1/* 2 * net/key/af_key.c An implementation of PF_KEYv2 sockets. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 7 * 2 of the License, or (at your option) any later version. 8 * 9 * Authors: Maxim Giryaev <gem@asplinux.ru> 10 * David S. Miller <davem@redhat.com> 11 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 12 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 13 * Kazunori MIYAZAWA / USAGI Project <miyazawa@linux-ipv6.org> 14 * Derek Atkins <derek@ihtfp.com> 15 */ 16 17#include <linux/capability.h> 18#include <linux/module.h> 19#include <linux/kernel.h> 20#include <linux/socket.h> 21#include <linux/pfkeyv2.h> 22#include <linux/ipsec.h> 23#include <linux/skbuff.h> 24#include <linux/rtnetlink.h> 25#include <linux/in.h> 26#include <linux/in6.h> 27#include <linux/proc_fs.h> 28#include <linux/init.h> 29#include <linux/slab.h> 30#include <net/net_namespace.h> 31#include <net/netns/generic.h> 32#include <net/xfrm.h> 33 34#include <net/sock.h> 35 36#define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x)) 37#define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x)) 38 39static int pfkey_net_id __read_mostly; 40struct netns_pfkey { 41 /* List of all pfkey sockets. */ 42 struct hlist_head table; 43 atomic_t socks_nr; 44}; 45static DEFINE_MUTEX(pfkey_mutex); 46 47#define DUMMY_MARK 0 48static struct xfrm_mark dummy_mark = {0, 0}; 49struct pfkey_sock { 50 /* struct sock must be the first member of struct pfkey_sock */ 51 struct sock sk; 52 int registered; 53 int promisc; 54 55 struct { 56 uint8_t msg_version; 57 uint32_t msg_pid; 58 int (*dump)(struct pfkey_sock *sk); 59 void (*done)(struct pfkey_sock *sk); 60 union { 61 struct xfrm_policy_walk policy; 62 struct xfrm_state_walk state; 63 } u; 64 struct sk_buff *skb; 65 } dump; 66}; 67 68static inline struct pfkey_sock *pfkey_sk(struct sock *sk) 69{ 70 return (struct pfkey_sock *)sk; 71} 72 73static int pfkey_can_dump(struct sock *sk) 74{ 75 if (3 * atomic_read(&sk->sk_rmem_alloc) <= 2 * sk->sk_rcvbuf) 76 return 1; 77 return 0; 78} 79 80static void pfkey_terminate_dump(struct pfkey_sock *pfk) 81{ 82 if (pfk->dump.dump) { 83 if (pfk->dump.skb) { 84 kfree_skb(pfk->dump.skb); 85 pfk->dump.skb = NULL; 86 } 87 pfk->dump.done(pfk); 88 pfk->dump.dump = NULL; 89 pfk->dump.done = NULL; 90 } 91} 92 93static void pfkey_sock_destruct(struct sock *sk) 94{ 95 struct net *net = sock_net(sk); 96 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 97 98 pfkey_terminate_dump(pfkey_sk(sk)); 99 skb_queue_purge(&sk->sk_receive_queue); 100 101 if (!sock_flag(sk, SOCK_DEAD)) { 102 pr_err("Attempt to release alive pfkey socket: %p\n", sk); 103 return; 104 } 105 106 WARN_ON(atomic_read(&sk->sk_rmem_alloc)); 107 WARN_ON(atomic_read(&sk->sk_wmem_alloc)); 108 109 atomic_dec(&net_pfkey->socks_nr); 110} 111 112static const struct proto_ops pfkey_ops; 113 114static void pfkey_insert(struct sock *sk) 115{ 116 struct net *net = sock_net(sk); 117 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 118 119 mutex_lock(&pfkey_mutex); 120 sk_add_node_rcu(sk, &net_pfkey->table); 121 mutex_unlock(&pfkey_mutex); 122} 123 124static void pfkey_remove(struct sock *sk) 125{ 126 mutex_lock(&pfkey_mutex); 127 sk_del_node_init_rcu(sk); 128 mutex_unlock(&pfkey_mutex); 129} 130 131static struct proto key_proto = { 132 .name = "KEY", 133 .owner = THIS_MODULE, 134 .obj_size = sizeof(struct pfkey_sock), 135}; 136 137static int pfkey_create(struct net *net, struct socket *sock, int protocol, 138 int kern) 139{ 140 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 141 struct sock *sk; 142 int err; 143 144 if (!capable(CAP_NET_ADMIN)) 145 return -EPERM; 146 if (sock->type != SOCK_RAW) 147 return -ESOCKTNOSUPPORT; 148 if (protocol != PF_KEY_V2) 149 return -EPROTONOSUPPORT; 150 151 err = -ENOMEM; 152 sk = sk_alloc(net, PF_KEY, GFP_KERNEL, &key_proto); 153 if (sk == NULL) 154 goto out; 155 156 sock->ops = &pfkey_ops; 157 sock_init_data(sock, sk); 158 159 sk->sk_family = PF_KEY; 160 sk->sk_destruct = pfkey_sock_destruct; 161 162 atomic_inc(&net_pfkey->socks_nr); 163 164 pfkey_insert(sk); 165 166 return 0; 167out: 168 return err; 169} 170 171static int pfkey_release(struct socket *sock) 172{ 173 struct sock *sk = sock->sk; 174 175 if (!sk) 176 return 0; 177 178 pfkey_remove(sk); 179 180 sock_orphan(sk); 181 sock->sk = NULL; 182 skb_queue_purge(&sk->sk_write_queue); 183 184 synchronize_rcu(); 185 sock_put(sk); 186 187 return 0; 188} 189 190static int pfkey_broadcast_one(struct sk_buff *skb, struct sk_buff **skb2, 191 gfp_t allocation, struct sock *sk) 192{ 193 int err = -ENOBUFS; 194 195 sock_hold(sk); 196 if (*skb2 == NULL) { 197 if (atomic_read(&skb->users) != 1) { 198 *skb2 = skb_clone(skb, allocation); 199 } else { 200 *skb2 = skb; 201 atomic_inc(&skb->users); 202 } 203 } 204 if (*skb2 != NULL) { 205 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) { 206 skb_orphan(*skb2); 207 skb_set_owner_r(*skb2, sk); 208 skb_queue_tail(&sk->sk_receive_queue, *skb2); 209 sk->sk_data_ready(sk, (*skb2)->len); 210 *skb2 = NULL; 211 err = 0; 212 } 213 } 214 sock_put(sk); 215 return err; 216} 217 218/* Send SKB to all pfkey sockets matching selected criteria. */ 219#define BROADCAST_ALL 0 220#define BROADCAST_ONE 1 221#define BROADCAST_REGISTERED 2 222#define BROADCAST_PROMISC_ONLY 4 223static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation, 224 int broadcast_flags, struct sock *one_sk, 225 struct net *net) 226{ 227 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 228 struct sock *sk; 229 struct hlist_node *node; 230 struct sk_buff *skb2 = NULL; 231 int err = -ESRCH; 232 233 if (!skb) 234 return -ENOMEM; 235 236 rcu_read_lock(); 237 sk_for_each_rcu(sk, node, &net_pfkey->table) { 238 struct pfkey_sock *pfk = pfkey_sk(sk); 239 int err2; 240 241 /* Yes, it means that if you are meant to receive this 242 * pfkey message you receive it twice as promiscuous 243 * socket. 244 */ 245 if (pfk->promisc) 246 pfkey_broadcast_one(skb, &skb2, allocation, sk); 247 248 /* the exact target will be processed later */ 249 if (sk == one_sk) 250 continue; 251 if (broadcast_flags != BROADCAST_ALL) { 252 if (broadcast_flags & BROADCAST_PROMISC_ONLY) 253 continue; 254 if ((broadcast_flags & BROADCAST_REGISTERED) && 255 !pfk->registered) 256 continue; 257 if (broadcast_flags & BROADCAST_ONE) 258 continue; 259 } 260 261 err2 = pfkey_broadcast_one(skb, &skb2, allocation, sk); 262 263 /* Error is cleare after succecful sending to at least one 264 * registered KM */ 265 if ((broadcast_flags & BROADCAST_REGISTERED) && err) 266 err = err2; 267 } 268 rcu_read_unlock(); 269 270 if (one_sk != NULL) 271 err = pfkey_broadcast_one(skb, &skb2, allocation, one_sk); 272 273 kfree_skb(skb2); 274 kfree_skb(skb); 275 return err; 276} 277 278static int pfkey_do_dump(struct pfkey_sock *pfk) 279{ 280 struct sadb_msg *hdr; 281 int rc; 282 283 rc = pfk->dump.dump(pfk); 284 if (rc == -ENOBUFS) 285 return 0; 286 287 if (pfk->dump.skb) { 288 if (!pfkey_can_dump(&pfk->sk)) 289 return 0; 290 291 hdr = (struct sadb_msg *) pfk->dump.skb->data; 292 hdr->sadb_msg_seq = 0; 293 hdr->sadb_msg_errno = rc; 294 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE, 295 &pfk->sk, sock_net(&pfk->sk)); 296 pfk->dump.skb = NULL; 297 } 298 299 pfkey_terminate_dump(pfk); 300 return rc; 301} 302 303static inline void pfkey_hdr_dup(struct sadb_msg *new, struct sadb_msg *orig) 304{ 305 *new = *orig; 306} 307 308static int pfkey_error(struct sadb_msg *orig, int err, struct sock *sk) 309{ 310 struct sk_buff *skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_KERNEL); 311 struct sadb_msg *hdr; 312 313 if (!skb) 314 return -ENOBUFS; 315 316 /* Woe be to the platform trying to support PFKEY yet 317 * having normal errnos outside the 1-255 range, inclusive. 318 */ 319 err = -err; 320 if (err == ERESTARTSYS || 321 err == ERESTARTNOHAND || 322 err == ERESTARTNOINTR) 323 err = EINTR; 324 if (err >= 512) 325 err = EINVAL; 326 BUG_ON(err <= 0 || err >= 256); 327 328 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); 329 pfkey_hdr_dup(hdr, orig); 330 hdr->sadb_msg_errno = (uint8_t) err; 331 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / 332 sizeof(uint64_t)); 333 334 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ONE, sk, sock_net(sk)); 335 336 return 0; 337} 338 339static u8 sadb_ext_min_len[] = { 340 [SADB_EXT_RESERVED] = (u8) 0, 341 [SADB_EXT_SA] = (u8) sizeof(struct sadb_sa), 342 [SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime), 343 [SADB_EXT_LIFETIME_HARD] = (u8) sizeof(struct sadb_lifetime), 344 [SADB_EXT_LIFETIME_SOFT] = (u8) sizeof(struct sadb_lifetime), 345 [SADB_EXT_ADDRESS_SRC] = (u8) sizeof(struct sadb_address), 346 [SADB_EXT_ADDRESS_DST] = (u8) sizeof(struct sadb_address), 347 [SADB_EXT_ADDRESS_PROXY] = (u8) sizeof(struct sadb_address), 348 [SADB_EXT_KEY_AUTH] = (u8) sizeof(struct sadb_key), 349 [SADB_EXT_KEY_ENCRYPT] = (u8) sizeof(struct sadb_key), 350 [SADB_EXT_IDENTITY_SRC] = (u8) sizeof(struct sadb_ident), 351 [SADB_EXT_IDENTITY_DST] = (u8) sizeof(struct sadb_ident), 352 [SADB_EXT_SENSITIVITY] = (u8) sizeof(struct sadb_sens), 353 [SADB_EXT_PROPOSAL] = (u8) sizeof(struct sadb_prop), 354 [SADB_EXT_SUPPORTED_AUTH] = (u8) sizeof(struct sadb_supported), 355 [SADB_EXT_SUPPORTED_ENCRYPT] = (u8) sizeof(struct sadb_supported), 356 [SADB_EXT_SPIRANGE] = (u8) sizeof(struct sadb_spirange), 357 [SADB_X_EXT_KMPRIVATE] = (u8) sizeof(struct sadb_x_kmprivate), 358 [SADB_X_EXT_POLICY] = (u8) sizeof(struct sadb_x_policy), 359 [SADB_X_EXT_SA2] = (u8) sizeof(struct sadb_x_sa2), 360 [SADB_X_EXT_NAT_T_TYPE] = (u8) sizeof(struct sadb_x_nat_t_type), 361 [SADB_X_EXT_NAT_T_SPORT] = (u8) sizeof(struct sadb_x_nat_t_port), 362 [SADB_X_EXT_NAT_T_DPORT] = (u8) sizeof(struct sadb_x_nat_t_port), 363 [SADB_X_EXT_NAT_T_OA] = (u8) sizeof(struct sadb_address), 364 [SADB_X_EXT_SEC_CTX] = (u8) sizeof(struct sadb_x_sec_ctx), 365 [SADB_X_EXT_KMADDRESS] = (u8) sizeof(struct sadb_x_kmaddress), 366}; 367 368/* Verify sadb_address_{len,prefixlen} against sa_family. */ 369static int verify_address_len(void *p) 370{ 371 struct sadb_address *sp = p; 372 struct sockaddr *addr = (struct sockaddr *)(sp + 1); 373 struct sockaddr_in *sin; 374#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 375 struct sockaddr_in6 *sin6; 376#endif 377 int len; 378 379 switch (addr->sa_family) { 380 case AF_INET: 381 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin), sizeof(uint64_t)); 382 if (sp->sadb_address_len != len || 383 sp->sadb_address_prefixlen > 32) 384 return -EINVAL; 385 break; 386#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 387 case AF_INET6: 388 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin6), sizeof(uint64_t)); 389 if (sp->sadb_address_len != len || 390 sp->sadb_address_prefixlen > 128) 391 return -EINVAL; 392 break; 393#endif 394 default: 395 return -EINVAL; 396 break; 397 } 398 399 return 0; 400} 401 402static inline int pfkey_sec_ctx_len(struct sadb_x_sec_ctx *sec_ctx) 403{ 404 return DIV_ROUND_UP(sizeof(struct sadb_x_sec_ctx) + 405 sec_ctx->sadb_x_ctx_len, 406 sizeof(uint64_t)); 407} 408 409static inline int verify_sec_ctx_len(void *p) 410{ 411 struct sadb_x_sec_ctx *sec_ctx = (struct sadb_x_sec_ctx *)p; 412 int len = sec_ctx->sadb_x_ctx_len; 413 414 if (len > PAGE_SIZE) 415 return -EINVAL; 416 417 len = pfkey_sec_ctx_len(sec_ctx); 418 419 if (sec_ctx->sadb_x_sec_len != len) 420 return -EINVAL; 421 422 return 0; 423} 424 425static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(struct sadb_x_sec_ctx *sec_ctx) 426{ 427 struct xfrm_user_sec_ctx *uctx = NULL; 428 int ctx_size = sec_ctx->sadb_x_ctx_len; 429 430 uctx = kmalloc((sizeof(*uctx)+ctx_size), GFP_KERNEL); 431 432 if (!uctx) 433 return NULL; 434 435 uctx->len = pfkey_sec_ctx_len(sec_ctx); 436 uctx->exttype = sec_ctx->sadb_x_sec_exttype; 437 uctx->ctx_doi = sec_ctx->sadb_x_ctx_doi; 438 uctx->ctx_alg = sec_ctx->sadb_x_ctx_alg; 439 uctx->ctx_len = sec_ctx->sadb_x_ctx_len; 440 memcpy(uctx + 1, sec_ctx + 1, 441 uctx->ctx_len); 442 443 return uctx; 444} 445 446static int present_and_same_family(struct sadb_address *src, 447 struct sadb_address *dst) 448{ 449 struct sockaddr *s_addr, *d_addr; 450 451 if (!src || !dst) 452 return 0; 453 454 s_addr = (struct sockaddr *)(src + 1); 455 d_addr = (struct sockaddr *)(dst + 1); 456 if (s_addr->sa_family != d_addr->sa_family) 457 return 0; 458 if (s_addr->sa_family != AF_INET 459#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 460 && s_addr->sa_family != AF_INET6 461#endif 462 ) 463 return 0; 464 465 return 1; 466} 467 468static int parse_exthdrs(struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 469{ 470 char *p = (char *) hdr; 471 int len = skb->len; 472 473 len -= sizeof(*hdr); 474 p += sizeof(*hdr); 475 while (len > 0) { 476 struct sadb_ext *ehdr = (struct sadb_ext *) p; 477 uint16_t ext_type; 478 int ext_len; 479 480 ext_len = ehdr->sadb_ext_len; 481 ext_len *= sizeof(uint64_t); 482 ext_type = ehdr->sadb_ext_type; 483 if (ext_len < sizeof(uint64_t) || 484 ext_len > len || 485 ext_type == SADB_EXT_RESERVED) 486 return -EINVAL; 487 488 if (ext_type <= SADB_EXT_MAX) { 489 int min = (int) sadb_ext_min_len[ext_type]; 490 if (ext_len < min) 491 return -EINVAL; 492 if (ext_hdrs[ext_type-1] != NULL) 493 return -EINVAL; 494 if (ext_type == SADB_EXT_ADDRESS_SRC || 495 ext_type == SADB_EXT_ADDRESS_DST || 496 ext_type == SADB_EXT_ADDRESS_PROXY || 497 ext_type == SADB_X_EXT_NAT_T_OA) { 498 if (verify_address_len(p)) 499 return -EINVAL; 500 } 501 if (ext_type == SADB_X_EXT_SEC_CTX) { 502 if (verify_sec_ctx_len(p)) 503 return -EINVAL; 504 } 505 ext_hdrs[ext_type-1] = p; 506 } 507 p += ext_len; 508 len -= ext_len; 509 } 510 511 return 0; 512} 513 514static uint16_t 515pfkey_satype2proto(uint8_t satype) 516{ 517 switch (satype) { 518 case SADB_SATYPE_UNSPEC: 519 return IPSEC_PROTO_ANY; 520 case SADB_SATYPE_AH: 521 return IPPROTO_AH; 522 case SADB_SATYPE_ESP: 523 return IPPROTO_ESP; 524 case SADB_X_SATYPE_IPCOMP: 525 return IPPROTO_COMP; 526 break; 527 default: 528 return 0; 529 } 530 /* NOTREACHED */ 531} 532 533static uint8_t 534pfkey_proto2satype(uint16_t proto) 535{ 536 switch (proto) { 537 case IPPROTO_AH: 538 return SADB_SATYPE_AH; 539 case IPPROTO_ESP: 540 return SADB_SATYPE_ESP; 541 case IPPROTO_COMP: 542 return SADB_X_SATYPE_IPCOMP; 543 break; 544 default: 545 return 0; 546 } 547 /* NOTREACHED */ 548} 549 550/* BTW, this scheme means that there is no way with PFKEY2 sockets to 551 * say specifically 'just raw sockets' as we encode them as 255. 