1/* xfrm_user.c: User interface to configure xfrm engine. 2 * 3 * Copyright (C) 2002 David S. Miller (davem@redhat.com) 4 * 5 * Changes: 6 * Mitsuru KANDA @USAGI 7 * Kazunori MIYAZAWA @USAGI 8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 9 * IPv6 support 10 * 11 */ 12 13#include <linux/crypto.h> 14#include <linux/module.h> 15#include <linux/kernel.h> 16#include <linux/types.h> 17#include <linux/slab.h> 18#include <linux/socket.h> 19#include <linux/string.h> 20#include <linux/net.h> 21#include <linux/skbuff.h> 22#include <linux/pfkeyv2.h> 23#include <linux/ipsec.h> 24#include <linux/init.h> 25#include <linux/security.h> 26#include <net/sock.h> 27#include <net/xfrm.h> 28#include <net/netlink.h> 29#include <asm/uaccess.h> 30#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 31#include <linux/in6.h> 32#endif 33 34static inline int aead_len(struct xfrm_algo_aead *alg) 35{ 36 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8); 37} 38 39static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type) 40{ 41 struct nlattr *rt = attrs[type]; 42 struct xfrm_algo *algp; 43 44 if (!rt) 45 return 0; 46 47 algp = nla_data(rt); 48 if (nla_len(rt) < xfrm_alg_len(algp)) 49 return -EINVAL; 50 51 switch (type) { 52 case XFRMA_ALG_AUTH: 53 case XFRMA_ALG_CRYPT: 54 case XFRMA_ALG_COMP: 55 break; 56 57 default: 58 return -EINVAL; 59 } 60 61 algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0'; 62 return 0; 63} 64 65static int verify_auth_trunc(struct nlattr **attrs) 66{ 67 struct nlattr *rt = attrs[XFRMA_ALG_AUTH_TRUNC]; 68 struct xfrm_algo_auth *algp; 69 70 if (!rt) 71 return 0; 72 73 algp = nla_data(rt); 74 if (nla_len(rt) < xfrm_alg_auth_len(algp)) 75 return -EINVAL; 76 77 algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0'; 78 return 0; 79} 80 81static int verify_aead(struct nlattr **attrs) 82{ 83 struct nlattr *rt = attrs[XFRMA_ALG_AEAD]; 84 struct xfrm_algo_aead *algp; 85 86 if (!rt) 87 return 0; 88 89 algp = nla_data(rt); 90 if (nla_len(rt) < aead_len(algp)) 91 return -EINVAL; 92 93 algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0'; 94 return 0; 95} 96 97static void verify_one_addr(struct nlattr **attrs, enum xfrm_attr_type_t type, 98 xfrm_address_t **addrp) 99{ 100 struct nlattr *rt = attrs[type]; 101 102 if (rt && addrp) 103 *addrp = nla_data(rt); 104} 105 106static inline int verify_sec_ctx_len(struct nlattr **attrs) 107{ 108 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 109 struct xfrm_user_sec_ctx *uctx; 110 111 if (!rt) 112 return 0; 113 114 uctx = nla_data(rt); 115 if (uctx->len != (sizeof(struct xfrm_user_sec_ctx) + uctx->ctx_len)) 116 return -EINVAL; 117 118 return 0; 119} 120 121 122static int verify_newsa_info(struct xfrm_usersa_info *p, 123 struct nlattr **attrs) 124{ 125 int err; 126 127 err = -EINVAL; 128 switch (p->family) { 129 case AF_INET: 130 break; 131 132 case AF_INET6: 133#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 134 break; 135#else 136 err = -EAFNOSUPPORT; 137 goto out; 138#endif 139 140 default: 141 goto out; 142 } 143 144 err = -EINVAL; 145 switch (p->id.proto) { 146 case IPPROTO_AH: 147 if ((!attrs[XFRMA_ALG_AUTH] && 148 !attrs[XFRMA_ALG_AUTH_TRUNC]) || 149 attrs[XFRMA_ALG_AEAD] || 150 attrs[XFRMA_ALG_CRYPT] || 151 attrs[XFRMA_ALG_COMP]) 152 goto out; 153 break; 154 155 case IPPROTO_ESP: 156 if (attrs[XFRMA_ALG_COMP]) 157 goto out; 158 if (!attrs[XFRMA_ALG_AUTH] && 159 !attrs[XFRMA_ALG_AUTH_TRUNC] && 160 !attrs[XFRMA_ALG_CRYPT] && 161 !attrs[XFRMA_ALG_AEAD]) 162 goto out; 163 if ((attrs[XFRMA_ALG_AUTH] || 164 attrs[XFRMA_ALG_AUTH_TRUNC] || 165 attrs[XFRMA_ALG_CRYPT]) && 166 attrs[XFRMA_ALG_AEAD]) 167 goto out; 168 break; 169 170 case IPPROTO_COMP: 171 if (!attrs[XFRMA_ALG_COMP] || 172 attrs[XFRMA_ALG_AEAD] || 173 attrs[XFRMA_ALG_AUTH] || 174 attrs[XFRMA_ALG_AUTH_TRUNC] || 175 attrs[XFRMA_ALG_CRYPT]) 176 goto out; 177 break; 178 179#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 180 case IPPROTO_DSTOPTS: 181 case IPPROTO_ROUTING: 182 if (attrs[XFRMA_ALG_COMP] || 183 attrs[XFRMA_ALG_AUTH] || 184 attrs[XFRMA_ALG_AUTH_TRUNC] || 185 attrs[XFRMA_ALG_AEAD] || 186 attrs[XFRMA_ALG_CRYPT] || 187 attrs[XFRMA_ENCAP] || 188 attrs[XFRMA_SEC_CTX] || 189 !attrs[XFRMA_COADDR]) 190 goto out; 191 break; 192#endif 193 194 default: 195 goto out; 196 } 197 198 if ((err = verify_aead(attrs))) 199 goto out; 200 if ((err = verify_auth_trunc(attrs))) 201 goto out; 202 if ((err = verify_one_alg(attrs, XFRMA_ALG_AUTH))) 203 goto out; 204 if ((err = verify_one_alg(attrs, XFRMA_ALG_CRYPT))) 205 goto out; 206 if ((err = verify_one_alg(attrs, XFRMA_ALG_COMP))) 207 goto out; 208 if ((err = verify_sec_ctx_len(attrs))) 209 goto out; 210 211 err = -EINVAL; 212 switch (p->mode) { 213 case XFRM_MODE_TRANSPORT: 214 case XFRM_MODE_TUNNEL: 215 case XFRM_MODE_ROUTEOPTIMIZATION: 216 case XFRM_MODE_BEET: 217 break; 218 219 default: 220 goto out; 221 } 222 223 err = 0; 224 225out: 226 return err; 227} 228 229static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, 230 struct xfrm_algo_desc *(*get_byname)(char *, int), 231 struct nlattr *rta) 232{ 233 struct xfrm_algo *p, *ualg; 234 struct xfrm_algo_desc *algo; 235 236 if (!rta) 237 return 0; 238 239 ualg = nla_data(rta); 240 241 algo = get_byname(ualg->alg_name, 1); 242 if (!algo) 243 return -ENOSYS; 244 *props = algo->desc.sadb_alg_id; 245 246 p = kmemdup(ualg, xfrm_alg_len(ualg), GFP_KERNEL); 247 if (!p) 248 return -ENOMEM; 249 250 strcpy(p->alg_name, algo->name); 251 *algpp = p; 252 return 0; 253} 254 255static int attach_auth(struct xfrm_algo_auth **algpp, u8 *props, 256 struct nlattr *rta) 257{ 258 struct xfrm_algo *ualg; 259 struct xfrm_algo_auth *p; 260 struct xfrm_algo_desc *algo; 261 262 if (!rta) 263 return 0; 264 265 ualg = nla_data(rta); 266 267 algo = xfrm_aalg_get_byname(ualg->alg_name, 1); 268 if (!algo) 269 return -ENOSYS; 270 *props = algo->desc.sadb_alg_id; 271 272 p = kmalloc(sizeof(*p) + (ualg->alg_key_len + 7) / 8, GFP_KERNEL); 273 if (!p) 274 return -ENOMEM; 275 276 strcpy(p->alg_name, algo->name); 277 p->alg_key_len = ualg->alg_key_len; 278 p->alg_trunc_len = algo->uinfo.auth.icv_truncbits; 279 memcpy(p->alg_key, ualg->alg_key, (ualg->alg_key_len + 7) / 8); 280 281 *algpp = p; 282 return 0; 283} 284 285static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props, 286 struct nlattr *rta) 287{ 288 struct xfrm_algo_auth *p, *ualg; 289 struct xfrm_algo_desc *algo; 290 291 if (!rta) 292 return 0; 293 294 ualg = nla_data(rta); 295 296 algo = xfrm_aalg_get_byname(ualg->alg_name, 1); 297 if (!algo) 298 return -ENOSYS; 299 if (ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits) 300 return -EINVAL; 301 *props = algo->desc.sadb_alg_id; 302 303 p = kmemdup(ualg, xfrm_alg_auth_len(ualg), GFP_KERNEL); 304 if (!p) 305 return -ENOMEM; 306 307 strcpy(p->alg_name, algo->name); 308 if (!p->alg_trunc_len) 309 p->alg_trunc_len = algo->uinfo.auth.icv_truncbits; 310 311 *algpp = p; 312 return 0; 313} 314 315static int attach_aead(struct xfrm_algo_aead **algpp, u8 *props, 316 struct nlattr *rta) 317{ 318 struct xfrm_algo_aead *p, *ualg; 319 struct xfrm_algo_desc *algo; 320 321 if (!rta) 322 return 0; 323 324 ualg = nla_data(rta); 325 326 algo = xfrm_aead_get_byname(ualg->alg_name, ualg->alg_icv_len, 1); 327 if (!algo) 328 return -ENOSYS; 329 *props = algo->desc.sadb_alg_id; 330 331 p = kmemdup(ualg, aead_len(ualg), GFP_KERNEL); 332 if (!p) 333 return -ENOMEM; 334 335 strcpy(p->alg_name, algo->name); 336 *algpp = p; 337 return 0; 338} 339 340static inline int xfrm_user_sec_ctx_size(struct xfrm_sec_ctx *xfrm_ctx) 341{ 342 int len = 0; 343 344 if (xfrm_ctx) { 345 len += sizeof(struct xfrm_user_sec_ctx); 346 len += xfrm_ctx->ctx_len; 347 } 348 return len; 349} 350 351static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 352{ 353 memcpy(&x->id, &p->id, sizeof(x->id)); 354 memcpy(&x->sel, &p->sel, sizeof(x->sel)); 355 memcpy(&x->lft, &p->lft, sizeof(x->lft)); 356 x->props.mode = p->mode; 357 x->props.replay_window = p->replay_window; 358 x->props.reqid = p->reqid; 359 x->props.family = p->family; 360 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr)); 361 x->props.flags = p->flags; 362 363 if (!x->sel.family && !