0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013 #include <linux/capability.h>
0014 #include <linux/module.h>
0015 #include <linux/kernel.h>
0016 #include <linux/socket.h>
0017 #include <linux/pfkeyv2.h>
0018 #include <linux/ipsec.h>
0019 #include <linux/skbuff.h>
0020 #include <linux/rtnetlink.h>
0021 #include <linux/in.h>
0022 #include <linux/in6.h>
0023 #include <linux/proc_fs.h>
0024 #include <linux/init.h>
0025 #include <linux/slab.h>
0026 #include <net/net_namespace.h>
0027 #include <net/netns/generic.h>
0028 #include <net/xfrm.h>
0029
0030 #include <net/sock.h>
0031
0032 #define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x))
0033 #define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x))
0034
0035 static unsigned int pfkey_net_id __read_mostly;
0036 struct netns_pfkey {
0037
0038 struct hlist_head table;
0039 atomic_t socks_nr;
0040 };
0041 static DEFINE_MUTEX(pfkey_mutex);
0042
0043 #define DUMMY_MARK 0
0044 static const struct xfrm_mark dummy_mark = {0, 0};
0045 struct pfkey_sock {
0046
0047 struct sock sk;
0048 int registered;
0049 int promisc;
0050
0051 struct {
0052 uint8_t msg_version;
0053 uint32_t msg_portid;
0054 int (*dump)(struct pfkey_sock *sk);
0055 void (*done)(struct pfkey_sock *sk);
0056 union {
0057 struct xfrm_policy_walk policy;
0058 struct xfrm_state_walk state;
0059 } u;
0060 struct sk_buff *skb;
0061 } dump;
0062 struct mutex dump_lock;
0063 };
0064
0065 static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
0066 xfrm_address_t *saddr, xfrm_address_t *daddr,
0067 u16 *family);
0068
0069 static inline struct pfkey_sock *pfkey_sk(struct sock *sk)
0070 {
0071 return (struct pfkey_sock *)sk;
0072 }
0073
0074 static int pfkey_can_dump(const struct sock *sk)
0075 {
0076 if (3 * atomic_read(&sk->sk_rmem_alloc) <= 2 * sk->sk_rcvbuf)
0077 return 1;
0078 return 0;
0079 }
0080
0081 static void pfkey_terminate_dump(struct pfkey_sock *pfk)
0082 {
0083 if (pfk->dump.dump) {
0084 if (pfk->dump.skb) {
0085 kfree_skb(pfk->dump.skb);
0086 pfk->dump.skb = NULL;
0087 }
0088 pfk->dump.done(pfk);
0089 pfk->dump.dump = NULL;
0090 pfk->dump.done = NULL;
0091 }
0092 }
0093
0094 static void pfkey_sock_destruct(struct sock *sk)
0095 {
0096 struct net *net = sock_net(sk);
0097 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
0098
0099 pfkey_terminate_dump(pfkey_sk(sk));
0100 skb_queue_purge(&sk->sk_receive_queue);
0101
0102 if (!sock_flag(sk, SOCK_DEAD)) {
0103 pr_err("Attempt to release alive pfkey socket: %p\n", sk);
0104 return;
0105 }
0106
0107 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
0108 WARN_ON(refcount_read(&sk->sk_wmem_alloc));
0109
0110 atomic_dec(&net_pfkey->socks_nr);
0111 }
0112
0113 static const struct proto_ops pfkey_ops;
0114
0115 static void pfkey_insert(struct sock *sk)
0116 {
0117 struct net *net = sock_net(sk);
0118 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
0119
0120 mutex_lock(&pfkey_mutex);
0121 sk_add_node_rcu(sk, &net_pfkey->table);
0122 mutex_unlock(&pfkey_mutex);
0123 }
0124
0125 static void pfkey_remove(struct sock *sk)
0126 {
0127 mutex_lock(&pfkey_mutex);
0128 sk_del_node_init_rcu(sk);
0129 mutex_unlock(&pfkey_mutex);
0130 }
0131
0132 static struct proto key_proto = {
0133 .name = "KEY",
0134 .owner = THIS_MODULE,
0135 .obj_size = sizeof(struct pfkey_sock),
0136 };
0137
0138 static int pfkey_create(struct net *net, struct socket *sock, int protocol,
0139 int kern)
0140 {
0141 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
0142 struct sock *sk;
0143 struct pfkey_sock *pfk;
0144
0145 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
0146 return -EPERM;
0147 if (sock->type != SOCK_RAW)
0148 return -ESOCKTNOSUPPORT;
0149 if (protocol != PF_KEY_V2)
0150 return -EPROTONOSUPPORT;
0151
0152 sk = sk_alloc(net, PF_KEY, GFP_KERNEL, &key_proto, kern);
0153 if (sk == NULL)
0154 return -ENOMEM;
0155
0156 pfk = pfkey_sk(sk);
0157 mutex_init(&pfk->dump_lock);
0158
0159 sock->ops = &pfkey_ops;
0160 sock_init_data(sock, sk);
0161
0162 sk->sk_family = PF_KEY;
0163 sk->sk_destruct = pfkey_sock_destruct;
0164
0165 atomic_inc(&net_pfkey->socks_nr);
0166
0167 pfkey_insert(sk);
0168
0169 return 0;
0170 }
0171
0172 static int pfkey_release(struct socket *sock)
0173 {
0174 struct sock *sk = sock->sk;
0175
0176 if (!sk)
0177 return 0;
0178
0179 pfkey_remove(sk);
0180
0181 sock_orphan(sk);
0182 sock->sk = NULL;
0183 skb_queue_purge(&sk->sk_write_queue);
0184
0185 synchronize_rcu();
0186 sock_put(sk);
0187
0188 return 0;
0189 }
0190
0191 static int pfkey_broadcast_one(struct sk_buff *skb, gfp_t allocation,
0192 struct sock *sk)
0193 {
0194 int err = -ENOBUFS;
0195
0196 if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf)
0197 return err;
0198
0199 skb = skb_clone(skb, allocation);
0200
0201 if (skb) {
0202 skb_set_owner_r(skb, sk);
0203 skb_queue_tail(&sk->sk_receive_queue, skb);
0204 sk->sk_data_ready(sk);
0205 err = 0;
0206 }
0207 return err;
0208 }
0209
0210
0211 #define BROADCAST_ALL 0
0212 #define BROADCAST_ONE 1
0213 #define BROADCAST_REGISTERED 2
0214 #define BROADCAST_PROMISC_ONLY 4
0215 static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
0216 int broadcast_flags, struct sock *one_sk,
0217 struct net *net)
0218 {
0219 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
0220 struct sock *sk;
0221 int err = -ESRCH;
0222
0223
0224
0225
0226 if (!skb)
0227 return -ENOMEM;
0228
0229 rcu_read_lock();
0230 sk_for_each_rcu(sk, &net_pfkey->table) {
0231 struct pfkey_sock *pfk = pfkey_sk(sk);
0232 int err2;
0233
0234
0235
0236
0237
0238 if (pfk->promisc)
0239 pfkey_broadcast_one(skb, GFP_ATOMIC, sk);
0240
0241
0242 if (sk == one_sk)
0243 continue;
0244 if (broadcast_flags != BROADCAST_ALL) {
0245 if (broadcast_flags & BROADCAST_PROMISC_ONLY)
0246 continue;
0247 if ((broadcast_flags & BROADCAST_REGISTERED) &&
0248 !pfk->registered)
0249 continue;
0250 if (broadcast_flags & BROADCAST_ONE)
0251 continue;
0252 }
0253
0254 err2 = pfkey_broadcast_one(skb, GFP_ATOMIC, sk);
0255
0256
0257
0258 if ((broadcast_flags & BROADCAST_REGISTERED) && err)
0259 err = err2;
0260 }
0261 rcu_read_unlock();
0262
0263 if (one_sk != NULL)
0264 err = pfkey_broadcast_one(skb, allocation, one_sk);
0265
0266 kfree_skb(skb);
0267 return err;
0268 }
0269
0270 static int pfkey_do_dump(struct pfkey_sock *pfk)
0271 {
0272 struct sadb_msg *hdr;
0273 int rc;
0274
0275 mutex_lock(&pfk->dump_lock);
0276 if (!pfk->dump.dump) {
0277 rc = 0;
0278 goto out;
0279 }
0280
0281 rc = pfk->dump.dump(pfk);
0282 if (rc == -ENOBUFS) {
0283 rc = 0;
0284 goto out;
0285 }
0286
0287 if (pfk->dump.skb) {
0288 if (!pfkey_can_dump(&pfk->sk)) {
0289 rc = 0;
0290 goto out;
0291 }
0292
0293 hdr = (struct sadb_msg *) pfk->dump.skb->data;
0294 hdr->sadb_msg_seq = 0;
0295 hdr->sadb_msg_errno = rc;
0296 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
0297 &pfk->sk, sock_net(&pfk->sk));
0298 pfk->dump.skb = NULL;
0299 }
0300
0301 pfkey_terminate_dump(pfk);
0302
0303 out:
0304 mutex_unlock(&pfk->dump_lock);
0305 return rc;
0306 }
0307
0308 static inline void pfkey_hdr_dup(struct sadb_msg *new,
0309 const struct sadb_msg *orig)
0310 {
0311 *new = *orig;
0312 }
0313
0314 static int pfkey_error(const struct sadb_msg *orig, int err, struct sock *sk)
0315 {
0316 struct sk_buff *skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_KERNEL);
0317 struct sadb_msg *hdr;
0318
0319 if (!skb)
0320 return -ENOBUFS;
0321
0322
0323
0324
0325 err = -err;
0326 if (err == ERESTARTSYS ||
0327 err == ERESTARTNOHAND ||
0328 err == ERESTARTNOINTR)
0329 err = EINTR;
0330 if (err >= 512)
0331 err = EINVAL;
0332 BUG_ON(err <= 0 || err >= 256);
0333
0334 hdr = skb_put(skb, sizeof(struct sadb_msg));
0335 pfkey_hdr_dup(hdr, orig);
0336 hdr->sadb_msg_errno = (uint8_t) err;
0337 hdr->sadb_msg_len = (sizeof(struct sadb_msg) /
0338 sizeof(uint64_t));
0339
0340 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ONE, sk, sock_net(sk));
0341
0342 return 0;
0343 }
0344
0345 static const u8 sadb_ext_min_len[] = {
0346 [SADB_EXT_RESERVED] = (u8) 0,
0347 [SADB_EXT_SA] = (u8) sizeof(struct sadb_sa),
0348 [SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime),
0349 [SADB_EXT_LIFETIME_HARD] = (u8) sizeof(struct sadb_lifetime),
0350 [SADB_EXT_LIFETIME_SOFT] = (u8) sizeof(struct sadb_lifetime),
0351 [SADB_EXT_ADDRESS_SRC] = (u8) sizeof(struct sadb_address),
0352 [SADB_EXT_ADDRESS_DST] = (u8) sizeof(struct sadb_address),
0353 [SADB_EXT_ADDRESS_PROXY] = (u8) sizeof(struct sadb_address),
0354 [SADB_EXT_KEY_AUTH] = (u8) sizeof(struct sadb_key),
0355 [SADB_EXT_KEY_ENCRYPT] = (u8) sizeof(struct sadb_key),
0356 [SADB_EXT_IDENTITY_SRC] = (u8) sizeof(struct sadb_ident),
0357 [SADB_EXT_IDENTITY_DST] = (u8) sizeof(struct sadb_ident),
0358 [SADB_EXT_SENSITIVITY] = (u8) sizeof(struct sadb_sens),
0359 [SADB_EXT_PROPOSAL] = (u8) sizeof(struct sadb_prop),
0360 [SADB_EXT_SUPPORTED_AUTH] = (u8) sizeof(struct sadb_supported),
0361 [SADB_EXT_SUPPORTED_ENCRYPT] = (u8) sizeof(struct sadb_supported),
0362 [SADB_EXT_SPIRANGE] = (u8) sizeof(struct sadb_spirange),
0363 [SADB_X_EXT_KMPRIVATE] = (u8) sizeof(struct sadb_x_kmprivate),
0364 [SADB_X_EXT_POLICY] = (u8) sizeof(struct sadb_x_policy),
0365 [SADB_X_EXT_SA2] = (u8) sizeof(struct sadb_x_sa2),
0366 [SADB_X_EXT_NAT_T_TYPE] = (u8) sizeof(struct sadb_x_nat_t_type),
0367 [SADB_X_EXT_NAT_T_SPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
0368 [SADB_X_EXT_NAT_T_DPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
0369 [SADB_X_EXT_NAT_T_OA] = (u8) sizeof(struct sadb_address),
0370 [SADB_X_EXT_SEC_CTX] = (u8) sizeof(struct sadb_x_sec_ctx),
0371 [SADB_X_EXT_KMADDRESS] = (u8) sizeof(struct sadb_x_kmaddress),
0372 [SADB_X_EXT_FILTER] = (u8) sizeof(struct sadb_x_filter),
0373 };
0374
0375
0376 static int verify_address_len(const void *p)
0377 {
0378 const struct sadb_address *sp = p;
0379 const struct sockaddr *addr = (const struct sockaddr *)(sp + 1);
0380 const struct sockaddr_in *sin;
0381 #if IS_ENABLED(CONFIG_IPV6)
0382 const struct sockaddr_in6 *sin6;
0383 #endif
0384 int len;
0385
0386 if (sp->sadb_address_len <
0387 DIV_ROUND_UP(sizeof(*sp) + offsetofend(typeof(*addr), sa_family),
0388 sizeof(uint64_t)))
0389 return -EINVAL;
0390
0391 switch (addr->sa_family) {
0392 case AF_INET:
0393 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin), sizeof(uint64_t));
0394 if (sp->sadb_address_len != len ||
0395 sp->sadb_address_prefixlen > 32)
0396 return -EINVAL;
0397 break;
0398 #if IS_ENABLED(CONFIG_IPV6)
0399 case AF_INET6:
0400 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin6), sizeof(uint64_t));
0401 if (sp->sadb_address_len != len ||
0402 sp->sadb_address_prefixlen > 128)
0403 return -EINVAL;
0404 break;
0405 #endif
0406 default:
0407
0408
0409
0410
0411
0412
0413
0414
0415
0416 return -EINVAL;
0417 }
0418
0419 return 0;
0420 }
0421
0422 static inline int sadb_key_len(const struct sadb_key *key)
0423 {
0424 int key_bytes = DIV_ROUND_UP(key->sadb_key_bits, 8);
0425
0426 return DIV_ROUND_UP(sizeof(struct sadb_key) + key_bytes,
0427 sizeof(uint64_t));
0428 }
0429
0430 static int verify_key_len(const void *p)
0431 {
0432 const struct sadb_key *key = p;
0433
0434 if (sadb_key_len(key) > key->sadb_key_len)
0435 return -EINVAL;
0436
