Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * net/key/af_key.c An implementation of PF_KEYv2 sockets.
4 *
5 * Authors: Maxim Giryaev <gem@asplinux.ru>
6 * David S. Miller <davem@redhat.com>
7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
9 * Kazunori MIYAZAWA / USAGI Project <miyazawa@linux-ipv6.org>
10 * Derek Atkins <derek@ihtfp.com>
11 */
12
13#include <linux/capability.h>
14#include <linux/module.h>
15#include <linux/kernel.h>
16#include <linux/socket.h>
17#include <linux/pfkeyv2.h>
18#include <linux/ipsec.h>
19#include <linux/skbuff.h>
20#include <linux/rtnetlink.h>
21#include <linux/in.h>
22#include <linux/in6.h>
23#include <linux/proc_fs.h>
24#include <linux/init.h>
25#include <linux/slab.h>
26#include <net/net_namespace.h>
27#include <net/netns/generic.h>
28#include <net/xfrm.h>
29
30#include <net/sock.h>
31
32#define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x))
33#define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x))
34
35static unsigned int pfkey_net_id __read_mostly;
36struct netns_pfkey {
37 /* List of all pfkey sockets. */
38 struct hlist_head table;
39 atomic_t socks_nr;
40};
41static DEFINE_MUTEX(pfkey_mutex);
42
43#define DUMMY_MARK 0
44static const struct xfrm_mark dummy_mark = {0, 0};
45struct pfkey_sock {
46 /* struct sock must be the first member of struct pfkey_sock */
47 struct sock sk;
48 int registered;
49 int promisc;
50
51 struct {
52 uint8_t msg_version;
53 uint32_t msg_portid;
54 int (*dump)(struct pfkey_sock *sk);
55 void (*done)(struct pfkey_sock *sk);
56 union {
57 struct xfrm_policy_walk policy;
58 struct xfrm_state_walk state;
59 } u;
60 struct sk_buff *skb;
61 } dump;
62 struct mutex dump_lock;
63};
64
65static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
66 xfrm_address_t *saddr, xfrm_address_t *daddr,
67 u16 *family);
68
69static inline struct pfkey_sock *pfkey_sk(struct sock *sk)
70{
71 return (struct pfkey_sock *)sk;
72}
73
74static int pfkey_can_dump(const struct sock *sk)
75{
76 if (3 * atomic_read(&sk->sk_rmem_alloc) <= 2 * sk->sk_rcvbuf)
77 return 1;
78 return 0;
79}
80
81static void pfkey_terminate_dump(struct pfkey_sock *pfk)
82{
83 if (pfk->dump.dump) {
84 if (pfk->dump.skb) {
85 kfree_skb(pfk->dump.skb);
86 pfk->dump.skb = NULL;
87 }
88 pfk->dump.done(pfk);
89 pfk->dump.dump = NULL;
90 pfk->dump.done = NULL;
91 }
92}
93
94static void pfkey_sock_destruct(struct sock *sk)
95{
96 struct net *net = sock_net(sk);
97 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
98
99 pfkey_terminate_dump(pfkey_sk(sk));
100 skb_queue_purge(&sk->sk_receive_queue);
101
102 if (!sock_flag(sk, SOCK_DEAD)) {
103 pr_err("Attempt to release alive pfkey socket: %p\n", sk);
104 return;
105 }
106
107 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
108 WARN_ON(refcount_read(&sk->sk_wmem_alloc));
109
110 atomic_dec(&net_pfkey->socks_nr);
111}
112
113static const struct proto_ops pfkey_ops;
114
115static void pfkey_insert(struct sock *sk)
116{
117 struct net *net = sock_net(sk);
118 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
119
120 mutex_lock(&pfkey_mutex);
121 sk_add_node_rcu(sk, &net_pfkey->table);
122 mutex_unlock(&pfkey_mutex);
123}
124
125static void pfkey_remove(struct sock *sk)
126{
127 mutex_lock(&pfkey_mutex);
128 sk_del_node_init_rcu(sk);
129 mutex_unlock(&pfkey_mutex);
130}
131
132static struct proto key_proto = {
133 .name = "KEY",
134 .owner = THIS_MODULE,
135 .obj_size = sizeof(struct pfkey_sock),
136};
137
138static int pfkey_create(struct net *net, struct socket *sock, int protocol,
139 int kern)
140{
141 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
142 struct sock *sk;
143 struct pfkey_sock *pfk;
144
145 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
146 return -EPERM;
147 if (sock->type != SOCK_RAW)
148 return -ESOCKTNOSUPPORT;
149 if (protocol != PF_KEY_V2)
150 return -EPROTONOSUPPORT;
151
152 sk = sk_alloc(net, PF_KEY, GFP_KERNEL, &key_proto, kern);
153 if (sk == NULL)
154 return -ENOMEM;
155
156 pfk = pfkey_sk(sk);
157 mutex_init(&pfk->dump_lock);
158
159 sock->ops = &pfkey_ops;
160 sock_init_data(sock, sk);
161
162 sk->sk_family = PF_KEY;
163 sk->sk_destruct = pfkey_sock_destruct;
164
165 atomic_inc(&net_pfkey->socks_nr);
166
167 pfkey_insert(sk);
168
169 return 0;
170}
171
172static int pfkey_release(struct socket *sock)
173{
174 struct sock *sk = sock->sk;
175
176 if (!sk)
177 return 0;
178
179 pfkey_remove(sk);
180
181 sock_orphan(sk);
182 sock->sk = NULL;
183 skb_queue_purge(&sk->sk_write_queue);
184
185 synchronize_rcu();
186 sock_put(sk);
187
188 return 0;
189}
190
191static int pfkey_broadcast_one(struct sk_buff *skb, gfp_t allocation,
192 struct sock *sk)
193{
194 int err = -ENOBUFS;
195
196 if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf)
197 return err;
198
199 skb = skb_clone(skb, allocation);
200
201 if (skb) {
202 skb_set_owner_r(skb, sk);
203 skb_queue_tail(&sk->sk_receive_queue, skb);
204 sk->sk_data_ready(sk);
205 err = 0;
206 }
207 return err;
208}
209
210/* Send SKB to all pfkey sockets matching selected criteria. */
211#define BROADCAST_ALL 0
212#define BROADCAST_ONE 1
213#define BROADCAST_REGISTERED 2
214#define BROADCAST_PROMISC_ONLY 4
215static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
216 int broadcast_flags, struct sock *one_sk,
217 struct net *net)
218{
219 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
220 struct sock *sk;
221 int err = -ESRCH;
222
223 /* XXX Do we need something like netlink_overrun? I think
224 * XXX PF_KEY socket apps will not mind current behavior.
225 */
226 if (!skb)
227 return -ENOMEM;
228
229 rcu_read_lock();
230 sk_for_each_rcu(sk, &net_pfkey->table) {
231 struct pfkey_sock *pfk = pfkey_sk(sk);
232 int err2;
233
234 /* Yes, it means that if you are meant to receive this
235 * pfkey message you receive it twice as promiscuous
236 * socket.
237 */
238 if (pfk->promisc)
239 pfkey_broadcast_one(skb, GFP_ATOMIC, sk);
240
241 /* the exact target will be processed later */
242 if (sk == one_sk)
243 continue;
244 if (broadcast_flags != BROADCAST_ALL) {
245 if (broadcast_flags & BROADCAST_PROMISC_ONLY)
246 continue;
247 if ((broadcast_flags & BROADCAST_REGISTERED) &&
248 !pfk->registered)
249 continue;
250 if (broadcast_flags & BROADCAST_ONE)
251 continue;
252 }
253
254 err2 = pfkey_broadcast_one(skb, GFP_ATOMIC, sk);
255
256 /* Error is cleared after successful sending to at least one
257 * registered KM */
258 if ((broadcast_flags & BROADCAST_REGISTERED) && err)
259 err = err2;
260 }
261 rcu_read_unlock();
262
263 if (one_sk != NULL)
264 err = pfkey_broadcast_one(skb, allocation, one_sk);
265
266 kfree_skb(skb);
267 return err;
268}
269
270static int pfkey_do_dump(struct pfkey_sock *pfk)
271{
272 struct sadb_msg *hdr;
273 int rc;
274
275 mutex_lock(&pfk->dump_lock);
276 if (!pfk->dump.dump) {
277 rc = 0;
278 goto out;
279 }
280
281 rc = pfk->dump.dump(pfk);
282 if (rc == -ENOBUFS) {
283 rc = 0;
284 goto out;
285 }
286
287 if (pfk->dump.skb) {
288 if (!pfkey_can_dump(&pfk->sk)) {
289 rc = 0;
290 goto out;
291 }
292
293 hdr = (struct sadb_msg *) pfk->dump.skb->data;
294 hdr->sadb_msg_seq = 0;
295 hdr->sadb_msg_errno = rc;
296 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
297 &pfk->sk, sock_net(&pfk->sk));
298 pfk->dump.skb = NULL;
299 }
300
301 pfkey_terminate_dump(pfk);
302
303out:
304 mutex_unlock(&pfk->dump_lock);
305 return rc;
306}
307
308static inline void pfkey_hdr_dup(struct sadb_msg *new,
309 const struct sadb_msg *orig)
310{
311 *new = *orig;
312}
313
314static int pfkey_error(const struct sadb_msg *orig, int err, struct sock *sk)
315{
316 struct sk_buff *skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_KERNEL);
317 struct sadb_msg *hdr;
318
319 if (!skb)
320 return -ENOBUFS;
321
322 /* Woe be to the platform trying to support PFKEY yet
323 * having normal errnos outside the 1-255 range, inclusive.
324 */
325 err = -err;
326 if (err == ERESTARTSYS ||
327 err == ERESTARTNOHAND ||
328 err == ERESTARTNOINTR)
329 err = EINTR;
330 if (err >= 512)
331 err = EINVAL;
332 BUG_ON(err <= 0 || err >= 256);
333
334 hdr = skb_put(skb, sizeof(struct sadb_msg));
335 pfkey_hdr_dup(hdr, orig);
336 hdr->sadb_msg_errno = (uint8_t) err;
337 hdr->sadb_msg_len = (sizeof(struct sadb_msg) /
338 sizeof(uint64_t));
339
340 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ONE, sk, sock_net(sk));
341
342 return 0;
343}
344
345static const u8 sadb_ext_min_len[] = {
346 [SADB_EXT_RESERVED] = (u8) 0,
347 [SADB_EXT_SA] = (u8) sizeof(struct sadb_sa),
348 [SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime),
349 [SADB_EXT_LIFETIME_HARD] = (u8) sizeof(struct sadb_lifetime),
350 [SADB_EXT_LIFETIME_SOFT] = (u8) sizeof(struct sadb_lifetime),
351 [SADB_EXT_ADDRESS_SRC] = (u8) sizeof(struct sadb_address),
352 [SADB_EXT_ADDRESS_DST] = (u8) sizeof(struct sadb_address),
353 [SADB_EXT_ADDRESS_PROXY] = (u8) sizeof(struct sadb_address),
354 [SADB_EXT_KEY_AUTH] = (u8) sizeof(struct sadb_key),
355 [SADB_EXT_KEY_ENCRYPT] = (u8) sizeof(struct sadb_key),
356 [SADB_EXT_IDENTITY_SRC] = (u8) sizeof(struct sadb_ident),
357 [SADB_EXT_IDENTITY_DST] = (u8) sizeof(struct sadb_ident),
358 [SADB_EXT_SENSITIVITY] = (u8) sizeof(struct sadb_sens),
359 [SADB_EXT_PROPOSAL] = (u8) sizeof(struct sadb_prop),
360 [SADB_EXT_SUPPORTED_AUTH] = (u8) sizeof(struct sadb_supported),
361 [SADB_EXT_SUPPORTED_ENCRYPT] = (u8) sizeof(struct sadb_supported),
362 [SADB_EXT_SPIRANGE] = (u8) sizeof(struct sadb_spirange),
363 [SADB_X_EXT_KMPRIVATE] = (u8) sizeof(struct sadb_x_kmprivate),
364 [SADB_X_EXT_POLICY] = (u8) sizeof(struct sadb_x_policy),
365 [SADB_X_EXT_SA2] = (u8) sizeof(struct sadb_x_sa2),
366 [SADB_X_EXT_NAT_T_TYPE] = (u8) sizeof(struct sadb_x_nat_t_type),
367 [SADB_X_EXT_NAT_T_SPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
368 [SADB_X_EXT_NAT_T_DPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
369 [SADB_X_EXT_NAT_T_OA] = (u8) sizeof(struct sadb_address),
370 [SADB_X_EXT_SEC_CTX] = (u8) sizeof(struct sadb_x_sec_ctx),
371 [SADB_X_EXT_KMADDRESS] = (u8) sizeof(struct sadb_x_kmaddress),
372 [SADB_X_EXT_FILTER] = (u8) sizeof(struct sadb_x_filter),
373};
374
375/* Verify sadb_address_{len,prefixlen} against sa_family. */
376static int verify_address_len(const void *p)
377{
378 const struct sadb_address *sp = p;
379 const struct sockaddr *addr = (const struct sockaddr *)(sp + 1);
380 const struct sockaddr_in *sin;
381#if IS_ENABLED(CONFIG_IPV6)
382 const struct sockaddr_in6 *sin6;
383#endif
384 int len;
385
386 if (sp->sadb_address_len <
387 DIV_ROUND_UP(sizeof(*sp) + offsetofend(typeof(*addr), sa_family),
388 sizeof(uint64_t)))
389 return -EINVAL;
390
391 switch (addr->sa_family) {
392 case AF_INET:
393 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin), sizeof(uint64_t));
394 if (sp->sadb_address_len != len ||
395 sp->sadb_address_prefixlen > 32)
396 return -EINVAL;
397 break;
398#if IS_ENABLED(CONFIG_IPV6)
399 case AF_INET6:
400 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin6), sizeof(uint64_t));
401 if (sp->sadb_address_len != len ||
402 sp->sadb_address_prefixlen > 128)
403 return -EINVAL;
404 break;
405#endif
406 default:
407 /* It is user using kernel to keep track of security
408 * associations for another protocol, such as
409 * OSPF/RSVP/RIPV2/MIP. It is user's job to verify
410 * lengths.
411 *
412 * XXX Actually, association/policy database is not yet
413 * XXX able to cope with arbitrary sockaddr families.
414 * XXX When it can, remove this -EINVAL. -DaveM
415 */
416 return -EINVAL;
417 }
418
419 return 0;
420}
421
422static inline int sadb_key_len(const struct sadb_key *key)
423{
424 int key_bytes = DIV_ROUND_UP(key->sadb_key_bits, 8);
425
426 return DIV_ROUND_UP(sizeof(struct sadb_key) + key_bytes,
427 sizeof(uint64_t));
428}
429
430static int verify_key_len(const void *p)
431{
432 const struct sadb_key *key = p;
433
434 if (sadb_key_len(key) > key->sadb_key_len)
435 return -EINVAL;
436
437 return 0;
438}
439
440static inline int pfkey_sec_ctx_len(const struct sadb_x_sec_ctx *sec_ctx)
441{
442 return DIV_ROUND_UP(sizeof(struct sadb_x_sec_ctx) +
443 sec_ctx->sadb_x_ctx_len,
444 sizeof(uint64_t));
445}
446
447static inline int verify_sec_ctx_len(const void *p)
448{
449 const struct sadb_x_sec_ctx *sec_ctx = p;
450 int len = sec_ctx->sadb_x_ctx_len;
451
452 if (len > PAGE_SIZE)
453 return -EINVAL;
454
455 len = pfkey_sec_ctx_len(sec_ctx);
456
457 if (sec_ctx->sadb_x_sec_len != len)
458 return -EINVAL;
459
460 return 0;
461}
462
463static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(const struct sadb_x_sec_ctx *sec_ctx,
464 gfp_t gfp)
465{
466 struct xfrm_user_sec_ctx *uctx = NULL;
467 int ctx_size = sec_ctx->sadb_x_ctx_len;
468
469 uctx = kmalloc((sizeof(*uctx)+ctx_size), gfp);
470
471 if (!uctx)
472 return NULL;
473
474 uctx->len = pfkey_sec_ctx_len(sec_ctx);
475 uctx->exttype = sec_ctx->sadb_x_sec_exttype;
476 uctx->ctx_doi = sec_ctx->sadb_x_ctx_doi;
477 uctx->ctx_alg = sec_ctx->sadb_x_ctx_alg;
478 uctx->ctx_len = sec_ctx->sadb_x_ctx_len;
479 memcpy(uctx + 1, sec_ctx + 1,
480 uctx->ctx_len);
481
482 return uctx;
483}
484
485static int present_and_same_family(const struct sadb_address *src,
486 const struct sadb_address *dst)
487{
488 const struct sockaddr *s_addr, *d_addr;
489
490 if (!src || !dst)
491 return 0;
492
493 s_addr = (const struct sockaddr *)(src + 1);
494 d_addr = (const struct sockaddr *)(dst + 1);
495 if (s_addr->sa_family != d_addr->sa_family)
496 return 0;
497 if (s_addr->sa_family != AF_INET
498#if IS_ENABLED(CONFIG_IPV6)
499 && s_addr->sa_family != AF_INET6
500#endif
501 )
502 return 0;
503
504 return 1;
505}
506
507static int parse_exthdrs(struct sk_buff *skb, const struct sadb_msg *hdr, void **ext_hdrs)
508{
509 const char *p = (char *) hdr;
510 int len = skb->len;
511
512 len -= sizeof(*hdr);
513 p += sizeof(*hdr);
514 while (len > 0) {
515 const struct sadb_ext *ehdr = (const struct sadb_ext *) p;
516 uint16_t ext_type;
517 int ext_len;
518
519 if (len < sizeof(*ehdr))
520 return -EINVAL;
521
522 ext_len = ehdr->sadb_ext_len;
523 ext_len *= sizeof(uint64_t);
524 ext_type = ehdr->sadb_ext_type;
525 if (ext_len < sizeof(uint64_t) ||
526 ext_len > len ||
527 ext_type == SADB_EXT_RESERVED)
528 return -EINVAL;
529
530 if (ext_type <= SADB_EXT_MAX) {
531 int min = (int) sadb_ext_min_len[ext_type];
532 if (ext_len < min)
533 return -EINVAL;
534 if (ext_hdrs[ext_type-1] != NULL)
535 return -EINVAL;
536 switch (ext_type) {
537 case SADB_EXT_ADDRESS_SRC:
538 case SADB_EXT_ADDRESS_DST:
539 case SADB_EXT_ADDRESS_PROXY:
540 case SADB_X_EXT_NAT_T_OA:
541 if (verify_address_len(p))
542 return -EINVAL;
543 break;
544 case SADB_X_EXT_SEC_CTX:
545 if (verify_sec_ctx_len(p))
546 return -EINVAL;
547 break;
548 case SADB_EXT_KEY_AUTH:
549 case SADB_EXT_KEY_ENCRYPT:
550 if (verify_key_len(p))
551 return -EINVAL;
552 break;
553 default:
554 break;
555 }
556 ext_hdrs[ext_type-1] = (void *) p;
557 }
558 p += ext_len;
559 len -= ext_len;
560 }
561
562 return 0;
563}
564
565static uint16_t
566pfkey_satype2proto(uint8_t satype)
567{
568 switch (satype) {
569 case SADB_SATYPE_UNSPEC:
570 return IPSEC_PROTO_ANY;
571 case SADB_SATYPE_AH:
572 return IPPROTO_AH;
573 case SADB_SATYPE_ESP:
574 return IPPROTO_ESP;
575 case SADB_X_SATYPE_IPCOMP:
576 return IPPROTO_COMP;
577 default:
578 return 0;
579 }
580 /* NOTREACHED */
581}
582
583static uint8_t
584pfkey_proto2satype(uint16_t proto)
585{
586 switch (proto) {
587 case IPPROTO_AH:
588 return SADB_SATYPE_AH;
589 case IPPROTO_ESP:
590 return SADB_SATYPE_ESP;
591 case IPPROTO_COMP:
592 return SADB_X_SATYPE_IPCOMP;
593 default:
594 return 0;
595 }
596 /* NOTREACHED */
597}
598
599/* BTW, this scheme means that there is no way with PFKEY2 sockets to
600 * say specifically 'just raw sockets' as we encode them as 255.
601 */
602
603static uint8_t pfkey_proto_to_xfrm(uint8_t proto)
604{
605 return proto == IPSEC_PROTO_ANY ? 0 : proto;
606}
607
608static uint8_t pfkey_proto_from_xfrm(uint8_t proto)
609{
610 return proto ? proto : IPSEC_PROTO_ANY;
611}
612
613static inline int pfkey_sockaddr_len(sa_family_t family)
614{
615 switch (family) {
616 case AF_INET:
617 return sizeof(struct sockaddr_in);
618#if IS_ENABLED(CONFIG_IPV6)
619 case AF_INET6:
620 return sizeof(struct sockaddr_in6);
621#endif
622 }
623 return 0;
624}
625
626static
627int pfkey_sockaddr_extract(const struct sockaddr *sa, xfrm_address_t *xaddr)
628{
629 switch (sa->sa_family) {
630 case AF_INET:
631 xaddr->a4 =
632 ((struct sockaddr_in *)sa)->sin_addr.s_addr;
633 return AF_INET;
634#if IS_ENABLED(CONFIG_IPV6)
635 case AF_INET6:
636 memcpy(xaddr->a6,
637 &((struct sockaddr_in6 *)sa)->sin6_addr,
638 sizeof(struct in6_addr));
639 return AF_INET6;
640#endif
641 }
642 return 0;
643}
644
645static
646int pfkey_sadb_addr2xfrm_addr(const struct sadb_address *addr, xfrm_address_t *xaddr)
647{
648 return pfkey_sockaddr_extract((struct sockaddr *)(addr + 1),
649 xaddr);
650}
651
652static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, const struct sadb_msg *hdr, void * const *ext_hdrs)
653{
654 const struct sadb_sa *sa;
655 const struct sadb_address *addr;
656 uint16_t proto;
657 unsigned short family;
658 xfrm_address_t *xaddr;
659
660 sa = ext_hdrs[SADB_EXT_SA - 1];
661 if (sa == NULL)
662 return NULL;
663
664 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
665 if (proto == 0)
666 return NULL;
667
668 /* sadb_address_len should be checked by caller */
669 addr = ext_hdrs[SADB_EXT_ADDRESS_DST - 1];
670 if (addr == NULL)
671 return NULL;
672
673 family = ((const struct sockaddr *)(addr + 1))->sa_family;
674 switch (family) {
675 case AF_INET:
676 xaddr = (xfrm_address_t *)&((const struct sockaddr_in *)(addr + 1))->sin_addr;
677 break;
678#if IS_ENABLED(CONFIG_IPV6)
679 case AF_INET6:
680 xaddr = (xfrm_address_t *)&((const struct sockaddr_in6 *)(addr + 1))->sin6_addr;
681 break;
682#endif
683 default:
684 xaddr = NULL;
685 }
686
687 if (!xaddr)
688 return NULL;
689
690 return xfrm_state_lookup(net, DUMMY_MARK, xaddr, sa->sadb_sa_spi, proto, family);
691}
692
693#define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
694
695static int
696pfkey_sockaddr_size(sa_family_t family)
697{
698 return PFKEY_ALIGN8(pfkey_sockaddr_len(family));
699}
700
701static inline int pfkey_mode_from_xfrm(int mode)
702{
703 switch(mode) {
704 case XFRM_MODE_TRANSPORT:
705 return IPSEC_MODE_TRANSPORT;
706 case XFRM_MODE_TUNNEL:
707 return IPSEC_MODE_TUNNEL;
708 case XFRM_MODE_BEET:
709 return IPSEC_MODE_BEET;
710 default:
711 return -1;
712 }
713}
714
715static inline int pfkey_mode_to_xfrm(int mode)
716{
717 switch(mode) {
718 case IPSEC_MODE_ANY: /*XXX*/
719 case IPSEC_MODE_TRANSPORT:
720 return XFRM_MODE_TRANSPORT;
721 case IPSEC_MODE_TUNNEL:
722 return XFRM_MODE_TUNNEL;
723 case IPSEC_MODE_BEET:
724 return XFRM_MODE_BEET;
725 default:
726 return -1;
727 }
728}
729
730static unsigned int pfkey_sockaddr_fill(const xfrm_address_t *xaddr, __be16 port,
731 struct sockaddr *sa,
732 unsigned short family)
733{
734 switch (family) {
735 case AF_INET:
736 {
737 struct sockaddr_in *sin = (struct sockaddr_in *)sa;
738 sin->sin_family = AF_INET;
739 sin->sin_port = port;
740 sin->sin_addr.s_addr = xaddr->a4;
741 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
742 return 32;
743 }
744#if IS_ENABLED(CONFIG_IPV6)
745 case AF_INET6:
746 {
747 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
748 sin6->sin6_family = AF_INET6;
749 sin6->sin6_port = port;
750 sin6->sin6_flowinfo = 0;
751 sin6->sin6_addr = xaddr->in6;
752 sin6->sin6_scope_id = 0;
753 return 128;
754 }
755#endif
756 }
757 return 0;
758}
759
760static struct sk_buff *__pfkey_xfrm_state2msg(const struct xfrm_state *x,
761 int add_keys, int hsc)
762{
763 struct sk_buff *skb;
764 struct sadb_msg *hdr;
765 struct sadb_sa *sa;
766 struct sadb_lifetime *lifetime;
767 struct sadb_address *addr;
768 struct sadb_key *key;
769 struct sadb_x_sa2 *sa2;
770 struct sadb_x_sec_ctx *sec_ctx;
771 struct xfrm_sec_ctx *xfrm_ctx;
772 int ctx_size = 0;
773 int size;
774 int auth_key_size = 0;
775 int encrypt_key_size = 0;
776 int sockaddr_size;
777 struct xfrm_encap_tmpl *natt = NULL;
778 int mode;
779
780 /* address family check */
781 sockaddr_size = pfkey_sockaddr_size(x->props.family);
782 if (!sockaddr_size)
783 return ERR_PTR(-EINVAL);
784
785 /* base, SA, (lifetime (HSC),) address(SD), (address(P),)
786 key(AE), (identity(SD),) (sensitivity)> */
787 size = sizeof(struct sadb_msg) +sizeof(struct sadb_sa) +
788 sizeof(struct sadb_lifetime) +
789 ((hsc & 1) ? sizeof(struct sadb_lifetime) : 0) +
790 ((hsc & 2) ? sizeof(struct sadb_lifetime) : 0) +
791 sizeof(struct sadb_address)*2 +
792 sockaddr_size*2 +
793 sizeof(struct sadb_x_sa2);
794
795 if ((xfrm_ctx = x->security)) {
796 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
797 size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
798 }
799
800 /* identity & sensitivity */
801 if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, x->props.family))
802 size += sizeof(struct sadb_address) + sockaddr_size;
803
804 if (add_keys) {
805 if (x->aalg && x->aalg->alg_key_len) {
806 auth_key_size =
807 PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8);
808 size += sizeof(struct sadb_key) + auth_key_size;
809 }
810 if (x->ealg && x->ealg->alg_key_len) {
811 encrypt_key_size =
812 PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8);
813 size += sizeof(struct sadb_key) + encrypt_key_size;
814 }
815 }
816 if (x->encap)
817 natt = x->encap;
818
819 if (natt && natt->encap_type) {
820 size += sizeof(struct sadb_x_nat_t_type);
821 size += sizeof(struct sadb_x_nat_t_port);
822 size += sizeof(struct sadb_x_nat_t_port);
823 }
824
825 skb = alloc_skb(size + 16, GFP_ATOMIC);
826 if (skb == NULL)
827 return ERR_PTR(-ENOBUFS);
828
829 /* call should fill header later */
830 hdr = skb_put(skb, sizeof(struct sadb_msg));
831 memset(hdr, 0, size); /* XXX do we need this ? */
832 hdr->sadb_msg_len = size / sizeof(uint64_t);
833
834 /* sa */
835 sa = skb_put(skb, sizeof(struct sadb_sa));
836 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
837 sa->sadb_sa_exttype = SADB_EXT_SA;
838 sa->sadb_sa_spi = x->id.spi;
839 sa->sadb_sa_replay = x->props.replay_window;
840 switch (x->km.state) {
841 case XFRM_STATE_VALID:
842 sa->sadb_sa_state = x->km.dying ?
843 SADB_SASTATE_DYING : SADB_SASTATE_MATURE;
844 break;
845 case XFRM_STATE_ACQ:
846 sa->sadb_sa_state = SADB_SASTATE_LARVAL;
847 break;
848 default:
849 sa->sadb_sa_state = SADB_SASTATE_DEAD;
850 break;
851 }
852 sa->sadb_sa_auth = 0;
853 if (x->aalg) {
854 struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
855 sa->sadb_sa_auth = (a && a->pfkey_supported) ?
856 a->desc.sadb_alg_id : 0;
857 }
858 sa->sadb_sa_encrypt = 0;
859 BUG_ON(x->ealg && x->calg);
860 if (x->ealg) {
861 struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0);
862 sa->sadb_sa_encrypt = (a && a->pfkey_supported) ?
863 a->desc.sadb_alg_id : 0;
864 }
865 /* KAME compatible: sadb_sa_encrypt is overloaded with calg id */
866 if (x->calg) {
867 struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0);
868 sa->sadb_sa_encrypt = (a && a->pfkey_supported) ?
869 a->desc.sadb_alg_id : 0;
870 }
871
872 sa->sadb_sa_flags = 0;
873 if (x->props.flags & XFRM_STATE_NOECN)
874 sa->sadb_sa_flags |= SADB_SAFLAGS_NOECN;
875 if (x->props.flags & XFRM_STATE_DECAP_DSCP)
876 sa->sadb_sa_flags |= SADB_SAFLAGS_DECAP_DSCP;
877 if (x->props.flags & XFRM_STATE_NOPMTUDISC)
878 sa->sadb_sa_flags |= SADB_SAFLAGS_NOPMTUDISC;
879
880 /* hard time */
881 if (hsc & 2) {
882 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
883 lifetime->sadb_lifetime_len =
884 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
885 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
886 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.hard_packet_limit);
887 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.hard_byte_limit);
888 lifetime->sadb_lifetime_addtime = x->lft.hard_add_expires_seconds;
889 lifetime->sadb_lifetime_usetime = x->lft.hard_use_expires_seconds;
890 }
891 /* soft time */
892 if (hsc & 1) {
893 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
894 lifetime->sadb_lifetime_len =
895 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
896 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
897 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.soft_packet_limit);
898 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.soft_byte_limit);
899 lifetime->sadb_lifetime_addtime = x->lft.soft_add_expires_seconds;
900 lifetime->sadb_lifetime_usetime = x->lft.soft_use_expires_seconds;
901 }
902 /* current time */
903 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
904 lifetime->sadb_lifetime_len =
905 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
906 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
907 lifetime->sadb_lifetime_allocations = x->curlft.packets;
908 lifetime->sadb_lifetime_bytes = x->curlft.bytes;
909 lifetime->sadb_lifetime_addtime = x->curlft.add_time;
910 lifetime->sadb_lifetime_usetime = x->curlft.use_time;
911 /* src address */
912 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
913 addr->sadb_address_len =
914 (sizeof(struct sadb_address)+sockaddr_size)/
915 sizeof(uint64_t);
916 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
917 /* "if the ports are non-zero, then the sadb_address_proto field,
918 normally zero, MUST be filled in with the transport
919 protocol's number." - RFC2367 */
920 addr->sadb_address_proto = 0;
921 addr->sadb_address_reserved = 0;
922
923 addr->sadb_address_prefixlen =
924 pfkey_sockaddr_fill(&x->props.saddr, 0,
925 (struct sockaddr *) (addr + 1),
926 x->props.family);
927 BUG_ON(!addr->sadb_address_prefixlen);
928
929 /* dst address */
930 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
931 addr->sadb_address_len =
932 (sizeof(struct sadb_address)+sockaddr_size)/
933 sizeof(uint64_t);
934 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
935 addr->sadb_address_proto = 0;
936 addr->sadb_address_reserved = 0;
937
938 addr->sadb_address_prefixlen =
939 pfkey_sockaddr_fill(&x->id.daddr, 0,
940 (struct sockaddr *) (addr + 1),
941 x->props.family);
942 BUG_ON(!addr->sadb_address_prefixlen);
943
944 if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr,
945 x->props.family)) {
946 addr = skb_put(skb,
947 sizeof(struct sadb_address) + sockaddr_size);
948 addr->sadb_address_len =
949 (sizeof(struct sadb_address)+sockaddr_size)/
950 sizeof(uint64_t);
951 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;
952 addr->sadb_address_proto =
953 pfkey_proto_from_xfrm(x->sel.proto);
954 addr->sadb_address_prefixlen = x->sel.prefixlen_s;
955 addr->sadb_address_reserved = 0;
956
957 pfkey_sockaddr_fill(&x->sel.saddr, x->sel.sport,
958 (struct sockaddr *) (addr + 1),
959 x->props.family);
960 }
961
962 /* auth key */
963 if (add_keys && auth_key_size) {
964 key = skb_put(skb, sizeof(struct sadb_key) + auth_key_size);
965 key->sadb_key_len = (sizeof(struct sadb_key) + auth_key_size) /
966 sizeof(uint64_t);
967 key->sadb_key_exttype = SADB_EXT_KEY_AUTH;
968 key->sadb_key_bits = x->aalg->alg_key_len;
969 key->sadb_key_reserved = 0;
970 memcpy(key + 1, x->aalg->alg_key, (x->aalg->alg_key_len+7)/8);
971 }
972 /* encrypt key */
973 if (add_keys && encrypt_key_size) {
974 key = skb_put(skb, sizeof(struct sadb_key) + encrypt_key_size);
975 key->sadb_key_len = (sizeof(struct sadb_key) +
976 encrypt_key_size) / sizeof(uint64_t);
977 key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
978 key->sadb_key_bits = x->ealg->alg_key_len;
979 key->sadb_key_reserved = 0;
980 memcpy(key + 1, x->ealg->alg_key,
981 (x->ealg->alg_key_len+7)/8);
982 }
983
984 /* sa */
985 sa2 = skb_put(skb, sizeof(struct sadb_x_sa2));
986 sa2->sadb_x_sa2_len = sizeof(struct sadb_x_sa2)/sizeof(uint64_t);
987 sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
988 if ((mode = pfkey_mode_from_xfrm(x->props.mode)) < 0) {
989 kfree_skb(skb);
990 return ERR_PTR(-EINVAL);
991 }
992 sa2->sadb_x_sa2_mode = mode;
993 sa2->sadb_x_sa2_reserved1 = 0;
994 sa2->sadb_x_sa2_reserved2 = 0;
995 sa2->sadb_x_sa2_sequence = 0;
996 sa2->sadb_x_sa2_reqid = x->props.reqid;
997
998 if (natt && natt->encap_type) {
999 struct sadb_x_nat_t_type *n_type;
1000 struct sadb_x_nat_t_port *n_port;
1001
1002 /* type */
1003 n_type = skb_put(skb, sizeof(*n_type));
1004 n_type->sadb_x_nat_t_type_len = sizeof(*n_type)/sizeof(uint64_t);
1005 n_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
1006 n_type->sadb_x_nat_t_type_type = natt->encap_type;
1007 n_type->sadb_x_nat_t_type_reserved[0] = 0;
1008 n_type->sadb_x_nat_t_type_reserved[1] = 0;
1009 n_type->sadb_x_nat_t_type_reserved[2] = 0;
1010
1011 /* source port */
1012 n_port = skb_put(skb, sizeof(*n_port));
1013 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
1014 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
1015 n_port->sadb_x_nat_t_port_port = natt->encap_sport;
1016 n_port->sadb_x_nat_t_port_reserved = 0;
1017
1018 /* dest port */
1019 n_port = skb_put(skb, sizeof(*n_port));
1020 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
1021 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
1022 n_port->sadb_x_nat_t_port_port = natt->encap_dport;
1023 n_port->sadb_x_nat_t_port_reserved = 0;
1024 }
1025
1026 /* security context */
1027 if (xfrm_ctx) {
1028 sec_ctx = skb_put(skb,
1029 sizeof(struct sadb_x_sec_ctx) + ctx_size);
1030 sec_ctx->sadb_x_sec_len =
1031 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
1032 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
1033 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
1034 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
1035 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
1036 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
1037 xfrm_ctx->ctx_len);
1038 }
1039
1040 return skb;
1041}
1042
1043
1044static inline struct sk_buff *pfkey_xfrm_state2msg(const struct xfrm_state *x)
1045{
1046 struct sk_buff *skb;
1047
1048 skb = __pfkey_xfrm_state2msg(x, 1, 3);
1049
1050 return skb;
1051}
1052
1053static inline struct sk_buff *pfkey_xfrm_state2msg_expire(const struct xfrm_state *x,
1054 int hsc)
1055{
1056 return __pfkey_xfrm_state2msg(x, 0, hsc);
1057}
1058
1059static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1060 const struct sadb_msg *hdr,
1061 void * const *ext_hdrs)
1062{
1063 struct xfrm_state *x;
1064 const struct sadb_lifetime *lifetime;
1065 const struct sadb_sa *sa;
1066 const struct sadb_key *key;
1067 const struct sadb_x_sec_ctx *sec_ctx;
1068 uint16_t proto;
1069 int err;
1070
1071
1072 sa = ext_hdrs[SADB_EXT_SA - 1];
1073 if (!sa ||
1074 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1075 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1076 return ERR_PTR(-EINVAL);
1077 if (hdr->sadb_msg_satype == SADB_SATYPE_ESP &&
1078 !ext_hdrs[SADB_EXT_KEY_ENCRYPT-1])
1079 return ERR_PTR(-EINVAL);
1080 if (hdr->sadb_msg_satype == SADB_SATYPE_AH &&
1081 !ext_hdrs[SADB_EXT_KEY_AUTH-1])
1082 return ERR_PTR(-EINVAL);
1083 if (!!ext_hdrs[SADB_EXT_LIFETIME_HARD-1] !=
1084 !!ext_hdrs[SADB_EXT_LIFETIME_SOFT-1])
1085 return ERR_PTR(-EINVAL);
1086
1087 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1088 if (proto == 0)
1089 return ERR_PTR(-EINVAL);
1090
1091 /* default error is no buffer space */
1092 err = -ENOBUFS;
1093
1094 /* RFC2367:
1095
1096 Only SADB_SASTATE_MATURE SAs may be submitted in an SADB_ADD message.
1097 SADB_SASTATE_LARVAL SAs are created by SADB_GETSPI and it is not
1098 sensible to add a new SA in the DYING or SADB_SASTATE_DEAD state.
