^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * net/key/af_key.c An implementation of PF_KEYv2 sockets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Authors: Maxim Giryaev <gem@asplinux.ru>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * David S. Miller <davem@redhat.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * Kazunori MIYAZAWA / USAGI Project <miyazawa@linux-ipv6.org>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) * Derek Atkins <derek@ihtfp.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <linux/capability.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <linux/socket.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <linux/pfkeyv2.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <linux/ipsec.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include <linux/skbuff.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <linux/rtnetlink.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include <linux/in.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #include <linux/in6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) #include <linux/proc_fs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #include <linux/init.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #include <net/net_namespace.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) #include <net/netns/generic.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) #include <net/xfrm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) #include <net/sock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) #define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) #define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) static unsigned int pfkey_net_id __read_mostly;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) struct netns_pfkey {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) /* List of all pfkey sockets. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) struct hlist_head table;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) atomic_t socks_nr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) static DEFINE_MUTEX(pfkey_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) #define DUMMY_MARK 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) static const struct xfrm_mark dummy_mark = {0, 0};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) struct pfkey_sock {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) /* struct sock must be the first member of struct pfkey_sock */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) struct sock sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) int registered;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) int promisc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) struct {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) uint8_t msg_version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) uint32_t msg_portid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) int (*dump)(struct pfkey_sock *sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) void (*done)(struct pfkey_sock *sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) union {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) struct xfrm_policy_walk policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) struct xfrm_state_walk state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) } u;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) struct sk_buff *skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) } dump;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) struct mutex dump_lock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) xfrm_address_t *saddr, xfrm_address_t *daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) u16 *family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) static inline struct pfkey_sock *pfkey_sk(struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) return (struct pfkey_sock *)sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) static int pfkey_can_dump(const struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) if (3 * atomic_read(&sk->sk_rmem_alloc) <= 2 * sk->sk_rcvbuf)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) static void pfkey_terminate_dump(struct pfkey_sock *pfk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) if (pfk->dump.dump) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) if (pfk->dump.skb) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) kfree_skb(pfk->dump.skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) pfk->dump.skb = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) pfk->dump.done(pfk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) pfk->dump.dump = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) pfk->dump.done = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) static void pfkey_sock_destruct(struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) struct net *net = sock_net(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) pfkey_terminate_dump(pfkey_sk(sk));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) skb_queue_purge(&sk->sk_receive_queue);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) if (!sock_flag(sk, SOCK_DEAD)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) pr_err("Attempt to release alive pfkey socket: %p\n", sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) WARN_ON(atomic_read(&sk->sk_rmem_alloc));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) WARN_ON(refcount_read(&sk->sk_wmem_alloc));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) atomic_dec(&net_pfkey->socks_nr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) static const struct proto_ops pfkey_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) static void pfkey_insert(struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) struct net *net = sock_net(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) mutex_lock(&pfkey_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) sk_add_node_rcu(sk, &net_pfkey->table);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) mutex_unlock(&pfkey_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) static void pfkey_remove(struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) mutex_lock(&pfkey_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) sk_del_node_init_rcu(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) mutex_unlock(&pfkey_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) static struct proto key_proto = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) .name = "KEY",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) .owner = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) .obj_size = sizeof(struct pfkey_sock),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) static int pfkey_create(struct net *net, struct socket *sock, int protocol,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) int kern)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) struct sock *sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) struct pfkey_sock *pfk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) return -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) if (sock->type != SOCK_RAW)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) return -ESOCKTNOSUPPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) if (protocol != PF_KEY_V2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) return -EPROTONOSUPPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) err = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) sk = sk_alloc(net, PF_KEY, GFP_KERNEL, &key_proto, kern);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) if (sk == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) pfk = pfkey_sk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) mutex_init(&pfk->dump_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) sock->ops = &pfkey_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) sock_init_data(sock, sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) sk->sk_family = PF_KEY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) sk->sk_destruct = pfkey_sock_destruct;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) atomic_inc(&net_pfkey->socks_nr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) pfkey_insert(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) static int pfkey_release(struct socket *sock)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) struct sock *sk = sock->sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) if (!sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) pfkey_remove(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) sock_orphan(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) sock->sk = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) skb_queue_purge(&sk->sk_write_queue);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) synchronize_rcu();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) sock_put(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) static int pfkey_broadcast_one(struct sk_buff *skb, gfp_t allocation,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) int err = -ENOBUFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) skb = skb_clone(skb, allocation);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) if (skb) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) skb_set_owner_r(skb, sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) skb_queue_tail(&sk->sk_receive_queue, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) sk->sk_data_ready(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) /* Send SKB to all pfkey sockets matching selected criteria. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) #define BROADCAST_ALL 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) #define BROADCAST_ONE 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) #define BROADCAST_REGISTERED 2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) #define BROADCAST_PROMISC_ONLY 4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) int broadcast_flags, struct sock *one_sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) struct sock *sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) int err = -ESRCH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) /* XXX Do we need something like netlink_overrun? I think
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) * XXX PF_KEY socket apps will not mind current behavior.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) if (!skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) sk_for_each_rcu(sk, &net_pfkey->table) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) struct pfkey_sock *pfk = pfkey_sk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) int err2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) /* Yes, it means that if you are meant to receive this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) * pfkey message you receive it twice as promiscuous
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) * socket.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) if (pfk->promisc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) pfkey_broadcast_one(skb, GFP_ATOMIC, sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) /* the exact target will be processed later */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) if (sk == one_sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) if (broadcast_flags != BROADCAST_ALL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) if (broadcast_flags & BROADCAST_PROMISC_ONLY)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) if ((broadcast_flags & BROADCAST_REGISTERED) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) !pfk->registered)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) if (broadcast_flags & BROADCAST_ONE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) err2 = pfkey_broadcast_one(skb, GFP_ATOMIC, sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) /* Error is cleared after successful sending to at least one
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) * registered KM */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) if ((broadcast_flags & BROADCAST_REGISTERED) && err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) err = err2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) if (one_sk != NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) err = pfkey_broadcast_one(skb, allocation, one_sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) static int pfkey_do_dump(struct pfkey_sock *pfk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) struct sadb_msg *hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) mutex_lock(&pfk->dump_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) if (!pfk->dump.dump) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) rc = pfk->dump.dump(pfk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) if (rc == -ENOBUFS) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) if (pfk->dump.skb) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) if (!pfkey_can_dump(&pfk->sk)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) hdr = (struct sadb_msg *) pfk->dump.skb->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) hdr->sadb_msg_seq = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) hdr->sadb_msg_errno = rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) &pfk->sk, sock_net(&pfk->sk));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) pfk->dump.skb = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) pfkey_terminate_dump(pfk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) mutex_unlock(&pfk->dump_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) static inline void pfkey_hdr_dup(struct sadb_msg *new,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) const struct sadb_msg *orig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) *new = *orig;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) static int pfkey_error(const struct sadb_msg *orig, int err, struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) struct sk_buff *skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) struct sadb_msg *hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) if (!skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) return -ENOBUFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) /* Woe be to the platform trying to support PFKEY yet
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) * having normal errnos outside the 1-255 range, inclusive.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) err = -err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) if (err == ERESTARTSYS ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) err == ERESTARTNOHAND ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) err == ERESTARTNOINTR)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) err = EINTR;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) if (err >= 512)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) err = EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) BUG_ON(err <= 0 || err >= 256);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) hdr = skb_put(skb, sizeof(struct sadb_msg));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) pfkey_hdr_dup(hdr, orig);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) hdr->sadb_msg_errno = (uint8_t) err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) hdr->sadb_msg_len = (sizeof(struct sadb_msg) /
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) sizeof(uint64_t));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ONE, sk, sock_net(sk));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) static const u8 sadb_ext_min_len[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) [SADB_EXT_RESERVED] = (u8) 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) [SADB_EXT_SA] = (u8) sizeof(struct sadb_sa),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) [SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) [SADB_EXT_LIFETIME_HARD] = (u8) sizeof(struct sadb_lifetime),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) [SADB_EXT_LIFETIME_SOFT] = (u8) sizeof(struct sadb_lifetime),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) [SADB_EXT_ADDRESS_SRC] = (u8) sizeof(struct sadb_address),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) [SADB_EXT_ADDRESS_DST] = (u8) sizeof(struct sadb_address),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) [SADB_EXT_ADDRESS_PROXY] = (u8) sizeof(struct sadb_address),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) [SADB_EXT_KEY_AUTH] = (u8) sizeof(struct sadb_key),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) [SADB_EXT_KEY_ENCRYPT] = (u8) sizeof(struct sadb_key),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) [SADB_EXT_IDENTITY_SRC] = (u8) sizeof(struct sadb_ident),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) [SADB_EXT_IDENTITY_DST] = (u8) sizeof(struct sadb_ident),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) [SADB_EXT_SENSITIVITY] = (u8) sizeof(struct sadb_sens),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) [SADB_EXT_PROPOSAL] = (u8) sizeof(struct sadb_prop),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) [SADB_EXT_SUPPORTED_AUTH] = (u8) sizeof(struct sadb_supported),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) [SADB_EXT_SUPPORTED_ENCRYPT] = (u8) sizeof(struct sadb_supported),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) [SADB_EXT_SPIRANGE] = (u8) sizeof(struct sadb_spirange),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) [SADB_X_EXT_KMPRIVATE] = (u8) sizeof(struct sadb_x_kmprivate),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) [SADB_X_EXT_POLICY] = (u8) sizeof(struct sadb_x_policy),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) [SADB_X_EXT_SA2] = (u8) sizeof(struct sadb_x_sa2),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) [SADB_X_EXT_NAT_T_TYPE] = (u8) sizeof(struct sadb_x_nat_t_type),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) [SADB_X_EXT_NAT_T_SPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) [SADB_X_EXT_NAT_T_DPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) [SADB_X_EXT_NAT_T_OA] = (u8) sizeof(struct sadb_address),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) [SADB_X_EXT_SEC_CTX] = (u8) sizeof(struct sadb_x_sec_ctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) [SADB_X_EXT_KMADDRESS] = (u8) sizeof(struct sadb_x_kmaddress),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) [SADB_X_EXT_FILTER] = (u8) sizeof(struct sadb_x_filter),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) /* Verify sadb_address_{len,prefixlen} against sa_family. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) static int verify_address_len(const void *p)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) const struct sadb_address *sp = p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) const struct sockaddr *addr = (const struct sockaddr *)(sp + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) const struct sockaddr_in *sin;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) const struct sockaddr_in6 *sin6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) int len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) if (sp->sadb_address_len <
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) DIV_ROUND_UP(sizeof(*sp) + offsetofend(typeof(*addr), sa_family),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) sizeof(uint64_t)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) switch (addr->sa_family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin), sizeof(uint64_t));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) if (sp->sadb_address_len != len ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) sp->sadb_address_prefixlen > 32)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin6), sizeof(uint64_t));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) if (sp->sadb_address_len != len ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) sp->sadb_address_prefixlen > 128)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) /* It is user using kernel to keep track of security
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) * associations for another protocol, such as
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) * OSPF/RSVP/RIPV2/MIP. It is user's job to verify
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) * lengths.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) * XXX Actually, association/policy database is not yet
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) * XXX able to cope with arbitrary sockaddr families.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) * XXX When it can, remove this -EINVAL. -DaveM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) static inline int sadb_key_len(const struct sadb_key *key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) int key_bytes = DIV_ROUND_UP(key->sadb_key_bits, 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) return DIV_ROUND_UP(sizeof(struct sadb_key) + key_bytes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) sizeof(uint64_t));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) static int verify_key_len(const void *p)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) const struct sadb_key *key = p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) if (sadb_key_len(key) > key->sadb_key_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) static inline int pfkey_sec_ctx_len(const struct sadb_x_sec_ctx *sec_ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) return DIV_ROUND_UP(sizeof(struct sadb_x_sec_ctx) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) sec_ctx->sadb_x_ctx_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) sizeof(uint64_t));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) static inline int verify_sec_ctx_len(const void *p)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) const struct sadb_x_sec_ctx *sec_ctx = p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) int len = sec_ctx->sadb_x_ctx_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) if (len > PAGE_SIZE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) len = pfkey_sec_ctx_len(sec_ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) if (sec_ctx->sadb_x_sec_len != len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(const struct sadb_x_sec_ctx *sec_ctx,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) gfp_t gfp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) struct xfrm_user_sec_ctx *uctx = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) int ctx_size = sec_ctx->sadb_x_ctx_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) uctx = kmalloc((sizeof(*uctx)+ctx_size), gfp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) if (!uctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) uctx->len = pfkey_sec_ctx_len(sec_ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) uctx->exttype = sec_ctx->sadb_x_sec_exttype;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) uctx->ctx_doi = sec_ctx->sadb_x_ctx_doi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) uctx->ctx_alg = sec_ctx->sadb_x_ctx_alg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) uctx->ctx_len = sec_ctx->sadb_x_ctx_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) memcpy(uctx + 1, sec_ctx + 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) uctx->ctx_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) return uctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) static int present_and_same_family(const struct sadb_address *src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) const struct sadb_address *dst)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) const struct sockaddr *s_addr, *d_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) if (!src || !dst)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) s_addr = (const struct sockaddr *)(src + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) d_addr = (const struct sockaddr *)(dst + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) if (s_addr->sa_family != d_addr->sa_family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) if (s_addr->sa_family != AF_INET
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) && s_addr->sa_family != AF_INET6
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) )
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) static int parse_exthdrs(struct sk_buff *skb, const struct sadb_msg *hdr, void **ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) const char *p = (char *) hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) int len = skb->len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) len -= sizeof(*hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) p += sizeof(*hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) while (len > 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) const struct sadb_ext *ehdr = (const struct sadb_ext *) p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) uint16_t ext_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) int ext_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) if (len < sizeof(*ehdr))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) ext_len = ehdr->sadb_ext_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) ext_len *= sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) ext_type = ehdr->sadb_ext_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) if (ext_len < sizeof(uint64_t) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) ext_len > len ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) ext_type == SADB_EXT_RESERVED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) if (ext_type <= SADB_EXT_MAX) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) int min = (int) sadb_ext_min_len[ext_type];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) if (ext_len < min)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) if (ext_hdrs[ext_type-1] != NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) switch (ext_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) case SADB_EXT_ADDRESS_SRC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) case SADB_EXT_ADDRESS_DST:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) case SADB_EXT_ADDRESS_PROXY:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) case SADB_X_EXT_NAT_T_OA:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) if (verify_address_len(p))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) case SADB_X_EXT_SEC_CTX:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) if (verify_sec_ctx_len(p))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) case SADB_EXT_KEY_AUTH:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) case SADB_EXT_KEY_ENCRYPT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) if (verify_key_len(p))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560) ext_hdrs[ext_type-1] = (void *) p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) p += ext_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) len -= ext_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) static uint16_t
