Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
af_key.c
Go to the documentation of this file.
1 /*
2  * net/key/af_key.c An implementation of PF_KEYv2 sockets.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License
6  * as published by the Free Software Foundation; either version
7  * 2 of the License, or (at your option) any later version.
8  *
9  * Authors: Maxim Giryaev <[email protected]>
10  * David S. Miller <[email protected]>
11  * Alexey Kuznetsov <[email protected]>
12  * Kunihiro Ishiguro <[email protected]>
13  * Kazunori MIYAZAWA / USAGI Project <[email protected]>
14  * Derek Atkins <[email protected]>
15  */
16 
17 #include <linux/capability.h>
18 #include <linux/module.h>
19 #include <linux/kernel.h>
20 #include <linux/socket.h>
21 #include <linux/pfkeyv2.h>
22 #include <linux/ipsec.h>
23 #include <linux/skbuff.h>
24 #include <linux/rtnetlink.h>
25 #include <linux/in.h>
26 #include <linux/in6.h>
27 #include <linux/proc_fs.h>
28 #include <linux/init.h>
29 #include <linux/slab.h>
30 #include <net/net_namespace.h>
31 #include <net/netns/generic.h>
32 #include <net/xfrm.h>
33 
34 #include <net/sock.h>
35 
36 #define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x))
37 #define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x))
38 
39 static int pfkey_net_id __read_mostly;
40 struct netns_pfkey {
41  /* List of all pfkey sockets. */
42  struct hlist_head table;
43  atomic_t socks_nr;
44 };
45 static DEFINE_MUTEX(pfkey_mutex);
46 
47 #define DUMMY_MARK 0
48 static struct xfrm_mark dummy_mark = {0, 0};
49 struct pfkey_sock {
50  /* struct sock must be the first member of struct pfkey_sock */
51  struct sock sk;
52  int registered;
53  int promisc;
54 
55  struct {
56  uint8_t msg_version;
57  uint32_t msg_portid;
58  int (*dump)(struct pfkey_sock *sk);
59  void (*done)(struct pfkey_sock *sk);
60  union {
61  struct xfrm_policy_walk policy;
62  struct xfrm_state_walk state;
63  } u;
64  struct sk_buff *skb;
65  } dump;
66 };
67 
68 static inline struct pfkey_sock *pfkey_sk(struct sock *sk)
69 {
70  return (struct pfkey_sock *)sk;
71 }
72 
73 static int pfkey_can_dump(const struct sock *sk)
74 {
75  if (3 * atomic_read(&sk->sk_rmem_alloc) <= 2 * sk->sk_rcvbuf)
76  return 1;
77  return 0;
78 }
79 
80 static void pfkey_terminate_dump(struct pfkey_sock *pfk)
81 {
82  if (pfk->dump.dump) {
83  if (pfk->dump.skb) {
84  kfree_skb(pfk->dump.skb);
85  pfk->dump.skb = NULL;
86  }
87  pfk->dump.done(pfk);
88  pfk->dump.dump = NULL;
89  pfk->dump.done = NULL;
90  }
91 }
92 
93 static void pfkey_sock_destruct(struct sock *sk)
94 {
95  struct net *net = sock_net(sk);
96  struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
97 
98  pfkey_terminate_dump(pfkey_sk(sk));
99  skb_queue_purge(&sk->sk_receive_queue);
100 
101  if (!sock_flag(sk, SOCK_DEAD)) {
102  pr_err("Attempt to release alive pfkey socket: %p\n", sk);
103  return;
104  }
105 
106  WARN_ON(atomic_read(&sk->sk_rmem_alloc));
107  WARN_ON(atomic_read(&sk->sk_wmem_alloc));
108 
109  atomic_dec(&net_pfkey->socks_nr);
110 }
111 
112 static const struct proto_ops pfkey_ops;
113 
114 static void pfkey_insert(struct sock *sk)
115 {
116  struct net *net = sock_net(sk);
117  struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
118 
119  mutex_lock(&pfkey_mutex);
120  sk_add_node_rcu(sk, &net_pfkey->table);
121  mutex_unlock(&pfkey_mutex);
122 }
123 
124 static void pfkey_remove(struct sock *sk)
125 {
126  mutex_lock(&pfkey_mutex);
127  sk_del_node_init_rcu(sk);
128  mutex_unlock(&pfkey_mutex);
129 }
130 
131 static struct proto key_proto = {
132  .name = "KEY",
133  .owner = THIS_MODULE,
134  .obj_size = sizeof(struct pfkey_sock),
135 };
136 
137 static int pfkey_create(struct net *net, struct socket *sock, int protocol,
138  int kern)
139 {
140  struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
141  struct sock *sk;
142  int err;
143 
144  if (!capable(CAP_NET_ADMIN))
145  return -EPERM;
146  if (sock->type != SOCK_RAW)
147  return -ESOCKTNOSUPPORT;
148  if (protocol != PF_KEY_V2)
149  return -EPROTONOSUPPORT;
150 
151  err = -ENOMEM;
152  sk = sk_alloc(net, PF_KEY, GFP_KERNEL, &key_proto);
153  if (sk == NULL)
154  goto out;
155 
156  sock->ops = &pfkey_ops;
157  sock_init_data(sock, sk);
158 
159  sk->sk_family = PF_KEY;
160  sk->sk_destruct = pfkey_sock_destruct;
161 
162  atomic_inc(&net_pfkey->socks_nr);
163 
164  pfkey_insert(sk);
165 
166  return 0;
167 out:
168  return err;
169 }
170 
171 static int pfkey_release(struct socket *sock)
172 {
173  struct sock *sk = sock->sk;
174 
175  if (!sk)
176  return 0;
177 
178  pfkey_remove(sk);
179 
180  sock_orphan(sk);
181  sock->sk = NULL;
182  skb_queue_purge(&sk->sk_write_queue);
183 
184  synchronize_rcu();
185  sock_put(sk);
186 
187  return 0;
188 }
189 
190 static int pfkey_broadcast_one(struct sk_buff *skb, struct sk_buff **skb2,
191  gfp_t allocation, struct sock *sk)
192 {
193  int err = -ENOBUFS;
194 
195  sock_hold(sk);
196  if (*skb2 == NULL) {
197  if (atomic_read(&skb->users) != 1) {
198  *skb2 = skb_clone(skb, allocation);
199  } else {
200  *skb2 = skb;
201  atomic_inc(&skb->users);
202  }
203  }
204  if (*skb2 != NULL) {
205  if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) {
206  skb_orphan(*skb2);
207  skb_set_owner_r(*skb2, sk);
208  skb_queue_tail(&sk->sk_receive_queue, *skb2);
209  sk->sk_data_ready(sk, (*skb2)->len);
210  *skb2 = NULL;
211  err = 0;
212  }
213  }
214  sock_put(sk);
215  return err;
216 }
217 
218 /* Send SKB to all pfkey sockets matching selected criteria. */
219 #define BROADCAST_ALL 0
220 #define BROADCAST_ONE 1
221 #define BROADCAST_REGISTERED 2
222 #define BROADCAST_PROMISC_ONLY 4
223 static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
224  int broadcast_flags, struct sock *one_sk,
225  struct net *net)
226 {
227  struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
228  struct sock *sk;
229  struct hlist_node *node;
230  struct sk_buff *skb2 = NULL;
231  int err = -ESRCH;
232 
233  /* XXX Do we need something like netlink_overrun? I think
234  * XXX PF_KEY socket apps will not mind current behavior.
235  */
236  if (!skb)
237  return -ENOMEM;
238 
239  rcu_read_lock();
240  sk_for_each_rcu(sk, node, &net_pfkey->table) {
241  struct pfkey_sock *pfk = pfkey_sk(sk);
242  int err2;
243 
244  /* Yes, it means that if you are meant to receive this
245  * pfkey message you receive it twice as promiscuous
246  * socket.
247  */
248  if (pfk->promisc)
249  pfkey_broadcast_one(skb, &skb2, allocation, sk);
250 
251  /* the exact target will be processed later */
252  if (sk == one_sk)
253  continue;
254  if (broadcast_flags != BROADCAST_ALL) {
255  if (broadcast_flags & BROADCAST_PROMISC_ONLY)
256  continue;
257  if ((broadcast_flags & BROADCAST_REGISTERED) &&
258  !pfk->registered)
259  continue;
260  if (broadcast_flags & BROADCAST_ONE)
261  continue;
262  }
263 
264  err2 = pfkey_broadcast_one(skb, &skb2, allocation, sk);
265 
266  /* Error is cleare after succecful sending to at least one
267  * registered KM */
268  if ((broadcast_flags & BROADCAST_REGISTERED) && err)
269  err = err2;
270  }
271  rcu_read_unlock();
272 
273  if (one_sk != NULL)
274  err = pfkey_broadcast_one(skb, &skb2, allocation, one_sk);
275 
276  kfree_skb(skb2);
277  kfree_skb(skb);
278  return err;
279 }
280 
281 static int pfkey_do_dump(struct pfkey_sock *pfk)
282 {
283  struct sadb_msg *hdr;
284  int rc;
285 
286  rc = pfk->dump.dump(pfk);
287  if (rc == -ENOBUFS)
288  return 0;
289 
290  if (pfk->dump.skb) {
291  if (!pfkey_can_dump(&pfk->sk))
292  return 0;
293 
294  hdr = (struct sadb_msg *) pfk->dump.skb->data;
295  hdr->sadb_msg_seq = 0;
296  hdr->sadb_msg_errno = rc;
297  pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
298  &pfk->sk, sock_net(&pfk->sk));
299  pfk->dump.skb = NULL;
300  }
301 
302  pfkey_terminate_dump(pfk);
303  return rc;
304 }
305 
306 static inline void pfkey_hdr_dup(struct sadb_msg *new,
307  const struct sadb_msg *orig)
308 {
309  *new = *orig;
310 }
311 
312 static int pfkey_error(const struct sadb_msg *orig, int err, struct sock *sk)
313 {
314  struct sk_buff *skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_KERNEL);
315  struct sadb_msg *hdr;
316 
317  if (!skb)
318  return -ENOBUFS;
319 
320  /* Woe be to the platform trying to support PFKEY yet
321  * having normal errnos outside the 1-255 range, inclusive.
322  */
323  err = -err;
324  if (err == ERESTARTSYS ||
325  err == ERESTARTNOHAND ||
326  err == ERESTARTNOINTR)
327  err = EINTR;
328  if (err >= 512)
329  err = EINVAL;
330  BUG_ON(err <= 0 || err >= 256);
331 
332  hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
333  pfkey_hdr_dup(hdr, orig);
334  hdr->sadb_msg_errno = (uint8_t) err;
335  hdr->sadb_msg_len = (sizeof(struct sadb_msg) /
336  sizeof(uint64_t));
337 
338  pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ONE, sk, sock_net(sk));
339 
340  return 0;
341 }
342 
343 static u8 sadb_ext_min_len[] = {
344  [SADB_EXT_RESERVED] = (u8) 0,
345  [SADB_EXT_SA] = (u8) sizeof(struct sadb_sa),
346  [SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime),
347  [SADB_EXT_LIFETIME_HARD] = (u8) sizeof(struct sadb_lifetime),
348  [SADB_EXT_LIFETIME_SOFT] = (u8) sizeof(struct sadb_lifetime),
349  [SADB_EXT_ADDRESS_SRC] = (u8) sizeof(struct sadb_address),
350  [SADB_EXT_ADDRESS_DST] = (u8) sizeof(struct sadb_address),
351  [SADB_EXT_ADDRESS_PROXY] = (u8) sizeof(struct sadb_address),
352  [SADB_EXT_KEY_AUTH] = (u8) sizeof(struct sadb_key),
353  [SADB_EXT_KEY_ENCRYPT] = (u8) sizeof(struct sadb_key),
354  [SADB_EXT_IDENTITY_SRC] = (u8) sizeof(struct sadb_ident),
355  [SADB_EXT_IDENTITY_DST] = (u8) sizeof(struct sadb_ident),
356  [SADB_EXT_SENSITIVITY] = (u8) sizeof(struct sadb_sens),
357  [SADB_EXT_PROPOSAL] = (u8) sizeof(struct sadb_prop),
358  [SADB_EXT_SUPPORTED_AUTH] = (u8) sizeof(struct sadb_supported),
359  [SADB_EXT_SUPPORTED_ENCRYPT] = (u8) sizeof(struct sadb_supported),
360  [SADB_EXT_SPIRANGE] = (u8) sizeof(struct sadb_spirange),
361  [SADB_X_EXT_KMPRIVATE] = (u8) sizeof(struct sadb_x_kmprivate),
362  [SADB_X_EXT_POLICY] = (u8) sizeof(struct sadb_x_policy),
363  [SADB_X_EXT_SA2] = (u8) sizeof(struct sadb_x_sa2),
364  [SADB_X_EXT_NAT_T_TYPE] = (u8) sizeof(struct sadb_x_nat_t_type),
365  [SADB_X_EXT_NAT_T_SPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
366  [SADB_X_EXT_NAT_T_DPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
367  [SADB_X_EXT_NAT_T_OA] = (u8) sizeof(struct sadb_address),
368  [SADB_X_EXT_SEC_CTX] = (u8) sizeof(struct sadb_x_sec_ctx),
369  [SADB_X_EXT_KMADDRESS] = (u8) sizeof(struct sadb_x_kmaddress),
370 };
371 
372 /* Verify sadb_address_{len,prefixlen} against sa_family. */
373 static int verify_address_len(const void *p)
374 {
375  const struct sadb_address *sp = p;
376  const struct sockaddr *addr = (const struct sockaddr *)(sp + 1);
377  const struct sockaddr_in *sin;
378 #if IS_ENABLED(CONFIG_IPV6)
379  const struct sockaddr_in6 *sin6;
380 #endif
381  int len;
382 
383  switch (addr->sa_family) {
384  case AF_INET:
385  len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin), sizeof(uint64_t));
386  if (sp->sadb_address_len != len ||
387  sp->sadb_address_prefixlen > 32)
388  return -EINVAL;
389  break;
390 #if IS_ENABLED(CONFIG_IPV6)
391  case AF_INET6:
392  len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin6), sizeof(uint64_t));
393  if (sp->sadb_address_len != len ||
394  sp->sadb_address_prefixlen > 128)
395  return -EINVAL;
396  break;
397 #endif
398  default:
399  /* It is user using kernel to keep track of security
400  * associations for another protocol, such as
401  * OSPF/RSVP/RIPV2/MIP. It is user's job to verify
402  * lengths.
403  *
404  * XXX Actually, association/policy database is not yet
405  * XXX able to cope with arbitrary sockaddr families.
406  * XXX When it can, remove this -EINVAL. -DaveM
407  */
408  return -EINVAL;
409  break;
410  }
411 
412  return 0;
413 }
414 
415 static inline int pfkey_sec_ctx_len(const struct sadb_x_sec_ctx *sec_ctx)
416 {
417  return DIV_ROUND_UP(sizeof(struct sadb_x_sec_ctx) +
418  sec_ctx->sadb_x_ctx_len,
419  sizeof(uint64_t));
420 }
421 
422 static inline int verify_sec_ctx_len(const void *p)
423 {
424  const struct sadb_x_sec_ctx *sec_ctx = p;
425  int len = sec_ctx->sadb_x_ctx_len;
426 
427  if (len > PAGE_SIZE)
428  return -EINVAL;
429 
430  len = pfkey_sec_ctx_len(sec_ctx);
431 
432  if (sec_ctx->sadb_x_sec_len != len)
433  return -EINVAL;
434 
435  return 0;
436 }
437 
438 static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(const struct sadb_x_sec_ctx *sec_ctx)
439 {
440  struct xfrm_user_sec_ctx *uctx = NULL;
441  int ctx_size = sec_ctx->sadb_x_ctx_len;
442 
443  uctx = kmalloc((sizeof(*uctx)+ctx_size), GFP_KERNEL);
444 
445  if (!uctx)
446  return NULL;
447 
448  uctx->len = pfkey_sec_ctx_len(sec_ctx);
449  uctx->exttype = sec_ctx->sadb_x_sec_exttype;
450  uctx->ctx_doi = sec_ctx->sadb_x_ctx_doi;
451  uctx->ctx_alg = sec_ctx->sadb_x_ctx_alg;
452  uctx->ctx_len = sec_ctx->sadb_x_ctx_len;
453  memcpy(uctx + 1, sec_ctx + 1,
454  uctx->ctx_len);
455 
456  return uctx;
457 }
458 
459 static int present_and_same_family(const struct sadb_address *src,
460  const struct sadb_address *dst)
461 {
462  const struct sockaddr *s_addr, *d_addr;
463 
464  if (!src || !dst)
465  return 0;
466 
467  s_addr = (const struct sockaddr *)(src + 1);
468  d_addr = (const struct sockaddr *)(dst + 1);
469  if (s_addr->sa_family != d_addr->sa_family)
470  return 0;
471  if (s_addr->sa_family != AF_INET
472 #if IS_ENABLED(CONFIG_IPV6)
473  && s_addr->sa_family != AF_INET6
474 #endif
475  )
476  return 0;
477 
478  return 1;
479 }
480 
481 static int parse_exthdrs(struct sk_buff *skb, const struct sadb_msg *hdr, void **ext_hdrs)
482 {
483  const char *p = (char *) hdr;
484  int len = skb->len;
485 
486  len -= sizeof(*hdr);
487  p += sizeof(*hdr);
488  while (len > 0) {
489  const struct sadb_ext *ehdr = (const struct sadb_ext *) p;
490  uint16_t ext_type;
491  int ext_len;
492 
493  ext_len = ehdr->sadb_ext_len;
494  ext_len *= sizeof(uint64_t);
495  ext_type = ehdr->sadb_ext_type;
496  if (ext_len < sizeof(uint64_t) ||
497  ext_len > len ||
498  ext_type == SADB_EXT_RESERVED)
499  return -EINVAL;
500 
501  if (ext_type <= SADB_EXT_MAX) {
502  int min = (int) sadb_ext_min_len[ext_type];
503  if (ext_len < min)
504  return -EINVAL;
505  if (ext_hdrs[ext_type-1] != NULL)
506  return -EINVAL;
507  if (ext_type == SADB_EXT_ADDRESS_SRC ||
508  ext_type == SADB_EXT_ADDRESS_DST ||
509  ext_type == SADB_EXT_ADDRESS_PROXY ||
510  ext_type == SADB_X_EXT_NAT_T_OA) {
511  if (verify_address_len(p))
512  return -EINVAL;
513  }
514  if (ext_type == SADB_X_EXT_SEC_CTX) {
515  if (verify_sec_ctx_len(p))
516  return -EINVAL;
517  }
518  ext_hdrs[ext_type-1] = (void *) p;
519  }
520  p += ext_len;
521  len -= ext_len;
522  }
523 
524  return 0;
525 }
526 
527 static uint16_t
528 pfkey_satype2proto(uint8_t satype)
529 {
530  switch (satype) {
531  case SADB_SATYPE_UNSPEC:
532  return IPSEC_PROTO_ANY;
533  case SADB_SATYPE_AH:
534  return IPPROTO_AH;
535  case SADB_SATYPE_ESP:
536  return IPPROTO_ESP;
537  case SADB_X_SATYPE_IPCOMP:
538  return IPPROTO_COMP;
539  break;
540  default:
541  return 0;
542  }
543  /* NOTREACHED */
544 }
545 
546 static uint8_t
547 pfkey_proto2satype(uint16_t proto)
548 {
549  switch (proto) {
550  case IPPROTO_AH:
551  return SADB_SATYPE_AH;
552  case IPPROTO_ESP:
553  return SADB_SATYPE_ESP;
554  case IPPROTO_COMP:
555  return SADB_X_SATYPE_IPCOMP;
556  break;
557  default:
558  return 0;
559  }
560  /* NOTREACHED */
561 }
562 
563 /* BTW, this scheme means that there is no way with PFKEY2 sockets to
564  * say specifically 'just raw sockets' as we encode them as 255.