1099 Therefore, the sadb_sa_state field of all submitted SAs MUST be
1100 SADB_SASTATE_MATURE and the kernel MUST return an error if this is
1101 not true.
1102
1103 However, KAME setkey always uses SADB_SASTATE_LARVAL.
1104 Hence, we have to _ignore_ sadb_sa_state, which is also reasonable.
1105 */
1106 if (sa->sadb_sa_auth > SADB_AALG_MAX ||
1107 (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP &&
1108 sa->sadb_sa_encrypt > SADB_X_CALG_MAX) ||
1109 sa->sadb_sa_encrypt > SADB_EALG_MAX)
1110 return ERR_PTR(-EINVAL);
1111 key = ext_hdrs[SADB_EXT_KEY_AUTH - 1];
1112 if (key != NULL &&
1113 sa->sadb_sa_auth != SADB_X_AALG_NULL &&
1114 key->sadb_key_bits == 0)
1115 return ERR_PTR(-EINVAL);
1116 key = ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
1117 if (key != NULL &&
1118 sa->sadb_sa_encrypt != SADB_EALG_NULL &&
1119 key->sadb_key_bits == 0)
1120 return ERR_PTR(-EINVAL);
1121
1122 x = xfrm_state_alloc(net);
1123 if (x == NULL)
1124 return ERR_PTR(-ENOBUFS);
1125
1126 x->id.proto = proto;
1127 x->id.spi = sa->sadb_sa_spi;
1128 x->props.replay_window = min_t(unsigned int, sa->sadb_sa_replay,
1129 (sizeof(x->replay.bitmap) * 8));
1130 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOECN)
1131 x->props.flags |= XFRM_STATE_NOECN;
1132 if (sa->sadb_sa_flags & SADB_SAFLAGS_DECAP_DSCP)
1133 x->props.flags |= XFRM_STATE_DECAP_DSCP;
1134 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC)
1135 x->props.flags |= XFRM_STATE_NOPMTUDISC;
1136
1137 lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD - 1];
1138 if (lifetime != NULL) {
1139 x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1140 x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1141 x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1142 x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1143 }
1144 lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT - 1];
1145 if (lifetime != NULL) {
1146 x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1147 x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1148 x->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1149 x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1150 }
1151
1152 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
1153 if (sec_ctx != NULL) {
1154 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
1155
1156 if (!uctx)
1157 goto out;
1158
1159 err = security_xfrm_state_alloc(x, uctx);
1160 kfree(uctx);
1161
1162 if (err)
1163 goto out;
1164 }
1165
1166 err = -ENOBUFS;
1167 key = ext_hdrs[SADB_EXT_KEY_AUTH - 1];
1168 if (sa->sadb_sa_auth) {
1169 int keysize = 0;
1170 struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth);
1171 if (!a || !a->pfkey_supported) {
1172 err = -ENOSYS;
1173 goto out;
1174 }
1175 if (key)
1176 keysize = (key->sadb_key_bits + 7) / 8;
1177 x->aalg = kmalloc(sizeof(*x->aalg) + keysize, GFP_KERNEL);
1178 if (!x->aalg) {
1179 err = -ENOMEM;
1180 goto out;
1181 }
1182 strcpy(x->aalg->alg_name, a->name);
1183 x->aalg->alg_key_len = 0;
1184 if (key) {
1185 x->aalg->alg_key_len = key->sadb_key_bits;
1186 memcpy(x->aalg->alg_key, key+1, keysize);
1187 }
1188 x->aalg->alg_trunc_len = a->uinfo.auth.icv_truncbits;
1189 x->props.aalgo = sa->sadb_sa_auth;
1190 /* x->algo.flags = sa->sadb_sa_flags; */
1191 }
1192 if (sa->sadb_sa_encrypt) {
1193 if (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
1194 struct xfrm_algo_desc *a = xfrm_calg_get_byid(sa->sadb_sa_encrypt);
1195 if (!a || !a->pfkey_supported) {
1196 err = -ENOSYS;
1197 goto out;
1198 }
1199 x->calg = kmalloc(sizeof(*x->calg), GFP_KERNEL);
1200 if (!x->calg) {
1201 err = -ENOMEM;
1202 goto out;
1203 }
1204 strcpy(x->calg->alg_name, a->name);
1205 x->props.calgo = sa->sadb_sa_encrypt;
1206 } else {
1207 int keysize = 0;
1208 struct xfrm_algo_desc *a = xfrm_ealg_get_byid(sa->sadb_sa_encrypt);
1209 if (!a || !a->pfkey_supported) {
1210 err = -ENOSYS;
1211 goto out;
1212 }
1213 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
1214 if (key)
1215 keysize = (key->sadb_key_bits + 7) / 8;
1216 x->ealg = kmalloc(sizeof(*x->ealg) + keysize, GFP_KERNEL);
1217 if (!x->ealg) {
1218 err = -ENOMEM;
1219 goto out;
1220 }
1221 strcpy(x->ealg->alg_name, a->name);
1222 x->ealg->alg_key_len = 0;
1223 if (key) {
1224 x->ealg->alg_key_len = key->sadb_key_bits;
1225 memcpy(x->ealg->alg_key, key+1, keysize);
1226 }
1227 x->props.ealgo = sa->sadb_sa_encrypt;
1228 x->geniv = a->uinfo.encr.geniv;
1229 }
1230 }
1231 /* x->algo.flags = sa->sadb_sa_flags; */
1232
1233 x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1234 &x->props.saddr);
1235 pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1],
1236 &x->id.daddr);
1237
1238 if (ext_hdrs[SADB_X_EXT_SA2-1]) {
1239 const struct sadb_x_sa2 *sa2 = ext_hdrs[SADB_X_EXT_SA2-1];
1240 int mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1241 if (mode < 0) {
1242 err = -EINVAL;
1243 goto out;
1244 }
1245 x->props.mode = mode;
1246 x->props.reqid = sa2->sadb_x_sa2_reqid;
1247 }
1248
1249 if (ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]) {
1250 const struct sadb_address *addr = ext_hdrs[SADB_EXT_ADDRESS_PROXY-1];
1251
1252 /* Nobody uses this, but we try. */
1253 x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr);
1254 x->sel.prefixlen_s = addr->sadb_address_prefixlen;
1255 }
1256
1257 if (!x->sel.family)
1258 x->sel.family = x->props.family;
1259
1260 if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) {
1261 const struct sadb_x_nat_t_type* n_type;
1262 struct xfrm_encap_tmpl *natt;
1263
1264 x->encap = kzalloc(sizeof(*x->encap), GFP_KERNEL);
1265 if (!x->encap) {
1266 err = -ENOMEM;
1267 goto out;
1268 }
1269
1270 natt = x->encap;
1271 n_type = ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1];
1272 natt->encap_type = n_type->sadb_x_nat_t_type_type;
1273
1274 if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) {
1275 const struct sadb_x_nat_t_port *n_port =
1276 ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1];
1277 natt->encap_sport = n_port->sadb_x_nat_t_port_port;
1278 }
1279 if (ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]) {
1280 const struct sadb_x_nat_t_port *n_port =
1281 ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1];
1282 natt->encap_dport = n_port->sadb_x_nat_t_port_port;
1283 }
1284 memset(&natt->encap_oa, 0, sizeof(natt->encap_oa));
1285 }
1286
1287 err = xfrm_init_state(x);
1288 if (err)
1289 goto out;
1290
1291 x->km.seq = hdr->sadb_msg_seq;
1292 return x;
1293
1294out:
1295 x->km.state = XFRM_STATE_DEAD;
1296 xfrm_state_put(x);
1297 return ERR_PTR(err);
1298}
1299
1300static int pfkey_reserved(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1301{
1302 return -EOPNOTSUPP;
1303}
1304
1305static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1306{
1307 struct net *net = sock_net(sk);
1308 struct sk_buff *resp_skb;
1309 struct sadb_x_sa2 *sa2;
1310 struct sadb_address *saddr, *daddr;
1311 struct sadb_msg *out_hdr;
1312 struct sadb_spirange *range;
1313 struct xfrm_state *x = NULL;
1314 int mode;
1315 int err;
1316 u32 min_spi, max_spi;
1317 u32 reqid;
1318 u8 proto;
1319 unsigned short family;
1320 xfrm_address_t *xsaddr = NULL, *xdaddr = NULL;
1321
1322 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1323 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1324 return -EINVAL;
1325
1326 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1327 if (proto == 0)
1328 return -EINVAL;
1329
1330 if ((sa2 = ext_hdrs[SADB_X_EXT_SA2-1]) != NULL) {
1331 mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1332 if (mode < 0)
1333 return -EINVAL;
1334 reqid = sa2->sadb_x_sa2_reqid;
1335 } else {
1336 mode = 0;
1337 reqid = 0;
1338 }
1339
1340 saddr = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
1341 daddr = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
1342
1343 family = ((struct sockaddr *)(saddr + 1))->sa_family;
1344 switch (family) {
1345 case AF_INET:
1346 xdaddr = (xfrm_address_t *)&((struct sockaddr_in *)(daddr + 1))->sin_addr.s_addr;
1347 xsaddr = (xfrm_address_t *)&((struct sockaddr_in *)(saddr + 1))->sin_addr.s_addr;
1348 break;
1349#if IS_ENABLED(CONFIG_IPV6)
1350 case AF_INET6:
1351 xdaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(daddr + 1))->sin6_addr;
1352 xsaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(saddr + 1))->sin6_addr;
1353 break;
1354#endif
1355 }
1356
1357 if (hdr->sadb_msg_seq) {
1358 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
1359 if (x && !xfrm_addr_equal(&x->id.daddr, xdaddr, family)) {
1360 xfrm_state_put(x);
1361 x = NULL;
1362 }
1363 }
1364
1365 if (!x)
1366 x = xfrm_find_acq(net, &dummy_mark, mode, reqid, 0, proto, xdaddr, xsaddr, 1, family);
1367
1368 if (x == NULL)
1369 return -ENOENT;
1370
1371 min_spi = 0x100;
1372 max_spi = 0x0fffffff;
1373
1374 range = ext_hdrs[SADB_EXT_SPIRANGE-1];
1375 if (range) {
1376 min_spi = range->sadb_spirange_min;
1377 max_spi = range->sadb_spirange_max;
1378 }
1379
1380 err = verify_spi_info(x->id.proto, min_spi, max_spi, NULL);
1381 if (err) {
1382 xfrm_state_put(x);
1383 return err;
1384 }
1385
1386 err = xfrm_alloc_spi(x, min_spi, max_spi, NULL);
1387 resp_skb = err ? ERR_PTR(err) : pfkey_xfrm_state2msg(x);
1388
1389 if (IS_ERR(resp_skb)) {
1390 xfrm_state_put(x);
1391 return PTR_ERR(resp_skb);
1392 }
1393
1394 out_hdr = (struct sadb_msg *) resp_skb->data;
1395 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
1396 out_hdr->sadb_msg_type = SADB_GETSPI;
1397 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
1398 out_hdr->sadb_msg_errno = 0;
1399 out_hdr->sadb_msg_reserved = 0;
1400 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1401 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1402
1403 xfrm_state_put(x);
1404
1405 pfkey_broadcast(resp_skb, GFP_KERNEL, BROADCAST_ONE, sk, net);
1406
1407 return 0;
1408}
1409
1410static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1411{
1412 struct net *net = sock_net(sk);
1413 struct xfrm_state *x;
1414
1415 if (hdr->sadb_msg_len != sizeof(struct sadb_msg)/8)
1416 return -EOPNOTSUPP;
1417
1418 if (hdr->sadb_msg_seq == 0 || hdr->sadb_msg_errno == 0)
1419 return 0;
1420
1421 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
1422 if (x == NULL)
1423 return 0;
1424
1425 spin_lock_bh(&x->lock);
1426 if (x->km.state == XFRM_STATE_ACQ)
1427 x->km.state = XFRM_STATE_ERROR;
1428
1429 spin_unlock_bh(&x->lock);
1430 xfrm_state_put(x);
1431 return 0;
1432}
1433
1434static inline int event2poltype(int event)
1435{
1436 switch (event) {
1437 case XFRM_MSG_DELPOLICY:
1438 return SADB_X_SPDDELETE;
1439 case XFRM_MSG_NEWPOLICY:
1440 return SADB_X_SPDADD;
1441 case XFRM_MSG_UPDPOLICY:
1442 return SADB_X_SPDUPDATE;
1443 case XFRM_MSG_POLEXPIRE:
1444 // return SADB_X_SPDEXPIRE;
1445 default:
1446 pr_err("pfkey: Unknown policy event %d\n", event);
1447 break;
1448 }
1449
1450 return 0;
1451}
1452
1453static inline int event2keytype(int event)
1454{
1455 switch (event) {
1456 case XFRM_MSG_DELSA:
1457 return SADB_DELETE;
1458 case XFRM_MSG_NEWSA:
1459 return SADB_ADD;
1460 case XFRM_MSG_UPDSA:
1461 return SADB_UPDATE;
1462 case XFRM_MSG_EXPIRE:
1463 return SADB_EXPIRE;
1464 default:
1465 pr_err("pfkey: Unknown SA event %d\n", event);
1466 break;
1467 }
1468
1469 return 0;
1470}
1471
1472/* ADD/UPD/DEL */
1473static int key_notify_sa(struct xfrm_state *x, const struct km_event *c)
1474{
1475 struct sk_buff *skb;
1476 struct sadb_msg *hdr;
1477
1478 skb = pfkey_xfrm_state2msg(x);
1479
1480 if (IS_ERR(skb))
1481 return PTR_ERR(skb);
1482
1483 hdr = (struct sadb_msg *) skb->data;
1484 hdr->sadb_msg_version = PF_KEY_V2;
1485 hdr->sadb_msg_type = event2keytype(c->event);
1486 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1487 hdr->sadb_msg_errno = 0;
1488 hdr->sadb_msg_reserved = 0;
1489 hdr->sadb_msg_seq = c->seq;
1490 hdr->sadb_msg_pid = c->portid;
1491
1492 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xs_net(x));
1493
1494 return 0;
1495}
1496
1497static int pfkey_add(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1498{
1499 struct net *net = sock_net(sk);
1500 struct xfrm_state *x;
1501 int err;
1502 struct km_event c;
1503
1504 x = pfkey_msg2xfrm_state(net, hdr, ext_hdrs);
1505 if (IS_ERR(x))
1506 return PTR_ERR(x);
1507
1508 xfrm_state_hold(x);
1509 if (hdr->sadb_msg_type == SADB_ADD)
1510 err = xfrm_state_add(x);
1511 else
1512 err = xfrm_state_update(x);
1513
1514 xfrm_audit_state_add(x, err ? 0 : 1, true);
1515
1516 if (err < 0) {
1517 x->km.state = XFRM_STATE_DEAD;
1518 __xfrm_state_put(x);
1519 goto out;
1520 }
1521
1522 if (hdr->sadb_msg_type == SADB_ADD)
1523 c.event = XFRM_MSG_NEWSA;
1524 else
1525 c.event = XFRM_MSG_UPDSA;
1526 c.seq = hdr->sadb_msg_seq;
1527 c.portid = hdr->sadb_msg_pid;
1528 km_state_notify(x, &c);
1529out:
1530 xfrm_state_put(x);
1531 return err;
1532}
1533
1534static int pfkey_delete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1535{
1536 struct net *net = sock_net(sk);
1537 struct xfrm_state *x;
1538 struct km_event c;
1539 int err;
1540
1541 if (!ext_hdrs[SADB_EXT_SA-1] ||
1542 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1543 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1544 return -EINVAL;
1545
1546 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs);
1547 if (x == NULL)
1548 return -ESRCH;
1549
1550 if ((err = security_xfrm_state_delete(x)))
1551 goto out;
1552
1553 if (xfrm_state_kern(x)) {
1554 err = -EPERM;
1555 goto out;
1556 }
1557
1558 err = xfrm_state_delete(x);
1559
1560 if (err < 0)
1561 goto out;
1562
1563 c.seq = hdr->sadb_msg_seq;
1564 c.portid = hdr->sadb_msg_pid;
1565 c.event = XFRM_MSG_DELSA;
1566 km_state_notify(x, &c);
1567out:
1568 xfrm_audit_state_delete(x, err ? 0 : 1, true);
1569 xfrm_state_put(x);
1570
1571 return err;
1572}
1573
1574static int pfkey_get(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1575{
1576 struct net *net = sock_net(sk);
1577 __u8 proto;
1578 struct sk_buff *out_skb;
1579 struct sadb_msg *out_hdr;
1580 struct xfrm_state *x;
1581
1582 if (!ext_hdrs[SADB_EXT_SA-1] ||
1583 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1584 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1585 return -EINVAL;
1586
1587 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs);
1588 if (x == NULL)
1589 return -ESRCH;
1590
1591 out_skb = pfkey_xfrm_state2msg(x);
1592 proto = x->id.proto;
1593 xfrm_state_put(x);
1594 if (IS_ERR(out_skb))
1595 return PTR_ERR(out_skb);
1596
1597 out_hdr = (struct sadb_msg *) out_skb->data;
1598 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
1599 out_hdr->sadb_msg_type = SADB_GET;
1600 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
1601 out_hdr->sadb_msg_errno = 0;
1602 out_hdr->sadb_msg_reserved = 0;
1603 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1604 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1605 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk));
1606
1607 return 0;
1608}
1609
1610static struct sk_buff *compose_sadb_supported(const struct sadb_msg *orig,
1611 gfp_t allocation)
1612{
1613 struct sk_buff *skb;
1614 struct sadb_msg *hdr;
1615 int len, auth_len, enc_len, i;
1616
1617 auth_len = xfrm_count_pfkey_auth_supported();
1618 if (auth_len) {
1619 auth_len *= sizeof(struct sadb_alg);
1620 auth_len += sizeof(struct sadb_supported);
1621 }
1622
1623 enc_len = xfrm_count_pfkey_enc_supported();
1624 if (enc_len) {
1625 enc_len *= sizeof(struct sadb_alg);
1626 enc_len += sizeof(struct sadb_supported);
1627 }
1628
1629 len = enc_len + auth_len + sizeof(struct sadb_msg);
1630
1631 skb = alloc_skb(len + 16, allocation);
1632 if (!skb)
1633 goto out_put_algs;
1634
1635 hdr = skb_put(skb, sizeof(*hdr));
1636 pfkey_hdr_dup(hdr, orig);
1637 hdr->sadb_msg_errno = 0;
1638 hdr->sadb_msg_len = len / sizeof(uint64_t);
1639
1640 if (auth_len) {
1641 struct sadb_supported *sp;
1642 struct sadb_alg *ap;
1643
1644 sp = skb_put(skb, auth_len);
1645 ap = (struct sadb_alg *) (sp + 1);
1646
1647 sp->sadb_supported_len = auth_len / sizeof(uint64_t);
1648 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
1649
1650 for (i = 0; ; i++) {
1651 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
1652 if (!aalg)
1653 break;
1654 if (!aalg->pfkey_supported)
1655 continue;
1656 if (aalg->available)
1657 *ap++ = aalg->desc;
1658 }
1659 }
1660
1661 if (enc_len) {
1662 struct sadb_supported *sp;
1663 struct sadb_alg *ap;
1664
1665 sp = skb_put(skb, enc_len);
1666 ap = (struct sadb_alg *) (sp + 1);
1667
1668 sp->sadb_supported_len = enc_len / sizeof(uint64_t);
1669 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
1670
1671 for (i = 0; ; i++) {
1672 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
1673 if (!ealg)
1674 break;
1675 if (!ealg->pfkey_supported)
1676 continue;
1677 if (ealg->available)
1678 *ap++ = ealg->desc;
1679 }
1680 }
1681
1682out_put_algs:
1683 return skb;
1684}
1685
1686static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1687{
1688 struct pfkey_sock *pfk = pfkey_sk(sk);
1689 struct sk_buff *supp_skb;
1690
1691 if (hdr->sadb_msg_satype > SADB_SATYPE_MAX)
1692 return -EINVAL;
1693
1694 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) {
1695 if (pfk->registered&(1<<hdr->sadb_msg_satype))
1696 return -EEXIST;
1697 pfk->registered |= (1<<hdr->sadb_msg_satype);
1698 }
1699
1700 mutex_lock(&pfkey_mutex);
1701 xfrm_probe_algs();
1702
1703 supp_skb = compose_sadb_supported(hdr, GFP_KERNEL | __GFP_ZERO);
1704 mutex_unlock(&pfkey_mutex);
1705
1706 if (!supp_skb) {
1707 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
1708 pfk->registered &= ~(1<<hdr->sadb_msg_satype);
1709
1710 return -ENOBUFS;
1711 }
1712
1713 pfkey_broadcast(supp_skb, GFP_KERNEL, BROADCAST_REGISTERED, sk,
1714 sock_net(sk));
1715 return 0;
1716}
1717
1718static int unicast_flush_resp(struct sock *sk, const struct sadb_msg *ihdr)
1719{
1720 struct sk_buff *skb;
1721 struct sadb_msg *hdr;
1722
1723 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
1724 if (!skb)
1725 return -ENOBUFS;
1726
1727 hdr = skb_put_data(skb, ihdr, sizeof(struct sadb_msg));
1728 hdr->sadb_msg_errno = (uint8_t) 0;
1729 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
1730
1731 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk,
1732 sock_net(sk));
1733}
1734
1735static int key_notify_sa_flush(const struct km_event *c)
1736{
1737 struct sk_buff *skb;
1738 struct sadb_msg *hdr;
1739
1740 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
1741 if (!skb)
1742 return -ENOBUFS;
1743 hdr = skb_put(skb, sizeof(struct sadb_msg));
1744 hdr->sadb_msg_satype = pfkey_proto2satype(c->data.proto);
1745 hdr->sadb_msg_type = SADB_FLUSH;
1746 hdr->sadb_msg_seq = c->seq;
1747 hdr->sadb_msg_pid = c->portid;
1748 hdr->sadb_msg_version = PF_KEY_V2;
1749 hdr->sadb_msg_errno = (uint8_t) 0;
1750 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
1751 hdr->sadb_msg_reserved = 0;
1752
1753 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
1754
1755 return 0;
1756}
1757
1758static int pfkey_flush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1759{
1760 struct net *net = sock_net(sk);
1761 unsigned int proto;
1762 struct km_event c;
1763 int err, err2;
1764
1765 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1766 if (proto == 0)
1767 return -EINVAL;
1768
1769 err = xfrm_state_flush(net, proto, true, false);
1770 err2 = unicast_flush_resp(sk, hdr);
1771 if (err || err2) {
1772 if (err == -ESRCH) /* empty table - go quietly */
1773 err = 0;
1774 return err ? err : err2;
1775 }
1776
1777 c.data.proto = proto;
1778 c.seq = hdr->sadb_msg_seq;
1779 c.portid = hdr->sadb_msg_pid;
1780 c.event = XFRM_MSG_FLUSHSA;
1781 c.net = net;
1782 km_state_notify(NULL, &c);
1783
1784 return 0;
1785}
1786
1787static int dump_sa(struct xfrm_state *x, int count, void *ptr)
1788{
1789 struct pfkey_sock *pfk = ptr;
1790 struct sk_buff *out_skb;
1791 struct sadb_msg *out_hdr;
1792
1793 if (!pfkey_can_dump(&pfk->sk))
1794 return -ENOBUFS;
1795
1796 out_skb = pfkey_xfrm_state2msg(x);
1797 if (IS_ERR(out_skb))
1798 return PTR_ERR(out_skb);
1799
1800 out_hdr = (struct sadb_msg *) out_skb->data;
1801 out_hdr->sadb_msg_version = pfk->dump.msg_version;
1802 out_hdr->sadb_msg_type = SADB_DUMP;
1803 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1804 out_hdr->sadb_msg_errno = 0;
1805 out_hdr->sadb_msg_reserved = 0;
1806 out_hdr->sadb_msg_seq = count + 1;
1807 out_hdr->sadb_msg_pid = pfk->dump.msg_portid;
1808
1809 if (pfk->dump.skb)
1810 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
1811 &pfk->sk, sock_net(&pfk->sk));
1812 pfk->dump.skb = out_skb;
1813
1814 return 0;
1815}
1816
1817static int pfkey_dump_sa(struct pfkey_sock *pfk)
1818{
1819 struct net *net = sock_net(&pfk->sk);
1820 return xfrm_state_walk(net, &pfk->dump.u.state, dump_sa, (void *) pfk);
1821}
1822
1823static void pfkey_dump_sa_done(struct pfkey_sock *pfk)
1824{
1825 struct net *net = sock_net(&pfk->sk);
1826
1827 xfrm_state_walk_done(&pfk->dump.u.state, net);
1828}
1829
1830static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1831{
1832 u8 proto;
1833 struct xfrm_address_filter *filter = NULL;
1834 struct pfkey_sock *pfk = pfkey_sk(sk);
1835
1836 mutex_lock(&pfk->dump_lock);
1837 if (pfk->dump.dump != NULL) {
1838 mutex_unlock(&pfk->dump_lock);
1839 return -EBUSY;
1840 }
1841
1842 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1843 if (proto == 0) {
1844 mutex_unlock(&pfk->dump_lock);
1845 return -EINVAL;
1846 }
1847
1848 if (ext_hdrs[SADB_X_EXT_FILTER - 1]) {
1849 struct sadb_x_filter *xfilter = ext_hdrs[SADB_X_EXT_FILTER - 1];
1850
1851 if ((xfilter->sadb_x_filter_splen >=
1852 (sizeof(xfrm_address_t) << 3)) ||
1853 (xfilter->sadb_x_filter_dplen >=
1854 (sizeof(xfrm_address_t) << 3))) {
1855 mutex_unlock(&pfk->dump_lock);
1856 return -EINVAL;
1857 }
1858 filter = kmalloc(sizeof(*filter), GFP_KERNEL);
1859 if (filter == NULL) {
1860 mutex_unlock(&pfk->dump_lock);
1861 return -ENOMEM;
1862 }
1863
1864 memcpy(&filter->saddr, &xfilter->sadb_x_filter_saddr,
1865 sizeof(xfrm_address_t));
1866 memcpy(&filter->daddr, &xfilter->sadb_x_filter_daddr,
1867 sizeof(xfrm_address_t));
1868 filter->family = xfilter->sadb_x_filter_family;
1869 filter->splen = xfilter->sadb_x_filter_splen;
1870 filter->dplen = xfilter->sadb_x_filter_dplen;
1871 }
1872
1873 pfk->dump.msg_version = hdr->sadb_msg_version;
1874 pfk->dump.msg_portid = hdr->sadb_msg_pid;
1875 pfk->dump.dump = pfkey_dump_sa;
1876 pfk->dump.done = pfkey_dump_sa_done;
1877 xfrm_state_walk_init(&pfk->dump.u.state, proto, filter);
1878 mutex_unlock(&pfk->dump_lock);
1879
1880 return pfkey_do_dump(pfk);
1881}
1882
1883static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1884{
1885 struct pfkey_sock *pfk = pfkey_sk(sk);
1886 int satype = hdr->sadb_msg_satype;
1887 bool reset_errno = false;
1888
1889 if (hdr->sadb_msg_len == (sizeof(*hdr) / sizeof(uint64_t))) {
1890 reset_errno = true;
1891 if (satype != 0 && satype != 1)
1892 return -EINVAL;
1893 pfk->promisc = satype;
1894 }
1895 if (reset_errno && skb_cloned(skb))
1896 skb = skb_copy(skb, GFP_KERNEL);
1897 else
1898 skb = skb_clone(skb, GFP_KERNEL);
1899
1900 if (reset_errno && skb) {
1901 struct sadb_msg *new_hdr = (struct sadb_msg *) skb->data;
1902 new_hdr->sadb_msg_errno = 0;
1903 }
1904
1905 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ALL, NULL, sock_net(sk));
1906 return 0;
1907}
1908
1909static int check_reqid(struct xfrm_policy *xp, int dir, int count, void *ptr)
1910{
1911 int i;
1912 u32 reqid = *(u32*)ptr;
1913
1914 for (i=0; i<xp->xfrm_nr; i++) {
1915 if (xp->xfrm_vec[i].reqid == reqid)
1916 return -EEXIST;
1917 }
1918 return 0;
1919}
1920
1921static u32 gen_reqid(struct net *net)
1922{
1923 struct xfrm_policy_walk walk;
1924 u32 start;
1925 int rc;
1926 static u32 reqid = IPSEC_MANUAL_REQID_MAX;
1927
1928 start = reqid;
1929 do {
1930 ++reqid;
1931 if (reqid == 0)
1932 reqid = IPSEC_MANUAL_REQID_MAX+1;
1933 xfrm_policy_walk_init(&walk, XFRM_POLICY_TYPE_MAIN);
1934 rc = xfrm_policy_walk(net, &walk, check_reqid, (void*)&reqid);
1935 xfrm_policy_walk_done(&walk, net);
1936 if (rc != -EEXIST)
1937 return reqid;
1938 } while (reqid != start);
1939 return 0;
1940}
1941
1942static int
1943parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
1944{
1945 struct net *net = xp_net(xp);
1946 struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr;
1947 int mode;
1948
1949 if (xp->xfrm_nr >= XFRM_MAX_DEPTH)
1950 return -ELOOP;
1951
1952 if (rq->sadb_x_ipsecrequest_mode == 0)
1953 return -EINVAL;
1954 if (!xfrm_id_proto_valid(rq->sadb_x_ipsecrequest_proto))
1955 return -EINVAL;
1956
1957 t->id.proto = rq->sadb_x_ipsecrequest_proto;
1958 if ((mode = pfkey_mode_to_xfrm(rq->sadb_x_ipsecrequest_mode)) < 0)
1959 return -EINVAL;
1960 t->mode = mode;
1961 if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_USE)
1962 t->optional = 1;
1963 else if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_UNIQUE) {
1964 t->reqid = rq->sadb_x_ipsecrequest_reqid;
1965 if (t->reqid > IPSEC_MANUAL_REQID_MAX)
1966 t->reqid = 0;
1967 if (!t->reqid && !(t->reqid = gen_reqid(net)))
1968 return -ENOBUFS;
1969 }
1970
1971 /* addresses present only in tunnel mode */
1972 if (t->mode == XFRM_MODE_TUNNEL) {
1973 int err;
1974
1975 err = parse_sockaddr_pair(
1976 (struct sockaddr *)(rq + 1),
1977 rq->sadb_x_ipsecrequest_len - sizeof(*rq),
1978 &t->saddr, &t->id.daddr, &t->encap_family);
1979 if (err)
1980 return err;
1981 } else
1982 t->encap_family = xp->family;
1983
1984 /* No way to set this via kame pfkey */
1985 t->allalgs = 1;
1986 xp->xfrm_nr++;
1987 return 0;
1988}
1989
1990static int
1991parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol)
1992{
1993 int err;
1994 int len = pol->sadb_x_policy_len*8 - sizeof(struct sadb_x_policy);
1995 struct sadb_x_ipsecrequest *rq = (void*)(pol+1);
1996
1997 if (pol->sadb_x_policy_len * 8 < sizeof(struct sadb_x_policy))
1998 return -EINVAL;
1999
2000 while (len >= sizeof(*rq)) {
2001 if (len < rq->sadb_x_ipsecrequest_len ||
2002 rq->sadb_x_ipsecrequest_len < sizeof(*rq))
2003 return -EINVAL;
2004
2005 if ((err = parse_ipsecrequest(xp, rq)) < 0)
2006 return err;
2007 len -= rq->sadb_x_ipsecrequest_len;
2008 rq = (void*)((u8*)rq + rq->sadb_x_ipsecrequest_len);
2009 }
2010 return 0;
2011}
2012