552 */ 553 554static uint8_t pfkey_proto_to_xfrm(uint8_t proto) 555{ 556 return (proto == IPSEC_PROTO_ANY ? 0 : proto); 557} 558 559static uint8_t pfkey_proto_from_xfrm(uint8_t proto) 560{ 561 return (proto ? proto : IPSEC_PROTO_ANY); 562} 563 564static inline int pfkey_sockaddr_len(sa_family_t family) 565{ 566 switch (family) { 567 case AF_INET: 568 return sizeof(struct sockaddr_in); 569#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 570 case AF_INET6: 571 return sizeof(struct sockaddr_in6); 572#endif 573 } 574 return 0; 575} 576 577static 578int pfkey_sockaddr_extract(const struct sockaddr *sa, xfrm_address_t *xaddr) 579{ 580 switch (sa->sa_family) { 581 case AF_INET: 582 xaddr->a4 = 583 ((struct sockaddr_in *)sa)->sin_addr.s_addr; 584 return AF_INET; 585#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 586 case AF_INET6: 587 memcpy(xaddr->a6, 588 &((struct sockaddr_in6 *)sa)->sin6_addr, 589 sizeof(struct in6_addr)); 590 return AF_INET6; 591#endif 592 } 593 return 0; 594} 595 596static 597int pfkey_sadb_addr2xfrm_addr(struct sadb_address *addr, xfrm_address_t *xaddr) 598{ 599 return pfkey_sockaddr_extract((struct sockaddr *)(addr + 1), 600 xaddr); 601} 602 603static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, struct sadb_msg *hdr, void **ext_hdrs) 604{ 605 struct sadb_sa *sa; 606 struct sadb_address *addr; 607 uint16_t proto; 608 unsigned short family; 609 xfrm_address_t *xaddr; 610 611 sa = (struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1]; 612 if (sa == NULL) 613 return NULL; 614 615 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 616 if (proto == 0) 617 return NULL; 618 619 /* sadb_address_len should be checked by caller */ 620 addr = (struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1]; 621 if (addr == NULL) 622 return NULL; 623 624 family = ((struct sockaddr *)(addr + 1))->sa_family; 625 switch (family) { 626 case AF_INET: 627 xaddr = (xfrm_address_t *)&((struct sockaddr_in *)(addr + 1))->sin_addr; 628 break; 629#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 630 case AF_INET6: 631 xaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(addr + 1))->sin6_addr; 632 break; 633#endif 634 default: 635 xaddr = NULL; 636 } 637 638 if (!xaddr) 639 return NULL; 640 641 return xfrm_state_lookup(net, DUMMY_MARK, xaddr, sa->sadb_sa_spi, proto, family); 642} 643 644#define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1))) 645 646static int 647pfkey_sockaddr_size(sa_family_t family) 648{ 649 return PFKEY_ALIGN8(pfkey_sockaddr_len(family)); 650} 651 652static inline int pfkey_mode_from_xfrm(int mode) 653{ 654 switch(mode) { 655 case XFRM_MODE_TRANSPORT: 656 return IPSEC_MODE_TRANSPORT; 657 case XFRM_MODE_TUNNEL: 658 return IPSEC_MODE_TUNNEL; 659 case XFRM_MODE_BEET: 660 return IPSEC_MODE_BEET; 661 default: 662 return -1; 663 } 664} 665 666static inline int pfkey_mode_to_xfrm(int mode) 667{ 668 switch(mode) { 669 case IPSEC_MODE_ANY: 670 case IPSEC_MODE_TRANSPORT: 671 return XFRM_MODE_TRANSPORT; 672 case IPSEC_MODE_TUNNEL: 673 return XFRM_MODE_TUNNEL; 674 case IPSEC_MODE_BEET: 675 return XFRM_MODE_BEET; 676 default: 677 return -1; 678 } 679} 680 681static unsigned int pfkey_sockaddr_fill(xfrm_address_t *xaddr, __be16 port, 682 struct sockaddr *sa, 683 unsigned short family) 684{ 685 switch (family) { 686 case AF_INET: 687 { 688 struct sockaddr_in *sin = (struct sockaddr_in *)sa; 689 sin->sin_family = AF_INET; 690 sin->sin_port = port; 691 sin->sin_addr.s_addr = xaddr->a4; 692 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 693 return 32; 694 } 695#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 696 case AF_INET6: 697 { 698 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa; 699 sin6->sin6_family = AF_INET6; 700 sin6->sin6_port = port; 701 sin6->sin6_flowinfo = 0; 702 ipv6_addr_copy(&sin6->sin6_addr, (struct in6_addr *)xaddr->a6); 703 sin6->sin6_scope_id = 0; 704 return 128; 705 } 706#endif 707 } 708 return 0; 709} 710 711static struct sk_buff *__pfkey_xfrm_state2msg(struct xfrm_state *x, 712 int add_keys, int hsc) 713{ 714 struct sk_buff *skb; 715 struct sadb_msg *hdr; 716 struct sadb_sa *sa; 717 struct sadb_lifetime *lifetime; 718 struct sadb_address *addr; 719 struct sadb_key *key; 720 struct sadb_x_sa2 *sa2; 721 struct sadb_x_sec_ctx *sec_ctx; 722 struct xfrm_sec_ctx *xfrm_ctx; 723 int ctx_size = 0; 724 int size; 725 int auth_key_size = 0; 726 int encrypt_key_size = 0; 727 int sockaddr_size; 728 struct xfrm_encap_tmpl *natt = NULL; 729 int mode; 730 731 /* address family check */ 732 sockaddr_size = pfkey_sockaddr_size(x->props.family); 733 if (!sockaddr_size) 734 return ERR_PTR(-EINVAL); 735 736 /* base, SA, (lifetime (HSC),) address(SD), (address(P),) 737 key(AE), (identity(SD),) (sensitivity)> */ 738 size = sizeof(struct sadb_msg) +sizeof(struct sadb_sa) + 739 sizeof(struct sadb_lifetime) + 740 ((hsc & 1) ? sizeof(struct sadb_lifetime) : 0) + 741 ((hsc & 2) ? sizeof(struct sadb_lifetime) : 0) + 742 sizeof(struct sadb_address)*2 + 743 sockaddr_size*2 + 744 sizeof(struct sadb_x_sa2); 745 746 if ((xfrm_ctx = x->security)) { 747 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len); 748 size += sizeof(struct sadb_x_sec_ctx) + ctx_size; 749 } 750 751 /* identity & sensitivity */ 752 if (xfrm_addr_cmp(&x->sel.saddr, &x->props.saddr, x->props.family)) 753 size += sizeof(struct sadb_address) + sockaddr_size; 754 755 if (add_keys) { 756 if (x->aalg && x->aalg->alg_key_len) { 757 auth_key_size = 758 PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8); 759 size += sizeof(struct sadb_key) + auth_key_size; 760 } 761 if (x->ealg && x->ealg->alg_key_len) { 762 encrypt_key_size = 763 PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8); 764 size += sizeof(struct sadb_key) + encrypt_key_size; 765 } 766 } 767 if (x->encap) 768 natt = x->encap; 769 770 if (natt && natt->encap_type) { 771 size += sizeof(struct sadb_x_nat_t_type); 772 size += sizeof(struct sadb_x_nat_t_port); 773 size += sizeof(struct sadb_x_nat_t_port); 774 } 775 776 skb = alloc_skb(size + 16, GFP_ATOMIC); 777 if (skb == NULL) 778 return ERR_PTR(-ENOBUFS); 779 780 /* call should fill header later */ 781 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); 782 memset(hdr, 0, size); 783 hdr->sadb_msg_len = size / sizeof(uint64_t); 784 785 /* sa */ 786 sa = (struct sadb_sa *) skb_put(skb, sizeof(struct sadb_sa)); 787 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t); 788 sa->sadb_sa_exttype = SADB_EXT_SA; 789 sa->sadb_sa_spi = x->id.spi; 790 sa->sadb_sa_replay = x->props.replay_window; 791 switch (x->km.state) { 792 case XFRM_STATE_VALID: 793 sa->sadb_sa_state = x->km.dying ? 794 SADB_SASTATE_DYING : SADB_SASTATE_MATURE; 795 break; 796 case XFRM_STATE_ACQ: 797 sa->sadb_sa_state = SADB_SASTATE_LARVAL; 798 break; 799 default: 800 sa->sadb_sa_state = SADB_SASTATE_DEAD; 801 break; 802 } 803 sa->sadb_sa_auth = 0; 804 if (x->aalg) { 805 struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0); 806 sa->sadb_sa_auth = a ? a->desc.sadb_alg_id : 0; 807 } 808 sa->sadb_sa_encrypt = 0; 809 BUG_ON(x->ealg && x->calg); 810 if (x->ealg) { 811 struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0); 812 sa->sadb_sa_encrypt = a ? a->desc.sadb_alg_id : 0; 813 } 814 /* KAME compatible: sadb_sa_encrypt is overloaded with calg id */ 815 if (x->calg) { 816 struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0); 817 sa->sadb_sa_encrypt = a ? a->desc.sadb_alg_id : 0; 818 } 819 820 sa->sadb_sa_flags = 0; 821 if (x->props.flags & XFRM_STATE_NOECN) 822 sa->sadb_sa_flags |= SADB_SAFLAGS_NOECN; 823 if (x->props.flags & XFRM_STATE_DECAP_DSCP) 824 sa->sadb_sa_flags |= SADB_SAFLAGS_DECAP_DSCP; 825 if (x->props.flags & XFRM_STATE_NOPMTUDISC) 826 sa->sadb_sa_flags |= SADB_SAFLAGS_NOPMTUDISC; 827 828 /* hard time */ 829 if (hsc & 2) { 830 lifetime = (struct sadb_lifetime *) skb_put(skb, 831 sizeof(struct sadb_lifetime)); 832 lifetime->sadb_lifetime_len = 833 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 834 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 835 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.hard_packet_limit); 836 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.hard_byte_limit); 837 lifetime->sadb_lifetime_addtime = x->lft.hard_add_expires_seconds; 838 lifetime->sadb_lifetime_usetime = x->lft.hard_use_expires_seconds; 839 } 840 /* soft time */ 841 if (hsc & 1) { 842 lifetime = (struct sadb_lifetime *) skb_put(skb, 843 sizeof(struct sadb_lifetime)); 844 lifetime->sadb_lifetime_len = 845 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 846 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 847 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.soft_packet_limit); 848 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.soft_byte_limit); 849 lifetime->sadb_lifetime_addtime = x->lft.soft_add_expires_seconds; 850 lifetime->sadb_lifetime_usetime = x->lft.soft_use_expires_seconds; 851 } 852 /* current time */ 853 lifetime = (struct sadb_lifetime *) skb_put(skb, 854 sizeof(struct sadb_lifetime)); 855 lifetime->sadb_lifetime_len = 856 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 857 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 858 lifetime->sadb_lifetime_allocations = x->curlft.packets; 859 lifetime->sadb_lifetime_bytes = x->curlft.bytes; 860 lifetime->sadb_lifetime_addtime = x->curlft.add_time; 861 lifetime->sadb_lifetime_usetime = x->curlft.use_time; 862 /* src address */ 863 addr = (struct sadb_address*) skb_put(skb, 864 sizeof(struct sadb_address)+sockaddr_size); 865 addr->sadb_address_len = 866 (sizeof(struct sadb_address)+sockaddr_size)/ 867 sizeof(uint64_t); 868 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 869 /* "if the ports are non-zero, then the sadb_address_proto field, 870 normally zero, MUST be filled in with the transport 871 protocol's number." - RFC2367 */ 872 addr->sadb_address_proto = 0; 873 addr->sadb_address_reserved = 0; 874 875 addr->sadb_address_prefixlen = 876 pfkey_sockaddr_fill(&x->props.saddr, 0, 877 (struct sockaddr *) (addr + 1), 878 x->props.family); 879 if (!addr->sadb_address_prefixlen) 880 BUG(); 881 882 /* dst address */ 883 addr = (struct sadb_address*) skb_put(skb, 884 sizeof(struct sadb_address)+sockaddr_size); 885 addr->sadb_address_len = 886 (sizeof(struct sadb_address)+sockaddr_size)/ 887 sizeof(uint64_t); 888 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 889 addr->sadb_address_proto = 0; 890 addr->sadb_address_reserved = 0; 891 892 addr->sadb_address_prefixlen = 893 pfkey_sockaddr_fill(&x->id.daddr, 0, 894 (struct sockaddr *) (addr + 1), 895 x->props.family); 896 if (!addr->sadb_address_prefixlen) 897 BUG(); 898 899 if (xfrm_addr_cmp(&x->sel.saddr, &x->props.saddr, 900 x->props.family)) { 901 addr = (struct sadb_address*) skb_put(skb, 902 sizeof(struct sadb_address)+sockaddr_size); 903 addr->sadb_address_len = 904 (sizeof(struct sadb_address)+sockaddr_size)/ 905 sizeof(uint64_t); 906 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY; 907 addr->sadb_address_proto = 908 pfkey_proto_from_xfrm(x->sel.proto); 909 addr->sadb_address_prefixlen = x->sel.prefixlen_s; 910 addr->sadb_address_reserved = 0; 911 912 pfkey_sockaddr_fill(&x->sel.saddr, x->sel.sport, 913 (struct sockaddr *) (addr + 1), 914 x->props.family); 915 } 916 917 /* auth key */ 918 if (add_keys && auth_key_size) { 919 key = (struct sadb_key *) skb_put(skb, 920 sizeof(struct sadb_key)+auth_key_size); 921 key->sadb_key_len = (sizeof(struct sadb_key) + auth_key_size) / 922 sizeof(uint64_t); 923 key->sadb_key_exttype = SADB_EXT_KEY_AUTH; 924 key->sadb_key_bits = x->aalg->alg_key_len; 925 key->sadb_key_reserved = 0; 926 memcpy(key + 1, x->aalg->alg_key, (x->aalg->alg_key_len+7)/8); 927 } 928 /* encrypt key */ 929 if (add_keys && encrypt_key_size) { 930 key = (struct sadb_key *) skb_put(skb, 931 sizeof(struct sadb_key)+encrypt_key_size); 932 key->sadb_key_len = (sizeof(struct sadb_key) + 933 encrypt_key_size) / sizeof(uint64_t); 934 key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT; 935 key->sadb_key_bits = x->ealg->alg_key_len; 936 key->sadb_key_reserved = 0; 937 memcpy(key + 1, x->ealg->alg_key, 938 (x->ealg->alg_key_len+7)/8); 939 } 940 941 /* sa */ 942 sa2 = (struct sadb_x_sa2 *) skb_put(skb, sizeof(struct sadb_x_sa2)); 943 sa2->sadb_x_sa2_len = sizeof(struct sadb_x_sa2)/sizeof(uint64_t); 944 sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 945 if ((mode = pfkey_mode_from_xfrm(x->props.mode)) < 0) { 946 kfree_skb(skb); 947 return ERR_PTR(-EINVAL); 948 } 949 sa2->sadb_x_sa2_mode = mode; 950 sa2->sadb_x_sa2_reserved1 = 0; 951 sa2->sadb_x_sa2_reserved2 = 0; 952 sa2->sadb_x_sa2_sequence = 0; 953 sa2->sadb_x_sa2_reqid = x->props.reqid; 954 955 if (natt && natt->encap_type) { 956 struct sadb_x_nat_t_type *n_type; 957 struct sadb_x_nat_t_port *n_port; 958 959 /* type */ 960 n_type = (struct sadb_x_nat_t_type*) skb_put(skb, sizeof(*n_type)); 961 n_type->sadb_x_nat_t_type_len = sizeof(*n_type)/sizeof(uint64_t); 962 n_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 963 n_type->sadb_x_nat_t_type_type = natt->encap_type; 964 n_type->sadb_x_nat_t_type_reserved[0] = 0; 965 n_type->sadb_x_nat_t_type_reserved[1] = 0; 966 n_type->sadb_x_nat_t_type_reserved[2] = 0; 967 968 /* source port */ 969 n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port)); 970 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t); 971 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT; 972 n_port->sadb_x_nat_t_port_port = natt->encap_sport; 973 