0437 return 0;
0438 }
0439
0440 static inline int pfkey_sec_ctx_len(const struct sadb_x_sec_ctx *sec_ctx)
0441 {
0442 return DIV_ROUND_UP(sizeof(struct sadb_x_sec_ctx) +
0443 sec_ctx->sadb_x_ctx_len,
0444 sizeof(uint64_t));
0445 }
0446
0447 static inline int verify_sec_ctx_len(const void *p)
0448 {
0449 const struct sadb_x_sec_ctx *sec_ctx = p;
0450 int len = sec_ctx->sadb_x_ctx_len;
0451
0452 if (len > PAGE_SIZE)
0453 return -EINVAL;
0454
0455 len = pfkey_sec_ctx_len(sec_ctx);
0456
0457 if (sec_ctx->sadb_x_sec_len != len)
0458 return -EINVAL;
0459
0460 return 0;
0461 }
0462
0463 static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(const struct sadb_x_sec_ctx *sec_ctx,
0464 gfp_t gfp)
0465 {
0466 struct xfrm_user_sec_ctx *uctx = NULL;
0467 int ctx_size = sec_ctx->sadb_x_ctx_len;
0468
0469 uctx = kmalloc((sizeof(*uctx)+ctx_size), gfp);
0470
0471 if (!uctx)
0472 return NULL;
0473
0474 uctx->len = pfkey_sec_ctx_len(sec_ctx);
0475 uctx->exttype = sec_ctx->sadb_x_sec_exttype;
0476 uctx->ctx_doi = sec_ctx->sadb_x_ctx_doi;
0477 uctx->ctx_alg = sec_ctx->sadb_x_ctx_alg;
0478 uctx->ctx_len = sec_ctx->sadb_x_ctx_len;
0479 memcpy(uctx + 1, sec_ctx + 1,
0480 uctx->ctx_len);
0481
0482 return uctx;
0483 }
0484
0485 static int present_and_same_family(const struct sadb_address *src,
0486 const struct sadb_address *dst)
0487 {
0488 const struct sockaddr *s_addr, *d_addr;
0489
0490 if (!src || !dst)
0491 return 0;
0492
0493 s_addr = (const struct sockaddr *)(src + 1);
0494 d_addr = (const struct sockaddr *)(dst + 1);
0495 if (s_addr->sa_family != d_addr->sa_family)
0496 return 0;
0497 if (s_addr->sa_family != AF_INET
0498 #if IS_ENABLED(CONFIG_IPV6)
0499 && s_addr->sa_family != AF_INET6
0500 #endif
0501 )
0502 return 0;
0503
0504 return 1;
0505 }
0506
0507 static int parse_exthdrs(struct sk_buff *skb, const struct sadb_msg *hdr, void **ext_hdrs)
0508 {
0509 const char *p = (char *) hdr;
0510 int len = skb->len;
0511
0512 len -= sizeof(*hdr);
0513 p += sizeof(*hdr);
0514 while (len > 0) {
0515 const struct sadb_ext *ehdr = (const struct sadb_ext *) p;
0516 uint16_t ext_type;
0517 int ext_len;
0518
0519 if (len < sizeof(*ehdr))
0520 return -EINVAL;
0521
0522 ext_len = ehdr->sadb_ext_len;
0523 ext_len *= sizeof(uint64_t);
0524 ext_type = ehdr->sadb_ext_type;
0525 if (ext_len < sizeof(uint64_t) ||
0526 ext_len > len ||
0527 ext_type == SADB_EXT_RESERVED)
0528 return -EINVAL;
0529
0530 if (ext_type <= SADB_EXT_MAX) {
0531 int min = (int) sadb_ext_min_len[ext_type];
0532 if (ext_len < min)
0533 return -EINVAL;
0534 if (ext_hdrs[ext_type-1] != NULL)
0535 return -EINVAL;
0536 switch (ext_type) {
0537 case SADB_EXT_ADDRESS_SRC:
0538 case SADB_EXT_ADDRESS_DST:
0539 case SADB_EXT_ADDRESS_PROXY:
0540 case SADB_X_EXT_NAT_T_OA:
0541 if (verify_address_len(p))
0542 return -EINVAL;
0543 break;
0544 case SADB_X_EXT_SEC_CTX:
0545 if (verify_sec_ctx_len(p))
0546 return -EINVAL;
0547 break;
0548 case SADB_EXT_KEY_AUTH:
0549 case SADB_EXT_KEY_ENCRYPT:
0550 if (verify_key_len(p))
0551 return -EINVAL;
0552 break;
0553 default:
0554 break;
0555 }
0556 ext_hdrs[ext_type-1] = (void *) p;
0557 }
0558 p += ext_len;
0559 len -= ext_len;
0560 }
0561
0562 return 0;
0563 }
0564
0565 static uint16_t
0566 pfkey_satype2proto(uint8_t satype)
0567 {
0568 switch (satype) {
0569 case SADB_SATYPE_UNSPEC:
0570 return IPSEC_PROTO_ANY;
0571 case SADB_SATYPE_AH:
0572 return IPPROTO_AH;
0573 case SADB_SATYPE_ESP:
0574 return IPPROTO_ESP;
0575 case SADB_X_SATYPE_IPCOMP:
0576 return IPPROTO_COMP;
0577 default:
0578 return 0;
0579 }
0580
0581 }
0582
0583 static uint8_t
0584 pfkey_proto2satype(uint16_t proto)
0585 {
0586 switch (proto) {
0587 case IPPROTO_AH:
0588 return SADB_SATYPE_AH;
0589 case IPPROTO_ESP:
0590 return SADB_SATYPE_ESP;
0591 case IPPROTO_COMP:
0592 return SADB_X_SATYPE_IPCOMP;
0593 default:
0594 return 0;
0595 }
0596
0597 }
0598
0599
0600
0601
0602
0603 static uint8_t pfkey_proto_to_xfrm(uint8_t proto)
0604 {
0605 return proto == IPSEC_PROTO_ANY ? 0 : proto;
0606 }
0607
0608 static uint8_t pfkey_proto_from_xfrm(uint8_t proto)
0609 {
0610 return proto ? proto : IPSEC_PROTO_ANY;
0611 }
0612
0613 static inline int pfkey_sockaddr_len(sa_family_t family)
0614 {
0615 switch (family) {
0616 case AF_INET:
0617 return sizeof(struct sockaddr_in);
0618 #if IS_ENABLED(CONFIG_IPV6)
0619 case AF_INET6:
0620 return sizeof(struct sockaddr_in6);
0621 #endif
0622 }
0623 return 0;
0624 }
0625
0626 static
0627 int pfkey_sockaddr_extract(const struct sockaddr *sa, xfrm_address_t *xaddr)
0628 {
0629 switch (sa->sa_family) {
0630 case AF_INET:
0631 xaddr->a4 =
0632 ((struct sockaddr_in *)sa)->sin_addr.s_addr;
0633 return AF_INET;
0634 #if IS_ENABLED(CONFIG_IPV6)
0635 case AF_INET6:
0636 memcpy(xaddr->a6,
0637 &((struct sockaddr_in6 *)sa)->sin6_addr,
0638 sizeof(struct in6_addr));
0639 return AF_INET6;
0640 #endif
0641 }
0642 return 0;
0643 }
0644
0645 static
0646 int pfkey_sadb_addr2xfrm_addr(const struct sadb_address *addr, xfrm_address_t *xaddr)
0647 {
0648 return pfkey_sockaddr_extract((struct sockaddr *)(addr + 1),
0649 xaddr);
0650 }
0651
0652 static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, const struct sadb_msg *hdr, void * const *ext_hdrs)
0653 {
0654 const struct sadb_sa *sa;
0655 const struct sadb_address *addr;
0656 uint16_t proto;
0657 unsigned short family;
0658 xfrm_address_t *xaddr;
0659
0660 sa = ext_hdrs[SADB_EXT_SA - 1];
0661 if (sa == NULL)
0662 return NULL;
0663
0664 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
0665 if (proto == 0)
0666 return NULL;
0667
0668
0669 addr = ext_hdrs[SADB_EXT_ADDRESS_DST - 1];
0670 if (addr == NULL)
0671 return NULL;
0672
0673 family = ((const struct sockaddr *)(addr + 1))->sa_family;
0674 switch (family) {
0675 case AF_INET:
0676 xaddr = (xfrm_address_t *)&((const struct sockaddr_in *)(addr + 1))->sin_addr;
0677 break;
0678 #if IS_ENABLED(CONFIG_IPV6)
0679 case AF_INET6:
0680 xaddr = (xfrm_address_t *)&((const struct sockaddr_in6 *)(addr + 1))->sin6_addr;
0681 break;
0682 #endif
0683 default:
0684 xaddr = NULL;
0685 }
0686
0687 if (!xaddr)
0688 return NULL;
0689
0690 return xfrm_state_lookup(net, DUMMY_MARK, xaddr, sa->sadb_sa_spi, proto, family);
0691 }
0692
0693 #define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
0694
0695 static int
0696 pfkey_sockaddr_size(sa_family_t family)
0697 {
0698 return PFKEY_ALIGN8(pfkey_sockaddr_len(family));
0699 }
0700
0701 static inline int pfkey_mode_from_xfrm(int mode)
0702 {
0703 switch(mode) {
0704 case XFRM_MODE_TRANSPORT:
0705 return IPSEC_MODE_TRANSPORT;
0706 case XFRM_MODE_TUNNEL:
0707 return IPSEC_MODE_TUNNEL;
0708 case XFRM_MODE_BEET:
0709 return IPSEC_MODE_BEET;
0710 default:
0711 return -1;
0712 }
0713 }
0714
0715 static inline int pfkey_mode_to_xfrm(int mode)
0716 {
0717 switch(mode) {
0718 case IPSEC_MODE_ANY:
0719 case IPSEC_MODE_TRANSPORT:
0720 return XFRM_MODE_TRANSPORT;
0721 case IPSEC_MODE_TUNNEL:
0722 return XFRM_MODE_TUNNEL;
0723 case IPSEC_MODE_BEET:
0724 return XFRM_MODE_BEET;
0725 default:
0726 return -1;
0727 }
0728 }
0729
0730 static unsigned int pfkey_sockaddr_fill(const xfrm_address_t *xaddr, __be16 port,
0731 struct sockaddr *sa,
0732 unsigned short family)
0733 {
0734 switch (family) {
0735 case AF_INET:
0736 {
0737 struct sockaddr_in *sin = (struct sockaddr_in *)sa;
0738 sin->sin_family = AF_INET;
0739 sin->sin_port = port;
0740 sin->sin_addr.s_addr = xaddr->a4;
0741 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
0742 return 32;
0743 }
0744 #if IS_ENABLED(CONFIG_IPV6)
0745 case AF_INET6:
0746 {
0747 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
0748 sin6->sin6_family = AF_INET6;
0749 sin6->sin6_port = port;
0750 sin6->sin6_flowinfo = 0;
0751 sin6->sin6_addr = xaddr->in6;
0752 sin6->sin6_scope_id = 0;
0753 return 128;
0754 }
0755 #endif
0756 }
0757 return 0;
0758 }
0759
0760 static struct sk_buff *__pfkey_xfrm_state2msg(const struct xfrm_state *x,
0761 int add_keys, int hsc)
0762 {
0763 struct sk_buff *skb;
0764 struct sadb_msg *hdr;
0765 struct sadb_sa *sa;
0766 struct sadb_lifetime *lifetime;
0767 struct sadb_address *addr;
0768 struct sadb_key *key;
0769 struct sadb_x_sa2 *sa2;
0770 struct sadb_x_sec_ctx *sec_ctx;
0771 struct xfrm_sec_ctx *xfrm_ctx;
0772 int ctx_size = 0;
0773 int size;
0774 int auth_key_size = 0;
0775 int encrypt_key_size = 0;
0776 int sockaddr_size;
0777 struct xfrm_encap_tmpl *natt = NULL;
0778 int mode;
0779
0780
0781 sockaddr_size = pfkey_sockaddr_size(x->props.family);
0782 if (!sockaddr_size)
0783 return ERR_PTR(-EINVAL);
0784
0785
0786
0787 size = sizeof(struct sadb_msg) +sizeof(struct sadb_sa) +
0788 sizeof(struct sadb_lifetime) +
0789 ((hsc & 1) ? sizeof(struct sadb_lifetime) : 0) +
0790 ((hsc & 2) ? sizeof(struct sadb_lifetime) : 0) +
0791 sizeof(struct sadb_address)*2 +
0792 sockaddr_size*2 +
0793 sizeof(struct sadb_x_sa2);
0794
0795 if ((xfrm_ctx = x->security)) {
0796 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
0797 size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
0798 }
0799
0800
0801 if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, x->props.family))
0802 size += sizeof(struct sadb_address) + sockaddr_size;
0803
0804 if (add_keys) {
0805 if (x->aalg && x->aalg->alg_key_len) {
0806 auth_key_size =
0807 PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8);
0808 size += sizeof(struct sadb_key) + auth_key_size;
0809 }
0810 if (x->ealg && x->ealg->alg_key_len) {
0811 encrypt_key_size =
0812 PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8);
0813 size += sizeof(struct sadb_key) + encrypt_key_size;
0814 }
0815 }
0816 if (x->encap)
0817 natt = x->encap;
0818
0819 if (natt && natt->encap_type) {
0820 size += sizeof(struct sadb_x_nat_t_type);
0821 size += sizeof(struct sadb_x_nat_t_port);
0822 size += sizeof(struct sadb_x_nat_t_port);
0823 }
0824
0825 skb = alloc_skb(size + 16, GFP_ATOMIC);
0826 if (skb == NULL)
0827 return ERR_PTR(-ENOBUFS);
0828
0829
0830 hdr = skb_put(skb, sizeof(struct sadb_msg));
0831 memset(hdr, 0, size);
0832 hdr->sadb_msg_len = size / sizeof(uint64_t);
0833
0834
0835 sa = skb_put(skb, sizeof(struct sadb_sa));
0836 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
0837 sa->sadb_sa_exttype = SADB_EXT_SA;
0838 sa->sadb_sa_spi = x->id.spi;
0839 sa->sadb_sa_replay = x->props.replay_window;
0840 switch (x->km.state) {
0841 case XFRM_STATE_VALID:
0842 sa->sadb_sa_state = x->km.dying ?
0843 SADB_SASTATE_DYING : SADB_SASTATE_MATURE;
0844 break;
0845 case XFRM_STATE_ACQ:
0846 sa->sadb_sa_state = SADB_SASTATE_LARVAL;
0847 break;
0848 default:
0849 sa->sadb_sa_state = SADB_SASTATE_DEAD;
0850 break;
0851 }
0852 sa->sadb_sa_auth = 0;
0853 if (x->aalg) {
0854 struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
0855 sa->sadb_sa_auth = (a && a->pfkey_supported) ?
0856 a->desc.sadb_alg_id : 0;
0857 }
0858 sa->sadb_sa_encrypt = 0;
0859 BUG_ON(x->ealg && x->calg);
0860 if (x->ealg) {
0861 struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0);
0862 sa->sadb_sa_encrypt = (a && a->pfkey_supported) ?
0863 a->desc.sadb_alg_id : 0;
0864 }
0865
0866 if (x->calg) {
0867 struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0);
0868 sa->sadb_sa_encrypt = (a && a->pfkey_supported) ?
