1908 static int check_reqid(struct xfrm_policy *xp, int dir, int count, void *ptr)
1913 	for (i=0; i<xp->xfrm_nr; i++) {
1914 		if (xp->xfrm_vec[i].reqid == reqid)
1942 parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_policy *pol,
1945 	struct net *net = xp_net(xp);
1946 	struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr;
1949 	if (xp->xfrm_nr >= XFRM_MAX_DEPTH)
1985 		t->encap_family = xp->family;
1989 	xp->xfrm_nr++;
1994 parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol)
2008 		if ((err = parse_ipsecrequest(xp, pol, rq)) < 0)
2016 static inline int pfkey_xfrm_policy2sec_ctx_size(const struct xfrm_policy *xp)
2018 	struct xfrm_sec_ctx *xfrm_ctx = xp->security;
2028 static int pfkey_xfrm_policy2msg_size(const struct xfrm_policy *xp)
2031 	int sockaddr_size = pfkey_sockaddr_size(xp->family);
2035 	for (i=0; i<xp->xfrm_nr; i++) {
2036 		t = xp->xfrm_vec + i;
2045 		(xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) +
2047 		pfkey_xfrm_policy2sec_ctx_size(xp);
2050 static struct sk_buff * pfkey_xfrm_policy2msg_prep(const struct xfrm_policy *xp)
2055 	size = pfkey_xfrm_policy2msg_size(xp);
2064 static int pfkey_xfrm_policy2msg(struct sk_buff *skb, const struct xfrm_policy *xp, int dir)
2074 	int sockaddr_size = pfkey_sockaddr_size(xp->family);
2075 	int socklen = pfkey_sockaddr_len(xp->family);
2077 	size = pfkey_xfrm_policy2msg_size(xp);
2089 	addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2090 	addr->sadb_address_prefixlen = xp->selector.prefixlen_s;
2092 	if (!pfkey_sockaddr_fill(&xp->selector.saddr,
2093 				 xp->selector.sport,
2095 				 xp->family))
2104 	addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2105 	addr->sadb_address_prefixlen = xp->selector.prefixlen_d;
2108 	pfkey_sockaddr_fill(&xp->selector.daddr, xp->selector.dport,
2110 			    xp->family);
2117 	lifetime->sadb_lifetime_allocations =  _X2KEY(xp->lft.hard_packet_limit);
2118 	lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.hard_byte_limit);
2119 	lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds;
2120 	lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds;
2126 	lifetime->sadb_lifetime_allocations =  _X2KEY(xp->lft.soft_packet_limit);
2127 	lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.soft_byte_limit);
2128 	lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds;
2129 	lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds;
2135 	lifetime->sadb_lifetime_allocations = xp->curlft.packets;
2136 	lifetime->sadb_lifetime_bytes = xp->curlft.bytes;
2137 	lifetime->sadb_lifetime_addtime = xp->curlft.add_time;
2138 	lifetime->sadb_lifetime_usetime = xp->curlft.use_time;
2144 	if (xp->action == XFRM_POLICY_ALLOW) {
2145 		if (xp->xfrm_nr)
2152 	pol->sadb_x_policy_id = xp->index;
2153 	pol->sadb_x_policy_priority = xp->priority;
2155 	for (i=0; i<xp->xfrm_nr; i++) {
2156 		const struct xfrm_tmpl *t = xp->xfrm_vec + i;
2195 	if ((xfrm_ctx = xp->security)) {
2196 		int ctx_size = pfkey_xfrm_policy2sec_ctx_size(xp);
2209 	hdr->sadb_msg_reserved = refcount_read(&xp->refcnt);
2214 static int key_notify_policy(struct xfrm_policy *xp, int dir, const struct km_event *c)
2220 	out_skb = pfkey_xfrm_policy2msg_prep(xp);
2224 	err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2240 	pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp));
2252 	struct xfrm_policy *xp;
2267 	xp = xfrm_policy_alloc(net, GFP_KERNEL);
2268 	if (xp == NULL)
2271 	xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
2273 	xp->priority = pol->sadb_x_policy_priority;
2276 	xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
2277 	xp->selector.family = xp->family;
2278 	xp->selector.prefixlen_s = sa->sadb_address_prefixlen;