565  */
566 
567 static uint8_t pfkey_proto_to_xfrm(uint8_t proto)
568 {
569  return proto == IPSEC_PROTO_ANY ? 0 : proto;
570 }
571 
572 static uint8_t pfkey_proto_from_xfrm(uint8_t proto)
573 {
574  return proto ? proto : IPSEC_PROTO_ANY;
575 }
576 
577 static inline int pfkey_sockaddr_len(sa_family_t family)
578 {
579  switch (family) {
580  case AF_INET:
581  return sizeof(struct sockaddr_in);
582 #if IS_ENABLED(CONFIG_IPV6)
583  case AF_INET6:
584  return sizeof(struct sockaddr_in6);
585 #endif
586  }
587  return 0;
588 }
589 
590 static
591 int pfkey_sockaddr_extract(const struct sockaddr *sa, xfrm_address_t *xaddr)
592 {
593  switch (sa->sa_family) {
594  case AF_INET:
595  xaddr->a4 =
596  ((struct sockaddr_in *)sa)->sin_addr.s_addr;
597  return AF_INET;
598 #if IS_ENABLED(CONFIG_IPV6)
599  case AF_INET6:
600  memcpy(xaddr->a6,
601  &((struct sockaddr_in6 *)sa)->sin6_addr,
602  sizeof(struct in6_addr));
603  return AF_INET6;
604 #endif
605  }
606  return 0;
607 }
608 
609 static
610 int pfkey_sadb_addr2xfrm_addr(const struct sadb_address *addr, xfrm_address_t *xaddr)
611 {
612  return pfkey_sockaddr_extract((struct sockaddr *)(addr + 1),
613  xaddr);
614 }
615 
616 static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, const struct sadb_msg *hdr, void * const *ext_hdrs)
617 {
618  const struct sadb_sa *sa;
619  const struct sadb_address *addr;
620  uint16_t proto;
621  unsigned short family;
622  xfrm_address_t *xaddr;
623 
624  sa = ext_hdrs[SADB_EXT_SA - 1];
625  if (sa == NULL)
626  return NULL;
627 
628  proto = pfkey_satype2proto(hdr->sadb_msg_satype);
629  if (proto == 0)
630  return NULL;
631 
632  /* sadb_address_len should be checked by caller */
633  addr = ext_hdrs[SADB_EXT_ADDRESS_DST - 1];
634  if (addr == NULL)
635  return NULL;
636 
637  family = ((const struct sockaddr *)(addr + 1))->sa_family;
638  switch (family) {
639  case AF_INET:
640  xaddr = (xfrm_address_t *)&((const struct sockaddr_in *)(addr + 1))->sin_addr;
641  break;
642 #if IS_ENABLED(CONFIG_IPV6)
643  case AF_INET6:
644  xaddr = (xfrm_address_t *)&((const struct sockaddr_in6 *)(addr + 1))->sin6_addr;
645  break;
646 #endif
647  default:
648  xaddr = NULL;
649  }
650 
651  if (!xaddr)
652  return NULL;
653 
654  return xfrm_state_lookup(net, DUMMY_MARK, xaddr, sa->sadb_sa_spi, proto, family);
655 }
656 
657 #define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
658 
659 static int
660 pfkey_sockaddr_size(sa_family_t family)
661 {
662  return PFKEY_ALIGN8(pfkey_sockaddr_len(family));
663 }
664 
665 static inline int pfkey_mode_from_xfrm(int mode)
666 {
667  switch(mode) {
668  case XFRM_MODE_TRANSPORT:
669  return IPSEC_MODE_TRANSPORT;
670  case XFRM_MODE_TUNNEL:
671  return IPSEC_MODE_TUNNEL;
672  case XFRM_MODE_BEET:
673  return IPSEC_MODE_BEET;
674  default:
675  return -1;
676  }
677 }
678 
679 static inline int pfkey_mode_to_xfrm(int mode)
680 {
681  switch(mode) {
682  case IPSEC_MODE_ANY: /*XXX*/
683  case IPSEC_MODE_TRANSPORT:
684  return XFRM_MODE_TRANSPORT;
685  case IPSEC_MODE_TUNNEL:
686  return XFRM_MODE_TUNNEL;
687  case IPSEC_MODE_BEET:
688  return XFRM_MODE_BEET;
689  default:
690  return -1;
691  }
692 }
693 
694 static unsigned int pfkey_sockaddr_fill(const xfrm_address_t *xaddr, __be16 port,
695  struct sockaddr *sa,
696  unsigned short family)
697 {
698  switch (family) {
699  case AF_INET:
700  {
701  struct sockaddr_in *sin = (struct sockaddr_in *)sa;
702  sin->sin_family = AF_INET;
703  sin->sin_port = port;
704  sin->sin_addr.s_addr = xaddr->a4;
705  memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
706  return 32;
707  }
708 #if IS_ENABLED(CONFIG_IPV6)
709  case AF_INET6:
710  {
711  struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
712  sin6->sin6_family = AF_INET6;
713  sin6->sin6_port = port;
714  sin6->sin6_flowinfo = 0;
715  sin6->sin6_addr = *(struct in6_addr *)xaddr->a6;
716  sin6->sin6_scope_id = 0;
717  return 128;
718  }
719 #endif
720  }
721  return 0;
722 }
723 
724 static struct sk_buff *__pfkey_xfrm_state2msg(const struct xfrm_state *x,
725  int add_keys, int hsc)
726 {
727  struct sk_buff *skb;
728  struct sadb_msg *hdr;
729  struct sadb_sa *sa;
730  struct sadb_lifetime *lifetime;
731  struct sadb_address *addr;
732  struct sadb_key *key;
733  struct sadb_x_sa2 *sa2;
734  struct sadb_x_sec_ctx *sec_ctx;
735  struct xfrm_sec_ctx *xfrm_ctx;
736  int ctx_size = 0;
737  int size;
738  int auth_key_size = 0;
739  int encrypt_key_size = 0;
740  int sockaddr_size;
741  struct xfrm_encap_tmpl *natt = NULL;
742  int mode;
743 
744  /* address family check */
745  sockaddr_size = pfkey_sockaddr_size(x->props.family);
746  if (!sockaddr_size)
747  return ERR_PTR(-EINVAL);
748 
749  /* base, SA, (lifetime (HSC),) address(SD), (address(P),)
750  key(AE), (identity(SD),) (sensitivity)> */
751  size = sizeof(struct sadb_msg) +sizeof(struct sadb_sa) +
752  sizeof(struct sadb_lifetime) +
753  ((hsc & 1) ? sizeof(struct sadb_lifetime) : 0) +
754  ((hsc & 2) ? sizeof(struct sadb_lifetime) : 0) +
755  sizeof(struct sadb_address)*2 +
756  sockaddr_size*2 +
757  sizeof(struct sadb_x_sa2);
758 
759  if ((xfrm_ctx = x->security)) {
760  ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
761  size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
762  }
763 
764  /* identity & sensitivity */
765  if (xfrm_addr_cmp(&x->sel.saddr, &x->props.saddr, x->props.family))
766  size += sizeof(struct sadb_address) + sockaddr_size;
767 
768  if (add_keys) {
769  if (x->aalg && x->aalg->alg_key_len) {
770  auth_key_size =
771  PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8);
772  size += sizeof(struct sadb_key) + auth_key_size;
773  }
774  if (x->ealg && x->ealg->alg_key_len) {
775  encrypt_key_size =
776  PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8);
777  size += sizeof(struct sadb_key) + encrypt_key_size;
778  }
779  }
780  if (x->encap)
781  natt = x->encap;
782 
783  if (natt && natt->encap_type) {
784  size += sizeof(struct sadb_x_nat_t_type);
785  size += sizeof(struct sadb_x_nat_t_port);
786  size += sizeof(struct sadb_x_nat_t_port);
787  }
788 
789  skb = alloc_skb(size + 16, GFP_ATOMIC);
790  if (skb == NULL)
791  return ERR_PTR(-ENOBUFS);
792 
793  /* call should fill header later */
794  hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
795  memset(hdr, 0, size); /* XXX do we need this ? */
796  hdr->sadb_msg_len = size / sizeof(uint64_t);
797 
798  /* sa */
799  sa = (struct sadb_sa *) skb_put(skb, sizeof(struct sadb_sa));
800  sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
801  sa->sadb_sa_exttype = SADB_EXT_SA;
802  sa->sadb_sa_spi = x->id.spi;
803  sa->sadb_sa_replay = x->props.replay_window;
804  switch (x->km.state) {
805  case XFRM_STATE_VALID:
806  sa->sadb_sa_state = x->km.dying ?
807  SADB_SASTATE_DYING : SADB_SASTATE_MATURE;
808  break;
809  case XFRM_STATE_ACQ:
810  sa->sadb_sa_state = SADB_SASTATE_LARVAL;
811  break;
812  default:
813  sa->sadb_sa_state = SADB_SASTATE_DEAD;
814  break;
815  }
816  sa->sadb_sa_auth = 0;
817  if (x->aalg) {
818  struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
819  sa->sadb_sa_auth = a ? a->desc.sadb_alg_id : 0;
820  }
821  sa->sadb_sa_encrypt = 0;
822  BUG_ON(x->ealg && x->calg);
823  if (x->ealg) {
824  struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0);
825  sa->sadb_sa_encrypt = a ? a->desc.sadb_alg_id : 0;
826  }
827  /* KAME compatible: sadb_sa_encrypt is overloaded with calg id */
828  if (x->calg) {
829  struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0);
830  sa->sadb_sa_encrypt = a ? a->desc.sadb_alg_id : 0;
831  }
832 
833  sa->sadb_sa_flags = 0;
834  if (x->props.flags & XFRM_STATE_NOECN)
835  sa->sadb_sa_flags |= SADB_SAFLAGS_NOECN;
836  if (x->props.flags & XFRM_STATE_DECAP_DSCP)
837  sa->sadb_sa_flags |= SADB_SAFLAGS_DECAP_DSCP;
838  if (x->props.flags & XFRM_STATE_NOPMTUDISC)
839  sa->sadb_sa_flags |= SADB_SAFLAGS_NOPMTUDISC;
840 
841  /* hard time */
842  if (hsc & 2) {
843  lifetime = (struct sadb_lifetime *) skb_put(skb,
844  sizeof(struct sadb_lifetime));
845  lifetime->sadb_lifetime_len =
846  sizeof(struct sadb_lifetime)/sizeof(uint64_t);
847  lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
848  lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.hard_packet_limit);
849  lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.hard_byte_limit);
850  lifetime->sadb_lifetime_addtime = x->lft.hard_add_expires_seconds;
851  lifetime->sadb_lifetime_usetime = x->lft.hard_use_expires_seconds;
852  }
853  /* soft time */
854  if (hsc & 1) {
855  lifetime = (struct sadb_lifetime *) skb_put(skb,
856  sizeof(struct sadb_lifetime));
857  lifetime->sadb_lifetime_len =
858  sizeof(struct sadb_lifetime)/sizeof(uint64_t);
859  lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
860  lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.soft_packet_limit);
861  lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.soft_byte_limit);
862  lifetime->sadb_lifetime_addtime = x->lft.soft_add_expires_seconds;
863  lifetime->sadb_lifetime_usetime = x->lft.soft_use_expires_seconds;
864  }
865  /* current time */
866  lifetime = (struct sadb_lifetime *) skb_put(skb,
867  sizeof(struct sadb_lifetime));
868  lifetime->sadb_lifetime_len =
869  sizeof(struct sadb_lifetime)/sizeof(uint64_t);
870  lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
871  lifetime->sadb_lifetime_allocations = x->curlft.packets;
872  lifetime->sadb_lifetime_bytes = x->curlft.bytes;
873  lifetime->sadb_lifetime_addtime = x->curlft.add_time;
874  lifetime->sadb_lifetime_usetime = x->curlft.use_time;
875  /* src address */
876  addr = (struct sadb_address*) skb_put(skb,
877  sizeof(struct sadb_address)+sockaddr_size);
878  addr->sadb_address_len =
879  (sizeof(struct sadb_address)+sockaddr_size)/
880  sizeof(uint64_t);
881  addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
882  /* "if the ports are non-zero, then the sadb_address_proto field,
883  normally zero, MUST be filled in with the transport
884  protocol's number." - RFC2367 */
885  addr->sadb_address_proto = 0;
886  addr->sadb_address_reserved = 0;
887 
888  addr->sadb_address_prefixlen =
889  pfkey_sockaddr_fill(&x->props.saddr, 0,
890  (struct sockaddr *) (addr + 1),
891  x->props.family);
892  if (!addr->sadb_address_prefixlen)
893  BUG();
894 
895  /* dst address */
896  addr = (struct sadb_address*) skb_put(skb,
897  sizeof(struct sadb_address)+sockaddr_size);
898  addr->sadb_address_len =
899  (sizeof(struct sadb_address)+sockaddr_size)/
900  sizeof(uint64_t);
901  addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
902  addr->sadb_address_proto = 0;
903  addr->sadb_address_reserved = 0;
904 
905  addr->sadb_address_prefixlen =
906  pfkey_sockaddr_fill(&x->id.daddr, 0,
907  (struct sockaddr *) (addr + 1),
908  x->props.family);
909  if (!addr->sadb_address_prefixlen)
910  BUG();
911 
912  if (xfrm_addr_cmp(&x->sel.saddr, &x->props.saddr,
913  x->props.family)) {
914  addr = (struct sadb_address*) skb_put(skb,
915  sizeof(struct sadb_address)+sockaddr_size);
916  addr->sadb_address_len =
917  (sizeof(struct sadb_address)+sockaddr_size)/
918  sizeof(uint64_t);
919  addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;
920  addr->sadb_address_proto =
921  pfkey_proto_from_xfrm(x->sel.proto);
922  addr->sadb_address_prefixlen = x->sel.prefixlen_s;
923  addr->sadb_address_reserved = 0;
924 
925  pfkey_sockaddr_fill(&x->sel.saddr, x->sel.sport,
926  (struct sockaddr *) (addr + 1),
927  x->props.family);
928  }
929 
930  /* auth key */
931  if (add_keys && auth_key_size) {
932  key = (struct sadb_key *) skb_put(skb,
933  sizeof(struct sadb_key)+auth_key_size);
934  key->sadb_key_len = (sizeof(struct sadb_key) + auth_key_size) /
935  sizeof(uint64_t);
936  key->sadb_key_exttype = SADB_EXT_KEY_AUTH;
937  key->sadb_key_bits = x->aalg->alg_key_len;
938  key->sadb_key_reserved = 0;
939  memcpy(key + 1, x->aalg->alg_key, (x->aalg->alg_key_len+7)/8);
940  }
941  /* encrypt key */
942  if (add_keys && encrypt_key_size) {
943  key = (struct sadb_key *) skb_put(skb,
944  sizeof(struct sadb_key)+encrypt_key_size);
945  key->sadb_key_len = (sizeof(struct sadb_key) +
946  encrypt_key_size) / sizeof(uint64_t);
947  key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
948  key->sadb_key_bits = x->ealg->alg_key_len;
949  key->sadb_key_reserved = 0;
950  memcpy(key + 1, x->ealg->alg_key,
951  (x->ealg->alg_key_len+7)/8);
952  }
953 
954  /* sa */
955  sa2 = (struct sadb_x_sa2 *) skb_put(skb, sizeof(struct sadb_x_sa2));
956  sa2->sadb_x_sa2_len = sizeof(struct sadb_x_sa2)/sizeof(uint64_t);
957  sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
958  if ((mode = pfkey_mode_from_xfrm(x->props.mode)) < 0) {
959  kfree_skb(skb);
960  return ERR_PTR(-EINVAL);
961  }
962  sa2->sadb_x_sa2_mode = mode;
963  sa2->sadb_x_sa2_reserved1 = 0;
964  sa2->sadb_x_sa2_reserved2 = 0;
965  sa2->sadb_x_sa2_sequence = 0;
966  sa2->sadb_x_sa2_reqid = x->props.reqid;
967 
968  if (natt && natt->encap_type) {
969  struct sadb_x_nat_t_type *n_type;
970  struct sadb_x_nat_t_port *n_port;
971 
972  /* type */
973  n_type = (struct sadb_x_nat_t_type*) skb_put(skb, sizeof(*n_type));
974  n_type->sadb_x_nat_t_type_len = sizeof(*n_type)/sizeof(uint64_t);
975  n_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
976  n_type->sadb_x_nat_t_type_type = natt->encap_type;
977  n_type->sadb_x_nat_t_type_reserved[0] = 0;
978  n_type->sadb_x_nat_t_type_reserved[1] = 0;
979  n_type->sadb_x_nat_t_type_reserved[2] = 0;
980 
981  /* source port */
982  n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port));
983  n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
984  n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
985  n_port->sadb_x_nat_t_port_port = natt->encap_sport;
986  n_port->sadb_x_nat_t_port_reserved = 0;
987 
988  /* dest port */
989  n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port));
990  n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
991  n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
992  n_port->sadb_x_nat_t_port_port = natt->encap_dport;
993  n_port->sadb_x_nat_t_port_reserved = 0;
994  }
995 
996  /* security context */
997  if (xfrm_ctx) {
998  sec_ctx = (struct sadb_x_sec_ctx *) skb_put(skb,
999  sizeof(struct sadb_x_sec_ctx) + ctx_size);
1000  sec_ctx->sadb_x_sec_len =
1001  (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
1002  sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
1003  sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
1004  sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
1005  sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
1006  memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
1007  xfrm_ctx->ctx_len);
1008  }
1009 
1010  return skb;
1011 }
1012 
1013 
1014 static inline struct sk_buff *pfkey_xfrm_state2msg(const struct xfrm_state *x)
1015 {
1016  struct sk_buff *skb;
1017 
1018  skb = __pfkey_xfrm_state2msg(x, 1, 3);
1019 
1020  return skb;
1021 }
1022 
1023 static inline struct sk_buff *pfkey_xfrm_state2msg_expire(const struct xfrm_state *x,
1024  int hsc)
1025 {
1026  return __pfkey_xfrm_state2msg(x, 0, hsc);
1027 }
1028 
1029 static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1030  const struct sadb_msg *hdr,
1031  void * const *ext_hdrs)
1032 {
1033  struct xfrm_state *x;
1034  const struct sadb_lifetime *lifetime;
1035  const struct sadb_sa *sa;
1036  const struct sadb_key *key;
1037  const struct sadb_x_sec_ctx *sec_ctx;
1038  uint16_t proto;
1039  int err;
1040 
1041 
1042  sa = ext_hdrs[SADB_EXT_SA - 1];
1043  if (!sa ||
1044  !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1045  ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1046  return ERR_PTR(-EINVAL);
1047  if (hdr->sadb_msg_satype == SADB_SATYPE_ESP &&
1048  !ext_hdrs[SADB_EXT_KEY_ENCRYPT-1])
1049  return ERR_PTR(-EINVAL);
1050  if (hdr->sadb_msg_satype == SADB_SATYPE_AH &&
1051  !ext_hdrs[SADB_EXT_KEY_AUTH-1])
1052  return ERR_PTR(-EINVAL);
1053  if (!!ext_hdrs[SADB_EXT_LIFETIME_HARD-1] !=
1054  !!ext_hdrs[SADB_EXT_LIFETIME_SOFT-1])
1055  return ERR_PTR(-EINVAL);
1056 
1057  proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1058  if (proto == 0)
1059  return ERR_PTR(-EINVAL);
1060 
1061  /* default error is no buffer space */
1062  err = -ENOBUFS;
1063 
1064  /* RFC2367:
