICY_BLOCK:
1482 switch (p->sel.family) {
1484 if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32)
1490 #if IS_ENABLED(CONFIG_IPV6)
1491 if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128)
1496 return -EAFNOSUPPORT;
1503 ret = verify_policy_dir(p->dir);
1506 if (p->index && (xfrm_policy_id2dir(p->index) != p->dir))
1512 static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct nlattr **attrs)
1514 struct nlattr *rt = attrs[XFRMA_SEC_CTX];
1515 struct xfrm_user_sec_ctx *uctx;
1520 uctx = nla_data(rt);
1521 return security_xfrm_policy_alloc(&pol->security, uctx, GFP_KERNEL);
1524 static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut,
1530 for (i = 0; i < nr; i++, ut++) {
1531 struct xfrm_tmpl *t = &xp->xfrm_vec[i];
1533 memcpy(&t->id, &ut->id, sizeof(struct xfrm_id));
1534 memcpy(&t->saddr, &ut->saddr,
1535 sizeof(xfrm_address_t));
1536 t->reqid = ut->reqid;
1538 t->share = ut->share;
1539 t->optional = ut->optional;
1540 t->aalgos = ut->aalgos;
1541 t->ealgos = ut->ealgos;
1542 t->calgos = ut->calgos;
1543 /* If all masks are ~0, then we allow all algorithms. */
1544 t->allalgs = !~(t->aalgos & t->ealgos & t->calgos);
1545 t->encap_family = ut->family;
1549 static int validate_tmpl(int nr, struct xfrm_user_tmpl *ut, u16 family)
1554 if (nr > XFRM_MAX_DEPTH)
1557 prev_family = family;
1559 for (i = 0; i < nr; i++) {
1560 /* We never validated the ut->family value, so many
1561 * applications simply leave it at zero. The check was
1562 * never made and ut->family was ignored because all
1563 * templates could be assumed to have the same family as
1564 * the policy itself. Now that we will have ipv4-in-ipv6
1565 * and ipv6-in-ipv4 tunnels, this is no longer true.
1568 ut[i].family = family;
1570 switch (ut[i].mode) {
1571 case XFRM_MODE_TUNNEL:
1572 case XFRM_MODE_BEET:
1575 if (ut[i].family != prev_family)
1579 if (ut[i].mode >= XFRM_MODE_MAX)
1582 prev_family = ut[i].family;
1584 switch (ut[i].family) {
1587 #if IS_ENABLED(CONFIG_IPV6)
1595 if (!xfrm_id_proto_valid(ut[i].id.proto))
1602 static int copy_from_user_tmpl(struct xfrm_policy *pol, struct nlattr **attrs)
1604 struct nlattr *rt = attrs[XFRMA_TMPL];
1609 struct xfrm_user_tmpl *utmpl = nla_data(rt);
1610 int nr = nla_len(rt) / sizeof(*utmpl);
1613 err = validate_tmpl(nr, utmpl, pol->family);
1617 copy_templates(pol, utmpl, nr);
1622 static int copy_from_user_policy_type(u8 *tp, struct nlattr **attrs)
1624 struct nlattr *rt = attrs[XFRMA_POLICY_TYPE];
1625 struct xfrm_userpolicy_type *upt;
1626 u8 type = XFRM_POLICY_TYPE_MAIN;
1634 err = verify_policy_type(type);
1642 static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p)
1644 xp->priority = p->priority;
1645 xp->index = p->index;
1646 memcpy(&xp->selector, &p->sel, sizeof(xp->selector));
1647 memcpy(&xp->lft, &p->lft, sizeof(xp->lft));
1648 xp->action = p->action;
1649 xp->flags = p->flags;
1650 xp->family = p->sel.family;
1651 /* XXX xp->share = p->share; */
1654 static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir)
1656 memset(p, 0, sizeof(*p));
1657 memcpy(&p->sel, &xp->selector, sizeof(p->sel));
1658 memcpy(&p->lft, &xp->lft, sizeof(p->lft));
1659 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft));
1660 p->priority = xp->priority;
1661 p->index = xp->index;
1662 p->sel.family = xp->family;
1664 p->action = xp->action;
1665 p->flags = xp->flags;
1666 p->share = XFRM_SHARE_ANY; /* XXX xp->share */
1669 static struct xfrm_policy *xfrm_policy_construct(struct net *net, struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp)
1671 struct xfrm_policy *xp = xfrm_policy_alloc(net, GFP_KERNEL);
1679 copy_from_user_policy(xp, p);
1681 err = copy_from_user_policy_type(&xp->type, attrs);
1685 if (!(err = copy_from_user_tmpl(xp, attrs)))
1686 err = copy_from_user_sec_ctx(xp, attrs);
1690 xfrm_mark_get(attrs, &xp->mark);
1692 if (attrs[XFRMA_IF_ID])
1693 xp->if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
1699 xfrm_policy_destroy(xp);
1703 static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1704 struct nlattr **attrs)
1706 struct net *net = sock_net(skb->sk);
1707 struct xfrm_userpolicy_info *p = nlmsg_data(nlh);
1708 struct xfrm_policy *xp;
1713 err = verify_newpolicy_info(p);
1716 err = verify_sec_ctx_len(attrs);
1720 xp = xfrm_policy_construct(net, p, attrs, &err);
1724 /* shouldn't excl be based on nlh flags??