0869 a->desc.sadb_alg_id : 0;
0870 }
0871
0872 sa->sadb_sa_flags = 0;
0873 if (x->props.flags & XFRM_STATE_NOECN)
0874 sa->sadb_sa_flags |= SADB_SAFLAGS_NOECN;
0875 if (x->props.flags & XFRM_STATE_DECAP_DSCP)
0876 sa->sadb_sa_flags |= SADB_SAFLAGS_DECAP_DSCP;
0877 if (x->props.flags & XFRM_STATE_NOPMTUDISC)
0878 sa->sadb_sa_flags |= SADB_SAFLAGS_NOPMTUDISC;
0879
0880
0881 if (hsc & 2) {
0882 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
0883 lifetime->sadb_lifetime_len =
0884 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
0885 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
0886 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.hard_packet_limit);
0887 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.hard_byte_limit);
0888 lifetime->sadb_lifetime_addtime = x->lft.hard_add_expires_seconds;
0889 lifetime->sadb_lifetime_usetime = x->lft.hard_use_expires_seconds;
0890 }
0891
0892 if (hsc & 1) {
0893 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
0894 lifetime->sadb_lifetime_len =
0895 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
0896 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
0897 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.soft_packet_limit);
0898 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.soft_byte_limit);
0899 lifetime->sadb_lifetime_addtime = x->lft.soft_add_expires_seconds;
0900 lifetime->sadb_lifetime_usetime = x->lft.soft_use_expires_seconds;
0901 }
0902
0903 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
0904 lifetime->sadb_lifetime_len =
0905 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
0906 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
0907 lifetime->sadb_lifetime_allocations = x->curlft.packets;
0908 lifetime->sadb_lifetime_bytes = x->curlft.bytes;
0909 lifetime->sadb_lifetime_addtime = x->curlft.add_time;
0910 lifetime->sadb_lifetime_usetime = x->curlft.use_time;
0911
0912 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
0913 addr->sadb_address_len =
0914 (sizeof(struct sadb_address)+sockaddr_size)/
0915 sizeof(uint64_t);
0916 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
0917
0918
0919
0920 addr->sadb_address_proto = 0;
0921 addr->sadb_address_reserved = 0;
0922
0923 addr->sadb_address_prefixlen =
0924 pfkey_sockaddr_fill(&x->props.saddr, 0,
0925 (struct sockaddr *) (addr + 1),
0926 x->props.family);
0927 BUG_ON(!addr->sadb_address_prefixlen);
0928
0929
0930 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
0931 addr->sadb_address_len =
0932 (sizeof(struct sadb_address)+sockaddr_size)/
0933 sizeof(uint64_t);
0934 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
0935 addr->sadb_address_proto = 0;
0936 addr->sadb_address_reserved = 0;
0937
0938 addr->sadb_address_prefixlen =
0939 pfkey_sockaddr_fill(&x->id.daddr, 0,
0940 (struct sockaddr *) (addr + 1),
0941 x->props.family);
0942 BUG_ON(!addr->sadb_address_prefixlen);
0943
0944 if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr,
0945 x->props.family)) {
0946 addr = skb_put(skb,
0947 sizeof(struct sadb_address) + sockaddr_size);
0948 addr->sadb_address_len =
0949 (sizeof(struct sadb_address)+sockaddr_size)/
0950 sizeof(uint64_t);
0951 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;
0952 addr->sadb_address_proto =
0953 pfkey_proto_from_xfrm(x->sel.proto);
0954 addr->sadb_address_prefixlen = x->sel.prefixlen_s;
0955 addr->sadb_address_reserved = 0;
0956
0957 pfkey_sockaddr_fill(&x->sel.saddr, x->sel.sport,
0958 (struct sockaddr *) (addr + 1),
0959 x->props.family);
0960 }
0961
0962
0963 if (add_keys && auth_key_size) {
0964 key = skb_put(skb, sizeof(struct sadb_key) + auth_key_size);
0965 key->sadb_key_len = (sizeof(struct sadb_key) + auth_key_size) /
0966 sizeof(uint64_t);
0967 key->sadb_key_exttype = SADB_EXT_KEY_AUTH;
0968 key->sadb_key_bits = x->aalg->alg_key_len;
0969 key->sadb_key_reserved = 0;
0970 memcpy(key + 1, x->aalg->alg_key, (x->aalg->alg_key_len+7)/8);
0971 }
0972
0973 if (add_keys && encrypt_key_size) {
0974 key = skb_put(skb, sizeof(struct sadb_key) + encrypt_key_size);
0975 key->sadb_key_len = (sizeof(struct sadb_key) +
0976 encrypt_key_size) / sizeof(uint64_t);
0977 key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
0978 key->sadb_key_bits = x->ealg->alg_key_len;
0979 key->sadb_key_reserved = 0;
0980 memcpy(key + 1, x->ealg->alg_key,
0981 (x->ealg->alg_key_len+7)/8);
0982 }
0983
0984
0985 sa2 = skb_put(skb, sizeof(struct sadb_x_sa2));
0986 sa2->sadb_x_sa2_len = sizeof(struct sadb_x_sa2)/sizeof(uint64_t);
0987 sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
0988 if ((mode = pfkey_mode_from_xfrm(x->props.mode)) < 0) {
0989 kfree_skb(skb);
0990 return ERR_PTR(-EINVAL);
0991 }
0992 sa2->sadb_x_sa2_mode = mode;
0993 sa2->sadb_x_sa2_reserved1 = 0;
0994 sa2->sadb_x_sa2_reserved2 = 0;
0995 sa2->sadb_x_sa2_sequence = 0;
0996 sa2->sadb_x_sa2_reqid = x->props.reqid;
0997
0998 if (natt && natt->encap_type) {
0999 struct sadb_x_nat_t_type *n_type;
1000 struct sadb_x_nat_t_port *n_port;
1001
1002
1003 n_type = skb_put(skb, sizeof(*n_type));
1004 n_type->sadb_x_nat_t_type_len = sizeof(*n_type)/sizeof(uint64_t);
1005 n_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
1006 n_type->sadb_x_nat_t_type_type = natt->encap_type;
1007 n_type->sadb_x_nat_t_type_reserved[0] = 0;
1008 n_type->sadb_x_nat_t_type_reserved[1] = 0;
1009 n_type->sadb_x_nat_t_type_reserved[2] = 0;
1010
1011
1012 n_port = skb_put(skb, sizeof(*n_port));
1013 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
1014 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
1015 n_port->sadb_x_nat_t_port_port = natt->encap_sport;
1016 n_port->sadb_x_nat_t_port_reserved = 0;
1017
1018
1019 n_port = skb_put(skb, sizeof(*n_port));
1020 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
1021 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
1022 n_port->sadb_x_nat_t_port_port = natt->encap_dport;
1023 n_port->sadb_x_nat_t_port_reserved = 0;
1024 }
1025
1026
1027 if (xfrm_ctx) {
1028 sec_ctx = skb_put(skb,
1029 sizeof(struct sadb_x_sec_ctx) + ctx_size);
1030 sec_ctx->sadb_x_sec_len =
1031 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
1032 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
1033 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
1034 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
1035 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
1036 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
1037 xfrm_ctx->ctx_len);
1038 }
1039
1040 return skb;
1041 }
1042
1043
1044 static inline struct sk_buff *pfkey_xfrm_state2msg(const struct xfrm_state *x)
1045 {
1046 struct sk_buff *skb;
1047
1048 skb = __pfkey_xfrm_state2msg(x, 1, 3);
1049
1050 return skb;
1051 }
1052
1053 static inline struct sk_buff *pfkey_xfrm_state2msg_expire(const struct xfrm_state *x,
1054 int hsc)
1055 {
1056 return __pfkey_xfrm_state2msg(x, 0, hsc);
1057 }
1058
1059 static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1060 const struct sadb_msg *hdr,
1061 void * const *ext_hdrs)
1062 {
1063 struct xfrm_state *x;
1064 const struct sadb_lifetime *lifetime;
1065 const struct sadb_sa *sa;
1066 const struct sadb_key *key;
1067 const struct sadb_x_sec_ctx *sec_ctx;
1068 uint16_t proto;
1069 int err;
1070
1071
1072 sa = ext_hdrs[SADB_EXT_SA - 1];
1073 if (!sa ||
1074 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1075 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1076 return ERR_PTR(-EINVAL);
1077 if (hdr->sadb_msg_satype == SADB_SATYPE_ESP &&
1078 !ext_hdrs[SADB_EXT_KEY_ENCRYPT-1])
1079 return ERR_PTR(-EINVAL);
1080 if (hdr->sadb_msg_satype == SADB_SATYPE_AH &&
1081 !ext_hdrs[SADB_EXT_KEY_AUTH-1])
1082 return ERR_PTR(-EINVAL);
1083 if (!!ext_hdrs[SADB_EXT_LIFETIME_HARD-1] !=
1084 !!ext_hdrs[SADB_EXT_LIFETIME_SOFT-1])
1085 return ERR_PTR(-EINVAL);
1086
1087 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1088 if (proto == 0)
1089 return ERR_PTR(-EINVAL);
1090
1091
1092 err = -ENOBUFS;
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106 if (sa->sadb_sa_auth > SADB_AALG_MAX ||
1107 (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP &&
1108 sa->sadb_sa_encrypt > SADB_X_CALG_MAX) ||
1109 sa->sadb_sa_encrypt > SADB_EALG_MAX)
1110 return ERR_PTR(-EINVAL);
1111 key = ext_hdrs[SADB_EXT_KEY_AUTH - 1];
1112 if (key != NULL &&
1113 sa->sadb_sa_auth != SADB_X_AALG_NULL &&
1114 key->sadb_key_bits == 0)
1115 return ERR_PTR(-EINVAL);
1116 key = ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
1117 if (key != NULL &&
1118 sa->sadb_sa_encrypt != SADB_EALG_NULL &&
1119 key->sadb_key_bits == 0)
1120 return ERR_PTR(-EINVAL);
1121
1122 x = xfrm_state_alloc(net);
1123 if (x == NULL)
1124 return ERR_PTR(-ENOBUFS);
1125
1126 x->id.proto = proto;
1127 x->id.spi = sa->sadb_sa_spi;
1128 x->props.replay_window = min_t(unsigned int, sa->sadb_sa_replay,
1129 (sizeof(x->replay.bitmap) * 8));
1130 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOECN)
1131 x->props.flags |= XFRM_STATE_NOECN;
1132 if (sa->sadb_sa_flags & SADB_SAFLAGS_DECAP_DSCP)
1133 x->props.flags |= XFRM_STATE_DECAP_DSCP;
1134 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC)
1135 x->props.flags |= XFRM_STATE_NOPMTUDISC;
1136
1137 lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD - 1];
1138 if (lifetime != NULL) {
1139 x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1140 x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1141 x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1142 x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1143 }
1144 lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT - 1];
1145 if (lifetime != NULL) {
1146 x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1147 x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1148 x->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1149 x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1150 }
1151
1152 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
1153 if (sec_ctx != NULL) {
1154 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
1155
1156 if (!uctx)
1157 goto out;
1158
1159 err = security_xfrm_state_alloc(x, uctx);
1160 kfree(uctx);
1161
1162 if (err)
1163 goto out;
1164 }
1165
1166 err = -ENOBUFS;
1167 key = ext_hdrs[SADB_EXT_KEY_AUTH - 1];
1168 if (sa->sadb_sa_auth) {
1169 int keysize = 0;
1170 struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth);
1171 if (!a || !a->pfkey_supported) {
1172 err = -ENOSYS;
1173 goto out;
1174 }
1175 if (key)
1176 keysize = (key->sadb_key_bits + 7) / 8;
1177 x->aalg = kmalloc(sizeof(*x->aalg) + keysize, GFP_KERNEL);
1178 if (!x->aalg) {
1179 err = -ENOMEM;
1180 goto out;
1181 }
1182 strcpy(x->aalg->alg_name, a->name);
1183 x->aalg->alg_key_len = 0;
1184 if (key) {
1185 x->aalg->alg_key_len = key->sadb_key_bits;
1186 memcpy(x->aalg->alg_key, key+1, keysize);
1187 }
1188 x->aalg->alg_trunc_len = a->uinfo.auth.icv_truncbits;
1189 x->props.aalgo = sa->sadb_sa_auth;
1190
1191 }
1192 if (sa->sadb_sa_encrypt) {
1193 if (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
1194 struct xfrm_algo_desc *a = xfrm_calg_get_byid(sa->sadb_sa_encrypt);
1195 if (!a || !a->pfkey_supported) {
1196 err = -ENOSYS;
1197 goto out;
1198 }
1199 x->calg = kmalloc(sizeof(*x->calg), GFP_KERNEL);
1200 if (!x->calg) {
1201 err = -ENOMEM;
1202 goto out;
1203 }
1204 strcpy(x->calg->alg_name, a->name);
1205 x->props.calgo = sa->sadb_sa_encrypt;
1206 } else {
1207 int keysize = 0;
1208 struct xfrm_algo_desc *a = xfrm_ealg_get_byid(sa->sadb_sa_encrypt);
1209 if (!a || !a->pfkey_supported) {
1210 err = -ENOSYS;
1211 goto out;
1212 }
1213 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
1214 if (key)
1215 keysize = (key->sadb_key_bits + 7) / 8;
1216 x->ealg = kmalloc(sizeof(*x->ealg) + keysize, GFP_KERNEL);
1217 if (!x->ealg) {
1218 err = -ENOMEM;
1219 goto out;
1220 }
1221 strcpy(x->ealg->alg_name, a->name);
1222 x->ealg->alg_key_len = 0;
1223 if (key) {
1224 x->ealg->alg_key_len = key->sadb_key_bits;
1225 memcpy(x->ealg->alg_key, key+1, keysize);
1226 }
1227 x->props.ealgo = sa->sadb_sa_encrypt;
1228 x->geniv = a->uinfo.encr.geniv;
1229 }
1230 }
1231
1232
1233 x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1234 &x->props.saddr);
1235 pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1],
1236 &x->id.daddr);
1237
1238 if (ext_hdrs[SADB_X_EXT_SA2-1]) {
1239 const struct sadb_x_sa2 *sa2 = ext_hdrs[SADB_X_EXT_SA2-1];
1240 int mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1241 if (mode < 0) {
1242 err = -EINVAL;
1243 goto out;
1244 }
1245 x->props.mode = mode;
1246 x->props.reqid = sa2->sadb_x_sa2_reqid;
1247 }
1248
1249 if (ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]) {
1250 const struct sadb_address *addr = ext_hdrs[SADB_EXT_ADDRESS_PROXY-1];
1251
1252
1253 x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr);
1254 x->sel.prefixlen_s = addr->sadb_address_prefixlen;
1255 }
1256
1257 if (!x->sel.family)
1258 x->sel.family = x->props.family;
1259
1260 if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) {
1261 const struct sadb_x_nat_t_type* n_type;
1262 struct xfrm_encap_tmpl *natt;
1263
1264 x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL);
1265 if (!x->encap) {
1266 err = -ENOMEM;
1267 goto out;
1268 }
1269
1270 natt = x->encap;
1271 n_type = ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1];
1272 natt->encap_type = n_type->sadb_x_nat_t_type_type;
1273
1274 if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) {
1275 const struct sadb_x_nat_t_port *n_port =
1276 ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1];
1277 natt->encap_sport = n_port->sadb_x_nat_t_port_port;
1278 }
1279 if (ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]) {
1280 const struct sadb_x_nat_t_port *n_port =
1281 ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1];
1282 natt->encap_dport = n_port->sadb_x_nat_t_port_port;
1283 }
1284 memset(&natt->encap_oa, 0, sizeof(natt->encap_oa));
1285 }
1286
1287 err = xfrm_init_state(x);
1288 if (err)
1289 goto out;
1290
1291 x->km.seq = hdr->sadb_msg_seq;
1292 return x;
1293
1294 out:
1295 x->km.state = XFRM_STATE_DEAD;
1296 xfrm_state_put(x);
1297 return ERR_PTR(err);
1298 }
1299
1300 static int pfkey_reserved(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1301 {
1302 return -EOPNOTSUPP;
1303 }
1304
1305 static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1306 {
1307 struct net *net = sock_net(sk);
1308 struct sk_buff *resp_skb;
1309 struct sadb_x_sa2 *sa2;
1310 struct sadb_address *saddr, *daddr;
1311 struct sadb_msg *out_hdr;
1312 struct sadb_spirange *range;
1313 struct xfrm_state *x = NULL;
1314 int mode;
1315 int err;
1316 u32 min_spi, max_spi;
1317 u32 reqid;
1318 u8 proto;
1319 unsigned short family;
1320 xfrm_address_t *xsaddr = NULL, *xdaddr = NULL;
1321
1322 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1323 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1324 return -EINVAL;