2279 	xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2280 	xp->selector.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2281 	if (xp->selector.sport)
2282 		xp->selector.sport_mask = htons(0xffff);
2285 	pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr);
2286 	xp->selector.prefixlen_d = sa->sadb_address_prefixlen;
2291 	xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2293 	xp->selector.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2294 	if (xp->selector.dport)
2295 		xp->selector.dport_mask = htons(0xffff);
2306 		err = security_xfrm_policy_alloc(&xp->security, uctx, GFP_KERNEL);
2313 	xp->lft.soft_byte_limit = XFRM_INF;
2314 	xp->lft.hard_byte_limit = XFRM_INF;
2315 	xp->lft.soft_packet_limit = XFRM_INF;
2316 	xp->lft.hard_packet_limit = XFRM_INF;
2318 		xp->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2319 		xp->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2320 		xp->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2321 		xp->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2324 		xp->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2325 		xp->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2326 		xp->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2327 		xp->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2329 	xp->xfrm_nr = 0;
2331 	    (err = parse_ipsecrequests(xp, pol)) < 0)
2334 	err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp,
2337 	xfrm_audit_policy_add(xp, err ? 0 : 1, true);
2350 	km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2351 	xfrm_pol_put(xp);
2355 	xp->walk.dead = 1;
2356 	xfrm_policy_destroy(xp);
2366 	struct xfrm_policy *xp;
2412 	xp = xfrm_policy_bysel_ctx(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN,
2416 	if (xp == NULL)
2419 	xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
2428 	km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2431 	xfrm_pol_put(xp);
2435 static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, const struct sadb_msg *hdr, int dir)
2442 	out_skb = pfkey_xfrm_policy2msg_prep(xp);
2447 	err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2460 	pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, xp_net(xp));
2652 	struct xfrm_policy *xp;
2663 	xp = xfrm_policy_byid(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN,
2665 	if (xp == NULL)
2669 		xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
2677 		km_policy_notify(xp, dir, &c);
2679 		err = key_pol_get_resp(sk, xp, hdr, dir);
2683 	xfrm_pol_put(xp);
2687 static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr)
2697 	out_skb = pfkey_xfrm_policy2msg_prep(xp);
2701 	err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
3037 static int key_notify_policy_expire(struct xfrm_policy *xp, const struct km_event *c)
3100 static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
3102 	if (xp && xp->type != XFRM_POLICY_TYPE_MAIN)
3107 		return key_notify_policy_expire(xp, c);
3111 		return key_notify_policy(xp, dir, c);
3153 static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp)
3235 	pol->sadb_x_policy_id = xp->index;
3236 	pol->sadb_x_policy_priority = xp->priority;
3269 	struct xfrm_policy *xp;
3301 	xp = xfrm_policy_alloc(net, GFP_ATOMIC);
3302 	if (xp == NULL) {
3307 	xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
3310 	xp->lft.soft_byte_limit = XFRM_INF;
3311 	xp->lft.hard_byte_limit = XFRM_INF;
3312 	xp->lft.soft_packet_limit = XFRM_INF;
3313 	xp->lft.hard_packet_limit = XFRM_INF;
3314 	xp->family = sk->sk_family;
3316 	xp->xfrm_nr = 0;
3318 	    (*dir = parse_ipsecrequests(xp, pol)) < 0)
3337 		*dir = security_xfrm_policy_alloc(&xp->security, uctx, GFP_ATOMIC);
3345 	return xp;
3348 	xp->walk.dead = 1;
3349 	xfrm_policy_destroy(xp);

Indexes created Sat May 25 20:21:57 MDT 2024