^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) /* SPDX-License-Identifier: GPL-2.0 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) #ifndef _NET_XFRM_H
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) #define _NET_XFRM_H
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) #include <linux/compiler.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) #include <linux/xfrm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) #include <linux/spinlock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) #include <linux/list.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) #include <linux/skbuff.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <linux/socket.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <linux/pfkeyv2.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <linux/ipsec.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <linux/in6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <linux/mutex.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <linux/audit.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <linux/refcount.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <linux/sockptr.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <net/sock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include <net/dst.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #include <net/ip.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) #include <net/route.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #include <net/ipv6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) #include <net/ip6_fib.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #include <net/flow.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) #include <net/gro_cells.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) #include <linux/interrupt.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) #ifdef CONFIG_XFRM_STATISTICS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) #include <net/snmp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) #define XFRM_PROTO_ESP 50
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) #define XFRM_PROTO_AH 51
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) #define XFRM_PROTO_COMP 108
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) #define XFRM_PROTO_IPIP 4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) #define XFRM_PROTO_IPV6 41
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) #define XFRM_PROTO_ROUTING IPPROTO_ROUTING
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) #define XFRM_PROTO_DSTOPTS IPPROTO_DSTOPTS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) #define XFRM_ALIGN4(len) (((len) + 3) & ~3)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) #define XFRM_ALIGN8(len) (((len) + 7) & ~7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) #define MODULE_ALIAS_XFRM_MODE(family, encap) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) MODULE_ALIAS("xfrm-mode-" __stringify(family) "-" __stringify(encap))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) #define MODULE_ALIAS_XFRM_TYPE(family, proto) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) MODULE_ALIAS("xfrm-type-" __stringify(family) "-" __stringify(proto))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) #define MODULE_ALIAS_XFRM_OFFLOAD_TYPE(family, proto) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) MODULE_ALIAS("xfrm-offload-" __stringify(family) "-" __stringify(proto))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) #ifdef CONFIG_XFRM_STATISTICS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) #define XFRM_INC_STATS(net, field) SNMP_INC_STATS((net)->mib.xfrm_statistics, field)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) #define XFRM_INC_STATS(net, field) ((void)(net))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) /* Organization of SPD aka "XFRM rules"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) ------------------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) Basic objects:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) - policy rule, struct xfrm_policy (=SPD entry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) - bundle of transformations, struct dst_entry == struct xfrm_dst (=SA bundle)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) - instance of a transformer, struct xfrm_state (=SA)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) - template to clone xfrm_state, struct xfrm_tmpl
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) SPD is plain linear list of xfrm_policy rules, ordered by priority.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) (To be compatible with existing pfkeyv2 implementations,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) many rules with priority of 0x7fffffff are allowed to exist and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) such rules are ordered in an unpredictable way, thanks to bsd folks.)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) Lookup is plain linear search until the first match with selector.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) If "action" is "block", then we prohibit the flow, otherwise:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) if "xfrms_nr" is zero, the flow passes untransformed. Otherwise,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) policy entry has list of up to XFRM_MAX_DEPTH transformations,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) described by templates xfrm_tmpl. Each template is resolved
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) to a complete xfrm_state (see below) and we pack bundle of transformations
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) to a dst_entry returned to requestor.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) dst -. xfrm .-> xfrm_state #1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) |---. child .-> dst -. xfrm .-> xfrm_state #2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) |---. child .-> dst -. xfrm .-> xfrm_state #3
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) |---. child .-> NULL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) Bundles are cached at xrfm_policy struct (field ->bundles).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) Resolution of xrfm_tmpl
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) -----------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) Template contains:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) 1. ->mode Mode: transport or tunnel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) 2. ->id.proto Protocol: AH/ESP/IPCOMP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) 3. ->id.daddr Remote tunnel endpoint, ignored for transport mode.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) Q: allow to resolve security gateway?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) 4. ->id.spi If not zero, static SPI.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) 5. ->saddr Local tunnel endpoint, ignored for transport mode.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) 6. ->algos List of allowed algos. Plain bitmask now.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) Q: ealgos, aalgos, calgos. What a mess...
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 7. ->share Sharing mode.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) Q: how to implement private sharing mode? To add struct sock* to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) flow id?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) Having this template we search through SAD searching for entries
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) with appropriate mode/proto/algo, permitted by selector.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) If no appropriate entry found, it is requested from key manager.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) PROBLEMS:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) Q: How to find all the bundles referring to a physical path for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) PMTU discovery? Seems, dst should contain list of all parents...
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) and enter to infinite locking hierarchy disaster.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) No! It is easier, we will not search for them, let them find us.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) We add genid to each dst plus pointer to genid of raw IP route,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) pmtu disc will update pmtu on raw IP route and increase its genid.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) dst_check() will see this for top level and trigger resyncing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) metrics. Plus, it will be made via sk->sk_dst_cache. Solved.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) struct xfrm_state_walk {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) struct list_head all;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) u8 state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) u8 dying;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) u8 proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) u32 seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) struct xfrm_address_filter *filter;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) struct xfrm_state_offload {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) struct net_device *dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) struct net_device *real_dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) unsigned long offload_handle;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) unsigned int num_exthdrs;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) u8 flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) struct xfrm_mode {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) u8 encap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) u8 family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) u8 flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) /* Flags for xfrm_mode. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) enum {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) XFRM_MODE_FLAG_TUNNEL = 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) /* Full description of state of transformer. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) struct xfrm_state {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) possible_net_t xs_net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) union {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) struct hlist_node gclist;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) struct hlist_node bydst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) struct hlist_node bysrc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) struct hlist_node byspi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) refcount_t refcnt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) spinlock_t lock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) struct xfrm_id id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) struct xfrm_selector sel;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) struct xfrm_mark mark;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) u32 if_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) u32 tfcpad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) u32 genid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) /* Key manager bits */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) struct xfrm_state_walk km;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) /* Parameters of this state. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) struct {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) u32 reqid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) u8 mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) u8 replay_window;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) u8 aalgo, ealgo, calgo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) u8 flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) u16 family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) xfrm_address_t saddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) int header_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) int trailer_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) u32 extra_flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) struct xfrm_mark smark;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) } props;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) struct xfrm_lifetime_cfg lft;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) /* Data for transformer */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) struct xfrm_algo_auth *aalg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) struct xfrm_algo *ealg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) struct xfrm_algo *calg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) struct xfrm_algo_aead *aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) const char *geniv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) /* Data for encapsulator */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) struct xfrm_encap_tmpl *encap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) struct sock __rcu *encap_sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) /* Data for care-of address */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) xfrm_address_t *coaddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) /* IPComp needs an IPIP tunnel for handling uncompressed packets */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) struct xfrm_state *tunnel;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) /* If a tunnel, number of users + 1 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) atomic_t tunnel_users;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) /* State for replay detection */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) struct xfrm_replay_state replay;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) struct xfrm_replay_state_esn *replay_esn;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) /* Replay detection state at the time we sent the last notification */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) struct xfrm_replay_state preplay;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) struct xfrm_replay_state_esn *preplay_esn;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) /* The functions for replay detection. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) const struct xfrm_replay *repl;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) /* internal flag that only holds state for delayed aevent at the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) * moment
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) u32 xflags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) /* Replay detection notification settings */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) u32 replay_maxage;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) u32 replay_maxdiff;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) /* Replay detection notification timer */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) struct timer_list rtimer;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) /* Statistics */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) struct xfrm_stats stats;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) struct xfrm_lifetime_cur curlft;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) struct hrtimer mtimer;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) struct xfrm_state_offload xso;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) /* used to fix curlft->add_time when changing date */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) long saved_tmo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) /* Last used time */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) time64_t lastused;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) struct page_frag xfrag;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) /* Reference to data common to all the instances of this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) * transformer. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) const struct xfrm_type *type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) struct xfrm_mode inner_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) struct xfrm_mode inner_mode_iaf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) struct xfrm_mode outer_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) const struct xfrm_type_offload *type_offload;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) /* Security context */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) struct xfrm_sec_ctx *security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) /* Private data of this transformer, format is opaque,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) * interpreted by xfrm_type methods. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) void *data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) static inline struct net *xs_net(struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) return read_pnet(&x->xs_net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) /* xflags - make enum if more show up */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) #define XFRM_TIME_DEFER 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) #define XFRM_SOFT_EXPIRE 2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) enum {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) XFRM_STATE_VOID,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) XFRM_STATE_ACQ,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) XFRM_STATE_VALID,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) XFRM_STATE_ERROR,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) XFRM_STATE_EXPIRED,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) XFRM_STATE_DEAD