1325
1326 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1327 if (proto == 0)
1328 return -EINVAL;
1329
1330 if ((sa2 = ext_hdrs[SADB_X_EXT_SA2-1]) != NULL) {
1331 mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1332 if (mode < 0)
1333 return -EINVAL;
1334 reqid = sa2->sadb_x_sa2_reqid;
1335 } else {
1336 mode = 0;
1337 reqid = 0;
1338 }
1339
1340 saddr = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
1341 daddr = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
1342
1343 family = ((struct sockaddr *)(saddr + 1))->sa_family;
1344 switch (family) {
1345 case AF_INET:
1346 xdaddr = (xfrm_address_t *)&((struct sockaddr_in *)(daddr + 1))->sin_addr.s_addr;
1347 xsaddr = (xfrm_address_t *)&((struct sockaddr_in *)(saddr + 1))->sin_addr.s_addr;
1348 break;
1349 #if IS_ENABLED(CONFIG_IPV6)
1350 case AF_INET6:
1351 xdaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(daddr + 1))->sin6_addr;
1352 xsaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(saddr + 1))->sin6_addr;
1353 break;
1354 #endif
1355 }
1356
1357 if (hdr->sadb_msg_seq) {
1358 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
1359 if (x && !xfrm_addr_equal(&x->id.daddr, xdaddr, family)) {
1360 xfrm_state_put(x);
1361 x = NULL;
1362 }
1363 }
1364
1365 if (!x)
1366 x = xfrm_find_acq(net, &dummy_mark, mode, reqid, 0, proto, xdaddr, xsaddr, 1, family);
1367
1368 if (x == NULL)
1369 return -ENOENT;
1370
1371 min_spi = 0x100;
1372 max_spi = 0x0fffffff;
1373
1374 range = ext_hdrs[SADB_EXT_SPIRANGE-1];
1375 if (range) {
1376 min_spi = range->sadb_spirange_min;
1377 max_spi = range->sadb_spirange_max;
1378 }
1379
1380 err = verify_spi_info(x->id.proto, min_spi, max_spi);
1381 if (err) {
1382 xfrm_state_put(x);
1383 return err;
1384 }
1385
1386 err = xfrm_alloc_spi(x, min_spi, max_spi);
1387 resp_skb = err ? ERR_PTR(err) : pfkey_xfrm_state2msg(x);
1388
1389 if (IS_ERR(resp_skb)) {
1390 xfrm_state_put(x);
1391 return PTR_ERR(resp_skb);
1392 }
1393
1394 out_hdr = (struct sadb_msg *) resp_skb->data;
1395 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
1396 out_hdr->sadb_msg_type = SADB_GETSPI;
1397 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
1398 out_hdr->sadb_msg_errno = 0;
1399 out_hdr->sadb_msg_reserved = 0;
1400 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1401 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1402
1403 xfrm_state_put(x);
1404
1405 pfkey_broadcast(resp_skb, GFP_KERNEL, BROADCAST_ONE, sk, net);
1406
1407 return 0;
1408 }
1409
1410 static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1411 {
1412 struct net *net = sock_net(sk);
1413 struct xfrm_state *x;
1414
1415 if (hdr->sadb_msg_len != sizeof(struct sadb_msg)/8)
1416 return -EOPNOTSUPP;
1417
1418 if (hdr->sadb_msg_seq == 0 || hdr->sadb_msg_errno == 0)
1419 return 0;
1420
1421 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
1422 if (x == NULL)
1423 return 0;
1424
1425 spin_lock_bh(&x->lock);
1426 if (x->km.state == XFRM_STATE_ACQ)
1427 x->km.state = XFRM_STATE_ERROR;
1428
1429 spin_unlock_bh(&x->lock);
1430 xfrm_state_put(x);
1431 return 0;
1432 }
1433
1434 static inline int event2poltype(int event)
1435 {
1436 switch (event) {
1437 case XFRM_MSG_DELPOLICY:
1438 return SADB_X_SPDDELETE;
1439 case XFRM_MSG_NEWPOLICY:
1440 return SADB_X_SPDADD;
1441 case XFRM_MSG_UPDPOLICY:
1442 return SADB_X_SPDUPDATE;
1443 case XFRM_MSG_POLEXPIRE:
1444
1445 default:
1446 pr_err("pfkey: Unknown policy event %d\n", event);
1447 break;
1448 }
1449
1450 return 0;
1451 }
1452
1453 static inline int event2keytype(int event)
1454 {
1455 switch (event) {
1456 case XFRM_MSG_DELSA:
1457 return SADB_DELETE;
1458 case XFRM_MSG_NEWSA:
1459 return SADB_ADD;
1460 case XFRM_MSG_UPDSA:
1461 return SADB_UPDATE;
1462 case XFRM_MSG_EXPIRE:
1463 return SADB_EXPIRE;
1464 default:
1465 pr_err("pfkey: Unknown SA event %d\n", event);
1466 break;
1467 }
1468
1469 return 0;
1470 }
1471
1472
1473 static int key_notify_sa(struct xfrm_state *x, const struct km_event *c)
1474 {
1475 struct sk_buff *skb;
1476 struct sadb_msg *hdr;
1477
1478 skb = pfkey_xfrm_state2msg(x);
1479
1480 if (IS_ERR(skb))
1481 return PTR_ERR(skb);
1482
1483 hdr = (struct sadb_msg *) skb->data;
1484 hdr->sadb_msg_version = PF_KEY_V2;
1485 hdr->sadb_msg_type = event2keytype(c->event);
1486 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1487 hdr->sadb_msg_errno = 0;
1488 hdr->sadb_msg_reserved = 0;
1489 hdr->sadb_msg_seq = c->seq;
1490 hdr->sadb_msg_pid = c->portid;
1491
1492 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xs_net(x));
1493
1494 return 0;
1495 }
1496
1497 static int pfkey_add(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1498 {
1499 struct net *net = sock_net(sk);
1500 struct xfrm_state *x;
1501 int err;
1502 struct km_event c;
1503
1504 x = pfkey_msg2xfrm_state(net, hdr, ext_hdrs);
1505 if (IS_ERR(x))
1506 return PTR_ERR(x);
1507
1508 xfrm_state_hold(x);
1509 if (hdr->sadb_msg_type == SADB_ADD)
1510 err = xfrm_state_add(x);
1511 else
1512 err = xfrm_state_update(x);
1513
1514 xfrm_audit_state_add(x, err ? 0 : 1, true);
1515
1516 if (err < 0) {
1517 x->km.state = XFRM_STATE_DEAD;
1518 __xfrm_state_put(x);
1519 goto out;
1520 }
1521
1522 if (hdr->sadb_msg_type == SADB_ADD)
1523 c.event = XFRM_MSG_NEWSA;
1524 else
1525 c.event = XFRM_MSG_UPDSA;
1526 c.seq = hdr->sadb_msg_seq;
1527 c.portid = hdr->sadb_msg_pid;
1528 km_state_notify(x, &c);
1529 out:
1530 xfrm_state_put(x);
1531 return err;
1532 }
1533
1534 static int pfkey_delete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1535 {
1536 struct net *net = sock_net(sk);
1537 struct xfrm_state *x;
1538 struct km_event c;
1539 int err;
1540
1541 if (!ext_hdrs[SADB_EXT_SA-1] ||
1542 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1543 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1544 return -EINVAL;
1545
1546 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs);
1547 if (x == NULL)
1548 return -ESRCH;
1549
1550 if ((err = security_xfrm_state_delete(x)))
1551 goto out;
1552
1553 if (xfrm_state_kern(x)) {
1554 err = -EPERM;
1555 goto out;
1556 }
1557
1558 err = xfrm_state_delete(x);
1559
1560 if (err < 0)
1561 goto out;
1562
1563 c.seq = hdr->sadb_msg_seq;
1564 c.portid = hdr->sadb_msg_pid;
1565 c.event = XFRM_MSG_DELSA;
1566 km_state_notify(x, &c);
1567 out:
1568 xfrm_audit_state_delete(x, err ? 0 : 1, true);
1569 xfrm_state_put(x);
1570
1571 return err;
1572 }
1573
1574 static int pfkey_get(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1575 {
1576 struct net *net = sock_net(sk);
1577 __u8 proto;
1578 struct sk_buff *out_skb;
1579 struct sadb_msg *out_hdr;
1580 struct xfrm_state *x;
1581
1582 if (!ext_hdrs[SADB_EXT_SA-1] ||
1583 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1584 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
1585 return -EINVAL;
1586
1587 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs);
1588 if (x == NULL)
1589 return -ESRCH;
1590
1591 out_skb = pfkey_xfrm_state2msg(x);
1592 proto = x->id.proto;
1593 xfrm_state_put(x);
1594 if (IS_ERR(out_skb))
1595 return PTR_ERR(out_skb);
1596
1597 out_hdr = (struct sadb_msg *) out_skb->data;
1598 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
1599 out_hdr->sadb_msg_type = SADB_GET;
1600 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
1601 out_hdr->sadb_msg_errno = 0;
1602 out_hdr->sadb_msg_reserved = 0;
1603 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1604 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1605 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk));
1606
1607 return 0;
1608 }
1609
1610 static struct sk_buff *compose_sadb_supported(const struct sadb_msg *orig,
1611 gfp_t allocation)
1612 {
1613 struct sk_buff *skb;
1614 struct sadb_msg *hdr;
1615 int len, auth_len, enc_len, i;
1616
1617 auth_len = xfrm_count_pfkey_auth_supported();
1618 if (auth_len) {
1619 auth_len *= sizeof(struct sadb_alg);
1620 auth_len += sizeof(struct sadb_supported);
1621 }
1622
1623 enc_len = xfrm_count_pfkey_enc_supported();
1624 if (enc_len) {
1625 enc_len *= sizeof(struct sadb_alg);
1626 enc_len += sizeof(struct sadb_supported);
1627 }
1628
1629 len = enc_len + auth_len + sizeof(struct sadb_msg);
1630
1631 skb = alloc_skb(len + 16, allocation);
1632 if (!skb)
1633 goto out_put_algs;
1634
1635 hdr = skb_put(skb, sizeof(*hdr));
1636 pfkey_hdr_dup(hdr, orig);
1637 hdr->sadb_msg_errno = 0;
1638 hdr->sadb_msg_len = len / sizeof(uint64_t);
1639
1640 if (auth_len) {
1641 struct sadb_supported *sp;
1642 struct sadb_alg *ap;
1643
1644 sp = skb_put(skb, auth_len);
1645 ap = (struct sadb_alg *) (sp + 1);
1646
1647 sp->sadb_supported_len = auth_len / sizeof(uint64_t);
1648 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
1649
1650 for (i = 0; ; i++) {
1651 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
1652 if (!aalg)
1653 break;
1654 if (!aalg->pfkey_supported)
1655 continue;
1656 if (aalg->available)
1657 *ap++ = aalg->desc;
1658 }
1659 }
1660
1661 if (enc_len) {
1662 struct sadb_supported *sp;
1663 struct sadb_alg *ap;
1664
1665 sp = skb_put(skb, enc_len);
1666 ap = (struct sadb_alg *) (sp + 1);
1667
1668 sp->sadb_supported_len = enc_len / sizeof(uint64_t);
1669 sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
1670
1671 for (i = 0; ; i++) {
1672 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
1673 if (!ealg)
1674 break;
1675 if (!ealg->pfkey_supported)
1676 continue;
1677 if (ealg->available)
1678 *ap++ = ealg->desc;
1679 }
1680 }
1681
1682 out_put_algs:
1683 return skb;
1684 }
1685
1686 static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1687 {
1688 struct pfkey_sock *pfk = pfkey_sk(sk);
1689 struct sk_buff *supp_skb;
1690
1691 if (hdr->sadb_msg_satype > SADB_SATYPE_MAX)
1692 return -EINVAL;
1693
1694 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) {
1695 if (pfk->registered&(1<<hdr->sadb_msg_satype))
1696 return -EEXIST;
1697 pfk->registered |= (1<<hdr->sadb_msg_satype);
1698 }
1699
1700 mutex_lock(&pfkey_mutex);
1701 xfrm_probe_algs();
1702
1703 supp_skb = compose_sadb_supported(hdr, GFP_KERNEL | __GFP_ZERO);
1704 mutex_unlock(&pfkey_mutex);
1705
1706 if (!supp_skb) {
1707 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
1708 pfk->registered &= ~(1<<hdr->sadb_msg_satype);
1709
1710 return -ENOBUFS;
1711 }
1712
1713 pfkey_broadcast(supp_skb, GFP_KERNEL, BROADCAST_REGISTERED, sk,
1714 sock_net(sk));
1715 return 0;
1716 }
1717
1718 static int unicast_flush_resp(struct sock *sk, const struct sadb_msg *ihdr)
1719 {
1720 struct sk_buff *skb;
1721 struct sadb_msg *hdr;
1722
1723 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
1724 if (!skb)
1725 return -ENOBUFS;
1726
1727 hdr = skb_put_data(skb, ihdr, sizeof(struct sadb_msg));
1728 hdr->sadb_msg_errno = (uint8_t) 0;
1729 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
1730
1731 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk,
1732 sock_net(sk));
1733 }
1734
1735 static int key_notify_sa_flush(const struct km_event *c)
1736 {
1737 struct sk_buff *skb;
1738 struct sadb_msg *hdr;
1739
1740 skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
1741 if (!skb)
1742 return -ENOBUFS;
1743 hdr = skb_put(skb, sizeof(struct sadb_msg));
1744 hdr->sadb_msg_satype = pfkey_proto2satype(c->data.proto);
1745 hdr->sadb_msg_type = SADB_FLUSH;
1746 hdr->sadb_msg_seq = c->seq;
1747 hdr->sadb_msg_pid = c->portid;
1748 hdr->sadb_msg_version = PF_KEY_V2;
1749 hdr->sadb_msg_errno = (uint8_t) 0;
1750 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
1751 hdr->sadb_msg_reserved = 0;
1752
1753 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
1754
1755 return 0;
1756 }
1757
1758 static int pfkey_flush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1759 {
1760 struct net *net = sock_net(sk);
1761 unsigned int proto;
1762 struct km_event c;
1763 int err, err2;
1764
1765 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1766 if (proto == 0)
1767 return -EINVAL;
1768
1769 err = xfrm_state_flush(net, proto, true, false);
1770 err2 = unicast_flush_resp(sk, hdr);
1771 if (err || err2) {
1772 if (err == -ESRCH)
1773 err = 0;
1774 return err ? err : err2;
1775 }
1776
1777 c.data.proto = proto;
1778 c.seq = hdr->sadb_msg_seq;
1779 c.portid = hdr->sadb_msg_pid;
1780 c.event = XFRM_MSG_FLUSHSA;
1781 c.net = net;
1782 km_state_notify(NULL, &c);
1783
1784 return 0;
1785 }
1786
1787 static int dump_sa(struct xfrm_state *x, int count, void *ptr)
1788 {
1789 struct pfkey_sock *pfk = ptr;
1790 struct sk_buff *out_skb;
1791 struct sadb_msg *out_hdr;
1792
1793 if (!pfkey_can_dump(&pfk->sk))
1794 return -ENOBUFS;
1795
1796 out_skb = pfkey_xfrm_state2msg(x);
1797 if (IS_ERR(out_skb))
1798 return PTR_ERR(out_skb);
1799
1800 out_hdr = (struct sadb_msg *) out_skb->data;
1801 out_hdr->sadb_msg_version = pfk->dump.msg_version;
1802 out_hdr->sadb_msg_type = SADB_DUMP;
1803 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1804 out_hdr->sadb_msg_errno = 0;
1805 out_hdr->sadb_msg_reserved = 0;
1806 out_hdr->sadb_msg_seq = count + 1;
1807 out_hdr->sadb_msg_pid = pfk->dump.msg_portid;
1808
1809 if (pfk->dump.skb)
1810 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
1811 &pfk->sk, sock_net(&pfk->sk));
1812 pfk->dump.skb = out_skb;
1813
1814 return 0;
1815 }
1816
1817 static int pfkey_dump_sa(struct pfkey_sock *pfk)
1818 {
1819 struct net *net = sock_net(&pfk->sk);
1820 return xfrm_state_walk(net, &pfk->dump.u.state, dump_sa, (void *) pfk);
1821 }
1822
1823 static void pfkey_dump_sa_done(struct pfkey_sock *pfk)
1824 {
1825 struct net *net = sock_net(&pfk->sk);
1826
1827 xfrm_state_walk_done(&pfk->dump.u.state, net);
1828 }
1829
1830 static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1831 {
1832 u8 proto;
1833 struct xfrm_address_filter *filter = NULL;
1834 struct pfkey_sock *pfk = pfkey_sk(sk);
1835
1836 mutex_lock(&pfk->dump_lock);
1837 if (pfk->dump.dump != NULL) {
1838 mutex_unlock(&pfk->dump_lock);
1839 return -EBUSY;
1840 }
1841
1842 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1843 if (proto == 0) {
1844 mutex_unlock(&pfk->dump_lock);
1845 return -EINVAL;
1846 }
1847
1848 if (ext_hdrs[SADB_X_EXT_FILTER - 1]) {
1849 struct sadb_x_filter *xfilter = ext_hdrs[SADB_X_EXT_FILTER - 1];
1850
1851 if ((xfilter->sadb_x_filter_splen >=
1852 (sizeof(xfrm_address_t) << 3)) ||
1853 (xfilter->sadb_x_filter_dplen >=
1854 (sizeof(xfrm_address_t) << 3))) {
1855 mutex_unlock(&pfk->dump_lock);
1856 return -EINVAL;
1857 }
1858 filter = kmalloc(sizeof(*filter), GFP_KERNEL);
1859 if (filter == NULL) {
1860 mutex_unlock(&pfk->dump_lock);
1861 return -ENOMEM;
1862 }
1863
1864 memcpy(&filter->saddr, &xfilter->sadb_x_filter_saddr,
1865 sizeof(xfrm_address_t));
1866 memcpy(&filter->daddr, &xfilter->sadb_x_filter_daddr,
1867 sizeof(xfrm_address_t));
1868 filter->family = xfilter->sadb_x_filter_family;
1869 filter->splen = xfilter->sadb_x_filter_splen;
1870 filter->dplen = xfilter->sadb_x_filter_dplen;