n_port->sadb_x_nat_t_port_reserved = 0; 974 975 /* dest port */ 976 n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port)); 977 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t); 978 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT; 979 n_port->sadb_x_nat_t_port_port = natt->encap_dport; 980 n_port->sadb_x_nat_t_port_reserved = 0; 981 } 982 983 /* security context */ 984 if (xfrm_ctx) { 985 sec_ctx = (struct sadb_x_sec_ctx *) skb_put(skb, 986 sizeof(struct sadb_x_sec_ctx) + ctx_size); 987 sec_ctx->sadb_x_sec_len = 988 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t); 989 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX; 990 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi; 991 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg; 992 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len; 993 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str, 994 xfrm_ctx->ctx_len); 995 } 996 997 return skb; 998} 999 1000 1001static inline struct sk_buff *pfkey_xfrm_state2msg(struct xfrm_state *x) 1002{ 1003 struct sk_buff *skb; 1004 1005 skb = __pfkey_xfrm_state2msg(x, 1, 3); 1006 1007 return skb; 1008} 1009 1010static inline struct sk_buff *pfkey_xfrm_state2msg_expire(struct xfrm_state *x, 1011 int hsc) 1012{ 1013 return __pfkey_xfrm_state2msg(x, 0, hsc); 1014} 1015 1016static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, 1017 struct sadb_msg *hdr, 1018 void **ext_hdrs) 1019{ 1020 struct xfrm_state *x; 1021 struct sadb_lifetime *lifetime; 1022 struct sadb_sa *sa; 1023 struct sadb_key *key; 1024 struct sadb_x_sec_ctx *sec_ctx; 1025 uint16_t proto; 1026 int err; 1027 1028 1029 sa = (struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1]; 1030 if (!sa || 1031 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1032 ext_hdrs[SADB_EXT_ADDRESS_DST-1])) 1033 return ERR_PTR(-EINVAL); 1034 if (hdr->sadb_msg_satype == SADB_SATYPE_ESP && 1035 !ext_hdrs[SADB_EXT_KEY_ENCRYPT-1]) 1036 return ERR_PTR(-EINVAL); 1037 if (hdr->sadb_msg_satype == SADB_SATYPE_AH && 1038 !ext_hdrs[SADB_EXT_KEY_AUTH-1]) 1039 return ERR_PTR(-EINVAL); 1040 if (!!ext_hdrs[SADB_EXT_LIFETIME_HARD-1] != 1041 !!ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]) 1042 return ERR_PTR(-EINVAL); 1043 1044 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 1045 if (proto == 0) 1046 return ERR_PTR(-EINVAL); 1047 1048 /* default error is no buffer space */ 1049 err = -ENOBUFS; 1050 1051 /* RFC2367: 1052 1053 Only SADB_SASTATE_MATURE SAs may be submitted in an SADB_ADD message. 1054 SADB_SASTATE_LARVAL SAs are created by SADB_GETSPI and it is not 1055 sensible to add a new SA in the DYING or SADB_SASTATE_DEAD state. 1056 Therefore, the sadb_sa_state field of all submitted SAs MUST be 1057 SADB_SASTATE_MATURE and the kernel MUST return an error if this is 1058 not true. 1059 1060 However, KAME setkey always uses SADB_SASTATE_LARVAL. 1061 Hence, we have to _ignore_ sadb_sa_state, which is also reasonable. 1062 */ 1063 if (sa->sadb_sa_auth > SADB_AALG_MAX || 1064 (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP && 1065 sa->sadb_sa_encrypt > SADB_X_CALG_MAX) || 1066 sa->sadb_sa_encrypt > SADB_EALG_MAX) 1067 return ERR_PTR(-EINVAL); 1068 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1]; 1069 if (key != NULL && 1070 sa->sadb_sa_auth != SADB_X_AALG_NULL && 1071 ((key->sadb_key_bits+7) / 8 == 0 || 1072 (key->sadb_key_bits+7) / 8 > key->sadb_key_len * sizeof(uint64_t))) 1073 return ERR_PTR(-EINVAL); 1074 key = ext_hdrs[SADB_EXT_KEY_ENCRYPT-1]; 1075 if (key != NULL && 1076 sa->sadb_sa_encrypt != SADB_EALG_NULL && 1077 ((key->sadb_key_bits+7) / 8 == 0 || 1078 (key->sadb_key_bits+7) / 8 > key->sadb_key_len * sizeof(uint64_t))) 1079 return ERR_PTR(-EINVAL); 1080 1081 x = xfrm_state_alloc(net); 1082 if (x == NULL) 1083 return ERR_PTR(-ENOBUFS); 1084 1085 x->id.proto = proto; 1086 x->id.spi = sa->sadb_sa_spi; 1087 x->props.replay_window = sa->sadb_sa_replay; 1088 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOECN) 1089 x->props.flags |= XFRM_STATE_NOECN; 1090 if (sa->sadb_sa_flags & SADB_SAFLAGS_DECAP_DSCP) 1091 x->props.flags |= XFRM_STATE_DECAP_DSCP; 1092 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC) 1093 x->props.flags |= XFRM_STATE_NOPMTUDISC; 1094 1095 lifetime = (struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_HARD-1]; 1096 if (lifetime != NULL) { 1097 x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); 1098 x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); 1099 x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime; 1100 x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime; 1101 } 1102 lifetime = (struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]; 1103 if (lifetime != NULL) { 1104 x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); 1105 x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); 1106 x->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime; 1107 x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime; 1108 } 1109 1110 sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1]; 1111 if (sec_ctx != NULL) { 1112 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx); 1113 1114 if (!uctx) 1115 goto out; 1116 1117 err = security_xfrm_state_alloc(x, uctx); 1118 kfree(uctx); 1119 1120 if (err) 1121 goto out; 1122 } 1123 1124 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1]; 1125 if (sa->sadb_sa_auth) { 1126 int keysize = 0; 1127 struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth); 1128 if (!a) { 1129 err = -ENOSYS; 1130 goto out; 1131 } 1132 if (key) 1133 keysize = (key->sadb_key_bits + 7) / 8; 1134 x->aalg = kmalloc(sizeof(*x->aalg) + keysize, GFP_KERNEL); 1135 if (!x->aalg) 1136 goto out; 1137 strcpy(x->aalg->alg_name, a->name); 1138 x->aalg->alg_key_len = 0; 1139 if (key) { 1140 x->aalg->alg_key_len = key->sadb_key_bits; 1141 memcpy(x->aalg->alg_key, key+1, keysize); 1142 } 1143 x->aalg->alg_trunc_len = a->uinfo.auth.icv_truncbits; 1144 x->props.aalgo = sa->sadb_sa_auth; 1145 /* x->algo.flags = sa->sadb_sa_flags; */ 1146 } 1147 if (sa->sadb_sa_encrypt) { 1148 if (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) { 1149 struct xfrm_algo_desc *a = xfrm_calg_get_byid(sa->sadb_sa_encrypt); 1150 if (!a) { 1151 err = -ENOSYS; 1152 goto out; 1153 } 1154 x->calg = kmalloc(sizeof(*x->calg), GFP_KERNEL); 1155 if (!x->calg) 1156 goto out; 1157 strcpy(x->calg->alg_name, a->name); 1158 x->props.calgo = sa->sadb_sa_encrypt; 1159 } else { 1160 int keysize = 0; 1161 struct xfrm_algo_desc *a = xfrm_ealg_get_byid(sa->sadb_sa_encrypt); 1162 if (!a) { 1163 err = -ENOSYS; 1164 goto out; 1165 } 1166 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_ENCRYPT-1]; 1167 if (key) 1168 keysize = (key->sadb_key_bits + 7) / 8; 1169 x->ealg = kmalloc(sizeof(*x->ealg) + keysize, GFP_KERNEL); 1170 if (!x->ealg) 1171 goto out; 1172 strcpy(x->ealg->alg_name, a->name); 1173 x->ealg->alg_key_len = 0; 1174 if (key) { 1175 x->ealg->alg_key_len = key->sadb_key_bits; 1176 memcpy(x->ealg->alg_key, key+1, keysize); 1177 } 1178 x->props.ealgo = sa->sadb_sa_encrypt; 1179 } 1180 } 1181 /* x->algo.flags = sa->sadb_sa_flags; */ 1182 1183 x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1184 &x->props.saddr); 1185 if (!x->props.family) { 1186 err = -EAFNOSUPPORT; 1187 goto out; 1188 } 1189 pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1], 1190 &x->id.daddr); 1191 1192 if (ext_hdrs[SADB_X_EXT_SA2-1]) { 1193 struct sadb_x_sa2 *sa2 = (void*)ext_hdrs[SADB_X_EXT_SA2-1]; 1194 int mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode); 1195 if (mode < 0) { 1196 err = -EINVAL; 1197 goto out; 1198 } 1199 x->props.mode = mode; 1200 x->props.reqid = sa2->sadb_x_sa2_reqid; 1201 } 1202 1203 if (ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]) { 1204 struct sadb_address *addr = ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]; 1205 1206 /* Nobody uses this, but we try. */ 1207 x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr); 1208 x->sel.prefixlen_s = addr->sadb_address_prefixlen; 1209 } 1210 1211 if (!x->sel.family) 1212 x->sel.family = x->props.family; 1213 1214 if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) { 1215 struct sadb_x_nat_t_type* n_type; 1216 struct xfrm_encap_tmpl *natt; 1217 1218 x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL); 1219 if (!x->encap) 1220 goto out; 1221 1222 natt = x->encap; 1223 n_type = ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]; 1224 natt->encap_type = n_type->sadb_x_nat_t_type_type; 1225 1226 if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) { 1227 struct sadb_x_nat_t_port* n_port = 1228 ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]; 1229 natt->encap_sport = n_port->sadb_x_nat_t_port_port; 1230 } 1231 if (ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]) { 1232 struct sadb_x_nat_t_port* n_port = 1233 ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]; 1234 natt->encap_dport = n_port->sadb_x_nat_t_port_port; 1235 } 1236 memset(&natt->encap_oa, 0, sizeof(natt->encap_oa)); 1237 } 1238 1239 err = xfrm_init_state(x); 1240 if (err) 1241 goto out; 1242 1243 x->km.seq = hdr->sadb_msg_seq; 1244 return x; 1245 1246out: 1247 x->km.state = XFRM_STATE_DEAD; 1248 xfrm_state_put(x); 1249 return ERR_PTR(err); 1250} 1251 1252static int pfkey_reserved(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1253{ 1254 return -EOPNOTSUPP; 1255} 1256 1257static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1258{ 1259 struct net *net = sock_net(sk); 1260 struct sk_buff *resp_skb; 1261 struct sadb_x_sa2 *sa2; 1262 struct sadb_address *saddr, *daddr; 1263 struct sadb_msg *out_hdr; 1264 struct sadb_spirange *range; 1265 struct xfrm_state *x = NULL; 1266 int mode; 1267 int err; 1268 u32 min_spi, max_spi; 1269 u32 reqid; 1270 u8 proto; 1271 unsigned short family; 1272 xfrm_address_t *xsaddr = NULL, *xdaddr = NULL; 1273 1274 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1275 ext_hdrs[SADB_EXT_ADDRESS_DST-1])) 1276 return -EINVAL; 1277 1278 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 1279 if (proto == 0) 1280 return -EINVAL; 1281 1282 if ((sa2 = ext_hdrs[SADB_X_EXT_SA2-1]) != NULL) { 1283 mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode); 1284 if (mode < 0) 1285 return -EINVAL; 1286 reqid = sa2->sadb_x_sa2_reqid; 1287 } else { 1288 mode = 0; 1289 reqid = 0; 1290 } 1291 1292 saddr = ext_hdrs[SADB_EXT_ADDRESS_SRC-1]; 1293 daddr = ext_hdrs[SADB_EXT_ADDRESS_DST-1]; 1294 1295 family = ((struct sockaddr *)(saddr + 1))->sa_family; 1296 switch (family) { 1297 case AF_INET: 1298 xdaddr = (xfrm_address_t *)&((struct sockaddr_in *)(daddr + 1))->sin_addr.s_addr; 1299 xsaddr = (xfrm_address_t *)&((struct sockaddr_in *)(saddr + 1))->sin_addr.s_addr; 1300 break; 1301#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1302 case AF_INET6: 1303 xdaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(daddr + 1))->sin6_addr; 1304 xsaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(saddr + 1))->sin6_addr; 1305 break; 1306#endif 1307 } 1308 1309 if (hdr->sadb_msg_seq) { 1310 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq); 1311 if (x && xfrm_addr_cmp(&x->id.daddr, xdaddr, family)) { 1312 xfrm_state_put(x); 1313 x = NULL; 1314 } 1315 } 1316 1317 if (!x) 1318 x = xfrm_find_acq(net, &dummy_mark, mode, reqid, proto, xdaddr, xsaddr, 1, family); 1319 1320 if (x == NULL) 1321 return -ENOENT; 1322 1323 min_spi = 0x100; 1324 max_spi = 0x0fffffff; 1325 1326 range = ext_hdrs[SADB_EXT_SPIRANGE-1]; 1327 if (range) { 1328 min_spi = range->sadb_spirange_min; 1329 max_spi = range->sadb_spirange_max; 1330 } 1331 1332 err = xfrm_alloc_spi(x, min_spi, max_spi); 1333 resp_skb = err ? ERR_PTR(err) : pfkey_xfrm_state2msg(x); 1334 1335 if (IS_ERR(resp_skb)) { 1336 xfrm_state_put(x); 1337 return PTR_ERR(resp_skb); 1338 } 1339 1340 out_hdr = (struct sadb_msg *) resp_skb->data; 1341 out_hdr->sadb_msg_version = hdr->sadb_msg_version; 1342 out_hdr->sadb_msg_type = SADB_GETSPI; 1343 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto); 1344 out_hdr->sadb_msg_errno = 0; 1345 out_hdr->sadb_msg_reserved = 0; 1346 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq; 1347 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid; 1348 1349 xfrm_state_put(x); 1350 1351 pfkey_broadcast(resp_skb, GFP_KERNEL, BROADCAST_ONE, sk, net); 1352 1353 return 0; 1354} 1355 1356static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1357{ 1358 struct net *net = sock_net(sk); 1359 struct xfrm_state *x; 1360 1361 if (hdr->sadb_msg_len != sizeof(struct sadb_msg)/8) 1362 return -EOPNOTSUPP; 1363 1364 if (hdr->sadb_msg_seq == 0 || hdr->sadb_msg_errno == 0) 1365 return 0; 1366 1367 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq); 1368 if (x == NULL) 1369 return 0; 1370 1371 spin_lock_bh(&x->lock); 1372 if (x->km.state == XFRM_STATE_ACQ) { 1373 x->km.state = XFRM_STATE_ERROR; 1374 wake_up(&net->xfrm.km_waitq); 1375 } 1376 spin_unlock_bh(&x->lock); 1377 xfrm_state_put(x); 1378 return 0; 1379} 1380 1381static inline int event2poltype(int event) 1382{ 1383 switch (event) { 1384 case XFRM_MSG_DELPOLICY: 1385 return SADB_X_SPDDELETE; 1386 case XFRM_MSG_NEWPOLICY: 1387 return SADB_X_SPDADD; 1388 case XFRM_MSG_UPDPOLICY: 1389 return SADB_X_SPDUPDATE; 1390 case XFRM_MSG_POLEXPIRE: 1391 // return SADB_X_SPDEXPIRE; 1392 default: 1393 pr_err("pfkey: Unknown policy event %d\n", event); 1394 break; 1395 } 1396 1397 return 0; 1398} 1399 1400static inline int event2keytype(int event) 1401{ 1402 switch (event) { 1403 case XFRM_MSG_DELSA: 1404 return SADB_DELETE; 1405 case XFRM_MSG_NEWSA: 1406 return SADB_ADD; 1407 case XFRM_MSG_UPDSA: 1408 return SADB_UPDATE; 1409 case XFRM_MSG_EXPIRE: 1410 return SADB_EXPIRE; 1411 default: 1412 pr_err("pfkey: Unknown SA event %d\n", event); 1413 break; 1414 } 1415 1416 return 0; 1417} 1418 1419/* ADD/UPD/DEL */ 1420static int key_notify_sa(struct xfrm_state *x, struct km_event *c) 1421{ 1422 struct sk_buff *skb; 1423 struct sadb_msg *hdr; 1424 1425 skb = pfkey_xfrm_state2msg(x); 1426 1427 if (IS_ERR(skb)) 1428 return PTR_ERR(skb); 1429 1430 hdr = (struct sadb_msg *) skb->data; 1431 hdr->sadb_msg_version = PF_KEY_V2; 1432 hdr->sadb_msg_type = event2keytype(c->event); 1433 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); 1434 hdr->sadb_msg_errno = 0; 1435 hdr->sadb_msg_reserved = 0; 1436 hdr->sadb_msg_seq = c->seq; 1437 hdr->sadb_msg_pid = c->pid; 1438 1439 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xs_net(x)); 1440 1441 return 0; 1442} 1443 1444static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1445{ 1446 struct net *net = sock_net(sk); 1447 struct xfrm_state *x; 1448 int err; 1449 struct km_event c; 1450 1451 x = pfkey_msg2xfrm_state(net, hdr, ext_hdrs); 1452 if (IS_ERR(x)) 1453 return PTR_ERR(x); 1454 1455 xfrm_state_hold(x); 1456 if (hdr->sadb_msg_type == SADB_ADD) 1457 err = xfrm_state_add(x); 1458 else 1459 err = xfrm_state_update(x); 1460 1461 xfrm_audit_state_add(x, err ? 