1725 * Aha! this is anti-netlink really i.e more pfkey derived
1726 * in netlink excl is a flag and you wouldnt need
1727 * a type XFRM_MSG_UPDPOLICY - JHS */
1728 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
1729 err = xfrm_policy_insert(p->dir, xp, excl);
1730 xfrm_audit_policy_add(xp, err ? 0 : 1, true);
1733 security_xfrm_policy_free(xp->security);
1738 c.event = nlh->nlmsg_type;
1739 c.seq = nlh->nlmsg_seq;
1740 c.portid = nlh->nlmsg_pid;
1741 km_policy_notify(xp, p->dir, &c);
1748 static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb)
1750 struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH];
1753 if (xp->xfrm_nr == 0)
1756 if (xp->xfrm_nr > XFRM_MAX_DEPTH)
1759 for (i = 0; i < xp->xfrm_nr; i++) {
1760 struct xfrm_user_tmpl *up = &vec[i];
1761 struct xfrm_tmpl *kp = &xp->xfrm_vec[i];
1763 memset(up, 0, sizeof(*up));
1764 memcpy(&up->id, &kp->id, sizeof(up->id));
1765 up->family = kp->encap_family;
1766 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr));
1767 up->reqid = kp->reqid;
1768 up->mode = kp->mode;
1769 up->share = kp->share;
1770 up->optional = kp->optional;
1771 up->aalgos = kp->aalgos;
1772 up->ealgos = kp->ealgos;
1773 up->calgos = kp->calgos;
1776 return nla_put(skb, XFRMA_TMPL,
1777 sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr, vec);
1780 static inline int copy_to_user_state_sec_ctx(struct xfrm_state *x, struct sk_buff *skb)
1783 return copy_sec_ctx(x->security, skb);
1788 static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *skb)
1791 return copy_sec_ctx(xp->security, skb);
1794 static inline unsigned int userpolicy_type_attrsize(void)
1796 #ifdef CONFIG_XFRM_SUB_POLICY
1797 return nla_total_size(sizeof(struct xfrm_userpolicy_type));
1803 #ifdef CONFIG_XFRM_SUB_POLICY
1804 static int copy_to_user_policy_type(u8 type, struct sk_buff *skb)
1806 struct xfrm_userpolicy_type upt;
1808 /* Sadly there are two holes in struct xfrm_userpolicy_type */
1809 memset(&upt, 0, sizeof(upt));
1812 return nla_put(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt);
1816 static inline int copy_to_user_policy_type(u8 type, struct sk_buff *skb)
1822 static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr)
1824 struct xfrm_dump_info *sp = ptr;
1825 struct xfrm_userpolicy_info *p;
1826 struct sk_buff *in_skb = sp->in_skb;
1827 struct sk_buff *skb = sp->out_skb;
1828 struct xfrm_translator *xtr;
1829 struct nlmsghdr *nlh;
1832 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).portid, sp->nlmsg_seq,
1833 XFRM_MSG_NEWPOLICY, sizeof(*p), sp->nlmsg_flags);
1837 p = nlmsg_data(nlh);
1838 copy_to_user_policy(xp, p, dir);
1839 err = copy_to_user_tmpl(xp, skb);
1841 err = copy_to_user_sec_ctx(xp, skb);
1843 err = copy_to_user_policy_type(xp->type, skb);
1845 err = xfrm_mark_put(skb, &xp->mark);
1847 err = xfrm_if_id_put(skb, xp->if_id);
1849 nlmsg_cancel(skb, nlh);
1852 nlmsg_end(skb, nlh);
1854 xtr = xfrm_get_translator();
1856 err = xtr->alloc_compat(skb, nlh);
1858 xfrm_put_translator(xtr);
1860 nlmsg_cancel(skb, nlh);
1868 static int xfrm_dump_policy_done(struct netlink_callback *cb)
1870 struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args;
1871 struct net *net = sock_net(cb->skb->sk);
1873 xfrm_policy_walk_done(walk, net);
1877 static int xfrm_dump_policy_start(struct netlink_callback *cb)
1879 struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args;
1881 BUILD_BUG_ON(sizeof(*walk) > sizeof(cb->args));
1883 xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY);
1887 static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb)
1889 struct net *net = sock_net(skb->sk);
1890 struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args;
1891 struct xfrm_dump_info info;
1893 info.in_skb = cb->skb;
1895 info.nlmsg_seq = cb->nlh->nlmsg_seq;
1896 info.nlmsg_flags = NLM_F_MULTI;
1898 (void) xfrm_policy_walk(net, walk, dump_one_policy, &info);
1903 static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb,
1904 struct xfrm_policy *xp,
1907 struct xfrm_dump_info info;
1908 struct sk_buff *skb;
1911 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1913 return ERR_PTR(-ENOMEM);
1915 info.in_skb = in_skb;
1917 info.nlmsg_seq = seq;
1918 info.nlmsg_flags = 0;
1920 err = dump_one_policy(xp, dir, 0, &info);
1923 return ERR_PTR(err);
1929 static int xfrm_notify_userpolicy(struct net *net)
1931 struct xfrm_userpolicy_default *up;
1932 int len = NLMSG_ALIGN(sizeof(*up));
1933 struct nlmsghdr *nlh;
1934 struct sk_buff *skb;
1937 skb = nlmsg_new(len, GFP_ATOMIC);
1941 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_GETDEFAULT, sizeof(*up), 0);
1947 up = nlmsg_data(nlh);
1948 up->in = net->xfrm.policy_default[XFRM_POLICY_IN];
1949 up->fwd = net->xfrm.policy_default[XFRM_POLICY_FWD];
1950 up->out = net->xfrm.policy_default[XFRM_POLICY_OUT];
1952 nlmsg_end(skb, nlh);
1955 err = xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_POLICY);
1961 static bool xfrm_userpolicy_is_valid(__u8 policy)
1963 return policy == XFRM_USERPOLICY_BLOCK ||
1964 policy == XFRM_USERPOLICY_ACCEPT;
1967 static int xfrm_set_default(struct sk_buff *skb, struct nlmsghdr *nlh,
1968 struct nlattr **attrs)
1970 struct net *net = sock_net(skb->sk);
1971 struct xfrm_userpolicy_default *up = nlmsg_data(nlh);
1973 if (xfrm_userpolicy_is_valid(up->in))
1974 net->xfrm.policy_default[XFRM_POLICY_IN] = up->in;
1976 if (xfrm_userpolicy_is_valid(up->fwd))
1977 net->xfrm.policy_default[XFRM_POLICY_FWD] = up->fwd;
1979 if (xfrm_userpolicy_is_valid(up->out))
1980 net->xfrm.policy_default[XFRM_POLICY_OUT] = up->out;
1982 rt_genid_bump_all(net);
1984 xfrm_notify_userpolicy(net);
1988 static int xfrm_get_default(struct sk_buff *skb, struct nlmsghdr *nlh,
1989 struct nlattr **attrs)
1991 struct sk_buff *r_skb;
1992 struct nlmsghdr *r_nlh;
1993 struct net *net = sock_net(skb->sk);
1994 struct xfrm_userpolicy_default *r_up;
1995 int len = NLMSG_ALIGN(sizeof(struct xfrm_userpolicy_default));
1996 u32 portid = NETLINK_CB(skb).portid;
1997 u32 seq = nlh->nlmsg_seq;
1999 r_skb = nlmsg_new(len, GFP_ATOMIC);
2003 r_nlh = nlmsg_put(r_skb, portid, seq, XFRM_MSG_GETDEFAULT, sizeof(*r_up), 0);
2009 r_up = nlmsg_data(r_nlh);
2010 r_up->in = net->xfrm.policy_default[XFRM_POLICY_IN];
2011 r_up->fwd = net->xfrm.policy_default[XFRM_POLICY_FWD];
2012 r_up->out = net->xfrm.policy_default[XFRM_POLICY_OUT];
2013 nlmsg_end(r_skb, r_nlh);
2015 return nlmsg_unicast(net->xfrm.nlsk, r_skb, portid);
2018 static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
2019 struct nlattr **attrs)
2021 struct net *net = sock_net(skb->sk);
2022 struct xfrm_policy *xp;
2023 struct xfrm_userpolicy_id *p;
2024 u8 type = XFRM_POLICY_TYPE_MAIN;
2031 p = nlmsg_data(nlh);
2032 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY;
2034 err = copy_from_user_policy_type(&type, attrs);
2038 err = verify_policy_dir(p->dir);
2042 if (attrs[XFRMA_IF_ID])
2043 if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
2045 xfrm_mark_get(attrs, &m);
2048 xp = xfrm_policy_byid(net, &m, if_id, type, p->dir,
2049 p->index, delete, &err);
2051 struct nlattr *rt = attrs[XFRMA_SEC_CTX];
2052 struct xfrm_sec_ctx *ctx;
2054 err = verify_sec_ctx_len(attrs);
2060 struct xfrm_user_sec_ctx *uctx = nla_data(rt);
2062 err = security_xfrm_policy_alloc(&ctx, uctx, GFP_KERNEL);
2066 xp = xfrm_policy_bysel_ctx(net, &m, if_id, type, p->dir,
2067 &p->sel, ctx, delete, &err);
2068 security_xfrm_policy_free(ctx);
2074 struct sk_buff *resp_skb;
2076 resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq);
2077 if (IS_ERR(resp_skb)) {
2078 err = PTR_ERR(resp_skb);
2080 err = nlmsg_unicast(net->xfrm.nlsk, resp_skb,
2081 NETLINK_CB(skb).portid);
2084 xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
2089 c.data.byid = p->index;
2090 c.event = nlh->nlmsg_type;
2091 c.seq = nlh->nlmsg_seq;
2092 c.portid = nlh->nlmsg_pid;
2093 km_policy_notify(xp, p->dir, &c);
2101 static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
2102 struct nlattr **attrs)
2104 struct net *net = sock_net(skb->sk);
2106 struct xfrm_usersa_flush *p = nlmsg_data(nlh);
2109 err = xfrm_state_flush(net, p->proto, true, false);
2111 if (err == -ESRCH) /* empty table */
2115 c.data.proto = p->proto;
2116 c.event = nlh->nlmsg_type;
2117 c.seq = nlh->nlmsg_seq;
2118 c.portid = nlh->nlmsg_pid;
2120 km_state_notify(NULL, &c);
2125 static inline unsigned int xfrm_aevent_msgsize(struct xfrm_state *x)
2127 unsigned int replay_size = x->replay_esn ?