1065 
1066  Only SADB_SASTATE_MATURE SAs may be submitted in an SADB_ADD message.
1067  SADB_SASTATE_LARVAL SAs are created by SADB_GETSPI and it is not
1068  sensible to add a new SA in the DYING or SADB_SASTATE_DEAD state.
1069  Therefore, the sadb_sa_state field of all submitted SAs MUST be
1070  SADB_SASTATE_MATURE and the kernel MUST return an error if this is
1071  not true.
1072 
1073  However, KAME setkey always uses SADB_SASTATE_LARVAL.
1074  Hence, we have to _ignore_ sadb_sa_state, which is also reasonable.
1075  */
1076  if (sa->sadb_sa_auth > SADB_AALG_MAX ||
1077  (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP &&
1078  sa->sadb_sa_encrypt > SADB_X_CALG_MAX) ||
1079  sa->sadb_sa_encrypt > SADB_EALG_MAX)
1080  return ERR_PTR(-EINVAL);
1081  key = ext_hdrs[SADB_EXT_KEY_AUTH - 1];
1082  if (key != NULL &&
1083  sa->sadb_sa_auth != SADB_X_AALG_NULL &&
1084  ((key->sadb_key_bits+7) / 8 == 0 ||
1085  (key->sadb_key_bits+7) / 8 > key->sadb_key_len * sizeof(uint64_t)))
1086  return ERR_PTR(-EINVAL);
1087  key = ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
1088  if (key != NULL &&
1089  sa->sadb_sa_encrypt != SADB_EALG_NULL &&
1090  ((key->sadb_key_bits+7) / 8 == 0 ||
1091  (key->sadb_key_bits+7) / 8 > key->sadb_key_len * sizeof(uint64_t)))
1092  return ERR_PTR(-EINVAL);
1093 
1094  x = xfrm_state_alloc(net);
1095  if (x == NULL)
1096  return ERR_PTR(-ENOBUFS);
1097 
1098  x->id.proto = proto;
1099  x->id.spi = sa->sadb_sa_spi;
1100  x->props.replay_window = sa->sadb_sa_replay;
1101  if (sa->sadb_sa_flags & SADB_SAFLAGS_NOECN)
1102  x->props.flags |= XFRM_STATE_NOECN;
1103  if (sa->sadb_sa_flags & SADB_SAFLAGS_DECAP_DSCP)
1104  x->props.flags |= XFRM_STATE_DECAP_DSCP;
1105  if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC)
1106  x->props.flags |= XFRM_STATE_NOPMTUDISC;
1107 
1108  lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD - 1];
1109  if (lifetime != NULL) {
1110  x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1111  x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1112  x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1113  x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1114  }
1115  lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT - 1];
1116  if (lifetime != NULL) {
1117  x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1118  x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1119  x->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1120  x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1121  }
1122 
1123  sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
1124  if (sec_ctx != NULL) {
1125  struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
1126 
1127  if (!uctx)
1128  goto out;
1129 
1130  err = security_xfrm_state_alloc(x, uctx);
1131  kfree(uctx);
1132 
1133  if (err)
1134  goto out;
1135  }
1136 
1137  key = ext_hdrs[SADB_EXT_KEY_AUTH - 1];
1138  if (sa->sadb_sa_auth) {
1139  int keysize = 0;
1140  struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth);
1141  if (!a) {
1142  err = -ENOSYS;
1143  goto out;
1144  }
1145  if (key)
1146  keysize = (key->sadb_key_bits + 7) / 8;
1147  x->aalg = kmalloc(sizeof(*x->aalg) + keysize, GFP_KERNEL);
1148  if (!x->aalg)
1149  goto out;
1150  strcpy(x->aalg->alg_name, a->name);
1151  x->aalg->alg_key_len = 0;
1152  if (key) {
1153  x->aalg->alg_key_len = key->sadb_key_bits;
1154  memcpy(x->aalg->alg_key, key+1, keysize);
1155  }
1156  x->aalg->alg_trunc_len = a->uinfo.auth.icv_truncbits;
1157  x->props.aalgo = sa->sadb_sa_auth;
1158  /* x->algo.flags = sa->sadb_sa_flags; */
1159  }
1160  if (sa->sadb_sa_encrypt) {
1161  if (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
1162  struct xfrm_algo_desc *a = xfrm_calg_get_byid(sa->sadb_sa_encrypt);
1163  if (!a) {
1164  err = -ENOSYS;
1165  goto out;
1166  }
1167  x->calg = kmalloc(sizeof(*x->calg), GFP_KERNEL);
1168  if (!x->calg)
1169  goto out;
1170  strcpy(x->calg->alg_name, a->name);
1171  x->props.calgo = sa->sadb_sa_encrypt;
1172  } else {
1173  int keysize = 0;
1174  struct xfrm_algo_desc *a = xfrm_ealg_get_byid(sa->sadb_sa_encrypt);
1175  if (!a) {
1176  err = -ENOSYS;
1177  goto out;
1178  }
1179  key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
1180  if (key)
1181  keysize = (key->sadb_key_bits + 7) / 8;
1182  x->ealg = kmalloc(sizeof(*x->ealg) + keysize, GFP_KERNEL);
1183  if (!x->ealg)
1184  goto out;
1185  strcpy(x->ealg->alg_name, a->name);
1186  x->ealg->alg_key_len = 0;
1187  if (key) {
1188  x->ealg->alg_key_len = key->sadb_key_bits;
1189  memcpy(x->ealg->alg_key, key+1, keysize);
1190  }
1191  x->props.ealgo = sa->sadb_sa_encrypt;
1192  }
1193  }
1194  /* x->algo.flags = sa->sadb_sa_flags; */
1195 
1196  x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1197  &x->props.saddr);
1198  if (!x->props.family) {
1199  err = -EAFNOSUPPORT;
1200  goto out;
1201  }
1202  pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1],
1203  &x->id.daddr);
1204 
1205  if (ext_hdrs[SADB_X_EXT_SA2-1]) {
1206  const struct sadb_x_sa2 *sa2 = ext_hdrs[SADB_X_EXT_SA2-1];
1207  int mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1208  if (mode < 0) {
1209  err = -EINVAL;
1210  goto out;
1211  }
1212  x->props.mode = mode;
1213  x->props.reqid = sa2->sadb_x_sa2_reqid;
1214  }
1215 
1216  if (ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]) {
1217  const struct sadb_address *addr = ext_hdrs[SADB_EXT_ADDRESS_PROXY-1];
1218 
1219  /* Nobody uses this, but we try. */
1220  x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr);
1221  x->sel.prefixlen_s = addr->sadb_address_prefixlen;
1222  }
1223 
1224  if (!x->sel.family)
1225  x->sel.family = x->props.family;
1226 
1227  if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) {
1228  const struct sadb_x_nat_t_type* n_type;
1229  struct xfrm_encap_tmpl *natt;
1230 
1231  x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL);
1232  if (!x->encap)
1233  goto out;
1234 
1235  natt = x->encap;
1236  n_type = ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1];
1237  natt->encap_type = n_type->sadb_x_nat_t_type_type;
1238 
1239  if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) {
1240  const struct sadb_x_nat_t_port *n_port =
1241  ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1];
1242  natt->encap_sport = n_port->sadb_x_nat_t_port_port;
1243  }
1244  if (ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]) {
1245  const struct sadb_x_nat_t_port *n_port =
1246  ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1];
1247  natt->encap_dport = n_port->sadb_x_nat_t_port_port;
1248  }
1249  memset(&natt->encap_oa, 0, sizeof(natt->encap_oa));
1250  }
1251 
1252  err = xfrm_init_state(x);
1253  if (err)
1254  goto out;
1255 
1256  x->km.seq = hdr->sadb_msg_seq;
1257  return x;
1258 
1259 out:
1260  x->km.state = XFRM_STATE_DEAD;
1261  xfrm_state_put(x);
1262  return ERR_PTR(err);
1263 }
1264 
1265 static int pfkey_reserved(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1266 {
1267  return -EOPNOTSUPP;
1268 }
1269 
1270 static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1271 {
1272  struct net *net = sock_net(sk);
1273  struct sk_buff *resp_skb;
1274  struct sadb_x_sa2 *sa2;
1275  struct sadb_address *saddr, *daddr;
1276  struct sadb_msg *out_hdr;
1277  struct sadb_spirange *range;
1278  struct xfrm_state *x = NULL;
1279  int mode;
1280  int err;
1281  u32 min_spi, max_spi;
1282  u32 reqid;
1283  u8 proto;
1284  unsigned short family;
1285  xfrm_address_t *xsaddr = NULL, *xdaddr = NULL;
1286 
1287  if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1288  ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1289  return -EINVAL;
1290 
1291  proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1292  if (proto == 0)
1293  return -EINVAL;
1294 
1295  if ((sa2 = ext_hdrs[SADB_X_EXT_SA2-1]) != NULL) {
1296  mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1297  if (mode < 0)
1298  return -EINVAL;
1299  reqid = sa2->sadb_x_sa2_reqid;
1300  } else {
1301  mode = 0;
1302  reqid = 0;
1303  }
1304 
1305  saddr = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
1306  daddr = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
1307 
1308  family = ((struct sockaddr *)(saddr + 1))->sa_family;
1309  switch (family) {
1310  case AF_INET:
1311  xdaddr = (xfrm_address_t *)&((struct sockaddr_in *)(daddr + 1))->sin_addr.s_addr;
1312  xsaddr = (xfrm_address_t *)&((struct sockaddr_in *)(saddr + 1))->sin_addr.s_addr;
1313  break;
1314 #if IS_ENABLED(CONFIG_IPV6)
1315  case AF_INET6:
1316  xdaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(daddr + 1))->sin6_addr;
1317  xsaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(saddr + 1))->sin6_addr;
1318  break;
1319 #endif
1320  }
1321 
1322  if (hdr->sadb_msg_seq) {
1323  x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
1324  if (x && xfrm_addr_cmp(&x->id.daddr, xdaddr, family)) {
1325  xfrm_state_put(x);
1326  x = NULL;
1327  }
1328  }
1329 
1330  if (!x)
1331  x = xfrm_find_acq(net, &dummy_mark, mode, reqid, proto, xdaddr, xsaddr, 1, family);
1332 
1333  if (x == NULL)
1334  return -ENOENT;
1335 
1336  min_spi = 0x100;
1337  max_spi = 0x0fffffff;
1338 
1339  range = ext_hdrs[SADB_EXT_SPIRANGE-1];
1340  if (range) {
1341  min_spi = range->sadb_spirange_min;
1342  max_spi = range->sadb_spirange_max;
1343  }
1344 
1345  err = xfrm_alloc_spi(x, min_spi, max_spi);
1346  resp_skb = err ? ERR_PTR(err) : pfkey_xfrm_state2msg(x);
1347 
1348  if (IS_ERR(resp_skb)) {
1349  xfrm_state_put(x);
1350  return PTR_ERR(resp_skb);
1351  }
1352 
1353  out_hdr = (struct sadb_msg *) resp_skb->data;
1354  out_hdr->sadb_msg_version = hdr->sadb_msg_version;
1355  out_hdr->sadb_msg_type = SADB_GETSPI;
1356  out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
1357  out_hdr->sadb_msg_errno = 0;
1358  out_hdr->sadb_msg_reserved = 0;
1359  out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1360  out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1361 
1362  xfrm_state_put(x);
1363 
1364  pfkey_broadcast(resp_skb, GFP_KERNEL, BROADCAST_ONE, sk, net);
1365 
1366  return 0;
1367 }
1368 
1369 static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1370 {
1371  struct net *net = sock_net(sk);
1372  struct xfrm_state *x;
1373 
1374  if (hdr->sadb_msg_len != sizeof(struct sadb_msg)/8)
1375  return -EOPNOTSUPP;
1376 
1377  if (hdr->sadb_msg_seq == 0 || hdr->sadb_msg_errno == 0)
1378  return 0;
1379 
1380  x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
1381  if (x == NULL)
1382  return 0;
1383 
1384  spin_lock_bh(&x->lock);
1385  if (x->km.state == XFRM_STATE_ACQ) {
1386  x->km.state = XFRM_STATE_ERROR;
1387  wake_up(&net->xfrm.km_waitq);
1388  }
1389  spin_unlock_bh(&x->lock);
1390  xfrm_state_put(x);
1391  return 0;
1392 }
1393 
1394 static inline int event2poltype(int event)
1395 {
1396  switch (event) {
1397  case XFRM_MSG_DELPOLICY:
1398  return SADB_X_SPDDELETE;
1399  case XFRM_MSG_NEWPOLICY:
1400  return SADB_X_SPDADD;
1401  case XFRM_MSG_UPDPOLICY:
1402  return SADB_X_SPDUPDATE;
1403  case XFRM_MSG_POLEXPIRE:
1404  // return SADB_X_SPDEXPIRE;
1405  default:
1406  pr_err("pfkey: Unknown policy event %d\n", event);
1407  break;
1408  }
1409 
1410  return 0;
1411 }
1412 
1413 static inline int event2keytype(int event)
1414 {
1415  switch (event) {
1416  case XFRM_MSG_DELSA:
1417  return SADB_DELETE;
1418  case XFRM_MSG_NEWSA:
1419  return SADB_ADD;
1420  case XFRM_MSG_UPDSA:
1421  return SADB_UPDATE;
1422  case XFRM_MSG_EXPIRE:
1423  return SADB_EXPIRE;
1424  default:
1425  pr_err("pfkey: Unknown SA event %d\n", event);
1426  break;
1427  }
1428 
1429  return 0;
1430 }
1431 
1432 /* ADD/UPD/DEL */
1433 static int key_notify_sa(struct xfrm_state *x, const struct km_event *c)
1434 {
1435  struct sk_buff *skb;
1436  struct sadb_msg *hdr;
1437 
1438  skb = pfkey_xfrm_state2msg(x);
1439 
1440  if (IS_ERR(skb))
1441  return PTR_ERR(skb);
1442 
1443  hdr = (struct sadb_msg *) skb->data;
1444  hdr->sadb_msg_version = PF_KEY_V2;
1445  hdr->sadb_msg_type = event2keytype(c->event);
1446  hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1447  hdr->sadb_msg_errno = 0;
1448  hdr->sadb_msg_reserved = 0;
1449  hdr->sadb_msg_seq = c->seq;
1450  hdr->sadb_msg_pid = c->portid;
1451 
1452  pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xs_net(x));
1453 
1454  return 0;
1455 }
1456 
1457 static int pfkey_add(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1458 {
1459  struct net *net = sock_net(sk);
1460  struct xfrm_state *x;
1461  int err;
1462  struct km_event c;
1463 
1464  x = pfkey_msg2xfrm_state(net, hdr, ext_hdrs);
1465  if (IS_ERR(x))
1466  return PTR_ERR(x);
1467 
1468  xfrm_state_hold(x);
1469  if (hdr->sadb_msg_type == SADB_ADD)
1470  err = xfrm_state_add(x);
1471  else
1472  err = xfrm_state_update(x);
1473 
1474  xfrm_audit_state_add(x, err ? 0 : 1,
1475  audit_get_loginuid(current),
1476  audit_get_sessionid(current), 0);
1477 
1478  if (err < 0) {
1479  x->km.state = XFRM_STATE_DEAD;
1480  __xfrm_state_put(x);
1481  goto out;
1482  }
1483 
1484  if (hdr->sadb_msg_type == SADB_ADD)
1485  c.event = XFRM_MSG_NEWSA;
1486  else
1487  c.event = XFRM_MSG_UPDSA;
1488  c.seq = hdr->sadb_msg_seq;
1489  c.portid = hdr->sadb_msg_pid;
1490  km_state_notify(x, &c);
1491 out:
1492  xfrm_state_put(x);
1493  return err;
1494 }
1495 
1496 static int pfkey_delete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1497 {
1498  struct net *net = sock_net(sk);
1499  struct xfrm_state *x;
1500  struct km_event c;
1501  int err;
1502 
1503  if (!ext_hdrs[SADB_EXT_SA-1] ||
1504  !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1505  ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1506  return -EINVAL;
1507 
1508  x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs);
1509  if (x == NULL)
1510  return -ESRCH;
1511 
1512  if ((err = security_xfrm_state_delete(x)))
1513  goto out;
1514 
1515  if (xfrm_state_kern(x)) {
1516  err = -EPERM;
1517  goto out;
1518  }
1519 
1520  err = xfrm_state_delete(x);
1521 
1522  if (err < 0)
1523  goto out;
1524 
1525  c.seq = hdr->sadb_msg_seq;
1526  c.portid = hdr->sadb_msg_pid;
1527  c.event = XFRM_MSG_DELSA;
1528  km_state_notify(x, &c);