0 : 1, 1462 audit_get_loginuid(current), 1463 audit_get_sessionid(current), 0); 1464 1465 if (err < 0) { 1466 x->km.state = XFRM_STATE_DEAD; 1467 __xfrm_state_put(x); 1468 goto out; 1469 } 1470 1471 if (hdr->sadb_msg_type == SADB_ADD) 1472 c.event = XFRM_MSG_NEWSA; 1473 else 1474 c.event = XFRM_MSG_UPDSA; 1475 c.seq = hdr->sadb_msg_seq; 1476 c.pid = hdr->sadb_msg_pid; 1477 km_state_notify(x, &c); 1478out: 1479 xfrm_state_put(x); 1480 return err; 1481} 1482 1483static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1484{ 1485 struct net *net = sock_net(sk); 1486 struct xfrm_state *x; 1487 struct km_event c; 1488 int err; 1489 1490 if (!ext_hdrs[SADB_EXT_SA-1] || 1491 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1492 ext_hdrs[SADB_EXT_ADDRESS_DST-1])) 1493 return -EINVAL; 1494 1495 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs); 1496 if (x == NULL) 1497 return -ESRCH; 1498 1499 if ((err = security_xfrm_state_delete(x))) 1500 goto out; 1501 1502 if (xfrm_state_kern(x)) { 1503 err = -EPERM; 1504 goto out; 1505 } 1506 1507 err = xfrm_state_delete(x); 1508 1509 if (err < 0) 1510 goto out; 1511 1512 c.seq = hdr->sadb_msg_seq; 1513 c.pid = hdr->sadb_msg_pid; 1514 c.event = XFRM_MSG_DELSA; 1515 km_state_notify(x, &c); 1516out: 1517 xfrm_audit_state_delete(x, err ? 0 : 1, 1518 audit_get_loginuid(current), 1519 audit_get_sessionid(current), 0); 1520 xfrm_state_put(x); 1521 1522 return err; 1523} 1524 1525static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1526{ 1527 struct net *net = sock_net(sk); 1528 __u8 proto; 1529 struct sk_buff *out_skb; 1530 struct sadb_msg *out_hdr; 1531 struct xfrm_state *x; 1532 1533 if (!ext_hdrs[SADB_EXT_SA-1] || 1534 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1535 ext_hdrs[SADB_EXT_ADDRESS_DST-1])) 1536 return -EINVAL; 1537 1538 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs); 1539 if (x == NULL) 1540 return -ESRCH; 1541 1542 out_skb = pfkey_xfrm_state2msg(x); 1543 proto = x->id.proto; 1544 xfrm_state_put(x); 1545 if (IS_ERR(out_skb)) 1546 return PTR_ERR(out_skb); 1547 1548 out_hdr = (struct sadb_msg *) out_skb->data; 1549 out_hdr->sadb_msg_version = hdr->sadb_msg_version; 1550 out_hdr->sadb_msg_type = SADB_GET; 1551 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto); 1552 out_hdr->sadb_msg_errno = 0; 1553 out_hdr->sadb_msg_reserved = 0; 1554 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq; 1555 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid; 1556 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk)); 1557 1558 return 0; 1559} 1560 1561static struct sk_buff *compose_sadb_supported(struct sadb_msg *orig, 1562 gfp_t allocation) 1563{ 1564 struct sk_buff *skb; 1565 struct sadb_msg *hdr; 1566 int len, auth_len, enc_len, i; 1567 1568 auth_len = xfrm_count_auth_supported(); 1569 if (auth_len) { 1570 auth_len *= sizeof(struct sadb_alg); 1571 auth_len += sizeof(struct sadb_supported); 1572 } 1573 1574 enc_len = xfrm_count_enc_supported(); 1575 if (enc_len) { 1576 enc_len *= sizeof(struct sadb_alg); 1577 enc_len += sizeof(struct sadb_supported); 1578 } 1579 1580 len = enc_len + auth_len + sizeof(struct sadb_msg); 1581 1582 skb = alloc_skb(len + 16, allocation); 1583 if (!skb) 1584 goto out_put_algs; 1585 1586 hdr = (struct sadb_msg *) skb_put(skb, sizeof(*hdr)); 1587 pfkey_hdr_dup(hdr, orig); 1588 hdr->sadb_msg_errno = 0; 1589 hdr->sadb_msg_len = len / sizeof(uint64_t); 1590 1591 if (auth_len) { 1592 struct sadb_supported *sp; 1593 struct sadb_alg *ap; 1594 1595 sp = (struct sadb_supported *) skb_put(skb, auth_len); 1596 ap = (struct sadb_alg *) (sp + 1); 1597 1598 sp->sadb_supported_len = auth_len / sizeof(uint64_t); 1599 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 1600 1601 for (i = 0; ; i++) { 1602 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); 1603 if (!aalg) 1604 break; 1605 if (aalg->available) 1606 *ap++ = aalg->desc; 1607 } 1608 } 1609 1610 if (enc_len) { 1611 struct sadb_supported *sp; 1612 struct sadb_alg *ap; 1613 1614 sp = (struct sadb_supported *) skb_put(skb, enc_len); 1615 ap = (struct sadb_alg *) (sp + 1); 1616 1617 sp->sadb_supported_len = enc_len / sizeof(uint64_t); 1618 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 1619 1620 for (i = 0; ; i++) { 1621 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); 1622 if (!ealg) 1623 break; 1624 if (ealg->available) 1625 *ap++ = ealg->desc; 1626 } 1627 } 1628 1629out_put_algs: 1630 return skb; 1631} 1632 1633static int pfkey_register(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1634{ 1635 struct pfkey_sock *pfk = pfkey_sk(sk); 1636 struct sk_buff *supp_skb; 1637 1638 if (hdr->sadb_msg_satype > SADB_SATYPE_MAX) 1639 return -EINVAL; 1640 1641 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) { 1642 if (pfk->registered&(1<<hdr->sadb_msg_satype)) 1643 return -EEXIST; 1644 pfk->registered |= (1<<hdr->sadb_msg_satype); 1645 } 1646 1647 xfrm_probe_algs(); 1648 1649 supp_skb = compose_sadb_supported(hdr, GFP_KERNEL); 1650 if (!supp_skb) { 1651 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) 1652 pfk->registered &= ~(1<<hdr->sadb_msg_satype); 1653 1654 return -ENOBUFS; 1655 } 1656 1657 pfkey_broadcast(supp_skb, GFP_KERNEL, BROADCAST_REGISTERED, sk, sock_net(sk)); 1658 1659 return 0; 1660} 1661 1662static int unicast_flush_resp(struct sock *sk, struct sadb_msg *ihdr) 1663{ 1664 struct sk_buff *skb; 1665 struct sadb_msg *hdr; 1666 1667 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC); 1668 if (!skb) 1669 return -ENOBUFS; 1670 1671 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); 1672 memcpy(hdr, ihdr, sizeof(struct sadb_msg)); 1673 hdr->sadb_msg_errno = (uint8_t) 0; 1674 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t)); 1675 1676 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk)); 1677} 1678 1679static int key_notify_sa_flush(struct km_event *c) 1680{ 1681 struct sk_buff *skb; 1682 struct sadb_msg *hdr; 1683 1684 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC); 1685 if (!skb) 1686 return -ENOBUFS; 1687 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); 1688 hdr->sadb_msg_satype = pfkey_proto2satype(c->data.proto); 1689 hdr->sadb_msg_type = SADB_FLUSH; 1690 hdr->sadb_msg_seq = c->seq; 1691 hdr->sadb_msg_pid = c->pid; 1692 hdr->sadb_msg_version = PF_KEY_V2; 1693 hdr->sadb_msg_errno = (uint8_t) 0; 1694 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t)); 1695 1696 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net); 1697 1698 return 0; 1699} 1700 1701static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1702{ 1703 struct net *net = sock_net(sk); 1704 unsigned proto; 1705 struct km_event c; 1706 struct xfrm_audit audit_info; 1707 int err, err2; 1708 1709 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 1710 if (proto == 0) 1711 return -EINVAL; 1712 1713 audit_info.loginuid = audit_get_loginuid(current); 1714 audit_info.sessionid = audit_get_sessionid(current); 1715 audit_info.secid = 0; 1716 err = xfrm_state_flush(net, proto, &audit_info); 1717 err2 = unicast_flush_resp(sk, hdr); 1718 if (err || err2) { 1719 if (err == -ESRCH) /* empty table - go quietly */ 1720 err = 0; 1721 return err ? err : err2; 1722 } 1723 1724 c.data.proto = proto; 1725 c.seq = hdr->sadb_msg_seq; 1726 c.pid = hdr->sadb_msg_pid; 1727 c.event = XFRM_MSG_FLUSHSA; 1728 c.net = net; 1729 km_state_notify(NULL, &c); 1730 1731 return 0; 1732} 1733 1734static int dump_sa(struct xfrm_state *x, int count, void *ptr) 1735{ 1736 struct pfkey_sock *pfk = ptr; 1737 struct sk_buff *out_skb; 1738 struct sadb_msg *out_hdr; 1739 1740 if (!pfkey_can_dump(&pfk->sk)) 1741 return -ENOBUFS; 1742 1743 out_skb = pfkey_xfrm_state2msg(x); 1744 if (IS_ERR(out_skb)) 1745 return PTR_ERR(out_skb); 1746 1747 out_hdr = (struct sadb_msg *) out_skb->data; 1748 out_hdr->sadb_msg_version = pfk->dump.msg_version; 1749 out_hdr->sadb_msg_type = SADB_DUMP; 1750 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); 1751 out_hdr->sadb_msg_errno = 0; 1752 out_hdr->sadb_msg_reserved = 0; 1753 out_hdr->sadb_msg_seq = count + 1; 1754 out_hdr->sadb_msg_pid = pfk->dump.msg_pid; 1755 1756 if (pfk->dump.skb) 1757 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE, 1758 &pfk->sk, sock_net(&pfk->sk)); 1759 pfk->dump.skb = out_skb; 1760 1761 return 0; 1762} 1763 1764static int pfkey_dump_sa(struct pfkey_sock *pfk) 1765{ 1766 struct net *net = sock_net(&pfk->sk); 1767 return xfrm_state_walk(net, &pfk->dump.u.state, dump_sa, (void *) pfk); 1768} 1769 1770static void pfkey_dump_sa_done(struct pfkey_sock *pfk) 1771{ 1772 xfrm_state_walk_done(&pfk->dump.u.state); 1773} 1774 1775static int pfkey_dump(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1776{ 1777 u8 proto; 1778 struct pfkey_sock *pfk = pfkey_sk(sk); 1779 1780 if (pfk->dump.dump != NULL) 1781 return -EBUSY; 1782 1783 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 1784 if (proto == 0) 1785 return -EINVAL; 1786 1787 pfk->dump.msg_version = hdr->sadb_msg_version; 1788 pfk->dump.msg_pid = hdr->sadb_msg_pid; 1789 pfk->dump.dump = pfkey_dump_sa; 1790 pfk->dump.done = pfkey_dump_sa_done; 1791 xfrm_state_walk_init(&pfk->dump.u.state, proto); 1792 1793 return pfkey_do_dump(pfk); 1794} 1795 1796static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1797{ 1798 struct pfkey_sock *pfk = pfkey_sk(sk); 1799 int satype = hdr->sadb_msg_satype; 1800 1801 if (hdr->sadb_msg_len == (sizeof(*hdr) / sizeof(uint64_t))) { 1802 hdr->sadb_msg_errno = 0; 1803 if (satype != 0 && satype != 1) 1804 return -EINVAL; 1805 pfk->promisc = satype; 1806 } 1807 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL, BROADCAST_ALL, NULL, sock_net(sk)); 1808 return 0; 1809} 1810 1811static int check_reqid(struct xfrm_policy *xp, int dir, int count, void *ptr) 1812{ 1813 int i; 1814 u32 reqid = *(u32*)ptr; 1815 1816 for (i=0; i<xp->xfrm_nr; i++) { 1817 if (xp->xfrm_vec[i].reqid == reqid) 1818 return -EEXIST; 1819 } 1820 return 0; 1821} 1822 1823static u32 gen_reqid(struct net *net) 1824{ 1825 struct xfrm_policy_walk walk; 1826 u32 start; 1827 int rc; 1828 static u32 reqid = IPSEC_MANUAL_REQID_MAX; 1829 1830 start = reqid; 1831 do { 1832 ++reqid; 1833 if (reqid == 0) 1834 reqid = IPSEC_MANUAL_REQID_MAX+1; 1835 xfrm_policy_walk_init(&walk, XFRM_POLICY_TYPE_MAIN); 1836 rc = xfrm_policy_walk(net, &walk, check_reqid, (void*)&reqid); 1837 xfrm_policy_walk_done(&walk); 1838 if (rc != -EEXIST) 1839 return reqid; 1840 } while (reqid != start); 1841 return 0; 1842} 1843 1844static int 1845parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq) 1846{ 1847 struct net *net = xp_net(xp); 1848 struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr; 1849 int mode; 1850 1851 if (xp->xfrm_nr >= XFRM_MAX_DEPTH) 1852 return -ELOOP; 1853 1854 if (rq->sadb_x_ipsecrequest_mode == 0) 1855 return -EINVAL; 1856 1857 t->id.proto = rq->sadb_x_ipsecrequest_proto; 1858 if ((mode = pfkey_mode_to_xfrm(rq->sadb_x_ipsecrequest_mode)) < 0) 1859 return -EINVAL; 1860 t->mode = mode; 1861 if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_USE) 1862 t->optional = 1; 1863 else if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_UNIQUE) { 1864 t->reqid = rq->sadb_x_ipsecrequest_reqid; 1865 if (t->reqid > IPSEC_MANUAL_REQID_MAX) 1866 t->reqid = 0; 1867 if (!t->reqid && !