2128 xfrm_replay_state_esn_len(x->replay_esn) :
2129 sizeof(struct xfrm_replay_state);
2131 return NLMSG_ALIGN(sizeof(struct xfrm_aevent_id))
2132 + nla_total_size(replay_size)
2133 + nla_total_size_64bit(sizeof(struct xfrm_lifetime_cur))
2134 + nla_total_size(sizeof(struct xfrm_mark))
2135 + nla_total_size(4) /* XFRM_AE_RTHR */
2136 + nla_total_size(4); /* XFRM_AE_ETHR */
2139 static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, const struct km_event *c)
2141 struct xfrm_aevent_id *id;
2142 struct nlmsghdr *nlh;
2145 nlh = nlmsg_put(skb, c->portid, c->seq, XFRM_MSG_NEWAE, sizeof(*id), 0);
2149 id = nlmsg_data(nlh);
2150 memset(&id->sa_id, 0, sizeof(id->sa_id));
2151 memcpy(&id->sa_id.daddr, &x->id.daddr, sizeof(x->id.daddr));
2152 id->sa_id.spi = x->id.spi;
2153 id->sa_id.family = x->props.family;
2154 id->sa_id.proto = x->id.proto;
2155 memcpy(&id->saddr, &x->props.saddr, sizeof(x->props.saddr));
2156 id->reqid = x->props.reqid;
2157 id->flags = c->data.aevent;
2159 if (x->replay_esn) {
2160 err = nla_put(skb, XFRMA_REPLAY_ESN_VAL,
2161 xfrm_replay_state_esn_len(x->replay_esn),
2164 err = nla_put(skb, XFRMA_REPLAY_VAL, sizeof(x->replay),
2169 err = nla_put_64bit(skb, XFRMA_LTIME_VAL, sizeof(x->curlft), &x->curlft,
2174 if (id->flags & XFRM_AE_RTHR) {
2175 err = nla_put_u32(skb, XFRMA_REPLAY_THRESH, x->replay_maxdiff);
2179 if (id->flags & XFRM_AE_ETHR) {
2180 err = nla_put_u32(skb, XFRMA_ETIMER_THRESH,
2181 x->replay_maxage * 10 / HZ);
2185 err = xfrm_mark_put(skb, &x->mark);
2189 err = xfrm_if_id_put(skb, x->if_id);
2193 nlmsg_end(skb, nlh);
2197 nlmsg_cancel(skb, nlh);
2201 static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh,
2202 struct nlattr **attrs)
2204 struct net *net = sock_net(skb->sk);
2205 struct xfrm_state *x;
2206 struct sk_buff *r_skb;
2211 struct xfrm_aevent_id *p = nlmsg_data(nlh);
2212 struct xfrm_usersa_id *id = &p->sa_id;
2214 mark = xfrm_mark_get(attrs, &m);
2216 x = xfrm_state_lookup(net, mark, &id->daddr, id->spi, id->proto, id->family);
2220 r_skb = nlmsg_new(xfrm_aevent_msgsize(x), GFP_ATOMIC);
2221 if (r_skb == NULL) {
2227 * XXX: is this lock really needed - none of the other
2228 * gets lock (the concern is things getting updated
2229 * while we are still reading) - jhs
2231 spin_lock_bh(&x->lock);
2232 c.data.aevent = p->flags;
2233 c.seq = nlh->nlmsg_seq;
2234 c.portid = nlh->nlmsg_pid;
2236 err = build_aevent(r_skb, x, &c);
2239 err = nlmsg_unicast(net->xfrm.nlsk, r_skb, NETLINK_CB(skb).portid);
2240 spin_unlock_bh(&x->lock);
2245 static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh,
2246 struct nlattr **attrs)
2248 struct net *net = sock_net(skb->sk);
2249 struct xfrm_state *x;
2254 struct xfrm_aevent_id *p = nlmsg_data(nlh);
2255 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL];
2256 struct nlattr *re = attrs[XFRMA_REPLAY_ESN_VAL];
2257 struct nlattr *lt = attrs[XFRMA_LTIME_VAL];
2258 struct nlattr *et = attrs[XFRMA_ETIMER_THRESH];
2259 struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH];
2261 if (!lt && !rp && !re && !et && !rt)
2264 /* pedantic mode - thou shalt sayeth replaceth */
2265 if (!(nlh->nlmsg_flags&NLM_F_REPLACE))
2268 mark = xfrm_mark_get(attrs, &m);
2270 x = xfrm_state_lookup(net, mark, &p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family);
2274 if (x->km.state != XFRM_STATE_VALID)
2277 err = xfrm_replay_verify_len(x->replay_esn, re);
2281 spin_lock_bh(&x->lock);
2282 xfrm_update_ae_params(x, attrs, 1);
2283 spin_unlock_bh(&x->lock);
2285 c.event = nlh->nlmsg_type;
2286 c.seq = nlh->nlmsg_seq;
2287 c.portid = nlh->nlmsg_pid;
2288 c.data.aevent = XFRM_AE_CU;
2289 km_state_notify(x, &c);
2296 static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
2297 struct nlattr **attrs)
2299 struct net *net = sock_net(skb->sk);
2301 u8 type = XFRM_POLICY_TYPE_MAIN;
2304 err = copy_from_user_policy_type(&type, attrs);
2308 err = xfrm_policy_flush(net, type, true);
2310 if (err == -ESRCH) /* empty table */
2316 c.event = nlh->nlmsg_type;
2317 c.seq = nlh->nlmsg_seq;
2318 c.portid = nlh->nlmsg_pid;
2320 km_policy_notify(NULL, 0, &c);
2324 static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
2325 struct nlattr **attrs)
2327 struct net *net = sock_net(skb->sk);
2328 struct xfrm_policy *xp;
2329 struct xfrm_user_polexpire *up = nlmsg_data(nlh);
2330 struct xfrm_userpolicy_info *p = &up->pol;
2331 u8 type = XFRM_POLICY_TYPE_MAIN;
2336 err = copy_from_user_policy_type(&type, attrs);
2340 err = verify_policy_dir(p->dir);
2344 if (attrs[XFRMA_IF_ID])
2345 if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
2347 xfrm_mark_get(attrs, &m);
2350 xp = xfrm_policy_byid(net, &m, if_id, type, p->dir, p->index,
2353 struct nlattr *rt = attrs[XFRMA_SEC_CTX];
2354 struct xfrm_sec_ctx *ctx;
2356 err = verify_sec_ctx_len(attrs);
2362 struct xfrm_user_sec_ctx *uctx = nla_data(rt);
2364 err = security_xfrm_policy_alloc(&ctx, uctx, GFP_KERNEL);
2368 xp = xfrm_policy_bysel_ctx(net, &m, if_id, type, p->dir,
2369 &p->sel, ctx, 0, &err);
2370 security_xfrm_policy_free(ctx);
2375 if (unlikely(xp->walk.dead))
2380 xfrm_policy_delete(xp, p->dir);
2381 xfrm_audit_policy_delete(xp, 1, true);
2383 km_policy_expired(xp, p->dir, up->hard, nlh->nlmsg_pid);
2390 static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
2391 struct nlattr **attrs)
2393 struct net *net = sock_net(skb->sk);
2394 struct xfrm_state *x;
2396 struct xfrm_user_expire *ue = nlmsg_data(nlh);
2397 struct xfrm_usersa_info *p = &ue->state;
2399 u32 mark = xfrm_mark_get(attrs, &m);
2401 x = xfrm_state_lookup(net, mark, &p->id.daddr, p->id.spi, p->id.proto, p->family);
2407 spin_lock_bh(&x->lock);
2409 if (x->km.state != XFRM_STATE_VALID)
2411 km_state_expired(x, ue->hard, nlh->nlmsg_pid);
2414 __xfrm_state_delete(x);
