1749 static int check_reqid(struct xfrm_policy *xp, int dir, int count, void *ptr)
1754 	for (i=0; i<xp->xfrm_nr; i++) {
1755 		if (xp->xfrm_vec[i].reqid == reqid)
1779 parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
1781 	struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr;
1788 	if (xp->xfrm_nr >= XFRM_MAX_DEPTH)
1836 		t->encap_family = xp->family;
1840 	xp->xfrm_nr++;
1845 parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol)
1852 		if ((err = parse_ipsecrequest(xp, rq)) < 0)
1860 static inline int pfkey_xfrm_policy2sec_ctx_size(struct xfrm_policy *xp)
1862   struct xfrm_sec_ctx *xfrm_ctx = xp->security;
1872 static int pfkey_xfrm_policy2msg_size(struct xfrm_policy *xp)
1875 	int sockaddr_size = pfkey_sockaddr_size(xp->family);
1879 	for (i=0; i<xp->xfrm_nr; i++) {
1880 		t = xp->xfrm_vec + i;
1891 		(xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) +
1893 		pfkey_xfrm_policy2sec_ctx_size(xp);
1896 static struct sk_buff * pfkey_xfrm_policy2msg_prep(struct xfrm_policy *xp)
1901 	size = pfkey_xfrm_policy2msg_size(xp);
1910 static int pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, int dir)
1924 	int sockaddr_size = pfkey_sockaddr_size(xp->family);
1925 	int socklen = (xp->family == AF_INET ?
1929 	size = pfkey_xfrm_policy2msg_size(xp);
1942 	addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
1943 	addr->sadb_address_prefixlen = xp->selector.prefixlen_s;
1946 	if (xp->family == AF_INET) {
1949 		sin->sin_addr.s_addr = xp->selector.saddr.a4;
1950 		sin->sin_port = xp->selector.sport;
1954 	else if (xp->family == AF_INET6) {
1957 		sin6->sin6_port = xp->selector.sport;
1959 		memcpy(&sin6->sin6_addr, xp->selector.saddr.a6,
1974 	addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
1975 	addr->sadb_address_prefixlen = xp->selector.prefixlen_d;
1977 	if (xp->family == AF_INET) {
1980 		sin->sin_addr.s_addr = xp->selector.daddr.a4;
1981 		sin->sin_port = xp->selector.dport;
1985 	else if (xp->family == AF_INET6) {
1988 		sin6->sin6_port = xp->selector.dport;
1990 		memcpy(&sin6->sin6_addr, xp->selector.daddr.a6,
2004 	lifetime->sadb_lifetime_allocations =  _X2KEY(xp->lft.hard_packet_limit);
2005 	lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.hard_byte_limit);
2006 	lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds;
2007 	lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds;
2014 	lifetime->sadb_lifetime_allocations =  _X2KEY(xp->lft.soft_packet_limit);
2015 	lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.soft_byte_limit);
2016 	lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds;
2017 	lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds;
2024 	lifetime->sadb_lifetime_allocations = xp->curlft.packets;
2025 	lifetime->sadb_lifetime_bytes = xp->curlft.bytes;
2026 	lifetime->sadb_lifetime_addtime = xp->curlft.add_time;
2027 	lifetime->sadb_lifetime_usetime = xp->curlft.use_time;
2033 	if (xp->action == XFRM_POLICY_ALLOW) {
2034 		if (xp->xfrm_nr)
2040 	pol->sadb_x_policy_id = xp->index;
2041 	pol->sadb_x_policy_priority = xp->priority;
2043 	for (i=0; i<xp->xfrm_nr; i++) {
2045 		struct xfrm_tmpl *t = xp->xfrm_vec + i;
2110 	if ((xfrm_ctx = xp->security)) {
2111 		int ctx_size = pfkey_xfrm_policy2sec_ctx_size(xp);
2124 	hdr->sadb_msg_reserved = atomic_read(&xp->refcnt);
2129 static int key_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c)
2135 	out_skb = pfkey_xfrm_policy2msg_prep(xp);
2140 	err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2166 	struct xfrm_policy *xp;
2181 	xp = xfrm_policy_alloc(GFP_KERNEL);
2182 	if (xp == NULL)
2185 	xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
2187 	xp->priority = pol->sadb_x_policy_priority;
2190 	xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