2013static inline int pfkey_xfrm_policy2sec_ctx_size(const struct xfrm_policy *xp)
2014{
2015 struct xfrm_sec_ctx *xfrm_ctx = xp->security;
2016
2017 if (xfrm_ctx) {
2018 int len = sizeof(struct sadb_x_sec_ctx);
2019 len += xfrm_ctx->ctx_len;
2020 return PFKEY_ALIGN8(len);
2021 }
2022 return 0;
2023}
2024
2025static int pfkey_xfrm_policy2msg_size(const struct xfrm_policy *xp)
2026{
2027 const struct xfrm_tmpl *t;
2028 int sockaddr_size = pfkey_sockaddr_size(xp->family);
2029 int socklen = 0;
2030 int i;
2031
2032 for (i=0; i<xp->xfrm_nr; i++) {
2033 t = xp->xfrm_vec + i;
2034 socklen += pfkey_sockaddr_len(t->encap_family);
2035 }
2036
2037 return sizeof(struct sadb_msg) +
2038 (sizeof(struct sadb_lifetime) * 3) +
2039 (sizeof(struct sadb_address) * 2) +
2040 (sockaddr_size * 2) +
2041 sizeof(struct sadb_x_policy) +
2042 (xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) +
2043 (socklen * 2) +
2044 pfkey_xfrm_policy2sec_ctx_size(xp);
2045}
2046
2047static struct sk_buff * pfkey_xfrm_policy2msg_prep(const struct xfrm_policy *xp)
2048{
2049 struct sk_buff *skb;
2050 int size;
2051
2052 size = pfkey_xfrm_policy2msg_size(xp);
2053
2054 skb = alloc_skb(size + 16, GFP_ATOMIC);
2055 if (skb == NULL)
2056 return ERR_PTR(-ENOBUFS);
2057
2058 return skb;
2059}
2060
2061static int pfkey_xfrm_policy2msg(struct sk_buff *skb, const struct xfrm_policy *xp, int dir)
2062{
2063 struct sadb_msg *hdr;
2064 struct sadb_address *addr;
2065 struct sadb_lifetime *lifetime;
2066 struct sadb_x_policy *pol;
2067 struct sadb_x_sec_ctx *sec_ctx;
2068 struct xfrm_sec_ctx *xfrm_ctx;
2069 int i;
2070 int size;
2071 int sockaddr_size = pfkey_sockaddr_size(xp->family);
2072 int socklen = pfkey_sockaddr_len(xp->family);
2073
2074 size = pfkey_xfrm_policy2msg_size(xp);
2075
2076 /* call should fill header later */
2077 hdr = skb_put(skb, sizeof(struct sadb_msg));
2078 memset(hdr, 0, size); /* XXX do we need this ? */
2079
2080 /* src address */
2081 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
2082 addr->sadb_address_len =
2083 (sizeof(struct sadb_address)+sockaddr_size)/
2084 sizeof(uint64_t);
2085 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
2086 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2087 addr->sadb_address_prefixlen = xp->selector.prefixlen_s;
2088 addr->sadb_address_reserved = 0;
2089 if (!pfkey_sockaddr_fill(&xp->selector.saddr,
2090 xp->selector.sport,
2091 (struct sockaddr *) (addr + 1),
2092 xp->family))
2093 BUG();
2094
2095 /* dst address */
2096 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
2097 addr->sadb_address_len =
2098 (sizeof(struct sadb_address)+sockaddr_size)/
2099 sizeof(uint64_t);
2100 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
2101 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2102 addr->sadb_address_prefixlen = xp->selector.prefixlen_d;
2103 addr->sadb_address_reserved = 0;
2104
2105 pfkey_sockaddr_fill(&xp->selector.daddr, xp->selector.dport,
2106 (struct sockaddr *) (addr + 1),
2107 xp->family);
2108
2109 /* hard time */
2110 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
2111 lifetime->sadb_lifetime_len =
2112 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2113 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2114 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.hard_packet_limit);
2115 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.hard_byte_limit);
2116 lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds;
2117 lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds;
2118 /* soft time */
2119 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
2120 lifetime->sadb_lifetime_len =
2121 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2122 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
2123 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.soft_packet_limit);
2124 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.soft_byte_limit);
2125 lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds;
2126 lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds;
2127 /* current time */
2128 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
2129 lifetime->sadb_lifetime_len =
2130 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2131 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2132 lifetime->sadb_lifetime_allocations = xp->curlft.packets;
2133 lifetime->sadb_lifetime_bytes = xp->curlft.bytes;
2134 lifetime->sadb_lifetime_addtime = xp->curlft.add_time;
2135 lifetime->sadb_lifetime_usetime = xp->curlft.use_time;
2136
2137 pol = skb_put(skb, sizeof(struct sadb_x_policy));
2138 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
2139 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
2140 pol->sadb_x_policy_type = IPSEC_POLICY_DISCARD;
2141 if (xp->action == XFRM_POLICY_ALLOW) {
2142 if (xp->xfrm_nr)
2143 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
2144 else
2145 pol->sadb_x_policy_type = IPSEC_POLICY_NONE;
2146 }
2147 pol->sadb_x_policy_dir = dir+1;
2148 pol->sadb_x_policy_reserved = 0;
2149 pol->sadb_x_policy_id = xp->index;
2150 pol->sadb_x_policy_priority = xp->priority;
2151
2152 for (i=0; i<xp->xfrm_nr; i++) {
2153 const struct xfrm_tmpl *t = xp->xfrm_vec + i;
2154 struct sadb_x_ipsecrequest *rq;
2155 int req_size;
2156 int mode;
2157
2158 req_size = sizeof(struct sadb_x_ipsecrequest);
2159 if (t->mode == XFRM_MODE_TUNNEL) {
2160 socklen = pfkey_sockaddr_len(t->encap_family);
2161 req_size += socklen * 2;
2162 } else {
2163 size -= 2*socklen;
2164 }
2165 rq = skb_put(skb, req_size);
2166 pol->sadb_x_policy_len += req_size/8;
2167 memset(rq, 0, sizeof(*rq));
2168 rq->sadb_x_ipsecrequest_len = req_size;
2169 rq->sadb_x_ipsecrequest_proto = t->id.proto;
2170 if ((mode = pfkey_mode_from_xfrm(t->mode)) < 0)
2171 return -EINVAL;
2172 rq->sadb_x_ipsecrequest_mode = mode;
2173 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE;
2174 if (t->reqid)
2175 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
2176 if (t->optional)
2177 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_USE;
2178 rq->sadb_x_ipsecrequest_reqid = t->reqid;
2179
2180 if (t->mode == XFRM_MODE_TUNNEL) {
2181 u8 *sa = (void *)(rq + 1);
2182 pfkey_sockaddr_fill(&t->saddr, 0,
2183 (struct sockaddr *)sa,
2184 t->encap_family);
2185 pfkey_sockaddr_fill(&t->id.daddr, 0,
2186 (struct sockaddr *) (sa + socklen),
2187 t->encap_family);
2188 }
2189 }
2190
2191 /* security context */
2192 if ((xfrm_ctx = xp->security)) {
2193 int ctx_size = pfkey_xfrm_policy2sec_ctx_size(xp);
2194
2195 sec_ctx = skb_put(skb, ctx_size);
2196 sec_ctx->sadb_x_sec_len = ctx_size / sizeof(uint64_t);
2197 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
2198 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
2199 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
2200 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
2201 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
2202 xfrm_ctx->ctx_len);
2203 }
2204
2205 hdr->sadb_msg_len = size / sizeof(uint64_t);
2206 hdr->sadb_msg_reserved = refcount_read(&xp->refcnt);
2207
2208 return 0;
2209}
2210
2211static int key_notify_policy(struct xfrm_policy *xp, int dir, const struct km_event *c)
2212{
2213 struct sk_buff *out_skb;
2214 struct sadb_msg *out_hdr;
2215 int err;
2216
2217 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2218 if (IS_ERR(out_skb))
2219 return PTR_ERR(out_skb);
2220
2221 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2222 if (err < 0) {
2223 kfree_skb(out_skb);
2224 return err;
2225 }
2226
2227 out_hdr = (struct sadb_msg *) out_skb->data;
2228 out_hdr->sadb_msg_version = PF_KEY_V2;
2229
2230 if (c->data.byid && c->event == XFRM_MSG_DELPOLICY)
2231 out_hdr->sadb_msg_type = SADB_X_SPDDELETE2;
2232 else
2233 out_hdr->sadb_msg_type = event2poltype(c->event);
2234 out_hdr->sadb_msg_errno = 0;
2235 out_hdr->sadb_msg_seq = c->seq;
2236 out_hdr->sadb_msg_pid = c->portid;
2237 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp));
2238 return 0;
2239
2240}
2241
2242static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2243{
2244 struct net *net = sock_net(sk);
2245 int err = 0;
2246 struct sadb_lifetime *lifetime;
2247 struct sadb_address *sa;
2248 struct sadb_x_policy *pol;
2249 struct xfrm_policy *xp;
2250 struct km_event c;
2251 struct sadb_x_sec_ctx *sec_ctx;
2252
2253 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2254 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
2255 !ext_hdrs[SADB_X_EXT_POLICY-1])
2256 return -EINVAL;
2257
2258 pol = ext_hdrs[SADB_X_EXT_POLICY-1];
2259 if (pol->sadb_x_policy_type > IPSEC_POLICY_IPSEC)
2260 return -EINVAL;
2261 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2262 return -EINVAL;
2263
2264 xp = xfrm_policy_alloc(net, GFP_KERNEL);
2265 if (xp == NULL)
2266 return -ENOBUFS;
2267
2268 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
2269 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
2270 xp->priority = pol->sadb_x_policy_priority;
2271
2272 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
2273 xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
2274 xp->selector.family = xp->family;
2275 xp->selector.prefixlen_s = sa->sadb_address_prefixlen;
2276 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2277 xp->selector.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2278 if (xp->selector.sport)
2279 xp->selector.sport_mask = htons(0xffff);
2280
2281 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
2282 pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr);
2283 xp->selector.prefixlen_d = sa->sadb_address_prefixlen;
2284
2285 /* Amusing, we set this twice. KAME apps appear to set same value
2286 * in both addresses.
2287 */
2288 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2289
2290 xp->selector.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2291 if (xp->selector.dport)
2292 xp->selector.dport_mask = htons(0xffff);
2293
2294 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
2295 if (sec_ctx != NULL) {
2296 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
2297
2298 if (!uctx) {
2299 err = -ENOBUFS;
2300 goto out;
2301 }
2302
2303 err = security_xfrm_policy_alloc(&xp->security, uctx, GFP_KERNEL);
2304 kfree(uctx);
2305
2306 if (err)
2307 goto out;
2308 }
2309
2310 xp->lft.soft_byte_limit = XFRM_INF;
2311 xp->lft.hard_byte_limit = XFRM_INF;
2312 xp->lft.soft_packet_limit = XFRM_INF;
2313 xp->lft.hard_packet_limit = XFRM_INF;
2314 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD-1]) != NULL) {
2315 xp->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2316 xp->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2317 xp->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2318 xp->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2319 }
2320 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]) != NULL) {
2321 xp->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2322 xp->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2323 xp->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2324 xp->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2325 }
2326 xp->xfrm_nr = 0;
2327 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
2328 (err = parse_ipsecrequests(xp, pol)) < 0)
2329 goto out;
2330
2331 err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp,
2332 hdr->sadb_msg_type != SADB_X_SPDUPDATE);
2333
2334 xfrm_audit_policy_add(xp, err ? 0 : 1, true);
2335
2336 if (err)
2337 goto out;
2338
2339 if (hdr->sadb_msg_type == SADB_X_SPDUPDATE)
2340 c.event = XFRM_MSG_UPDPOLICY;
2341 else
2342 c.event = XFRM_MSG_NEWPOLICY;
2343
2344 c.seq = hdr->sadb_msg_seq;
2345 c.portid = hdr->sadb_msg_pid;
2346
2347 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2348 xfrm_pol_put(xp);
2349 return 0;
2350
2351out:
2352 xp->walk.dead = 1;
2353 xfrm_policy_destroy(xp);
2354 return err;
2355}
2356
2357static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2358{
2359 struct net *net = sock_net(sk);
2360 int err;
2361 struct sadb_address *sa;
2362 struct sadb_x_policy *pol;
2363 struct xfrm_policy *xp;
2364 struct xfrm_selector sel;
2365 struct km_event c;
2366 struct sadb_x_sec_ctx *sec_ctx;
2367 struct xfrm_sec_ctx *pol_ctx = NULL;
2368
2369 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2370 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
2371 !ext_hdrs[SADB_X_EXT_POLICY-1])
2372 return -EINVAL;
2373
2374 pol = ext_hdrs[SADB_X_EXT_POLICY-1];
2375 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2376 return -EINVAL;
2377
2378 memset(&sel, 0, sizeof(sel));
2379
2380 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
2381 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2382 sel.prefixlen_s = sa->sadb_address_prefixlen;
2383 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2384 sel.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2385 if (sel.sport)
2386 sel.sport_mask = htons(0xffff);
2387
2388 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
2389 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2390 sel.prefixlen_d = sa->sadb_address_prefixlen;
2391 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2392 sel.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2393 if (sel.dport)
2394 sel.dport_mask = htons(0xffff);
2395
2396 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
2397 if (sec_ctx != NULL) {
2398 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
2399
2400 if (!uctx)
2401 return -ENOMEM;
2402
2403 err = security_xfrm_policy_alloc(&pol_ctx, uctx, GFP_KERNEL);
2404 kfree(uctx);
2405 if (err)
2406 return err;
2407 }
2408
2409 xp = xfrm_policy_bysel_ctx(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN,
2410 pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
2411 1, &err);
2412 security_xfrm_policy_free(pol_ctx);
2413 if (xp == NULL)
2414 return -ENOENT;
2415
2416 xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
2417
2418 if (err)
2419 goto out;
2420
2421 c.seq = hdr->sadb_msg_seq;
2422 c.portid = hdr->sadb_msg_pid;
2423 c.data.byid = 0;
2424 c.event = XFRM_MSG_DELPOLICY;
2425 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2426
2427out:
2428 xfrm_pol_put(xp);
2429 return err;
2430}
2431
2432static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, const struct sadb_msg *hdr, int dir)
2433{
2434 int err;
2435 struct sk_buff *out_skb;
2436 struct sadb_msg *out_hdr;
2437 err = 0;
2438
2439 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2440 if (IS_ERR(out_skb)) {
2441 err = PTR_ERR(out_skb);
2442 goto out;
2443 }
2444 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2445 if (err < 0) {
2446 kfree_skb(out_skb);
2447 goto out;
2448 }
2449
2450 out_hdr = (struct sadb_msg *) out_skb->data;
2451 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
2452 out_hdr->sadb_msg_type = hdr->sadb_msg_type;
2453 out_hdr->sadb_msg_satype = 0;
2454 out_hdr->sadb_msg_errno = 0;
2455 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
2456 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
2457 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, xp_net(xp));
2458 err = 0;
2459
2460out:
2461 return err;
2462}
2463
2464static int pfkey_sockaddr_pair_size(sa_family_t family)
2465{
2466 return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2);
2467}
2468
2469static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
2470 xfrm_address_t *saddr, xfrm_address_t *daddr,
2471 u16 *family)
2472{
2473 int af, socklen;
2474
2475 if (ext_len < 2 || ext_len < pfkey_sockaddr_pair_size(sa->sa_family))
2476 return -EINVAL;
2477
2478 af = pfkey_sockaddr_extract(sa, saddr);
2479 if (!af)
2480 return -EINVAL;
2481
2482 socklen = pfkey_sockaddr_len(af);
2483 if (pfkey_sockaddr_extract((struct sockaddr *) (((u8 *)sa) + socklen),
2484 daddr) != af)
2485 return -EINVAL;
2486
2487 *family = af;
2488 return 0;
2489}
2490
2491#ifdef CONFIG_NET_KEY_MIGRATE
2492static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
2493 struct xfrm_migrate *m)
2494{
2495 int err;
2496 struct sadb_x_ipsecrequest *rq2;
2497 int mode;
2498
2499 if (len < sizeof(*rq1) ||
2500 len < rq1->sadb_x_ipsecrequest_len ||
2501 rq1->sadb_x_ipsecrequest_len < sizeof(*rq1))
2502 return -EINVAL;
2503
2504 /* old endoints */
2505 err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1),
2506 rq1->sadb_x_ipsecrequest_len - sizeof(*rq1),
2507 &m->old_saddr, &m->old_daddr,
2508 &m->old_family);
2509 if (err)
2510 return err;
2511
2512 rq2 = (struct sadb_x_ipsecrequest *)((u8 *)rq1 + rq1->sadb_x_ipsecrequest_len);
2513 len -= rq1->sadb_x_ipsecrequest_len;
2514
2515 if (len <= sizeof(*rq2) ||
2516 len < rq2->sadb_x_ipsecrequest_len ||
2517 rq2->sadb_x_ipsecrequest_len < sizeof(*rq2))
2518 return -EINVAL;
2519
2520 /* new endpoints */
2521 err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1),
2522 rq2->sadb_x_ipsecrequest_len - sizeof(*rq2),
2523 &m->new_saddr, &m->new_daddr,
2524 &m->new_family);
2525 if (err)
2526 return err;
2527
2528 if (rq1->sadb_x_ipsecrequest_proto != rq2->sadb_x_ipsecrequest_proto ||
2529 rq1->sadb_x_ipsecrequest_mode != rq2->sadb_x_ipsecrequest_mode ||
2530 rq1->sadb_x_ipsecrequest_reqid != rq2->sadb_x_ipsecrequest_reqid)
2531 return -EINVAL;
2532
2533 m->proto = rq1->sadb_x_ipsecrequest_proto;
2534 if ((mode = pfkey_mode_to_xfrm(rq1->sadb_x_ipsecrequest_mode)) < 0)
2535 return -EINVAL;
2536 m->mode = mode;
2537 m->reqid = rq1->sadb_x_ipsecrequest_reqid;
2538
2539 return ((int)(rq1->sadb_x_ipsecrequest_len +
2540 rq2->sadb_x_ipsecrequest_len));
2541}
2542
2543static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2544 const struct sadb_msg *hdr, void * const *ext_hdrs)
2545{
2546 int i, len, ret, err = -EINVAL;
2547 u8 dir;
2548 struct sadb_address *sa;
2549 struct sadb_x_kmaddress *kma;
2550 struct sadb_x_policy *pol;
2551 struct sadb_x_ipsecrequest *rq;
2552 struct xfrm_selector sel;
2553 struct xfrm_migrate m[XFRM_MAX_DEPTH];
2554 struct xfrm_kmaddress k;
2555 struct net *net = sock_net(sk);
2556
2557 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1],
2558 ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) ||
2559 !ext_hdrs[SADB_X_EXT_POLICY - 1]) {
2560 err = -EINVAL;
2561 goto out;
2562 }
2563
2564 kma = ext_hdrs[SADB_X_EXT_KMADDRESS - 1];
2565 pol = ext_hdrs[SADB_X_EXT_POLICY - 1];
2566
2567 if (pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) {
2568 err = -EINVAL;
2569 goto out;
2570 }
2571
2572 if (kma) {
2573 /* convert sadb_x_kmaddress to xfrm_kmaddress */
2574 k.reserved = kma->sadb_x_kmaddress_reserved;
2575 ret = parse_sockaddr_pair((struct sockaddr *)(kma + 1),
2576 8*(kma->sadb_x_kmaddress_len) - sizeof(*kma),
2577 &k.local, &k.remote, &k.family);
2578 if (ret < 0) {
2579 err = ret;
2580 goto out;
2581 }
2582 }
2583
2584 dir = pol->sadb_x_policy_dir - 1;
2585 memset(&sel, 0, sizeof(sel));
2586
2587 /* set source address info of selector */
2588 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC - 1];
2589 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2590 sel.prefixlen_s = sa->sadb_address_prefixlen;
2591 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2592 sel.sport = ((struct sockaddr_in *)(sa + 1))->sin_port;
2593 if (sel.sport)
2594 sel.sport_mask = htons(0xffff);
2595
2596 /* set destination address info of selector */
2597 sa = ext_hdrs[SADB_EXT_ADDRESS_DST - 1];
2598 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2599 sel.prefixlen_d = sa->sadb_address_prefixlen;
2600 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2601 sel.dport = ((struct sockaddr_in *)(sa + 1))->sin_port;
2602 if (sel.dport)
2603 sel.dport_mask = htons(0xffff);
2604
2605 rq = (struct sadb_x_ipsecrequest *)(pol + 1);
2606
2607 /* extract ipsecrequests */
2608 i = 0;
2609 len = pol->sadb_x_policy_len * 8 - sizeof(struct sadb_x_policy);
2610
2611 while (len > 0 && i < XFRM_MAX_DEPTH) {
2612 ret = ipsecrequests_to_migrate(rq, len, &m[i]);
2613 if (ret < 0) {
2614 err = ret;
2615 goto out;
2616 } else {
2617 rq = (struct sadb_x_ipsecrequest *)((u8 *)rq + ret);
2618 len -= ret;
2619 i++;
2620 }
2621 }
2622
2623 if (!i || len > 0) {
2624 err = -EINVAL;
2625 goto out;
2626 }
2627
2628 return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,
2629 kma ? &k : NULL, net, NULL, 0, NULL);
2630
2631 out:
2632 return err;
2633}
2634#else
2635static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2636 const struct sadb_msg *hdr, void * const *ext_hdrs)
2637{
2638 return -ENOPROTOOPT;
2639}
2640#endif
2641
2642
2643static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2644{
2645 struct net *net = sock_net(sk);
2646 unsigned int dir;
2647 int err = 0, delete;
2648 struct sadb_x_policy *pol;
2649 struct xfrm_policy *xp;
2650 struct km_event c;
2651
2652 if ((pol = ext_hdrs[SADB_X_EXT_POLICY-1]) == NULL)
2653 return -EINVAL;
2654
2655 dir = xfrm_policy_id2dir(pol->sadb_x_policy_id);
2656 if (dir >= XFRM_POLICY_MAX)
2657 return -EINVAL;
2658
2659 delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
2660 xp = xfrm_policy_byid(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN,
2661 dir, pol->sadb_x_policy_id, delete, &err);
2662 if (xp == NULL)
2663 return -ENOENT;
2664
2665 if (delete) {
2666 xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
2667
2668 if (err)
2669 goto out;
2670 c.seq = hdr->sadb_msg_seq;
2671 c.portid = hdr->sadb_msg_pid;
2672 c.data.byid = 1;
2673 c.event = XFRM_MSG_DELPOLICY;
2674 km_policy_notify(xp, dir, &c);
2675 } else {
2676 err = key_pol_get_resp(sk, xp, hdr, dir);
2677 }
2678
2679out:
2680 xfrm_pol_put(xp);
2681 return err;
2682}
2683
2684static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr)
2685{
2686 struct pfkey_sock *pfk = ptr;
2687 struct sk_buff *out_skb;
2688 struct sadb_msg *out_hdr;
2689 int err;
2690
2691 if (!pfkey_can_dump(&pfk->sk))
2692 return -ENOBUFS;
2693
2694 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2695 if (IS_ERR(out_skb))
2696 return PTR_ERR(out_skb);
2697
2698 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2699 if (err < 0) {
2700 kfree_skb(out_skb);
2701 return err;
2702 }
2703
2704 out_hdr = (struct sadb_msg *) out_skb->data;
2705 out_hdr->sadb_msg_version = pfk->dump.msg_version;
2706 out_hdr->sadb_msg_type = SADB_X_SPDDUMP;
2707 out_hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
2708 out_hdr->sadb_msg_errno = 0;
2709 out_hdr->sadb_msg_seq = count + 1;
2710 out_hdr->sadb_msg_pid = pfk->dump.msg_portid;
2711
2712 if (pfk->dump.skb)
2713 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
2714 &pfk->sk, sock_net(&pfk->sk));
2715 pfk->dump.skb = out_skb;
2716
2717 return 0;
2718}
2719
2720static int pfkey_dump_sp(struct pfkey_sock *pfk)
2721{
2722 struct net *net = sock_net(&pfk->sk);
2723 return xfrm_policy_walk(net, &pfk->dump.u.policy, dump_sp, (void *) pfk);
2724}
2725
2726static void pfkey_dump_sp_done(struct pfkey_sock *pfk)
2727{
2728 struct net *net = sock_net((struct sock *)pfk);
2729
2730 xfrm_policy_walk_done(&pfk->dump.u.policy, net);
2731}
2732
2733static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2734{
2735 struct pfkey_sock *pfk = pfkey_sk(sk);
2736
2737 mutex_lock(&pfk->dump_lock);
2738 if (pfk->dump.dump != NULL) {
2739 mutex_unlock(&pfk->dump_lock);
2740 return -EBUSY;
2741 }
2742
2743 pfk->dump.msg_version = hdr->sadb_msg_version;
2744 pfk->dump.msg_portid = hdr->sadb_msg_pid;
2745 pfk->dump.dump = pfkey_dump_sp;
2746 pfk->dump.done = pfkey_dump_sp_done;
2747 xfrm_policy_walk_init(&pfk->dump.u.policy, XFRM_POLICY_TYPE_MAIN);
2748 mutex_unlock(&pfk->dump_lock);
2749
2750 return pfkey_do_dump(pfk);
2751}
2752
2753static int key_notify_policy_flush(const struct km_event *c)
2754{
2755 struct sk_buff *skb_out;
2756 struct sadb_msg *hdr;
2757
2758 skb_out = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
2759 if (!skb_out)
2760 return -ENOBUFS;
2761 hdr = skb_put(skb_out, sizeof(struct sadb_msg));
2762 hdr->sadb_msg_type = SADB_X_SPDFLUSH;
2763 hdr->sadb_msg_seq = c->seq;
2764 hdr->sadb_msg_pid = c->portid;
2765 hdr->sadb_msg_version = PF_KEY_V2;
2766 hdr->sadb_msg_errno = (uint8_t) 0;
2767 hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
2768 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
2769 hdr->sadb_msg_reserved = 0;
2770 pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
2771 return 0;
2772
2773}
2774
2775static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2776{
2777 struct net *net = sock_net(sk);
2778 struct km_event c;
2779 int err, err2;
2780
2781 err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, true);
2782 err2 = unicast_flush_resp(sk, hdr);
2783 if (err || err2) {
2784 if (err == -ESRCH) /* empty table - old silent behavior */
2785 return 0;
2786 return err;
2787 }
2788
2789 c.data.type = XFRM_POLICY_TYPE_MAIN;
2790 c.event = XFRM_MSG_FLUSHPOLICY;
2791 c.portid = hdr->sadb_msg_pid;
2792 c.seq = hdr->sadb_msg_seq;
2793 c.net = net;
2794 km_policy_notify(NULL, 0, &c);
2795
2796 return 0;
2797}
2798
2799typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb,
2800 const struct sadb_msg *hdr, void * const *ext_hdrs);
2801static const pfkey_handler pfkey_funcs[SADB_MAX + 1] = {
2802 [SADB_RESERVED] = pfkey_reserved,
2803 [SADB_GETSPI] = pfkey_getspi,
2804 [SADB_UPDATE] = pfkey_add,
2805 [SADB_ADD] = pfkey_add,
2806 [SADB_DELETE] = pfkey_delete,
2807 [SADB_GET] = pfkey_get,
2808 [SADB_ACQUIRE] = pfkey_acquire,
2809 [SADB_REGISTER] = pfkey_register,
2810 [SADB_EXPIRE] = NULL,
2811 [SADB_FLUSH] = pfkey_flush,
2812 [SADB_DUMP] = pfkey_dump,
2813 [SADB_X_PROMISC] = pfkey_promisc,
2814 [SADB_X_PCHANGE] = NULL,
2815 [SADB_X_SPDUPDATE] = pfkey_spdadd,
2816 [SADB_X_SPDADD] = pfkey_spdadd,
2817 [SADB_X_SPDDELETE] = pfkey_spddelete,
2818 [SADB_X_SPDGET] = pfkey_spdget,
2819 [SADB_X_SPDACQUIRE] = NULL,
2820 [SADB_X_SPDDUMP] = pfkey_spddump,
2821 [SADB_X_SPDFLUSH] = pfkey_spdflush,
2822 [SADB_X_SPDSETIDX] = pfkey_spdadd,
2823 [SADB_X_SPDDELETE2] = pfkey_spdget,
2824 [SADB_X_MIGRATE] = pfkey_migrate,
2825};
2826
2827static int pfkey_process(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr)
2828{
2829 void *ext_hdrs[SADB_EXT_MAX];
2830 int err;
2831
2832 /* Non-zero return value of pfkey_broadcast() does not always signal
2833 * an error and even on an actual error we may still want to process
2834 * the message so rather ignore the return value.