2415 xfrm_audit_state_delete(x, 1, true);
2419 spin_unlock_bh(&x->lock);
2424 static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh,
2425 struct nlattr **attrs)
2427 struct net *net = sock_net(skb->sk);
2428 struct xfrm_policy *xp;
2429 struct xfrm_user_tmpl *ut;
2431 struct nlattr *rt = attrs[XFRMA_TMPL];
2432 struct xfrm_mark mark;
2434 struct xfrm_user_acquire *ua = nlmsg_data(nlh);
2435 struct xfrm_state *x = xfrm_state_alloc(net);
2441 xfrm_mark_get(attrs, &mark);
2443 err = verify_newpolicy_info(&ua->policy);
2446 err = verify_sec_ctx_len(attrs);
2451 xp = xfrm_policy_construct(net, &ua->policy, attrs, &err);
2455 memcpy(&x->id, &ua->id, sizeof(ua->id));
2456 memcpy(&x->props.saddr, &ua->saddr, sizeof(ua->saddr));
2457 memcpy(&x->sel, &ua->sel, sizeof(ua->sel));
2458 xp->mark.m = x->mark.m = mark.m;
2459 xp->mark.v = x->mark.v = mark.v;
2461 /* extract the templates and for each call km_key */
2462 for (i = 0; i < xp->xfrm_nr; i++, ut++) {
2463 struct xfrm_tmpl *t = &xp->xfrm_vec[i];
2464 memcpy(&x->id, &t->id, sizeof(x->id));
2465 x->props.mode = t->mode;
2466 x->props.reqid = t->reqid;
2467 x->props.family = ut->family;
2468 t->aalgos = ua->aalgos;
2469 t->ealgos = ua->ealgos;
2470 t->calgos = ua->calgos;
2471 err = km_query(x, t, xp);
2486 #ifdef CONFIG_XFRM_MIGRATE
2487 static int copy_from_user_migrate(struct xfrm_migrate *ma,
2488 struct xfrm_kmaddress *k,
2489 struct nlattr **attrs, int *num)
2491 struct nlattr *rt = attrs[XFRMA_MIGRATE];
2492 struct xfrm_user_migrate *um;
2496 struct xfrm_user_kmaddress *uk;
2498 uk = nla_data(attrs[XFRMA_KMADDRESS]);
2499 memcpy(&k->local, &uk->local, sizeof(k->local));
2500 memcpy(&k->remote, &uk->remote, sizeof(k->remote));
2501 k->family = uk->family;
2502 k->reserved = uk->reserved;
2506 num_migrate = nla_len(rt) / sizeof(*um);
2508 if (num_migrate <= 0 || num_migrate > XFRM_MAX_DEPTH)
2511 for (i = 0; i < num_migrate; i++, um++, ma++) {
2512 memcpy(&ma->old_daddr, &um->old_daddr, sizeof(ma->old_daddr));
2513 memcpy(&ma->old_saddr, &um->old_saddr, sizeof(ma->old_saddr));
2514 memcpy(&ma->new_daddr, &um->new_daddr, sizeof(ma->new_daddr));
2515 memcpy(&ma->new_saddr, &um->new_saddr, sizeof(ma->new_saddr));
2517 ma->proto = um->proto;
2518 ma->mode = um->mode;
2519 ma->reqid = um->reqid;
2521 ma->old_family = um->old_family;
2522 ma->new_family = um->new_family;
2529 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
2530 struct nlattr **attrs)
2532 struct xfrm_userpolicy_id *pi = nlmsg_data(nlh);
2533 struct xfrm_migrate m[XFRM_MAX_DEPTH];
2534 struct xfrm_kmaddress km, *kmp;
2538 struct net *net = sock_net(skb->sk);
2539 struct xfrm_encap_tmpl *encap = NULL;
2542 if (attrs[XFRMA_MIGRATE] == NULL)
2545 kmp = attrs[XFRMA_KMADDRESS] ? &km : NULL;
2547 err = copy_from_user_policy_type(&type, attrs);
2551 err = copy_from_user_migrate((struct xfrm_migrate *)m, kmp, attrs, &n);
2558 if (attrs[XFRMA_ENCAP]) {
2559 encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]),
2560 sizeof(*encap), GFP_KERNEL);
2565 if (attrs[XFRMA_IF_ID])
2566 if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
2568 err = xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net, encap, if_id);
2575 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
2576 struct nlattr **attrs)
2578 return -ENOPROTOOPT;
2582 #ifdef CONFIG_XFRM_MIGRATE
2583 static int copy_to_user_migrate(const struct xfrm_migrate *m, struct sk_buff *skb)
2585 struct xfrm_user_migrate um;
2587 memset(&um, 0, sizeof(um));
2588 um.proto = m->proto;
2590 um.reqid = m->reqid;
2591 um.old_family = m->old_family;
2592 memcpy(&um.old_daddr, &m->old_daddr, sizeof(um.old_daddr));
2593 memcpy(&um.old_saddr, &m->old_saddr, sizeof(um.old_saddr));
2594 um.new_family = m->new_family;
2595 memcpy(&um.new_daddr, &m->new_daddr, sizeof(um.new_daddr));
2596 memcpy(&um.new_saddr, &m->new_saddr, sizeof(um.new_saddr));
2598 return nla_put(skb, XFRMA_MIGRATE, sizeof(um), &um);
2601 static int copy_to_user_kmaddress(const struct xfrm_kmaddress *k, struct sk_buff *skb)
2603 struct xfrm_user_kmaddress uk;
2605 memset(&uk, 0, sizeof(uk));
2606 uk.family = k->family;
2607 uk.reserved = k->reserved;
2608 memcpy(&uk.local, &k->local, sizeof(uk.local));
2609 memcpy(&uk.remote, &k->remote, sizeof(uk.remote));
2611 return nla_put(skb, XFRMA_KMADDRESS, sizeof(uk), &uk);
2614 static inline unsigned int xfrm_migrate_msgsize(int num_migrate, int with_kma,
2617 return NLMSG_ALIGN(sizeof(struct xfrm_userpolicy_id))
2618 + (with_kma ? nla_total_size(sizeof(struct xfrm_kmaddress)) : 0)
2619 + (with_encp ? nla_total_size(sizeof(struct xfrm_encap_tmpl)) : 0)
2620 + nla_total_size(sizeof(struct xfrm_user_migrate) * num_migrate)
2621 + userpolicy_type_attrsize();
2624 static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
2625 int num_migrate, const struct xfrm_kmaddress *k,
2626 const struct xfrm_selector *sel,
2627 const struct xfrm_encap_tmpl *encap, u8 dir, u8 type)
2629 const struct xfrm_migrate *mp;
2630 struct xfrm_userpolicy_id *pol_id;
2631 struct nlmsghdr *nlh;
2634 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MIGRATE, sizeof(*pol_id), 0);
2638 pol_id = nlmsg_data(nlh);
2639 /* copy data from selector, dir, and type to the pol_id */
2640 memset(pol_id, 0, sizeof(*pol_id));
2641 memcpy(&pol_id->sel, sel, sizeof(pol_id->sel));
2645 err = copy_to_user_kmaddress(k, skb);
2650 err = nla_put(skb, XFRMA_ENCAP, sizeof(*encap), encap);
2654 err = copy_to_user_policy_type(type, skb);
2657 for (i = 0, mp = m ; i < num_migrate; i++, mp++) {
2658 err = copy_to_user_migrate(mp, skb);
2663 nlmsg_end(skb, nlh);
2667 nlmsg_cancel(skb, nlh);
2671 static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
2672 const struct xfrm_migrate *m, int num_migrate,