(t->reqid = gen_reqid(net))) 1868 return -ENOBUFS; 1869 } 1870 1871 /* addresses present only in tunnel mode */ 1872 if (t->mode == XFRM_MODE_TUNNEL) { 1873 u8 *sa = (u8 *) (rq + 1); 1874 int family, socklen; 1875 1876 family = pfkey_sockaddr_extract((struct sockaddr *)sa, 1877 &t->saddr); 1878 if (!family) 1879 return -EINVAL; 1880 1881 socklen = pfkey_sockaddr_len(family); 1882 if (pfkey_sockaddr_extract((struct sockaddr *)(sa + socklen), 1883 &t->id.daddr) != family) 1884 return -EINVAL; 1885 t->encap_family = family; 1886 } else 1887 t->encap_family = xp->family; 1888 1889 /* No way to set this via kame pfkey */ 1890 t->allalgs = 1; 1891 xp->xfrm_nr++; 1892 return 0; 1893} 1894 1895static int 1896parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol) 1897{ 1898 int err; 1899 int len = pol->sadb_x_policy_len*8 - sizeof(struct sadb_x_policy); 1900 struct sadb_x_ipsecrequest *rq = (void*)(pol+1); 1901 1902 while (len >= sizeof(struct sadb_x_ipsecrequest)) { 1903 if ((err = parse_ipsecrequest(xp, rq)) < 0) 1904 return err; 1905 len -= rq->sadb_x_ipsecrequest_len; 1906 rq = (void*)((u8*)rq + rq->sadb_x_ipsecrequest_len); 1907 } 1908 return 0; 1909} 1910 1911static inline int pfkey_xfrm_policy2sec_ctx_size(struct xfrm_policy *xp) 1912{ 1913 struct xfrm_sec_ctx *xfrm_ctx = xp->security; 1914 1915 if (xfrm_ctx) { 1916 int len = sizeof(struct sadb_x_sec_ctx); 1917 len += xfrm_ctx->ctx_len; 1918 return PFKEY_ALIGN8(len); 1919 } 1920 return 0; 1921} 1922 1923static int pfkey_xfrm_policy2msg_size(struct xfrm_policy *xp) 1924{ 1925 struct xfrm_tmpl *t; 1926 int sockaddr_size = pfkey_sockaddr_size(xp->family); 1927 int socklen = 0; 1928 int i; 1929 1930 for (i=0; i<xp->xfrm_nr; i++) { 1931 t = xp->xfrm_vec + i; 1932 socklen += pfkey_sockaddr_len(t->encap_family); 1933 } 1934 1935 return sizeof(struct sadb_msg) + 1936 (sizeof(struct sadb_lifetime) * 3) + 1937 (sizeof(struct sadb_address) * 2) + 1938 (sockaddr_size * 2) + 1939 sizeof(struct sadb_x_policy) + 1940 (xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) + 1941 (socklen * 2) + 1942 pfkey_xfrm_policy2sec_ctx_size(xp); 1943} 1944 1945static struct sk_buff * pfkey_xfrm_policy2msg_prep(struct xfrm_policy *xp) 1946{ 1947 struct sk_buff *skb; 1948 int size; 1949 1950 size = pfkey_xfrm_policy2msg_size(xp); 1951 1952 skb = alloc_skb(size + 16, GFP_ATOMIC); 1953 if (skb == NULL) 1954 return ERR_PTR(-ENOBUFS); 1955 1956 return skb; 1957} 1958 1959static int pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, int dir) 1960{ 1961 struct sadb_msg *hdr; 1962 struct sadb_address *addr; 1963 struct sadb_lifetime *lifetime; 1964 struct sadb_x_policy *pol; 1965 struct sadb_x_sec_ctx *sec_ctx; 1966 struct xfrm_sec_ctx *xfrm_ctx; 1967 int i; 1968 int size; 1969 int sockaddr_size = pfkey_sockaddr_size(xp->family); 1970 int socklen = pfkey_sockaddr_len(xp->family); 1971 1972 size = pfkey_xfrm_policy2msg_size(xp); 1973 1974 /* call should fill header later */ 1975 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); 1976 memset(hdr, 0, size); 1977 1978 /* src address */ 1979 addr = (struct sadb_address*) skb_put(skb, 1980 sizeof(struct sadb_address)+sockaddr_size); 1981 addr->sadb_address_len = 1982 (sizeof(struct sadb_address)+sockaddr_size)/ 1983 sizeof(uint64_t); 1984 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 1985 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto); 1986 addr->sadb_address_prefixlen = xp->selector.prefixlen_s; 1987 addr->sadb_address_reserved = 0; 1988 if (!pfkey_sockaddr_fill(&xp->selector.saddr, 1989 xp->selector.sport, 1990 (struct sockaddr *) (addr + 1), 1991 xp->family)) 1992 BUG(); 1993 1994 /* dst address */ 1995 addr = (struct sadb_address*) skb_put(skb, 1996 sizeof(struct sadb_address)+sockaddr_size); 1997 addr->sadb_address_len = 1998 (sizeof(struct sadb_address)+sockaddr_size)/ 1999 sizeof(uint64_t); 2000 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 2001 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto); 2002 addr->sadb_address_prefixlen = xp->selector.prefixlen_d; 2003 addr->sadb_address_reserved = 0; 2004 2005 pfkey_sockaddr_fill(&xp->selector.daddr, xp->selector.dport, 2006 (struct sockaddr *) (addr + 1), 2007 xp->family); 2008 2009 /* hard time */ 2010 lifetime = (struct sadb_lifetime *) skb_put(skb, 2011 sizeof(struct sadb_lifetime)); 2012 lifetime->sadb_lifetime_len = 2013 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 2014 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2015 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.hard_packet_limit); 2016 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.hard_byte_limit); 2017 lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds; 2018 lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds; 2019 /* soft time */ 2020 lifetime = (struct sadb_lifetime *) skb_put(skb, 2021 sizeof(struct sadb_lifetime)); 2022 lifetime->sadb_lifetime_len = 2023 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 2024 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 2025 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.soft_packet_limit); 2026 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.soft_byte_limit); 2027 lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds; 2028 lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds; 2029 /* current time */ 2030 lifetime = (struct sadb_lifetime *) skb_put(skb, 2031 sizeof(struct sadb_lifetime)); 2032 lifetime->sadb_lifetime_len = 2033 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 2034 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2035 lifetime->sadb_lifetime_allocations = xp->curlft.packets; 2036 lifetime->sadb_lifetime_bytes = xp->curlft.bytes; 2037 lifetime->sadb_lifetime_addtime = xp->curlft.add_time; 2038 lifetime->sadb_lifetime_usetime = xp->curlft.use_time; 2039 2040 pol = (struct sadb_x_policy *) skb_put(skb, sizeof(struct sadb_x_policy)); 2041 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t); 2042 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 2043 pol->sadb_x_policy_type = IPSEC_POLICY_DISCARD; 2044 if (xp->action == XFRM_POLICY_ALLOW) { 2045 if (xp->xfrm_nr) 2046 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; 2047 else 2048 pol->sadb_x_policy_type = IPSEC_POLICY_NONE; 2049 } 2050 pol->sadb_x_policy_dir = dir+1; 2051 pol->sadb_x_policy_id = xp->index; 2052 pol->sadb_x_policy_priority = xp->priority; 2053 2054 for (i=0; i<xp->xfrm_nr; i++) { 2055 struct sadb_x_ipsecrequest *rq; 2056 struct xfrm_tmpl *t = xp->xfrm_vec + i; 2057 int req_size; 2058 int mode; 2059 2060 req_size = sizeof(struct sadb_x_ipsecrequest); 2061 if (t->mode == XFRM_MODE_TUNNEL) { 2062 socklen = pfkey_sockaddr_len(t->encap_family); 2063 req_size += socklen * 2; 2064 } else { 2065 size -= 2*socklen; 2066 } 2067 rq = (void*)skb_put(skb, req_size); 2068 pol->sadb_x_policy_len += req_size/8; 2069 memset(rq, 0, sizeof(*rq)); 2070 rq->sadb_x_ipsecrequest_len = req_size; 2071 rq->sadb_x_ipsecrequest_proto = t->id.proto; 2072 if ((mode = pfkey_mode_from_xfrm(t->mode)) < 0) 2073 return -EINVAL; 2074 rq->sadb_x_ipsecrequest_mode = mode; 2075 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE; 2076 if (t->reqid) 2077 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE; 2078 if (t->optional) 2079 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_USE; 2080 rq->sadb_x_ipsecrequest_reqid = t->reqid; 2081 2082 if (t->mode == XFRM_MODE_TUNNEL) { 2083 u8 *sa = (void *)(rq + 1); 2084 pfkey_sockaddr_fill(&t->saddr, 0, 2085 (struct sockaddr *)sa, 2086 t->encap_family); 2087 pfkey_sockaddr_fill(&t->id.daddr, 0, 2088 (struct sockaddr *) (sa + socklen), 2089 t->encap_family); 2090 } 2091 } 2092 2093 /* security context */ 2094 if ((xfrm_ctx = xp->security)) { 2095 int ctx_size = pfkey_xfrm_policy2sec_ctx_size(xp); 2096 2097 sec_ctx = (struct sadb_x_sec_ctx *) skb_put(skb, ctx_size); 2098 sec_ctx->sadb_x_sec_len = ctx_size / sizeof(uint64_t); 2099 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX; 2100 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi; 2101 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg; 2102 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len; 2103 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str, 2104 xfrm_ctx->ctx_len); 2105 } 2106 2107 hdr->sadb_msg_len = size / sizeof(uint64_t); 2108 hdr->sadb_msg_reserved = atomic_read(&xp->refcnt); 2109 2110 return 0; 2111} 2112 2113static int key_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) 2114{ 2115 struct sk_buff *out_skb; 2116 struct sadb_msg *out_hdr; 2117 int err; 2118 2119 out_skb = pfkey_xfrm_policy2msg_prep(xp); 2120 if (IS_ERR(out_skb)) 2121 return PTR_ERR(out_skb); 2122 2123 err = pfkey_xfrm_policy2msg(out_skb, xp, dir); 2124 if (err < 0) 2125 return err; 2126 2127 out_hdr = (struct sadb_msg *) out_skb->data; 2128 out_hdr->sadb_msg_version = PF_KEY_V2; 2129 2130 if (c->data.byid && c->event == XFRM_MSG_DELPOLICY) 2131 out_hdr->sadb_msg_type = SADB_X_SPDDELETE2; 2132 else 2133 out_hdr->sadb_msg_type = event2poltype(c->event); 2134 out_hdr->sadb_msg_errno = 0; 2135 out_hdr->sadb_msg_seq = c->seq; 2136 out_hdr->sadb_msg_pid = c->pid; 2137 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp)); 2138 return 0; 2139 2140} 2141 2142static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2143{ 2144 struct net *net = sock_net(sk); 2145 int err = 0; 2146 struct sadb_lifetime *lifetime; 2147 struct sadb_address *sa; 2148 struct sadb_x_policy *pol; 2149 struct xfrm_policy *xp; 2150 struct km_event c; 2151 struct sadb_x_sec_ctx *sec_ctx; 2152 2153 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 2154 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) || 2155 !ext_hdrs[SADB_X_EXT_POLICY-1]) 2156 return -EINVAL; 2157 2158 pol = ext_hdrs[SADB_X_EXT_POLICY-1]; 2159 if (pol->sadb_x_policy_type > IPSEC_POLICY_IPSEC) 2160 return -EINVAL; 2161 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) 2162 return -EINVAL; 2163 2164 xp = xfrm_policy_alloc(net, GFP_KERNEL); 2165 if (xp == NULL) 2166 return -ENOBUFS; 2167 2168 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ? 2169 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW); 2170 xp->priority = pol->sadb_x_policy_priority; 2171 2172 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 2173 xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr); 2174 if (!xp->family) { 2175 err = -EINVAL; 2176 goto out; 2177 } 2178 xp->selector.family = xp->family; 2179 xp->selector.prefixlen_s = sa->sadb_address_prefixlen; 2180 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2181 xp->selector.sport = ((struct sockaddr_in *)(sa+1))->sin_port; 2182 if (xp->selector.sport) 2183 xp->selector.sport_mask = htons(0xffff); 2184 2185 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1], 2186 pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr); 2187 xp->selector.prefixlen_d = sa->sadb_address_prefixlen; 2188 2189 /* Amusing, we set this twice. KAME apps appear to set same value 2190 * in both addresses. 2191 */ 2192 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2193 2194 xp->selector.dport = ((struct sockaddr_in *)(sa+1))->sin_port; 2195 if (xp->selector.dport) 2196 xp->selector.dport_mask = htons(0xffff); 2197 2198 sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1]; 2199 if (sec_ctx != NULL) { 2200 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx); 2201 2202 if (!uctx) { 2203 err = -ENOBUFS; 2204 goto out; 2205 } 2206 2207 err = security_xfrm_policy_alloc(&xp->security, uctx); 2208 kfree(uctx); 2209 2210 if (err) 2211 goto out; 2212 } 2213 2214 xp->lft.soft_byte_limit = XFRM_INF; 2215 xp->lft.hard_byte_limit = XFRM_INF; 2216 xp->lft.soft_packet_limit = XFRM_INF; 2217 xp->lft.hard_packet_limit = XFRM_INF; 2218 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD-1]) != NULL) { 2219 xp->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); 2220 xp->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); 2221 xp->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime; 2222 xp->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime; 2223 } 2224 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]) != NULL) { 2225 xp->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); 2226 xp->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); 2227 xp->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime; 2228 xp->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime; 2229 } 2230 xp->xfrm_nr = 0; 2231 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 2232 (err = parse_ipsecrequests(xp, pol)) < 0) 2233 goto out; 2234 2235 err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp, 2236 hdr->sadb_msg_type != SADB_X_SPDUPDATE); 2237 2238 xfrm_audit_policy_add(xp, err ? 0 : 1, 2239 audit_get_loginuid(current), 2240 audit_get_sessionid(current), 0); 2241 2242 if (err) 2243 goto out; 2244 2245 if (hdr->sadb_msg_type == SADB_X_SPDUPDATE) 2246 c.event = XFRM_MSG_UPDPOLICY; 2247 else 2248 c.event = XFRM_MSG_NEWPOLICY; 2249 2250 c.seq = hdr->sadb_msg_seq; 2251 c.pid = hdr->sadb_msg_pid; 2252 2253 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c); 2254 xfrm_pol_put(xp); 2255 return 0; 2256 2257out: 2258 xp->walk.dead = 1; 2259 xfrm_policy_destroy(xp); 2260 return err; 2261} 2262 2263static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2264{ 2265 struct net *net = sock_net(sk); 2266 int err; 2267 struct sadb_address *sa; 2268 struct sadb_x_policy *pol; 2269 struct xfrm_policy *xp; 2270 struct xfrm_selector sel; 2271 struct km_event c; 2272 struct sadb_x_sec_ctx *sec_ctx; 2273 struct xfrm_sec_ctx *pol_ctx = NULL; 2274 2275 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 2276 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) || 2277 !ext_hdrs[SADB_X_EXT_POLICY-1]) 2278 return -EINVAL; 2279 2280 pol = ext_hdrs[SADB_X_EXT_POLICY-1]; 2281 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) 2282 return -EINVAL; 2283 2284 memset(&sel, 0, sizeof(sel)); 2285 2286 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 2287 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr); 2288 sel.prefixlen_s = sa->sadb_address_prefixlen; 2289 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2290 sel.sport = ((struct sockaddr_in *)(sa+1))->sin_port; 2291 if (sel.sport) 2292 sel.sport_mask = htons(0xffff); 2293 2294 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1], 2295 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr); 2296 sel.prefixlen_d = sa->sadb_address_prefixlen; 2297 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2298 sel.dport = ((struct sockaddr_in *)(sa+1))->sin_port; 2299 if (sel.dport) 2300 sel.dport_mask = htons(0xffff); 2301 2302 sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1]; 2303 if (sec_ctx != NULL) { 2304 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx); 2305 2306 if (!uctx) 2307 return -ENOMEM; 2308 2309 err = security_xfrm_policy_alloc(&pol_ctx, uctx); 2310 kfree(uctx); 2311 if (err) 2312 return err; 2313 } 2314 2315 xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN, 2316 pol->sadb_x_policy_dir - 1, &sel, pol_ctx, 2317 1, &err); 2318 security_xfrm_policy_free(pol_ctx); 2319 if (xp == NULL) 2320 return -ENOENT; 2321 2322 xfrm_audit_policy_delete(xp, err ? 