2835 */
2836 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL,
2837 BROADCAST_PROMISC_ONLY, NULL, sock_net(sk));
2838
2839 memset(ext_hdrs, 0, sizeof(ext_hdrs));
2840 err = parse_exthdrs(skb, hdr, ext_hdrs);
2841 if (!err) {
2842 err = -EOPNOTSUPP;
2843 if (pfkey_funcs[hdr->sadb_msg_type])
2844 err = pfkey_funcs[hdr->sadb_msg_type](sk, skb, hdr, ext_hdrs);
2845 }
2846 return err;
2847}
2848
2849static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp)
2850{
2851 struct sadb_msg *hdr = NULL;
2852
2853 if (skb->len < sizeof(*hdr)) {
2854 *errp = -EMSGSIZE;
2855 } else {
2856 hdr = (struct sadb_msg *) skb->data;
2857 if (hdr->sadb_msg_version != PF_KEY_V2 ||
2858 hdr->sadb_msg_reserved != 0 ||
2859 (hdr->sadb_msg_type <= SADB_RESERVED ||
2860 hdr->sadb_msg_type > SADB_MAX)) {
2861 hdr = NULL;
2862 *errp = -EINVAL;
2863 } else if (hdr->sadb_msg_len != (skb->len /
2864 sizeof(uint64_t)) ||
2865 hdr->sadb_msg_len < (sizeof(struct sadb_msg) /
2866 sizeof(uint64_t))) {
2867 hdr = NULL;
2868 *errp = -EMSGSIZE;
2869 } else {
2870 *errp = 0;
2871 }
2872 }
2873 return hdr;
2874}
2875
2876static inline int aalg_tmpl_set(const struct xfrm_tmpl *t,
2877 const struct xfrm_algo_desc *d)
2878{
2879 unsigned int id = d->desc.sadb_alg_id;
2880
2881 if (id >= sizeof(t->aalgos) * 8)
2882 return 0;
2883
2884 return (t->aalgos >> id) & 1;
2885}
2886
2887static inline int ealg_tmpl_set(const struct xfrm_tmpl *t,
2888 const struct xfrm_algo_desc *d)
2889{
2890 unsigned int id = d->desc.sadb_alg_id;
2891
2892 if (id >= sizeof(t->ealgos) * 8)
2893 return 0;
2894
2895 return (t->ealgos >> id) & 1;
2896}
2897
2898static int count_ah_combs(const struct xfrm_tmpl *t)
2899{
2900 int i, sz = 0;
2901
2902 for (i = 0; ; i++) {
2903 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2904 if (!aalg)
2905 break;
2906 if (!aalg->pfkey_supported)
2907 continue;
2908 if (aalg_tmpl_set(t, aalg))
2909 sz += sizeof(struct sadb_comb);
2910 }
2911 return sz + sizeof(struct sadb_prop);
2912}
2913
2914static int count_esp_combs(const struct xfrm_tmpl *t)
2915{
2916 int i, k, sz = 0;
2917
2918 for (i = 0; ; i++) {
2919 const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2920 if (!ealg)
2921 break;
2922
2923 if (!ealg->pfkey_supported)
2924 continue;
2925
2926 if (!(ealg_tmpl_set(t, ealg)))
2927 continue;
2928
2929 for (k = 1; ; k++) {
2930 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
2931 if (!aalg)
2932 break;
2933
2934 if (!aalg->pfkey_supported)
2935 continue;
2936
2937 if (aalg_tmpl_set(t, aalg))
2938 sz += sizeof(struct sadb_comb);
2939 }
2940 }
2941 return sz + sizeof(struct sadb_prop);
2942}
2943
2944static int dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
2945{
2946 struct sadb_prop *p;
2947 int sz = 0;
2948 int i;
2949
2950 p = skb_put(skb, sizeof(struct sadb_prop));
2951 p->sadb_prop_len = sizeof(struct sadb_prop)/8;
2952 p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
2953 p->sadb_prop_replay = 32;
2954 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2955
2956 for (i = 0; ; i++) {
2957 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2958 if (!aalg)
2959 break;
2960
2961 if (!aalg->pfkey_supported)
2962 continue;
2963
2964 if (aalg_tmpl_set(t, aalg) && aalg->available) {
2965 struct sadb_comb *c;
2966 c = skb_put_zero(skb, sizeof(struct sadb_comb));
2967 p->sadb_prop_len += sizeof(struct sadb_comb)/8;
2968 c->sadb_comb_auth = aalg->desc.sadb_alg_id;
2969 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
2970 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
2971 c->sadb_comb_hard_addtime = 24*60*60;
2972 c->sadb_comb_soft_addtime = 20*60*60;
2973 c->sadb_comb_hard_usetime = 8*60*60;
2974 c->sadb_comb_soft_usetime = 7*60*60;
2975 sz += sizeof(*c);
2976 }
2977 }
2978
2979 return sz + sizeof(*p);
2980}
2981
2982static int dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
2983{
2984 struct sadb_prop *p;
2985 int sz = 0;
2986 int i, k;
2987
2988 p = skb_put(skb, sizeof(struct sadb_prop));
2989 p->sadb_prop_len = sizeof(struct sadb_prop)/8;
2990 p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
2991 p->sadb_prop_replay = 32;
2992 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2993
2994 for (i=0; ; i++) {
2995 const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2996 if (!ealg)
2997 break;
2998
2999 if (!ealg->pfkey_supported)
3000 continue;
3001
3002 if (!(ealg_tmpl_set(t, ealg) && ealg->available))
3003 continue;
3004
3005 for (k = 1; ; k++) {
3006 struct sadb_comb *c;
3007 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
3008 if (!aalg)
3009 break;
3010 if (!aalg->pfkey_supported)
3011 continue;
3012 if (!(aalg_tmpl_set(t, aalg) && aalg->available))
3013 continue;
3014 c = skb_put(skb, sizeof(struct sadb_comb));
3015 memset(c, 0, sizeof(*c));
3016 p->sadb_prop_len += sizeof(struct sadb_comb)/8;
3017 c->sadb_comb_auth = aalg->desc.sadb_alg_id;
3018 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
3019 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
3020 c->sadb_comb_encrypt = ealg->desc.sadb_alg_id;
3021 c->sadb_comb_encrypt_minbits = ealg->desc.sadb_alg_minbits;
3022 c->sadb_comb_encrypt_maxbits = ealg->desc.sadb_alg_maxbits;
3023 c->sadb_comb_hard_addtime = 24*60*60;
3024 c->sadb_comb_soft_addtime = 20*60*60;
3025 c->sadb_comb_hard_usetime = 8*60*60;
3026 c->sadb_comb_soft_usetime = 7*60*60;
3027 sz += sizeof(*c);
3028 }
3029 }
3030
3031 return sz + sizeof(*p);
3032}
3033
3034static int key_notify_policy_expire(struct xfrm_policy *xp, const struct km_event *c)
3035{
3036 return 0;
3037}
3038
3039static int key_notify_sa_expire(struct xfrm_state *x, const struct km_event *c)
3040{
3041 struct sk_buff *out_skb;
3042 struct sadb_msg *out_hdr;
3043 int hard;
3044 int hsc;
3045
3046 hard = c->data.hard;
3047 if (hard)
3048 hsc = 2;
3049 else
3050 hsc = 1;
3051
3052 out_skb = pfkey_xfrm_state2msg_expire(x, hsc);
3053 if (IS_ERR(out_skb))
3054 return PTR_ERR(out_skb);
3055
3056 out_hdr = (struct sadb_msg *) out_skb->data;
3057 out_hdr->sadb_msg_version = PF_KEY_V2;
3058 out_hdr->sadb_msg_type = SADB_EXPIRE;
3059 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
3060 out_hdr->sadb_msg_errno = 0;
3061 out_hdr->sadb_msg_reserved = 0;
3062 out_hdr->sadb_msg_seq = 0;
3063 out_hdr->sadb_msg_pid = 0;
3064
3065 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3066 xs_net(x));
3067 return 0;
3068}
3069
3070static int pfkey_send_notify(struct xfrm_state *x, const struct km_event *c)
3071{
3072 struct net *net = x ? xs_net(x) : c->net;
3073 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3074
3075 if (atomic_read(&net_pfkey->socks_nr) == 0)
3076 return 0;
3077
3078 switch (c->event) {
3079 case XFRM_MSG_EXPIRE:
3080 return key_notify_sa_expire(x, c);
3081 case XFRM_MSG_DELSA:
3082 case XFRM_MSG_NEWSA:
3083 case XFRM_MSG_UPDSA:
3084 return key_notify_sa(x, c);
3085 case XFRM_MSG_FLUSHSA:
3086 return key_notify_sa_flush(c);
3087 case XFRM_MSG_NEWAE: /* not yet supported */
3088 break;
3089 default:
3090 pr_err("pfkey: Unknown SA event %d\n", c->event);
3091 break;
3092 }
3093
3094 return 0;
3095}
3096
3097static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
3098{
3099 if (xp && xp->type != XFRM_POLICY_TYPE_MAIN)
3100 return 0;
3101
3102 switch (c->event) {
3103 case XFRM_MSG_POLEXPIRE:
3104 return key_notify_policy_expire(xp, c);
3105 case XFRM_MSG_DELPOLICY:
3106 case XFRM_MSG_NEWPOLICY:
3107 case XFRM_MSG_UPDPOLICY:
3108 return key_notify_policy(xp, dir, c);
3109 case XFRM_MSG_FLUSHPOLICY:
3110 if (c->data.type != XFRM_POLICY_TYPE_MAIN)
3111 break;
3112 return key_notify_policy_flush(c);
3113 default:
3114 pr_err("pfkey: Unknown policy event %d\n", c->event);
3115 break;
3116 }
3117
3118 return 0;
3119}
3120
3121static u32 get_acqseq(void)
3122{
3123 u32 res;
3124 static atomic_t acqseq;
3125
3126 do {
3127 res = atomic_inc_return(&acqseq);
3128 } while (!res);
3129 return res;
3130}
3131
3132static bool pfkey_is_alive(const struct km_event *c)
3133{
3134 struct netns_pfkey *net_pfkey = net_generic(c->net, pfkey_net_id);
3135 struct sock *sk;
3136 bool is_alive = false;
3137
3138 rcu_read_lock();
3139 sk_for_each_rcu(sk, &net_pfkey->table) {
3140 if (pfkey_sk(sk)->registered) {
3141 is_alive = true;
3142 break;
3143 }
3144 }
3145 rcu_read_unlock();
3146
3147 return is_alive;
3148}
3149
3150static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp)
3151{
3152 struct sk_buff *skb;
3153 struct sadb_msg *hdr;
3154 struct sadb_address *addr;
3155 struct sadb_x_policy *pol;
3156 int sockaddr_size;
3157 int size;
3158 struct sadb_x_sec_ctx *sec_ctx;
3159 struct xfrm_sec_ctx *xfrm_ctx;
3160 int ctx_size = 0;
3161 int alg_size = 0;
3162
3163 sockaddr_size = pfkey_sockaddr_size(x->props.family);
3164 if (!sockaddr_size)
3165 return -EINVAL;
3166
3167 size = sizeof(struct sadb_msg) +
3168 (sizeof(struct sadb_address) * 2) +
3169 (sockaddr_size * 2) +
3170 sizeof(struct sadb_x_policy);
3171
3172 if (x->id.proto == IPPROTO_AH)
3173 alg_size = count_ah_combs(t);
3174 else if (x->id.proto == IPPROTO_ESP)
3175 alg_size = count_esp_combs(t);
3176
3177 if ((xfrm_ctx = x->security)) {
3178 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
3179 size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
3180 }
3181
3182 skb = alloc_skb(size + alg_size + 16, GFP_ATOMIC);
3183 if (skb == NULL)
3184 return -ENOMEM;
3185
3186 hdr = skb_put(skb, sizeof(struct sadb_msg));
3187 hdr->sadb_msg_version = PF_KEY_V2;
3188 hdr->sadb_msg_type = SADB_ACQUIRE;
3189 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
3190 hdr->sadb_msg_len = size / sizeof(uint64_t);
3191 hdr->sadb_msg_errno = 0;
3192 hdr->sadb_msg_reserved = 0;
3193 hdr->sadb_msg_seq = x->km.seq = get_acqseq();
3194 hdr->sadb_msg_pid = 0;
3195
3196 /* src address */
3197 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3198 addr->sadb_address_len =
3199 (sizeof(struct sadb_address)+sockaddr_size)/
3200 sizeof(uint64_t);
3201 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3202 addr->sadb_address_proto = 0;
3203 addr->sadb_address_reserved = 0;
3204 addr->sadb_address_prefixlen =
3205 pfkey_sockaddr_fill(&x->props.saddr, 0,
3206 (struct sockaddr *) (addr + 1),
3207 x->props.family);
3208 if (!addr->sadb_address_prefixlen)
3209 BUG();
3210
3211 /* dst address */
3212 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3213 addr->sadb_address_len =
3214 (sizeof(struct sadb_address)+sockaddr_size)/
3215 sizeof(uint64_t);
3216 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3217 addr->sadb_address_proto = 0;
3218 addr->sadb_address_reserved = 0;
3219 addr->sadb_address_prefixlen =
3220 pfkey_sockaddr_fill(&x->id.daddr, 0,
3221 (struct sockaddr *) (addr + 1),
3222 x->props.family);
3223 if (!addr->sadb_address_prefixlen)
3224 BUG();
3225
3226 pol = skb_put(skb, sizeof(struct sadb_x_policy));
3227 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
3228 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3229 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
3230 pol->sadb_x_policy_dir = XFRM_POLICY_OUT + 1;
3231 pol->sadb_x_policy_reserved = 0;
3232 pol->sadb_x_policy_id = xp->index;
3233 pol->sadb_x_policy_priority = xp->priority;
3234
3235 /* Set sadb_comb's. */
3236 alg_size = 0;
3237 if (x->id.proto == IPPROTO_AH)
3238 alg_size = dump_ah_combs(skb, t);
3239 else if (x->id.proto == IPPROTO_ESP)
3240 alg_size = dump_esp_combs(skb, t);
3241
3242 hdr->sadb_msg_len += alg_size / 8;
3243
3244 /* security context */
3245 if (xfrm_ctx) {
3246 sec_ctx = skb_put(skb,
3247 sizeof(struct sadb_x_sec_ctx) + ctx_size);
3248 sec_ctx->sadb_x_sec_len =
3249 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
3250 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
3251 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
3252 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
3253 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
3254 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
3255 xfrm_ctx->ctx_len);
3256 }
3257
3258 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3259 xs_net(x));
3260}
3261
3262static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
3263 u8 *data, int len, int *dir)
3264{
3265 struct net *net = sock_net(sk);
3266 struct xfrm_policy *xp;
3267 struct sadb_x_policy *pol = (struct sadb_x_policy*)data;
3268 struct sadb_x_sec_ctx *sec_ctx;
3269
3270 switch (sk->sk_family) {
3271 case AF_INET:
3272 if (opt != IP_IPSEC_POLICY) {
3273 *dir = -EOPNOTSUPP;
3274 return NULL;
3275 }
3276 break;
3277#if IS_ENABLED(CONFIG_IPV6)
3278 case AF_INET6:
3279 if (opt != IPV6_IPSEC_POLICY) {
3280 *dir = -EOPNOTSUPP;
3281 return NULL;
3282 }
3283 break;
3284#endif
3285 default:
3286 *dir = -EINVAL;
3287 return NULL;
3288 }
3289
3290 *dir = -EINVAL;
3291
3292 if (len < sizeof(struct sadb_x_policy) ||
3293 pol->sadb_x_policy_len*8 > len ||
3294 pol->sadb_x_policy_type > IPSEC_POLICY_BYPASS ||
3295 (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir > IPSEC_DIR_OUTBOUND))
3296 return NULL;
3297
3298 xp = xfrm_policy_alloc(net, GFP_ATOMIC);
3299 if (xp == NULL) {
3300 *dir = -ENOBUFS;
3301 return NULL;
3302 }
3303
3304 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
3305 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
3306
3307 xp->lft.soft_byte_limit = XFRM_INF;
3308 xp->lft.hard_byte_limit = XFRM_INF;
3309 xp->lft.soft_packet_limit = XFRM_INF;
3310 xp->lft.hard_packet_limit = XFRM_INF;
3311 xp->family = sk->sk_family;
3312
3313 xp->xfrm_nr = 0;
3314 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
3315 (*dir = parse_ipsecrequests(xp, pol)) < 0)
3316 goto out;
3317
3318 /* security context too */
3319 if (len >= (pol->sadb_x_policy_len*8 +
3320 sizeof(struct sadb_x_sec_ctx))) {
3321 char *p = (char *)pol;
3322 struct xfrm_user_sec_ctx *uctx;
3323
3324 p += pol->sadb_x_policy_len*8;
3325 sec_ctx = (struct sadb_x_sec_ctx *)p;
3326 if (len < pol->sadb_x_policy_len*8 +
3327 sec_ctx->sadb_x_sec_len*8) {
3328 *dir = -EINVAL;
3329 goto out;
3330 }
3331 if ((*dir = verify_sec_ctx_len(p)))
3332 goto out;
3333 uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_ATOMIC);
3334 *dir = security_xfrm_policy_alloc(&xp->security, uctx, GFP_ATOMIC);
3335 kfree(uctx);
3336
3337 if (*dir)
3338 goto out;
3339 }
3340
3341 *dir = pol->sadb_x_policy_dir-1;
3342 return xp;
3343
3344out:
3345 xp->walk.dead = 1;
3346 xfrm_policy_destroy(xp);
3347 return NULL;
3348}
3349
3350static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
3351{
3352 struct sk_buff *skb;
3353 struct sadb_msg *hdr;
3354 struct sadb_sa *sa;
3355 struct sadb_address *addr;
3356 struct sadb_x_nat_t_port *n_port;
3357 int sockaddr_size;
3358 int size;
3359 __u8 satype = (x->id.proto == IPPROTO_ESP ? SADB_SATYPE_ESP : 0);
3360 struct xfrm_encap_tmpl *natt = NULL;
3361
3362 sockaddr_size = pfkey_sockaddr_size(x->props.family);
3363 if (!sockaddr_size)
3364 return -EINVAL;
3365
3366 if (!satype)
3367 return -EINVAL;
3368
3369 if (!x->encap)
3370 return -EINVAL;
3371
3372 natt = x->encap;
3373
3374 /* Build an SADB_X_NAT_T_NEW_MAPPING message:
3375 *
3376 * HDR | SA | ADDRESS_SRC (old addr) | NAT_T_SPORT (old port) |
3377 * ADDRESS_DST (new addr) | NAT_T_DPORT (new port)
3378 */
3379
3380 size = sizeof(struct sadb_msg) +
3381 sizeof(struct sadb_sa) +
3382 (sizeof(struct sadb_address) * 2) +
3383 (sockaddr_size * 2) +
3384 (sizeof(struct sadb_x_nat_t_port) * 2);
3385
3386 skb = alloc_skb(size + 16, GFP_ATOMIC);
3387 if (skb == NULL)
3388 return -ENOMEM;
3389
3390 hdr = skb_put(skb, sizeof(struct sadb_msg));
3391 hdr->sadb_msg_version = PF_KEY_V2;
3392 hdr->sadb_msg_type = SADB_X_NAT_T_NEW_MAPPING;
3393 hdr->sadb_msg_satype = satype;
3394 hdr->sadb_msg_len = size / sizeof(uint64_t);
3395 hdr->sadb_msg_errno = 0;
3396 hdr->sadb_msg_reserved = 0;
3397 hdr->sadb_msg_seq = x->km.seq;
3398 hdr->sadb_msg_pid = 0;
3399
3400 /* SA */
3401 sa = skb_put(skb, sizeof(struct sadb_sa));
3402 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
3403 sa->sadb_sa_exttype = SADB_EXT_SA;
3404 sa->sadb_sa_spi = x->id.spi;
3405 sa->sadb_sa_replay = 0;
3406 sa->sadb_sa_state = 0;
3407 sa->sadb_sa_auth = 0;
3408 sa->sadb_sa_encrypt = 0;
3409 sa->sadb_sa_flags = 0;
3410
3411 /* ADDRESS_SRC (old addr) */
3412 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3413 addr->sadb_address_len =
3414 (sizeof(struct sadb_address)+sockaddr_size)/
3415 sizeof(uint64_t);
3416 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3417 addr->sadb_address_proto = 0;
3418 addr->sadb_address_reserved = 0;
3419 addr->sadb_address_prefixlen =
3420 pfkey_sockaddr_fill(&x->props.saddr, 0,
3421 (struct sockaddr *) (addr + 1),
3422 x->props.family);
3423 if (!addr->sadb_address_prefixlen)
3424 BUG();
3425
3426 /* NAT_T_SPORT (old port) */
3427 n_port = skb_put(skb, sizeof(*n_port));
3428 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
3429 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
3430 n_port->sadb_x_nat_t_port_port = natt->encap_sport;
3431 n_port->sadb_x_nat_t_port_reserved = 0;
3432
3433 /* ADDRESS_DST (new addr) */
3434 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3435 addr->sadb_address_len =
3436 (sizeof(struct sadb_address)+sockaddr_size)/
3437 sizeof(uint64_t);
3438 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3439 addr->sadb_address_proto = 0;
3440 addr->sadb_address_reserved = 0;
3441 addr->sadb_address_prefixlen =
3442 pfkey_sockaddr_fill(ipaddr, 0,
3443 (struct sockaddr *) (addr + 1),
3444 x->props.family);
3445 if (!addr->sadb_address_prefixlen)
3446 BUG();
3447
3448 /* NAT_T_DPORT (new port) */
3449 n_port = skb_put(skb, sizeof(*n_port));
3450 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
3451 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
3452 n_port->sadb_x_nat_t_port_port = sport;
3453 n_port->sadb_x_nat_t_port_reserved = 0;
3454
3455 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3456 xs_net(x));
3457}
3458
3459#ifdef CONFIG_NET_KEY_MIGRATE
3460static int set_sadb_address(struct sk_buff *skb, int sasize, int type,
3461 const struct xfrm_selector *sel)
3462{
3463 struct sadb_address *addr;
3464 addr = skb_put(skb, sizeof(struct sadb_address) + sasize);
3465 addr->sadb_address_len = (sizeof(struct sadb_address) + sasize)/8;
3466 addr->sadb_address_exttype = type;
3467 addr->sadb_address_proto = sel->proto;
3468 addr->sadb_address_reserved = 0;
3469
3470 switch (type) {
3471 case SADB_EXT_ADDRESS_SRC:
3472 addr->sadb_address_prefixlen = sel->prefixlen_s;
3473 pfkey_sockaddr_fill(&sel->saddr, 0,
3474 (struct sockaddr *)(addr + 1),
3475 sel->family);
3476 break;
3477 case SADB_EXT_ADDRESS_DST:
3478 addr->sadb_address_prefixlen = sel->prefixlen_d;
3479 pfkey_sockaddr_fill(&sel->daddr, 0,
3480 (struct sockaddr *)(addr + 1),
3481 sel->family);
3482 break;
3483 default:
3484 return -EINVAL;
3485 }
3486
3487 return 0;
3488}
3489
3490
3491static int set_sadb_kmaddress(struct sk_buff *skb, const struct xfrm_kmaddress *k)
3492{
3493 struct sadb_x_kmaddress *kma;
3494 u8 *sa;
3495 int family = k->family;
3496 int socklen = pfkey_sockaddr_len(family);
3497 int size_req;
3498
3499 size_req = (sizeof(struct sadb_x_kmaddress) +
3500 pfkey_sockaddr_pair_size(family));
3501
3502 kma = skb_put_zero(skb, size_req);
3503 kma->sadb_x_kmaddress_len = size_req / 8;
3504 kma->sadb_x_kmaddress_exttype = SADB_X_EXT_KMADDRESS;
3505 kma->sadb_x_kmaddress_reserved = k->reserved;
3506
3507 sa = (u8 *)(kma + 1);
3508 if (!pfkey_sockaddr_fill(&k->local, 0, (struct sockaddr *)sa, family) ||
3509 !pfkey_sockaddr_fill(&k->remote, 0, (struct sockaddr *)(sa+socklen), family))
3510 return -EINVAL;
3511
3512 return 0;
3513}
3514
3515static int set_ipsecrequest(struct sk_buff *skb,
3516 uint8_t proto, uint8_t mode, int level,
3517 uint32_t reqid, uint8_t family,
3518 const xfrm_address_t *src, const xfrm_address_t *dst)
3519{
3520 struct sadb_x_ipsecrequest *rq;
3521 u8 *sa;
3522 int socklen = pfkey_sockaddr_len(family);
3523 int size_req;
3524
3525 size_req = sizeof(struct sadb_x_ipsecrequest) +
3526 pfkey_sockaddr_pair_size(family);
3527
3528 rq = skb_put_zero(skb, size_req);
3529 rq->sadb_x_ipsecrequest_len = size_req;
3530 rq->sadb_x_ipsecrequest_proto = proto;
3531 rq->sadb_x_ipsecrequest_mode = mode;
3532 rq->sadb_x_ipsecrequest_level = level;
3533 rq->sadb_x_ipsecrequest_reqid = reqid;
3534
3535 sa = (u8 *) (rq + 1);
3536 if (!pfkey_sockaddr_fill(src, 0, (struct sockaddr *)sa, family) ||
3537 !pfkey_sockaddr_fill(dst, 0, (struct sockaddr *)(sa + socklen), family))
3538 return -EINVAL;
3539
3540 return 0;
3541}
3542#endif
3543
3544#ifdef CONFIG_NET_KEY_MIGRATE
3545static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
3546 const struct xfrm_migrate *m, int num_bundles,
3547 const struct xfrm_kmaddress *k,
3548 const struct xfrm_encap_tmpl *encap)
3549{
3550 int i;
3551 int sasize_sel;
3552 int size = 0;
3553 int size_pol = 0;
3554 struct sk_buff *skb;
3555 struct sadb_msg *hdr;
3556 struct sadb_x_policy *pol;
3557 const struct xfrm_migrate *mp;
3558
3559 if (type != XFRM_POLICY_TYPE_MAIN)
3560 return 0;
3561
3562 if (num_bundles <= 0 || num_bundles > XFRM_MAX_DEPTH)
3563 return -EINVAL;
3564
3565 if (k != NULL) {
3566 /* addresses for KM */
3567 size += PFKEY_ALIGN8(sizeof(struct sadb_x_kmaddress) +
3568 pfkey_sockaddr_pair_size(k->family));
3569 }
3570
3571 /* selector */
3572 sasize_sel = pfkey_sockaddr_size(sel->family);
3573 if (!sasize_sel)
3574 return -EINVAL;
3575 size += (sizeof(struct sadb_address) + sasize_sel) * 2;
3576
3577 /* policy info */
3578 size_pol += sizeof(struct sadb_x_policy);
3579
3580 /* ipsecrequests */
3581 for (i = 0, mp = m; i < num_bundles; i++, mp++) {
3582 /* old locator pair */
3583 size_pol += sizeof(struct sadb_x_ipsecrequest) +
3584 pfkey_sockaddr_pair_size(mp->old_family);
3585 /* new locator pair */
3586 size_pol += sizeof(struct sadb_x_ipsecrequest) +
3587 pfkey_sockaddr_pair_size(mp->new_family);
3588 }
3589
3590 size += sizeof(struct sadb_msg) + size_pol;
3591
3592 /* alloc buffer */
3593 skb = alloc_skb(size, GFP_ATOMIC);
3594 if (skb == NULL)
3595 return -ENOMEM;
3596
3597 hdr = skb_put(skb, sizeof(struct sadb_msg));
3598 hdr->sadb_msg_version = PF_KEY_V2;
3599 hdr->sadb_msg_type = SADB_X_MIGRATE;
3600 hdr->sadb_msg_satype = pfkey_proto2satype(m->proto);
3601 hdr->sadb_msg_len = size / 8;
3602 hdr->sadb_msg_errno = 0;
3603 hdr->sadb_msg_reserved = 0;
3604 hdr->sadb_msg_seq = 0;
3605 hdr->sadb_msg_pid = 0;
3606
3607 /* Addresses to be used by KM for negotiation, if ext is available */
3608 if (k != NULL && (set_sadb_kmaddress(skb, k) < 0))
3609 goto err;
3610
3611 /* selector src */
3612 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_SRC, sel);
3613
3614 /* selector dst */
3615 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_DST, sel);
3616
3617 /* policy information */
3618 pol = skb_put(skb, sizeof(struct sadb_x_policy));
3619 pol->sadb_x_policy_len = size_pol / 8;
3620 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3621 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
3622 pol->sadb_x_policy_dir = dir + 1;
3623 pol->sadb_x_policy_reserved = 0;
3624 pol->sadb_x_policy_id = 0;
3625 pol->sadb_x_policy_priority = 0;
3626
3627 for (i = 0, mp = m; i < num_bundles; i++, mp++) {
3628 /* old ipsecrequest */
3629 int mode = pfkey_mode_from_xfrm(mp->mode);
3630 if (mode < 0)
3631 goto err;
3632 if (set_ipsecrequest(skb, mp->proto, mode,
3633 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
3634 mp->reqid, mp->old_family,
3635 &mp->old_saddr, &mp->old_daddr) < 0)
3636 goto err;
3637
3638 /* new ipsecrequest */
3639 if (set_ipsecrequest(skb, mp->proto, mode,
3640 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
3641 mp->reqid, mp->new_family,
3642 &mp->new_saddr, &mp->new_daddr) < 0)
3643 goto err;
3644 }
3645
3646 /* broadcast migrate message to sockets */
3647 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, &init_net);
3648
3649 return 0;
3650
3651err:
3652 kfree_skb(skb);
3653 return -EINVAL;
3654}
3655#else
3656static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
3657 const struct xfrm_migrate *m, int num_bundles,
3658 const struct xfrm_kmaddress *k,
3659 const struct xfrm_encap_tmpl *encap)
3660{
3661 return -ENOPROTOOPT;
3662}
3663#endif
3664
3665static int pfkey_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
3666{
3667 struct sock *sk = sock->sk;
3668 struct sk_buff *skb = NULL;
3669 struct sadb_msg *hdr = NULL;
3670 int err;
3671 struct net *net = sock_net(sk);
3672
3673 err = -EOPNOTSUPP;
3674 if (msg->msg_flags & MSG_OOB)
3675 goto out;
3676
3677 err = -EMSGSIZE;
3678 if ((unsigned int)len > sk->sk_sndbuf - 32)
3679 goto out;
3680
3681 err = -ENOBUFS;
3682 skb = alloc_skb(len, GFP_KERNEL);
3683 if (skb == NULL)
3684 goto out;
3685
3686 err = -EFAULT;
3687 if (memcpy_from_msg(skb_put(skb,len), msg, len))
3688 goto out;
3689
3690 hdr = pfkey_get_base_msg(skb, &err);
3691 if (!hdr)
3692 goto out;
3693
3694 mutex_lock(&net->xfrm.xfrm_cfg_mutex);
3695 err = pfkey_process(sk, skb, hdr);
3696 mutex_unlock(&net->xfrm.xfrm_cfg_mutex);
3697
3698out:
3699 if (err && hdr && pfkey_error(hdr, err, sk) == 0)
3700 err = 0;
3701 kfree_skb(skb);
3702
3703 return err ? : len;
3704}
3705
3706static int pfkey_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
3707 int flags)
3708{
3709 struct sock *sk = sock->sk;
3710 struct pfkey_sock *pfk = pfkey_sk(sk);
3711 struct sk_buff *skb;
3712 int copied, err;
3713
3714 err = -EINVAL;
3715 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
3716 goto out;
3717
3718 skb = skb_recv_datagram(sk, flags, &err);
3719 if (skb == NULL)
3720 goto out;
3721
3722 copied = skb->len;
3723 if (copied > len) {
3724 msg->msg_flags |= MSG_TRUNC;
3725 copied = len;
3726 }
3727
3728 skb_reset_transport_header(skb);
3729 err = skb_copy_datagram_msg(skb, 0, msg, copied);
3730 if (err)
3731 goto out_free;
3732
3733 sock_recv_cmsgs(msg, sk, skb);
3734
3735 err = (flags & MSG_TRUNC) ? skb->len : copied;
3736
3737 if (pfk->dump.dump != NULL &&
3738 3 * atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf)
3739 pfkey_do_dump(pfk);
3740
3741out_free:
3742 skb_free_datagram(sk, skb);
3743out:
3744 return err;
3745}
3746
3747static const struct proto_ops pfkey_ops = {
3748 .family = PF_KEY,
3749 .owner = THIS_MODULE,
3750 /* Operations that make no sense on pfkey sockets. */
3751 .bind = sock_no_bind,
3752 .connect = sock_no_connect,
3753 .socketpair = sock_no_socketpair,
3754 .accept = sock_no_accept,
3755 .getname = sock_no_getname,
3756 .ioctl = sock_no_ioctl,
3757 .listen = sock_no_listen,
3758 .shutdown = sock_no_shutdown,
3759 .mmap = sock_no_mmap,
3760 .sendpage = sock_no_sendpage,
3761
3762 /* Now the operations that really occur. */
3763 .release = pfkey_release,
3764 .poll = datagram_poll,
3765 .sendmsg = pfkey_sendmsg,
3766 .recvmsg = pfkey_recvmsg,
3767};
3768
3769static const struct net_proto_family pfkey_family_ops = {
3770 .family = PF_KEY,
3771 .create = pfkey_create,
3772 .owner = THIS_MODULE,
3773};
3774
3775#ifdef CONFIG_PROC_FS
3776static int pfkey_seq_show(struct seq_file *f, void *v)
3777{
3778 struct sock *s = sk_entry(v);
3779
3780 if (v == SEQ_START_TOKEN)
3781 seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n");
3782 else
3783 seq_printf(f, "%pK %-6d %-6u %-6u %-6u %-6lu\n",
3784 s,
3785 refcount_read(&s->sk_refcnt),
3786 sk_rmem_alloc_get(s),
3787 sk_wmem_alloc_get(s),
3788 from_kuid_munged(seq_user_ns(f), sock_i_uid(s)),
3789 sock_i_ino(s)
3790 );
3791 return 0;
3792}
3793
3794static void *pfkey_seq_start(struct seq_file *f, loff_t *ppos)
3795 __acquires(rcu)
3796{
3797 struct net *net = seq_file_net(f);
3798 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3799
3800 rcu_read_lock();
3801 return seq_hlist_start_head_rcu(&net_pfkey->table, *ppos);
3802}
3803
3804static void *pfkey_seq_next(struct seq_file *f, void *v, loff_t *ppos)
3805{
3806 struct net *net = seq_file_net(f);
3807 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3808
3809 return seq_hlist_next_rcu(v, &net_pfkey->table, ppos);
3810}
3811
3812static void pfkey_seq_stop(struct seq_file *f, void *v)
3813 __releases(rcu)
3814{
3815 rcu_read_unlock();
3816}
3817
3818static const struct seq_operations pfkey_seq_ops = {
3819 .start = pfkey_seq_start,
3820 .next = pfkey_seq_next,
3821 .stop = pfkey_seq_stop,
3822 .show = pfkey_seq_show,
3823};
3824
3825static int __net_init pfkey_init_proc(struct net *net)
3826{
3827 struct proc_dir_entry *e;
3828
3829 e = proc_create_net("pfkey", 0, net->proc_net, &pfkey_seq_ops,
3830 sizeof(struct seq_net_private));
3831 if (e == NULL)
3832 return -ENOMEM;
3833
3834 return 0;
3835}
3836
3837static void __net_exit pfkey_exit_proc(struct net *net)
3838{
3839 remove_proc_entry("pfkey", net->proc_net);
3840}
3841#else
3842static inline int pfkey_init_proc(struct net *net)
3843{
3844 return 0;
3845}
3846
3847static inline void pfkey_exit_proc(struct net *net)
3848{
3849}
3850#endif
3851
3852static struct xfrm_mgr pfkeyv2_mgr =
3853{
3854 .notify = pfkey_send_notify,
3855 .acquire = pfkey_send_acquire,
3856 .compile_policy = pfkey_compile_policy,
3857 .new_mapping = pfkey_send_new_mapping,
3858 .notify_policy = pfkey_send_policy_notify,
3859 .migrate = pfkey_send_migrate,
3860 .is_alive = pfkey_is_alive,
3861};
3862
3863static int __net_init pfkey_net_init(struct net *net)
3864{
3865 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3866 int rv;
3867
3868 INIT_HLIST_HEAD(&net_pfkey->table);
3869 atomic_set(&net_pfkey->socks_nr, 0);
3870
3871 rv = pfkey_init_proc(net);
3872
3873 return rv;
3874}
3875
3876static void __net_exit pfkey_net_exit(struct net *net)
3877{
3878 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3879
3880 pfkey_exit_proc(net);
3881 WARN_ON(!hlist_empty(&net_pfkey->table));
3882}
3883
3884static struct pernet_operations pfkey_net_ops = {
3885 .init = pfkey_net_init,
3886 .exit = pfkey_net_exit,
3887 .id = &pfkey_net_id,
3888 .size = sizeof(struct netns_pfkey),
3889};
3890
3891static void __exit ipsec_pfkey_exit(void)
3892{
3893 xfrm_unregister_km(&pfkeyv2_mgr);
3894 sock_unregister(PF_KEY);
3895 unregister_pernet_subsys(&pfkey_net_ops);
3896 proto_unregister(&key_proto);
3897}
3898
3899static int __init ipsec_pfkey_init(void)
3900{
3901 int err = proto_register(&key_proto, 0);
3902
3903 if (err != 0)
3904 goto out;
3905
3906 err = register_pernet_subsys(&pfkey_net_ops);
3907 if (err != 0)
3908 goto out_unregister_key_proto;
3909 err = sock_register(&pfkey_family_ops);
3910 if (err != 0)
3911 goto out_unregister_pernet;
3912 xfrm_register_km(&pfkeyv2_mgr);
3913out:
3914 return err;
3915
3916out_unregister_pernet:
3917 unregister_pernet_subsys(&pfkey_net_ops);
3918out_unregister_key_proto:
3919 proto_unregister(&key_proto);
3920 goto out;
3921}
3922
3923module_init(ipsec_pfkey_init);
3924module_exit(ipsec_pfkey_exit);
3925MODULE_LICENSE("GPL");
3926MODULE_ALIAS_NETPROTO(PF_KEY);
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * net/key/af_key.c An implementation of PF_KEYv2 sockets.