2673 const struct xfrm_kmaddress *k,
2674 const struct xfrm_encap_tmpl *encap)
2676 struct net *net = &init_net;
2677 struct sk_buff *skb;
2680 skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k, !!encap),
2686 err = build_migrate(skb, m, num_migrate, k, sel, encap, dir, type);
2689 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MIGRATE);
2692 static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
2693 const struct xfrm_migrate *m, int num_migrate,
2694 const struct xfrm_kmaddress *k,
2695 const struct xfrm_encap_tmpl *encap)
2697 return -ENOPROTOOPT;
2701 #define XMSGSIZE(type) sizeof(struct type)
2703 const int xfrm_msg_min[XFRM_NR_MSGTYPES] = {
2704 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info),
2705 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id),
2706 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id),
2707 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info),
2708 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
2709 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
2710 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info),
2711 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire),
2712 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire),
2713 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info),
2714 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info),
2715 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire),
2716 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush),
2717 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = 0,
2718 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id),
2719 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id),
2720 [XFRM_MSG_REPORT - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_report),
2721 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
2722 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = sizeof(u32),
2723 [XFRM_MSG_NEWSPDINFO - XFRM_MSG_BASE] = sizeof(u32),
2724 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = sizeof(u32),
2725 [XFRM_MSG_SETDEFAULT - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_default),
2726 [XFRM_MSG_GETDEFAULT - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_default),
2728 EXPORT_SYMBOL_GPL(xfrm_msg_min);
2732 const struct nla_policy xfrma_policy[XFRMA_MAX+1] = {
2733 [XFRMA_SA] = { .len = sizeof(struct xfrm_usersa_info)},
2734 [XFRMA_POLICY] = { .len = sizeof(struct xfrm_userpolicy_info)},
2735 [XFRMA_LASTUSED] = { .type = NLA_U64},
2736 [XFRMA_ALG_AUTH_TRUNC] = { .len = sizeof(struct xfrm_algo_auth)},
2737 [XFRMA_ALG_AEAD] = { .len = sizeof(struct xfrm_algo_aead) },
2738 [XFRMA_ALG_AUTH] = { .len = sizeof(struct xfrm_algo) },
2739 [XFRMA_ALG_CRYPT] = { .len = sizeof(struct xfrm_algo) },
2740 [XFRMA_ALG_COMP] = { .len = sizeof(struct xfrm_algo) },
2741 [XFRMA_ENCAP] = { .len = sizeof(struct xfrm_encap_tmpl) },
2742 [XFRMA_TMPL] = { .len = sizeof(struct xfrm_user_tmpl) },
2743 [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_user_sec_ctx) },
2744 [XFRMA_LTIME_VAL] = { .len = sizeof(struct xfrm_lifetime_cur) },
2745 [XFRMA_REPLAY_VAL] = { .len = sizeof(struct xfrm_replay_state) },
2746 [XFRMA_REPLAY_THRESH] = { .type = NLA_U32 },
2747 [XFRMA_ETIMER_THRESH] = { .type = NLA_U32 },
2748 [XFRMA_SRCADDR] = { .len = sizeof(xfrm_address_t) },
2749 [XFRMA_COADDR] = { .len = sizeof(xfrm_address_t) },
2750 [XFRMA_POLICY_TYPE] = { .len = sizeof(struct xfrm_userpolicy_type)},
2751 [XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) },
2752 [XFRMA_KMADDRESS] = { .len = sizeof(struct xfrm_user_kmaddress) },
2753 [XFRMA_MARK] = { .len = sizeof(struct xfrm_mark) },
2754 [XFRMA_TFCPAD] = { .type = NLA_U32 },
2755 [XFRMA_REPLAY_ESN_VAL] = { .len = sizeof(struct xfrm_replay_state_esn) },
2756 [XFRMA_SA_EXTRA_FLAGS] = { .type = NLA_U32 },
2757 [XFRMA_PROTO] = { .type = NLA_U8 },
2758 [XFRMA_ADDRESS_FILTER] = { .len = sizeof(struct xfrm_address_filter) },
2759 [XFRMA_OFFLOAD_DEV] = { .len = sizeof(struct xfrm_user_offload) },
2760 [XFRMA_SET_MARK] = { .type = NLA_U32 },
2761 [XFRMA_SET_MARK_MASK] = { .type = NLA_U32 },
2762 [XFRMA_IF_ID] = { .type = NLA_U32 },
2763 [XFRMA_MTIMER_THRESH] = { .type = NLA_U32 },
2765 EXPORT_SYMBOL_GPL(xfrma_policy);
2767 static const struct nla_policy xfrma_spd_policy[XFRMA_SPD_MAX+1] = {
2768 [XFRMA_SPD_IPV4_HTHRESH] = { .len = sizeof(struct xfrmu_spdhthresh) },
2769 [XFRMA_SPD_IPV6_HTHRESH] = { .len = sizeof(struct xfrmu_spdhthresh) },
2772 static const struct xfrm_link {
2773 int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **);
2774 int (*start)(struct netlink_callback *);
2775 int (*dump)(struct sk_buff *, struct netlink_callback *);
2776 int (*done)(struct netlink_callback *);
2777 const struct nla_policy *nla_pol;
2779 } xfrm_dispatch[XFRM_NR_MSGTYPES] = {
2780 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa },
2781 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = { .doit = xfrm_del_sa },
2782 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = { .doit = xfrm_get_sa,
2783 .dump = xfrm_dump_sa,
2784 .done = xfrm_dump_sa_done },
2785 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy },
2786 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy },
2787 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy,
2788 .start = xfrm_dump_policy_start,
2789 .dump = xfrm_dump_policy,
2790 .done = xfrm_dump_policy_done },
2791 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi },
2792 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire },
2793 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire },
2794 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy },
2795 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa },
2796 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_pol_expire},