(p->flags & XFRM_STATE_AF_UNSPEC)) 364 x->sel.family = p->family; 365} 366 367/* 368 * someday when pfkey also has support, we could have the code 369 * somehow made shareable and move it to xfrm_state.c - JHS 370 * 371*/ 372static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs) 373{ 374 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 375 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 376 struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; 377 struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; 378 379 if (rp) { 380 struct xfrm_replay_state *replay; 381 replay = nla_data(rp); 382 memcpy(&x->replay, replay, sizeof(*replay)); 383 memcpy(&x->preplay, replay, sizeof(*replay)); 384 } 385 386 if (lt) { 387 struct xfrm_lifetime_cur *ltime; 388 ltime = nla_data(lt); 389 x->curlft.bytes = ltime->bytes; 390 x->curlft.packets = ltime->packets; 391 x->curlft.add_time = ltime->add_time; 392 x->curlft.use_time = ltime->use_time; 393 } 394 395 if (et) 396 x->replay_maxage = nla_get_u32(et); 397 398 if (rt) 399 x->replay_maxdiff = nla_get_u32(rt); 400} 401 402static struct xfrm_state *xfrm_state_construct(struct net *net, 403 struct xfrm_usersa_info *p, 404 struct nlattr **attrs, 405 int *errp) 406{ 407 struct xfrm_state *x = xfrm_state_alloc(net); 408 int err = -ENOMEM; 409 410 if (!x) 411 goto error_no_put; 412 413 copy_from_user_state(x, p); 414 415 if ((err = attach_aead(&x->aead, &x->props.ealgo, 416 attrs[XFRMA_ALG_AEAD]))) 417 goto error; 418 if ((err = attach_auth_trunc(&x->aalg, &x->props.aalgo, 419 attrs[XFRMA_ALG_AUTH_TRUNC]))) 420 goto error; 421 if (!x->props.aalgo) { 422 if ((err = attach_auth(&x->aalg, &x->props.aalgo, 423 attrs[XFRMA_ALG_AUTH]))) 424 goto error; 425 } 426 if ((err = attach_one_algo(&x->ealg, &x->props.ealgo, 427 xfrm_ealg_get_byname, 428 attrs[XFRMA_ALG_CRYPT]))) 429 goto error; 430 if ((err = attach_one_algo(&x->calg, &x->props.calgo, 431 xfrm_calg_get_byname, 432 attrs[XFRMA_ALG_COMP]))) 433 goto error; 434 435 if (attrs[XFRMA_ENCAP]) { 436 x->encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]), 437 sizeof(*x->encap), GFP_KERNEL); 438 if (x->encap == NULL) 439 goto error; 440 } 441 442 if (attrs[XFRMA_COADDR]) { 443 x->coaddr = kmemdup(nla_data(attrs[XFRMA_COADDR]), 444 sizeof(*x->coaddr), GFP_KERNEL); 445 if (x->coaddr == NULL) 446 goto error; 447 } 448 449 xfrm_mark_get(attrs, &x->mark); 450 451 err = xfrm_init_state(x); 452 if (err) 453 goto error; 454 455 if (attrs[XFRMA_SEC_CTX] && 456 security_xfrm_state_alloc(x, nla_data(attrs[XFRMA_SEC_CTX]))) 457 goto error; 458 459 x->km.seq = p->seq; 460 x->replay_maxdiff = net->xfrm.sysctl_aevent_rseqth; 461 /* sysctl_xfrm_aevent_etime is in 100ms units */ 462 x->replay_maxage = (net->xfrm.sysctl_aevent_etime*HZ)/XFRM_AE_ETH_M; 463 x->preplay.bitmap = 0; 464 x->preplay.seq = x->replay.seq+x->replay_maxdiff; 465 x->preplay.oseq = x->replay.oseq +x->replay_maxdiff; 466 467 /* override default values from above */ 468 469 xfrm_update_ae_params(x, attrs); 470 471 return x; 472 473error: 474 x->km.state = XFRM_STATE_DEAD; 475 xfrm_state_put(x); 476error_no_put: 477 *errp = err; 478 return NULL; 479} 480 481static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 482 struct nlattr **attrs) 483{ 484 struct net *net = sock_net(skb->sk); 485 struct xfrm_usersa_info *p = nlmsg_data(nlh); 486 struct xfrm_state *x; 487 int err; 488 struct km_event c; 489 uid_t loginuid = NETLINK_CB(skb).loginuid; 490 u32 sessionid = NETLINK_CB(skb).sessionid; 491 u32 sid = NETLINK_CB(skb).sid; 492 493 err = verify_newsa_info(p, attrs); 494 if (err) 495 return err; 496 497 x = xfrm_state_construct(net, p, attrs, &err); 498 if (!x) 499 return err; 500 501 xfrm_state_hold(x); 502 if (nlh->nlmsg_type == XFRM_MSG_NEWSA) 503 err = xfrm_state_add(x); 504 else 505 err = xfrm_state_update(x); 506 507 xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid); 508 509 if (err < 0) { 510 x->km.state = XFRM_STATE_DEAD; 511 __xfrm_state_put(x); 512 goto out; 513 } 514 515 c.seq = nlh->nlmsg_seq; 516 c.pid = nlh->nlmsg_pid; 517 c.event = nlh->nlmsg_type; 518 519 km_state_notify(x, &c); 520out: 521 xfrm_state_put(x); 522 return err; 523} 524 525static struct xfrm_state *xfrm_user_state_lookup(struct net *net, 526 struct xfrm_usersa_id *p, 527 struct nlattr **attrs, 528 int *errp) 529{ 530 struct xfrm_state *x = NULL; 531 struct xfrm_mark m; 532 int err; 533 u32 mark = xfrm_mark_get(attrs, &m); 534 535 if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { 536 err = -ESRCH; 537 x = xfrm_state_lookup(net, mark, &p->daddr, p->spi, p->proto, p->family); 538 } else { 539 xfrm_address_t *saddr = NULL; 540 541 verify_one_addr(attrs, XFRMA_SRCADDR, &saddr); 542 if (!saddr) { 543 err = -EINVAL; 544 goto out; 545 } 546 547 err = -ESRCH; 548 x = xfrm_state_lookup_byaddr(net, mark, 549 &p->daddr, saddr, 550 p->proto, p->family); 551 } 552 553 out: 554 if (!x && errp) 555 *errp = err; 556 return x; 557} 558 559static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 560 struct nlattr **attrs) 561{ 562 struct net *net = sock_net(skb->sk); 563 struct xfrm_state *x; 564 int err = -ESRCH; 565 struct km_event c; 566 struct xfrm_usersa_id *p = nlmsg_data(nlh); 567 uid_t loginuid = NETLINK_CB(skb).loginuid; 568 u32 sessionid = NETLINK_CB(skb).sessionid; 569 u32 sid = NETLINK_CB(skb).sid; 570 571 x = xfrm_user_state_lookup(net, p, attrs, &err); 572 if (x == NULL) 573 return err; 574 575 if ((err = security_xfrm_state_delete(x)) != 0) 576 goto out; 577 578 if (xfrm_state_kern(x)) { 579 err = -EPERM; 580 goto out; 581 } 582 583 err = xfrm_state_delete(x); 584 585 if (err < 0) 586 goto out; 587 588 c.seq = nlh->nlmsg_seq; 589 c.pid = nlh->nlmsg_pid; 590 c.event = nlh->nlmsg_type; 591 km_state_notify(x, &c); 592 593out: 594 xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid); 595 xfrm_state_put(x); 596 return err; 597} 598 599static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 600{ 601 memcpy(&p->id, &x->id, sizeof(p->id)); 602 memcpy(&p->sel, &x->sel, sizeof(p->sel)); 603 memcpy(&p->lft, &x->lft, sizeof(p->lft)); 604 memcpy(&p->curlft, &x->curlft, sizeof(p->curlft)); 605 memcpy(&p->stats, &x->stats, sizeof(p->stats)); 606 memcpy(&p->saddr, &x->props.saddr, sizeof(p->saddr)); 607 p->mode = x->props.mode; 608 p->replay_window = x->props.replay_window; 609 p->reqid = x->props.reqid; 610 p->family = x->props.family; 611 p->flags = x->props.flags; 612 p->seq = x->km.seq; 613} 614 615struct xfrm_dump_info { 616 struct sk_buff *in_skb; 617 struct sk_buff *out_skb; 618 u32 nlmsg_seq; 619 u16 nlmsg_flags; 620}; 621 622static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb) 623{ 624 struct xfrm_user_sec_ctx *uctx; 625 struct nlattr *attr; 626 int ctx_size = sizeof(*uctx) + s->ctx_len; 627 628 attr = nla_reserve(skb, XFRMA_SEC_CTX, ctx_size); 629 if (attr == NULL) 630 return -EMSGSIZE; 631 632 uctx = nla_data(attr); 633 uctx->exttype = XFRMA_SEC_CTX; 634 uctx->len = ctx_size; 635 uctx->ctx_doi = s->ctx_doi; 636 uctx->ctx_alg = s->ctx_alg; 637 uctx->ctx_len = s->ctx_len; 638 memcpy(uctx + 1, s->ctx_str, s->ctx_len); 639 640 return 0; 641} 642 643static int copy_to_user_auth(struct xfrm_algo_auth *auth, struct sk_buff *skb) 644{ 645 struct xfrm_algo *algo; 646 struct nlattr *nla; 647 648 nla = nla_reserve(skb, XFRMA_ALG_AUTH, 649 sizeof(*algo) + (auth->alg_key_len + 7) / 8); 650 if (!nla) 651 return -EMSGSIZE; 652 653 algo = nla_data(nla); 654 strcpy(algo->alg_name, auth->alg_name); 655 memcpy(algo->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8); 656 algo->alg_key_len = auth->alg_key_len; 657 658 return 0; 659} 660 661/* Don't change this without updating xfrm_sa_len! */ 662static int copy_to_user_state_extra(struct xfrm_state *x, 663 struct xfrm_usersa_info *p, 664 struct sk_buff *skb) 665{ 666 copy_to_user_state(x, p); 667 668 if (x->coaddr) 669 NLA_PUT(skb, XFRMA_COADDR, sizeof(*x->coaddr), x->coaddr); 670 671 if (x->lastused) 672 NLA_PUT_U64(skb, XFRMA_LASTUSED, x->lastused); 673 674 if (x->aead) 675 NLA_PUT(skb, XFRMA_ALG_AEAD, aead_len(x->aead), x->aead); 676 if (x->aalg) { 677 if (copy_to_user_auth(x->aalg, skb)) 678 goto nla_put_failure; 679 680 NLA_PUT(skb, XFRMA_ALG_AUTH_TRUNC, 681 xfrm_alg_auth_len(x->aalg), x->aalg); 682 } 683 if (x->ealg) 684 NLA_PUT(skb, XFRMA_ALG_CRYPT, xfrm_alg_len(x->ealg), x->ealg); 685 if (x->calg) 686 NLA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 687 688 if (x->encap) 689 NLA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 690 691 if (xfrm_mark_put(skb, &x->mark)) 692 goto nla_put_failure; 693 694 if (x->security && copy_sec_ctx(x->security, skb) < 0) 695 goto nla_put_failure; 696 697 return 0; 698 699nla_put_failure: 700 return -EMSGSIZE; 701} 702 703static int dump_one_state(struct xfrm_state *x, int count, void *ptr) 704{ 705 struct xfrm_dump_info *sp = ptr; 706 struct sk_buff *in_skb = sp->in_skb; 707 struct sk_buff *skb = sp->out_skb; 708 struct xfrm_usersa_info *p; 709 struct nlmsghdr *nlh; 710 int err; 711 712 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).pid, sp->nlmsg_seq, 713 XFRM_MSG_NEWSA, sizeof(*p), sp->nlmsg_flags); 714 if (nlh == NULL) 715 return -EMSGSIZE; 716 717 p = nlmsg_data(nlh); 718 719 err = copy_to_user_state_extra(x, p, skb); 720 if (err) 721 goto nla_put_failure; 722 723 nlmsg_end(skb, nlh); 724 return 0; 725 726nla_put_failure: 727 nlmsg_cancel(skb, nlh); 728 return err; 729} 730 731static int xfrm_dump_sa_done(struct netlink_callback *cb) 732{ 733 struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1]; 734 xfrm_state_walk_done(walk); 735 return 0; 736} 737 738static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) 739{ 740 struct net *net = sock_net(skb->sk); 741 struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1]; 742 struct xfrm_dump_info info; 743 744 BUILD_BUG_ON(sizeof(struct xfrm_state_walk) > 745 sizeof(cb->args) - sizeof(cb->args[0])); 746 747 info.in_skb = cb->skb; 748 info.out_skb = skb; 749 info.nlmsg_seq = cb->nlh->nlmsg_seq; 750 info.nlmsg_flags = NLM_F_MULTI; 751 752 if (!cb->args[0]) { 753 cb->args[0] = 1; 754 xfrm_state_walk_init(walk, 0); 755 } 756 757 (void) xfrm_state_walk(net, walk, dump_one_state, &info); 758 759 return skb->len; 760} 761 762static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, 763 struct xfrm_state *x, u32 seq) 764{ 765 struct xfrm_dump_info info; 766 struct sk_buff *skb; 767 768 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 769 if (!skb) 770 return ERR_PTR(-ENOMEM); 771 772 info.in_skb = in_skb; 773 info.out_skb = skb; 774 info.nlmsg_seq = seq; 775 info.nlmsg_flags = 0; 776 777 if (dump_one_state(x, 0, &info)) { 778 kfree_skb(skb); 779 return NULL; 780 } 781 782 return skb; 783} 784 785static inline