1529 out:
1530  xfrm_audit_state_delete(x, err ? 0 : 1,
1531  audit_get_loginuid(current),
1532  audit_get_sessionid(current), 0);
1533  xfrm_state_put(x);
1534 
1535  return err;
1536 }
1537 
1538 static int pfkey_get(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1539 {
1540  struct net *net = sock_net(sk);
1541  __u8 proto;
1542  struct sk_buff *out_skb;
1543  struct sadb_msg *out_hdr;
1544  struct xfrm_state *x;
1545 
1546  if (!ext_hdrs[SADB_EXT_SA-1] ||
1547  !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1548  ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1549  return -EINVAL;
1550 
1551  x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs);
1552  if (x == NULL)
1553  return -ESRCH;
1554 
1555  out_skb = pfkey_xfrm_state2msg(x);
1556  proto = x->id.proto;
1557  xfrm_state_put(x);
1558  if (IS_ERR(out_skb))
1559  return PTR_ERR(out_skb);
1560 
1561  out_hdr = (struct sadb_msg *) out_skb->data;
1562  out_hdr->sadb_msg_version = hdr->sadb_msg_version;
1563  out_hdr->sadb_msg_type = SADB_GET;
1564  out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
1565  out_hdr->sadb_msg_errno = 0;
1566  out_hdr->sadb_msg_reserved = 0;
1567  out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1568  out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1569  pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk));
1570 
1571  return 0;
1572 }
1573 
1574 static struct sk_buff *compose_sadb_supported(const struct sadb_msg *orig,
1575  gfp_t allocation)
1576 {
1577  struct sk_buff *skb;
1578  struct sadb_msg *hdr;
1579  int len, auth_len, enc_len, i;
1580 
1581  auth_len = xfrm_count_auth_supported();
1582  if (auth_len) {
1583  auth_len *= sizeof(struct sadb_alg);
1584  auth_len += sizeof(struct sadb_supported);
1585  }
1586 
1587  enc_len = xfrm_count_enc_supported();
1588  if (enc_len) {
1589  enc_len *= sizeof(struct sadb_alg);
1590  enc_len += sizeof(struct sadb_supported);
1591  }
1592 
1593  len = enc_len + auth_len + sizeof(struct sadb_msg);
1594 
1595  skb = alloc_skb(len + 16, allocation);
1596  if (!skb)
1597  goto out_put_algs;
1598 
1599  hdr = (struct sadb_msg *) skb_put(skb, sizeof(*hdr));
1600  pfkey_hdr_dup(hdr, orig);
1601  hdr->sadb_msg_errno = 0;
1602  hdr->sadb_msg_len = len / sizeof(uint64_t);
1603 
1604  if (auth_len) {
1605  struct sadb_supported *sp;
1606  struct sadb_alg *ap;
1607 
1608  sp = (struct sadb_supported *) skb_put(skb, auth_len);
1609  ap = (struct sadb_alg *) (sp + 1);
1610 
1611  sp->sadb_supported_len = auth_len / sizeof(uint64_t);
1612  sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
1613 
1614  for (i = 0; ; i++) {
1615  struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
1616  if (!aalg)
1617  break;
1618  if (aalg->available)
1619  *ap++ = aalg->desc;
1620  }
1621  }
1622 
1623  if (enc_len) {
1624  struct sadb_supported *sp;
1625  struct sadb_alg *ap;
1626 
1627  sp = (struct sadb_supported *) skb_put(skb, enc_len);
1628  ap = (struct sadb_alg *) (sp + 1);
1629 
1630  sp->sadb_supported_len = enc_len / sizeof(uint64_t);
1631  sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
1632 
1633  for (i = 0; ; i++) {
1634  struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
1635  if (!ealg)
1636  break;
1637  if (ealg->available)
1638  *ap++ = ealg->desc;
1639  }
1640  }
1641 
1642 out_put_algs:
1643  return skb;
1644 }
1645 
1646 static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1647 {
1648  struct pfkey_sock *pfk = pfkey_sk(sk);
1649  struct sk_buff *supp_skb;
1650 
1651  if (hdr->sadb_msg_satype > SADB_SATYPE_MAX)
1652  return -EINVAL;
1653 
1654  if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) {
1655  if (pfk->registered&(1<<hdr->sadb_msg_satype))
1656  return -EEXIST;
1657  pfk->registered |= (1<<hdr->sadb_msg_satype);
1658  }
1659 
1660  xfrm_probe_algs();
1661 
1662  supp_skb = compose_sadb_supported(hdr, GFP_KERNEL);
1663  if (!supp_skb) {
1664  if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
1665  pfk->registered &= ~(1<<hdr->sadb_msg_satype);
1666 
1667  return -ENOBUFS;
1668  }
1669 
1670  pfkey_broadcast(supp_skb, GFP_KERNEL, BROADCAST_REGISTERED, sk, sock_net(sk));
1671 
1672  return 0;
1673 }
1674 
1675 static int unicast_flush_resp(struct sock *sk, const struct sadb_msg *ihdr)
1676 {
1677  struct sk_buff *skb;
1678  struct sadb_msg *hdr;
1679 
1680  skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
1681  if (!skb)
1682  return -ENOBUFS;
1683 
1684  hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
1685  memcpy(hdr, ihdr, sizeof(struct sadb_msg));
1686  hdr->sadb_msg_errno = (uint8_t) 0;
1687  hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
1688 
1689  return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk));
1690 }
1691 
1692 static int key_notify_sa_flush(const struct km_event *c)
1693 {
1694  struct sk_buff *skb;
1695  struct sadb_msg *hdr;
1696 
1697  skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
1698  if (!skb)
1699  return -ENOBUFS;
1700  hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
1701  hdr->sadb_msg_satype = pfkey_proto2satype(c->data.proto);
1702  hdr->sadb_msg_type = SADB_FLUSH;
1703  hdr->sadb_msg_seq = c->seq;
1704  hdr->sadb_msg_pid = c->portid;
1705  hdr->sadb_msg_version = PF_KEY_V2;
1706  hdr->sadb_msg_errno = (uint8_t) 0;
1707  hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
1708 
1709  pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
1710 
1711  return 0;
1712 }
1713 
1714 static int pfkey_flush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1715 {
1716  struct net *net = sock_net(sk);
1717  unsigned int proto;
1718  struct km_event c;
1719  struct xfrm_audit audit_info;
1720  int err, err2;
1721 
1722  proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1723  if (proto == 0)
1724  return -EINVAL;
1725 
1726  audit_info.loginuid = audit_get_loginuid(current);
1727  audit_info.sessionid = audit_get_sessionid(current);
1728  audit_info.secid = 0;
1729  err = xfrm_state_flush(net, proto, &audit_info);
1730  err2 = unicast_flush_resp(sk, hdr);
1731  if (err || err2) {
1732  if (err == -ESRCH) /* empty table - go quietly */
1733  err = 0;
1734  return err ? err : err2;
1735  }
1736 
1737  c.data.proto = proto;
1738  c.seq = hdr->sadb_msg_seq;
1739  c.portid = hdr->sadb_msg_pid;
1740  c.event = XFRM_MSG_FLUSHSA;
1741  c.net = net;
1742  km_state_notify(NULL, &c);
1743 
1744  return 0;
1745 }
1746 
1747 static int dump_sa(struct xfrm_state *x, int count, void *ptr)
1748 {
1749  struct pfkey_sock *pfk = ptr;
1750  struct sk_buff *out_skb;
1751  struct sadb_msg *out_hdr;
1752 
1753  if (!pfkey_can_dump(&pfk->sk))
1754  return -ENOBUFS;
1755 
1756  out_skb = pfkey_xfrm_state2msg(x);
1757  if (IS_ERR(out_skb))
1758  return PTR_ERR(out_skb);
1759 
1760  out_hdr = (struct sadb_msg *) out_skb->data;
1761  out_hdr->sadb_msg_version = pfk->dump.msg_version;
1762  out_hdr->sadb_msg_type = SADB_DUMP;
1763  out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1764  out_hdr->sadb_msg_errno = 0;
1765  out_hdr->sadb_msg_reserved = 0;
1766  out_hdr->sadb_msg_seq = count + 1;
1767  out_hdr->sadb_msg_pid = pfk->dump.msg_portid;
1768 
1769  if (pfk->dump.skb)
1770  pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
1771  &pfk->sk, sock_net(&pfk->sk));
1772  pfk->dump.skb = out_skb;
1773 
1774  return 0;
1775 }
1776 
1777 static int pfkey_dump_sa(struct pfkey_sock *pfk)
1778 {
1779  struct net *net = sock_net(&pfk->sk);
1780  return xfrm_state_walk(net, &pfk->dump.u.state, dump_sa, (void *) pfk);
1781 }
1782 
1783 static void pfkey_dump_sa_done(struct pfkey_sock *pfk)
1784 {
1785  xfrm_state_walk_done(&pfk->dump.u.state);
1786 }
1787 
1788 static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1789 {
1790  u8 proto;
1791  struct pfkey_sock *pfk = pfkey_sk(sk);
1792 
1793  if (pfk->dump.dump != NULL)
1794  return -EBUSY;
1795 
1796  proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1797  if (proto == 0)
1798  return -EINVAL;
1799 
1800  pfk->dump.msg_version = hdr->sadb_msg_version;
1801  pfk->dump.msg_portid = hdr->sadb_msg_pid;
1802  pfk->dump.dump = pfkey_dump_sa;
1803  pfk->dump.done = pfkey_dump_sa_done;
1804  xfrm_state_walk_init(&pfk->dump.u.state, proto);
1805 
1806  return pfkey_do_dump(pfk);
1807 }
1808 
1809 static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1810 {
1811  struct pfkey_sock *pfk = pfkey_sk(sk);
1812  int satype = hdr->sadb_msg_satype;
1813  bool reset_errno = false;
1814 
1815  if (hdr->sadb_msg_len == (sizeof(*hdr) / sizeof(uint64_t))) {
1816  reset_errno = true;
1817  if (satype != 0 && satype != 1)
1818  return -EINVAL;
1819  pfk->promisc = satype;
1820  }
1821  if (reset_errno && skb_cloned(skb))
1822  skb = skb_copy(skb, GFP_KERNEL);
1823  else
1824  skb = skb_clone(skb, GFP_KERNEL);
1825 
1826  if (reset_errno && skb) {
1827  struct sadb_msg *new_hdr = (struct sadb_msg *) skb->data;
1828  new_hdr->sadb_msg_errno = 0;
1829  }
1830 
1831  pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ALL, NULL, sock_net(sk));
1832  return 0;
1833 }
1834 
1835 static int check_reqid(struct xfrm_policy *xp, int dir, int count, void *ptr)
1836 {
1837  int i;
1838  u32 reqid = *(u32*)ptr;
1839 
1840  for (i=0; i<xp->xfrm_nr; i++) {
1841  if (xp->xfrm_vec[i].reqid == reqid)
1842  return -EEXIST;
1843  }
1844  return 0;
1845 }
1846 
1847 static u32 gen_reqid(struct net *net)
1848 {
1849  struct xfrm_policy_walk walk;
1850  u32 start;
1851  int rc;
1852  static u32 reqid = IPSEC_MANUAL_REQID_MAX;
1853 
1854  start = reqid;
1855  do {
1856  ++reqid;
1857  if (reqid == 0)
1858  reqid = IPSEC_MANUAL_REQID_MAX+1;
1859  xfrm_policy_walk_init(&walk, XFRM_POLICY_TYPE_MAIN);
1860  rc = xfrm_policy_walk(net, &walk, check_reqid, (void*)&reqid);
1861  xfrm_policy_walk_done(&walk);
1862  if (rc != -EEXIST)
1863  return reqid;
1864  } while (reqid != start);
1865  return 0;
1866 }
1867 
1868 static int
1869 parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
1870 {
1871  struct net *net = xp_net(xp);
1872  struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr;
1873  int mode;
1874 
1875  if (xp->xfrm_nr >= XFRM_MAX_DEPTH)
1876  return -ELOOP;
1877 
1878  if (rq->sadb_x_ipsecrequest_mode == 0)
1879  return -EINVAL;
1880 
1881  t->id.proto = rq->sadb_x_ipsecrequest_proto; /* XXX check proto */
1882  if ((mode = pfkey_mode_to_xfrm(rq->sadb_x_ipsecrequest_mode)) < 0)
1883  return -EINVAL;
1884  t->mode = mode;
1885  if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_USE)
1886  t->optional = 1;
1887  else if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_UNIQUE) {
1888  t->reqid = rq->sadb_x_ipsecrequest_reqid;
1889  if (t->reqid > IPSEC_MANUAL_REQID_MAX)
1890  t->reqid = 0;
1891  if (!t->reqid && !(t->reqid = gen_reqid(net)))
1892  return -ENOBUFS;
1893  }
1894 
1895  /* addresses present only in tunnel mode */
1896  if (t->mode == XFRM_MODE_TUNNEL) {
1897  u8 *sa = (u8 *) (rq + 1);
1898  int family, socklen;
1899 
1900  family = pfkey_sockaddr_extract((struct sockaddr *)sa,
1901  &t->saddr);
1902  if (!family)
1903  return -EINVAL;
1904 
1905  socklen = pfkey_sockaddr_len(family);
1906  if (pfkey_sockaddr_extract((struct sockaddr *)(sa + socklen),
1907  &t->id.daddr) != family)
1908  return -EINVAL;
1909  t->encap_family = family;
1910  } else
1911  t->encap_family = xp->family;
1912 
1913  /* No way to set this via kame pfkey */
1914  t->allalgs = 1;
1915  xp->xfrm_nr++;
1916  return 0;
1917 }
1918 
1919 static int
1920 parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol)
1921 {
1922  int err;
1923  int len = pol->sadb_x_policy_len*8 - sizeof(struct sadb_x_policy);
1924  struct sadb_x_ipsecrequest *rq = (void*)(pol+1);
1925 
1926  if (pol->sadb_x_policy_len * 8 < sizeof(struct sadb_x_policy))
1927  return -EINVAL;
1928 
1929  while (len >= sizeof(struct sadb_x_ipsecrequest)) {
1930  if ((err = parse_ipsecrequest(xp, rq)) < 0)
1931  return err;
1932  len -= rq->sadb_x_ipsecrequest_len;
1933  rq = (void*)((u8*)rq + rq->sadb_x_ipsecrequest_len);
1934  }
1935  return 0;
1936 }
1937 
1938 static inline int pfkey_xfrm_policy2sec_ctx_size(const struct xfrm_policy *xp)
1939 {
1940  struct xfrm_sec_ctx *xfrm_ctx = xp->security;
1941 
1942  if (xfrm_ctx) {
1943  int len = sizeof(struct sadb_x_sec_ctx);
1944  len += xfrm_ctx->ctx_len;
1945  return PFKEY_ALIGN8(len);
1946  }
1947  return 0;
1948 }
1949 
1950 static int pfkey_xfrm_policy2msg_size(const struct xfrm_policy *xp)
1951 {
1952  const struct xfrm_tmpl *t;
1953  int sockaddr_size = pfkey_sockaddr_size(xp->family);
1954  int socklen = 0;
1955  int i;
1956 
1957  for (i=0; i<xp->xfrm_nr; i++) {
1958  t = xp->xfrm_vec + i;
1959  socklen += pfkey_sockaddr_len(t->encap_family);
1960  }
1961 
1962  return sizeof(struct sadb_msg) +
1963  (sizeof(struct sadb_lifetime) * 3) +
1964  (sizeof(struct sadb_address) * 2) +
1965  (sockaddr_size * 2) +
1966  sizeof(struct sadb_x_policy) +
1967  (xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) +
1968  (socklen * 2) +
1969  pfkey_xfrm_policy2sec_ctx_size(xp);
1970 }
1971 
1972 static struct sk_buff * pfkey_xfrm_policy2msg_prep(const struct xfrm_policy *xp)
1973 {
1974  struct sk_buff *skb;
1975  int size;
1976 
1977  size = pfkey_xfrm_policy2msg_size(xp);
1978 
1979  skb = alloc_skb(size + 16, GFP_ATOMIC);
1980  if (skb == NULL)
1981  return ERR_PTR(-ENOBUFS);
1982 
1983  return skb;
1984 }
1985 
1986 static int pfkey_xfrm_policy2msg(struct sk_buff *skb, const struct xfrm_policy *xp, int dir)
1987 {
1988  struct sadb_msg *hdr;
1989  struct sadb_address *addr;
1990  struct sadb_lifetime *lifetime;
1991  struct sadb_x_policy *pol;
1992  struct sadb_x_sec_ctx *sec_ctx;
1993  struct xfrm_sec_ctx *xfrm_ctx;
1994  int i;
1995  int size;
1996  int sockaddr_size = pfkey_sockaddr_size(xp->family);
1997  int socklen = pfkey_sockaddr_len(xp->family);
1998 
1999  size = pfkey_xfrm_policy2msg_size(xp);
2000 
2001  /* call should fill header later */
2002  hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
2003  memset(hdr, 0, size); /* XXX do we need this ? */
2004 
2005  /* src address */
2006  addr = (struct sadb_address*) skb_put(skb,
2007  sizeof(struct sadb_address)+sockaddr_size);
2008  addr->sadb_address_len =