2797 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa },
2798 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy },
2799 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = { .doit = xfrm_new_ae },
2800 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = { .doit = xfrm_get_ae },
2801 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = { .doit = xfrm_do_migrate },
2802 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_sadinfo },
2803 [XFRM_MSG_NEWSPDINFO - XFRM_MSG_BASE] = { .doit = xfrm_set_spdinfo,
2804 .nla_pol = xfrma_spd_policy,
2805 .nla_max = XFRMA_SPD_MAX },
2806 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_spdinfo },
2807 [XFRM_MSG_SETDEFAULT - XFRM_MSG_BASE] = { .doit = xfrm_set_default },
2808 [XFRM_MSG_GETDEFAULT - XFRM_MSG_BASE] = { .doit = xfrm_get_default },
2811 static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
2812 struct netlink_ext_ack *extack)
2814 struct net *net = sock_net(skb->sk);
2815 struct nlattr *attrs[XFRMA_MAX+1];
2816 const struct xfrm_link *link;
2817 struct nlmsghdr *nlh64 = NULL;
2820 type = nlh->nlmsg_type;
2821 if (type > XFRM_MSG_MAX)
2824 type -= XFRM_MSG_BASE;
2825 link = &xfrm_dispatch[type];
2827 /* All operations require privileges, even GET */
2828 if (!netlink_net_capable(skb, CAP_NET_ADMIN))
2831 if (in_compat_syscall()) {
2832 struct xfrm_translator *xtr = xfrm_get_translator();
2837 nlh64 = xtr->rcv_msg_compat(nlh, link->nla_max,
2838 link->nla_pol, extack);
2839 xfrm_put_translator(xtr);
2841 return PTR_ERR(nlh64);
2846 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) ||
2847 type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) &&
2848 (nlh->nlmsg_flags & NLM_F_DUMP)) {
2849 struct netlink_dump_control c = {
2850 .start = link->start,
2855 if (link->dump == NULL) {
2860 err = netlink_dump_start(net->xfrm.nlsk, skb, nlh, &c);
2864 err = nlmsg_parse_deprecated(nlh, xfrm_msg_min[type], attrs,
2865 link->nla_max ? : XFRMA_MAX,
2866 link->nla_pol ? : xfrma_policy, extack);
2870 if (link->doit == NULL) {
2875 err = link->doit(skb, nlh, attrs);
2877 /* We need to free skb allocated in xfrm_alloc_compat() before
2878 * returning from this function, because consume_skb() won't take
2879 * care of frag_list since netlink destructor sets
2880 * sbk->head to NULL. (see netlink_skb_destructor())
2882 if (skb_has_frag_list(skb)) {
2883 kfree_skb(skb_shinfo(skb)->frag_list);
2884 skb_shinfo(skb)->frag_list = NULL;
2892 static void xfrm_netlink_rcv(struct sk_buff *skb)
2894 struct net *net = sock_net(skb->sk);
2896 mutex_lock(&net->xfrm.xfrm_cfg_mutex);
2897 netlink_rcv_skb(skb, &xfrm_user_rcv_msg);
2898 mutex_unlock(&net->xfrm.xfrm_cfg_mutex);
2901 static inline unsigned int xfrm_expire_msgsize(void)
2903 return NLMSG_ALIGN(sizeof(struct xfrm_user_expire))
2904 + nla_total_size(sizeof(struct xfrm_mark));
2907 static int build_expire(struct sk_buff *skb, struct xfrm_state *x, const struct km_event *c)
2909 struct xfrm_user_expire *ue;
2910 struct nlmsghdr *nlh;
2913 nlh = nlmsg_put(skb, c->portid, 0, XFRM_MSG_EXPIRE, sizeof(*ue), 0);
2917 ue = nlmsg_data(nlh);
2918 copy_to_user_state(x, &ue->state);
2919 ue->hard = (c->data.hard != 0) ? 1 : 0;
2920 /* clear the padding bytes */
2921 memset(&ue->hard + 1, 0, sizeof(*ue) - offsetofend(typeof(*ue), hard));
2923 err = xfrm_mark_put(skb, &x->mark);
2927 err = xfrm_if_id_put(skb, x->if_id);
2931 nlmsg_end(skb, nlh);
2935 static int xfrm_exp_state_notify(struct xfrm_state *x, const struct km_event *c)
2937 struct net *net = xs_net(x);
2938 struct sk_buff *skb;
2940 skb = nlmsg_new(xfrm_expire_msgsize(), GFP_ATOMIC);
2944 if (build_expire(skb, x, c) < 0) {
2949 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_EXPIRE);
2952 static int xfrm_aevent_state_notify(struct xfrm_state *x, const struct km_event *c)
2954 struct net *net = xs_net(x);
2955 struct sk_buff *skb;
2958 skb = nlmsg_new(xfrm_aevent_msgsize(x), GFP_ATOMIC);
2962 err = build_aevent(skb, x, c);
2965 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_AEVENTS);
2968 static int xfrm_notify_sa_flush(const struct km_event *c)
2970 struct net *net = c->net;
2971 struct xfrm_usersa_flush *p;
2972 struct nlmsghdr *nlh;
2973 struct sk_buff *skb;
2974 int len = NLMSG_ALIGN(sizeof(struct xfrm_usersa_flush));
2976 skb = nlmsg_new(len, GFP_ATOMIC);
2980 nlh = nlmsg_put(skb, c->portid, c->seq, XFRM_MSG_FLUSHSA, sizeof(*p), 0);
2986 p = nlmsg_data(nlh);
2987 p->proto = c->data.proto;
2989 nlmsg_end(skb, nlh);
2991 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_SA);
2994 static inline unsigned int xfrm_sa_len(struct xfrm_state *x)
2998 l += nla_total_size(aead_len(x->aead));
3000 l += nla_total_size(sizeof(struct xfrm_algo) +
3001 (x->aalg->alg_key_len + 7) / 8);
3002 l += nla_total_size(xfrm_alg_auth_len(x->aalg));
3005 l += nla_total_size(xfrm_alg_len(x->ealg));
3007 l += nla_total_size(sizeof(*x->calg));
3009 l += nla_total_size(sizeof(*x->encap));
3011 l += nla_total_size(sizeof(x->tfcpad));
3013 l += nla_total_size(xfrm_replay_state_esn_len(x->replay_esn));
3015 l += nla_total_size(sizeof(struct xfrm_replay_state));
3017 l += nla_total_size(sizeof(struct xfrm_user_sec_ctx) +
3018 x->security->ctx_len);
3020 l += nla_total_size(sizeof(*x->coaddr));
3021 if (x->props.extra_flags)
3022 l += nla_total_size(sizeof(x->props.extra_flags));
3024 l += nla_total_size(sizeof(struct xfrm_user_offload));
3025 if (x->props.smark.v | x->props.smark.m) {
3026 l += nla_total_size(sizeof(x->props.smark.v));
3027 l += nla_total_size(sizeof(x->props.smark.m));
3030 l += nla_total_size(sizeof(x->if_id));
3032 /* Must count x->lastused as it may become non-zero behind our back. */
3033 l += nla_total_size_64bit(sizeof(u64));
3035 if (x->mapping_maxage)