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) /* callback structure passed from either netlink or pfkey */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) struct km_event {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) union {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) u32 hard;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) u32 proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) u32 byid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) u32 aevent;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) u32 type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) } data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) u32 seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) u32 portid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) u32 event;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) struct net *net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) struct xfrm_replay {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) void (*advance)(struct xfrm_state *x, __be32 net_seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) int (*check)(struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) __be32 net_seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) int (*recheck)(struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) __be32 net_seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) void (*notify)(struct xfrm_state *x, int event);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) int (*overflow)(struct xfrm_state *x, struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) struct xfrm_if_cb {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) struct xfrm_if *(*decode_session)(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) void xfrm_if_register_cb(const struct xfrm_if_cb *ifcb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) void xfrm_if_unregister_cb(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) struct net_device;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) struct xfrm_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) struct xfrm_dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) struct xfrm_policy_afinfo {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) struct dst_ops *dst_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) struct dst_entry *(*dst_lookup)(struct net *net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) int tos, int oif,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) const xfrm_address_t *saddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) const xfrm_address_t *daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) u32 mark);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) int (*get_saddr)(struct net *net, int oif,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) xfrm_address_t *saddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) xfrm_address_t *daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) u32 mark);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) int (*fill_dst)(struct xfrm_dst *xdst,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) struct net_device *dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) const struct flowi *fl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) struct dst_entry *(*blackhole_route)(struct net *net, struct dst_entry *orig);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) int xfrm_policy_register_afinfo(const struct xfrm_policy_afinfo *afinfo, int family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) void xfrm_policy_unregister_afinfo(const struct xfrm_policy_afinfo *afinfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) void km_policy_notify(struct xfrm_policy *xp, int dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) const struct km_event *c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) void km_state_notify(struct xfrm_state *x, const struct km_event *c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) struct xfrm_tmpl;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) int km_query(struct xfrm_state *x, struct xfrm_tmpl *t,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) struct xfrm_policy *pol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) void km_state_expired(struct xfrm_state *x, int hard, u32 portid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) int __xfrm_state_delete(struct xfrm_state *x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) struct xfrm_state_afinfo {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) u8 family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) u8 proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) const struct xfrm_type_offload *type_offload_esp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) const struct xfrm_type *type_esp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) const struct xfrm_type *type_ipip;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) const struct xfrm_type *type_ipip6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) const struct xfrm_type *type_comp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) const struct xfrm_type *type_ah;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) const struct xfrm_type *type_routing;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) const struct xfrm_type *type_dstopts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) int (*output)(struct net *net, struct sock *sk, struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) int (*transport_finish)(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) int async);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) void (*local_error)(struct sk_buff *skb, u32 mtu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) struct xfrm_state_afinfo *xfrm_state_afinfo_get_rcu(unsigned int family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) struct xfrm_input_afinfo {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) u8 family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) bool is_ipip;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) int (*callback)(struct sk_buff *skb, u8 protocol,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) int err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) int xfrm_input_register_afinfo(const struct xfrm_input_afinfo *afinfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) int xfrm_input_unregister_afinfo(const struct xfrm_input_afinfo *afinfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) void xfrm_flush_gc(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) void xfrm_state_delete_tunnel(struct xfrm_state *x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) struct xfrm_type {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) char *description;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) struct module *owner;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) u8 proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) u8 flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) #define XFRM_TYPE_NON_FRAGMENT 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) #define XFRM_TYPE_REPLAY_PROT 2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) #define XFRM_TYPE_LOCAL_COADDR 4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) #define XFRM_TYPE_REMOTE_COADDR 8
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) int (*init_state)(struct xfrm_state *x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) void (*destructor)(struct xfrm_state *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) int (*input)(struct xfrm_state *, struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) int (*output)(struct xfrm_state *, struct sk_buff *pskb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) int (*reject)(struct xfrm_state *, struct sk_buff *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) const struct flowi *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) int (*hdr_offset)(struct xfrm_state *, struct sk_buff *, u8 **);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) int xfrm_register_type(const struct xfrm_type *type, unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) void xfrm_unregister_type(const struct xfrm_type *type, unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) struct xfrm_type_offload {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) char *description;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) struct module *owner;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) u8 proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) void (*encap)(struct xfrm_state *, struct sk_buff *pskb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) int (*input_tail)(struct xfrm_state *x, struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) int (*xmit)(struct xfrm_state *, struct sk_buff *pskb, netdev_features_t features);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) int xfrm_register_type_offload(const struct xfrm_type_offload *type, unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) void xfrm_unregister_type_offload(const struct xfrm_type_offload *type, unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) static inline int xfrm_af2proto(unsigned int family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) switch(family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) return IPPROTO_IPIP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) return IPPROTO_IPV6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) static inline const struct xfrm_mode *xfrm_ip2inner_mode(struct xfrm_state *x, int ipproto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) if ((ipproto == IPPROTO_IPIP && x->props.family == AF_INET) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) (ipproto == IPPROTO_IPV6 && x->props.family == AF_INET6))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) return &x->inner_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) return &x->inner_mode_iaf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) struct xfrm_tmpl {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) /* id in template is interpreted as:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) * daddr - destination of tunnel, may be zero for transport mode.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) * spi - zero to acquire spi. Not zero if spi is static, then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) * daddr must be fixed too.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) * proto - AH/ESP/IPCOMP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) struct xfrm_id id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) /* Source address of tunnel. Ignored, if it is not a tunnel. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) xfrm_address_t saddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) unsigned short encap_family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) u32 reqid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) /* Mode: transport, tunnel etc. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) u8 mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) /* Sharing mode: unique, this session only, this user only etc. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) u8 share;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) /* May skip this transfomration if no SA is found */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) u8 optional;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) /* Skip aalgos/ealgos/calgos checks. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) u8 allalgs;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) /* Bit mask of algos allowed for acquisition */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) u32 aalgos;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) u32 ealgos;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) u32 calgos;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) #define XFRM_MAX_DEPTH 6
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) #define XFRM_MAX_OFFLOAD_DEPTH 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) struct xfrm_policy_walk_entry {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) struct list_head all;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) u8 dead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) struct xfrm_policy_walk {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) struct xfrm_policy_walk_entry walk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) u8 type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) u32 seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) struct xfrm_policy_queue {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) struct sk_buff_head hold_queue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) struct timer_list hold_timer;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) unsigned long timeout;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) struct xfrm_policy {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) possible_net_t xp_net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) struct hlist_node bydst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) struct hlist_node byidx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) /* This lock only affects elements except for entry. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) rwlock_t lock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) refcount_t refcnt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) u32 pos;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) struct timer_list timer;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) atomic_t genid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) u32 priority;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) u32 index;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) u32 if_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) struct xfrm_mark mark;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) struct xfrm_selector selector;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) struct xfrm_lifetime_cfg lft;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) struct xfrm_lifetime_cur curlft;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) struct xfrm_policy_walk_entry walk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) struct xfrm_policy_queue polq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) bool bydst_reinsert;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) u8 type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) u8 action;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) u8 flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) u8 xfrm_nr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) u16 family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) struct xfrm_sec_ctx *security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) struct hlist_node bydst_inexact_list;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) struct rcu_head rcu;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) static inline struct net *xp_net(const struct xfrm_policy *xp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) return read_pnet(&xp->xp_net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) struct xfrm_kmaddress {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) xfrm_address_t local;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) xfrm_address_t remote;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) u32 reserved;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) u16 family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) struct xfrm_migrate {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) xfrm_address_t old_daddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) xfrm_address_t old_saddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) xfrm_address_t new_daddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) xfrm_address_t new_saddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) u8 proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) u8 mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) u16 reserved;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) u32 reqid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) u16 old_family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) u16 new_family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) #define XFRM_KM_TIMEOUT 30
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) /* what happened */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) #define XFRM_REPLAY_UPDATE XFRM_AE_CR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) #define XFRM_REPLAY_TIMEOUT XFRM_AE_CE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) /* default aevent timeout in units of 100ms */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) #define XFRM_AE_ETIME 10
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) /* Async Event timer multiplier */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) #define XFRM_AE_ETH_M 10
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) /* default seq threshold size */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) #define XFRM_AE_SEQT_SIZE 2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) struct xfrm_mgr {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) struct list_head list;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) int (*notify)(struct xfrm_state *x, const struct km_event *c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) int (*notify_policy)(struct xfrm_policy *x, int dir, const struct km_event *c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) int (*report)(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) int (*migrate)(const struct xfrm_selector *sel,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) u8 dir, u8 type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) const struct xfrm_migrate *m,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) int num_bundles,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) const struct xfrm_kmaddress *k,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581) const struct xfrm_encap_tmpl *encap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) bool (*is_alive)(const struct km_event *c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) int xfrm_register_km(struct xfrm_mgr *km);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) int xfrm_unregister_km(struct xfrm_mgr *km);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) struct xfrm_tunnel_skb_cb {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) union {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) struct inet_skb_parm h4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591) struct inet6_skb_parm h6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) } header;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) union {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) struct ip_tunnel *ip4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) struct ip6_tnl *ip6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597) } tunnel;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) #define XFRM_TUNNEL_SKB_CB(__skb) ((struct xfrm_tunnel_skb_cb *)&((__skb)->cb[0]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) * This structure is used for the duration where packets are being