4 *
5 * Authors: Maxim Giryaev <gem@asplinux.ru>
6 * David S. Miller <davem@redhat.com>
7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
9 * Kazunori MIYAZAWA / USAGI Project <miyazawa@linux-ipv6.org>
10 * Derek Atkins <derek@ihtfp.com>
11 */
12
13#include <linux/capability.h>
14#include <linux/module.h>
15#include <linux/kernel.h>
16#include <linux/socket.h>
17#include <linux/pfkeyv2.h>
18#include <linux/ipsec.h>
19#include <linux/skbuff.h>
20#include <linux/rtnetlink.h>
21#include <linux/in.h>
22#include <linux/in6.h>
23#include <linux/proc_fs.h>
24#include <linux/init.h>
25#include <linux/slab.h>
26#include <net/net_namespace.h>
27#include <net/netns/generic.h>
28#include <net/xfrm.h>
29
30#include <net/sock.h>
31
32#define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x))
33#define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x))
34
35static unsigned int pfkey_net_id __read_mostly;
36struct netns_pfkey {
37 /* List of all pfkey sockets. */
38 struct hlist_head table;
39 atomic_t socks_nr;
40};
41static DEFINE_MUTEX(pfkey_mutex);
42
43#define DUMMY_MARK 0
44static const struct xfrm_mark dummy_mark = {0, 0};
45struct pfkey_sock {
46 /* struct sock must be the first member of struct pfkey_sock */
47 struct sock sk;
48 int registered;
49 int promisc;
50
51 struct {
52 uint8_t msg_version;
53 uint32_t msg_portid;
54 int (*dump)(struct pfkey_sock *sk);
55 void (*done)(struct pfkey_sock *sk);
56 union {
57 struct xfrm_policy_walk policy;
58 struct xfrm_state_walk state;
59 } u;
60 struct sk_buff *skb;
61 } dump;
62 struct mutex dump_lock;
63};
64
65static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
66 xfrm_address_t *saddr, xfrm_address_t *daddr,
67 u16 *family);
68
69static inline struct pfkey_sock *pfkey_sk(struct sock *sk)
70{
71 return (struct pfkey_sock *)sk;
72}
73
74static int pfkey_can_dump(const struct sock *sk)
75{
76 if (3 * atomic_read(&sk->sk_rmem_alloc) <= 2 * sk->sk_rcvbuf)
77 return 1;
78 return 0;
79}
80
81static void pfkey_terminate_dump(struct pfkey_sock *pfk)
82{
83 if (pfk->dump.dump) {
84 if (pfk->dump.skb) {
85 kfree_skb(pfk->dump.skb);
86 pfk->dump.skb = NULL;
87 }
88 pfk->dump.done(pfk);
89 pfk->dump.dump = NULL;
90 pfk->dump.done = NULL;
91 }
92}
93
94static void pfkey_sock_destruct(struct sock *sk)
95{
96 struct net *net = sock_net(sk);
97 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
98
99 pfkey_terminate_dump(pfkey_sk(sk));
100 skb_queue_purge(&sk->sk_receive_queue);
101
102 if (!sock_flag(sk, SOCK_DEAD)) {
103 pr_err("Attempt to release alive pfkey socket: %p\n", sk);
104 return;
105 }
106
107 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
108 WARN_ON(refcount_read(&sk->sk_wmem_alloc));
109
110 atomic_dec(&net_pfkey->socks_nr);
111}
112
113static const struct proto_ops pfkey_ops;
114
115static void pfkey_insert(struct sock *sk)
116{
117 struct net *net = sock_net(sk);
118 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
119
120 mutex_lock(&pfkey_mutex);
121 sk_add_node_rcu(sk, &net_pfkey->table);
122 mutex_unlock(&pfkey_mutex);
123}
124
125static void pfkey_remove(struct sock *sk)
126{
127 mutex_lock(&pfkey_mutex);
128 sk_del_node_init_rcu(sk);
129 mutex_unlock(&pfkey_mutex);
130}
131
132static struct proto key_proto = {
133 .name = "KEY",
134 .owner = THIS_MODULE,
135 .obj_size = sizeof(struct pfkey_sock),
136};
137
138static int pfkey_create(struct net *net, struct socket *sock, int protocol,
139 int kern)
140{
141 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
142 struct sock *sk;
143 struct pfkey_sock *pfk;
144
145 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
146 return -EPERM;
147 if (sock->type != SOCK_RAW)
148 return -ESOCKTNOSUPPORT;
149 if (protocol != PF_KEY_V2)
150 return -EPROTONOSUPPORT;
151
152 sk = sk_alloc(net, PF_KEY, GFP_KERNEL, &key_proto, kern);
153 if (sk == NULL)
154 return -ENOMEM;
155
156 pfk = pfkey_sk(sk);
157 mutex_init(&pfk->dump_lock);
158
159 sock->ops = &pfkey_ops;
160 sock_init_data(sock, sk);
161
162 sk->sk_family = PF_KEY;
163 sk->sk_destruct = pfkey_sock_destruct;
164
165 atomic_inc(&net_pfkey->socks_nr);
166
167 pfkey_insert(sk);
168
169 return 0;
170}
171
172static int pfkey_release(struct socket *sock)
173{
174 struct sock *sk = sock->sk;
175
176 if (!sk)
177 return 0;
178
179 pfkey_remove(sk);
180
181 sock_orphan(sk);
182 sock->sk = NULL;
183 skb_queue_purge(&sk->sk_write_queue);
184
185 synchronize_rcu();
186 sock_put(sk);
187
188 return 0;
189}
190
191static int pfkey_broadcast_one(struct sk_buff *skb, gfp_t allocation,
192 struct sock *sk)
193{
194 int err = -ENOBUFS;
195
196 if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf)
197 return err;
198
199 skb = skb_clone(skb, allocation);
200
201 if (skb) {
202 skb_set_owner_r(skb, sk);
203 skb_queue_tail(&sk->sk_receive_queue, skb);
204 sk->sk_data_ready(sk);
205 err = 0;
206 }
207 return err;
208}
209
210/* Send SKB to all pfkey sockets matching selected criteria. */
211#define BROADCAST_ALL 0
212#define BROADCAST_ONE 1
213#define BROADCAST_REGISTERED 2
214#define BROADCAST_PROMISC_ONLY 4
215static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
216 int broadcast_flags, struct sock *one_sk,
217 struct net *net)
218{
219 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
220 struct sock *sk;
221 int err = -ESRCH;
222
223 /* XXX Do we need something like netlink_overrun? I think
224 * XXX PF_KEY socket apps will not mind current behavior.
225 */
226 if (!skb)
227 return -ENOMEM;
228
229 rcu_read_lock();
230 sk_for_each_rcu(sk, &net_pfkey->table) {
231 struct pfkey_sock *pfk = pfkey_sk(sk);
232 int err2;
233
234 /* Yes, it means that if you are meant to receive this
235 * pfkey message you receive it twice as promiscuous
236 * socket.
237 */
238 if (pfk->promisc)
239 pfkey_broadcast_one(skb, GFP_ATOMIC, sk);
240
241 /* the exact target will be processed later */
242 if (sk == one_sk)
243 continue;
244 if (broadcast_flags != BROADCAST_ALL) {
245 if (broadcast_flags & BROADCAST_PROMISC_ONLY)
246 continue;
247 if ((broadcast_flags & BROADCAST_REGISTERED) &&
248 !pfk->registered)
249 continue;
250 if (broadcast_flags & BROADCAST_ONE)
251 continue;
252 }
253
254 err2 = pfkey_broadcast_one(skb, GFP_ATOMIC, sk);
255
256 /* Error is cleared after successful sending to at least one
257 * registered KM */
258 if ((broadcast_flags & BROADCAST_REGISTERED) && err)
259 err = err2;
260 }
261 rcu_read_unlock();
262
263 if (one_sk != NULL)
264 err = pfkey_broadcast_one(skb, allocation, one_sk);
265
266 kfree_skb(skb);
267 return err;
268}
269
270static int pfkey_do_dump(struct pfkey_sock *pfk)
271{
272 struct sadb_msg *hdr;
273 int rc;
274
275 mutex_lock(&pfk->dump_lock);
276 if (!pfk->dump.dump) {
277 rc = 0;
278 goto out;
279 }
280
281 rc = pfk->dump.dump(pfk);
282 if (rc == -ENOBUFS) {
283 rc = 0;
284 goto out;
285 }
286
287 if (pfk->dump.skb) {
288 if (!pfkey_can_dump(&pfk->sk)) {
289 rc = 0;
290 goto out;
291 }
292
293 hdr = (struct sadb_msg *) pfk->dump.skb->data;
294 hdr->sadb_msg_seq = 0;
295 hdr->sadb_msg_errno = rc;
296 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
297 &pfk->sk, sock_net(&pfk->sk));
298 pfk->dump.skb = NULL;
299 }
300
301 pfkey_terminate_dump(pfk);
302
303out:
304 mutex_unlock(&pfk->dump_lock);
305 return rc;
306}
307
308static inline void pfkey_hdr_dup(struct sadb_msg *new,
309 const struct sadb_msg *orig)
310{
311 *new = *orig;
312}
313
314static int pfkey_error(const struct sadb_msg *orig, int err, struct sock *sk)
315{
316 struct sk_buff *skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_KERNEL);
317 struct sadb_msg *hdr;
318
319 if (!skb)
320 return -ENOBUFS;
321
322 /* Woe be to the platform trying to support PFKEY yet
323 * having normal errnos outside the 1-255 range, inclusive.
324 */
325 err = -err;
326 if (err == ERESTARTSYS ||
327 err == ERESTARTNOHAND ||
328 err == ERESTARTNOINTR)
329 err = EINTR;
330 if (err >= 512)
331 err = EINVAL;
332 BUG_ON(err <= 0 || err >= 256);
333
334 hdr = skb_put(skb, sizeof(struct sadb_msg));
335 pfkey_hdr_dup(hdr, orig);
336 hdr->sadb_msg_errno = (uint8_t) err;
337 hdr->sadb_msg_len = (sizeof(struct sadb_msg) /
338 sizeof(uint64_t));
339
340 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ONE, sk, sock_net(sk));
341
342 return 0;
343}
344
345static const u8 sadb_ext_min_len[] = {
346 [SADB_EXT_RESERVED] = (u8) 0,
347 [SADB_EXT_SA] = (u8) sizeof(struct sadb_sa),
348 [SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime),
349 [SADB_EXT_LIFETIME_HARD] = (u8) sizeof(struct sadb_lifetime),
350 [SADB_EXT_LIFETIME_SOFT] = (u8) sizeof(struct sadb_lifetime),
351 [SADB_EXT_ADDRESS_SRC] = (u8) sizeof(struct sadb_address),
352 [SADB_EXT_ADDRESS_DST] = (u8) sizeof(struct sadb_address),
353 [SADB_EXT_ADDRESS_PROXY] = (u8) sizeof(struct sadb_address),
354 [SADB_EXT_KEY_AUTH] = (u8) sizeof(struct sadb_key),
355 [SADB_EXT_KEY_ENCRYPT] = (u8) sizeof(struct sadb_key),
356 [SADB_EXT_IDENTITY_SRC] = (u8) sizeof(struct sadb_ident),
357 [SADB_EXT_IDENTITY_DST] = (u8) sizeof(struct sadb_ident),
358 [SADB_EXT_SENSITIVITY] = (u8) sizeof(struct sadb_sens),
359 [SADB_EXT_PROPOSAL] = (u8) sizeof(struct sadb_prop),
360 [SADB_EXT_SUPPORTED_AUTH] = (u8) sizeof(struct sadb_supported),
361 [SADB_EXT_SUPPORTED_ENCRYPT] = (u8) sizeof(struct sadb_supported),
362 [SADB_EXT_SPIRANGE] = (u8) sizeof(struct sadb_spirange),
363 [SADB_X_EXT_KMPRIVATE] = (u8) sizeof(struct sadb_x_kmprivate),
364 [SADB_X_EXT_POLICY] = (u8) sizeof(struct sadb_x_policy),
365 [SADB_X_EXT_SA2] = (u8) sizeof(struct sadb_x_sa2),
366 [SADB_X_EXT_NAT_T_TYPE] = (u8) sizeof(struct sadb_x_nat_t_type),
367 [SADB_X_EXT_NAT_T_SPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
368 [SADB_X_EXT_NAT_T_DPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
369 [SADB_X_EXT_NAT_T_OA] = (u8) sizeof(struct sadb_address),
370 [SADB_X_EXT_SEC_CTX] = (u8) sizeof(struct sadb_x_sec_ctx),
371 [SADB_X_EXT_KMADDRESS] = (u8) sizeof(struct sadb_x_kmaddress),
372 [SADB_X_EXT_FILTER] = (u8) sizeof(struct sadb_x_filter),
373};
374
375/* Verify sadb_address_{len,prefixlen} against sa_family. */
376static int verify_address_len(const void *p)
377{
378 const struct sadb_address *sp = p;
379 const struct sockaddr *addr = (const struct sockaddr *)(sp + 1);
380 const struct sockaddr_in *sin;
381#if IS_ENABLED(CONFIG_IPV6)
382 const struct sockaddr_in6 *sin6;
383#endif
384 int len;
385
386 if (sp->sadb_address_len <
387 DIV_ROUND_UP(sizeof(*sp) + offsetofend(typeof(*addr), sa_family),
388 sizeof(uint64_t)))
389 return -EINVAL;
390
391 switch (addr->sa_family) {
392 case AF_INET:
393 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin), sizeof(uint64_t));
394 if (sp->sadb_address_len != len ||
395 sp->sadb_address_prefixlen > 32)
396 return -EINVAL;
397 break;
398#if IS_ENABLED(CONFIG_IPV6)
399 case AF_INET6:
400 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin6), sizeof(uint64_t));
401 if (sp->sadb_address_len != len ||
402 sp->sadb_address_prefixlen > 128)
403 return -EINVAL;
404 break;
405#endif
406 default:
407 /* It is user using kernel to keep track of security
408 * associations for another protocol, such as
409 * OSPF/RSVP/RIPV2/MIP. It is user's job to verify
410 * lengths.
411 *
412 * XXX Actually, association/policy database is not yet
413 * XXX able to cope with arbitrary sockaddr families.
414 * XXX When it can, remove this -EINVAL. -DaveM
415 */
416 return -EINVAL;
417 }
418
419 return 0;
420}
421
422static inline int sadb_key_len(const struct sadb_key *key)
423{
424 int key_bytes = DIV_ROUND_UP(key->sadb_key_bits, 8);
425
426 return DIV_ROUND_UP(sizeof(struct sadb_key) + key_bytes,
427 sizeof(uint64_t));
428}
429
430static int verify_key_len(const void *p)
431{
432 const struct sadb_key *key = p;
433
434 if (sadb_key_len(key) > key->sadb_key_len)
435 return -EINVAL;
436
437 return 0;
438}
439
440static inline int pfkey_sec_ctx_len(const struct sadb_x_sec_ctx *sec_ctx)
441{
442 return DIV_ROUND_UP(sizeof(struct sadb_x_sec_ctx) +
443 sec_ctx->sadb_x_ctx_len,
444 sizeof(uint64_t));
445}
446
447static inline int verify_sec_ctx_len(const void *p)
448{
449 const struct sadb_x_sec_ctx *sec_ctx = p;
450 int len = sec_ctx->sadb_x_ctx_len;
451
452 if (len > PAGE_SIZE)
453 return -EINVAL;
454
455 len = pfkey_sec_ctx_len(sec_ctx);
456
457 if (sec_ctx->sadb_x_sec_len != len)
458 return -EINVAL;
459
460 return 0;
461}
462
463static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(const struct sadb_x_sec_ctx *sec_ctx,
464 gfp_t gfp)
465{
466 struct xfrm_user_sec_ctx *uctx = NULL;
467 int ctx_size = sec_ctx->sadb_x_ctx_len;
468
469 uctx = kmalloc((sizeof(*uctx)+ctx_size), gfp);
470
471 if (!uctx)
472 return NULL;
473
474 uctx->len = pfkey_sec_ctx_len(sec_ctx);
475 uctx->exttype = sec_ctx->sadb_x_sec_exttype;
476 uctx->ctx_doi = sec_ctx->sadb_x_ctx_doi;
477 uctx->ctx_alg = sec_ctx->sadb_x_ctx_alg;
478 uctx->ctx_len = sec_ctx->sadb_x_ctx_len;
479 memcpy(uctx + 1, sec_ctx + 1,
480 uctx->ctx_len);
481
482 return uctx;
483}
484
485static int present_and_same_family(const struct sadb_address *src,
486 const struct sadb_address *dst)
487{
488 const struct sockaddr *s_addr, *d_addr;
489
490 if (!src || !dst)
491 return 0;
492
493 s_addr = (const struct sockaddr *)(src + 1);
494 d_addr = (const struct sockaddr *)(dst + 1);
495 if (s_addr->sa_family != d_addr->sa_family)
496 return 0;
497 if (s_addr->sa_family != AF_INET
498#if IS_ENABLED(CONFIG_IPV6)
499 && s_addr->sa_family != AF_INET6
500#endif
501 )
502 return 0;
503
504 return 1;
505}
506
507static int parse_exthdrs(struct sk_buff *skb, const struct sadb_msg *hdr, void **ext_hdrs)
508{
509 const char *p = (char *) hdr;
510 int len = skb->len;
511
512 len -= sizeof(*hdr);
513 p += sizeof(*hdr);
514 while (len > 0) {
515 const struct sadb_ext *ehdr = (const struct sadb_ext *) p;
516 uint16_t ext_type;
517 int ext_len;
518
519 if (len < sizeof(*ehdr))
520 return -EINVAL;
521
522 ext_len = ehdr->sadb_ext_len;
523 ext_len *= sizeof(uint64_t);
524 ext_type = ehdr->sadb_ext_type;
525 if (ext_len < sizeof(uint64_t) ||
526 ext_len > len ||
527 ext_type == SADB_EXT_RESERVED)
528 return -EINVAL;
529
530 if (ext_type <= SADB_EXT_MAX) {
531 int min = (int) sadb_ext_min_len[ext_type];
532 if (ext_len < min)
533 return -EINVAL;
534 if (ext_hdrs[ext_type-1] != NULL)
535 return -EINVAL;
536 switch (ext_type) {
537 case SADB_EXT_ADDRESS_SRC:
538 case SADB_EXT_ADDRESS_DST:
539 case SADB_EXT_ADDRESS_PROXY:
540 case SADB_X_EXT_NAT_T_OA:
541 if (verify_address_len(p))
542 return -EINVAL;
543 break;
544 case SADB_X_EXT_SEC_CTX:
545 if (verify_sec_ctx_len(p))
546 return -EINVAL;
547 break;
548 case SADB_EXT_KEY_AUTH:
549 case SADB_EXT_KEY_ENCRYPT:
550 if (verify_key_len(p))
551 return -EINVAL;
552 break;
553 default:
554 break;
555 }
556 ext_hdrs[ext_type-1] = (void *) p;
557 }
558 p += ext_len;
559 len -= ext_len;
560 }
561
562 return 0;
563}
564
565static uint16_t
566pfkey_satype2proto(uint8_t satype)
567{
568 switch (satype) {
569 case SADB_SATYPE_UNSPEC:
570 return IPSEC_PROTO_ANY;
571 case SADB_SATYPE_AH:
572 return IPPROTO_AH;
573 case SADB_SATYPE_ESP:
574 return IPPROTO_ESP;
575 case SADB_X_SATYPE_IPCOMP:
576 return IPPROTO_COMP;
577 default:
578 return 0;
579 }
580 /* NOTREACHED */
581}
582
583static uint8_t
584pfkey_proto2satype(uint16_t proto)
585{
586 switch (proto) {
587 case IPPROTO_AH:
588 return SADB_SATYPE_AH;
589 case IPPROTO_ESP:
590 return SADB_SATYPE_ESP;
591 case IPPROTO_COMP:
592 return SADB_X_SATYPE_IPCOMP;
593 default:
594 return 0;
595 }
596 /* NOTREACHED */
597}
598
599/* BTW, this scheme means that there is no way with PFKEY2 sockets to
600 * say specifically 'just raw sockets' as we encode them as 255.
601 */
602
603static uint8_t pfkey_proto_to_xfrm(uint8_t proto)
604{
605 return proto == IPSEC_PROTO_ANY ? 0 : proto;
606}
607
608static uint8_t pfkey_proto_from_xfrm(uint8_t proto)
609{
610 return proto ? proto : IPSEC_PROTO_ANY;
611}
612
613static inline int pfkey_sockaddr_len(sa_family_t family)
614{
615 switch (family) {
616 case AF_INET:
617 return sizeof(struct sockaddr_in);
618#if IS_ENABLED(CONFIG_IPV6)
619 case AF_INET6:
620 return sizeof(struct sockaddr_in6);
621#endif
622 }
623 return 0;
624}
625
626static
627int pfkey_sockaddr_extract(const struct sockaddr *sa, xfrm_address_t *xaddr)
628{
629 switch (sa->sa_family) {
630 case AF_INET:
631 xaddr->a4 =
632 ((struct sockaddr_in *)sa)->sin_addr.s_addr;
633 return AF_INET;
634#if IS_ENABLED(CONFIG_IPV6)
635 case AF_INET6:
636 memcpy(xaddr->a6,
637 &((struct sockaddr_in6 *)sa)->sin6_addr,
638 sizeof(struct in6_addr));
639 return AF_INET6;
640#endif
641 }
642 return 0;
643}
644
645static
646int pfkey_sadb_addr2xfrm_addr(const struct sadb_address *addr, xfrm_address_t *xaddr)
647{
648 return pfkey_sockaddr_extract((struct sockaddr *)(addr + 1),
649 xaddr);
650}
651
652static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, const struct sadb_msg *hdr, void * const *ext_hdrs)
653{
654 const struct sadb_sa *sa;
655 const struct sadb_address *addr;
656 uint16_t proto;
657 unsigned short family;
658 xfrm_address_t *xaddr;
659
660 sa = ext_hdrs[SADB_EXT_SA - 1];
661 if (sa == NULL)
662 return NULL;
663
664 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
665 if (proto == 0)
666 return NULL;
667
668 /* sadb_address_len should be checked by caller */
669 addr = ext_hdrs[SADB_EXT_ADDRESS_DST - 1];
670 if (addr == NULL)
671 return NULL;
672
673 family = ((const struct sockaddr *)(addr + 1))->sa_family;
674 switch (family) {
675 case AF_INET:
676 xaddr = (xfrm_address_t *)&((const struct sockaddr_in *)(addr + 1))->sin_addr;
677 break;
678#if IS_ENABLED(CONFIG_IPV6)
679 case AF_INET6:
680 xaddr = (xfrm_address_t *)&((const struct sockaddr_in6 *)(addr + 1))->sin6_addr;
681 break;
682#endif
683 default:
684 xaddr = NULL;
685 }
686
687 if (!xaddr)
688 return NULL;
689
690 return xfrm_state_lookup(net, DUMMY_MARK, xaddr, sa->sadb_sa_spi, proto, family);
691}
692
693#define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
694
695static int
696pfkey_sockaddr_size(sa_family_t family)
697{
698 return PFKEY_ALIGN8(pfkey_sockaddr_len(family));
699}
700
701static inline int pfkey_mode_from_xfrm(int mode)
702{
703 switch(mode) {
704 case XFRM_MODE_TRANSPORT:
705 return IPSEC_MODE_TRANSPORT;
706 case XFRM_MODE_TUNNEL:
707 return IPSEC_MODE_TUNNEL;
708 case XFRM_MODE_BEET:
709 return IPSEC_MODE_BEET;
710 default:
711 return -1;
712 }
713}
714
715static inline int pfkey_mode_to_xfrm(int mode)
716{
717 switch(mode) {
718 case IPSEC_MODE_ANY: /*XXX*/
719 case IPSEC_MODE_TRANSPORT:
720 return XFRM_MODE_TRANSPORT;
721 case IPSEC_MODE_TUNNEL:
722 return XFRM_MODE_TUNNEL;
723 case IPSEC_MODE_BEET:
724 return XFRM_MODE_BEET;
725 default:
726 return -1;
727 }
728}
729
730static unsigned int pfkey_sockaddr_fill(const xfrm_address_t *xaddr, __be16 port,
731 struct sockaddr *sa,
732 unsigned short family)
733{
734 switch (family) {
735 case AF_INET:
736 {
737 struct sockaddr_in *sin = (struct sockaddr_in *)sa;
738 sin->sin_family = AF_INET;
739 sin->sin_port = port;
740 sin->sin_addr.s_addr = xaddr->a4;
741 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
742 return 32;
743 }
744#if IS_ENABLED(CONFIG_IPV6)
745 case AF_INET6:
746 {
747 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
748 sin6->sin6_family = AF_INET6;
749 sin6->sin6_port = port;
750 sin6->sin6_flowinfo = 0;
751 sin6->sin6_addr = xaddr->in6;
752 sin6->sin6_scope_id = 0;
753 return 128;
754 }
755#endif
756 }
757 return 0;
758}
759
760static struct sk_buff *__pfkey_xfrm_state2msg(const struct xfrm_state *x,
761 int add_keys, int hsc)
762{
763 struct sk_buff *skb;
764 struct sadb_msg *hdr;
765 struct sadb_sa *sa;
766 struct sadb_lifetime *lifetime;
767 struct sadb_address *addr;
768 struct sadb_key *key;
769 struct sadb_x_sa2 *sa2;
770 struct sadb_x_sec_ctx *sec_ctx;
771 struct xfrm_sec_ctx *xfrm_ctx;
772 int ctx_size = 0;
773 int size;
774 int auth_key_size = 0;
775 int encrypt_key_size = 0;
776 int sockaddr_size;
777 struct xfrm_encap_tmpl *natt = NULL;
778 int mode;
779
780 /* address family check */
781 sockaddr_size = pfkey_sockaddr_size(x->props.family);
782 if (!sockaddr_size)
783 return ERR_PTR(-EINVAL);
784
785 /* base, SA, (lifetime (HSC),) address(SD), (address(P),)
786 key(AE), (identity(SD),) (sensitivity)> */
787 size = sizeof(struct sadb_msg) +sizeof(struct sadb_sa) +
788 sizeof(struct sadb_lifetime) +
789 ((hsc & 1) ? sizeof(struct sadb_lifetime) : 0) +
790 ((hsc & 2) ? sizeof(struct sadb_lifetime) : 0) +
791 sizeof(struct sadb_address)*2 +
792 sockaddr_size*2 +
793 sizeof(struct sadb_x_sa2);
794
795 if ((xfrm_ctx = x->security)) {
796 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
797 size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
798 }
799
800 /* identity & sensitivity */
801 if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, x->props.family))
802 size += sizeof(struct sadb_address) + sockaddr_size;
803
804 if (add_keys) {
805 if (x->aalg && x->aalg->alg_key_len) {
806 auth_key_size =
807 PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8);
808 size += sizeof(struct sadb_key) + auth_key_size;
809 }
810 if (x->ealg && x->ealg->alg_key_len) {
811 encrypt_key_size =
812 PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8);
813 size += sizeof(struct sadb_key) + encrypt_key_size;
814 }
815 }
816 if (x->encap)
817 natt = x->encap;
818
819 if (natt && natt->encap_type) {
820 size += sizeof(struct sadb_x_nat_t_type);
821 size += sizeof(struct sadb_x_nat_t_port);
822 size += sizeof(struct sadb_x_nat_t_port);
823 }
824
825 skb = alloc_skb(size + 16, GFP_ATOMIC);
826 if (skb == NULL)
827 return ERR_PTR(-ENOBUFS);
828
829 /* call should fill header later */
830 hdr = skb_put(skb, sizeof(struct sadb_msg));
831 memset(hdr, 0, size); /* XXX do we need this ? */
832 hdr->sadb_msg_len = size / sizeof(uint64_t);
833
834 /* sa */
835 sa = skb_put(skb, sizeof(struct sadb_sa));
836 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
837 sa->sadb_sa_exttype = SADB_EXT_SA;
838 sa->sadb_sa_spi = x->id.spi;
839 sa->sadb_sa_replay = x->props.replay_window;
840 switch (x->km.state) {
841 case XFRM_STATE_VALID:
842 sa->sadb_sa_state = x->km.dying ?
843 SADB_SASTATE_DYING : SADB_SASTATE_MATURE;
844 break;
845 case XFRM_STATE_ACQ:
846 sa->sadb_sa_state = SADB_SASTATE_LARVAL;
847 break;
848 default:
849 sa->sadb_sa_state = SADB_SASTATE_DEAD;
850 break;
851 }
852 sa->sadb_sa_auth = 0;
853 if (x->aalg) {
854 struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
855 sa->sadb_sa_auth = (a && a->pfkey_supported) ?
856 a->desc.sadb_alg_id : 0;
857 }
858 sa->sadb_sa_encrypt = 0;
859 BUG_ON(x->ealg && x->calg);
860 if (x->ealg) {
861 struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0);
862 sa->sadb_sa_encrypt = (a && a->pfkey_supported) ?
863 a->desc.sadb_alg_id : 0;
864 }
865 /* KAME compatible: sadb_sa_encrypt is overloaded with calg id */
866 if (x->calg) {
867 struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0);
868 sa->sadb_sa_encrypt = (a && a->pfkey_supported) ?
869 a->desc.sadb_alg_id : 0;
870 }
871
872 sa->sadb_sa_flags = 0;
873 if (x->props.flags & XFRM_STATE_NOECN)
874 sa->sadb_sa_flags |= SADB_SAFLAGS_NOECN;
875 if (x->props.flags & XFRM_STATE_DECAP_DSCP)
876 sa->sadb_sa_flags |= SADB_SAFLAGS_DECAP_DSCP;
877 if (x->props.flags & XFRM_STATE_NOPMTUDISC)
878 sa->sadb_sa_flags |= SADB_SAFLAGS_NOPMTUDISC;
879
880 /* hard time */
881 if (hsc & 2) {
882 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
883 lifetime->sadb_lifetime_len =
884 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
885 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
886 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.hard_packet_limit);
887 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.hard_byte_limit);
888 lifetime->sadb_lifetime_addtime = x->lft.hard_add_expires_seconds;
889 lifetime->sadb_lifetime_usetime = x->lft.hard_use_expires_seconds;
890 }
891 /* soft time */
892 if (hsc & 1) {
893 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
894 lifetime->sadb_lifetime_len =
895 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
896 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
897 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.soft_packet_limit);
898 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.soft_byte_limit);
899 lifetime->sadb_lifetime_addtime = x->lft.soft_add_expires_seconds;
900 lifetime->sadb_lifetime_usetime = x->lft.soft_use_expires_seconds;
901 }
902 /* current time */
903 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
904 lifetime->sadb_lifetime_len =
905 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
906 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
907 lifetime->sadb_lifetime_allocations = x->curlft.packets;
908 lifetime->sadb_lifetime_bytes = x->curlft.bytes;
909 lifetime->sadb_lifetime_addtime = x->curlft.add_time;
910 lifetime->sadb_lifetime_usetime = x->curlft.use_time;
911 /* src address */
912 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
913 addr->sadb_address_len =
914 (sizeof(struct sadb_address)+sockaddr_size)/
915 sizeof(uint64_t);
916 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
917 /* "if the ports are non-zero, then the sadb_address_proto field,
918 normally zero, MUST be filled in with the transport
919 protocol's number." - RFC2367 */
920 addr->sadb_address_proto = 0;
921 addr->sadb_address_reserved = 0;
922
923 addr->sadb_address_prefixlen =
924 pfkey_sockaddr_fill(&x->props.saddr, 0,
925 (struct sockaddr *) (addr + 1),
926 x->props.family);
927 BUG_ON(!addr->sadb_address_prefixlen);
928
929 /* dst address */
930 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
931 addr->sadb_address_len =
932 (sizeof(struct sadb_address)+sockaddr_size)/
933 sizeof(uint64_t);
934 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
935 addr->sadb_address_proto = 0;
936 addr->sadb_address_reserved = 0;
937
938 addr->sadb_address_prefixlen =
939 pfkey_sockaddr_fill(&x->id.daddr, 0,
940 (struct sockaddr *) (addr + 1),
941 x->props.family);
942 BUG_ON(!addr->sadb_address_prefixlen);
943
944 if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr,
945 x->props.family)) {
946 addr = skb_put(skb,
947 sizeof(struct sadb_address) + sockaddr_size);
948 addr->sadb_address_len =
949 (sizeof(struct sadb_address)+sockaddr_size)/
950 sizeof(uint64_t);
951 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;
952 addr->sadb_address_proto =
953 pfkey_proto_from_xfrm(x->sel.proto);
954 addr->sadb_address_prefixlen = x->sel.prefixlen_s;
955 addr->sadb_address_reserved = 0;
956
957 pfkey_sockaddr_fill(&x->sel.saddr, x->sel.sport,
958 (struct sockaddr *) (addr + 1),
959 x->props.family);
960 }
961
962 /* auth key */
963 if (add_keys && auth_key_size) {
964 key = skb_put(skb, sizeof(struct sadb_key) + auth_key_size);
965 key->sadb_key_len = (sizeof(struct sadb_key) + auth_key_size) /
966 sizeof(uint64_t);
967 key->sadb_key_exttype = SADB_EXT_KEY_AUTH;
968 key->sadb_key_bits = x->aalg->alg_key_len;
969 key->sadb_key_reserved = 0;
970 memcpy(key + 1, x->aalg->alg_key, (x->aalg->alg_key_len+7)/8);
971 }
972 /* encrypt key */
973 if (add_keys && encrypt_key_size) {
974 key = skb_put(skb, sizeof(struct sadb_key) + encrypt_key_size);
975 key->sadb_key_len = (sizeof(struct sadb_key) +
976 encrypt_key_size) / sizeof(uint64_t);
977 key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
978 key->sadb_key_bits = x->ealg->alg_key_len;
979 key->sadb_key_reserved = 0;
980 memcpy(key + 1, x->ealg->alg_key,
981 (x->ealg->alg_key_len+7)/8);
982 }
983
984 /* sa */
985 sa2 = skb_put(skb, sizeof(struct sadb_x_sa2));
986 sa2->sadb_x_sa2_len = sizeof(struct sadb_x_sa2)/sizeof(uint64_t);
987 sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
988 if ((mode = pfkey_mode_from_xfrm(x->props.mode)) < 0) {
989 kfree_skb(skb);
990 return ERR_PTR(-EINVAL);
991 }
992 sa2->sadb_x_sa2_mode = mode;
993 sa2->sadb_x_sa2_reserved1 = 0;
994 sa2->sadb_x_sa2_reserved2 = 0;
995 sa2->sadb_x_sa2_sequence = 0;
996 sa2->sadb_x_sa2_reqid = x->props.reqid;
997
998 if (natt && natt->encap_type) {
999 struct sadb_x_nat_t_type *n_type;
1000 struct sadb_x_nat_t_port *n_port;
1001
1002 /* type */
1003 n_type = skb_put(skb, sizeof(*n_type));
1004 n_type->sadb_x_nat_t_type_len = sizeof(*n_type)/sizeof(uint64_t);
1005 n_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
1006 n_type->sadb_x_nat_t_type_type = natt->encap_type;
1007 n_type->sadb_x_nat_t_type_reserved[0] = 0;
1008 n_type->sadb_x_nat_t_type_reserved[1] = 0;
1009 n_type->sadb_x_nat_t_type_reserved[2] = 0;
1010
1011 /* source port */
1012 n_port = skb_put(skb, sizeof(*n_port));
1013 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
1014 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
1015 n_port->sadb_x_nat_t_port_port = natt->encap_sport;
1016 n_port->sadb_x_nat_t_port_reserved = 0;
1017
1018 /* dest port */
1019 n_port = skb_put(skb, sizeof(*n_port));
1020 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
1021 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
1022 n_port->sadb_x_nat_t_port_port = natt->encap_dport;
1023 n_port->sadb_x_nat_t_port_reserved = 0;
1024 }
1025
1026 /* security context */
1027 if (xfrm_ctx) {
1028 sec_ctx = skb_put(skb,
1029 sizeof(struct sadb_x_sec_ctx) + ctx_size);
1030 sec_ctx->sadb_x_sec_len =
1031 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
1032 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
1033 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
1034 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
1035 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
1036 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
1037 xfrm_ctx->ctx_len);
1038 }
1039
1040 return skb;
1041}
1042
1043
1044static inline struct sk_buff *pfkey_xfrm_state2msg(const struct xfrm_state *x)
1045{
1046 struct sk_buff *skb;
1047
1048 skb = __pfkey_xfrm_state2msg(x, 1, 3);
1049
1050 return skb;
1051}
1052
1053static inline struct sk_buff *pfkey_xfrm_state2msg_expire(const struct xfrm_state *x,
1054 int hsc)
1055{
1056 return __pfkey_xfrm_state2msg(x, 0, hsc);
1057}
1058
1059static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1060 const struct sadb_msg *hdr,
1061 void * const *ext_hdrs)
1062{
1063 struct xfrm_state *x;
1064 const struct sadb_lifetime *lifetime;
1065 const struct sadb_sa *sa;
1066 const struct sadb_key *key;
1067 const struct sadb_x_sec_ctx *sec_ctx;
1068 uint16_t proto;
1069 int err;
1070
1071
1072 sa = ext_hdrs[SADB_EXT_SA - 1];
1073 if (!sa ||
1074 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1075 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1076 return ERR_PTR(-EINVAL);
1077 if (hdr->sadb_msg_satype == SADB_SATYPE_ESP &&
1078 !ext_hdrs[SADB_EXT_KEY_ENCRYPT-1])
1079 return ERR_PTR(-EINVAL);
1080 if (hdr->sadb_msg_satype == SADB_SATYPE_AH &&
1081 !ext_hdrs[SADB_EXT_KEY_AUTH-1])
1082 return ERR_PTR(-EINVAL);
1083 if (!!ext_hdrs[SADB_EXT_LIFETIME_HARD-1] !=
1084 !!ext_hdrs[SADB_EXT_LIFETIME_SOFT-1])
1085 return ERR_PTR(-EINVAL);
1086
1087 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1088 if (proto == 0)
1089 return ERR_PTR(-EINVAL);
1090
1091 /* default error is no buffer space */
1092 err = -ENOBUFS;
1093
1094 /* RFC2367:
1095
1096 Only SADB_SASTATE_MATURE SAs may be submitted in an SADB_ADD message.
1097 SADB_SASTATE_LARVAL SAs are created by SADB_GETSPI and it is not
1098 sensible to add a new SA in the DYING or SADB_SASTATE_DEAD state.