size_t xfrm_spdinfo_msgsize(void) 786{ 787 return NLMSG_ALIGN(4) 788 + nla_total_size(sizeof(struct xfrmu_spdinfo)) 789 + nla_total_size(sizeof(struct xfrmu_spdhinfo)); 790} 791 792static int build_spdinfo(struct sk_buff *skb, struct net *net, 793 u32 pid, u32 seq, u32 flags) 794{ 795 struct xfrmk_spdinfo si; 796 struct xfrmu_spdinfo spc; 797 struct xfrmu_spdhinfo sph; 798 struct nlmsghdr *nlh; 799 u32 *f; 800 801 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0); 802 if (nlh == NULL) /* shouldnt really happen ... */ 803 return -EMSGSIZE; 804 805 f = nlmsg_data(nlh); 806 *f = flags; 807 xfrm_spd_getinfo(net, &si); 808 spc.incnt = si.incnt; 809 spc.outcnt = si.outcnt; 810 spc.fwdcnt = si.fwdcnt; 811 spc.inscnt = si.inscnt; 812 spc.outscnt = si.outscnt; 813 spc.fwdscnt = si.fwdscnt; 814 sph.spdhcnt = si.spdhcnt; 815 sph.spdhmcnt = si.spdhmcnt; 816 817 NLA_PUT(skb, XFRMA_SPD_INFO, sizeof(spc), &spc); 818 NLA_PUT(skb, XFRMA_SPD_HINFO, sizeof(sph), &sph); 819 820 return nlmsg_end(skb, nlh); 821 822nla_put_failure: 823 nlmsg_cancel(skb, nlh); 824 return -EMSGSIZE; 825} 826 827static int xfrm_get_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 828 struct nlattr **attrs) 829{ 830 struct net *net = sock_net(skb->sk); 831 struct sk_buff *r_skb; 832 u32 *flags = nlmsg_data(nlh); 833 u32 spid = NETLINK_CB(skb).pid; 834 u32 seq = nlh->nlmsg_seq; 835 836 r_skb = nlmsg_new(xfrm_spdinfo_msgsize(), GFP_ATOMIC); 837 if (r_skb == NULL) 838 return -ENOMEM; 839 840 if (build_spdinfo(r_skb, net, spid, seq, *flags) < 0) 841 BUG(); 842 843 return nlmsg_unicast(net->xfrm.nlsk, r_skb, spid); 844} 845 846static inline size_t xfrm_sadinfo_msgsize(void) 847{ 848 return NLMSG_ALIGN(4) 849 + nla_total_size(sizeof(struct xfrmu_sadhinfo)) 850 + nla_total_size(4); /* XFRMA_SAD_CNT */ 851} 852 853static int build_sadinfo(struct sk_buff *skb, struct net *net, 854 u32 pid, u32 seq, u32 flags) 855{ 856 struct xfrmk_sadinfo si; 857 struct xfrmu_sadhinfo sh; 858 struct nlmsghdr *nlh; 859 u32 *f; 860 861 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSADINFO, sizeof(u32), 0); 862 if (nlh == NULL) /* shouldnt really happen ... */ 863 return -EMSGSIZE; 864 865 f = nlmsg_data(nlh); 866 *f = flags; 867 xfrm_sad_getinfo(net, &si); 868 869 sh.sadhmcnt = si.sadhmcnt; 870 sh.sadhcnt = si.sadhcnt; 871 872 NLA_PUT_U32(skb, XFRMA_SAD_CNT, si.sadcnt); 873 NLA_PUT(skb, XFRMA_SAD_HINFO, sizeof(sh), &sh); 874 875 return nlmsg_end(skb, nlh); 876 877nla_put_failure: 878 nlmsg_cancel(skb, nlh); 879 return -EMSGSIZE; 880} 881 882static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 883 struct nlattr **attrs) 884{ 885 struct net *net = sock_net(skb->sk); 886 struct sk_buff *r_skb; 887 u32 *flags = nlmsg_data(nlh); 888 u32 spid = NETLINK_CB(skb).pid; 889 u32 seq = nlh->nlmsg_seq; 890 891 r_skb = nlmsg_new(xfrm_sadinfo_msgsize(), GFP_ATOMIC); 892 if (r_skb == NULL) 893 return -ENOMEM; 894 895 if (build_sadinfo(r_skb, net, spid, seq, *flags) < 0) 896 BUG(); 897 898 return nlmsg_unicast(net->xfrm.nlsk, r_skb, spid); 899} 900 901static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 902 struct nlattr **attrs) 903{ 904 struct net *net = sock_net(skb->sk); 905 struct xfrm_usersa_id *p = nlmsg_data(nlh); 906 struct xfrm_state *x; 907 struct sk_buff *resp_skb; 908 int err = -ESRCH; 909 910 x = xfrm_user_state_lookup(net, p, attrs, &err); 911 if (x == NULL) 912 goto out_noput; 913 914 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 915 if (IS_ERR(resp_skb)) { 916 err = PTR_ERR(resp_skb); 917 } else { 918 err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, NETLINK_CB(skb).pid); 919 } 920 xfrm_state_put(x); 921out_noput: 922 return err; 923} 924 925static int verify_userspi_info(struct xfrm_userspi_info *p) 926{ 927 switch (p->info.id.proto) { 928 case IPPROTO_AH: 929 case IPPROTO_ESP: 930 break; 931 932 case IPPROTO_COMP: 933 /* IPCOMP spi is 16-bits. */ 934 if (p->max >= 0x10000) 935 return -EINVAL; 936 break; 937 938 default: 939 return -EINVAL; 940 } 941 942 if (p->min > p->max) 943 return -EINVAL; 944 945 return 0; 946} 947 948static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, 949 struct nlattr **attrs) 950{ 951 struct net *net = sock_net(skb->sk); 952 struct xfrm_state *x; 953 struct xfrm_userspi_info *p; 954 struct sk_buff *resp_skb; 955 xfrm_address_t *daddr; 956 int family; 957 int err; 958 u32 mark; 959 struct xfrm_mark m; 960 961 p = nlmsg_data(nlh); 962 err = verify_userspi_info(p); 963 if (err) 964 goto out_noput; 965 966 family = p->info.family; 967 daddr = &p->info.id.daddr; 968 969 x = NULL; 970 971 mark = xfrm_mark_get(attrs, &m); 972 if (p->info.seq) { 973 x = xfrm_find_acq_byseq(net, mark, p->info.seq); 974 if (x && xfrm_addr_cmp(&x->id.daddr, daddr, family)) { 975 xfrm_state_put(x); 976 x = NULL; 977 } 978 } 979 980 if (!x) 981 x = xfrm_find_acq(net, &m, p->info.mode, p->info.reqid, 982 p->info.id.proto, daddr, 983 &p->info.saddr, 1, 984 family); 985 err = -ENOENT; 986 if (x == NULL) 987 goto out_noput; 988 989 err = xfrm_alloc_spi(x, p->min, p->max); 990 if (err) 991 goto out; 992 993 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 994 if (IS_ERR(resp_skb)) { 995 err = PTR_ERR(resp_skb); 996 goto out; 997 } 998 999 err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, NETLINK_CB(skb).pid); 1000 1001out: 1002 xfrm_state_put(x); 1003out_noput: 1004 return err; 1005} 1006 1007static int verify_policy_dir(u8 dir) 1008{ 1009 switch (dir) { 1010 case XFRM_POLICY_IN: 1011 case XFRM_POLICY_OUT: 1012 case XFRM_POLICY_FWD: 1013 break; 1014 1015 default: 1016 return -EINVAL; 1017 } 1018 1019 return 0; 1020} 1021 1022static int verify_policy_type(u8 type) 1023{ 1024 switch (type) { 1025 case XFRM_POLICY_TYPE_MAIN: 1026#ifdef CONFIG_XFRM_SUB_POLICY 1027 case XFRM_POLICY_TYPE_SUB: 1028#endif 1029 break; 1030 1031 default: 1032 return -EINVAL; 1033 } 1034 1035 return 0; 1036} 1037 1038static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) 1039{ 1040 switch (p->share) { 1041 case XFRM_SHARE_ANY: 1042 case XFRM_SHARE_SESSION: 1043 case XFRM_SHARE_USER: 1044 case XFRM_SHARE_UNIQUE: 1045 break; 1046 1047 default: 1048 return -EINVAL; 1049 } 1050 1051 switch (p->action) { 1052 case XFRM_POLICY_ALLOW: 1053 case XFRM_POLICY_BLOCK: 1054 break; 1055 1056 default: 1057 return -EINVAL; 1058 } 1059 1060 switch (p->sel.family) { 1061 case AF_INET: 1062 break; 1063 1064 case AF_INET6: 1065#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1066 break; 1067#else 1068 return -EAFNOSUPPORT; 1069#endif 1070 1071 default: 1072 return -EINVAL; 1073 } 1074 1075 return verify_policy_dir(p->dir); 1076} 1077 1078static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct nlattr **attrs) 1079{ 1080 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 1081 struct xfrm_user_sec_ctx *uctx; 1082 1083 if (!rt) 1084 return 0; 1085 1086 uctx = nla_data(rt); 1087 return security_xfrm_policy_alloc(&pol->security, uctx); 1088} 1089 1090static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, 1091 int nr) 1092{ 1093 int i; 1094 1095 xp->xfrm_nr = nr; 1096 for (i = 0; i < nr; i++, ut++) { 1097 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 1098 1099 memcpy(&t->id, &ut->id, sizeof(struct xfrm_id)); 1100 memcpy(&t->saddr, &ut->saddr, 1101 sizeof(xfrm_address_t)); 1102 t->reqid = ut->reqid; 1103 t->mode = ut->mode; 1104 t->share = ut->share; 1105 t->optional = ut->optional; 1106 t->aalgos = ut->aalgos; 1107 t->ealgos = ut->ealgos; 1108 t->calgos = ut->calgos; 1109 /* If all masks are ~0, then we allow all algorithms. */ 1110 t->allalgs = !~(t->aalgos & t->ealgos & t->calgos); 1111 t->encap_family = ut->family; 1112 } 1113} 1114 1115static int validate_tmpl(int nr, struct xfrm_user_tmpl *ut, u16 family) 1116{ 1117 int i; 1118 1119 if (nr > XFRM_MAX_DEPTH) 1120 return -EINVAL; 1121 1122 for (i = 0; i < nr; i++) { 1123 /* We never validated the ut->family value, so many 1124 * applications simply leave it at zero. The check was 1125 * never made and ut->family was ignored because all 1126 * templates could be assumed to have the same family as 1127 * the policy itself. Now that we will have ipv4-in-ipv6 1128 * and ipv6-in-ipv4 tunnels, this is no longer true. 1129 */ 1130 if (!ut[i].family) 1131 ut[i].family = family; 1132 1133 switch (ut[i].family) { 1134 case AF_INET: 1135 break; 1136#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1137 case AF_INET6: 1138 break; 1139#endif 1140 default: 1141 return -EINVAL; 1142 } 1143 } 1144 1145 return 0; 1146} 1147 1148static int copy_from_user_tmpl(struct xfrm_policy *pol, struct nlattr **attrs) 1149{ 1150 struct nlattr *rt = attrs[XFRMA_TMPL]; 1151 1152 if (!rt) { 1153 pol->xfrm_nr = 0; 1154 } else { 1155 struct xfrm_user_tmpl *utmpl = nla_data(rt); 1156 int nr = nla_len(rt) / sizeof(*utmpl); 1157 int err; 1158 1159 err = validate_tmpl(nr, utmpl, pol->family); 1160 if (err) 1161 return err; 1162 1163 copy_templates(pol, utmpl, nr); 1164 } 1165 return 0; 1166} 1167 1168static int copy_from_user_policy_type(u8 *tp, struct nlattr **attrs) 1169{ 1170 struct nlattr *rt = attrs[XFRMA_POLICY_TYPE]; 1171 struct xfrm_userpolicy_type *upt; 1172 u8 type = XFRM_POLICY_TYPE_MAIN; 1173 int err; 1174 1175 if (rt) { 1176 upt = nla_data(rt); 1177 type = upt->type; 1178 } 1179 1180 err = verify_policy_type(type); 1181 if (err) 1182 return err; 1183 1184 *tp = type; 1185 return 0; 1186} 1187 1188static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p) 1189{ 1190 xp->priority = p->priority; 1191 xp->index = p->index; 1192 memcpy(&xp->selector, &p->sel, sizeof(xp->selector)); 1193 memcpy(&xp->lft, &p->lft, sizeof(xp->lft)); 1194 xp->action = p->action; 1195 xp->flags = p->flags; 1196 xp->family = p->sel.family; 1197} 1198 1199static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) 1200{ 1201 memcpy(&p->sel, &xp->selector, sizeof(p->sel)); 1202 memcpy(&p->lft, &xp->lft, sizeof(p->lft)); 1203 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); 1204 p->priority = xp->priority; 1205 p->index = xp->index; 1206 p->sel.family = xp->family; 1207 p->dir = dir; 1208 p->action = xp->action; 1209 p->flags = xp->flags; 1210 p->share = XFRM_SHARE_ANY; 1211} 1212 1213static struct xfrm_policy *xfrm_policy_construct(struct net *net, struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp) 1214{ 1215 struct xfrm_policy *xp = xfrm_policy_alloc(net, GFP_KERNEL); 1216 int err; 1217 1218 if (!xp) { 1219 *errp = -ENOMEM; 1220 return NULL; 1221 } 1222 1223 copy_from_user_policy(xp, p); 1224 1225 err = copy_from_user_policy_type(&xp->type, attrs); 1226 if (err) 1227 goto error; 1228 1229 if (!