Lines Matching refs:pol
185 static void __xfrm_policy_link(struct xfrm_policy *pol, int dir);
186 static struct xfrm_policy *__xfrm_policy_unlink(struct xfrm_policy *pol,
543 struct xfrm_policy *pol;
549 hlist_for_each_entry_safe(pol, tmp, list, bydst) {
552 __get_hash_thresh(net, pol->family, dir, &dbits, &sbits);
553 h = __addr_hash(&pol->selector.daddr, &pol->selector.saddr,
554 pol->family, nhashmask, dbits, sbits);
555 if (!entry0 || pol->xdo.type == XFRM_DEV_OFFLOAD_PACKET) {
556 hlist_del_rcu(&pol->bydst);
557 hlist_add_head_rcu(&pol->bydst, ndsttable + h);
562 hlist_del_rcu(&pol->bydst);
563 hlist_add_behind_rcu(&pol->bydst, entry0);
565 entry0 = &pol->bydst;
578 struct xfrm_policy *pol;
580 hlist_for_each_entry_safe(pol, tmp, list, byidx) {
583 h = __idx_hash(pol->index, nhashmask);
584 hlist_add_head(&pol->byidx, nidxtable+h);
708 /* Make sure *pol can be inserted into fastbin.
713 xfrm_policy_inexact_alloc_bin(const struct xfrm_policy *pol, u8 dir)
717 .family = pol->family,
718 .type = pol->type,
720 .if_id = pol->if_id,
722 struct net *net = xp_net(pol);
1243 struct xfrm_policy *pol;
1364 hlist_for_each_entry(pol, chain, bydst) {
1365 if (policy->priority >= pol->priority)
1366 newpos = &pol->bydst;
1466 struct xfrm_policy *pol)
1468 return mark->v == pol->mark.v && mark->m == pol->mark.m;
1523 struct xfrm_policy *pol, *delpol = NULL;
1527 hlist_for_each_entry(pol, chain, bydst_inexact_list) {
1528 if (pol->type == policy->type &&
1529 pol->if_id == policy->if_id &&
1530 !selector_cmp(&pol->selector, &policy->selector) &&
1531 xfrm_policy_mark_match(&policy->mark, pol) &&
1532 xfrm_sec_ctx_match(pol->security, policy->security) &&
1534 delpol = pol;
1535 if (policy->priority > pol->priority)
1537 } else if (policy->priority >= pol->priority) {
1538 newpos = &pol->bydst_inexact_list;
1550 hlist_for_each_entry(pol, chain, bydst_inexact_list) {
1551 pol->pos = i;
1560 struct xfrm_policy *pol, *newpos = NULL, *delpol = NULL;
1562 hlist_for_each_entry(pol, chain, bydst) {
1563 if (pol->type == policy->type &&
1564 pol->if_id == policy->if_id &&
1565 !selector_cmp(&pol->selector, &policy->selector) &&
1566 xfrm_policy_mark_match(&policy->mark, pol) &&
1567 xfrm_sec_ctx_match(pol->security, policy->security) &&
1571 delpol = pol;
1572 if (policy->priority > pol->priority)
1574 } else if (policy->priority >= pol->priority) {
1575 newpos = pol;
1645 struct xfrm_policy *pol;
1650 hlist_for_each_entry(pol, chain, bydst) {
1651 if (pol->type == type &&
1652 pol->if_id == if_id &&
1653 xfrm_policy_mark_match(mark, pol) &&
1654 !selector_cmp(sel, &pol->selector) &&
1655 xfrm_sec_ctx_match(ctx, pol->security))
1656 return pol;
1668 struct xfrm_policy *pol, *ret = NULL;
1692 pol = NULL;
1702 if (!pol || tmp->pos < pol->pos)
1703 pol = tmp;
1706 pol = __xfrm_policy_bysel_ctx(chain, mark, if_id, type, dir,
1710 if (pol) {
1711 xfrm_pol_hold(pol);
1713 *err = security_xfrm_policy_delete(pol->security);
1716 return pol;
1718 __xfrm_policy_unlink(pol, dir);
1720 ret = pol;
1736 struct xfrm_policy *pol, *ret;
1747 hlist_for_each_entry(pol, chain, byidx) {
1748 if (pol->type == type && pol->index == id &&
1749 pol->if_id == if_id && xfrm_policy_mark_match(mark, pol)) {
1750 xfrm_pol_hold(pol);
1753 pol->security);
1756 return pol;
1758 __xfrm_policy_unlink(pol, dir);
1760 ret = pol;
1776 struct xfrm_policy *pol;
1779 list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1780 if (pol->walk.dead ||
1781 xfrm_policy_id2dir(pol->index) >= XFRM_POLICY_MAX ||
1782 pol->type != type)
1785 err = security_xfrm_policy_delete(pol->security);
1787 xfrm_audit_policy_delete(pol, 0, task_valid);
1798 struct xfrm_policy *pol;
1801 list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1802 if (pol->walk.dead ||
1803 xfrm_policy_id2dir(pol->index) >= XFRM_POLICY_MAX ||
1804 pol->xdo.dev != dev)
1807 err = security_xfrm_policy_delete(pol->security);
1809 xfrm_audit_policy_delete(pol, 0, task_valid);
1833 struct xfrm_policy *pol;
1842 list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1843 if (pol->walk.dead)
1846 dir = xfrm_policy_id2dir(pol->index);
1848 pol->type != type)
1851 __xfrm_policy_unlink(pol, dir);
1853 xfrm_dev_policy_delete(pol);
1855 xfrm_audit_policy_delete(pol, 1, task_valid);
1856 xfrm_policy_kill(pol);
1874 struct xfrm_policy *pol;
1883 list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1884 if (pol->walk.dead)
1887 dir = xfrm_policy_id2dir(pol->index);
1889 pol->xdo.dev != dev)
1892 __xfrm_policy_unlink(pol, dir);
1894 xfrm_dev_policy_delete(pol);
1896 xfrm_audit_policy_delete(pol, 1, task_valid);
1897 xfrm_policy_kill(pol);
1915 struct xfrm_policy *pol;
1936 pol = container_of(x, struct xfrm_policy, walk);
1938 walk->type != pol->type)
1940 error = func(pol, xfrm_policy_id2dir(pol->index),
1984 static int xfrm_policy_match(const struct xfrm_policy *pol,
1988 const struct xfrm_selector *sel = &pol->selector;
1992 if (pol->family != family ||
1993 pol->if_id != if_id ||
1994 (fl->flowi_mark & pol->mark.m) != pol->mark.v ||
1995 pol->type != type)
2000 ret = security_xfrm_policy_lookup(pol->security, fl->flowi_secid);
2114 struct xfrm_policy *pol;
2119 hlist_for_each_entry_rcu(pol, chain, bydst) {
2122 if (pol->priority > priority)
2125 err = xfrm_policy_match(pol, fl, type, family, if_id);
2135 if (pol->priority == priority &&
2136 prefer->pos < pol->pos)
2140 return pol;
2178 struct xfrm_policy *pol, *ret;
2196 hlist_for_each_entry_rcu(pol, chain, bydst) {
2197 err = xfrm_policy_match(pol, fl, type, family, if_id);
2206 ret = pol;
2218 pol = xfrm_policy_eval_candidates(&cand, ret, fl, type,
2220 if (pol) {
2221 ret = pol;
2222 if (IS_ERR(pol))
2243 struct xfrm_policy *pol;
2245 pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_SUB, fl, family,
2247 if (pol != NULL)
2248 return pol;
2258 struct xfrm_policy *pol;
2262 pol = rcu_dereference(sk->sk_policy[dir]);
2263 if (pol != NULL) {
2267 if (pol->family != family) {
2268 pol = NULL;
2272 match = xfrm_selector_match(&pol->selector, fl, family);
2274 if ((READ_ONCE(sk->sk_mark) & pol->mark.m) != pol->mark.v ||
2275 pol->if_id != if_id) {
2276 pol = NULL;
2279 err = security_xfrm_policy_lookup(pol->security,
2282 if (!xfrm_pol_hold_rcu(pol))
2285 pol = NULL;
2287 pol = ERR_PTR(err);
2290 pol = NULL;
2294 return pol;
2297 static void __xfrm_policy_link(struct xfrm_policy *pol, int dir)
2299 struct net *net = xp_net(pol);
2301 list_add(&pol->walk.all, &net->xfrm.policy_all);
2303 xfrm_pol_hold(pol);
2306 static struct xfrm_policy *__xfrm_policy_unlink(struct xfrm_policy *pol,
2309 struct net *net = xp_net(pol);
2311 if (list_empty(&pol->walk.all))
2315 if (!hlist_unhashed(&pol->bydst)) {
2316 hlist_del_rcu(&pol->bydst);
2317 hlist_del_init(&pol->bydst_inexact_list);
2318 hlist_del(&pol->byidx);
2321 list_del_init(&pol->walk.all);
2324 return pol;
2327 static void xfrm_sk_policy_link(struct xfrm_policy *pol, int dir)
2329 __xfrm_policy_link(pol, XFRM_POLICY_MAX + dir);
2332 static void xfrm_sk_policy_unlink(struct xfrm_policy *pol, int dir)
2334 __xfrm_policy_unlink(pol, XFRM_POLICY_MAX + dir);
2337 int xfrm_policy_delete(struct xfrm_policy *pol, int dir)
2339 struct net *net = xp_net(pol);
2342 pol = __xfrm_policy_unlink(pol, dir);
2344 if (pol) {
2345 xfrm_dev_policy_delete(pol);
2346 xfrm_policy_kill(pol);
2353 int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol)
2359 if (pol && pol->type != XFRM_POLICY_TYPE_MAIN)
2366 if (pol) {
2367 pol->curlft.add_time = ktime_get_real_seconds();
2368 pol->index = xfrm_gen_index(net, XFRM_POLICY_MAX+dir, 0);
2369 xfrm_sk_policy_link(pol, dir);
2371 rcu_assign_pointer(sk->sk_policy[dir], pol);
2373 if (pol)
2374 xfrm_policy_requeue(old_pol, pol);
2860 struct xfrm_policy *pol = from_timer(pol, t, polq.hold_timer);
2861 struct net *net = xp_net(pol);
2862 struct xfrm_policy_queue *pq = &pol->polq;
2878 skb->mark = pol->mark.v;
2896 xfrm_pol_hold(pol);
2914 skb->mark = pol->mark.v;
2933 xfrm_pol_put(pol);
2939 xfrm_pol_put(pol);
2947 struct xfrm_policy *pol = xdst->pols[0];
2948 struct xfrm_policy_queue *pq = &pol->polq;
2972 xfrm_pol_put(pol);
2977 xfrm_pol_hold(pol);
3586 struct xfrm_policy *pol = NULL;
3593 return pol;
3595 pol = xfrm_policy_lookup(net, &fl1, family, XFRM_POLICY_FWD, if_id);
3598 return pol;
3635 struct xfrm_policy *pol;
3692 pol = NULL;
3695 pol = xfrm_sk_policy_lookup(sk, dir, &fl, family, if_id);
3696 if (IS_ERR(pol)) {
3702 if (!pol)
3703 pol = xfrm_policy_lookup(net, &fl, family, dir, if_id);
3705 if (IS_ERR(pol)) {
3710 if (!pol && dir == XFRM_POLICY_FWD)
3711 pol = xfrm_in_fwd_icmp(skb, &fl, family, if_id);
3713 if (!pol) {
3728 WRITE_ONCE(pol->curlft.use_time, ktime_get_real_seconds());
3730 pols[0] = pol;
3751 if (pol->action == XFRM_POLICY_ALLOW) {
3764 if (pols[pi] != pol &&
4452 struct xfrm_policy *pol, *ret = NULL;
4458 hlist_for_each_entry(pol, chain, bydst) {
4459 if ((if_id == 0 || pol->if_id == if_id) &&
4460 xfrm_migrate_selector_match(sel, &pol->selector) &&
4461 pol->type == type) {
4462 ret = pol;
4468 hlist_for_each_entry(pol, chain, bydst_inexact_list) {
4469 if ((pol->priority >= priority) && ret)
4472 if ((if_id == 0 || pol->if_id == if_id) &&
4473 xfrm_migrate_selector_match(sel, &pol->selector) &&
4474 pol->type == type) {
4475 ret = pol;
4517 static int xfrm_policy_migrate(struct xfrm_policy *pol,
4524 write_lock_bh(&pol->lock);
4525 if (unlikely(pol->walk.dead)) {
4528 write_unlock_bh(&pol->lock);
4532 for (i = 0; i < pol->xfrm_nr; i++) {
4534 if (!migrate_tmpl_match(mp, &pol->xfrm_vec[i]))
4537 if (pol->xfrm_vec[i].mode != XFRM_MODE_TUNNEL &&
4538 pol->xfrm_vec[i].mode != XFRM_MODE_BEET)
4541 memcpy(&pol->xfrm_vec[i].id.daddr, &mp->new_daddr,
4542 sizeof(pol->xfrm_vec[i].id.daddr));
4543 memcpy(&pol->xfrm_vec[i].saddr, &mp->new_saddr,
4544 sizeof(pol->xfrm_vec[i].saddr));
4545 pol->xfrm_vec[i].encap_family = mp->new_family;
4547 atomic_inc(&pol->genid);
4551 write_unlock_bh(&pol->lock);
4602 struct xfrm_policy *pol = NULL;
4620 pol = xfrm_migrate_policy_find(sel, dir, type, net, if_id);
4621 if (!pol) {
4644 err = xfrm_policy_migrate(pol, m, num_migrate, extack);
4657 xfrm_pol_put(pol);
4664 if (pol)
4665 xfrm_pol_put(pol);