Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * net/key/af_key.c An implementation of PF_KEYv2 sockets.
4 *
5 * Authors: Maxim Giryaev <gem@asplinux.ru>
6 * David S. Miller <davem@redhat.com>
7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
9 * Kazunori MIYAZAWA / USAGI Project <miyazawa@linux-ipv6.org>
10 * Derek Atkins <derek@ihtfp.com>
11 */
12
13#include <linux/capability.h>
14#include <linux/module.h>
15#include <linux/kernel.h>
16#include <linux/socket.h>
17#include <linux/pfkeyv2.h>
18#include <linux/ipsec.h>
19#include <linux/skbuff.h>
20#include <linux/rtnetlink.h>
21#include <linux/in.h>
22#include <linux/in6.h>
23#include <linux/proc_fs.h>
24#include <linux/init.h>
25#include <linux/slab.h>
26#include <net/net_namespace.h>
27#include <net/netns/generic.h>
28#include <net/xfrm.h>
29
30#include <net/sock.h>
31
32#define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x))
33#define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x))
34
35static unsigned int pfkey_net_id __read_mostly;
36struct netns_pfkey {
37 /* List of all pfkey sockets. */
38 struct hlist_head table;
39 atomic_t socks_nr;
40};
41static DEFINE_MUTEX(pfkey_mutex);
42
43#define DUMMY_MARK 0
44static const struct xfrm_mark dummy_mark = {0, 0};
45struct pfkey_sock {
46 /* struct sock must be the first member of struct pfkey_sock */
47 struct sock sk;
48 int registered;
49 int promisc;
50
51 struct {
52 uint8_t msg_version;
53 uint32_t msg_portid;
54 int (*dump)(struct pfkey_sock *sk);
55 void (*done)(struct pfkey_sock *sk);
56 union {
57 struct xfrm_policy_walk policy;
58 struct xfrm_state_walk state;
59 } u;
60 struct sk_buff *skb;
61 } dump;
62 struct mutex dump_lock;
63};
64
65static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
66 xfrm_address_t *saddr, xfrm_address_t *daddr,
67 u16 *family);
68
69static inline struct pfkey_sock *pfkey_sk(struct sock *sk)
70{
71 return (struct pfkey_sock *)sk;
72}
73
74static int pfkey_can_dump(const struct sock *sk)
75{
76 if (3 * atomic_read(&sk->sk_rmem_alloc) <= 2 * sk->sk_rcvbuf)
77 return 1;
78 return 0;
79}
80
81static void pfkey_terminate_dump(struct pfkey_sock *pfk)
82{
83 if (pfk->dump.dump) {
84 if (pfk->dump.skb) {
85 kfree_skb(pfk->dump.skb);
86 pfk->dump.skb = NULL;
87 }
88 pfk->dump.done(pfk);
89 pfk->dump.dump = NULL;
90 pfk->dump.done = NULL;
91 }
92}
93
94static void pfkey_sock_destruct(struct sock *sk)
95{
96 struct net *net = sock_net(sk);
97 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
98
99 pfkey_terminate_dump(pfkey_sk(sk));
100 skb_queue_purge(&sk->sk_receive_queue);
101
102 if (!sock_flag(sk, SOCK_DEAD)) {
103 pr_err("Attempt to release alive pfkey socket: %p\n", sk);
104 return;
105 }
106
107 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
108 WARN_ON(refcount_read(&sk->sk_wmem_alloc));
109
110 atomic_dec(&net_pfkey->socks_nr);
111}
112
113static const struct proto_ops pfkey_ops;
114
115static void pfkey_insert(struct sock *sk)
116{
117 struct net *net = sock_net(sk);
118 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
119
120 mutex_lock(&pfkey_mutex);
121 sk_add_node_rcu(sk, &net_pfkey->table);
122 mutex_unlock(&pfkey_mutex);
123}
124
125static void pfkey_remove(struct sock *sk)
126{
127 mutex_lock(&pfkey_mutex);
128 sk_del_node_init_rcu(sk);
129 mutex_unlock(&pfkey_mutex);
130}
131
132static struct proto key_proto = {
133 .name = "KEY",
134 .owner = THIS_MODULE,
135 .obj_size = sizeof(struct pfkey_sock),
136};
137
138static int pfkey_create(struct net *net, struct socket *sock, int protocol,
139 int kern)
140{
141 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
142 struct sock *sk;
143 struct pfkey_sock *pfk;
144 int err;
145
146 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
147 return -EPERM;
148 if (sock->type != SOCK_RAW)
149 return -ESOCKTNOSUPPORT;
150 if (protocol != PF_KEY_V2)
151 return -EPROTONOSUPPORT;
152
153 err = -ENOMEM;
154 sk = sk_alloc(net, PF_KEY, GFP_KERNEL, &key_proto, kern);
155 if (sk == NULL)
156 goto out;
157
158 pfk = pfkey_sk(sk);
159 mutex_init(&pfk->dump_lock);
160
161 sock->ops = &pfkey_ops;
162 sock_init_data(sock, sk);
163
164 sk->sk_family = PF_KEY;
165 sk->sk_destruct = pfkey_sock_destruct;
166
167 atomic_inc(&net_pfkey->socks_nr);
168
169 pfkey_insert(sk);
170
171 return 0;
172out:
173 return err;
174}
175
176static int pfkey_release(struct socket *sock)
177{
178 struct sock *sk = sock->sk;
179
180 if (!sk)
181 return 0;
182
183 pfkey_remove(sk);
184
185 sock_orphan(sk);
186 sock->sk = NULL;
187 skb_queue_purge(&sk->sk_write_queue);
188
189 synchronize_rcu();
190 sock_put(sk);
191
192 return 0;
193}
194
195static int pfkey_broadcast_one(struct sk_buff *skb, gfp_t allocation,
196 struct sock *sk)
197{
198 int err = -ENOBUFS;
199
200 if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf)
201 return err;
202
203 skb = skb_clone(skb, allocation);
204
205 if (skb) {
206 skb_set_owner_r(skb, sk);
207 skb_queue_tail(&sk->sk_receive_queue, skb);
208 sk->sk_data_ready(sk);
209 err = 0;
210 }
211 return err;
212}
213
214/* Send SKB to all pfkey sockets matching selected criteria. */
215#define BROADCAST_ALL 0
216#define BROADCAST_ONE 1
217#define BROADCAST_REGISTERED 2
218#define BROADCAST_PROMISC_ONLY 4
219static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
220 int broadcast_flags, struct sock *one_sk,
221 struct net *net)
222{
223 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
224 struct sock *sk;
225 int err = -ESRCH;
226
227 /* XXX Do we need something like netlink_overrun? I think
228 * XXX PF_KEY socket apps will not mind current behavior.
229 */
230 if (!skb)
231 return -ENOMEM;
232
233 rcu_read_lock();
234 sk_for_each_rcu(sk, &net_pfkey->table) {
235 struct pfkey_sock *pfk = pfkey_sk(sk);
236 int err2;
237
238 /* Yes, it means that if you are meant to receive this
239 * pfkey message you receive it twice as promiscuous
240 * socket.
241 */
242 if (pfk->promisc)
243 pfkey_broadcast_one(skb, GFP_ATOMIC, sk);
244
245 /* the exact target will be processed later */
246 if (sk == one_sk)
247 continue;
248 if (broadcast_flags != BROADCAST_ALL) {
249 if (broadcast_flags & BROADCAST_PROMISC_ONLY)
250 continue;
251 if ((broadcast_flags & BROADCAST_REGISTERED) &&
252 !pfk->registered)
253 continue;
254 if (broadcast_flags & BROADCAST_ONE)
255 continue;
256 }
257
258 err2 = pfkey_broadcast_one(skb, GFP_ATOMIC, sk);
259
260 /* Error is cleared after successful sending to at least one
261 * registered KM */
262 if ((broadcast_flags & BROADCAST_REGISTERED) && err)
263 err = err2;
264 }
265 rcu_read_unlock();
266
267 if (one_sk != NULL)
268 err = pfkey_broadcast_one(skb, allocation, one_sk);
269
270 kfree_skb(skb);
271 return err;
272}
273
274static int pfkey_do_dump(struct pfkey_sock *pfk)
275{
276 struct sadb_msg *hdr;
277 int rc;
278
279 mutex_lock(&pfk->dump_lock);
280 if (!pfk->dump.dump) {
281 rc = 0;
282 goto out;
283 }
284
285 rc = pfk->dump.dump(pfk);
286 if (rc == -ENOBUFS) {
287 rc = 0;
288 goto out;
289 }
290
291 if (pfk->dump.skb) {
292 if (!pfkey_can_dump(&pfk->sk)) {
293 rc = 0;
294 goto out;
295 }
296
297 hdr = (struct sadb_msg *) pfk->dump.skb->data;
298 hdr->sadb_msg_seq = 0;
299 hdr->sadb_msg_errno = rc;
300 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
301 &pfk->sk, sock_net(&pfk->sk));
302 pfk->dump.skb = NULL;
303 }
304
305 pfkey_terminate_dump(pfk);
306
307out:
308 mutex_unlock(&pfk->dump_lock);
309 return rc;
310}
311
312static inline void pfkey_hdr_dup(struct sadb_msg *new,
313 const struct sadb_msg *orig)
314{
315 *new = *orig;
316}
317
318static int pfkey_error(const struct sadb_msg *orig, int err, struct sock *sk)
319{
320 struct sk_buff *skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_KERNEL);
321 struct sadb_msg *hdr;
322
323 if (!skb)
324 return -ENOBUFS;
325
326 /* Woe be to the platform trying to support PFKEY yet
327 * having normal errnos outside the 1-255 range, inclusive.
328 */
329 err = -err;
330 if (err == ERESTARTSYS ||
331 err == ERESTARTNOHAND ||
332 err == ERESTARTNOINTR)
333 err = EINTR;
334 if (err >= 512)
335 err = EINVAL;
336 BUG_ON(err <= 0 || err >= 256);
337
338 hdr = skb_put(skb, sizeof(struct sadb_msg));
339 pfkey_hdr_dup(hdr, orig);
340 hdr->sadb_msg_errno = (uint8_t) err;
341 hdr->sadb_msg_len = (sizeof(struct sadb_msg) /
342 sizeof(uint64_t));
343
344 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ONE, sk, sock_net(sk));
345
346 return 0;
347}
348
349static const u8 sadb_ext_min_len[] = {
350 [SADB_EXT_RESERVED] = (u8) 0,
351 [SADB_EXT_SA] = (u8) sizeof(struct sadb_sa),
352 [SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime),
353 [SADB_EXT_LIFETIME_HARD] = (u8) sizeof(struct sadb_lifetime),
354 [SADB_EXT_LIFETIME_SOFT] = (u8) sizeof(struct sadb_lifetime),
355 [SADB_EXT_ADDRESS_SRC] = (u8) sizeof(struct sadb_address),
356 [SADB_EXT_ADDRESS_DST] = (u8) sizeof(struct sadb_address),
357 [SADB_EXT_ADDRESS_PROXY] = (u8) sizeof(struct sadb_address),
358 [SADB_EXT_KEY_AUTH] = (u8) sizeof(struct sadb_key),
359 [SADB_EXT_KEY_ENCRYPT] = (u8) sizeof(struct sadb_key),
360 [SADB_EXT_IDENTITY_SRC] = (u8) sizeof(struct sadb_ident),
361 [SADB_EXT_IDENTITY_DST] = (u8) sizeof(struct sadb_ident),
362 [SADB_EXT_SENSITIVITY] = (u8) sizeof(struct sadb_sens),
363 [SADB_EXT_PROPOSAL] = (u8) sizeof(struct sadb_prop),
364 [SADB_EXT_SUPPORTED_AUTH] = (u8) sizeof(struct sadb_supported),
365 [SADB_EXT_SUPPORTED_ENCRYPT] = (u8) sizeof(struct sadb_supported),
366 [SADB_EXT_SPIRANGE] = (u8) sizeof(struct sadb_spirange),
367 [SADB_X_EXT_KMPRIVATE] = (u8) sizeof(struct sadb_x_kmprivate),
368 [SADB_X_EXT_POLICY] = (u8) sizeof(struct sadb_x_policy),
369 [SADB_X_EXT_SA2] = (u8) sizeof(struct sadb_x_sa2),
370 [SADB_X_EXT_NAT_T_TYPE] = (u8) sizeof(struct sadb_x_nat_t_type),
371 [SADB_X_EXT_NAT_T_SPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
372 [SADB_X_EXT_NAT_T_DPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
373 [SADB_X_EXT_NAT_T_OA] = (u8) sizeof(struct sadb_address),
374 [SADB_X_EXT_SEC_CTX] = (u8) sizeof(struct sadb_x_sec_ctx),
375 [SADB_X_EXT_KMADDRESS] = (u8) sizeof(struct sadb_x_kmaddress),
376 [SADB_X_EXT_FILTER] = (u8) sizeof(struct sadb_x_filter),
377};
378
379/* Verify sadb_address_{len,prefixlen} against sa_family. */
380static int verify_address_len(const void *p)
381{
382 const struct sadb_address *sp = p;
383 const struct sockaddr *addr = (const struct sockaddr *)(sp + 1);
384 const struct sockaddr_in *sin;
385#if IS_ENABLED(CONFIG_IPV6)
386 const struct sockaddr_in6 *sin6;
387#endif
388 int len;
389
390 if (sp->sadb_address_len <
391 DIV_ROUND_UP(sizeof(*sp) + offsetofend(typeof(*addr), sa_family),
392 sizeof(uint64_t)))
393 return -EINVAL;
394
395 switch (addr->sa_family) {
396 case AF_INET:
397 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin), sizeof(uint64_t));
398 if (sp->sadb_address_len != len ||
399 sp->sadb_address_prefixlen > 32)
400 return -EINVAL;
401 break;
402#if IS_ENABLED(CONFIG_IPV6)
403 case AF_INET6:
404 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin6), sizeof(uint64_t));
405 if (sp->sadb_address_len != len ||
406 sp->sadb_address_prefixlen > 128)
407 return -EINVAL;
408 break;
409#endif
410 default:
411 /* It is user using kernel to keep track of security
412 * associations for another protocol, such as
413 * OSPF/RSVP/RIPV2/MIP. It is user's job to verify
414 * lengths.
415 *
416 * XXX Actually, association/policy database is not yet
417 * XXX able to cope with arbitrary sockaddr families.
418 * XXX When it can, remove this -EINVAL. -DaveM
419 */
420 return -EINVAL;
421 }
422
423 return 0;
424}
425
426static inline int sadb_key_len(const struct sadb_key *key)
427{
428 int key_bytes = DIV_ROUND_UP(key->sadb_key_bits, 8);
429
430 return DIV_ROUND_UP(sizeof(struct sadb_key) + key_bytes,
431 sizeof(uint64_t));
432}
433
434static int verify_key_len(const void *p)
435{
436 const struct sadb_key *key = p;
437
438 if (sadb_key_len(key) > key->sadb_key_len)
439 return -EINVAL;
440
441 return 0;
442}
443
444static inline int pfkey_sec_ctx_len(const struct sadb_x_sec_ctx *sec_ctx)
445{
446 return DIV_ROUND_UP(sizeof(struct sadb_x_sec_ctx) +
447 sec_ctx->sadb_x_ctx_len,
448 sizeof(uint64_t));
449}
450
451static inline int verify_sec_ctx_len(const void *p)
452{
453 const struct sadb_x_sec_ctx *sec_ctx = p;
454 int len = sec_ctx->sadb_x_ctx_len;
455
456 if (len > PAGE_SIZE)
457 return -EINVAL;
458
459 len = pfkey_sec_ctx_len(sec_ctx);
460
461 if (sec_ctx->sadb_x_sec_len != len)
462 return -EINVAL;
463
464 return 0;
465}
466
467static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(const struct sadb_x_sec_ctx *sec_ctx,
468 gfp_t gfp)
469{
470 struct xfrm_user_sec_ctx *uctx = NULL;
471 int ctx_size = sec_ctx->sadb_x_ctx_len;
472
473 uctx = kmalloc((sizeof(*uctx)+ctx_size), gfp);
474
475 if (!uctx)
476 return NULL;
477
478 uctx->len = pfkey_sec_ctx_len(sec_ctx);
479 uctx->exttype = sec_ctx->sadb_x_sec_exttype;
480 uctx->ctx_doi = sec_ctx->sadb_x_ctx_doi;
481 uctx->ctx_alg = sec_ctx->sadb_x_ctx_alg;
482 uctx->ctx_len = sec_ctx->sadb_x_ctx_len;
483 memcpy(uctx + 1, sec_ctx + 1,
484 uctx->ctx_len);
485
486 return uctx;
487}
488
489static int present_and_same_family(const struct sadb_address *src,
490 const struct sadb_address *dst)
491{
492 const struct sockaddr *s_addr, *d_addr;
493
494 if (!src || !dst)
495 return 0;
496
497 s_addr = (const struct sockaddr *)(src + 1);
498 d_addr = (const struct sockaddr *)(dst + 1);
499 if (s_addr->sa_family != d_addr->sa_family)
500 return 0;
501 if (s_addr->sa_family != AF_INET
502#if IS_ENABLED(CONFIG_IPV6)
503 && s_addr->sa_family != AF_INET6
504#endif
505 )
506 return 0;
507
508 return 1;
509}
510
511static int parse_exthdrs(struct sk_buff *skb, const struct sadb_msg *hdr, void **ext_hdrs)
512{
513 const char *p = (char *) hdr;
514 int len = skb->len;
515
516 len -= sizeof(*hdr);
517 p += sizeof(*hdr);
518 while (len > 0) {
519 const struct sadb_ext *ehdr = (const struct sadb_ext *) p;
520 uint16_t ext_type;
521 int ext_len;
522
523 if (len < sizeof(*ehdr))
524 return -EINVAL;
525
526 ext_len = ehdr->sadb_ext_len;
527 ext_len *= sizeof(uint64_t);
528 ext_type = ehdr->sadb_ext_type;
529 if (ext_len < sizeof(uint64_t) ||
530 ext_len > len ||
531 ext_type == SADB_EXT_RESERVED)
532 return -EINVAL;
533
534 if (ext_type <= SADB_EXT_MAX) {
535 int min = (int) sadb_ext_min_len[ext_type];
536 if (ext_len < min)
537 return -EINVAL;
538 if (ext_hdrs[ext_type-1] != NULL)
539 return -EINVAL;
540 switch (ext_type) {
541 case SADB_EXT_ADDRESS_SRC:
542 case SADB_EXT_ADDRESS_DST:
543 case SADB_EXT_ADDRESS_PROXY:
544 case SADB_X_EXT_NAT_T_OA:
545 if (verify_address_len(p))
546 return -EINVAL;
547 break;
548 case SADB_X_EXT_SEC_CTX:
549 if (verify_sec_ctx_len(p))
550 return -EINVAL;
551 break;
552 case SADB_EXT_KEY_AUTH:
553 case SADB_EXT_KEY_ENCRYPT:
554 if (verify_key_len(p))
555 return -EINVAL;
556 break;
557 default:
558 break;
559 }
560 ext_hdrs[ext_type-1] = (void *) p;
561 }
562 p += ext_len;
563 len -= ext_len;
564 }
565
566 return 0;
567}
568
569static uint16_t
570pfkey_satype2proto(uint8_t satype)
571{
572 switch (satype) {
573 case SADB_SATYPE_UNSPEC:
574 return IPSEC_PROTO_ANY;
575 case SADB_SATYPE_AH:
576 return IPPROTO_AH;
577 case SADB_SATYPE_ESP:
578 return IPPROTO_ESP;
579 case SADB_X_SATYPE_IPCOMP:
580 return IPPROTO_COMP;
581 default:
582 return 0;
583 }
584 /* NOTREACHED */
585}
586
587static uint8_t
588pfkey_proto2satype(uint16_t proto)
589{
590 switch (proto) {
591 case IPPROTO_AH:
592 return SADB_SATYPE_AH;
593 case IPPROTO_ESP:
594 return SADB_SATYPE_ESP;
595 case IPPROTO_COMP:
596 return SADB_X_SATYPE_IPCOMP;
597 default:
598 return 0;
599 }
600 /* NOTREACHED */
601}
602
603/* BTW, this scheme means that there is no way with PFKEY2 sockets to
604 * say specifically 'just raw sockets' as we encode them as 255.
605 */
606
607static uint8_t pfkey_proto_to_xfrm(uint8_t proto)
608{
609 return proto == IPSEC_PROTO_ANY ? 0 : proto;
610}
611
612static uint8_t pfkey_proto_from_xfrm(uint8_t proto)
613{
614 return proto ? proto : IPSEC_PROTO_ANY;
615}
616
617static inline int pfkey_sockaddr_len(sa_family_t family)
618{
619 switch (family) {
620 case AF_INET:
621 return sizeof(struct sockaddr_in);
622#if IS_ENABLED(CONFIG_IPV6)
623 case AF_INET6:
624 return sizeof(struct sockaddr_in6);
625#endif
626 }
627 return 0;
628}
629
630static
631int pfkey_sockaddr_extract(const struct sockaddr *sa, xfrm_address_t *xaddr)
632{
633 switch (sa->sa_family) {
634 case AF_INET:
635 xaddr->a4 =
636 ((struct sockaddr_in *)sa)->sin_addr.s_addr;
637 return AF_INET;
638#if IS_ENABLED(CONFIG_IPV6)
639 case AF_INET6:
640 memcpy(xaddr->a6,
641 &((struct sockaddr_in6 *)sa)->sin6_addr,
642 sizeof(struct in6_addr));
643 return AF_INET6;
644#endif
645 }
646 return 0;
647}
648
649static
650int pfkey_sadb_addr2xfrm_addr(const struct sadb_address *addr, xfrm_address_t *xaddr)
651{
652 return pfkey_sockaddr_extract((struct sockaddr *)(addr + 1),
653 xaddr);
654}
655
656static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, const struct sadb_msg *hdr, void * const *ext_hdrs)
657{
658 const struct sadb_sa *sa;
659 const struct sadb_address *addr;
660 uint16_t proto;
661 unsigned short family;
662 xfrm_address_t *xaddr;
663
664 sa = ext_hdrs[SADB_EXT_SA - 1];
665 if (sa == NULL)
666 return NULL;
667
668 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
669 if (proto == 0)
670 return NULL;
671
672 /* sadb_address_len should be checked by caller */
673 addr = ext_hdrs[SADB_EXT_ADDRESS_DST - 1];
674 if (addr == NULL)
675 return NULL;
676
677 family = ((const struct sockaddr *)(addr + 1))->sa_family;
678 switch (family) {
679 case AF_INET:
680 xaddr = (xfrm_address_t *)&((const struct sockaddr_in *)(addr + 1))->sin_addr;
681 break;
682#if IS_ENABLED(CONFIG_IPV6)
683 case AF_INET6:
684 xaddr = (xfrm_address_t *)&((const struct sockaddr_in6 *)(addr + 1))->sin6_addr;
685 break;
686#endif
687 default:
688 xaddr = NULL;
689 }
690
691 if (!xaddr)
692 return NULL;
693
694 return xfrm_state_lookup(net, DUMMY_MARK, xaddr, sa->sadb_sa_spi, proto, family);
695}
696
697#define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
698
699static int
700pfkey_sockaddr_size(sa_family_t family)
701{
702 return PFKEY_ALIGN8(pfkey_sockaddr_len(family));
703}
704
705static inline int pfkey_mode_from_xfrm(int mode)
706{
707 switch(mode) {
708 case XFRM_MODE_TRANSPORT:
709 return IPSEC_MODE_TRANSPORT;
710 case XFRM_MODE_TUNNEL:
711 return IPSEC_MODE_TUNNEL;
712 case XFRM_MODE_BEET:
713 return IPSEC_MODE_BEET;
714 default:
715 return -1;
716 }
717}
718
719static inline int pfkey_mode_to_xfrm(int mode)
720{
721 switch(mode) {
722 case IPSEC_MODE_ANY: /*XXX*/
723 case IPSEC_MODE_TRANSPORT:
724 return XFRM_MODE_TRANSPORT;
725 case IPSEC_MODE_TUNNEL:
726 return XFRM_MODE_TUNNEL;
727 case IPSEC_MODE_BEET:
728 return XFRM_MODE_BEET;
729 default:
730 return -1;
731 }
732}
733
734static unsigned int pfkey_sockaddr_fill(const xfrm_address_t *xaddr, __be16 port,
735 struct sockaddr *sa,
736 unsigned short family)
737{
738 switch (family) {
739 case AF_INET:
740 {
741 struct sockaddr_in *sin = (struct sockaddr_in *)sa;
742 sin->sin_family = AF_INET;
743 sin->sin_port = port;
744 sin->sin_addr.s_addr = xaddr->a4;
745 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
746 return 32;
747 }
748#if IS_ENABLED(CONFIG_IPV6)
749 case AF_INET6:
750 {
751 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
752 sin6->sin6_family = AF_INET6;
753 sin6->sin6_port = port;
754 sin6->sin6_flowinfo = 0;
755 sin6->sin6_addr = xaddr->in6;
756 sin6->sin6_scope_id = 0;
757 return 128;
758 }
759#endif
760 }
761 return 0;
762}
763
764static struct sk_buff *__pfkey_xfrm_state2msg(const struct xfrm_state *x,
765 int add_keys, int hsc)
766{
767 struct sk_buff *skb;
768 struct sadb_msg *hdr;
769 struct sadb_sa *sa;
770 struct sadb_lifetime *lifetime;
771 struct sadb_address *addr;
772 struct sadb_key *key;
773 struct sadb_x_sa2 *sa2;
774 struct sadb_x_sec_ctx *sec_ctx;
775 struct xfrm_sec_ctx *xfrm_ctx;
776 int ctx_size = 0;
777 int size;
778 int auth_key_size = 0;
779 int encrypt_key_size = 0;
780 int sockaddr_size;
781 struct xfrm_encap_tmpl *natt = NULL;
782 int mode;
783
784 /* address family check */
785 sockaddr_size = pfkey_sockaddr_size(x->props.family);
786 if (!sockaddr_size)
787 return ERR_PTR(-EINVAL);
788
789 /* base, SA, (lifetime (HSC),) address(SD), (address(P),)
790 key(AE), (identity(SD),) (sensitivity)> */
791 size = sizeof(struct sadb_msg) +sizeof(struct sadb_sa) +
792 sizeof(struct sadb_lifetime) +
793 ((hsc & 1) ? sizeof(struct sadb_lifetime) : 0) +
794 ((hsc & 2) ? sizeof(struct sadb_lifetime) : 0) +
795 sizeof(struct sadb_address)*2 +
796 sockaddr_size*2 +
797 sizeof(struct sadb_x_sa2);
798
799 if ((xfrm_ctx = x->security)) {
800 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
801 size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
802 }
803
804 /* identity & sensitivity */
805 if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, x->props.family))
806 size += sizeof(struct sadb_address) + sockaddr_size;
807
808 if (add_keys) {
809 if (x->aalg && x->aalg->alg_key_len) {
810 auth_key_size =
811 PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8);
812 size += sizeof(struct sadb_key) + auth_key_size;
813 }
814 if (x->ealg && x->ealg->alg_key_len) {
815 encrypt_key_size =
816 PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8);
817 size += sizeof(struct sadb_key) + encrypt_key_size;
818 }
819 }
820 if (x->encap)
821 natt = x->encap;
822
823 if (natt && natt->encap_type) {
824 size += sizeof(struct sadb_x_nat_t_type);
825 size += sizeof(struct sadb_x_nat_t_port);
826 size += sizeof(struct sadb_x_nat_t_port);
827 }
828
829 skb = alloc_skb(size + 16, GFP_ATOMIC);
830 if (skb == NULL)
831 return ERR_PTR(-ENOBUFS);
832
833 /* call should fill header later */
834 hdr = skb_put(skb, sizeof(struct sadb_msg));
835 memset(hdr, 0, size); /* XXX do we need this ? */
836 hdr->sadb_msg_len = size / sizeof(uint64_t);
837
838 /* sa */
839 sa = skb_put(skb, sizeof(struct sadb_sa));
840 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
841 sa->sadb_sa_exttype = SADB_EXT_SA;
842 sa->sadb_sa_spi = x->id.spi;
843 sa->sadb_sa_replay = x->props.replay_window;
844 switch (x->km.state) {
845 case XFRM_STATE_VALID:
846 sa->sadb_sa_state = x->km.dying ?
847 SADB_SASTATE_DYING : SADB_SASTATE_MATURE;
848 break;
849 case XFRM_STATE_ACQ:
850 sa->sadb_sa_state = SADB_SASTATE_LARVAL;
851 break;
852 default:
853 sa->sadb_sa_state = SADB_SASTATE_DEAD;
854 break;
855 }
856 sa->sadb_sa_auth = 0;
857 if (x->aalg) {
858 struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
859 sa->sadb_sa_auth = (a && a->pfkey_supported) ?
860 a->desc.sadb_alg_id : 0;
861 }
862 sa->sadb_sa_encrypt = 0;
863 BUG_ON(x->ealg && x->calg);
864 if (x->ealg) {
865 struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0);
866 sa->sadb_sa_encrypt = (a && a->pfkey_supported) ?
867 a->desc.sadb_alg_id : 0;
868 }
869 /* KAME compatible: sadb_sa_encrypt is overloaded with calg id */
870 if (x->calg) {
871 struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0);
872 sa->sadb_sa_encrypt = (a && a->pfkey_supported) ?
873 a->desc.sadb_alg_id : 0;
874 }
875
876 sa->sadb_sa_flags = 0;
877 if (x->props.flags & XFRM_STATE_NOECN)
878 sa->sadb_sa_flags |= SADB_SAFLAGS_NOECN;
879 if (x->props.flags & XFRM_STATE_DECAP_DSCP)
880 sa->sadb_sa_flags |= SADB_SAFLAGS_DECAP_DSCP;
881 if (x->props.flags & XFRM_STATE_NOPMTUDISC)
882 sa->sadb_sa_flags |= SADB_SAFLAGS_NOPMTUDISC;
883
884 /* hard time */
885 if (hsc & 2) {
886 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
887 lifetime->sadb_lifetime_len =
888 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
889 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
890 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.hard_packet_limit);
891 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.hard_byte_limit);
892 lifetime->sadb_lifetime_addtime = x->lft.hard_add_expires_seconds;
893 lifetime->sadb_lifetime_usetime = x->lft.hard_use_expires_seconds;
894 }
895 /* soft time */
896 if (hsc & 1) {
897 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
898 lifetime->sadb_lifetime_len =
899 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
900 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
901 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.soft_packet_limit);
902 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.soft_byte_limit);
903 lifetime->sadb_lifetime_addtime = x->lft.soft_add_expires_seconds;
904 lifetime->sadb_lifetime_usetime = x->lft.soft_use_expires_seconds;
905 }
906 /* current time */
907 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
908 lifetime->sadb_lifetime_len =
909 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
910 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
911 lifetime->sadb_lifetime_allocations = x->curlft.packets;
912 lifetime->sadb_lifetime_bytes = x->curlft.bytes;
913 lifetime->sadb_lifetime_addtime = x->curlft.add_time;
914 lifetime->sadb_lifetime_usetime = x->curlft.use_time;
915 /* src address */
916 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
917 addr->sadb_address_len =
918 (sizeof(struct sadb_address)+sockaddr_size)/
919 sizeof(uint64_t);
920 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
921 /* "if the ports are non-zero, then the sadb_address_proto field,
922 normally zero, MUST be filled in with the transport
923 protocol's number." - RFC2367 */
924 addr->sadb_address_proto = 0;
925 addr->sadb_address_reserved = 0;
926
927 addr->sadb_address_prefixlen =
928 pfkey_sockaddr_fill(&x->props.saddr, 0,
929 (struct sockaddr *) (addr + 1),
930 x->props.family);
931 BUG_ON(!addr->sadb_address_prefixlen);
932
933 /* dst address */
934 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
935 addr->sadb_address_len =
936 (sizeof(struct sadb_address)+sockaddr_size)/
937 sizeof(uint64_t);
938 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
939 addr->sadb_address_proto = 0;
940 addr->sadb_address_reserved = 0;
941
942 addr->sadb_address_prefixlen =
943 pfkey_sockaddr_fill(&x->id.daddr, 0,
944 (struct sockaddr *) (addr + 1),
945 x->props.family);
946 BUG_ON(!addr->sadb_address_prefixlen);
947
948 if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr,
949 x->props.family)) {
950 addr = skb_put(skb,
951 sizeof(struct sadb_address) + sockaddr_size);
952 addr->sadb_address_len =
953 (sizeof(struct sadb_address)+sockaddr_size)/
954 sizeof(uint64_t);
955 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;
956 addr->sadb_address_proto =
957 pfkey_proto_from_xfrm(x->sel.proto);
958 addr->sadb_address_prefixlen = x->sel.prefixlen_s;
959 addr->sadb_address_reserved = 0;
960
961 pfkey_sockaddr_fill(&x->sel.saddr, x->sel.sport,
962 (struct sockaddr *) (addr + 1),
963 x->props.family);
964 }
965
966 /* auth key */
967 if (add_keys && auth_key_size) {
968 key = skb_put(skb, sizeof(struct sadb_key) + auth_key_size);
969 key->sadb_key_len = (sizeof(struct sadb_key) + auth_key_size) /
970 sizeof(uint64_t);
971 key->sadb_key_exttype = SADB_EXT_KEY_AUTH;
972 key->sadb_key_bits = x->aalg->alg_key_len;
973 key->sadb_key_reserved = 0;
974 memcpy(key + 1, x->aalg->alg_key, (x->aalg->alg_key_len+7)/8);
975 }
976 /* encrypt key */
977 if (add_keys && encrypt_key_size) {
978 key = skb_put(skb, sizeof(struct sadb_key) + encrypt_key_size);
979 key->sadb_key_len = (sizeof(struct sadb_key) +
980 encrypt_key_size) / sizeof(uint64_t);
981 key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
982 key->sadb_key_bits = x->ealg->alg_key_len;
983 key->sadb_key_reserved = 0;
984 memcpy(key + 1, x->ealg->alg_key,
985 (x->ealg->alg_key_len+7)/8);
986 }
987
988 /* sa */
989 sa2 = skb_put(skb, sizeof(struct sadb_x_sa2));
990 sa2->sadb_x_sa2_len = sizeof(struct sadb_x_sa2)/sizeof(uint64_t);
991 sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
992 if ((mode = pfkey_mode_from_xfrm(x->props.mode)) < 0) {
993 kfree_skb(skb);
994 return ERR_PTR(-EINVAL);
995 }
996 sa2->sadb_x_sa2_mode = mode;
997 sa2->sadb_x_sa2_reserved1 = 0;
998 sa2->sadb_x_sa2_reserved2 = 0;
999 sa2->sadb_x_sa2_sequence = 0;
1000 sa2->sadb_x_sa2_reqid = x->props.reqid;
1001
1002 if (natt && natt->encap_type) {
1003 struct sadb_x_nat_t_type *n_type;
1004 struct sadb_x_nat_t_port *n_port;
1005
1006 /* type */
1007 n_type = skb_put(skb, sizeof(*n_type));
1008 n_type->sadb_x_nat_t_type_len = sizeof(*n_type)/sizeof(uint64_t);
1009 n_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
1010 n_type->sadb_x_nat_t_type_type = natt->encap_type;
1011 n_type->sadb_x_nat_t_type_reserved[0] = 0;
1012 n_type->sadb_x_nat_t_type_reserved[1] = 0;
1013 n_type->sadb_x_nat_t_type_reserved[2] = 0;
1014
1015 /* source port */
1016 n_port = skb_put(skb, sizeof(*n_port));
1017 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
1018 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
1019 n_port->sadb_x_nat_t_port_port = natt->encap_sport;
1020 n_port->sadb_x_nat_t_port_reserved = 0;
1021
1022 /* dest port */
1023 n_port = skb_put(skb, sizeof(*n_port));
1024 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
1025 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
1026 n_port->sadb_x_nat_t_port_port = natt->encap_dport;
1027 n_port->sadb_x_nat_t_port_reserved = 0;
1028 }
1029
1030 /* security context */
1031 if (xfrm_ctx) {
1032 sec_ctx = skb_put(skb,
1033 sizeof(struct sadb_x_sec_ctx) + ctx_size);
1034 sec_ctx->sadb_x_sec_len =
1035 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
1036 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
1037 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
1038 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
1039 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
1040 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
1041 xfrm_ctx->ctx_len);
1042 }
1043
1044 return skb;
1045}
1046
1047
1048static inline struct sk_buff *pfkey_xfrm_state2msg(const struct xfrm_state *x)
1049{
1050 struct sk_buff *skb;
1051
1052 skb = __pfkey_xfrm_state2msg(x, 1, 3);
1053
1054 return skb;
1055}
1056
1057static inline struct sk_buff *pfkey_xfrm_state2msg_expire(const struct xfrm_state *x,
1058 int hsc)
1059{
1060 return __pfkey_xfrm_state2msg(x, 0, hsc);
1061}
1062
1063static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1064 const struct sadb_msg *hdr,
1065 void * const *ext_hdrs)
1066{
1067 struct xfrm_state *x;
1068 const struct sadb_lifetime *lifetime;
1069 const struct sadb_sa *sa;
1070 const struct sadb_key *key;
1071 const struct sadb_x_sec_ctx *sec_ctx;
1072 uint16_t proto;
1073 int err;
1074
1075
1076 sa = ext_hdrs[SADB_EXT_SA - 1];
1077 if (!sa ||
1078 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1079 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1080 return ERR_PTR(-EINVAL);
1081 if (hdr->sadb_msg_satype == SADB_SATYPE_ESP &&
1082 !ext_hdrs[SADB_EXT_KEY_ENCRYPT-1])
1083 return ERR_PTR(-EINVAL);
1084 if (hdr->sadb_msg_satype == SADB_SATYPE_AH &&
1085 !ext_hdrs[SADB_EXT_KEY_AUTH-1])
1086 return ERR_PTR(-EINVAL);
1087 if (!!ext_hdrs[SADB_EXT_LIFETIME_HARD-1] !=
1088 !!ext_hdrs[SADB_EXT_LIFETIME_SOFT-1])
1089 return ERR_PTR(-EINVAL);
1090
1091 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1092 if (proto == 0)
1093 return ERR_PTR(-EINVAL);
1094
1095 /* default error is no buffer space */
1096 err = -ENOBUFS;
1097
1098 /* RFC2367:
1099
1100 Only SADB_SASTATE_MATURE SAs may be submitted in an SADB_ADD message.
1101 SADB_SASTATE_LARVAL SAs are created by SADB_GETSPI and it is not
1102 sensible to add a new SA in the DYING or SADB_SASTATE_DEAD state.
1103 Therefore, the sadb_sa_state field of all submitted SAs MUST be
1104 SADB_SASTATE_MATURE and the kernel MUST return an error if this is
1105 not true.
1106
1107 However, KAME setkey always uses SADB_SASTATE_LARVAL.
1108 Hence, we have to _ignore_ sadb_sa_state, which is also reasonable.
1109 */
1110 if (sa->sadb_sa_auth > SADB_AALG_MAX ||
1111 (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP &&
1112 sa->sadb_sa_encrypt > SADB_X_CALG_MAX) ||
1113 sa->sadb_sa_encrypt > SADB_EALG_MAX)
1114 return ERR_PTR(-EINVAL);
1115 key = ext_hdrs[SADB_EXT_KEY_AUTH - 1];
1116 if (key != NULL &&
1117 sa->sadb_sa_auth != SADB_X_AALG_NULL &&
1118 key->sadb_key_bits == 0)
1119 return ERR_PTR(-EINVAL);
1120 key = ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
1121 if (key != NULL &&
1122 sa->sadb_sa_encrypt != SADB_EALG_NULL &&
1123 key->sadb_key_bits == 0)
1124 return ERR_PTR(-EINVAL);
1125
1126 x = xfrm_state_alloc(net);
1127 if (x == NULL)
1128 return ERR_PTR(-ENOBUFS);
1129
1130 x->id.proto = proto;
1131 x->id.spi = sa->sadb_sa_spi;
1132 x->props.replay_window = min_t(unsigned int, sa->sadb_sa_replay,
1133 (sizeof(x->replay.bitmap) * 8));
1134 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOECN)
1135 x->props.flags |= XFRM_STATE_NOECN;
1136 if (sa->sadb_sa_flags & SADB_SAFLAGS_DECAP_DSCP)
1137 x->props.flags |= XFRM_STATE_DECAP_DSCP;
1138 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC)
1139 x->props.flags |= XFRM_STATE_NOPMTUDISC;
1140
1141 lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD - 1];
1142 if (lifetime != NULL) {
1143 x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1144 x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1145 x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1146 x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1147 }
1148 lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT - 1];
1149 if (lifetime != NULL) {
1150 x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1151 x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1152 x->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1153 x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1154 }
1155
1156 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
1157 if (sec_ctx != NULL) {
1158 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
1159
1160 if (!uctx)
1161 goto out;
1162
1163 err = security_xfrm_state_alloc(x, uctx);
1164 kfree(uctx);
1165
1166 if (err)
1167 goto out;
1168 }
1169
1170 err = -ENOBUFS;
1171 key = ext_hdrs[SADB_EXT_KEY_AUTH - 1];
1172 if (sa->sadb_sa_auth) {
1173 int keysize = 0;
1174 struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth);
1175 if (!a || !a->pfkey_supported) {
1176 err = -ENOSYS;
1177 goto out;
1178 }
1179 if (key)
1180 keysize = (key->sadb_key_bits + 7) / 8;
1181 x->aalg = kmalloc(sizeof(*x->aalg) + keysize, GFP_KERNEL);
1182 if (!x->aalg) {
1183 err = -ENOMEM;
1184 goto out;
1185 }
1186 strcpy(x->aalg->alg_name, a->name);
1187 x->aalg->alg_key_len = 0;
1188 if (key) {
1189 x->aalg->alg_key_len = key->sadb_key_bits;
1190 memcpy(x->aalg->alg_key, key+1, keysize);
1191 }
1192 x->aalg->alg_trunc_len = a->uinfo.auth.icv_truncbits;
1193 x->props.aalgo = sa->sadb_sa_auth;
1194 /* x->algo.flags = sa->sadb_sa_flags; */
1195 }
1196 if (sa->sadb_sa_encrypt) {
1197 if (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
1198 struct xfrm_algo_desc *a = xfrm_calg_get_byid(sa->sadb_sa_encrypt);
1199 if (!a || !a->pfkey_supported) {
1200 err = -ENOSYS;
1201 goto out;
1202 }
1203 x->calg = kmalloc(sizeof(*x->calg), GFP_KERNEL);
1204 if (!x->calg) {
1205 err = -ENOMEM;
1206 goto out;
1207 }
1208 strcpy(x->calg->alg_name, a->name);
1209 x->props.calgo = sa->sadb_sa_encrypt;
1210 } else {
1211 int keysize = 0;
1212 struct xfrm_algo_desc *a = xfrm_ealg_get_byid(sa->sadb_sa_encrypt);
1213 if (!a || !a->pfkey_supported) {
1214 err = -ENOSYS;
1215 goto out;
1216 }
1217 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
1218 if (key)
1219 keysize = (key->sadb_key_bits + 7) / 8;
1220 x->ealg = kmalloc(sizeof(*x->ealg) + keysize, GFP_KERNEL);
1221 if (!x->ealg) {
1222 err = -ENOMEM;
1223 goto out;
1224 }
1225 strcpy(x->ealg->alg_name, a->name);
1226 x->ealg->alg_key_len = 0;
1227 if (key) {
1228 x->ealg->alg_key_len = key->sadb_key_bits;
1229 memcpy(x->ealg->alg_key, key+1, keysize);
1230 }
1231 x->props.ealgo = sa->sadb_sa_encrypt;
1232 x->geniv = a->uinfo.encr.geniv;
1233 }
1234 }
1235 /* x->algo.flags = sa->sadb_sa_flags; */
1236
1237 x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1238 &x->props.saddr);
1239 pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1],
1240 &x->id.daddr);
1241
1242 if (ext_hdrs[SADB_X_EXT_SA2-1]) {
1243 const struct sadb_x_sa2 *sa2 = ext_hdrs[SADB_X_EXT_SA2-1];
1244 int mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1245 if (mode < 0) {
1246 err = -EINVAL;
1247 goto out;
1248 }
1249 x->props.mode = mode;
1250 x->props.reqid = sa2->sadb_x_sa2_reqid;
1251 }
1252
1253 if (ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]) {
1254 const struct sadb_address *addr = ext_hdrs[SADB_EXT_ADDRESS_PROXY-1];
1255
1256 /* Nobody uses this, but we try. */
1257 x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr);
1258 x->sel.prefixlen_s = addr->sadb_address_prefixlen;
1259 }
1260
1261 if (!x->sel.family)
1262 x->sel.family = x->props.family;
1263
1264 if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) {
1265 const struct sadb_x_nat_t_type* n_type;
1266 struct xfrm_encap_tmpl *natt;
1267
1268 x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL);
1269 if (!x->encap) {
1270 err = -ENOMEM;
1271 goto out;
1272 }
1273
1274 natt = x->encap;
1275 n_type = ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1];
1276 natt->encap_type = n_type->sadb_x_nat_t_type_type;
1277
1278 if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) {
1279 const struct sadb_x_nat_t_port *n_port =
1280 ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1];
1281 natt->encap_sport = n_port->sadb_x_nat_t_port_port;
1282 }
1283 if (ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]) {
1284 const struct sadb_x_nat_t_port *n_port =
1285 ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1];
1286 natt->encap_dport = n_port->sadb_x_nat_t_port_port;
1287 }
1288 memset(&natt->encap_oa, 0, sizeof(natt->encap_oa));
1289 }
1290
1291 err = xfrm_init_state(x);
1292 if (err)
1293 goto out;
1294
1295 x->km.seq = hdr->sadb_msg_seq;
1296 return x;
1297
1298out:
1299 x->km.state = XFRM_STATE_DEAD;
1300 xfrm_state_put(x);
1301 return ERR_PTR(err);
1302}
1303
1304static int pfkey_reserved(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1305{
1306 return -EOPNOTSUPP;
1307}
1308
1309static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1310{
1311 struct net *net = sock_net(sk);
1312 struct sk_buff *resp_skb;
1313 struct sadb_x_sa2 *sa2;
1314 struct sadb_address *saddr, *daddr;
1315 struct sadb_msg *out_hdr;
1316 struct sadb_spirange *range;
1317 struct xfrm_state *x = NULL;
1318 int mode;
1319 int err;
1320 u32 min_spi, max_spi;
1321 u32 reqid;
1322 u8 proto;
1323 unsigned short family;
1324 xfrm_address_t *xsaddr = NULL, *xdaddr = NULL;
1325
1326 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1327 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1328 return -EINVAL;
1329
1330 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1331 if (proto == 0)
1332 return -EINVAL;
1333
1334 if ((sa2 = ext_hdrs[SADB_X_EXT_SA2-1]) != NULL) {
1335 mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1336 if (mode < 0)
1337 return -EINVAL;
1338 reqid = sa2->sadb_x_sa2_reqid;
1339 } else {
1340 mode = 0;
1341 reqid = 0;
1342 }
1343
1344 saddr = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
1345 daddr = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
1346
1347 family = ((struct sockaddr *)(saddr + 1))->sa_family;
1348 switch (family) {
1349 case AF_INET:
1350 xdaddr = (xfrm_address_t *)&((struct sockaddr_in *)(daddr + 1))->sin_addr.s_addr;
1351 xsaddr = (xfrm_address_t *)&((struct sockaddr_in *)(saddr + 1))->sin_addr.s_addr;
1352 break;
1353#if IS_ENABLED(CONFIG_IPV6)
1354 case AF_INET6:
1355 xdaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(daddr + 1))->sin6_addr;
1356 xsaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(saddr + 1))->sin6_addr;
1357 break;
1358#endif
1359 }
1360
1361 if (hdr->sadb_msg_seq) {
1362 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
1363 if (x && !xfrm_addr_equal(&x->id.daddr, xdaddr, family)) {
1364 xfrm_state_put(x);
1365 x = NULL;
1366 }
1367 }
1368
1369 if (!x)
1370 x = xfrm_find_acq(net, &dummy_mark, mode, reqid, 0, proto, xdaddr, xsaddr, 1, family);
1371
1372 if (x == NULL)
1373 return -ENOENT;
1374
1375 min_spi = 0x100;
1376 max_spi = 0x0fffffff;
1377
1378 range = ext_hdrs[SADB_EXT_SPIRANGE-1];
1379 if (range) {
1380 min_spi = range->sadb_spirange_min;
1381 max_spi = range->sadb_spirange_max;
1382 }
1383
1384 err = verify_spi_info(x->id.proto, min_spi, max_spi);
1385 if (err) {
1386 xfrm_state_put(x);
1387 return err;
1388 }
1389
1390 err = xfrm_alloc_spi(x, min_spi, max_spi);
1391 resp_skb = err ? ERR_PTR(err) : pfkey_xfrm_state2msg(x);
1392
1393 if (IS_ERR(resp_skb)) {
1394 xfrm_state_put(x);
1395 return PTR_ERR(resp_skb);
1396 }
1397
1398 out_hdr = (struct sadb_msg *) resp_skb->data;
1399 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
1400 out_hdr->sadb_msg_type = SADB_GETSPI;
1401 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
1402 out_hdr->sadb_msg_errno = 0;
1403 out_hdr->sadb_msg_reserved = 0;
1404 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1405 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1406
1407 xfrm_state_put(x);
1408
1409 pfkey_broadcast(resp_skb, GFP_KERNEL, BROADCAST_ONE, sk, net);
1410
1411 return 0;
1412}
1413
1414static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1415{
1416 struct net *net = sock_net(sk);
1417 struct xfrm_state *x;
1418
1419 if (hdr->sadb_msg_len != sizeof(struct sadb_msg)/8)
1420 return -EOPNOTSUPP;
1421
1422 if (hdr->sadb_msg_seq == 0 || hdr->sadb_msg_errno == 0)
1423 return 0;
1424
1425 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
1426 if (x == NULL)
1427 return 0;
1428
1429 spin_lock_bh(&x->lock);
1430 if (x->km.state == XFRM_STATE_ACQ)
1431 x->km.state = XFRM_STATE_ERROR;
1432
1433 spin_unlock_bh(&x->lock);
1434 xfrm_state_put(x);
1435 return 0;
1436}
1437
1438static inline int event2poltype(int event)
1439{
1440 switch (event) {
1441 case XFRM_MSG_DELPOLICY:
1442 return SADB_X_SPDDELETE;
1443 case XFRM_MSG_NEWPOLICY:
1444 return SADB_X_SPDADD;
1445 case XFRM_MSG_UPDPOLICY:
1446 return SADB_X_SPDUPDATE;
1447 case XFRM_MSG_POLEXPIRE:
1448 // return SADB_X_SPDEXPIRE;
1449 default:
1450 pr_err("pfkey: Unknown policy event %d\n", event);
1451 break;
1452 }
1453
1454 return 0;
1455}
1456
1457static inline int event2keytype(int event)
1458{
1459 switch (event) {
1460 case XFRM_MSG_DELSA:
1461 return SADB_DELETE;
1462 case XFRM_MSG_NEWSA:
1463 return SADB_ADD;
1464 case XFRM_MSG_UPDSA:
1465 return SADB_UPDATE;
1466 case XFRM_MSG_EXPIRE:
1467 return SADB_EXPIRE;
1468 default:
1469 pr_err("pfkey: Unknown SA event %d\n", event);
1470 break;
1471 }
1472
1473 return 0;
1474}
1475
1476/* ADD/UPD/DEL */
1477static int key_notify_sa(struct xfrm_state *x, const struct km_event *c)
1478{
1479 struct sk_buff *skb;
1480 struct sadb_msg *hdr;
1481
1482 skb = pfkey_xfrm_state2msg(x);
1483
1484 if (IS_ERR(skb))
1485 return PTR_ERR(skb);
1486
1487 hdr = (struct sadb_msg *) skb->data;
1488 hdr->sadb_msg_version = PF_KEY_V2;
1489 hdr->sadb_msg_type = event2keytype(c->event);
1490 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1491 hdr->sadb_msg_errno = 0;
1492 hdr->sadb_msg_reserved = 0;
1493 hdr->sadb_msg_seq = c->seq;
1494 hdr->sadb_msg_pid = c->portid;
1495
1496 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xs_net(x));
1497
1498 return 0;
1499}
1500
1501static int pfkey_add(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1502{
1503 struct net *net = sock_net(sk);
1504 struct xfrm_state *x;
1505 int err;
1506 struct km_event c;
1507
1508 x = pfkey_msg2xfrm_state(net, hdr, ext_hdrs);
1509 if (IS_ERR(x))
1510 return PTR_ERR(x);
1511
1512 xfrm_state_hold(x);
1513 if (hdr->sadb_msg_type == SADB_ADD)
1514 err = xfrm_state_add(x);
1515 else
1516 err = xfrm_state_update(x);
1517
1518 xfrm_audit_state_add(x, err ? 0 : 1, true);
1519
1520 if (err < 0) {
1521 x->km.state = XFRM_STATE_DEAD;
1522 __xfrm_state_put(x);
1523 goto out;
1524 }
1525
1526 if (hdr->sadb_msg_type == SADB_ADD)
1527 c.event = XFRM_MSG_NEWSA;
1528 else
1529 c.event = XFRM_MSG_UPDSA;
1530 c.seq = hdr->sadb_msg_seq;
1531 c.portid = hdr->sadb_msg_pid;
1532 km_state_notify(x, &c);
1533out:
1534 xfrm_state_put(x);
1535 return err;
1536}
1537
1538static int pfkey_delete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1539{
1540 struct net *net = sock_net(sk);
1541 struct xfrm_state *x;
1542 struct km_event c;
1543 int err;
1544
1545 if (!ext_hdrs[SADB_EXT_SA-1] ||
1546 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1547 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1548 return -EINVAL;
1549
1550 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs);
1551 if (x == NULL)
1552 return -ESRCH;
1553
1554 if ((err = security_xfrm_state_delete(x)))
1555 goto out;
1556
1557 if (xfrm_state_kern(x)) {
1558 err = -EPERM;
1559 goto out;
1560 }
1561
1562 err = xfrm_state_delete(x);
1563
1564 if (err < 0)
1565 goto out;
1566
1567 c.seq = hdr->sadb_msg_seq;
1568 c.portid = hdr->sadb_msg_pid;
1569 c.event = XFRM_MSG_DELSA;
1570 km_state_notify(x, &c);
1571out:
1572 xfrm_audit_state_delete(x, err ? 0 : 1, true);
1573 xfrm_state_put(x);
1574
1575 return err;
1576}
1577
1578static int pfkey_get(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1579{
1580 struct net *net = sock_net(sk);
1581 __u8 proto;
1582 struct sk_buff *out_skb;
1583 struct sadb_msg *out_hdr;
1584 struct xfrm_state *x;
1585
1586 if (!ext_hdrs[SADB_EXT_SA-1] ||
1587 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1588 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1589 return -EINVAL;
1590
1591 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs);
1592 if (x == NULL)
1593 return -ESRCH;
1594
1595 out_skb = pfkey_xfrm_state2msg(x);
1596 proto = x->id.proto;
1597 xfrm_state_put(x);
1598 if (IS_ERR(out_skb))
1599 return PTR_ERR(out_skb);
1600
1601 out_hdr = (struct sadb_msg *) out_skb->data;
1602 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
1603 out_hdr->sadb_msg_type = SADB_GET;
1604 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
1605 out_hdr->sadb_msg_errno = 0;
1606 out_hdr->sadb_msg_reserved = 0;
1607 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1608 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1609 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk));
1610
1611 return 0;
1612}
1613
1614static struct sk_buff *compose_sadb_supported(const struct sadb_msg *orig,
1615 gfp_t allocation)
1616{
1617 struct sk_buff *skb;
1618 struct sadb_msg *hdr;
1619 int len, auth_len, enc_len, i;
1620
1621 auth_len = xfrm_count_pfkey_auth_supported();
1622 if (auth_len) {
1623 auth_len *= sizeof(struct sadb_alg);
1624 auth_len += sizeof(struct sadb_supported);
1625 }
1626
1627 enc_len = xfrm_count_pfkey_enc_supported();
1628 if (enc_len) {
1629 enc_len *= sizeof(struct sadb_alg);
1630 enc_len += sizeof(struct sadb_supported);
1631 }
1632
1633 len = enc_len + auth_len + sizeof(struct sadb_msg);
1634
1635 skb = alloc_skb(len + 16, allocation);
1636 if (!skb)
1637 goto out_put_algs;
1638
1639 hdr = skb_put(skb, sizeof(*hdr));
1640 pfkey_hdr_dup(hdr, orig);
1641 hdr->sadb_msg_errno = 0;
1642 hdr->sadb_msg_len = len / sizeof(uint64_t);
1643
1644 if (auth_len) {
1645 struct sadb_supported *sp;
1646 struct sadb_alg *ap;
1647
1648 sp = skb_put(skb, auth_len);
1649 ap = (struct sadb_alg *) (sp + 1);
1650
1651 sp->sadb_supported_len = auth_len / sizeof(uint64_t);
1652 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
1653
1654 for (i = 0; ; i++) {
1655 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
1656 if (!aalg)
1657 break;
1658 if (!aalg->pfkey_supported)
1659 continue;
1660 if (aalg->available)
1661 *ap++ = aalg->desc;
1662 }
1663 }
1664
1665 if (enc_len) {
1666 struct sadb_supported *sp;
1667 struct sadb_alg *ap;
1668
1669 sp = skb_put(skb, enc_len);
1670 ap = (struct sadb_alg *) (sp + 1);
1671
1672 sp->sadb_supported_len = enc_len / sizeof(uint64_t);
1673 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
1674
1675 for (i = 0; ; i++) {
1676 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
1677 if (!ealg)
1678 break;
1679 if (!ealg->pfkey_supported)
1680 continue;
1681 if (ealg->available)
1682 *ap++ = ealg->desc;
1683 }
1684 }
1685
1686out_put_algs:
1687 return skb;
1688}
1689
1690static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1691{
1692 struct pfkey_sock *pfk = pfkey_sk(sk);
1693 struct sk_buff *supp_skb;
1694
1695 if (hdr->sadb_msg_satype > SADB_SATYPE_MAX)
1696 return -EINVAL;
1697
1698 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) {
1699 if (pfk->registered&(1<<hdr->sadb_msg_satype))
1700 return -EEXIST;
1701 pfk->registered |= (1<<hdr->sadb_msg_satype);
1702 }
1703
1704 xfrm_probe_algs();
1705
1706 supp_skb = compose_sadb_supported(hdr, GFP_KERNEL);
1707 if (!supp_skb) {
1708 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
1709 pfk->registered &= ~(1<<hdr->sadb_msg_satype);
1710
1711 return -ENOBUFS;
1712 }
1713
1714 pfkey_broadcast(supp_skb, GFP_KERNEL, BROADCAST_REGISTERED, sk,
1715 sock_net(sk));
1716 return 0;
1717}
1718
1719static int unicast_flush_resp(struct sock *sk, const struct sadb_msg *ihdr)
1720{
1721 struct sk_buff *skb;
1722 struct sadb_msg *hdr;
1723
1724 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
1725 if (!skb)
1726 return -ENOBUFS;
1727
1728 hdr = skb_put_data(skb, ihdr, sizeof(struct sadb_msg));
1729 hdr->sadb_msg_errno = (uint8_t) 0;
1730 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
1731
1732 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk,
1733 sock_net(sk));
1734}
1735
1736static int key_notify_sa_flush(const struct km_event *c)
1737{
1738 struct sk_buff *skb;
1739 struct sadb_msg *hdr;
1740
1741 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
1742 if (!skb)
1743 return -ENOBUFS;
1744 hdr = skb_put(skb, sizeof(struct sadb_msg));
1745 hdr->sadb_msg_satype = pfkey_proto2satype(c->data.proto);
1746 hdr->sadb_msg_type = SADB_FLUSH;
1747 hdr->sadb_msg_seq = c->seq;
1748 hdr->sadb_msg_pid = c->portid;
1749 hdr->sadb_msg_version = PF_KEY_V2;
1750 hdr->sadb_msg_errno = (uint8_t) 0;
1751 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
1752 hdr->sadb_msg_reserved = 0;
1753
1754 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
1755
1756 return 0;
1757}
1758
1759static int pfkey_flush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1760{
1761 struct net *net = sock_net(sk);
1762 unsigned int proto;
1763 struct km_event c;
1764 int err, err2;
1765
1766 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1767 if (proto == 0)
1768 return -EINVAL;
1769
1770 err = xfrm_state_flush(net, proto, true, false);
1771 err2 = unicast_flush_resp(sk, hdr);
1772 if (err || err2) {
1773 if (err == -ESRCH) /* empty table - go quietly */
1774 err = 0;
1775 return err ? err : err2;
1776 }
1777
1778 c.data.proto = proto;
1779 c.seq = hdr->sadb_msg_seq;
1780 c.portid = hdr->sadb_msg_pid;
1781 c.event = XFRM_MSG_FLUSHSA;
1782 c.net = net;
1783 km_state_notify(NULL, &c);
1784
1785 return 0;
1786}
1787
1788static int dump_sa(struct xfrm_state *x, int count, void *ptr)
1789{
1790 struct pfkey_sock *pfk = ptr;
1791 struct sk_buff *out_skb;
1792 struct sadb_msg *out_hdr;
1793
1794 if (!pfkey_can_dump(&pfk->sk))
1795 return -ENOBUFS;
1796
1797 out_skb = pfkey_xfrm_state2msg(x);
1798 if (IS_ERR(out_skb))
1799 return PTR_ERR(out_skb);
1800
1801 out_hdr = (struct sadb_msg *) out_skb->data;
1802 out_hdr->sadb_msg_version = pfk->dump.msg_version;
1803 out_hdr->sadb_msg_type = SADB_DUMP;
1804 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1805 out_hdr->sadb_msg_errno = 0;
1806 out_hdr->sadb_msg_reserved = 0;
1807 out_hdr->sadb_msg_seq = count + 1;
1808 out_hdr->sadb_msg_pid = pfk->dump.msg_portid;
1809
1810 if (pfk->dump.skb)
1811 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
1812 &pfk->sk, sock_net(&pfk->sk));
1813 pfk->dump.skb = out_skb;
1814
1815 return 0;
1816}
1817
1818static int pfkey_dump_sa(struct pfkey_sock *pfk)
1819{
1820 struct net *net = sock_net(&pfk->sk);
1821 return xfrm_state_walk(net, &pfk->dump.u.state, dump_sa, (void *) pfk);
1822}
1823
1824static void pfkey_dump_sa_done(struct pfkey_sock *pfk)
1825{
1826 struct net *net = sock_net(&pfk->sk);
1827
1828 xfrm_state_walk_done(&pfk->dump.u.state, net);
1829}
1830
1831static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1832{
1833 u8 proto;
1834 struct xfrm_address_filter *filter = NULL;
1835 struct pfkey_sock *pfk = pfkey_sk(sk);
1836
1837 mutex_lock(&pfk->dump_lock);
1838 if (pfk->dump.dump != NULL) {
1839 mutex_unlock(&pfk->dump_lock);
1840 return -EBUSY;
1841 }
1842
1843 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1844 if (proto == 0) {
1845 mutex_unlock(&pfk->dump_lock);
1846 return -EINVAL;
1847 }
1848
1849 if (ext_hdrs[SADB_X_EXT_FILTER - 1]) {
1850 struct sadb_x_filter *xfilter = ext_hdrs[SADB_X_EXT_FILTER - 1];
1851
1852 filter = kmalloc(sizeof(*filter), GFP_KERNEL);
1853 if (filter == NULL) {
1854 mutex_unlock(&pfk->dump_lock);
1855 return -ENOMEM;
1856 }
1857
1858 memcpy(&filter->saddr, &xfilter->sadb_x_filter_saddr,
1859 sizeof(xfrm_address_t));
1860 memcpy(&filter->daddr, &xfilter->sadb_x_filter_daddr,
1861 sizeof(xfrm_address_t));
1862 filter->family = xfilter->sadb_x_filter_family;
1863 filter->splen = xfilter->sadb_x_filter_splen;
1864 filter->dplen = xfilter->sadb_x_filter_dplen;
1865 }
1866
1867 pfk->dump.msg_version = hdr->sadb_msg_version;
1868 pfk->dump.msg_portid = hdr->sadb_msg_pid;
1869 pfk->dump.dump = pfkey_dump_sa;
1870 pfk->dump.done = pfkey_dump_sa_done;
1871 xfrm_state_walk_init(&pfk->dump.u.state, proto, filter);
1872 mutex_unlock(&pfk->dump_lock);
1873
1874 return pfkey_do_dump(pfk);
1875}
1876
1877static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1878{
1879 struct pfkey_sock *pfk = pfkey_sk(sk);
1880 int satype = hdr->sadb_msg_satype;
1881 bool reset_errno = false;
1882
1883 if (hdr->sadb_msg_len == (sizeof(*hdr) / sizeof(uint64_t))) {
1884 reset_errno = true;
1885 if (satype != 0 && satype != 1)
1886 return -EINVAL;
1887 pfk->promisc = satype;
1888 }
1889 if (reset_errno && skb_cloned(skb))
1890 skb = skb_copy(skb, GFP_KERNEL);
1891 else
1892 skb = skb_clone(skb, GFP_KERNEL);
1893
1894 if (reset_errno && skb) {
1895 struct sadb_msg *new_hdr = (struct sadb_msg *) skb->data;
1896 new_hdr->sadb_msg_errno = 0;
1897 }
1898
1899 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ALL, NULL, sock_net(sk));
1900 return 0;
1901}
1902
1903static int check_reqid(struct xfrm_policy *xp, int dir, int count, void *ptr)
1904{
1905 int i;
1906 u32 reqid = *(u32*)ptr;
1907
1908 for (i=0; i<xp->xfrm_nr; i++) {
1909 if (xp->xfrm_vec[i].reqid == reqid)
1910 return -EEXIST;
1911 }
1912 return 0;
1913}
1914
1915static u32 gen_reqid(struct net *net)
1916{
1917 struct xfrm_policy_walk walk;
1918 u32 start;
1919 int rc;
1920 static u32 reqid = IPSEC_MANUAL_REQID_MAX;
1921
1922 start = reqid;
1923 do {
1924 ++reqid;
1925 if (reqid == 0)
1926 reqid = IPSEC_MANUAL_REQID_MAX+1;
1927 xfrm_policy_walk_init(&walk, XFRM_POLICY_TYPE_MAIN);
1928 rc = xfrm_policy_walk(net, &walk, check_reqid, (void*)&reqid);
1929 xfrm_policy_walk_done(&walk, net);
1930 if (rc != -EEXIST)
1931 return reqid;
1932 } while (reqid != start);
1933 return 0;
1934}
1935
1936static int
1937parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
1938{
1939 struct net *net = xp_net(xp);
1940 struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr;
1941 int mode;
1942
1943 if (xp->xfrm_nr >= XFRM_MAX_DEPTH)
1944 return -ELOOP;
1945
1946 if (rq->sadb_x_ipsecrequest_mode == 0)
1947 return -EINVAL;
1948 if (!xfrm_id_proto_valid(rq->sadb_x_ipsecrequest_proto))
1949 return -EINVAL;
1950
1951 t->id.proto = rq->sadb_x_ipsecrequest_proto;
1952 if ((mode = pfkey_mode_to_xfrm(rq->sadb_x_ipsecrequest_mode)) < 0)
1953 return -EINVAL;
1954 t->mode = mode;
1955 if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_USE)
1956 t->optional = 1;
1957 else if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_UNIQUE) {
1958 t->reqid = rq->sadb_x_ipsecrequest_reqid;
1959 if (t->reqid > IPSEC_MANUAL_REQID_MAX)
1960 t->reqid = 0;
1961 if (!t->reqid && !(t->reqid = gen_reqid(net)))
1962 return -ENOBUFS;
1963 }
1964
1965 /* addresses present only in tunnel mode */
1966 if (t->mode == XFRM_MODE_TUNNEL) {
1967 int err;
1968
1969 err = parse_sockaddr_pair(
1970 (struct sockaddr *)(rq + 1),
1971 rq->sadb_x_ipsecrequest_len - sizeof(*rq),
1972 &t->saddr, &t->id.daddr, &t->encap_family);
1973 if (err)
1974 return err;
1975 } else
1976 t->encap_family = xp->family;
1977
1978 /* No way to set this via kame pfkey */
1979 t->allalgs = 1;
1980 xp->xfrm_nr++;
1981 return 0;
1982}
1983
1984static int
1985parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol)
1986{
1987 int err;
1988 int len = pol->sadb_x_policy_len*8 - sizeof(struct sadb_x_policy);
1989 struct sadb_x_ipsecrequest *rq = (void*)(pol+1);
1990
1991 if (pol->sadb_x_policy_len * 8 < sizeof(struct sadb_x_policy))
1992 return -EINVAL;
1993
1994 while (len >= sizeof(*rq)) {
1995 if (len < rq->sadb_x_ipsecrequest_len ||
1996 rq->sadb_x_ipsecrequest_len < sizeof(*rq))
1997 return -EINVAL;
1998
1999 if ((err = parse_ipsecrequest(xp, rq)) < 0)
2000 return err;
2001 len -= rq->sadb_x_ipsecrequest_len;
2002 rq = (void*)((u8*)rq + rq->sadb_x_ipsecrequest_len);
2003 }
2004 return 0;
2005}
2006
2007static inline int pfkey_xfrm_policy2sec_ctx_size(const struct xfrm_policy *xp)
2008{
2009 struct xfrm_sec_ctx *xfrm_ctx = xp->security;
2010
2011 if (xfrm_ctx) {
2012 int len = sizeof(struct sadb_x_sec_ctx);
2013 len += xfrm_ctx->ctx_len;
2014 return PFKEY_ALIGN8(len);
2015 }
2016 return 0;
2017}
2018
2019static int pfkey_xfrm_policy2msg_size(const struct xfrm_policy *xp)
2020{
2021 const struct xfrm_tmpl *t;
2022 int sockaddr_size = pfkey_sockaddr_size(xp->family);
2023 int socklen = 0;
2024 int i;
2025
2026 for (i=0; i<xp->xfrm_nr; i++) {
2027 t = xp->xfrm_vec + i;
2028 socklen += pfkey_sockaddr_len(t->encap_family);
2029 }
2030
2031 return sizeof(struct sadb_msg) +
2032 (sizeof(struct sadb_lifetime) * 3) +
2033 (sizeof(struct sadb_address) * 2) +
2034 (sockaddr_size * 2) +
2035 sizeof(struct sadb_x_policy) +
2036 (xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) +
2037 (socklen * 2) +
2038 pfkey_xfrm_policy2sec_ctx_size(xp);
2039}
2040
2041static struct sk_buff * pfkey_xfrm_policy2msg_prep(const struct xfrm_policy *xp)
2042{
2043 struct sk_buff *skb;
2044 int size;
2045
2046 size = pfkey_xfrm_policy2msg_size(xp);
2047
2048 skb = alloc_skb(size + 16, GFP_ATOMIC);
2049 if (skb == NULL)
2050 return ERR_PTR(-ENOBUFS);
2051
2052 return skb;
2053}
2054
2055static int pfkey_xfrm_policy2msg(struct sk_buff *skb, const struct xfrm_policy *xp, int dir)
2056{
2057 struct sadb_msg *hdr;
2058 struct sadb_address *addr;
2059 struct sadb_lifetime *lifetime;
2060 struct sadb_x_policy *pol;
2061 struct sadb_x_sec_ctx *sec_ctx;
2062 struct xfrm_sec_ctx *xfrm_ctx;
2063 int i;
2064 int size;
2065 int sockaddr_size = pfkey_sockaddr_size(xp->family);
2066 int socklen = pfkey_sockaddr_len(xp->family);
2067
2068 size = pfkey_xfrm_policy2msg_size(xp);
2069
2070 /* call should fill header later */
2071 hdr = skb_put(skb, sizeof(struct sadb_msg));
2072 memset(hdr, 0, size); /* XXX do we need this ? */
2073
2074 /* src address */
2075 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
2076 addr->sadb_address_len =
2077 (sizeof(struct sadb_address)+sockaddr_size)/
2078 sizeof(uint64_t);
2079 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
2080 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2081 addr->sadb_address_prefixlen = xp->selector.prefixlen_s;
2082 addr->sadb_address_reserved = 0;
2083 if (!pfkey_sockaddr_fill(&xp->selector.saddr,
2084 xp->selector.sport,
2085 (struct sockaddr *) (addr + 1),
2086 xp->family))
2087 BUG();
2088
2089 /* dst address */
2090 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
2091 addr->sadb_address_len =
2092 (sizeof(struct sadb_address)+sockaddr_size)/
2093 sizeof(uint64_t);
2094 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
2095 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2096 addr->sadb_address_prefixlen = xp->selector.prefixlen_d;
2097 addr->sadb_address_reserved = 0;
2098
2099 pfkey_sockaddr_fill(&xp->selector.daddr, xp->selector.dport,
2100 (struct sockaddr *) (addr + 1),
2101 xp->family);
2102
2103 /* hard time */
2104 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
2105 lifetime->sadb_lifetime_len =
2106 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2107 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2108 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.hard_packet_limit);
2109 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.hard_byte_limit);
2110 lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds;
2111 lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds;
2112 /* soft time */
2113 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
2114 lifetime->sadb_lifetime_len =
2115 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2116 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
2117 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.soft_packet_limit);
2118 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.soft_byte_limit);
2119 lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds;
2120 lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds;
2121 /* current time */
2122 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
2123 lifetime->sadb_lifetime_len =
2124 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2125 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2126 lifetime->sadb_lifetime_allocations = xp->curlft.packets;
2127 lifetime->sadb_lifetime_bytes = xp->curlft.bytes;
2128 lifetime->sadb_lifetime_addtime = xp->curlft.add_time;
2129 lifetime->sadb_lifetime_usetime = xp->curlft.use_time;
2130
2131 pol = skb_put(skb, sizeof(struct sadb_x_policy));
2132 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
2133 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
2134 pol->sadb_x_policy_type = IPSEC_POLICY_DISCARD;
2135 if (xp->action == XFRM_POLICY_ALLOW) {
2136 if (xp->xfrm_nr)
2137 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
2138 else
2139 pol->sadb_x_policy_type = IPSEC_POLICY_NONE;
2140 }
2141 pol->sadb_x_policy_dir = dir+1;
2142 pol->sadb_x_policy_reserved = 0;
2143 pol->sadb_x_policy_id = xp->index;
2144 pol->sadb_x_policy_priority = xp->priority;
2145
2146 for (i=0; i<xp->xfrm_nr; i++) {
2147 const struct xfrm_tmpl *t = xp->xfrm_vec + i;
2148 struct sadb_x_ipsecrequest *rq;
2149 int req_size;
2150 int mode;
2151
2152 req_size = sizeof(struct sadb_x_ipsecrequest);
2153 if (t->mode == XFRM_MODE_TUNNEL) {
2154 socklen = pfkey_sockaddr_len(t->encap_family);
2155 req_size += socklen * 2;
2156 } else {
2157 size -= 2*socklen;
2158 }
2159 rq = skb_put(skb, req_size);
2160 pol->sadb_x_policy_len += req_size/8;
2161 memset(rq, 0, sizeof(*rq));
2162 rq->sadb_x_ipsecrequest_len = req_size;
2163 rq->sadb_x_ipsecrequest_proto = t->id.proto;
2164 if ((mode = pfkey_mode_from_xfrm(t->mode)) < 0)
2165 return -EINVAL;
2166 rq->sadb_x_ipsecrequest_mode = mode;
2167 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE;
2168 if (t->reqid)
2169 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
2170 if (t->optional)
2171 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_USE;
2172 rq->sadb_x_ipsecrequest_reqid = t->reqid;
2173
2174 if (t->mode == XFRM_MODE_TUNNEL) {
2175 u8 *sa = (void *)(rq + 1);
2176 pfkey_sockaddr_fill(&t->saddr, 0,
2177 (struct sockaddr *)sa,
2178 t->encap_family);
2179 pfkey_sockaddr_fill(&t->id.daddr, 0,
2180 (struct sockaddr *) (sa + socklen),
2181 t->encap_family);
2182 }
2183 }
2184
2185 /* security context */
2186 if ((xfrm_ctx = xp->security)) {
2187 int ctx_size = pfkey_xfrm_policy2sec_ctx_size(xp);
2188
2189 sec_ctx = skb_put(skb, ctx_size);
2190 sec_ctx->sadb_x_sec_len = ctx_size / sizeof(uint64_t);
2191 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
2192 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
2193 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
2194 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
2195 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
2196 xfrm_ctx->ctx_len);
2197 }
2198
2199 hdr->sadb_msg_len = size / sizeof(uint64_t);
2200 hdr->sadb_msg_reserved = refcount_read(&xp->refcnt);
2201
2202 return 0;
2203}
2204
2205static int key_notify_policy(struct xfrm_policy *xp, int dir, const struct km_event *c)
2206{
2207 struct sk_buff *out_skb;
2208 struct sadb_msg *out_hdr;
2209 int err;
2210
2211 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2212 if (IS_ERR(out_skb))
2213 return PTR_ERR(out_skb);
2214
2215 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2216 if (err < 0) {
2217 kfree_skb(out_skb);
2218 return err;
2219 }
2220
2221 out_hdr = (struct sadb_msg *) out_skb->data;
2222 out_hdr->sadb_msg_version = PF_KEY_V2;
2223
2224 if (c->data.byid && c->event == XFRM_MSG_DELPOLICY)
2225 out_hdr->sadb_msg_type = SADB_X_SPDDELETE2;
2226 else
2227 out_hdr->sadb_msg_type = event2poltype(c->event);
2228 out_hdr->sadb_msg_errno = 0;
2229 out_hdr->sadb_msg_seq = c->seq;
2230 out_hdr->sadb_msg_pid = c->portid;
2231 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp));
2232 return 0;
2233
2234}
2235
2236static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2237{
2238 struct net *net = sock_net(sk);
2239 int err = 0;
2240 struct sadb_lifetime *lifetime;
2241 struct sadb_address *sa;
2242 struct sadb_x_policy *pol;
2243 struct xfrm_policy *xp;
2244 struct km_event c;
2245 struct sadb_x_sec_ctx *sec_ctx;
2246
2247 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2248 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
2249 !ext_hdrs[SADB_X_EXT_POLICY-1])
2250 return -EINVAL;
2251
2252 pol = ext_hdrs[SADB_X_EXT_POLICY-1];
2253 if (pol->sadb_x_policy_type > IPSEC_POLICY_IPSEC)
2254 return -EINVAL;
2255 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2256 return -EINVAL;
2257
2258 xp = xfrm_policy_alloc(net, GFP_KERNEL);
2259 if (xp == NULL)
2260 return -ENOBUFS;
2261
2262 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
2263 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
2264 xp->priority = pol->sadb_x_policy_priority;
2265
2266 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
2267 xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
2268 xp->selector.family = xp->family;
2269 xp->selector.prefixlen_s = sa->sadb_address_prefixlen;
2270 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2271 xp->selector.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2272 if (xp->selector.sport)
2273 xp->selector.sport_mask = htons(0xffff);
2274
2275 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
2276 pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr);
2277 xp->selector.prefixlen_d = sa->sadb_address_prefixlen;
2278
2279 /* Amusing, we set this twice. KAME apps appear to set same value
2280 * in both addresses.
2281 */
2282 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2283
2284 xp->selector.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2285 if (xp->selector.dport)
2286 xp->selector.dport_mask = htons(0xffff);
2287
2288 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
2289 if (sec_ctx != NULL) {
2290 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
2291
2292 if (!uctx) {
2293 err = -ENOBUFS;
2294 goto out;
2295 }
2296
2297 err = security_xfrm_policy_alloc(&xp->security, uctx, GFP_KERNEL);
2298 kfree(uctx);
2299
2300 if (err)
2301 goto out;
2302 }
2303
2304 xp->lft.soft_byte_limit = XFRM_INF;
2305 xp->lft.hard_byte_limit = XFRM_INF;
2306 xp->lft.soft_packet_limit = XFRM_INF;
2307 xp->lft.hard_packet_limit = XFRM_INF;
2308 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD-1]) != NULL) {
2309 xp->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2310 xp->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2311 xp->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2312 xp->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2313 }
2314 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]) != NULL) {
2315 xp->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2316 xp->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2317 xp->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2318 xp->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2319 }
2320 xp->xfrm_nr = 0;
2321 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
2322 (err = parse_ipsecrequests(xp, pol)) < 0)
2323 goto out;
2324
2325 err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp,
2326 hdr->sadb_msg_type != SADB_X_SPDUPDATE);
2327
2328 xfrm_audit_policy_add(xp, err ? 0 : 1, true);
2329
2330 if (err)
2331 goto out;
2332
2333 if (hdr->sadb_msg_type == SADB_X_SPDUPDATE)
2334 c.event = XFRM_MSG_UPDPOLICY;
2335 else
2336 c.event = XFRM_MSG_NEWPOLICY;
2337
2338 c.seq = hdr->sadb_msg_seq;
2339 c.portid = hdr->sadb_msg_pid;
2340
2341 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2342 xfrm_pol_put(xp);
2343 return 0;
2344
2345out:
2346 xp->walk.dead = 1;
2347 xfrm_policy_destroy(xp);
2348 return err;
2349}
2350
2351static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2352{
2353 struct net *net = sock_net(sk);
2354 int err;
2355 struct sadb_address *sa;
2356 struct sadb_x_policy *pol;
2357 struct xfrm_policy *xp;
2358 struct xfrm_selector sel;
2359 struct km_event c;
2360 struct sadb_x_sec_ctx *sec_ctx;
2361 struct xfrm_sec_ctx *pol_ctx = NULL;
2362
2363 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2364 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
2365 !ext_hdrs[SADB_X_EXT_POLICY-1])
2366 return -EINVAL;
2367
2368 pol = ext_hdrs[SADB_X_EXT_POLICY-1];
2369 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2370 return -EINVAL;
2371
2372 memset(&sel, 0, sizeof(sel));
2373
2374 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
2375 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2376 sel.prefixlen_s = sa->sadb_address_prefixlen;
2377 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2378 sel.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2379 if (sel.sport)
2380 sel.sport_mask = htons(0xffff);
2381
2382 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
2383 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2384 sel.prefixlen_d = sa->sadb_address_prefixlen;
2385 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2386 sel.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2387 if (sel.dport)
2388 sel.dport_mask = htons(0xffff);
2389
2390 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
2391 if (sec_ctx != NULL) {
2392 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
2393
2394 if (!uctx)
2395 return -ENOMEM;
2396
2397 err = security_xfrm_policy_alloc(&pol_ctx, uctx, GFP_KERNEL);
2398 kfree(uctx);
2399 if (err)
2400 return err;
2401 }
2402
2403 xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, 0, XFRM_POLICY_TYPE_MAIN,
2404 pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
2405 1, &err);
2406 security_xfrm_policy_free(pol_ctx);
2407 if (xp == NULL)
2408 return -ENOENT;
2409
2410 xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
2411
2412 if (err)
2413 goto out;
2414
2415 c.seq = hdr->sadb_msg_seq;
2416 c.portid = hdr->sadb_msg_pid;
2417 c.data.byid = 0;
2418 c.event = XFRM_MSG_DELPOLICY;
2419 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2420
2421out:
2422 xfrm_pol_put(xp);
2423 return err;
2424}
2425
2426static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, const struct sadb_msg *hdr, int dir)
2427{
2428 int err;
2429 struct sk_buff *out_skb;
2430 struct sadb_msg *out_hdr;
2431 err = 0;
2432
2433 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2434 if (IS_ERR(out_skb)) {
2435 err = PTR_ERR(out_skb);
2436 goto out;
2437 }
2438 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2439 if (err < 0) {
2440 kfree_skb(out_skb);
2441 goto out;
2442 }
2443
2444 out_hdr = (struct sadb_msg *) out_skb->data;
2445 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
2446 out_hdr->sadb_msg_type = hdr->sadb_msg_type;
2447 out_hdr->sadb_msg_satype = 0;
2448 out_hdr->sadb_msg_errno = 0;
2449 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
2450 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
2451 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, xp_net(xp));
2452 err = 0;
2453
2454out:
2455 return err;
2456}
2457
2458static int pfkey_sockaddr_pair_size(sa_family_t family)
2459{
2460 return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2);
2461}
2462
2463static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
2464 xfrm_address_t *saddr, xfrm_address_t *daddr,
2465 u16 *family)
2466{
2467 int af, socklen;
2468
2469 if (ext_len < 2 || ext_len < pfkey_sockaddr_pair_size(sa->sa_family))
2470 return -EINVAL;
2471
2472 af = pfkey_sockaddr_extract(sa, saddr);
2473 if (!af)
2474 return -EINVAL;
2475
2476 socklen = pfkey_sockaddr_len(af);
2477 if (pfkey_sockaddr_extract((struct sockaddr *) (((u8 *)sa) + socklen),
2478 daddr) != af)
2479 return -EINVAL;
2480
2481 *family = af;
2482 return 0;
2483}
2484
2485#ifdef CONFIG_NET_KEY_MIGRATE
2486static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
2487 struct xfrm_migrate *m)
2488{
2489 int err;
2490 struct sadb_x_ipsecrequest *rq2;
2491 int mode;
2492
2493 if (len < sizeof(*rq1) ||
2494 len < rq1->sadb_x_ipsecrequest_len ||
2495 rq1->sadb_x_ipsecrequest_len < sizeof(*rq1))
2496 return -EINVAL;
2497
2498 /* old endoints */
2499 err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1),
2500 rq1->sadb_x_ipsecrequest_len - sizeof(*rq1),
2501 &m->old_saddr, &m->old_daddr,
2502 &m->old_family);
2503 if (err)
2504 return err;
2505
2506 rq2 = (struct sadb_x_ipsecrequest *)((u8 *)rq1 + rq1->sadb_x_ipsecrequest_len);
2507 len -= rq1->sadb_x_ipsecrequest_len;
2508
2509 if (len <= sizeof(*rq2) ||
2510 len < rq2->sadb_x_ipsecrequest_len ||
2511 rq2->sadb_x_ipsecrequest_len < sizeof(*rq2))
2512 return -EINVAL;
2513
2514 /* new endpoints */
2515 err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1),
2516 rq2->sadb_x_ipsecrequest_len - sizeof(*rq2),
2517 &m->new_saddr, &m->new_daddr,
2518 &m->new_family);
2519 if (err)
2520 return err;
2521
2522 if (rq1->sadb_x_ipsecrequest_proto != rq2->sadb_x_ipsecrequest_proto ||
2523 rq1->sadb_x_ipsecrequest_mode != rq2->sadb_x_ipsecrequest_mode ||
2524 rq1->sadb_x_ipsecrequest_reqid != rq2->sadb_x_ipsecrequest_reqid)
2525 return -EINVAL;
2526
2527 m->proto = rq1->sadb_x_ipsecrequest_proto;
2528 if ((mode = pfkey_mode_to_xfrm(rq1->sadb_x_ipsecrequest_mode)) < 0)
2529 return -EINVAL;
2530 m->mode = mode;
2531 m->reqid = rq1->sadb_x_ipsecrequest_reqid;
2532
2533 return ((int)(rq1->sadb_x_ipsecrequest_len +
2534 rq2->sadb_x_ipsecrequest_len));
2535}
2536
2537static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2538 const struct sadb_msg *hdr, void * const *ext_hdrs)
2539{
2540 int i, len, ret, err = -EINVAL;
2541 u8 dir;
2542 struct sadb_address *sa;
2543 struct sadb_x_kmaddress *kma;
2544 struct sadb_x_policy *pol;
2545 struct sadb_x_ipsecrequest *rq;
2546 struct xfrm_selector sel;
2547 struct xfrm_migrate m[XFRM_MAX_DEPTH];
2548 struct xfrm_kmaddress k;
2549 struct net *net = sock_net(sk);
2550
2551 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1],
2552 ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) ||
2553 !ext_hdrs[SADB_X_EXT_POLICY - 1]) {
2554 err = -EINVAL;
2555 goto out;
2556 }
2557
2558 kma = ext_hdrs[SADB_X_EXT_KMADDRESS - 1];
2559 pol = ext_hdrs[SADB_X_EXT_POLICY - 1];
2560
2561 if (pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) {
2562 err = -EINVAL;
2563 goto out;
2564 }
2565
2566 if (kma) {
2567 /* convert sadb_x_kmaddress to xfrm_kmaddress */
2568 k.reserved = kma->sadb_x_kmaddress_reserved;
2569 ret = parse_sockaddr_pair((struct sockaddr *)(kma + 1),
2570 8*(kma->sadb_x_kmaddress_len) - sizeof(*kma),
2571 &k.local, &k.remote, &k.family);
2572 if (ret < 0) {
2573 err = ret;
2574 goto out;
2575 }
2576 }
2577
2578 dir = pol->sadb_x_policy_dir - 1;
2579 memset(&sel, 0, sizeof(sel));
2580
2581 /* set source address info of selector */
2582 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC - 1];
2583 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2584 sel.prefixlen_s = sa->sadb_address_prefixlen;
2585 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2586 sel.sport = ((struct sockaddr_in *)(sa + 1))->sin_port;
2587 if (sel.sport)
2588 sel.sport_mask = htons(0xffff);
2589
2590 /* set destination address info of selector */
2591 sa = ext_hdrs[SADB_EXT_ADDRESS_DST - 1];
2592 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2593 sel.prefixlen_d = sa->sadb_address_prefixlen;
2594 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2595 sel.dport = ((struct sockaddr_in *)(sa + 1))->sin_port;
2596 if (sel.dport)
2597 sel.dport_mask = htons(0xffff);
2598
2599 rq = (struct sadb_x_ipsecrequest *)(pol + 1);
2600
2601 /* extract ipsecrequests */
2602 i = 0;
2603 len = pol->sadb_x_policy_len * 8 - sizeof(struct sadb_x_policy);
2604
2605 while (len > 0 && i < XFRM_MAX_DEPTH) {
2606 ret = ipsecrequests_to_migrate(rq, len, &m[i]);
2607 if (ret < 0) {
2608 err = ret;
2609 goto out;
2610 } else {
2611 rq = (struct sadb_x_ipsecrequest *)((u8 *)rq + ret);
2612 len -= ret;
2613 i++;
2614 }
2615 }
2616
2617 if (!i || len > 0) {
2618 err = -EINVAL;
2619 goto out;
2620 }
2621
2622 return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,
2623 kma ? &k : NULL, net, NULL);
2624
2625 out:
2626 return err;
2627}
2628#else
2629static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2630 const struct sadb_msg *hdr, void * const *ext_hdrs)
2631{
2632 return -ENOPROTOOPT;
2633}
2634#endif
2635
2636
2637static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2638{
2639 struct net *net = sock_net(sk);
2640 unsigned int dir;
2641 int err = 0, delete;
2642 struct sadb_x_policy *pol;
2643 struct xfrm_policy *xp;
2644 struct km_event c;
2645
2646 if ((pol = ext_hdrs[SADB_X_EXT_POLICY-1]) == NULL)
2647 return -EINVAL;
2648
2649 dir = xfrm_policy_id2dir(pol->sadb_x_policy_id);
2650 if (dir >= XFRM_POLICY_MAX)
2651 return -EINVAL;
2652
2653 delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
2654 xp = xfrm_policy_byid(net, DUMMY_MARK, 0, XFRM_POLICY_TYPE_MAIN,
2655 dir, pol->sadb_x_policy_id, delete, &err);
2656 if (xp == NULL)
2657 return -ENOENT;
2658
2659 if (delete) {
2660 xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
2661
2662 if (err)
2663 goto out;
2664 c.seq = hdr->sadb_msg_seq;
2665 c.portid = hdr->sadb_msg_pid;
2666 c.data.byid = 1;
2667 c.event = XFRM_MSG_DELPOLICY;
2668 km_policy_notify(xp, dir, &c);
2669 } else {
2670 err = key_pol_get_resp(sk, xp, hdr, dir);
2671 }
2672
2673out:
2674 xfrm_pol_put(xp);
2675 return err;
2676}
2677
2678static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr)
2679{
2680 struct pfkey_sock *pfk = ptr;
2681 struct sk_buff *out_skb;
2682 struct sadb_msg *out_hdr;
2683 int err;
2684
2685 if (!pfkey_can_dump(&pfk->sk))
2686 return -ENOBUFS;
2687
2688 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2689 if (IS_ERR(out_skb))
2690 return PTR_ERR(out_skb);
2691
2692 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2693 if (err < 0) {
2694 kfree_skb(out_skb);
2695 return err;
2696 }
2697
2698 out_hdr = (struct sadb_msg *) out_skb->data;
2699 out_hdr->sadb_msg_version = pfk->dump.msg_version;
2700 out_hdr->sadb_msg_type = SADB_X_SPDDUMP;
2701 out_hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
2702 out_hdr->sadb_msg_errno = 0;
2703 out_hdr->sadb_msg_seq = count + 1;
2704 out_hdr->sadb_msg_pid = pfk->dump.msg_portid;
2705
2706 if (pfk->dump.skb)
2707 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
2708 &pfk->sk, sock_net(&pfk->sk));
2709 pfk->dump.skb = out_skb;
2710
2711 return 0;
2712}
2713
2714static int pfkey_dump_sp(struct pfkey_sock *pfk)
2715{
2716 struct net *net = sock_net(&pfk->sk);
2717 return xfrm_policy_walk(net, &pfk->dump.u.policy, dump_sp, (void *) pfk);
2718}
2719
2720static void pfkey_dump_sp_done(struct pfkey_sock *pfk)
2721{
2722 struct net *net = sock_net((struct sock *)pfk);
2723
2724 xfrm_policy_walk_done(&pfk->dump.u.policy, net);
2725}
2726
2727static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2728{
2729 struct pfkey_sock *pfk = pfkey_sk(sk);
2730
2731 mutex_lock(&pfk->dump_lock);
2732 if (pfk->dump.dump != NULL) {
2733 mutex_unlock(&pfk->dump_lock);
2734 return -EBUSY;
2735 }
2736
2737 pfk->dump.msg_version = hdr->sadb_msg_version;
2738 pfk->dump.msg_portid = hdr->sadb_msg_pid;
2739 pfk->dump.dump = pfkey_dump_sp;
2740 pfk->dump.done = pfkey_dump_sp_done;
2741 xfrm_policy_walk_init(&pfk->dump.u.policy, XFRM_POLICY_TYPE_MAIN);
2742 mutex_unlock(&pfk->dump_lock);
2743
2744 return pfkey_do_dump(pfk);
2745}
2746
2747static int key_notify_policy_flush(const struct km_event *c)
2748{
2749 struct sk_buff *skb_out;
2750 struct sadb_msg *hdr;
2751
2752 skb_out = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
2753 if (!skb_out)
2754 return -ENOBUFS;
2755 hdr = skb_put(skb_out, sizeof(struct sadb_msg));
2756 hdr->sadb_msg_type = SADB_X_SPDFLUSH;
2757 hdr->sadb_msg_seq = c->seq;
2758 hdr->sadb_msg_pid = c->portid;
2759 hdr->sadb_msg_version = PF_KEY_V2;
2760 hdr->sadb_msg_errno = (uint8_t) 0;
2761 hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
2762 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
2763 hdr->sadb_msg_reserved = 0;
2764 pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
2765 return 0;
2766
2767}
2768
2769static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2770{
2771 struct net *net = sock_net(sk);
2772 struct km_event c;
2773 int err, err2;
2774
2775 err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, true);
2776 err2 = unicast_flush_resp(sk, hdr);
2777 if (err || err2) {
2778 if (err == -ESRCH) /* empty table - old silent behavior */
2779 return 0;
2780 return err;
2781 }
2782
2783 c.data.type = XFRM_POLICY_TYPE_MAIN;
2784 c.event = XFRM_MSG_FLUSHPOLICY;
2785 c.portid = hdr->sadb_msg_pid;
2786 c.seq = hdr->sadb_msg_seq;
2787 c.net = net;
2788 km_policy_notify(NULL, 0, &c);
2789
2790 return 0;
2791}
2792
2793typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb,
2794 const struct sadb_msg *hdr, void * const *ext_hdrs);
2795static const pfkey_handler pfkey_funcs[SADB_MAX + 1] = {
2796 [SADB_RESERVED] = pfkey_reserved,
2797 [SADB_GETSPI] = pfkey_getspi,
2798 [SADB_UPDATE] = pfkey_add,
2799 [SADB_ADD] = pfkey_add,
2800 [SADB_DELETE] = pfkey_delete,
2801 [SADB_GET] = pfkey_get,
2802 [SADB_ACQUIRE] = pfkey_acquire,
2803 [SADB_REGISTER] = pfkey_register,
2804 [SADB_EXPIRE] = NULL,
2805 [SADB_FLUSH] = pfkey_flush,
2806 [SADB_DUMP] = pfkey_dump,
2807 [SADB_X_PROMISC] = pfkey_promisc,
2808 [SADB_X_PCHANGE] = NULL,
2809 [SADB_X_SPDUPDATE] = pfkey_spdadd,
2810 [SADB_X_SPDADD] = pfkey_spdadd,
2811 [SADB_X_SPDDELETE] = pfkey_spddelete,
2812 [SADB_X_SPDGET] = pfkey_spdget,
2813 [SADB_X_SPDACQUIRE] = NULL,
2814 [SADB_X_SPDDUMP] = pfkey_spddump,
2815 [SADB_X_SPDFLUSH] = pfkey_spdflush,
2816 [SADB_X_SPDSETIDX] = pfkey_spdadd,
2817 [SADB_X_SPDDELETE2] = pfkey_spdget,
2818 [SADB_X_MIGRATE] = pfkey_migrate,
2819};
2820
2821static int pfkey_process(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr)
2822{
2823 void *ext_hdrs[SADB_EXT_MAX];
2824 int err;
2825
2826 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL,
2827 BROADCAST_PROMISC_ONLY, NULL, sock_net(sk));
2828
2829 memset(ext_hdrs, 0, sizeof(ext_hdrs));
2830 err = parse_exthdrs(skb, hdr, ext_hdrs);
2831 if (!err) {
2832 err = -EOPNOTSUPP;
2833 if (pfkey_funcs[hdr->sadb_msg_type])
2834 err = pfkey_funcs[hdr->sadb_msg_type](sk, skb, hdr, ext_hdrs);
2835 }
2836 return err;
2837}
2838
2839static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp)
2840{
2841 struct sadb_msg *hdr = NULL;
2842
2843 if (skb->len < sizeof(*hdr)) {
2844 *errp = -EMSGSIZE;
2845 } else {
2846 hdr = (struct sadb_msg *) skb->data;
2847 if (hdr->sadb_msg_version != PF_KEY_V2 ||
2848 hdr->sadb_msg_reserved != 0 ||
2849 (hdr->sadb_msg_type <= SADB_RESERVED ||
2850 hdr->sadb_msg_type > SADB_MAX)) {
2851 hdr = NULL;
2852 *errp = -EINVAL;
2853 } else if (hdr->sadb_msg_len != (skb->len /
2854 sizeof(uint64_t)) ||
2855 hdr->sadb_msg_len < (sizeof(struct sadb_msg) /
2856 sizeof(uint64_t))) {
2857 hdr = NULL;
2858 *errp = -EMSGSIZE;
2859 } else {
2860 *errp = 0;
2861 }
2862 }
2863 return hdr;
2864}
2865
2866static inline int aalg_tmpl_set(const struct xfrm_tmpl *t,
2867 const struct xfrm_algo_desc *d)
2868{
2869 unsigned int id = d->desc.sadb_alg_id;
2870
2871 if (id >= sizeof(t->aalgos) * 8)
2872 return 0;
2873
2874 return (t->aalgos >> id) & 1;
2875}
2876
2877static inline int ealg_tmpl_set(const struct xfrm_tmpl *t,
2878 const struct xfrm_algo_desc *d)
2879{
2880 unsigned int id = d->desc.sadb_alg_id;
2881
2882 if (id >= sizeof(t->ealgos) * 8)
2883 return 0;
2884
2885 return (t->ealgos >> id) & 1;
2886}
2887
2888static int count_ah_combs(const struct xfrm_tmpl *t)
2889{
2890 int i, sz = 0;
2891
2892 for (i = 0; ; i++) {
2893 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2894 if (!aalg)
2895 break;
2896 if (!aalg->pfkey_supported)
2897 continue;
2898 if (aalg_tmpl_set(t, aalg) && aalg->available)
2899 sz += sizeof(struct sadb_comb);
2900 }
2901 return sz + sizeof(struct sadb_prop);
2902}
2903
2904static int count_esp_combs(const struct xfrm_tmpl *t)
2905{
2906 int i, k, sz = 0;
2907
2908 for (i = 0; ; i++) {
2909 const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2910 if (!ealg)
2911 break;
2912
2913 if (!ealg->pfkey_supported)
2914 continue;
2915
2916 if (!(ealg_tmpl_set(t, ealg) && ealg->available))
2917 continue;
2918
2919 for (k = 1; ; k++) {
2920 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
2921 if (!aalg)
2922 break;
2923
2924 if (!aalg->pfkey_supported)
2925 continue;
2926
2927 if (aalg_tmpl_set(t, aalg) && aalg->available)
2928 sz += sizeof(struct sadb_comb);
2929 }
2930 }
2931 return sz + sizeof(struct sadb_prop);
2932}
2933
2934static void dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
2935{
2936 struct sadb_prop *p;
2937 int i;
2938
2939 p = skb_put(skb, sizeof(struct sadb_prop));
2940 p->sadb_prop_len = sizeof(struct sadb_prop)/8;
2941 p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
2942 p->sadb_prop_replay = 32;
2943 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2944
2945 for (i = 0; ; i++) {
2946 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2947 if (!aalg)
2948 break;
2949
2950 if (!aalg->pfkey_supported)
2951 continue;
2952
2953 if (aalg_tmpl_set(t, aalg) && aalg->available) {
2954 struct sadb_comb *c;
2955 c = skb_put_zero(skb, sizeof(struct sadb_comb));
2956 p->sadb_prop_len += sizeof(struct sadb_comb)/8;
2957 c->sadb_comb_auth = aalg->desc.sadb_alg_id;
2958 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
2959 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
2960 c->sadb_comb_hard_addtime = 24*60*60;
2961 c->sadb_comb_soft_addtime = 20*60*60;
2962 c->sadb_comb_hard_usetime = 8*60*60;
2963 c->sadb_comb_soft_usetime = 7*60*60;
2964 }
2965 }
2966}
2967
2968static void dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
2969{
2970 struct sadb_prop *p;
2971 int i, k;
2972
2973 p = skb_put(skb, sizeof(struct sadb_prop));
2974 p->sadb_prop_len = sizeof(struct sadb_prop)/8;
2975 p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
2976 p->sadb_prop_replay = 32;
2977 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2978
2979 for (i=0; ; i++) {
2980 const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2981 if (!ealg)
2982 break;
2983
2984 if (!ealg->pfkey_supported)
2985 continue;
2986
2987 if (!(ealg_tmpl_set(t, ealg) && ealg->available))
2988 continue;
2989
2990 for (k = 1; ; k++) {
2991 struct sadb_comb *c;
2992 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
2993 if (!aalg)
2994 break;
2995 if (!aalg->pfkey_supported)
2996 continue;
2997 if (!(aalg_tmpl_set(t, aalg) && aalg->available))
2998 continue;
2999 c = skb_put(skb, sizeof(struct sadb_comb));
3000 memset(c, 0, sizeof(*c));
3001 p->sadb_prop_len += sizeof(struct sadb_comb)/8;
3002 c->sadb_comb_auth = aalg->desc.sadb_alg_id;
3003 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
3004 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
3005 c->sadb_comb_encrypt = ealg->desc.sadb_alg_id;
3006 c->sadb_comb_encrypt_minbits = ealg->desc.sadb_alg_minbits;
3007 c->sadb_comb_encrypt_maxbits = ealg->desc.sadb_alg_maxbits;
3008 c->sadb_comb_hard_addtime = 24*60*60;
3009 c->sadb_comb_soft_addtime = 20*60*60;
3010 c->sadb_comb_hard_usetime = 8*60*60;
3011 c->sadb_comb_soft_usetime = 7*60*60;
3012 }
3013 }
3014}
3015
3016static int key_notify_policy_expire(struct xfrm_policy *xp, const struct km_event *c)
3017{
3018 return 0;
3019}
3020
3021static int key_notify_sa_expire(struct xfrm_state *x, const struct km_event *c)
3022{
3023 struct sk_buff *out_skb;
3024 struct sadb_msg *out_hdr;
3025 int hard;
3026 int hsc;
3027
3028 hard = c->data.hard;
3029 if (hard)
3030 hsc = 2;
3031 else
3032 hsc = 1;
3033
3034 out_skb = pfkey_xfrm_state2msg_expire(x, hsc);
3035 if (IS_ERR(out_skb))
3036 return PTR_ERR(out_skb);
3037
3038 out_hdr = (struct sadb_msg *) out_skb->data;
3039 out_hdr->sadb_msg_version = PF_KEY_V2;
3040 out_hdr->sadb_msg_type = SADB_EXPIRE;
3041 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
3042 out_hdr->sadb_msg_errno = 0;
3043 out_hdr->sadb_msg_reserved = 0;
3044 out_hdr->sadb_msg_seq = 0;
3045 out_hdr->sadb_msg_pid = 0;
3046
3047 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3048 xs_net(x));
3049 return 0;
3050}
3051
3052static int pfkey_send_notify(struct xfrm_state *x, const struct km_event *c)
3053{
3054 struct net *net = x ? xs_net(x) : c->net;
3055 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3056
3057 if (atomic_read(&net_pfkey->socks_nr) == 0)
3058 return 0;
3059
3060 switch (c->event) {
3061 case XFRM_MSG_EXPIRE:
3062 return key_notify_sa_expire(x, c);
3063 case XFRM_MSG_DELSA:
3064 case XFRM_MSG_NEWSA:
3065 case XFRM_MSG_UPDSA:
3066 return key_notify_sa(x, c);
3067 case XFRM_MSG_FLUSHSA:
3068 return key_notify_sa_flush(c);
3069 case XFRM_MSG_NEWAE: /* not yet supported */
3070 break;
3071 default:
3072 pr_err("pfkey: Unknown SA event %d\n", c->event);
3073 break;
3074 }
3075
3076 return 0;
3077}
3078
3079static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
3080{
3081 if (xp && xp->type != XFRM_POLICY_TYPE_MAIN)
3082 return 0;
3083
3084 switch (c->event) {
3085 case XFRM_MSG_POLEXPIRE:
3086 return key_notify_policy_expire(xp, c);
3087 case XFRM_MSG_DELPOLICY:
3088 case XFRM_MSG_NEWPOLICY:
3089 case XFRM_MSG_UPDPOLICY:
3090 return key_notify_policy(xp, dir, c);
3091 case XFRM_MSG_FLUSHPOLICY:
3092 if (c->data.type != XFRM_POLICY_TYPE_MAIN)
3093 break;
3094 return key_notify_policy_flush(c);
3095 default:
3096 pr_err("pfkey: Unknown policy event %d\n", c->event);
3097 break;
3098 }
3099
3100 return 0;
3101}
3102
3103static u32 get_acqseq(void)
3104{
3105 u32 res;
3106 static atomic_t acqseq;
3107
3108 do {
3109 res = atomic_inc_return(&acqseq);
3110 } while (!res);
3111 return res;
3112}
3113
3114static bool pfkey_is_alive(const struct km_event *c)
3115{
3116 struct netns_pfkey *net_pfkey = net_generic(c->net, pfkey_net_id);
3117 struct sock *sk;
3118 bool is_alive = false;
3119
3120 rcu_read_lock();
3121 sk_for_each_rcu(sk, &net_pfkey->table) {
3122 if (pfkey_sk(sk)->registered) {
3123 is_alive = true;
3124 break;
3125 }
3126 }
3127 rcu_read_unlock();
3128
3129 return is_alive;
3130}
3131
3132static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp)
3133{
3134 struct sk_buff *skb;
3135 struct sadb_msg *hdr;
3136 struct sadb_address *addr;
3137 struct sadb_x_policy *pol;
3138 int sockaddr_size;
3139 int size;
3140 struct sadb_x_sec_ctx *sec_ctx;
3141 struct xfrm_sec_ctx *xfrm_ctx;
3142 int ctx_size = 0;
3143
3144 sockaddr_size = pfkey_sockaddr_size(x->props.family);
3145 if (!sockaddr_size)
3146 return -EINVAL;
3147
3148 size = sizeof(struct sadb_msg) +
3149 (sizeof(struct sadb_address) * 2) +
3150 (sockaddr_size * 2) +
3151 sizeof(struct sadb_x_policy);
3152
3153 if (x->id.proto == IPPROTO_AH)
3154 size += count_ah_combs(t);
3155 else if (x->id.proto == IPPROTO_ESP)
3156 size += count_esp_combs(t);
3157
3158 if ((xfrm_ctx = x->security)) {
3159 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
3160 size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
3161 }
3162
3163 skb = alloc_skb(size + 16, GFP_ATOMIC);
3164 if (skb == NULL)
3165 return -ENOMEM;
3166
3167 hdr = skb_put(skb, sizeof(struct sadb_msg));
3168 hdr->sadb_msg_version = PF_KEY_V2;
3169 hdr->sadb_msg_type = SADB_ACQUIRE;
3170 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
3171 hdr->sadb_msg_len = size / sizeof(uint64_t);
3172 hdr->sadb_msg_errno = 0;
3173 hdr->sadb_msg_reserved = 0;
3174 hdr->sadb_msg_seq = x->km.seq = get_acqseq();
3175 hdr->sadb_msg_pid = 0;
3176
3177 /* src address */
3178 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3179 addr->sadb_address_len =
3180 (sizeof(struct sadb_address)+sockaddr_size)/
3181 sizeof(uint64_t);
3182 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3183 addr->sadb_address_proto = 0;
3184 addr->sadb_address_reserved = 0;
3185 addr->sadb_address_prefixlen =
3186 pfkey_sockaddr_fill(&x->props.saddr, 0,
3187 (struct sockaddr *) (addr + 1),
3188 x->props.family);
3189 if (!addr->sadb_address_prefixlen)
3190 BUG();
3191
3192 /* dst address */
3193 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3194 addr->sadb_address_len =
3195 (sizeof(struct sadb_address)+sockaddr_size)/
3196 sizeof(uint64_t);
3197 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3198 addr->sadb_address_proto = 0;
3199 addr->sadb_address_reserved = 0;
3200 addr->sadb_address_prefixlen =
3201 pfkey_sockaddr_fill(&x->id.daddr, 0,
3202 (struct sockaddr *) (addr + 1),
3203 x->props.family);
3204 if (!addr->sadb_address_prefixlen)
3205 BUG();
3206
3207 pol = skb_put(skb, sizeof(struct sadb_x_policy));
3208 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
3209 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3210 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
3211 pol->sadb_x_policy_dir = XFRM_POLICY_OUT + 1;
3212 pol->sadb_x_policy_reserved = 0;
3213 pol->sadb_x_policy_id = xp->index;
3214 pol->sadb_x_policy_priority = xp->priority;
3215
3216 /* Set sadb_comb's. */
3217 if (x->id.proto == IPPROTO_AH)
3218 dump_ah_combs(skb, t);
3219 else if (x->id.proto == IPPROTO_ESP)
3220 dump_esp_combs(skb, t);
3221
3222 /* security context */
3223 if (xfrm_ctx) {
3224 sec_ctx = skb_put(skb,
3225 sizeof(struct sadb_x_sec_ctx) + ctx_size);
3226 sec_ctx->sadb_x_sec_len =
3227 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
3228 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
3229 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
3230 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
3231 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
3232 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
3233 xfrm_ctx->ctx_len);
3234 }
3235
3236 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3237 xs_net(x));
3238}
3239
3240static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
3241 u8 *data, int len, int *dir)
3242{
3243 struct net *net = sock_net(sk);
3244 struct xfrm_policy *xp;
3245 struct sadb_x_policy *pol = (struct sadb_x_policy*)data;
3246 struct sadb_x_sec_ctx *sec_ctx;
3247
3248 switch (sk->sk_family) {
3249 case AF_INET:
3250 if (opt != IP_IPSEC_POLICY) {
3251 *dir = -EOPNOTSUPP;
3252 return NULL;
3253 }
3254 break;
3255#if IS_ENABLED(CONFIG_IPV6)
3256 case AF_INET6:
3257 if (opt != IPV6_IPSEC_POLICY) {
3258 *dir = -EOPNOTSUPP;
3259 return NULL;
3260 }
3261 break;
3262#endif
3263 default:
3264 *dir = -EINVAL;
3265 return NULL;
3266 }
3267
3268 *dir = -EINVAL;
3269
3270 if (len < sizeof(struct sadb_x_policy) ||
3271 pol->sadb_x_policy_len*8 > len ||
3272 pol->sadb_x_policy_type > IPSEC_POLICY_BYPASS ||
3273 (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir > IPSEC_DIR_OUTBOUND))
3274 return NULL;
3275
3276 xp = xfrm_policy_alloc(net, GFP_ATOMIC);
3277 if (xp == NULL) {
3278 *dir = -ENOBUFS;
3279 return NULL;
3280 }
3281
3282 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
3283 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
3284
3285 xp->lft.soft_byte_limit = XFRM_INF;
3286 xp->lft.hard_byte_limit = XFRM_INF;
3287 xp->lft.soft_packet_limit = XFRM_INF;
3288 xp->lft.hard_packet_limit = XFRM_INF;
3289 xp->family = sk->sk_family;
3290
3291 xp->xfrm_nr = 0;
3292 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
3293 (*dir = parse_ipsecrequests(xp, pol)) < 0)
3294 goto out;
3295
3296 /* security context too */
3297 if (len >= (pol->sadb_x_policy_len*8 +
3298 sizeof(struct sadb_x_sec_ctx))) {
3299 char *p = (char *)pol;
3300 struct xfrm_user_sec_ctx *uctx;
3301
3302 p += pol->sadb_x_policy_len*8;
3303 sec_ctx = (struct sadb_x_sec_ctx *)p;
3304 if (len < pol->sadb_x_policy_len*8 +
3305 sec_ctx->sadb_x_sec_len*8) {
3306 *dir = -EINVAL;
3307 goto out;
3308 }
3309 if ((*dir = verify_sec_ctx_len(p)))
3310 goto out;
3311 uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_ATOMIC);
3312 *dir = security_xfrm_policy_alloc(&xp->security, uctx, GFP_ATOMIC);
3313 kfree(uctx);
3314
3315 if (*dir)
3316 goto out;
3317 }
3318
3319 *dir = pol->sadb_x_policy_dir-1;
3320 return xp;
3321
3322out:
3323 xp->walk.dead = 1;
3324 xfrm_policy_destroy(xp);
3325 return NULL;
3326}
3327
3328static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
3329{
3330 struct sk_buff *skb;
3331 struct sadb_msg *hdr;
3332 struct sadb_sa *sa;
3333 struct sadb_address *addr;
3334 struct sadb_x_nat_t_port *n_port;
3335 int sockaddr_size;
3336 int size;
3337 __u8 satype = (x->id.proto == IPPROTO_ESP ? SADB_SATYPE_ESP : 0);
3338 struct xfrm_encap_tmpl *natt = NULL;
3339
3340 sockaddr_size = pfkey_sockaddr_size(x->props.family);
3341 if (!sockaddr_size)
3342 return -EINVAL;
3343
3344 if (!satype)
3345 return -EINVAL;
3346
3347 if (!x->encap)
3348 return -EINVAL;
3349
3350 natt = x->encap;
3351
3352 /* Build an SADB_X_NAT_T_NEW_MAPPING message:
3353 *
3354 * HDR | SA | ADDRESS_SRC (old addr) | NAT_T_SPORT (old port) |
3355 * ADDRESS_DST (new addr) | NAT_T_DPORT (new port)
3356 */
3357
3358 size = sizeof(struct sadb_msg) +
3359 sizeof(struct sadb_sa) +
3360 (sizeof(struct sadb_address) * 2) +
3361 (sockaddr_size * 2) +
3362 (sizeof(struct sadb_x_nat_t_port) * 2);
3363
3364 skb = alloc_skb(size + 16, GFP_ATOMIC);
3365 if (skb == NULL)
3366 return -ENOMEM;
3367
3368 hdr = skb_put(skb, sizeof(struct sadb_msg));
3369 hdr->sadb_msg_version = PF_KEY_V2;
3370 hdr->sadb_msg_type = SADB_X_NAT_T_NEW_MAPPING;
3371 hdr->sadb_msg_satype = satype;
3372 hdr->sadb_msg_len = size / sizeof(uint64_t);
3373 hdr->sadb_msg_errno = 0;
3374 hdr->sadb_msg_reserved = 0;
3375 hdr->sadb_msg_seq = x->km.seq = get_acqseq();
3376 hdr->sadb_msg_pid = 0;
3377
3378 /* SA */
3379 sa = skb_put(skb, sizeof(struct sadb_sa));
3380 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
3381 sa->sadb_sa_exttype = SADB_EXT_SA;
3382 sa->sadb_sa_spi = x->id.spi;
3383 sa->sadb_sa_replay = 0;
3384 sa->sadb_sa_state = 0;
3385 sa->sadb_sa_auth = 0;
3386 sa->sadb_sa_encrypt = 0;
3387 sa->sadb_sa_flags = 0;
3388
3389 /* ADDRESS_SRC (old addr) */
3390 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3391 addr->sadb_address_len =
3392 (sizeof(struct sadb_address)+sockaddr_size)/
3393 sizeof(uint64_t);
3394 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3395 addr->sadb_address_proto = 0;
3396 addr->sadb_address_reserved = 0;
3397 addr->sadb_address_prefixlen =
3398 pfkey_sockaddr_fill(&x->props.saddr, 0,
3399 (struct sockaddr *) (addr + 1),
3400 x->props.family);
3401 if (!addr->sadb_address_prefixlen)
3402 BUG();
3403
3404 /* NAT_T_SPORT (old port) */
3405 n_port = skb_put(skb, sizeof(*n_port));
3406 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
3407 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
3408 n_port->sadb_x_nat_t_port_port = natt->encap_sport;
3409 n_port->sadb_x_nat_t_port_reserved = 0;
3410
3411 /* ADDRESS_DST (new addr) */
3412 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3413 addr->sadb_address_len =
3414 (sizeof(struct sadb_address)+sockaddr_size)/
3415 sizeof(uint64_t);
3416 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3417 addr->sadb_address_proto = 0;
3418 addr->sadb_address_reserved = 0;
3419 addr->sadb_address_prefixlen =
3420 pfkey_sockaddr_fill(ipaddr, 0,
3421 (struct sockaddr *) (addr + 1),
3422 x->props.family);
3423 if (!addr->sadb_address_prefixlen)
3424 BUG();
3425
3426 /* NAT_T_DPORT (new port) */
3427 n_port = skb_put(skb, sizeof(*n_port));
3428 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
3429 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
3430 n_port->sadb_x_nat_t_port_port = sport;
3431 n_port->sadb_x_nat_t_port_reserved = 0;
3432
3433 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3434 xs_net(x));
3435}
3436
3437#ifdef CONFIG_NET_KEY_MIGRATE
3438static int set_sadb_address(struct sk_buff *skb, int sasize, int type,
3439 const struct xfrm_selector *sel)
3440{
3441 struct sadb_address *addr;
3442 addr = skb_put(skb, sizeof(struct sadb_address) + sasize);
3443 addr->sadb_address_len = (sizeof(struct sadb_address) + sasize)/8;
3444 addr->sadb_address_exttype = type;
3445 addr->sadb_address_proto = sel->proto;
3446 addr->sadb_address_reserved = 0;
3447
3448 switch (type) {
3449 case SADB_EXT_ADDRESS_SRC:
3450 addr->sadb_address_prefixlen = sel->prefixlen_s;
3451 pfkey_sockaddr_fill(&sel->saddr, 0,
3452 (struct sockaddr *)(addr + 1),
3453 sel->family);
3454 break;
3455 case SADB_EXT_ADDRESS_DST:
3456 addr->sadb_address_prefixlen = sel->prefixlen_d;
3457 pfkey_sockaddr_fill(&sel->daddr, 0,
3458 (struct sockaddr *)(addr + 1),
3459 sel->family);
3460 break;
3461 default:
3462 return -EINVAL;
3463 }
3464
3465 return 0;
3466}
3467
3468
3469static int set_sadb_kmaddress(struct sk_buff *skb, const struct xfrm_kmaddress *k)
3470{
3471 struct sadb_x_kmaddress *kma;
3472 u8 *sa;
3473 int family = k->family;
3474 int socklen = pfkey_sockaddr_len(family);
3475 int size_req;
3476
3477 size_req = (sizeof(struct sadb_x_kmaddress) +
3478 pfkey_sockaddr_pair_size(family));
3479
3480 kma = skb_put_zero(skb, size_req);
3481 kma->sadb_x_kmaddress_len = size_req / 8;
3482 kma->sadb_x_kmaddress_exttype = SADB_X_EXT_KMADDRESS;
3483 kma->sadb_x_kmaddress_reserved = k->reserved;
3484
3485 sa = (u8 *)(kma + 1);
3486 if (!pfkey_sockaddr_fill(&k->local, 0, (struct sockaddr *)sa, family) ||
3487 !pfkey_sockaddr_fill(&k->remote, 0, (struct sockaddr *)(sa+socklen), family))
3488 return -EINVAL;
3489
3490 return 0;
3491}
3492
3493static int set_ipsecrequest(struct sk_buff *skb,
3494 uint8_t proto, uint8_t mode, int level,
3495 uint32_t reqid, uint8_t family,
3496 const xfrm_address_t *src, const xfrm_address_t *dst)
3497{
3498 struct sadb_x_ipsecrequest *rq;
3499 u8 *sa;
3500 int socklen = pfkey_sockaddr_len(family);
3501 int size_req;
3502
3503 size_req = sizeof(struct sadb_x_ipsecrequest) +
3504 pfkey_sockaddr_pair_size(family);
3505
3506 rq = skb_put_zero(skb, size_req);
3507 rq->sadb_x_ipsecrequest_len = size_req;
3508 rq->sadb_x_ipsecrequest_proto = proto;
3509 rq->sadb_x_ipsecrequest_mode = mode;
3510 rq->sadb_x_ipsecrequest_level = level;
3511 rq->sadb_x_ipsecrequest_reqid = reqid;
3512
3513 sa = (u8 *) (rq + 1);
3514 if (!pfkey_sockaddr_fill(src, 0, (struct sockaddr *)sa, family) ||
3515 !pfkey_sockaddr_fill(dst, 0, (struct sockaddr *)(sa + socklen), family))
3516 return -EINVAL;
3517
3518 return 0;
3519}
3520#endif
3521
3522#ifdef CONFIG_NET_KEY_MIGRATE
3523static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
3524 const struct xfrm_migrate *m, int num_bundles,
3525 const struct xfrm_kmaddress *k,
3526 const struct xfrm_encap_tmpl *encap)
3527{
3528 int i;
3529 int sasize_sel;
3530 int size = 0;
3531 int size_pol = 0;
3532 struct sk_buff *skb;
3533 struct sadb_msg *hdr;
3534 struct sadb_x_policy *pol;
3535 const struct xfrm_migrate *mp;
3536
3537 if (type != XFRM_POLICY_TYPE_MAIN)
3538 return 0;
3539
3540 if (num_bundles <= 0 || num_bundles > XFRM_MAX_DEPTH)
3541 return -EINVAL;
3542
3543 if (k != NULL) {
3544 /* addresses for KM */
3545 size += PFKEY_ALIGN8(sizeof(struct sadb_x_kmaddress) +
3546 pfkey_sockaddr_pair_size(k->family));
3547 }
3548
3549 /* selector */
3550 sasize_sel = pfkey_sockaddr_size(sel->family);
3551 if (!sasize_sel)
3552 return -EINVAL;
3553 size += (sizeof(struct sadb_address) + sasize_sel) * 2;
3554
3555 /* policy info */
3556 size_pol += sizeof(struct sadb_x_policy);
3557
3558 /* ipsecrequests */
3559 for (i = 0, mp = m; i < num_bundles; i++, mp++) {
3560 /* old locator pair */
3561 size_pol += sizeof(struct sadb_x_ipsecrequest) +
3562 pfkey_sockaddr_pair_size(mp->old_family);
3563 /* new locator pair */
3564 size_pol += sizeof(struct sadb_x_ipsecrequest) +
3565 pfkey_sockaddr_pair_size(mp->new_family);
3566 }
3567
3568 size += sizeof(struct sadb_msg) + size_pol;
3569
3570 /* alloc buffer */
3571 skb = alloc_skb(size, GFP_ATOMIC);
3572 if (skb == NULL)
3573 return -ENOMEM;
3574
3575 hdr = skb_put(skb, sizeof(struct sadb_msg));
3576 hdr->sadb_msg_version = PF_KEY_V2;
3577 hdr->sadb_msg_type = SADB_X_MIGRATE;
3578 hdr->sadb_msg_satype = pfkey_proto2satype(m->proto);
3579 hdr->sadb_msg_len = size / 8;
3580 hdr->sadb_msg_errno = 0;
3581 hdr->sadb_msg_reserved = 0;
3582 hdr->sadb_msg_seq = 0;
3583 hdr->sadb_msg_pid = 0;
3584
3585 /* Addresses to be used by KM for negotiation, if ext is available */
3586 if (k != NULL && (set_sadb_kmaddress(skb, k) < 0))
3587 goto err;
3588
3589 /* selector src */
3590 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_SRC, sel);
3591
3592 /* selector dst */
3593 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_DST, sel);
3594
3595 /* policy information */
3596 pol = skb_put(skb, sizeof(struct sadb_x_policy));
3597 pol->sadb_x_policy_len = size_pol / 8;
3598 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3599 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
3600 pol->sadb_x_policy_dir = dir + 1;
3601 pol->sadb_x_policy_reserved = 0;
3602 pol->sadb_x_policy_id = 0;
3603 pol->sadb_x_policy_priority = 0;
3604
3605 for (i = 0, mp = m; i < num_bundles; i++, mp++) {
3606 /* old ipsecrequest */
3607 int mode = pfkey_mode_from_xfrm(mp->mode);
3608 if (mode < 0)
3609 goto err;
3610 if (set_ipsecrequest(skb, mp->proto, mode,
3611 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
3612 mp->reqid, mp->old_family,
3613 &mp->old_saddr, &mp->old_daddr) < 0)
3614 goto err;
3615
3616 /* new ipsecrequest */
3617 if (set_ipsecrequest(skb, mp->proto, mode,
3618 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
3619 mp->reqid, mp->new_family,
3620 &mp->new_saddr, &mp->new_daddr) < 0)
3621 goto err;
3622 }
3623
3624 /* broadcast migrate message to sockets */
3625 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, &init_net);
3626
3627 return 0;
3628
3629err:
3630 kfree_skb(skb);
3631 return -EINVAL;
3632}
3633#else
3634static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
3635 const struct xfrm_migrate *m, int num_bundles,
3636 const struct xfrm_kmaddress *k,
3637 const struct xfrm_encap_tmpl *encap)
3638{
3639 return -ENOPROTOOPT;
3640}
3641#endif
3642
3643static int pfkey_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
3644{
3645 struct sock *sk = sock->sk;
3646 struct sk_buff *skb = NULL;
3647 struct sadb_msg *hdr = NULL;
3648 int err;
3649 struct net *net = sock_net(sk);
3650
3651 err = -EOPNOTSUPP;
3652 if (msg->msg_flags & MSG_OOB)
3653 goto out;
3654
3655 err = -EMSGSIZE;
3656 if ((unsigned int)len > sk->sk_sndbuf - 32)
3657 goto out;
3658
3659 err = -ENOBUFS;
3660 skb = alloc_skb(len, GFP_KERNEL);
3661 if (skb == NULL)
3662 goto out;
3663
3664 err = -EFAULT;
3665 if (memcpy_from_msg(skb_put(skb,len), msg, len))
3666 goto out;
3667
3668 hdr = pfkey_get_base_msg(skb, &err);
3669 if (!hdr)
3670 goto out;
3671
3672 mutex_lock(&net->xfrm.xfrm_cfg_mutex);
3673 err = pfkey_process(sk, skb, hdr);
3674 mutex_unlock(&net->xfrm.xfrm_cfg_mutex);
3675
3676out:
3677 if (err && hdr && pfkey_error(hdr, err, sk) == 0)
3678 err = 0;
3679 kfree_skb(skb);
3680
3681 return err ? : len;
3682}
3683
3684static int pfkey_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
3685 int flags)
3686{
3687 struct sock *sk = sock->sk;
3688 struct pfkey_sock *pfk = pfkey_sk(sk);
3689 struct sk_buff *skb;
3690 int copied, err;
3691
3692 err = -EINVAL;
3693 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
3694 goto out;
3695
3696 skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err);
3697 if (skb == NULL)
3698 goto out;
3699
3700 copied = skb->len;
3701 if (copied > len) {
3702 msg->msg_flags |= MSG_TRUNC;
3703 copied = len;
3704 }
3705
3706 skb_reset_transport_header(skb);
3707 err = skb_copy_datagram_msg(skb, 0, msg, copied);
3708 if (err)
3709 goto out_free;
3710
3711 sock_recv_ts_and_drops(msg, sk, skb);
3712
3713 err = (flags & MSG_TRUNC) ? skb->len : copied;
3714
3715 if (pfk->dump.dump != NULL &&
3716 3 * atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf)
3717 pfkey_do_dump(pfk);
3718
3719out_free:
3720 skb_free_datagram(sk, skb);
3721out:
3722 return err;
3723}
3724
3725static const struct proto_ops pfkey_ops = {
3726 .family = PF_KEY,
3727 .owner = THIS_MODULE,
3728 /* Operations that make no sense on pfkey sockets. */
3729 .bind = sock_no_bind,
3730 .connect = sock_no_connect,
3731 .socketpair = sock_no_socketpair,
3732 .accept = sock_no_accept,
3733 .getname = sock_no_getname,
3734 .ioctl = sock_no_ioctl,
3735 .listen = sock_no_listen,
3736 .shutdown = sock_no_shutdown,
3737 .setsockopt = sock_no_setsockopt,
3738 .getsockopt = sock_no_getsockopt,
3739 .mmap = sock_no_mmap,
3740 .sendpage = sock_no_sendpage,
3741
3742 /* Now the operations that really occur. */
3743 .release = pfkey_release,
3744 .poll = datagram_poll,
3745 .sendmsg = pfkey_sendmsg,
3746 .recvmsg = pfkey_recvmsg,
3747};
3748
3749static const struct net_proto_family pfkey_family_ops = {
3750 .family = PF_KEY,
3751 .create = pfkey_create,
3752 .owner = THIS_MODULE,
3753};
3754
3755#ifdef CONFIG_PROC_FS
3756static int pfkey_seq_show(struct seq_file *f, void *v)
3757{
3758 struct sock *s = sk_entry(v);
3759
3760 if (v == SEQ_START_TOKEN)
3761 seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n");
3762 else
3763 seq_printf(f, "%pK %-6d %-6u %-6u %-6u %-6lu\n",
3764 s,
3765 refcount_read(&s->sk_refcnt),
3766 sk_rmem_alloc_get(s),
3767 sk_wmem_alloc_get(s),
3768 from_kuid_munged(seq_user_ns(f), sock_i_uid(s)),
3769 sock_i_ino(s)
3770 );
3771 return 0;
3772}
3773
3774static void *pfkey_seq_start(struct seq_file *f, loff_t *ppos)
3775 __acquires(rcu)
3776{
3777 struct net *net = seq_file_net(f);
3778 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3779
3780 rcu_read_lock();
3781 return seq_hlist_start_head_rcu(&net_pfkey->table, *ppos);
3782}
3783
3784static void *pfkey_seq_next(struct seq_file *f, void *v, loff_t *ppos)
3785{
3786 struct net *net = seq_file_net(f);
3787 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3788
3789 return seq_hlist_next_rcu(v, &net_pfkey->table, ppos);
3790}
3791
3792static void pfkey_seq_stop(struct seq_file *f, void *v)
3793 __releases(rcu)
3794{
3795 rcu_read_unlock();
3796}
3797
3798static const struct seq_operations pfkey_seq_ops = {
3799 .start = pfkey_seq_start,
3800 .next = pfkey_seq_next,
3801 .stop = pfkey_seq_stop,
3802 .show = pfkey_seq_show,
3803};
3804
3805static int __net_init pfkey_init_proc(struct net *net)
3806{
3807 struct proc_dir_entry *e;
3808
3809 e = proc_create_net("pfkey", 0, net->proc_net, &pfkey_seq_ops,
3810 sizeof(struct seq_net_private));
3811 if (e == NULL)
3812 return -ENOMEM;
3813
3814 return 0;
3815}
3816
3817static void __net_exit pfkey_exit_proc(struct net *net)
3818{
3819 remove_proc_entry("pfkey", net->proc_net);
3820}
3821#else
3822static inline int pfkey_init_proc(struct net *net)
3823{
3824 return 0;
3825}
3826
3827static inline void pfkey_exit_proc(struct net *net)
3828{
3829}
3830#endif
3831
3832static struct xfrm_mgr pfkeyv2_mgr =
3833{
3834 .notify = pfkey_send_notify,
3835 .acquire = pfkey_send_acquire,
3836 .compile_policy = pfkey_compile_policy,
3837 .new_mapping = pfkey_send_new_mapping,
3838 .notify_policy = pfkey_send_policy_notify,
3839 .migrate = pfkey_send_migrate,
3840 .is_alive = pfkey_is_alive,
3841};
3842
3843static int __net_init pfkey_net_init(struct net *net)
3844{
3845 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3846 int rv;
3847
3848 INIT_HLIST_HEAD(&net_pfkey->table);
3849 atomic_set(&net_pfkey->socks_nr, 0);
3850
3851 rv = pfkey_init_proc(net);
3852
3853 return rv;
3854}
3855
3856static void __net_exit pfkey_net_exit(struct net *net)
3857{
3858 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3859
3860 pfkey_exit_proc(net);
3861 WARN_ON(!hlist_empty(&net_pfkey->table));
3862}
3863
3864static struct pernet_operations pfkey_net_ops = {
3865 .init = pfkey_net_init,
3866 .exit = pfkey_net_exit,
3867 .id = &pfkey_net_id,
3868 .size = sizeof(struct netns_pfkey),
3869};
3870
3871static void __exit ipsec_pfkey_exit(void)
3872{
3873 xfrm_unregister_km(&pfkeyv2_mgr);
3874 sock_unregister(PF_KEY);
3875 unregister_pernet_subsys(&pfkey_net_ops);
3876 proto_unregister(&key_proto);
3877}
3878
3879static int __init ipsec_pfkey_init(void)
3880{
3881 int err = proto_register(&key_proto, 0);
3882
3883 if (err != 0)
3884 goto out;
3885
3886 err = register_pernet_subsys(&pfkey_net_ops);
3887 if (err != 0)
3888 goto out_unregister_key_proto;
3889 err = sock_register(&pfkey_family_ops);
3890 if (err != 0)
3891 goto out_unregister_pernet;
3892 err = xfrm_register_km(&pfkeyv2_mgr);
3893 if (err != 0)
3894 goto out_sock_unregister;
3895out:
3896 return err;
3897
3898out_sock_unregister:
3899 sock_unregister(PF_KEY);
3900out_unregister_pernet:
3901 unregister_pernet_subsys(&pfkey_net_ops);
3902out_unregister_key_proto:
3903 proto_unregister(&key_proto);
3904 goto out;
3905}
3906
3907module_init(ipsec_pfkey_init);
3908module_exit(ipsec_pfkey_exit);
3909MODULE_LICENSE("GPL");
3910MODULE_ALIAS_NETPROTO(PF_KEY);
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * net/key/af_key.c An implementation of PF_KEYv2 sockets.