(err = copy_from_user_tmpl(xp, attrs))) 1230 err = copy_from_user_sec_ctx(xp, attrs); 1231 if (err) 1232 goto error; 1233 1234 xfrm_mark_get(attrs, &xp->mark); 1235 1236 return xp; 1237 error: 1238 *errp = err; 1239 xp->walk.dead = 1; 1240 xfrm_policy_destroy(xp); 1241 return NULL; 1242} 1243 1244static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1245 struct nlattr **attrs) 1246{ 1247 struct net *net = sock_net(skb->sk); 1248 struct xfrm_userpolicy_info *p = nlmsg_data(nlh); 1249 struct xfrm_policy *xp; 1250 struct km_event c; 1251 int err; 1252 int excl; 1253 uid_t loginuid = NETLINK_CB(skb).loginuid; 1254 u32 sessionid = NETLINK_CB(skb).sessionid; 1255 u32 sid = NETLINK_CB(skb).sid; 1256 1257 err = verify_newpolicy_info(p); 1258 if (err) 1259 return err; 1260 err = verify_sec_ctx_len(attrs); 1261 if (err) 1262 return err; 1263 1264 xp = xfrm_policy_construct(net, p, attrs, &err); 1265 if (!xp) 1266 return err; 1267 1268 /* shouldnt excl be based on nlh flags?? 1269 * Aha! this is anti-netlink really i.e more pfkey derived 1270 * in netlink excl is a flag and you wouldnt need 1271 * a type XFRM_MSG_UPDPOLICY - JHS */ 1272 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 1273 err = xfrm_policy_insert(p->dir, xp, excl); 1274 xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid); 1275 1276 if (err) { 1277 security_xfrm_policy_free(xp->security); 1278 kfree(xp); 1279 return err; 1280 } 1281 1282 c.event = nlh->nlmsg_type; 1283 c.seq = nlh->nlmsg_seq; 1284 c.pid = nlh->nlmsg_pid; 1285 km_policy_notify(xp, p->dir, &c); 1286 1287 xfrm_pol_put(xp); 1288 1289 return 0; 1290} 1291 1292static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) 1293{ 1294 struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; 1295 int i; 1296 1297 if (xp->xfrm_nr == 0) 1298 return 0; 1299 1300 for (i = 0; i < xp->xfrm_nr; i++) { 1301 struct xfrm_user_tmpl *up = &vec[i]; 1302 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 1303 1304 memcpy(&up->id, &kp->id, sizeof(up->id)); 1305 up->family = kp->encap_family; 1306 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); 1307 up->reqid = kp->reqid; 1308 up->mode = kp->mode; 1309 up->share = kp->share; 1310 up->optional = kp->optional; 1311 up->aalgos = kp->aalgos; 1312 up->ealgos = kp->ealgos; 1313 up->calgos = kp->calgos; 1314 } 1315 1316 return nla_put(skb, XFRMA_TMPL, 1317 sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr, vec); 1318} 1319 1320static inline int copy_to_user_state_sec_ctx(struct xfrm_state *x, struct sk_buff *skb) 1321{ 1322 if (x->security) { 1323 return copy_sec_ctx(x->security, skb); 1324 } 1325 return 0; 1326} 1327 1328static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *skb) 1329{ 1330 if (xp->security) { 1331 return copy_sec_ctx(xp->security, skb); 1332 } 1333 return 0; 1334} 1335static inline size_t userpolicy_type_attrsize(void) 1336{ 1337#ifdef CONFIG_XFRM_SUB_POLICY 1338 return nla_total_size(sizeof(struct xfrm_userpolicy_type)); 1339#else 1340 return 0; 1341#endif 1342} 1343 1344#ifdef CONFIG_XFRM_SUB_POLICY 1345static int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1346{ 1347 struct xfrm_userpolicy_type upt = { 1348 .type = type, 1349 }; 1350 1351 return nla_put(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt); 1352} 1353 1354#else 1355static inline int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1356{ 1357 return 0; 1358} 1359#endif 1360 1361static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr) 1362{ 1363 struct xfrm_dump_info *sp = ptr; 1364 struct xfrm_userpolicy_info *p; 1365 struct sk_buff *in_skb = sp->in_skb; 1366 struct sk_buff *skb = sp->out_skb; 1367 struct nlmsghdr *nlh; 1368 1369 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).pid, sp->nlmsg_seq, 1370 XFRM_MSG_NEWPOLICY, sizeof(*p), sp->nlmsg_flags); 1371 if (nlh == NULL) 1372 return -EMSGSIZE; 1373 1374 p = nlmsg_data(nlh); 1375 copy_to_user_policy(xp, p, dir); 1376 if (copy_to_user_tmpl(xp, skb) < 0) 1377 goto nlmsg_failure; 1378 if (copy_to_user_sec_ctx(xp, skb)) 1379 goto nlmsg_failure; 1380 if (copy_to_user_policy_type(xp->type, skb) < 0) 1381 goto nlmsg_failure; 1382 if (xfrm_mark_put(skb, &xp->mark)) 1383 goto nla_put_failure; 1384 1385 nlmsg_end(skb, nlh); 1386 return 0; 1387 1388nla_put_failure: 1389nlmsg_failure: 1390 nlmsg_cancel(skb, nlh); 1391 return -EMSGSIZE; 1392} 1393 1394static int xfrm_dump_policy_done(struct netlink_callback *cb) 1395{ 1396 struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1]; 1397 1398 xfrm_policy_walk_done(walk); 1399 return 0; 1400} 1401 1402static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) 1403{ 1404 struct net *net = sock_net(skb->sk); 1405 struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1]; 1406 struct xfrm_dump_info info; 1407 1408 BUILD_BUG_ON(sizeof(struct xfrm_policy_walk) > 1409 sizeof(cb->args) - sizeof(cb->args[0])); 1410 1411 info.in_skb = cb->skb; 1412 info.out_skb = skb; 1413 info.nlmsg_seq = cb->nlh->nlmsg_seq; 1414 info.nlmsg_flags = NLM_F_MULTI; 1415 1416 if (!cb->args[0]) { 1417 cb->args[0] = 1; 1418 xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY); 1419 } 1420 1421 (void) xfrm_policy_walk(net, walk, dump_one_policy, &info); 1422 1423 return skb->len; 1424} 1425 1426static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, 1427 struct xfrm_policy *xp, 1428 int dir, u32 seq) 1429{ 1430 struct xfrm_dump_info info; 1431 struct sk_buff *skb; 1432 1433 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1434 if (!skb) 1435 return ERR_PTR(-ENOMEM); 1436 1437 info.in_skb = in_skb; 1438 info.out_skb = skb; 1439 info.nlmsg_seq = seq; 1440 info.nlmsg_flags = 0; 1441 1442 if (dump_one_policy(xp, dir, 0, &info) < 0) { 1443 kfree_skb(skb); 1444 return NULL; 1445 } 1446 1447 return skb; 1448} 1449 1450static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1451 struct nlattr **attrs) 1452{ 1453 struct net *net = sock_net(skb->sk); 1454 struct xfrm_policy *xp; 1455 struct xfrm_userpolicy_id *p; 1456 u8 type = XFRM_POLICY_TYPE_MAIN; 1457 int err; 1458 struct km_event c; 1459 int delete; 1460 struct xfrm_mark m; 1461 u32 mark = xfrm_mark_get(attrs, &m); 1462 1463 p = nlmsg_data(nlh); 1464 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; 1465 1466 err = copy_from_user_policy_type(&type, attrs); 1467 if (err) 1468 return err; 1469 1470 err = verify_policy_dir(p->dir); 1471 if (err) 1472 return err; 1473 1474 if (p->index) 1475 xp = xfrm_policy_byid(net, mark, type, p->dir, p->index, delete, &err); 1476 else { 1477 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 1478 struct xfrm_sec_ctx *ctx; 1479 1480 err = verify_sec_ctx_len(attrs); 1481 if (err) 1482 return err; 1483 1484 ctx = NULL; 1485 if (rt) { 1486 struct xfrm_user_sec_ctx *uctx = nla_data(rt); 1487 1488 err = security_xfrm_policy_alloc(&ctx, uctx); 1489 if (err) 1490 return err; 1491 } 1492 xp = xfrm_policy_bysel_ctx(net, mark, type, p->dir, &p->sel, 1493 ctx, delete, &err); 1494 security_xfrm_policy_free(ctx); 1495 } 1496 if (xp == NULL) 1497 return -ENOENT; 1498 1499 if (!delete) { 1500 struct sk_buff *resp_skb; 1501 1502 resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq); 1503 if (IS_ERR(resp_skb)) { 1504 err = PTR_ERR(resp_skb); 1505 } else { 1506 err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, 1507 NETLINK_CB(skb).pid); 1508 } 1509 } else { 1510 uid_t loginuid = NETLINK_CB(skb).loginuid; 1511 u32 sessionid = NETLINK_CB(skb).sessionid; 1512 u32 sid = NETLINK_CB(skb).sid; 1513 1514 xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid, 1515 sid); 1516 1517 if (err != 0) 1518 goto out; 1519 1520 c.data.byid = p->index; 1521 c.event = nlh->nlmsg_type; 1522 c.seq = nlh->nlmsg_seq; 1523 c.pid = nlh->nlmsg_pid; 1524 km_policy_notify(xp, p->dir, &c); 1525 } 1526 1527out: 1528 xfrm_pol_put(xp); 1529 return err; 1530} 1531 1532static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 1533 struct nlattr **attrs) 1534{ 1535 struct net *net = sock_net(skb->sk); 1536 struct km_event c; 1537 struct xfrm_usersa_flush *p = nlmsg_data(nlh); 1538 struct xfrm_audit audit_info; 1539 int err; 1540 1541 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1542 audit_info.sessionid = NETLINK_CB(skb).sessionid; 1543 audit_info.secid = NETLINK_CB(skb).sid; 1544 err = xfrm_state_flush(net, p->proto, &audit_info); 1545 if (err) { 1546 if (err == -ESRCH) /* empty table */ 1547 return 0; 1548 return err; 1549 } 1550 c.data.proto = p->proto; 1551 c.event = nlh->nlmsg_type; 1552 c.seq = nlh->nlmsg_seq; 1553 c.pid = nlh->nlmsg_pid; 1554 c.net = net; 1555 km_state_notify(NULL, &c); 1556 1557 return 0; 1558} 1559 1560static inline size_t xfrm_aevent_msgsize(void) 1561{ 1562 return NLMSG_ALIGN(sizeof(struct xfrm_aevent_id)) 1563 + nla_total_size(sizeof(struct xfrm_replay_state)) 1564 + nla_total_size(sizeof(struct xfrm_lifetime_cur)) 1565 + nla_total_size(sizeof(struct xfrm_mark)) 1566 + nla_total_size(4) /* XFRM_AE_RTHR */ 1567 + nla_total_size(4); /* XFRM_AE_ETHR */ 1568} 1569 1570static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) 1571{ 1572 struct xfrm_aevent_id *id; 1573 struct nlmsghdr *nlh; 1574 1575 nlh = nlmsg_put(skb, c->pid, c->seq, XFRM_MSG_NEWAE, sizeof(*id), 0); 1576 if (nlh == NULL) 1577 return -EMSGSIZE; 1578 1579 id = nlmsg_data(nlh); 1580 memcpy(&id->sa_id.daddr, &x->id.daddr,sizeof(x->id.daddr)); 1581 id->sa_id.spi = x->id.spi; 1582 id->sa_id.family = x->props.family; 1583 id->sa_id.proto = x->id.proto; 1584 memcpy(&id->saddr, &x->props.saddr,sizeof(x->props.saddr)); 1585 id->reqid = x->props.reqid; 1586 id->flags = c->data.aevent; 1587 1588 NLA_PUT(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), &x->replay); 1589 NLA_PUT(skb, XFRMA_LTIME_VAL, sizeof(x->curlft), &x->curlft); 1590 1591 if (id->flags & XFRM_AE_RTHR) 1592 NLA_PUT_U32(skb, XFRMA_REPLAY_THRESH, x->replay_maxdiff); 1593 1594 if (id->flags & XFRM_AE_ETHR) 1595 NLA_PUT_U32(skb, XFRMA_ETIMER_THRESH, 1596 x->replay_maxage * 10 / HZ); 1597 1598 if (xfrm_mark_put(skb, &x->mark)) 1599 goto nla_put_failure; 1600 1601 return nlmsg_end(skb, nlh); 1602 1603nla_put_failure: 1604 nlmsg_cancel(skb, nlh); 1605 return -EMSGSIZE; 1606} 1607 1608static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 1609 struct nlattr **attrs) 1610{ 1611 struct net *net = sock_net(skb->sk); 1612 struct xfrm_state *x; 1613 struct sk_buff *r_skb; 1614 int err; 1615 struct km_event c; 1616 u32 mark; 1617 struct xfrm_mark m; 1618 struct xfrm_aevent_id *p = nlmsg_data(nlh); 1619 struct xfrm_usersa_id *id = &p->sa_id; 1620 1621 r_skb = nlmsg_new(xfrm_aevent_msgsize(), GFP_ATOMIC); 1622 if (r_skb == NULL) 1623 return -ENOMEM; 1624 1625 mark = xfrm_mark_get(attrs, &m); 1626 1627 x = xfrm_state_lookup(net, mark, &id->daddr, id->spi, id->proto, id->family); 1628 if (x == NULL) { 1629 kfree_skb(r_skb); 1630 return -ESRCH; 1631 } 1632 1633 spin_lock_bh(&x->lock); 1634 c.data.aevent = p->flags; 1635 c.seq = nlh->nlmsg_seq; 1636 c.pid = nlh->nlmsg_pid; 1637 1638 if (build_aevent(r_skb, x, &c) < 0) 1639 BUG(); 1640 err = nlmsg_unicast(net->xfrm.nlsk, r_skb, NETLINK_CB(skb).pid); 1641 spin_unlock_bh(&x->lock); 1642 xfrm_state_put(x); 1643 return err; 1644} 1645 1646static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 1647 struct nlattr **attrs) 1648{ 1649 struct net *net = sock_net(skb->sk); 1650 struct xfrm_state *x; 1651 struct km_event c; 1652 int err = - EINVAL; 1653 u32 mark = 0; 1654 struct xfrm_mark m; 1655 struct xfrm_aevent_id *p = nlmsg_data(nlh); 1656 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 1657 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 1658 1659 if (!lt && !rp) 1660 return err; 1661 1662 /* pedantic mode - thou shalt sayeth replaceth */ 1663 if (!(nlh->nlmsg_flags&NLM_F_REPLACE)) 1664 return err; 1665 1666 mark = xfrm_mark_get(attrs, &m); 1667 1668 x = xfrm_state_lookup(net, mark, &p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family); 1669 if (x == NULL) 1670 return -ESRCH; 1671 1672 if (x->km.state != XFRM_STATE_VALID) 1673 goto out; 1674 1675 spin_lock_bh(&x->lock); 1676 xfrm_update_ae_params(x, attrs); 1677 spin_unlock_bh(&x->lock); 1678 1679 c.event = nlh->nlmsg_type; 1680 c.seq = nlh->nlmsg_seq; 1681 c.pid = nlh->nlmsg_pid; 1682 c.data.aevent = XFRM_AE_CU; 1683 km_state_notify(x, &c); 1684 err = 0; 1685out: 1686 xfrm_state_put(x); 1687 return err; 1688} 1689 1690static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1691 struct nlattr **attrs) 1692{ 1693 struct net *net = sock_net(skb->sk); 1694 struct km_event c; 1695 u8 type = XFRM_POLICY_TYPE_MAIN; 1696 int err; 1697 struct xfrm_audit audit_info; 1698 1699 err = copy_from_user_policy_type(&type, attrs); 1700 if (err) 1701 return err; 1702 1703 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1704 audit_info.sessionid = NETLINK_CB(skb).sessionid; 1705 audit_info.secid = NETLINK_CB(skb).sid; 1706 err = xfrm_policy_flush(net, type, &audit_info); 1707 if (err) { 1708 if (err == -ESRCH) /* empty table */ 1709 return 0; 1710 return err; 1711 } 1712 1713 c.data.type = type; 1714 c.event = nlh->nlmsg_type; 1715 c.seq = nlh->nlmsg_seq; 1716 c.pid = nlh->nlmsg_pid; 1717 c.net = net; 1718 km_policy_notify(NULL, 0, &c); 1719 return 0; 1720} 1721 1722static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 1723 struct nlattr **attrs) 1724{ 1725 struct net *net = sock_net(skb->sk); 1726 struct xfrm_policy *xp; 1727 struct xfrm_user_polexpire *up = nlmsg_data(nlh); 1728 struct xfrm_userpolicy_info *p = &up->pol; 1729 u8 type = XFRM_POLICY_TYPE_MAIN; 1730 int err = -ENOENT; 1731 struct xfrm_mark m; 1732 u32 mark = xfrm_mark_get(attrs, &m); 1733 1734 err = copy_from_user_policy_type(&type, attrs); 1735 if (err) 1736 return err; 1737 1738 err = verify_policy_dir(p->dir); 1739 if (err) 1740 return err; 1741 1742 if (p->index) 1743 xp = xfrm_policy_byid(net, mark, type, p->dir, p->index, 0, &err); 1744 else { 1745 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 1746 struct xfrm_sec_ctx *ctx; 1747 1748 err = verify_sec_ctx_len(attrs); 1749 if (err) 1750 return err; 1751 1752 ctx = NULL; 1753 if (rt) { 1754 struct xfrm_user_sec_ctx *uctx = nla_data(rt); 1755 1756 err = security_xfrm_policy_alloc(&ctx, uctx); 1757 if (err) 1758 return err; 1759 } 1760 xp = xfrm_policy_bysel_ctx(net, mark, type, p->dir, 1761 &p->sel, ctx, 0, &err); 1762 security_xfrm_policy_free(ctx); 1763 } 1764 if (xp == NULL) 1765 return -ENOENT; 1766 1767 if (unlikely(xp->walk.dead)) 1768 goto out; 1769 1770 err = 0; 1771 if (up->hard) { 1772 uid_t loginuid = NETLINK_CB(skb).loginuid; 1773 uid_t sessionid = NETLINK_CB(skb).sessionid; 1774 u32 sid = NETLINK_CB(skb).sid; 1775 xfrm_policy_delete(xp, p->dir); 1776 xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid); 1777 1778 } else { 1779 // reset the timers here? 1780 WARN(1, "Dont know what to do with soft policy expire\n"); 1781 } 1782 km_policy_expired(xp, p->dir, up->hard, current->pid); 1783 1784out: 1785 xfrm_pol_put(xp); 1786 return err; 1787} 1788 1789static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 1790 struct nlattr **attrs) 1791{ 1792 struct net *net = sock_net(skb->sk); 1793 struct xfrm_state *x; 1794 int err; 1795 struct xfrm_user_expire *ue = nlmsg_data(nlh); 1796 struct xfrm_usersa_info *p = &ue->state; 1797 struct xfrm_mark m; 1798 u32 mark = xfrm_mark_get(attrs, &m); 1799 1800 x = xfrm_state_lookup(net, mark, &p->id.daddr, p->id.spi, p->id.proto, p->family); 1801 1802 err = -ENOENT; 1803 if (x == NULL) 1804 return err; 1805 1806 spin_lock_bh(&x->lock); 1807 err = -EINVAL; 1808 if (x->km.state != XFRM_STATE_VALID) 1809 goto out; 1810 km_state_expired(x, ue->hard, current->pid); 1811 1812 if (ue->hard) { 1813 uid_t loginuid = NETLINK_CB(skb).loginuid; 1814 uid_t sessionid = NETLINK_CB(skb).sessionid; 1815 u32 sid = NETLINK_CB(skb).sid; 1816 __xfrm_state_delete(x); 1817 xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid); 1818 } 1819 err = 0; 1820out: 1821 spin_unlock_bh(&x->lock); 1822 xfrm_state_put(x); 1823 return err; 1824} 1825 1826static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, 1827 struct nlattr **attrs) 1828{ 1829 struct net *net = sock_net(skb->sk); 1830 struct xfrm_policy *xp; 1831 struct xfrm_user_tmpl *ut; 1832 int i; 1833 struct nlattr *rt = attrs[XFRMA_TMPL]; 1834 struct xfrm_mark mark; 1835 1836 struct xfrm_user_acquire *ua = nlmsg_data(nlh); 1837 struct xfrm_state *x = xfrm_state_alloc(net); 1838 int err = -ENOMEM; 1839 1840 if (!x) 1841 goto nomem; 1842 1843 xfrm_mark_get(attrs, &mark); 1844 1845 err = verify_newpolicy_info(&ua->policy); 1846 if (err) 1847 goto bad_policy; 1848 1849 /* build an XP */ 1850 xp = xfrm_policy_construct(net, &ua->policy, attrs, &err); 1851 if (!xp) 1852 goto free_state; 1853 1854 memcpy(&x->id, &ua->id, sizeof(ua->id)); 1855 memcpy(&x->props.saddr, &ua->saddr, sizeof(ua->saddr)); 1856 memcpy(&x->sel, &ua->sel, sizeof(ua->sel)); 1857 xp->mark.m = x->mark.m = mark.m; 1858 xp->mark.v = x->mark.v = mark.v; 1859 ut = nla_data(rt); 1860 /* extract the templates and for each call km_key */ 1861 for (i = 0; i < xp->xfrm_nr; i++, ut++) { 1862 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 1863 memcpy(&x->id, &t->id, sizeof(x->id)); 1864 x->props.mode = t->mode; 1865 x->props.reqid = t->reqid; 1866 x->props.family = ut->family; 1867 t->aalgos = ua->aalgos; 1868 t->ealgos = ua->ealgos; 1869 t->calgos = ua->calgos; 1870 err = km_query(x, t, xp); 1871 1872 } 1873 1874 kfree(x); 1875 kfree(xp); 1876 1877 return 0; 1878 1879bad_policy: 1880 WARN(1, "BAD policy passed\n"); 1881free_state: 1882 kfree(x); 1883nomem: 1884 return err; 1885} 1886 1887#ifdef CONFIG_XFRM_MIGRATE 1888static int copy_from_user_migrate(struct xfrm_migrate *ma, 1889 struct xfrm_kmaddress *k, 1890 struct nlattr **attrs, int *num) 1891{ 1892 struct nlattr *rt = attrs[XFRMA_MIGRATE]; 1893 struct xfrm_user_migrate *um; 1894 int i, num_migrate; 1895 1896 if (k != NULL) { 1897 struct xfrm_user_kmaddress *uk; 1898 1899 uk = nla_data(attrs[XFRMA_KMADDRESS]); 1900 memcpy(&k->local, &uk->local, sizeof(k->local)); 1901 memcpy(&k->remote, &uk->remote, sizeof(k->remote)); 1902 k->family = uk->family; 1903 k->reserved = uk->reserved; 1904 } 1905 1906 um = nla_data(rt); 1907 num_migrate = nla_len(rt) / sizeof(*um); 1908 1909 if (num_migrate <= 0 || num_migrate > XFRM_MAX_DEPTH) 1910 return -EINVAL; 1911 1912 for (i = 0; i < num_migrate; i++, um++, ma++) { 1913 memcpy(&ma->old_daddr, &um->old_daddr, sizeof(ma->old_daddr)); 1914 memcpy(&ma->old_saddr, &um->old_saddr, sizeof(ma->old_saddr)); 1915 memcpy(&ma->new_daddr, &um->new_daddr, sizeof(ma->new_daddr)); 1916 memcpy(&ma->new_saddr, &um->new_saddr, sizeof(ma->new_saddr)); 1917 1918 ma->proto = um->proto; 1919 ma->mode = um->mode; 1920 ma->reqid = um->reqid; 1921 1922 ma->old_family = um->old_family; 1923 ma->new_family = um->new_family; 1924 } 1925 1926 *num = i; 1927 return 0; 1928} 1929 1930static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 1931 struct nlattr **attrs) 1932{ 1933 struct xfrm_userpolicy_id *pi = nlmsg_data(nlh); 1934 struct xfrm_migrate m[XFRM_MAX_DEPTH]; 1935 struct xfrm_kmaddress km, *kmp; 1936 u8 type; 1937 int err; 1938 int n = 0; 1939 1940 if (attrs[XFRMA_MIGRATE] == NULL) 1941 return -EINVAL; 1942 1943 kmp = attrs[XFRMA_KMADDRESS] ? &km : NULL; 1944 1945 err = copy_from_user_policy_type(&type, attrs); 1946 if (err) 1947 return err; 1948 1949 err = copy_from_user_migrate((struct xfrm_migrate *)m, kmp, attrs, &n); 1950 if (err) 1951 return err; 1952 1953 if (!n) 1954 return 0; 1955 1956 xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp); 1957 1958 return 0; 1959} 1960#else 1961static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 1962 struct nlattr **attrs) 1963{ 1964 return -ENOPROTOOPT; 1965} 1966#endif 1967 1968#ifdef CONFIG_XFRM_MIGRATE 1969static int copy_to_user_migrate(struct xfrm_migrate *m, struct sk_buff *skb) 1970{ 1971 struct xfrm_user_migrate um; 1972 1973 memset(&um, 0, sizeof(um)); 1974 um.proto = m->proto; 1975 um.mode = m->mode; 1976 um.reqid = m->reqid; 1977 um.old_family = m->old_family; 1978 memcpy(&um.old_daddr, &m->old_daddr, sizeof(um.old_daddr)); 1979 memcpy(&um.old_saddr, &m->old_saddr, sizeof(um.old_saddr)); 1980 um.new_family = m->new_family; 1981 memcpy(&um.new_daddr, &m->new_daddr, sizeof(um.new_daddr)); 1982 memcpy(&um.new_saddr, &m->new_saddr, sizeof(um.new_saddr)); 1983 1984 return nla_put(skb, XFRMA_MIGRATE, sizeof(um), &um); 1985} 1986 1987static int copy_to_user_kmaddress(struct xfrm_kmaddress *k, struct sk_buff *skb) 1988{ 1989 struct xfrm_user_kmaddress uk; 1990 1991 memset(&uk, 0, sizeof(uk)); 1992 uk.family = k->family; 1993 uk.reserved = k->reserved; 1994 memcpy(&uk.local, &k->local, sizeof(uk.local)); 1995 memcpy(&uk.remote, &k->remote, sizeof(uk.remote)); 1996 1997 return nla_put(skb, XFRMA_KMADDRESS, sizeof(uk), &uk); 1998} 1999 2000static inline size_t xfrm_migrate_msgsize(int num_migrate, int with_kma) 2001{ 2002 return NLMSG_ALIGN(sizeof(struct xfrm_userpolicy_id)) 2003 + (with_kma ? nla_total_size(sizeof(struct xfrm_kmaddress)) : 0) 2004 + nla_total_size(sizeof(struct xfrm_user_migrate) * num_migrate) 2005 + userpolicy_type_attrsize(); 2006} 2007 2008static int build_migrate(struct sk_buff *skb, struct xfrm_migrate *m, 2009 int num_migrate, struct xfrm_kmaddress *k, 2010 struct xfrm_selector *sel, u8 dir, u8 type) 2011{ 2012 struct xfrm_migrate *mp; 2013 struct xfrm_userpolicy_id *pol_id; 2014 struct nlmsghdr *nlh; 2015 int i; 2016 2017 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MIGRATE, sizeof(*pol_id), 0); 2018 if (nlh == NULL) 2019 return -EMSGSIZE; 2020 2021 pol_id = nlmsg_data(nlh); 2022 /* copy data from selector, dir, and type to the pol_id */ 2023 memset(pol_id, 0, sizeof(*pol_id)); 2024 memcpy(&pol_id->sel, sel, sizeof(pol_id->sel)); 2025 pol_id->dir = dir; 2026 2027 if (k != NULL && (copy_to_user_kmaddress(k, skb) < 0)) 2028 goto nlmsg_failure; 2029 2030 if (copy_to_user_policy_type(type, skb) < 0) 2031 goto nlmsg_failure; 2032 2033 for (i = 0, mp = m ; i < num_migrate; i++, mp++) { 2034 if (copy_to_user_migrate(mp, skb) < 0) 2035 goto nlmsg_failure; 2036 } 2037 2038 return nlmsg_end(skb, nlh); 2039nlmsg_failure: 2040 nlmsg_cancel(skb, nlh); 2041 return -EMSGSIZE; 2042} 2043 2044static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 2045 struct xfrm_migrate *m, int num_migrate, 2046 struct xfrm_kmaddress *k) 2047{ 2048 struct net *net = &init_net; 2049 struct sk_buff *skb; 2050 2051 skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k), GFP_ATOMIC); 2052 if (skb == NULL) 2053 return -ENOMEM; 2054 2055 /* build migrate */ 2056 if (build_migrate(skb, m, num_migrate, k, sel, dir, type) < 0) 2057 BUG(); 2058 2059 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_MIGRATE, GFP_ATOMIC); 2060} 2061#else 2062static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 2063 struct xfrm_migrate *m, int num_migrate, 2064 struct xfrm_kmaddress *k) 2065{ 2066 return -ENOPROTOOPT; 2067} 2068#endif 2069 2070#define XMSGSIZE(type) sizeof(struct type) 2071 2072static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = { 2073 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 2074 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 2075 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 2076 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 2077 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 2078 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 2079 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info), 2080 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire), 2081 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire), 2082 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 2083 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 2084 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire), 2085 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), 2086 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = 0, 2087 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 2088 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 2089 [XFRM_MSG_REPORT - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_report), 2090 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 2091 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = sizeof(u32), 2092 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = sizeof(u32), 2093}; 2094 2095#undef XMSGSIZE 2096 2097static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = { 2098 [XFRMA_SA] = { .len = sizeof(struct xfrm_usersa_info)}, 2099 [XFRMA_POLICY] = { .len = sizeof(struct xfrm_userpolicy_info)}, 2100 [XFRMA_LASTUSED] = { .type = NLA_U64}, 2101 [XFRMA_ALG_AUTH_TRUNC] = { .len = sizeof(struct xfrm_algo_auth)}, 2102 [XFRMA_ALG_AEAD] = { .len = sizeof(struct xfrm_algo_aead) }, 2103 [XFRMA_ALG_AUTH] = { .len = sizeof(struct xfrm_algo) }, 2104 [XFRMA_ALG_CRYPT] = { .len = sizeof(struct xfrm_algo) }, 2105 [XFRMA_ALG_COMP] = { .len = sizeof(struct xfrm_algo) }, 2106 [XFRMA_ENCAP] = { .len = sizeof(struct xfrm_encap_tmpl) }, 2107 [XFRMA_TMPL] = { .len = sizeof(struct xfrm_user_tmpl) }, 2108 [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_sec_ctx) }, 2109 [XFRMA_LTIME_VAL] = { .len = sizeof(struct xfrm_lifetime_cur) }, 2110 [XFRMA_REPLAY_VAL] = { .len = sizeof(struct xfrm_replay_state) }, 2111 [XFRMA_REPLAY_THRESH] = { .type = NLA_U32 }, 2112 [XFRMA_ETIMER_THRESH] = { .type = NLA_U32 }, 2113 [XFRMA_SRCADDR] = { .len = sizeof(xfrm_address_t) }, 2114 [XFRMA_COADDR] = { .len = sizeof(xfrm_address_t) }, 2115 [XFRMA_POLICY_TYPE] = { .len = sizeof(struct xfrm_userpolicy_type)}, 2116 [XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) }, 2117 [XFRMA_KMADDRESS] = { .len = sizeof(struct xfrm_user_kmaddress) }, 2118 [XFRMA_MARK] = { .len = sizeof(struct xfrm_mark) }, 2119}; 2120 2121static struct xfrm_link { 2122 int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **); 2123 int (*dump)(struct sk_buff *, struct netlink_callback *); 2124 int (*done)(struct netlink_callback *); 2125} xfrm_dispatch[XFRM_NR_MSGTYPES] = { 2126 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 2127 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = { .doit = xfrm_del_sa }, 2128 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = { .doit = xfrm_get_sa, 2129 .dump = xfrm_dump_sa, 2130 .done = xfrm_dump_sa_done }, 2131 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 2132 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy }, 2133 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy, 2134 .dump = xfrm_dump_policy, 2135 .done = xfrm_dump_policy_done }, 2136 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, 2137 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire }, 2138 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire }, 2139 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 2140 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 2141 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_pol_expire}, 2142 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, 2143 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy }, 2144 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = { .doit = xfrm_new_ae }, 2145 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = { .doit = xfrm_get_ae }, 2146 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = { .doit = xfrm_do_migrate }, 2147 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_sadinfo }, 2148 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_spdinfo }, 2149}; 2150 2151static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 2152{ 2153 struct net *net = sock_net(skb->sk); 2154 struct nlattr *attrs[XFRMA_MAX+1]; 2155 struct xfrm_link *link; 2156 int type, err; 2157 2158 type = nlh->nlmsg_type; 2159 if (type > XFRM_MSG_MAX) 2160 return -EINVAL; 2161 2162 type -= XFRM_MSG_BASE; 2163 link = &xfrm_dispatch[type]; 2164 2165 /* All operations require privileges, even GET */ 2166 if (security_netlink_recv(skb, CAP_NET_ADMIN)) 2167 return -EPERM; 2168 2169 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || 2170 type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) && 2171 (nlh->nlmsg_flags & NLM_F_DUMP)) { 2172 if (link->dump == NULL) 2173 return -EINVAL; 2174 2175 return netlink_dump_start(net->xfrm.nlsk, skb, nlh, link->dump, link->done); 2176 } 2177 2178 err = nlmsg_parse(nlh, xfrm_msg_min[type], attrs, XFRMA_MAX, 2179 xfrma_policy); 2180 if (err < 0) 2181 return err; 2182 2183 if (link->doit == NULL) 2184 return -EINVAL; 2185 2186 return link->doit(skb, nlh, attrs); 2187} 2188 2189static void xfrm_netlink_rcv(struct sk_buff *skb) 2190{ 2191 mutex_lock(&xfrm_cfg_mutex); 2192 netlink_rcv_skb(skb, &xfrm_user_rcv_msg); 2193 mutex_unlock(&xfrm_cfg_mutex); 2194} 2195 2196static inline size_t xfrm_expire_msgsize(void) 2197{ 2198 return NLMSG_ALIGN(sizeof(struct xfrm_user_expire)) 2199 + nla_total_size(sizeof(struct xfrm_mark)); 2200} 2201 2202static int build_expire(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) 2203{ 2204 struct xfrm_user_expire *ue; 2205 struct nlmsghdr *nlh; 2206 2207 nlh = nlmsg_put(skb, c->pid, 0, XFRM_MSG_EXPIRE, sizeof(*ue), 0); 2208 if (nlh == NULL) 2209 return -EMSGSIZE; 2210 2211 ue = nlmsg_data(nlh); 2212 copy_to_user_state(x, &ue->state); 2213 ue->hard = (c->data.hard != 0) ? 1 : 0; 2214 2215 if (xfrm_mark_put(skb, &x->mark)) 2216 goto nla_put_failure; 2217 2218 return nlmsg_end(skb, nlh); 2219 2220nla_put_failure: 2221 return -EMSGSIZE; 2222} 2223 2224static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) 2225{ 2226 struct net *net = xs_net(x); 2227 struct sk_buff *skb; 2228 2229 skb = nlmsg_new(xfrm_expire_msgsize(), GFP_ATOMIC); 2230 if (skb == NULL) 2231 return -ENOMEM; 2232 2233 if (build_expire(skb, x, c) < 0) { 2234 kfree_skb(skb); 2235 return -EMSGSIZE; 2236 } 2237 2238 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 2239} 2240 2241static int xfrm_aevent_state_notify(struct xfrm_state *x, struct km_event *c) 2242{ 2243 struct net *net = xs_net(x); 2244 struct sk_buff *skb; 2245 2246 skb = nlmsg_new(xfrm_aevent_msgsize(), GFP_ATOMIC); 2247 if (skb == NULL) 2248 return -ENOMEM; 2249 2250 if (build_aevent(skb, x, c) < 0) 2251 BUG(); 2252 2253 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_AEVENTS, GFP_ATOMIC); 2254} 2255 2256static int xfrm_notify_sa_flush(struct km_event *c) 2257{ 2258 struct net *net = c->net; 2259 struct xfrm_usersa_flush *p; 2260 struct nlmsghdr *nlh; 2261 struct sk_buff *skb; 2262 int len = NLMSG_ALIGN(sizeof(struct xfrm_usersa_flush)); 2263 2264 skb = nlmsg_new(len, GFP_ATOMIC); 2265 if (skb == NULL) 2266 return -ENOMEM; 2267 2268 nlh = nlmsg_put(skb, c->pid, c->seq, XFRM_MSG_FLUSHSA, sizeof(*p), 0); 2269 if (nlh == NULL) { 2270 kfree_skb(skb); 2271 return -EMSGSIZE; 2272 } 2273 2274 p = nlmsg_data(nlh); 2275 p->proto = c->data.proto; 2276 2277 nlmsg_end(skb, nlh); 2278 2279 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 2280} 2281 2282static inline size_t xfrm_sa_len(struct xfrm_state *x) 2283{ 2284 size_t l = 0; 2285 if (x->aead) 2286 l += nla_total_size(aead_len(x->aead)); 2287 if (x->aalg) { 2288 l += nla_total_size(sizeof(struct xfrm_algo) + 2289 (x->aalg->alg_key_len + 7) / 8); 2290 l += nla_total_size(xfrm_alg_auth_len(x->aalg)); 2291 } 2292 if (x->ealg) 2293 l += nla_total_size(xfrm_alg_len(x->ealg)); 2294 if (x->calg) 2295 l += nla_total_size(sizeof(*x->calg)); 2296 if (x->encap) 2297 l += nla_total_size(sizeof(*x->encap)); 2298 if (x->security) 2299 l += nla_total_size(sizeof(struct xfrm_user_sec_ctx) + 2300 x->security->ctx_len); 2301 if (x->coaddr) 2302 l += nla_total_size(sizeof(*x->coaddr)); 2303 2304 /* Must count x->lastused as it may become non-zero behind our back. */ 2305 l += nla_total_size(sizeof(u64)); 2306 2307 return l; 2308} 2309 2310static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c) 2311{ 2312 struct net *net = xs_net(x); 2313 struct xfrm_usersa_info *p; 2314 struct xfrm_usersa_id *id; 2315 struct nlmsghdr *nlh; 2316 struct sk_buff *skb; 2317 int len = xfrm_sa_len(x); 2318 int headlen; 2319 2320 headlen = sizeof(*p); 2321 if (c->event == XFRM_MSG_DELSA) { 2322 len += nla_total_size(headlen); 2323 headlen = sizeof(*id); 2324 len += nla_total_size(sizeof(struct xfrm_mark)); 2325 } 2326 len += NLMSG_ALIGN(headlen); 2327 2328 skb = nlmsg_new(len, GFP_ATOMIC); 2329 if (skb == NULL) 2330 return -ENOMEM; 2331 2332 nlh = nlmsg_put(skb, c->pid, c->seq, c->event, headlen, 0); 2333 if (nlh == NULL) 2334 goto nla_put_failure; 2335 2336 p = nlmsg_data(nlh); 2337 if (c->event == XFRM_MSG_DELSA) { 2338 struct nlattr *attr; 2339 2340 id = nlmsg_data(nlh); 2341 memcpy(&id->daddr, &x->id.daddr, sizeof(id->daddr)); 2342 id->spi = x->id.spi; 2343 id->family = x->props.family; 2344 id->proto = x->id.proto; 2345 2346 attr = nla_reserve(skb, XFRMA_SA, sizeof(*p)); 2347 if (attr == NULL) 2348 goto nla_put_failure; 2349 2350 p = nla_data(attr); 2351 } 2352 2353 if (copy_to_user_state_extra(x, p, skb)) 2354 goto nla_put_failure; 2355 2356 nlmsg_end(skb, nlh); 2357 2358 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 2359 2360nla_put_failure: 2361 /* Somebody screwed up with xfrm_sa_len! */ 2362 WARN_ON(1); 2363 kfree_skb(skb); 2364 return -1; 2365} 2366 2367static int xfrm_send_state_notify(struct xfrm_state *x, struct km_event *c) 2368{ 2369 2370 switch (c->event) { 2371 case XFRM_MSG_EXPIRE: 2372 return xfrm_exp_state_notify(x, c); 2373 case XFRM_MSG_NEWAE: 2374 return xfrm_aevent_state_notify(x, c); 2375 case XFRM_MSG_DELSA: 2376 case XFRM_MSG_UPDSA: 2377 case XFRM_MSG_NEWSA: 2378 return xfrm_notify_sa(x, c); 2379 case XFRM_MSG_FLUSHSA: 2380 return xfrm_notify_sa_flush(c); 2381 default: 2382 printk(KERN_NOTICE "xfrm_user: Unknown SA event %d\n", 2383 c->event); 2384 break; 2385 } 2386 2387 return 0; 2388 2389} 2390 2391static inline size_t xfrm_acquire_msgsize(struct xfrm_state *x, 2392 struct xfrm_policy *xp) 2393{ 2394 return NLMSG_ALIGN(sizeof(struct xfrm_user_acquire)) 2395 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr) 2396 + nla_total_size(sizeof(struct xfrm_mark)) 2397 + nla_total_size(xfrm_user_sec_ctx_size(x->security)) 2398 + userpolicy_type_attrsize(); 2399} 2400 2401static int build_acquire(struct sk_buff *skb, struct xfrm_state *x, 2402 struct xfrm_tmpl *xt, struct xfrm_policy *xp, 2403 int dir) 2404{ 2405 struct xfrm_user_acquire *ua; 2406 struct nlmsghdr *nlh; 2407 __u32 seq = xfrm_get_acqseq(); 2408 2409 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_ACQUIRE, sizeof(*ua), 0); 2410 if (nlh == NULL) 2411 return -EMSGSIZE; 2412 2413 ua = nlmsg_data(nlh); 2414 memcpy(&ua->id, &x->id, sizeof(ua->id)); 2415 memcpy(&ua->saddr, &x->props.saddr, sizeof(ua->saddr)); 2416 memcpy(&ua->sel, &x->sel, sizeof(ua->sel)); 2417 copy_to_user_policy(xp, &ua->policy, dir); 2418 ua->aalgos = xt->aalgos; 2419 ua->ealgos = xt->ealgos; 2420 ua->calgos = xt->calgos; 2421 ua->seq = x->km.seq = seq; 2422 2423 if (copy_to_user_tmpl(xp, skb) < 0) 2424 goto nlmsg_failure; 2425 if (copy_to_user_state_sec_ctx(x, skb)) 2426 goto nlmsg_failure; 2427 if (copy_to_user_policy_type(xp->type, skb) < 0) 2428 goto nlmsg_failure; 2429 if (xfrm_mark_put(skb, &xp->mark)) 2430 goto nla_put_failure; 2431 2432 return nlmsg_end(skb, nlh); 2433 2434nla_put_failure: 2435nlmsg_failure: 2436 nlmsg_cancel(skb, nlh); 2437 return -EMSGSIZE; 2438} 2439 2440static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, 2441 struct xfrm_policy *xp, int dir) 2442{ 2443 struct net *net = xs_net(x); 2444 struct sk_buff *skb; 2445 2446 skb = nlmsg_new(xfrm_acquire_msgsize(x, xp), GFP_ATOMIC); 2447 if (skb == NULL) 2448 return -ENOMEM; 2449 2450 if (build_acquire(skb, x, xt, xp, dir) < 0) 2451 BUG(); 2452 2453 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_ACQUIRE, GFP_ATOMIC); 2454} 2455 2456/* User gives us xfrm_user_policy_info followed by an array of 0 2457 * or more templates. 2458 */ 2459static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, 2460 u8 *data, int len, int *dir) 2461{ 2462 struct net *net = sock_net(sk); 2463 struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; 2464 struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); 2465 struct xfrm_policy *xp; 2466 int nr; 2467 2468 switch (sk->sk_family) { 2469 case AF_INET: 2470 if (opt != IP_XFRM_POLICY) { 2471 *dir = -EOPNOTSUPP; 2472 return NULL; 2473 } 2474 break; 2475#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 2476 case AF_INET6: 2477 if (opt != IPV6_XFRM_POLICY) { 2478 *dir = -EOPNOTSUPP; 2479 return NULL; 2480 } 2481 break; 2482#endif 2483 default: 2484 *dir = -EINVAL; 2485 return NULL; 2486 } 2487 2488 *dir = -EINVAL; 2489 2490 if (len < sizeof(*p) || 2491 verify_newpolicy_info(p)) 2492 return NULL; 2493 2494 nr = ((len - sizeof(*p)) / sizeof(*ut)); 2495 if (validate_tmpl(nr, ut, p->sel.family)) 2496 return NULL; 2497 2498 if (p->dir > XFRM_POLICY_OUT) 2499 return NULL; 2500 2501 xp = xfrm_policy_alloc(net, GFP_ATOMIC); 2502 if (xp == NULL) { 2503 *dir = -ENOBUFS; 2504 return NULL; 2505 } 2506 2507 copy_from_user_policy(xp, p); 2508 xp->type = XFRM_POLICY_TYPE_MAIN; 2509 copy_templates(xp, ut, nr); 2510 2511 *dir = p->dir; 2512 2513 return xp; 2514} 2515 2516static inline size_t xfrm_polexpire_msgsize(struct xfrm_policy *xp) 2517{ 2518 return NLMSG_ALIGN(sizeof(struct xfrm_user_polexpire)) 2519 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr) 2520 + nla_total_size(xfrm_user_sec_ctx_size(xp->security)) 2521 + nla_total_size(sizeof(struct xfrm_mark)) 2522 + userpolicy_type_attrsize(); 2523} 2524 2525static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, 2526 int dir, struct km_event *c) 2527{ 2528 struct xfrm_user_polexpire *upe; 2529 struct nlmsghdr *nlh; 2530 int hard = c->data.hard; 2531 2532 nlh = nlmsg_put(skb, c->pid, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe), 0); 2533 if (nlh == NULL) 2534 return -EMSGSIZE; 2535 2536 upe = nlmsg_data(nlh); 2537 copy_to_user_policy(xp, &upe->pol, dir); 2538 if (copy_to_user_tmpl(xp, skb) < 0) 2539 goto nlmsg_failure; 2540 if (copy_to_user_sec_ctx(xp, skb)) 2541 goto nlmsg_failure; 2542 if (copy_to_user_policy_type(xp->type, skb) < 0) 2543 goto nlmsg_failure; 2544 if (xfrm_mark_put(skb, &xp->mark)) 2545 goto nla_put_failure; 2546 upe->hard = !!hard; 2547 2548 return nlmsg_end(skb, nlh); 2549 2550nla_put_failure: 2551nlmsg_failure: 2552 nlmsg_cancel(skb, nlh); 2553 return -EMSGSIZE; 2554} 2555 2556static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2557{ 2558 struct net *net = xp_net(xp); 2559 struct sk_buff *skb; 2560 2561 skb = nlmsg_new(xfrm_polexpire_msgsize(xp), GFP_ATOMIC); 2562 if (skb == NULL) 2563 return -ENOMEM; 2564 2565 if (build_polexpire(skb, xp, dir, c) < 0) 2566 BUG(); 2567 2568 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 2569} 2570 2571static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) 2572{ 2573 struct net *net = xp_net(xp); 2574 struct xfrm_userpolicy_info *p; 2575 struct xfrm_userpolicy_id *id; 2576 struct nlmsghdr *nlh; 2577 struct sk_buff *skb; 2578 int len = nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 2579 int headlen; 2580 2581 headlen = sizeof(*p); 2582 if (c->event == XFRM_MSG_DELPOLICY) { 2583 len += nla_total_size(headlen); 2584 headlen = sizeof(*id); 2585 } 2586 len += userpolicy_type_attrsize(); 2587 len += nla_total_size(sizeof(struct xfrm_mark)); 2588 len += NLMSG_ALIGN(headlen); 2589 2590 skb = nlmsg_new(len, GFP_ATOMIC); 2591 if (skb == NULL) 2592 return -ENOMEM; 2593 2594 nlh = nlmsg_put(skb, c->pid, c->seq, c->event, headlen, 0); 2595 if (nlh == NULL) 2596 goto nlmsg_failure; 2597 2598 p = nlmsg_data(nlh); 2599 if (c->event == XFRM_MSG_DELPOLICY) { 2600 struct nlattr *attr; 2601 2602 id = nlmsg_data(nlh); 2603 memset(id, 0, sizeof(*id)); 2604 id->dir = dir; 2605 if (c->data.byid) 2606 id->index = xp->index; 2607 else 2608 memcpy(&id->sel, &xp->selector, sizeof(id->sel)); 2609 2610 attr = nla_reserve(skb, XFRMA_POLICY, sizeof(*p)); 2611 if (attr == NULL) 2612 goto nlmsg_failure; 2613 2614 p = nla_data(attr); 2615 } 2616 2617 copy_to_user_policy(xp, p, dir); 2618 if (copy_to_user_tmpl(xp, skb) < 0) 2619 goto nlmsg_failure; 2620 if (copy_to_user_policy_type(xp->type, skb) < 0) 2621 goto nlmsg_failure; 2622 2623 if (xfrm_mark_put(skb, &xp->mark)) 2624 goto nla_put_failure; 2625 2626 nlmsg_end(skb, nlh); 2627 2628 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2629 2630nla_put_failure: 2631nlmsg_failure: 2632 kfree_skb(skb); 2633 return -1; 2634} 2635 2636static int xfrm_notify_policy_flush(struct km_event *c) 2637{ 2638 struct net *net = c->net; 2639 struct nlmsghdr *nlh; 2640 struct sk_buff *skb; 2641 2642 skb = nlmsg_new(userpolicy_type_attrsize(), GFP_ATOMIC); 2643 if (skb == NULL) 2644 return -ENOMEM; 2645 2646 nlh = nlmsg_put(skb, c->pid, c->seq, XFRM_MSG_FLUSHPOLICY, 0, 0); 2647 if (nlh == NULL) 2648 goto nlmsg_failure; 2649 if (copy_to_user_policy_type(c->data.type, skb) < 0) 2650 goto nlmsg_failure; 2651 2652 nlmsg_end(skb, nlh); 2653 2654 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2655 2656nlmsg_failure: 2657 kfree_skb(skb); 2658 return -1; 2659} 2660 2661static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2662{ 2663 2664 switch (c->event) { 2665 case XFRM_MSG_NEWPOLICY: 2666 case XFRM_MSG_UPDPOLICY: 2667 case XFRM_MSG_DELPOLICY: 2668 return xfrm_notify_policy(xp, dir, c); 2669 case XFRM_MSG_FLUSHPOLICY: 2670 return xfrm_notify_policy_flush(c); 2671 case XFRM_MSG_POLEXPIRE: 2672 return xfrm_exp_policy_notify(xp, dir, c); 2673 default: 2674 printk(KERN_NOTICE "xfrm_user: Unknown Policy event %d\n", 2675 c->event); 2676 } 2677 2678 return 0; 2679 2680} 2681 2682static inline size_t xfrm_report_msgsize(void) 2683{ 2684 return NLMSG_ALIGN(sizeof(struct xfrm_user_report)); 2685} 2686 2687static int build_report(struct sk_buff *skb, u8 proto, 2688 struct xfrm_selector *sel, xfrm_address_t *addr) 2689{ 2690 struct xfrm_user_report *ur; 2691 struct nlmsghdr *nlh; 2692 2693 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_REPORT, sizeof(*ur), 0); 2694 if (nlh == NULL) 2695 return -EMSGSIZE; 2696 2697 ur = nlmsg_data(nlh); 2698 ur->proto = proto; 2699 memcpy(&ur->sel, sel, sizeof(ur->sel)); 2700 2701 if (addr) 2702 NLA_PUT(skb, XFRMA_COADDR, sizeof(*addr), addr); 2703 2704 return nlmsg_end(skb, nlh); 2705 2706nla_put_failure: 2707 nlmsg_cancel(skb, nlh); 2708 return -EMSGSIZE; 2709} 2710 2711static int xfrm_send_report(struct net *net, u8 proto, 2712 struct xfrm_selector *sel, xfrm_address_t *addr) 2713{ 2714 struct sk_buff *skb; 2715 2716 skb = nlmsg_new(xfrm_report_msgsize(), GFP_ATOMIC); 2717 if (skb == NULL) 2718 return -ENOMEM; 2719 2720 if (build_report(skb, proto, sel, addr) < 0) 2721 BUG(); 2722 2723 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_REPORT, GFP_ATOMIC); 2724} 2725 2726static inline size_t xfrm_mapping_msgsize(void) 2727{ 2728 return NLMSG_ALIGN(sizeof(struct xfrm_user_mapping)); 2729} 2730 2731static int build_mapping(struct sk_buff *skb, struct xfrm_state *x, 2732 xfrm_address_t *new_saddr, __be16 new_sport) 2733{ 2734 struct xfrm_user_mapping *um; 2735 struct nlmsghdr *nlh; 2736 2737 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MAPPING, sizeof(*um), 0); 2738 if (nlh == NULL) 2739 return -EMSGSIZE; 2740 2741 um = nlmsg_data(nlh); 2742 2743 memcpy(&um->id.daddr, &x->id.daddr, sizeof(um->id.daddr)); 2744 um->id.spi = x->id.spi; 2745 um->id.family = x->props.family; 2746 um->id.proto = x->id.proto; 2747 memcpy(&um->new_saddr, new_saddr, sizeof(um->new_saddr)); 2748 memcpy(&um->old_saddr, &x->props.saddr, sizeof(um->old_saddr)); 2749 um->new_sport = new_sport; 2750 um->old_sport = x->encap->encap_sport; 2751 um->reqid = x->props.reqid; 2752 2753 return nlmsg_end(skb, nlh); 2754} 2755 2756static int xfrm_send_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, 2757 __be16 sport) 2758{ 2759 struct net *net = xs_net(x); 2760 struct sk_buff *skb; 2761 2762 if (x->id.proto != IPPROTO_ESP) 2763 return -EINVAL; 2764 2765 if (!x->encap) 2766 return -EINVAL; 2767 2768 skb = nlmsg_new(xfrm_mapping_msgsize(), GFP_ATOMIC); 2769 if (skb == NULL) 2770 return -ENOMEM; 2771 2772 if (build_mapping(skb, x, ipaddr, sport) < 0) 2773 BUG(); 2774 2775 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_MAPPING, GFP_ATOMIC); 2776} 2777 2778static struct xfrm_mgr netlink_mgr = { 2779 .id = "netlink", 2780 .notify = xfrm_send_state_notify, 2781 .acquire = xfrm_send_acquire, 2782 .compile_policy = xfrm_compile_policy, 2783 .notify_policy = xfrm_send_policy_notify, 2784 .report = xfrm_send_report, 2785 .migrate = xfrm_send_migrate, 2786 .new_mapping = xfrm_send_mapping, 2787}; 2788 2789static int __net_init xfrm_user_net_init(struct net *net) 2790{ 2791 struct sock *nlsk; 2792 2793 nlsk = netlink_kernel_create(net, NETLINK_XFRM, XFRMNLGRP_MAX, 2794 xfrm_netlink_rcv, NULL, THIS_MODULE); 2795 if (nlsk == NULL) 2796 return -ENOMEM; 2797 net->xfrm.nlsk_stash = nlsk; /* Don't set to NULL */ 2798 rcu_assign_pointer(net->xfrm.nlsk, nlsk); 2799 return 0; 2800} 2801 2802static void __net_exit xfrm_user_net_exit(struct list_head *net_exit_list) 2803{ 2804 struct net *net; 2805 list_for_each_entry(net, net_exit_list, exit_list) 2806 rcu_assign_pointer(net->xfrm.nlsk, NULL); 2807 synchronize_net(); 2808 list_for_each_entry(net, net_exit_list, exit_list) 2809 netlink_kernel_release(net->xfrm.nlsk_stash); 2810} 2811 2812static struct pernet_operations xfrm_user_net_ops = { 2813 .init = xfrm_user_net_init, 2814 .exit_batch = xfrm_user_net_exit, 2815}; 2816 2817static int __init xfrm_user_init(void) 2818{ 2819 int rv; 2820 2821 printk(KERN_INFO "Initializing XFRM netlink socket\n"); 2822 2823 rv = register_pernet_subsys(&xfrm_user_net_ops); 2824 if (rv < 0) 2825 return rv; 2826 rv = xfrm_register_km(&netlink_mgr); 2827 if (rv < 0) 2828 unregister_pernet_subsys(&xfrm_user_net_ops); 2829 return rv; 2830} 2831 2832static void __exit xfrm_user_exit(void) 2833{ 2834 xfrm_unregister_km(&netlink_mgr); 2835 unregister_pernet_subsys(&xfrm_user_net_ops); 2836} 2837 2838module_init(xfrm_user_init); 2839module_exit(xfrm_user_exit); 2840MODULE_LICENSE("GPL"); 2841MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_XFRM); 2842