1099 Therefore, the sadb_sa_state field of all submitted SAs MUST be
1100 SADB_SASTATE_MATURE and the kernel MUST return an error if this is
1101 not true.
1102
1103 However, KAME setkey always uses SADB_SASTATE_LARVAL.
1104 Hence, we have to _ignore_ sadb_sa_state, which is also reasonable.
1105 */
1106 if (sa->sadb_sa_auth > SADB_AALG_MAX ||
1107 (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP &&
1108 sa->sadb_sa_encrypt > SADB_X_CALG_MAX) ||
1109 sa->sadb_sa_encrypt > SADB_EALG_MAX)
1110 return ERR_PTR(-EINVAL);
1111 key = ext_hdrs[SADB_EXT_KEY_AUTH - 1];
1112 if (key != NULL &&
1113 sa->sadb_sa_auth != SADB_X_AALG_NULL &&
1114 key->sadb_key_bits == 0)
1115 return ERR_PTR(-EINVAL);
1116 key = ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
1117 if (key != NULL &&
1118 sa->sadb_sa_encrypt != SADB_EALG_NULL &&
1119 key->sadb_key_bits == 0)
1120 return ERR_PTR(-EINVAL);
1121
1122 x = xfrm_state_alloc(net);
1123 if (x == NULL)
1124 return ERR_PTR(-ENOBUFS);
1125
1126 x->id.proto = proto;
1127 x->id.spi = sa->sadb_sa_spi;
1128 x->props.replay_window = min_t(unsigned int, sa->sadb_sa_replay,
1129 (sizeof(x->replay.bitmap) * 8));
1130 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOECN)
1131 x->props.flags |= XFRM_STATE_NOECN;
1132 if (sa->sadb_sa_flags & SADB_SAFLAGS_DECAP_DSCP)
1133 x->props.flags |= XFRM_STATE_DECAP_DSCP;
1134 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC)
1135 x->props.flags |= XFRM_STATE_NOPMTUDISC;
1136
1137 lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD - 1];
1138 if (lifetime != NULL) {
1139 x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1140 x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1141 x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1142 x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1143 }
1144 lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT - 1];
1145 if (lifetime != NULL) {
1146 x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1147 x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1148 x->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1149 x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1150 }
1151
1152 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
1153 if (sec_ctx != NULL) {
1154 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
1155
1156 if (!uctx)
1157 goto out;
1158
1159 err = security_xfrm_state_alloc(x, uctx);
1160 kfree(uctx);
1161
1162 if (err)
1163 goto out;
1164 }
1165
1166 err = -ENOBUFS;
1167 key = ext_hdrs[SADB_EXT_KEY_AUTH - 1];
1168 if (sa->sadb_sa_auth) {
1169 int keysize = 0;
1170 struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth);
1171 if (!a || !a->pfkey_supported) {
1172 err = -ENOSYS;
1173 goto out;
1174 }
1175 if (key)
1176 keysize = (key->sadb_key_bits + 7) / 8;
1177 x->aalg = kmalloc(sizeof(*x->aalg) + keysize, GFP_KERNEL);
1178 if (!x->aalg) {
1179 err = -ENOMEM;
1180 goto out;
1181 }
1182 strcpy(x->aalg->alg_name, a->name);
1183 x->aalg->alg_key_len = 0;
1184 if (key) {
1185 x->aalg->alg_key_len = key->sadb_key_bits;
1186 memcpy(x->aalg->alg_key, key+1, keysize);
1187 }
1188 x->aalg->alg_trunc_len = a->uinfo.auth.icv_truncbits;
1189 x->props.aalgo = sa->sadb_sa_auth;
1190 /* x->algo.flags = sa->sadb_sa_flags; */
1191 }
1192 if (sa->sadb_sa_encrypt) {
1193 if (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
1194 struct xfrm_algo_desc *a = xfrm_calg_get_byid(sa->sadb_sa_encrypt);
1195 if (!a || !a->pfkey_supported) {
1196 err = -ENOSYS;
1197 goto out;
1198 }
1199 x->calg = kmalloc(sizeof(*x->calg), GFP_KERNEL);
1200 if (!x->calg) {
1201 err = -ENOMEM;
1202 goto out;
1203 }
1204 strcpy(x->calg->alg_name, a->name);
1205 x->props.calgo = sa->sadb_sa_encrypt;
1206 } else {
1207 int keysize = 0;
1208 struct xfrm_algo_desc *a = xfrm_ealg_get_byid(sa->sadb_sa_encrypt);
1209 if (!a || !a->pfkey_supported) {
1210 err = -ENOSYS;
1211 goto out;
1212 }
1213 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
1214 if (key)
1215 keysize = (key->sadb_key_bits + 7) / 8;
1216 x->ealg = kmalloc(sizeof(*x->ealg) + keysize, GFP_KERNEL);
1217 if (!x->ealg) {
1218 err = -ENOMEM;
1219 goto out;
1220 }
1221 strcpy(x->ealg->alg_name, a->name);
1222 x->ealg->alg_key_len = 0;
1223 if (key) {
1224 x->ealg->alg_key_len = key->sadb_key_bits;
1225 memcpy(x->ealg->alg_key, key+1, keysize);
1226 }
1227 x->props.ealgo = sa->sadb_sa_encrypt;
1228 x->geniv = a->uinfo.encr.geniv;
1229 }
1230 }
1231 /* x->algo.flags = sa->sadb_sa_flags; */
1232
1233 x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1234 &x->props.saddr);
1235 pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1],
1236 &x->id.daddr);
1237
1238 if (ext_hdrs[SADB_X_EXT_SA2-1]) {
1239 const struct sadb_x_sa2 *sa2 = ext_hdrs[SADB_X_EXT_SA2-1];
1240 int mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1241 if (mode < 0) {
1242 err = -EINVAL;
1243 goto out;
1244 }
1245 x->props.mode = mode;
1246 x->props.reqid = sa2->sadb_x_sa2_reqid;
1247 }
1248
1249 if (ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]) {
1250 const struct sadb_address *addr = ext_hdrs[SADB_EXT_ADDRESS_PROXY-1];
1251
1252 /* Nobody uses this, but we try. */
1253 x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr);
1254 x->sel.prefixlen_s = addr->sadb_address_prefixlen;
1255 }
1256
1257 if (!x->sel.family)
1258 x->sel.family = x->props.family;
1259
1260 if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) {
1261 const struct sadb_x_nat_t_type* n_type;
1262 struct xfrm_encap_tmpl *natt;
1263
1264 x->encap = kzalloc(sizeof(*x->encap), GFP_KERNEL);
1265 if (!x->encap) {
1266 err = -ENOMEM;
1267 goto out;
1268 }
1269
1270 natt = x->encap;
1271 n_type = ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1];
1272 natt->encap_type = n_type->sadb_x_nat_t_type_type;
1273
1274 if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) {
1275 const struct sadb_x_nat_t_port *n_port =
1276 ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1];
1277 natt->encap_sport = n_port->sadb_x_nat_t_port_port;
1278 }
1279 if (ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]) {
1280 const struct sadb_x_nat_t_port *n_port =
1281 ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1];
1282 natt->encap_dport = n_port->sadb_x_nat_t_port_port;
1283 }
1284 }
1285
1286 err = xfrm_init_state(x);
1287 if (err)
1288 goto out;
1289
1290 x->km.seq = hdr->sadb_msg_seq;
1291 return x;
1292
1293out:
1294 x->km.state = XFRM_STATE_DEAD;
1295 xfrm_state_put(x);
1296 return ERR_PTR(err);
1297}
1298
1299static int pfkey_reserved(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1300{
1301 return -EOPNOTSUPP;
1302}
1303
1304static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1305{
1306 struct net *net = sock_net(sk);
1307 struct sk_buff *resp_skb;
1308 struct sadb_x_sa2 *sa2;
1309 struct sadb_address *saddr, *daddr;
1310 struct sadb_msg *out_hdr;
1311 struct sadb_spirange *range;
1312 struct xfrm_state *x = NULL;
1313 int mode;
1314 int err;
1315 u32 min_spi, max_spi;
1316 u32 reqid;
1317 u8 proto;
1318 unsigned short family;
1319 xfrm_address_t *xsaddr = NULL, *xdaddr = NULL;
1320
1321 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1322 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1323 return -EINVAL;
1324
1325 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1326 if (proto == 0)
1327 return -EINVAL;
1328
1329 if ((sa2 = ext_hdrs[SADB_X_EXT_SA2-1]) != NULL) {
1330 mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1331 if (mode < 0)
1332 return -EINVAL;
1333 reqid = sa2->sadb_x_sa2_reqid;
1334 } else {
1335 mode = 0;
1336 reqid = 0;
1337 }
1338
1339 saddr = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
1340 daddr = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
1341
1342 family = ((struct sockaddr *)(saddr + 1))->sa_family;
1343 switch (family) {
1344 case AF_INET:
1345 xdaddr = (xfrm_address_t *)&((struct sockaddr_in *)(daddr + 1))->sin_addr.s_addr;
1346 xsaddr = (xfrm_address_t *)&((struct sockaddr_in *)(saddr + 1))->sin_addr.s_addr;
1347 break;
1348#if IS_ENABLED(CONFIG_IPV6)
1349 case AF_INET6:
1350 xdaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(daddr + 1))->sin6_addr;
1351 xsaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(saddr + 1))->sin6_addr;
1352 break;
1353#endif
1354 }
1355
1356 if (hdr->sadb_msg_seq) {
1357 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq, UINT_MAX);
1358 if (x && !xfrm_addr_equal(&x->id.daddr, xdaddr, family)) {
1359 xfrm_state_put(x);
1360 x = NULL;
1361 }
1362 }
1363
1364 if (!x)
1365 x = xfrm_find_acq(net, &dummy_mark, mode, reqid, 0, UINT_MAX,
1366 proto, xdaddr, xsaddr, 1, family);
1367
1368 if (x == NULL)
1369 return -ENOENT;
1370
1371 min_spi = 0x100;
1372 max_spi = 0x0fffffff;
1373
1374 range = ext_hdrs[SADB_EXT_SPIRANGE-1];
1375 if (range) {
1376 min_spi = range->sadb_spirange_min;
1377 max_spi = range->sadb_spirange_max;
1378 }
1379
1380 err = verify_spi_info(x->id.proto, min_spi, max_spi, NULL);
1381 if (err) {
1382 xfrm_state_put(x);
1383 return err;
1384 }
1385
1386 err = xfrm_alloc_spi(x, min_spi, max_spi, NULL);
1387 resp_skb = err ? ERR_PTR(err) : pfkey_xfrm_state2msg(x);
1388
1389 if (IS_ERR(resp_skb)) {
1390 xfrm_state_put(x);
1391 return PTR_ERR(resp_skb);
1392 }
1393
1394 out_hdr = (struct sadb_msg *) resp_skb->data;
1395 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
1396 out_hdr->sadb_msg_type = SADB_GETSPI;
1397 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
1398 out_hdr->sadb_msg_errno = 0;
1399 out_hdr->sadb_msg_reserved = 0;
1400 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1401 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1402
1403 xfrm_state_put(x);
1404
1405 pfkey_broadcast(resp_skb, GFP_KERNEL, BROADCAST_ONE, sk, net);
1406
1407 return 0;
1408}
1409
1410static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1411{
1412 struct net *net = sock_net(sk);
1413 struct xfrm_state *x;
1414
1415 if (hdr->sadb_msg_len != sizeof(struct sadb_msg)/8)
1416 return -EOPNOTSUPP;
1417
1418 if (hdr->sadb_msg_seq == 0 || hdr->sadb_msg_errno == 0)
1419 return 0;
1420
1421 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq, UINT_MAX);
1422 if (x == NULL)
1423 return 0;
1424
1425 spin_lock_bh(&x->lock);
1426 if (x->km.state == XFRM_STATE_ACQ)
1427 x->km.state = XFRM_STATE_ERROR;
1428
1429 spin_unlock_bh(&x->lock);
1430 xfrm_state_put(x);
1431 return 0;
1432}
1433
1434static inline int event2poltype(int event)
1435{
1436 switch (event) {
1437 case XFRM_MSG_DELPOLICY:
1438 return SADB_X_SPDDELETE;
1439 case XFRM_MSG_NEWPOLICY:
1440 return SADB_X_SPDADD;
1441 case XFRM_MSG_UPDPOLICY:
1442 return SADB_X_SPDUPDATE;
1443 case XFRM_MSG_POLEXPIRE:
1444 // return SADB_X_SPDEXPIRE;
1445 default:
1446 pr_err("pfkey: Unknown policy event %d\n", event);
1447 break;
1448 }
1449
1450 return 0;
1451}
1452
1453static inline int event2keytype(int event)
1454{
1455 switch (event) {
1456 case XFRM_MSG_DELSA:
1457 return SADB_DELETE;
1458 case XFRM_MSG_NEWSA:
1459 return SADB_ADD;
1460 case XFRM_MSG_UPDSA:
1461 return SADB_UPDATE;
1462 case XFRM_MSG_EXPIRE:
1463 return SADB_EXPIRE;
1464 default:
1465 pr_err("pfkey: Unknown SA event %d\n", event);
1466 break;
1467 }
1468
1469 return 0;
1470}
1471
1472/* ADD/UPD/DEL */
1473static int key_notify_sa(struct xfrm_state *x, const struct km_event *c)
1474{
1475 struct sk_buff *skb;
1476 struct sadb_msg *hdr;
1477
1478 skb = pfkey_xfrm_state2msg(x);
1479
1480 if (IS_ERR(skb))
1481 return PTR_ERR(skb);
1482
1483 hdr = (struct sadb_msg *) skb->data;
1484 hdr->sadb_msg_version = PF_KEY_V2;
1485 hdr->sadb_msg_type = event2keytype(c->event);
1486 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1487 hdr->sadb_msg_errno = 0;
1488 hdr->sadb_msg_reserved = 0;
1489 hdr->sadb_msg_seq = c->seq;
1490 hdr->sadb_msg_pid = c->portid;
1491
1492 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xs_net(x));
1493
1494 return 0;
1495}
1496
1497static int pfkey_add(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1498{
1499 struct net *net = sock_net(sk);
1500 struct xfrm_state *x;
1501 int err;
1502 struct km_event c;
1503
1504 x = pfkey_msg2xfrm_state(net, hdr, ext_hdrs);
1505 if (IS_ERR(x))
1506 return PTR_ERR(x);
1507
1508 xfrm_state_hold(x);
1509 if (hdr->sadb_msg_type == SADB_ADD)
1510 err = xfrm_state_add(x);
1511 else
1512 err = xfrm_state_update(x);
1513
1514 xfrm_audit_state_add(x, err ? 0 : 1, true);
1515
1516 if (err < 0) {
1517 x->km.state = XFRM_STATE_DEAD;
1518 __xfrm_state_put(x);
1519 goto out;
1520 }
1521
1522 if (hdr->sadb_msg_type == SADB_ADD)
1523 c.event = XFRM_MSG_NEWSA;
1524 else
1525 c.event = XFRM_MSG_UPDSA;
1526 c.seq = hdr->sadb_msg_seq;
1527 c.portid = hdr->sadb_msg_pid;
1528 km_state_notify(x, &c);
1529out:
1530 xfrm_state_put(x);
1531 return err;
1532}
1533
1534static int pfkey_delete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1535{
1536 struct net *net = sock_net(sk);
1537 struct xfrm_state *x;
1538 struct km_event c;
1539 int err;
1540
1541 if (!ext_hdrs[SADB_EXT_SA-1] ||
1542 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1543 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1544 return -EINVAL;
1545
1546 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs);
1547 if (x == NULL)
1548 return -ESRCH;
1549
1550 if ((err = security_xfrm_state_delete(x)))
1551 goto out;
1552
1553 if (xfrm_state_kern(x)) {
1554 err = -EPERM;
1555 goto out;
1556 }
1557
1558 err = xfrm_state_delete(x);
1559
1560 if (err < 0)
1561 goto out;
1562
1563 c.seq = hdr->sadb_msg_seq;
1564 c.portid = hdr->sadb_msg_pid;
1565 c.event = XFRM_MSG_DELSA;
1566 km_state_notify(x, &c);
1567out:
1568 xfrm_audit_state_delete(x, err ? 0 : 1, true);
1569 xfrm_state_put(x);
1570
1571 return err;
1572}
1573
1574static int pfkey_get(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1575{
1576 struct net *net = sock_net(sk);
1577 __u8 proto;
1578 struct sk_buff *out_skb;
1579 struct sadb_msg *out_hdr;
1580 struct xfrm_state *x;
1581
1582 if (!ext_hdrs[SADB_EXT_SA-1] ||
1583 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1584 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1585 return -EINVAL;
1586
1587 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs);
1588 if (x == NULL)
1589 return -ESRCH;
1590
1591 out_skb = pfkey_xfrm_state2msg(x);
1592 proto = x->id.proto;
1593 xfrm_state_put(x);
1594 if (IS_ERR(out_skb))
1595 return PTR_ERR(out_skb);
1596
1597 out_hdr = (struct sadb_msg *) out_skb->data;
1598 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
1599 out_hdr->sadb_msg_type = SADB_GET;
1600 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
1601 out_hdr->sadb_msg_errno = 0;
1602 out_hdr->sadb_msg_reserved = 0;
1603 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1604 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1605 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk));
1606
1607 return 0;
1608}
1609
1610static struct sk_buff *compose_sadb_supported(const struct sadb_msg *orig,
1611 gfp_t allocation)
1612{
1613 struct sk_buff *skb;
1614 struct sadb_msg *hdr;
1615 int len, auth_len, enc_len, i;
1616
1617 auth_len = xfrm_count_pfkey_auth_supported();
1618 if (auth_len) {
1619 auth_len *= sizeof(struct sadb_alg);
1620 auth_len += sizeof(struct sadb_supported);
1621 }
1622
1623 enc_len = xfrm_count_pfkey_enc_supported();
1624 if (enc_len) {
1625 enc_len *= sizeof(struct sadb_alg);
1626 enc_len += sizeof(struct sadb_supported);
1627 }
1628
1629 len = enc_len + auth_len + sizeof(struct sadb_msg);
1630
1631 skb = alloc_skb(len + 16, allocation);
1632 if (!skb)
1633 goto out_put_algs;
1634
1635 hdr = skb_put(skb, sizeof(*hdr));
1636 pfkey_hdr_dup(hdr, orig);
1637 hdr->sadb_msg_errno = 0;
1638 hdr->sadb_msg_len = len / sizeof(uint64_t);
1639
1640 if (auth_len) {
1641 struct sadb_supported *sp;
1642 struct sadb_alg *ap;
1643
1644 sp = skb_put(skb, auth_len);
1645 ap = (struct sadb_alg *) (sp + 1);
1646
1647 sp->sadb_supported_len = auth_len / sizeof(uint64_t);
1648 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
1649
1650 for (i = 0; ; i++) {
1651 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
1652 if (!aalg)
1653 break;
1654 if (!aalg->pfkey_supported)
1655 continue;
1656 if (aalg->available)
1657 *ap++ = aalg->desc;
1658 }
1659 }
1660
1661 if (enc_len) {
1662 struct sadb_supported *sp;
1663 struct sadb_alg *ap;
1664
1665 sp = skb_put(skb, enc_len);
1666 ap = (struct sadb_alg *) (sp + 1);
1667
1668 sp->sadb_supported_len = enc_len / sizeof(uint64_t);
1669 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
1670
1671 for (i = 0; ; i++) {
1672 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
1673 if (!ealg)
1674 break;
1675 if (!ealg->pfkey_supported)
1676 continue;
1677 if (ealg->available)
1678 *ap++ = ealg->desc;
1679 }
1680 }
1681
1682out_put_algs:
1683 return skb;
1684}
1685
1686static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1687{
1688 struct pfkey_sock *pfk = pfkey_sk(sk);
1689 struct sk_buff *supp_skb;
1690
1691 if (hdr->sadb_msg_satype > SADB_SATYPE_MAX)
1692 return -EINVAL;
1693
1694 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) {
1695 if (pfk->registered&(1<<hdr->sadb_msg_satype))
1696 return -EEXIST;
1697 pfk->registered |= (1<<hdr->sadb_msg_satype);
1698 }
1699
1700 mutex_lock(&pfkey_mutex);
1701 xfrm_probe_algs();
1702
1703 supp_skb = compose_sadb_supported(hdr, GFP_KERNEL | __GFP_ZERO);
1704 mutex_unlock(&pfkey_mutex);
1705
1706 if (!supp_skb) {
1707 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
1708 pfk->registered &= ~(1<<hdr->sadb_msg_satype);
1709
1710 return -ENOBUFS;
1711 }
1712
1713 pfkey_broadcast(supp_skb, GFP_KERNEL, BROADCAST_REGISTERED, sk,
1714 sock_net(sk));
1715 return 0;
1716}
1717
1718static int unicast_flush_resp(struct sock *sk, const struct sadb_msg *ihdr)
1719{
1720 struct sk_buff *skb;
1721 struct sadb_msg *hdr;
1722
1723 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
1724 if (!skb)
1725 return -ENOBUFS;
1726
1727 hdr = skb_put_data(skb, ihdr, sizeof(struct sadb_msg));
1728 hdr->sadb_msg_errno = (uint8_t) 0;
1729 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
1730
1731 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk,
1732 sock_net(sk));
1733}
1734
1735static int key_notify_sa_flush(const struct km_event *c)
1736{
1737 struct sk_buff *skb;
1738 struct sadb_msg *hdr;
1739
1740 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
1741 if (!skb)
1742 return -ENOBUFS;
1743 hdr = skb_put(skb, sizeof(struct sadb_msg));
1744 hdr->sadb_msg_satype = pfkey_proto2satype(c->data.proto);
1745 hdr->sadb_msg_type = SADB_FLUSH;
1746 hdr->sadb_msg_seq = c->seq;
1747 hdr->sadb_msg_pid = c->portid;
1748 hdr->sadb_msg_version = PF_KEY_V2;
1749 hdr->sadb_msg_errno = (uint8_t) 0;
1750 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
1751 hdr->sadb_msg_reserved = 0;
1752
1753 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
1754
1755 return 0;
1756}
1757
1758static int pfkey_flush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1759{
1760 struct net *net = sock_net(sk);
1761 unsigned int proto;
1762 struct km_event c;
1763 int err, err2;
1764
1765 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1766 if (proto == 0)
1767 return -EINVAL;
1768
1769 err = xfrm_state_flush(net, proto, true, false);
1770 err2 = unicast_flush_resp(sk, hdr);
1771 if (err || err2) {
1772 if (err == -ESRCH) /* empty table - go quietly */
1773 err = 0;
1774 return err ? err : err2;
1775 }
1776
1777 c.data.proto = proto;
1778 c.seq = hdr->sadb_msg_seq;
1779 c.portid = hdr->sadb_msg_pid;
1780 c.event = XFRM_MSG_FLUSHSA;
1781 c.net = net;
1782 km_state_notify(NULL, &c);
1783
1784 return 0;
1785}
1786
1787static int dump_sa(struct xfrm_state *x, int count, void *ptr)
1788{
1789 struct pfkey_sock *pfk = ptr;
1790 struct sk_buff *out_skb;
1791 struct sadb_msg *out_hdr;
1792
1793 if (!pfkey_can_dump(&pfk->sk))
1794 return -ENOBUFS;
1795
1796 out_skb = pfkey_xfrm_state2msg(x);
1797 if (IS_ERR(out_skb))
1798 return PTR_ERR(out_skb);
1799
1800 out_hdr = (struct sadb_msg *) out_skb->data;
1801 out_hdr->sadb_msg_version = pfk->dump.msg_version;
1802 out_hdr->sadb_msg_type = SADB_DUMP;
1803 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1804 out_hdr->sadb_msg_errno = 0;
1805 out_hdr->sadb_msg_reserved = 0;
1806 out_hdr->sadb_msg_seq = count + 1;
1807 out_hdr->sadb_msg_pid = pfk->dump.msg_portid;
1808
1809 if (pfk->dump.skb)
1810 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
1811 &pfk->sk, sock_net(&pfk->sk));
1812 pfk->dump.skb = out_skb;
1813
1814 return 0;
1815}
1816
1817static int pfkey_dump_sa(struct pfkey_sock *pfk)
1818{
1819 struct net *net = sock_net(&pfk->sk);
1820 return xfrm_state_walk(net, &pfk->dump.u.state, dump_sa, (void *) pfk);
1821}
1822
1823static void pfkey_dump_sa_done(struct pfkey_sock *pfk)
1824{
1825 struct net *net = sock_net(&pfk->sk);
1826
1827 xfrm_state_walk_done(&pfk->dump.u.state, net);
1828}
1829
1830static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1831{
1832 u8 proto;
1833 struct xfrm_address_filter *filter = NULL;
1834 struct pfkey_sock *pfk = pfkey_sk(sk);
1835
1836 mutex_lock(&pfk->dump_lock);
1837 if (pfk->dump.dump != NULL) {
1838 mutex_unlock(&pfk->dump_lock);
1839 return -EBUSY;
1840 }
1841
1842 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1843 if (proto == 0) {
1844 mutex_unlock(&pfk->dump_lock);
1845 return -EINVAL;
1846 }
1847
1848 if (ext_hdrs[SADB_X_EXT_FILTER - 1]) {
1849 struct sadb_x_filter *xfilter = ext_hdrs[SADB_X_EXT_FILTER - 1];
1850
1851 if ((xfilter->sadb_x_filter_splen >
1852 (sizeof(xfrm_address_t) << 3)) ||
1853 (xfilter->sadb_x_filter_dplen >
1854 (sizeof(xfrm_address_t) << 3))) {
1855 mutex_unlock(&pfk->dump_lock);
1856 return -EINVAL;
1857 }
1858 filter = kmalloc(sizeof(*filter), GFP_KERNEL);
1859 if (filter == NULL) {
1860 mutex_unlock(&pfk->dump_lock);
1861 return -ENOMEM;
1862 }
1863
1864 memcpy(&filter->saddr, &xfilter->sadb_x_filter_saddr,
1865 sizeof(xfrm_address_t));
1866 memcpy(&filter->daddr, &xfilter->sadb_x_filter_daddr,
1867 sizeof(xfrm_address_t));
1868 filter->family = xfilter->sadb_x_filter_family;
1869 filter->splen = xfilter->sadb_x_filter_splen;
1870 filter->dplen = xfilter->sadb_x_filter_dplen;
1871 }
1872
1873 pfk->dump.msg_version = hdr->sadb_msg_version;
1874 pfk->dump.msg_portid = hdr->sadb_msg_pid;
1875 pfk->dump.dump = pfkey_dump_sa;
1876 pfk->dump.done = pfkey_dump_sa_done;
1877 xfrm_state_walk_init(&pfk->dump.u.state, proto, filter);
1878 mutex_unlock(&pfk->dump_lock);
1879
1880 return pfkey_do_dump(pfk);
1881}
1882
1883static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1884{
1885 struct pfkey_sock *pfk = pfkey_sk(sk);
1886 int satype = hdr->sadb_msg_satype;
1887 bool reset_errno = false;
1888
1889 if (hdr->sadb_msg_len == (sizeof(*hdr) / sizeof(uint64_t))) {
1890 reset_errno = true;
1891 if (satype != 0 && satype != 1)
1892 return -EINVAL;
1893 pfk->promisc = satype;
1894 }
1895 if (reset_errno && skb_cloned(skb))
1896 skb = skb_copy(skb, GFP_KERNEL);
1897 else
1898 skb = skb_clone(skb, GFP_KERNEL);
1899
1900 if (reset_errno && skb) {
1901 struct sadb_msg *new_hdr = (struct sadb_msg *) skb->data;
1902 new_hdr->sadb_msg_errno = 0;
1903 }
1904
1905 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ALL, NULL, sock_net(sk));
1906 return 0;
1907}
1908
1909static int check_reqid(struct xfrm_policy *xp, int dir, int count, void *ptr)
1910{
1911 int i;
1912 u32 reqid = *(u32*)ptr;
1913
1914 for (i=0; i<xp->xfrm_nr; i++) {
1915 if (xp->xfrm_vec[i].reqid == reqid)
1916 return -EEXIST;
1917 }
1918 return 0;
1919}
1920
1921static u32 gen_reqid(struct net *net)
1922{
1923 struct xfrm_policy_walk walk;
1924 u32 start;
1925 int rc;
1926 static u32 reqid = IPSEC_MANUAL_REQID_MAX;
1927
1928 start = reqid;
1929 do {
1930 ++reqid;
1931 if (reqid == 0)
1932 reqid = IPSEC_MANUAL_REQID_MAX+1;
1933 xfrm_policy_walk_init(&walk, XFRM_POLICY_TYPE_MAIN);
1934 rc = xfrm_policy_walk(net, &walk, check_reqid, (void*)&reqid);
1935 xfrm_policy_walk_done(&walk, net);
1936 if (rc != -EEXIST)
1937 return reqid;
1938 } while (reqid != start);
1939 return 0;
1940}
1941
1942static int
1943parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_policy *pol,
1944 struct sadb_x_ipsecrequest *rq)
1945{
1946 struct net *net = xp_net(xp);
1947 struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr;
1948 int mode;
1949
1950 if (xp->xfrm_nr >= XFRM_MAX_DEPTH)
1951 return -ELOOP;
1952
1953 if (rq->sadb_x_ipsecrequest_mode == 0)
1954 return -EINVAL;
1955 if (!xfrm_id_proto_valid(rq->sadb_x_ipsecrequest_proto))
1956 return -EINVAL;
1957
1958 t->id.proto = rq->sadb_x_ipsecrequest_proto;
1959 if ((mode = pfkey_mode_to_xfrm(rq->sadb_x_ipsecrequest_mode)) < 0)
1960 return -EINVAL;
1961 t->mode = mode;
1962 if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_USE) {
1963 if ((mode == XFRM_MODE_TUNNEL || mode == XFRM_MODE_BEET) &&
1964 pol->sadb_x_policy_dir == IPSEC_DIR_OUTBOUND)
1965 return -EINVAL;
1966 t->optional = 1;
1967 } else if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_UNIQUE) {
1968 t->reqid = rq->sadb_x_ipsecrequest_reqid;
1969 if (t->reqid > IPSEC_MANUAL_REQID_MAX)
1970 t->reqid = 0;
1971 if (!t->reqid && !(t->reqid = gen_reqid(net)))
1972 return -ENOBUFS;
1973 }
1974
1975 /* addresses present only in tunnel mode */
1976 if (t->mode == XFRM_MODE_TUNNEL) {
1977 int err;
1978
1979 err = parse_sockaddr_pair(
1980 (struct sockaddr *)(rq + 1),
1981 rq->sadb_x_ipsecrequest_len - sizeof(*rq),
1982 &t->saddr, &t->id.daddr, &t->encap_family);
1983 if (err)
1984 return err;
1985 } else
1986 t->encap_family = xp->family;
1987
1988 /* No way to set this via kame pfkey */
1989 t->allalgs = 1;
1990 xp->xfrm_nr++;
1991 return 0;
1992}
1993
1994static int
1995parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol)
1996{
1997 int err;
1998 int len = pol->sadb_x_policy_len*8 - sizeof(struct sadb_x_policy);
1999 struct sadb_x_ipsecrequest *rq = (void*)(pol+1);
2000
2001 if (pol->sadb_x_policy_len * 8 < sizeof(struct sadb_x_policy))
2002 return -EINVAL;
2003
2004 while (len >= sizeof(*rq)) {
2005 if (len < rq->sadb_x_ipsecrequest_len ||
2006 rq->sadb_x_ipsecrequest_len < sizeof(*rq))
2007 return -EINVAL;
2008
2009 if ((err = parse_ipsecrequest(xp, pol, rq)) < 0)
2010 return err;
2011 len -= rq->sadb_x_ipsecrequest_len;
2012 rq = (void*)((u8*)rq + rq->sadb_x_ipsecrequest_len);
2013 }
2014 return 0;
2015}
2016
2017static inline int pfkey_xfrm_policy2sec_ctx_size(const struct xfrm_policy *xp)
2018{
2019 struct xfrm_sec_ctx *xfrm_ctx = xp->security;
2020
2021 if (xfrm_ctx) {
2022 int len = sizeof(struct sadb_x_sec_ctx);
2023 len += xfrm_ctx->ctx_len;
2024 return PFKEY_ALIGN8(len);
2025 }
2026 return 0;
2027}
2028
2029static int pfkey_xfrm_policy2msg_size(const struct xfrm_policy *xp)
2030{
2031 const struct xfrm_tmpl *t;
2032 int sockaddr_size = pfkey_sockaddr_size(xp->family);
2033 int socklen = 0;
2034 int i;
2035
2036 for (i=0; i<xp->xfrm_nr; i++) {
2037 t = xp->xfrm_vec + i;
2038 socklen += pfkey_sockaddr_len(t->encap_family);
2039 }
2040
2041 return sizeof(struct sadb_msg) +
2042 (sizeof(struct sadb_lifetime) * 3) +
2043 (sizeof(struct sadb_address) * 2) +
2044 (sockaddr_size * 2) +
2045 sizeof(struct sadb_x_policy) +
2046 (xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) +
2047 (socklen * 2) +
2048 pfkey_xfrm_policy2sec_ctx_size(xp);
2049}
2050
2051static struct sk_buff * pfkey_xfrm_policy2msg_prep(const struct xfrm_policy *xp)
2052{
2053 struct sk_buff *skb;
2054 int size;
2055
2056 size = pfkey_xfrm_policy2msg_size(xp);
2057
2058 skb = alloc_skb(size + 16, GFP_ATOMIC);
2059 if (skb == NULL)
2060 return ERR_PTR(-ENOBUFS);
2061
2062 return skb;
2063}
2064
2065static int pfkey_xfrm_policy2msg(struct sk_buff *skb, const struct xfrm_policy *xp, int dir)
2066{
2067 struct sadb_msg *hdr;
2068 struct sadb_address *addr;
2069 struct sadb_lifetime *lifetime;
2070 struct sadb_x_policy *pol;
2071 struct sadb_x_sec_ctx *sec_ctx;
2072 struct xfrm_sec_ctx *xfrm_ctx;
2073 int i;
2074 int size;
2075 int sockaddr_size = pfkey_sockaddr_size(xp->family);
2076 int socklen = pfkey_sockaddr_len(xp->family);
2077
2078 size = pfkey_xfrm_policy2msg_size(xp);
2079
2080 /* call should fill header later */
2081 hdr = skb_put(skb, sizeof(struct sadb_msg));
2082 memset(hdr, 0, size); /* XXX do we need this ? */
2083
2084 /* src address */
2085 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
2086 addr->sadb_address_len =
2087 (sizeof(struct sadb_address)+sockaddr_size)/
2088 sizeof(uint64_t);
2089 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
2090 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2091 addr->sadb_address_prefixlen = xp->selector.prefixlen_s;
2092 addr->sadb_address_reserved = 0;
2093 if (!pfkey_sockaddr_fill(&xp->selector.saddr,
2094 xp->selector.sport,
2095 (struct sockaddr *) (addr + 1),
2096 xp->family))
2097 BUG();
2098
2099 /* dst address */
2100 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
2101 addr->sadb_address_len =
2102 (sizeof(struct sadb_address)+sockaddr_size)/
2103 sizeof(uint64_t);
2104 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
2105 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2106 addr->sadb_address_prefixlen = xp->selector.prefixlen_d;
2107 addr->sadb_address_reserved = 0;
2108
2109 pfkey_sockaddr_fill(&xp->selector.daddr, xp->selector.dport,
2110 (struct sockaddr *) (addr + 1),
2111 xp->family);
2112
2113 /* hard time */
2114 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
2115 lifetime->sadb_lifetime_len =
2116 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2117 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2118 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.hard_packet_limit);
2119 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.hard_byte_limit);
2120 lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds;
2121 lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds;
2122 /* soft time */
2123 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
2124 lifetime->sadb_lifetime_len =
2125 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2126 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
2127 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.soft_packet_limit);
2128 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.soft_byte_limit);
2129 lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds;
2130 lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds;
2131 /* current time */
2132 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
2133 lifetime->sadb_lifetime_len =
2134 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2135 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2136 lifetime->sadb_lifetime_allocations = xp->curlft.packets;
2137 lifetime->sadb_lifetime_bytes = xp->curlft.bytes;
2138 lifetime->sadb_lifetime_addtime = xp->curlft.add_time;
2139 lifetime->sadb_lifetime_usetime = xp->curlft.use_time;
2140
2141 pol = skb_put(skb, sizeof(struct sadb_x_policy));
2142 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
2143 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
2144 pol->sadb_x_policy_type = IPSEC_POLICY_DISCARD;
2145 if (xp->action == XFRM_POLICY_ALLOW) {
2146 if (xp->xfrm_nr)
2147 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
2148 else
2149 pol->sadb_x_policy_type = IPSEC_POLICY_NONE;
2150 }
2151 pol->sadb_x_policy_dir = dir+1;
2152 pol->sadb_x_policy_reserved = 0;
2153 pol->sadb_x_policy_id = xp->index;
2154 pol->sadb_x_policy_priority = xp->priority;
2155
2156 for (i=0; i<xp->xfrm_nr; i++) {
2157 const struct xfrm_tmpl *t = xp->xfrm_vec + i;
2158 struct sadb_x_ipsecrequest *rq;
2159 int req_size;
2160 int mode;
2161
2162 req_size = sizeof(struct sadb_x_ipsecrequest);
2163 if (t->mode == XFRM_MODE_TUNNEL) {
2164 socklen = pfkey_sockaddr_len(t->encap_family);
2165 req_size += socklen * 2;
2166 } else {
2167 size -= 2*socklen;
2168 }
2169 rq = skb_put(skb, req_size);
2170 pol->sadb_x_policy_len += req_size/8;
2171 memset(rq, 0, sizeof(*rq));
2172 rq->sadb_x_ipsecrequest_len = req_size;
2173 rq->sadb_x_ipsecrequest_proto = t->id.proto;
2174 if ((mode = pfkey_mode_from_xfrm(t->mode)) < 0)
2175 return -EINVAL;
2176 rq->sadb_x_ipsecrequest_mode = mode;
2177 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE;
2178 if (t->reqid)
2179 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
2180 if (t->optional)
2181 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_USE;
2182 rq->sadb_x_ipsecrequest_reqid = t->reqid;
2183
2184 if (t->mode == XFRM_MODE_TUNNEL) {
2185 u8 *sa = (void *)(rq + 1);
2186 pfkey_sockaddr_fill(&t->saddr, 0,
2187 (struct sockaddr *)sa,
2188 t->encap_family);
2189 pfkey_sockaddr_fill(&t->id.daddr, 0,
2190 (struct sockaddr *) (sa + socklen),
2191 t->encap_family);
2192 }
2193 }
2194
2195 /* security context */
2196 if ((xfrm_ctx = xp->security)) {
2197 int ctx_size = pfkey_xfrm_policy2sec_ctx_size(xp);
2198
2199 sec_ctx = skb_put(skb, ctx_size);
2200 sec_ctx->sadb_x_sec_len = ctx_size / sizeof(uint64_t);
2201 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
2202 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
2203 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
2204 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
2205 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
2206 xfrm_ctx->ctx_len);
2207 }
2208
2209 hdr->sadb_msg_len = size / sizeof(uint64_t);
2210 hdr->sadb_msg_reserved = refcount_read(&xp->refcnt);
2211
2212 return 0;
2213}
2214
2215static int key_notify_policy(struct xfrm_policy *xp, int dir, const struct km_event *c)
2216{
2217 struct sk_buff *out_skb;
2218 struct sadb_msg *out_hdr;
2219 int err;
2220
2221 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2222 if (IS_ERR(out_skb))
2223 return PTR_ERR(out_skb);
2224
2225 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2226 if (err < 0) {
2227 kfree_skb(out_skb);
2228 return err;
2229 }
2230
2231 out_hdr = (struct sadb_msg *) out_skb->data;
2232 out_hdr->sadb_msg_version = PF_KEY_V2;
2233
2234 if (c->data.byid && c->event == XFRM_MSG_DELPOLICY)
2235 out_hdr->sadb_msg_type = SADB_X_SPDDELETE2;
2236 else
2237 out_hdr->sadb_msg_type = event2poltype(c->event);
2238 out_hdr->sadb_msg_errno = 0;
2239 out_hdr->sadb_msg_seq = c->seq;
2240 out_hdr->sadb_msg_pid = c->portid;
2241 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp));
2242 return 0;
2243
2244}
2245
2246static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2247{
2248 struct net *net = sock_net(sk);
2249 int err = 0;
2250 struct sadb_lifetime *lifetime;
2251 struct sadb_address *sa;
2252 struct sadb_x_policy *pol;
2253 struct xfrm_policy *xp;
2254 struct km_event c;
2255 struct sadb_x_sec_ctx *sec_ctx;
2256
2257 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2258 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
2259 !ext_hdrs[SADB_X_EXT_POLICY-1])
2260 return -EINVAL;
2261
2262 pol = ext_hdrs[SADB_X_EXT_POLICY-1];
2263 if (pol->sadb_x_policy_type > IPSEC_POLICY_IPSEC)
2264 return -EINVAL;
2265 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2266 return -EINVAL;
2267
2268 xp = xfrm_policy_alloc(net, GFP_KERNEL);
2269 if (xp == NULL)
2270 return -ENOBUFS;
2271
2272 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
2273 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
2274 xp->priority = pol->sadb_x_policy_priority;
2275
2276 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
2277 xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
2278 xp->selector.family = xp->family;
2279 xp->selector.prefixlen_s = sa->sadb_address_prefixlen;
2280 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2281 xp->selector.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2282 if (xp->selector.sport)
2283 xp->selector.sport_mask = htons(0xffff);
2284
2285 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
2286 pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr);
2287 xp->selector.prefixlen_d = sa->sadb_address_prefixlen;
2288
2289 /* Amusing, we set this twice. KAME apps appear to set same value
2290 * in both addresses.
2291 */
2292 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2293
2294 xp->selector.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2295 if (xp->selector.dport)
2296 xp->selector.dport_mask = htons(0xffff);
2297
2298 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
2299 if (sec_ctx != NULL) {
2300 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
2301
2302 if (!uctx) {
2303 err = -ENOBUFS;
2304 goto out;
2305 }
2306
2307 err = security_xfrm_policy_alloc(&xp->security, uctx, GFP_KERNEL);
2308 kfree(uctx);
2309
2310 if (err)
2311 goto out;
2312 }
2313
2314 xp->lft.soft_byte_limit = XFRM_INF;
2315 xp->lft.hard_byte_limit = XFRM_INF;
2316 xp->lft.soft_packet_limit = XFRM_INF;
2317 xp->lft.hard_packet_limit = XFRM_INF;
2318 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD-1]) != NULL) {
2319 xp->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2320 xp->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2321 xp->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2322 xp->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2323 }
2324 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]) != NULL) {
2325 xp->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2326 xp->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2327 xp->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2328 xp->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2329 }
2330 xp->xfrm_nr = 0;
2331 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
2332 (err = parse_ipsecrequests(xp, pol)) < 0)
2333 goto out;
2334
2335 err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp,
2336 hdr->sadb_msg_type != SADB_X_SPDUPDATE);
2337
2338 xfrm_audit_policy_add(xp, err ? 0 : 1, true);
2339
2340 if (err)
2341 goto out;
2342
2343 if (hdr->sadb_msg_type == SADB_X_SPDUPDATE)
2344 c.event = XFRM_MSG_UPDPOLICY;
2345 else
2346 c.event = XFRM_MSG_NEWPOLICY;
2347
2348 c.seq = hdr->sadb_msg_seq;
2349 c.portid = hdr->sadb_msg_pid;
2350
2351 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2352 xfrm_pol_put(xp);
2353 return 0;
2354
2355out:
2356 xp->walk.dead = 1;
2357 xfrm_policy_destroy(xp);
2358 return err;
2359}
2360
2361static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2362{
2363 struct net *net = sock_net(sk);
2364 int err;
2365 struct sadb_address *sa;
2366 struct sadb_x_policy *pol;
2367 struct xfrm_policy *xp;
2368 struct xfrm_selector sel;
2369 struct km_event c;
2370 struct sadb_x_sec_ctx *sec_ctx;
2371 struct xfrm_sec_ctx *pol_ctx = NULL;
2372
2373 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2374 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
2375 !ext_hdrs[SADB_X_EXT_POLICY-1])
2376 return -EINVAL;
2377
2378 pol = ext_hdrs[SADB_X_EXT_POLICY-1];
2379 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2380 return -EINVAL;
2381
2382 memset(&sel, 0, sizeof(sel));
2383
2384 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
2385 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2386 sel.prefixlen_s = sa->sadb_address_prefixlen;
2387 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2388 sel.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2389 if (sel.sport)
2390 sel.sport_mask = htons(0xffff);
2391
2392 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
2393 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2394 sel.prefixlen_d = sa->sadb_address_prefixlen;
2395 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2396 sel.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2397 if (sel.dport)
2398 sel.dport_mask = htons(0xffff);
2399
2400 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
2401 if (sec_ctx != NULL) {
2402 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
2403
2404 if (!uctx)
2405 return -ENOMEM;
2406
2407 err = security_xfrm_policy_alloc(&pol_ctx, uctx, GFP_KERNEL);
2408 kfree(uctx);
2409 if (err)
2410 return err;
2411 }
2412
2413 xp = xfrm_policy_bysel_ctx(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN,
2414 pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
2415 1, &err);
2416 security_xfrm_policy_free(pol_ctx);
2417 if (xp == NULL)
2418 return -ENOENT;
2419
2420 xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
2421
2422 if (err)
2423 goto out;
2424
2425 c.seq = hdr->sadb_msg_seq;
2426 c.portid = hdr->sadb_msg_pid;
2427 c.data.byid = 0;
2428 c.event = XFRM_MSG_DELPOLICY;
2429 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2430
2431out:
2432 xfrm_pol_put(xp);
2433 return err;
2434}
2435
2436static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, const struct sadb_msg *hdr, int dir)
2437{
2438 int err;
2439 struct sk_buff *out_skb;
2440 struct sadb_msg *out_hdr;
2441 err = 0;
2442
2443 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2444 if (IS_ERR(out_skb)) {
2445 err = PTR_ERR(out_skb);
2446 goto out;
2447 }
2448 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2449 if (err < 0) {
2450 kfree_skb(out_skb);
2451 goto out;
2452 }
2453
2454 out_hdr = (struct sadb_msg *) out_skb->data;
2455 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
2456 out_hdr->sadb_msg_type = hdr->sadb_msg_type;
2457 out_hdr->sadb_msg_satype = 0;
2458 out_hdr->sadb_msg_errno = 0;
2459 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
2460 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
2461 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, xp_net(xp));
2462 err = 0;
2463
2464out:
2465 return err;
2466}
2467
2468static int pfkey_sockaddr_pair_size(sa_family_t family)
2469{
2470 return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2);
2471}
2472
2473static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
2474 xfrm_address_t *saddr, xfrm_address_t *daddr,
2475 u16 *family)
2476{
2477 int af, socklen;
2478
2479 if (ext_len < 2 || ext_len < pfkey_sockaddr_pair_size(sa->sa_family))
2480 return -EINVAL;
2481
2482 af = pfkey_sockaddr_extract(sa, saddr);
2483 if (!af)
2484 return -EINVAL;
2485
2486 socklen = pfkey_sockaddr_len(af);
2487 if (pfkey_sockaddr_extract((struct sockaddr *) (((u8 *)sa) + socklen),
2488 daddr) != af)
2489 return -EINVAL;
2490
2491 *family = af;
2492 return 0;
2493}
2494
2495#ifdef CONFIG_NET_KEY_MIGRATE
2496static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
2497 struct xfrm_migrate *m)
2498{
2499 int err;
2500 struct sadb_x_ipsecrequest *rq2;
2501 int mode;
2502
2503 if (len < sizeof(*rq1) ||
2504 len < rq1->sadb_x_ipsecrequest_len ||
2505 rq1->sadb_x_ipsecrequest_len < sizeof(*rq1))
2506 return -EINVAL;
2507
2508 /* old endoints */
2509 err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1),
2510 rq1->sadb_x_ipsecrequest_len - sizeof(*rq1),
2511 &m->old_saddr, &m->old_daddr,
2512 &m->old_family);
2513 if (err)
2514 return err;
2515
2516 rq2 = (struct sadb_x_ipsecrequest *)((u8 *)rq1 + rq1->sadb_x_ipsecrequest_len);
2517 len -= rq1->sadb_x_ipsecrequest_len;
2518
2519 if (len <= sizeof(*rq2) ||
2520 len < rq2->sadb_x_ipsecrequest_len ||
2521 rq2->sadb_x_ipsecrequest_len < sizeof(*rq2))
2522 return -EINVAL;
2523
2524 /* new endpoints */
2525 err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1),
2526 rq2->sadb_x_ipsecrequest_len - sizeof(*rq2),
2527 &m->new_saddr, &m->new_daddr,
2528 &m->new_family);
2529 if (err)
2530 return err;
2531
2532 if (rq1->sadb_x_ipsecrequest_proto != rq2->sadb_x_ipsecrequest_proto ||
2533 rq1->sadb_x_ipsecrequest_mode != rq2->sadb_x_ipsecrequest_mode ||
2534 rq1->sadb_x_ipsecrequest_reqid != rq2->sadb_x_ipsecrequest_reqid)
2535 return -EINVAL;
2536
2537 m->proto = rq1->sadb_x_ipsecrequest_proto;
2538 if ((mode = pfkey_mode_to_xfrm(rq1->sadb_x_ipsecrequest_mode)) < 0)
2539 return -EINVAL;
2540 m->mode = mode;
2541 m->reqid = rq1->sadb_x_ipsecrequest_reqid;
2542
2543 return ((int)(rq1->sadb_x_ipsecrequest_len +
2544 rq2->sadb_x_ipsecrequest_len));
2545}
2546
2547static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2548 const struct sadb_msg *hdr, void * const *ext_hdrs)
2549{
2550 int i, len, ret, err = -EINVAL;
2551 u8 dir;
2552 struct sadb_address *sa;
2553 struct sadb_x_kmaddress *kma;
2554 struct sadb_x_policy *pol;
2555 struct sadb_x_ipsecrequest *rq;
2556 struct xfrm_selector sel;
2557 struct xfrm_migrate m[XFRM_MAX_DEPTH];
2558 struct xfrm_kmaddress k;
2559 struct net *net = sock_net(sk);
2560
2561 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1],
2562 ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) ||
2563 !ext_hdrs[SADB_X_EXT_POLICY - 1]) {
2564 err = -EINVAL;
2565 goto out;
2566 }
2567
2568 kma = ext_hdrs[SADB_X_EXT_KMADDRESS - 1];
2569 pol = ext_hdrs[SADB_X_EXT_POLICY - 1];
2570
2571 if (pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) {
2572 err = -EINVAL;
2573 goto out;
2574 }
2575
2576 if (kma) {
2577 /* convert sadb_x_kmaddress to xfrm_kmaddress */
2578 k.reserved = kma->sadb_x_kmaddress_reserved;
2579 ret = parse_sockaddr_pair((struct sockaddr *)(kma + 1),
2580 8*(kma->sadb_x_kmaddress_len) - sizeof(*kma),
2581 &k.local, &k.remote, &k.family);
2582 if (ret < 0) {
2583 err = ret;
2584 goto out;
2585 }
2586 }
2587
2588 dir = pol->sadb_x_policy_dir - 1;
2589 memset(&sel, 0, sizeof(sel));
2590
2591 /* set source address info of selector */
2592 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC - 1];
2593 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2594 sel.prefixlen_s = sa->sadb_address_prefixlen;
2595 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2596 sel.sport = ((struct sockaddr_in *)(sa + 1))->sin_port;
2597 if (sel.sport)
2598 sel.sport_mask = htons(0xffff);
2599
2600 /* set destination address info of selector */
2601 sa = ext_hdrs[SADB_EXT_ADDRESS_DST - 1];
2602 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2603 sel.prefixlen_d = sa->sadb_address_prefixlen;
2604 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2605 sel.dport = ((struct sockaddr_in *)(sa + 1))->sin_port;
2606 if (sel.dport)
2607 sel.dport_mask = htons(0xffff);
2608
2609 rq = (struct sadb_x_ipsecrequest *)(pol + 1);
2610
2611 /* extract ipsecrequests */
2612 i = 0;
2613 len = pol->sadb_x_policy_len * 8 - sizeof(struct sadb_x_policy);
2614
2615 while (len > 0 && i < XFRM_MAX_DEPTH) {
2616 ret = ipsecrequests_to_migrate(rq, len, &m[i]);
2617 if (ret < 0) {
2618 err = ret;
2619 goto out;
2620 } else {
2621 rq = (struct sadb_x_ipsecrequest *)((u8 *)rq + ret);
2622 len -= ret;
2623 i++;
2624 }
2625 }
2626
2627 if (!i || len > 0) {
2628 err = -EINVAL;
2629 goto out;
2630 }
2631
2632 return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,
2633 kma ? &k : NULL, net, NULL, 0, NULL);
2634
2635 out:
2636 return err;
2637}
2638#else
2639static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2640 const struct sadb_msg *hdr, void * const *ext_hdrs)
2641{
2642 return -ENOPROTOOPT;
2643}
2644#endif
2645
2646
2647static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2648{
2649 struct net *net = sock_net(sk);
2650 unsigned int dir;
2651 int err = 0, delete;
2652 struct sadb_x_policy *pol;
2653 struct xfrm_policy *xp;
2654 struct km_event c;
2655
2656 if ((pol = ext_hdrs[SADB_X_EXT_POLICY-1]) == NULL)
2657 return -EINVAL;
2658
2659 dir = xfrm_policy_id2dir(pol->sadb_x_policy_id);
2660 if (dir >= XFRM_POLICY_MAX)
2661 return -EINVAL;
2662
2663 delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
2664 xp = xfrm_policy_byid(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN,
2665 dir, pol->sadb_x_policy_id, delete, &err);
2666 if (xp == NULL)
2667 return -ENOENT;
2668
2669 if (delete) {
2670 xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
2671
2672 if (err)
2673 goto out;
2674 c.seq = hdr->sadb_msg_seq;
2675 c.portid = hdr->sadb_msg_pid;
2676 c.data.byid = 1;
2677 c.event = XFRM_MSG_DELPOLICY;
2678 km_policy_notify(xp, dir, &c);
2679 } else {
2680 err = key_pol_get_resp(sk, xp, hdr, dir);
2681 }
2682
2683out:
2684 xfrm_pol_put(xp);
2685 return err;
2686}
2687
2688static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr)
2689{
2690 struct pfkey_sock *pfk = ptr;
2691 struct sk_buff *out_skb;
2692 struct sadb_msg *out_hdr;
2693 int err;
2694
2695 if (!pfkey_can_dump(&pfk->sk))
2696 return -ENOBUFS;
2697
2698 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2699 if (IS_ERR(out_skb))
2700 return PTR_ERR(out_skb);
2701
2702 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2703 if (err < 0) {
2704 kfree_skb(out_skb);
2705 return err;
2706 }
2707
2708 out_hdr = (struct sadb_msg *) out_skb->data;
2709 out_hdr->sadb_msg_version = pfk->dump.msg_version;
2710 out_hdr->sadb_msg_type = SADB_X_SPDDUMP;
2711 out_hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
2712 out_hdr->sadb_msg_errno = 0;
2713 out_hdr->sadb_msg_seq = count + 1;
2714 out_hdr->sadb_msg_pid = pfk->dump.msg_portid;
2715
2716 if (pfk->dump.skb)
2717 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
2718 &pfk->sk, sock_net(&pfk->sk));
2719 pfk->dump.skb = out_skb;
2720
2721 return 0;
2722}
2723
2724static int pfkey_dump_sp(struct pfkey_sock *pfk)
2725{
2726 struct net *net = sock_net(&pfk->sk);
2727 return xfrm_policy_walk(net, &pfk->dump.u.policy, dump_sp, (void *) pfk);
2728}
2729
2730static void pfkey_dump_sp_done(struct pfkey_sock *pfk)
2731{
2732 struct net *net = sock_net((struct sock *)pfk);
2733
2734 xfrm_policy_walk_done(&pfk->dump.u.policy, net);
2735}
2736
2737static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2738{
2739 struct pfkey_sock *pfk = pfkey_sk(sk);
2740
2741 mutex_lock(&pfk->dump_lock);
2742 if (pfk->dump.dump != NULL) {
2743 mutex_unlock(&pfk->dump_lock);
2744 return -EBUSY;
2745 }
2746
2747 pfk->dump.msg_version = hdr->sadb_msg_version;
2748 pfk->dump.msg_portid = hdr->sadb_msg_pid;
2749 pfk->dump.dump = pfkey_dump_sp;
2750 pfk->dump.done = pfkey_dump_sp_done;
2751 xfrm_policy_walk_init(&pfk->dump.u.policy, XFRM_POLICY_TYPE_MAIN);
2752 mutex_unlock(&pfk->dump_lock);
2753
2754 return pfkey_do_dump(pfk);
2755}
2756
2757static int key_notify_policy_flush(const struct km_event *c)
2758{
2759 struct sk_buff *skb_out;
2760 struct sadb_msg *hdr;
2761
2762 skb_out = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
2763 if (!skb_out)
2764 return -ENOBUFS;
2765 hdr = skb_put(skb_out, sizeof(struct sadb_msg));
2766 hdr->sadb_msg_type = SADB_X_SPDFLUSH;
2767 hdr->sadb_msg_seq = c->seq;
2768 hdr->sadb_msg_pid = c->portid;
2769 hdr->sadb_msg_version = PF_KEY_V2;
2770 hdr->sadb_msg_errno = (uint8_t) 0;
2771 hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
2772 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
2773 hdr->sadb_msg_reserved = 0;
2774 pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
2775 return 0;
2776
2777}
2778
2779static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2780{
2781 struct net *net = sock_net(sk);
2782 struct km_event c;
2783 int err, err2;
2784
2785 err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, true);
2786 err2 = unicast_flush_resp(sk, hdr);
2787 if (err || err2) {
2788 if (err == -ESRCH) /* empty table - old silent behavior */
2789 return 0;
2790 return err;
2791 }
2792
2793 c.data.type = XFRM_POLICY_TYPE_MAIN;
2794 c.event = XFRM_MSG_FLUSHPOLICY;
2795 c.portid = hdr->sadb_msg_pid;
2796 c.seq = hdr->sadb_msg_seq;
2797 c.net = net;
2798 km_policy_notify(NULL, 0, &c);
2799
2800 return 0;
2801}
2802
2803typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb,
2804 const struct sadb_msg *hdr, void * const *ext_hdrs);
2805static const pfkey_handler pfkey_funcs[SADB_MAX + 1] = {
2806 [SADB_RESERVED] = pfkey_reserved,
2807 [SADB_GETSPI] = pfkey_getspi,
2808 [SADB_UPDATE] = pfkey_add,
2809 [SADB_ADD] = pfkey_add,
2810 [SADB_DELETE] = pfkey_delete,
2811 [SADB_GET] = pfkey_get,
2812 [SADB_ACQUIRE] = pfkey_acquire,
2813 [SADB_REGISTER] = pfkey_register,
2814 [SADB_EXPIRE] = NULL,
2815 [SADB_FLUSH] = pfkey_flush,
2816 [SADB_DUMP] = pfkey_dump,
2817 [SADB_X_PROMISC] = pfkey_promisc,
2818 [SADB_X_PCHANGE] = NULL,
2819 [SADB_X_SPDUPDATE] = pfkey_spdadd,
2820 [SADB_X_SPDADD] = pfkey_spdadd,
2821 [SADB_X_SPDDELETE] = pfkey_spddelete,
2822 [SADB_X_SPDGET] = pfkey_spdget,
2823 [SADB_X_SPDACQUIRE] = NULL,
2824 [SADB_X_SPDDUMP] = pfkey_spddump,
2825 [SADB_X_SPDFLUSH] = pfkey_spdflush,
2826 [SADB_X_SPDSETIDX] = pfkey_spdadd,
2827 [SADB_X_SPDDELETE2] = pfkey_spdget,
2828 [SADB_X_MIGRATE] = pfkey_migrate,
2829};
2830
2831static int pfkey_process(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr)
2832{
2833 void *ext_hdrs[SADB_EXT_MAX];
2834 int err;
2835
2836 /* Non-zero return value of pfkey_broadcast() does not always signal
2837 * an error and even on an actual error we may still want to process
2838 * the message so rather ignore the return value.