1871 }
1872
1873 pfk->dump.msg_version = hdr->sadb_msg_version;
1874 pfk->dump.msg_portid = hdr->sadb_msg_pid;
1875 pfk->dump.dump = pfkey_dump_sa;
1876 pfk->dump.done = pfkey_dump_sa_done;
1877 xfrm_state_walk_init(&pfk->dump.u.state, proto, filter);
1878 mutex_unlock(&pfk->dump_lock);
1879
1880 return pfkey_do_dump(pfk);
1881 }
1882
1883 static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1884 {
1885 struct pfkey_sock *pfk = pfkey_sk(sk);
1886 int satype = hdr->sadb_msg_satype;
1887 bool reset_errno = false;
1888
1889 if (hdr->sadb_msg_len == (sizeof(*hdr) / sizeof(uint64_t))) {
1890 reset_errno = true;
1891 if (satype != 0 && satype != 1)
1892 return -EINVAL;
1893 pfk->promisc = satype;
1894 }
1895 if (reset_errno && skb_cloned(skb))
1896 skb = skb_copy(skb, GFP_KERNEL);
1897 else
1898 skb = skb_clone(skb, GFP_KERNEL);
1899
1900 if (reset_errno && skb) {
1901 struct sadb_msg *new_hdr = (struct sadb_msg *) skb->data;
1902 new_hdr->sadb_msg_errno = 0;
1903 }
1904
1905 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ALL, NULL, sock_net(sk));
1906 return 0;
1907 }
1908
1909 static int check_reqid(struct xfrm_policy *xp, int dir, int count, void *ptr)
1910 {
1911 int i;
1912 u32 reqid = *(u32*)ptr;
1913
1914 for (i=0; i<xp->xfrm_nr; i++) {
1915 if (xp->xfrm_vec[i].reqid == reqid)
1916 return -EEXIST;
1917 }
1918 return 0;
1919 }
1920
1921 static u32 gen_reqid(struct net *net)
1922 {
1923 struct xfrm_policy_walk walk;
1924 u32 start;
1925 int rc;
1926 static u32 reqid = IPSEC_MANUAL_REQID_MAX;
1927
1928 start = reqid;
1929 do {
1930 ++reqid;
1931 if (reqid == 0)
1932 reqid = IPSEC_MANUAL_REQID_MAX+1;
1933 xfrm_policy_walk_init(&walk, XFRM_POLICY_TYPE_MAIN);
1934 rc = xfrm_policy_walk(net, &walk, check_reqid, (void*)&reqid);
1935 xfrm_policy_walk_done(&walk, net);
1936 if (rc != -EEXIST)
1937 return reqid;
1938 } while (reqid != start);
1939 return 0;
1940 }
1941
1942 static int
1943 parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
1944 {
1945 struct net *net = xp_net(xp);
1946 struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr;
1947 int mode;
1948
1949 if (xp->xfrm_nr >= XFRM_MAX_DEPTH)
1950 return -ELOOP;
1951
1952 if (rq->sadb_x_ipsecrequest_mode == 0)
1953 return -EINVAL;
1954 if (!xfrm_id_proto_valid(rq->sadb_x_ipsecrequest_proto))
1955 return -EINVAL;
1956
1957 t->id.proto = rq->sadb_x_ipsecrequest_proto;
1958 if ((mode = pfkey_mode_to_xfrm(rq->sadb_x_ipsecrequest_mode)) < 0)
1959 return -EINVAL;
1960 t->mode = mode;
1961 if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_USE)
1962 t->optional = 1;
1963 else if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_UNIQUE) {
1964 t->reqid = rq->sadb_x_ipsecrequest_reqid;
1965 if (t->reqid > IPSEC_MANUAL_REQID_MAX)
1966 t->reqid = 0;
1967 if (!t->reqid && !(t->reqid = gen_reqid(net)))
1968 return -ENOBUFS;
1969 }
1970
1971
1972 if (t->mode == XFRM_MODE_TUNNEL) {
1973 int err;
1974
1975 err = parse_sockaddr_pair(
1976 (struct sockaddr *)(rq + 1),
1977 rq->sadb_x_ipsecrequest_len - sizeof(*rq),
1978 &t->saddr, &t->id.daddr, &t->encap_family);
1979 if (err)
1980 return err;
1981 } else
1982 t->encap_family = xp->family;
1983
1984
1985 t->allalgs = 1;
1986 xp->xfrm_nr++;
1987 return 0;
1988 }
1989
1990 static int
1991 parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol)
1992 {
1993 int err;
1994 int len = pol->sadb_x_policy_len*8 - sizeof(struct sadb_x_policy);
1995 struct sadb_x_ipsecrequest *rq = (void*)(pol+1);
1996
1997 if (pol->sadb_x_policy_len * 8 < sizeof(struct sadb_x_policy))
1998 return -EINVAL;
1999
2000 while (len >= sizeof(*rq)) {
2001 if (len < rq->sadb_x_ipsecrequest_len ||
2002 rq->sadb_x_ipsecrequest_len < sizeof(*rq))
2003 return -EINVAL;
2004
2005 if ((err = parse_ipsecrequest(xp, rq)) < 0)
2006 return err;
2007 len -= rq->sadb_x_ipsecrequest_len;
2008 rq = (void*)((u8*)rq + rq->sadb_x_ipsecrequest_len);
2009 }
2010 return 0;
2011 }
2012
2013 static inline int pfkey_xfrm_policy2sec_ctx_size(const struct xfrm_policy *xp)
2014 {
2015 struct xfrm_sec_ctx *xfrm_ctx = xp->security;
2016
2017 if (xfrm_ctx) {
2018 int len = sizeof(struct sadb_x_sec_ctx);
2019 len += xfrm_ctx->ctx_len;
2020 return PFKEY_ALIGN8(len);
2021 }
2022 return 0;
2023 }
2024
2025 static int pfkey_xfrm_policy2msg_size(const struct xfrm_policy *xp)
2026 {
2027 const struct xfrm_tmpl *t;
2028 int sockaddr_size = pfkey_sockaddr_size(xp->family);
2029 int socklen = 0;
2030 int i;
2031
2032 for (i=0; i<xp->xfrm_nr; i++) {
2033 t = xp->xfrm_vec + i;
2034 socklen += pfkey_sockaddr_len(t->encap_family);
2035 }
2036
2037 return sizeof(struct sadb_msg) +
2038 (sizeof(struct sadb_lifetime) * 3) +
2039 (sizeof(struct sadb_address) * 2) +
2040 (sockaddr_size * 2) +
2041 sizeof(struct sadb_x_policy) +
2042 (xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) +
2043 (socklen * 2) +
2044 pfkey_xfrm_policy2sec_ctx_size(xp);
2045 }
2046
2047 static struct sk_buff * pfkey_xfrm_policy2msg_prep(const struct xfrm_policy *xp)
2048 {
2049 struct sk_buff *skb;
2050 int size;
2051
2052 size = pfkey_xfrm_policy2msg_size(xp);
2053
2054 skb = alloc_skb(size + 16, GFP_ATOMIC);
2055 if (skb == NULL)
2056 return ERR_PTR(-ENOBUFS);
2057
2058 return skb;
2059 }
2060
2061 static int pfkey_xfrm_policy2msg(struct sk_buff *skb, const struct xfrm_policy *xp, int dir)
2062 {
2063 struct sadb_msg *hdr;
2064 struct sadb_address *addr;
2065 struct sadb_lifetime *lifetime;
2066 struct sadb_x_policy *pol;
2067 struct sadb_x_sec_ctx *sec_ctx;
2068 struct xfrm_sec_ctx *xfrm_ctx;
2069 int i;
2070 int size;
2071 int sockaddr_size = pfkey_sockaddr_size(xp->family);
2072 int socklen = pfkey_sockaddr_len(xp->family);
2073
2074 size = pfkey_xfrm_policy2msg_size(xp);
2075
2076
2077 hdr = skb_put(skb, sizeof(struct sadb_msg));
2078 memset(hdr, 0, size);
2079
2080
2081 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
2082 addr->sadb_address_len =
2083 (sizeof(struct sadb_address)+sockaddr_size)/
2084 sizeof(uint64_t);
2085 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
2086 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2087 addr->sadb_address_prefixlen = xp->selector.prefixlen_s;
2088 addr->sadb_address_reserved = 0;
2089 if (!pfkey_sockaddr_fill(&xp->selector.saddr,
2090 xp->selector.sport,
2091 (struct sockaddr *) (addr + 1),
2092 xp->family))
2093 BUG();
2094
2095
2096 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
2097 addr->sadb_address_len =
2098 (sizeof(struct sadb_address)+sockaddr_size)/
2099 sizeof(uint64_t);
2100 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
2101 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2102 addr->sadb_address_prefixlen = xp->selector.prefixlen_d;
2103 addr->sadb_address_reserved = 0;
2104
2105 pfkey_sockaddr_fill(&xp->selector.daddr, xp->selector.dport,
2106 (struct sockaddr *) (addr + 1),
2107 xp->family);
2108
2109
2110 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
2111 lifetime->sadb_lifetime_len =
2112 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2113 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2114 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.hard_packet_limit);
2115 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.hard_byte_limit);
2116 lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds;
2117 lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds;
2118
2119 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
2120 lifetime->sadb_lifetime_len =
2121 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2122 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
2123 lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.soft_packet_limit);
2124 lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.soft_byte_limit);
2125 lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds;
2126 lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds;
2127
2128 lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
2129 lifetime->sadb_lifetime_len =
2130 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
2131 lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2132 lifetime->sadb_lifetime_allocations = xp->curlft.packets;
2133 lifetime->sadb_lifetime_bytes = xp->curlft.bytes;
2134 lifetime->sadb_lifetime_addtime = xp->curlft.add_time;
2135 lifetime->sadb_lifetime_usetime = xp->curlft.use_time;
2136
2137 pol = skb_put(skb, sizeof(struct sadb_x_policy));
2138 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
2139 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
2140 pol->sadb_x_policy_type = IPSEC_POLICY_DISCARD;
2141 if (xp->action == XFRM_POLICY_ALLOW) {
2142 if (xp->xfrm_nr)
2143 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
2144 else
2145 pol->sadb_x_policy_type = IPSEC_POLICY_NONE;
2146 }
2147 pol->sadb_x_policy_dir = dir+1;
2148 pol->sadb_x_policy_reserved = 0;
2149 pol->sadb_x_policy_id = xp->index;
2150 pol->sadb_x_policy_priority = xp->priority;
2151
2152 for (i=0; i<xp->xfrm_nr; i++) {
2153 const struct xfrm_tmpl *t = xp->xfrm_vec + i;
2154 struct sadb_x_ipsecrequest *rq;
2155 int req_size;
2156 int mode;
2157
2158 req_size = sizeof(struct sadb_x_ipsecrequest);
2159 if (t->mode == XFRM_MODE_TUNNEL) {
2160 socklen = pfkey_sockaddr_len(t->encap_family);
2161 req_size += socklen * 2;
2162 } else {
2163 size -= 2*socklen;
2164 }
2165 rq = skb_put(skb, req_size);
2166 pol->sadb_x_policy_len += req_size/8;
2167 memset(rq, 0, sizeof(*rq));
2168 rq->sadb_x_ipsecrequest_len = req_size;
2169 rq->sadb_x_ipsecrequest_proto = t->id.proto;
2170 if ((mode = pfkey_mode_from_xfrm(t->mode)) < 0)
2171 return -EINVAL;
2172 rq->sadb_x_ipsecrequest_mode = mode;
2173 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE;
2174 if (t->reqid)
2175 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
2176 if (t->optional)
2177 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_USE;
2178 rq->sadb_x_ipsecrequest_reqid = t->reqid;
2179
2180 if (t->mode == XFRM_MODE_TUNNEL) {
2181 u8 *sa = (void *)(rq + 1);
2182 pfkey_sockaddr_fill(&t->saddr, 0,
2183 (struct sockaddr *)sa,
2184 t->encap_family);
2185 pfkey_sockaddr_fill(&t->id.daddr, 0,
2186 (struct sockaddr *) (sa + socklen),
2187 t->encap_family);
2188 }
2189 }
2190
2191
2192 if ((xfrm_ctx = xp->security)) {
2193 int ctx_size = pfkey_xfrm_policy2sec_ctx_size(xp);
2194
2195 sec_ctx = skb_put(skb, ctx_size);
2196 sec_ctx->sadb_x_sec_len = ctx_size / sizeof(uint64_t);
2197 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
2198 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
2199 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
2200 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
2201 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
2202 xfrm_ctx->ctx_len);
2203 }
2204
2205 hdr->sadb_msg_len = size / sizeof(uint64_t);
2206 hdr->sadb_msg_reserved = refcount_read(&xp->refcnt);
2207
2208 return 0;
2209 }
2210
2211 static int key_notify_policy(struct xfrm_policy *xp, int dir, const struct km_event *c)
2212 {
2213 struct sk_buff *out_skb;
2214 struct sadb_msg *out_hdr;
2215 int err;
2216
2217 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2218 if (IS_ERR(out_skb))
2219 return PTR_ERR(out_skb);
2220
2221 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2222 if (err < 0) {
2223 kfree_skb(out_skb);
2224 return err;
2225 }
2226
2227 out_hdr = (struct sadb_msg *) out_skb->data;
2228 out_hdr->sadb_msg_version = PF_KEY_V2;
2229
2230 if (c->data.byid && c->event == XFRM_MSG_DELPOLICY)
2231 out_hdr->sadb_msg_type = SADB_X_SPDDELETE2;
2232 else
2233 out_hdr->sadb_msg_type = event2poltype(c->event);
2234 out_hdr->sadb_msg_errno = 0;
2235 out_hdr->sadb_msg_seq = c->seq;
2236 out_hdr->sadb_msg_pid = c->portid;
2237 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp));
2238 return 0;
2239
2240 }
2241
2242 static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2243 {
2244 struct net *net = sock_net(sk);
2245 int err = 0;
2246 struct sadb_lifetime *lifetime;
2247 struct sadb_address *sa;
2248 struct sadb_x_policy *pol;
2249 struct xfrm_policy *xp;
2250 struct km_event c;
2251 struct sadb_x_sec_ctx *sec_ctx;
2252
2253 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2254 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
2255 !ext_hdrs[SADB_X_EXT_POLICY-1])
2256 return -EINVAL;
2257
2258 pol = ext_hdrs[SADB_X_EXT_POLICY-1];
2259 if (pol->sadb_x_policy_type > IPSEC_POLICY_IPSEC)
2260 return -EINVAL;
2261 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2262 return -EINVAL;
2263
2264 xp = xfrm_policy_alloc(net, GFP_KERNEL);
2265 if (xp == NULL)
2266 return -ENOBUFS;
2267
2268 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
2269 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
2270 xp->priority = pol->sadb_x_policy_priority;
2271
2272 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
2273 xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
2274 xp->selector.family = xp->family;
2275 xp->selector.prefixlen_s = sa->sadb_address_prefixlen;
2276 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2277 xp->selector.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2278 if (xp->selector.sport)
2279 xp->selector.sport_mask = htons(0xffff);
2280
2281 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
2282 pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr);
2283 xp->selector.prefixlen_d = sa->sadb_address_prefixlen;
2284
2285
2286
2287
2288 xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2289
2290 xp->selector.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2291 if (xp->selector.dport)
2292 xp->selector.dport_mask = htons(0xffff);
2293
2294 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
2295 if (sec_ctx != NULL) {
2296 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
2297
2298 if (!uctx) {
2299 err = -ENOBUFS;
2300 goto out;
2301 }
2302
2303 err = security_xfrm_policy_alloc(&xp->security, uctx, GFP_KERNEL);
2304 kfree(uctx);
2305
2306 if (err)
2307 goto out;
2308 }
2309
2310 xp->lft.soft_byte_limit = XFRM_INF;
2311 xp->lft.hard_byte_limit = XFRM_INF;
2312 xp->lft.soft_packet_limit = XFRM_INF;
2313 xp->lft.hard_packet_limit = XFRM_INF;
2314 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD-1]) != NULL) {
2315 xp->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2316 xp->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2317 xp->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2318 xp->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2319 }
2320 if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]) != NULL) {
2321 xp->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
2322 xp->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
2323 xp->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
2324 xp->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
2325 }
2326 xp->xfrm_nr = 0;
2327 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
2328 (err = parse_ipsecrequests(xp, pol)) < 0)