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) * transformed by IPsec. As soon as the packet leaves IPsec the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) * area beyond the generic IP part may be overwritten.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) struct xfrm_skb_cb {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) struct xfrm_tunnel_skb_cb header;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610) /* Sequence number for replay protection. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611) union {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) struct {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613) __u32 low;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614) __u32 hi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615) } output;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616) struct {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) __be32 low;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) __be32 hi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619) } input;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620) } seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) #define XFRM_SKB_CB(__skb) ((struct xfrm_skb_cb *)&((__skb)->cb[0]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) * This structure is used by the afinfo prepare_input/prepare_output functions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627) * to transmit header information to the mode input/output functions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629) struct xfrm_mode_skb_cb {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) struct xfrm_tunnel_skb_cb header;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) /* Copied from header for IPv4, always set to zero and DF for IPv6. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633) __be16 id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) __be16 frag_off;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) /* IP header length (excluding options or extension headers). */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637) u8 ihl;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) /* TOS for IPv4, class for IPv6. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) u8 tos;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642) /* TTL for IPv4, hop limitfor IPv6. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) u8 ttl;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) /* Protocol for IPv4, NH for IPv6. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) u8 protocol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648) /* Option length for IPv4, zero for IPv6. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) u8 optlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) /* Used by IPv6 only, zero for IPv4. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) u8 flow_lbl[3];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655) #define XFRM_MODE_SKB_CB(__skb) ((struct xfrm_mode_skb_cb *)&((__skb)->cb[0]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) * This structure is used by the input processing to locate the SPI and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659) * related information.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) struct xfrm_spi_skb_cb {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662) struct xfrm_tunnel_skb_cb header;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664) unsigned int daddroff;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665) unsigned int family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666) __be32 seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669) #define XFRM_SPI_SKB_CB(__skb) ((struct xfrm_spi_skb_cb *)&((__skb)->cb[0]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671) #ifdef CONFIG_AUDITSYSCALL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672) static inline struct audit_buffer *xfrm_audit_start(const char *op)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674) struct audit_buffer *audit_buf = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676) if (audit_enabled == AUDIT_OFF)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678) audit_buf = audit_log_start(audit_context(), GFP_ATOMIC,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679) AUDIT_MAC_IPSEC_EVENT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680) if (audit_buf == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682) audit_log_format(audit_buf, "op=%s", op);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 683) return audit_buf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 684) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 685)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 686) static inline void xfrm_audit_helper_usrinfo(bool task_valid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 687) struct audit_buffer *audit_buf)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 688) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 689) const unsigned int auid = from_kuid(&init_user_ns, task_valid ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 690) audit_get_loginuid(current) :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 691) INVALID_UID);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 692) const unsigned int ses = task_valid ? audit_get_sessionid(current) :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 693) AUDIT_SID_UNSET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 694)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 695) audit_log_format(audit_buf, " auid=%u ses=%u", auid, ses);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 696) audit_log_task_context(audit_buf);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 697) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 698)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 699) void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, bool task_valid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 700) void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 701) bool task_valid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 702) void xfrm_audit_state_add(struct xfrm_state *x, int result, bool task_valid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 703) void xfrm_audit_state_delete(struct xfrm_state *x, int result, bool task_valid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 704) void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 705) struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 706) void xfrm_audit_state_replay(struct xfrm_state *x, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 707) __be32 net_seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 708) void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 709) void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family, __be32 net_spi,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 710) __be32 net_seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 711) void xfrm_audit_state_icvfail(struct xfrm_state *x, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 712) u8 proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 713) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 714)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 715) static inline void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 716) bool task_valid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 717) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 718) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 719)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 720) static inline void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 721) bool task_valid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 722) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 723) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 724)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 725) static inline void xfrm_audit_state_add(struct xfrm_state *x, int result,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 726) bool task_valid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 727) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 728) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 729)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 730) static inline void xfrm_audit_state_delete(struct xfrm_state *x, int result,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 731) bool task_valid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 732) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 733) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 734)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 735) static inline void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 736) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 737) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 738) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 739)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 740) static inline void xfrm_audit_state_replay(struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 741) struct sk_buff *skb, __be32 net_seq)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 742) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 743) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 744)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 745) static inline void xfrm_audit_state_notfound_simple(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 746) u16 family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 747) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 748) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 749)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 750) static inline void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 751) __be32 net_spi, __be32 net_seq)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 752) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 753) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 754)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 755) static inline void xfrm_audit_state_icvfail(struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 756) struct sk_buff *skb, u8 proto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 757) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 758) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 759) #endif /* CONFIG_AUDITSYSCALL */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 760)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 761) static inline void xfrm_pol_hold(struct xfrm_policy *policy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 762) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 763) if (likely(policy != NULL))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 764) refcount_inc(&policy->refcnt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 765) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 766)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 767) void xfrm_policy_destroy(struct xfrm_policy *policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 768)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 769) static inline void xfrm_pol_put(struct xfrm_policy *policy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 770) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 771) if (refcount_dec_and_test(&policy->refcnt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 772) xfrm_policy_destroy(policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 773) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 774)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 775) static inline void xfrm_pols_put(struct xfrm_policy **pols, int npols)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 776) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 777) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 778) for (i = npols - 1; i >= 0; --i)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 779) xfrm_pol_put(pols[i]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 780) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 781)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 782) void __xfrm_state_destroy(struct xfrm_state *, bool);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 783)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 784) static inline void __xfrm_state_put(struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 785) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 786) refcount_dec(&x->refcnt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 787) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 788)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 789) static inline void xfrm_state_put(struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 790) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 791) if (refcount_dec_and_test(&x->refcnt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 792) __xfrm_state_destroy(x, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 793) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 794)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 795) static inline void xfrm_state_put_sync(struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 796) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 797) if (refcount_dec_and_test(&x->refcnt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 798) __xfrm_state_destroy(x, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 799) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 800)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 801) static inline void xfrm_state_hold(struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 802) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 803) refcount_inc(&x->refcnt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 804) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 805)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 806) static inline bool addr_match(const void *token1, const void *token2,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 807) unsigned int prefixlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 808) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 809) const __be32 *a1 = token1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 810) const __be32 *a2 = token2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 811) unsigned int pdw;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 812) unsigned int pbi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 813)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 814) pdw = prefixlen >> 5; /* num of whole u32 in prefix */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 815) pbi = prefixlen & 0x1f; /* num of bits in incomplete u32 in prefix */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 816)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 817) if (pdw)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 818) if (memcmp(a1, a2, pdw << 2))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 819) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 820)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 821) if (pbi) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 822) __be32 mask;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 823)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 824) mask = htonl((0xffffffff) << (32 - pbi));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 825)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 826) if ((a1[pdw] ^ a2[pdw]) & mask)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 827) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 828) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 829)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 830) return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 831) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 832)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 833) static inline bool addr4_match(__be32 a1, __be32 a2, u8 prefixlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 834) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 835) /* C99 6.5.7 (3): u32 << 32 is undefined behaviour */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 836) if (sizeof(long) == 4 && prefixlen == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 837) return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 838) return !((a1 ^ a2) & htonl(~0UL << (32 - prefixlen)));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 839) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 840)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 841) static __inline__
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 842) __be16 xfrm_flowi_sport(const struct flowi *fl, const union flowi_uli *uli)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 843) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 844) __be16 port;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 845) switch(fl->flowi_proto) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 846) case IPPROTO_TCP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 847) case IPPROTO_UDP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 848) case IPPROTO_UDPLITE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 849) case IPPROTO_SCTP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 850) port = uli->ports.sport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 851) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 852) case IPPROTO_ICMP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 853) case IPPROTO_ICMPV6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 854) port = htons(uli->icmpt.type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 855) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 856) case IPPROTO_MH:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 857) port = htons(uli->mht.type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 858) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 859) case IPPROTO_GRE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 860) port = htons(ntohl(uli->gre_key) >> 16);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 861) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 862) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 863) port = 0; /*XXX*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 864) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 865) return port;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 866) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 867)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 868) static __inline__