2009  (sizeof(struct sadb_address)+sockaddr_size)/
2010  sizeof(uint64_t);
2011  addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
2012  addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2013  addr->sadb_address_prefixlen = xp->selector.prefixlen_s;
2014  addr->sadb_address_reserved = 0;
2015  if (!pfkey_sockaddr_fill(&xp->selector.saddr,
2016  xp->selector.sport,
2017  (struct sockaddr *) (addr + 1),
2018  xp->family))
2019  BUG();
2020 
2021  /* dst address */
2022  addr = (struct sadb_address*) skb_put(skb,
2023  sizeof(struct sadb_address)+sockaddr_size);
2024  addr->sadb_address_len =
2025  (sizeof(struct sadb_address)+sockaddr_size)/
2026  sizeof(uint64_t);
2027  addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
2028  addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2029  addr->sadb_address_prefixlen = xp->selector.prefixlen_d;
2030  addr->sadb_address_reserved = 0;
2031 
2032  pfkey_sockaddr_fill(&xp->selector.daddr, xp->selector.dport,
2033  (struct sockaddr *) (addr + 1),
2034  xp->family);
2035 
2036  /* hard time */
2037  lifetime = (struct sadb_lifetime *) skb_put(skb,
2038  sizeof(struct sadb_lifetime));
2039  lifetime->sadb_lifetime_len =
2040  sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2041  lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2042  lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.hard_packet_limit);
2043  lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.hard_byte_limit);
2044  lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds;
2045  lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds;
2046  /* soft time */
2047  lifetime = (struct sadb_lifetime *) skb_put(skb,
2048  sizeof(struct sadb_lifetime));
2049  lifetime->sadb_lifetime_len =
2050  sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2051  lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
2052  lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.soft_packet_limit);
2053  lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.soft_byte_limit);
2054  lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds;
2055  lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds;
2056  /* current time */
2057  lifetime = (struct sadb_lifetime *) skb_put(skb,
2058  sizeof(struct sadb_lifetime));
2059  lifetime->sadb_lifetime_len =
2060  sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2061  lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2062  lifetime->sadb_lifetime_allocations = xp->curlft.packets;
2063  lifetime->sadb_lifetime_bytes = xp->curlft.bytes;
2064  lifetime->sadb_lifetime_addtime = xp->curlft.add_time;
2065  lifetime->sadb_lifetime_usetime = xp->curlft.use_time;
2066 
2067  pol = (struct sadb_x_policy *) skb_put(skb, sizeof(struct sadb_x_policy));
2068  pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
2069  pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
2070  pol->sadb_x_policy_type = IPSEC_POLICY_DISCARD;
2071  if (xp->action == XFRM_POLICY_ALLOW) {
2072  if (xp->xfrm_nr)
2073  pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
2074  else
2075  pol->sadb_x_policy_type = IPSEC_POLICY_NONE;
2076  }
2077  pol->sadb_x_policy_dir = dir+1;
2078  pol->sadb_x_policy_id = xp->index;
2079  pol->sadb_x_policy_priority = xp->priority;
2080 
2081  for (i=0; i<xp->xfrm_nr; i++) {
2082  const struct xfrm_tmpl *t = xp->xfrm_vec + i;
2083  struct sadb_x_ipsecrequest *rq;
2084  int req_size;
2085  int mode;
2086 
2087  req_size = sizeof(struct sadb_x_ipsecrequest);
2088  if (t->mode == XFRM_MODE_TUNNEL) {
2089  socklen = pfkey_sockaddr_len(t->encap_family);
2090  req_size += socklen * 2;
2091  } else {
2092  size -= 2*socklen;
2093  }
2094  rq = (void*)skb_put(skb, req_size);
2095  pol->sadb_x_policy_len += req_size/8;
2096  memset(rq, 0, sizeof(*rq));
2097  rq->sadb_x_ipsecrequest_len = req_size;
2098  rq->sadb_x_ipsecrequest_proto = t->id.proto;
2099  if ((mode = pfkey_mode_from_xfrm(t->mode)) < 0)
2100  return -EINVAL;
2101  rq->sadb_x_ipsecrequest_mode = mode;
2102  rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE;
2103  if (t->reqid)
2104  rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
2105  if (t->optional)
2106  rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_USE;
2107  rq->sadb_x_ipsecrequest_reqid = t->reqid;
2108 
2109  if (t->mode == XFRM_MODE_TUNNEL) {
2110  u8 *sa = (void *)(rq + 1);
2111  pfkey_sockaddr_fill(&t->saddr, 0,
2112  (struct sockaddr *)sa,
2113  t->encap_family);
2114  pfkey_sockaddr_fill(&t->id.daddr, 0,
2115  (struct sockaddr *) (sa + socklen),
2116  t->encap_family);
2117  }
2118  }
2119 
2120  /* security context */
2121  if ((xfrm_ctx = xp->security)) {
2122  int ctx_size = pfkey_xfrm_policy2sec_ctx_size(xp);
2123 
2124  sec_ctx = (struct sadb_x_sec_ctx *) skb_put(skb, ctx_size);
2125  sec_ctx->sadb_x_sec_len = ctx_size / sizeof(uint64_t);
2126  sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
2127  sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
2128  sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
2129  sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
2130  memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
2131  xfrm_ctx->ctx_len);
2132  }
2133 
2134  hdr->sadb_msg_len = size / sizeof(uint64_t);
2135  hdr->sadb_msg_reserved = atomic_read(&xp->refcnt);
2136 
2137  return 0;
2138 }
2139 
2140 static int key_notify_policy(struct xfrm_policy *xp, int dir, const struct km_event *c)
2141 {
2142  struct sk_buff *out_skb;
2143  struct sadb_msg *out_hdr;
2144  int err;
2145 
2146  out_skb = pfkey_xfrm_policy2msg_prep(xp);
2147  if (IS_ERR(out_skb))
2148  return PTR_ERR(out_skb);
2149 
2150  err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2151  if (err < 0)
2152  return err;
2153 
2154  out_hdr = (struct sadb_msg *) out_skb->data;
2155  out_hdr->sadb_msg_version = PF_KEY_V2;
2156 
2157  if (c->data.byid && c->event == XFRM_MSG_DELPOLICY)
2158  out_hdr->sadb_msg_type = SADB_X_SPDDELETE2;
2159  else
2160  out_hdr->sadb_msg_type = event2poltype(c->event);
2161  out_hdr->sadb_msg_errno = 0;
2162  out_hdr->sadb_msg_seq = c->seq;
2163  out_hdr->sadb_msg_pid = c->portid;
2164  pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp));
2165  return 0;
2166 
2167 }
2168 
2169 static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2170 {
2171  struct net *net = sock_net(sk);
2172  int err = 0;
2173  struct sadb_lifetime *lifetime;
2174  struct sadb_address *sa;
2175  struct sadb_x_policy *pol;
2176  struct xfrm_policy *xp;
2177  struct km_event c;
2178  struct sadb_x_sec_ctx *sec_ctx;
2179 
2180  if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2181  ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
2182  !ext_hdrs[SADB_X_EXT_POLICY-1])
2183  return -EINVAL;
2184 
2185  pol = ext_hdrs[SADB_X_EXT_POLICY-1];
2186  if (pol->sadb_x_policy_type > IPSEC_POLICY_IPSEC)
2187  return -EINVAL;
2188  if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2189  return -EINVAL;
2190 
2191  xp = xfrm_policy_alloc(net, GFP_KERNEL);
2192  if (xp == NULL)
2193  return -ENOBUFS;
2194 
2195  xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
2196  XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
2197  xp->priority = pol->sadb_x_policy_priority;
2198 
2199  sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2200  xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
2201  if (!xp->family) {
2202  err = -EINVAL;
2203  goto out;
2204  }
2205  xp->selector.family = xp->family;
2206  xp->selector.prefixlen_s = sa->sadb_address_prefixlen;
2207  xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2208  xp->selector.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2209  if (xp->selector.sport)
2210  xp->selector.sport_mask = htons(0xffff);
2211 
2212  sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1],
2213  pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr);
2214  xp->selector.prefixlen_d = sa->sadb_address_prefixlen;
2215 
2216  /* Amusing, we set this twice. KAME apps appear to set same value
2217  * in both addresses.
2218  */
2219  xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2220 
2221  xp->selector.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2222  if (xp->selector.dport)
2223  xp->selector.dport_mask = htons(0xffff);
2224 
2225  sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
2226  if (sec_ctx != NULL) {
2227  struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
2228 
2229  if (!uctx) {
2230  err = -ENOBUFS;
2231  goto out;
2232  }
2233 
2234  err = security_xfrm_policy_alloc(&xp->security, uctx);
2235  kfree(uctx);
2236 
2237  if (err)
2238  goto out;
2239  }
2240 
2241  xp->lft.soft_byte_limit = XFRM_INF;
2242  xp->lft.hard_byte_limit = XFRM_INF;
2243  xp->lft.soft_packet_limit = XFRM_INF;
2244  xp->lft.hard_packet_limit = XFRM_INF;
2245  if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD-1]) != NULL) {
2246  xp->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2247  xp->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2248  xp->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2249  xp->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2250  }
2251  if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]) != NULL) {
2252  xp->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2253  xp->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2254  xp->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2255  xp->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2256  }
2257  xp->xfrm_nr = 0;
2258  if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
2259  (err = parse_ipsecrequests(xp, pol)) < 0)
2260  goto out;
2261 
2262  err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp,
2263  hdr->sadb_msg_type != SADB_X_SPDUPDATE);
2264 
2265  xfrm_audit_policy_add(xp, err ? 0 : 1,
2266  audit_get_loginuid(current),
2267  audit_get_sessionid(current), 0);
2268 
2269  if (err)
2270  goto out;
2271 
2272  if (hdr->sadb_msg_type == SADB_X_SPDUPDATE)
2273  c.event = XFRM_MSG_UPDPOLICY;
2274  else
2275  c.event = XFRM_MSG_NEWPOLICY;
2276 
2277  c.seq = hdr->sadb_msg_seq;
2278  c.portid = hdr->sadb_msg_pid;
2279 
2280  km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2281  xfrm_pol_put(xp);
2282  return 0;
2283 
2284 out:
2285  xp->walk.dead = 1;
2286  xfrm_policy_destroy(xp);
2287  return err;
2288 }
2289 
2290 static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2291 {
2292  struct net *net = sock_net(sk);
2293  int err;
2294  struct sadb_address *sa;
2295  struct sadb_x_policy *pol;
2296  struct xfrm_policy *xp;
2297  struct xfrm_selector sel;
2298  struct km_event c;
2299  struct sadb_x_sec_ctx *sec_ctx;
2300  struct xfrm_sec_ctx *pol_ctx = NULL;
2301 
2302  if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2303  ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
2304  !ext_hdrs[SADB_X_EXT_POLICY-1])
2305  return -EINVAL;
2306 
2307  pol = ext_hdrs[SADB_X_EXT_POLICY-1];
2308  if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2309  return -EINVAL;
2310 
2311  memset(&sel, 0, sizeof(sel));
2312 
2313  sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2314  sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2315  sel.prefixlen_s = sa->sadb_address_prefixlen;
2316  sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2317  sel.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2318  if (sel.sport)
2319  sel.sport_mask = htons(0xffff);
2320 
2321  sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1],
2322  pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2323  sel.prefixlen_d = sa->sadb_address_prefixlen;
2324  sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2325  sel.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2326  if (sel.dport)
2327  sel.dport_mask = htons(0xffff);
2328 
2329  sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
2330  if (sec_ctx != NULL) {
2331  struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
2332 
2333  if (!uctx)
2334  return -ENOMEM;
2335 
2336  err = security_xfrm_policy_alloc(&pol_ctx, uctx);
2337  kfree(uctx);
2338  if (err)
2339  return err;
2340  }
2341 
2342  xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN,
2343  pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
2344  1, &err);
2345  security_xfrm_policy_free(pol_ctx);
2346  if (xp == NULL)
2347  return -ENOENT;
2348 
2349  xfrm_audit_policy_delete(xp, err ? 0 : 1,
2350  audit_get_loginuid(current),
2351  audit_get_sessionid(current), 0);
2352 
2353  if (err)
2354  goto out;
2355 
2356  c.seq = hdr->sadb_msg_seq;
2357  c.portid = hdr->sadb_msg_pid;
2358  c.data.byid = 0;
2359  c.event = XFRM_MSG_DELPOLICY;
2360  km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2361 
2362 out:
2363  xfrm_pol_put(xp);
2364  return err;
2365 }
2366 
2367 static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, const struct sadb_msg *hdr, int dir)
2368 {
2369  int err;
2370  struct sk_buff *out_skb;
2371  struct sadb_msg *out_hdr;
2372  err = 0;
2373 
2374  out_skb = pfkey_xfrm_policy2msg_prep(xp);
2375  if (IS_ERR(out_skb)) {
2376  err = PTR_ERR(out_skb);
2377  goto out;
2378  }
2379  err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2380  if (err < 0)
2381  goto out;
2382 
2383  out_hdr = (struct sadb_msg *) out_skb->data;
2384  out_hdr->sadb_msg_version = hdr->sadb_msg_version;
2385  out_hdr->sadb_msg_type = hdr->sadb_msg_type;
2386  out_hdr->sadb_msg_satype = 0;
2387  out_hdr->sadb_msg_errno = 0;
2388  out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
2389  out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
2390  pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, xp_net(xp));
2391  err = 0;
2392 
2393 out:
2394  return err;
2395 }
2396 
2397 #ifdef CONFIG_NET_KEY_MIGRATE
2398 static int pfkey_sockaddr_pair_size(sa_family_t family)
2399 {
2400  return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2);
2401 }
2402 
2403 static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
2404  xfrm_address_t *saddr, xfrm_address_t *daddr,
2405  u16 *family)
2406 {
2407  int af, socklen;
2408 
2409  if (ext_len < pfkey_sockaddr_pair_size(sa->sa_family))
2410  return -EINVAL;
2411 
2412  af = pfkey_sockaddr_extract(sa, saddr);