2329 goto out;
2330
2331 err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp,
2332 hdr->sadb_msg_type != SADB_X_SPDUPDATE);
2333
2334 xfrm_audit_policy_add(xp, err ? 0 : 1, true);
2335
2336 if (err)
2337 goto out;
2338
2339 if (hdr->sadb_msg_type == SADB_X_SPDUPDATE)
2340 c.event = XFRM_MSG_UPDPOLICY;
2341 else
2342 c.event = XFRM_MSG_NEWPOLICY;
2343
2344 c.seq = hdr->sadb_msg_seq;
2345 c.portid = hdr->sadb_msg_pid;
2346
2347 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2348 xfrm_pol_put(xp);
2349 return 0;
2350
2351 out:
2352 xp->walk.dead = 1;
2353 xfrm_policy_destroy(xp);
2354 return err;
2355 }
2356
2357 static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2358 {
2359 struct net *net = sock_net(sk);
2360 int err;
2361 struct sadb_address *sa;
2362 struct sadb_x_policy *pol;
2363 struct xfrm_policy *xp;
2364 struct xfrm_selector sel;
2365 struct km_event c;
2366 struct sadb_x_sec_ctx *sec_ctx;
2367 struct xfrm_sec_ctx *pol_ctx = NULL;
2368
2369 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2370 ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
2371 !ext_hdrs[SADB_X_EXT_POLICY-1])
2372 return -EINVAL;
2373
2374 pol = ext_hdrs[SADB_X_EXT_POLICY-1];
2375 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2376 return -EINVAL;
2377
2378 memset(&sel, 0, sizeof(sel));
2379
2380 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
2381 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2382 sel.prefixlen_s = sa->sadb_address_prefixlen;
2383 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2384 sel.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
2385 if (sel.sport)
2386 sel.sport_mask = htons(0xffff);
2387
2388 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
2389 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2390 sel.prefixlen_d = sa->sadb_address_prefixlen;
2391 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2392 sel.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
2393 if (sel.dport)
2394 sel.dport_mask = htons(0xffff);
2395
2396 sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
2397 if (sec_ctx != NULL) {
2398 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
2399
2400 if (!uctx)
2401 return -ENOMEM;
2402
2403 err = security_xfrm_policy_alloc(&pol_ctx, uctx, GFP_KERNEL);
2404 kfree(uctx);
2405 if (err)
2406 return err;
2407 }
2408
2409 xp = xfrm_policy_bysel_ctx(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN,
2410 pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
2411 1, &err);
2412 security_xfrm_policy_free(pol_ctx);
2413 if (xp == NULL)
2414 return -ENOENT;
2415
2416 xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
2417
2418 if (err)
2419 goto out;
2420
2421 c.seq = hdr->sadb_msg_seq;
2422 c.portid = hdr->sadb_msg_pid;
2423 c.data.byid = 0;
2424 c.event = XFRM_MSG_DELPOLICY;
2425 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2426
2427 out:
2428 xfrm_pol_put(xp);
2429 return err;
2430 }
2431
2432 static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, const struct sadb_msg *hdr, int dir)
2433 {
2434 int err;
2435 struct sk_buff *out_skb;
2436 struct sadb_msg *out_hdr;
2437 err = 0;
2438
2439 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2440 if (IS_ERR(out_skb)) {
2441 err = PTR_ERR(out_skb);
2442 goto out;
2443 }
2444 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2445 if (err < 0) {
2446 kfree_skb(out_skb);
2447 goto out;
2448 }
2449
2450 out_hdr = (struct sadb_msg *) out_skb->data;
2451 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
2452 out_hdr->sadb_msg_type = hdr->sadb_msg_type;
2453 out_hdr->sadb_msg_satype = 0;
2454 out_hdr->sadb_msg_errno = 0;
2455 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
2456 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
2457 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, xp_net(xp));
2458 err = 0;
2459
2460 out:
2461 return err;
2462 }
2463
2464 static int pfkey_sockaddr_pair_size(sa_family_t family)
2465 {
2466 return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2);
2467 }
2468
2469 static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
2470 xfrm_address_t *saddr, xfrm_address_t *daddr,
2471 u16 *family)
2472 {
2473 int af, socklen;
2474
2475 if (ext_len < 2 || ext_len < pfkey_sockaddr_pair_size(sa->sa_family))
2476 return -EINVAL;
2477
2478 af = pfkey_sockaddr_extract(sa, saddr);
2479 if (!af)
2480 return -EINVAL;
2481
2482 socklen = pfkey_sockaddr_len(af);
2483 if (pfkey_sockaddr_extract((struct sockaddr *) (((u8 *)sa) + socklen),
2484 daddr) != af)
2485 return -EINVAL;
2486
2487 *family = af;
2488 return 0;
2489 }
2490
2491 #ifdef CONFIG_NET_KEY_MIGRATE
2492 static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
2493 struct xfrm_migrate *m)
2494 {
2495 int err;
2496 struct sadb_x_ipsecrequest *rq2;
2497 int mode;
2498
2499 if (len < sizeof(*rq1) ||
2500 len < rq1->sadb_x_ipsecrequest_len ||
2501 rq1->sadb_x_ipsecrequest_len < sizeof(*rq1))
2502 return -EINVAL;
2503
2504
2505 err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1),
2506 rq1->sadb_x_ipsecrequest_len - sizeof(*rq1),
2507 &m->old_saddr, &m->old_daddr,
2508 &m->old_family);
2509 if (err)
2510 return err;
2511
2512 rq2 = (struct sadb_x_ipsecrequest *)((u8 *)rq1 + rq1->sadb_x_ipsecrequest_len);
2513 len -= rq1->sadb_x_ipsecrequest_len;
2514
2515 if (len <= sizeof(*rq2) ||
2516 len < rq2->sadb_x_ipsecrequest_len ||
2517 rq2->sadb_x_ipsecrequest_len < sizeof(*rq2))
2518 return -EINVAL;
2519
2520
2521 err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1),
2522 rq2->sadb_x_ipsecrequest_len - sizeof(*rq2),
2523 &m->new_saddr, &m->new_daddr,
2524 &m->new_family);
2525 if (err)
2526 return err;
2527
2528 if (rq1->sadb_x_ipsecrequest_proto != rq2->sadb_x_ipsecrequest_proto ||
2529 rq1->sadb_x_ipsecrequest_mode != rq2->sadb_x_ipsecrequest_mode ||
2530 rq1->sadb_x_ipsecrequest_reqid != rq2->sadb_x_ipsecrequest_reqid)
2531 return -EINVAL;
2532
2533 m->proto = rq1->sadb_x_ipsecrequest_proto;
2534 if ((mode = pfkey_mode_to_xfrm(rq1->sadb_x_ipsecrequest_mode)) < 0)
2535 return -EINVAL;
2536 m->mode = mode;
2537 m->reqid = rq1->sadb_x_ipsecrequest_reqid;
2538
2539 return ((int)(rq1->sadb_x_ipsecrequest_len +
2540 rq2->sadb_x_ipsecrequest_len));
2541 }
2542
2543 static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2544 const struct sadb_msg *hdr, void * const *ext_hdrs)
2545 {
2546 int i, len, ret, err = -EINVAL;
2547 u8 dir;
2548 struct sadb_address *sa;
2549 struct sadb_x_kmaddress *kma;
2550 struct sadb_x_policy *pol;
2551 struct sadb_x_ipsecrequest *rq;
2552 struct xfrm_selector sel;
2553 struct xfrm_migrate m[XFRM_MAX_DEPTH];
2554 struct xfrm_kmaddress k;
2555 struct net *net = sock_net(sk);
2556
2557 if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1],
2558 ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) ||
2559 !ext_hdrs[SADB_X_EXT_POLICY - 1]) {
2560 err = -EINVAL;
2561 goto out;
2562 }
2563
2564 kma = ext_hdrs[SADB_X_EXT_KMADDRESS - 1];
2565 pol = ext_hdrs[SADB_X_EXT_POLICY - 1];
2566
2567 if (pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) {
2568 err = -EINVAL;
2569 goto out;
2570 }
2571
2572 if (kma) {
2573
2574 k.reserved = kma->sadb_x_kmaddress_reserved;
2575 ret = parse_sockaddr_pair((struct sockaddr *)(kma + 1),
2576 8*(kma->sadb_x_kmaddress_len) - sizeof(*kma),
2577 &k.local, &k.remote, &k.family);
2578 if (ret < 0) {
2579 err = ret;
2580 goto out;
2581 }
2582 }
2583
2584 dir = pol->sadb_x_policy_dir - 1;
2585 memset(&sel, 0, sizeof(sel));
2586
2587
2588 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC - 1];
2589 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2590 sel.prefixlen_s = sa->sadb_address_prefixlen;
2591 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2592 sel.sport = ((struct sockaddr_in *)(sa + 1))->sin_port;
2593 if (sel.sport)
2594 sel.sport_mask = htons(0xffff);
2595
2596
2597 sa = ext_hdrs[SADB_EXT_ADDRESS_DST - 1];
2598 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2599 sel.prefixlen_d = sa->sadb_address_prefixlen;
2600 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
2601 sel.dport = ((struct sockaddr_in *)(sa + 1))->sin_port;
2602 if (sel.dport)
2603 sel.dport_mask = htons(0xffff);
2604
2605 rq = (struct sadb_x_ipsecrequest *)(pol + 1);
2606
2607
2608 i = 0;
2609 len = pol->sadb_x_policy_len * 8 - sizeof(struct sadb_x_policy);
2610
2611 while (len > 0 && i < XFRM_MAX_DEPTH) {
2612 ret = ipsecrequests_to_migrate(rq, len, &m[i]);
2613 if (ret < 0) {
2614 err = ret;
2615 goto out;
2616 } else {
2617 rq = (struct sadb_x_ipsecrequest *)((u8 *)rq + ret);
2618 len -= ret;
2619 i++;
2620 }
2621 }
2622
2623 if (!i || len > 0) {
2624 err = -EINVAL;
2625 goto out;
2626 }
2627
2628 return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,
2629 kma ? &k : NULL, net, NULL, 0);
2630
2631 out:
2632 return err;
2633 }
2634 #else
2635 static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2636 const struct sadb_msg *hdr, void * const *ext_hdrs)
2637 {
2638 return -ENOPROTOOPT;
2639 }
2640 #endif
2641
2642
2643 static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2644 {
2645 struct net *net = sock_net(sk);
2646 unsigned int dir;
2647 int err = 0, delete;
2648 struct sadb_x_policy *pol;
2649 struct xfrm_policy *xp;
2650 struct km_event c;
2651
2652 if ((pol = ext_hdrs[SADB_X_EXT_POLICY-1]) == NULL)
2653 return -EINVAL;
2654
2655 dir = xfrm_policy_id2dir(pol->sadb_x_policy_id);
2656 if (dir >= XFRM_POLICY_MAX)
2657 return -EINVAL;
2658
2659 delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
2660 xp = xfrm_policy_byid(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN,
2661 dir, pol->sadb_x_policy_id, delete, &err);
2662 if (xp == NULL)
2663 return -ENOENT;
2664
2665 if (delete) {
2666 xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
2667
2668 if (err)
2669 goto out;
2670 c.seq = hdr->sadb_msg_seq;
2671 c.portid = hdr->sadb_msg_pid;
2672 c.data.byid = 1;
2673 c.event = XFRM_MSG_DELPOLICY;
2674 km_policy_notify(xp, dir, &c);
2675 } else {
2676 err = key_pol_get_resp(sk, xp, hdr, dir);
2677 }
2678
2679 out:
2680 xfrm_pol_put(xp);
2681 return err;
2682 }
2683
2684 static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr)
2685 {
2686 struct pfkey_sock *pfk = ptr;
2687 struct sk_buff *out_skb;
2688 struct sadb_msg *out_hdr;
2689 int err;
2690
2691 if (!pfkey_can_dump(&pfk->sk))
2692 return -ENOBUFS;
2693
2694 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2695 if (IS_ERR(out_skb))
2696 return PTR_ERR(out_skb);
2697
2698 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2699 if (err < 0) {
2700 kfree_skb(out_skb);
2701 return err;
2702 }
2703
2704 out_hdr = (struct sadb_msg *) out_skb->data;
2705 out_hdr->sadb_msg_version = pfk->dump.msg_version;
2706 out_hdr->sadb_msg_type = SADB_X_SPDDUMP;
2707 out_hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
2708 out_hdr->sadb_msg_errno = 0;
2709 out_hdr->sadb_msg_seq = count + 1;
2710 out_hdr->sadb_msg_pid = pfk->dump.msg_portid;
2711
2712 if (pfk->dump.skb)
2713 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
2714 &pfk->sk, sock_net(&pfk->sk));
2715 pfk->dump.skb = out_skb;
2716
2717 return 0;
2718 }
2719
2720 static int pfkey_dump_sp(struct pfkey_sock *pfk)
2721 {
2722 struct net *net = sock_net(&pfk->sk);
2723 return xfrm_policy_walk(net, &pfk->dump.u.policy, dump_sp, (void *) pfk);
2724 }
2725
2726 static void pfkey_dump_sp_done(struct pfkey_sock *pfk)
2727 {
2728 struct net *net = sock_net((struct sock *)pfk);
2729
2730 xfrm_policy_walk_done(&pfk->dump.u.policy, net);
2731 }
2732
2733 static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2734 {
2735 struct pfkey_sock *pfk = pfkey_sk(sk);
2736
2737 mutex_lock(&pfk->dump_lock);
2738 if (pfk->dump.dump != NULL) {
2739 mutex_unlock(&pfk->dump_lock);
2740 return -EBUSY;
2741 }
2742
2743 pfk->dump.msg_version = hdr->sadb_msg_version;
2744 pfk->dump.msg_portid = hdr->sadb_msg_pid;
2745 pfk->dump.dump = pfkey_dump_sp;
2746 pfk->dump.done = pfkey_dump_sp_done;
2747 xfrm_policy_walk_init(&pfk->dump.u.policy, XFRM_POLICY_TYPE_MAIN);
2748 mutex_unlock(&pfk->dump_lock);
2749
2750 return pfkey_do_dump(pfk);
2751 }
2752
2753 static int key_notify_policy_flush(const struct km_event *c)
2754 {
2755 struct sk_buff *skb_out;
2756 struct sadb_msg *hdr;
2757
2758 skb_out = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
2759 if (!skb_out)
2760 return -ENOBUFS;
2761 hdr = skb_put(skb_out, sizeof(struct sadb_msg));
2762 hdr->sadb_msg_type = SADB_X_SPDFLUSH;
2763 hdr->sadb_msg_seq = c->seq;
2764 hdr->sadb_msg_pid = c->portid;
2765 hdr->sadb_msg_version = PF_KEY_V2;
2766 hdr->sadb_msg_errno = (uint8_t) 0;
2767 hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
2768 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
2769 hdr->sadb_msg_reserved = 0;
2770 pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
2771 return 0;
2772
2773 }
2774
2775 static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2776 {
2777 struct net *net = sock_net(sk);
2778 struct km_event c;
2779 int err, err2;
2780
2781 err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, true);
2782 err2 = unicast_flush_resp(sk, hdr);
2783 if (err || err2) {
2784 if (err == -ESRCH)
2785 return 0;
2786 return err;
2787 }
2788
2789 c.data.type = XFRM_POLICY_TYPE_MAIN;
2790 c.event = XFRM_MSG_FLUSHPOLICY;
2791 c.portid = hdr->sadb_msg_pid;
2792 c.seq = hdr->sadb_msg_seq;
2793 c.net = net;
2794 km_policy_notify(NULL, 0, &c);
2795
2796 return 0;
2797 }
2798
2799 typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb,
2800 const struct sadb_msg *hdr, void * const *ext_hdrs);
2801 static const pfkey_handler pfkey_funcs[SADB_MAX + 1] = {
2802 [SADB_RESERVED] = pfkey_reserved,
2803 [SADB_GETSPI] = pfkey_getspi,
2804 [SADB_UPDATE] = pfkey_add,
2805 [SADB_ADD] = pfkey_add,
2806 [SADB_DELETE] = pfkey_delete,
2807 [SADB_GET] = pfkey_get,
2808 [SADB_ACQUIRE] = pfkey_acquire,
2809 [SADB_REGISTER] = pfkey_register,
2810 [SADB_EXPIRE] = NULL,
2811 [SADB_FLUSH] = pfkey_flush,
2812 [SADB_DUMP] = pfkey_dump,
2813 [SADB_X_PROMISC] = pfkey_promisc,
2814 [SADB_X_PCHANGE] = NULL,
2815 [SADB_X_SPDUPDATE] = pfkey_spdadd,
2816 [SADB_X_SPDADD] = pfkey_spdadd,
2817 [SADB_X_SPDDELETE] = pfkey_spddelete,
2818 [SADB_X_SPDGET] = pfkey_spdget,
2819 [SADB_X_SPDACQUIRE] = NULL,
2820 [SADB_X_SPDDUMP] = pfkey_spddump,
2821 [SADB_X_SPDFLUSH] = pfkey_spdflush,
2822 [SADB_X_SPDSETIDX] = pfkey_spdadd,
2823 [SADB_X_SPDDELETE2] = pfkey_spdget,
2824 [SADB_X_MIGRATE] = pfkey_migrate,
2825 };
2826
2827 static int pfkey_process(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr)
2828 {
2829 void *ext_hdrs[SADB_EXT_MAX];
2830 int err;
2831
2832
2833
2834
2835
2836 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL,
2837 BROADCAST_PROMISC_ONLY, NULL, sock_net(sk));
2838
2839 memset(ext_hdrs, 0, sizeof(ext_hdrs));
2840 err = parse_exthdrs(skb, hdr, ext_hdrs);
2841 if (!err) {
2842 err = -EOPNOTSUPP;
2843 if (pfkey_funcs[hdr->sadb_msg_type])
2844 err = pfkey_funcs[hdr->sadb_msg_type](sk, skb, hdr, ext_hdrs);
2845 }
2846 return err;
2847 }
2848
2849 static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp)
2850 {
2851 struct sadb_msg *hdr = NULL;
2852
2853 if (skb->len < sizeof(*hdr)) {
2854 *errp = -EMSGSIZE;
2855 } else {
2856 hdr = (struct sadb_msg *) skb->data;
2857 if (hdr->sadb_msg_version != PF_KEY_V2 ||
2858 hdr->sadb_msg_reserved != 0 ||
2859 (hdr->sadb_msg_type <= SADB_RESERVED ||
2860 hdr->sadb_msg_type > SADB_MAX)) {
2861 hdr = NULL;
2862 *errp = -EINVAL;
2863 } else if (hdr->sadb_msg_len != (skb->len /
2864 sizeof(uint64_t)) ||
2865 hdr->sadb_msg_len < (sizeof(struct sadb_msg) /
2866 sizeof(uint64_t))) {
2867 hdr = NULL;
2868 *errp = -EMSGSIZE;
2869 } else {
2870 *errp = 0;
2871 }
2872 }
2873 return hdr;
2874 }
2875
2876 static inline int aalg_tmpl_set(const struct xfrm_tmpl *t,
2877 const struct xfrm_algo_desc *d)
2878 {
2879 unsigned int id = d->desc.sadb_alg_id;
2880
2881 if (id >= sizeof(t->aalgos) * 8)
2882 return 0;
2883
2884 return (t->aalgos >> id) & 1;
2885 }
2886
2887 static inline int ealg_tmpl_set(const struct xfrm_tmpl *t,
2888 const struct xfrm_algo_desc *d)
2889 {
2890 unsigned int id = d->desc.sadb_alg_id;
2891
2892 if (id >= sizeof(t->ealgos) * 8)
2893 return 0;
2894
2895 return (t->ealgos >> id) & 1;
2896 }
2897
2898 static int count_ah_combs(const struct xfrm_tmpl *t)
2899 {
2900 int i, sz = 0;
2901
2902 for (i = 0; ; i++) {
2903 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2904 if (!aalg)
2905 break;
2906 if (!aalg->pfkey_supported)
2907 continue;
2908 if (aalg_tmpl_set(t, aalg) && aalg->available)
2909 sz += sizeof(struct sadb_comb);
2910 }
2911 return sz + sizeof(struct sadb_prop);
2912 }
2913
2914 static int count_esp_combs(const struct xfrm_tmpl *t)
2915 {
2916 int i, k, sz = 0;
2917
2918 for (i = 0; ; i++) {
2919 const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2920 if (!ealg)
2921 break;
2922
2923 if (!ealg->pfkey_supported)
2924 continue;
2925
2926 if (!(ealg_tmpl_set(t, ealg) && ealg->available))
2927 continue;
2928
2929 for (k = 1; ; k++) {
2930 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
2931 if (!aalg)
2932 break;
2933
2934 if (!aalg->pfkey_supported)
2935 continue;
2936
2937 if (aalg_tmpl_set(t, aalg) && aalg->available)
2938 sz += sizeof(struct sadb_comb);
2939 }
2940 }
2941 return sz + sizeof(struct sadb_prop);
2942 }
2943
2944 static void dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
2945 {
2946 struct sadb_prop *p;
2947 int i;
2948
2949 p = skb_put(skb, sizeof(struct sadb_prop));
2950 p->sadb_prop_len = sizeof(struct sadb_prop)/8;
2951 p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
2952 p->sadb_prop_replay = 32;
2953 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2954
2955 for (i = 0; ; i++) {
2956 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2957 if (!aalg)
2958 break;
2959
2960 if (!aalg->pfkey_supported)
2961 continue;
2962
2963 if (aalg_tmpl_set(t, aalg) && aalg->available) {
2964 struct sadb_comb *c;
2965 c = skb_put_zero(skb, sizeof(struct sadb_comb));
2966 p->sadb_prop_len += sizeof(struct sadb_comb)/8;
2967 c->sadb_comb_auth = aalg->desc.sadb_alg_id;
2968 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
2969 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
2970 c->sadb_comb_hard_addtime = 24*60*60;
2971 c->sadb_comb_soft_addtime = 20*60*60;
2972 c->sadb_comb_hard_usetime = 8*60*60;
2973 c->sadb_comb_soft_usetime = 7*60*60;
2974 }
2975 }
2976 }
2977
2978 static void dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
2979 {
2980 struct sadb_prop *p;
2981 int i, k;
2982
2983 p = skb_put(skb, sizeof(struct sadb_prop));
2984 p->sadb_prop_len = sizeof(struct sadb_prop)/8;
2985 p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
2986 p->sadb_prop_replay = 32;
2987 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2988
2989 for (i=0; ; i++) {
2990 const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2991 if (!ealg)
2992 break;
2993
2994 if (!ealg->pfkey_supported)
2995 continue;
2996
2997 if (!(ealg_tmpl_set(t, ealg) && ealg->available))
2998 continue;
2999
3000 for (k = 1; ; k++) {
3001 struct sadb_comb *c;
3002 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
3003 if (!aalg)
3004 break;
3005 if (!aalg->pfkey_supported)
3006 continue;
3007 if (!(aalg_tmpl_set(t, aalg) && aalg->available))
3008 continue;
3009 c = skb_put(skb, sizeof(struct sadb_comb));
3010 memset(c, 0, sizeof(*c));
3011 p->sadb_prop_len += sizeof(struct sadb_comb)/8;
3012 c->sadb_comb_auth = aalg->desc.sadb_alg_id;
3013 c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
3014 c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
3015 c->sadb_comb_encrypt = ealg->desc.sadb_alg_id;
3016 c->sadb_comb_encrypt_minbits = ealg->desc.sadb_alg_minbits;
3017 c->sadb_comb_encrypt_maxbits = ealg->desc.sadb_alg_maxbits;
3018 c->sadb_comb_hard_addtime = 24*60*60;
3019 c->sadb_comb_soft_addtime = 20*60*60;
3020 c->sadb_comb_hard_usetime = 8*60*60;
3021 c->sadb_comb_soft_usetime = 7*60*60;
3022 }
3023 }
3024 }
3025
3026 static int key_notify_policy_expire(struct xfrm_policy *xp, const struct km_event *c)
3027 {
3028 return 0;
3029 }
3030
3031 static int key_notify_sa_expire(struct xfrm_state *x, const struct km_event *c)
3032 {
3033 struct sk_buff *out_skb;
3034 struct sadb_msg *out_hdr;
3035 int hard;
3036 int hsc;
3037
3038 hard = c->data.hard;
3039 if (hard)
3040 hsc = 2;
3041 else
3042 hsc = 1;
3043
3044 out_skb = pfkey_xfrm_state2msg_expire(x, hsc);
3045 if (IS_ERR(out_skb))
3046 return PTR_ERR(out_skb);
3047
3048 out_hdr = (struct sadb_msg *) out_skb->data;
3049 out_hdr->sadb_msg_version = PF_KEY_V2;
3050 out_hdr->sadb_msg_type = SADB_EXPIRE;
3051 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
3052 out_hdr->sadb_msg_errno = 0;
3053 out_hdr->sadb_msg_reserved = 0;
3054 out_hdr->sadb_msg_seq = 0;
3055 out_hdr->sadb_msg_pid = 0;
3056
3057 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3058 xs_net(x));
3059 return 0;
3060 }
3061
3062 static int pfkey_send_notify(struct xfrm_state *x, const struct km_event *c)
3063 {
3064 struct net *net = x ? xs_net(x) : c->net;
3065 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3066
3067 if (atomic_read(&net_pfkey->socks_nr) == 0)
3068 return 0;
3069
3070 switch (c->event) {
3071 case XFRM_MSG_EXPIRE:
3072 return key_notify_sa_expire(x, c);
3073 case XFRM_MSG_DELSA:
3074 case XFRM_MSG_NEWSA:
3075 case XFRM_MSG_UPDSA:
3076 return key_notify_sa(x, c);
3077 case XFRM_MSG_FLUSHSA:
3078 return key_notify_sa_flush(c);
3079 case XFRM_MSG_NEWAE:
3080 break;
3081 default:
3082 pr_err("pfkey: Unknown SA event %d\n", c->event);
3083 break;
3084 }
3085
3086 return 0;
3087 }
3088
3089 static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
3090 {
3091 if (xp && xp->type != XFRM_POLICY_TYPE_MAIN)
3092 return 0;
3093
3094 switch (c->event) {
3095 case XFRM_MSG_POLEXPIRE:
3096 return key_notify_policy_expire(xp, c);
3097 case XFRM_MSG_DELPOLICY:
3098 case XFRM_MSG_NEWPOLICY:
3099 case XFRM_MSG_UPDPOLICY:
3100 return key_notify_policy(xp, dir, c);
3101 case XFRM_MSG_FLUSHPOLICY:
3102 if (c->data.type != XFRM_POLICY_TYPE_MAIN)
3103 break;
3104 return key_notify_policy_flush(c);
3105 default:
3106 pr_err("pfkey: Unknown policy event %d\n", c->event);
3107 break;
3108 }
3109
3110 return 0;
3111 }
3112
3113 static u32 get_acqseq(void)
3114 {
3115 u32 res;
3116 static atomic_t acqseq;
3117
3118 do {
3119 res = atomic_inc_return(&acqseq);
3120 } while (!res);
3121 return res;
3122 }
3123
3124 static bool pfkey_is_alive(const struct km_event *c)
3125 {
3126 struct netns_pfkey *net_pfkey = net_generic(c->net, pfkey_net_id);
3127 struct sock *sk;
3128 bool is_alive = false;
3129
3130 rcu_read_lock();
3131 sk_for_each_rcu(sk, &net_pfkey->table) {
3132 if (pfkey_sk(sk)->registered) {
3133 is_alive = true;
3134 break;
3135 }
3136 }
3137 rcu_read_unlock();
3138
3139 return is_alive;
3140 }
3141
3142 static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp)
3143 {
3144 struct sk_buff *skb;
3145 struct sadb_msg *hdr;
3146 struct sadb_address *addr;
3147 struct sadb_x_policy *pol;
3148 int sockaddr_size;
3149 int size;
3150 struct sadb_x_sec_ctx *sec_ctx;
3151 struct xfrm_sec_ctx *xfrm_ctx;
3152 int ctx_size = 0;
3153
3154 sockaddr_size = pfkey_sockaddr_size(x->props.family);
3155 if (!sockaddr_size)
3156 return -EINVAL;
3157
3158 size = sizeof(struct sadb_msg) +
3159 (sizeof(struct sadb_address) * 2) +
3160 (sockaddr_size * 2) +
3161 sizeof(struct sadb_x_policy);
3162
3163 if (x->id.proto == IPPROTO_AH)
3164 size += count_ah_combs(t);
3165 else if (x->id.proto == IPPROTO_ESP)
3166 size += count_esp_combs(t);
3167
3168 if ((xfrm_ctx = x->security)) {
3169 ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
3170 size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
3171 }
3172
3173 skb = alloc_skb(size + 16, GFP_ATOMIC);
3174 if (skb == NULL)
3175 return -ENOMEM;
3176
3177 hdr = skb_put(skb, sizeof(struct sadb_msg));
3178 hdr->sadb_msg_version = PF_KEY_V2;
3179 hdr->sadb_msg_type = SADB_ACQUIRE;
3180 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
3181 hdr->sadb_msg_len = size / sizeof(uint64_t);
3182 hdr->sadb_msg_errno = 0;
3183 hdr->sadb_msg_reserved = 0;
3184 hdr->sadb_msg_seq = x->km.seq = get_acqseq();
3185 hdr->sadb_msg_pid = 0;
3186
3187
3188 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3189 addr->sadb_address_len =
3190 (sizeof(struct sadb_address)+sockaddr_size)/
3191 sizeof(uint64_t);
3192 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3193 addr->sadb_address_proto = 0;
3194 addr->sadb_address_reserved = 0;
3195 addr->sadb_address_prefixlen =
3196 pfkey_sockaddr_fill(&x->props.saddr, 0,
3197 (struct sockaddr *) (addr + 1),
3198 x->props.family);
3199 if (!addr->sadb_address_prefixlen)
3200 BUG();
3201
3202
3203 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3204 addr->sadb_address_len =
3205 (sizeof(struct sadb_address)+sockaddr_size)/
3206 sizeof(uint64_t);
3207 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3208 addr->sadb_address_proto = 0;
3209 addr->sadb_address_reserved = 0;
3210 addr->sadb_address_prefixlen =
3211 pfkey_sockaddr_fill(&x->id.daddr, 0,
3212 (struct sockaddr *) (addr + 1),
3213 x->props.family);
3214 if (!addr->sadb_address_prefixlen)
3215 BUG();
3216
3217 pol = skb_put(skb, sizeof(struct sadb_x_policy));
3218 pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
3219 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3220 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
3221 pol->sadb_x_policy_dir = XFRM_POLICY_OUT + 1;
3222 pol->sadb_x_policy_reserved = 0;
3223 pol->sadb_x_policy_id = xp->index;
3224 pol->sadb_x_policy_priority = xp->priority;
3225
3226
3227 if (x->id.proto == IPPROTO_AH)
3228 dump_ah_combs(skb, t);
3229 else if (x->id.proto == IPPROTO_ESP)
3230 dump_esp_combs(skb, t);
3231
3232
3233 if (xfrm_ctx) {
3234 sec_ctx = skb_put(skb,
3235 sizeof(struct sadb_x_sec_ctx) + ctx_size);
3236 sec_ctx->sadb_x_sec_len =
3237 (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
3238 sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
3239 sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
3240 sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
3241 sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
3242 memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
3243 xfrm_ctx->ctx_len);
3244 }
3245
3246 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3247 xs_net(x));
3248 }
3249
3250 static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
3251 u8 *data, int len, int *dir)
3252 {
3253 struct net *net = sock_net(sk);
3254 struct xfrm_policy *xp;
3255 struct sadb_x_policy *pol = (struct sadb_x_policy*)data;
3256 struct sadb_x_sec_ctx *sec_ctx;
3257
3258 switch (sk->sk_family) {
3259 case AF_INET:
3260 if (opt != IP_IPSEC_POLICY) {
3261 *dir = -EOPNOTSUPP;
3262 return NULL;
3263 }
3264 break;
3265 #if IS_ENABLED(CONFIG_IPV6)
3266 case AF_INET6:
3267 if (opt != IPV6_IPSEC_POLICY) {
3268 *dir = -EOPNOTSUPP;
3269 return NULL;
3270 }
3271 break;
3272 #endif
3273 default:
3274 *dir = -EINVAL;
3275 return NULL;
3276 }
3277
3278 *dir = -EINVAL;
3279
3280 if (len < sizeof(struct sadb_x_policy) ||
3281 pol->sadb_x_policy_len*8 > len ||
3282 pol->sadb_x_policy_type > IPSEC_POLICY_BYPASS ||
3283 (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir > IPSEC_DIR_OUTBOUND))
3284 return NULL;
3285
3286 xp = xfrm_policy_alloc(net, GFP_ATOMIC);
3287 if (xp == NULL) {
3288 *dir = -ENOBUFS;
3289 return NULL;
3290 }
3291
3292 xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
3293 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
3294
3295 xp->lft.soft_byte_limit = XFRM_INF;
3296 xp->lft.hard_byte_limit = XFRM_INF;
3297 xp->lft.soft_packet_limit = XFRM_INF;
3298 xp->lft.hard_packet_limit = XFRM_INF;
3299 xp->family = sk->sk_family;
3300
3301 xp->xfrm_nr = 0;
3302 if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
3303 (*dir = parse_ipsecrequests(xp, pol)) < 0)
3304 goto out;
3305
3306
3307 if (len >= (pol->sadb_x_policy_len*8 +
3308 sizeof(struct sadb_x_sec_ctx))) {
3309 char *p = (char *)pol;
3310 struct xfrm_user_sec_ctx *uctx;
3311
3312 p += pol->sadb_x_policy_len*8;
3313 sec_ctx = (struct sadb_x_sec_ctx *)p;
3314 if (len < pol->sadb_x_policy_len*8 +
3315 sec_ctx->sadb_x_sec_len*8) {
3316 *dir = -EINVAL;
3317 goto out;
3318 }
3319 if ((*dir = verify_sec_ctx_len(p)))
3320 goto out;
3321 uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_ATOMIC);
3322 *dir = security_xfrm_policy_alloc(&xp->security, uctx, GFP_ATOMIC);
3323 kfree(uctx);
3324
3325 if (*dir)
3326 goto out;
3327 }
3328
3329 *dir = pol->sadb_x_policy_dir-1;
3330 return xp;
3331
3332 out:
3333 xp->walk.dead = 1;
3334 xfrm_policy_destroy(xp);
3335 return NULL;
3336 }
3337
3338 static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
3339 {
3340 struct sk_buff *skb;
3341 struct sadb_msg *hdr;
3342 struct sadb_sa *sa;
3343 struct sadb_address *addr;
3344 struct sadb_x_nat_t_port *n_port;
3345 int sockaddr_size;
3346 int size;
3347 __u8 satype = (x->id.proto == IPPROTO_ESP ? SADB_SATYPE_ESP : 0);
3348 struct xfrm_encap_tmpl *natt = NULL;
3349
3350 sockaddr_size = pfkey_sockaddr_size(x->props.family);
3351 if (!sockaddr_size)
3352 return -EINVAL;
3353
3354 if (!satype)
3355 return -EINVAL;
3356
3357 if (!x->encap)
3358 return -EINVAL;
3359
3360 natt = x->encap;
3361
3362
3363
3364
3365
3366
3367
3368 size = sizeof(struct sadb_msg) +
3369 sizeof(struct sadb_sa) +
3370 (sizeof(struct sadb_address) * 2) +
3371 (sockaddr_size * 2) +
3372 (sizeof(struct sadb_x_nat_t_port) * 2);
3373
3374 skb = alloc_skb(size + 16, GFP_ATOMIC);
3375 if (skb == NULL)
3376 return -ENOMEM;
3377
3378 hdr = skb_put(skb, sizeof(struct sadb_msg));