2839 */
2840 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL,
2841 BROADCAST_PROMISC_ONLY, NULL, sock_net(sk));
2842
2843 memset(ext_hdrs, 0, sizeof(ext_hdrs));
2844 err = parse_exthdrs(skb, hdr, ext_hdrs);
2845 if (!err) {
2846 err = -EOPNOTSUPP;
2847 if (pfkey_funcs[hdr->sadb_msg_type])
2848 err = pfkey_funcs[hdr->sadb_msg_type](sk, skb, hdr, ext_hdrs);
2849 }
2850 return err;
2851}
2852
2853static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp)
2854{
2855 struct sadb_msg *hdr = NULL;
2856
2857 if (skb->len < sizeof(*hdr)) {
2858 *errp = -EMSGSIZE;
2859 } else {
2860 hdr = (struct sadb_msg *) skb->data;
2861 if (hdr->sadb_msg_version != PF_KEY_V2 ||
2862 hdr->sadb_msg_reserved != 0 ||
2863 (hdr->sadb_msg_type <= SADB_RESERVED ||
2864 hdr->sadb_msg_type > SADB_MAX)) {
2865 hdr = NULL;
2866 *errp = -EINVAL;
2867 } else if (hdr->sadb_msg_len != (skb->len /
2868 sizeof(uint64_t)) ||
2869 hdr->sadb_msg_len < (sizeof(struct sadb_msg) /
2870 sizeof(uint64_t))) {
2871 hdr = NULL;
2872 *errp = -EMSGSIZE;
2873 } else {
2874 *errp = 0;
2875 }
2876 }
2877 return hdr;
2878}
2879
2880static inline int aalg_tmpl_set(const struct xfrm_tmpl *t,
2881 const struct xfrm_algo_desc *d)
2882{
2883 unsigned int id = d->desc.sadb_alg_id;
2884
2885 if (id >= sizeof(t->aalgos) * 8)
2886 return 0;
2887
2888 return (t->aalgos >> id) & 1;
2889}
2890
2891static inline int ealg_tmpl_set(const struct xfrm_tmpl *t,
2892 const struct xfrm_algo_desc *d)
2893{
2894 unsigned int id = d->desc.sadb_alg_id;
2895
2896 if (id >= sizeof(t->ealgos) * 8)
2897 return 0;
2898
2899 return (t->ealgos >> id) & 1;
2900}
2901
2902static int count_ah_combs(const struct xfrm_tmpl *t)
2903{
2904 int i, sz = 0;
2905
2906 for (i = 0; ; i++) {
2907 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2908 if (!aalg)
2909 break;
2910 if (!aalg->pfkey_supported)
2911 continue;
2912 if (aalg_tmpl_set(t, aalg))
2913 sz += sizeof(struct sadb_comb);
2914 }
2915 return sz + sizeof(struct sadb_prop);
2916}
2917
2918static int count_esp_combs(const struct xfrm_tmpl *t)
2919{
2920 int i, k, sz = 0;
2921
2922 for (i = 0; ; i++) {
2923 const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2924 if (!ealg)
2925 break;
2926
2927 if (!ealg->pfkey_supported)
2928 continue;
2929
2930 if (!(ealg_tmpl_set(t, ealg)))
2931 continue;
2932
2933 for (k = 1; ; k++) {
2934 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
2935 if (!aalg)
2936 break;
2937
2938 if (!aalg->pfkey_supported)
2939 continue;
2940
2941 if (aalg_tmpl_set(t, aalg))
2942 sz += sizeof(struct sadb_comb);
2943 }
2944 }
2945 return sz + sizeof(struct sadb_prop);
2946}
2947
2948static int dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
2949{
2950 struct sadb_prop *p;
2951 int sz = 0;
2952 int i;
2953
2954 p = skb_put(skb, sizeof(struct sadb_prop));
2955 p->sadb_prop_len = sizeof(struct sadb_prop)/8;
2956 p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
2957 p->sadb_prop_replay = 32;
2958 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2959
2960 for (i = 0; ; i++) {
2961 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2962 if (!aalg)
2963 break;
2964
2965 if (!aalg->pfkey_supported)
2966 continue;
2967
2968 if (aalg_tmpl_set(t, aalg) && aalg->available) {
2969 struct sadb_comb *c;
2970 c = skb_put_zero(skb, sizeof(struct sadb_comb));
2971 p->sadb_prop_len += sizeof(struct sadb_comb)/8;
2972 c->sadb_comb_auth = aalg->desc.sadb_alg_id;
2973 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
2974 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
2975 c->sadb_comb_hard_addtime = 24*60*60;
2976 c->sadb_comb_soft_addtime = 20*60*60;
2977 c->sadb_comb_hard_usetime = 8*60*60;
2978 c->sadb_comb_soft_usetime = 7*60*60;
2979 sz += sizeof(*c);
2980 }
2981 }
2982
2983 return sz + sizeof(*p);
2984}
2985
2986static int dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
2987{
2988 struct sadb_prop *p;
2989 int sz = 0;
2990 int i, k;
2991
2992 p = skb_put(skb, sizeof(struct sadb_prop));
2993 p->sadb_prop_len = sizeof(struct sadb_prop)/8;
2994 p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
2995 p->sadb_prop_replay = 32;
2996 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2997
2998 for (i=0; ; i++) {
2999 const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
3000 if (!ealg)
3001 break;
3002
3003 if (!ealg->pfkey_supported)
3004 continue;
3005
3006 if (!(ealg_tmpl_set(t, ealg) && ealg->available))
3007 continue;
3008
3009 for (k = 1; ; k++) {
3010 struct sadb_comb *c;
3011 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
3012 if (!aalg)
3013 break;
3014 if (!aalg->pfkey_supported)
3015 continue;
3016 if (!(aalg_tmpl_set(t, aalg) && aalg->available))
3017 continue;
3018 c = skb_put(skb, sizeof(struct sadb_comb));
3019 memset(c, 0, sizeof(*c));
3020 p->sadb_prop_len += sizeof(struct sadb_comb)/8;
3021 c->sadb_comb_auth = aalg->desc.sadb_alg_id;
3022 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
3023 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
3024 c->sadb_comb_encrypt = ealg->desc.sadb_alg_id;
3025 c->sadb_comb_encrypt_minbits = ealg->desc.sadb_alg_minbits;
3026 c->sadb_comb_encrypt_maxbits = ealg->desc.sadb_alg_maxbits;
3027 c->sadb_comb_hard_addtime = 24*60*60;
3028 c->sadb_comb_soft_addtime = 20*60*60;
3029 c->sadb_comb_hard_usetime = 8*60*60;
3030 c->sadb_comb_soft_usetime = 7*60*60;
3031 sz += sizeof(*c);
3032 }
3033 }
3034
3035 return sz + sizeof(*p);
3036}
3037
3038static int key_notify_policy_expire(struct xfrm_policy *xp, const struct km_event *c)
3039{
3040 return 0;
3041}
3042
3043static int key_notify_sa_expire(struct xfrm_state *x, const struct km_event *c)
3044{
3045 struct sk_buff *out_skb;
3046 struct sadb_msg *out_hdr;
3047 int hard;
3048 int hsc;
3049
3050 hard = c->data.hard;
3051 if (hard)
3052 hsc = 2;
3053 else
3054 hsc = 1;
3055
3056 out_skb = pfkey_xfrm_state2msg_expire(x, hsc);
3057 if (IS_ERR(out_skb))
3058 return PTR_ERR(out_skb);
3059
3060 out_hdr = (struct sadb_msg *) out_skb->data;
3061 out_hdr->sadb_msg_version = PF_KEY_V2;
3062 out_hdr->sadb_msg_type = SADB_EXPIRE;
3063 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
3064 out_hdr->sadb_msg_errno = 0;
3065 out_hdr->sadb_msg_reserved = 0;
3066 out_hdr->sadb_msg_seq = 0;
3067 out_hdr->sadb_msg_pid = 0;
3068
3069 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3070 xs_net(x));
3071 return 0;
3072}
3073
3074static int pfkey_send_notify(struct xfrm_state *x, const struct km_event *c)
3075{
3076 struct net *net = x ? xs_net(x) : c->net;
3077 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3078
3079 if (atomic_read(&net_pfkey->socks_nr) == 0)
3080 return 0;
3081
3082 switch (c->event) {
3083 case XFRM_MSG_EXPIRE:
3084 return key_notify_sa_expire(x, c);
3085 case XFRM_MSG_DELSA:
3086 case XFRM_MSG_NEWSA:
3087 case XFRM_MSG_UPDSA:
3088 return key_notify_sa(x, c);
3089 case XFRM_MSG_FLUSHSA:
3090 return key_notify_sa_flush(c);
3091 case XFRM_MSG_NEWAE: /* not yet supported */
3092 break;
3093 default:
3094 pr_err("pfkey: Unknown SA event %d\n", c->event);
3095 break;
3096 }
3097
3098 return 0;
3099}
3100
3101static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
3102{
3103 if (xp && xp->type != XFRM_POLICY_TYPE_MAIN)
3104 return 0;
3105
3106 switch (c->event) {
3107 case XFRM_MSG_POLEXPIRE:
3108 return key_notify_policy_expire(xp, c);
3109 case XFRM_MSG_DELPOLICY:
3110 case XFRM_MSG_NEWPOLICY:
3111 case XFRM_MSG_UPDPOLICY:
3112 return key_notify_policy(xp, dir, c);
3113 case XFRM_MSG_FLUSHPOLICY:
3114 if (c->data.type != XFRM_POLICY_TYPE_MAIN)
3115 break;
3116 return key_notify_policy_flush(c);
3117 default:
3118 pr_err("pfkey: Unknown policy event %d\n", c->event);
3119 break;
3120 }
3121
3122 return 0;
3123}
3124
3125static u32 get_acqseq(void)
3126{
3127 u32 res;
3128 static atomic_t acqseq;
3129
3130 do {
3131 res = atomic_inc_return(&acqseq);
3132 } while (!res);
3133 return res;
3134}
3135
3136static bool pfkey_is_alive(const struct km_event *c)
3137{
3138 struct netns_pfkey *net_pfkey = net_generic(c->net, pfkey_net_id);
3139 struct sock *sk;
3140 bool is_alive = false;
3141
3142 rcu_read_lock();
3143 sk_for_each_rcu(sk, &net_pfkey->table) {
3144 if (pfkey_sk(sk)->registered) {
3145 is_alive = true;
3146 break;
3147 }
3148 }
3149 rcu_read_unlock();
3150
3151 return is_alive;
3152}
3153
3154static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp)
3155{
3156 struct sk_buff *skb;
3157 struct sadb_msg *hdr;
3158 struct sadb_address *addr;
3159 struct sadb_x_policy *pol;
3160 int sockaddr_size;
3161 int size;
3162 struct sadb_x_sec_ctx *sec_ctx;
3163 struct xfrm_sec_ctx *xfrm_ctx;
3164 int ctx_size = 0;
3165 int alg_size = 0;
3166
3167 sockaddr_size = pfkey_sockaddr_size(x->props.family);
3168 if (!sockaddr_size)
3169 return -EINVAL;
3170
3171 size = sizeof(struct sadb_msg) +
3172 (sizeof(struct sadb_address) * 2) +
3173 (sockaddr_size * 2) +
3174 sizeof(struct sadb_x_policy);
3175
3176 if (x->id.proto == IPPROTO_AH)
3177 alg_size = count_ah_combs(t);
3178 else if (x->id.proto == IPPROTO_ESP)
3179 alg_size = count_esp_combs(t);
3180
3181 if ((xfrm_ctx = x->security)) {
3182 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
3183 size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
3184 }
3185
3186 skb = alloc_skb(size + alg_size + 16, GFP_ATOMIC);
3187 if (skb == NULL)
3188 return -ENOMEM;
3189
3190 hdr = skb_put(skb, sizeof(struct sadb_msg));
3191 hdr->sadb_msg_version = PF_KEY_V2;
3192 hdr->sadb_msg_type = SADB_ACQUIRE;
3193 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
3194 hdr->sadb_msg_len = size / sizeof(uint64_t);
3195 hdr->sadb_msg_errno = 0;
3196 hdr->sadb_msg_reserved = 0;
3197 hdr->sadb_msg_seq = x->km.seq = get_acqseq();
3198 hdr->sadb_msg_pid = 0;
3199
3200 /* src address */
3201 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3202 addr->sadb_address_len =
3203 (sizeof(struct sadb_address)+sockaddr_size)/
3204 sizeof(uint64_t);
3205 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3206 addr->sadb_address_proto = 0;
3207 addr->sadb_address_reserved = 0;
3208 addr->sadb_address_prefixlen =
3209 pfkey_sockaddr_fill(&x->props.saddr, 0,
3210 (struct sockaddr *) (addr + 1),
3211 x->props.family);
3212 if (!addr->sadb_address_prefixlen)
3213 BUG();
3214
3215 /* dst address */
3216 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3217 addr->sadb_address_len =
3218 (sizeof(struct sadb_address)+sockaddr_size)/
3219 sizeof(uint64_t);
3220 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3221 addr->sadb_address_proto = 0;
3222 addr->sadb_address_reserved = 0;
3223 addr->sadb_address_prefixlen =
3224 pfkey_sockaddr_fill(&x->id.daddr, 0,
3225 (struct sockaddr *) (addr + 1),
3226 x->props.family);
3227 if (!addr->sadb_address_prefixlen)
3228 BUG();
3229
3230 pol = skb_put(skb, sizeof(struct sadb_x_policy));
3231 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
3232 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3233 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
3234 pol->sadb_x_policy_dir = XFRM_POLICY_OUT + 1;
3235 pol->sadb_x_policy_reserved = 0;
3236 pol->sadb_x_policy_id = xp->index;
3237 pol->sadb_x_policy_priority = xp->priority;
3238
3239 /* Set sadb_comb's. */
3240 alg_size = 0;
3241 if (x->id.proto == IPPROTO_AH)
3242 alg_size = dump_ah_combs(skb, t);
3243 else if (x->id.proto == IPPROTO_ESP)
3244 alg_size = dump_esp_combs(skb, t);
3245
3246 hdr->sadb_msg_len += alg_size / 8;
3247
3248 /* security context */
3249 if (xfrm_ctx) {
3250 sec_ctx = skb_put(skb,
3251 sizeof(struct sadb_x_sec_ctx) + ctx_size);
3252 sec_ctx->sadb_x_sec_len =
3253 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
3254 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
3255 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
3256 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
3257 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
3258 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
3259 xfrm_ctx->ctx_len);
3260 }
3261
3262 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3263 xs_net(x));
3264}
3265
3266static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
3267 u8 *data, int len, int *dir)
3268{
3269 struct net *net = sock_net(sk);
3270 struct xfrm_policy *xp;
3271 struct sadb_x_policy *pol = (struct sadb_x_policy*)data;
3272 struct sadb_x_sec_ctx *sec_ctx;
3273
3274 switch (sk->sk_family) {
3275 case AF_INET:
3276 if (opt != IP_IPSEC_POLICY) {
3277 *dir = -EOPNOTSUPP;
3278 return NULL;
3279 }
3280 break;
3281#if IS_ENABLED(CONFIG_IPV6)
3282 case AF_INET6:
3283 if (opt != IPV6_IPSEC_POLICY) {
3284 *dir = -EOPNOTSUPP;
3285 return NULL;
3286 }
3287 break;
3288#endif
3289 default:
3290 *dir = -EINVAL;
3291 return NULL;
3292 }
3293
3294 *dir = -EINVAL;
3295
3296 if (len < sizeof(struct sadb_x_policy) ||
3297 pol->sadb_x_policy_len*8 > len ||
3298 pol->sadb_x_policy_type > IPSEC_POLICY_BYPASS ||
3299 (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir > IPSEC_DIR_OUTBOUND))
3300 return NULL;
3301
3302 xp = xfrm_policy_alloc(net, GFP_ATOMIC);
3303 if (xp == NULL) {
3304 *dir = -ENOBUFS;
3305 return NULL;
3306 }
3307
3308 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
3309 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
3310
3311 xp->lft.soft_byte_limit = XFRM_INF;
3312 xp->lft.hard_byte_limit = XFRM_INF;
3313 xp->lft.soft_packet_limit = XFRM_INF;
3314 xp->lft.hard_packet_limit = XFRM_INF;
3315 xp->family = sk->sk_family;
3316
3317 xp->xfrm_nr = 0;
3318 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
3319 (*dir = parse_ipsecrequests(xp, pol)) < 0)
3320 goto out;
3321
3322 /* security context too */
3323 if (len >= (pol->sadb_x_policy_len*8 +
3324 sizeof(struct sadb_x_sec_ctx))) {
3325 char *p = (char *)pol;
3326 struct xfrm_user_sec_ctx *uctx;
3327
3328 p += pol->sadb_x_policy_len*8;
3329 sec_ctx = (struct sadb_x_sec_ctx *)p;
3330 if (len < pol->sadb_x_policy_len*8 +
3331 sec_ctx->sadb_x_sec_len*8) {
3332 *dir = -EINVAL;
3333 goto out;
3334 }
3335 if ((*dir = verify_sec_ctx_len(p)))
3336 goto out;
3337 uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_ATOMIC);
3338 *dir = security_xfrm_policy_alloc(&xp->security, uctx, GFP_ATOMIC);
3339 kfree(uctx);
3340
3341 if (*dir)
3342 goto out;
3343 }
3344
3345 *dir = pol->sadb_x_policy_dir-1;
3346 return xp;
3347
3348out:
3349 xp->walk.dead = 1;
3350 xfrm_policy_destroy(xp);
3351 return NULL;
3352}
3353
3354static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
3355{
3356 struct sk_buff *skb;
3357 struct sadb_msg *hdr;
3358 struct sadb_sa *sa;
3359 struct sadb_address *addr;
3360 struct sadb_x_nat_t_port *n_port;
3361 int sockaddr_size;
3362 int size;
3363 __u8 satype = (x->id.proto == IPPROTO_ESP ? SADB_SATYPE_ESP : 0);
3364 struct xfrm_encap_tmpl *natt = NULL;
3365
3366 sockaddr_size = pfkey_sockaddr_size(x->props.family);
3367 if (!sockaddr_size)
3368 return -EINVAL;
3369
3370 if (!satype)
3371 return -EINVAL;
3372
3373 if (!x->encap)
3374 return -EINVAL;
3375
3376 natt = x->encap;
3377
3378 /* Build an SADB_X_NAT_T_NEW_MAPPING message:
3379 *
3380 * HDR | SA | ADDRESS_SRC (old addr) | NAT_T_SPORT (old port) |
3381 * ADDRESS_DST (new addr) | NAT_T_DPORT (new port)
3382 */
3383
3384 size = sizeof(struct sadb_msg) +
3385 sizeof(struct sadb_sa) +
3386 (sizeof(struct sadb_address) * 2) +
3387 (sockaddr_size * 2) +
3388 (sizeof(struct sadb_x_nat_t_port) * 2);
3389
3390 skb = alloc_skb(size + 16, GFP_ATOMIC);
3391 if (skb == NULL)
3392 return -ENOMEM;
3393
3394 hdr = skb_put(skb, sizeof(struct sadb_msg));
3395 hdr->sadb_msg_version = PF_KEY_V2;
3396 hdr->sadb_msg_type = SADB_X_NAT_T_NEW_MAPPING;
3397 hdr->sadb_msg_satype = satype;
3398 hdr->sadb_msg_len = size / sizeof(uint64_t);
3399 hdr->sadb_msg_errno = 0;
3400 hdr->sadb_msg_reserved = 0;
3401 hdr->sadb_msg_seq = x->km.seq;
3402 hdr->sadb_msg_pid = 0;
3403
3404 /* SA */
3405 sa = skb_put(skb, sizeof(struct sadb_sa));
3406 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
3407 sa->sadb_sa_exttype = SADB_EXT_SA;
3408 sa->sadb_sa_spi = x->id.spi;
3409 sa->sadb_sa_replay = 0;
3410 sa->sadb_sa_state = 0;
3411 sa->sadb_sa_auth = 0;
3412 sa->sadb_sa_encrypt = 0;
3413 sa->sadb_sa_flags = 0;
3414
3415 /* ADDRESS_SRC (old addr) */
3416 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3417 addr->sadb_address_len =
3418 (sizeof(struct sadb_address)+sockaddr_size)/
3419 sizeof(uint64_t);
3420 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3421 addr->sadb_address_proto = 0;
3422 addr->sadb_address_reserved = 0;
3423 addr->sadb_address_prefixlen =
3424 pfkey_sockaddr_fill(&x->props.saddr, 0,
3425 (struct sockaddr *) (addr + 1),
3426 x->props.family);
3427 if (!addr->sadb_address_prefixlen)
3428 BUG();
3429
3430 /* NAT_T_SPORT (old port) */
3431 n_port = skb_put(skb, sizeof(*n_port));
3432 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
3433 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
3434 n_port->sadb_x_nat_t_port_port = natt->encap_sport;
3435 n_port->sadb_x_nat_t_port_reserved = 0;
3436
3437 /* ADDRESS_DST (new addr) */
3438 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3439 addr->sadb_address_len =
3440 (sizeof(struct sadb_address)+sockaddr_size)/
3441 sizeof(uint64_t);
3442 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3443 addr->sadb_address_proto = 0;
3444 addr->sadb_address_reserved = 0;
3445 addr->sadb_address_prefixlen =
3446 pfkey_sockaddr_fill(ipaddr, 0,
3447 (struct sockaddr *) (addr + 1),
3448 x->props.family);
3449 if (!addr->sadb_address_prefixlen)
3450 BUG();
3451
3452 /* NAT_T_DPORT (new port) */
3453 n_port = skb_put(skb, sizeof(*n_port));
3454 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
3455 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
3456 n_port->sadb_x_nat_t_port_port = sport;
3457 n_port->sadb_x_nat_t_port_reserved = 0;
3458
3459 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3460 xs_net(x));
3461}
3462
3463#ifdef CONFIG_NET_KEY_MIGRATE
3464static int set_sadb_address(struct sk_buff *skb, int sasize, int type,
3465 const struct xfrm_selector *sel)
3466{
3467 struct sadb_address *addr;
3468 addr = skb_put(skb, sizeof(struct sadb_address) + sasize);
3469 addr->sadb_address_len = (sizeof(struct sadb_address) + sasize)/8;
3470 addr->sadb_address_exttype = type;
3471 addr->sadb_address_proto = sel->proto;
3472 addr->sadb_address_reserved = 0;
3473
3474 switch (type) {
3475 case SADB_EXT_ADDRESS_SRC:
3476 addr->sadb_address_prefixlen = sel->prefixlen_s;
3477 pfkey_sockaddr_fill(&sel->saddr, 0,
3478 (struct sockaddr *)(addr + 1),
3479 sel->family);
3480 break;
3481 case SADB_EXT_ADDRESS_DST:
3482 addr->sadb_address_prefixlen = sel->prefixlen_d;
3483 pfkey_sockaddr_fill(&sel->daddr, 0,
3484 (struct sockaddr *)(addr + 1),
3485 sel->family);
3486 break;
3487 default:
3488 return -EINVAL;
3489 }
3490
3491 return 0;
3492}
3493
3494
3495static int set_sadb_kmaddress(struct sk_buff *skb, const struct xfrm_kmaddress *k)
3496{
3497 struct sadb_x_kmaddress *kma;
3498 u8 *sa;
3499 int family = k->family;
3500 int socklen = pfkey_sockaddr_len(family);
3501 int size_req;
3502
3503 size_req = (sizeof(struct sadb_x_kmaddress) +
3504 pfkey_sockaddr_pair_size(family));
3505
3506 kma = skb_put_zero(skb, size_req);
3507 kma->sadb_x_kmaddress_len = size_req / 8;
3508 kma->sadb_x_kmaddress_exttype = SADB_X_EXT_KMADDRESS;
3509 kma->sadb_x_kmaddress_reserved = k->reserved;
3510
3511 sa = (u8 *)(kma + 1);
3512 if (!pfkey_sockaddr_fill(&k->local, 0, (struct sockaddr *)sa, family) ||
3513 !pfkey_sockaddr_fill(&k->remote, 0, (struct sockaddr *)(sa+socklen), family))
3514 return -EINVAL;
3515
3516 return 0;
3517}
3518
3519static int set_ipsecrequest(struct sk_buff *skb,
3520 uint8_t proto, uint8_t mode, int level,
3521 uint32_t reqid, uint8_t family,
3522 const xfrm_address_t *src, const xfrm_address_t *dst)
3523{
3524 struct sadb_x_ipsecrequest *rq;
3525 u8 *sa;
3526 int socklen = pfkey_sockaddr_len(family);
3527 int size_req;
3528
3529 size_req = sizeof(struct sadb_x_ipsecrequest) +
3530 pfkey_sockaddr_pair_size(family);
3531
3532 rq = skb_put_zero(skb, size_req);
3533 rq->sadb_x_ipsecrequest_len = size_req;
3534 rq->sadb_x_ipsecrequest_proto = proto;
3535 rq->sadb_x_ipsecrequest_mode = mode;
3536 rq->sadb_x_ipsecrequest_level = level;
3537 rq->sadb_x_ipsecrequest_reqid = reqid;
3538
3539 sa = (u8 *) (rq + 1);
3540 if (!pfkey_sockaddr_fill(src, 0, (struct sockaddr *)sa, family) ||
3541 !pfkey_sockaddr_fill(dst, 0, (struct sockaddr *)(sa + socklen), family))
3542 return -EINVAL;
3543
3544 return 0;
3545}
3546#endif
3547
3548#ifdef CONFIG_NET_KEY_MIGRATE
3549static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
3550 const struct xfrm_migrate *m, int num_bundles,
3551 const struct xfrm_kmaddress *k,
3552 const struct xfrm_encap_tmpl *encap)
3553{
3554 int i;
3555 int sasize_sel;
3556 int size = 0;
3557 int size_pol = 0;
3558 struct sk_buff *skb;
3559 struct sadb_msg *hdr;
3560 struct sadb_x_policy *pol;
3561 const struct xfrm_migrate *mp;
3562
3563 if (type != XFRM_POLICY_TYPE_MAIN)
3564 return 0;
3565
3566 if (num_bundles <= 0 || num_bundles > XFRM_MAX_DEPTH)
3567 return -EINVAL;
3568
3569 if (k != NULL) {
3570 /* addresses for KM */
3571 size += PFKEY_ALIGN8(sizeof(struct sadb_x_kmaddress) +
3572 pfkey_sockaddr_pair_size(k->family));
3573 }
3574
3575 /* selector */
3576 sasize_sel = pfkey_sockaddr_size(sel->family);
3577 if (!sasize_sel)
3578 return -EINVAL;
3579 size += (sizeof(struct sadb_address) + sasize_sel) * 2;
3580
3581 /* policy info */
3582 size_pol += sizeof(struct sadb_x_policy);
3583
3584 /* ipsecrequests */
3585 for (i = 0, mp = m; i < num_bundles; i++, mp++) {
3586 /* old locator pair */
3587 size_pol += sizeof(struct sadb_x_ipsecrequest) +
3588 pfkey_sockaddr_pair_size(mp->old_family);
3589 /* new locator pair */
3590 size_pol += sizeof(struct sadb_x_ipsecrequest) +
3591 pfkey_sockaddr_pair_size(mp->new_family);
3592 }
3593
3594 size += sizeof(struct sadb_msg) + size_pol;
3595
3596 /* alloc buffer */
3597 skb = alloc_skb(size, GFP_ATOMIC);
3598 if (skb == NULL)
3599 return -ENOMEM;
3600
3601 hdr = skb_put(skb, sizeof(struct sadb_msg));
3602 hdr->sadb_msg_version = PF_KEY_V2;
3603 hdr->sadb_msg_type = SADB_X_MIGRATE;
3604 hdr->sadb_msg_satype = pfkey_proto2satype(m->proto);
3605 hdr->sadb_msg_len = size / 8;
3606 hdr->sadb_msg_errno = 0;
3607 hdr->sadb_msg_reserved = 0;
3608 hdr->sadb_msg_seq = 0;
3609 hdr->sadb_msg_pid = 0;
3610
3611 /* Addresses to be used by KM for negotiation, if ext is available */
3612 if (k != NULL && (set_sadb_kmaddress(skb, k) < 0))
3613 goto err;
3614
3615 /* selector src */
3616 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_SRC, sel);
3617
3618 /* selector dst */
3619 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_DST, sel);
3620
3621 /* policy information */
3622 pol = skb_put(skb, sizeof(struct sadb_x_policy));
3623 pol->sadb_x_policy_len = size_pol / 8;
3624 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3625 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
3626 pol->sadb_x_policy_dir = dir + 1;
3627 pol->sadb_x_policy_reserved = 0;
3628 pol->sadb_x_policy_id = 0;
3629 pol->sadb_x_policy_priority = 0;
3630
3631 for (i = 0, mp = m; i < num_bundles; i++, mp++) {
3632 /* old ipsecrequest */
3633 int mode = pfkey_mode_from_xfrm(mp->mode);
3634 if (mode < 0)
3635 goto err;
3636 if (set_ipsecrequest(skb, mp->proto, mode,
3637 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
3638 mp->reqid, mp->old_family,
3639 &mp->old_saddr, &mp->old_daddr) < 0)
3640 goto err;
3641
3642 /* new ipsecrequest */
3643 if (set_ipsecrequest(skb, mp->proto, mode,
3644 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
3645 mp->reqid, mp->new_family,
3646 &mp->new_saddr, &mp->new_daddr) < 0)
3647 goto err;
3648 }
3649
3650 /* broadcast migrate message to sockets */
3651 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, &init_net);
3652
3653 return 0;
3654
3655err:
3656 kfree_skb(skb);
3657 return -EINVAL;
3658}
3659#else
3660static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
3661 const struct xfrm_migrate *m, int num_bundles,
3662 const struct xfrm_kmaddress *k,
3663 const struct xfrm_encap_tmpl *encap)
3664{
3665 return -ENOPROTOOPT;
3666}
3667#endif
3668
3669static int pfkey_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
3670{
3671 struct sock *sk = sock->sk;
3672 struct sk_buff *skb = NULL;
3673 struct sadb_msg *hdr = NULL;
3674 int err;
3675 struct net *net = sock_net(sk);
3676
3677 err = -EOPNOTSUPP;
3678 if (msg->msg_flags & MSG_OOB)
3679 goto out;
3680
3681 err = -EMSGSIZE;
3682 if ((unsigned int)len > sk->sk_sndbuf - 32)
3683 goto out;
3684
3685 err = -ENOBUFS;
3686 skb = alloc_skb(len, GFP_KERNEL);
3687 if (skb == NULL)
3688 goto out;
3689
3690 err = -EFAULT;
3691 if (memcpy_from_msg(skb_put(skb,len), msg, len))
3692 goto out;
3693
3694 hdr = pfkey_get_base_msg(skb, &err);
3695 if (!hdr)
3696 goto out;
3697
3698 mutex_lock(&net->xfrm.xfrm_cfg_mutex);
3699 err = pfkey_process(sk, skb, hdr);
3700 mutex_unlock(&net->xfrm.xfrm_cfg_mutex);
3701
3702out:
3703 if (err && hdr && pfkey_error(hdr, err, sk) == 0)
3704 err = 0;
3705 kfree_skb(skb);
3706
3707 return err ? : len;
3708}
3709
3710static int pfkey_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
3711 int flags)
3712{
3713 struct sock *sk = sock->sk;
3714 struct pfkey_sock *pfk = pfkey_sk(sk);
3715 struct sk_buff *skb;
3716 int copied, err;
3717
3718 err = -EINVAL;
3719 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
3720 goto out;
3721
3722 skb = skb_recv_datagram(sk, flags, &err);
3723 if (skb == NULL)
3724 goto out;
3725
3726 copied = skb->len;
3727 if (copied > len) {
3728 msg->msg_flags |= MSG_TRUNC;
3729 copied = len;
3730 }
3731
3732 skb_reset_transport_header(skb);
3733 err = skb_copy_datagram_msg(skb, 0, msg, copied);
3734 if (err)
3735 goto out_free;
3736
3737 sock_recv_cmsgs(msg, sk, skb);
3738
3739 err = (flags & MSG_TRUNC) ? skb->len : copied;
3740
3741 if (pfk->dump.dump != NULL &&
3742 3 * atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf)
3743 pfkey_do_dump(pfk);
3744
3745out_free:
3746 skb_free_datagram(sk, skb);
3747out:
3748 return err;
3749}
3750
3751static const struct proto_ops pfkey_ops = {
3752 .family = PF_KEY,
3753 .owner = THIS_MODULE,
3754 /* Operations that make no sense on pfkey sockets. */
3755 .bind = sock_no_bind,
3756 .connect = sock_no_connect,
3757 .socketpair = sock_no_socketpair,
3758 .accept = sock_no_accept,
3759 .getname = sock_no_getname,
3760 .ioctl = sock_no_ioctl,
3761 .listen = sock_no_listen,
3762 .shutdown = sock_no_shutdown,
3763 .mmap = sock_no_mmap,
3764
3765 /* Now the operations that really occur. */
3766 .release = pfkey_release,
3767 .poll = datagram_poll,
3768 .sendmsg = pfkey_sendmsg,
3769 .recvmsg = pfkey_recvmsg,
3770};
3771
3772static const struct net_proto_family pfkey_family_ops = {
3773 .family = PF_KEY,
3774 .create = pfkey_create,
3775 .owner = THIS_MODULE,
3776};
3777
3778#ifdef CONFIG_PROC_FS
3779static int pfkey_seq_show(struct seq_file *f, void *v)
3780{
3781 struct sock *s = sk_entry(v);
3782
3783 if (v == SEQ_START_TOKEN)
3784 seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n");
3785 else
3786 seq_printf(f, "%pK %-6d %-6u %-6u %-6u %-6lu\n",
3787 s,
3788 refcount_read(&s->sk_refcnt),
3789 sk_rmem_alloc_get(s),
3790 sk_wmem_alloc_get(s),
3791 from_kuid_munged(seq_user_ns(f), sock_i_uid(s)),
3792 sock_i_ino(s)
3793 );
3794 return 0;
3795}
3796
3797static void *pfkey_seq_start(struct seq_file *f, loff_t *ppos)
3798 __acquires(rcu)
3799{
3800 struct net *net = seq_file_net(f);
3801 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3802
3803 rcu_read_lock();
3804 return seq_hlist_start_head_rcu(&net_pfkey->table, *ppos);
3805}
3806
3807static void *pfkey_seq_next(struct seq_file *f, void *v, loff_t *ppos)
3808{
3809 struct net *net = seq_file_net(f);
3810 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3811
3812 return seq_hlist_next_rcu(v, &net_pfkey->table, ppos);
3813}
3814
3815static void pfkey_seq_stop(struct seq_file *f, void *v)
3816 __releases(rcu)
3817{
3818 rcu_read_unlock();
3819}
3820
3821static const struct seq_operations pfkey_seq_ops = {
3822 .start = pfkey_seq_start,
3823 .next = pfkey_seq_next,
3824 .stop = pfkey_seq_stop,
3825 .show = pfkey_seq_show,
3826};
3827
3828static int __net_init pfkey_init_proc(struct net *net)
3829{
3830 struct proc_dir_entry *e;
3831
3832 e = proc_create_net("pfkey", 0, net->proc_net, &pfkey_seq_ops,
3833 sizeof(struct seq_net_private));
3834 if (e == NULL)
3835 return -ENOMEM;
3836
3837 return 0;
3838}
3839
3840static void __net_exit pfkey_exit_proc(struct net *net)
3841{
3842 remove_proc_entry("pfkey", net->proc_net);
3843}
3844#else
3845static inline int pfkey_init_proc(struct net *net)
3846{
3847 return 0;
3848}
3849
3850static inline void pfkey_exit_proc(struct net *net)
3851{
3852}
3853#endif
3854
3855static struct xfrm_mgr pfkeyv2_mgr =
3856{
3857 .notify = pfkey_send_notify,
3858 .acquire = pfkey_send_acquire,
3859 .compile_policy = pfkey_compile_policy,
3860 .new_mapping = pfkey_send_new_mapping,
3861 .notify_policy = pfkey_send_policy_notify,
3862 .migrate = pfkey_send_migrate,
3863 .is_alive = pfkey_is_alive,
3864};
3865
3866static int __net_init pfkey_net_init(struct net *net)
3867{
3868 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3869 int rv;
3870
3871 INIT_HLIST_HEAD(&net_pfkey->table);
3872 atomic_set(&net_pfkey->socks_nr, 0);
3873
3874 rv = pfkey_init_proc(net);
3875
3876 return rv;
3877}
3878
3879static void __net_exit pfkey_net_exit(struct net *net)
3880{
3881 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3882
3883 pfkey_exit_proc(net);
3884 WARN_ON(!hlist_empty(&net_pfkey->table));
3885}
3886
3887static struct pernet_operations pfkey_net_ops = {
3888 .init = pfkey_net_init,
3889 .exit = pfkey_net_exit,
3890 .id = &pfkey_net_id,
3891 .size = sizeof(struct netns_pfkey),
3892};
3893
3894static void __exit ipsec_pfkey_exit(void)
3895{
3896 xfrm_unregister_km(&pfkeyv2_mgr);
3897 sock_unregister(PF_KEY);
3898 unregister_pernet_subsys(&pfkey_net_ops);
3899 proto_unregister(&key_proto);
3900}
3901
3902static int __init ipsec_pfkey_init(void)
3903{
3904 int err = proto_register(&key_proto, 0);
3905
3906 if (err != 0)
3907 goto out;
3908
3909 err = register_pernet_subsys(&pfkey_net_ops);
3910 if (err != 0)
3911 goto out_unregister_key_proto;
3912 err = sock_register(&pfkey_family_ops);
3913 if (err != 0)
3914 goto out_unregister_pernet;
3915 xfrm_register_km(&pfkeyv2_mgr);
3916out:
3917 return err;
3918
3919out_unregister_pernet:
3920 unregister_pernet_subsys(&pfkey_net_ops);
3921out_unregister_key_proto:
3922 proto_unregister(&key_proto);
3923 goto out;
3924}
3925
3926module_init(ipsec_pfkey_init);
3927module_exit(ipsec_pfkey_exit);
3928MODULE_DESCRIPTION("PF_KEY socket helpers");
3929MODULE_LICENSE("GPL");
3930MODULE_ALIAS_NETPROTO(PF_KEY);