3036 l += nla_total_size(sizeof(x->mapping_maxage));
3041 static int xfrm_notify_sa(struct xfrm_state *x, const struct km_event *c)
3043 struct net *net = xs_net(x);
3044 struct xfrm_usersa_info *p;
3045 struct xfrm_usersa_id *id;
3046 struct nlmsghdr *nlh;
3047 struct sk_buff *skb;
3048 unsigned int len = xfrm_sa_len(x);
3049 unsigned int headlen;
3052 headlen = sizeof(*p);
3053 if (c->event == XFRM_MSG_DELSA) {
3054 len += nla_total_size(headlen);
3055 headlen = sizeof(*id);
3056 len += nla_total_size(sizeof(struct xfrm_mark));
3058 len += NLMSG_ALIGN(headlen);
3060 skb = nlmsg_new(len, GFP_ATOMIC);
3064 nlh = nlmsg_put(skb, c->portid, c->seq, c->event, headlen, 0);
3069 p = nlmsg_data(nlh);
3070 if (c->event == XFRM_MSG_DELSA) {
3071 struct nlattr *attr;
3073 id = nlmsg_data(nlh);
3074 memset(id, 0, sizeof(*id));
3075 memcpy(&id->daddr, &x->id.daddr, sizeof(id->daddr));
3076 id->spi = x->id.spi;
3077 id->family = x->props.family;
3078 id->proto = x->id.proto;
3080 attr = nla_reserve(skb, XFRMA_SA, sizeof(*p));
3087 err = copy_to_user_state_extra(x, p, skb);
3091 nlmsg_end(skb, nlh);
3093 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_SA);
3100 static int xfrm_send_state_notify(struct xfrm_state *x, const struct km_event *c)
3104 case XFRM_MSG_EXPIRE:
3105 return xfrm_exp_state_notify(x, c);
3106 case XFRM_MSG_NEWAE:
3107 return xfrm_aevent_state_notify(x, c);
3108 case XFRM_MSG_DELSA:
3109 case XFRM_MSG_UPDSA:
3110 case XFRM_MSG_NEWSA:
3111 return xfrm_notify_sa(x, c);
3112 case XFRM_MSG_FLUSHSA:
3113 return xfrm_notify_sa_flush(c);
3115 printk(KERN_NOTICE "xfrm_user: Unknown SA event %d\n",
3124 static inline unsigned int xfrm_acquire_msgsize(struct xfrm_state *x,
3125 struct xfrm_policy *xp)
3127 return NLMSG_ALIGN(sizeof(struct xfrm_user_acquire))
3128 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr)
3129 + nla_total_size(sizeof(struct xfrm_mark))
3130 + nla_total_size(xfrm_user_sec_ctx_size(x->security))
3131 + userpolicy_type_attrsize();
3134 static int build_acquire(struct sk_buff *skb, struct xfrm_state *x,
3135 struct xfrm_tmpl *xt, struct xfrm_policy *xp)
3137 __u32 seq = xfrm_get_acqseq();
3138 struct xfrm_user_acquire *ua;
3139 struct nlmsghdr *nlh;
3142 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_ACQUIRE, sizeof(*ua), 0);
3146 ua = nlmsg_data(nlh);
3147 memcpy(&ua->id, &x->id, sizeof(ua->id));
3148 memcpy(&ua->saddr, &x->props.saddr, sizeof(ua->saddr));
3149 memcpy(&ua->sel, &x->sel, sizeof(ua->sel));
3150 copy_to_user_policy(xp, &ua->policy, XFRM_POLICY_OUT);
3151 ua->aalgos = xt->aalgos;
3152 ua->ealgos = xt->ealgos;
3153 ua->calgos = xt->calgos;
3154 ua->seq = x->km.seq = seq;
3156 err = copy_to_user_tmpl(xp, skb);
3158 err = copy_to_user_state_sec_ctx(x, skb);
3160 err = copy_to_user_policy_type(xp->type, skb);
3162 err = xfrm_mark_put(skb, &xp->mark);
3164 err = xfrm_if_id_put(skb, xp->if_id);
3166 nlmsg_cancel(skb, nlh);
3170 nlmsg_end(skb, nlh);
3174 static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt,
3175 struct xfrm_policy *xp)
3177 struct net *net = xs_net(x);
3178 struct sk_buff *skb;
3181 skb = nlmsg_new(xfrm_acquire_msgsize(x, xp), GFP_ATOMIC);
3185 err = build_acquire(skb, x, xt, xp);
3188 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_ACQUIRE);
3191 /* User gives us xfrm_user_policy_info followed by an array of 0
3192 * or more templates.
3194 static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt,
3195 u8 *data, int len, int *dir)
3197 struct net *net = sock_net(sk);
3198 struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data;
3199 struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1);
3200 struct xfrm_policy *xp;
3203 switch (sk->sk_family) {
3205 if (opt != IP_XFRM_POLICY) {
3210 #if IS_ENABLED(CONFIG_IPV6)
3212 if (opt != IPV6_XFRM_POLICY) {
3225 if (len < sizeof(*p) ||
3226 verify_newpolicy_info(p))
3229 nr = ((len - sizeof(*p)) / sizeof(*ut));
3230 if (validate_tmpl(nr, ut, p->sel.family))
3233 if (p->dir > XFRM_POLICY_OUT)
3236 xp = xfrm_policy_alloc(net, GFP_ATOMIC);
3242 copy_from_user_policy(xp, p);
3243 xp->type = XFRM_POLICY_TYPE_MAIN;
3244 copy_templates(xp, ut, nr);
3251 static inline unsigned int xfrm_polexpire_msgsize(struct xfrm_policy *xp)
3253 return NLMSG_ALIGN(sizeof(struct xfrm_user_polexpire))
3254 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr)
3255 + nla_total_size(xfrm_user_sec_ctx_size(xp->security))
3256 + nla_total_size(sizeof(struct xfrm_mark))
3257 + userpolicy_type_attrsize();
3260 static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp,
3261 int dir, const struct km_event *c)
3263 struct xfrm_user_polexpire *upe;
3264 int hard = c->data.hard;
3265 struct nlmsghdr *nlh;
3268 nlh = nlmsg_put(skb, c->portid, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe), 0);
3272 upe = nlmsg_data(nlh);
3273 copy_to_user_policy(xp, &upe->pol, dir);
3274 err = copy_to_user_tmpl(xp, skb);
3276 err = copy_to_user_sec_ctx(xp, skb);
3278 err = copy_to_user_policy_type(xp->type, skb);
3280 err = xfrm_mark_put(skb, &xp->mark);
3282 err = xfrm_if_id_put(skb, xp->if_id);
3284 nlmsg_cancel(skb, nlh);
3289 nlmsg_end(skb, nlh);
3293 static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
3295 struct net *net = xp_net(xp);
3296 struct sk_buff *skb;
3299 skb = nlmsg_new(xfrm_polexpire_msgsize(xp), GFP_ATOMIC);
3303 err = build_polexpire(skb, xp, dir, c);
3306 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_EXPIRE);
3309 static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, const struct km_event *c)
3311 unsigned int len = nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr);
3312 struct net *net = xp_net(xp);
3313 struct xfrm_userpolicy_info *p;
3314 struct xfrm_userpolicy_id *id;
3315 struct nlmsghdr *nlh;