3379 hdr->sadb_msg_version = PF_KEY_V2;
3380 hdr->sadb_msg_type = SADB_X_NAT_T_NEW_MAPPING;
3381 hdr->sadb_msg_satype = satype;
3382 hdr->sadb_msg_len = size / sizeof(uint64_t);
3383 hdr->sadb_msg_errno = 0;
3384 hdr->sadb_msg_reserved = 0;
3385 hdr->sadb_msg_seq = x->km.seq = get_acqseq();
3386 hdr->sadb_msg_pid = 0;
3387
3388
3389 sa = skb_put(skb, sizeof(struct sadb_sa));
3390 sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
3391 sa->sadb_sa_exttype = SADB_EXT_SA;
3392 sa->sadb_sa_spi = x->id.spi;
3393 sa->sadb_sa_replay = 0;
3394 sa->sadb_sa_state = 0;
3395 sa->sadb_sa_auth = 0;
3396 sa->sadb_sa_encrypt = 0;
3397 sa->sadb_sa_flags = 0;
3398
3399
3400 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3401 addr->sadb_address_len =
3402 (sizeof(struct sadb_address)+sockaddr_size)/
3403 sizeof(uint64_t);
3404 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3405 addr->sadb_address_proto = 0;
3406 addr->sadb_address_reserved = 0;
3407 addr->sadb_address_prefixlen =
3408 pfkey_sockaddr_fill(&x->props.saddr, 0,
3409 (struct sockaddr *) (addr + 1),
3410 x->props.family);
3411 if (!addr->sadb_address_prefixlen)
3412 BUG();
3413
3414
3415 n_port = skb_put(skb, sizeof(*n_port));
3416 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
3417 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
3418 n_port->sadb_x_nat_t_port_port = natt->encap_sport;
3419 n_port->sadb_x_nat_t_port_reserved = 0;
3420
3421
3422 addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
3423 addr->sadb_address_len =
3424 (sizeof(struct sadb_address)+sockaddr_size)/
3425 sizeof(uint64_t);
3426 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3427 addr->sadb_address_proto = 0;
3428 addr->sadb_address_reserved = 0;
3429 addr->sadb_address_prefixlen =
3430 pfkey_sockaddr_fill(ipaddr, 0,
3431 (struct sockaddr *) (addr + 1),
3432 x->props.family);
3433 if (!addr->sadb_address_prefixlen)
3434 BUG();
3435
3436
3437 n_port = skb_put(skb, sizeof(*n_port));
3438 n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
3439 n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
3440 n_port->sadb_x_nat_t_port_port = sport;
3441 n_port->sadb_x_nat_t_port_reserved = 0;
3442
3443 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3444 xs_net(x));
3445 }
3446
3447 #ifdef CONFIG_NET_KEY_MIGRATE
3448 static int set_sadb_address(struct sk_buff *skb, int sasize, int type,
3449 const struct xfrm_selector *sel)
3450 {
3451 struct sadb_address *addr;
3452 addr = skb_put(skb, sizeof(struct sadb_address) + sasize);
3453 addr->sadb_address_len = (sizeof(struct sadb_address) + sasize)/8;
3454 addr->sadb_address_exttype = type;
3455 addr->sadb_address_proto = sel->proto;
3456 addr->sadb_address_reserved = 0;
3457
3458 switch (type) {
3459 case SADB_EXT_ADDRESS_SRC:
3460 addr->sadb_address_prefixlen = sel->prefixlen_s;
3461 pfkey_sockaddr_fill(&sel->saddr, 0,
3462 (struct sockaddr *)(addr + 1),
3463 sel->family);
3464 break;
3465 case SADB_EXT_ADDRESS_DST:
3466 addr->sadb_address_prefixlen = sel->prefixlen_d;
3467 pfkey_sockaddr_fill(&sel->daddr, 0,
3468 (struct sockaddr *)(addr + 1),
3469 sel->family);
3470 break;
3471 default:
3472 return -EINVAL;
3473 }
3474
3475 return 0;
3476 }
3477
3478
3479 static int set_sadb_kmaddress(struct sk_buff *skb, const struct xfrm_kmaddress *k)
3480 {
3481 struct sadb_x_kmaddress *kma;
3482 u8 *sa;
3483 int family = k->family;
3484 int socklen = pfkey_sockaddr_len(family);
3485 int size_req;
3486
3487 size_req = (sizeof(struct sadb_x_kmaddress) +
3488 pfkey_sockaddr_pair_size(family));
3489
3490 kma = skb_put_zero(skb, size_req);
3491 kma->sadb_x_kmaddress_len = size_req / 8;
3492 kma->sadb_x_kmaddress_exttype = SADB_X_EXT_KMADDRESS;
3493 kma->sadb_x_kmaddress_reserved = k->reserved;
3494
3495 sa = (u8 *)(kma + 1);
3496 if (!pfkey_sockaddr_fill(&k->local, 0, (struct sockaddr *)sa, family) ||
3497 !pfkey_sockaddr_fill(&k->remote, 0, (struct sockaddr *)(sa+socklen), family))
3498 return -EINVAL;
3499
3500 return 0;
3501 }
3502
3503 static int set_ipsecrequest(struct sk_buff *skb,
3504 uint8_t proto, uint8_t mode, int level,
3505 uint32_t reqid, uint8_t family,
3506 const xfrm_address_t *src, const xfrm_address_t *dst)
3507 {
3508 struct sadb_x_ipsecrequest *rq;
3509 u8 *sa;
3510 int socklen = pfkey_sockaddr_len(family);
3511 int size_req;
3512
3513 size_req = sizeof(struct sadb_x_ipsecrequest) +
3514 pfkey_sockaddr_pair_size(family);
3515
3516 rq = skb_put_zero(skb, size_req);
3517 rq->sadb_x_ipsecrequest_len = size_req;
3518 rq->sadb_x_ipsecrequest_proto = proto;
3519 rq->sadb_x_ipsecrequest_mode = mode;
3520 rq->sadb_x_ipsecrequest_level = level;
3521 rq->sadb_x_ipsecrequest_reqid = reqid;
3522
3523 sa = (u8 *) (rq + 1);
3524 if (!pfkey_sockaddr_fill(src, 0, (struct sockaddr *)sa, family) ||
3525 !pfkey_sockaddr_fill(dst, 0, (struct sockaddr *)(sa + socklen), family))
3526 return -EINVAL;
3527
3528 return 0;
3529 }
3530 #endif
3531
3532 #ifdef CONFIG_NET_KEY_MIGRATE
3533 static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
3534 const struct xfrm_migrate *m, int num_bundles,
3535 const struct xfrm_kmaddress *k,
3536 const struct xfrm_encap_tmpl *encap)
3537 {
3538 int i;
3539 int sasize_sel;
3540 int size = 0;
3541 int size_pol = 0;
3542 struct sk_buff *skb;
3543 struct sadb_msg *hdr;
3544 struct sadb_x_policy *pol;
3545 const struct xfrm_migrate *mp;
3546
3547 if (type != XFRM_POLICY_TYPE_MAIN)
3548 return 0;
3549
3550 if (num_bundles <= 0 || num_bundles > XFRM_MAX_DEPTH)
3551 return -EINVAL;
3552
3553 if (k != NULL) {
3554
3555 size += PFKEY_ALIGN8(sizeof(struct sadb_x_kmaddress) +
3556 pfkey_sockaddr_pair_size(k->family));
3557 }
3558
3559
3560 sasize_sel = pfkey_sockaddr_size(sel->family);
3561 if (!sasize_sel)
3562 return -EINVAL;
3563 size += (sizeof(struct sadb_address) + sasize_sel) * 2;
3564
3565
3566 size_pol += sizeof(struct sadb_x_policy);
3567
3568
3569 for (i = 0, mp = m; i < num_bundles; i++, mp++) {
3570
3571 size_pol += sizeof(struct sadb_x_ipsecrequest) +
3572 pfkey_sockaddr_pair_size(mp->old_family);
3573
3574 size_pol += sizeof(struct sadb_x_ipsecrequest) +
3575 pfkey_sockaddr_pair_size(mp->new_family);
3576 }
3577
3578 size += sizeof(struct sadb_msg) + size_pol;
3579
3580
3581 skb = alloc_skb(size, GFP_ATOMIC);
3582 if (skb == NULL)
3583 return -ENOMEM;
3584
3585 hdr = skb_put(skb, sizeof(struct sadb_msg));
3586 hdr->sadb_msg_version = PF_KEY_V2;
3587 hdr->sadb_msg_type = SADB_X_MIGRATE;
3588 hdr->sadb_msg_satype = pfkey_proto2satype(m->proto);
3589 hdr->sadb_msg_len = size / 8;
3590 hdr->sadb_msg_errno = 0;
3591 hdr->sadb_msg_reserved = 0;
3592 hdr->sadb_msg_seq = 0;
3593 hdr->sadb_msg_pid = 0;
3594
3595
3596 if (k != NULL && (set_sadb_kmaddress(skb, k) < 0))
3597 goto err;
3598
3599
3600 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_SRC, sel);
3601
3602
3603 set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_DST, sel);
3604
3605
3606 pol = skb_put(skb, sizeof(struct sadb_x_policy));
3607 pol->sadb_x_policy_len = size_pol / 8;
3608 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3609 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
3610 pol->sadb_x_policy_dir = dir + 1;
3611 pol->sadb_x_policy_reserved = 0;
3612 pol->sadb_x_policy_id = 0;
3613 pol->sadb_x_policy_priority = 0;
3614
3615 for (i = 0, mp = m; i < num_bundles; i++, mp++) {
3616
3617 int mode = pfkey_mode_from_xfrm(mp->mode);
3618 if (mode < 0)
3619 goto err;
3620 if (set_ipsecrequest(skb, mp->proto, mode,
3621 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
3622 mp->reqid, mp->old_family,
3623 &mp->old_saddr, &mp->old_daddr) < 0)
3624 goto err;
3625
3626
3627 if (set_ipsecrequest(skb, mp->proto, mode,
3628 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
3629 mp->reqid, mp->new_family,
3630 &mp->new_saddr, &mp->new_daddr) < 0)
3631 goto err;
3632 }
3633
3634
3635 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, &init_net);
3636
3637 return 0;
3638
3639 err:
3640 kfree_skb(skb);
3641 return -EINVAL;
3642 }
3643 #else
3644 static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
3645 const struct xfrm_migrate *m, int num_bundles,
3646 const struct xfrm_kmaddress *k,
3647 const struct xfrm_encap_tmpl *encap)
3648 {
3649 return -ENOPROTOOPT;
3650 }
3651 #endif
3652
3653 static int pfkey_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
3654 {
3655 struct sock *sk = sock->sk;
3656 struct sk_buff *skb = NULL;
3657 struct sadb_msg *hdr = NULL;
3658 int err;
3659 struct net *net = sock_net(sk);
3660
3661 err = -EOPNOTSUPP;
3662 if (msg->msg_flags & MSG_OOB)
3663 goto out;
3664
3665 err = -EMSGSIZE;
3666 if ((unsigned int)len > sk->sk_sndbuf - 32)
3667 goto out;
3668
3669 err = -ENOBUFS;
3670 skb = alloc_skb(len, GFP_KERNEL);
3671 if (skb == NULL)
3672 goto out;
3673
3674 err = -EFAULT;
3675 if (memcpy_from_msg(skb_put(skb,len), msg, len))
3676 goto out;
3677
3678 hdr = pfkey_get_base_msg(skb, &err);
3679 if (!hdr)
3680 goto out;
3681
3682 mutex_lock(&net->xfrm.xfrm_cfg_mutex);
3683 err = pfkey_process(sk, skb, hdr);
3684 mutex_unlock(&net->xfrm.xfrm_cfg_mutex);
3685
3686 out:
3687 if (err && hdr && pfkey_error(hdr, err, sk) == 0)
3688 err = 0;
3689 kfree_skb(skb);
3690
3691 return err ? : len;
3692 }
3693
3694 static int pfkey_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
3695 int flags)
3696 {
3697 struct sock *sk = sock->sk;
3698 struct pfkey_sock *pfk = pfkey_sk(sk);
3699 struct sk_buff *skb;
3700 int copied, err;
3701
3702 err = -EINVAL;
3703 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
3704 goto out;
3705
3706 skb = skb_recv_datagram(sk, flags, &err);
3707 if (skb == NULL)
3708 goto out;
3709
3710 copied = skb->len;
3711 if (copied > len) {
3712 msg->msg_flags |= MSG_TRUNC;
3713 copied = len;
3714 }
3715
3716 skb_reset_transport_header(skb);
3717 err = skb_copy_datagram_msg(skb, 0, msg, copied);
3718 if (err)
3719 goto out_free;
3720
3721 sock_recv_cmsgs(msg, sk, skb);
3722
3723 err = (flags & MSG_TRUNC) ? skb->len : copied;
3724
3725 if (pfk->dump.dump != NULL &&
3726 3 * atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf)
3727 pfkey_do_dump(pfk);
3728
3729 out_free:
3730 skb_free_datagram(sk, skb);
3731 out:
3732 return err;
3733 }
3734
3735 static const struct proto_ops pfkey_ops = {
3736 .family = PF_KEY,
3737 .owner = THIS_MODULE,
3738
3739 .bind = sock_no_bind,
3740 .connect = sock_no_connect,
3741 .socketpair = sock_no_socketpair,
3742 .accept = sock_no_accept,
3743 .getname = sock_no_getname,
3744 .ioctl = sock_no_ioctl,
3745 .listen = sock_no_listen,
3746 .shutdown = sock_no_shutdown,
3747 .mmap = sock_no_mmap,
3748 .sendpage = sock_no_sendpage,
3749
3750
3751 .release = pfkey_release,
3752 .poll = datagram_poll,
3753 .sendmsg = pfkey_sendmsg,
3754 .recvmsg = pfkey_recvmsg,
3755 };
3756
3757 static const struct net_proto_family pfkey_family_ops = {
3758 .family = PF_KEY,
3759 .create = pfkey_create,
3760 .owner = THIS_MODULE,
3761 };
3762
3763 #ifdef CONFIG_PROC_FS
3764 static int pfkey_seq_show(struct seq_file *f, void *v)
3765 {
3766 struct sock *s = sk_entry(v);
3767
3768 if (v == SEQ_START_TOKEN)
3769 seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n");
3770 else
3771 seq_printf(f, "%pK %-6d %-6u %-6u %-6u %-6lu\n",
3772 s,
3773 refcount_read(&s->sk_refcnt),
3774 sk_rmem_alloc_get(s),
3775 sk_wmem_alloc_get(s),
3776 from_kuid_munged(seq_user_ns(f), sock_i_uid(s)),
3777 sock_i_ino(s)
3778 );
3779 return 0;
3780 }
3781
3782 static void *pfkey_seq_start(struct seq_file *f, loff_t *ppos)
3783 __acquires(rcu)
3784 {
3785 struct net *net = seq_file_net(f);
3786 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3787
3788 rcu_read_lock();
3789 return seq_hlist_start_head_rcu(&net_pfkey->table, *ppos);
3790 }
3791
3792 static void *pfkey_seq_next(struct seq_file *f, void *v, loff_t *ppos)
3793 {
3794 struct net *net = seq_file_net(f);
3795 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3796
3797 return seq_hlist_next_rcu(v, &net_pfkey->table, ppos);
3798 }
3799
3800 static void pfkey_seq_stop(struct seq_file *f, void *v)
3801 __releases(rcu)
3802 {
3803 rcu_read_unlock();
3804 }
3805
3806 static const struct seq_operations pfkey_seq_ops = {
3807 .start = pfkey_seq_start,
3808 .next = pfkey_seq_next,
3809 .stop = pfkey_seq_stop,
3810 .show = pfkey_seq_show,
3811 };
3812
3813 static int __net_init pfkey_init_proc(struct net *net)
3814 {
3815 struct proc_dir_entry *e;
3816
3817 e = proc_create_net("pfkey", 0, net->proc_net, &pfkey_seq_ops,
3818 sizeof(struct seq_net_private));
3819 if (e == NULL)
3820 return -ENOMEM;
3821
3822 return 0;
3823 }
3824
3825 static void __net_exit pfkey_exit_proc(struct net *net)
3826 {
3827 remove_proc_entry("pfkey", net->proc_net);
3828 }
3829 #else
3830 static inline int pfkey_init_proc(struct net *net)
3831 {
3832 return 0;
3833 }
3834
3835 static inline void pfkey_exit_proc(struct net *net)
3836 {
3837 }
3838 #endif
3839
3840 static struct xfrm_mgr pfkeyv2_mgr =
3841 {
3842 .notify = pfkey_send_notify,
3843 .acquire = pfkey_send_acquire,
3844 .compile_policy = pfkey_compile_policy,
3845 .new_mapping = pfkey_send_new_mapping,
3846 .notify_policy = pfkey_send_policy_notify,
3847 .migrate = pfkey_send_migrate,
3848 .is_alive = pfkey_is_alive,
3849 };
3850
3851 static int __net_init pfkey_net_init(struct net *net)
3852 {
3853 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3854 int rv;
3855
3856 INIT_HLIST_HEAD(&net_pfkey->table);
3857 atomic_set(&net_pfkey->socks_nr, 0);
3858
3859 rv = pfkey_init_proc(net);
3860
3861 return rv;
3862 }
3863
3864 static void __net_exit pfkey_net_exit(struct net *net)
3865 {
3866 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3867
3868 pfkey_exit_proc(net);
3869 WARN_ON(!hlist_empty(&net_pfkey->table));
3870 }
3871
3872 static struct pernet_operations pfkey_net_ops = {
3873 .init = pfkey_net_init,
3874 .exit = pfkey_net_exit,
3875 .id = &pfkey_net_id,
3876 .size = sizeof(struct netns_pfkey),
3877 };
3878
3879 static void __exit ipsec_pfkey_exit(void)
3880 {
3881 xfrm_unregister_km(&pfkeyv2_mgr);
3882 sock_unregister(PF_KEY);
3883 unregister_pernet_subsys(&pfkey_net_ops);
3884 proto_unregister(&key_proto);
3885 }
3886
3887 static int __init ipsec_pfkey_init(void)
3888 {
3889 int err = proto_register(&key_proto, 0);
3890
3891 if (err != 0)
3892 goto out;
3893
3894 err = register_pernet_subsys(&pfkey_net_ops);
3895 if (err != 0)
3896 goto out_unregister_key_proto;
3897 err = sock_register(&pfkey_family_ops);
3898 if (err != 0)
3899 goto out_unregister_pernet;
3900 xfrm_register_km(&pfkeyv2_mgr);
3901 out:
3902 return err;
3903
3904 out_unregister_pernet:
3905 unregister_pernet_subsys(&pfkey_net_ops);
3906 out_unregister_key_proto:
3907 proto_unregister(&key_proto);
3908 goto out;
3909 }
3910
3911 module_init(ipsec_pfkey_init);
3912 module_exit(ipsec_pfkey_exit);
3913 MODULE_LICENSE("GPL");
3914 MODULE_ALIAS_NETPROTO(PF_KEY);