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 869) __be16 xfrm_flowi_dport(const struct flowi *fl, const union flowi_uli *uli)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 870) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 871) __be16 port;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 872) switch(fl->flowi_proto) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 873) case IPPROTO_TCP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 874) case IPPROTO_UDP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 875) case IPPROTO_UDPLITE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 876) case IPPROTO_SCTP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 877) port = uli->ports.dport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 878) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 879) case IPPROTO_ICMP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 880) case IPPROTO_ICMPV6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 881) port = htons(uli->icmpt.code);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 882) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 883) case IPPROTO_GRE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 884) port = htons(ntohl(uli->gre_key) & 0xffff);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 885) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 886) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 887) port = 0; /*XXX*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 888) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 889) return port;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 890) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 891)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 892) bool xfrm_selector_match(const struct xfrm_selector *sel,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 893) const struct flowi *fl, unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 894)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 895) #ifdef CONFIG_SECURITY_NETWORK_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 896) /* If neither has a context --> match
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 897) * Otherwise, both must have a context and the sids, doi, alg must match
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 898) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 899) static inline bool xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 900) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 901) return ((!s1 && !s2) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 902) (s1 && s2 &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 903) (s1->ctx_sid == s2->ctx_sid) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 904) (s1->ctx_doi == s2->ctx_doi) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 905) (s1->ctx_alg == s2->ctx_alg)));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 906) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 907) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 908) static inline bool xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 909) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 910) return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 911) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 912) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 913)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 914) /* A struct encoding bundle of transformations to apply to some set of flow.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 915) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 916) * xdst->child points to the next element of bundle.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 917) * dst->xfrm points to an instanse of transformer.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 918) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 919) * Due to unfortunate limitations of current routing cache, which we
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 920) * have no time to fix, it mirrors struct rtable and bound to the same
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 921) * routing key, including saddr,daddr. However, we can have many of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 922) * bundles differing by session id. All the bundles grow from a parent
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 923) * policy rule.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 924) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 925) struct xfrm_dst {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 926) union {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 927) struct dst_entry dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 928) struct rtable rt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 929) struct rt6_info rt6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 930) } u;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 931) struct dst_entry *route;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 932) struct dst_entry *child;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 933) struct dst_entry *path;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 934) struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 935) int num_pols, num_xfrms;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 936) u32 xfrm_genid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 937) u32 policy_genid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 938) u32 route_mtu_cached;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 939) u32 child_mtu_cached;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 940) u32 route_cookie;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 941) u32 path_cookie;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 942) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 943)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 944) static inline struct dst_entry *xfrm_dst_path(const struct dst_entry *dst)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 945) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 946) #ifdef CONFIG_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 947) if (dst->xfrm || (dst->flags & DST_XFRM_QUEUE)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 948) const struct xfrm_dst *xdst = (const struct xfrm_dst *) dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 949)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 950) return xdst->path;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 951) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 952) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 953) return (struct dst_entry *) dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 954) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 955)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 956) static inline struct dst_entry *xfrm_dst_child(const struct dst_entry *dst)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 957) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 958) #ifdef CONFIG_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 959) if (dst->xfrm || (dst->flags & DST_XFRM_QUEUE)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 960) struct xfrm_dst *xdst = (struct xfrm_dst *) dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 961) return xdst->child;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 962) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 963) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 964) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 965) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 966)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 967) #ifdef CONFIG_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 968) static inline void xfrm_dst_set_child(struct xfrm_dst *xdst, struct dst_entry *child)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 969) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 970) xdst->child = child;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 971) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 972)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 973) static inline void xfrm_dst_destroy(struct xfrm_dst *xdst)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 974) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 975) xfrm_pols_put(xdst->pols, xdst->num_pols);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 976) dst_release(xdst->route);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 977) if (likely(xdst->u.dst.xfrm))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 978) xfrm_state_put(xdst->u.dst.xfrm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 979) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 980) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 981)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 982) void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 983)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 984) struct xfrm_if_parms {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 985) int link; /* ifindex of underlying L2 interface */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 986) u32 if_id; /* interface identifyer */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 987) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 988)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 989) struct xfrm_if {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 990) struct xfrm_if __rcu *next; /* next interface in list */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 991) struct net_device *dev; /* virtual device associated with interface */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 992) struct net *net; /* netns for packet i/o */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 993) struct xfrm_if_parms p; /* interface parms */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 994)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 995) struct gro_cells gro_cells;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 996) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 997)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 998) struct xfrm_offload {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 999) /* Output sequence number for replay protection on offloading. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1000) struct {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1001) __u32 low;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1002) __u32 hi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1003) } seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1004)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1005) __u32 flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1006) #define SA_DELETE_REQ 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1007) #define CRYPTO_DONE 2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1008) #define CRYPTO_NEXT_DONE 4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1009) #define CRYPTO_FALLBACK 8
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1010) #define XFRM_GSO_SEGMENT 16
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1011) #define XFRM_GRO 32
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1012) #define XFRM_ESP_NO_TRAILER 64
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1013) #define XFRM_DEV_RESUME 128
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1014) #define XFRM_XMIT 256
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1015)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1016) __u32 status;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1017) #define CRYPTO_SUCCESS 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1018) #define CRYPTO_GENERIC_ERROR 2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1019) #define CRYPTO_TRANSPORT_AH_AUTH_FAILED 4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1020) #define CRYPTO_TRANSPORT_ESP_AUTH_FAILED 8
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1021) #define CRYPTO_TUNNEL_AH_AUTH_FAILED 16
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1022) #define CRYPTO_TUNNEL_ESP_AUTH_FAILED 32
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1023) #define CRYPTO_INVALID_PACKET_SYNTAX 64
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1024) #define CRYPTO_INVALID_PROTOCOL 128
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1025)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1026) __u8 proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1027) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1028)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1029) struct sec_path {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1030) int len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1031) int olen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1032)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1033) struct xfrm_state *xvec[XFRM_MAX_DEPTH];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1034) struct xfrm_offload ovec[XFRM_MAX_OFFLOAD_DEPTH];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1035) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1036)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1037) struct sec_path *secpath_set(struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1038)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1039) static inline void
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1040) secpath_reset(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1041) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1042) #ifdef CONFIG_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1043) skb_ext_del(skb, SKB_EXT_SEC_PATH);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1044) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1045) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1046)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1047) static inline int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1048) xfrm_addr_any(const xfrm_address_t *addr, unsigned short family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1049) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1050) switch (family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1051) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1052) return addr->a4 == 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1053) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1054) return ipv6_addr_any(&addr->in6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1055) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1056) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1057) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1058)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1059) static inline int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1060) __xfrm4_state_addr_cmp(const struct xfrm_tmpl *tmpl, const struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1061) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1062) return (tmpl->saddr.a4 &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1063) tmpl->saddr.a4 != x->props.saddr.a4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1064) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1065)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1066) static inline int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1067) __xfrm6_state_addr_cmp(const struct xfrm_tmpl *tmpl, const struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1068) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1069) return (!ipv6_addr_any((struct in6_addr*)&tmpl->saddr) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1070) !ipv6_addr_equal((struct in6_addr *)&tmpl->saddr, (struct in6_addr*)&x->props.saddr));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1071) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1072)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1073) static inline int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1074) xfrm_state_addr_cmp(const struct xfrm_tmpl *tmpl, const struct xfrm_state *x, unsigned short family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1075) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1076) switch (family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1077) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1078) return __xfrm4_state_addr_cmp(tmpl, x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1079) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1080) return __xfrm6_state_addr_cmp(tmpl, x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1081) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1082) return !0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1083) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1084)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1085) #ifdef CONFIG_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1086) int __xfrm_policy_check(struct sock *, int dir, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1087) unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1088)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1089) static inline int __xfrm_policy_check2(struct sock *sk, int dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1090) struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1091) unsigned int family, int reverse)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1092) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1093) struct net *net = dev_net(skb->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1094) int ndir = dir | (reverse ? XFRM_POLICY_MASK + 1 : 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1095)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1096) if (sk && sk->sk_policy[XFRM_POLICY_IN])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1097) return __xfrm_policy_check(sk, ndir, skb, family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1098)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1099) return (!net->xfrm.policy_count[dir] && !secpath_exists(skb)) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1100) (skb_dst(skb) && (skb_dst(skb)->flags & DST_NOPOLICY)) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1101) __xfrm_policy_check(sk, ndir, skb, family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1102) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1103)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1104) static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1105) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1106) return __xfrm_policy_check2(sk, dir, skb, family, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1107) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1108)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1109) static inline int xfrm4_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1110) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1111) return xfrm_policy_check(sk, dir, skb, AF_INET);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1112) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1113)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1114) static inline int xfrm6_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1115) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1116) return xfrm_policy_check(sk, dir, skb, AF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1117) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1118)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1119) static inline int xfrm4_policy_check_reverse(struct sock *sk, int dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1120) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1121) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1122) return __xfrm_policy_check2(sk, dir, skb, AF_INET, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1123) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1124)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1125) static inline int xfrm6_policy_check_reverse(struct sock *sk, int dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1126) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1127) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1128) return __xfrm_policy_check2(sk, dir, skb, AF_INET6, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1129) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1130)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1131) int __xfrm_decode_session(struct sk_buff *skb, struct flowi *fl,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1132) unsigned int family, int reverse);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1133)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1134) static inline int xfrm_decode_session(struct sk_buff *skb, struct flowi *fl,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1135) unsigned int family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1136) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1137) return __xfrm_decode_session(skb, fl, family, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1138) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1139)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1140) static inline int xfrm_decode_session_reverse(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1141) struct flowi *fl,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1142) unsigned int family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1143) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1144) return __xfrm_decode_session(skb, fl, family, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1145) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1146)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1147) int __xfrm_route_forward(struct sk_buff *skb, unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1148)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1149) static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1150) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1151) struct net *net = dev_net(skb->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1152)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1153) return !net->xfrm.policy_count[XFRM_POLICY_OUT] ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1154) (skb_dst(skb)->flags & DST_NOXFRM) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1155) __xfrm_route_forward(skb, family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1156) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1157)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1158) static inline int xfrm4_route_forward(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1159) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1160) return xfrm_route_forward(skb, AF_INET);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1161) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1162)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1163) static inline int xfrm6_route_forward(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1164) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1165) return xfrm_route_forward(skb, AF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1166) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1167)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1168) int __xfrm_sk_clone_policy(struct sock *sk, const struct sock *osk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1169)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1170) static inline int xfrm_sk_clone_policy(struct sock *sk, const struct sock *osk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1171) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1172) sk->sk_policy[0] = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1173) sk->sk_policy[1] = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1174) if (unlikely(osk->sk_policy[0] || osk->sk_policy[1]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1175) return __xfrm_sk_clone_policy(sk, osk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1176) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1177) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1178)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1179) int xfrm_policy_delete(struct xfrm_policy *pol, int dir);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1180)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1181) static inline void xfrm_sk_free_policy(struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1182) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1183) struct xfrm_policy *pol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1184)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1185) pol = rcu_dereference_protected(sk->sk_policy[0], 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1186) if (unlikely(pol != NULL)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1187) xfrm_policy_delete(pol, XFRM_POLICY_MAX);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1188) sk->sk_policy[0] = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1189) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1190) pol = rcu_dereference_protected(sk->sk_policy[1], 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1191) if (unlikely(pol != NULL)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1192) xfrm_policy_delete(pol, XFRM_POLICY_MAX+1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1193) sk->sk_policy[1] = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1194) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1195) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1196)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1197) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1198)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1199) static inline void xfrm_sk_free_policy(struct sock *sk) {}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1200) static inline int xfrm_sk_clone_policy(struct sock *sk, const struct sock *osk) { return 0; }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1201) static inline int xfrm6_route_forward(struct sk_buff *skb) { return 1; }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1202) static inline int xfrm4_route_forward(struct sk_buff *skb) { return 1; }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1203) static inline int xfrm6_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1204) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1205) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1206) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1207) static inline int xfrm4_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1208) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1209) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1210) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1211) static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1212) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1213) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1214) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1215) static inline int xfrm_decode_session_reverse(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1216) struct flowi *fl,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1217) unsigned int family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1218) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1219) return -ENOSYS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1220) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1221) static inline int xfrm4_policy_check_reverse(struct sock *sk, int dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1222) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1223) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1224) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1225) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1226) static inline int xfrm6_policy_check_reverse(struct sock *sk, int dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1227) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1228) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1229) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1230) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1231) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1232)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1233) static __inline__
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1234) xfrm_address_t *xfrm_flowi_daddr(const struct flowi *fl, unsigned short family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1235) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1236) switch (family){
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1237) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1238) return (xfrm_address_t *)&fl->u.ip4.daddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1239) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1240) return (xfrm_address_t *)&fl->u.ip6.daddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1241) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1242) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1243) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1244)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1245) static __inline__
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1246) xfrm_address_t *xfrm_flowi_saddr(const struct flowi *fl, unsigned short family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1247) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1248) switch (family){
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1249) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1250) return (xfrm_address_t *)&fl->u.ip4.saddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1251) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1252) return (xfrm_address_t *)&fl->u.ip6.saddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1253) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1254) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1255) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1256)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1257) static __inline__
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1258) void xfrm_flowi_addr_get(const struct flowi *fl,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1259) xfrm_address_t *saddr, xfrm_address_t *daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1260) unsigned short family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1261) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1262) switch(family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1263) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1264) memcpy(&saddr->a4, &fl->u.ip4.saddr, sizeof(saddr->a4));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1265) memcpy(&daddr->a4, &fl->u.ip4.daddr, sizeof(daddr->a4));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1266) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1267) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1268) saddr->in6 = fl->u.ip6.saddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1269) daddr->in6 = fl->u.ip6.daddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1270) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1271) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1272) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1273)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1274) static __inline__ int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1275) __xfrm4_state_addr_check(const struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1276) const xfrm_address_t *daddr, const xfrm_address_t *saddr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1277) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1278) if (daddr->a4 == x->id.daddr.a4 &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1279) (saddr->a4 == x->props.saddr.a4 || !saddr->a4 || !x->props.saddr.a4))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1280) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1281) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1282) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1283)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1284) static __inline__ int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1285) __xfrm6_state_addr_check(const struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1286) const xfrm_address_t *daddr, const xfrm_address_t *saddr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1287) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1288) if (ipv6_addr_equal((struct in6_addr *)daddr, (struct in6_addr *)&x->id.daddr) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1289) (ipv6_addr_equal((struct in6_addr *)saddr, (struct in6_addr *)&x->props.saddr) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1290) ipv6_addr_any((struct in6_addr *)saddr) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1291) ipv6_addr_any((struct in6_addr *)&x->props.saddr)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1292) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1293) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1294) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1295)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1296) static __inline__ int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1297) xfrm_state_addr_check(const struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1298) const xfrm_address_t *daddr, const xfrm_address_t *saddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1299) unsigned short family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1300) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1301) switch (family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1302) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1303) return __xfrm4_state_addr_check(x, daddr, saddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1304) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1305) return __xfrm6_state_addr_check(x, daddr, saddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1306) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1307) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1308) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1309)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1310) static __inline__ int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1311) xfrm_state_addr_flow_check(const struct xfrm_state *x, const struct flowi *fl,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1312) unsigned short family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1313) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1314) switch (family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1315) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1316) return __xfrm4_state_addr_check(x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1317) (const xfrm_address_t *)&fl->u.ip4.daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1318) (const xfrm_address_t *)&fl->u.ip4.saddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1319) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1320) return __xfrm6_state_addr_check(x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1321) (const xfrm_address_t *)&fl->u.ip6.daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1322) (const xfrm_address_t *)&fl->u.ip6.saddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1323) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1324) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1325) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1326)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1327) static inline int xfrm_state_kern(const struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1328) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1329) return atomic_read(&x->tunnel_users);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1330) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1331)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1332) static inline bool xfrm_id_proto_valid(u8 proto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1333) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1334) switch (proto) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1335) case IPPROTO_AH:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1336) case IPPROTO_ESP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1337) case IPPROTO_COMP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1338) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1339) case IPPROTO_ROUTING:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1340) case IPPROTO_DSTOPTS:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1341) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1342) return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1343) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1344) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1345) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1346) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1347)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1348) /* IPSEC_PROTO_ANY only matches 3 IPsec protocols, 0 could match all. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1349) static inline int xfrm_id_proto_match(u8 proto, u8 userproto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1350) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1351) return (!userproto || proto == userproto ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1352) (userproto == IPSEC_PROTO_ANY && (proto == IPPROTO_AH ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1353) proto == IPPROTO_ESP ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1354) proto == IPPROTO_COMP)));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1355) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1356)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1357) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1358) * xfrm algorithm information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1359) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1360) struct xfrm_algo_aead_info {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1361) char *geniv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1362) u16 icv_truncbits;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1363) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1364)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1365) struct xfrm_algo_auth_info {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1366) u16 icv_truncbits;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1367) u16 icv_fullbits;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1368) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1369)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1370) struct xfrm_algo_encr_info {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1371) char *geniv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1372) u16 blockbits;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1373) u16 defkeybits;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1374) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1375)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1376) struct xfrm_algo_comp_info {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1377) u16 threshold;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1378) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1379)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1380) struct xfrm_algo_desc {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1381) char *name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1382) char *compat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1383) u8 available:1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1384) u8 pfkey_supported:1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1385) union {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1386) struct xfrm_algo_aead_info aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1387) struct xfrm_algo_auth_info auth;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1388) struct xfrm_algo_encr_info encr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1389) struct xfrm_algo_comp_info comp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1390) } uinfo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1391) struct sadb_alg desc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1392) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1393)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1394) /* XFRM protocol handlers. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1395) struct xfrm4_protocol {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1396) int (*handler)(struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1397) int (*input_handler)(struct sk_buff *skb, int nexthdr, __be32 spi,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1398) int encap_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1399) int (*cb_handler)(struct sk_buff *skb, int err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1400) int (*err_handler)(struct sk_buff *skb, u32 info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1401)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1402) struct xfrm4_protocol __rcu *next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1403) int priority;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1404) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1405)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1406) struct xfrm6_protocol {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1407) int (*handler)(struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1408) int (*input_handler)(struct sk_buff *skb, int nexthdr, __be32 spi,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1409) int encap_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1410) int (*cb_handler)(struct sk_buff *skb, int err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1411) int (*err_handler)(struct sk_buff *skb, struct inet6_skb_parm *opt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1412) u8 type, u8 code, int offset, __be32 info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1413)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1414) struct xfrm6_protocol __rcu *next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1415) int priority;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1416) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1417)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1418) /* XFRM tunnel handlers. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1419) struct xfrm_tunnel {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1420) int (*handler)(struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1421) int (*cb_handler)(struct sk_buff *skb, int err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1422) int (*err_handler)(struct sk_buff *skb, u32 info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1423)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1424) struct xfrm_tunnel __rcu *next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1425) int priority;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1426) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1427)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1428) struct xfrm6_tunnel {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1429) int (*handler)(struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1430) int (*cb_handler)(struct sk_buff *skb, int err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1431) int (*err_handler)(struct sk_buff *skb, struct inet6_skb_parm *opt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1432) u8 type, u8 code, int offset, __be32 info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1433) struct xfrm6_tunnel __rcu *next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1434) int priority;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1435) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1436)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1437) void xfrm_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1438) void xfrm4_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1439) int xfrm_state_init(struct net *net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1440) void xfrm_state_fini(struct net *net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1441) void xfrm4_state_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1442) void xfrm4_protocol_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1443) #ifdef CONFIG_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1444) int xfrm6_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1445) void xfrm6_fini(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1446) int xfrm6_state_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1447) void xfrm6_state_fini(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1448) int xfrm6_protocol_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1449) void xfrm6_protocol_fini(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1450) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1451) static inline int xfrm6_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1452) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1453) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1454) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1455) static inline void xfrm6_fini(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1456) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1457) ;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1458) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1459) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1460)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1461) #ifdef CONFIG_XFRM_STATISTICS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1462) int xfrm_proc_init(struct net *net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1463) void xfrm_proc_fini(struct net *net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1464) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1465)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1466) int xfrm_sysctl_init(struct net *net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1467) #ifdef CONFIG_SYSCTL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1468) void xfrm_sysctl_fini(struct net *net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1469) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1470) static inline void xfrm_sysctl_fini(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1471) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1472) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1473) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1474)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1475) void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1476) struct xfrm_address_filter *filter);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1477) int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1478) int (*func)(struct xfrm_state *, int, void*), void *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1479) void xfrm_state_walk_done(struct xfrm_state_walk *walk, struct net *net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1480) struct xfrm_state *xfrm_state_alloc(struct net *net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1481) void xfrm_state_free(struct xfrm_state *x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1482) struct xfrm_state *xfrm_state_find(const xfrm_address_t *daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1483) const xfrm_address_t *saddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1484) const struct flowi *fl,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1485) struct xfrm_tmpl *tmpl,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1486) struct xfrm_policy *pol, int *err,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1487) unsigned short family, u32 if_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1488) struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark, u32 if_id,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1489) xfrm_address_t *daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1490) xfrm_address_t *saddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1491) unsigned short family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1492) u8 mode, u8 proto, u32 reqid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1493) struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1494) unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1495) int xfrm_state_check_expire(struct xfrm_state *x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1496) void xfrm_state_insert(struct xfrm_state *x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1497) int xfrm_state_add(struct xfrm_state *x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1498) int xfrm_state_update(struct xfrm_state *x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1499) struct xfrm_state *xfrm_state_lookup(struct net *net, u32 mark,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1500) const xfrm_address_t *daddr, __be32 spi,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1501) u8 proto, unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1502) struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, u32 mark,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1503) const xfrm_address_t *daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1504) const xfrm_address_t *saddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1505) u8 proto,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1506) unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1507) #ifdef CONFIG_XFRM_SUB_POLICY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1508) void xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1509) unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1510) void xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1511) unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1512) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1513) static inline void xfrm_tmpl_sort(struct xfrm_tmpl **d, struct xfrm_tmpl **s,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1514) int n, unsigned short family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1515) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1516) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1517)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1518) static inline void xfrm_state_sort(struct xfrm_state **d, struct xfrm_state **s,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1519) int n, unsigned short family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1520) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1521) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1522) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1523)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1524) struct xfrmk_sadinfo {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1525) u32 sadhcnt; /* current hash bkts */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1526) u32 sadhmcnt; /* max allowed hash bkts */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1527) u32 sadcnt; /* current running count */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1528) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1529)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1530) struct xfrmk_spdinfo {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1531) u32 incnt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1532) u32 outcnt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1533) u32 fwdcnt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1534) u32 inscnt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1535) u32 outscnt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1536) u32 fwdscnt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1537) u32 spdhcnt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1538) u32 spdhmcnt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1539) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1540)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1541) struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1542) int xfrm_state_delete(struct xfrm_state *x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1543) int xfrm_state_flush(struct net *net, u8 proto, bool task_valid, bool sync);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1544) int xfrm_dev_state_flush(struct net *net, struct net_device *dev, bool task_valid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1545) void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1546) void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1547) u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1548) int xfrm_init_replay(struct xfrm_state *x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1549) u32 xfrm_state_mtu(struct xfrm_state *x, int mtu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1550) int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1551) int xfrm_init_state(struct xfrm_state *x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1552) int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1553) int xfrm_input_resume(struct sk_buff *skb, int nexthdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1554) int xfrm_trans_queue_net(struct net *net, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1555) int (*finish)(struct net *, struct sock *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1556) struct sk_buff *));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1557) int xfrm_trans_queue(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1558) int (*finish)(struct net *, struct sock *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1559) struct sk_buff *));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1560) int xfrm_output_resume(struct sk_buff *skb, int err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1561) int xfrm_output(struct sock *sk, struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1562)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1563) int pktgen_xfrm_outer_mode_output(struct xfrm_state *x, struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1564)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1565) void xfrm_local_error(struct sk_buff *skb, int mtu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1566) int xfrm4_extract_input(struct xfrm_state *x, struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1567) int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1568) int encap_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1569) int xfrm4_transport_finish(struct sk_buff *skb, int async);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1570) int