3316 struct sk_buff *skb;
3317 unsigned int headlen;
3320 headlen = sizeof(*p);
3321 if (c->event == XFRM_MSG_DELPOLICY) {
3322 len += nla_total_size(headlen);
3323 headlen = sizeof(*id);
3325 len += userpolicy_type_attrsize();
3326 len += nla_total_size(sizeof(struct xfrm_mark));
3327 len += NLMSG_ALIGN(headlen);
3329 skb = nlmsg_new(len, GFP_ATOMIC);
3333 nlh = nlmsg_put(skb, c->portid, c->seq, c->event, headlen, 0);
3338 p = nlmsg_data(nlh);
3339 if (c->event == XFRM_MSG_DELPOLICY) {
3340 struct nlattr *attr;
3342 id = nlmsg_data(nlh);
3343 memset(id, 0, sizeof(*id));
3346 id->index = xp->index;
3348 memcpy(&id->sel, &xp->selector, sizeof(id->sel));
3350 attr = nla_reserve(skb, XFRMA_POLICY, sizeof(*p));
3358 copy_to_user_policy(xp, p, dir);
3359 err = copy_to_user_tmpl(xp, skb);
3361 err = copy_to_user_policy_type(xp->type, skb);
3363 err = xfrm_mark_put(skb, &xp->mark);
3365 err = xfrm_if_id_put(skb, xp->if_id);
3369 nlmsg_end(skb, nlh);
3371 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_POLICY);
3378 static int xfrm_notify_policy_flush(const struct km_event *c)
3380 struct net *net = c->net;
3381 struct nlmsghdr *nlh;
3382 struct sk_buff *skb;
3385 skb = nlmsg_new(userpolicy_type_attrsize(), GFP_ATOMIC);
3389 nlh = nlmsg_put(skb, c->portid, c->seq, XFRM_MSG_FLUSHPOLICY, 0, 0);
3393 err = copy_to_user_policy_type(c->data.type, skb);
3397 nlmsg_end(skb, nlh);
3399 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_POLICY);
3406 static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
3410 case XFRM_MSG_NEWPOLICY:
3411 case XFRM_MSG_UPDPOLICY:
3412 case XFRM_MSG_DELPOLICY:
3413 return xfrm_notify_policy(xp, dir, c);
3414 case XFRM_MSG_FLUSHPOLICY:
3415 return xfrm_notify_policy_flush(c);
3416 case XFRM_MSG_POLEXPIRE:
3417 return xfrm_exp_policy_notify(xp, dir, c);
3419 printk(KERN_NOTICE "xfrm_user: Unknown Policy event %d\n",
3427 static inline unsigned int xfrm_report_msgsize(void)
3429 return NLMSG_ALIGN(sizeof(struct xfrm_user_report));
3432 static int build_report(struct sk_buff *skb, u8 proto,
3433 struct xfrm_selector *sel, xfrm_address_t *addr)
3435 struct xfrm_user_report *ur;
3436 struct nlmsghdr *nlh;
3438 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_REPORT, sizeof(*ur), 0);
3442 ur = nlmsg_data(nlh);
3444 memcpy(&ur->sel, sel, sizeof(ur->sel));
3447 int err = nla_put(skb, XFRMA_COADDR, sizeof(*addr), addr);
3449 nlmsg_cancel(skb, nlh);
3453 nlmsg_end(skb, nlh);
3457 static int xfrm_send_report(struct net *net, u8 proto,
3458 struct xfrm_selector *sel, xfrm_address_t *addr)
3460 struct sk_buff *skb;
3463 skb = nlmsg_new(xfrm_report_msgsize(), GFP_ATOMIC);
3467 err = build_report(skb, proto, sel, addr);
3470 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_REPORT);
3473 static inline unsigned int xfrm_mapping_msgsize(void)
3475 return NLMSG_ALIGN(sizeof(struct xfrm_user_mapping));
3478 static int build_mapping(struct sk_buff *skb, struct xfrm_state *x,
3479 xfrm_address_t *new_saddr, __be16 new_sport)
3481 struct xfrm_user_mapping *um;
3482 struct nlmsghdr *nlh;
3484 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MAPPING, sizeof(*um), 0);
3488 um = nlmsg_data(nlh);
3490 memcpy(&um->id.daddr, &x->id.daddr, sizeof(um->id.daddr));
3491 um->id.spi = x->id.spi;
3492 um->id.family = x->props.family;
3493 um->id.proto = x->id.proto;
3494 memcpy(&um->new_saddr, new_saddr, sizeof(um->new_saddr));
3495 memcpy(&um->old_saddr, &x->props.saddr, sizeof(um->old_saddr));
3496 um->new_sport = new_sport;
3497 um->old_sport = x->encap->encap_sport;
3498 um->reqid = x->props.reqid;
3500 nlmsg_end(skb, nlh);
3504 static int xfrm_send_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr,
3507 struct net *net = xs_net(x);
3508 struct sk_buff *skb;
3511 if (x->id.proto != IPPROTO_ESP)
3517 skb = nlmsg_new(xfrm_mapping_msgsize(), GFP_ATOMIC);
3521 err = build_mapping(skb, x, ipaddr, sport);
3524 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MAPPING);
3527 static bool xfrm_is_alive(const struct km_event *c)
3529 return (bool)xfrm_acquire_is_on(c->net);
3532 static struct xfrm_mgr netlink_mgr = {
3533 .notify = xfrm_send_state_notify,
3534 .acquire = xfrm_send_acquire,
3535 .compile_policy = xfrm_compile_policy,
3536 .notify_policy = xfrm_send_policy_notify,
3537 .report = xfrm_send_report,
3538 .migrate = xfrm_send_migrate,
3539 .new_mapping = xfrm_send_mapping,
3540 .is_alive = xfrm_is_alive,
3543 static int __net_init xfrm_user_net_init(struct net *net)
3546 struct netlink_kernel_cfg cfg = {
3547 .groups = XFRMNLGRP_MAX,
3548 .input = xfrm_netlink_rcv,
3551 nlsk = netlink_kernel_create(net, NETLINK_XFRM, &cfg);
3554 net->xfrm.nlsk_stash = nlsk; /* Don't set to NULL */
3555 rcu_assign_pointer(net->xfrm.nlsk, nlsk);
3559 static void __net_exit xfrm_user_net_exit(struct list_head *net_exit_list)
3562 list_for_each_entry(net, net_exit_list, exit_list)
3563 RCU_INIT_POINTER(net->xfrm.nlsk, NULL);
3565 list_for_each_entry(net, net_exit_list, exit_list)
3566 netlink_kernel_release(net->xfrm.nlsk_stash);
3569 static struct pernet_operations xfrm_user_net_ops = {
3570 .init = xfrm_user_net_init,
3571 .exit_batch = xfrm_user_net_exit,
3574 static int __init xfrm_user_init(void)
3578 printk(KERN_INFO "Initializing XFRM netlink socket\n");
3580 rv = register_pernet_subsys(&xfrm_user_net_ops);
3583 rv = xfrm_register_km(&netlink_mgr);
3585 unregister_pernet_subsys(&xfrm_user_net_ops);
3589 static void __exit xfrm_user_exit(void)
3591 xfrm_unregister_km(&netlink_mgr);
3592 unregister_pernet_subsys(&xfrm_user_net_ops);
3595 module_init(xfrm_user_init);
3596 module_exit(xfrm_user_exit);
3597 MODULE_LICENSE("GPL");
3598 MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_XFRM);
projects / releases.git / blob