0 : 1, 2323 audit_get_loginuid(current), 2324 audit_get_sessionid(current), 0); 2325 2326 if (err) 2327 goto out; 2328 2329 c.seq = hdr->sadb_msg_seq; 2330 c.pid = hdr->sadb_msg_pid; 2331 c.data.byid = 0; 2332 c.event = XFRM_MSG_DELPOLICY; 2333 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c); 2334 2335out: 2336 xfrm_pol_put(xp); 2337 return err; 2338} 2339 2340static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, struct sadb_msg *hdr, int dir) 2341{ 2342 int err; 2343 struct sk_buff *out_skb; 2344 struct sadb_msg *out_hdr; 2345 err = 0; 2346 2347 out_skb = pfkey_xfrm_policy2msg_prep(xp); 2348 if (IS_ERR(out_skb)) { 2349 err = PTR_ERR(out_skb); 2350 goto out; 2351 } 2352 err = pfkey_xfrm_policy2msg(out_skb, xp, dir); 2353 if (err < 0) 2354 goto out; 2355 2356 out_hdr = (struct sadb_msg *) out_skb->data; 2357 out_hdr->sadb_msg_version = hdr->sadb_msg_version; 2358 out_hdr->sadb_msg_type = hdr->sadb_msg_type; 2359 out_hdr->sadb_msg_satype = 0; 2360 out_hdr->sadb_msg_errno = 0; 2361 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq; 2362 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid; 2363 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, xp_net(xp)); 2364 err = 0; 2365 2366out: 2367 return err; 2368} 2369 2370#ifdef CONFIG_NET_KEY_MIGRATE 2371static int pfkey_sockaddr_pair_size(sa_family_t family) 2372{ 2373 return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2); 2374} 2375 2376static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len, 2377 xfrm_address_t *saddr, xfrm_address_t *daddr, 2378 u16 *family) 2379{ 2380 int af, socklen; 2381 2382 if (ext_len < pfkey_sockaddr_pair_size(sa->sa_family)) 2383 return -EINVAL; 2384 2385 af = pfkey_sockaddr_extract(sa, saddr); 2386 if (!af) 2387 return -EINVAL; 2388 2389 socklen = pfkey_sockaddr_len(af); 2390 if (pfkey_sockaddr_extract((struct sockaddr *) (((u8 *)sa) + socklen), 2391 daddr) != af) 2392 return -EINVAL; 2393 2394 *family = af; 2395 return 0; 2396} 2397 2398static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len, 2399 struct xfrm_migrate *m) 2400{ 2401 int err; 2402 struct sadb_x_ipsecrequest *rq2; 2403 int mode; 2404 2405 if (len <= sizeof(struct sadb_x_ipsecrequest) || 2406 len < rq1->sadb_x_ipsecrequest_len) 2407 return -EINVAL; 2408 2409 /* old endoints */ 2410 err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1), 2411 rq1->sadb_x_ipsecrequest_len, 2412 &m->old_saddr, &m->old_daddr, 2413 &m->old_family); 2414 if (err) 2415 return err; 2416 2417 rq2 = (struct sadb_x_ipsecrequest *)((u8 *)rq1 + rq1->sadb_x_ipsecrequest_len); 2418 len -= rq1->sadb_x_ipsecrequest_len; 2419 2420 if (len <= sizeof(struct sadb_x_ipsecrequest) || 2421 len < rq2->sadb_x_ipsecrequest_len) 2422 return -EINVAL; 2423 2424 /* new endpoints */ 2425 err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1), 2426 rq2->sadb_x_ipsecrequest_len, 2427 &m->new_saddr, &m->new_daddr, 2428 &m->new_family); 2429 if (err) 2430 return err; 2431 2432 if (rq1->sadb_x_ipsecrequest_proto != rq2->sadb_x_ipsecrequest_proto || 2433 rq1->sadb_x_ipsecrequest_mode != rq2->sadb_x_ipsecrequest_mode || 2434 rq1->sadb_x_ipsecrequest_reqid != rq2->sadb_x_ipsecrequest_reqid) 2435 return -EINVAL; 2436 2437 m->proto = rq1->sadb_x_ipsecrequest_proto; 2438 if ((mode = pfkey_mode_to_xfrm(rq1->sadb_x_ipsecrequest_mode)) < 0) 2439 return -EINVAL; 2440 m->mode = mode; 2441 m->reqid = rq1->sadb_x_ipsecrequest_reqid; 2442 2443 return ((int)(rq1->sadb_x_ipsecrequest_len + 2444 rq2->sadb_x_ipsecrequest_len)); 2445} 2446 2447static int pfkey_migrate(struct sock *sk, struct sk_buff *skb, 2448 struct sadb_msg *hdr, void **ext_hdrs) 2449{ 2450 int i, len, ret, err = -EINVAL; 2451 u8 dir; 2452 struct sadb_address *sa; 2453 struct sadb_x_kmaddress *kma; 2454 struct sadb_x_policy *pol; 2455 struct sadb_x_ipsecrequest *rq; 2456 struct xfrm_selector sel; 2457 struct xfrm_migrate m[XFRM_MAX_DEPTH]; 2458 struct xfrm_kmaddress k; 2459 2460 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1], 2461 ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) || 2462 !ext_hdrs[SADB_X_EXT_POLICY - 1]) { 2463 err = -EINVAL; 2464 goto out; 2465 } 2466 2467 kma = ext_hdrs[SADB_X_EXT_KMADDRESS - 1]; 2468 pol = ext_hdrs[SADB_X_EXT_POLICY - 1]; 2469 2470 if (pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) { 2471 err = -EINVAL; 2472 goto out; 2473 } 2474 2475 if (kma) { 2476 /* convert sadb_x_kmaddress to xfrm_kmaddress */ 2477 k.reserved = kma->sadb_x_kmaddress_reserved; 2478 ret = parse_sockaddr_pair((struct sockaddr *)(kma + 1), 2479 8*(kma->sadb_x_kmaddress_len) - sizeof(*kma), 2480 &k.local, &k.remote, &k.family); 2481 if (ret < 0) { 2482 err = ret; 2483 goto out; 2484 } 2485 } 2486 2487 dir = pol->sadb_x_policy_dir - 1; 2488 memset(&sel, 0, sizeof(sel)); 2489 2490 /* set source address info of selector */ 2491 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC - 1]; 2492 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr); 2493 sel.prefixlen_s = sa->sadb_address_prefixlen; 2494 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2495 sel.sport = ((struct sockaddr_in *)(sa + 1))->sin_port; 2496 if (sel.sport) 2497 sel.sport_mask = htons(0xffff); 2498 2499 /* set destination address info of selector */ 2500 sa = ext_hdrs[SADB_EXT_ADDRESS_DST - 1], 2501 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr); 2502 sel.prefixlen_d = sa->sadb_address_prefixlen; 2503 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2504 sel.dport = ((struct sockaddr_in *)(sa + 1))->sin_port; 2505 if (sel.dport) 2506 sel.dport_mask = htons(0xffff); 2507 2508 rq = (struct sadb_x_ipsecrequest *)(pol + 1); 2509 2510 /* extract ipsecrequests */ 2511 i = 0; 2512 len = pol->sadb_x_policy_len * 8 - sizeof(struct sadb_x_policy); 2513 2514 while (len > 0 && i < XFRM_MAX_DEPTH) { 2515 ret = ipsecrequests_to_migrate(rq, len, &m[i]); 2516 if (ret < 0) { 2517 err = ret; 2518 goto out; 2519 } else { 2520 rq = (struct sadb_x_ipsecrequest *)((u8 *)rq + ret); 2521 len -= ret; 2522 i++; 2523 } 2524 } 2525 2526 if (!i || len > 0) { 2527 err = -EINVAL; 2528 goto out; 2529 } 2530 2531 return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i, 2532 kma ? &k : NULL); 2533 2534 out: 2535 return err; 2536} 2537#else 2538static int pfkey_migrate(struct sock *sk, struct sk_buff *skb, 2539 struct sadb_msg *hdr, void **ext_hdrs) 2540{ 2541 return -ENOPROTOOPT; 2542} 2543#endif 2544 2545 2546static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2547{ 2548 struct net *net = sock_net(sk); 2549 unsigned int dir; 2550 int err = 0, delete; 2551 struct sadb_x_policy *pol; 2552 struct xfrm_policy *xp; 2553 struct km_event c; 2554 2555 if ((pol = ext_hdrs[SADB_X_EXT_POLICY-1]) == NULL) 2556 return -EINVAL; 2557 2558 dir = xfrm_policy_id2dir(pol->sadb_x_policy_id); 2559 if (dir >= XFRM_POLICY_MAX) 2560 return -EINVAL; 2561 2562 delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2); 2563 xp = xfrm_policy_byid(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN, 2564 dir, pol->sadb_x_policy_id, delete, &err); 2565 if (xp == NULL) 2566 return -ENOENT; 2567 2568 if (delete) { 2569 xfrm_audit_policy_delete(xp, err ? 0 : 1, 2570 audit_get_loginuid(current), 2571 audit_get_sessionid(current), 0); 2572 2573 if (err) 2574 goto out; 2575 c.seq = hdr->sadb_msg_seq; 2576 c.pid = hdr->sadb_msg_pid; 2577 c.data.byid = 1; 2578 c.event = XFRM_MSG_DELPOLICY; 2579 km_policy_notify(xp, dir, &c); 2580 } else { 2581 err = key_pol_get_resp(sk, xp, hdr, dir); 2582 } 2583 2584out: 2585 xfrm_pol_put(xp); 2586 return err; 2587} 2588 2589static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr) 2590{ 2591 struct pfkey_sock *pfk = ptr; 2592 struct sk_buff *out_skb; 2593 struct sadb_msg *out_hdr; 2594 int err; 2595 2596 if (!pfkey_can_dump(&pfk->sk)) 2597 return -ENOBUFS; 2598 2599 out_skb = pfkey_xfrm_policy2msg_prep(xp); 2600 if (IS_ERR(out_skb)) 2601 return PTR_ERR(out_skb); 2602 2603 err = pfkey_xfrm_policy2msg(out_skb, xp, dir); 2604 if (err < 0) 2605 return err; 2606 2607 out_hdr = (struct sadb_msg *) out_skb->data; 2608 out_hdr->sadb_msg_version = pfk->dump.msg_version; 2609 out_hdr->sadb_msg_type = SADB_X_SPDDUMP; 2610 out_hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC; 2611 out_hdr->sadb_msg_errno = 0; 2612 out_hdr->sadb_msg_seq = count + 1; 2613 out_hdr->sadb_msg_pid = pfk->dump.msg_pid; 2614 2615 if (pfk->dump.skb) 2616 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE, 2617 &pfk->sk, sock_net(&pfk->sk)); 2618 pfk->dump.skb = out_skb; 2619 2620 return 0; 2621} 2622 2623static int pfkey_dump_sp(struct pfkey_sock *pfk) 2624{ 2625 struct net *net = sock_net(&pfk->sk); 2626 return xfrm_policy_walk(net, &pfk->dump.u.policy, dump_sp, (void *) pfk); 2627} 2628 2629static void pfkey_dump_sp_done(struct pfkey_sock *pfk) 2630{ 2631 xfrm_policy_walk_done(&pfk->dump.u.policy); 2632} 2633 2634static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2635{ 2636 struct pfkey_sock *pfk = pfkey_sk(sk); 2637 2638 if (pfk->dump.dump != NULL) 2639 return -EBUSY; 2640 2641 pfk->dump.msg_version = hdr->sadb_msg_version; 2642 pfk->dump.msg_pid = hdr->sadb_msg_pid; 2643 pfk->dump.dump = pfkey_dump_sp; 2644 pfk->dump.done = pfkey_dump_sp_done; 2645 xfrm_policy_walk_init(&pfk->dump.u.policy, XFRM_POLICY_TYPE_MAIN); 2646 2647 return pfkey_do_dump(pfk); 2648} 2649 2650static int key_notify_policy_flush(struct km_event *c) 2651{ 2652 struct sk_buff *skb_out; 2653 struct sadb_msg *hdr; 2654 2655 skb_out = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC); 2656 if (!skb_out) 2657 return -ENOBUFS; 2658 hdr = (struct sadb_msg *) skb_put(skb_out, sizeof(struct sadb_msg)); 2659 hdr->sadb_msg_type = SADB_X_SPDFLUSH; 2660 hdr->sadb_msg_seq = c->seq; 2661 hdr->sadb_msg_pid = c->pid; 2662 hdr->sadb_msg_version = PF_KEY_V2; 2663 hdr->sadb_msg_errno = (uint8_t) 0; 2664 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t)); 2665 pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net); 2666 return 0; 2667 2668} 2669 2670static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2671{ 2672 struct net *net = sock_net(sk); 2673 struct km_event c; 2674 struct xfrm_audit audit_info; 2675 int err, err2; 2676 2677 audit_info.loginuid = audit_get_loginuid(current); 2678 audit_info.sessionid = audit_get_sessionid(current); 2679 audit_info.secid = 0; 2680 err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info); 2681 err2 = unicast_flush_resp(sk, hdr); 2682 if (err || err2) { 2683 if (err == -ESRCH) /* empty table - old silent behavior */ 2684 return 0; 2685 return err; 2686 } 2687 2688 c.data.type = XFRM_POLICY_TYPE_MAIN; 2689 c.event = XFRM_MSG_FLUSHPOLICY; 2690 c.pid = hdr->sadb_msg_pid; 2691 c.seq = hdr->sadb_msg_seq; 2692 c.net = net; 2693 km_policy_notify(NULL, 0, &c); 2694 2695 return 0; 2696} 2697 2698typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb, 2699 struct sadb_msg *hdr, void **ext_hdrs); 2700static pfkey_handler pfkey_funcs[SADB_MAX + 1] = { 2701 [SADB_RESERVED] = pfkey_reserved, 2702 [SADB_GETSPI] = pfkey_getspi, 2703 [SADB_UPDATE] = pfkey_add, 2704 [SADB_ADD] = pfkey_add, 2705 [SADB_DELETE] = pfkey_delete, 2706 [SADB_GET] = pfkey_get, 2707 [SADB_ACQUIRE] = pfkey_acquire, 2708 [SADB_REGISTER] = pfkey_register, 2709 [SADB_EXPIRE] = NULL, 2710 [SADB_FLUSH] = pfkey_flush, 2711 [SADB_DUMP] = pfkey_dump, 2712 [SADB_X_PROMISC] = pfkey_promisc, 2713 [SADB_X_PCHANGE] = NULL, 2714 [SADB_X_SPDUPDATE] = pfkey_spdadd, 2715 [SADB_X_SPDADD] = pfkey_spdadd, 2716 [SADB_X_SPDDELETE] = pfkey_spddelete, 2717 [SADB_X_SPDGET] = pfkey_spdget, 2718 [SADB_X_SPDACQUIRE] = NULL, 2719 [SADB_X_SPDDUMP] = pfkey_spddump, 2720 [SADB_X_SPDFLUSH] = pfkey_spdflush, 2721 [SADB_X_SPDSETIDX] = pfkey_spdadd, 2722 [SADB_X_SPDDELETE2] = pfkey_spdget, 2723 [SADB_X_MIGRATE] = pfkey_migrate, 2724}; 2725 2726static int pfkey_process(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr) 2727{ 2728 void *ext_hdrs[SADB_EXT_MAX]; 2729 int err; 2730 2731 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL, 2732 BROADCAST_PROMISC_ONLY, NULL, sock_net(sk)); 2733 2734 memset(ext_hdrs, 0, sizeof(ext_hdrs)); 2735 err = parse_exthdrs(skb, hdr, ext_hdrs); 2736 if (!err) { 2737 err = -EOPNOTSUPP; 2738 if (pfkey_funcs[hdr->sadb_msg_type]) 2739 err = pfkey_funcs[hdr->sadb_msg_type](sk, skb, hdr, ext_hdrs); 2740 } 2741 return err; 2742} 2743 2744static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp) 2745{ 2746 struct sadb_msg *hdr = NULL; 2747 2748 if (skb->len < sizeof(*hdr)) { 2749 *errp = -EMSGSIZE; 2750 } else { 2751 hdr = (struct sadb_msg *) skb->data; 2752 if (hdr->sadb_msg_version != PF_KEY_V2 || 2753 hdr->sadb_msg_reserved != 0 || 2754 (hdr->sadb_msg_type <= SADB_RESERVED || 2755 hdr->sadb_msg_type > SADB_MAX)) { 2756 hdr = NULL; 2757 *errp = -EINVAL; 2758 } else if (hdr->sadb_msg_len != (skb->len / 2759 sizeof(uint64_t)) || 2760 hdr->sadb_msg_len < (sizeof(struct sadb_msg) / 2761 sizeof(uint64_t))) { 2762 hdr = NULL; 2763 *errp = -EMSGSIZE; 2764 } else { 2765 *errp = 0; 2766 } 2767 } 2768 return hdr; 2769} 2770 2771static inline int aalg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d) 2772{ 2773 unsigned int id = d->desc.sadb_alg_id; 2774 2775 if (id >= sizeof(t->aalgos) * 8) 2776 return 0; 2777 2778 return (t->aalgos >> id) & 1; 2779} 2780 2781static inline int ealg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d) 2782{ 2783 unsigned int id = d->desc.sadb_alg_id; 2784 2785 if (id >= sizeof(t->ealgos) * 8) 2786 return 0; 2787 2788 return (t->ealgos >> id) & 1; 2789} 2790 2791static int count_ah_combs(struct xfrm_tmpl *t) 2792{ 2793 int i, sz = 0; 2794 2795 for (i = 0; ; i++) { 2796 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); 2797 if (!aalg) 2798 break; 2799 if (aalg_tmpl_set(t, aalg) && aalg->available) 2800 sz += sizeof(struct sadb_comb); 2801 } 2802 return sz + sizeof(struct sadb_prop); 2803} 2804 2805static int count_esp_combs(struct xfrm_tmpl *t) 2806{ 2807 int i, k, sz = 0; 2808 2809 for (i = 0; ; i++) { 2810 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); 2811 if (!ealg) 2812 break; 2813 2814 if (!