xfrm4_rcv(struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1571) int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1572)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1573) static inline int xfrm4_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1574) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1575) XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1576) XFRM_SPI_SKB_CB(skb)->family = AF_INET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1577) XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1578) return xfrm_input(skb, nexthdr, spi, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1579) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1580)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1581) int xfrm4_output(struct net *net, struct sock *sk, struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1582) int xfrm4_output_finish(struct sock *sk, struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1583) int xfrm4_protocol_register(struct xfrm4_protocol *handler, unsigned char protocol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1584) int xfrm4_protocol_deregister(struct xfrm4_protocol *handler, unsigned char protocol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1585) int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1586) int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1587) void xfrm4_local_error(struct sk_buff *skb, u32 mtu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1588) int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1589) int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1590) struct ip6_tnl *t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1591) int xfrm6_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1592) int encap_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1593) int xfrm6_transport_finish(struct sk_buff *skb, int async);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1594) int xfrm6_rcv_tnl(struct sk_buff *skb, struct ip6_tnl *t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1595) int xfrm6_rcv(struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1596) int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1597) xfrm_address_t *saddr, u8 proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1598) void xfrm6_local_error(struct sk_buff *skb, u32 mtu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1599) int xfrm6_protocol_register(struct xfrm6_protocol *handler, unsigned char protocol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1600) int xfrm6_protocol_deregister(struct xfrm6_protocol *handler, unsigned char protocol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1601) int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1602) int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1603) __be32 xfrm6_tunnel_alloc_spi(struct net *net, xfrm_address_t *saddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1604) __be32 xfrm6_tunnel_spi_lookup(struct net *net, const xfrm_address_t *saddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1605) int xfrm6_output(struct net *net, struct sock *sk, struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1606) int xfrm6_output_finish(struct sock *sk, struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1607) int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1608) u8 **prevhdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1609)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1610) #ifdef CONFIG_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1611) void xfrm6_local_rxpmtu(struct sk_buff *skb, u32 mtu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1612) int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1613) int xfrm6_udp_encap_rcv(struct sock *sk, struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1614) int xfrm_user_policy(struct sock *sk, int optname, sockptr_t optval,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1615) int optlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1616) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1617) static inline int xfrm_user_policy(struct sock *sk, int optname,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1618) sockptr_t optval, int optlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1619) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1620) return -ENOPROTOOPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1621) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1622) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1623)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1624) struct dst_entry *__xfrm_dst_lookup(struct net *net, int tos, int oif,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1625) const xfrm_address_t *saddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1626) const xfrm_address_t *daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1627) int family, u32 mark);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1628)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1629) struct xfrm_policy *xfrm_policy_alloc(struct net *net, gfp_t gfp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1630)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1631) void xfrm_policy_walk_init(struct xfrm_policy_walk *walk, u8 type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1632) int xfrm_policy_walk(struct net *net, struct xfrm_policy_walk *walk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1633) int (*func)(struct xfrm_policy *, int, int, void*),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1634) void *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1635) void xfrm_policy_walk_done(struct xfrm_policy_walk *walk, struct net *net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1636) int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1637) struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1638) const struct xfrm_mark *mark,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1639) u32 if_id, u8 type, int dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1640) struct xfrm_selector *sel,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1641) struct xfrm_sec_ctx *ctx, int delete,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1642) int *err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1643) struct xfrm_policy *xfrm_policy_byid(struct net *net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1644) const struct xfrm_mark *mark, u32 if_id,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1645) u8 type, int dir, u32 id, int delete,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1646) int *err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1647) int xfrm_policy_flush(struct net *net, u8 type, bool task_valid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1648) void xfrm_policy_hash_rebuild(struct net *net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1649) u32 xfrm_get_acqseq(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1650) int verify_spi_info(u8 proto, u32 min, u32 max);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1651) int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1652) struct xfrm_state *xfrm_find_acq(struct net *net, const struct xfrm_mark *mark,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1653) u8 mode, u32 reqid, u32 if_id, u8 proto,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1654) const xfrm_address_t *daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1655) const xfrm_address_t *saddr, int create,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1656) unsigned short family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1657) int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1658)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1659) #ifdef CONFIG_XFRM_MIGRATE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1660) int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1661) const struct xfrm_migrate *m, int num_bundles,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1662) const struct xfrm_kmaddress *k,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1663) const struct xfrm_encap_tmpl *encap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1664) struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1665) u32 if_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1666) struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1667) struct xfrm_migrate *m,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1668) struct xfrm_encap_tmpl *encap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1669) int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1670) struct xfrm_migrate *m, int num_bundles,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1671) struct xfrm_kmaddress *k, struct net *net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1672) struct xfrm_encap_tmpl *encap, u32 if_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1673) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1674)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1675) int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1676) void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 portid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1677) int km_report(struct net *net, u8 proto, struct xfrm_selector *sel,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1678) xfrm_address_t *addr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1679)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1680) void xfrm_input_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1681) int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1682)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1683) void xfrm_probe_algs(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1684) int xfrm_count_pfkey_auth_supported(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1685) int xfrm_count_pfkey_enc_supported(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1686) struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1687) struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1688) struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1689) struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1690) struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1691) struct xfrm_algo_desc *xfrm_aalg_get_byname(const char *name, int probe);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1692) struct xfrm_algo_desc *xfrm_ealg_get_byname(const char *name, int probe);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1693) struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1694) struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1695) int probe);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1696)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1697) static inline bool xfrm6_addr_equal(const xfrm_address_t *a,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1698) const xfrm_address_t *b)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1699) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1700) return ipv6_addr_equal((const struct in6_addr *)a,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1701) (const struct in6_addr *)b);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1702) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1703)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1704) static inline bool xfrm_addr_equal(const xfrm_address_t *a,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1705) const xfrm_address_t *b,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1706) sa_family_t family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1707) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1708) switch (family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1709) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1710) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1711) return ((__force u32)a->a4 ^ (__force u32)b->a4) == 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1712) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1713) return xfrm6_addr_equal(a, b);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1714) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1715) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1716)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1717) static inline int xfrm_policy_id2dir(u32 index)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1718) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1719) return index & 7;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1720) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1721)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1722) #ifdef CONFIG_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1723) static inline int xfrm_aevent_is_on(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1724) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1725) struct sock *nlsk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1726) int ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1727)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1728) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1729) nlsk = rcu_dereference(net->xfrm.nlsk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1730) if (nlsk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1731) ret = netlink_has_listeners(nlsk, XFRMNLGRP_AEVENTS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1732) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1733) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1734) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1735)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1736) static inline int xfrm_acquire_is_on(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1737) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1738) struct sock *nlsk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1739) int ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1740)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1741) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1742) nlsk = rcu_dereference(net->xfrm.nlsk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1743) if (nlsk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1744) ret = netlink_has_listeners(nlsk, XFRMNLGRP_ACQUIRE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1745) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1746)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1747) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1748) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1749) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1750)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1751) static inline unsigned int aead_len(struct xfrm_algo_aead *alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1752) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1753) return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1754) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1755)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1756) static inline unsigned int xfrm_alg_len(const struct xfrm_algo *alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1757) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1758) return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1759) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1760)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1761) static inline unsigned int xfrm_alg_auth_len(const struct xfrm_algo_auth *alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1762) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1763) return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1764) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1765)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1766) static inline unsigned int xfrm_replay_state_esn_len(struct xfrm_replay_state_esn *replay_esn)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1767) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1768) return sizeof(*replay_esn) + replay_esn->bmp_len * sizeof(__u32);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1769) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1770)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1771) #ifdef CONFIG_XFRM_MIGRATE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1772) static inline int xfrm_replay_clone(struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1773) struct xfrm_state *orig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1774) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1775)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1776) x->replay_esn = kmemdup(orig->replay_esn,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1777) xfrm_replay_state_esn_len(orig->replay_esn),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1778) GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1779) if (!x->replay_esn)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1780) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1781) x->preplay_esn = kmemdup(orig->preplay_esn,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1782) xfrm_replay_state_esn_len(orig->preplay_esn),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1783) GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1784) if (!x->preplay_esn)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1785) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1786)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1787) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1788) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1789)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1790) static inline struct xfrm_algo_aead *xfrm_algo_aead_clone(struct xfrm_algo_aead *orig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1791) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1792) return kmemdup(orig, aead_len(orig), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1793) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1794)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1795)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1796) static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1797) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1798) return kmemdup(orig, xfrm_alg_len(orig), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1799) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1800)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1801) static inline struct xfrm_algo_auth *xfrm_algo_auth_clone(struct xfrm_algo_auth *orig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1802) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1803) return kmemdup(orig, xfrm_alg_auth_len(orig), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1804) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1805)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1806) static inline void xfrm_states_put(struct xfrm_state **states, int n)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1807) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1808) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1809) for (i = 0; i < n; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1810) xfrm_state_put(*(states + i));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1811) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1812)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1813) static inline void xfrm_states_delete(struct xfrm_state **states, int n)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1814) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1815) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1816) for (i = 0; i < n; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1817) xfrm_state_delete(*(states + i));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1818) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1819) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1820)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1821) #ifdef CONFIG_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1822) static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1823) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1824) struct sec_path *sp = skb_sec_path(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1825)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1826) return sp->xvec[sp->len - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1827) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1828) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1829)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1830) static inline struct xfrm_offload *xfrm_offload(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1831) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1832) #ifdef CONFIG_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1833) struct sec_path *sp = skb_sec_path(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1834)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1835) if (!sp || !sp->olen || sp->len != sp->olen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1836) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1837)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1838) return &sp->ovec[sp->olen - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1839) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1840) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1841) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1842) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1843)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1844) void __init xfrm_dev_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1845)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1846) #ifdef CONFIG_XFRM_OFFLOAD
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1847) void xfrm_dev_resume(struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1848) void xfrm_dev_backlog(struct softnet_data *sd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1849) struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t features, bool *again);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1850) int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1851) struct xfrm_user_offload *xuo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1852) bool xfrm_dev_offload_ok(struct sk_buff *skb, struct xfrm_state *x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1853)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1854) static inline void xfrm_dev_state_advance_esn(struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1855) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1856) struct xfrm_state_offload *xso = &x->xso;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1857)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1858) if (xso->dev && xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1859) xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1860) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1861)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1862) static inline bool xfrm_dst_offload_ok(struct dst_entry *dst)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1863) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1864) struct xfrm_state *x = dst->xfrm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1865) struct xfrm_dst *xdst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1866)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1867) if (!x || !x->type_offload)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1868) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1869)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1870) xdst = (struct xfrm_dst *) dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1871) if (!x->xso.offload_handle && !xdst->child->xfrm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1872) return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1873) if (x->xso.offload_handle && (x->xso.dev == xfrm_dst_path(dst)->dev) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1874) !xdst->child->xfrm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1875) return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1876)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1877) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1878) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1879)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1880) static inline void xfrm_dev_state_delete(struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1881) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1882) struct xfrm_state_offload *xso = &x->xso;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1883)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1884) if (xso->dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1885) xso->dev->xfrmdev_ops->xdo_dev_state_delete(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1886) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1887)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1888) static inline void xfrm_dev_state_free(struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1889) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1890) struct xfrm_state_offload *xso = &x->xso;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1891) struct net_device *dev = xso->dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1892)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1893) if (dev && dev->xfrmdev_ops) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1894) if (dev->xfrmdev_ops->xdo_dev_state_free)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1895) dev->xfrmdev_ops->xdo_dev_state_free(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1896) xso->dev = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1897) dev_put(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1898) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1899) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1900) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1901) static inline void xfrm_dev_resume(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1902) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1903) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1904)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1905) static inline void xfrm_dev_backlog(struct softnet_data *sd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1906) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1907) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1908)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1909) static inline struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t features, bool *again)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1910) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1911) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1912) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1913)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1914) static inline int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, struct xfrm_user_offload *xuo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1915) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1916) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1917) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1918)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1919) static inline void xfrm_dev_state_delete(struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1920) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1921) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1922)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1923) static inline void xfrm_dev_state_free(struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1924) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1925) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1926)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1927) static inline bool xfrm_dev_offload_ok(struct sk_buff *skb, struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1928) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1929) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1930) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1931)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1932) static inline void xfrm_dev_state_advance_esn(struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1933) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1934) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1935)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1936) static inline bool xfrm_dst_offload_ok(struct dst_entry *dst)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1937) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1938) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1939) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1940) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1941)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1942) static inline int xfrm_mark_get(struct nlattr **attrs, struct xfrm_mark *m)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1943) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1944) if (attrs[XFRMA_MARK])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1945) memcpy(m, nla_data(attrs[XFRMA_MARK]), sizeof(struct xfrm_mark));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1946) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1947) m->v = m->m = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1948)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1949) return m->v & m->m;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1950) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1951)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1952) static inline int xfrm_mark_put(struct sk_buff *skb, const struct xfrm_mark *m)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1953) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1954) int ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1955)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1956) if (m->m | m->v)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1957) ret = nla_put(skb, XFRMA_MARK, sizeof(struct xfrm_mark), m);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1958) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1959) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1960)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1961) static inline __u32 xfrm_smark_get(__u32 mark, struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1962) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1963) struct xfrm_mark *m = &x->props.smark;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1964)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1965) return (m->v & m->m) | (mark & ~m->m);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1966) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1967)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1968) static inline int xfrm_if_id_put(struct sk_buff *skb, __u32 if_id)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1969) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1970) int ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1971)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1972) if (if_id)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1973) ret = nla_put_u32(skb, XFRMA_IF_ID, if_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1974) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1975) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1976)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1977) static inline int xfrm_tunnel_check(struct sk_buff *skb, struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1978) unsigned int family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1979) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1980) bool tunnel = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1981)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1982) switch(family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1983) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1984) if (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1985) tunnel = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1986) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1987) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1988) if (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1989) tunnel = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1990) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1991) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1992) if (tunnel && !(x->outer_mode.flags & XFRM_MODE_FLAG_TUNNEL))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1993) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1994)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1995) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1996) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1997)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1998) extern const int xfrm_msg_min[XFRM_NR_MSGTYPES];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1999) extern const struct nla_policy xfrma_policy[XFRMA_MAX+1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2000)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2001) struct xfrm_translator {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2002) /* Allocate frag_list and put compat translation there */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2003) int (*alloc_compat)(struct sk_buff *skb, const struct nlmsghdr *src);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2004)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2005) /* Allocate nlmsg with 64-bit translaton of received 32-bit message */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2006) struct nlmsghdr *(*rcv_msg_compat)(const struct nlmsghdr *nlh,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2007) int maxtype, const struct nla_policy *policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2008) struct netlink_ext_ack *extack);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2009)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2010) /* Translate 32-bit user_policy from sockptr */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2011) int (*xlate_user_policy_sockptr)(u8 **pdata32, int optlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2012)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2013) struct module *owner;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2014) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2015)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2016) #if IS_ENABLED(CONFIG_XFRM_USER_COMPAT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2017) extern int xfrm_register_translator(struct xfrm_translator *xtr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2018) extern int xfrm_unregister_translator(struct xfrm_translator *xtr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2019) extern struct xfrm_translator *xfrm_get_translator(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2020) extern void xfrm_put_translator(struct xfrm_translator *xtr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2021) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2022) static inline struct xfrm_translator *xfrm_get_translator(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2023) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2024) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2025) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2026) static inline void xfrm_put_translator(struct xfrm_translator *xtr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2027) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2028) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2029) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2030)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2031) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2032) static inline bool xfrm6_local_dontfrag(const struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2033) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2034) int proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2035)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2036) if (!sk || sk->sk_family != AF_INET6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2037) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2038)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2039) proto = sk->sk_protocol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2040) if (proto == IPPROTO_UDP || proto == IPPROTO_RAW)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2041) return inet6_sk(sk)->dontfrag;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2042)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2043) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2044) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2045) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2046) #endif /* _NET_XFRM_H */
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags