1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * net/key/af_key.c An implementation of PF_KEYv2 sockets. 4 * 5 * Authors: Maxim Giryaev <gem@asplinux.ru> 6 * David S. Miller <davem@redhat.com> 7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 9 * Kazunori MIYAZAWA / USAGI Project <miyazawa@linux-ipv6.org> 10 * Derek Atkins <derek@ihtfp.com> 11 */ 12 13#include <linux/capability.h> 14#include <linux/module.h> 15#include <linux/kernel.h> 16#include <linux/socket.h> 17#include <linux/pfkeyv2.h> 18#include <linux/ipsec.h> 19#include <linux/skbuff.h> 20#include <linux/rtnetlink.h> 21#include <linux/in.h> 22#include <linux/in6.h> 23#include <linux/proc_fs.h> 24#include <linux/init.h> 25#include <linux/slab.h> 26#include <net/net_namespace.h> 27#include <net/netns/generic.h> 28#include <net/xfrm.h> 29 30#include <net/sock.h> 31 32#define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x)) 33#define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x)) 34 35static unsigned int pfkey_net_id __read_mostly; 36struct netns_pfkey { 37 /* List of all pfkey sockets. */ 38 struct hlist_head table; 39 atomic_t socks_nr; 40}; 41static DEFINE_MUTEX(pfkey_mutex); 42 43#define DUMMY_MARK 0 44static const struct xfrm_mark dummy_mark = {0, 0}; 45struct pfkey_sock { 46 /* struct sock must be the first member of struct pfkey_sock */ 47 struct sock sk; 48 int registered; 49 int promisc; 50 51 struct { 52 uint8_t msg_version; 53 uint32_t msg_portid; 54 int (*dump)(struct pfkey_sock *sk); 55 void (*done)(struct pfkey_sock *sk); 56 union { 57 struct xfrm_policy_walk policy; 58 struct xfrm_state_walk state; 59 } u; 60 struct sk_buff *skb; 61 } dump; 62 struct mutex dump_lock; 63}; 64 65static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len, 66 xfrm_address_t *saddr, xfrm_address_t *daddr, 67 u16 *family); 68 69static inline struct pfkey_sock *pfkey_sk(struct sock *sk) 70{ 71 return (struct pfkey_sock *)sk; 72} 73 74static int pfkey_can_dump(const struct sock *sk) 75{ 76 if (3 * atomic_read(&sk->sk_rmem_alloc) <= 2 * sk->sk_rcvbuf) 77 return 1; 78 return 0; 79} 80 81static void pfkey_terminate_dump(struct pfkey_sock *pfk) 82{ 83 if (pfk->dump.dump) { 84 if (pfk->dump.skb) { 85 kfree_skb(pfk->dump.skb); 86 pfk->dump.skb = NULL; 87 } 88 pfk->dump.done(pfk); 89 pfk->dump.dump = NULL; 90 pfk->dump.done = NULL; 91 } 92} 93 94static void pfkey_sock_destruct(struct sock *sk) 95{ 96 struct net *net = sock_net(sk); 97 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 98 99 pfkey_terminate_dump(pfkey_sk(sk)); 100 skb_queue_purge(&sk->sk_receive_queue); 101 102 if (!sock_flag(sk, SOCK_DEAD)) { 103 pr_err("Attempt to release alive pfkey socket: %p\n", sk); 104 return; 105 } 106 107 WARN_ON(atomic_read(&sk->sk_rmem_alloc)); 108 WARN_ON(refcount_read(&sk->sk_wmem_alloc)); 109 110 atomic_dec(&net_pfkey->socks_nr); 111} 112 113static const struct proto_ops pfkey_ops; 114 115static void pfkey_insert(struct sock *sk) 116{ 117 struct net *net = sock_net(sk); 118 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 119 120 mutex_lock(&pfkey_mutex); 121 sk_add_node_rcu(sk, &net_pfkey->table); 122 mutex_unlock(&pfkey_mutex); 123} 124 125static void pfkey_remove(struct sock *sk) 126{ 127 mutex_lock(&pfkey_mutex); 128 sk_del_node_init_rcu(sk); 129 mutex_unlock(&pfkey_mutex); 130} 131 132static struct proto key_proto = { 133 .name = "KEY", 134 .owner = THIS_MODULE, 135 .obj_size = sizeof(struct pfkey_sock), 136}; 137 138static int pfkey_create(struct net *net, struct socket *sock, int protocol, 139 int kern) 140{ 141 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 142 struct sock *sk; 143 struct pfkey_sock *pfk; 144 145 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 146 return -EPERM; 147 if (sock->type != SOCK_RAW) 148 return -ESOCKTNOSUPPORT; 149 if (protocol != PF_KEY_V2) 150 return -EPROTONOSUPPORT; 151 152 sk = sk_alloc(net, PF_KEY, GFP_KERNEL, &key_proto, kern); 153 if (sk == NULL) 154 return -ENOMEM; 155 156 pfk = pfkey_sk(sk); 157 mutex_init(&pfk->dump_lock); 158 159 sock->ops = &pfkey_ops; 160 sock_init_data(sock, sk); 161 162 sk->sk_family = PF_KEY; 163 sk->sk_destruct = pfkey_sock_destruct; 164 165 atomic_inc(&net_pfkey->socks_nr); 166 167 pfkey_insert(sk); 168 169 return 0; 170} 171 172static int pfkey_release(struct socket *sock) 173{ 174 struct sock *sk = sock->sk; 175 176 if (!sk) 177 return 0; 178 179 pfkey_remove(sk); 180 181 sock_orphan(sk); 182 sock->sk = NULL; 183 skb_queue_purge(&sk->sk_write_queue); 184 185 synchronize_rcu(); 186 sock_put(sk); 187 188 return 0; 189} 190 191static int pfkey_broadcast_one(struct sk_buff *skb, gfp_t allocation, 192 struct sock *sk) 193{ 194 int err = -ENOBUFS; 195 196 if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf) 197 return err; 198 199 skb = skb_clone(skb, allocation); 200 201 if (skb) { 202 skb_set_owner_r(skb, sk); 203 skb_queue_tail(&sk->sk_receive_queue, skb); 204 sk->sk_data_ready(sk); 205 err = 0; 206 } 207 return err; 208} 209 210/* Send SKB to all pfkey sockets matching selected criteria. */ 211#define BROADCAST_ALL 0 212#define BROADCAST_ONE 1 213#define BROADCAST_REGISTERED 2 214#define BROADCAST_PROMISC_ONLY 4 215static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation, 216 int broadcast_flags, struct sock *one_sk, 217 struct net *net) 218{ 219 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 220 struct sock *sk; 221 int err = -ESRCH; 222 223 /* XXX Do we need something like netlink_overrun? I think 224 * XXX PF_KEY socket apps will not mind current behavior. 225 */ 226 if (!skb) 227 return -ENOMEM; 228 229 rcu_read_lock(); 230 sk_for_each_rcu(sk, &net_pfkey->table) { 231 struct pfkey_sock *pfk = pfkey_sk(sk); 232 int err2; 233 234 /* Yes, it means that if you are meant to receive this 235 * pfkey message you receive it twice as promiscuous 236 * socket. 237 */ 238 if (pfk->promisc) 239 pfkey_broadcast_one(skb, GFP_ATOMIC, sk); 240 241 /* the exact target will be processed later */ 242 if (sk == one_sk) 243 continue; 244 if (broadcast_flags != BROADCAST_ALL) { 245 if (broadcast_flags & BROADCAST_PROMISC_ONLY) 246 continue; 247 if ((broadcast_flags & BROADCAST_REGISTERED) && 248 !pfk->registered) 249 continue; 250 if (broadcast_flags & BROADCAST_ONE) 251 continue; 252 } 253 254 err2 = pfkey_broadcast_one(skb, GFP_ATOMIC, sk); 255 256 /* Error is cleared after successful sending to at least one 257 * registered KM */ 258 if ((broadcast_flags & BROADCAST_REGISTERED) && err) 259 err = err2; 260 } 261 rcu_read_unlock(); 262 263 if (one_sk != NULL) 264 err = pfkey_broadcast_one(skb, allocation, one_sk); 265 266 kfree_skb(skb); 267 return err; 268} 269 270static int pfkey_do_dump(struct pfkey_sock *pfk) 271{ 272 struct sadb_msg *hdr; 273 int rc; 274 275 mutex_lock(&pfk->dump_lock); 276 if (!pfk->dump.dump) { 277 rc = 0; 278 goto out; 279 } 280 281 rc = pfk->dump.dump(pfk); 282 if (rc == -ENOBUFS) { 283 rc = 0; 284 goto out; 285 } 286 287 if (pfk->dump.skb) { 288 if (!pfkey_can_dump(&pfk->sk)) { 289 rc = 0; 290 goto out; 291 } 292 293 hdr = (struct sadb_msg *) pfk->dump.skb->data; 294 hdr->sadb_msg_seq = 0; 295 hdr->sadb_msg_errno = rc; 296 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE, 297 &pfk->sk, sock_net(&pfk->sk)); 298 pfk->dump.skb = NULL; 299 } 300 301 pfkey_terminate_dump(pfk); 302 303out: 304 mutex_unlock(&pfk->dump_lock); 305 return rc; 306} 307 308static inline void pfkey_hdr_dup(struct sadb_msg *new, 309 const struct sadb_msg *orig) 310{ 311 *new = *orig; 312} 313 314static int pfkey_error(const struct sadb_msg *orig, int err, struct sock *sk) 315{ 316 struct sk_buff *skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_KERNEL); 317 struct sadb_msg *hdr; 318 319 if (!skb) 320 return -ENOBUFS; 321 322 /* Woe be to the platform trying to support PFKEY yet 323 * having normal errnos outside the 1-255 range, inclusive. 324 */ 325 err = -err; 326 if (err == ERESTARTSYS || 327 err == ERESTARTNOHAND || 328 err == ERESTARTNOINTR) 329 err = EINTR; 330 if (err >= 512) 331 err = EINVAL; 332 BUG_ON(err <= 0 || err >= 256); 333 334 hdr = skb_put(skb, sizeof(struct sadb_msg)); 335 pfkey_hdr_dup(hdr, orig); 336 hdr->sadb_msg_errno = (uint8_t) err; 337 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / 338 sizeof(uint64_t)); 339 340 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ONE, sk, sock_net(sk)); 341 342 return 0; 343} 344 345static const u8 sadb_ext_min_len[] = { 346 [SADB_EXT_RESERVED] = (u8) 0, 347 [SADB_EXT_SA] = (u8) sizeof(struct sadb_sa), 348 [SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime), 349 [SADB_EXT_LIFETIME_HARD] = (u8) sizeof(struct sadb_lifetime), 350 [SADB_EXT_LIFETIME_SOFT] = (u8) sizeof(struct sadb_lifetime), 351 [SADB_EXT_ADDRESS_SRC] = (u8) sizeof(struct sadb_address), 352 [SADB_EXT_ADDRESS_DST] = (u8) sizeof(struct sadb_address), 353 [SADB_EXT_ADDRESS_PROXY] = (u8) sizeof(struct sadb_address), 354 [SADB_EXT_KEY_AUTH] = (u8) sizeof(struct sadb_key), 355 [SADB_EXT_KEY_ENCRYPT] = (u8) sizeof(struct sadb_key), 356 [SADB_EXT_IDENTITY_SRC] = (u8) sizeof(struct sadb_ident), 357 [SADB_EXT_IDENTITY_DST] = (u8) sizeof(struct sadb_ident), 358 [SADB_EXT_SENSITIVITY] = (u8) sizeof(struct sadb_sens), 359 [SADB_EXT_PROPOSAL] = (u8) sizeof(struct sadb_prop), 360 [SADB_EXT_SUPPORTED_AUTH] = (u8) sizeof(struct sadb_supported), 361 [SADB_EXT_SUPPORTED_ENCRYPT] = (u8) sizeof(struct sadb_supported), 362 [SADB_EXT_SPIRANGE] = (u8) sizeof(struct sadb_spirange), 363 [SADB_X_EXT_KMPRIVATE] = (u8) sizeof(struct sadb_x_kmprivate), 364 [SADB_X_EXT_POLICY] = (u8) sizeof(struct sadb_x_policy), 365 [SADB_X_EXT_SA2] = (u8) sizeof(struct sadb_x_sa2), 366 [SADB_X_EXT_NAT_T_TYPE] = (u8) sizeof(struct sadb_x_nat_t_type), 367 [SADB_X_EXT_NAT_T_SPORT] = (u8) sizeof(struct sadb_x_nat_t_port), 368 [SADB_X_EXT_NAT_T_DPORT] = (u8) sizeof(struct sadb_x_nat_t_port), 369 [SADB_X_EXT_NAT_T_OA] = (u8) sizeof(struct sadb_address), 370 [SADB_X_EXT_SEC_CTX] = (u8) sizeof(struct sadb_x_sec_ctx), 371 [SADB_X_EXT_KMADDRESS] = (u8) sizeof(struct sadb_x_kmaddress), 372 [SADB_X_EXT_FILTER] = (u8) sizeof(struct sadb_x_filter), 373}; 374 375/* Verify sadb_address_{len,prefixlen} against sa_family. */ 376static int verify_address_len(const void *p) 377{ 378 const struct sadb_address *sp = p; 379 const struct sockaddr *addr = (const struct sockaddr *)(sp + 1); 380 const struct sockaddr_in *sin; 381#if IS_ENABLED(CONFIG_IPV6) 382 const struct sockaddr_in6 *sin6; 383#endif 384 int len; 385 386 if (sp->sadb_address_len < 387 DIV_ROUND_UP(sizeof(*sp) + offsetofend(typeof(*addr), sa_family), 388 sizeof(uint64_t))) 389 return -EINVAL; 390 391 switch (addr->sa_family) { 392 case AF_INET: 393 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin), sizeof(uint64_t)); 394 if (sp->sadb_address_len != len || 395 sp->sadb_address_prefixlen > 32) 396 return -EINVAL; 397 break; 398#if IS_ENABLED(CONFIG_IPV6) 399 case AF_INET6: 400 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin6), sizeof(uint64_t)); 401 if (sp->sadb_address_len != len || 402 sp->sadb_address_prefixlen > 128) 403 return -EINVAL; 404 break; 405#endif 406 default: 407 /* It is user using kernel to keep track of security 408 * associations for another protocol, such as 409 * OSPF/RSVP/RIPV2/MIP. It is user's job to verify 410 * lengths. 411 * 412 * XXX Actually, association/policy database is not yet 413 * XXX able to cope with arbitrary sockaddr families. 414 * XXX When it can, remove this -EINVAL. -DaveM 415 */ 416 return -EINVAL; 417 } 418 419 return 0; 420} 421 422static inline int sadb_key_len(const struct sadb_key *key) 423{ 424 int key_bytes = DIV_ROUND_UP(key->sadb_key_bits, 8); 425 426 return DIV_ROUND_UP(sizeof(struct sadb_key) + key_bytes, 427 sizeof(uint64_t)); 428} 429 430static int verify_key_len(const void *p) 431{ 432 const struct sadb_key *key = p; 433 434 if (sadb_key_len(key) > key->sadb_key_len) 435 return -EINVAL; 436 437 return 0; 438} 439 440static inline int pfkey_sec_ctx_len(const struct sadb_x_sec_ctx *sec_ctx) 441{ 442 return DIV_ROUND_UP(sizeof(struct sadb_x_sec_ctx) + 443 sec_ctx->sadb_x_ctx_len, 444 sizeof(uint64_t)); 445} 446 447static inline int verify_sec_ctx_len(const void *p) 448{ 449 const struct sadb_x_sec_ctx *sec_ctx = p; 450 int len = sec_ctx->sadb_x_ctx_len; 451 452 if (len > PAGE_SIZE) 453 return -EINVAL; 454 455 len = pfkey_sec_ctx_len(sec_ctx); 456 457 if (sec_ctx->sadb_x_sec_len != len) 458 return -EINVAL; 459 460 return 0; 461} 462 463static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(const struct sadb_x_sec_ctx *sec_ctx, 464 gfp_t gfp) 465{ 466 struct xfrm_user_sec_ctx *uctx = NULL; 467 int ctx_size = sec_ctx->sadb_x_ctx_len; 468 469 uctx = kmalloc((sizeof(*uctx)+ctx_size), gfp); 470 471 if (!uctx) 472 return NULL; 473 474 uctx->len = pfkey_sec_ctx_len(sec_ctx); 475 uctx->exttype = sec_ctx->sadb_x_sec_exttype; 476 uctx->ctx_doi = sec_ctx->sadb_x_ctx_doi; 477 uctx->ctx_alg = sec_ctx->sadb_x_ctx_alg; 478 uctx->ctx_len = sec_ctx->sadb_x_ctx_len; 479 memcpy(uctx + 1, sec_ctx + 1, 480 uctx->ctx_len); 481 482 return uctx; 483} 484 485static int present_and_same_family(const struct sadb_address *src, 486 const struct sadb_address *dst) 487{ 488 const struct sockaddr *s_addr, *d_addr; 489 490 if (!src || !dst) 491 return 0; 492 493 s_addr = (const struct sockaddr *)(src + 1); 494 d_addr = (const struct sockaddr *)(dst + 1); 495 if (s_addr->sa_family != d_addr->sa_family) 496 return 0; 497 if (s_addr->sa_family != AF_INET 498#if IS_ENABLED(CONFIG_IPV6) 499 && s_addr->sa_family != AF_INET6 500#endif 501 ) 502 return 0; 503 504 return 1; 505} 506 507static int parse_exthdrs(struct sk_buff *skb, const struct sadb_msg *hdr, void **ext_hdrs) 508{ 509 const char *p = (char *) hdr; 510 int len = skb->len; 511 512 len -= sizeof(*hdr); 513 p += sizeof(*hdr); 514 while (len > 0) { 515 const struct sadb_ext *ehdr = (const struct sadb_ext *) p; 516 uint16_t ext_type; 517 int ext_len; 518 519 if (len < sizeof(*ehdr)) 520 return -EINVAL; 521 522 ext_len = ehdr->sadb_ext_len; 523 ext_len *= sizeof(uint64_t); 524 ext_type = ehdr->sadb_ext_type; 525 if (ext_len < sizeof(uint64_t) || 526 ext_len > len || 527 ext_type == SADB_EXT_RESERVED) 528 return -EINVAL; 529 530 if (ext_type <= SADB_EXT_MAX) { 531 int min = (int) sadb_ext_min_len[ext_type]; 532 if (ext_len < min) 533 return -EINVAL; 534 if (ext_hdrs[ext_type-1] != NULL) 535 return -EINVAL; 536 switch (ext_type) { 537 case SADB_EXT_ADDRESS_SRC: 538 case SADB_EXT_ADDRESS_DST: 539 case SADB_EXT_ADDRESS_PROXY: 540 case SADB_X_EXT_NAT_T_OA: 541 if (verify_address_len(p)) 542 return -EINVAL; 543 break; 544 case SADB_X_EXT_SEC_CTX: 545 if (verify_sec_ctx_len(p)) 546 return -EINVAL; 547 break; 548 case SADB_EXT_KEY_AUTH: 549 case SADB_EXT_KEY_ENCRYPT: 550 if (verify_key_len(p)) 551 return -EINVAL; 552 break; 553 default: 554 break; 555 } 556 ext_hdrs[ext_type-1] = (void *) p; 557 } 558 p += ext_len; 559 len -= ext_len; 560 } 561 562 return 0; 563} 564 565static uint16_t 566pfkey_satype2proto(uint8_t satype) 567{ 568 switch (satype) { 569 case SADB_SATYPE_UNSPEC: 570 return IPSEC_PROTO_ANY; 571 case SADB_SATYPE_AH: 572 return IPPROTO_AH; 573 case SADB_SATYPE_ESP: 574 return IPPROTO_ESP; 575 case SADB_X_SATYPE_IPCOMP: 576 return IPPROTO_COMP; 577 default: 578 return 0; 579 } 580 /* NOTREACHED */ 581} 582 583static uint8_t 584pfkey_proto2satype(uint16_t proto) 585{ 586 switch (proto) { 587 case IPPROTO_AH: 588 return SADB_SATYPE_AH; 589 case IPPROTO_ESP: 590 return SADB_SATYPE_ESP; 591 case IPPROTO_COMP: 592 return SADB_X_SATYPE_IPCOMP; 593 default: 594 return 0; 595 } 596 /* NOTREACHED */ 597} 598 599/* BTW, this scheme means that there is no way with PFKEY2 sockets to 600 * say specifically 'just raw sockets' as we encode them as 255. 