2413  if (!af)
2414  return -EINVAL;
2415 
2416  socklen = pfkey_sockaddr_len(af);
2417  if (pfkey_sockaddr_extract((struct sockaddr *) (((u8 *)sa) + socklen),
2418  daddr) != af)
2419  return -EINVAL;
2420 
2421  *family = af;
2422  return 0;
2423 }
2424 
2425 static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
2426  struct xfrm_migrate *m)
2427 {
2428  int err;
2429  struct sadb_x_ipsecrequest *rq2;
2430  int mode;
2431 
2432  if (len <= sizeof(struct sadb_x_ipsecrequest) ||
2433  len < rq1->sadb_x_ipsecrequest_len)
2434  return -EINVAL;
2435 
2436  /* old endoints */
2437  err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1),
2438  rq1->sadb_x_ipsecrequest_len,
2439  &m->old_saddr, &m->old_daddr,
2440  &m->old_family);
2441  if (err)
2442  return err;
2443 
2444  rq2 = (struct sadb_x_ipsecrequest *)((u8 *)rq1 + rq1->sadb_x_ipsecrequest_len);
2445  len -= rq1->sadb_x_ipsecrequest_len;
2446 
2447  if (len <= sizeof(struct sadb_x_ipsecrequest) ||
2448  len < rq2->sadb_x_ipsecrequest_len)
2449  return -EINVAL;
2450 
2451  /* new endpoints */
2452  err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1),
2453  rq2->sadb_x_ipsecrequest_len,
2454  &m->new_saddr, &m->new_daddr,
2455  &m->new_family);
2456  if (err)
2457  return err;
2458 
2459  if (rq1->sadb_x_ipsecrequest_proto != rq2->sadb_x_ipsecrequest_proto ||
2460  rq1->sadb_x_ipsecrequest_mode != rq2->sadb_x_ipsecrequest_mode ||
2461  rq1->sadb_x_ipsecrequest_reqid != rq2->sadb_x_ipsecrequest_reqid)
2462  return -EINVAL;
2463 
2464  m->proto = rq1->sadb_x_ipsecrequest_proto;
2465  if ((mode = pfkey_mode_to_xfrm(rq1->sadb_x_ipsecrequest_mode)) < 0)
2466  return -EINVAL;
2467  m->mode = mode;
2468  m->reqid = rq1->sadb_x_ipsecrequest_reqid;
2469 
2470  return ((int)(rq1->sadb_x_ipsecrequest_len +
2471  rq2->sadb_x_ipsecrequest_len));
2472 }
2473 
2474 static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2475  const struct sadb_msg *hdr, void * const *ext_hdrs)
2476 {
2477  int i, len, ret, err = -EINVAL;
2478  u8 dir;
2479  struct sadb_address *sa;
2480  struct sadb_x_kmaddress *kma;
2481  struct sadb_x_policy *pol;
2482  struct sadb_x_ipsecrequest *rq;
2483  struct xfrm_selector sel;
2484  struct xfrm_migrate m[XFRM_MAX_DEPTH];
2485  struct xfrm_kmaddress k;
2486 
2487  if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1],
2488  ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) ||
2489  !ext_hdrs[SADB_X_EXT_POLICY - 1]) {
2490  err = -EINVAL;
2491  goto out;
2492  }
2493 
2494  kma = ext_hdrs[SADB_X_EXT_KMADDRESS - 1];
2495  pol = ext_hdrs[SADB_X_EXT_POLICY - 1];
2496 
2497  if (pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) {
2498  err = -EINVAL;
2499  goto out;
2500  }
2501 
2502  if (kma) {
2503  /* convert sadb_x_kmaddress to xfrm_kmaddress */
2504  k.reserved = kma->sadb_x_kmaddress_reserved;
2505  ret = parse_sockaddr_pair((struct sockaddr *)(kma + 1),
2506  8*(kma->sadb_x_kmaddress_len) - sizeof(*kma),
2507  &k.local, &k.remote, &k.family);
2508  if (ret < 0) {
2509  err = ret;
2510  goto out;
2511  }
2512  }
2513 
2514  dir = pol->sadb_x_policy_dir - 1;
2515  memset(&sel, 0, sizeof(sel));
2516 
2517  /* set source address info of selector */
2518  sa = ext_hdrs[SADB_EXT_ADDRESS_SRC - 1];
2519  sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2520  sel.prefixlen_s = sa->sadb_address_prefixlen;
2521  sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2522  sel.sport = ((struct sockaddr_in *)(sa + 1))->sin_port;
2523  if (sel.sport)
2524  sel.sport_mask = htons(0xffff);
2525 
2526  /* set destination address info of selector */
2527  sa = ext_hdrs[SADB_EXT_ADDRESS_DST - 1],
2528  pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2529  sel.prefixlen_d = sa->sadb_address_prefixlen;
2530  sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2531  sel.dport = ((struct sockaddr_in *)(sa + 1))->sin_port;
2532  if (sel.dport)
2533  sel.dport_mask = htons(0xffff);
2534 
2535  rq = (struct sadb_x_ipsecrequest *)(pol + 1);
2536 
2537  /* extract ipsecrequests */
2538  i = 0;
2539  len = pol->sadb_x_policy_len * 8 - sizeof(struct sadb_x_policy);
2540 
2541  while (len > 0 && i < XFRM_MAX_DEPTH) {
2542  ret = ipsecrequests_to_migrate(rq, len, &m[i]);
2543  if (ret < 0) {
2544  err = ret;
2545  goto out;
2546  } else {
2547  rq = (struct sadb_x_ipsecrequest *)((u8 *)rq + ret);
2548  len -= ret;
2549  i++;
2550  }
2551  }
2552 
2553  if (!i || len > 0) {
2554  err = -EINVAL;
2555  goto out;
2556  }
2557 
2558  return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,
2559  kma ? &k : NULL);
2560 
2561  out:
2562  return err;
2563 }
2564 #else
2565 static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2566  const struct sadb_msg *hdr, void * const *ext_hdrs)
2567 {
2568  return -ENOPROTOOPT;
2569 }
2570 #endif
2571 
2572 
2573 static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2574 {
2575  struct net *net = sock_net(sk);
2576  unsigned int dir;
2577  int err = 0, delete;
2578  struct sadb_x_policy *pol;
2579  struct xfrm_policy *xp;
2580  struct km_event c;
2581 
2582  if ((pol = ext_hdrs[SADB_X_EXT_POLICY-1]) == NULL)
2583  return -EINVAL;
2584 
2585  dir = xfrm_policy_id2dir(pol->sadb_x_policy_id);
2586  if (dir >= XFRM_POLICY_MAX)
2587  return -EINVAL;
2588 
2589  delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
2590  xp = xfrm_policy_byid(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN,
2591  dir, pol->sadb_x_policy_id, delete, &err);
2592  if (xp == NULL)
2593  return -ENOENT;
2594 
2595  if (delete) {
2596  xfrm_audit_policy_delete(xp, err ? 0 : 1,
2597  audit_get_loginuid(current),
2598  audit_get_sessionid(current), 0);
2599 
2600  if (err)
2601  goto out;
2602  c.seq = hdr->sadb_msg_seq;
2603  c.portid = hdr->sadb_msg_pid;
2604  c.data.byid = 1;
2605  c.event = XFRM_MSG_DELPOLICY;
2606  km_policy_notify(xp, dir, &c);
2607  } else {
2608  err = key_pol_get_resp(sk, xp, hdr, dir);
2609  }
2610 
2611 out:
2612  xfrm_pol_put(xp);
2613  return err;
2614 }
2615 
2616 static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr)
2617 {
2618  struct pfkey_sock *pfk = ptr;
2619  struct sk_buff *out_skb;
2620  struct sadb_msg *out_hdr;
2621  int err;
2622 
2623  if (!pfkey_can_dump(&pfk->sk))
2624  return -ENOBUFS;
2625 
2626  out_skb = pfkey_xfrm_policy2msg_prep(xp);
2627  if (IS_ERR(out_skb))
2628  return PTR_ERR(out_skb);
2629 
2630  err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2631  if (err < 0)
2632  return err;
2633 
2634  out_hdr = (struct sadb_msg *) out_skb->data;
2635  out_hdr->sadb_msg_version = pfk->dump.msg_version;
2636  out_hdr->sadb_msg_type = SADB_X_SPDDUMP;
2637  out_hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
2638  out_hdr->sadb_msg_errno = 0;
2639  out_hdr->sadb_msg_seq = count + 1;
2640  out_hdr->sadb_msg_pid = pfk->dump.msg_portid;
2641 
2642  if (pfk->dump.skb)
2643  pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
2644  &pfk->sk, sock_net(&pfk->sk));
2645  pfk->dump.skb = out_skb;
2646 
2647  return 0;
2648 }
2649 
2650 static int pfkey_dump_sp(struct pfkey_sock *pfk)
2651 {
2652  struct net *net = sock_net(&pfk->sk);
2653  return xfrm_policy_walk(net, &pfk->dump.u.policy, dump_sp, (void *) pfk);
2654 }
2655 
2656 static void pfkey_dump_sp_done(struct pfkey_sock *pfk)
2657 {
2658  xfrm_policy_walk_done(&pfk->dump.u.policy);
2659 }
2660 
2661 static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2662 {
2663  struct pfkey_sock *pfk = pfkey_sk(sk);
2664 
2665  if (pfk->dump.dump != NULL)
2666  return -EBUSY;
2667 
2668  pfk->dump.msg_version = hdr->sadb_msg_version;
2669  pfk->dump.msg_portid = hdr->sadb_msg_pid;
2670  pfk->dump.dump = pfkey_dump_sp;
2671  pfk->dump.done = pfkey_dump_sp_done;
2672  xfrm_policy_walk_init(&pfk->dump.u.policy, XFRM_POLICY_TYPE_MAIN);
2673 
2674  return pfkey_do_dump(pfk);
2675 }
2676 
2677 static int key_notify_policy_flush(const struct km_event *c)
2678 {
2679  struct sk_buff *skb_out;
2680  struct sadb_msg *hdr;
2681 
2682  skb_out = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
2683  if (!skb_out)
2684  return -ENOBUFS;
2685  hdr = (struct sadb_msg *) skb_put(skb_out, sizeof(struct sadb_msg));
2686  hdr->sadb_msg_type = SADB_X_SPDFLUSH;
2687  hdr->sadb_msg_seq = c->seq;
2688  hdr->sadb_msg_pid = c->portid;
2689  hdr->sadb_msg_version = PF_KEY_V2;
2690  hdr->sadb_msg_errno = (uint8_t) 0;
2691  hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
2692  pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
2693  return 0;
2694 
2695 }
2696 
2697 static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2698 {
2699  struct net *net = sock_net(sk);
2700  struct km_event c;
2701  struct xfrm_audit audit_info;
2702  int err, err2;
2703 
2704  audit_info.loginuid = audit_get_loginuid(current);
2705  audit_info.sessionid = audit_get_sessionid(current);
2706  audit_info.secid = 0;
2707  err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
2708  err2 = unicast_flush_resp(sk, hdr);
2709  if (err || err2) {
2710  if (err == -ESRCH) /* empty table - old silent behavior */
2711  return 0;
2712  return err;
2713  }
2714 
2715  c.data.type = XFRM_POLICY_TYPE_MAIN;
2716  c.event = XFRM_MSG_FLUSHPOLICY;
2717  c.portid = hdr->sadb_msg_pid;
2718  c.seq = hdr->sadb_msg_seq;
2719  c.net = net;
2720  km_policy_notify(NULL, 0, &c);
2721 
2722  return 0;
2723 }
2724 
2725 typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb,
2726  const struct sadb_msg *hdr, void * const *ext_hdrs);
2727 static pfkey_handler pfkey_funcs[SADB_MAX + 1] = {
2728  [SADB_RESERVED] = pfkey_reserved,
2729  [SADB_GETSPI] = pfkey_getspi,
2730  [SADB_UPDATE] = pfkey_add,
2731  [SADB_ADD] = pfkey_add,
2732  [SADB_DELETE] = pfkey_delete,
2733  [SADB_GET] = pfkey_get,
2734  [SADB_ACQUIRE] = pfkey_acquire,
2735  [SADB_REGISTER] = pfkey_register,
2736  [SADB_EXPIRE] = NULL,
2737  [SADB_FLUSH] = pfkey_flush,
2738  [SADB_DUMP] = pfkey_dump,
2739  [SADB_X_PROMISC] = pfkey_promisc,
2740  [SADB_X_PCHANGE] = NULL,
2741  [SADB_X_SPDUPDATE] = pfkey_spdadd,
2742  [SADB_X_SPDADD] = pfkey_spdadd,
2743  [SADB_X_SPDDELETE] = pfkey_spddelete,
2744  [SADB_X_SPDGET] = pfkey_spdget,
2745  [SADB_X_SPDACQUIRE] = NULL,
2746  [SADB_X_SPDDUMP] = pfkey_spddump,
2747  [SADB_X_SPDFLUSH] = pfkey_spdflush,
2748  [SADB_X_SPDSETIDX] = pfkey_spdadd,
2749  [SADB_X_SPDDELETE2] = pfkey_spdget,
2750  [SADB_X_MIGRATE] = pfkey_migrate,
2751 };
2752 
2753 static int pfkey_process(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr)
2754 {
2755  void *ext_hdrs[SADB_EXT_MAX];
2756  int err;
2757 
2758  pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL,
2759  BROADCAST_PROMISC_ONLY, NULL, sock_net(sk));
2760 
2761  memset(ext_hdrs, 0, sizeof(ext_hdrs));
2762  err = parse_exthdrs(skb, hdr, ext_hdrs);
2763  if (!err) {
2764  err = -EOPNOTSUPP;
2765  if (pfkey_funcs[hdr->sadb_msg_type])
2766  err = pfkey_funcs[hdr->sadb_msg_type](sk, skb, hdr, ext_hdrs);
2767  }
2768  return err;
2769 }
2770 
2771 static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp)
2772 {
2773  struct sadb_msg *hdr = NULL;
2774 
2775  if (skb->len < sizeof(*hdr)) {
2776  *errp = -EMSGSIZE;
2777  } else {
2778  hdr = (struct sadb_msg *) skb->data;
2779  if (hdr->sadb_msg_version != PF_KEY_V2 ||
2780  hdr->sadb_msg_reserved != 0 ||
2781  (hdr->sadb_msg_type <= SADB_RESERVED ||
2782  hdr->sadb_msg_type > SADB_MAX)) {
2783  hdr = NULL;
2784  *errp = -EINVAL;
2785  } else if (hdr->sadb_msg_len != (skb->len /
2786  sizeof(uint64_t)) ||
2787  hdr->sadb_msg_len < (sizeof(struct sadb_msg) /
2788  sizeof(uint64_t))) {
2789  hdr = NULL;
2790  *errp = -EMSGSIZE;
2791  } else {
2792  *errp = 0;
2793  }
2794  }
2795  return hdr;
2796 }
2797 
2798 static inline int aalg_tmpl_set(const struct xfrm_tmpl *t,
2799  const struct xfrm_algo_desc *d)
2800 {
2801  unsigned int id = d->desc.sadb_alg_id;
2802 
2803  if (id >= sizeof(t->aalgos) * 8)
2804  return 0;
2805 
2806  return (t->aalgos >> id) & 1;
2807 }
2808 
2809 static inline int ealg_tmpl_set(const struct xfrm_tmpl *t,
2810  const struct xfrm_algo_desc *d)
2811 {
2812  unsigned int id = d->desc.sadb_alg_id;
2813 
2814  if (id >= sizeof(t->ealgos) * 8)
2815  return 0;
2816 
2817  return (t->ealgos >> id) & 1;
2818 }
2819 
2820 static int count_ah_combs(const struct xfrm_tmpl *t)
2821 {
2822  int i, sz = 0;
2823 
2824  for (i = 0; ; i++) {
2825  const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2826  if (!aalg)
2827  break;
2828  if (aalg_tmpl_set(t, aalg) && aalg->available)
2829  sz += sizeof(struct sadb_comb);
2830  }
2831  return sz + sizeof(struct sadb_prop);
2832 }
2833 
2834 static int count_esp_combs(const struct xfrm_tmpl *t)
2835 {
2836  int i, k, sz = 0;
2837 
2838  for (i = 0; ; i++) {
2839  const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2840  if (!ealg)
2841  break;
2842 
2843  if (!(ealg_tmpl_set(t, ealg) && ealg->available))
2844  continue;
2845 
2846  for (k = 1; ; k++) {
2847  const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
2848  if (!aalg)
2849  break;
2850 
2851  if (aalg_tmpl_set(t, aalg) && aalg->available)
2852  sz += sizeof(struct sadb_comb);
2853  }
2854  }
2855  return sz + sizeof(struct sadb_prop);
2856 }
2857 
2858 static void dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
2859 {
2860  struct sadb_prop *p;
2861  int i;
2862 
2863  p = (struct sadb_prop*)skb_put(skb, sizeof(struct sadb_prop));
2864  p->sadb_prop_len = sizeof(struct sadb_prop)/8;
2865  p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
2866  p->sadb_prop_replay = 32;
2867  memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2868 
2869  for (i = 0; ; i++) {
2870  const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2871  if (!aalg)
2872  break;
2873 
2874  if (aalg_tmpl_set(t, aalg) && aalg->available) {
2875  struct sadb_comb *c;
2876  c = (struct sadb_comb*)skb_put(skb, sizeof(struct sadb_comb));
2877  memset(c, 0, sizeof(*c));
2878  p->sadb_prop_len += sizeof(struct sadb_comb)/8;
2879  c->sadb_comb_auth = aalg->desc.sadb_alg_id;
2880  c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
2881  c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
2882  c->sadb_comb_hard_addtime = 24*60*60;
2883  c->sadb_comb_soft_addtime = 20*60*60;