4 *
5 * Authors: Maxim Giryaev <gem@asplinux.ru>
6 * David S. Miller <davem@redhat.com>
7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
9 * Kazunori MIYAZAWA / USAGI Project <miyazawa@linux-ipv6.org>
10 * Derek Atkins <derek@ihtfp.com>
11 */
12
13#include <linux/capability.h>
14#include <linux/module.h>
15#include <linux/kernel.h>
16#include <linux/socket.h>
17#include <linux/pfkeyv2.h>
18#include <linux/ipsec.h>
19#include <linux/skbuff.h>
20#include <linux/rtnetlink.h>
21#include <linux/in.h>
22#include <linux/in6.h>
23#include <linux/proc_fs.h>
24#include <linux/init.h>
25#include <linux/slab.h>
26#include <net/net_namespace.h>
27#include <net/netns/generic.h>
28#include <net/xfrm.h>
29
30#include <net/sock.h>
31
32#define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x))
33#define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x))
34
35static unsigned int pfkey_net_id __read_mostly;
36struct netns_pfkey {
37 /* List of all pfkey sockets. */
38 struct hlist_head table;
39 atomic_t socks_nr;
40};
41static DEFINE_MUTEX(pfkey_mutex);
42
43#define DUMMY_MARK 0
44static const struct xfrm_mark dummy_mark = {0, 0};
45struct pfkey_sock {
46 /* struct sock must be the first member of struct pfkey_sock */
47 struct sock sk;
48 int registered;
49 int promisc;
50
51 struct {
52 uint8_t msg_version;
53 uint32_t msg_portid;
54 int (*dump)(struct pfkey_sock *sk);
55 void (*done)(struct pfkey_sock *sk);
56 union {
57 struct xfrm_policy_walk policy;
58 struct xfrm_state_walk state;
59 } u;
60 struct sk_buff *skb;
61 } dump;
62 struct mutex dump_lock;
63};
64
65static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
66 xfrm_address_t *saddr, xfrm_address_t *daddr,
67 u16 *family);
68
69static inline struct pfkey_sock *pfkey_sk(struct sock *sk)
70{
71 return (struct pfkey_sock *)sk;
72}
73
74static int pfkey_can_dump(const struct sock *sk)
75{
76 if (3 * atomic_read(&sk->sk_rmem_alloc) <= 2 * sk->sk_rcvbuf)
77 return 1;
78 return 0;
79}
80
81static void pfkey_terminate_dump(struct pfkey_sock *pfk)
82{
83 if (pfk->dump.dump) {
84 if (pfk->dump.skb) {
85 kfree_skb(pfk->dump.skb);
86 pfk->dump.skb = NULL;
87 }
88 pfk->dump.done(pfk);
89 pfk->dump.dump = NULL;
90 pfk->dump.done = NULL;
91 }
92}
93
94static void pfkey_sock_destruct(struct sock *sk)
95{
96 struct net *net = sock_net(sk);
97 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
98
99 pfkey_terminate_dump(pfkey_sk(sk));
100 skb_queue_purge(&sk->sk_receive_queue);
101
102 if (!sock_flag(sk, SOCK_DEAD)) {
103 pr_err("Attempt to release alive pfkey socket: %p\n", sk);
104 return;
105 }
106
107 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
108 WARN_ON(refcount_read(&sk->sk_wmem_alloc));
109
110 atomic_dec(&net_pfkey->socks_nr);
111}
112
113static const struct proto_ops pfkey_ops;
114
115static void pfkey_insert(struct sock *sk)
116{
117 struct net *net = sock_net(sk);
118 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
119
120 mutex_lock(&pfkey_mutex);
121 sk_add_node_rcu(sk, &net_pfkey->table);
122 mutex_unlock(&pfkey_mutex);
123}
124
125static void pfkey_remove(struct sock *sk)
126{
127 mutex_lock(&pfkey_mutex);
128 sk_del_node_init_rcu(sk);
129 mutex_unlock(&pfkey_mutex);
130}
131
132static struct proto key_proto = {
133 .name = "KEY",
134 .owner = THIS_MODULE,
135 .obj_size = sizeof(struct pfkey_sock),
136};
137
138static int pfkey_create(struct net *net, struct socket *sock, int protocol,
139 int kern)
140{
141 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
142 struct sock *sk;
143 struct pfkey_sock *pfk;
144
145 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
146 return -EPERM;
147 if (sock->type != SOCK_RAW)
148 return -ESOCKTNOSUPPORT;
149 if (protocol != PF_KEY_V2)
150 return -EPROTONOSUPPORT;
151
152 sk = sk_alloc(net, PF_KEY, GFP_KERNEL, &key_proto, kern);
153 if (sk == NULL)
154 return -ENOMEM;
155
156 pfk = pfkey_sk(sk);
157 mutex_init(&pfk->dump_lock);
158
159 sock->ops = &pfkey_ops;
160 sock_init_data(sock, sk);
161
162 sk->sk_family = PF_KEY;
163 sk->sk_destruct = pfkey_sock_destruct;
164
165 atomic_inc(&net_pfkey->socks_nr);
166
167 pfkey_insert(sk);
168
169 return 0;
170}
171
172static int pfkey_release(struct socket *sock)
173{
174 struct sock *sk = sock->sk;
175
176 if (!sk)
177 return 0;
178
179 pfkey_remove(sk);
180
181 sock_orphan(sk);
182 sock->sk = NULL;
183 skb_queue_purge(&sk->sk_write_queue);
184
185 synchronize_rcu();
186 sock_put(sk);
187
188 return 0;
189}
190
191static int pfkey_broadcast_one(struct sk_buff *skb, gfp_t allocation,
192 struct sock *sk)
193{
194 int err = -ENOBUFS;
195
196 if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf)
197 return err;
198
199 skb = skb_clone(skb, allocation);
200
201 if (skb) {
202 skb_set_owner_r(skb, sk);
203 skb_queue_tail(&sk->sk_receive_queue, skb);
204 sk->sk_data_ready(sk);
205 err = 0;
206 }
207 return err;
208}
209
210/* Send SKB to all pfkey sockets matching selected criteria. */
211#define BROADCAST_ALL 0
212#define BROADCAST_ONE 1
213#define BROADCAST_REGISTERED 2
214#define BROADCAST_PROMISC_ONLY 4
215static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
216 int broadcast_flags, struct sock *one_sk,
217 struct net *net)
218{
219 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
220 struct sock *sk;
221 int err = -ESRCH;
222
223 /* XXX Do we need something like netlink_overrun? I think
224 * XXX PF_KEY socket apps will not mind current behavior.
225 */
226 if (!skb)
227 return -ENOMEM;
228
229 rcu_read_lock();
230 sk_for_each_rcu(sk, &net_pfkey->table) {
231 struct pfkey_sock *pfk = pfkey_sk(sk);
232 int err2;
233
234 /* Yes, it means that if you are meant to receive this
235 * pfkey message you receive it twice as promiscuous
236 * socket.
237 */
238 if (pfk->promisc)
239 pfkey_broadcast_one(skb, GFP_ATOMIC, sk);
240
241 /* the exact target will be processed later */
242 if (sk == one_sk)
243 continue;
244 if (broadcast_flags != BROADCAST_ALL) {
245 if (broadcast_flags & BROADCAST_PROMISC_ONLY)
246 continue;
247 if ((broadcast_flags & BROADCAST_REGISTERED) &&
248 !pfk->registered)
249 continue;
250 if (broadcast_flags & BROADCAST_ONE)
251 continue;
252 }
253
254 err2 = pfkey_broadcast_one(skb, GFP_ATOMIC, sk);
255
256 /* Error is cleared after successful sending to at least one
257 * registered KM */
258 if ((broadcast_flags & BROADCAST_REGISTERED) && err)
259 err = err2;
260 }
261 rcu_read_unlock();
262
263 if (one_sk != NULL)
264 err = pfkey_broadcast_one(skb, allocation, one_sk);
265
266 kfree_skb(skb);
267 return err;
268}
269
270static int pfkey_do_dump(struct pfkey_sock *pfk)
271{
272 struct sadb_msg *hdr;
273 int rc;
274
275 mutex_lock(&pfk->dump_lock);
276 if (!pfk->dump.dump) {
277 rc = 0;
278 goto out;
279 }
280
281 rc = pfk->dump.dump(pfk);
282 if (rc == -ENOBUFS) {
283 rc = 0;
284 goto out;
285 }
286
287 if (pfk->dump.skb) {
288 if (!pfkey_can_dump(&pfk->sk)) {
289 rc = 0;
290 goto out;
291 }
292
293 hdr = (struct sadb_msg *) pfk->dump.skb->data;
294 hdr->sadb_msg_seq = 0;
295 hdr->sadb_msg_errno = rc;
296 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
297 &pfk->sk, sock_net(&pfk->sk));
298 pfk->dump.skb = NULL;
299 }
300
301 pfkey_terminate_dump(pfk);
302
303out:
304 mutex_unlock(&pfk->dump_lock);
305 return rc;
306}
307
308static inline void pfkey_hdr_dup(struct sadb_msg *new,
309 const struct sadb_msg *orig)
310{
311 *new = *orig;
312}
313
314static int pfkey_error(const struct sadb_msg *orig, int err, struct sock *sk)
315{
316 struct sk_buff *skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_KERNEL);
317 struct sadb_msg *hdr;
318
319 if (!skb)
320 return -ENOBUFS;
321
322 /* Woe be to the platform trying to support PFKEY yet
323 * having normal errnos outside the 1-255 range, inclusive.
324 */
325 err = -err;
326 if (err == ERESTARTSYS ||
327 err == ERESTARTNOHAND ||
328 err == ERESTARTNOINTR)
329 err = EINTR;
330 if (err >= 512)
331 err = EINVAL;
332 BUG_ON(err <= 0 || err >= 256);
333
334 hdr = skb_put(skb, sizeof(struct sadb_msg));
335 pfkey_hdr_dup(hdr, orig);
336 hdr->sadb_msg_errno = (uint8_t) err;
337 hdr->sadb_msg_len = (sizeof(struct sadb_msg) /
338 sizeof(uint64_t));
339
340 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ONE, sk, sock_net(sk));
341
342 return 0;
343}
344
345static const u8 sadb_ext_min_len[] = {
346 [SADB_EXT_RESERVED] = (u8) 0,
347 [SADB_EXT_SA] = (u8) sizeof(struct sadb_sa),
348 [SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime),
349 [SADB_EXT_LIFETIME_HARD] = (u8) sizeof(struct sadb_lifetime),
350 [SADB_EXT_LIFETIME_SOFT] = (u8) sizeof(struct sadb_lifetime),
351 [SADB_EXT_ADDRESS_SRC] = (u8) sizeof(struct sadb_address),
352 [SADB_EXT_ADDRESS_DST] = (u8) sizeof(struct sadb_address),
353 [SADB_EXT_ADDRESS_PROXY] = (u8) sizeof(struct sadb_address),
354 [SADB_EXT_KEY_AUTH] = (u8) sizeof(struct sadb_key),
355 [SADB_EXT_KEY_ENCRYPT] = (u8) sizeof(struct sadb_key),
356 [SADB_EXT_IDENTITY_SRC] = (u8) sizeof(struct sadb_ident),
357 [SADB_EXT_IDENTITY_DST] = (u8) sizeof(struct sadb_ident),
358 [SADB_EXT_SENSITIVITY] = (u8) sizeof(struct sadb_sens),
359 [SADB_EXT_PROPOSAL] = (u8) sizeof(struct sadb_prop),
360 [SADB_EXT_SUPPORTED_AUTH] = (u8) sizeof(struct sadb_supported),
361 [SADB_EXT_SUPPORTED_ENCRYPT] = (u8) sizeof(struct sadb_supported),
362 [SADB_EXT_SPIRANGE] = (u8) sizeof(struct sadb_spirange),
363 [SADB_X_EXT_KMPRIVATE] = (u8) sizeof(struct sadb_x_kmprivate),
364 [SADB_X_EXT_POLICY] = (u8) sizeof(struct sadb_x_policy),
365 [SADB_X_EXT_SA2] = (u8) sizeof(struct sadb_x_sa2),
366 [SADB_X_EXT_NAT_T_TYPE] = (u8) sizeof(struct sadb_x_nat_t_type),
367 [SADB_X_EXT_NAT_T_SPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
368 [SADB_X_EXT_NAT_T_DPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
369 [SADB_X_EXT_NAT_T_OA] = (u8) sizeof(struct sadb_address),
370 [SADB_X_EXT_SEC_CTX] = (u8) sizeof(struct sadb_x_sec_ctx),
371 [SADB_X_EXT_KMADDRESS] = (u8) sizeof(struct sadb_x_kmaddress),
372 [SADB_X_EXT_FILTER] = (u8) sizeof(struct sadb_x_filter),
373};
374
375/* Verify sadb_address_{len,prefixlen} against sa_family. */
376static int verify_address_len(const void *p)
377{
378 const struct sadb_address *sp = p;
379 const struct sockaddr *addr = (const struct sockaddr *)(sp + 1);
380 const struct sockaddr_in *sin;
381#if IS_ENABLED(CONFIG_IPV6)
382 const struct sockaddr_in6 *sin6;
383#endif
384 int len;
385
386 if (sp->sadb_address_len <
387 DIV_ROUND_UP(sizeof(*sp) + offsetofend(typeof(*addr), sa_family),
388 sizeof(uint64_t)))
389 return -EINVAL;
390
391 switch (addr->sa_family) {
392 case AF_INET:
393 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin), sizeof(uint64_t));
394 if (sp->sadb_address_len != len ||
395 sp->sadb_address_prefixlen > 32)
396 return -EINVAL;
397 break;
398#if IS_ENABLED(CONFIG_IPV6)
399 case AF_INET6:
400 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin6), sizeof(uint64_t));
401 if (sp->sadb_address_len != len ||
402 sp->sadb_address_prefixlen > 128)
403 return -EINVAL;
404 break;
405#endif
406 default:
407 /* It is user using kernel to keep track of security
408 * associations for another protocol, such as
409 * OSPF/RSVP/RIPV2/MIP. It is user's job to verify
410 * lengths.
411 *
412 * XXX Actually, association/policy database is not yet
413 * XXX able to cope with arbitrary sockaddr families.
414 * XXX When it can, remove this -EINVAL. -DaveM
415 */
416 return -EINVAL;
417 }
418
419 return 0;
420}
421
422static inline int sadb_key_len(const struct sadb_key *key)
423{
424 int key_bytes = DIV_ROUND_UP(key->sadb_key_bits, 8);
425
426 return DIV_ROUND_UP(sizeof(struct sadb_key) + key_bytes,
427 sizeof(uint64_t));
428}
429
430static int verify_key_len(const void *p)
431{
432 const struct sadb_key *key = p;
433
434 if (sadb_key_len(key) > key->sadb_key_len)
435 return -EINVAL;
436
437 return 0;
438}
439
440static inline int pfkey_sec_ctx_len(const struct sadb_x_sec_ctx *sec_ctx)
441{
442 return DIV_ROUND_UP(sizeof(struct sadb_x_sec_ctx) +
443 sec_ctx->sadb_x_ctx_len,
444 sizeof(uint64_t));
445}
446
447static inline int verify_sec_ctx_len(const void *p)
448{
449 const struct sadb_x_sec_ctx *sec_ctx = p;
450 int len = sec_ctx->sadb_x_ctx_len;
451
452 if (len > PAGE_SIZE)
453 return -EINVAL;
454
455 len = pfkey_sec_ctx_len(sec_ctx);
456
457 if (sec_ctx->sadb_x_sec_len != len)
458 return -EINVAL;
459
460 return 0;
461}
462
463static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(const struct sadb_x_sec_ctx *sec_ctx,
464 gfp_t gfp)
465{
466 struct xfrm_user_sec_ctx *uctx = NULL;
467 int ctx_size = sec_ctx->sadb_x_ctx_len;
468
469 uctx = kmalloc((sizeof(*uctx)+ctx_size), gfp);
470
471 if (!uctx)
472 return NULL;
473
474 uctx->len = pfkey_sec_ctx_len(sec_ctx);
475 uctx->exttype = sec_ctx->sadb_x_sec_exttype;
476 uctx->ctx_doi = sec_ctx->sadb_x_ctx_doi;
477 uctx->ctx_alg = sec_ctx->sadb_x_ctx_alg;
478 uctx->ctx_len = sec_ctx->sadb_x_ctx_len;
479 memcpy(uctx + 1, sec_ctx + 1,
480 uctx->ctx_len);
481
482 return uctx;
483}
484
485static int present_and_same_family(const struct sadb_address *src,
486 const struct sadb_address *dst)
487{
488 const struct sockaddr *s_addr, *d_addr;
489
490 if (!src || !dst)
491 return 0;
492
493 s_addr = (const struct sockaddr *)(src + 1);
494 d_addr = (const struct sockaddr *)(dst + 1);
495 if (s_addr->sa_family != d_addr->sa_family)
496 return 0;
497 if (s_addr->sa_family != AF_INET
498#if IS_ENABLED(CONFIG_IPV6)
499 && s_addr->sa_family != AF_INET6
500#endif
501 )
502 return 0;
503
504 return 1;
505}
506
507static int parse_exthdrs(struct sk_buff *skb, const struct sadb_msg *hdr, void **ext_hdrs)
508{
509 const char *p = (char *) hdr;
510 int len = skb->len;
511
512 len -= sizeof(*hdr);
513 p += sizeof(*hdr);
514 while (len > 0) {
515 const struct sadb_ext *ehdr = (const struct sadb_ext *) p;
516 uint16_t ext_type;
517 int ext_len;
518
519 if (len < sizeof(*ehdr))
520 return -EINVAL;
521
522 ext_len = ehdr->sadb_ext_len;
523 ext_len *= sizeof(uint64_t);
524 ext_type = ehdr->sadb_ext_type;
525 if (ext_len < sizeof(uint64_t) ||
526 ext_len > len ||
527 ext_type == SADB_EXT_RESERVED)
528 return -EINVAL;
529
530 if (ext_type <= SADB_EXT_MAX) {
531 int min = (int) sadb_ext_min_len[ext_type];
532 if (ext_len < min)
533 return -EINVAL;
534 if (ext_hdrs[ext_type-1] != NULL)
535 return -EINVAL;
536 switch (ext_type) {
537 case SADB_EXT_ADDRESS_SRC:
538 case SADB_EXT_ADDRESS_DST:
539 case SADB_EXT_ADDRESS_PROXY:
540 case SADB_X_EXT_NAT_T_OA:
541 if (verify_address_len(p))
542 return -EINVAL;
543 break;
544 case SADB_X_EXT_SEC_CTX:
545 if (verify_sec_ctx_len(p))
546 return -EINVAL;
547 break;
548 case SADB_EXT_KEY_AUTH:
549 case SADB_EXT_KEY_ENCRYPT:
550 if (verify_key_len(p))
551 return -EINVAL;
552 break;
553 default:
554 break;
555 }
556 ext_hdrs[ext_type-1] = (void *) p;
557 }
558 p += ext_len;
559 len -= ext_len;
560 }
561
562 return 0;
563}
564
565static uint16_t
566pfkey_satype2proto(uint8_t satype)
567{
568 switch (satype) {
569 case SADB_SATYPE_UNSPEC:
570 return IPSEC_PROTO_ANY;
571 case SADB_SATYPE_AH:
572 return IPPROTO_AH;
573 case SADB_SATYPE_ESP:
574 return IPPROTO_ESP;
575 case SADB_X_SATYPE_IPCOMP:
576 return IPPROTO_COMP;
577 default:
578 return 0;
579 }
580 /* NOTREACHED */
581}
582
583static uint8_t
584pfkey_proto2satype(uint16_t proto)
585{
586 switch (proto) {
587 case IPPROTO_AH:
588 return SADB_SATYPE_AH;
589 case IPPROTO_ESP:
590 return SADB_SATYPE_ESP;
591 case IPPROTO_COMP:
592 return SADB_X_SATYPE_IPCOMP;
593 default:
594 return 0;
595 }
596 /* NOTREACHED */
597}
598
599/* BTW, this scheme means that there is no way with PFKEY2 sockets to
600 * say specifically 'just raw sockets' as we encode them as 255.
601 */
602
603static uint8_t pfkey_proto_to_xfrm(uint8_t proto)
604{
605 return proto == IPSEC_PROTO_ANY ? 0 : proto;
606}
607
608static uint8_t pfkey_proto_from_xfrm(uint8_t proto)
609{
610 return proto ? proto : IPSEC_PROTO_ANY;
611}
612
613static inline int pfkey_sockaddr_len(sa_family_t family)
614{
615 switch (family) {
616 case AF_INET:
617 return sizeof(struct sockaddr_in);
618#if IS_ENABLED(CONFIG_IPV6)
619 case AF_INET6:
620 return sizeof(struct sockaddr_in6);
621#endif
622 }
623 return 0;
624}
625
626static
627int pfkey_sockaddr_extract(const struct sockaddr *sa, xfrm_address_t *xaddr)
628{
629 switch (sa->sa_family) {
630 case AF_INET:
631 xaddr->a4 =
632 ((struct sockaddr_in *)sa)->sin_addr.s_addr;
633 return AF_INET;
634#if IS_ENABLED(CONFIG_IPV6)
635 case AF_INET6:
636 memcpy(xaddr->a6,
637 &((struct sockaddr_in6 *)sa)->sin6_addr,
638 sizeof(struct in6_addr));
639 return AF_INET6;
640#endif
641 }
642 return 0;
643}
644
645static
646int pfkey_sadb_addr2xfrm_addr(const struct sadb_address *addr, xfrm_address_t *xaddr)
647{
648 return pfkey_sockaddr_extract((struct sockaddr *)(addr + 1),
649 xaddr);
650}
651
652static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, const struct sadb_msg *hdr, void * const *ext_hdrs)
653{
654 const struct sadb_sa *sa;
655 const struct sadb_address *addr;
656 uint16_t proto;
657 unsigned short family;
658 xfrm_address_t *xaddr;
659
660 sa = ext_hdrs[SADB_EXT_SA - 1];
661 if (sa == NULL)
662 return NULL;
663
664 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
665 if (proto == 0)
666 return NULL;
667
668 /* sadb_address_len should be checked by caller */
669 addr = ext_hdrs[SADB_EXT_ADDRESS_DST - 1];
670 if (addr == NULL)
671 return NULL;
672
673 family = ((const struct sockaddr *)(addr + 1))->sa_family;
674 switch (family) {
675 case AF_INET:
676 xaddr = (xfrm_address_t *)&((const struct sockaddr_in *)(addr + 1))->sin_addr;
677 break;
678#if IS_ENABLED(CONFIG_IPV6)
679 case AF_INET6:
680 xaddr = (xfrm_address_t *)&((const struct sockaddr_in6 *)(addr + 1))->sin6_addr;
681 break;
682#endif
683 default:
684 xaddr = NULL;
685 }
686
687 if (!xaddr)
688 return NULL;
689
690 return xfrm_state_lookup(net, DUMMY_MARK, xaddr, sa->sadb_sa_spi, proto, family);
691}
692
693#define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
694
695static int
696pfkey_sockaddr_size(sa_family_t family)
697{
698 return PFKEY_ALIGN8(pfkey_sockaddr_len(family));
699}
700
701static inline int pfkey_mode_from_xfrm(int mode)
702{
703 switch(mode) {
704 case XFRM_MODE_TRANSPORT:
705 return IPSEC_MODE_TRANSPORT;
706 case XFRM_MODE_TUNNEL:
707 return IPSEC_MODE_TUNNEL;
708 case XFRM_MODE_BEET:
709 return IPSEC_MODE_BEET;
710 default:
711 return -1;
712 }
713}
714
715static inline int pfkey_mode_to_xfrm(int mode)
716{
717 switch(mode) {
718 case IPSEC_MODE_ANY: /*XXX*/
719 case IPSEC_MODE_TRANSPORT:
720 return XFRM_MODE_TRANSPORT;
721 case IPSEC_MODE_TUNNEL:
722 return XFRM_MODE_TUNNEL;
723 case IPSEC_MODE_BEET:
724 return XFRM_MODE_BEET;
725 default:
726 return -1;
727 }
728}
729
730static unsigned int pfkey_sockaddr_fill(const xfrm_address_t *xaddr, __be16 port,
731 struct sockaddr *sa,
732 unsigned short family)
733{
734 switch (family) {
735 case AF_INET:
736 {
737 struct sockaddr_in *sin = (struct sockaddr_in *)sa;
738 sin->sin_family = AF_INET;
739 sin->sin_port = port;
740 sin->sin_addr.s_addr = xaddr->a4;
741 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
742 return 32;
743 }
744#if IS_ENABLED(CONFIG_IPV6)
745 case AF_INET6:
746 {
747 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
748 sin6->sin6_family = AF_INET6;
749 sin6->sin6_port = port;
750 sin6->sin6_flowinfo = 0;
751 sin6->sin6_addr = xaddr->in6;
752 sin6->sin6_scope_id = 0;
753 return 128;
754 }
755#endif
756 }
757 return 0;
758}
759
760static struct sk_buff *__pfkey_xfrm_state2msg(const struct xfrm_state *x,
761 int add_keys, int hsc)
762{
763 struct sk_buff *skb;
764 struct sadb_msg *hdr;
765 struct sadb_sa *sa;
766 struct sadb_lifetime *lifetime;
767 struct sadb_address *addr;
768 struct sadb_key *key;
769 struct sadb_x_sa2 *sa2;
770 struct sadb_x_sec_ctx *sec_ctx;
771 struct xfrm_sec_ctx *xfrm_ctx;
772 int ctx_size = 0;
773 int size;
774 int auth_key_size = 0;
775 int encrypt_key_size = 0;
776 int sockaddr_size;
777 struct xfrm_encap_tmpl *natt = NULL;
778 int mode;
779
780 /* address family check */
781 sockaddr_size = pfkey_sockaddr_size(x->props.family);
782 if (!sockaddr_size)
783 return ERR_PTR(-EINVAL);
784
785 /* base, SA, (lifetime (HSC),) address(SD), (address(P),)
786 key(AE), (identity(SD),) (sensitivity)> */
787 size = sizeof(struct sadb_msg) +sizeof(struct sadb_sa) +
788 sizeof(struct sadb_lifetime) +
789 ((hsc & 1) ? sizeof(struct sadb_lifetime) : 0) +
790 ((hsc & 2) ? sizeof(struct sadb_lifetime) : 0) +
791 sizeof(struct sadb_address)*2 +
792 sockaddr_size*2 +
793 sizeof(struct sadb_x_sa2);
794
795 if ((xfrm_ctx = x->security)) {
796 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
797 size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
798 }
799
800 /* identity & sensitivity */
801 if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, x->props.family))
802 size += sizeof(struct sadb_address) + sockaddr_size;
803
804 if (add_keys) {
805 if (x->aalg && x->aalg->alg_key_len) {
806 auth_key_size =
807 PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8);
808 size += sizeof(struct sadb_key) + auth_key_size;
809 }
810 if (x->ealg && x->ealg->alg_key_len) {
811 encrypt_key_size =
812 PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8);
813 size += sizeof(struct sadb_key) + encrypt_key_size;
814 }
815 }
816 if (x->encap)
817 natt = x->encap;
818
819 if (natt && natt->encap_type) {
820 size += sizeof(struct sadb_x_nat_t_type);
821 size += sizeof(struct sadb_x_nat_t_port);
822 size += sizeof(struct sadb_x_nat_t_port);
823 }
824
825 skb = alloc_skb(size + 16, GFP_ATOMIC);
826 if (skb == NULL)
827 return ERR_PTR(-ENOBUFS);
828
829 /* call should fill header later */
830 hdr = skb_put(skb, sizeof(struct sadb_msg));
831 memset(hdr, 0, size); /* XXX do we need this ? */
832 hdr->sadb_msg_len = size / sizeof(uint64_t);
833
834 /* sa */
835 sa = skb_put(skb, sizeof(struct sadb_sa));
836 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
837 sa->sadb_sa_exttype = SADB_EXT_SA;
838 sa->sadb_sa_spi = x->id.spi;
839 sa->sadb_sa_replay = x->props.replay_window;
840 switch (x->km.state) {
841 case XFRM_STATE_VALID:
842 sa->sadb_sa_state = x->km.dying ?
843 SADB_SASTATE_DYING : SADB_SASTATE_MATURE;
844 break;
845 case XFRM_STATE_ACQ:
846 sa->sadb_sa_state = SADB_SASTATE_LARVAL;
847 break;
848 default:
849 sa->sadb_sa_state = SADB_SASTATE_DEAD;
850 break;
851 }
852 sa->sadb_sa_auth = 0;
853 if (x->aalg) {
854 struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
855 sa->sadb_sa_auth = (a && a->pfkey_supported) ?
856 a->desc.sadb_alg_id : 0;
857 }
858 sa->sadb_sa_encrypt = 0;
859 BUG_ON(x->ealg && x->calg);
860 if (x->ealg) {
861 struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0);
862 sa->sadb_sa_encrypt = (a && a->pfkey_supported) ?
863 a->desc.sadb_alg_id : 0;
864 }
865 /* KAME compatible: sadb_sa_encrypt is overloaded with calg id */
866 if (x->calg) {
867 struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0);
868 sa->sadb_sa_encrypt = (a && a->pfkey_supported) ?
869 a->desc.sadb_alg_id : 0;
870 }
871
872 sa->sadb_sa_flags = 0;
873 if (x->props.flags & XFRM_STATE_NOECN)
874 sa->sadb_sa_flags |= SADB_SAFLAGS_NOECN;
875 if (x->props.flags & XFRM_STATE_DECAP_DSCP)
876 sa->sadb_sa_flags |= SADB_SAFLAGS_DECAP_DSCP;
877 if (x->props.flags & XFRM_STATE_NOPMTUDISC)
878 sa->sadb_sa_flags |= SADB_SAFLAGS_NOPMTUDISC;
879
880 /* hard time */
881 if (hsc & 2) {
882 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
883 lifetime->sadb_lifetime_len =
884 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
885 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
886 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.hard_packet_limit);
887 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.hard_byte_limit);
888 lifetime->sadb_lifetime_addtime = x->lft.hard_add_expires_seconds;
889 lifetime->sadb_lifetime_usetime = x->lft.hard_use_expires_seconds;
890 }
891 /* soft time */
892 if (hsc & 1) {
893 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
894 lifetime->sadb_lifetime_len =
895 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
896 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
897 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.soft_packet_limit);
898 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.soft_byte_limit);
899 lifetime->sadb_lifetime_addtime = x->lft.soft_add_expires_seconds;
900 lifetime->sadb_lifetime_usetime = x->lft.soft_use_expires_seconds;
901 }
902 /* current time */
903 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
904 lifetime->sadb_lifetime_len =
905 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
906 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
907 lifetime->sadb_lifetime_allocations = x->curlft.packets;
908 lifetime->sadb_lifetime_bytes = x->curlft.bytes;
909 lifetime->sadb_lifetime_addtime = x->curlft.add_time;
910 lifetime->sadb_lifetime_usetime = x->curlft.use_time;
911 /* src address */
912 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
913 addr->sadb_address_len =
914 (sizeof(struct sadb_address)+sockaddr_size)/
915 sizeof(uint64_t);
916 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
917 /* "if the ports are non-zero, then the sadb_address_proto field,
918 normally zero, MUST be filled in with the transport
919 protocol's number." - RFC2367 */
920 addr->sadb_address_proto = 0;
921 addr->sadb_address_reserved = 0;
922
923 addr->sadb_address_prefixlen =
924 pfkey_sockaddr_fill(&x->props.saddr, 0,
925 (struct sockaddr *) (addr + 1),
926 x->props.family);
927 BUG_ON(!addr->sadb_address_prefixlen);
928
929 /* dst address */
930 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
931 addr->sadb_address_len =
932 (sizeof(struct sadb_address)+sockaddr_size)/
933 sizeof(uint64_t);
934 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
935 addr->sadb_address_proto = 0;
936 addr->sadb_address_reserved = 0;
937
938 addr->sadb_address_prefixlen =
939 pfkey_sockaddr_fill(&x->id.daddr, 0,
940 (struct sockaddr *) (addr + 1),
941 x->props.family);
942 BUG_ON(!addr->sadb_address_prefixlen);
943
944 if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr,
945 x->props.family)) {
946 addr = skb_put(skb,
947 sizeof(struct sadb_address) + sockaddr_size);
948 addr->sadb_address_len =
949 (sizeof(struct sadb_address)+sockaddr_size)/
950 sizeof(uint64_t);
951 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;
952 addr->sadb_address_proto =
953 pfkey_proto_from_xfrm(x->sel.proto);
954 addr->sadb_address_prefixlen = x->sel.prefixlen_s;
955 addr->sadb_address_reserved = 0;
956
957 pfkey_sockaddr_fill(&x->sel.saddr, x->sel.sport,
958 (struct sockaddr *) (addr + 1),
959 x->props.family);
960 }
961
962 /* auth key */
963 if (add_keys && auth_key_size) {
964 key = skb_put(skb, sizeof(struct sadb_key) + auth_key_size);
965 key->sadb_key_len = (sizeof(struct sadb_key) + auth_key_size) /
966 sizeof(uint64_t);
967 key->sadb_key_exttype = SADB_EXT_KEY_AUTH;
968 key->sadb_key_bits = x->aalg->alg_key_len;
969 key->sadb_key_reserved = 0;
970 memcpy(key + 1, x->aalg->alg_key, (x->aalg->alg_key_len+7)/8);
971 }
972 /* encrypt key */
973 if (add_keys && encrypt_key_size) {
974 key = skb_put(skb, sizeof(struct sadb_key) + encrypt_key_size);
975 key->sadb_key_len = (sizeof(struct sadb_key) +
976 encrypt_key_size) / sizeof(uint64_t);
977 key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
978 key->sadb_key_bits = x->ealg->alg_key_len;
979 key->sadb_key_reserved = 0;
980 memcpy(key + 1, x->ealg->alg_key,
981 (x->ealg->alg_key_len+7)/8);
982 }
983
984 /* sa */
985 sa2 = skb_put(skb, sizeof(struct sadb_x_sa2));
986 sa2->sadb_x_sa2_len = sizeof(struct sadb_x_sa2)/sizeof(uint64_t);
987 sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
988 if ((mode = pfkey_mode_from_xfrm(x->props.mode)) < 0) {
989 kfree_skb(skb);
990 return ERR_PTR(-EINVAL);
991 }
992 sa2->sadb_x_sa2_mode = mode;
993 sa2->sadb_x_sa2_reserved1 = 0;
994 sa2->sadb_x_sa2_reserved2 = 0;
995 sa2->sadb_x_sa2_sequence = 0;
996 sa2->sadb_x_sa2_reqid = x->props.reqid;
997
998 if (natt && natt->encap_type) {
999 struct sadb_x_nat_t_type *n_type;
1000 struct sadb_x_nat_t_port *n_port;
1001
1002 /* type */
1003 n_type = skb_put(skb, sizeof(*n_type));
1004 n_type->sadb_x_nat_t_type_len = sizeof(*n_type)/sizeof(uint64_t);
1005 n_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
1006 n_type->sadb_x_nat_t_type_type = natt->encap_type;
1007 n_type->sadb_x_nat_t_type_reserved[0] = 0;
1008 n_type->sadb_x_nat_t_type_reserved[1] = 0;
1009 n_type->sadb_x_nat_t_type_reserved[2] = 0;
1010
1011 /* source port */
1012 n_port = skb_put(skb, sizeof(*n_port));
1013 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
1014 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
1015 n_port->sadb_x_nat_t_port_port = natt->encap_sport;
1016 n_port->sadb_x_nat_t_port_reserved = 0;
1017
1018 /* dest port */
1019 n_port = skb_put(skb, sizeof(*n_port));
1020 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
1021 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
1022 n_port->sadb_x_nat_t_port_port = natt->encap_dport;
1023 n_port->sadb_x_nat_t_port_reserved = 0;
1024 }
1025
1026 /* security context */
1027 if (xfrm_ctx) {
1028 sec_ctx = skb_put(skb,
1029 sizeof(struct sadb_x_sec_ctx) + ctx_size);
1030 sec_ctx->sadb_x_sec_len =
1031 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
1032 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
1033 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
1034 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
1035 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
1036 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
1037 xfrm_ctx->ctx_len);
1038 }
1039
1040 return skb;
1041}
1042
1043
1044static inline struct sk_buff *pfkey_xfrm_state2msg(const struct xfrm_state *x)
1045{
1046 struct sk_buff *skb;
1047
1048 skb = __pfkey_xfrm_state2msg(x, 1, 3);
1049
1050 return skb;
1051}
1052
1053static inline struct sk_buff *pfkey_xfrm_state2msg_expire(const struct xfrm_state *x,
1054 int hsc)
1055{
1056 return __pfkey_xfrm_state2msg(x, 0, hsc);
1057}
1058
1059static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1060 const struct sadb_msg *hdr,
1061 void * const *ext_hdrs)
1062{
1063 struct xfrm_state *x;
1064 const struct sadb_lifetime *lifetime;
1065 const struct sadb_sa *sa;
1066 const struct sadb_key *key;
1067 const struct sadb_x_sec_ctx *sec_ctx;
1068 uint16_t proto;
1069 int err;
1070
1071
1072 sa = ext_hdrs[SADB_EXT_SA - 1];
1073 if (!sa ||
1074 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1075 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1076 return ERR_PTR(-EINVAL);
1077 if (hdr->sadb_msg_satype == SADB_SATYPE_ESP &&
1078 !ext_hdrs[SADB_EXT_KEY_ENCRYPT-1])
1079 return ERR_PTR(-EINVAL);
1080 if (hdr->sadb_msg_satype == SADB_SATYPE_AH &&
1081 !ext_hdrs[SADB_EXT_KEY_AUTH-1])
1082 return ERR_PTR(-EINVAL);
1083 if (!!ext_hdrs[SADB_EXT_LIFETIME_HARD-1] !=
1084 !!ext_hdrs[SADB_EXT_LIFETIME_SOFT-1])
1085 return ERR_PTR(-EINVAL);
1086
1087 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1088 if (proto == 0)
1089 return ERR_PTR(-EINVAL);
1090
1091 /* default error is no buffer space */
1092 err = -ENOBUFS;
1093
1094 /* RFC2367:
1095
1096 Only SADB_SASTATE_MATURE SAs may be submitted in an SADB_ADD message.
1097 SADB_SASTATE_LARVAL SAs are created by SADB_GETSPI and it is not
1098 sensible to add a new SA in the DYING or SADB_SASTATE_DEAD state.
1099 Therefore, the sadb_sa_state field of all submitted SAs MUST be
1100 SADB_SASTATE_MATURE and the kernel MUST return an error if this is
1101 not true.
1102
1103 However, KAME setkey always uses SADB_SASTATE_LARVAL.
1104 Hence, we have to _ignore_ sadb_sa_state, which is also reasonable.
1105 */
1106 if (sa->sadb_sa_auth > SADB_AALG_MAX ||
1107 (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP &&
1108 sa->sadb_sa_encrypt > SADB_X_CALG_MAX) ||
1109 sa->sadb_sa_encrypt > SADB_EALG_MAX)
1110 return ERR_PTR(-EINVAL);
1111 key = ext_hdrs[SADB_EXT_KEY_AUTH - 1];
1112 if (key != NULL &&
1113 sa->sadb_sa_auth != SADB_X_AALG_NULL &&
1114 key->sadb_key_bits == 0)
1115 return ERR_PTR(-EINVAL);
1116 key = ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
1117 if (key != NULL &&
1118 sa->sadb_sa_encrypt != SADB_EALG_NULL &&
1119 key->sadb_key_bits == 0)
1120 return ERR_PTR(-EINVAL);
1121
1122 x = xfrm_state_alloc(net);
1123 if (x == NULL)
1124 return ERR_PTR(-ENOBUFS);
1125
1126 x->id.proto = proto;
1127 x->id.spi = sa->sadb_sa_spi;
1128 x->props.replay_window = min_t(unsigned int, sa->sadb_sa_replay,
1129 (sizeof(x->replay.bitmap) * 8));
1130 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOECN)
1131 x->props.flags |= XFRM_STATE_NOECN;
1132 if (sa->sadb_sa_flags & SADB_SAFLAGS_DECAP_DSCP)
1133 x->props.flags |= XFRM_STATE_DECAP_DSCP;
1134 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC)
1135 x->props.flags |= XFRM_STATE_NOPMTUDISC;
1136
1137 lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD - 1];
1138 if (lifetime != NULL) {
1139 x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1140 x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1141 x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1142 x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1143 }
1144 lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT - 1];
1145 if (lifetime != NULL) {
1146 x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1147 x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1148 x->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1149 x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1150 }
1151
1152 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
1153 if (sec_ctx != NULL) {
1154 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
1155
1156 if (!uctx)
1157 goto out;
1158
1159 err = security_xfrm_state_alloc(x, uctx);
1160 kfree(uctx);
1161
1162 if (err)
1163 goto out;
1164 }
1165
1166 err = -ENOBUFS;
1167 key = ext_hdrs[SADB_EXT_KEY_AUTH - 1];
1168 if (sa->sadb_sa_auth) {
1169 int keysize = 0;
1170 struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth);
1171 if (!a || !a->pfkey_supported) {
1172 err = -ENOSYS;
1173 goto out;
1174 }
1175 if (key)
1176 keysize = (key->sadb_key_bits + 7) / 8;
1177 x->aalg = kmalloc(sizeof(*x->aalg) + keysize, GFP_KERNEL);
1178 if (!x->aalg) {
1179 err = -ENOMEM;
1180 goto out;
1181 }
1182 strcpy(x->aalg->alg_name, a->name);
1183 x->aalg->alg_key_len = 0;
1184 if (key) {
1185 x->aalg->alg_key_len = key->sadb_key_bits;
1186 memcpy(x->aalg->alg_key, key+1, keysize);
1187 }
1188 x->aalg->alg_trunc_len = a->uinfo.auth.icv_truncbits;
1189 x->props.aalgo = sa->sadb_sa_auth;
1190 /* x->algo.flags = sa->sadb_sa_flags; */
1191 }
1192 if (sa->sadb_sa_encrypt) {
1193 if (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
1194 struct xfrm_algo_desc *a = xfrm_calg_get_byid(sa->sadb_sa_encrypt);
1195 if (!a || !a->pfkey_supported) {
1196 err = -ENOSYS;
1197 goto out;
1198 }
1199 x->calg = kmalloc(sizeof(*x->calg), GFP_KERNEL);
1200 if (!x->calg) {
1201 err = -ENOMEM;
1202 goto out;
1203 }
1204 strcpy(x->calg->alg_name, a->name);
1205 x->props.calgo = sa->sadb_sa_encrypt;
1206 } else {
1207 int keysize = 0;
1208 struct xfrm_algo_desc *a = xfrm_ealg_get_byid(sa->sadb_sa_encrypt);
1209 if (!a || !a->pfkey_supported) {
1210 err = -ENOSYS;
1211 goto out;
1212 }
1213 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
1214 if (key)
1215 keysize = (key->sadb_key_bits + 7) / 8;
1216 x->ealg = kmalloc(sizeof(*x->ealg) + keysize, GFP_KERNEL);
1217 if (!x->ealg) {
1218 err = -ENOMEM;
1219 goto out;
1220 }
1221 strcpy(x->ealg->alg_name, a->name);
1222 x->ealg->alg_key_len = 0;
1223 if (key) {
1224 x->ealg->alg_key_len = key->sadb_key_bits;
1225 memcpy(x->ealg->alg_key, key+1, keysize);
1226 }
1227 x->props.ealgo = sa->sadb_sa_encrypt;
1228 x->geniv = a->uinfo.encr.geniv;
1229 }
1230 }
1231 /* x->algo.flags = sa->sadb_sa_flags; */
1232
1233 x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1234 &x->props.saddr);
1235 pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1],
1236 &x->id.daddr);
1237
1238 if (ext_hdrs[SADB_X_EXT_SA2-1]) {
1239 const struct sadb_x_sa2 *sa2 = ext_hdrs[SADB_X_EXT_SA2-1];
1240 int mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1241 if (mode < 0) {
1242 err = -EINVAL;
1243 goto out;
1244 }
1245 x->props.mode = mode;
1246 x->props.reqid = sa2->sadb_x_sa2_reqid;
1247 }
1248
1249 if (ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]) {
1250 const struct sadb_address *addr = ext_hdrs[SADB_EXT_ADDRESS_PROXY-1];
1251
1252 /* Nobody uses this, but we try. */
1253 x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr);
1254 x->sel.prefixlen_s = addr->sadb_address_prefixlen;
1255 }
1256
1257 if (!x->sel.family)
1258 x->sel.family = x->props.family;
1259
1260 if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) {
1261 const struct sadb_x_nat_t_type* n_type;
1262 struct xfrm_encap_tmpl *natt;
1263
1264 x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL);
1265 if (!x->encap) {
1266 err = -ENOMEM;
1267 goto out;
1268 }
1269
1270 natt = x->encap;
1271 n_type = ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1];
1272 natt->encap_type = n_type->sadb_x_nat_t_type_type;
1273
1274 if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) {
1275 const struct sadb_x_nat_t_port *n_port =
1276 ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1];
1277 natt->encap_sport = n_port->sadb_x_nat_t_port_port;
1278 }
1279 if (ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]) {
1280 const struct sadb_x_nat_t_port *n_port =
1281 ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1];
1282 natt->encap_dport = n_port->sadb_x_nat_t_port_port;
1283 }
1284 memset(&natt->encap_oa, 0, sizeof(natt->encap_oa));
1285 }
1286
1287 err = xfrm_init_state(x);
1288 if (err)
1289 goto out;
1290
1291 x->km.seq = hdr->sadb_msg_seq;
1292 return x;
1293
1294out:
1295 x->km.state = XFRM_STATE_DEAD;
1296 xfrm_state_put(x);
1297 return ERR_PTR(err);
1298}
1299
1300static int pfkey_reserved(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1301{
1302 return -EOPNOTSUPP;
1303}
1304
1305static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1306{
1307 struct net *net = sock_net(sk);
1308 struct sk_buff *resp_skb;
1309 struct sadb_x_sa2 *sa2;
1310 struct sadb_address *saddr, *daddr;
1311 struct sadb_msg *out_hdr;
1312 struct sadb_spirange *range;
1313 struct xfrm_state *x = NULL;
1314 int mode;
1315 int err;
1316 u32 min_spi, max_spi;
1317 u32 reqid;
1318 u8 proto;
1319 unsigned short family;
1320 xfrm_address_t *xsaddr = NULL, *xdaddr = NULL;
1321
1322 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1323 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1324 return -EINVAL;
1325
1326 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1327 if (proto == 0)
1328 return -EINVAL;
1329
1330 if ((sa2 = ext_hdrs[SADB_X_EXT_SA2-1]) != NULL) {
1331 mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1332 if (mode < 0)
1333 return -EINVAL;
1334 reqid = sa2->sadb_x_sa2_reqid;
1335 } else {
1336 mode = 0;
1337 reqid = 0;
1338 }
1339
1340 saddr = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
1341 daddr = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
1342
1343 family = ((struct sockaddr *)(saddr + 1))->sa_family;
1344 switch (family) {
1345 case AF_INET:
1346 xdaddr = (xfrm_address_t *)&((struct sockaddr_in *)(daddr + 1))->sin_addr.s_addr;
1347 xsaddr = (xfrm_address_t *)&((struct sockaddr_in *)(saddr + 1))->sin_addr.s_addr;
1348 break;
1349#if IS_ENABLED(CONFIG_IPV6)
1350 case AF_INET6:
1351 xdaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(daddr + 1))->sin6_addr;
1352 xsaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(saddr + 1))->sin6_addr;
1353 break;
1354#endif
1355 }
1356
1357 if (hdr->sadb_msg_seq) {
1358 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
1359 if (x && !xfrm_addr_equal(&x->id.daddr, xdaddr, family)) {
1360 xfrm_state_put(x);
1361 x = NULL;
1362 }
1363 }
1364
1365 if (!x)
1366 x = xfrm_find_acq(net, &dummy_mark, mode, reqid, 0, proto, xdaddr, xsaddr, 1, family);
1367
1368 if (x == NULL)
1369 return -ENOENT;
1370
1371 min_spi = 0x100;
1372 max_spi = 0x0fffffff;
1373
1374 range = ext_hdrs[SADB_EXT_SPIRANGE-1];
1375 if (range) {
1376 min_spi = range->sadb_spirange_min;
1377 max_spi = range->sadb_spirange_max;
1378 }
1379
1380 err = verify_spi_info(x->id.proto, min_spi, max_spi);
1381 if (err) {
1382 xfrm_state_put(x);
1383 return err;
1384 }
1385
1386 err = xfrm_alloc_spi(x, min_spi, max_spi);
1387 resp_skb = err ? ERR_PTR(err) : pfkey_xfrm_state2msg(x);
1388
1389 if (IS_ERR(resp_skb)) {
1390 xfrm_state_put(x);
1391 return PTR_ERR(resp_skb);
1392 }
1393
1394 out_hdr = (struct sadb_msg *) resp_skb->data;
1395 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
1396 out_hdr->sadb_msg_type = SADB_GETSPI;
1397 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
1398 out_hdr->sadb_msg_errno = 0;
1399 out_hdr->sadb_msg_reserved = 0;
1400 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1401 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1402
1403 xfrm_state_put(x);
1404
1405 pfkey_broadcast(resp_skb, GFP_KERNEL, BROADCAST_ONE, sk, net);
1406
1407 return 0;
1408}
1409
1410static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1411{
1412 struct net *net = sock_net(sk);
1413 struct xfrm_state *x;
1414
1415 if (hdr->sadb_msg_len != sizeof(struct sadb_msg)/8)
1416 return -EOPNOTSUPP;
1417
1418 if (hdr->sadb_msg_seq == 0 || hdr->sadb_msg_errno == 0)
1419 return 0;
1420
1421 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
1422 if (x == NULL)
1423 return 0;
1424
1425 spin_lock_bh(&x->lock);
1426 if (x->km.state == XFRM_STATE_ACQ)
1427 x->km.state = XFRM_STATE_ERROR;
1428
1429 spin_unlock_bh(&x->lock);
1430 xfrm_state_put(x);
1431 return 0;
1432}
1433
1434static inline int event2poltype(int event)
1435{
1436 switch (event) {
1437 case XFRM_MSG_DELPOLICY:
1438 return SADB_X_SPDDELETE;
1439 case XFRM_MSG_NEWPOLICY:
1440 return SADB_X_SPDADD;
1441 case XFRM_MSG_UPDPOLICY:
1442 return SADB_X_SPDUPDATE;
1443 case XFRM_MSG_POLEXPIRE:
1444 // return SADB_X_SPDEXPIRE;
1445 default:
1446 pr_err("pfkey: Unknown policy event %d\n", event);
1447 break;
1448 }
1449
1450 return 0;
1451}
1452
1453static inline int event2keytype(int event)
1454{
1455 switch (event) {
1456 case XFRM_MSG_DELSA:
1457 return SADB_DELETE;
1458 case XFRM_MSG_NEWSA:
1459 return SADB_ADD;
1460 case XFRM_MSG_UPDSA:
1461 return SADB_UPDATE;
1462 case XFRM_MSG_EXPIRE:
1463 return SADB_EXPIRE;
1464 default:
1465 pr_err("pfkey: Unknown SA event %d\n", event);
1466 break;
1467 }
1468
1469 return 0;
1470}
1471
1472/* ADD/UPD/DEL */
1473static int key_notify_sa(struct xfrm_state *x, const struct km_event *c)
1474{
1475 struct sk_buff *skb;
1476 struct sadb_msg *hdr;
1477
1478 skb = pfkey_xfrm_state2msg(x);
1479
1480 if (IS_ERR(skb))
1481 return PTR_ERR(skb);
1482
1483 hdr = (struct sadb_msg *) skb->data;
1484 hdr->sadb_msg_version = PF_KEY_V2;
1485 hdr->sadb_msg_type = event2keytype(c->event);
1486 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1487 hdr->sadb_msg_errno = 0;
1488 hdr->sadb_msg_reserved = 0;
1489 hdr->sadb_msg_seq = c->seq;
1490 hdr->sadb_msg_pid = c->portid;
1491
1492 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xs_net(x));
1493
1494 return 0;
1495}
1496
1497static int pfkey_add(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1498{
1499 struct net *net = sock_net(sk);
1500 struct xfrm_state *x;
1501 int err;
1502 struct km_event c;
1503
1504 x = pfkey_msg2xfrm_state(net, hdr, ext_hdrs);
1505 if (IS_ERR(x))
1506 return PTR_ERR(x);
1507
1508 xfrm_state_hold(x);
1509 if (hdr->sadb_msg_type == SADB_ADD)
1510 err = xfrm_state_add(x);
1511 else
1512 err = xfrm_state_update(x);
1513
1514 xfrm_audit_state_add(x, err ? 0 : 1, true);
1515
1516 if (err < 0) {
1517 x->km.state = XFRM_STATE_DEAD;
1518 __xfrm_state_put(x);
1519 goto out;
1520 }
1521
1522 if (hdr->sadb_msg_type == SADB_ADD)
1523 c.event = XFRM_MSG_NEWSA;
1524 else
1525 c.event = XFRM_MSG_UPDSA;
1526 c.seq = hdr->sadb_msg_seq;
1527 c.portid = hdr->sadb_msg_pid;
1528 km_state_notify(x, &c);
1529out:
1530 xfrm_state_put(x);
1531 return err;
1532}
1533
1534static int pfkey_delete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1535{
1536 struct net *net = sock_net(sk);
1537 struct xfrm_state *x;
1538 struct km_event c;
1539 int err;
1540
1541 if (!ext_hdrs[SADB_EXT_SA-1] ||
1542 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1543 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1544 return -EINVAL;
1545
1546 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs);
1547 if (x == NULL)
1548 return -ESRCH;
1549
1550 if ((err = security_xfrm_state_delete(x)))
1551 goto out;
1552
1553 if (xfrm_state_kern(x)) {
1554 err = -EPERM;
1555 goto out;
1556 }
1557
1558 err = xfrm_state_delete(x);
1559
1560 if (err < 0)
1561 goto out;
1562
1563 c.seq = hdr->sadb_msg_seq;
1564 c.portid = hdr->sadb_msg_pid;
1565 c.event = XFRM_MSG_DELSA;
1566 km_state_notify(x, &c);
1567out:
1568 xfrm_audit_state_delete(x, err ? 0 : 1, true);
1569 xfrm_state_put(x);
1570
1571 return err;
1572}
1573
1574static int pfkey_get(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1575{
1576 struct net *net = sock_net(sk);
1577 __u8 proto;
1578 struct sk_buff *out_skb;
1579 struct sadb_msg *out_hdr;
1580 struct xfrm_state *x;
1581
1582 if (!ext_hdrs[SADB_EXT_SA-1] ||
1583 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1584 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1585 return -EINVAL;
1586
1587 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs);
1588 if (x == NULL)
1589 return -ESRCH;
1590
1591 out_skb = pfkey_xfrm_state2msg(x);
1592 proto = x->id.proto;
1593 xfrm_state_put(x);
1594 if (IS_ERR(out_skb))
1595 return PTR_ERR(out_skb);
1596
1597 out_hdr = (struct sadb_msg *) out_skb->data;
1598 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
1599 out_hdr->sadb_msg_type = SADB_GET;
1600 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
1601 out_hdr->sadb_msg_errno = 0;
1602 out_hdr->sadb_msg_reserved = 0;
1603 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1604 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1605 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk));
1606
1607 return 0;
1608}
1609
1610static struct sk_buff *compose_sadb_supported(const struct sadb_msg *orig,
1611 gfp_t allocation)
1612{
1613 struct sk_buff *skb;
1614 struct sadb_msg *hdr;
1615 int len, auth_len, enc_len, i;
1616
1617 auth_len = xfrm_count_pfkey_auth_supported();
1618 if (auth_len) {
1619 auth_len *= sizeof(struct sadb_alg);
1620 auth_len += sizeof(struct sadb_supported);
1621 }
1622
1623 enc_len = xfrm_count_pfkey_enc_supported();
1624 if (enc_len) {
1625 enc_len *= sizeof(struct sadb_alg);
1626 enc_len += sizeof(struct sadb_supported);
1627 }
1628
1629 len = enc_len + auth_len + sizeof(struct sadb_msg);
1630
1631 skb = alloc_skb(len + 16, allocation);
1632 if (!skb)
1633 goto out_put_algs;
1634
1635 hdr = skb_put(skb, sizeof(*hdr));
1636 pfkey_hdr_dup(hdr, orig);
1637 hdr->sadb_msg_errno = 0;
1638 hdr->sadb_msg_len = len / sizeof(uint64_t);
1639
1640 if (auth_len) {
1641 struct sadb_supported *sp;
1642 struct sadb_alg *ap;
1643
1644 sp = skb_put(skb, auth_len);
1645 ap = (struct sadb_alg *) (sp + 1);
1646
1647 sp->sadb_supported_len = auth_len / sizeof(uint64_t);
1648 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
1649
1650 for (i = 0; ; i++) {
1651 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
1652 if (!aalg)
1653 break;
1654 if (!aalg->pfkey_supported)
1655 continue;
1656 if (aalg->available)
1657 *ap++ = aalg->desc;
1658 }
1659 }
1660
1661 if (enc_len) {
1662 struct sadb_supported *sp;
1663 struct sadb_alg *ap;
1664
1665 sp = skb_put(skb, enc_len);
1666 ap = (struct sadb_alg *) (sp + 1);
1667
1668 sp->sadb_supported_len = enc_len / sizeof(uint64_t);
1669 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
1670
1671 for (i = 0; ; i++) {
1672 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
1673 if (!ealg)
1674 break;
1675 if (!ealg->pfkey_supported)
1676 continue;
1677 if (ealg->available)
1678 *ap++ = ealg->desc;
1679 }
1680 }
1681
1682out_put_algs:
1683 return skb;
1684}
1685
1686static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1687{
1688 struct pfkey_sock *pfk = pfkey_sk(sk);
1689 struct sk_buff *supp_skb;
1690
1691 if (hdr->sadb_msg_satype > SADB_SATYPE_MAX)
1692 return -EINVAL;
1693
1694 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) {
1695 if (pfk->registered&(1<<hdr->sadb_msg_satype))
1696 return -EEXIST;
1697 pfk->registered |= (1<<hdr->sadb_msg_satype);
1698 }
1699
1700 xfrm_probe_algs();
1701
1702 supp_skb = compose_sadb_supported(hdr, GFP_KERNEL);
1703 if (!supp_skb) {
1704 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
1705 pfk->registered &= ~(1<<hdr->sadb_msg_satype);
1706
1707 return -ENOBUFS;
1708 }
1709
1710 pfkey_broadcast(supp_skb, GFP_KERNEL, BROADCAST_REGISTERED, sk,
1711 sock_net(sk));
1712 return 0;
1713}
1714
1715static int unicast_flush_resp(struct sock *sk, const struct sadb_msg *ihdr)
1716{
1717 struct sk_buff *skb;
1718 struct sadb_msg *hdr;
1719
1720 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
1721 if (!skb)
1722 return -ENOBUFS;
1723
1724 hdr = skb_put_data(skb, ihdr, sizeof(struct sadb_msg));
1725 hdr->sadb_msg_errno = (uint8_t) 0;
1726 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
1727
1728 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk,
1729 sock_net(sk));
1730}
1731
1732static int key_notify_sa_flush(const struct km_event *c)
1733{
1734 struct sk_buff *skb;
1735 struct sadb_msg *hdr;
1736
1737 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
1738 if (!skb)
1739 return -ENOBUFS;
1740 hdr = skb_put(skb, sizeof(struct sadb_msg));
1741 hdr->sadb_msg_satype = pfkey_proto2satype(c->data.proto);
1742 hdr->sadb_msg_type = SADB_FLUSH;
1743 hdr->sadb_msg_seq = c->seq;
1744 hdr->sadb_msg_pid = c->portid;
1745 hdr->sadb_msg_version = PF_KEY_V2;
1746 hdr->sadb_msg_errno = (uint8_t) 0;
1747 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
1748 hdr->sadb_msg_reserved = 0;
1749
1750 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
1751
1752 return 0;
1753}
1754
1755static int pfkey_flush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1756{
1757 struct net *net = sock_net(sk);
1758 unsigned int proto;
1759 struct km_event c;
1760 int err, err2;
1761
1762 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1763 if (proto == 0)
1764 return -EINVAL;
1765
1766 err = xfrm_state_flush(net, proto, true, false);
1767 err2 = unicast_flush_resp(sk, hdr);
1768 if (err || err2) {
1769 if (err == -ESRCH) /* empty table - go quietly */
1770 err = 0;
1771 return err ? err : err2;
1772 }
1773
1774 c.data.proto = proto;
1775 c.seq = hdr->sadb_msg_seq;
1776 c.portid = hdr->sadb_msg_pid;
1777 c.event = XFRM_MSG_FLUSHSA;
1778 c.net = net;
1779 km_state_notify(NULL, &c);
1780
1781 return 0;
1782}
1783
1784static int dump_sa(struct xfrm_state *x, int count, void *ptr)
1785{
1786 struct pfkey_sock *pfk = ptr;
1787 struct sk_buff *out_skb;
1788 struct sadb_msg *out_hdr;
1789
1790 if (!pfkey_can_dump(&pfk->sk))
1791 return -ENOBUFS;
1792
1793 out_skb = pfkey_xfrm_state2msg(x);
1794 if (IS_ERR(out_skb))
1795 return PTR_ERR(out_skb);
1796
1797 out_hdr = (struct sadb_msg *) out_skb->data;
1798 out_hdr->sadb_msg_version = pfk->dump.msg_version;
1799 out_hdr->sadb_msg_type = SADB_DUMP;
1800 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1801 out_hdr->sadb_msg_errno = 0;
1802 out_hdr->sadb_msg_reserved = 0;
1803 out_hdr->sadb_msg_seq = count + 1;
1804 out_hdr->sadb_msg_pid = pfk->dump.msg_portid;
1805
1806 if (pfk->dump.skb)
1807 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
1808 &pfk->sk, sock_net(&pfk->sk));
1809 pfk->dump.skb = out_skb;
1810
1811 return 0;
1812}
1813
1814static int pfkey_dump_sa(struct pfkey_sock *pfk)
1815{
1816 struct net *net = sock_net(&pfk->sk);
1817 return xfrm_state_walk(net, &pfk->dump.u.state, dump_sa, (void *) pfk);
1818}
1819
1820static void pfkey_dump_sa_done(struct pfkey_sock *pfk)
1821{
1822 struct net *net = sock_net(&pfk->sk);
1823
1824 xfrm_state_walk_done(&pfk->dump.u.state, net);
1825}
1826
1827static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1828{
1829 u8 proto;
1830 struct xfrm_address_filter *filter = NULL;
1831 struct pfkey_sock *pfk = pfkey_sk(sk);
1832
1833 mutex_lock(&pfk->dump_lock);
1834 if (pfk->dump.dump != NULL) {
1835 mutex_unlock(&pfk->dump_lock);
1836 return -EBUSY;
1837 }
1838
1839 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1840 if (proto == 0) {
1841 mutex_unlock(&pfk->dump_lock);
1842 return -EINVAL;
1843 }
1844
1845 if (ext_hdrs[SADB_X_EXT_FILTER - 1]) {
1846 struct sadb_x_filter *xfilter = ext_hdrs[SADB_X_EXT_FILTER - 1];
1847
1848 if ((xfilter->sadb_x_filter_splen >=
1849 (sizeof(xfrm_address_t) << 3)) ||
1850 (xfilter->sadb_x_filter_dplen >=
1851 (sizeof(xfrm_address_t) << 3))) {
1852 mutex_unlock(&pfk->dump_lock);
1853 return -EINVAL;
1854 }
1855 filter = kmalloc(sizeof(*filter), GFP_KERNEL);
1856 if (filter == NULL) {
1857 mutex_unlock(&pfk->dump_lock);
1858 return -ENOMEM;
1859 }
1860
1861 memcpy(&filter->saddr, &xfilter->sadb_x_filter_saddr,
1862 sizeof(xfrm_address_t));
1863 memcpy(&filter->daddr, &xfilter->sadb_x_filter_daddr,
1864 sizeof(xfrm_address_t));
1865 filter->family = xfilter->sadb_x_filter_family;
1866 filter->splen = xfilter->sadb_x_filter_splen;
1867 filter->dplen = xfilter->sadb_x_filter_dplen;
1868 }
1869
1870 pfk->dump.msg_version = hdr->sadb_msg_version;
1871 pfk->dump.msg_portid = hdr->sadb_msg_pid;
1872 pfk->dump.dump = pfkey_dump_sa;
1873 pfk->dump.done = pfkey_dump_sa_done;
1874 xfrm_state_walk_init(&pfk->dump.u.state, proto, filter);
1875 mutex_unlock(&pfk->dump_lock);
1876
1877 return pfkey_do_dump(pfk);
1878}
1879
1880static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1881{
1882 struct pfkey_sock *pfk = pfkey_sk(sk);
1883 int satype = hdr->sadb_msg_satype;
1884 bool reset_errno = false;
1885
1886 if (hdr->sadb_msg_len == (sizeof(*hdr) / sizeof(uint64_t))) {
1887 reset_errno = true;
1888 if (satype != 0 && satype != 1)
1889 return -EINVAL;
1890 pfk->promisc = satype;
1891 }
1892 if (reset_errno && skb_cloned(skb))
1893 skb = skb_copy(skb, GFP_KERNEL);
1894 else
1895 skb = skb_clone(skb, GFP_KERNEL);
1896
1897 if (reset_errno && skb) {
1898 struct sadb_msg *new_hdr = (struct sadb_msg *) skb->data;
1899 new_hdr->sadb_msg_errno = 0;
1900 }
1901
1902 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ALL, NULL, sock_net(sk));
1903 return 0;
1904}
1905
1906static int check_reqid(struct xfrm_policy *xp, int dir, int count, void *ptr)
1907{
1908 int i;
1909 u32 reqid = *(u32*)ptr;
1910
1911 for (i=0; i<xp->xfrm_nr; i++) {
1912 if (xp->xfrm_vec[i].reqid == reqid)
1913 return -EEXIST;
1914 }
1915 return 0;
1916}
1917
1918static u32 gen_reqid(struct net *net)
1919{
1920 struct xfrm_policy_walk walk;
1921 u32 start;
1922 int rc;
1923 static u32 reqid = IPSEC_MANUAL_REQID_MAX;
1924
1925 start = reqid;
1926 do {
1927 ++reqid;
1928 if (reqid == 0)
1929 reqid = IPSEC_MANUAL_REQID_MAX+1;
1930 xfrm_policy_walk_init(&walk, XFRM_POLICY_TYPE_MAIN);
1931 rc = xfrm_policy_walk(net, &walk, check_reqid, (void*)&reqid);
1932 xfrm_policy_walk_done(&walk, net);
1933 if (rc != -EEXIST)
1934 return reqid;
1935 } while (reqid != start);
1936 return 0;
1937}
1938
1939static int
1940parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
1941{
1942 struct net *net = xp_net(xp);
1943 struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr;
1944 int mode;
1945
1946 if (xp->xfrm_nr >= XFRM_MAX_DEPTH)
1947 return -ELOOP;
1948
1949 if (rq->sadb_x_ipsecrequest_mode == 0)
1950 return -EINVAL;
1951 if (!xfrm_id_proto_valid(rq->sadb_x_ipsecrequest_proto))
1952 return -EINVAL;
1953
1954 t->id.proto = rq->sadb_x_ipsecrequest_proto;
1955 if ((mode = pfkey_mode_to_xfrm(rq->sadb_x_ipsecrequest_mode)) < 0)
1956 return -EINVAL;
1957 t->mode = mode;
1958 if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_USE)
1959 t->optional = 1;
1960 else if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_UNIQUE) {
1961 t->reqid = rq->sadb_x_ipsecrequest_reqid;
1962 if (t->reqid > IPSEC_MANUAL_REQID_MAX)
1963 t->reqid = 0;
1964 if (!t->reqid && !(t->reqid = gen_reqid(net)))
1965 return -ENOBUFS;
1966 }
1967
1968 /* addresses present only in tunnel mode */
1969 if (t->mode == XFRM_MODE_TUNNEL) {
1970 int err;
1971
1972 err = parse_sockaddr_pair(
1973 (struct sockaddr *)(rq + 1),
1974 rq->sadb_x_ipsecrequest_len - sizeof(*rq),
1975 &t->saddr, &t->id.daddr, &t->encap_family);
1976 if (err)
1977 return err;
1978 } else
1979 t->encap_family = xp->family;
1980
1981 /* No way to set this via kame pfkey */
1982 t->allalgs = 1;
1983 xp->xfrm_nr++;
1984 return 0;
1985}
1986
1987static int
1988parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol)
1989{
1990 int err;
1991 int len = pol->sadb_x_policy_len*8 - sizeof(struct sadb_x_policy);
1992 struct sadb_x_ipsecrequest *rq = (void*)(pol+1);
1993
1994 if (pol->sadb_x_policy_len * 8 < sizeof(struct sadb_x_policy))
1995 return -EINVAL;
1996
1997 while (len >= sizeof(*rq)) {
1998 if (len < rq->sadb_x_ipsecrequest_len ||
1999 rq->sadb_x_ipsecrequest_len < sizeof(*rq))
2000 return -EINVAL;
2001
2002 if ((err = parse_ipsecrequest(xp, rq)) < 0)
2003 return err;
2004 len -= rq->sadb_x_ipsecrequest_len;
2005 rq = (void*)((u8*)rq + rq->sadb_x_ipsecrequest_len);
2006 }
2007 return 0;
2008}
2009
2010static inline int pfkey_xfrm_policy2sec_ctx_size(const struct xfrm_policy *xp)
2011{
2012 struct xfrm_sec_ctx *xfrm_ctx = xp->security;
2013
2014 if (xfrm_ctx) {
2015 int len = sizeof(struct sadb_x_sec_ctx);
2016 len += xfrm_ctx->ctx_len;
2017 return PFKEY_ALIGN8(len);
2018 }
2019 return 0;
2020}
2021
2022static int pfkey_xfrm_policy2msg_size(const struct xfrm_policy *xp)
2023{
2024 const struct xfrm_tmpl *t;
2025 int sockaddr_size = pfkey_sockaddr_size(xp->family);
2026 int socklen = 0;
2027 int i;
2028
2029 for (i=0; i<xp->xfrm_nr; i++) {
2030 t = xp->xfrm_vec + i;
2031 socklen += pfkey_sockaddr_len(t->encap_family);
2032 }
2033
2034 return sizeof(struct sadb_msg) +
2035 (sizeof(struct sadb_lifetime) * 3) +
2036 (sizeof(struct sadb_address) * 2) +
2037 (sockaddr_size * 2) +
2038 sizeof(struct sadb_x_policy) +
2039 (xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) +
2040 (socklen * 2) +
2041 pfkey_xfrm_policy2sec_ctx_size(xp);
2042}
2043
2044static struct sk_buff * pfkey_xfrm_policy2msg_prep(const struct xfrm_policy *xp)
2045{
2046 struct sk_buff *skb;
2047 int size;
2048
2049 size = pfkey_xfrm_policy2msg_size(xp);
2050
2051 skb = alloc_skb(size + 16, GFP_ATOMIC);
2052 if (skb == NULL)
2053 return ERR_PTR(-ENOBUFS);
2054
2055 return skb;
2056}
2057
2058static int pfkey_xfrm_policy2msg(struct sk_buff *skb, const struct xfrm_policy *xp, int dir)
2059{
2060 struct sadb_msg *hdr;
2061 struct sadb_address *addr;
2062 struct sadb_lifetime *lifetime;
2063 struct sadb_x_policy *pol;
2064 struct sadb_x_sec_ctx *sec_ctx;
2065 struct xfrm_sec_ctx *xfrm_ctx;
2066 int i;
2067 int size;
2068 int sockaddr_size = pfkey_sockaddr_size(xp->family);
2069 int socklen = pfkey_sockaddr_len(xp->family);
2070
2071 size = pfkey_xfrm_policy2msg_size(xp);
2072
2073 /* call should fill header later */
2074 hdr = skb_put(skb, sizeof(struct sadb_msg));
2075 memset(hdr, 0, size); /* XXX do we need this ? */
2076
2077 /* src address */
2078 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
2079 addr->sadb_address_len =
2080 (sizeof(struct sadb_address)+sockaddr_size)/
2081 sizeof(uint64_t);
2082 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
2083 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2084 addr->sadb_address_prefixlen = xp->selector.prefixlen_s;
2085 addr->sadb_address_reserved = 0;
2086 if (!pfkey_sockaddr_fill(&xp->selector.saddr,
2087 xp->selector.sport,
2088 (struct sockaddr *) (addr + 1),
2089 xp->family))
2090 BUG();
2091
2092 /* dst address */
2093 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
2094 addr->sadb_address_len =
2095 (sizeof(struct sadb_address)+sockaddr_size)/
2096 sizeof(uint64_t);
2097 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
2098 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2099 addr->sadb_address_prefixlen = xp->selector.prefixlen_d;
2100 addr->sadb_address_reserved = 0;
2101
2102 pfkey_sockaddr_fill(&xp->selector.daddr, xp->selector.dport,
2103 (struct sockaddr *) (addr + 1),
2104 xp->family);
2105
2106 /* hard time */
2107 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
2108 lifetime->sadb_lifetime_len =
2109 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2110 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2111 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.hard_packet_limit);
2112 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.hard_byte_limit);
2113 lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds;
2114 lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds;
2115 /* soft time */
2116 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
2117 lifetime->sadb_lifetime_len =
2118 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2119 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
2120 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.soft_packet_limit);
2121 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.soft_byte_limit);
2122 lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds;
2123 lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds;
2124 /* current time */
2125 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
2126 lifetime->sadb_lifetime_len =
2127 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2128 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2129 lifetime->sadb_lifetime_allocations = xp->curlft.packets;
2130 lifetime->sadb_lifetime_bytes = xp->curlft.bytes;
2131 lifetime->sadb_lifetime_addtime = xp->curlft.add_time;
2132 lifetime->sadb_lifetime_usetime = xp->curlft.use_time;
2133
2134 pol = skb_put(skb, sizeof(struct sadb_x_policy));
2135 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
2136 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
2137 pol->sadb_x_policy_type = IPSEC_POLICY_DISCARD;
2138 if (xp->action == XFRM_POLICY_ALLOW) {
2139 if (xp->xfrm_nr)
2140 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
2141 else
2142 pol->sadb_x_policy_type = IPSEC_POLICY_NONE;
2143 }
2144 pol->sadb_x_policy_dir = dir+1;
2145 pol->sadb_x_policy_reserved = 0;
2146 pol->sadb_x_policy_id = xp->index;
2147 pol->sadb_x_policy_priority = xp->priority;
2148
2149 for (i=0; i<xp->xfrm_nr; i++) {
2150 const struct xfrm_tmpl *t = xp->xfrm_vec + i;
2151 struct sadb_x_ipsecrequest *rq;
2152 int req_size;
2153 int mode;
2154
2155 req_size = sizeof(struct sadb_x_ipsecrequest);
2156 if (t->mode == XFRM_MODE_TUNNEL) {
2157 socklen = pfkey_sockaddr_len(t->encap_family);
2158 req_size += socklen * 2;
2159 } else {
2160 size -= 2*socklen;
2161 }
2162 rq = skb_put(skb, req_size);
2163 pol->sadb_x_policy_len += req_size/8;
2164 memset(rq, 0, sizeof(*rq));
2165 rq->sadb_x_ipsecrequest_len = req_size;
2166 rq->sadb_x_ipsecrequest_proto = t->id.proto;
2167 if ((mode = pfkey_mode_from_xfrm(t->mode)) < 0)
2168 return -EINVAL;
2169 rq->sadb_x_ipsecrequest_mode = mode;
2170 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE;
2171 if (t->reqid)
2172 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
2173 if (t->optional)
2174 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_USE;
2175 rq->sadb_x_ipsecrequest_reqid = t->reqid;
2176
2177 if (t->mode == XFRM_MODE_TUNNEL) {
2178 u8 *sa = (void *)(rq + 1);
2179 pfkey_sockaddr_fill(&t->saddr, 0,
2180 (struct sockaddr *)sa,
2181 t->encap_family);
2182 pfkey_sockaddr_fill(&t->id.daddr, 0,
2183 (struct sockaddr *) (sa + socklen),
2184 t->encap_family);
2185 }
2186 }
2187
2188 /* security context */
2189 if ((xfrm_ctx = xp->security)) {
2190 int ctx_size = pfkey_xfrm_policy2sec_ctx_size(xp);
2191
2192 sec_ctx = skb_put(skb, ctx_size);
2193 sec_ctx->sadb_x_sec_len = ctx_size / sizeof(uint64_t);
2194 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
2195 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
2196 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
2197 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
2198 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
2199 xfrm_ctx->ctx_len);
2200 }
2201
2202 hdr->sadb_msg_len = size / sizeof(uint64_t);
2203 hdr->sadb_msg_reserved = refcount_read(&xp->refcnt);
2204
2205 return 0;
2206}
2207
2208static int key_notify_policy(struct xfrm_policy *xp, int dir, const struct km_event *c)
2209{
2210 struct sk_buff *out_skb;
2211 struct sadb_msg *out_hdr;
2212 int err;
2213
2214 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2215 if (IS_ERR(out_skb))
2216 return PTR_ERR(out_skb);
2217
2218 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2219 if (err < 0) {
2220 kfree_skb(out_skb);
2221 return err;
2222 }
2223
2224 out_hdr = (struct sadb_msg *) out_skb->data;
2225 out_hdr->sadb_msg_version = PF_KEY_V2;
2226
2227 if (c->data.byid && c->event == XFRM_MSG_DELPOLICY)
2228 out_hdr->sadb_msg_type = SADB_X_SPDDELETE2;
2229 else
2230 out_hdr->sadb_msg_type = event2poltype(c->event);
2231 out_hdr->sadb_msg_errno = 0;
2232 out_hdr->sadb_msg_seq = c->seq;
2233 out_hdr->sadb_msg_pid = c->portid;
2234 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp));
2235 return 0;
2236
2237}
2238
2239static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2240{
2241 struct net *net = sock_net(sk);
2242 int err = 0;
2243 struct sadb_lifetime *lifetime;
2244 struct sadb_address *sa;
2245 struct sadb_x_policy *pol;
2246 struct xfrm_policy *xp;
2247 struct km_event c;
2248 struct sadb_x_sec_ctx *sec_ctx;
2249
2250 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2251 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
2252 !ext_hdrs[SADB_X_EXT_POLICY-1])
2253 return -EINVAL;
2254
2255 pol = ext_hdrs[SADB_X_EXT_POLICY-1];
2256 if (pol->sadb_x_policy_type > IPSEC_POLICY_IPSEC)
2257 return -EINVAL;
2258 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2259 return -EINVAL;
2260
2261 xp = xfrm_policy_alloc(net, GFP_KERNEL);
2262 if (xp == NULL)
2263 return -ENOBUFS;
2264
2265 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
2266 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
2267 xp->priority = pol->sadb_x_policy_priority;
2268
2269 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
2270 xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
2271 xp->selector.family = xp->family;
2272 xp->selector.prefixlen_s = sa->sadb_address_prefixlen;
2273 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2274 xp->selector.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2275 if (xp->selector.sport)
2276 xp->selector.sport_mask = htons(0xffff);
2277
2278 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
2279 pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr);
2280 xp->selector.prefixlen_d = sa->sadb_address_prefixlen;
2281
2282 /* Amusing, we set this twice. KAME apps appear to set same value
2283 * in both addresses.
2284 */
2285 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2286
2287 xp->selector.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2288 if (xp->selector.dport)
2289 xp->selector.dport_mask = htons(0xffff);
2290
2291 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
2292 if (sec_ctx != NULL) {
2293 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
2294
2295 if (!uctx) {
2296 err = -ENOBUFS;
2297 goto out;
2298 }
2299
2300 err = security_xfrm_policy_alloc(&xp->security, uctx, GFP_KERNEL);
2301 kfree(uctx);
2302
2303 if (err)
2304 goto out;
2305 }
2306
2307 xp->lft.soft_byte_limit = XFRM_INF;
2308 xp->lft.hard_byte_limit = XFRM_INF;
2309 xp->lft.soft_packet_limit = XFRM_INF;
2310 xp->lft.hard_packet_limit = XFRM_INF;
2311 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD-1]) != NULL) {
2312 xp->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2313 xp->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2314 xp->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2315 xp->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2316 }
2317 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]) != NULL) {
2318 xp->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2319 xp->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2320 xp->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2321 xp->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2322 }
2323 xp->xfrm_nr = 0;
2324 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
2325 (err = parse_ipsecrequests(xp, pol)) < 0)
2326 goto out;
2327
2328 err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp,
2329 hdr->sadb_msg_type != SADB_X_SPDUPDATE);
2330
2331 xfrm_audit_policy_add(xp, err ? 0 : 1, true);
2332
2333 if (err)
2334 goto out;
2335
2336 if (hdr->sadb_msg_type == SADB_X_SPDUPDATE)
2337 c.event = XFRM_MSG_UPDPOLICY;
2338 else
2339 c.event = XFRM_MSG_NEWPOLICY;
2340
2341 c.seq = hdr->sadb_msg_seq;
2342 c.portid = hdr->sadb_msg_pid;
2343
2344 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2345 xfrm_pol_put(xp);
2346 return 0;
2347
2348out:
2349 xp->walk.dead = 1;
2350 xfrm_policy_destroy(xp);
2351 return err;
2352}
2353
2354static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2355{
2356 struct net *net = sock_net(sk);
2357 int err;
2358 struct sadb_address *sa;
2359 struct sadb_x_policy *pol;
2360 struct xfrm_policy *xp;
2361 struct xfrm_selector sel;
2362 struct km_event c;
2363 struct sadb_x_sec_ctx *sec_ctx;
2364 struct xfrm_sec_ctx *pol_ctx = NULL;
2365
2366 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2367 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
2368 !ext_hdrs[SADB_X_EXT_POLICY-1])
2369 return -EINVAL;
2370
2371 pol = ext_hdrs[SADB_X_EXT_POLICY-1];
2372 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2373 return -EINVAL;
2374
2375 memset(&sel, 0, sizeof(sel));
2376
2377 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
2378 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2379 sel.prefixlen_s = sa->sadb_address_prefixlen;
2380 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2381 sel.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2382 if (sel.sport)
2383 sel.sport_mask = htons(0xffff);
2384
2385 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
2386 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2387 sel.prefixlen_d = sa->sadb_address_prefixlen;
2388 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2389 sel.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2390 if (sel.dport)
2391 sel.dport_mask = htons(0xffff);
2392
2393 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
2394 if (sec_ctx != NULL) {
2395 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
2396
2397 if (!uctx)
2398 return -ENOMEM;
2399
2400 err = security_xfrm_policy_alloc(&pol_ctx, uctx, GFP_KERNEL);
2401 kfree(uctx);
2402 if (err)
2403 return err;
2404 }
2405
2406 xp = xfrm_policy_bysel_ctx(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN,
2407 pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
2408 1, &err);
2409 security_xfrm_policy_free(pol_ctx);
2410 if (xp == NULL)
2411 return -ENOENT;
2412
2413 xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
2414
2415 if (err)
2416 goto out;
2417
2418 c.seq = hdr->sadb_msg_seq;
2419 c.portid = hdr->sadb_msg_pid;
2420 c.data.byid = 0;
2421 c.event = XFRM_MSG_DELPOLICY;
2422 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2423
2424out:
2425 xfrm_pol_put(xp);
2426 return err;
2427}
2428
2429static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, const struct sadb_msg *hdr, int dir)
2430{
2431 int err;
2432 struct sk_buff *out_skb;
2433 struct sadb_msg *out_hdr;
2434 err = 0;
2435
2436 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2437 if (IS_ERR(out_skb)) {
2438 err = PTR_ERR(out_skb);
2439 goto out;
2440 }
2441 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2442 if (err < 0) {
2443 kfree_skb(out_skb);
2444 goto out;
2445 }
2446
2447 out_hdr = (struct sadb_msg *) out_skb->data;
2448 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
2449 out_hdr->sadb_msg_type = hdr->sadb_msg_type;
2450 out_hdr->sadb_msg_satype = 0;
2451 out_hdr->sadb_msg_errno = 0;
2452 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
2453 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
2454 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, xp_net(xp));
2455 err = 0;
2456
2457out:
2458 return err;
2459}
2460
2461static int pfkey_sockaddr_pair_size(sa_family_t family)
2462{
2463 return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2);
2464}
2465
2466static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
2467 xfrm_address_t *saddr, xfrm_address_t *daddr,
2468 u16 *family)
2469{
2470 int af, socklen;
2471
2472 if (ext_len < 2 || ext_len < pfkey_sockaddr_pair_size(sa->sa_family))
2473 return -EINVAL;
2474
2475 af = pfkey_sockaddr_extract(sa, saddr);
2476 if (!af)
2477 return -EINVAL;
2478
2479 socklen = pfkey_sockaddr_len(af);
2480 if (pfkey_sockaddr_extract((struct sockaddr *) (((u8 *)sa) + socklen),
2481 daddr) != af)
2482 return -EINVAL;
2483
2484 *family = af;
2485 return 0;
2486}
2487
2488#ifdef CONFIG_NET_KEY_MIGRATE
2489static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
2490 struct xfrm_migrate *m)
2491{
2492 int err;
2493 struct sadb_x_ipsecrequest *rq2;
2494 int mode;
2495
2496 if (len < sizeof(*rq1) ||
2497 len < rq1->sadb_x_ipsecrequest_len ||
2498 rq1->sadb_x_ipsecrequest_len < sizeof(*rq1))
2499 return -EINVAL;
2500
2501 /* old endoints */
2502 err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1),
2503 rq1->sadb_x_ipsecrequest_len - sizeof(*rq1),
2504 &m->old_saddr, &m->old_daddr,
2505 &m->old_family);
2506 if (err)
2507 return err;
2508
2509 rq2 = (struct sadb_x_ipsecrequest *)((u8 *)rq1 + rq1->sadb_x_ipsecrequest_len);
2510 len -= rq1->sadb_x_ipsecrequest_len;
2511
2512 if (len <= sizeof(*rq2) ||
2513 len < rq2->sadb_x_ipsecrequest_len ||
2514 rq2->sadb_x_ipsecrequest_len < sizeof(*rq2))
2515 return -EINVAL;
2516
2517 /* new endpoints */
2518 err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1),
2519 rq2->sadb_x_ipsecrequest_len - sizeof(*rq2),
2520 &m->new_saddr, &m->new_daddr,
2521 &m->new_family);
2522 if (err)
2523 return err;
2524
2525 if (rq1->sadb_x_ipsecrequest_proto != rq2->sadb_x_ipsecrequest_proto ||
2526 rq1->sadb_x_ipsecrequest_mode != rq2->sadb_x_ipsecrequest_mode ||
2527 rq1->sadb_x_ipsecrequest_reqid != rq2->sadb_x_ipsecrequest_reqid)
2528 return -EINVAL;
2529
2530 m->proto = rq1->sadb_x_ipsecrequest_proto;
2531 if ((mode = pfkey_mode_to_xfrm(rq1->sadb_x_ipsecrequest_mode)) < 0)
2532 return -EINVAL;
2533 m->mode = mode;
2534 m->reqid = rq1->sadb_x_ipsecrequest_reqid;
2535
2536 return ((int)(rq1->sadb_x_ipsecrequest_len +
2537 rq2->sadb_x_ipsecrequest_len));
2538}
2539
2540static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2541 const struct sadb_msg *hdr, void * const *ext_hdrs)
2542{
2543 int i, len, ret, err = -EINVAL;
2544 u8 dir;
2545 struct sadb_address *sa;
2546 struct sadb_x_kmaddress *kma;
2547 struct sadb_x_policy *pol;
2548 struct sadb_x_ipsecrequest *rq;
2549 struct xfrm_selector sel;
2550 struct xfrm_migrate m[XFRM_MAX_DEPTH];
2551 struct xfrm_kmaddress k;
2552 struct net *net = sock_net(sk);
2553
2554 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1],
2555 ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) ||
2556 !ext_hdrs[SADB_X_EXT_POLICY - 1]) {
2557 err = -EINVAL;
2558 goto out;
2559 }
2560
2561 kma = ext_hdrs[SADB_X_EXT_KMADDRESS - 1];
2562 pol = ext_hdrs[SADB_X_EXT_POLICY - 1];
2563
2564 if (pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) {
2565 err = -EINVAL;
2566 goto out;
2567 }
2568
2569 if (kma) {
2570 /* convert sadb_x_kmaddress to xfrm_kmaddress */
2571 k.reserved = kma->sadb_x_kmaddress_reserved;
2572 ret = parse_sockaddr_pair((struct sockaddr *)(kma + 1),
2573 8*(kma->sadb_x_kmaddress_len) - sizeof(*kma),
2574 &k.local, &k.remote, &k.family);
2575 if (ret < 0) {
2576 err = ret;
2577 goto out;
2578 }
2579 }
2580
2581 dir = pol->sadb_x_policy_dir - 1;
2582 memset(&sel, 0, sizeof(sel));
2583
2584 /* set source address info of selector */
2585 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC - 1];
2586 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2587 sel.prefixlen_s = sa->sadb_address_prefixlen;
2588 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2589 sel.sport = ((struct sockaddr_in *)(sa + 1))->sin_port;
2590 if (sel.sport)
2591 sel.sport_mask = htons(0xffff);
2592
2593 /* set destination address info of selector */
2594 sa = ext_hdrs[SADB_EXT_ADDRESS_DST - 1];
2595 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2596 sel.prefixlen_d = sa->sadb_address_prefixlen;
2597 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2598 sel.dport = ((struct sockaddr_in *)(sa + 1))->sin_port;
2599 if (sel.dport)
2600 sel.dport_mask = htons(0xffff);
2601
2602 rq = (struct sadb_x_ipsecrequest *)(pol + 1);
2603
2604 /* extract ipsecrequests */
2605 i = 0;
2606 len = pol->sadb_x_policy_len * 8 - sizeof(struct sadb_x_policy);
2607
2608 while (len > 0 && i < XFRM_MAX_DEPTH) {
2609 ret = ipsecrequests_to_migrate(rq, len, &m[i]);
2610 if (ret < 0) {
2611 err = ret;
2612 goto out;
2613 } else {
2614 rq = (struct sadb_x_ipsecrequest *)((u8 *)rq + ret);
2615 len -= ret;
2616 i++;
2617 }
2618 }
2619
2620 if (!i || len > 0) {
2621 err = -EINVAL;
2622 goto out;
2623 }
2624
2625 return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,
2626 kma ? &k : NULL, net, NULL);
2627
2628 out:
2629 return err;
2630}
2631#else
2632static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2633 const struct sadb_msg *hdr, void * const *ext_hdrs)
2634{
2635 return -ENOPROTOOPT;
2636}
2637#endif
2638
2639
2640static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2641{
2642 struct net *net = sock_net(sk);
2643 unsigned int dir;
2644 int err = 0, delete;
2645 struct sadb_x_policy *pol;
2646 struct xfrm_policy *xp;
2647 struct km_event c;
2648
2649 if ((pol = ext_hdrs[SADB_X_EXT_POLICY-1]) == NULL)
2650 return -EINVAL;
2651
2652 dir = xfrm_policy_id2dir(pol->sadb_x_policy_id);
2653 if (dir >= XFRM_POLICY_MAX)
2654 return -EINVAL;
2655
2656 delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
2657 xp = xfrm_policy_byid(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN,
2658 dir, pol->sadb_x_policy_id, delete, &err);
2659 if (xp == NULL)
2660 return -ENOENT;
2661
2662 if (delete) {
2663 xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
2664
2665 if (err)
2666 goto out;
2667 c.seq = hdr->sadb_msg_seq;
2668 c.portid = hdr->sadb_msg_pid;
2669 c.data.byid = 1;
2670 c.event = XFRM_MSG_DELPOLICY;
2671 km_policy_notify(xp, dir, &c);
2672 } else {
2673 err = key_pol_get_resp(sk, xp, hdr, dir);
2674 }
2675
2676out:
2677 xfrm_pol_put(xp);
2678 return err;
2679}
2680
2681static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr)
2682{
2683 struct pfkey_sock *pfk = ptr;
2684 struct sk_buff *out_skb;
2685 struct sadb_msg *out_hdr;
2686 int err;
2687
2688 if (!pfkey_can_dump(&pfk->sk))
2689 return -ENOBUFS;
2690
2691 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2692 if (IS_ERR(out_skb))
2693 return PTR_ERR(out_skb);
2694
2695 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2696 if (err < 0) {
2697 kfree_skb(out_skb);
2698 return err;
2699 }
2700
2701 out_hdr = (struct sadb_msg *) out_skb->data;
2702 out_hdr->sadb_msg_version = pfk->dump.msg_version;
2703 out_hdr->sadb_msg_type = SADB_X_SPDDUMP;
2704 out_hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
2705 out_hdr->sadb_msg_errno = 0;
2706 out_hdr->sadb_msg_seq = count + 1;
2707 out_hdr->sadb_msg_pid = pfk->dump.msg_portid;
2708
2709 if (pfk->dump.skb)
2710 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
2711 &pfk->sk, sock_net(&pfk->sk));
2712 pfk->dump.skb = out_skb;
2713
2714 return 0;
2715}
2716
2717static int pfkey_dump_sp(struct pfkey_sock *pfk)
2718{
2719 struct net *net = sock_net(&pfk->sk);
2720 return xfrm_policy_walk(net, &pfk->dump.u.policy, dump_sp, (void *) pfk);
2721}
2722
2723static void pfkey_dump_sp_done(struct pfkey_sock *pfk)
2724{
2725 struct net *net = sock_net((struct sock *)pfk);
2726
2727 xfrm_policy_walk_done(&pfk->dump.u.policy, net);
2728}
2729
2730static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2731{
2732 struct pfkey_sock *pfk = pfkey_sk(sk);
2733
2734 mutex_lock(&pfk->dump_lock);
2735 if (pfk->dump.dump != NULL) {
2736 mutex_unlock(&pfk->dump_lock);
2737 return -EBUSY;
2738 }
2739
2740 pfk->dump.msg_version = hdr->sadb_msg_version;
2741 pfk->dump.msg_portid = hdr->sadb_msg_pid;
2742 pfk->dump.dump = pfkey_dump_sp;
2743 pfk->dump.done = pfkey_dump_sp_done;
2744 xfrm_policy_walk_init(&pfk->dump.u.policy, XFRM_POLICY_TYPE_MAIN);
2745 mutex_unlock(&pfk->dump_lock);
2746
2747 return pfkey_do_dump(pfk);
2748}
2749
2750static int key_notify_policy_flush(const struct km_event *c)
2751{
2752 struct sk_buff *skb_out;
2753 struct sadb_msg *hdr;
2754
2755 skb_out = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
2756 if (!skb_out)
2757 return -ENOBUFS;
2758 hdr = skb_put(skb_out, sizeof(struct sadb_msg));
2759 hdr->sadb_msg_type = SADB_X_SPDFLUSH;
2760 hdr->sadb_msg_seq = c->seq;
2761 hdr->sadb_msg_pid = c->portid;
2762 hdr->sadb_msg_version = PF_KEY_V2;
2763 hdr->sadb_msg_errno = (uint8_t) 0;
2764 hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
2765 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
2766 hdr->sadb_msg_reserved = 0;
2767 pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
2768 return 0;
2769
2770}
2771
2772static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2773{
2774 struct net *net = sock_net(sk);
2775 struct km_event c;
2776 int err, err2;
2777
2778 err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, true);
2779 err2 = unicast_flush_resp(sk, hdr);
2780 if (err || err2) {
2781 if (err == -ESRCH) /* empty table - old silent behavior */
2782 return 0;
2783 return err;
2784 }
2785
2786 c.data.type = XFRM_POLICY_TYPE_MAIN;
2787 c.event = XFRM_MSG_FLUSHPOLICY;
2788 c.portid = hdr->sadb_msg_pid;
2789 c.seq = hdr->sadb_msg_seq;
2790 c.net = net;
2791 km_policy_notify(NULL, 0, &c);
2792
2793 return 0;
2794}
2795
2796typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb,
2797 const struct sadb_msg *hdr, void * const *ext_hdrs);
2798static const pfkey_handler pfkey_funcs[SADB_MAX + 1] = {
2799 [SADB_RESERVED] = pfkey_reserved,
2800 [SADB_GETSPI] = pfkey_getspi,
2801 [SADB_UPDATE] = pfkey_add,
2802 [SADB_ADD] = pfkey_add,
2803 [SADB_DELETE] = pfkey_delete,
2804 [SADB_GET] = pfkey_get,
2805 [SADB_ACQUIRE] = pfkey_acquire,
2806 [SADB_REGISTER] = pfkey_register,
2807 [SADB_EXPIRE] = NULL,
2808 [SADB_FLUSH] = pfkey_flush,
2809 [SADB_DUMP] = pfkey_dump,
2810 [SADB_X_PROMISC] = pfkey_promisc,
2811 [SADB_X_PCHANGE] = NULL,
2812 [SADB_X_SPDUPDATE] = pfkey_spdadd,
2813 [SADB_X_SPDADD] = pfkey_spdadd,
2814 [SADB_X_SPDDELETE] = pfkey_spddelete,
2815 [SADB_X_SPDGET] = pfkey_spdget,
2816 [SADB_X_SPDACQUIRE] = NULL,
2817 [SADB_X_SPDDUMP] = pfkey_spddump,
2818 [SADB_X_SPDFLUSH] = pfkey_spdflush,
2819 [SADB_X_SPDSETIDX] = pfkey_spdadd,
2820 [SADB_X_SPDDELETE2] = pfkey_spdget,
2821 [SADB_X_MIGRATE] = pfkey_migrate,
2822};
2823
2824static int pfkey_process(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr)
2825{
2826 void *ext_hdrs[SADB_EXT_MAX];
2827 int err;
2828
2829 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL,
2830 BROADCAST_PROMISC_ONLY, NULL, sock_net(sk));
2831
2832 memset(ext_hdrs, 0, sizeof(ext_hdrs));
2833 err = parse_exthdrs(skb, hdr, ext_hdrs);
2834 if (!err) {
2835 err = -EOPNOTSUPP;
2836 if (pfkey_funcs[hdr->sadb_msg_type])
2837 err = pfkey_funcs[hdr->sadb_msg_type](sk, skb, hdr, ext_hdrs);
2838 }
2839 return err;
2840}
2841
2842static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp)
2843{
2844 struct sadb_msg *hdr = NULL;
2845
2846 if (skb->len < sizeof(*hdr)) {
2847 *errp = -EMSGSIZE;
2848 } else {
2849 hdr = (struct sadb_msg *) skb->data;
2850 if (hdr->sadb_msg_version != PF_KEY_V2 ||
2851 hdr->sadb_msg_reserved != 0 ||
2852 (hdr->sadb_msg_type <= SADB_RESERVED ||
2853 hdr->sadb_msg_type > SADB_MAX)) {
2854 hdr = NULL;
2855 *errp = -EINVAL;
2856 } else if (hdr->sadb_msg_len != (skb->len /
2857 sizeof(uint64_t)) ||
2858 hdr->sadb_msg_len < (sizeof(struct sadb_msg) /
2859 sizeof(uint64_t))) {
2860 hdr = NULL;
2861 *errp = -EMSGSIZE;
2862 } else {
2863 *errp = 0;
2864 }
2865 }
2866 return hdr;
2867}
2868
2869static inline int aalg_tmpl_set(const struct xfrm_tmpl *t,
2870 const struct xfrm_algo_desc *d)
2871{
2872 unsigned int id = d->desc.sadb_alg_id;
2873
2874 if (id >= sizeof(t->aalgos) * 8)
2875 return 0;
2876
2877 return (t->aalgos >> id) & 1;
2878}
2879
2880static inline int ealg_tmpl_set(const struct xfrm_tmpl *t,
2881 const struct xfrm_algo_desc *d)
2882{
2883 unsigned int id = d->desc.sadb_alg_id;
2884
2885 if (id >= sizeof(t->ealgos) * 8)
2886 return 0;
2887
2888 return (t->ealgos >> id) & 1;
2889}
2890
2891static int count_ah_combs(const struct xfrm_tmpl *t)
2892{
2893 int i, sz = 0;
2894
2895 for (i = 0; ; i++) {
2896 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2897 if (!aalg)
2898 break;
2899 if (!aalg->pfkey_supported)
2900 continue;
2901 if (aalg_tmpl_set(t, aalg))
2902 sz += sizeof(struct sadb_comb);
2903 }
2904 return sz + sizeof(struct sadb_prop);
2905}
2906
2907static int count_esp_combs(const struct xfrm_tmpl *t)
2908{
2909 int i, k, sz = 0;
2910
2911 for (i = 0; ; i++) {
2912 const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2913 if (!ealg)
2914 break;
2915
2916 if (!ealg->pfkey_supported)
2917 continue;
2918
2919 if (!(ealg_tmpl_set(t, ealg)))
2920 continue;
2921
2922 for (k = 1; ; k++) {
2923 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
2924 if (!aalg)
2925 break;
2926
2927 if (!aalg->pfkey_supported)
2928 continue;
2929
2930 if (aalg_tmpl_set(t, aalg))
2931 sz += sizeof(struct sadb_comb);
2932 }
2933 }
2934 return sz + sizeof(struct sadb_prop);
2935}
2936
2937static void dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
2938{
2939 struct sadb_prop *p;
2940 int i;
2941
2942 p = skb_put(skb, sizeof(struct sadb_prop));
2943 p->sadb_prop_len = sizeof(struct sadb_prop)/8;
2944 p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
2945 p->sadb_prop_replay = 32;
2946 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2947
2948 for (i = 0; ; i++) {
2949 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2950 if (!aalg)
2951 break;
2952
2953 if (!aalg->pfkey_supported)
2954 continue;
2955
2956 if (aalg_tmpl_set(t, aalg) && aalg->available) {
2957 struct sadb_comb *c;
2958 c = skb_put_zero(skb, sizeof(struct sadb_comb));
2959 p->sadb_prop_len += sizeof(struct sadb_comb)/8;
2960 c->sadb_comb_auth = aalg->desc.sadb_alg_id;
2961 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
2962 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
2963 c->sadb_comb_hard_addtime = 24*60*60;
2964 c->sadb_comb_soft_addtime = 20*60*60;
2965 c->sadb_comb_hard_usetime = 8*60*60;
2966 c->sadb_comb_soft_usetime = 7*60*60;
2967 }
2968 }
2969}
2970
2971static void dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
2972{
2973 struct sadb_prop *p;
2974 int i, k;
2975
2976 p = skb_put(skb, sizeof(struct sadb_prop));
2977 p->sadb_prop_len = sizeof(struct sadb_prop)/8;
2978 p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
2979 p->sadb_prop_replay = 32;
2980 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2981
2982 for (i=0; ; i++) {
2983 const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2984 if (!ealg)
2985 break;
2986
2987 if (!ealg->pfkey_supported)
2988 continue;
2989
2990 if (!(ealg_tmpl_set(t, ealg) && ealg->available))
2991 continue;
2992
2993 for (k = 1; ; k++) {
2994 struct sadb_comb *c;
2995 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
2996 if (!aalg)
2997 break;
2998 if (!aalg->pfkey_supported)
2999 continue;
3000 if (!(aalg_tmpl_set(t, aalg) && aalg->available))
3001 continue;
3002 c = skb_put(skb, sizeof(struct sadb_comb));
3003 memset(c, 0, sizeof(*c));
3004 p->sadb_prop_len += sizeof(struct sadb_comb)/8;
3005 c->sadb_comb_auth = aalg->desc.sadb_alg_id;
3006 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
3007 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
3008 c->sadb_comb_encrypt = ealg->desc.sadb_alg_id;
3009 c->sadb_comb_encrypt_minbits = ealg->desc.sadb_alg_minbits;
3010 c->sadb_comb_encrypt_maxbits = ealg->desc.sadb_alg_maxbits;
3011 c->sadb_comb_hard_addtime = 24*60*60;
3012 c->sadb_comb_soft_addtime = 20*60*60;
3013 c->sadb_comb_hard_usetime = 8*60*60;
3014 c->sadb_comb_soft_usetime = 7*60*60;
3015 }
3016 }
3017}
3018
3019static int key_notify_policy_expire(struct xfrm_policy *xp, const struct km_event *c)
3020{
3021 return 0;
3022}
3023
3024static int key_notify_sa_expire(struct xfrm_state *x, const struct km_event *c)
3025{
3026 struct sk_buff *out_skb;
3027 struct sadb_msg *out_hdr;
3028 int hard;
3029 int hsc;
3030
3031 hard = c->data.hard;
3032 if (hard)
3033 hsc = 2;
3034 else
3035 hsc = 1;
3036
3037 out_skb = pfkey_xfrm_state2msg_expire(x, hsc);
3038 if (IS_ERR(out_skb))
3039 return PTR_ERR(out_skb);
3040
3041 out_hdr = (struct sadb_msg *) out_skb->data;
3042 out_hdr->sadb_msg_version = PF_KEY_V2;
3043 out_hdr->sadb_msg_type = SADB_EXPIRE;
3044 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
3045 out_hdr->sadb_msg_errno = 0;
3046 out_hdr->sadb_msg_reserved = 0;
3047 out_hdr->sadb_msg_seq = 0;
3048 out_hdr->sadb_msg_pid = 0;
3049
3050 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3051 xs_net(x));
3052 return 0;
3053}
3054
3055static int pfkey_send_notify(struct xfrm_state *x, const struct km_event *c)
3056{
3057 struct net *net = x ? xs_net(x) : c->net;
3058 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3059
3060 if (atomic_read(&net_pfkey->socks_nr) == 0)
3061 return 0;
3062
3063 switch (c->event) {
3064 case XFRM_MSG_EXPIRE:
3065 return key_notify_sa_expire(x, c);
3066 case XFRM_MSG_DELSA:
3067 case XFRM_MSG_NEWSA:
3068 case XFRM_MSG_UPDSA:
3069 return key_notify_sa(x, c);
3070 case XFRM_MSG_FLUSHSA:
3071 return key_notify_sa_flush(c);
3072 case XFRM_MSG_NEWAE: /* not yet supported */
3073 break;
3074 default:
3075 pr_err("pfkey: Unknown SA event %d\n", c->event);
3076 break;
3077 }
3078
3079 return 0;
3080}
3081
3082static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
3083{
3084 if (xp && xp->type != XFRM_POLICY_TYPE_MAIN)
3085 return 0;
3086
3087 switch (c->event) {
3088 case XFRM_MSG_POLEXPIRE:
3089 return key_notify_policy_expire(xp, c);
3090 case XFRM_MSG_DELPOLICY:
3091 case XFRM_MSG_NEWPOLICY:
3092 case XFRM_MSG_UPDPOLICY:
3093 return key_notify_policy(xp, dir, c);
3094 case XFRM_MSG_FLUSHPOLICY:
3095 if (c->data.type != XFRM_POLICY_TYPE_MAIN)
3096 break;
3097 return key_notify_policy_flush(c);
3098 default:
3099 pr_err("pfkey: Unknown policy event %d\n", c->event);
3100 break;
3101 }
3102
3103 return 0;
3104}
3105
3106static u32 get_acqseq(void)
3107{
3108 u32 res;
3109 static atomic_t acqseq;
3110
3111 do {
3112 res = atomic_inc_return(&acqseq);
3113 } while (!res);
3114 return res;
3115}
3116
3117static bool pfkey_is_alive(const struct km_event *c)
3118{
3119 struct netns_pfkey *net_pfkey = net_generic(c->net, pfkey_net_id);
3120 struct sock *sk;
3121 bool is_alive = false;
3122
3123 rcu_read_lock();
3124 sk_for_each_rcu(sk, &net_pfkey->table) {
3125 if (pfkey_sk(sk)->registered) {
3126 is_alive = true;
3127 break;
3128 }
3129 }
3130 rcu_read_unlock();
3131
3132 return is_alive;
3133}
3134
3135static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp)
3136{
3137 struct sk_buff *skb;
3138 struct sadb_msg *hdr;
3139 struct sadb_address *addr;
3140 struct sadb_x_policy *pol;
3141 int sockaddr_size;
3142 int size;
3143 struct sadb_x_sec_ctx *sec_ctx;
3144 struct xfrm_sec_ctx *xfrm_ctx;
3145 int ctx_size = 0;
3146
3147 sockaddr_size = pfkey_sockaddr_size(x->props.family);
3148 if (!sockaddr_size)
3149 return -EINVAL;
3150
3151 size = sizeof(struct sadb_msg) +
3152 (sizeof(struct sadb_address) * 2) +
3153 (sockaddr_size * 2) +
3154 sizeof(struct sadb_x_policy);
3155
3156 if (x->id.proto == IPPROTO_AH)
3157 size += count_ah_combs(t);
3158 else if (x->id.proto == IPPROTO_ESP)
3159 size += count_esp_combs(t);
3160
3161 if ((xfrm_ctx = x->security)) {
3162 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
3163 size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
3164 }
3165
3166 skb = alloc_skb(size + 16, GFP_ATOMIC);
3167 if (skb == NULL)
3168 return -ENOMEM;
3169
3170 hdr = skb_put(skb, sizeof(struct sadb_msg));
3171 hdr->sadb_msg_version = PF_KEY_V2;
3172 hdr->sadb_msg_type = SADB_ACQUIRE;
3173 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
3174 hdr->sadb_msg_len = size / sizeof(uint64_t);
3175 hdr->sadb_msg_errno = 0;
3176 hdr->sadb_msg_reserved = 0;
3177 hdr->sadb_msg_seq = x->km.seq = get_acqseq();
3178 hdr->sadb_msg_pid = 0;
3179
3180 /* src address */
3181 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3182 addr->sadb_address_len =
3183 (sizeof(struct sadb_address)+sockaddr_size)/
3184 sizeof(uint64_t);
3185 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3186 addr->sadb_address_proto = 0;
3187 addr->sadb_address_reserved = 0;
3188 addr->sadb_address_prefixlen =
3189 pfkey_sockaddr_fill(&x->props.saddr, 0,
3190 (struct sockaddr *) (addr + 1),
3191 x->props.family);
3192 if (!addr->sadb_address_prefixlen)
3193 BUG();
3194
3195 /* dst address */
3196 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3197 addr->sadb_address_len =
3198 (sizeof(struct sadb_address)+sockaddr_size)/
3199 sizeof(uint64_t);
3200 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3201 addr->sadb_address_proto = 0;
3202 addr->sadb_address_reserved = 0;
3203 addr->sadb_address_prefixlen =
3204 pfkey_sockaddr_fill(&x->id.daddr, 0,
3205 (struct sockaddr *) (addr + 1),
3206 x->props.family);
3207 if (!addr->sadb_address_prefixlen)
3208 BUG();
3209
3210 pol = skb_put(skb, sizeof(struct sadb_x_policy));
3211 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
3212 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3213 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
3214 pol->sadb_x_policy_dir = XFRM_POLICY_OUT + 1;
3215 pol->sadb_x_policy_reserved = 0;
3216 pol->sadb_x_policy_id = xp->index;
3217 pol->sadb_x_policy_priority = xp->priority;
3218
3219 /* Set sadb_comb's. */
3220 if (x->id.proto == IPPROTO_AH)
3221 dump_ah_combs(skb, t);
3222 else if (x->id.proto == IPPROTO_ESP)
3223 dump_esp_combs(skb, t);
3224
3225 /* security context */
3226 if (xfrm_ctx) {
3227 sec_ctx = skb_put(skb,
3228 sizeof(struct sadb_x_sec_ctx) + ctx_size);
3229 sec_ctx->sadb_x_sec_len =
3230 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
3231 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
3232 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
3233 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
3234 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
3235 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
3236 xfrm_ctx->ctx_len);
3237 }
3238
3239 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3240 xs_net(x));
3241}
3242
3243static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
3244 u8 *data, int len, int *dir)
3245{
3246 struct net *net = sock_net(sk);
3247 struct xfrm_policy *xp;
3248 struct sadb_x_policy *pol = (struct sadb_x_policy*)data;
3249 struct sadb_x_sec_ctx *sec_ctx;
3250
3251 switch (sk->sk_family) {
3252 case AF_INET:
3253 if (opt != IP_IPSEC_POLICY) {
3254 *dir = -EOPNOTSUPP;
3255 return NULL;
3256 }
3257 break;
3258#if IS_ENABLED(CONFIG_IPV6)
3259 case AF_INET6:
3260 if (opt != IPV6_IPSEC_POLICY) {
3261 *dir = -EOPNOTSUPP;
3262 return NULL;
3263 }
3264 break;
3265#endif
3266 default:
3267 *dir = -EINVAL;
3268 return NULL;
3269 }
3270
3271 *dir = -EINVAL;
3272
3273 if (len < sizeof(struct sadb_x_policy) ||
3274 pol->sadb_x_policy_len*8 > len ||
3275 pol->sadb_x_policy_type > IPSEC_POLICY_BYPASS ||
3276 (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir > IPSEC_DIR_OUTBOUND))
3277 return NULL;
3278
3279 xp = xfrm_policy_alloc(net, GFP_ATOMIC);
3280 if (xp == NULL) {
3281 *dir = -ENOBUFS;
3282 return NULL;
3283 }
3284
3285 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
3286 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
3287
3288 xp->lft.soft_byte_limit = XFRM_INF;
3289 xp->lft.hard_byte_limit = XFRM_INF;
3290 xp->lft.soft_packet_limit = XFRM_INF;
3291 xp->lft.hard_packet_limit = XFRM_INF;
3292 xp->family = sk->sk_family;
3293
3294 xp->xfrm_nr = 0;
3295 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
3296 (*dir = parse_ipsecrequests(xp, pol)) < 0)
3297 goto out;
3298
3299 /* security context too */
3300 if (len >= (pol->sadb_x_policy_len*8 +
3301 sizeof(struct sadb_x_sec_ctx))) {
3302 char *p = (char *)pol;
3303 struct xfrm_user_sec_ctx *uctx;
3304
3305 p += pol->sadb_x_policy_len*8;
3306 sec_ctx = (struct sadb_x_sec_ctx *)p;
3307 if (len < pol->sadb_x_policy_len*8 +
3308 sec_ctx->sadb_x_sec_len*8) {
3309 *dir = -EINVAL;
3310 goto out;
3311 }
3312 if ((*dir = verify_sec_ctx_len(p)))
3313 goto out;
3314 uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_ATOMIC);
3315 *dir = security_xfrm_policy_alloc(&xp->security, uctx, GFP_ATOMIC);
3316 kfree(uctx);
3317
3318 if (*dir)
3319 goto out;
3320 }
3321
3322 *dir = pol->sadb_x_policy_dir-1;
3323 return xp;
3324
3325out:
3326 xp->walk.dead = 1;
3327 xfrm_policy_destroy(xp);
3328 return NULL;
3329}
3330
3331static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
3332{
3333 struct sk_buff *skb;
3334 struct sadb_msg *hdr;
3335 struct sadb_sa *sa;
3336 struct sadb_address *addr;
3337 struct sadb_x_nat_t_port *n_port;
3338 int sockaddr_size;
3339 int size;
3340 __u8 satype = (x->id.proto == IPPROTO_ESP ? SADB_SATYPE_ESP : 0);
3341 struct xfrm_encap_tmpl *natt = NULL;
3342
3343 sockaddr_size = pfkey_sockaddr_size(x->props.family);
3344 if (!sockaddr_size)
3345 return -EINVAL;
3346
3347 if (!satype)
3348 return -EINVAL;
3349
3350 if (!x->encap)
3351 return -EINVAL;
3352
3353 natt = x->encap;
3354
3355 /* Build an SADB_X_NAT_T_NEW_MAPPING message:
3356 *
3357 * HDR | SA | ADDRESS_SRC (old addr) | NAT_T_SPORT (old port) |
3358 * ADDRESS_DST (new addr) | NAT_T_DPORT (new port)
3359 */
3360
3361 size = sizeof(struct sadb_msg) +
3362 sizeof(struct sadb_sa) +
3363 (sizeof(struct sadb_address) * 2) +
3364 (sockaddr_size * 2) +
3365 (sizeof(struct sadb_x_nat_t_port) * 2);
3366
3367 skb = alloc_skb(size + 16, GFP_ATOMIC);
3368 if (skb == NULL)
3369 return -ENOMEM;
3370
3371 hdr = skb_put(skb, sizeof(struct sadb_msg));
3372 hdr->sadb_msg_version = PF_KEY_V2;
3373 hdr->sadb_msg_type = SADB_X_NAT_T_NEW_MAPPING;
3374 hdr->sadb_msg_satype = satype;
3375 hdr->sadb_msg_len = size / sizeof(uint64_t);
3376 hdr->sadb_msg_errno = 0;
3377 hdr->sadb_msg_reserved = 0;
3378 hdr->sadb_msg_seq = x->km.seq = get_acqseq();
3379 hdr->sadb_msg_pid = 0;
3380
3381 /* SA */
3382 sa = skb_put(skb, sizeof(struct sadb_sa));
3383 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
3384 sa->sadb_sa_exttype = SADB_EXT_SA;
3385 sa->sadb_sa_spi = x->id.spi;
3386 sa->sadb_sa_replay = 0;
3387 sa->sadb_sa_state = 0;
3388 sa->sadb_sa_auth = 0;
3389 sa->sadb_sa_encrypt = 0;
3390 sa->sadb_sa_flags = 0;
3391
3392 /* ADDRESS_SRC (old addr) */
3393 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3394 addr->sadb_address_len =
3395 (sizeof(struct sadb_address)+sockaddr_size)/
3396 sizeof(uint64_t);
3397 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3398 addr->sadb_address_proto = 0;
3399 addr->sadb_address_reserved = 0;
3400 addr->sadb_address_prefixlen =
3401 pfkey_sockaddr_fill(&x->props.saddr, 0,
3402 (struct sockaddr *) (addr + 1),
3403 x->props.family);
3404 if (!addr->sadb_address_prefixlen)
3405 BUG();
3406
3407 /* NAT_T_SPORT (old port) */
3408 n_port = skb_put(skb, sizeof(*n_port));
3409 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
3410 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
3411 n_port->sadb_x_nat_t_port_port = natt->encap_sport;
3412 n_port->sadb_x_nat_t_port_reserved = 0;
3413
3414 /* ADDRESS_DST (new addr) */
3415 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3416 addr->sadb_address_len =
3417 (sizeof(struct sadb_address)+sockaddr_size)/
3418 sizeof(uint64_t);
3419 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3420 addr->sadb_address_proto = 0;
3421 addr->sadb_address_reserved = 0;
3422 addr->sadb_address_prefixlen =
3423 pfkey_sockaddr_fill(ipaddr, 0,
3424 (struct sockaddr *) (addr + 1),
3425 x->props.family);
3426 if (!addr->sadb_address_prefixlen)
3427 BUG();
3428
3429 /* NAT_T_DPORT (new port) */
3430 n_port = skb_put(skb, sizeof(*n_port));
3431 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
3432 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
3433 n_port->sadb_x_nat_t_port_port = sport;
3434 n_port->sadb_x_nat_t_port_reserved = 0;
3435
3436 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3437 xs_net(x));
3438}
3439
3440#ifdef CONFIG_NET_KEY_MIGRATE
3441static int set_sadb_address(struct sk_buff *skb, int sasize, int type,
3442 const struct xfrm_selector *sel)
3443{
3444 struct sadb_address *addr;
3445 addr = skb_put(skb, sizeof(struct sadb_address) + sasize);
3446 addr->sadb_address_len = (sizeof(struct sadb_address) + sasize)/8;
3447 addr->sadb_address_exttype = type;
3448 addr->sadb_address_proto = sel->proto;
3449 addr->sadb_address_reserved = 0;
3450
3451 switch (type) {
3452 case SADB_EXT_ADDRESS_SRC:
3453 addr->sadb_address_prefixlen = sel->prefixlen_s;
3454 pfkey_sockaddr_fill(&sel->saddr, 0,
3455 (struct sockaddr *)(addr + 1),
3456 sel->family);
3457 break;
3458 case SADB_EXT_ADDRESS_DST:
3459 addr->sadb_address_prefixlen = sel->prefixlen_d;
3460 pfkey_sockaddr_fill(&sel->daddr, 0,
3461 (struct sockaddr *)(addr + 1),
3462 sel->family);
3463 break;
3464 default:
3465 return -EINVAL;
3466 }
3467
3468 return 0;
3469}
3470
3471
3472static int set_sadb_kmaddress(struct sk_buff *skb, const struct xfrm_kmaddress *k)
3473{
3474 struct sadb_x_kmaddress *kma;
3475 u8 *sa;
3476 int family = k->family;
3477 int socklen = pfkey_sockaddr_len(family);
3478 int size_req;
3479
3480 size_req = (sizeof(struct sadb_x_kmaddress) +
3481 pfkey_sockaddr_pair_size(family));
3482
3483 kma = skb_put_zero(skb, size_req);
3484 kma->sadb_x_kmaddress_len = size_req / 8;
3485 kma->sadb_x_kmaddress_exttype = SADB_X_EXT_KMADDRESS;
3486 kma->sadb_x_kmaddress_reserved = k->reserved;
3487
3488 sa = (u8 *)(kma + 1);
3489 if (!pfkey_sockaddr_fill(&k->local, 0, (struct sockaddr *)sa, family) ||
3490 !pfkey_sockaddr_fill(&k->remote, 0, (struct sockaddr *)(sa+socklen), family))
3491 return -EINVAL;
3492
3493 return 0;
3494}
3495
3496static int set_ipsecrequest(struct sk_buff *skb,
3497 uint8_t proto, uint8_t mode, int level,
3498 uint32_t reqid, uint8_t family,
3499 const xfrm_address_t *src, const xfrm_address_t *dst)
3500{
3501 struct sadb_x_ipsecrequest *rq;
3502 u8 *sa;
3503 int socklen = pfkey_sockaddr_len(family);
3504 int size_req;
3505
3506 size_req = sizeof(struct sadb_x_ipsecrequest) +
3507 pfkey_sockaddr_pair_size(family);
3508
3509 rq = skb_put_zero(skb, size_req);
3510 rq->sadb_x_ipsecrequest_len = size_req;
3511 rq->sadb_x_ipsecrequest_proto = proto;
3512 rq->sadb_x_ipsecrequest_mode = mode;
3513 rq->sadb_x_ipsecrequest_level = level;
3514 rq->sadb_x_ipsecrequest_reqid = reqid;
3515
3516 sa = (u8 *) (rq + 1);
3517 if (!pfkey_sockaddr_fill(src, 0, (struct sockaddr *)sa, family) ||
3518 !pfkey_sockaddr_fill(dst, 0, (struct sockaddr *)(sa + socklen), family))
3519 return -EINVAL;
3520
3521 return 0;
3522}
3523#endif
3524
3525#ifdef CONFIG_NET_KEY_MIGRATE
3526static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
3527 const struct xfrm_migrate *m, int num_bundles,
3528 const struct xfrm_kmaddress *k,
3529 const struct xfrm_encap_tmpl *encap)
3530{
3531 int i;
3532 int sasize_sel;
3533 int size = 0;
3534 int size_pol = 0;
3535 struct sk_buff *skb;
3536 struct sadb_msg *hdr;
3537 struct sadb_x_policy *pol;
3538 const struct xfrm_migrate *mp;
3539
3540 if (type != XFRM_POLICY_TYPE_MAIN)
3541 return 0;
3542
3543 if (num_bundles <= 0 || num_bundles > XFRM_MAX_DEPTH)
3544 return -EINVAL;
3545
3546 if (k != NULL) {
3547 /* addresses for KM */
3548 size += PFKEY_ALIGN8(sizeof(struct sadb_x_kmaddress) +
3549 pfkey_sockaddr_pair_size(k->family));
3550 }
3551
3552 /* selector */
3553 sasize_sel = pfkey_sockaddr_size(sel->family);
3554 if (!sasize_sel)
3555 return -EINVAL;
3556 size += (sizeof(struct sadb_address) + sasize_sel) * 2;
3557
3558 /* policy info */
3559 size_pol += sizeof(struct sadb_x_policy);
3560
3561 /* ipsecrequests */
3562 for (i = 0, mp = m; i < num_bundles; i++, mp++) {
3563 /* old locator pair */
3564 size_pol += sizeof(struct sadb_x_ipsecrequest) +
3565 pfkey_sockaddr_pair_size(mp->old_family);
3566 /* new locator pair */
3567 size_pol += sizeof(struct sadb_x_ipsecrequest) +
3568 pfkey_sockaddr_pair_size(mp->new_family);
3569 }
3570
3571 size += sizeof(struct sadb_msg) + size_pol;
3572
3573 /* alloc buffer */
3574 skb = alloc_skb(size, GFP_ATOMIC);
3575 if (skb == NULL)
3576 return -ENOMEM;
3577
3578 hdr = skb_put(skb, sizeof(struct sadb_msg));
3579 hdr->sadb_msg_version = PF_KEY_V2;
3580 hdr->sadb_msg_type = SADB_X_MIGRATE;
3581 hdr->sadb_msg_satype = pfkey_proto2satype(m->proto);
3582 hdr->sadb_msg_len = size / 8;
3583 hdr->sadb_msg_errno = 0;
3584 hdr->sadb_msg_reserved = 0;
3585 hdr->sadb_msg_seq = 0;
3586 hdr->sadb_msg_pid = 0;
3587
3588 /* Addresses to be used by KM for negotiation, if ext is available */
3589 if (k != NULL && (set_sadb_kmaddress(skb, k) < 0))
3590 goto err;
3591
3592 /* selector src */
3593 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_SRC, sel);
3594
3595 /* selector dst */
3596 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_DST, sel);
3597
3598 /* policy information */
3599 pol = skb_put(skb, sizeof(struct sadb_x_policy));
3600 pol->sadb_x_policy_len = size_pol / 8;
3601 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3602 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
3603 pol->sadb_x_policy_dir = dir + 1;
3604 pol->sadb_x_policy_reserved = 0;
3605 pol->sadb_x_policy_id = 0;
3606 pol->sadb_x_policy_priority = 0;
3607
3608 for (i = 0, mp = m; i < num_bundles; i++, mp++) {
3609 /* old ipsecrequest */
3610 int mode = pfkey_mode_from_xfrm(mp->mode);
3611 if (mode < 0)
3612 goto err;
3613 if (set_ipsecrequest(skb, mp->proto, mode,
3614 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
3615 mp->reqid, mp->old_family,
3616 &mp->old_saddr, &mp->old_daddr) < 0)
3617 goto err;
3618
3619 /* new ipsecrequest */
3620 if (set_ipsecrequest(skb, mp->proto, mode,
3621 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
3622 mp->reqid, mp->new_family,
3623 &mp->new_saddr, &mp->new_daddr) < 0)
3624 goto err;
3625 }
3626
3627 /* broadcast migrate message to sockets */
3628 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, &init_net);
3629
3630 return 0;
3631
3632err:
3633 kfree_skb(skb);
3634 return -EINVAL;
3635}
3636#else
3637static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
3638 const struct xfrm_migrate *m, int num_bundles,
3639 const struct xfrm_kmaddress *k,
3640 const struct xfrm_encap_tmpl *encap)
3641{
3642 return -ENOPROTOOPT;
3643}
3644#endif
3645
3646static int pfkey_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
3647{
3648 struct sock *sk = sock->sk;
3649 struct sk_buff *skb = NULL;
3650 struct sadb_msg *hdr = NULL;
3651 int err;
3652 struct net *net = sock_net(sk);
3653
3654 err = -EOPNOTSUPP;
3655 if (msg->msg_flags & MSG_OOB)
3656 goto out;
3657
3658 err = -EMSGSIZE;
3659 if ((unsigned int)len > sk->sk_sndbuf - 32)
3660 goto out;
3661
3662 err = -ENOBUFS;
3663 skb = alloc_skb(len, GFP_KERNEL);
3664 if (skb == NULL)
3665 goto out;
3666
3667 err = -EFAULT;
3668 if (memcpy_from_msg(skb_put(skb,len), msg, len))
3669 goto out;
3670
3671 hdr = pfkey_get_base_msg(skb, &err);
3672 if (!hdr)
3673 goto out;
3674
3675 mutex_lock(&net->xfrm.xfrm_cfg_mutex);
3676 err = pfkey_process(sk, skb, hdr);
3677 mutex_unlock(&net->xfrm.xfrm_cfg_mutex);
3678
3679out:
3680 if (err && hdr && pfkey_error(hdr, err, sk) == 0)
3681 err = 0;
3682 kfree_skb(skb);
3683
3684 return err ? : len;
3685}
3686
3687static int pfkey_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
3688 int flags)
3689{
3690 struct sock *sk = sock->sk;
3691 struct pfkey_sock *pfk = pfkey_sk(sk);
3692 struct sk_buff *skb;
3693 int copied, err;
3694
3695 err = -EINVAL;
3696 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
3697 goto out;
3698
3699 skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err);
3700 if (skb == NULL)
3701 goto out;
3702
3703 copied = skb->len;
3704 if (copied > len) {
3705 msg->msg_flags |= MSG_TRUNC;
3706 copied = len;
3707 }
3708
3709 skb_reset_transport_header(skb);
3710 err = skb_copy_datagram_msg(skb, 0, msg, copied);
3711 if (err)
3712 goto out_free;
3713
3714 sock_recv_ts_and_drops(msg, sk, skb);
3715
3716 err = (flags & MSG_TRUNC) ? skb->len : copied;
3717
3718 if (pfk->dump.dump != NULL &&
3719 3 * atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf)
3720 pfkey_do_dump(pfk);
3721
3722out_free:
3723 skb_free_datagram(sk, skb);
3724out:
3725 return err;
3726}
3727
3728static const struct proto_ops pfkey_ops = {
3729 .family = PF_KEY,
3730 .owner = THIS_MODULE,
3731 /* Operations that make no sense on pfkey sockets. */
3732 .bind = sock_no_bind,
3733 .connect = sock_no_connect,
3734 .socketpair = sock_no_socketpair,
3735 .accept = sock_no_accept,
3736 .getname = sock_no_getname,
3737 .ioctl = sock_no_ioctl,
3738 .listen = sock_no_listen,
3739 .shutdown = sock_no_shutdown,
3740 .mmap = sock_no_mmap,
3741 .sendpage = sock_no_sendpage,
3742
3743 /* Now the operations that really occur. */
3744 .release = pfkey_release,
3745 .poll = datagram_poll,
3746 .sendmsg = pfkey_sendmsg,
3747 .recvmsg = pfkey_recvmsg,
3748};
3749
3750static const struct net_proto_family pfkey_family_ops = {
3751 .family = PF_KEY,
3752 .create = pfkey_create,
3753 .owner = THIS_MODULE,
3754};
3755
3756#ifdef CONFIG_PROC_FS
3757static int pfkey_seq_show(struct seq_file *f, void *v)
3758{
3759 struct sock *s = sk_entry(v);
3760
3761 if (v == SEQ_START_TOKEN)
3762 seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n");
3763 else
3764 seq_printf(f, "%pK %-6d %-6u %-6u %-6u %-6lu\n",
3765 s,
3766 refcount_read(&s->sk_refcnt),
3767 sk_rmem_alloc_get(s),
3768 sk_wmem_alloc_get(s),
3769 from_kuid_munged(seq_user_ns(f), sock_i_uid(s)),
3770 sock_i_ino(s)
3771 );
3772 return 0;
3773}
3774
3775static void *pfkey_seq_start(struct seq_file *f, loff_t *ppos)
3776 __acquires(rcu)
3777{
3778 struct net *net = seq_file_net(f);
3779 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3780
3781 rcu_read_lock();
3782 return seq_hlist_start_head_rcu(&net_pfkey->table, *ppos);
3783}
3784
3785static void *pfkey_seq_next(struct seq_file *f, void *v, loff_t *ppos)
3786{
3787 struct net *net = seq_file_net(f);
3788 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3789
3790 return seq_hlist_next_rcu(v, &net_pfkey->table, ppos);
3791}
3792
3793static void pfkey_seq_stop(struct seq_file *f, void *v)
3794 __releases(rcu)
3795{
3796 rcu_read_unlock();
3797}
3798
3799static const struct seq_operations pfkey_seq_ops = {
3800 .start = pfkey_seq_start,
3801 .next = pfkey_seq_next,
3802 .stop = pfkey_seq_stop,
3803 .show = pfkey_seq_show,
3804};
3805
3806static int __net_init pfkey_init_proc(struct net *net)
3807{
3808 struct proc_dir_entry *e;
3809
3810 e = proc_create_net("pfkey", 0, net->proc_net, &pfkey_seq_ops,
3811 sizeof(struct seq_net_private));
3812 if (e == NULL)
3813 return -ENOMEM;
3814
3815 return 0;
3816}
3817
3818static void __net_exit pfkey_exit_proc(struct net *net)
3819{
3820 remove_proc_entry("pfkey", net->proc_net);
3821}
3822#else
3823static inline int pfkey_init_proc(struct net *net)
3824{
3825 return 0;
3826}
3827
3828static inline void pfkey_exit_proc(struct net *net)
3829{
3830}
3831#endif
3832
3833static struct xfrm_mgr pfkeyv2_mgr =
3834{
3835 .notify = pfkey_send_notify,
3836 .acquire = pfkey_send_acquire,
3837 .compile_policy = pfkey_compile_policy,
3838 .new_mapping = pfkey_send_new_mapping,
3839 .notify_policy = pfkey_send_policy_notify,
3840 .migrate = pfkey_send_migrate,
3841 .is_alive = pfkey_is_alive,
3842};
3843
3844static int __net_init pfkey_net_init(struct net *net)
3845{
3846 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3847 int rv;
3848
3849 INIT_HLIST_HEAD(&net_pfkey->table);
3850 atomic_set(&net_pfkey->socks_nr, 0);
3851
3852 rv = pfkey_init_proc(net);
3853
3854 return rv;
3855}
3856
3857static void __net_exit pfkey_net_exit(struct net *net)
3858{
3859 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3860
3861 pfkey_exit_proc(net);
3862 WARN_ON(!hlist_empty(&net_pfkey->table));
3863}
3864
3865static struct pernet_operations pfkey_net_ops = {
3866 .init = pfkey_net_init,
3867 .exit = pfkey_net_exit,
3868 .id = &pfkey_net_id,
3869 .size = sizeof(struct netns_pfkey),
3870};
3871
3872static void __exit ipsec_pfkey_exit(void)
3873{
3874 xfrm_unregister_km(&pfkeyv2_mgr);
3875 sock_unregister(PF_KEY);
3876 unregister_pernet_subsys(&pfkey_net_ops);
3877 proto_unregister(&key_proto);
3878}
3879
3880static int __init ipsec_pfkey_init(void)
3881{
3882 int err = proto_register(&key_proto, 0);
3883
3884 if (err != 0)
3885 goto out;
3886
3887 err = register_pernet_subsys(&pfkey_net_ops);
3888 if (err != 0)
3889 goto out_unregister_key_proto;
3890 err = sock_register(&pfkey_family_ops);
3891 if (err != 0)
3892 goto out_unregister_pernet;
3893 err = xfrm_register_km(&pfkeyv2_mgr);
3894 if (err != 0)
3895 goto out_sock_unregister;
3896out:
3897 return err;
3898
3899out_sock_unregister:
3900 sock_unregister(PF_KEY);
3901out_unregister_pernet:
3902 unregister_pernet_subsys(&pfkey_net_ops);
3903out_unregister_key_proto:
3904 proto_unregister(&key_proto);
3905 goto out;
3906}
3907
3908module_init(ipsec_pfkey_init);
3909module_exit(ipsec_pfkey_exit);
3910MODULE_LICENSE("GPL");
3911MODULE_ALIAS_NETPROTO(PF_KEY);