601 */ 602 603static uint8_t pfkey_proto_to_xfrm(uint8_t proto) 604{ 605 return proto == IPSEC_PROTO_ANY ? 0 : proto; 606} 607 608static uint8_t pfkey_proto_from_xfrm(uint8_t proto) 609{ 610 return proto ? proto : IPSEC_PROTO_ANY; 611} 612 613static inline int pfkey_sockaddr_len(sa_family_t family) 614{ 615 switch (family) { 616 case AF_INET: 617 return sizeof(struct sockaddr_in); 618#if IS_ENABLED(CONFIG_IPV6) 619 case AF_INET6: 620 return sizeof(struct sockaddr_in6); 621#endif 622 } 623 return 0; 624} 625 626static 627int pfkey_sockaddr_extract(const struct sockaddr *sa, xfrm_address_t *xaddr) 628{ 629 switch (sa->sa_family) { 630 case AF_INET: 631 xaddr->a4 = 632 ((struct sockaddr_in *)sa)->sin_addr.s_addr; 633 return AF_INET; 634#if IS_ENABLED(CONFIG_IPV6) 635 case AF_INET6: 636 memcpy(xaddr->a6, 637 &((struct sockaddr_in6 *)sa)->sin6_addr, 638 sizeof(struct in6_addr)); 639 return AF_INET6; 640#endif 641 } 642 return 0; 643} 644 645static 646int pfkey_sadb_addr2xfrm_addr(const struct sadb_address *addr, xfrm_address_t *xaddr) 647{ 648 return pfkey_sockaddr_extract((struct sockaddr *)(addr + 1), 649 xaddr); 650} 651 652static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, const struct sadb_msg *hdr, void * const *ext_hdrs) 653{ 654 const struct sadb_sa *sa; 655 const struct sadb_address *addr; 656 uint16_t proto; 657 unsigned short family; 658 xfrm_address_t *xaddr; 659 660 sa = ext_hdrs[SADB_EXT_SA - 1]; 661 if (sa == NULL) 662 return NULL; 663 664 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 665 if (proto == 0) 666 return NULL; 667 668 /* sadb_address_len should be checked by caller */ 669 addr = ext_hdrs[SADB_EXT_ADDRESS_DST - 1]; 670 if (addr == NULL) 671 return NULL; 672 673 family = ((const struct sockaddr *)(addr + 1))->sa_family; 674 switch (family) { 675 case AF_INET: 676 xaddr = (xfrm_address_t *)&((const struct sockaddr_in *)(addr + 1))->sin_addr; 677 break; 678#if IS_ENABLED(CONFIG_IPV6) 679 case AF_INET6: 680 xaddr = (xfrm_address_t *)&((const struct sockaddr_in6 *)(addr + 1))->sin6_addr; 681 break; 682#endif 683 default: 684 xaddr = NULL; 685 } 686 687 if (!xaddr) 688 return NULL; 689 690 return xfrm_state_lookup(net, DUMMY_MARK, xaddr, sa->sadb_sa_spi, proto, family); 691} 692 693#define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1))) 694 695static int 696pfkey_sockaddr_size(sa_family_t family) 697{ 698 return PFKEY_ALIGN8(pfkey_sockaddr_len(family)); 699} 700 701static inline int pfkey_mode_from_xfrm(int mode) 702{ 703 switch(mode) { 704 case XFRM_MODE_TRANSPORT: 705 return IPSEC_MODE_TRANSPORT; 706 case XFRM_MODE_TUNNEL: 707 return IPSEC_MODE_TUNNEL; 708 case XFRM_MODE_BEET: 709 return IPSEC_MODE_BEET; 710 default: 711 return -1; 712 } 713} 714 715static inline int pfkey_mode_to_xfrm(int mode) 716{ 717 switch(mode) { 718 case IPSEC_MODE_ANY: /*XXX*/ 719 case IPSEC_MODE_TRANSPORT: 720 return XFRM_MODE_TRANSPORT; 721 case IPSEC_MODE_TUNNEL: 722 return XFRM_MODE_TUNNEL; 723 case IPSEC_MODE_BEET: 724 return XFRM_MODE_BEET; 725 default: 726 return -1; 727 } 728} 729 730static unsigned int pfkey_sockaddr_fill(const xfrm_address_t *xaddr, __be16 port, 731 struct sockaddr *sa, 732 unsigned short family) 733{ 734 switch (family) { 735 case AF_INET: 736 { 737 struct sockaddr_in *sin = (struct sockaddr_in *)sa; 738 sin->sin_family = AF_INET; 739 sin->sin_port = port; 740 sin->sin_addr.s_addr = xaddr->a4; 741 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 742 return 32; 743 } 744#if IS_ENABLED(CONFIG_IPV6) 745 case AF_INET6: 746 { 747 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa; 748 sin6->sin6_family = AF_INET6; 749 sin6->sin6_port = port; 750 sin6->sin6_flowinfo = 0; 751 sin6->sin6_addr = xaddr->in6; 752 sin6->sin6_scope_id = 0; 753 return 128; 754 } 755#endif 756 } 757 return 0; 758} 759 760static struct sk_buff *__pfkey_xfrm_state2msg(const struct xfrm_state *x, 761 int add_keys, int hsc) 762{ 763 struct sk_buff *skb; 764 struct sadb_msg *hdr; 765 struct sadb_sa *sa; 766 struct sadb_lifetime *lifetime; 767 struct sadb_address *addr; 768 struct sadb_key *key; 769 struct sadb_x_sa2 *sa2; 770 struct sadb_x_sec_ctx *sec_ctx; 771 struct xfrm_sec_ctx *xfrm_ctx; 772 int ctx_size = 0; 773 int size; 774 int auth_key_size = 0; 775 int encrypt_key_size = 0; 776 int sockaddr_size; 777 struct xfrm_encap_tmpl *natt = NULL; 778 int mode; 779 780 /* address family check */ 781 sockaddr_size = pfkey_sockaddr_size(x->props.family); 782 if (!sockaddr_size) 783 return ERR_PTR(-EINVAL); 784 785 /* base, SA, (lifetime (HSC),) address(SD), (address(P),) 786 key(AE), (identity(SD),) (sensitivity)> */ 787 size = sizeof(struct sadb_msg) +sizeof(struct sadb_sa) + 788 sizeof(struct sadb_lifetime) + 789 ((hsc & 1) ? sizeof(struct sadb_lifetime) : 0) + 790 ((hsc & 2) ? sizeof(struct sadb_lifetime) : 0) + 791 sizeof(struct sadb_address)*2 + 792 sockaddr_size*2 + 793 sizeof(struct sadb_x_sa2); 794 795 if ((xfrm_ctx = x->security)) { 796 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len); 797 size += sizeof(struct sadb_x_sec_ctx) + ctx_size; 798 } 799 800 /* identity & sensitivity */ 801 if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, x->props.family)) 802 size += sizeof(struct sadb_address) + sockaddr_size; 803 804 if (add_keys) { 805 if (x->aalg && x->aalg->alg_key_len) { 806 auth_key_size = 807 PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8); 808 size += sizeof(struct sadb_key) + auth_key_size; 809 } 810 if (x->ealg && x->ealg->alg_key_len) { 811 encrypt_key_size = 812 PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8); 813 size += sizeof(struct sadb_key) + encrypt_key_size; 814 } 815 } 816 if (x->encap) 817 natt = x->encap; 818 819 if (natt && natt->encap_type) { 820 size += sizeof(struct sadb_x_nat_t_type); 821 size += sizeof(struct sadb_x_nat_t_port); 822 size += sizeof(struct sadb_x_nat_t_port); 823 } 824 825 skb = alloc_skb(size + 16, GFP_ATOMIC); 826 if (skb == NULL) 827 return ERR_PTR(-ENOBUFS); 828 829 /* call should fill header later */ 830 hdr = skb_put(skb, sizeof(struct sadb_msg)); 831 memset(hdr, 0, size); /* XXX do we need this ? */ 832 hdr->sadb_msg_len = size / sizeof(uint64_t); 833 834 /* sa */ 835 sa = skb_put(skb, sizeof(struct sadb_sa)); 836 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t); 837 sa->sadb_sa_exttype = SADB_EXT_SA; 838 sa->sadb_sa_spi = x->id.spi; 839 sa->sadb_sa_replay = x->props.replay_window; 840 switch (x->km.state) { 841 case XFRM_STATE_VALID: 842 sa->sadb_sa_state = x->km.dying ? 843 SADB_SASTATE_DYING : SADB_SASTATE_MATURE; 844 break; 845 case XFRM_STATE_ACQ: 846 sa->sadb_sa_state = SADB_SASTATE_LARVAL; 847 break; 848 default: 849 sa->sadb_sa_state = SADB_SASTATE_DEAD; 850 break; 851 } 852 sa->sadb_sa_auth = 0; 853 if (x->aalg) { 854 struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0); 855 sa->sadb_sa_auth = (a && a->pfkey_supported) ? 856 a->desc.sadb_alg_id : 0; 857 } 858 sa->sadb_sa_encrypt = 0; 859 BUG_ON(x->ealg && x->calg); 860 if (x->ealg) { 861 struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0); 862 sa->sadb_sa_encrypt = (a && a->pfkey_supported) ? 863 a->desc.sadb_alg_id : 0; 864 } 865 /* KAME compatible: sadb_sa_encrypt is overloaded with calg id */ 866 if (x->calg) { 867 struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0); 868 sa->sadb_sa_encrypt = (a && a->pfkey_supported) ? 869 a->desc.sadb_alg_id : 0; 870 } 871 872 sa->sadb_sa_flags = 0; 873 if (x->props.flags & XFRM_STATE_NOECN) 874 sa->sadb_sa_flags |= SADB_SAFLAGS_NOECN; 875 if (x->props.flags & XFRM_STATE_DECAP_DSCP) 876 sa->sadb_sa_flags |= SADB_SAFLAGS_DECAP_DSCP; 877 if (x->props.flags & XFRM_STATE_NOPMTUDISC) 878 sa->sadb_sa_flags |= SADB_SAFLAGS_NOPMTUDISC; 879 880 /* hard time */ 881 if (hsc & 2) { 882 lifetime = skb_put(skb, sizeof(struct sadb_lifetime)); 883 lifetime->sadb_lifetime_len = 884 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 885 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 886 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.hard_packet_limit); 887 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.hard_byte_limit); 888 lifetime->sadb_lifetime_addtime = x->lft.hard_add_expires_seconds; 889 lifetime->sadb_lifetime_usetime = x->lft.hard_use_expires_seconds; 890 } 891 /* soft time */ 892 if (hsc & 1) { 893 lifetime = skb_put(skb, sizeof(struct sadb_lifetime)); 894 lifetime->sadb_lifetime_len = 895 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 896 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 897 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.soft_packet_limit); 898 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.soft_byte_limit); 899 lifetime->sadb_lifetime_addtime = x->lft.soft_add_expires_seconds; 900 lifetime->sadb_lifetime_usetime = x->lft.soft_use_expires_seconds; 901 } 902 /* current time */ 903 lifetime = skb_put(skb, sizeof(struct sadb_lifetime)); 904 lifetime->sadb_lifetime_len = 905 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 906 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 907 lifetime->sadb_lifetime_allocations = x->curlft.packets; 908 lifetime->sadb_lifetime_bytes = x->curlft.bytes; 909 lifetime->sadb_lifetime_addtime = x->curlft.add_time; 910 lifetime->sadb_lifetime_usetime = x->curlft.use_time; 911 /* src address */ 912 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size); 913 addr->sadb_address_len = 914 (sizeof(struct sadb_address)+sockaddr_size)/ 915 sizeof(uint64_t); 916 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 917 /* "if the ports are non-zero, then the sadb_address_proto field, 918 normally zero, MUST be filled in with the transport 919 protocol's number." - RFC2367 */ 920 addr->sadb_address_proto = 0; 921 addr->sadb_address_reserved = 0; 922 923 addr->sadb_address_prefixlen = 924 pfkey_sockaddr_fill(&x->props.saddr, 0, 925 (struct sockaddr *) (addr + 1), 926 x->props.family); 927 BUG_ON(!addr->sadb_address_prefixlen); 928 929 /* dst address */ 930 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size); 931 addr->sadb_address_len = 932 (sizeof(struct sadb_address)+sockaddr_size)/ 933 sizeof(uint64_t); 934 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 935 addr->sadb_address_proto = 0; 936 addr->sadb_address_reserved = 0; 937 938 addr->sadb_address_prefixlen = 939 pfkey_sockaddr_fill(&x->id.daddr, 0, 940 (struct sockaddr *) (addr + 1), 941 x->props.family); 942 BUG_ON(!addr->sadb_address_prefixlen); 943 944 if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, 945 x->props.family)) { 946 addr = skb_put(skb, 947 sizeof(struct sadb_address) + sockaddr_size); 948 addr->sadb_address_len = 949 (sizeof(struct sadb_address)+sockaddr_size)/ 950 sizeof(uint64_t); 951 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY; 952 addr->sadb_address_proto = 953 pfkey_proto_from_xfrm(x->sel.proto); 954 addr->sadb_address_prefixlen = x->sel.prefixlen_s; 955 addr->sadb_address_reserved = 0; 956 957 pfkey_sockaddr_fill(&x->sel.saddr, x->sel.sport, 958 (struct sockaddr *) (addr + 1), 959 x->props.family); 960 } 961 962 /* auth key */ 963 if (add_keys && auth_key_size) { 964 key = skb_put(skb, sizeof(struct sadb_key) + auth_key_size); 965 key->sadb_key_len = (sizeof(struct sadb_key) + auth_key_size) / 966 sizeof(uint64_t); 967 key->sadb_key_exttype = SADB_EXT_KEY_AUTH; 968 key->sadb_key_bits = x->aalg->alg_key_len; 969 key->sadb_key_reserved = 0; 970 memcpy(key + 1, x->aalg->alg_key, (x->aalg->alg_key_len+7)/8); 971 } 972 /* encrypt key */ 973 if (add_keys && encrypt_key_size) { 974 key = skb_put(skb, sizeof(struct sadb_key) + encrypt_key_size); 975 key->sadb_key_len = (sizeof(struct sadb_key) + 976 encrypt_key_size) / sizeof(uint64_t); 977 key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT; 978 key->sadb_key_bits = x->ealg->alg_key_len; 979 key->sadb_key_reserved = 0; 980 memcpy(key + 1, x->ealg->alg_key, 981 (x->ealg->alg_key_len+7)/8); 982 } 983 984 /* sa */ 985 sa2 = skb_put(skb, sizeof(struct sadb_x_sa2)); 986 sa2->sadb_x_sa2_len = sizeof(struct sadb_x_sa2)/sizeof(uint64_t); 987 sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 988 if ((mode = pfkey_mode_from_xfrm(x->props.mode)) < 0) { 989 kfree_skb(skb); 990 return ERR_PTR(-EINVAL); 991 } 992 sa2->sadb_x_sa2_mode = mode; 993 sa2->sadb_x_sa2_reserved1 = 0; 994 sa2->sadb_x_sa2_reserved2 = 0; 995 sa2->sadb_x_sa2_sequence = 0; 996 sa2->sadb_x_sa2_reqid = x->props.reqid; 997 998 if (natt && natt->encap_type) { 999 struct sadb_x_nat_t_type *n_type; 1000 struct sadb_x_nat_t_port *n_port; 1001 1002 /* type */ 1003 n_type = skb_put(skb, sizeof(*n_type)); 1004 n_type->sadb_x_nat_t_type_len = sizeof(*n_type)/sizeof(uint64_t); 1005 n_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 1006 n_type->sadb_x_nat_t_type_type = natt->encap_type; 1007 n_type->sadb_x_nat_t_type_reserved[0] = 0; 1008 n_type->sadb_x_nat_t_type_reserved[1] = 0; 1009 n_type->sadb_x_nat_t_type_reserved[2] = 0; 1010 1011 /* source port */ 1012 n_port = skb_put(skb, sizeof(*n_port)); 1013 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t); 1014 