2884  c->sadb_comb_hard_usetime = 8*60*60;
2885  c->sadb_comb_soft_usetime = 7*60*60;
2886  }
2887  }
2888 }
2889 
2890 static void dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
2891 {
2892  struct sadb_prop *p;
2893  int i, k;
2894 
2895  p = (struct sadb_prop*)skb_put(skb, sizeof(struct sadb_prop));
2896  p->sadb_prop_len = sizeof(struct sadb_prop)/8;
2897  p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
2898  p->sadb_prop_replay = 32;
2899  memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2900 
2901  for (i=0; ; i++) {
2902  const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2903  if (!ealg)
2904  break;
2905 
2906  if (!(ealg_tmpl_set(t, ealg) && ealg->available))
2907  continue;
2908 
2909  for (k = 1; ; k++) {
2910  struct sadb_comb *c;
2911  const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
2912  if (!aalg)
2913  break;
2914  if (!(aalg_tmpl_set(t, aalg) && aalg->available))
2915  continue;
2916  c = (struct sadb_comb*)skb_put(skb, sizeof(struct sadb_comb));
2917  memset(c, 0, sizeof(*c));
2918  p->sadb_prop_len += sizeof(struct sadb_comb)/8;
2919  c->sadb_comb_auth = aalg->desc.sadb_alg_id;
2920  c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
2921  c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
2922  c->sadb_comb_encrypt = ealg->desc.sadb_alg_id;
2923  c->sadb_comb_encrypt_minbits = ealg->desc.sadb_alg_minbits;
2924  c->sadb_comb_encrypt_maxbits = ealg->desc.sadb_alg_maxbits;
2925  c->sadb_comb_hard_addtime = 24*60*60;
2926  c->sadb_comb_soft_addtime = 20*60*60;
2927  c->sadb_comb_hard_usetime = 8*60*60;
2928  c->sadb_comb_soft_usetime = 7*60*60;
2929  }
2930  }
2931 }
2932 
2933 static int key_notify_policy_expire(struct xfrm_policy *xp, const struct km_event *c)
2934 {
2935  return 0;
2936 }
2937 
2938 static int key_notify_sa_expire(struct xfrm_state *x, const struct km_event *c)
2939 {
2940  struct sk_buff *out_skb;
2941  struct sadb_msg *out_hdr;
2942  int hard;
2943  int hsc;
2944 
2945  hard = c->data.hard;
2946  if (hard)
2947  hsc = 2;
2948  else
2949  hsc = 1;
2950 
2951  out_skb = pfkey_xfrm_state2msg_expire(x, hsc);
2952  if (IS_ERR(out_skb))
2953  return PTR_ERR(out_skb);
2954 
2955  out_hdr = (struct sadb_msg *) out_skb->data;
2956  out_hdr->sadb_msg_version = PF_KEY_V2;
2957  out_hdr->sadb_msg_type = SADB_EXPIRE;
2958  out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
2959  out_hdr->sadb_msg_errno = 0;
2960  out_hdr->sadb_msg_reserved = 0;
2961  out_hdr->sadb_msg_seq = 0;
2962  out_hdr->sadb_msg_pid = 0;
2963 
2964  pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL, xs_net(x));
2965  return 0;
2966 }
2967 
2968 static int pfkey_send_notify(struct xfrm_state *x, const struct km_event *c)
2969 {
2970  struct net *net = x ? xs_net(x) : c->net;
2971  struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
2972 
2973  if (atomic_read(&net_pfkey->socks_nr) == 0)
2974  return 0;
2975 
2976  switch (c->event) {
2977  case XFRM_MSG_EXPIRE:
2978  return key_notify_sa_expire(x, c);
2979  case XFRM_MSG_DELSA:
2980  case XFRM_MSG_NEWSA:
2981  case XFRM_MSG_UPDSA:
2982  return key_notify_sa(x, c);
2983  case XFRM_MSG_FLUSHSA:
2984  return key_notify_sa_flush(c);
2985  case XFRM_MSG_NEWAE: /* not yet supported */
2986  break;
2987  default:
2988  pr_err("pfkey: Unknown SA event %d\n", c->event);
2989  break;
2990  }
2991 
2992  return 0;
2993 }
2994 
2995 static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
2996 {
2997  if (xp && xp->type != XFRM_POLICY_TYPE_MAIN)
2998  return 0;
2999 
3000  switch (c->event) {
3001  case XFRM_MSG_POLEXPIRE:
3002  return key_notify_policy_expire(xp, c);
3003  case XFRM_MSG_DELPOLICY:
3004  case XFRM_MSG_NEWPOLICY:
3005  case XFRM_MSG_UPDPOLICY:
3006  return key_notify_policy(xp, dir, c);
3007  case XFRM_MSG_FLUSHPOLICY:
3008  if (c->data.type != XFRM_POLICY_TYPE_MAIN)
3009  break;
3010  return key_notify_policy_flush(c);
3011  default:
3012  pr_err("pfkey: Unknown policy event %d\n", c->event);
3013  break;
3014  }
3015 
3016  return 0;
3017 }
3018 
3019 static u32 get_acqseq(void)
3020 {
3021  u32 res;
3022  static atomic_t acqseq;
3023 
3024  do {
3025  res = atomic_inc_return(&acqseq);
3026  } while (!res);
3027  return res;
3028 }
3029 
3030 static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp)
3031 {
3032  struct sk_buff *skb;
3033  struct sadb_msg *hdr;
3034  struct sadb_address *addr;
3035  struct sadb_x_policy *pol;
3036  int sockaddr_size;
3037  int size;
3038  struct sadb_x_sec_ctx *sec_ctx;
3039  struct xfrm_sec_ctx *xfrm_ctx;
3040  int ctx_size = 0;
3041 
3042  sockaddr_size = pfkey_sockaddr_size(x->props.family);
3043  if (!sockaddr_size)
3044  return -EINVAL;
3045 
3046  size = sizeof(struct sadb_msg) +
3047  (sizeof(struct sadb_address) * 2) +
3048  (sockaddr_size * 2) +
3049  sizeof(struct sadb_x_policy);
3050 
3051  if (x->id.proto == IPPROTO_AH)
3052  size += count_ah_combs(t);
3053  else if (x->id.proto == IPPROTO_ESP)
3054  size += count_esp_combs(t);
3055 
3056  if ((xfrm_ctx = x->security)) {
3057  ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
3058  size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
3059  }
3060 
3061  skb = alloc_skb(size + 16, GFP_ATOMIC);
3062  if (skb == NULL)
3063  return -ENOMEM;
3064 
3065  hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
3066  hdr->sadb_msg_version = PF_KEY_V2;
3067  hdr->sadb_msg_type = SADB_ACQUIRE;
3068  hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
3069  hdr->sadb_msg_len = size / sizeof(uint64_t);
3070  hdr->sadb_msg_errno = 0;
3071  hdr->sadb_msg_reserved = 0;
3072  hdr->sadb_msg_seq = x->km.seq = get_acqseq();
3073  hdr->sadb_msg_pid = 0;
3074 
3075  /* src address */
3076  addr = (struct sadb_address*) skb_put(skb,
3077  sizeof(struct sadb_address)+sockaddr_size);
3078  addr->sadb_address_len =
3079  (sizeof(struct sadb_address)+sockaddr_size)/
3080  sizeof(uint64_t);
3081  addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3082  addr->sadb_address_proto = 0;
3083  addr->sadb_address_reserved = 0;
3084  addr->sadb_address_prefixlen =
3085  pfkey_sockaddr_fill(&x->props.saddr, 0,
3086  (struct sockaddr *) (addr + 1),
3087  x->props.family);
3088  if (!addr->sadb_address_prefixlen)
3089  BUG();
3090 
3091  /* dst address */
3092  addr = (struct sadb_address*) skb_put(skb,
3093  sizeof(struct sadb_address)+sockaddr_size);
3094  addr->sadb_address_len =
3095  (sizeof(struct sadb_address)+sockaddr_size)/
3096  sizeof(uint64_t);
3097  addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3098  addr->sadb_address_proto = 0;
3099  addr->sadb_address_reserved = 0;
3100  addr->sadb_address_prefixlen =
3101  pfkey_sockaddr_fill(&x->id.daddr, 0,
3102  (struct sockaddr *) (addr + 1),
3103  x->props.family);
3104  if (!addr->sadb_address_prefixlen)
3105  BUG();
3106 
3107  pol = (struct sadb_x_policy *) skb_put(skb, sizeof(struct sadb_x_policy));
3108  pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
3109  pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3110  pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
3111  pol->sadb_x_policy_dir = XFRM_POLICY_OUT + 1;
3112  pol->sadb_x_policy_id = xp->index;
3113 
3114  /* Set sadb_comb's. */
3115  if (x->id.proto == IPPROTO_AH)
3116  dump_ah_combs(skb, t);
3117  else if (x->id.proto == IPPROTO_ESP)
3118  dump_esp_combs(skb, t);
3119 
3120  /* security context */
3121  if (xfrm_ctx) {
3122  sec_ctx = (struct sadb_x_sec_ctx *) skb_put(skb,
3123  sizeof(struct sadb_x_sec_ctx) + ctx_size);
3124  sec_ctx->sadb_x_sec_len =
3125  (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
3126  sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
3127  sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
3128  sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
3129  sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
3130  memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
3131  xfrm_ctx->ctx_len);
3132  }
3133 
3134  return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL, xs_net(x));
3135 }
3136 
3137 static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
3138  u8 *data, int len, int *dir)
3139 {
3140  struct net *net = sock_net(sk);
3141  struct xfrm_policy *xp;
3142  struct sadb_x_policy *pol = (struct sadb_x_policy*)data;
3143  struct sadb_x_sec_ctx *sec_ctx;
3144 
3145  switch (sk->sk_family) {
3146  case AF_INET:
3147  if (opt != IP_IPSEC_POLICY) {
3148  *dir = -EOPNOTSUPP;
3149  return NULL;
3150  }
3151  break;
3152 #if IS_ENABLED(CONFIG_IPV6)
3153  case AF_INET6:
3154  if (opt != IPV6_IPSEC_POLICY) {
3155  *dir = -EOPNOTSUPP;
3156  return NULL;
3157  }
3158  break;
3159 #endif
3160  default:
3161  *dir = -EINVAL;
3162  return NULL;
3163  }
3164 
3165  *dir = -EINVAL;
3166 
3167  if (len < sizeof(struct sadb_x_policy) ||
3168  pol->sadb_x_policy_len*8 > len ||
3169  pol->sadb_x_policy_type > IPSEC_POLICY_BYPASS ||
3170  (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir > IPSEC_DIR_OUTBOUND))
3171  return NULL;
3172 
3173  xp = xfrm_policy_alloc(net, GFP_ATOMIC);
3174  if (xp == NULL) {
3175  *dir = -ENOBUFS;
3176  return NULL;
3177  }
3178 
3179  xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
3180  XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
3181 
3182  xp->lft.soft_byte_limit = XFRM_INF;
3183  xp->lft.hard_byte_limit = XFRM_INF;
3184  xp->lft.soft_packet_limit = XFRM_INF;
3185  xp->lft.hard_packet_limit = XFRM_INF;
3186  xp->family = sk->sk_family;
3187 
3188  xp->xfrm_nr = 0;
3189  if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
3190  (*dir = parse_ipsecrequests(xp, pol)) < 0)
3191  goto out;
3192 
3193  /* security context too */
3194  if (len >= (pol->sadb_x_policy_len*8 +
3195  sizeof(struct sadb_x_sec_ctx))) {
3196  char *p = (char *)pol;
3197  struct xfrm_user_sec_ctx *uctx;
3198 
3199  p += pol->sadb_x_policy_len*8;
3200  sec_ctx = (struct sadb_x_sec_ctx *)p;
3201  if (len < pol->sadb_x_policy_len*8 +
3202  sec_ctx->sadb_x_sec_len) {
3203  *dir = -EINVAL;
3204  goto out;
3205  }
3206  if ((*dir = verify_sec_ctx_len(p)))
3207  goto out;
3208  uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
3209  *dir = security_xfrm_policy_alloc(&xp->security, uctx);
3210  kfree(uctx);
3211 
3212  if (*dir)
3213  goto out;
3214  }
3215 
3216  *dir = pol->sadb_x_policy_dir-1;
3217  return xp;
3218 
3219 out:
3220  xp->walk.dead = 1;
3221  xfrm_policy_destroy(xp);
3222  return NULL;
3223 }
3224 
3225 static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
3226 {
3227  struct sk_buff *skb;
3228  struct sadb_msg *hdr;
3229  struct sadb_sa *sa;
3230  struct sadb_address *addr;
3231  struct sadb_x_nat_t_port *n_port;
3232  int sockaddr_size;
3233  int size;
3234  __u8 satype = (x->id.proto == IPPROTO_ESP ? SADB_SATYPE_ESP : 0);
3235  struct xfrm_encap_tmpl *natt = NULL;
3236 
3237  sockaddr_size = pfkey_sockaddr_size(x->props.family);
3238  if (!sockaddr_size)
3239  return -EINVAL;
3240 
3241  if (!satype)
3242  return -EINVAL;
3243 
3244  if (!x->encap)
3245  return -EINVAL;
3246 
3247  natt = x->encap;
3248 
3249  /* Build an SADB_X_NAT_T_NEW_MAPPING message:
3250  *
3251  * HDR | SA | ADDRESS_SRC (old addr) | NAT_T_SPORT (old port) |
3252  * ADDRESS_DST (new addr) | NAT_T_DPORT (new port)
3253  */
3254 
3255  size = sizeof(struct sadb_msg) +
3256  sizeof(struct sadb_sa) +
3257  (sizeof(struct sadb_address) * 2) +
3258  (sockaddr_size * 2) +
3259  (sizeof(struct sadb_x_nat_t_port) * 2);
3260 
3261  skb = alloc_skb(size + 16, GFP_ATOMIC);
3262  if (skb == NULL)
3263  return -ENOMEM;
3264 
3265  hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
3266  hdr->sadb_msg_version = PF_KEY_V2;
3267  hdr->sadb_msg_type = SADB_X_NAT_T_NEW_MAPPING;
3268  hdr->sadb_msg_satype = satype;
3269  hdr->sadb_msg_len = size / sizeof(uint64_t);
3270  hdr->sadb_msg_errno = 0;
3271  hdr->sadb_msg_reserved = 0;
3272  hdr->sadb_msg_seq = x->km.seq = get_acqseq();
3273  hdr->sadb_msg_pid = 0;
3274 
3275  /* SA */
3276  sa = (struct sadb_sa *) skb_put(skb, sizeof(struct sadb_sa));
3277  sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
3278  sa->sadb_sa_exttype = SADB_EXT_SA;
3279  sa->sadb_sa_spi = x->id.spi;
3280  sa->sadb_sa_replay = 0;
3281  sa->sadb_sa_state = 0;
3282  sa->sadb_sa_auth = 0;
3283  sa->sadb_sa_encrypt = 0;
3284  sa->sadb_sa_flags = 0;
3285 
3286  /* ADDRESS_SRC (old addr) */
3287  addr = (struct sadb_address*)
3288  skb_put(skb, sizeof(struct sadb_address)+sockaddr_size);
3289  addr->sadb_address_len =
3290  (sizeof(struct sadb_address)+sockaddr_size)/
3291  sizeof(uint64_t);
3292  addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3293  addr->sadb_address_proto = 0;
3294  addr->sadb_address_reserved = 0;
3295  addr->sadb_address_prefixlen =
3296  pfkey_sockaddr_fill(&x->props.saddr, 0,
3297  (struct sockaddr *) (addr + 1),
3298  x->props.family);
3299  if (!addr->sadb_address_prefixlen)
3300  BUG();
3301 
3302  /* NAT_T_SPORT (old port) */
3303  n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port));
3304  n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
3305  n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
3306  n_port->sadb_x_nat_t_port_port = natt->encap_sport;
3307  n_port->sadb_x_nat_t_port_reserved = 0;
3308 
3309  /* ADDRESS_DST (new addr) */
3310  addr = (struct sadb_address*)
3311  skb_put(skb, sizeof(struct sadb_address)+sockaddr_size);
3312  addr->sadb_address_len =
3313  (sizeof(struct sadb_address)+sockaddr_size)/
3314  sizeof(uint64_t);
3315  addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3316  addr->sadb_address_proto = 0;
3317  addr->sadb_address_reserved = 0;
3318  addr->sadb_address_prefixlen =
3319  pfkey_sockaddr_fill(ipaddr, 0,
3320  (struct sockaddr *) (addr + 1),
3321  x->props.family);
3322  if (!addr->sadb_address_prefixlen)
3323  BUG();
3324 
3325  /* NAT_T_DPORT (new port) */
3326  n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port));
3327  n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
3328  n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
3329  n_port->sadb_x_nat_t_port_port = sport;
3330  n_port->sadb_x_nat_t_port_reserved = 0;
3331 
3332  return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL, xs_net(x));