(ealg_tmpl_set(t, ealg) && ealg->available)) 2815 continue; 2816 2817 for (k = 1; ; k++) { 2818 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); 2819 if (!aalg) 2820 break; 2821 2822 if (aalg_tmpl_set(t, aalg) && aalg->available) 2823 sz += sizeof(struct sadb_comb); 2824 } 2825 } 2826 return sz + sizeof(struct sadb_prop); 2827} 2828 2829static void dump_ah_combs(struct sk_buff *skb, struct xfrm_tmpl *t) 2830{ 2831 struct sadb_prop *p; 2832 int i; 2833 2834 p = (struct sadb_prop*)skb_put(skb, sizeof(struct sadb_prop)); 2835 p->sadb_prop_len = sizeof(struct sadb_prop)/8; 2836 p->sadb_prop_exttype = SADB_EXT_PROPOSAL; 2837 p->sadb_prop_replay = 32; 2838 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved)); 2839 2840 for (i = 0; ; i++) { 2841 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); 2842 if (!aalg) 2843 break; 2844 2845 if (aalg_tmpl_set(t, aalg) && aalg->available) { 2846 struct sadb_comb *c; 2847 c = (struct sadb_comb*)skb_put(skb, sizeof(struct sadb_comb)); 2848 memset(c, 0, sizeof(*c)); 2849 p->sadb_prop_len += sizeof(struct sadb_comb)/8; 2850 c->sadb_comb_auth = aalg->desc.sadb_alg_id; 2851 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits; 2852 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits; 2853 c->sadb_comb_hard_addtime = 24*60*60; 2854 c->sadb_comb_soft_addtime = 20*60*60; 2855 c->sadb_comb_hard_usetime = 8*60*60; 2856 c->sadb_comb_soft_usetime = 7*60*60; 2857 } 2858 } 2859} 2860 2861static void dump_esp_combs(struct sk_buff *skb, struct xfrm_tmpl *t) 2862{ 2863 struct sadb_prop *p; 2864 int i, k; 2865 2866 p = (struct sadb_prop*)skb_put(skb, sizeof(struct sadb_prop)); 2867 p->sadb_prop_len = sizeof(struct sadb_prop)/8; 2868 p->sadb_prop_exttype = SADB_EXT_PROPOSAL; 2869 p->sadb_prop_replay = 32; 2870 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved)); 2871 2872 for (i=0; ; i++) { 2873 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); 2874 if (!ealg) 2875 break; 2876 2877 if (!(ealg_tmpl_set(t, ealg) && ealg->available)) 2878 continue; 2879 2880 for (k = 1; ; k++) { 2881 struct sadb_comb *c; 2882 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); 2883 if (!aalg) 2884 break; 2885 if (!(aalg_tmpl_set(t, aalg) && aalg->available)) 2886 continue; 2887 c = (struct sadb_comb*)skb_put(skb, sizeof(struct sadb_comb)); 2888 memset(c, 0, sizeof(*c)); 2889 p->sadb_prop_len += sizeof(struct sadb_comb)/8; 2890 c->sadb_comb_auth = aalg->desc.sadb_alg_id; 2891 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits; 2892 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits; 2893 c->sadb_comb_encrypt = ealg->desc.sadb_alg_id; 2894 c->sadb_comb_encrypt_minbits = ealg->desc.sadb_alg_minbits; 2895 c->sadb_comb_encrypt_maxbits = ealg->desc.sadb_alg_maxbits; 2896 c->sadb_comb_hard_addtime = 24*60*60; 2897 c->sadb_comb_soft_addtime = 20*60*60; 2898 c->sadb_comb_hard_usetime = 8*60*60; 2899 c->sadb_comb_soft_usetime = 7*60*60; 2900 } 2901 } 2902} 2903 2904static int key_notify_policy_expire(struct xfrm_policy *xp, struct km_event *c) 2905{ 2906 return 0; 2907} 2908 2909static int key_notify_sa_expire(struct xfrm_state *x, struct km_event *c) 2910{ 2911 struct sk_buff *out_skb; 2912 struct sadb_msg *out_hdr; 2913 int hard; 2914 int hsc; 2915 2916 hard = c->data.hard; 2917 if (hard) 2918 hsc = 2; 2919 else 2920 hsc = 1; 2921 2922 out_skb = pfkey_xfrm_state2msg_expire(x, hsc); 2923 if (IS_ERR(out_skb)) 2924 return PTR_ERR(out_skb); 2925 2926 out_hdr = (struct sadb_msg *) out_skb->data; 2927 out_hdr->sadb_msg_version = PF_KEY_V2; 2928 out_hdr->sadb_msg_type = SADB_EXPIRE; 2929 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); 2930 out_hdr->sadb_msg_errno = 0; 2931 out_hdr->sadb_msg_reserved = 0; 2932 out_hdr->sadb_msg_seq = 0; 2933 out_hdr->sadb_msg_pid = 0; 2934 2935 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL, xs_net(x)); 2936 return 0; 2937} 2938 2939static int pfkey_send_notify(struct xfrm_state *x, struct km_event *c) 2940{ 2941 struct net *net = x ? xs_net(x) : c->net; 2942 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 2943 2944 if (atomic_read(&net_pfkey->socks_nr) == 0) 2945 return 0; 2946 2947 switch (c->event) { 2948 case XFRM_MSG_EXPIRE: 2949 return key_notify_sa_expire(x, c); 2950 case XFRM_MSG_DELSA: 2951 case XFRM_MSG_NEWSA: 2952 case XFRM_MSG_UPDSA: 2953 return key_notify_sa(x, c); 2954 case XFRM_MSG_FLUSHSA: 2955 return key_notify_sa_flush(c); 2956 case XFRM_MSG_NEWAE: /* not yet supported */ 2957 break; 2958 default: 2959 pr_err("pfkey: Unknown SA event %d\n", c->event); 2960 break; 2961 } 2962 2963 return 0; 2964} 2965 2966static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2967{ 2968 if (xp && xp->type != XFRM_POLICY_TYPE_MAIN) 2969 return 0; 2970 2971 switch (c->event) { 2972 case XFRM_MSG_POLEXPIRE: 2973 return key_notify_policy_expire(xp, c); 2974 case XFRM_MSG_DELPOLICY: 2975 case XFRM_MSG_NEWPOLICY: 2976 case XFRM_MSG_UPDPOLICY: 2977 return key_notify_policy(xp, dir, c); 2978 case XFRM_MSG_FLUSHPOLICY: 2979 if (c->data.type != XFRM_POLICY_TYPE_MAIN) 2980 break; 2981 return key_notify_policy_flush(c); 2982 default: 2983 pr_err("pfkey: Unknown policy event %d\n", c->event); 2984 break; 2985 } 2986 2987 return 0; 2988} 2989 2990static u32 get_acqseq(void) 2991{ 2992 u32 res; 2993 static atomic_t acqseq; 2994 2995 do { 2996 res = atomic_inc_return(&acqseq); 2997 } while (!res); 2998 return res; 2999} 3000 3001static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp, int dir) 3002{ 3003 struct sk_buff *skb; 3004 struct sadb_msg *hdr; 3005 struct sadb_address *addr; 3006 struct sadb_x_policy *pol; 3007 int sockaddr_size; 3008 int size; 3009 struct sadb_x_sec_ctx *sec_ctx; 3010 struct xfrm_sec_ctx *xfrm_ctx; 3011 int ctx_size = 0; 3012 3013 sockaddr_size = pfkey_sockaddr_size(x->props.family); 3014 if (!sockaddr_size) 3015 return -EINVAL; 3016 3017 size = sizeof(struct sadb_msg) + 3018 (sizeof(struct sadb_address) * 2) + 3019 (sockaddr_size * 2) + 3020 sizeof(struct sadb_x_policy); 3021 3022 if (x->id.proto == IPPROTO_AH) 3023 size += count_ah_combs(t); 3024 else if (x->id.proto == IPPROTO_ESP) 3025 size += count_esp_combs(t); 3026 3027 if ((xfrm_ctx = x->security)) { 3028 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len); 3029 size += sizeof(struct sadb_x_sec_ctx) + ctx_size; 3030 } 3031 3032 skb = alloc_skb(size + 16, GFP_ATOMIC); 3033 if (skb == NULL) 3034 return -ENOMEM; 3035 3036 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); 3037 hdr->sadb_msg_version = PF_KEY_V2; 3038 hdr->sadb_msg_type = SADB_ACQUIRE; 3039 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); 3040 hdr->sadb_msg_len = size / sizeof(uint64_t); 3041 hdr->sadb_msg_errno = 0; 3042 hdr->sadb_msg_reserved = 0; 3043 hdr->sadb_msg_seq = x->km.seq = get_acqseq(); 3044 hdr->sadb_msg_pid = 0; 3045 3046 /* src address */ 3047 addr = (struct sadb_address*) skb_put(skb, 3048 sizeof(struct sadb_address)+sockaddr_size); 3049 addr->sadb_address_len = 3050 (sizeof(struct sadb_address)+sockaddr_size)/ 3051 sizeof(uint64_t); 3052 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 3053 addr->sadb_address_proto = 0; 3054 addr->sadb_address_reserved = 0; 3055 addr->sadb_address_prefixlen = 3056 pfkey_sockaddr_fill(&x->props.saddr, 0, 3057 (struct sockaddr *) (addr + 1), 3058 x->props.family); 3059 if (!addr->sadb_address_prefixlen) 3060 BUG(); 3061 3062 /* dst address */ 3063 addr = (struct sadb_address*) skb_put(skb, 3064 sizeof(struct sadb_address)+sockaddr_size); 3065 addr->sadb_address_len = 3066 (sizeof(struct sadb_address)+sockaddr_size)/ 3067 sizeof(uint64_t); 3068 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 3069 addr->sadb_address_proto = 0; 3070 addr->sadb_address_reserved = 0; 3071 addr->sadb_address_prefixlen = 3072 pfkey_sockaddr_fill(&x->id.daddr, 0, 3073 (struct sockaddr *) (addr + 1), 3074 x->props.family); 3075 if (!addr->sadb_address_prefixlen) 3076 BUG(); 3077 3078 pol = (struct sadb_x_policy *) skb_put(skb, sizeof(struct sadb_x_policy)); 3079 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t); 3080 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 3081 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; 3082 pol->sadb_x_policy_dir = dir+1; 3083 pol->sadb_x_policy_id = xp->index; 3084 3085 /* Set sadb_comb's. */ 3086 if (x->id.proto == IPPROTO_AH) 3087 dump_ah_combs(skb, t); 3088 else if (x->id.proto == IPPROTO_ESP) 3089 dump_esp_combs(skb, t); 3090 3091 /* security context */ 3092 if (xfrm_ctx) { 3093 sec_ctx = (struct sadb_x_sec_ctx *) skb_put(skb, 3094 sizeof(struct sadb_x_sec_ctx) + ctx_size); 3095 sec_ctx->sadb_x_sec_len = 3096 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t); 3097 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX; 3098 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi; 3099 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg; 3100 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len; 3101 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str, 3102 xfrm_ctx->ctx_len); 3103 } 3104 3105 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL, xs_net(x)); 3106} 3107 3108static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt, 3109 u8 *data, int len, int *dir) 3110{ 3111 struct net *net = sock_net(sk); 3112 struct xfrm_policy *xp; 3113 struct sadb_x_policy *pol = (struct sadb_x_policy*)data; 3114 struct sadb_x_sec_ctx *sec_ctx; 3115 3116 switch (sk->sk_family) { 3117 case AF_INET: 3118 if (opt != IP_IPSEC_POLICY) { 3119 *dir = -EOPNOTSUPP; 3120 return NULL; 3121 } 3122 break; 3123#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3124 case AF_INET6: 3125 if (opt != IPV6_IPSEC_POLICY) { 3126 *dir = -EOPNOTSUPP; 3127 return NULL; 3128 } 3129 break; 3130#endif 3131 default: 3132 *dir = -EINVAL; 3133 return NULL; 3134 } 3135 3136 *dir = -EINVAL; 3137 3138 if (len < sizeof(struct sadb_x_policy) || 3139 pol->sadb_x_policy_len*8 > len || 3140 pol->sadb_x_policy_type > IPSEC_POLICY_BYPASS || 3141 (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir > IPSEC_DIR_OUTBOUND)) 3142 return NULL; 3143 3144 xp = xfrm_policy_alloc(net, GFP_ATOMIC); 3145 if (xp == NULL) { 3146 *dir = -ENOBUFS; 3147 return NULL; 3148 } 3149 3150 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ? 3151 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW); 3152 3153 xp->lft.soft_byte_limit = XFRM_INF; 3154 xp->lft.hard_byte_limit = XFRM_INF; 3155 xp->lft.soft_packet_limit = XFRM_INF; 3156 xp->lft.hard_packet_limit = XFRM_INF; 3157 xp->family = sk->sk_family; 3158 3159 xp->xfrm_nr = 0; 3160 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 3161 (*dir = parse_ipsecrequests(xp, pol)) < 0) 3162 goto out; 3163 3164 /* security context too */ 3165 if (len >= (pol->sadb_x_policy_len*8 + 3166 sizeof(struct sadb_x_sec_ctx))) { 3167 char *p = (char *)pol; 3168 struct xfrm_user_sec_ctx *uctx; 3169 3170 p += pol->sadb_x_policy_len*8; 3171 sec_ctx = (struct sadb_x_sec_ctx *)p; 3172 if (len < pol->sadb_x_policy_len*8 + 3173 sec_ctx->sadb_x_sec_len) { 3174 *dir = -EINVAL; 3175 goto out; 3176 } 3177 if ((*dir = verify_sec_ctx_len(p))) 3178 goto out; 3179 uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx); 3180 *dir = security_xfrm_policy_alloc(&xp->security, uctx); 3181 kfree(uctx); 3182 3183 if (*dir) 3184 goto out; 3185 } 3186 3187 *dir = pol->sadb_x_policy_dir-1; 3188 return xp; 3189 3190out: 3191 xp->walk.dead = 1; 3192 xfrm_policy_destroy(xp); 3193 return NULL; 3194} 3195 3196static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport) 3197{ 3198 struct sk_buff *skb; 3199 struct sadb_msg *hdr; 3200 struct sadb_sa *sa; 3201 struct sadb_address *addr; 3202 struct sadb_x_nat_t_port *n_port; 3203 int sockaddr_size; 3204 int size; 3205 __u8 satype = (x->id.proto == IPPROTO_ESP ? SADB_SATYPE_ESP : 0); 3206 struct xfrm_encap_tmpl *natt = NULL; 3207 3208 sockaddr_size = pfkey_sockaddr_size(x->props.family); 3209 if (!sockaddr_size) 3210 return -EINVAL; 3211 3212 if (!satype) 3213 return -EINVAL; 3214 3215 if (!x->encap) 3216 return -EINVAL; 3217 3218 natt = x->encap; 3219 3220 /* Build an SADB_X_NAT_T_NEW_MAPPING message: 3221 * 3222 * HDR | SA | ADDRESS_SRC (old addr) | NAT_T_SPORT (old port) | 3223 * ADDRESS_DST (new addr) | NAT_T_DPORT (new port) 3224 */ 3225 3226 size = sizeof(struct sadb_msg) + 3227 sizeof(struct sadb_sa) + 3228 (sizeof(struct sadb_address) * 2) + 3229 (sockaddr_size * 2) + 3230 (sizeof(struct sadb_x_nat_t_port) * 2); 3231 3232 skb = alloc_skb(size + 16, GFP_ATOMIC); 3233 if (skb == NULL) 3234 return -ENOMEM; 3235 3236 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); 3237 hdr->sadb_msg_version = PF_KEY_V2; 3238 hdr->sadb_msg_type = SADB_X_NAT_T_NEW_MAPPING; 3239 hdr->sadb_msg_satype = satype; 3240 hdr->sadb_msg_len = size / sizeof(uint64_t); 3241 hdr->sadb_msg_errno = 0; 3242 hdr->sadb_msg_reserved = 0; 3243 hdr->sadb_msg_seq = x->km.seq = get_acqseq(); 3244 hdr->sadb_msg_pid = 0; 3245 3246 /* SA */ 3247 sa = (struct sadb_sa *) skb_put(skb, sizeof(struct sadb_sa)); 3248 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t); 3249 sa->sadb_sa_exttype = SADB_EXT_SA; 3250 sa->sadb_sa_spi = x->id.spi; 3251 sa->sadb_sa_replay = 0; 3252 sa->sadb_sa_state = 0; 3253 sa->sadb_sa_auth = 0; 3254 sa->sadb_sa_encrypt = 0; 3255 sa->sadb_sa_flags = 0; 3256 3257 /* ADDRESS_SRC (old addr) */ 3258 addr = (struct sadb_address*) 3259 skb_put(skb, sizeof(struct sadb_address)+sockaddr_size); 3260 addr->sadb_address_len = 3261 (sizeof(struct sadb_address)+sockaddr_size)/ 3262 sizeof(uint64_t); 3263 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 3264 addr->sadb_address_proto = 0; 3265 addr->sadb_address_reserved = 0; 3266 addr->sadb_address_prefixlen = 3267 pfkey_sockaddr_fill(&x->props.saddr, 0, 3268 (struct sockaddr *) (addr + 1), 3269 x->props.family); 3270 if (!addr->sadb_address_prefixlen) 3271 BUG(); 3272 3273 /* NAT_T_SPORT (old port) */ 3274 n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port)); 3275 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t); 3276 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT; 3277 n_port->sadb_x_nat_t_port_port = natt->encap_sport; 3278 n_port->sadb_x_nat_t_port_reserved = 0; 3279 3280 /* ADDRESS_DST (new addr) */ 3281 addr = (struct sadb_address*) 3282 skb_put(skb, sizeof(struct sadb_address)+sockaddr_size); 3283 addr->sadb_address_len = 3284 (sizeof(struct sadb_address)+sockaddr_size)/ 3285 sizeof(uint64_t); 3286 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 3287 addr->sadb_address_proto = 0; 3288 addr->sadb_address_reserved = 0; 3289 addr->sadb_address_prefixlen = 3290 