2191 	if (!xp->family) {
2195 	xp->selector.family = xp->family;
2196 	xp->selector.prefixlen_s = sa->sadb_address_prefixlen;
2197 	xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2198 	xp->selector.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2199 	if (xp->selector.sport)
2200 		xp->selector.sport_mask = htons(0xffff);
2203 	pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr);
2204 	xp->selector.prefixlen_d = sa->sadb_address_prefixlen;
2209 	xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2211 	xp->selector.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2212 	if (xp->selector.dport)
2213 		xp->selector.dport_mask = htons(0xffff);
2224 		err = security_xfrm_policy_alloc(xp, uctx);
2231 	xp->lft.soft_byte_limit = XFRM_INF;
2232 	xp->lft.hard_byte_limit = XFRM_INF;
2233 	xp->lft.soft_packet_limit = XFRM_INF;
2234 	xp->lft.hard_packet_limit = XFRM_INF;
2236 		xp->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2237 		xp->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2238 		xp->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2239 		xp->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2242 		xp->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2243 		xp->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2244 		xp->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2245 		xp->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2247 	xp->xfrm_nr = 0;
2249 	    (err = parse_ipsecrequests(xp, pol)) < 0)
2252 	err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp,
2256 		       AUDIT_MAC_IPSEC_ADDSPD, err ? 0 : 1, xp, NULL);
2269 	km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2270 	xfrm_pol_put(xp);
2274 	security_xfrm_policy_free(xp);
2275 	kfree(xp);
2284 	struct xfrm_policy *xp, tmp;
2332 	xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1,
2336 	if (xp == NULL)
2340 		       AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
2348 	km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2351 	xfrm_pol_put(xp);
2355 static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, struct sadb_msg *hdr, int dir)
2362 	out_skb = pfkey_xfrm_policy2msg_prep(xp);
2367 	err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2583 	struct xfrm_policy *xp;
2594 	xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir, pol->sadb_x_policy_id,
2596 	if (xp == NULL)
2601 			       AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
2609 		km_policy_notify(xp, dir, &c);
2611 		err = key_pol_get_resp(sk, xp, hdr, dir);
2615 	xfrm_pol_put(xp);
2619 static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr)
2626 	out_skb = pfkey_xfrm_policy2msg_prep(xp);
2630 	err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2888 static int key_notify_policy_expire(struct xfrm_policy *xp, struct km_event *c)
2944 static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
2946 	if (xp && xp->type != XFRM_POLICY_TYPE_MAIN)
2951 		return key_notify_policy_expire(xp, c);
2955 		return key_notify_policy(xp, dir, c);
2980 static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp, int dir)
3102 	pol->sadb_x_policy_id = xp->index;
3130 	struct xfrm_policy *xp;
3162 	xp = xfrm_policy_alloc(GFP_ATOMIC);
3163 	if (xp == NULL) {
3168 	xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
3171 	xp->lft.soft_byte_limit = XFRM_INF;
3172 	xp->lft.hard_byte_limit = XFRM_INF;
3173 	xp->lft.soft_packet_limit = XFRM_INF;
3174 	xp->lft.hard_packet_limit = XFRM_INF;
3175 	xp->family = sk->sk_family;
3177 	xp->xfrm_nr = 0;
3179 	    (*dir = parse_ipsecrequests(xp, pol)) < 0)
3198 		*dir = security_xfrm_policy_alloc(xp, uctx);
3206 	return xp;
3209 	security_xfrm_policy_free(xp);
3210 	kfree(xp);

Indexes created Tue Jun 18 09:53:56 MDT 2024