3333 }
3334 
3335 #ifdef CONFIG_NET_KEY_MIGRATE
3336 static int set_sadb_address(struct sk_buff *skb, int sasize, int type,
3337  const struct xfrm_selector *sel)
3338 {
3339  struct sadb_address *addr;
3340  addr = (struct sadb_address *)skb_put(skb, sizeof(struct sadb_address) + sasize);
3341  addr->sadb_address_len = (sizeof(struct sadb_address) + sasize)/8;
3342  addr->sadb_address_exttype = type;
3343  addr->sadb_address_proto = sel->proto;
3344  addr->sadb_address_reserved = 0;
3345 
3346  switch (type) {
3347  case SADB_EXT_ADDRESS_SRC:
3348  addr->sadb_address_prefixlen = sel->prefixlen_s;
3349  pfkey_sockaddr_fill(&sel->saddr, 0,
3350  (struct sockaddr *)(addr + 1),
3351  sel->family);
3352  break;
3353  case SADB_EXT_ADDRESS_DST:
3354  addr->sadb_address_prefixlen = sel->prefixlen_d;
3355  pfkey_sockaddr_fill(&sel->daddr, 0,
3356  (struct sockaddr *)(addr + 1),
3357  sel->family);
3358  break;
3359  default:
3360  return -EINVAL;
3361  }
3362 
3363  return 0;
3364 }
3365 
3366 
3367 static int set_sadb_kmaddress(struct sk_buff *skb, const struct xfrm_kmaddress *k)
3368 {
3369  struct sadb_x_kmaddress *kma;
3370  u8 *sa;
3371  int family = k->family;
3372  int socklen = pfkey_sockaddr_len(family);
3373  int size_req;
3374 
3375  size_req = (sizeof(struct sadb_x_kmaddress) +
3376  pfkey_sockaddr_pair_size(family));
3377 
3378  kma = (struct sadb_x_kmaddress *)skb_put(skb, size_req);
3379  memset(kma, 0, size_req);
3380  kma->sadb_x_kmaddress_len = size_req / 8;
3381  kma->sadb_x_kmaddress_exttype = SADB_X_EXT_KMADDRESS;
3382  kma->sadb_x_kmaddress_reserved = k->reserved;
3383 
3384  sa = (u8 *)(kma + 1);
3385  if (!pfkey_sockaddr_fill(&k->local, 0, (struct sockaddr *)sa, family) ||
3386  !pfkey_sockaddr_fill(&k->remote, 0, (struct sockaddr *)(sa+socklen), family))
3387  return -EINVAL;
3388 
3389  return 0;
3390 }
3391 
3392 static int set_ipsecrequest(struct sk_buff *skb,
3393  uint8_t proto, uint8_t mode, int level,
3394  uint32_t reqid, uint8_t family,
3395  const xfrm_address_t *src, const xfrm_address_t *dst)
3396 {
3397  struct sadb_x_ipsecrequest *rq;
3398  u8 *sa;
3399  int socklen = pfkey_sockaddr_len(family);
3400  int size_req;
3401 
3402  size_req = sizeof(struct sadb_x_ipsecrequest) +
3403  pfkey_sockaddr_pair_size(family);
3404 
3405  rq = (struct sadb_x_ipsecrequest *)skb_put(skb, size_req);
3406  memset(rq, 0, size_req);
3407  rq->sadb_x_ipsecrequest_len = size_req;
3408  rq->sadb_x_ipsecrequest_proto = proto;
3409  rq->sadb_x_ipsecrequest_mode = mode;
3410  rq->sadb_x_ipsecrequest_level = level;
3411  rq->sadb_x_ipsecrequest_reqid = reqid;
3412 
3413  sa = (u8 *) (rq + 1);
3414  if (!pfkey_sockaddr_fill(src, 0, (struct sockaddr *)sa, family) ||
3415  !pfkey_sockaddr_fill(dst, 0, (struct sockaddr *)(sa + socklen), family))
3416  return -EINVAL;
3417 
3418  return 0;
3419 }
3420 #endif
3421 
3422 #ifdef CONFIG_NET_KEY_MIGRATE
3423 static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
3424  const struct xfrm_migrate *m, int num_bundles,
3425  const struct xfrm_kmaddress *k)
3426 {
3427  int i;
3428  int sasize_sel;
3429  int size = 0;
3430  int size_pol = 0;
3431  struct sk_buff *skb;
3432  struct sadb_msg *hdr;
3433  struct sadb_x_policy *pol;
3434  const struct xfrm_migrate *mp;
3435 
3436  if (type != XFRM_POLICY_TYPE_MAIN)
3437  return 0;
3438 
3439  if (num_bundles <= 0 || num_bundles > XFRM_MAX_DEPTH)
3440  return -EINVAL;
3441 
3442  if (k != NULL) {
3443  /* addresses for KM */
3444  size += PFKEY_ALIGN8(sizeof(struct sadb_x_kmaddress) +
3445  pfkey_sockaddr_pair_size(k->family));
3446  }
3447 
3448  /* selector */
3449  sasize_sel = pfkey_sockaddr_size(sel->family);
3450  if (!sasize_sel)
3451  return -EINVAL;
3452  size += (sizeof(struct sadb_address) + sasize_sel) * 2;
3453 
3454  /* policy info */
3455  size_pol += sizeof(struct sadb_x_policy);
3456 
3457  /* ipsecrequests */
3458  for (i = 0, mp = m; i < num_bundles; i++, mp++) {
3459  /* old locator pair */
3460  size_pol += sizeof(struct sadb_x_ipsecrequest) +
3461  pfkey_sockaddr_pair_size(mp->old_family);
3462  /* new locator pair */
3463  size_pol += sizeof(struct sadb_x_ipsecrequest) +
3464  pfkey_sockaddr_pair_size(mp->new_family);
3465  }
3466 
3467  size += sizeof(struct sadb_msg) + size_pol;
3468 
3469  /* alloc buffer */
3470  skb = alloc_skb(size, GFP_ATOMIC);
3471  if (skb == NULL)
3472  return -ENOMEM;
3473 
3474  hdr = (struct sadb_msg *)skb_put(skb, sizeof(struct sadb_msg));
3475  hdr->sadb_msg_version = PF_KEY_V2;
3476  hdr->sadb_msg_type = SADB_X_MIGRATE;
3477  hdr->sadb_msg_satype = pfkey_proto2satype(m->proto);
3478  hdr->sadb_msg_len = size / 8;
3479  hdr->sadb_msg_errno = 0;
3480  hdr->sadb_msg_reserved = 0;
3481  hdr->sadb_msg_seq = 0;
3482  hdr->sadb_msg_pid = 0;
3483 
3484  /* Addresses to be used by KM for negotiation, if ext is available */
3485  if (k != NULL && (set_sadb_kmaddress(skb, k) < 0))
3486  goto err;
3487 
3488  /* selector src */
3489  set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_SRC, sel);
3490 
3491  /* selector dst */
3492  set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_DST, sel);
3493 
3494  /* policy information */
3495  pol = (struct sadb_x_policy *)skb_put(skb, sizeof(struct sadb_x_policy));
3496  pol->sadb_x_policy_len = size_pol / 8;
3497  pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3498  pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
3499  pol->sadb_x_policy_dir = dir + 1;
3500  pol->sadb_x_policy_id = 0;
3501  pol->sadb_x_policy_priority = 0;
3502 
3503  for (i = 0, mp = m; i < num_bundles; i++, mp++) {
3504  /* old ipsecrequest */
3505  int mode = pfkey_mode_from_xfrm(mp->mode);
3506  if (mode < 0)
3507  goto err;
3508  if (set_ipsecrequest(skb, mp->proto, mode,
3509  (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
3510  mp->reqid, mp->old_family,
3511  &mp->old_saddr, &mp->old_daddr) < 0)
3512  goto err;
3513 
3514  /* new ipsecrequest */
3515  if (set_ipsecrequest(skb, mp->proto, mode,
3516  (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
3517  mp->reqid, mp->new_family,
3518  &mp->new_saddr, &mp->new_daddr) < 0)
3519  goto err;
3520  }
3521 
3522  /* broadcast migrate message to sockets */
3523  pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, &init_net);
3524 
3525  return 0;
3526 
3527 err:
3528  kfree_skb(skb);
3529  return -EINVAL;
3530 }
3531 #else
3532 static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
3533  const struct xfrm_migrate *m, int num_bundles,
3534  const struct xfrm_kmaddress *k)
3535 {
3536  return -ENOPROTOOPT;
3537 }
3538 #endif
3539 
3540 static int pfkey_sendmsg(struct kiocb *kiocb,
3541  struct socket *sock, struct msghdr *msg, size_t len)
3542 {
3543  struct sock *sk = sock->sk;
3544  struct sk_buff *skb = NULL;
3545  struct sadb_msg *hdr = NULL;
3546  int err;
3547 
3548  err = -EOPNOTSUPP;
3549  if (msg->msg_flags & MSG_OOB)
3550  goto out;
3551 
3552  err = -EMSGSIZE;
3553  if ((unsigned int)len > sk->sk_sndbuf - 32)
3554  goto out;
3555 
3556  err = -ENOBUFS;
3557  skb = alloc_skb(len, GFP_KERNEL);
3558  if (skb == NULL)
3559  goto out;
3560 
3561  err = -EFAULT;
3562  if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len))
3563  goto out;
3564 
3565  hdr = pfkey_get_base_msg(skb, &err);
3566  if (!hdr)
3567  goto out;
3568 
3569  mutex_lock(&xfrm_cfg_mutex);
3570  err = pfkey_process(sk, skb, hdr);
3571  mutex_unlock(&xfrm_cfg_mutex);
3572 
3573 out:
3574  if (err && hdr && pfkey_error(hdr, err, sk) == 0)
3575  err = 0;
3576  kfree_skb(skb);
3577 
3578  return err ? : len;
3579 }
3580 
3581 static int pfkey_recvmsg(struct kiocb *kiocb,
3582  struct socket *sock, struct msghdr *msg, size_t len,
3583  int flags)
3584 {
3585  struct sock *sk = sock->sk;
3586  struct pfkey_sock *pfk = pfkey_sk(sk);
3587  struct sk_buff *skb;
3588  int copied, err;
3589 
3590  err = -EINVAL;
3591  if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
3592  goto out;
3593 
3594  msg->msg_namelen = 0;
3595  skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err);
3596  if (skb == NULL)
3597  goto out;
3598 
3599  copied = skb->len;
3600  if (copied > len) {
3601  msg->msg_flags |= MSG_TRUNC;
3602  copied = len;
3603  }
3604 
3605  skb_reset_transport_header(skb);
3606  err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
3607  if (err)
3608  goto out_free;
3609 
3610  sock_recv_ts_and_drops(msg, sk, skb);
3611 
3612  err = (flags & MSG_TRUNC) ? skb->len : copied;
3613 
3614  if (pfk->dump.dump != NULL &&
3615  3 * atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf)
3616  pfkey_do_dump(pfk);
3617 
3618 out_free:
3619  skb_free_datagram(sk, skb);
3620 out:
3621  return err;
3622 }
3623 
3624 static const struct proto_ops pfkey_ops = {
3625  .family = PF_KEY,
3626  .owner = THIS_MODULE,
3627  /* Operations that make no sense on pfkey sockets. */
3628  .bind = sock_no_bind,
3629  .connect = sock_no_connect,
3630  .socketpair = sock_no_socketpair,
3631  .accept = sock_no_accept,
3632  .getname = sock_no_getname,
3633  .ioctl = sock_no_ioctl,
3634  .listen = sock_no_listen,
3635  .shutdown = sock_no_shutdown,
3636  .setsockopt = sock_no_setsockopt,
3637  .getsockopt = sock_no_getsockopt,
3638  .mmap = sock_no_mmap,
3639  .sendpage = sock_no_sendpage,
3640 
3641  /* Now the operations that really occur. */
3642  .release = pfkey_release,
3643  .poll = datagram_poll,
3644  .sendmsg = pfkey_sendmsg,
3645  .recvmsg = pfkey_recvmsg,
3646 };
3647 
3648 static const struct net_proto_family pfkey_family_ops = {
3649  .family = PF_KEY,
3650  .create = pfkey_create,
3651  .owner = THIS_MODULE,
3652 };
3653 
3654 #ifdef CONFIG_PROC_FS
3655 static int pfkey_seq_show(struct seq_file *f, void *v)
3656 {
3657  struct sock *s = sk_entry(v);
3658 
3659  if (v == SEQ_START_TOKEN)
3660  seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n");
3661  else
3662  seq_printf(f, "%pK %-6d %-6u %-6u %-6u %-6lu\n",
3663  s,
3664  atomic_read(&s->sk_refcnt),
3665  sk_rmem_alloc_get(s),
3666  sk_wmem_alloc_get(s),
3667  from_kuid_munged(seq_user_ns(f), sock_i_uid(s)),
3668  sock_i_ino(s)
3669  );
3670  return 0;
3671 }
3672 
3673 static void *pfkey_seq_start(struct seq_file *f, loff_t *ppos)
3674  __acquires(rcu)
3675 {
3676  struct net *net = seq_file_net(f);
3677  struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3678 
3679  rcu_read_lock();
3680  return seq_hlist_start_head_rcu(&net_pfkey->table, *ppos);
3681 }
3682 
3683 static void *pfkey_seq_next(struct seq_file *f, void *v, loff_t *ppos)
3684 {
3685  struct net *net = seq_file_net(f);
3686  struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3687 
3688  return seq_hlist_next_rcu(v, &net_pfkey->table, ppos);
3689 }
3690 
3691 static void pfkey_seq_stop(struct seq_file *f, void *v)
3692  __releases(rcu)
3693 {
3694  rcu_read_unlock();
3695 }
3696 
3697 static const struct seq_operations pfkey_seq_ops = {
3698  .start = pfkey_seq_start,
3699  .next = pfkey_seq_next,
3700  .stop = pfkey_seq_stop,
3701  .show = pfkey_seq_show,
3702 };
3703 
3704 static int pfkey_seq_open(struct inode *inode, struct file *file)
3705 {
3706  return seq_open_net(inode, file, &pfkey_seq_ops,
3707  sizeof(struct seq_net_private));
3708 }
3709 
3710 static const struct file_operations pfkey_proc_ops = {
3711  .open = pfkey_seq_open,
3712  .read = seq_read,
3713  .llseek = seq_lseek,
3714  .release = seq_release_net,
3715 };
3716 
3717 static int __net_init pfkey_init_proc(struct net *net)
3718 {
3719  struct proc_dir_entry *e;
3720 
3721  e = proc_net_fops_create(net, "pfkey", 0, &pfkey_proc_ops);
3722  if (e == NULL)
3723  return -ENOMEM;
3724 
3725  return 0;
3726 }
3727 
3728 static void __net_exit pfkey_exit_proc(struct net *net)
3729 {
3730  proc_net_remove(net, "pfkey");
3731 }
3732 #else
3733 static inline int pfkey_init_proc(struct net *net)
3734 {
3735  return 0;
3736 }
3737 
3738 static inline void pfkey_exit_proc(struct net *net)
3739 {
3740 }
3741 #endif
3742 
3743 static struct xfrm_mgr pfkeyv2_mgr =
3744 {
3745  .id = "pfkeyv2",
3746  .notify = pfkey_send_notify,
3747  .acquire = pfkey_send_acquire,
3748  .compile_policy = pfkey_compile_policy,
3749  .new_mapping = pfkey_send_new_mapping,
3750  .notify_policy = pfkey_send_policy_notify,
3751  .migrate = pfkey_send_migrate,
3752 };
3753 
3754 static int __net_init pfkey_net_init(struct net *net)
3755 {
3756  struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3757  int rv;
3758 
3759  INIT_HLIST_HEAD(&net_pfkey->table);
3760  atomic_set(&net_pfkey->socks_nr, 0);
3761 
3762  rv = pfkey_init_proc(net);
3763 
3764  return rv;
3765 }
3766 
3767 static void __net_exit pfkey_net_exit(struct net *net)
3768 {
3769  struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3770 
3771  pfkey_exit_proc(net);
3772  BUG_ON(!hlist_empty(&net_pfkey->table));
3773 }
3774 
3775 static struct pernet_operations pfkey_net_ops = {
3776  .init = pfkey_net_init,
3777  .exit = pfkey_net_exit,
3778  .id = &pfkey_net_id,
3779  .size = sizeof(struct netns_pfkey),
3780 };
3781 
3782 static void __exit ipsec_pfkey_exit(void)
3783 {
3784  xfrm_unregister_km(&pfkeyv2_mgr);
3785  sock_unregister(PF_KEY);
3786  unregister_pernet_subsys(&pfkey_net_ops);
3787  proto_unregister(&key_proto);
3788 }
3789 
3790 static int __init ipsec_pfkey_init(void)
3791 {
3792  int err = proto_register(&key_proto, 0);
3793 
3794  if (err != 0)
3795  goto out;
3796 
3797  err = register_pernet_subsys(&pfkey_net_ops);
3798  if (err != 0)
3799  goto out_unregister_key_proto;
3800  err = sock_register(&pfkey_family_ops);
3801  if (err != 0)
3802  goto out_unregister_pernet;
3803  err = xfrm_register_km(&pfkeyv2_mgr);
3804  if (err != 0)
3805  goto out_sock_unregister;
3806 out:
3807  return err;
3808 
3809 out_sock_unregister:
3810  sock_unregister(PF_KEY);
3811 out_unregister_pernet:
3812  unregister_pernet_subsys(&pfkey_net_ops);
3813 out_unregister_key_proto:
3814  proto_unregister(&key_proto);
3815  goto out;
3816 }
3817 
3818 module_init(ipsec_pfkey_init);
3819 module_exit(ipsec_pfkey_exit);
3820 MODULE_LICENSE("GPL");
3821 MODULE_ALIAS_NETPROTO(PF_KEY);
Generated on Thu Jan 10 2013 14:59:46 for Linux Kernel by   doxygen 1.8.2