pfkey_sockaddr_fill(ipaddr, 0, 3291 (struct sockaddr *) (addr + 1), 3292 x->props.family); 3293 if (!addr->sadb_address_prefixlen) 3294 BUG(); 3295 3296 /* NAT_T_DPORT (new port) */ 3297 n_port = (struct sadb_x_nat_t_port*) skb_put(skb, sizeof (*n_port)); 3298 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t); 3299 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT; 3300 n_port->sadb_x_nat_t_port_port = sport; 3301 n_port->sadb_x_nat_t_port_reserved = 0; 3302 3303 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL, xs_net(x)); 3304} 3305 3306#ifdef CONFIG_NET_KEY_MIGRATE 3307static int set_sadb_address(struct sk_buff *skb, int sasize, int type, 3308 struct xfrm_selector *sel) 3309{ 3310 struct sadb_address *addr; 3311 addr = (struct sadb_address *)skb_put(skb, sizeof(struct sadb_address) + sasize); 3312 addr->sadb_address_len = (sizeof(struct sadb_address) + sasize)/8; 3313 addr->sadb_address_exttype = type; 3314 addr->sadb_address_proto = sel->proto; 3315 addr->sadb_address_reserved = 0; 3316 3317 switch (type) { 3318 case SADB_EXT_ADDRESS_SRC: 3319 addr->sadb_address_prefixlen = sel->prefixlen_s; 3320 pfkey_sockaddr_fill(&sel->saddr, 0, 3321 (struct sockaddr *)(addr + 1), 3322 sel->family); 3323 break; 3324 case SADB_EXT_ADDRESS_DST: 3325 addr->sadb_address_prefixlen = sel->prefixlen_d; 3326 pfkey_sockaddr_fill(&sel->daddr, 0, 3327 (struct sockaddr *)(addr + 1), 3328 sel->family); 3329 break; 3330 default: 3331 return -EINVAL; 3332 } 3333 3334 return 0; 3335} 3336 3337 3338static int set_sadb_kmaddress(struct sk_buff *skb, struct xfrm_kmaddress *k) 3339{ 3340 struct sadb_x_kmaddress *kma; 3341 u8 *sa; 3342 int family = k->family; 3343 int socklen = pfkey_sockaddr_len(family); 3344 int size_req; 3345 3346 size_req = (sizeof(struct sadb_x_kmaddress) + 3347 pfkey_sockaddr_pair_size(family)); 3348 3349 kma = (struct sadb_x_kmaddress *)skb_put(skb, size_req); 3350 memset(kma, 0, size_req); 3351 kma->sadb_x_kmaddress_len = size_req / 8; 3352 kma->sadb_x_kmaddress_exttype = SADB_X_EXT_KMADDRESS; 3353 kma->sadb_x_kmaddress_reserved = k->reserved; 3354 3355 sa = (u8 *)(kma + 1); 3356 if (!pfkey_sockaddr_fill(&k->local, 0, (struct sockaddr *)sa, family) || 3357 !pfkey_sockaddr_fill(&k->remote, 0, (struct sockaddr *)(sa+socklen), family)) 3358 return -EINVAL; 3359 3360 return 0; 3361} 3362 3363static int set_ipsecrequest(struct sk_buff *skb, 3364 uint8_t proto, uint8_t mode, int level, 3365 uint32_t reqid, uint8_t family, 3366 xfrm_address_t *src, xfrm_address_t *dst) 3367{ 3368 struct sadb_x_ipsecrequest *rq; 3369 u8 *sa; 3370 int socklen = pfkey_sockaddr_len(family); 3371 int size_req; 3372 3373 size_req = sizeof(struct sadb_x_ipsecrequest) + 3374 pfkey_sockaddr_pair_size(family); 3375 3376 rq = (struct sadb_x_ipsecrequest *)skb_put(skb, size_req); 3377 memset(rq, 0, size_req); 3378 rq->sadb_x_ipsecrequest_len = size_req; 3379 rq->sadb_x_ipsecrequest_proto = proto; 3380 rq->sadb_x_ipsecrequest_mode = mode; 3381 rq->sadb_x_ipsecrequest_level = level; 3382 rq->sadb_x_ipsecrequest_reqid = reqid; 3383 3384 sa = (u8 *) (rq + 1); 3385 if (!pfkey_sockaddr_fill(src, 0, (struct sockaddr *)sa, family) || 3386 !pfkey_sockaddr_fill(dst, 0, (struct sockaddr *)(sa + socklen), family)) 3387 return -EINVAL; 3388 3389 return 0; 3390} 3391#endif 3392 3393#ifdef CONFIG_NET_KEY_MIGRATE 3394static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 3395 struct xfrm_migrate *m, int num_bundles, 3396 struct xfrm_kmaddress *k) 3397{ 3398 int i; 3399 int sasize_sel; 3400 int size = 0; 3401 int size_pol = 0; 3402 struct sk_buff *skb; 3403 struct sadb_msg *hdr; 3404 struct sadb_x_policy *pol; 3405 struct xfrm_migrate *mp; 3406 3407 if (type != XFRM_POLICY_TYPE_MAIN) 3408 return 0; 3409 3410 if (num_bundles <= 0 || num_bundles > XFRM_MAX_DEPTH) 3411 return -EINVAL; 3412 3413 if (k != NULL) { 3414 /* addresses for KM */ 3415 size += PFKEY_ALIGN8(sizeof(struct sadb_x_kmaddress) + 3416 pfkey_sockaddr_pair_size(k->family)); 3417 } 3418 3419 /* selector */ 3420 sasize_sel = pfkey_sockaddr_size(sel->family); 3421 if (!sasize_sel) 3422 return -EINVAL; 3423 size += (sizeof(struct sadb_address) + sasize_sel) * 2; 3424 3425 /* policy info */ 3426 size_pol += sizeof(struct sadb_x_policy); 3427 3428 /* ipsecrequests */ 3429 for (i = 0, mp = m; i < num_bundles; i++, mp++) { 3430 /* old locator pair */ 3431 size_pol += sizeof(struct sadb_x_ipsecrequest) + 3432 pfkey_sockaddr_pair_size(mp->old_family); 3433 /* new locator pair */ 3434 size_pol += sizeof(struct sadb_x_ipsecrequest) + 3435 pfkey_sockaddr_pair_size(mp->new_family); 3436 } 3437 3438 size += sizeof(struct sadb_msg) + size_pol; 3439 3440 /* alloc buffer */ 3441 skb = alloc_skb(size, GFP_ATOMIC); 3442 if (skb == NULL) 3443 return -ENOMEM; 3444 3445 hdr = (struct sadb_msg *)skb_put(skb, sizeof(struct sadb_msg)); 3446 hdr->sadb_msg_version = PF_KEY_V2; 3447 hdr->sadb_msg_type = SADB_X_MIGRATE; 3448 hdr->sadb_msg_satype = pfkey_proto2satype(m->proto); 3449 hdr->sadb_msg_len = size / 8; 3450 hdr->sadb_msg_errno = 0; 3451 hdr->sadb_msg_reserved = 0; 3452 hdr->sadb_msg_seq = 0; 3453 hdr->sadb_msg_pid = 0; 3454 3455 /* Addresses to be used by KM for negotiation, if ext is available */ 3456 if (k != NULL && (set_sadb_kmaddress(skb, k) < 0)) 3457 return -EINVAL; 3458 3459 /* selector src */ 3460 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_SRC, sel); 3461 3462 /* selector dst */ 3463 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_DST, sel); 3464 3465 /* policy information */ 3466 pol = (struct sadb_x_policy *)skb_put(skb, sizeof(struct sadb_x_policy)); 3467 pol->sadb_x_policy_len = size_pol / 8; 3468 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 3469 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; 3470 pol->sadb_x_policy_dir = dir + 1; 3471 pol->sadb_x_policy_id = 0; 3472 pol->sadb_x_policy_priority = 0; 3473 3474 for (i = 0, mp = m; i < num_bundles; i++, mp++) { 3475 /* old ipsecrequest */ 3476 int mode = pfkey_mode_from_xfrm(mp->mode); 3477 if (mode < 0) 3478 goto err; 3479 if (set_ipsecrequest(skb, mp->proto, mode, 3480 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), 3481 mp->reqid, mp->old_family, 3482 &mp->old_saddr, &mp->old_daddr) < 0) 3483 goto err; 3484 3485 /* new ipsecrequest */ 3486 if (set_ipsecrequest(skb, mp->proto, mode, 3487 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), 3488 mp->reqid, mp->new_family, 3489 &mp->new_saddr, &mp->new_daddr) < 0) 3490 goto err; 3491 } 3492 3493 /* broadcast migrate message to sockets */ 3494 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, &init_net); 3495 3496 return 0; 3497 3498err: 3499 kfree_skb(skb); 3500 return -EINVAL; 3501} 3502#else 3503static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 3504 struct xfrm_migrate *m, int num_bundles, 3505 struct xfrm_kmaddress *k) 3506{ 3507 return -ENOPROTOOPT; 3508} 3509#endif 3510 3511static int pfkey_sendmsg(struct kiocb *kiocb, 3512 struct socket *sock, struct msghdr *msg, size_t len) 3513{ 3514 struct sock *sk = sock->sk; 3515 struct sk_buff *skb = NULL; 3516 struct sadb_msg *hdr = NULL; 3517 int err; 3518 3519 err = -EOPNOTSUPP; 3520 if (msg->msg_flags & MSG_OOB) 3521 goto out; 3522 3523 err = -EMSGSIZE; 3524 if ((unsigned)len > sk->sk_sndbuf - 32) 3525 goto out; 3526 3527 err = -ENOBUFS; 3528 skb = alloc_skb(len, GFP_KERNEL); 3529 if (skb == NULL) 3530 goto out; 3531 3532 err = -EFAULT; 3533 if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len)) 3534 goto out; 3535 3536 hdr = pfkey_get_base_msg(skb, &err); 3537 if (!hdr) 3538 goto out; 3539 3540 mutex_lock(&xfrm_cfg_mutex); 3541 err = pfkey_process(sk, skb, hdr); 3542 mutex_unlock(&xfrm_cfg_mutex); 3543 3544out: 3545 if (err && hdr && pfkey_error(hdr, err, sk) == 0) 3546 err = 0; 3547 kfree_skb(skb); 3548 3549 return err ? : len; 3550} 3551 3552static int pfkey_recvmsg(struct kiocb *kiocb, 3553 struct socket *sock, struct msghdr *msg, size_t len, 3554 int flags) 3555{ 3556 struct sock *sk = sock->sk; 3557 struct pfkey_sock *pfk = pfkey_sk(sk); 3558 struct sk_buff *skb; 3559 int copied, err; 3560 3561 err = -EINVAL; 3562 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT)) 3563 goto out; 3564 3565 msg->msg_namelen = 0; 3566 skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); 3567 if (skb == NULL) 3568 goto out; 3569 3570 copied = skb->len; 3571 if (copied > len) { 3572 msg->msg_flags |= MSG_TRUNC; 3573 copied = len; 3574 } 3575 3576 skb_reset_transport_header(skb); 3577 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 3578 if (err) 3579 goto out_free; 3580 3581 sock_recv_ts_and_drops(msg, sk, skb); 3582 3583 err = (flags & MSG_TRUNC) ? skb->len : copied; 3584 3585 if (pfk->dump.dump != NULL && 3586 3 * atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) 3587 pfkey_do_dump(pfk); 3588 3589out_free: 3590 skb_free_datagram(sk, skb); 3591out: 3592 return err; 3593} 3594 3595static const struct proto_ops pfkey_ops = { 3596 .family = PF_KEY, 3597 .owner = THIS_MODULE, 3598 /* Operations that make no sense on pfkey sockets. */ 3599 .bind = sock_no_bind, 3600 .connect = sock_no_connect, 3601 .socketpair = sock_no_socketpair, 3602 .accept = sock_no_accept, 3603 .getname = sock_no_getname, 3604 .ioctl = sock_no_ioctl, 3605 .listen = sock_no_listen, 3606 .shutdown = sock_no_shutdown, 3607 .setsockopt = sock_no_setsockopt, 3608 .getsockopt = sock_no_getsockopt, 3609 .mmap = sock_no_mmap, 3610 .sendpage = sock_no_sendpage, 3611 3612 /* Now the operations that really occur. */ 3613 .release = pfkey_release, 3614 .poll = datagram_poll, 3615 .sendmsg = pfkey_sendmsg, 3616 .recvmsg = pfkey_recvmsg, 3617}; 3618 3619static const struct net_proto_family pfkey_family_ops = { 3620 .family = PF_KEY, 3621 .create = pfkey_create, 3622 .owner = THIS_MODULE, 3623}; 3624 3625#ifdef CONFIG_PROC_FS 3626static int pfkey_seq_show(struct seq_file *f, void *v) 3627{ 3628 struct sock *s = sk_entry(v); 3629 3630 if (v == SEQ_START_TOKEN) 3631 seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n"); 3632 else 3633 seq_printf(f ,"%p %-6d %-6u %-6u %-6u %-6lu\n", 3634 s, 3635 atomic_read(&s->sk_refcnt), 3636 sk_rmem_alloc_get(s), 3637 sk_wmem_alloc_get(s), 3638 sock_i_uid(s), 3639 sock_i_ino(s) 3640 ); 3641 return 0; 3642} 3643 3644static void *pfkey_seq_start(struct seq_file *f, loff_t *ppos) 3645{ 3646 struct net *net = seq_file_net(f); 3647 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 3648 3649 rcu_read_lock(); 3650 return seq_hlist_start_head_rcu(&net_pfkey->table, *ppos); 3651} 3652 3653static void *pfkey_seq_next(struct seq_file *f, void *v, loff_t *ppos) 3654{ 3655 struct net *net = seq_file_net(f); 3656 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 3657 3658 return seq_hlist_next_rcu(v, &net_pfkey->table, ppos); 3659} 3660 3661static void pfkey_seq_stop(struct seq_file *f, void *v) 3662{ 3663 rcu_read_unlock(); 3664} 3665 3666static const struct seq_operations pfkey_seq_ops = { 3667 .start = pfkey_seq_start, 3668 .next = pfkey_seq_next, 3669 .stop = pfkey_seq_stop, 3670 .show = pfkey_seq_show, 3671}; 3672 3673static int pfkey_seq_open(struct inode *inode, struct file *file) 3674{ 3675 return seq_open_net(inode, file, &pfkey_seq_ops, 3676 sizeof(struct seq_net_private)); 3677} 3678 3679static const struct file_operations pfkey_proc_ops = { 3680 .open = pfkey_seq_open, 3681 .read = seq_read, 3682 .llseek = seq_lseek, 3683 .release = seq_release_net, 3684}; 3685 3686static int __net_init pfkey_init_proc(struct net *net) 3687{ 3688 struct proc_dir_entry *e; 3689 3690 e = proc_net_fops_create(net, "pfkey", 0, &pfkey_proc_ops); 3691 if (e == NULL) 3692 return -ENOMEM; 3693 3694 return 0; 3695} 3696 3697static void __net_exit pfkey_exit_proc(struct net *net) 3698{ 3699 proc_net_remove(net, "pfkey"); 3700} 3701#else 3702static inline int pfkey_init_proc(struct net *net) 3703{ 3704 return 0; 3705} 3706 3707static inline void pfkey_exit_proc(struct net *net) 3708{ 3709} 3710#endif 3711 3712static struct xfrm_mgr pfkeyv2_mgr = 3713{ 3714 .id = "pfkeyv2", 3715 .notify = pfkey_send_notify, 3716 .acquire = pfkey_send_acquire, 3717 .compile_policy = pfkey_compile_policy, 3718 .new_mapping = pfkey_send_new_mapping, 3719 .notify_policy = pfkey_send_policy_notify, 3720 .migrate = pfkey_send_migrate, 3721}; 3722 3723static int __net_init pfkey_net_init(struct net *net) 3724{ 3725 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 3726 int rv; 3727 3728 INIT_HLIST_HEAD(&net_pfkey->table); 3729 atomic_set(&net_pfkey->socks_nr, 0); 3730 3731 rv = pfkey_init_proc(net); 3732 3733 return rv; 3734} 3735 3736static void __net_exit pfkey_net_exit(struct net *net) 3737{ 3738 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 3739 3740 pfkey_exit_proc(net); 3741 BUG_ON(!hlist_empty(&net_pfkey->table)); 3742} 3743 3744static struct pernet_operations pfkey_net_ops = { 3745 .init = pfkey_net_init, 3746 .exit = pfkey_net_exit, 3747 .id = &pfkey_net_id, 3748 .size = sizeof(struct netns_pfkey), 3749}; 3750 3751static void __exit ipsec_pfkey_exit(void) 3752{ 3753 xfrm_unregister_km(&pfkeyv2_mgr); 3754 sock_unregister(PF_KEY); 3755 unregister_pernet_subsys(&pfkey_net_ops); 3756 proto_unregister(&key_proto); 3757} 3758 3759static int __init ipsec_pfkey_init(void) 3760{ 3761 int err = proto_register(&key_proto, 0); 3762 3763 if (err != 0) 3764 goto out; 3765 3766 err = register_pernet_subsys(&pfkey_net_ops); 3767 if (err != 0) 3768 goto out_unregister_key_proto; 3769 err = sock_register(&pfkey_family_ops); 3770 if (err != 0) 3771 goto out_unregister_pernet; 3772 err = xfrm_register_km(&pfkeyv2_mgr); 3773 if (err != 0) 3774 goto out_sock_unregister; 3775out: 3776 return err; 3777 3778out_sock_unregister: 3779 sock_unregister(PF_KEY); 3780out_unregister_pernet: 3781 unregister_pernet_subsys(&pfkey_net_ops); 3782out_unregister_key_proto: 3783 proto_unregister(&key_proto); 3784 goto out; 3785} 3786 3787module_init(ipsec_pfkey_init); 3788module_exit(ipsec_pfkey_exit); 3789MODULE_LICENSE("GPL"); 3790MODULE_ALIAS_NETPROTO(PF_KEY); 3791