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT; 1015 n_port->sadb_x_nat_t_port_port = natt->encap_sport; 1016 n_port->sadb_x_nat_t_port_reserved = 0; 1017 1018 /* dest port */ 1019 n_port = skb_put(skb, sizeof(*n_port)); 1020 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t); 1021 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT; 1022 n_port->sadb_x_nat_t_port_port = natt->encap_dport; 1023 n_port->sadb_x_nat_t_port_reserved = 0; 1024 } 1025 1026 /* security context */ 1027 if (xfrm_ctx) { 1028 sec_ctx = skb_put(skb, 1029 sizeof(struct sadb_x_sec_ctx) + ctx_size); 1030 sec_ctx->sadb_x_sec_len = 1031 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t); 1032 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX; 1033 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi; 1034 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg; 1035 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len; 1036 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str, 1037 xfrm_ctx->ctx_len); 1038 } 1039 1040 return skb; 1041} 1042 1043 1044static inline struct sk_buff *pfkey_xfrm_state2msg(const struct xfrm_state *x) 1045{ 1046 struct sk_buff *skb; 1047 1048 skb = __pfkey_xfrm_state2msg(x, 1, 3); 1049 1050 return skb; 1051} 1052 1053static inline struct sk_buff *pfkey_xfrm_state2msg_expire(const struct xfrm_state *x, 1054 int hsc) 1055{ 1056 return __pfkey_xfrm_state2msg(x, 0, hsc); 1057} 1058 1059static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, 1060 const struct sadb_msg *hdr, 1061 void * const *ext_hdrs) 1062{ 1063 struct xfrm_state *x; 1064 const struct sadb_lifetime *lifetime; 1065 const struct sadb_sa *sa; 1066 const struct sadb_key *key; 1067 const struct sadb_x_sec_ctx *sec_ctx; 1068 uint16_t proto; 1069 int err; 1070 1071 1072 sa = ext_hdrs[SADB_EXT_SA - 1]; 1073 if (!sa || 1074 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1075 ext_hdrs[SADB_EXT_ADDRESS_DST-1])) 1076 return ERR_PTR(-EINVAL); 1077 if (hdr->sadb_msg_satype == SADB_SATYPE_ESP && 1078 !ext_hdrs[SADB_EXT_KEY_ENCRYPT-1]) 1079 return ERR_PTR(-EINVAL); 1080 if (hdr->sadb_msg_satype == SADB_SATYPE_AH && 1081 !ext_hdrs[SADB_EXT_KEY_AUTH-1]) 1082 return ERR_PTR(-EINVAL); 1083 if (!!ext_hdrs[SADB_EXT_LIFETIME_HARD-1] != 1084 !!ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]) 1085 return ERR_PTR(-EINVAL); 1086 1087 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 1088 if (proto == 0) 1089 return ERR_PTR(-EINVAL); 1090 1091 /* default error is no buffer space */ 1092 err = -ENOBUFS; 1093 1094 /* RFC2367: 1095 1096 Only SADB_SASTATE_MATURE SAs may be submitted in an SADB_ADD message. 1097 SADB_SASTATE_LARVAL SAs are created by SADB_GETSPI and it is not 1098 sensible to add a new SA in the DYING or SADB_SASTATE_DEAD state. 1099 Therefore, the sadb_sa_state field of all submitted SAs MUST be 1100 SADB_SASTATE_MATURE and the kernel MUST return an error if this is 1101 not true. 1102 1103 However, KAME setkey always uses SADB_SASTATE_LARVAL. 1104 Hence, we have to _ignore_ sadb_sa_state, which is also reasonable. 1105 */ 1106 if (sa->sadb_sa_auth > SADB_AALG_MAX || 1107 (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP && 1108 sa->sadb_sa_encrypt > SADB_X_CALG_MAX) || 1109 sa->sadb_sa_encrypt > SADB_EALG_MAX) 1110 return ERR_PTR(-EINVAL); 1111 key = ext_hdrs[SADB_EXT_KEY_AUTH - 1]; 1112 if (key != NULL && 1113 sa->sadb_sa_auth != SADB_X_AALG_NULL && 1114 key->sadb_key_bits == 0) 1115 return ERR_PTR(-EINVAL); 1116 key = ext_hdrs[SADB_EXT_KEY_ENCRYPT-1]; 1117 if (key != NULL && 1118 sa->sadb_sa_encrypt != SADB_EALG_NULL && 1119 key->sadb_key_bits == 0) 1120 return ERR_PTR(-EINVAL); 1121 1122 x = xfrm_state_alloc(net); 1123 if (x == NULL) 1124 return ERR_PTR(-ENOBUFS); 1125 1126 x->id.proto = proto; 1127 x->id.spi = sa->sadb_sa_spi; 1128 x->props.replay_window = min_t(unsigned int, sa->sadb_sa_replay, 1129 (sizeof(x->replay.bitmap) * 8)); 1130 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOECN) 1131 x->props.flags |= XFRM_STATE_NOECN; 1132 if (sa->sadb_sa_flags & SADB_SAFLAGS_DECAP_DSCP) 1133 x->props.flags |= XFRM_STATE_DECAP_DSCP; 1134 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC) 1135 x->props.flags |= XFRM_STATE_NOPMTUDISC; 1136 1137 lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD - 1]; 1138 if (lifetime != NULL) { 1139 x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); 1140 x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); 1141 x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime; 1142 x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime; 1143 } 1144 lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT - 1]; 1145 if (lifetime != NULL) { 1146 x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); 1147 x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); 1148 x->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime; 1149 x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime; 1150 } 1151 1152 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1]; 1153 if (sec_ctx != NULL) { 1154 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL); 1155 1156 if (!uctx) 1157 goto out; 1158 1159 err = security_xfrm_state_alloc(x, uctx); 1160 kfree(uctx); 1161 1162 if (err) 1163 goto out; 1164 } 1165 1166 err = -ENOBUFS; 1167 key = ext_hdrs[SADB_EXT_KEY_AUTH - 1]; 1168 if (sa->sadb_sa_auth) { 1169 int keysize = 0; 1170 struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth); 1171 if (!a || !a->pfkey_supported) { 1172 err = -ENOSYS; 1173 goto out; 1174 } 1175 if (key) 1176 keysize = (key->sadb_key_bits + 7) / 8; 1177 x->aalg = kmalloc(sizeof(*x->aalg) + keysize, GFP_KERNEL); 1178 if (!x->aalg) { 1179 err = -ENOMEM; 1180 goto out; 1181 } 1182 strcpy(x->aalg->alg_name, a->name); 1183 x->aalg->alg_key_len = 0; 1184 if (key) { 1185 x->aalg->alg_key_len = key->sadb_key_bits; 1186 memcpy(x->aalg->alg_key, key+1, keysize); 1187 } 1188 x->aalg->alg_trunc_len = a->uinfo.auth.icv_truncbits; 1189 x->props.aalgo = sa->sadb_sa_auth; 1190 /* x->algo.flags = sa->sadb_sa_flags; */ 1191 } 1192 if (sa->sadb_sa_encrypt) { 1193 if (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) { 1194 struct xfrm_algo_desc *a = xfrm_calg_get_byid(sa->sadb_sa_encrypt); 1195 if (!a || !a->pfkey_supported) { 1196 err = -ENOSYS; 1197 goto out; 1198 } 1199 x->calg = kmalloc(sizeof(*x->calg), GFP_KERNEL); 1200 if (!x->calg) { 1201 err = -ENOMEM; 1202 goto out; 1203 } 1204 strcpy(x->calg->alg_name, a->name); 1205 x->props.calgo = sa->sadb_sa_encrypt; 1206 } else { 1207 int keysize = 0; 1208 struct xfrm_algo_desc *a = xfrm_ealg_get_byid(sa->sadb_sa_encrypt); 1209 if (!a || !a->pfkey_supported) { 1210 err = -ENOSYS; 1211 goto out; 1212 } 1213 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_ENCRYPT-1]; 1214 if (key) 1215 keysize = (key->sadb_key_bits + 7) / 8; 1216 x->ealg = kmalloc(sizeof(*x->ealg) + keysize, GFP_KERNEL); 1217 if (!x->ealg) { 1218 err = -ENOMEM; 1219 goto out; 1220 } 1221 strcpy(x->ealg->alg_name, a->name); 1222 x->ealg->alg_key_len = 0; 1223 if (key) { 1224 x->ealg->alg_key_len = key->sadb_key_bits; 1225 memcpy(x->ealg->alg_key, key+1, keysize); 1226 } 1227 x->props.ealgo = sa->sadb_sa_encrypt; 1228 x->geniv = a->uinfo.encr.geniv; 1229 } 1230 } 1231 /* x->algo.flags = sa->sadb_sa_flags; */ 1232 1233 x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1234 &x->props.saddr); 1235 pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1], 1236 &x->id.daddr); 1237 1238 if (ext_hdrs[SADB_X_EXT_SA2-1]) { 1239 const struct sadb_x_sa2 *sa2 = ext_hdrs[SADB_X_EXT_SA2-1]; 1240 int mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode); 1241 if (mode < 0) { 1242 err = -EINVAL; 1243 goto out; 1244 } 1245 x->props.mode = mode; 1246 x->props.reqid = sa2->sadb_x_sa2_reqid; 1247 } 1248 1249 if (ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]) { 1250 const struct sadb_address *addr = ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]; 1251 1252 /* Nobody uses this, but we try. */ 1253 x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr); 1254 x->sel.prefixlen_s = addr->sadb_address_prefixlen; 1255 } 1256 1257 if (!x->sel.family) 1258 x->sel.family = x->props.family; 1259 1260 if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) { 1261 const struct sadb_x_nat_t_type* n_type; 1262 struct xfrm_encap_tmpl *natt; 1263 1264 x->encap = kzalloc(sizeof(*x->encap), GFP_KERNEL); 1265 if (!x->encap) { 1266 err = -ENOMEM; 1267 goto out; 1268 } 1269 1270 natt = x->encap; 1271 n_type = ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]; 1272 natt->encap_type = n_type->sadb_x_nat_t_type_type; 1273 1274 if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) { 1275 const struct sadb_x_nat_t_port *n_port = 1276 ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]; 1277 natt->encap_sport = n_port->sadb_x_nat_t_port_port; 1278 } 1279 if (ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]) { 1280 const struct sadb_x_nat_t_port *n_port = 1281 ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]; 1282 natt->encap_dport = n_port->sadb_x_nat_t_port_port; 1283 } 1284 } 1285 1286 err = xfrm_init_state(x); 1287 if (err) 1288 goto out; 1289 1290 x->km.seq = hdr->sadb_msg_seq; 1291 return x; 1292 1293out: 1294 x->km.state = XFRM_STATE_DEAD; 1295 xfrm_state_put(x); 1296 return ERR_PTR(err); 1297} 1298 1299static int pfkey_reserved(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) 1300{ 1301 return -EOPNOTSUPP; 1302} 1303 1304static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) 1305{ 1306 struct net *net = sock_net(sk); 1307 struct sk_buff *resp_skb; 1308 struct sadb_x_sa2 *sa2; 1309 struct sadb_address *saddr, *daddr; 1310 struct sadb_msg *out_hdr; 1311 struct sadb_spirange *range; 1312 struct xfrm_state *x = NULL; 1313 int mode; 1314 int err; 1315 u32 min_spi, max_spi; 1316 u32 reqid; 1317 u8 proto; 1318 unsigned short family; 1319 xfrm_address_t *xsaddr = NULL, *xdaddr = NULL; 1320 1321 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1322 ext_hdrs[SADB_EXT_ADDRESS_DST-1])) 1323 return -EINVAL; 1324 1325 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 1326 if (proto == 0) 1327 return -EINVAL; 1328 1329 if ((sa2 = ext_hdrs[SADB_X_EXT_SA2-1]) != NULL) { 1330 mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode); 1331 if (mode < 0) 1332 return -EINVAL; 1333 reqid = sa2->sadb_x_sa2_reqid; 1334 } else { 1335 mode = 0; 1336 reqid = 0; 1337 } 1338 1339 saddr = ext_hdrs[SADB_EXT_ADDRESS_SRC-1]; 1340 daddr = ext_hdrs[SADB_EXT_ADDRESS_DST-1]; 1341 1342 family = ((struct sockaddr *)(saddr + 1))->sa_family; 1343 switch (family) { 1344 case AF_INET: 1345 xdaddr = (xfrm_address_t *)&((struct sockaddr_in *)(daddr + 1))->sin_addr.s_addr; 1346 xsaddr = (xfrm_address_t *)&((struct sockaddr_in *)(saddr + 1))->sin_addr.s_addr; 1347 break; 1348#if IS_ENABLED(CONFIG_IPV6) 1349 case AF_INET6: 1350 xdaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(daddr + 1))->sin6_addr; 1351 xsaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(saddr + 1))->sin6_addr; 1352 break; 1353#endif 1354 } 1355 1356 if (hdr->sadb_msg_seq) { 1357 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq); 1358 if (x && !xfrm_addr_equal(&x->id.daddr, xdaddr, family)) { 1359 xfrm_state_put(x); 1360 x = NULL; 1361 } 1362 } 1363 1364 if (!x) 1365 x = xfrm_find_acq(net, &dummy_mark, mode, reqid, 0, proto, xdaddr, xsaddr, 1, family); 1366 1367 if (x == NULL) 1368 return -ENOENT; 1369 1370 min_spi = 0x100; 1371 max_spi = 0x0fffffff; 1372 1373 range = ext_hdrs[SADB_EXT_SPIRANGE-1]; 1374 if (range) { 1375 min_spi = range->sadb_spirange_min; 1376 max_spi = range->sadb_spirange_max; 1377 } 1378 1379 err = verify_spi_info(x->id.proto, min_spi, max_spi, NULL); 1380 if (err) { 1381 xfrm_state_put(x); 1382 return err; 1383 } 1384 1385 err = xfrm_alloc_spi(x, min_spi, max_spi, NULL); 1386 resp_skb = err ? ERR_PTR(err) : pfkey_xfrm_state2msg(x); 1387 1388 if (IS_ERR(resp_skb)) { 1389 xfrm_state_put(x); 1390 return PTR_ERR(resp_skb); 1391 } 1392 1393 out_hdr = (struct sadb_msg *) resp_skb->data; 1394 out_hdr->sadb_msg_version = hdr->sadb_msg_version; 1395 out_hdr->sadb_msg_type = SADB_GETSPI; 1396 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto); 1397 out_hdr->sadb_msg_errno = 0; 1398 out_hdr->sadb_msg_reserved = 0; 1399 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq; 1400 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid; 1401 1402 xfrm_state_put(x); 1403 1404 pfkey_broadcast(resp_skb, GFP_KERNEL, BROADCAST_ONE, sk, net); 1405 1406 return 0; 1407} 1408 1409static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) 1410{ 1411 struct net *net = sock_net(sk); 1412 struct xfrm_state *x; 1413 1414 if (hdr->sadb_msg_len != sizeof(struct sadb_msg)/8) 1415 return -EOPNOTSUPP; 1416 1417 if (hdr->sadb_msg_seq == 0 || hdr->sadb_msg_errno == 0) 1418 return 0; 1419 1420 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq); 1421 if (x == NULL) 1422 return 0; 1423 1424 spin_lock_bh(&x->lock); 1425 if (x->km.state == XFRM_STATE_ACQ) 1426 x->km.state = XFRM_STATE_ERROR; 1427 1428 spin_unlock_bh(&x->lock); 1429 xfrm_state_put(x); 1430 return 0; 1431} 1432 1433static inline int event2poltype(int event) 1434{ 1435 switch (event) { 1436 case XFRM_MSG_DELPOLICY: 1437 return SADB_X_SPDDELETE; 1438 case XFRM_MSG_NEWPOLICY: 1439 return SADB_X_SPDADD; 1440 case XFRM_MSG_UPDPOLICY: 1441 return SADB_X_SPDUPDATE; 1442 case XFRM_MSG_POLEXPIRE: 1443 // return SADB_X_SPDEXPIRE; 1444 default: 1445 pr_err("pfkey: Unknown policy event %d\n", event); 1446 break; 1447 } 1448 1449 return 0; 1450} 1451 1452static inline int event2keytype(int event) 1453{ 1454 switch (event) { 1455 case XFRM_MSG_DELSA: 1456 return SADB_DELETE; 1457 case XFRM_MSG_NEWSA: 1458 return SADB_ADD; 1459 case XFRM_MSG_UPDSA: 1460 return SADB_UPDATE; 1461 case XFRM_MSG_EXPIRE: 1462 return SADB_EXPIRE; 1463 default: 1464 pr_err("pfkey: Unknown SA event %d\n", event); 1465 break; 1466 } 1467 1468 return 0; 1469} 1470 1471/* ADD/UPD/DEL */ 1472static int key_notify_sa(struct xfrm_state *x, const struct km_event *c) 1473{ 1474 struct sk_buff *skb; 1475 struct sadb_msg *hdr; 1476 1477 skb = pfkey_xfrm_state2msg(x); 1478 1479 if (IS_ERR(skb)) 1480 return PTR_ERR(skb); 1481 1482 hdr = (struct sadb_msg *) skb->data; 1483 hdr->sadb_msg_version = PF_KEY_V2; 1484 hdr->sadb_msg_type = event2keytype(c->event); 1485 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); 1486 hdr->sadb_msg_errno = 0; 1487 hdr->sadb_msg_reserved = 0; 1488 hdr->sadb_msg_seq = c->seq; 1489 hdr->sadb_msg_pid = c->portid; 1490 1491 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xs_net(x)); 1492 1493 return 0; 1494} 1495 1496static int pfkey_add(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) 1497{ 1498 struct net *net = sock_net(sk); 1499 struct xfrm_state *x; 1500 int err; 1501 struct km_event c; 1502 1503 x = pfkey_msg2xfrm_state(net, hdr, ext_hdrs); 1504 if (IS_ERR(x)) 1505 return PTR_ERR(x); 1506 1507 xfrm_state_hold(x); 1508 if (hdr->sadb_msg_type == SADB_ADD) 1509 err = xfrm_state_add(x); 1510 else 1511 err = xfrm_state_update(x); 1512 1513 xfrm_audit_state_add(x, err ? 0 : 1, true); 1514 1515 if (err < 0) { 1516 x->km.state = XFRM_STATE_DEAD; 1517 __xfrm_state_put(x); 1518 goto out; 1519 } 1520 1521 if (hdr->sadb_msg_type == SADB_ADD) 1522 c.event = XFRM_MSG_NEWSA; 1523 else 1524 c.event = XFRM_MSG_UPDSA; 1525 c.seq = hdr->sadb_msg_seq; 1526 c.portid = hdr->sadb_msg_pid; 1527 km_state_notify(x, &c); 1528out: 1529 xfrm_state_put(x); 1530 return err; 1531} 1532 1533static int pfkey_delete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) 1534{ 1535 struct net *net = sock_net(sk); 1536 struct xfrm_state *x; 1537 struct km_event c; 1538 int err; 1539 1540 if (!ext_hdrs[SADB_EXT_SA-1] || 1541 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1542 ext_hdrs[SADB_EXT_ADDRESS_DST-1])) 1543 return -EINVAL; 1544 1545 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs); 1546 if (x == NULL) 1547 return -ESRCH; 1548 1549 if ((err = security_xfrm_state_delete(x))) 1550 goto out; 1551 1552 if (xfrm_state_kern(x)) { 1553 err = -EPERM; 1554 goto out; 1555 } 1556 1557 err = xfrm_state_delete(x); 1558 1559 if (err < 0) 1560 goto out; 1561 1562 c.seq = hdr->sadb_msg_seq; 1563 c.portid = hdr->sadb_msg_pid; 1564 c.event = XFRM_MSG_DELSA; 1565 km_state_notify(x, &c); 1566out: 1567 xfrm_audit_state_delete(x, err ? 0 : 1, true); 1568 xfrm_state_put(x); 1569 1570 return err; 1571} 1572 1573static int pfkey_get(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) 1574{ 1575 struct net *net = sock_net(sk); 1576 __u8 proto; 1577 struct sk_buff *out_skb; 1578 struct sadb_msg *out_hdr; 1579 struct xfrm_state *x; 1580 1581 if (!ext_hdrs[SADB_EXT_SA-1] || 1582 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1583 ext_hdrs[SADB_EXT_ADDRESS_DST-1])) 1584 return -EINVAL; 1585 1586 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs); 1587 if (x == NULL) 1588 return -ESRCH; 1589 1590 out_skb = pfkey_xfrm_state2msg(x); 1591 proto = x->id.proto; 1592 xfrm_state_put(x); 1593 if (IS_ERR(out_skb)) 1594 return PTR_ERR(out_skb); 1595 1596 out_hdr = (struct sadb_msg *) out_skb->data; 1597 out_hdr->sadb_msg_version = hdr->sadb_msg_version; 1598 out_hdr->sadb_msg_type = SADB_GET; 1599 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto); 1600 out_hdr->sadb_msg_errno = 0; 1601 out_hdr->sadb_msg_reserved = 0; 1602 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq; 1603 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid; 1604 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk)); 1605 1606 return 0; 1607} 1608 1609static struct sk_buff *compose_sadb_supported(const struct sadb_msg *orig, 1610 gfp_t allocation) 1611{ 1612 struct sk_buff *skb; 1613 struct sadb_msg *hdr; 1614 int len, auth_len, enc_len, i; 1615 1616 auth_len = xfrm_count_pfkey_auth_supported(); 1617 if (auth_len) { 1618 auth_len *= sizeof(struct sadb_alg); 1619 auth_len += sizeof(struct sadb_supported); 1620 } 1621 1622 enc_len = xfrm_count_pfkey_enc_supported(); 1623 if (enc_len) { 1624 enc_len *= sizeof(struct sadb_alg); 1625 enc_len += sizeof(struct sadb_supported); 1626 } 1627 1628 len = enc_len + auth_len + sizeof(struct sadb_msg); 1629 1630 skb = alloc_skb(len + 16, allocation); 1631 if (!skb) 1632 goto out_put_algs; 1633 1634 hdr = skb_put(skb, sizeof(*hdr)); 1635 pfkey_hdr_dup(hdr, orig); 1636 hdr->sadb_msg_errno = 0; 1637 hdr->sadb_msg_len = len / sizeof(uint64_t); 1638 1639 if (auth_len) { 1640 struct sadb_supported *sp; 1641 struct sadb_alg *ap; 1642 1643 sp = skb_put(skb, auth_len); 1644 ap = (struct sadb_alg *) (sp + 1); 1645 1646 sp->sadb_supported_len = auth_len / sizeof(uint64_t); 1647 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 1648 1649 for (i = 0; ; i++) { 1650 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); 1651 if (!aalg) 1652 break; 1653 if (!aalg->pfkey_supported) 1654 continue; 1655 if (aalg->available) 1656 *ap++ = aalg->desc; 1657 } 1658 } 1659 1660 if (enc_len) { 1661 struct sadb_supported *sp; 1662 struct sadb_alg *ap; 1663 1664 sp = skb_put(skb, enc_len); 1665 ap = (struct sadb_alg *) (sp + 1); 1666 1667 sp->sadb_supported_len = enc_len / sizeof(uint64_t); 1668 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 1669 1670 for (i = 0; ; i++) { 1671 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); 1672 if (!ealg) 1673 break; 1674 if (!ealg->pfkey_supported) 1675 continue; 1676 if (ealg->available) 1677 *ap++ = ealg->desc; 1678 } 1679 } 1680 1681out_put_algs: 1682 return skb; 1683} 1684 1685static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) 1686{ 1687 struct pfkey_sock *pfk = pfkey_sk(sk); 1688 struct sk_buff *supp_skb; 1689 1690 if (hdr->sadb_msg_satype > SADB_SATYPE_MAX) 1691 return -EINVAL; 1692 1693 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) { 1694 if (pfk->registered&(1<<hdr->sadb_msg_satype)) 1695 return -EEXIST; 1696 pfk->registered |= (1<<hdr->sadb_msg_satype); 1697 } 1698 1699 mutex_lock(&pfkey_mutex); 1700 xfrm_probe_algs(); 1701 1702 supp_skb = compose_sadb_supported(hdr, GFP_KERNEL | __GFP_ZERO); 1703 mutex_unlock(&pfkey_mutex); 1704 1705 if (!supp_skb) { 1706 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) 1707 pfk->registered &= ~(1<<hdr->sadb_msg_satype); 1708 1709 return -ENOBUFS; 1710 } 1711 1712 pfkey_broadcast(supp_skb, GFP_KERNEL, BROADCAST_REGISTERED, sk, 1713 sock_net(sk)); 1714 return 0; 1715} 1716 1717static int unicast_flush_resp(struct sock *sk, const struct sadb_msg *ihdr) 1718{ 1719 struct sk_buff *skb; 1720 struct sadb_msg *hdr; 1721 1722 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC); 1723 if (!skb) 1724 return -ENOBUFS; 1725 1726 hdr = skb_put_data(skb, ihdr, sizeof(struct sadb_msg)); 1727 hdr->sadb_msg_errno = (uint8_t) 0; 1728 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t)); 1729 1730 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk, 1731 sock_net(sk)); 1732} 1733 1734static int key_notify_sa_flush(const struct km_event *c) 1735{ 1736 struct sk_buff *skb; 1737 struct sadb_msg *hdr; 1738 1739 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC); 1740 if (!skb) 1741 return -ENOBUFS; 1742 hdr = skb_put(skb, sizeof(struct sadb_msg)); 1743 hdr->sadb_msg_satype = pfkey_proto2satype(c->data.proto); 1744 hdr->sadb_msg_type = SADB_FLUSH; 1745 hdr->sadb_msg_seq = c->seq; 1746 hdr->sadb_msg_pid = c->portid; 1747 hdr->sadb_msg_version = PF_KEY_V2; 1748 hdr->sadb_msg_errno = (uint8_t) 0; 1749 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t)); 1750 hdr->sadb_msg_reserved = 0; 1751 1752 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net); 1753 1754 return 0; 1755} 1756 1757static int pfkey_flush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) 1758{ 1759 struct net *net = sock_net(sk); 1760 unsigned int proto; 1761 struct km_event c; 1762 int err, err2; 1763 1764 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 1765 if (proto == 0) 1766 return -EINVAL; 1767 1768 err = xfrm_state_flush(net, proto, true, false); 1769 err2 = unicast_flush_resp(sk, hdr); 1770 if (err || err2) { 1771 if (err == -ESRCH) /* empty table - go quietly */ 1772 err = 0; 1773 return err ? err : err2; 1774 } 1775 1776 c.data.proto = proto; 1777 c.seq = hdr->sadb_msg_seq; 1778 c.portid = hdr->sadb_msg_pid; 1779 c.event = XFRM_MSG_FLUSHSA; 1780 c.net = net; 1781 km_state_notify(NULL, &c); 1782 1783 return 0; 1784} 1785 1786static int dump_sa(struct xfrm_state *x, int count, void *ptr) 1787{ 1788 struct pfkey_sock *pfk = ptr; 1789 struct sk_buff *out_skb; 1790 struct sadb_msg *out_hdr; 1791 1792 if (!pfkey_can_dump(&pfk->sk)) 1793 return -ENOBUFS; 1794 1795 out_skb = pfkey_xfrm_state2msg(x); 1796 if (IS_ERR(out_skb)) 1797 return PTR_ERR(out_skb); 1798 1799 out_hdr = (struct sadb_msg *) out_skb->data; 1800 out_hdr->sadb_msg_version = pfk->dump.msg_version; 1801 out_hdr->sadb_msg_type = SADB_DUMP; 1802 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); 1803 out_hdr->sadb_msg_errno = 0; 1804 out_hdr->sadb_msg_reserved = 0; 1805 out_hdr->sadb_msg_seq = count + 1; 1806 out_hdr->sadb_msg_pid = pfk->dump.msg_portid; 1807 1808 if (pfk->dump.skb) 1809 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE, 1810 &pfk->sk, sock_net(&pfk->sk)); 1811 pfk->dump.skb = out_skb; 1812 1813 return 0; 1814} 1815 1816static int pfkey_dump_sa(struct pfkey_sock *pfk) 1817{ 1818 struct net *net = sock_net(&pfk->sk); 1819 return xfrm_state_walk(net, &pfk->dump.u.state, dump_sa, (void *) pfk); 1820} 1821 1822static void pfkey_dump_sa_done(struct pfkey_sock *pfk) 1823{ 1824 struct net *net = sock_net(&pfk->sk); 1825 1826 xfrm_state_walk_done(&pfk->dump.u.state, net); 1827} 1828 1829static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) 1830{ 1831 u8 proto; 1832 struct xfrm_address_filter *filter = NULL; 1833 struct pfkey_sock *pfk = pfkey_sk(sk); 1834 1835 mutex_lock(&pfk->dump_lock); 1836 if (pfk->dump.dump != NULL) { 1837 mutex_unlock(&pfk->dump_lock); 1838 return -EBUSY; 1839 } 1840 1841 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 1842 if (proto == 0) { 1843 mutex_unlock(&pfk->dump_lock); 1844 return -EINVAL; 1845 } 1846 1847 if (ext_hdrs[SADB_X_EXT_FILTER - 1]) { 1848 struct sadb_x_filter *xfilter = ext_hdrs[SADB_X_EXT_FILTER - 1]; 1849 1850 if ((xfilter->sadb_x_filter_splen > 1851 (sizeof(xfrm_address_t) << 3)) || 1852 (xfilter->sadb_x_filter_dplen > 1853 (sizeof(xfrm_address_t) << 3))) { 1854 mutex_unlock(&pfk->dump_lock); 1855 return -EINVAL; 1856 } 1857 filter = kmalloc(sizeof(*filter), GFP_KERNEL); 1858 if (filter == NULL) { 1859 mutex_unlock(&pfk->dump_lock); 1860 return -ENOMEM; 1861 } 1862 1863 memcpy(&filter->saddr, &xfilter->sadb_x_filter_saddr, 1864 sizeof(xfrm_address_t)); 1865 memcpy(&filter->daddr, &xfilter->sadb_x_filter_daddr, 1866 sizeof(xfrm_address_t)); 1867 filter->family = xfilter->sadb_x_filter_family; 1868 filter->splen = xfilter->sadb_x_filter_splen; 1869 filter->dplen = xfilter->sadb_x_filter_dplen; 1870 } 1871 1872 pfk->dump.msg_version = hdr->sadb_msg_version; 1873 pfk->dump.msg_portid = hdr->sadb_msg_pid; 1874 pfk->dump.dump = pfkey_dump_sa; 1875 pfk->dump.done = pfkey_dump_sa_done; 1876 xfrm_state_walk_init(&pfk->dump.u.state, proto, filter); 1877 mutex_unlock(&pfk->dump_lock); 1878 1879 return pfkey_do_dump(pfk); 1880} 1881 1882static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) 1883{ 1884 struct pfkey_sock *pfk = pfkey_sk(sk); 1885 int satype = hdr->sadb_msg_satype; 1886 bool reset_errno = false; 1887 1888 if (hdr->sadb_msg_len == (sizeof(*hdr) / sizeof(uint64_t))) { 1889 reset_errno = true; 1890 if (satype != 0 && satype != 1) 1891 return -EINVAL; 1892 pfk->promisc = satype; 1893 } 1894 if (reset_errno && skb_cloned(skb)) 1895 skb = skb_copy(skb, GFP_KERNEL); 1896 else 1897 skb = skb_clone(skb, GFP_KERNEL); 1898 1899 if (reset_errno && skb) { 1900 struct sadb_msg *new_hdr = (struct sadb_msg *) skb->data; 1901 new_hdr->sadb_msg_errno = 0; 1902 } 1903 1904 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ALL, NULL, sock_net(sk)); 1905 return 0; 1906} 1907 1908static int check_reqid(struct xfrm_policy *xp, int dir, int count, void *ptr) 1909{ 1910 int i; 1911 u32 reqid = *(u32*)ptr; 1912 1913 for (i=0; i<xp->xfrm_nr; i++) { 1914 if (xp->xfrm_vec[i].reqid == reqid) 1915 return -EEXIST; 1916 } 1917 return 0; 1918} 1919 1920static u32 gen_reqid(struct net *net) 1921{ 1922 struct xfrm_policy_walk walk; 1923 u32 start; 1924 int rc; 1925 static u32 reqid = IPSEC_MANUAL_REQID_MAX; 1926 1927 start = reqid; 1928 do { 1929 ++reqid; 1930 if (reqid == 0) 1931 reqid = IPSEC_MANUAL_REQID_MAX+1; 1932 xfrm_policy_walk_init(&walk, XFRM_POLICY_TYPE_MAIN); 1933 rc = xfrm_policy_walk(net, &walk, check_reqid, (void*)&reqid); 1934 xfrm_policy_walk_done(&walk, net); 1935 if (rc != -EEXIST) 1936 return reqid; 1937 } while (reqid != start); 1938 return 0; 1939} 1940 1941static int 1942parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_policy *pol, 1943 struct sadb_x_ipsecrequest *rq) 1944{ 1945 struct net *net = xp_net(xp); 1946 struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr; 1947 int mode; 1948 1949 if (xp->xfrm_nr >= XFRM_MAX_DEPTH) 1950 return -ELOOP; 1951 1952 if (rq->sadb_x_ipsecrequest_mode == 0) 1953 return -EINVAL; 1954 if (!xfrm_id_proto_valid(rq->sadb_x_ipsecrequest_proto)) 1955 return -EINVAL; 1956 1957 t->id.proto = rq->sadb_x_ipsecrequest_proto; 1958 if ((mode = pfkey_mode_to_xfrm(rq->sadb_x_ipsecrequest_mode)) < 0) 1959 return -EINVAL; 1960 t->mode = mode; 1961 if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_USE) { 1962 if ((mode == XFRM_MODE_TUNNEL || mode == XFRM_MODE_BEET) && 1963 pol->sadb_x_policy_dir == IPSEC_DIR_OUTBOUND) 1964 return -EINVAL; 1965 t->optional = 1; 1966 } else if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_UNIQUE) { 1967 t->reqid = rq->sadb_x_ipsecrequest_reqid; 1968 if (t->reqid > IPSEC_MANUAL_REQID_MAX) 1969 t->reqid = 0; 1970 if (!t->reqid && !(t->reqid = gen_reqid(net))) 1971 return -ENOBUFS; 1972 } 1973 1974 /* addresses present only in tunnel mode */ 1975 if (t->mode == XFRM_MODE_TUNNEL) { 1976 int err; 1977 1978 err = parse_sockaddr_pair( 1979 (struct sockaddr *)(rq + 1), 1980 rq->sadb_x_ipsecrequest_len - sizeof(*rq), 1981 &t->saddr, &t->id.daddr, &t->encap_family); 1982 if (err) 1983 return err; 1984 } else 1985 t->encap_family = xp->family; 1986 1987 /* No way to set this via kame pfkey */ 1988 t->allalgs = 1; 1989 xp->xfrm_nr++; 1990 return 0; 1991} 1992 1993static int 1994parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol) 1995{ 1996 int err; 1997 int len = pol->sadb_x_policy_len*8 - sizeof(struct sadb_x_policy); 1998 struct sadb_x_ipsecrequest *rq = (void*)(pol+1); 1999 2000 if (pol->sadb_x_policy_len * 8 < sizeof(struct sadb_x_policy)) 2001 return -EINVAL; 2002 2003 while (len >= sizeof(*rq)) { 2004 if (len < rq->sadb_x_ipsecrequest_len || 2005 rq->sadb_x_ipsecrequest_len < sizeof(*rq)) 2006 return -EINVAL; 2007 2008 if ((err = parse_ipsecrequest(xp, pol, rq)) < 0) 2009 return err; 2010 len -= rq->sadb_x_ipsecrequest_len; 2011 rq = (void*)((u8*)rq + rq->sadb_x_ipsecrequest_len); 2012 } 2013 return 0; 2014} 2015 2016static inline int pfkey_xfrm_policy2sec_ctx_size(const struct xfrm_policy *xp) 2017{ 2018 struct xfrm_sec_ctx *xfrm_ctx = xp->security; 2019 2020 if (xfrm_ctx) { 2021 int len = sizeof(struct sadb_x_sec_ctx); 2022 len += xfrm_ctx->ctx_len; 2023 return PFKEY_ALIGN8(len); 2024 } 2025 return 0; 2026} 2027 2028static int pfkey_xfrm_policy2msg_size(const struct xfrm_policy *xp) 2029{ 2030 const struct xfrm_tmpl *t; 2031 int sockaddr_size = pfkey_sockaddr_size(xp->family); 2032 int socklen = 0; 2033 int i; 2034 2035 for (i=0; i<xp->xfrm_nr; i++) { 2036 t = xp->xfrm_vec + i; 2037 socklen += pfkey_sockaddr_len(t->encap_family); 2038 } 2039 2040 return sizeof(struct sadb_msg) + 2041 (sizeof(struct sadb_lifetime) * 3) + 2042 (sizeof(struct sadb_address) * 2) + 2043 (sockaddr_size * 2) + 2044 sizeof(struct sadb_x_policy) + 2045 (xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) + 2046 (socklen * 2) + 2047 pfkey_xfrm_policy2sec_ctx_size(xp); 2048} 2049 2050static struct sk_buff * pfkey_xfrm_policy2msg_prep(const struct xfrm_policy *xp) 2051{ 2052 struct sk_buff *skb; 2053 int size; 2054 2055 size = pfkey_xfrm_policy2msg_size(xp); 2056 2057 skb = alloc_skb(size + 16, GFP_ATOMIC); 2058 if (skb == NULL) 2059 return ERR_PTR(-ENOBUFS); 2060 2061 return skb; 2062} 2063 2064static int pfkey_xfrm_policy2msg(struct sk_buff *skb, const struct xfrm_policy *xp, int dir) 2065{ 2066 struct sadb_msg *hdr; 2067 struct sadb_address *addr; 2068 struct sadb_lifetime *lifetime; 2069 struct sadb_x_policy *pol; 2070 struct sadb_x_sec_ctx *sec_ctx; 2071 struct xfrm_sec_ctx *xfrm_ctx; 2072 int i; 2073 int size; 2074 int sockaddr_size = pfkey_sockaddr_size(xp->family); 2075 int socklen = pfkey_sockaddr_len(xp->family); 2076 2077 size = pfkey_xfrm_policy2msg_size(xp); 2078 2079 /* call should fill header later */ 2080 hdr = skb_put(skb, sizeof(struct sadb_msg)); 2081 memset(hdr, 0, size); /* XXX do we need this ? */ 2082 2083 /* src address */ 2084 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size); 2085 addr->sadb_address_len = 2086 (sizeof(struct sadb_address)+sockaddr_size)/ 2087 sizeof(uint64_t); 2088 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 2089 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto); 2090 addr->sadb_address_prefixlen = xp->selector.prefixlen_s; 2091 addr->sadb_address_reserved = 0; 2092 if (!pfkey_sockaddr_fill(&xp->selector.saddr, 2093 xp->selector.sport, 2094 (struct sockaddr *) (addr + 1), 2095 xp->family)) 2096 BUG(); 2097 2098 /* dst address */ 2099 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size); 2100 addr->sadb_address_len = 2101 (sizeof(struct sadb_address)+sockaddr_size)/ 2102 sizeof(uint64_t); 2103 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 2104 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto); 2105 addr->sadb_address_prefixlen = xp->selector.prefixlen_d; 2106 addr->sadb_address_reserved = 0; 2107 2108 pfkey_sockaddr_fill(&xp->selector.daddr, xp->selector.dport, 2109 (struct sockaddr *) (addr + 1), 2110 xp->family); 2111 2112 /* hard time */ 2113 lifetime = skb_put(skb, sizeof(struct sadb_lifetime)); 2114 lifetime->sadb_lifetime_len = 2115 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 2116 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2117 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.hard_packet_limit); 2118 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.hard_byte_limit); 2119 lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds; 2120 lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds; 2121 /* soft time */ 2122 lifetime = skb_put(skb, sizeof(struct sadb_lifetime)); 2123 lifetime->sadb_lifetime_len = 2124 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 2125 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 2126 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.soft_packet_limit); 2127 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.soft_byte_limit); 2128 lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds; 2129 lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds; 2130 /* current time */ 2131 lifetime = skb_put(skb, sizeof(struct sadb_lifetime)); 2132 lifetime->sadb_lifetime_len = 2133 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 2134 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2135 lifetime->sadb_lifetime_allocations = xp->curlft.packets; 2136 lifetime->sadb_lifetime_bytes = xp->curlft.bytes; 2137 lifetime->sadb_lifetime_addtime = xp->curlft.add_time; 2138 lifetime->sadb_lifetime_usetime = xp->curlft.use_time; 2139 2140 pol = skb_put(skb, sizeof(struct sadb_x_policy)); 2141 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t); 2142 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 2143 pol->sadb_x_policy_type = IPSEC_POLICY_DISCARD; 2144 if (xp->action == XFRM_POLICY_ALLOW) { 2145 if (xp->xfrm_nr) 2146 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; 2147 else 2148 pol->sadb_x_policy_type = IPSEC_POLICY_NONE; 2149 } 2150 pol->sadb_x_policy_dir = dir+1; 2151 pol->sadb_x_policy_reserved = 0; 2152 pol->sadb_x_policy_id = xp->index; 2153 pol->sadb_x_policy_priority = xp->priority; 2154 2155 for (i=0; i<xp->xfrm_nr; i++) { 2156 const struct xfrm_tmpl *t = xp->xfrm_vec + i; 2157 struct sadb_x_ipsecrequest *rq; 2158 int req_size; 2159 int mode; 2160 2161 req_size = sizeof(struct sadb_x_ipsecrequest); 2162 if (t->mode == XFRM_MODE_TUNNEL) { 2163 socklen = pfkey_sockaddr_len(t->encap_family); 2164 req_size += socklen * 2; 2165 } else { 2166 size -= 2*socklen; 2167 } 2168 rq = skb_put(skb, req_size); 2169 pol->sadb_x_policy_len += req_size/8; 2170 memset(rq, 0, sizeof(*rq)); 2171 rq->sadb_x_ipsecrequest_len = req_size; 2172 rq->sadb_x_ipsecrequest_proto = t->id.proto; 2173 if ((mode = pfkey_mode_from_xfrm(t->mode)) < 0) 2174 return -EINVAL; 2175 rq->sadb_x_ipsecrequest_mode = mode; 2176 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE; 2177 if (t->reqid) 2178 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE; 2179 if (t->optional) 2180 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_USE; 2181 rq->sadb_x_ipsecrequest_reqid = t->reqid; 2182 2183 if (t->mode == XFRM_MODE_TUNNEL) { 2184 u8 *sa = (void *)(rq + 1); 2185 pfkey_sockaddr_fill(&t->saddr, 0, 2186 (struct sockaddr *)sa, 2187 t->encap_family); 2188 pfkey_sockaddr_fill(&t->id.daddr, 0, 2189 (struct sockaddr *) (sa + socklen), 2190 t->encap_family); 2191 } 2192 } 2193 2194 /* security context */ 2195 if ((xfrm_ctx = xp->security)) { 2196 int ctx_size = pfkey_xfrm_policy2sec_ctx_size(xp); 2197 2198 sec_ctx = skb_put(skb, ctx_size); 2199 sec_ctx->sadb_x_sec_len = ctx_size / sizeof(uint64_t); 2200 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX; 2201 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi; 2202 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg; 2203 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len; 2204 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str, 2205 xfrm_ctx->ctx_len); 2206 } 2207 2208 hdr->sadb_msg_len = size / sizeof(uint64_t); 2209 hdr->sadb_msg_reserved = refcount_read(&xp->refcnt); 2210 2211 return 0; 2212} 2213 2214static int key_notify_policy(struct xfrm_policy *xp, int dir, const struct km_event *c) 2215{ 2216 struct sk_buff *out_skb; 2217 struct sadb_msg *out_hdr; 2218 int err; 2219 2220 out_skb = pfkey_xfrm_policy2msg_prep(xp); 2221 if (IS_ERR(out_skb)) 2222 return PTR_ERR(out_skb); 2223 2224 err = pfkey_xfrm_policy2msg(out_skb, xp, dir); 2225 if (err < 0) { 2226 kfree_skb(out_skb); 2227 return err; 2228 } 2229 2230 out_hdr = (struct sadb_msg *) out_skb->data; 2231 out_hdr->sadb_msg_version = PF_KEY_V2; 2232 2233 if (c->data.byid && c->event == XFRM_MSG_DELPOLICY) 2234 out_hdr->sadb_msg_type = SADB_X_SPDDELETE2; 2235 else 2236 out_hdr->sadb_msg_type = event2poltype(c->event); 2237 out_hdr->sadb_msg_errno = 0; 2238 out_hdr->sadb_msg_seq = c->seq; 2239 out_hdr->sadb_msg_pid = c->portid; 2240 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp)); 2241 return 0; 2242 2243} 2244 2245static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) 2246{ 2247 struct net *net = sock_net(sk); 2248 int err = 0; 2249 struct sadb_lifetime *lifetime; 2250 struct sadb_address *sa; 2251 struct sadb_x_policy *pol; 2252 struct xfrm_policy *xp; 2253 struct km_event c; 2254 struct sadb_x_sec_ctx *sec_ctx; 2255 2256 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 2257 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) || 2258 !ext_hdrs[SADB_X_EXT_POLICY-1]) 2259 return -EINVAL; 2260 2261 pol = ext_hdrs[SADB_X_EXT_POLICY-1]; 2262 if (pol->sadb_x_policy_type > IPSEC_POLICY_IPSEC) 2263 return -EINVAL; 2264 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) 2265 return -EINVAL; 2266 2267 xp = xfrm_policy_alloc(net, GFP_KERNEL); 2268 if (xp == NULL) 2269 return -ENOBUFS; 2270 2271 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ? 2272 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW); 2273 xp->priority = pol->sadb_x_policy_priority; 2274 2275 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1]; 2276 xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr); 2277 xp->selector.family = xp->family; 2278 xp->selector.prefixlen_s = sa->sadb_address_prefixlen; 2279 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2280 xp->selector.sport = ((struct sockaddr_in *)(sa+1))->sin_port; 2281 if (xp->selector.sport) 2282 xp->selector.sport_mask = htons(0xffff); 2283 2284 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1]; 2285 pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr); 2286 xp->selector.prefixlen_d = sa->sadb_address_prefixlen; 2287 2288 /* Amusing, we set this twice. KAME apps appear to set same value 2289 * in both addresses. 2290 */ 2291 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2292 2293 xp->selector.dport = ((struct sockaddr_in *)(sa+1))->sin_port; 2294 if (xp->selector.dport) 2295 xp->selector.dport_mask = htons(0xffff); 2296 2297 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1]; 2298 if (sec_ctx != NULL) { 2299 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL); 2300 2301 if (!uctx) { 2302 err = -ENOBUFS; 2303 goto out; 2304 } 2305 2306 err = security_xfrm_policy_alloc(&xp->security, uctx, GFP_KERNEL); 2307 kfree(uctx); 2308 2309 if (err) 2310 goto out; 2311 } 2312 2313 xp->lft.soft_byte_limit = XFRM_INF; 2314 xp->lft.hard_byte_limit = XFRM_INF; 2315 xp->lft.soft_packet_limit = XFRM_INF; 2316 xp->lft.hard_packet_limit = XFRM_INF; 2317 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD-1]) != NULL) { 2318 xp->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); 2319 xp->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); 2320 xp->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime; 2321 xp->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime; 2322 } 2323 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]) != NULL) { 2324 xp->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); 2325 xp->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); 2326 xp->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime; 2327 xp->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime; 2328 } 2329 xp->xfrm_nr = 0; 2330 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 2331 (err = parse_ipsecrequests(xp, pol)) < 0) 2332 goto out; 2333 2334 err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp, 2335 hdr->sadb_msg_type != SADB_X_SPDUPDATE); 2336 2337 xfrm_audit_policy_add(xp, err ? 0 : 1, true); 2338 2339 if (err) 2340 goto out; 2341 2342 if (hdr->sadb_msg_type == SADB_X_SPDUPDATE) 2343 c.event = XFRM_MSG_UPDPOLICY; 2344 else 2345 c.event = XFRM_MSG_NEWPOLICY; 2346 2347 c.seq = hdr->sadb_msg_seq; 2348 c.portid = hdr->sadb_msg_pid; 2349 2350 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c); 2351 xfrm_pol_put(xp); 2352 return 0; 2353 2354out: 2355 xp->walk.dead = 1; 2356 xfrm_policy_destroy(xp); 2357 return err; 2358} 2359 2360static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) 2361{ 2362 struct net *net = sock_net(sk); 2363 int err; 2364 struct sadb_address *sa; 2365 struct sadb_x_policy *pol; 2366 struct xfrm_policy *xp; 2367 struct xfrm_selector sel; 2368 struct km_event c; 2369 struct sadb_x_sec_ctx *sec_ctx; 2370 struct xfrm_sec_ctx *pol_ctx = NULL; 2371 2372 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 2373 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) || 2374 !ext_hdrs[SADB_X_EXT_POLICY-1]) 2375 return -EINVAL; 2376 2377 pol = ext_hdrs[SADB_X_EXT_POLICY-1]; 2378 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) 2379 return -EINVAL; 2380 2381 memset(&sel, 0, sizeof(sel)); 2382 2383 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1]; 2384 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr); 2385 sel.prefixlen_s = sa->sadb_address_prefixlen; 2386 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2387 sel.sport = ((struct sockaddr_in *)(sa+1))->sin_port; 2388 if (sel.sport) 2389 sel.sport_mask = htons(0xffff); 2390 2391 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1]; 2392 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr); 2393 sel.prefixlen_d = sa->sadb_address_prefixlen; 2394 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2395 sel.dport = ((struct sockaddr_in *)(sa+1))->sin_port; 2396 if (sel.dport) 2397 sel.dport_mask = htons(0xffff); 2398 2399 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1]; 2400 if (sec_ctx != NULL) { 2401 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL); 2402 2403 if (!uctx) 2404 return -ENOMEM; 2405 2406 err = security_xfrm_policy_alloc(&pol_ctx, uctx, GFP_KERNEL); 2407 kfree(uctx); 2408 if (err) 2409 return err; 2410 } 2411 2412 xp = xfrm_policy_bysel_ctx(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN, 2413 pol->sadb_x_policy_dir - 1, &sel, pol_ctx, 2414 1, &err); 2415 security_xfrm_policy_free(pol_ctx); 2416 if (xp == NULL) 2417 return -ENOENT; 2418 2419 xfrm_audit_policy_delete(xp, err ? 0 : 1, true); 2420 2421 if (err) 2422 goto out; 2423 2424 c.seq = hdr->sadb_msg_seq; 2425 c.portid = hdr->sadb_msg_pid; 2426 c.data.byid = 0; 2427 c.event = XFRM_MSG_DELPOLICY; 2428 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c); 2429 2430out: 2431 xfrm_pol_put(xp); 2432 return err; 2433} 2434 2435static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, const struct sadb_msg *hdr, int dir) 2436{ 2437 int err; 2438 struct sk_buff *out_skb; 2439 struct sadb_msg *out_hdr; 2440 err = 0; 2441 2442 out_skb = pfkey_xfrm_policy2msg_prep(xp); 2443 if (IS_ERR(out_skb)) { 2444 err = PTR_ERR(out_skb); 2445 goto out; 2446 } 2447 err = pfkey_xfrm_policy2msg(out_skb, xp, dir); 2448 if (err < 0) { 2449 kfree_skb(out_skb); 2450 goto out; 2451 } 2452 2453 out_hdr = (struct sadb_msg *) out_skb->data; 2454 out_hdr->sadb_msg_version = hdr->sadb_msg_version; 2455 out_hdr->sadb_msg_type = hdr->sadb_msg_type; 2456 out_hdr->sadb_msg_satype = 0; 2457 out_hdr->sadb_msg_errno = 0; 2458 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq; 2459 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid; 2460 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, xp_net(xp)); 2461 err = 0; 2462 2463out: 2464 return err; 2465} 2466 2467static int pfkey_sockaddr_pair_size(sa_family_t family) 2468{ 2469 return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2); 2470} 2471 2472static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len, 2473 xfrm_address_t *saddr, xfrm_address_t *daddr, 2474 u16 *family) 2475{ 2476 int af, socklen; 2477 2478 if (ext_len < 2 || ext_len < pfkey_sockaddr_pair_size(sa->sa_family)) 2479 return -EINVAL; 2480 2481 af = pfkey_sockaddr_extract(sa, saddr); 2482 if (!af) 2483 return -EINVAL; 2484 2485 socklen = pfkey_sockaddr_len(af); 2486 if (pfkey_sockaddr_extract((struct sockaddr *) (((u8 *)sa) + socklen), 2487 daddr) != af) 2488 return -EINVAL; 2489 2490 *family = af; 2491 return 0; 2492} 2493 2494#ifdef CONFIG_NET_KEY_MIGRATE 2495static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len, 2496 struct xfrm_migrate *m) 2497{ 2498 int err; 2499 struct sadb_x_ipsecrequest *rq2; 2500 int mode; 2501 2502 if (len < sizeof(*rq1) || 2503 len < rq1->sadb_x_ipsecrequest_len || 2504 rq1->sadb_x_ipsecrequest_len < sizeof(*rq1)) 2505 return -EINVAL; 2506 2507 /* old endoints */ 2508 err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1), 2509 rq1->sadb_x_ipsecrequest_len - sizeof(*rq1), 2510 &m->old_saddr, &m->old_daddr, 2511 &m->old_family); 2512 if (err) 2513 return err; 2514 2515 rq2 = (struct sadb_x_ipsecrequest *)((u8 *)rq1 + rq1->sadb_x_ipsecrequest_len); 2516 len -= rq1->sadb_x_ipsecrequest_len; 2517 2518 if (len <= sizeof(*rq2) || 2519 len < rq2->sadb_x_ipsecrequest_len || 2520 rq2->sadb_x_ipsecrequest_len < sizeof(*rq2)) 2521 return -EINVAL; 2522 2523 /* new endpoints */ 2524 err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1), 2525 rq2->sadb_x_ipsecrequest_len - sizeof(*rq2), 2526 &m->new_saddr, &m->new_daddr, 2527 &m->new_family); 2528 if (err) 2529 return err; 2530 2531 if (rq1->sadb_x_ipsecrequest_proto != rq2->sadb_x_ipsecrequest_proto || 2532 rq1->sadb_x_ipsecrequest_mode != rq2->sadb_x_ipsecrequest_mode || 2533 rq1->sadb_x_ipsecrequest_reqid != rq2->sadb_x_ipsecrequest_reqid) 2534 return -EINVAL; 2535 2536 m->proto = rq1->sadb_x_ipsecrequest_proto; 2537 if ((mode = pfkey_mode_to_xfrm(rq1->sadb_x_ipsecrequest_mode)) < 0) 2538 return -EINVAL; 2539 m->mode = mode; 2540 m->reqid = rq1->sadb_x_ipsecrequest_reqid; 2541 2542 return ((int)(rq1->sadb_x_ipsecrequest_len + 2543 rq2->sadb_x_ipsecrequest_len)); 2544} 2545 2546static int pfkey_migrate(struct sock *sk, struct sk_buff *skb, 2547 const struct sadb_msg *hdr, void * const *ext_hdrs) 2548{ 2549 int i, len, ret, err = -EINVAL; 2550 u8 dir; 2551 struct sadb_address *sa; 2552 struct sadb_x_kmaddress *kma; 2553 struct sadb_x_policy *pol; 2554 struct sadb_x_ipsecrequest *rq; 2555 struct xfrm_selector sel; 2556 struct xfrm_migrate m[XFRM_MAX_DEPTH]; 2557 struct xfrm_kmaddress k; 2558 struct net *net = sock_net(sk); 2559 2560 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1], 2561 ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) || 2562 !ext_hdrs[SADB_X_EXT_POLICY - 1]) { 2563 err = -EINVAL; 2564 goto out; 2565 } 2566 2567 kma = ext_hdrs[SADB_X_EXT_KMADDRESS - 1]; 2568 pol = ext_hdrs[SADB_X_EXT_POLICY - 1]; 2569 2570 if (pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) { 2571 err = -EINVAL; 2572 goto out; 2573 } 2574 2575 if (kma) { 2576 /* convert sadb_x_kmaddress to xfrm_kmaddress */ 2577 k.reserved = kma->sadb_x_kmaddress_reserved; 2578 ret = parse_sockaddr_pair((struct sockaddr *)(kma + 1), 2579 8*(kma->sadb_x_kmaddress_len) - sizeof(*kma), 2580 &k.local, &k.remote, &k.family); 2581 if (ret < 0) { 2582 err = ret; 2583 goto out; 2584 } 2585 } 2586 2587 dir = pol->sadb_x_policy_dir - 1; 2588 memset(&sel, 0, sizeof(sel)); 2589 2590 /* set source address info of selector */ 2591 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC - 1]; 2592 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr); 2593 sel.prefixlen_s = sa->sadb_address_prefixlen; 2594 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2595 sel.sport = ((struct sockaddr_in *)(sa + 1))->sin_port; 2596 if (sel.sport) 2597 sel.sport_mask = htons(0xffff); 2598 2599 /* set destination address info of selector */ 2600 sa = ext_hdrs[SADB_EXT_ADDRESS_DST - 1]; 2601 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr); 2602 sel.prefixlen_d = sa->sadb_address_prefixlen; 2603 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2604 sel.dport = ((struct sockaddr_in *)(sa + 1))->sin_port; 2605 if (sel.dport) 2606 sel.dport_mask = htons(0xffff); 2607 2608 rq = (struct sadb_x_ipsecrequest *)(pol + 1); 2609 2610 /* extract ipsecrequests */ 2611 i = 0; 2612 len = pol->sadb_x_policy_len * 8 - sizeof(struct sadb_x_policy); 2613 2614 while (len > 0 && i < XFRM_MAX_DEPTH) { 2615 ret = ipsecrequests_to_migrate(rq, len, &m[i]); 2616 if (ret < 0) { 2617 err = ret; 2618 goto out; 2619 } else { 2620 rq = (struct sadb_x_ipsecrequest *)((u8 *)rq + ret); 2621 len -= ret; 2622 i++; 2623 } 2624 } 2625 2626 if (!i || len > 0) { 2627 err = -EINVAL; 2628 goto out; 2629 } 2630 2631 return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i, 2632 kma ? &k : NULL, net, NULL, 0, NULL); 2633 2634 out: 2635 return err; 2636} 2637#else 2638static int pfkey_migrate(struct sock *sk, struct sk_buff *skb, 2639 const struct sadb_msg *hdr, void * const *ext_hdrs) 2640{ 2641 return -ENOPROTOOPT; 2642} 2643#endif 2644 2645 2646static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) 2647{ 2648 struct net *net = sock_net(sk); 2649 unsigned int dir; 2650 int err = 0, delete; 2651 struct sadb_x_policy *pol; 2652 struct xfrm_policy *xp; 2653 struct km_event c; 2654 2655 if ((pol = ext_hdrs[SADB_X_EXT_POLICY-1]) == NULL) 2656 return -EINVAL; 2657 2658 dir = xfrm_policy_id2dir(pol->sadb_x_policy_id); 2659 if (dir >= XFRM_POLICY_MAX) 2660 return -EINVAL; 2661 2662 delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2); 2663 xp = xfrm_policy_byid(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN, 2664 dir, pol->sadb_x_policy_id, delete, &err); 2665 if (xp == NULL) 2666 return -ENOENT; 2667 2668 if (delete) { 2669 xfrm_audit_policy_delete(xp, err ? 0 : 1, true); 2670 2671 if (err) 2672 goto out; 2673 c.seq = hdr->sadb_msg_seq; 2674 c.portid = hdr->sadb_msg_pid; 2675 c.data.byid = 1; 2676 c.event = XFRM_MSG_DELPOLICY; 2677 km_policy_notify(xp, dir, &c); 2678 } else { 2679 err = key_pol_get_resp(sk, xp, hdr, dir); 2680 } 2681 2682out: 2683 xfrm_pol_put(xp); 2684 return err; 2685} 2686 2687static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr) 2688{ 2689 struct pfkey_sock *pfk = ptr; 2690 struct sk_buff *out_skb; 2691 struct sadb_msg *out_hdr; 2692 int err; 2693 2694 if (!pfkey_can_dump(&pfk->sk)) 2695 return -ENOBUFS; 2696 2697 out_skb = pfkey_xfrm_policy2msg_prep(xp); 2698 if (IS_ERR(out_skb)) 2699 return PTR_ERR(out_skb); 2700 2701 err = pfkey_xfrm_policy2msg(out_skb, xp, dir); 2702 if (err < 0) { 2703 kfree_skb(out_skb); 2704 return err; 2705 } 2706 2707 out_hdr = (struct sadb_msg *) out_skb->data; 2708 out_hdr->sadb_msg_version = pfk->dump.msg_version; 2709 out_hdr->sadb_msg_type = SADB_X_SPDDUMP; 2710 out_hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC; 2711 out_hdr->sadb_msg_errno = 0; 2712 out_hdr->sadb_msg_seq = count + 1; 2713 out_hdr->sadb_msg_pid = pfk->dump.msg_portid; 2714 2715 if (pfk->dump.skb) 2716 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE, 2717 &pfk->sk, sock_net(&pfk->sk)); 2718 pfk->dump.skb = out_skb; 2719 2720 return 0; 2721} 2722 2723static int pfkey_dump_sp(struct pfkey_sock *pfk) 2724{ 2725 struct net *net = sock_net(&pfk->sk); 2726 return xfrm_policy_walk(net, &pfk->dump.u.policy, dump_sp, (void *) pfk); 2727} 2728 2729static void pfkey_dump_sp_done(struct pfkey_sock *pfk) 2730{ 2731 struct net *net = sock_net((struct sock *)pfk); 2732 2733 xfrm_policy_walk_done(&pfk->dump.u.policy, net); 2734} 2735 2736static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) 2737{ 2738 struct pfkey_sock *pfk = pfkey_sk(sk); 2739 2740 mutex_lock(&pfk->dump_lock); 2741 if (pfk->dump.dump != NULL) { 2742 mutex_unlock(&pfk->dump_lock); 2743 return -EBUSY; 2744 } 2745 2746 pfk->dump.msg_version = hdr->sadb_msg_version; 2747 pfk->dump.msg_portid = hdr->sadb_msg_pid; 2748 pfk->dump.dump = pfkey_dump_sp; 2749 pfk->dump.done = pfkey_dump_sp_done; 2750 xfrm_policy_walk_init(&pfk->dump.u.policy, XFRM_POLICY_TYPE_MAIN); 2751 mutex_unlock(&pfk->dump_lock); 2752 2753 return pfkey_do_dump(pfk); 2754} 2755 2756static int key_notify_policy_flush(const struct km_event *c) 2757{ 2758 struct sk_buff *skb_out; 2759 struct sadb_msg *hdr; 2760 2761 skb_out = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC); 2762 if (!skb_out) 2763 return -ENOBUFS; 2764 hdr = skb_put(skb_out, sizeof(struct sadb_msg)); 2765 hdr->sadb_msg_type = SADB_X_SPDFLUSH; 2766 hdr->sadb_msg_seq = c->seq; 2767 hdr->sadb_msg_pid = c->portid; 2768 hdr->sadb_msg_version = PF_KEY_V2; 2769 hdr->sadb_msg_errno = (uint8_t) 0; 2770 hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC; 2771 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t)); 2772 hdr->sadb_msg_reserved = 0; 2773 pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net); 2774 return 0; 2775 2776} 2777 2778static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) 2779{ 2780 struct net *net = sock_net(sk); 2781 struct km_event c; 2782 int err, err2; 2783 2784 err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, true); 2785 err2 = unicast_flush_resp(sk, hdr); 2786 if (err || err2) { 2787 if (err == -ESRCH) /* empty table - old silent behavior */ 2788 return 0; 2789 return err; 2790 } 2791 2792 c.data.type = XFRM_POLICY_TYPE_MAIN; 2793 c.event = XFRM_MSG_FLUSHPOLICY; 2794 c.portid = hdr->sadb_msg_pid; 2795 c.seq = hdr->sadb_msg_seq; 2796 c.net = net; 2797 km_policy_notify(NULL, 0, &c); 2798 2799 return 0; 2800} 2801 2802typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb, 2803 const struct sadb_msg *hdr, void * const *ext_hdrs); 2804static const pfkey_handler pfkey_funcs[SADB_MAX + 1] = { 2805 [SADB_RESERVED] = pfkey_reserved, 2806 [SADB_GETSPI] = pfkey_getspi, 2807 [SADB_UPDATE] = pfkey_add, 2808 [SADB_ADD] = pfkey_add, 2809 [SADB_DELETE] = pfkey_delete, 2810 [SADB_GET] = pfkey_get, 2811 [SADB_ACQUIRE] = pfkey_acquire, 2812 [SADB_REGISTER] = pfkey_register, 2813 [SADB_EXPIRE] = NULL, 2814 [SADB_FLUSH] = pfkey_flush, 2815 [SADB_DUMP] = pfkey_dump, 2816 [SADB_X_PROMISC] = pfkey_promisc, 2817 [SADB_X_PCHANGE] = NULL, 2818 [SADB_X_SPDUPDATE] = pfkey_spdadd, 2819 [SADB_X_SPDADD] = pfkey_spdadd, 2820 [SADB_X_SPDDELETE] = pfkey_spddelete, 2821 [SADB_X_SPDGET] = pfkey_spdget, 2822 [SADB_X_SPDACQUIRE] = NULL, 2823 [SADB_X_SPDDUMP] = pfkey_spddump, 2824 [SADB_X_SPDFLUSH] = pfkey_spdflush, 2825 [SADB_X_SPDSETIDX] = pfkey_spdadd, 2826 [SADB_X_SPDDELETE2] = pfkey_spdget, 2827 [SADB_X_MIGRATE] = pfkey_migrate, 2828}; 2829 2830static int pfkey_process(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr) 2831{ 2832 void *ext_hdrs[SADB_EXT_MAX]; 2833 int err; 2834 2835 /* Non-zero return value of pfkey_broadcast() does not always signal 2836 * an error and even on an actual error we may still want to process 2837 * the message so rather ignore the return value. 2838 */ 2839 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL, 2840 BROADCAST_PROMISC_ONLY, NULL, sock_net(sk)); 2841 2842 memset(ext_hdrs, 0, sizeof(ext_hdrs)); 2843 err = parse_exthdrs(skb, hdr, ext_hdrs); 2844 if (!err) { 2845 err = -EOPNOTSUPP; 2846 if (pfkey_funcs[hdr->sadb_msg_type]) 2847 err = pfkey_funcs[hdr->sadb_msg_type](sk, skb, hdr, ext_hdrs); 2848 } 2849 return err; 2850} 2851 2852static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp) 2853{ 2854 struct sadb_msg *hdr = NULL; 2855 2856 if (skb->len < sizeof(*hdr)) { 2857 *errp = -EMSGSIZE; 2858 } else { 2859 hdr = (struct sadb_msg *) skb->data; 2860 if (hdr->sadb_msg_version != PF_KEY_V2 || 2861 hdr->sadb_msg_reserved != 0 || 2862 (hdr->sadb_msg_type <= SADB_RESERVED || 2863 hdr->sadb_msg_type > SADB_MAX)) { 2864 hdr = NULL; 2865 *errp = -EINVAL; 2866 } else if (hdr->sadb_msg_len != (skb->len / 2867 sizeof(uint64_t)) || 2868 hdr->sadb_msg_len < (sizeof(struct sadb_msg) / 2869 sizeof(uint64_t))) { 2870 hdr = NULL; 2871 *errp = -EMSGSIZE; 2872 } else { 2873 *errp = 0; 2874 } 2875 } 2876 return hdr; 2877} 2878 2879static inline int aalg_tmpl_set(const struct xfrm_tmpl *t, 2880 const struct xfrm_algo_desc *d) 2881{ 2882 unsigned int id = d->desc.sadb_alg_id; 2883 2884 if (id >= sizeof(t->aalgos) * 8) 2885 return 0; 2886 2887 return (t->aalgos >> id) & 1; 2888} 2889 2890static inline int ealg_tmpl_set(const struct xfrm_tmpl *t, 2891 const struct xfrm_algo_desc *d) 2892{ 2893 unsigned int id = d->desc.sadb_alg_id; 2894 2895 if (id >= sizeof(t->ealgos) * 8) 2896 return 0; 2897 2898 return (t->ealgos >> id) & 1; 2899} 2900 2901static int count_ah_combs(const struct xfrm_tmpl *t) 2902{ 2903 int i, sz = 0; 2904 2905 for (i = 0; ; i++) { 2906 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); 2907 if (!aalg) 2908 break; 2909 if (!aalg->pfkey_supported) 2910 continue; 2911 if (aalg_tmpl_set(t, aalg)) 2912 sz += sizeof(struct sadb_comb); 2913 } 2914 return sz + sizeof(struct sadb_prop); 2915} 2916 2917static int count_esp_combs(const struct xfrm_tmpl *t) 2918{ 2919 int i, k, sz = 0; 2920 2921 for (i = 0; ; i++) { 2922 const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); 2923 if (!ealg) 2924 break; 2925 2926 if (!ealg->pfkey_supported) 2927 continue; 2928 2929 if (!(ealg_tmpl_set(t, ealg))) 2930 continue; 2931 2932 for (k = 1; ; k++) { 2933 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); 2934 if (!aalg) 2935 break; 2936 2937 if (!aalg->pfkey_supported) 2938 continue; 2939 2940 if (aalg_tmpl_set(t, aalg)) 2941 sz += sizeof(struct sadb_comb); 2942 } 2943 } 2944 return sz + sizeof(struct sadb_prop); 2945} 2946 2947static int dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t) 2948{ 2949 struct sadb_prop *p; 2950 int sz = 0; 2951 int i; 2952 2953 p = skb_put(skb, sizeof(struct sadb_prop)); 2954 p->sadb_prop_len = sizeof(struct sadb_prop)/8; 2955 p->sadb_prop_exttype = SADB_EXT_PROPOSAL; 2956 p->sadb_prop_replay = 32; 2957 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved)); 2958 2959 for (i = 0; ; i++) { 2960 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); 2961 if (!aalg) 2962 break; 2963 2964 if (!aalg->pfkey_supported) 2965 continue; 2966 2967 if (aalg_tmpl_set(t, aalg) && aalg->available) { 2968 struct sadb_comb *c; 2969 c = skb_put_zero(skb, sizeof(struct sadb_comb)); 2970 p->sadb_prop_len += sizeof(struct sadb_comb)/8; 2971 c->sadb_comb_auth = aalg->desc.sadb_alg_id; 2972 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits; 2973 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits; 2974 c->sadb_comb_hard_addtime = 24*60*60; 2975 c->sadb_comb_soft_addtime = 20*60*60; 2976 c->sadb_comb_hard_usetime = 8*60*60; 2977 c->sadb_comb_soft_usetime = 7*60*60; 2978 sz += sizeof(*c); 2979 } 2980 } 2981 2982 return sz + sizeof(*p); 2983} 2984 2985static int dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t) 2986{ 2987 struct sadb_prop *p; 2988 int sz = 0; 2989 int i, k; 2990 2991 p = skb_put(skb, sizeof(struct sadb_prop)); 2992 p->sadb_prop_len = sizeof(struct sadb_prop)/8; 2993 p->sadb_prop_exttype = SADB_EXT_PROPOSAL; 2994 p->sadb_prop_replay = 32; 2995 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved)); 2996 2997 for (i=0; ; i++) { 2998 const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); 2999 if (!ealg) 3000 break; 3001 3002 if (!ealg->pfkey_supported) 3003 continue; 3004 3005 if (!(ealg_tmpl_set(t, ealg) && ealg->available)) 3006 continue; 3007 3008 for (k = 1; ; k++) { 3009 struct sadb_comb *c; 3010 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); 3011 if (!aalg) 3012 break; 3013 if (!aalg->pfkey_supported) 3014 continue; 3015 if (!(aalg_tmpl_set(t, aalg) && aalg->available)) 3016 continue; 3017 c = skb_put(skb, sizeof(struct sadb_comb)); 3018 memset(c, 0, sizeof(*c)); 3019 p->sadb_prop_len += sizeof(struct sadb_comb)/8; 3020 c->sadb_comb_auth = aalg->desc.sadb_alg_id; 3021 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits; 3022 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits; 3023 c->sadb_comb_encrypt = ealg->desc.sadb_alg_id; 3024 c->sadb_comb_encrypt_minbits = ealg->desc.sadb_alg_minbits; 3025 c->sadb_comb_encrypt_maxbits = ealg->desc.sadb_alg_maxbits; 3026 c->sadb_comb_hard_addtime = 24*60*60; 3027 c->sadb_comb_soft_addtime = 20*60*60; 3028 c->sadb_comb_hard_usetime = 8*60*60; 3029 c->sadb_comb_soft_usetime = 7*60*60; 3030 sz += sizeof(*c); 3031 } 3032 } 3033 3034 return sz + sizeof(*p); 3035} 3036 3037static int key_notify_policy_expire(struct xfrm_policy *xp, const struct km_event *c) 3038{ 3039 return 0; 3040} 3041 3042static int key_notify_sa_expire(struct xfrm_state *x, const struct km_event *c) 3043{ 3044 struct sk_buff *out_skb; 3045 struct sadb_msg *out_hdr; 3046 int hard; 3047 int hsc; 3048 3049 hard = c->data.hard; 3050 if (hard) 3051 hsc = 2; 3052 else 3053 hsc = 1; 3054 3055 out_skb = pfkey_xfrm_state2msg_expire(x, hsc); 3056 if (IS_ERR(out_skb)) 3057 return PTR_ERR(out_skb); 3058 3059 out_hdr = (struct sadb_msg *) out_skb->data; 3060 out_hdr->sadb_msg_version = PF_KEY_V2; 3061 out_hdr->sadb_msg_type = SADB_EXPIRE; 3062 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); 3063 out_hdr->sadb_msg_errno = 0; 3064 out_hdr->sadb_msg_reserved = 0; 3065 out_hdr->sadb_msg_seq = 0; 3066 out_hdr->sadb_msg_pid = 0; 3067 3068 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL, 3069 xs_net(x)); 3070 return 0; 3071} 3072 3073static int pfkey_send_notify(struct xfrm_state *x, const struct km_event *c) 3074{ 3075 struct net *net = x ? xs_net(x) : c->net; 3076 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 3077 3078 if (atomic_read(&net_pfkey->socks_nr) == 0) 3079 return 0; 3080 3081 switch (c->event) { 3082 case XFRM_MSG_EXPIRE: 3083 return key_notify_sa_expire(x, c); 3084 case XFRM_MSG_DELSA: 3085 case XFRM_MSG_NEWSA: 3086 case XFRM_MSG_UPDSA: 3087 return key_notify_sa(x, c); 3088 case XFRM_MSG_FLUSHSA: 3089 return key_notify_sa_flush(c); 3090 case XFRM_MSG_NEWAE: /* not yet supported */ 3091 break; 3092 default: 3093 pr_err("pfkey: Unknown SA event %d\n", c->event); 3094 break; 3095 } 3096 3097 return 0; 3098} 3099 3100static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c) 3101{ 3102 if (xp && xp->type != XFRM_POLICY_TYPE_MAIN) 3103 return 0; 3104 3105 switch (c->event) { 3106 case XFRM_MSG_POLEXPIRE: 3107 return key_notify_policy_expire(xp, c); 3108 case XFRM_MSG_DELPOLICY: 3109 case XFRM_MSG_NEWPOLICY: 3110 case XFRM_MSG_UPDPOLICY: 3111 return key_notify_policy(xp, dir, c); 3112 case XFRM_MSG_FLUSHPOLICY: 3113 if (c->data.type != XFRM_POLICY_TYPE_MAIN) 3114 break; 3115 return key_notify_policy_flush(c); 3116 default: 3117 pr_err("pfkey: Unknown policy event %d\n", c->event); 3118 break; 3119 } 3120 3121 return 0; 3122} 3123 3124static u32 get_acqseq(void) 3125{ 3126 u32 res; 3127 static atomic_t acqseq; 3128 3129 do { 3130 res = atomic_inc_return(&acqseq); 3131 } while (!res); 3132 return res; 3133} 3134 3135static bool pfkey_is_alive(const struct km_event *c) 3136{ 3137 struct netns_pfkey *net_pfkey = net_generic(c->net, pfkey_net_id); 3138 struct sock *sk; 3139 bool is_alive = false; 3140 3141 rcu_read_lock(); 3142 sk_for_each_rcu(sk, &net_pfkey->table) { 3143 if (pfkey_sk(sk)->registered) { 3144 is_alive = true; 3145 break; 3146 } 3147 } 3148 rcu_read_unlock(); 3149 3150 return is_alive; 3151} 3152 3153static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp) 3154{ 3155 struct sk_buff *skb; 3156 struct sadb_msg *hdr; 3157 struct sadb_address *addr; 3158 struct sadb_x_policy *pol; 3159 int sockaddr_size; 3160 int size; 3161 struct sadb_x_sec_ctx *sec_ctx; 3162 struct xfrm_sec_ctx *xfrm_ctx; 3163 int ctx_size = 0; 3164 int alg_size = 0; 3165 3166 sockaddr_size = pfkey_sockaddr_size(x->props.family); 3167 if (!sockaddr_size) 3168 return -EINVAL; 3169 3170 size = sizeof(struct sadb_msg) + 3171 (sizeof(struct sadb_address) * 2) + 3172 (sockaddr_size * 2) + 3173 sizeof(struct sadb_x_policy); 3174 3175 if (x->id.proto == IPPROTO_AH) 3176 alg_size = count_ah_combs(t); 3177 else if (x->id.proto == IPPROTO_ESP) 3178 alg_size = count_esp_combs(t); 3179 3180 if ((xfrm_ctx = x->security)) { 3181 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len); 3182 size += sizeof(struct sadb_x_sec_ctx) + ctx_size; 3183 } 3184 3185 skb = alloc_skb(size + alg_size + 16, GFP_ATOMIC); 3186 if (skb == NULL) 3187 return -ENOMEM; 3188 3189 hdr = skb_put(skb, sizeof(struct sadb_msg)); 3190 hdr->sadb_msg_version = PF_KEY_V2; 3191 hdr->sadb_msg_type = SADB_ACQUIRE; 3192 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); 3193 hdr->sadb_msg_len = size / sizeof(uint64_t); 3194 hdr->sadb_msg_errno = 0; 3195 hdr->sadb_msg_reserved = 0; 3196 hdr->sadb_msg_seq = x->km.seq = get_acqseq(); 3197 hdr->sadb_msg_pid = 0; 3198 3199 /* src address */ 3200 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size); 3201 addr->sadb_address_len = 3202 (sizeof(struct sadb_address)+sockaddr_size)/ 3203 sizeof(uint64_t); 3204 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 3205 addr->sadb_address_proto = 0; 3206 addr->sadb_address_reserved = 0; 3207 addr->sadb_address_prefixlen = 3208 pfkey_sockaddr_fill(&x->props.saddr, 0, 3209 (struct sockaddr *) (addr + 1), 3210 x->props.family); 3211 if (!addr->sadb_address_prefixlen) 3212 BUG(); 3213 3214 /* dst address */ 3215 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size); 3216 addr->sadb_address_len = 3217 (sizeof(struct sadb_address)+sockaddr_size)/ 3218 sizeof(uint64_t); 3219 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 3220 addr->sadb_address_proto = 0; 3221 addr->sadb_address_reserved = 0; 3222 addr->sadb_address_prefixlen = 3223 pfkey_sockaddr_fill(&x->id.daddr, 0, 3224 (struct sockaddr *) (addr + 1), 3225 x->props.family); 3226 if (!addr->sadb_address_prefixlen) 3227 BUG(); 3228 3229 pol = skb_put(skb, sizeof(struct sadb_x_policy)); 3230 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t); 3231 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 3232 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; 3233 pol->sadb_x_policy_dir = XFRM_POLICY_OUT + 1; 3234 pol->sadb_x_policy_reserved = 0; 3235 pol->sadb_x_policy_id = xp->index; 3236 pol->sadb_x_policy_priority = xp->priority; 3237 3238 /* Set sadb_comb's. */ 3239 alg_size = 0; 3240 if (x->id.proto == IPPROTO_AH) 3241 alg_size = dump_ah_combs(skb, t); 3242 else if (x->id.proto == IPPROTO_ESP) 3243 alg_size = dump_esp_combs(skb, t); 3244 3245 hdr->sadb_msg_len += alg_size / 8; 3246 3247 /* security context */ 3248 if (xfrm_ctx) { 3249 sec_ctx = skb_put(skb, 3250 sizeof(struct sadb_x_sec_ctx) + ctx_size); 3251 sec_ctx->sadb_x_sec_len = 3252 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t); 3253 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX; 3254 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi; 3255 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg; 3256 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len; 3257 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str, 3258 xfrm_ctx->ctx_len); 3259 } 3260 3261 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL, 3262 xs_net(x)); 3263} 3264 3265static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt, 3266 u8 *data, int len, int *dir) 3267{ 3268 struct net *net = sock_net(sk); 3269 struct xfrm_policy *xp; 3270 struct sadb_x_policy *pol = (struct sadb_x_policy*)data; 3271 struct sadb_x_sec_ctx *sec_ctx; 3272 3273 switch (sk->sk_family) { 3274 case AF_INET: 3275 if (opt != IP_IPSEC_POLICY) { 3276 *dir = -EOPNOTSUPP; 3277 return NULL; 3278 } 3279 break; 3280#if IS_ENABLED(CONFIG_IPV6) 3281 case AF_INET6: 3282 if (opt != IPV6_IPSEC_POLICY) { 3283 *dir = -EOPNOTSUPP; 3284 return NULL; 3285 } 3286 break; 3287#endif 3288 default: 3289 *dir = -EINVAL; 3290 return NULL; 3291 } 3292 3293 *dir = -EINVAL; 3294 3295 if (len < sizeof(struct sadb_x_policy) || 3296 pol->sadb_x_policy_len*8 > len || 3297 pol->sadb_x_policy_type > IPSEC_POLICY_BYPASS || 3298 (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir > IPSEC_DIR_OUTBOUND)) 3299 return NULL; 3300 3301 xp = xfrm_policy_alloc(net, GFP_ATOMIC); 3302 if (xp == NULL) { 3303 *dir = -ENOBUFS; 3304 return NULL; 3305 } 3306 3307 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ? 3308 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW); 3309 3310 xp->lft.soft_byte_limit = XFRM_INF; 3311 xp->lft.hard_byte_limit = XFRM_INF; 3312 xp->lft.soft_packet_limit = XFRM_INF; 3313 xp->lft.hard_packet_limit = XFRM_INF; 3314 xp->family = sk->sk_family; 3315 3316 xp->xfrm_nr = 0; 3317 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 3318 (*dir = parse_ipsecrequests(xp, pol)) < 0) 3319 goto out; 3320 3321 /* security context too */ 3322 if (len >= (pol->sadb_x_policy_len*8 + 3323 sizeof(struct sadb_x_sec_ctx))) { 3324 char *p = (char *)pol; 3325 struct xfrm_user_sec_ctx *uctx; 3326 3327 p += pol->sadb_x_policy_len*8; 3328 sec_ctx = (struct sadb_x_sec_ctx *)p; 3329 if (len < pol->sadb_x_policy_len*8 + 3330 sec_ctx->sadb_x_sec_len*8) { 3331 *dir = -EINVAL; 3332 goto out; 3333 } 3334 if ((*dir = verify_sec_ctx_len(p))) 3335 goto out; 3336 uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_ATOMIC); 3337 *dir = security_xfrm_policy_alloc(&xp->security, uctx, GFP_ATOMIC); 3338 kfree(uctx); 3339 3340 if (*dir) 3341 goto out; 3342 } 3343 3344 *dir = pol->sadb_x_policy_dir-1; 3345 return xp; 3346 3347out: 3348 xp->walk.dead = 1; 3349 xfrm_policy_destroy(xp); 3350 return NULL; 3351} 3352 3353static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport) 3354{ 3355 struct sk_buff *skb; 3356 struct sadb_msg *hdr; 3357 struct sadb_sa *sa; 3358 struct sadb_address *addr; 3359 struct sadb_x_nat_t_port *n_port; 3360 int sockaddr_size; 3361 int size; 3362 __u8 satype = (x->id.proto == IPPROTO_ESP ? SADB_SATYPE_ESP : 0); 3363 struct xfrm_encap_tmpl *natt = NULL; 3364 3365 sockaddr_size = pfkey_sockaddr_size(x->props.family); 3366 if (!sockaddr_size) 3367 return -EINVAL; 3368 3369 if (!satype) 3370 return -EINVAL; 3371 3372 if (!x->encap) 3373 return -EINVAL; 3374 3375 natt = x->encap; 3376 3377 /* Build an SADB_X_NAT_T_NEW_MAPPING message: 3378 * 3379 * HDR | SA | ADDRESS_SRC (old addr) | NAT_T_SPORT (old port) | 3380 * ADDRESS_DST (new addr) | NAT_T_DPORT (new port) 3381 */ 3382 3383 size = sizeof(struct sadb_msg) + 3384 sizeof(struct sadb_sa) + 3385 (sizeof(struct sadb_address) * 2) + 3386 (sockaddr_size * 2) + 3387 (sizeof(struct sadb_x_nat_t_port) * 2); 3388 3389 skb = alloc_skb(size + 16, GFP_ATOMIC); 3390 if (skb == NULL) 3391 return -ENOMEM; 3392 3393 hdr = skb_put(skb, sizeof(struct sadb_msg)); 3394 hdr->sadb_msg_version = PF_KEY_V2; 3395 hdr->sadb_msg_type = SADB_X_NAT_T_NEW_MAPPING; 3396 hdr->sadb_msg_satype = satype; 3397 hdr->sadb_msg_len = size / sizeof(uint64_t); 3398 hdr->sadb_msg_errno = 0; 3399 hdr->sadb_msg_reserved = 0; 3400 hdr->sadb_msg_seq = x->km.seq; 3401 hdr->sadb_msg_pid = 0; 3402 3403 /* SA */ 3404 sa = skb_put(skb, sizeof(struct sadb_sa)); 3405 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t); 3406 sa->sadb_sa_exttype = SADB_EXT_SA; 3407 sa->sadb_sa_spi = x->id.spi; 3408 sa->sadb_sa_replay = 0; 3409 sa->sadb_sa_state = 0; 3410 sa->sadb_sa_auth = 0; 3411 sa->sadb_sa_encrypt = 0; 3412 sa->sadb_sa_flags = 0; 3413 3414 /* ADDRESS_SRC (old addr) */ 3415 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size); 3416 addr->sadb_address_len = 3417 (sizeof(struct sadb_address)+sockaddr_size)/ 3418 sizeof(uint64_t); 3419 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 3420 addr->sadb_address_proto = 0; 3421 addr->sadb_address_reserved = 0; 3422 addr->sadb_address_prefixlen = 3423 pfkey_sockaddr_fill(&x->props.saddr, 0, 3424 (struct sockaddr *) (addr + 1), 3425 x->props.family); 3426 if (!addr->sadb_address_prefixlen) 3427 BUG(); 3428 3429 /* NAT_T_SPORT (old port) */ 3430 n_port = skb_put(skb, sizeof(*n_port)); 3431 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t); 3432 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT; 3433 n_port->sadb_x_nat_t_port_port = natt->encap_sport; 3434 n_port->sadb_x_nat_t_port_reserved = 0; 3435 3436 /* ADDRESS_DST (new addr) */ 3437 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size); 3438 addr->sadb_address_len = 3439 (sizeof(struct sadb_address)+sockaddr_size)/ 3440 sizeof(uint64_t); 3441 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 3442 addr->sadb_address_proto = 0; 3443 addr->sadb_address_reserved = 0; 3444 addr->sadb_address_prefixlen = 3445 pfkey_sockaddr_fill(ipaddr, 0, 3446 (struct sockaddr *) (addr + 1), 3447 x->props.family); 3448 if (!addr->sadb_address_prefixlen) 3449 BUG(); 3450 3451 /* NAT_T_DPORT (new port) */ 3452 n_port = skb_put(skb, sizeof(*n_port)); 3453 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t); 3454 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT; 3455 n_port->sadb_x_nat_t_port_port = sport; 3456 n_port->sadb_x_nat_t_port_reserved = 0; 3457 3458 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL, 3459 xs_net(x)); 3460} 3461 3462#ifdef CONFIG_NET_KEY_MIGRATE 3463static int set_sadb_address(struct sk_buff *skb, int sasize, int type, 3464 const struct xfrm_selector *sel) 3465{ 3466 struct sadb_address *addr; 3467 addr = skb_put(skb, sizeof(struct sadb_address) + sasize); 3468 addr->sadb_address_len = (sizeof(struct sadb_address) + sasize)/8; 3469 addr->sadb_address_exttype = type; 3470 addr->sadb_address_proto = sel->proto; 3471 addr->sadb_address_reserved = 0; 3472 3473 switch (type) { 3474 case SADB_EXT_ADDRESS_SRC: 3475 addr->sadb_address_prefixlen = sel->prefixlen_s; 3476 pfkey_sockaddr_fill(&sel->saddr, 0, 3477 (struct sockaddr *)(addr + 1), 3478 sel->family); 3479 break; 3480 case SADB_EXT_ADDRESS_DST: 3481 addr->sadb_address_prefixlen = sel->prefixlen_d; 3482 pfkey_sockaddr_fill(&sel->daddr, 0, 3483 (struct sockaddr *)(addr + 1), 3484 sel->family); 3485 break; 3486 default: 3487 return -EINVAL; 3488 } 3489 3490 return 0; 3491} 3492 3493 3494static int set_sadb_kmaddress(struct sk_buff *skb, const struct xfrm_kmaddress *k) 3495{ 3496 struct sadb_x_kmaddress *kma; 3497 u8 *sa; 3498 int family = k->family; 3499 int socklen = pfkey_sockaddr_len(family); 3500 int size_req; 3501 3502 size_req = (sizeof(struct sadb_x_kmaddress) + 3503 pfkey_sockaddr_pair_size(family)); 3504 3505 kma = skb_put_zero(skb, size_req); 3506 kma->sadb_x_kmaddress_len = size_req / 8; 3507 kma->sadb_x_kmaddress_exttype = SADB_X_EXT_KMADDRESS; 3508 kma->sadb_x_kmaddress_reserved = k->reserved; 3509 3510 sa = (u8 *)(kma + 1); 3511 if (!pfkey_sockaddr_fill(&k->local, 0, (struct sockaddr *)sa, family) || 3512 !pfkey_sockaddr_fill(&k->remote, 0, (struct sockaddr *)(sa+socklen), family)) 3513 return -EINVAL; 3514 3515 return 0; 3516} 3517 3518static int set_ipsecrequest(struct sk_buff *skb, 3519 uint8_t proto, uint8_t mode, int level, 3520 uint32_t reqid, uint8_t family, 3521 const xfrm_address_t *src, const xfrm_address_t *dst) 3522{ 3523 struct sadb_x_ipsecrequest *rq; 3524 u8 *sa; 3525 int socklen = pfkey_sockaddr_len(family); 3526 int size_req; 3527 3528 size_req = sizeof(struct sadb_x_ipsecrequest) + 3529 pfkey_sockaddr_pair_size(family); 3530 3531 rq = skb_put_zero(skb, size_req); 3532 rq->sadb_x_ipsecrequest_len = size_req; 3533 rq->sadb_x_ipsecrequest_proto = proto; 3534 rq->sadb_x_ipsecrequest_mode = mode; 3535 rq->sadb_x_ipsecrequest_level = level; 3536 rq->sadb_x_ipsecrequest_reqid = reqid; 3537 3538 sa = (u8 *) (rq + 1); 3539 if (!pfkey_sockaddr_fill(src, 0, (struct sockaddr *)sa, family) || 3540 !pfkey_sockaddr_fill(dst, 0, (struct sockaddr *)(sa + socklen), family)) 3541 return -EINVAL; 3542 3543 return 0; 3544} 3545#endif 3546 3547#ifdef CONFIG_NET_KEY_MIGRATE 3548static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, 3549 const struct xfrm_migrate *m, int num_bundles, 3550 const struct xfrm_kmaddress *k, 3551 const struct xfrm_encap_tmpl *encap) 3552{ 3553 int i; 3554 int sasize_sel; 3555 int size = 0; 3556 int size_pol = 0; 3557 struct sk_buff *skb; 3558 struct sadb_msg *hdr; 3559 struct sadb_x_policy *pol; 3560 const struct xfrm_migrate *mp; 3561 3562 if (type != XFRM_POLICY_TYPE_MAIN) 3563 return 0; 3564 3565 if (num_bundles <= 0 || num_bundles > XFRM_MAX_DEPTH) 3566 return -EINVAL; 3567 3568 if (k != NULL) { 3569 /* addresses for KM */ 3570 size += PFKEY_ALIGN8(sizeof(struct sadb_x_kmaddress) + 3571 pfkey_sockaddr_pair_size(k->family)); 3572 } 3573 3574 /* selector */ 3575 sasize_sel = pfkey_sockaddr_size(sel->family); 3576 if (!sasize_sel) 3577 return -EINVAL; 3578 size += (sizeof(struct sadb_address) + sasize_sel) * 2; 3579 3580 /* policy info */ 3581 size_pol += sizeof(struct sadb_x_policy); 3582 3583 /* ipsecrequests */ 3584 for (i = 0, mp = m; i < num_bundles; i++, mp++) { 3585 /* old locator pair */ 3586 size_pol += sizeof(struct sadb_x_ipsecrequest) + 3587 pfkey_sockaddr_pair_size(mp->old_family); 3588 /* new locator pair */ 3589 size_pol += sizeof(struct sadb_x_ipsecrequest) + 3590 pfkey_sockaddr_pair_size(mp->new_family); 3591 } 3592 3593 size += sizeof(struct sadb_msg) + size_pol; 3594 3595 /* alloc buffer */ 3596 skb = alloc_skb(size, GFP_ATOMIC); 3597 if (skb == NULL) 3598 return -ENOMEM; 3599 3600 hdr = skb_put(skb, sizeof(struct sadb_msg)); 3601 hdr->sadb_msg_version = PF_KEY_V2; 3602 hdr->sadb_msg_type = SADB_X_MIGRATE; 3603 hdr->sadb_msg_satype = pfkey_proto2satype(m->proto); 3604 hdr->sadb_msg_len = size / 8; 3605 hdr->sadb_msg_errno = 0; 3606 hdr->sadb_msg_reserved = 0; 3607 hdr->sadb_msg_seq = 0; 3608 hdr->sadb_msg_pid = 0; 3609 3610 /* Addresses to be used by KM for negotiation, if ext is available */ 3611 if (k != NULL && (set_sadb_kmaddress(skb, k) < 0)) 3612 goto err; 3613 3614 /* selector src */ 3615 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_SRC, sel); 3616 3617 /* selector dst */ 3618 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_DST, sel); 3619 3620 /* policy information */ 3621 pol = skb_put(skb, sizeof(struct sadb_x_policy)); 3622 pol->sadb_x_policy_len = size_pol / 8; 3623 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 3624 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; 3625 pol->sadb_x_policy_dir = dir + 1; 3626 pol->sadb_x_policy_reserved = 0; 3627 pol->sadb_x_policy_id = 0; 3628 pol->sadb_x_policy_priority = 0; 3629 3630 for (i = 0, mp = m; i < num_bundles; i++, mp++) { 3631 /* old ipsecrequest */ 3632 int mode = pfkey_mode_from_xfrm(mp->mode); 3633 if (mode < 0) 3634 goto err; 3635 if (set_ipsecrequest(skb, mp->proto, mode, 3636 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), 3637 mp->reqid, mp->old_family, 3638 &mp->old_saddr, &mp->old_daddr) < 0) 3639 goto err; 3640 3641 /* new ipsecrequest */ 3642 if (set_ipsecrequest(skb, mp->proto, mode, 3643 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), 3644 mp->reqid, mp->new_family, 3645 &mp->new_saddr, &mp->new_daddr) < 0) 3646 goto err; 3647 } 3648 3649 /* broadcast migrate message to sockets */ 3650 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, &init_net); 3651 3652 return 0; 3653 3654err: 3655 kfree_skb(skb); 3656 return -EINVAL; 3657} 3658#else 3659static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, 3660 const struct xfrm_migrate *m, int num_bundles, 3661 const struct xfrm_kmaddress *k, 3662 const struct xfrm_encap_tmpl *encap) 3663{ 3664 return -ENOPROTOOPT; 3665} 3666#endif 3667 3668static int pfkey_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) 3669{ 3670 struct sock *sk = sock->sk; 3671 struct sk_buff *skb = NULL; 3672 struct sadb_msg *hdr = NULL; 3673 int err; 3674 struct net *net = sock_net(sk); 3675 3676 err = -EOPNOTSUPP; 3677 if (msg->msg_flags & MSG_OOB) 3678 goto out; 3679 3680 err = -EMSGSIZE; 3681 if ((unsigned int)len > sk->sk_sndbuf - 32) 3682 goto out; 3683 3684 err = -ENOBUFS; 3685 skb = alloc_skb(len, GFP_KERNEL); 3686 if (skb == NULL) 3687 goto out; 3688 3689 err = -EFAULT; 3690 if (memcpy_from_msg(skb_put(skb,len), msg, len)) 3691 goto out; 3692 3693 hdr = pfkey_get_base_msg(skb, &err); 3694 if (!hdr) 3695 goto out; 3696 3697 mutex_lock(&net->xfrm.xfrm_cfg_mutex); 3698 err = pfkey_process(sk, skb, hdr); 3699 mutex_unlock(&net->xfrm.xfrm_cfg_mutex); 3700 3701out: 3702 if (err && hdr && pfkey_error(hdr, err, sk) == 0) 3703 err = 0; 3704 kfree_skb(skb); 3705 3706 return err ? : len; 3707} 3708 3709static int pfkey_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, 3710 int flags) 3711{ 3712 struct sock *sk = sock->sk; 3713 struct pfkey_sock *pfk = pfkey_sk(sk); 3714 struct sk_buff *skb; 3715 int copied, err; 3716 3717 err = -EINVAL; 3718 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT)) 3719 goto out; 3720 3721 skb = skb_recv_datagram(sk, flags, &err); 3722 if (skb == NULL) 3723 goto out; 3724 3725 copied = skb->len; 3726 if (copied > len) { 3727 msg->msg_flags |= MSG_TRUNC; 3728 copied = len; 3729 } 3730 3731 skb_reset_transport_header(skb); 3732 err = skb_copy_datagram_msg(skb, 0, msg, copied); 3733 if (err) 3734 goto out_free; 3735 3736 sock_recv_cmsgs(msg, sk, skb); 3737 3738 err = (flags & MSG_TRUNC) ? skb->len : copied; 3739 3740 if (pfk->dump.dump != NULL && 3741 3 * atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) 3742 pfkey_do_dump(pfk); 3743 3744out_free: 3745 skb_free_datagram(sk, skb); 3746out: 3747 return err; 3748} 3749 3750static const struct proto_ops pfkey_ops = { 3751 .family = PF_KEY, 3752 .owner = THIS_MODULE, 3753 /* Operations that make no sense on pfkey sockets. */ 3754 .bind = sock_no_bind, 3755 .connect = sock_no_connect, 3756 .socketpair = sock_no_socketpair, 3757 .accept = sock_no_accept, 3758 .getname = sock_no_getname, 3759 .ioctl = sock_no_ioctl, 3760 .listen = sock_no_listen, 3761 .shutdown = sock_no_shutdown, 3762 .mmap = sock_no_mmap, 3763 3764 /* Now the operations that really occur. */ 3765 .release = pfkey_release, 3766 .poll = datagram_poll, 3767 .sendmsg = pfkey_sendmsg, 3768 .recvmsg = pfkey_recvmsg, 3769}; 3770 3771static const struct net_proto_family pfkey_family_ops = { 3772 .family = PF_KEY, 3773 .create = pfkey_create, 3774 .owner = THIS_MODULE, 3775}; 3776 3777#ifdef CONFIG_PROC_FS 3778static int pfkey_seq_show(struct seq_file *f, void *v) 3779{ 3780 struct sock *s = sk_entry(v); 3781 3782 if (v == SEQ_START_TOKEN) 3783 seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n"); 3784 else 3785 seq_printf(f, "%pK %-6d %-6u %-6u %-6u %-6lu\n", 3786 s, 3787 refcount_read(&s->sk_refcnt), 3788 sk_rmem_alloc_get(s), 3789 sk_wmem_alloc_get(s), 3790 from_kuid_munged(seq_user_ns(f), sock_i_uid(s)), 3791 sock_i_ino(s) 3792 ); 3793 return 0; 3794} 3795 3796static void *pfkey_seq_start(struct seq_file *f, loff_t *ppos) 3797 __acquires(rcu) 3798{ 3799 struct net *net = seq_file_net(f); 3800 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 3801 3802 rcu_read_lock(); 3803 return seq_hlist_start_head_rcu(&net_pfkey->table, *ppos); 3804} 3805 3806static void *pfkey_seq_next(struct seq_file *f, void *v, loff_t *ppos) 3807{ 3808 struct net *net = seq_file_net(f); 3809 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 3810 3811 return seq_hlist_next_rcu(v, &net_pfkey->table, ppos); 3812} 3813 3814static void pfkey_seq_stop(struct seq_file *f, void *v) 3815 __releases(rcu) 3816{ 3817 rcu_read_unlock(); 3818} 3819 3820static const struct seq_operations pfkey_seq_ops = { 3821 .start = pfkey_seq_start, 3822 .next = pfkey_seq_next, 3823 .stop = pfkey_seq_stop, 3824 .show = pfkey_seq_show, 3825}; 3826 3827static int __net_init pfkey_init_proc(struct net *net) 3828{ 3829 struct proc_dir_entry *e; 3830 3831 e = proc_create_net("pfkey", 0, net->proc_net, &pfkey_seq_ops, 3832 sizeof(struct seq_net_private)); 3833 if (e == NULL) 3834 return -ENOMEM; 3835 3836 return 0; 3837} 3838 3839static void __net_exit pfkey_exit_proc(struct net *net) 3840{ 3841 remove_proc_entry("pfkey", net->proc_net); 3842} 3843#else 3844static inline int pfkey_init_proc(struct net *net) 3845{ 3846 return 0; 3847} 3848 3849static inline void pfkey_exit_proc(struct net *net) 3850{ 3851} 3852#endif 3853 3854static struct xfrm_mgr pfkeyv2_mgr = 3855{ 3856 .notify = pfkey_send_notify, 3857 .acquire = pfkey_send_acquire, 3858 .compile_policy = pfkey_compile_policy, 3859 .new_mapping = pfkey_send_new_mapping, 3860 .notify_policy = pfkey_send_policy_notify, 3861 .migrate = pfkey_send_migrate, 3862 .is_alive = pfkey_is_alive, 3863}; 3864 3865static int __net_init pfkey_net_init(struct net *net) 3866{ 3867 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 3868 int rv; 3869 3870 INIT_HLIST_HEAD(&net_pfkey->table); 3871 atomic_set(&net_pfkey->socks_nr, 0); 3872 3873 rv = pfkey_init_proc(net); 3874 3875 return rv; 3876} 3877 3878static void __net_exit pfkey_net_exit(struct net *net) 3879{ 3880 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 3881 3882 pfkey_exit_proc(net); 3883 WARN_ON(!hlist_empty(&net_pfkey->table)); 3884} 3885 3886static struct pernet_operations pfkey_net_ops = { 3887 .init = pfkey_net_init, 3888 .exit = pfkey_net_exit, 3889 .id = &pfkey_net_id, 3890 .size = sizeof(struct netns_pfkey), 3891}; 3892 3893static void __exit ipsec_pfkey_exit(void) 3894{ 3895 xfrm_unregister_km(&pfkeyv2_mgr); 3896 sock_unregister(PF_KEY); 3897 unregister_pernet_subsys(&pfkey_net_ops); 3898 proto_unregister(&key_proto); 3899} 3900 3901static int __init ipsec_pfkey_init(void) 3902{ 3903 int err = proto_register(&key_proto, 0); 3904 3905 if (err != 0) 3906 goto out; 3907 3908 err = register_pernet_subsys(&pfkey_net_ops); 3909 if (err != 0) 3910 goto out_unregister_key_proto; 3911 err = sock_register(&pfkey_family_ops); 3912 if (err != 0) 3913 goto out_unregister_pernet; 3914 xfrm_register_km(&pfkeyv2_mgr); 3915out: 3916 return err; 3917 3918out_unregister_pernet: 3919 unregister_pernet_subsys(&pfkey_net_ops); 3920out_unregister_key_proto: 3921 proto_unregister(&key_proto); 3922 goto out; 3923} 3924 3925module_init(ipsec_pfkey_init); 3926module_exit(ipsec_pfkey_exit); 3927MODULE_DESCRIPTION("PF_KEY socket helpers"); 3928MODULE_LICENSE("GPL"); 3929MODULE_ALIAS_NETPROTO(PF_KEY); 3930