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) pfkey_satype2proto(uint8_t satype)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) switch (satype) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) case SADB_SATYPE_UNSPEC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) return IPSEC_PROTO_ANY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) case SADB_SATYPE_AH:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) return IPPROTO_AH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) case SADB_SATYPE_ESP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) return IPPROTO_ESP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) case SADB_X_SATYPE_IPCOMP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) return IPPROTO_COMP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) /* NOTREACHED */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) static uint8_t
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) pfkey_proto2satype(uint16_t proto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) switch (proto) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591) case IPPROTO_AH:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) return SADB_SATYPE_AH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593) case IPPROTO_ESP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) return SADB_SATYPE_ESP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) case IPPROTO_COMP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) return SADB_X_SATYPE_IPCOMP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) /* NOTREACHED */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) /* BTW, this scheme means that there is no way with PFKEY2 sockets to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) * say specifically 'just raw sockets' as we encode them as 255.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) static uint8_t pfkey_proto_to_xfrm(uint8_t proto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609) return proto == IPSEC_PROTO_ANY ? 0 : proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) static uint8_t pfkey_proto_from_xfrm(uint8_t proto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614) return proto ? proto : IPSEC_PROTO_ANY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) static inline int pfkey_sockaddr_len(sa_family_t family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619) switch (family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621) return sizeof(struct sockaddr_in);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624) return sizeof(struct sockaddr_in6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) static
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631) int pfkey_sockaddr_extract(const struct sockaddr *sa, xfrm_address_t *xaddr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633) switch (sa->sa_family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) xaddr->a4 =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) ((struct sockaddr_in *)sa)->sin_addr.s_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637) return AF_INET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) memcpy(xaddr->a6,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641) &((struct sockaddr_in6 *)sa)->sin6_addr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642) sizeof(struct in6_addr));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) return AF_INET6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) static
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650) int pfkey_sadb_addr2xfrm_addr(const struct sadb_address *addr, xfrm_address_t *xaddr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) return pfkey_sockaddr_extract((struct sockaddr *)(addr + 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) xaddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656) static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) const struct sadb_sa *sa;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659) const struct sadb_address *addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) uint16_t proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) unsigned short family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662) xfrm_address_t *xaddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664) sa = ext_hdrs[SADB_EXT_SA - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665) if (sa == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668) proto = pfkey_satype2proto(hdr->sadb_msg_satype);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669) if (proto == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672) /* sadb_address_len should be checked by caller */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673) addr = ext_hdrs[SADB_EXT_ADDRESS_DST - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674) if (addr == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677) family = ((const struct sockaddr *)(addr + 1))->sa_family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678) switch (family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680) xaddr = (xfrm_address_t *)&((const struct sockaddr_in *)(addr + 1))->sin_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 683) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 684) xaddr = (xfrm_address_t *)&((const struct sockaddr_in6 *)(addr + 1))->sin6_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 685) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 686) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 687) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 688) xaddr = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 689) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 690)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 691) if (!xaddr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 692) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 693)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 694) return xfrm_state_lookup(net, DUMMY_MARK, xaddr, sa->sadb_sa_spi, proto, family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 695) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 696)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 697) #define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 698)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 699) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 700) pfkey_sockaddr_size(sa_family_t family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 701) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 702) return PFKEY_ALIGN8(pfkey_sockaddr_len(family));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 703) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 704)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 705) static inline int pfkey_mode_from_xfrm(int mode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 706) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 707) switch(mode) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 708) case XFRM_MODE_TRANSPORT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 709) return IPSEC_MODE_TRANSPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 710) case XFRM_MODE_TUNNEL:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 711) return IPSEC_MODE_TUNNEL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 712) case XFRM_MODE_BEET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 713) return IPSEC_MODE_BEET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 714) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 715) return -1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 716) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 717) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 718)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 719) static inline int pfkey_mode_to_xfrm(int mode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 720) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 721) switch(mode) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 722) case IPSEC_MODE_ANY: /*XXX*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 723) case IPSEC_MODE_TRANSPORT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 724) return XFRM_MODE_TRANSPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 725) case IPSEC_MODE_TUNNEL:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 726) return XFRM_MODE_TUNNEL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 727) case IPSEC_MODE_BEET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 728) return XFRM_MODE_BEET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 729) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 730) return -1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 731) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 732) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 733)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 734) static unsigned int pfkey_sockaddr_fill(const xfrm_address_t *xaddr, __be16 port,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 735) struct sockaddr *sa,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 736) unsigned short family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 737) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 738) switch (family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 739) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 740) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 741) struct sockaddr_in *sin = (struct sockaddr_in *)sa;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 742) sin->sin_family = AF_INET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 743) sin->sin_port = port;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 744) sin->sin_addr.s_addr = xaddr->a4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 745) memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 746) return 32;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 747) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 748) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 749) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 750) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 751) struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 752) sin6->sin6_family = AF_INET6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 753) sin6->sin6_port = port;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 754) sin6->sin6_flowinfo = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 755) sin6->sin6_addr = xaddr->in6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 756) sin6->sin6_scope_id = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 757) return 128;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 758) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 759) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 760) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 761) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 762) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 763)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 764) static struct sk_buff *__pfkey_xfrm_state2msg(const struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 765) int add_keys, int hsc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 766) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 767) struct sk_buff *skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 768) struct sadb_msg *hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 769) struct sadb_sa *sa;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 770) struct sadb_lifetime *lifetime;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 771) struct sadb_address *addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 772) struct sadb_key *key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 773) struct sadb_x_sa2 *sa2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 774) struct sadb_x_sec_ctx *sec_ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 775) struct xfrm_sec_ctx *xfrm_ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 776) int ctx_size = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 777) int size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 778) int auth_key_size = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 779) int encrypt_key_size = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 780) int sockaddr_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 781) struct xfrm_encap_tmpl *natt = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 782) int mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 783)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 784) /* address family check */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 785) sockaddr_size = pfkey_sockaddr_size(x->props.family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 786) if (!sockaddr_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 787) return ERR_PTR(-EINVAL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 788)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 789) /* base, SA, (lifetime (HSC),) address(SD), (address(P),)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 790) key(AE), (identity(SD),) (sensitivity)> */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 791) size = sizeof(struct sadb_msg) +sizeof(struct sadb_sa) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 792) sizeof(struct sadb_lifetime) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 793) ((hsc & 1) ? sizeof(struct sadb_lifetime) : 0) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 794) ((hsc & 2) ? sizeof(struct sadb_lifetime) : 0) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 795) sizeof(struct sadb_address)*2 +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 796) sockaddr_size*2 +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 797) sizeof(struct sadb_x_sa2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 798)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 799) if ((xfrm_ctx = x->security)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 800) ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 801) size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 802) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 803)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 804) /* identity & sensitivity */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 805) if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, x->props.family))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 806) size += sizeof(struct sadb_address) + sockaddr_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 807)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 808) if (add_keys) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 809) if (x->aalg && x->aalg->alg_key_len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 810) auth_key_size =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 811) PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 812) size += sizeof(struct sadb_key) + auth_key_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 813) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 814) if (x->ealg && x->ealg->alg_key_len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 815) encrypt_key_size =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 816) PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 817) size += sizeof(struct sadb_key) + encrypt_key_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 818) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 819) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 820) if (x->encap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 821) natt = x->encap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 822)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 823) if (natt && natt->encap_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 824) size += sizeof(struct sadb_x_nat_t_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 825) size += sizeof(struct sadb_x_nat_t_port);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 826) size += sizeof(struct sadb_x_nat_t_port);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 827) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 828)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 829) skb = alloc_skb(size + 16, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 830) if (skb == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 831) return ERR_PTR(-ENOBUFS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 832)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 833) /* call should fill header later */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 834) hdr = skb_put(skb, sizeof(struct sadb_msg));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 835) memset(hdr, 0, size); /* XXX do we need this ? */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 836) hdr->sadb_msg_len = size / sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 837)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 838) /* sa */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 839) sa = skb_put(skb, sizeof(struct sadb_sa));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 840) sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 841) sa->sadb_sa_exttype = SADB_EXT_SA;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 842) sa->sadb_sa_spi = x->id.spi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 843) sa->sadb_sa_replay = x->props.replay_window;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 844) switch (x->km.state) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 845) case XFRM_STATE_VALID:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 846) sa->sadb_sa_state = x->km.dying ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 847) SADB_SASTATE_DYING : SADB_SASTATE_MATURE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 848) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 849) case XFRM_STATE_ACQ:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 850) sa->sadb_sa_state = SADB_SASTATE_LARVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 851) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 852) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 853) sa->sadb_sa_state = SADB_SASTATE_DEAD;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 854) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 855) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 856) sa->sadb_sa_auth = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 857) if (x->aalg) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 858) struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 859) sa->sadb_sa_auth = (a && a->pfkey_supported) ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 860) a->desc.sadb_alg_id : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 861) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 862) sa->sadb_sa_encrypt = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 863) BUG_ON(x->ealg && x->calg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 864) if (x->ealg) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 865) struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 866) sa->sadb_sa_encrypt = (a && a->pfkey_supported) ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 867) a->desc.sadb_alg_id : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 868) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 869) /* KAME compatible: sadb_sa_encrypt is overloaded with calg id */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 870) if (x->calg) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 871) struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 872) sa->sadb_sa_encrypt = (a && a->pfkey_supported) ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 873) a->desc.sadb_alg_id : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 874) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 875)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 876) sa->sadb_sa_flags = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 877) if (x->props.flags & XFRM_STATE_NOECN)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 878) sa->sadb_sa_flags |= SADB_SAFLAGS_NOECN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 879) if (x->props.flags & XFRM_STATE_DECAP_DSCP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 880) sa->sadb_sa_flags |= SADB_SAFLAGS_DECAP_DSCP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 881) if (x->props.flags & XFRM_STATE_NOPMTUDISC)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 882) sa->sadb_sa_flags |= SADB_SAFLAGS_NOPMTUDISC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 883)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 884) /* hard time */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 885) if (hsc & 2) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 886) lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 887) lifetime->sadb_lifetime_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 888) sizeof(struct sadb_lifetime)/sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 889) lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 890) lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.hard_packet_limit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 891) lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.hard_byte_limit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 892) lifetime->sadb_lifetime_addtime = x->lft.hard_add_expires_seconds;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 893) lifetime->sadb_lifetime_usetime = x->lft.hard_use_expires_seconds;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 894) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 895) /* soft time */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 896) if (hsc & 1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 897) lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 898) lifetime->sadb_lifetime_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 899) sizeof(struct sadb_lifetime)/sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 900) lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 901) lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.soft_packet_limit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 902) lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.soft_byte_limit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 903) lifetime->sadb_lifetime_addtime = x->lft.soft_add_expires_seconds;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 904) lifetime->sadb_lifetime_usetime = x->lft.soft_use_expires_seconds;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 905) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 906) /* current time */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 907) lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 908) lifetime->sadb_lifetime_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 909) sizeof(struct sadb_lifetime)/sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 910) lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 911) lifetime->sadb_lifetime_allocations = x->curlft.packets;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 912) lifetime->sadb_lifetime_bytes = x->curlft.bytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 913) lifetime->sadb_lifetime_addtime = x->curlft.add_time;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 914) lifetime->sadb_lifetime_usetime = x->curlft.use_time;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 915) /* src address */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 916) addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 917) addr->sadb_address_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 918) (sizeof(struct sadb_address)+sockaddr_size)/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 919) sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 920) addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 921) /* "if the ports are non-zero, then the sadb_address_proto field,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 922) normally zero, MUST be filled in with the transport
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 923) protocol's number." - RFC2367 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 924) addr->sadb_address_proto = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 925) addr->sadb_address_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 926)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 927) addr->sadb_address_prefixlen =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 928) pfkey_sockaddr_fill(&x->props.saddr, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 929) (struct sockaddr *) (addr + 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 930) x->props.family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 931) BUG_ON(!addr->sadb_address_prefixlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 932)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 933) /* dst address */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 934) addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 935) addr->sadb_address_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 936) (sizeof(struct sadb_address)+sockaddr_size)/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 937) sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 938) addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 939) addr->sadb_address_proto = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 940) addr->sadb_address_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 941)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 942) addr->sadb_address_prefixlen =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 943) pfkey_sockaddr_fill(&x->id.daddr, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 944) (struct sockaddr *) (addr + 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 945) x->props.family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 946) BUG_ON(!addr->sadb_address_prefixlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 947)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 948) if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 949) x->props.family)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 950) addr = skb_put(skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 951) sizeof(struct sadb_address) + sockaddr_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 952) addr->sadb_address_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 953) (sizeof(struct sadb_address)+sockaddr_size)/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 954) sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 955) addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 956) addr->sadb_address_proto =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 957) pfkey_proto_from_xfrm(x->sel.proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 958) addr->sadb_address_prefixlen = x->sel.prefixlen_s;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 959) addr->sadb_address_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 960)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 961) pfkey_sockaddr_fill(&x->sel.saddr, x->sel.sport,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 962) (struct sockaddr *) (addr + 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 963) x->props.family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 964) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 965)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 966) /* auth key */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 967) if (add_keys && auth_key_size) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 968) key = skb_put(skb, sizeof(struct sadb_key) + auth_key_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 969) key->sadb_key_len = (sizeof(struct sadb_key) + auth_key_size) /
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 970) sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 971) key->sadb_key_exttype = SADB_EXT_KEY_AUTH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 972) key->sadb_key_bits = x->aalg->alg_key_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 973) key->sadb_key_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 974) memcpy(key + 1, x->aalg->alg_key, (x->aalg->alg_key_len+7)/8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 975) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 976) /* encrypt key */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 977) if (add_keys && encrypt_key_size) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 978) key = skb_put(skb, sizeof(struct sadb_key) + encrypt_key_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 979) key->sadb_key_len = (sizeof(struct sadb_key) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 980) encrypt_key_size) / sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 981) key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 982) key->sadb_key_bits = x->ealg->alg_key_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 983) key->sadb_key_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 984) memcpy(key + 1, x->ealg->alg_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 985) (x->ealg->alg_key_len+7)/8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 986) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 987)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 988) /* sa */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 989) sa2 = skb_put(skb, sizeof(struct sadb_x_sa2));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 990) sa2->sadb_x_sa2_len = sizeof(struct sadb_x_sa2)/sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 991) sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 992) if ((mode = pfkey_mode_from_xfrm(x->props.mode)) < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 993) kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 994) return ERR_PTR(-EINVAL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 995) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 996) sa2->sadb_x_sa2_mode = mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 997) sa2->sadb_x_sa2_reserved1 = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 998) sa2->sadb_x_sa2_reserved2 = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 999) sa2->sadb_x_sa2_sequence = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1000) sa2->sadb_x_sa2_reqid = x->props.reqid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1001)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1002) if (natt && natt->encap_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1003) struct sadb_x_nat_t_type *n_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1004) struct sadb_x_nat_t_port *n_port;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1005)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1006) /* type */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1007) n_type = skb_put(skb, sizeof(*n_type));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1008) n_type->sadb_x_nat_t_type_len = sizeof(*n_type)/sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1009) n_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1010) n_type->sadb_x_nat_t_type_type = natt->encap_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1011) n_type->sadb_x_nat_t_type_reserved[0] = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1012) n_type->sadb_x_nat_t_type_reserved[1] = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1013) n_type->sadb_x_nat_t_type_reserved[2] = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1014)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1015) /* source port */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1016) n_port = skb_put(skb, sizeof(*n_port));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1017) n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1018) n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1019) n_port->sadb_x_nat_t_port_port = natt->encap_sport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1020) n_port->sadb_x_nat_t_port_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1021)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1022) /* dest port */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1023) n_port = skb_put(skb, sizeof(*n_port));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1024) n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1025) n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1026) n_port->sadb_x_nat_t_port_port = natt->encap_dport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1027) n_port->sadb_x_nat_t_port_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1028) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1029)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1030) /* security context */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1031) if (xfrm_ctx) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1032) sec_ctx = skb_put(skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1033) sizeof(struct sadb_x_sec_ctx) + ctx_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1034) sec_ctx->sadb_x_sec_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1035) (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1036) sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1037) sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1038) sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1039) sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1040) memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1041) xfrm_ctx->ctx_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1042) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1043)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1044) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1045) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1046)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1047)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1048) static inline struct sk_buff *pfkey_xfrm_state2msg(const struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1049) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1050) struct sk_buff *skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1051)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1052) skb = __pfkey_xfrm_state2msg(x, 1, 3);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1053)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1054) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1055) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1056)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1057) static inline struct sk_buff *pfkey_xfrm_state2msg_expire(const struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1058) int hsc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1059) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1060) return __pfkey_xfrm_state2msg(x, 0, hsc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1061) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1062)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1063) static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1064) const struct sadb_msg *hdr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1065) void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1066) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1067) struct xfrm_state *x;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1068) const struct sadb_lifetime *lifetime;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1069) const struct sadb_sa *sa;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1070) const struct sadb_key *key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1071) const struct sadb_x_sec_ctx *sec_ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1072) uint16_t proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1073) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1074)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1075)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1076) sa = ext_hdrs[SADB_EXT_SA - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1077) if (!sa ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1078) !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1079) ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1080) return ERR_PTR(-EINVAL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1081) if (hdr->sadb_msg_satype == SADB_SATYPE_ESP &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1082) !ext_hdrs[SADB_EXT_KEY_ENCRYPT-1])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1083) return ERR_PTR(-EINVAL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1084) if (hdr->sadb_msg_satype == SADB_SATYPE_AH &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1085) !ext_hdrs[SADB_EXT_KEY_AUTH-1])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1086) return ERR_PTR(-EINVAL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1087) if (!!ext_hdrs[SADB_EXT_LIFETIME_HARD-1] !=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1088) !!ext_hdrs[SADB_EXT_LIFETIME_SOFT-1])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1089) return ERR_PTR(-EINVAL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1090)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1091) proto = pfkey_satype2proto(hdr->sadb_msg_satype);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1092) if (proto == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1093) return ERR_PTR(-EINVAL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1094)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1095) /* default error is no buffer space */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1096) err = -ENOBUFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1097)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1098) /* RFC2367:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1099)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1100) Only SADB_SASTATE_MATURE SAs may be submitted in an SADB_ADD message.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1101) SADB_SASTATE_LARVAL SAs are created by SADB_GETSPI and it is not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1102) sensible to add a new SA in the DYING or SADB_SASTATE_DEAD state.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1103) Therefore, the sadb_sa_state field of all submitted SAs MUST be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1104) SADB_SASTATE_MATURE and the kernel MUST return an error if this is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1105) not true.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1106)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1107) However, KAME setkey always uses SADB_SASTATE_LARVAL.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1108) Hence, we have to _ignore_ sadb_sa_state, which is also reasonable.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1109) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1110) if (sa->sadb_sa_auth > SADB_AALG_MAX ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1111) (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1112) sa->sadb_sa_encrypt > SADB_X_CALG_MAX) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1113) sa->sadb_sa_encrypt > SADB_EALG_MAX)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1114) return ERR_PTR(-EINVAL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1115) key = ext_hdrs[SADB_EXT_KEY_AUTH - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1116) if (key != NULL &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1117) sa->sadb_sa_auth != SADB_X_AALG_NULL &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1118) key->sadb_key_bits == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1119) return ERR_PTR(-EINVAL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1120) key = ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1121) if (key != NULL &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1122) sa->sadb_sa_encrypt != SADB_EALG_NULL &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1123) key->sadb_key_bits == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1124) return ERR_PTR(-EINVAL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1125)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1126) x = xfrm_state_alloc(net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1127) if (x == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1128) return ERR_PTR(-ENOBUFS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1129)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1130) x->id.proto = proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1131) x->id.spi = sa->sadb_sa_spi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1132) x->props.replay_window = min_t(unsigned int, sa->sadb_sa_replay,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1133) (sizeof(x->replay.bitmap) * 8));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1134) if (sa->sadb_sa_flags & SADB_SAFLAGS_NOECN)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1135) x->props.flags |= XFRM_STATE_NOECN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1136) if (sa->sadb_sa_flags & SADB_SAFLAGS_DECAP_DSCP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1137) x->props.flags |= XFRM_STATE_DECAP_DSCP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1138) if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1139) x->props.flags |= XFRM_STATE_NOPMTUDISC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1140)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1141) lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1142) if (lifetime != NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1143) x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1144) x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1145) x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1146) x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1147) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1148) lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1149) if (lifetime != NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1150) x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1151) x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1152) x->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1153) x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1154) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1155)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1156) sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1157) if (sec_ctx != NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1158) struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1159)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1160) if (!uctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1161) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1162)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1163) err = security_xfrm_state_alloc(x, uctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1164) kfree(uctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1165)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1166) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1167) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1168) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1169)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1170) err = -ENOBUFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1171) key = ext_hdrs[SADB_EXT_KEY_AUTH - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1172) if (sa->sadb_sa_auth) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1173) int keysize = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1174) struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1175) if (!a || !a->pfkey_supported) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1176) err = -ENOSYS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1177) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1178) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1179) if (key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1180) keysize = (key->sadb_key_bits + 7) / 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1181) x->aalg = kmalloc(sizeof(*x->aalg) + keysize, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1182) if (!x->aalg) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1183) err = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1184) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1185) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1186) strcpy(x->aalg->alg_name, a->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1187) x->aalg->alg_key_len = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1188) if (key) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1189) x->aalg->alg_key_len = key->sadb_key_bits;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1190) memcpy(x->aalg->alg_key, key+1, keysize);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1191) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1192) x->aalg->alg_trunc_len = a->uinfo.auth.icv_truncbits;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1193) x->props.aalgo = sa->sadb_sa_auth;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1194) /* x->algo.flags = sa->sadb_sa_flags; */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1195) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1196) if (sa->sadb_sa_encrypt) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1197) if (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1198) struct xfrm_algo_desc *a = xfrm_calg_get_byid(sa->sadb_sa_encrypt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1199) if (!a || !a->pfkey_supported) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1200) err = -ENOSYS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1201) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1202) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1203) x->calg = kmalloc(sizeof(*x->calg), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1204) if (!x->calg) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1205) err = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1206) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1207) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1208) strcpy(x->calg->alg_name, a->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1209) x->props.calgo = sa->sadb_sa_encrypt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1210) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1211) int keysize = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1212) struct xfrm_algo_desc *a = xfrm_ealg_get_byid(sa->sadb_sa_encrypt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1213) if (!a || !a->pfkey_supported) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1214) err = -ENOSYS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1215) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1216) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1217) key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1218) if (key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1219) keysize = (key->sadb_key_bits + 7) / 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1220) x->ealg = kmalloc(sizeof(*x->ealg) + keysize, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1221) if (!x->ealg) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1222) err = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1223) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1224) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1225) strcpy(x->ealg->alg_name, a->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1226) x->ealg->alg_key_len = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1227) if (key) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1228) x->ealg->alg_key_len = key->sadb_key_bits;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1229) memcpy(x->ealg->alg_key, key+1, keysize);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1230) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1231) x->props.ealgo = sa->sadb_sa_encrypt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1232) x->geniv = a->uinfo.encr.geniv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1233) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1234) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1235) /* x->algo.flags = sa->sadb_sa_flags; */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1236)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1237) x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1238) &x->props.saddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1239) pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1240) &x->id.daddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1241)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1242) if (ext_hdrs[SADB_X_EXT_SA2-1]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1243) const struct sadb_x_sa2 *sa2 = ext_hdrs[SADB_X_EXT_SA2-1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1244) int mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1245) if (mode < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1246) err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1247) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1248) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1249) x->props.mode = mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1250) x->props.reqid = sa2->sadb_x_sa2_reqid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1251) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1252)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1253) if (ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1254) const struct sadb_address *addr = ext_hdrs[SADB_EXT_ADDRESS_PROXY-1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1255)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1256) /* Nobody uses this, but we try. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1257) x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1258) x->sel.prefixlen_s = addr->sadb_address_prefixlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1259) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1260)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1261) if (!x->sel.family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1262) x->sel.family = x->props.family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1263)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1264) if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1265) const struct sadb_x_nat_t_type* n_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1266) struct xfrm_encap_tmpl *natt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1267)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1268) x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1269) if (!x->encap) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1270) err = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1271) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1272) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1273)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1274) natt = x->encap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1275) n_type = ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1276) natt->encap_type = n_type->sadb_x_nat_t_type_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1277)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1278) if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1279) const struct sadb_x_nat_t_port *n_port =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1280) ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1281) natt->encap_sport = n_port->sadb_x_nat_t_port_port;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1282) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1283) if (ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1284) const struct sadb_x_nat_t_port *n_port =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1285) ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1286) natt->encap_dport = n_port->sadb_x_nat_t_port_port;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1287) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1288) memset(&natt->encap_oa, 0, sizeof(natt->encap_oa));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1289) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1290)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1291) err = xfrm_init_state(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1292) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1293) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1294)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1295) x->km.seq = hdr->sadb_msg_seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1296) return x;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1297)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1298) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1299) x->km.state = XFRM_STATE_DEAD;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1300) xfrm_state_put(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1301) return ERR_PTR(err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1302) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1303)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1304) static int pfkey_reserved(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1305) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1306) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1307) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1308)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1309) static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1310) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1311) struct net *net = sock_net(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1312) struct sk_buff *resp_skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1313) struct sadb_x_sa2 *sa2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1314) struct sadb_address *saddr, *daddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1315) struct sadb_msg *out_hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1316) struct sadb_spirange *range;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1317) struct xfrm_state *x = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1318) int mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1319) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1320) u32 min_spi, max_spi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1321) u32 reqid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1322) u8 proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1323) unsigned short family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1324) xfrm_address_t *xsaddr = NULL, *xdaddr = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1325)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1326) if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1327) ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1328) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1329)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1330) proto = pfkey_satype2proto(hdr->sadb_msg_satype);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1331) if (proto == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1332) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1333)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1334) if ((sa2 = ext_hdrs[SADB_X_EXT_SA2-1]) != NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1335) mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1336) if (mode < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1337) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1338) reqid = sa2->sadb_x_sa2_reqid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1339) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1340) mode = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1341) reqid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1342) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1343)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1344) saddr = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1345) daddr = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1346)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1347) family = ((struct sockaddr *)(saddr + 1))->sa_family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1348) switch (family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1349) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1350) xdaddr = (xfrm_address_t *)&((struct sockaddr_in *)(daddr + 1))->sin_addr.s_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1351) xsaddr = (xfrm_address_t *)&((struct sockaddr_in *)(saddr + 1))->sin_addr.s_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1352) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1353) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1354) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1355) xdaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(daddr + 1))->sin6_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1356) xsaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(saddr + 1))->sin6_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1357) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1358) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1359) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1360)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1361) if (hdr->sadb_msg_seq) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1362) x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1363) if (x && !xfrm_addr_equal(&x->id.daddr, xdaddr, family)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1364) xfrm_state_put(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1365) x = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1366) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1367) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1368)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1369) if (!x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1370) x = xfrm_find_acq(net, &dummy_mark, mode, reqid, 0, proto, xdaddr, xsaddr, 1, family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1371)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1372) if (x == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1373) return -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1374)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1375) min_spi = 0x100;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1376) max_spi = 0x0fffffff;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1377)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1378) range = ext_hdrs[SADB_EXT_SPIRANGE-1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1379) if (range) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1380) min_spi = range->sadb_spirange_min;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1381) max_spi = range->sadb_spirange_max;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1382) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1383)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1384) err = verify_spi_info(x->id.proto, min_spi, max_spi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1385) if (err) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1386) xfrm_state_put(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1387) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1388) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1389)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1390) err = xfrm_alloc_spi(x, min_spi, max_spi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1391) resp_skb = err ? ERR_PTR(err) : pfkey_xfrm_state2msg(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1392)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1393) if (IS_ERR(resp_skb)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1394) xfrm_state_put(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1395) return PTR_ERR(resp_skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1396) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1397)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1398) out_hdr = (struct sadb_msg *) resp_skb->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1399) out_hdr->sadb_msg_version = hdr->sadb_msg_version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1400) out_hdr->sadb_msg_type = SADB_GETSPI;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1401) out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1402) out_hdr->sadb_msg_errno = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1403) out_hdr->sadb_msg_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1404) out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1405) out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1406)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1407) xfrm_state_put(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1408)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1409) pfkey_broadcast(resp_skb, GFP_KERNEL, BROADCAST_ONE, sk, net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1410)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1411) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1412) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1413)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1414) static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1415) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1416) struct net *net = sock_net(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1417) struct xfrm_state *x;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1418)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1419) if (hdr->sadb_msg_len != sizeof(struct sadb_msg)/8)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1420) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1421)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1422) if (hdr->sadb_msg_seq == 0 || hdr->sadb_msg_errno == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1423) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1424)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1425) x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1426) if (x == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1427) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1428)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1429) spin_lock_bh(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1430) if (x->km.state == XFRM_STATE_ACQ)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1431) x->km.state = XFRM_STATE_ERROR;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1432)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1433) spin_unlock_bh(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1434) xfrm_state_put(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1435) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1436) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1437)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1438) static inline int event2poltype(int event)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1439) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1440) switch (event) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1441) case XFRM_MSG_DELPOLICY:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1442) return SADB_X_SPDDELETE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1443) case XFRM_MSG_NEWPOLICY:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1444) return SADB_X_SPDADD;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1445) case XFRM_MSG_UPDPOLICY:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1446) return SADB_X_SPDUPDATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1447) case XFRM_MSG_POLEXPIRE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1448) // return SADB_X_SPDEXPIRE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1449) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1450) pr_err("pfkey: Unknown policy event %d\n", event);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1451) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1452) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1453)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1454) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1455) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1456)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1457) static inline int event2keytype(int event)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1458) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1459) switch (event) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1460) case XFRM_MSG_DELSA:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1461) return SADB_DELETE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1462) case XFRM_MSG_NEWSA:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1463) return SADB_ADD;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1464) case XFRM_MSG_UPDSA:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1465) return SADB_UPDATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1466) case XFRM_MSG_EXPIRE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1467) return SADB_EXPIRE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1468) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1469) pr_err("pfkey: Unknown SA event %d\n", event);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1470) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1471) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1472)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1473) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1474) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1475)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1476) /* ADD/UPD/DEL */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1477) static int key_notify_sa(struct xfrm_state *x, const struct km_event *c)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1478) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1479) struct sk_buff *skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1480) struct sadb_msg *hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1481)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1482) skb = pfkey_xfrm_state2msg(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1483)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1484) if (IS_ERR(skb))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1485) return PTR_ERR(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1486)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1487) hdr = (struct sadb_msg *) skb->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1488) hdr->sadb_msg_version = PF_KEY_V2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1489) hdr->sadb_msg_type = event2keytype(c->event);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1490) hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1491) hdr->sadb_msg_errno = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1492) hdr->sadb_msg_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1493) hdr->sadb_msg_seq = c->seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1494) hdr->sadb_msg_pid = c->portid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1495)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1496) pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xs_net(x));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1497)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1498) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1499) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1500)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1501) static int pfkey_add(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1502) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1503) struct net *net = sock_net(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1504) struct xfrm_state *x;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1505) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1506) struct km_event c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1507)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1508) x = pfkey_msg2xfrm_state(net, hdr, ext_hdrs);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1509) if (IS_ERR(x))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1510) return PTR_ERR(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1511)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1512) xfrm_state_hold(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1513) if (hdr->sadb_msg_type == SADB_ADD)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1514) err = xfrm_state_add(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1515) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1516) err = xfrm_state_update(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1517)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1518) xfrm_audit_state_add(x, err ? 0 : 1, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1519)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1520) if (err < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1521) x->km.state = XFRM_STATE_DEAD;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1522) __xfrm_state_put(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1523) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1524) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1525)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1526) if (hdr->sadb_msg_type == SADB_ADD)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1527) c.event = XFRM_MSG_NEWSA;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1528) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1529) c.event = XFRM_MSG_UPDSA;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1530) c.seq = hdr->sadb_msg_seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1531) c.portid = hdr->sadb_msg_pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1532) km_state_notify(x, &c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1533) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1534) xfrm_state_put(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1535) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1536) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1537)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1538) static int pfkey_delete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1539) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1540) struct net *net = sock_net(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1541) struct xfrm_state *x;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1542) struct km_event c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1543) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1544)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1545) if (!ext_hdrs[SADB_EXT_SA-1] ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1546) !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1547) ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1548) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1549)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1550) x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1551) if (x == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1552) return -ESRCH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1553)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1554) if ((err = security_xfrm_state_delete(x)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1555) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1556)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1557) if (xfrm_state_kern(x)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1558) err = -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1559) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1560) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1561)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1562) err = xfrm_state_delete(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1563)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1564) if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1565) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1566)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1567) c.seq = hdr->sadb_msg_seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1568) c.portid = hdr->sadb_msg_pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1569) c.event = XFRM_MSG_DELSA;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1570) km_state_notify(x, &c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1571) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1572) xfrm_audit_state_delete(x, err ? 0 : 1, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1573) xfrm_state_put(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1574)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1575) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1576) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1577)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1578) static int pfkey_get(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1579) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1580) struct net *net = sock_net(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1581) __u8 proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1582) struct sk_buff *out_skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1583) struct sadb_msg *out_hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1584) struct xfrm_state *x;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1585)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1586) if (!ext_hdrs[SADB_EXT_SA-1] ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1587) !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1588) ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1589) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1590)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1591) x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1592) if (x == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1593) return -ESRCH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1594)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1595) out_skb = pfkey_xfrm_state2msg(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1596) proto = x->id.proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1597) xfrm_state_put(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1598) if (IS_ERR(out_skb))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1599) return PTR_ERR(out_skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1600)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1601) out_hdr = (struct sadb_msg *) out_skb->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1602) out_hdr->sadb_msg_version = hdr->sadb_msg_version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1603) out_hdr->sadb_msg_type = SADB_GET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1604) out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1605) out_hdr->sadb_msg_errno = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1606) out_hdr->sadb_msg_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1607) out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1608) out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1609) pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1610)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1611) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1612) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1613)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1614) static struct sk_buff *compose_sadb_supported(const struct sadb_msg *orig,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1615) gfp_t allocation)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1616) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1617) struct sk_buff *skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1618) struct sadb_msg *hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1619) int len, auth_len, enc_len, i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1620)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1621) auth_len = xfrm_count_pfkey_auth_supported();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1622) if (auth_len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1623) auth_len *= sizeof(struct sadb_alg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1624) auth_len += sizeof(struct sadb_supported);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1625) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1626)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1627) enc_len = xfrm_count_pfkey_enc_supported();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1628) if (enc_len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1629) enc_len *= sizeof(struct sadb_alg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1630) enc_len += sizeof(struct sadb_supported);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1631) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1632)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1633) len = enc_len + auth_len + sizeof(struct sadb_msg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1634)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1635) skb = alloc_skb(len + 16, allocation);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1636) if (!skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1637) goto out_put_algs;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1638)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1639) hdr = skb_put(skb, sizeof(*hdr));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1640) pfkey_hdr_dup(hdr, orig);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1641) hdr->sadb_msg_errno = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1642) hdr->sadb_msg_len = len / sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1643)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1644) if (auth_len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1645) struct sadb_supported *sp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1646) struct sadb_alg *ap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1647)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1648) sp = skb_put(skb, auth_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1649) ap = (struct sadb_alg *) (sp + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1650)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1651) sp->sadb_supported_len = auth_len / sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1652) sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1653)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1654) for (i = 0; ; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1655) struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1656) if (!aalg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1657) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1658) if (!aalg->pfkey_supported)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1659) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1660) if (aalg->available)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1661) *ap++ = aalg->desc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1662) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1663) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1664)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1665) if (enc_len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1666) struct sadb_supported *sp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1667) struct sadb_alg *ap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1668)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1669) sp = skb_put(skb, enc_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1670) ap = (struct sadb_alg *) (sp + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1671)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1672) sp->sadb_supported_len = enc_len / sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1673) sp->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1674)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1675) for (i = 0; ; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1676) struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1677) if (!ealg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1678) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1679) if (!ealg->pfkey_supported)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1680) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1681) if (ealg->available)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1682) *ap++ = ealg->desc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1683) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1684) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1685)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1686) out_put_algs:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1687) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1688) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1689)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1690) static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1691) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1692) struct pfkey_sock *pfk = pfkey_sk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1693) struct sk_buff *supp_skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1694)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1695) if (hdr->sadb_msg_satype > SADB_SATYPE_MAX)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1696) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1697)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1698) if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1699) if (pfk->registered&(1<<hdr->sadb_msg_satype))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1700) return -EEXIST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1701) pfk->registered |= (1<<hdr->sadb_msg_satype);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1702) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1703)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1704) xfrm_probe_algs();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1705)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1706) supp_skb = compose_sadb_supported(hdr, GFP_KERNEL | __GFP_ZERO);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1707) if (!supp_skb) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1708) if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1709) pfk->registered &= ~(1<<hdr->sadb_msg_satype);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1710)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1711) return -ENOBUFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1712) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1713)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1714) pfkey_broadcast(supp_skb, GFP_KERNEL, BROADCAST_REGISTERED, sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1715) sock_net(sk));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1716) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1717) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1718)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1719) static int unicast_flush_resp(struct sock *sk, const struct sadb_msg *ihdr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1720) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1721) struct sk_buff *skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1722) struct sadb_msg *hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1723)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1724) skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1725) if (!skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1726) return -ENOBUFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1727)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1728) hdr = skb_put_data(skb, ihdr, sizeof(struct sadb_msg));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1729) hdr->sadb_msg_errno = (uint8_t) 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1730) hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1731)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1732) return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1733) sock_net(sk));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1734) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1735)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1736) static int key_notify_sa_flush(const struct km_event *c)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1737) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1738) struct sk_buff *skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1739) struct sadb_msg *hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1740)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1741) skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1742) if (!skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1743) return -ENOBUFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1744) hdr = skb_put(skb, sizeof(struct sadb_msg));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1745) hdr->sadb_msg_satype = pfkey_proto2satype(c->data.proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1746) hdr->sadb_msg_type = SADB_FLUSH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1747) hdr->sadb_msg_seq = c->seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1748) hdr->sadb_msg_pid = c->portid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1749) hdr->sadb_msg_version = PF_KEY_V2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1750) hdr->sadb_msg_errno = (uint8_t) 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1751) hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1752) hdr->sadb_msg_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1753)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1754) pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1755)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1756) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1757) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1758)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1759) static int pfkey_flush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1760) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1761) struct net *net = sock_net(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1762) unsigned int proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1763) struct km_event c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1764) int err, err2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1765)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1766) proto = pfkey_satype2proto(hdr->sadb_msg_satype);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1767) if (proto == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1768) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1769)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1770) err = xfrm_state_flush(net, proto, true, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1771) err2 = unicast_flush_resp(sk, hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1772) if (err || err2) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1773) if (err == -ESRCH) /* empty table - go quietly */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1774) err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1775) return err ? err : err2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1776) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1777)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1778) c.data.proto = proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1779) c.seq = hdr->sadb_msg_seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1780) c.portid = hdr->sadb_msg_pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1781) c.event = XFRM_MSG_FLUSHSA;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1782) c.net = net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1783) km_state_notify(NULL, &c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1784)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1785) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1786) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1787)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1788) static int dump_sa(struct xfrm_state *x, int count, void *ptr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1789) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1790) struct pfkey_sock *pfk = ptr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1791) struct sk_buff *out_skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1792) struct sadb_msg *out_hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1793)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1794) if (!pfkey_can_dump(&pfk->sk))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1795) return -ENOBUFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1796)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1797) out_skb = pfkey_xfrm_state2msg(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1798) if (IS_ERR(out_skb))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1799) return PTR_ERR(out_skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1800)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1801) out_hdr = (struct sadb_msg *) out_skb->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1802) out_hdr->sadb_msg_version = pfk->dump.msg_version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1803) out_hdr->sadb_msg_type = SADB_DUMP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1804) out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1805) out_hdr->sadb_msg_errno = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1806) out_hdr->sadb_msg_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1807) out_hdr->sadb_msg_seq = count + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1808) out_hdr->sadb_msg_pid = pfk->dump.msg_portid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1809)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1810) if (pfk->dump.skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1811) pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1812) &pfk->sk, sock_net(&pfk->sk));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1813) pfk->dump.skb = out_skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1814)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1815) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1816) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1817)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1818) static int pfkey_dump_sa(struct pfkey_sock *pfk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1819) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1820) struct net *net = sock_net(&pfk->sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1821) return xfrm_state_walk(net, &pfk->dump.u.state, dump_sa, (void *) pfk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1822) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1823)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1824) static void pfkey_dump_sa_done(struct pfkey_sock *pfk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1825) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1826) struct net *net = sock_net(&pfk->sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1827)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1828) xfrm_state_walk_done(&pfk->dump.u.state, net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1829) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1830)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1831) static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1832) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1833) u8 proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1834) struct xfrm_address_filter *filter = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1835) struct pfkey_sock *pfk = pfkey_sk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1836)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1837) mutex_lock(&pfk->dump_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1838) if (pfk->dump.dump != NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1839) mutex_unlock(&pfk->dump_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1840) return -EBUSY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1841) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1842)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1843) proto = pfkey_satype2proto(hdr->sadb_msg_satype);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1844) if (proto == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1845) mutex_unlock(&pfk->dump_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1846) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1847) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1848)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1849) if (ext_hdrs[SADB_X_EXT_FILTER - 1]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1850) struct sadb_x_filter *xfilter = ext_hdrs[SADB_X_EXT_FILTER - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1851)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1852) if ((xfilter->sadb_x_filter_splen >=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1853) (sizeof(xfrm_address_t) << 3)) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1854) (xfilter->sadb_x_filter_dplen >=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1855) (sizeof(xfrm_address_t) << 3))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1856) mutex_unlock(&pfk->dump_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1857) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1858) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1859) filter = kmalloc(sizeof(*filter), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1860) if (filter == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1861) mutex_unlock(&pfk->dump_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1862) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1863) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1864)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1865) memcpy(&filter->saddr, &xfilter->sadb_x_filter_saddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1866) sizeof(xfrm_address_t));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1867) memcpy(&filter->daddr, &xfilter->sadb_x_filter_daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1868) sizeof(xfrm_address_t));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1869) filter->family = xfilter->sadb_x_filter_family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1870) filter->splen = xfilter->sadb_x_filter_splen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1871) filter->dplen = xfilter->sadb_x_filter_dplen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1872) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1873)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1874) pfk->dump.msg_version = hdr->sadb_msg_version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1875) pfk->dump.msg_portid = hdr->sadb_msg_pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1876) pfk->dump.dump = pfkey_dump_sa;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1877) pfk->dump.done = pfkey_dump_sa_done;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1878) xfrm_state_walk_init(&pfk->dump.u.state, proto, filter);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1879) mutex_unlock(&pfk->dump_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1880)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1881) return pfkey_do_dump(pfk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1882) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1883)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1884) static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1885) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1886) struct pfkey_sock *pfk = pfkey_sk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1887) int satype = hdr->sadb_msg_satype;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1888) bool reset_errno = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1889)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1890) if (hdr->sadb_msg_len == (sizeof(*hdr) / sizeof(uint64_t))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1891) reset_errno = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1892) if (satype != 0 && satype != 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1893) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1894) pfk->promisc = satype;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1895) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1896) if (reset_errno && skb_cloned(skb))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1897) skb = skb_copy(skb, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1898) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1899) skb = skb_clone(skb, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1900)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1901) if (reset_errno && skb) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1902) struct sadb_msg *new_hdr = (struct sadb_msg *) skb->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1903) new_hdr->sadb_msg_errno = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1904) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1905)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1906) pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ALL, NULL, sock_net(sk));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1907) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1908) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1909)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1910) static int check_reqid(struct xfrm_policy *xp, int dir, int count, void *ptr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1911) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1912) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1913) u32 reqid = *(u32*)ptr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1914)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1915) for (i=0; i<xp->xfrm_nr; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1916) if (xp->xfrm_vec[i].reqid == reqid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1917) return -EEXIST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1918) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1919) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1920) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1921)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1922) static u32 gen_reqid(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1923) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1924) struct xfrm_policy_walk walk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1925) u32 start;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1926) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1927) static u32 reqid = IPSEC_MANUAL_REQID_MAX;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1928)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1929) start = reqid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1930) do {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1931) ++reqid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1932) if (reqid == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1933) reqid = IPSEC_MANUAL_REQID_MAX+1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1934) xfrm_policy_walk_init(&walk, XFRM_POLICY_TYPE_MAIN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1935) rc = xfrm_policy_walk(net, &walk, check_reqid, (void*)&reqid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1936) xfrm_policy_walk_done(&walk, net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1937) if (rc != -EEXIST)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1938) return reqid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1939) } while (reqid != start);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1940) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1941) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1942)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1943) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1944) parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1945) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1946) struct net *net = xp_net(xp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1947) struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1948) int mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1949)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1950) if (xp->xfrm_nr >= XFRM_MAX_DEPTH)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1951) return -ELOOP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1952)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1953) if (rq->sadb_x_ipsecrequest_mode == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1954) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1955) if (!xfrm_id_proto_valid(rq->sadb_x_ipsecrequest_proto))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1956) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1957)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1958) t->id.proto = rq->sadb_x_ipsecrequest_proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1959) if ((mode = pfkey_mode_to_xfrm(rq->sadb_x_ipsecrequest_mode)) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1960) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1961) t->mode = mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1962) if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_USE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1963) t->optional = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1964) else if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_UNIQUE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1965) t->reqid = rq->sadb_x_ipsecrequest_reqid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1966) if (t->reqid > IPSEC_MANUAL_REQID_MAX)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1967) t->reqid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1968) if (!t->reqid && !(t->reqid = gen_reqid(net)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1969) return -ENOBUFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1970) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1971)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1972) /* addresses present only in tunnel mode */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1973) if (t->mode == XFRM_MODE_TUNNEL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1974) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1975)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1976) err = parse_sockaddr_pair(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1977) (struct sockaddr *)(rq + 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1978) rq->sadb_x_ipsecrequest_len - sizeof(*rq),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1979) &t->saddr, &t->id.daddr, &t->encap_family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1980) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1981) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1982) } else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1983) t->encap_family = xp->family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1984)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1985) /* No way to set this via kame pfkey */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1986) t->allalgs = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1987) xp->xfrm_nr++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1988) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1989) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1990)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1991) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1992) parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1993) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1994) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1995) int len = pol->sadb_x_policy_len*8 - sizeof(struct sadb_x_policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1996) struct sadb_x_ipsecrequest *rq = (void*)(pol+1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1997)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1998) if (pol->sadb_x_policy_len * 8 < sizeof(struct sadb_x_policy))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1999) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2000)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2001) while (len >= sizeof(*rq)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2002) if (len < rq->sadb_x_ipsecrequest_len ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2003) rq->sadb_x_ipsecrequest_len < sizeof(*rq))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2004) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2005)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2006) if ((err = parse_ipsecrequest(xp, rq)) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2007) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2008) len -= rq->sadb_x_ipsecrequest_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2009) rq = (void*)((u8*)rq + rq->sadb_x_ipsecrequest_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2010) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2011) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2012) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2013)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2014) static inline int pfkey_xfrm_policy2sec_ctx_size(const struct xfrm_policy *xp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2015) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2016) struct xfrm_sec_ctx *xfrm_ctx = xp->security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2017)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2018) if (xfrm_ctx) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2019) int len = sizeof(struct sadb_x_sec_ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2020) len += xfrm_ctx->ctx_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2021) return PFKEY_ALIGN8(len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2022) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2023) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2024) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2025)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2026) static int pfkey_xfrm_policy2msg_size(const struct xfrm_policy *xp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2027) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2028) const struct xfrm_tmpl *t;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2029) int sockaddr_size = pfkey_sockaddr_size(xp->family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2030) int socklen = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2031) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2032)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2033) for (i=0; i<xp->xfrm_nr; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2034) t = xp->xfrm_vec + i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2035) socklen += pfkey_sockaddr_len(t->encap_family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2036) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2037)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2038) return sizeof(struct sadb_msg) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2039) (sizeof(struct sadb_lifetime) * 3) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2040) (sizeof(struct sadb_address) * 2) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2041) (sockaddr_size * 2) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2042) sizeof(struct sadb_x_policy) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2043) (xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2044) (socklen * 2) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2045) pfkey_xfrm_policy2sec_ctx_size(xp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2046) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2047)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2048) static struct sk_buff * pfkey_xfrm_policy2msg_prep(const struct xfrm_policy *xp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2049) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2050) struct sk_buff *skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2051) int size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2052)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2053) size = pfkey_xfrm_policy2msg_size(xp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2054)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2055) skb = alloc_skb(size + 16, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2056) if (skb == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2057) return ERR_PTR(-ENOBUFS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2058)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2059) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2060) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2061)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2062) static int pfkey_xfrm_policy2msg(struct sk_buff *skb, const struct xfrm_policy *xp, int dir)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2063) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2064) struct sadb_msg *hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2065) struct sadb_address *addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2066) struct sadb_lifetime *lifetime;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2067) struct sadb_x_policy *pol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2068) struct sadb_x_sec_ctx *sec_ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2069) struct xfrm_sec_ctx *xfrm_ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2070) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2071) int size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2072) int sockaddr_size = pfkey_sockaddr_size(xp->family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2073) int socklen = pfkey_sockaddr_len(xp->family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2074)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2075) size = pfkey_xfrm_policy2msg_size(xp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2076)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2077) /* call should fill header later */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2078) hdr = skb_put(skb, sizeof(struct sadb_msg));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2079) memset(hdr, 0, size); /* XXX do we need this ? */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2080)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2081) /* src address */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2082) addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2083) addr->sadb_address_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2084) (sizeof(struct sadb_address)+sockaddr_size)/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2085) sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2086) addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2087) addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2088) addr->sadb_address_prefixlen = xp->selector.prefixlen_s;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2089) addr->sadb_address_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2090) if (!pfkey_sockaddr_fill(&xp->selector.saddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2091) xp->selector.sport,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2092) (struct sockaddr *) (addr + 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2093) xp->family))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2094) BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2095)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2096) /* dst address */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2097) addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2098) addr->sadb_address_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2099) (sizeof(struct sadb_address)+sockaddr_size)/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2100) sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2101) addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2102) addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2103) addr->sadb_address_prefixlen = xp->selector.prefixlen_d;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2104) addr->sadb_address_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2105)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2106) pfkey_sockaddr_fill(&xp->selector.daddr, xp->selector.dport,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2107) (struct sockaddr *) (addr + 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2108) xp->family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2109)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2110) /* hard time */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2111) lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2112) lifetime->sadb_lifetime_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2113) sizeof(struct sadb_lifetime)/sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2114) lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2115) lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.hard_packet_limit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2116) lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.hard_byte_limit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2117) lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2118) lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2119) /* soft time */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2120) lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2121) lifetime->sadb_lifetime_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2122) sizeof(struct sadb_lifetime)/sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2123) lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2124) lifetime->sadb_lifetime_allocations = _X2KEY(xp->lft.soft_packet_limit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2125) lifetime->sadb_lifetime_bytes = _X2KEY(xp->lft.soft_byte_limit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2126) lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2127) lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2128) /* current time */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2129) lifetime = skb_put(skb, sizeof(struct sadb_lifetime));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2130) lifetime->sadb_lifetime_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2131) sizeof(struct sadb_lifetime)/sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2132) lifetime->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2133) lifetime->sadb_lifetime_allocations = xp->curlft.packets;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2134) lifetime->sadb_lifetime_bytes = xp->curlft.bytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2135) lifetime->sadb_lifetime_addtime = xp->curlft.add_time;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2136) lifetime->sadb_lifetime_usetime = xp->curlft.use_time;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2137)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2138) pol = skb_put(skb, sizeof(struct sadb_x_policy));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2139) pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2140) pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2141) pol->sadb_x_policy_type = IPSEC_POLICY_DISCARD;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2142) if (xp->action == XFRM_POLICY_ALLOW) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2143) if (xp->xfrm_nr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2144) pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2145) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2146) pol->sadb_x_policy_type = IPSEC_POLICY_NONE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2147) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2148) pol->sadb_x_policy_dir = dir+1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2149) pol->sadb_x_policy_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2150) pol->sadb_x_policy_id = xp->index;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2151) pol->sadb_x_policy_priority = xp->priority;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2152)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2153) for (i=0; i<xp->xfrm_nr; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2154) const struct xfrm_tmpl *t = xp->xfrm_vec + i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2155) struct sadb_x_ipsecrequest *rq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2156) int req_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2157) int mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2158)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2159) req_size = sizeof(struct sadb_x_ipsecrequest);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2160) if (t->mode == XFRM_MODE_TUNNEL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2161) socklen = pfkey_sockaddr_len(t->encap_family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2162) req_size += socklen * 2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2163) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2164) size -= 2*socklen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2165) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2166) rq = skb_put(skb, req_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2167) pol->sadb_x_policy_len += req_size/8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2168) memset(rq, 0, sizeof(*rq));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2169) rq->sadb_x_ipsecrequest_len = req_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2170) rq->sadb_x_ipsecrequest_proto = t->id.proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2171) if ((mode = pfkey_mode_from_xfrm(t->mode)) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2172) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2173) rq->sadb_x_ipsecrequest_mode = mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2174) rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2175) if (t->reqid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2176) rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2177) if (t->optional)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2178) rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_USE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2179) rq->sadb_x_ipsecrequest_reqid = t->reqid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2180)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2181) if (t->mode == XFRM_MODE_TUNNEL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2182) u8 *sa = (void *)(rq + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2183) pfkey_sockaddr_fill(&t->saddr, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2184) (struct sockaddr *)sa,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2185) t->encap_family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2186) pfkey_sockaddr_fill(&t->id.daddr, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2187) (struct sockaddr *) (sa + socklen),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2188) t->encap_family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2189) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2190) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2191)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2192) /* security context */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2193) if ((xfrm_ctx = xp->security)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2194) int ctx_size = pfkey_xfrm_policy2sec_ctx_size(xp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2195)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2196) sec_ctx = skb_put(skb, ctx_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2197) sec_ctx->sadb_x_sec_len = ctx_size / sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2198) sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2199) sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2200) sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2201) sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2202) memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2203) xfrm_ctx->ctx_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2204) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2205)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2206) hdr->sadb_msg_len = size / sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2207) hdr->sadb_msg_reserved = refcount_read(&xp->refcnt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2208)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2209) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2210) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2211)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2212) static int key_notify_policy(struct xfrm_policy *xp, int dir, const struct km_event *c)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2213) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2214) struct sk_buff *out_skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2215) struct sadb_msg *out_hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2216) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2217)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2218) out_skb = pfkey_xfrm_policy2msg_prep(xp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2219) if (IS_ERR(out_skb))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2220) return PTR_ERR(out_skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2221)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2222) err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2223) if (err < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2224) kfree_skb(out_skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2225) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2226) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2227)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2228) out_hdr = (struct sadb_msg *) out_skb->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2229) out_hdr->sadb_msg_version = PF_KEY_V2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2230)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2231) if (c->data.byid && c->event == XFRM_MSG_DELPOLICY)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2232) out_hdr->sadb_msg_type = SADB_X_SPDDELETE2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2233) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2234) out_hdr->sadb_msg_type = event2poltype(c->event);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2235) out_hdr->sadb_msg_errno = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2236) out_hdr->sadb_msg_seq = c->seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2237) out_hdr->sadb_msg_pid = c->portid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2238) pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2239) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2240)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2241) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2242)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2243) static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2244) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2245) struct net *net = sock_net(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2246) int err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2247) struct sadb_lifetime *lifetime;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2248) struct sadb_address *sa;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2249) struct sadb_x_policy *pol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2250) struct xfrm_policy *xp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2251) struct km_event c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2252) struct sadb_x_sec_ctx *sec_ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2253)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2254) if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2255) ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2256) !ext_hdrs[SADB_X_EXT_POLICY-1])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2257) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2258)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2259) pol = ext_hdrs[SADB_X_EXT_POLICY-1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2260) if (pol->sadb_x_policy_type > IPSEC_POLICY_IPSEC)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2261) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2262) if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2263) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2264)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2265) xp = xfrm_policy_alloc(net, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2266) if (xp == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2267) return -ENOBUFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2268)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2269) xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2270) XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2271) xp->priority = pol->sadb_x_policy_priority;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2272)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2273) sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2274) xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2275) xp->selector.family = xp->family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2276) xp->selector.prefixlen_s = sa->sadb_address_prefixlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2277) xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2278) xp->selector.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2279) if (xp->selector.sport)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2280) xp->selector.sport_mask = htons(0xffff);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2281)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2282) sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2283) pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2284) xp->selector.prefixlen_d = sa->sadb_address_prefixlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2285)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2286) /* Amusing, we set this twice. KAME apps appear to set same value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2287) * in both addresses.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2288) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2289) xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2290)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2291) xp->selector.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2292) if (xp->selector.dport)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2293) xp->selector.dport_mask = htons(0xffff);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2294)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2295) sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2296) if (sec_ctx != NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2297) struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2298)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2299) if (!uctx) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2300) err = -ENOBUFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2301) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2302) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2303)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2304) err = security_xfrm_policy_alloc(&xp->security, uctx, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2305) kfree(uctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2306)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2307) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2308) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2309) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2310)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2311) xp->lft.soft_byte_limit = XFRM_INF;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2312) xp->lft.hard_byte_limit = XFRM_INF;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2313) xp->lft.soft_packet_limit = XFRM_INF;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2314) xp->lft.hard_packet_limit = XFRM_INF;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2315) if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_HARD-1]) != NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2316) xp->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2317) xp->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2318) xp->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2319) xp->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2320) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2321) if ((lifetime = ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]) != NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2322) xp->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2323) xp->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2324) xp->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2325) xp->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2326) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2327) xp->xfrm_nr = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2328) if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2329) (err = parse_ipsecrequests(xp, pol)) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2330) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2331)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2332) err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2333) hdr->sadb_msg_type != SADB_X_SPDUPDATE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2334)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2335) xfrm_audit_policy_add(xp, err ? 0 : 1, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2336)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2337) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2338) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2339)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2340) if (hdr->sadb_msg_type == SADB_X_SPDUPDATE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2341) c.event = XFRM_MSG_UPDPOLICY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2342) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2343) c.event = XFRM_MSG_NEWPOLICY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2344)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2345) c.seq = hdr->sadb_msg_seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2346) c.portid = hdr->sadb_msg_pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2347)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2348) km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2349) xfrm_pol_put(xp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2350) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2351)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2352) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2353) xp->walk.dead = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2354) xfrm_policy_destroy(xp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2355) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2356) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2357)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2358) static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2359) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2360) struct net *net = sock_net(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2361) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2362) struct sadb_address *sa;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2363) struct sadb_x_policy *pol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2364) struct xfrm_policy *xp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2365) struct xfrm_selector sel;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2366) struct km_event c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2367) struct sadb_x_sec_ctx *sec_ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2368) struct xfrm_sec_ctx *pol_ctx = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2369)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2370) if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2371) ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2372) !ext_hdrs[SADB_X_EXT_POLICY-1])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2373) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2374)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2375) pol = ext_hdrs[SADB_X_EXT_POLICY-1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2376) if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2377) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2378)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2379) memset(&sel, 0, sizeof(sel));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2380)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2381) sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2382) sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2383) sel.prefixlen_s = sa->sadb_address_prefixlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2384) sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2385) sel.sport = ((struct sockaddr_in *)(sa+1))->sin_port;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2386) if (sel.sport)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2387) sel.sport_mask = htons(0xffff);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2388)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2389) sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2390) pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2391) sel.prefixlen_d = sa->sadb_address_prefixlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2392) sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2393) sel.dport = ((struct sockaddr_in *)(sa+1))->sin_port;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2394) if (sel.dport)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2395) sel.dport_mask = htons(0xffff);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2396)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2397) sec_ctx = ext_hdrs[SADB_X_EXT_SEC_CTX - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2398) if (sec_ctx != NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2399) struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2400)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2401) if (!uctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2402) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2403)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2404) err = security_xfrm_policy_alloc(&pol_ctx, uctx, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2405) kfree(uctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2406) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2407) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2408) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2409)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2410) xp = xfrm_policy_bysel_ctx(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2411) pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2412) 1, &err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2413) security_xfrm_policy_free(pol_ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2414) if (xp == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2415) return -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2416)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2417) xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2418)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2419) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2420) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2421)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2422) c.seq = hdr->sadb_msg_seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2423) c.portid = hdr->sadb_msg_pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2424) c.data.byid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2425) c.event = XFRM_MSG_DELPOLICY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2426) km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2427)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2428) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2429) xfrm_pol_put(xp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2430) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2431) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2432)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2433) static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, const struct sadb_msg *hdr, int dir)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2434) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2435) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2436) struct sk_buff *out_skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2437) struct sadb_msg *out_hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2438) err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2439)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2440) out_skb = pfkey_xfrm_policy2msg_prep(xp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2441) if (IS_ERR(out_skb)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2442) err = PTR_ERR(out_skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2443) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2444) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2445) err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2446) if (err < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2447) kfree_skb(out_skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2448) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2449) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2450)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2451) out_hdr = (struct sadb_msg *) out_skb->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2452) out_hdr->sadb_msg_version = hdr->sadb_msg_version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2453) out_hdr->sadb_msg_type = hdr->sadb_msg_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2454) out_hdr->sadb_msg_satype = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2455) out_hdr->sadb_msg_errno = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2456) out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2457) out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2458) pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, xp_net(xp));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2459) err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2460)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2461) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2462) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2463) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2464)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2465) static int pfkey_sockaddr_pair_size(sa_family_t family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2466) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2467) return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2468) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2469)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2470) static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2471) xfrm_address_t *saddr, xfrm_address_t *daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2472) u16 *family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2473) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2474) int af, socklen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2475)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2476) if (ext_len < 2 || ext_len < pfkey_sockaddr_pair_size(sa->sa_family))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2477) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2478)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2479) af = pfkey_sockaddr_extract(sa, saddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2480) if (!af)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2481) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2482)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2483) socklen = pfkey_sockaddr_len(af);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2484) if (pfkey_sockaddr_extract((struct sockaddr *) (((u8 *)sa) + socklen),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2485) daddr) != af)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2486) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2487)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2488) *family = af;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2489) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2490) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2491)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2492) #ifdef CONFIG_NET_KEY_MIGRATE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2493) static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2494) struct xfrm_migrate *m)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2495) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2496) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2497) struct sadb_x_ipsecrequest *rq2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2498) int mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2499)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2500) if (len < sizeof(*rq1) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2501) len < rq1->sadb_x_ipsecrequest_len ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2502) rq1->sadb_x_ipsecrequest_len < sizeof(*rq1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2503) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2504)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2505) /* old endoints */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2506) err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2507) rq1->sadb_x_ipsecrequest_len - sizeof(*rq1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2508) &m->old_saddr, &m->old_daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2509) &m->old_family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2510) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2511) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2512)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2513) rq2 = (struct sadb_x_ipsecrequest *)((u8 *)rq1 + rq1->sadb_x_ipsecrequest_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2514) len -= rq1->sadb_x_ipsecrequest_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2515)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2516) if (len <= sizeof(*rq2) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2517) len < rq2->sadb_x_ipsecrequest_len ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2518) rq2->sadb_x_ipsecrequest_len < sizeof(*rq2))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2519) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2520)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2521) /* new endpoints */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2522) err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2523) rq2->sadb_x_ipsecrequest_len - sizeof(*rq2),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2524) &m->new_saddr, &m->new_daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2525) &m->new_family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2526) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2527) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2528)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2529) if (rq1->sadb_x_ipsecrequest_proto != rq2->sadb_x_ipsecrequest_proto ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2530) rq1->sadb_x_ipsecrequest_mode != rq2->sadb_x_ipsecrequest_mode ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2531) rq1->sadb_x_ipsecrequest_reqid != rq2->sadb_x_ipsecrequest_reqid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2532) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2533)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2534) m->proto = rq1->sadb_x_ipsecrequest_proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2535) if ((mode = pfkey_mode_to_xfrm(rq1->sadb_x_ipsecrequest_mode)) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2536) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2537) m->mode = mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2538) m->reqid = rq1->sadb_x_ipsecrequest_reqid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2539)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2540) return ((int)(rq1->sadb_x_ipsecrequest_len +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2541) rq2->sadb_x_ipsecrequest_len));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2542) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2543)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2544) static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2545) const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2546) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2547) int i, len, ret, err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2548) u8 dir;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2549) struct sadb_address *sa;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2550) struct sadb_x_kmaddress *kma;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2551) struct sadb_x_policy *pol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2552) struct sadb_x_ipsecrequest *rq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2553) struct xfrm_selector sel;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2554) struct xfrm_migrate m[XFRM_MAX_DEPTH];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2555) struct xfrm_kmaddress k;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2556) struct net *net = sock_net(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2557)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2558) if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2559) ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2560) !ext_hdrs[SADB_X_EXT_POLICY - 1]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2561) err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2562) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2563) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2564)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2565) kma = ext_hdrs[SADB_X_EXT_KMADDRESS - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2566) pol = ext_hdrs[SADB_X_EXT_POLICY - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2567)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2568) if (pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2569) err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2570) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2571) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2572)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2573) if (kma) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2574) /* convert sadb_x_kmaddress to xfrm_kmaddress */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2575) k.reserved = kma->sadb_x_kmaddress_reserved;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2576) ret = parse_sockaddr_pair((struct sockaddr *)(kma + 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2577) 8*(kma->sadb_x_kmaddress_len) - sizeof(*kma),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2578) &k.local, &k.remote, &k.family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2579) if (ret < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2580) err = ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2581) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2582) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2583) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2584)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2585) dir = pol->sadb_x_policy_dir - 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2586) memset(&sel, 0, sizeof(sel));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2587)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2588) /* set source address info of selector */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2589) sa = ext_hdrs[SADB_EXT_ADDRESS_SRC - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2590) sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2591) sel.prefixlen_s = sa->sadb_address_prefixlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2592) sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2593) sel.sport = ((struct sockaddr_in *)(sa + 1))->sin_port;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2594) if (sel.sport)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2595) sel.sport_mask = htons(0xffff);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2596)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2597) /* set destination address info of selector */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2598) sa = ext_hdrs[SADB_EXT_ADDRESS_DST - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2599) pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2600) sel.prefixlen_d = sa->sadb_address_prefixlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2601) sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2602) sel.dport = ((struct sockaddr_in *)(sa + 1))->sin_port;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2603) if (sel.dport)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2604) sel.dport_mask = htons(0xffff);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2605)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2606) rq = (struct sadb_x_ipsecrequest *)(pol + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2607)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2608) /* extract ipsecrequests */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2609) i = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2610) len = pol->sadb_x_policy_len * 8 - sizeof(struct sadb_x_policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2611)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2612) while (len > 0 && i < XFRM_MAX_DEPTH) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2613) ret = ipsecrequests_to_migrate(rq, len, &m[i]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2614) if (ret < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2615) err = ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2616) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2617) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2618) rq = (struct sadb_x_ipsecrequest *)((u8 *)rq + ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2619) len -= ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2620) i++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2621) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2622) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2623)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2624) if (!i || len > 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2625) err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2626) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2627) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2628)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2629) return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2630) kma ? &k : NULL, net, NULL, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2631)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2632) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2633) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2634) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2635) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2636) static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2637) const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2638) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2639) return -ENOPROTOOPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2640) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2641) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2642)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2643)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2644) static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2645) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2646) struct net *net = sock_net(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2647) unsigned int dir;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2648) int err = 0, delete;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2649) struct sadb_x_policy *pol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2650) struct xfrm_policy *xp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2651) struct km_event c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2652)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2653) if ((pol = ext_hdrs[SADB_X_EXT_POLICY-1]) == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2654) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2655)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2656) dir = xfrm_policy_id2dir(pol->sadb_x_policy_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2657) if (dir >= XFRM_POLICY_MAX)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2658) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2659)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2660) delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2661) xp = xfrm_policy_byid(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2662) dir, pol->sadb_x_policy_id, delete, &err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2663) if (xp == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2664) return -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2665)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2666) if (delete) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2667) xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2668)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2669) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2670) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2671) c.seq = hdr->sadb_msg_seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2672) c.portid = hdr->sadb_msg_pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2673) c.data.byid = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2674) c.event = XFRM_MSG_DELPOLICY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2675) km_policy_notify(xp, dir, &c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2676) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2677) err = key_pol_get_resp(sk, xp, hdr, dir);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2678) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2679)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2680) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2681) xfrm_pol_put(xp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2682) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2683) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2684)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2685) static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2686) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2687) struct pfkey_sock *pfk = ptr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2688) struct sk_buff *out_skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2689) struct sadb_msg *out_hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2690) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2691)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2692) if (!pfkey_can_dump(&pfk->sk))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2693) return -ENOBUFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2694)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2695) out_skb = pfkey_xfrm_policy2msg_prep(xp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2696) if (IS_ERR(out_skb))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2697) return PTR_ERR(out_skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2698)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2699) err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2700) if (err < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2701) kfree_skb(out_skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2702) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2703) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2704)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2705) out_hdr = (struct sadb_msg *) out_skb->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2706) out_hdr->sadb_msg_version = pfk->dump.msg_version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2707) out_hdr->sadb_msg_type = SADB_X_SPDDUMP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2708) out_hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2709) out_hdr->sadb_msg_errno = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2710) out_hdr->sadb_msg_seq = count + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2711) out_hdr->sadb_msg_pid = pfk->dump.msg_portid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2712)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2713) if (pfk->dump.skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2714) pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2715) &pfk->sk, sock_net(&pfk->sk));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2716) pfk->dump.skb = out_skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2717)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2718) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2719) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2720)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2721) static int pfkey_dump_sp(struct pfkey_sock *pfk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2722) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2723) struct net *net = sock_net(&pfk->sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2724) return xfrm_policy_walk(net, &pfk->dump.u.policy, dump_sp, (void *) pfk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2725) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2726)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2727) static void pfkey_dump_sp_done(struct pfkey_sock *pfk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2728) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2729) struct net *net = sock_net((struct sock *)pfk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2730)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2731) xfrm_policy_walk_done(&pfk->dump.u.policy, net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2732) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2733)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2734) static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2735) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2736) struct pfkey_sock *pfk = pfkey_sk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2737)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2738) mutex_lock(&pfk->dump_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2739) if (pfk->dump.dump != NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2740) mutex_unlock(&pfk->dump_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2741) return -EBUSY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2742) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2743)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2744) pfk->dump.msg_version = hdr->sadb_msg_version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2745) pfk->dump.msg_portid = hdr->sadb_msg_pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2746) pfk->dump.dump = pfkey_dump_sp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2747) pfk->dump.done = pfkey_dump_sp_done;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2748) xfrm_policy_walk_init(&pfk->dump.u.policy, XFRM_POLICY_TYPE_MAIN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2749) mutex_unlock(&pfk->dump_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2750)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2751) return pfkey_do_dump(pfk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2752) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2753)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2754) static int key_notify_policy_flush(const struct km_event *c)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2755) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2756) struct sk_buff *skb_out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2757) struct sadb_msg *hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2758)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2759) skb_out = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2760) if (!skb_out)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2761) return -ENOBUFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2762) hdr = skb_put(skb_out, sizeof(struct sadb_msg));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2763) hdr->sadb_msg_type = SADB_X_SPDFLUSH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2764) hdr->sadb_msg_seq = c->seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2765) hdr->sadb_msg_pid = c->portid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2766) hdr->sadb_msg_version = PF_KEY_V2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2767) hdr->sadb_msg_errno = (uint8_t) 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2768) hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2769) hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2770) hdr->sadb_msg_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2771) pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2772) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2773)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2774) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2775)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2776) static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2777) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2778) struct net *net = sock_net(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2779) struct km_event c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2780) int err, err2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2781)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2782) err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2783) err2 = unicast_flush_resp(sk, hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2784) if (err || err2) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2785) if (err == -ESRCH) /* empty table - old silent behavior */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2786) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2787) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2788) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2789)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2790) c.data.type = XFRM_POLICY_TYPE_MAIN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2791) c.event = XFRM_MSG_FLUSHPOLICY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2792) c.portid = hdr->sadb_msg_pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2793) c.seq = hdr->sadb_msg_seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2794) c.net = net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2795) km_policy_notify(NULL, 0, &c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2796)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2797) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2798) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2799)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2800) typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2801) const struct sadb_msg *hdr, void * const *ext_hdrs);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2802) static const pfkey_handler pfkey_funcs[SADB_MAX + 1] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2803) [SADB_RESERVED] = pfkey_reserved,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2804) [SADB_GETSPI] = pfkey_getspi,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2805) [SADB_UPDATE] = pfkey_add,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2806) [SADB_ADD] = pfkey_add,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2807) [SADB_DELETE] = pfkey_delete,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2808) [SADB_GET] = pfkey_get,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2809) [SADB_ACQUIRE] = pfkey_acquire,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2810) [SADB_REGISTER] = pfkey_register,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2811) [SADB_EXPIRE] = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2812) [SADB_FLUSH] = pfkey_flush,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2813) [SADB_DUMP] = pfkey_dump,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2814) [SADB_X_PROMISC] = pfkey_promisc,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2815) [SADB_X_PCHANGE] = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2816) [SADB_X_SPDUPDATE] = pfkey_spdadd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2817) [SADB_X_SPDADD] = pfkey_spdadd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2818) [SADB_X_SPDDELETE] = pfkey_spddelete,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2819) [SADB_X_SPDGET] = pfkey_spdget,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2820) [SADB_X_SPDACQUIRE] = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2821) [SADB_X_SPDDUMP] = pfkey_spddump,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2822) [SADB_X_SPDFLUSH] = pfkey_spdflush,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2823) [SADB_X_SPDSETIDX] = pfkey_spdadd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2824) [SADB_X_SPDDELETE2] = pfkey_spdget,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2825) [SADB_X_MIGRATE] = pfkey_migrate,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2826) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2827)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2828) static int pfkey_process(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2829) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2830) void *ext_hdrs[SADB_EXT_MAX];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2831) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2832)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2833) pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2834) BROADCAST_PROMISC_ONLY, NULL, sock_net(sk));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2835)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2836) memset(ext_hdrs, 0, sizeof(ext_hdrs));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2837) err = parse_exthdrs(skb, hdr, ext_hdrs);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2838) if (!err) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2839) err = -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2840) if (pfkey_funcs[hdr->sadb_msg_type])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2841) err = pfkey_funcs[hdr->sadb_msg_type](sk, skb, hdr, ext_hdrs);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2842) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2843) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2844) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2845)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2846) static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2847) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2848) struct sadb_msg *hdr = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2849)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2850) if (skb->len < sizeof(*hdr)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2851) *errp = -EMSGSIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2852) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2853) hdr = (struct sadb_msg *) skb->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2854) if (hdr->sadb_msg_version != PF_KEY_V2 ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2855) hdr->sadb_msg_reserved != 0 ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2856) (hdr->sadb_msg_type <= SADB_RESERVED ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2857) hdr->sadb_msg_type > SADB_MAX)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2858) hdr = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2859) *errp = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2860) } else if (hdr->sadb_msg_len != (skb->len /
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2861) sizeof(uint64_t)) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2862) hdr->sadb_msg_len < (sizeof(struct sadb_msg) /
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2863) sizeof(uint64_t))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2864) hdr = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2865) *errp = -EMSGSIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2866) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2867) *errp = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2868) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2869) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2870) return hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2871) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2872)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2873) static inline int aalg_tmpl_set(const struct xfrm_tmpl *t,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2874) const struct xfrm_algo_desc *d)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2875) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2876) unsigned int id = d->desc.sadb_alg_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2877)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2878) if (id >= sizeof(t->aalgos) * 8)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2879) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2880)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2881) return (t->aalgos >> id) & 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2882) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2883)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2884) static inline int ealg_tmpl_set(const struct xfrm_tmpl *t,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2885) const struct xfrm_algo_desc *d)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2886) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2887) unsigned int id = d->desc.sadb_alg_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2888)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2889) if (id >= sizeof(t->ealgos) * 8)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2890) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2891)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2892) return (t->ealgos >> id) & 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2893) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2894)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2895) static int count_ah_combs(const struct xfrm_tmpl *t)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2896) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2897) int i, sz = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2898)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2899) for (i = 0; ; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2900) const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2901) if (!aalg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2902) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2903) if (!aalg->pfkey_supported)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2904) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2905) if (aalg_tmpl_set(t, aalg))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2906) sz += sizeof(struct sadb_comb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2907) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2908) return sz + sizeof(struct sadb_prop);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2909) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2910)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2911) static int count_esp_combs(const struct xfrm_tmpl *t)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2912) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2913) int i, k, sz = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2914)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2915) for (i = 0; ; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2916) const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2917) if (!ealg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2918) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2919)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2920) if (!ealg->pfkey_supported)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2921) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2922)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2923) if (!(ealg_tmpl_set(t, ealg)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2924) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2925)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2926) for (k = 1; ; k++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2927) const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2928) if (!aalg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2929) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2930)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2931) if (!aalg->pfkey_supported)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2932) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2933)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2934) if (aalg_tmpl_set(t, aalg))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2935) sz += sizeof(struct sadb_comb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2936) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2937) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2938) return sz + sizeof(struct sadb_prop);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2939) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2940)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2941) static void dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2942) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2943) struct sadb_prop *p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2944) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2945)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2946) p = skb_put(skb, sizeof(struct sadb_prop));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2947) p->sadb_prop_len = sizeof(struct sadb_prop)/8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2948) p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2949) p->sadb_prop_replay = 32;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2950) memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2951)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2952) for (i = 0; ; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2953) const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2954) if (!aalg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2955) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2956)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2957) if (!aalg->pfkey_supported)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2958) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2959)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2960) if (aalg_tmpl_set(t, aalg) && aalg->available) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2961) struct sadb_comb *c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2962) c = skb_put_zero(skb, sizeof(struct sadb_comb));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2963) p->sadb_prop_len += sizeof(struct sadb_comb)/8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2964) c->sadb_comb_auth = aalg->desc.sadb_alg_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2965) c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2966) c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2967) c->sadb_comb_hard_addtime = 24*60*60;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2968) c->sadb_comb_soft_addtime = 20*60*60;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2969) c->sadb_comb_hard_usetime = 8*60*60;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2970) c->sadb_comb_soft_usetime = 7*60*60;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2971) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2972) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2973) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2974)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2975) static void dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2976) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2977) struct sadb_prop *p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2978) int i, k;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2979)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2980) p = skb_put(skb, sizeof(struct sadb_prop));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2981) p->sadb_prop_len = sizeof(struct sadb_prop)/8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2982) p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2983) p->sadb_prop_replay = 32;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2984) memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2985)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2986) for (i=0; ; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2987) const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2988) if (!ealg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2989) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2990)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2991) if (!ealg->pfkey_supported)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2992) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2993)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2994) if (!(ealg_tmpl_set(t, ealg) && ealg->available))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2995) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2996)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2997) for (k = 1; ; k++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2998) struct sadb_comb *c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2999) const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3000) if (!aalg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3001) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3002) if (!aalg->pfkey_supported)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3003) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3004) if (!(aalg_tmpl_set(t, aalg) && aalg->available))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3005) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3006) c = skb_put(skb, sizeof(struct sadb_comb));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3007) memset(c, 0, sizeof(*c));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3008) p->sadb_prop_len += sizeof(struct sadb_comb)/8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3009) c->sadb_comb_auth = aalg->desc.sadb_alg_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3010) c->sadb_comb_auth_minbits = aalg->desc.sadb_alg_minbits;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3011) c->sadb_comb_auth_maxbits = aalg->desc.sadb_alg_maxbits;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3012) c->sadb_comb_encrypt = ealg->desc.sadb_alg_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3013) c->sadb_comb_encrypt_minbits = ealg->desc.sadb_alg_minbits;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3014) c->sadb_comb_encrypt_maxbits = ealg->desc.sadb_alg_maxbits;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3015) c->sadb_comb_hard_addtime = 24*60*60;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3016) c->sadb_comb_soft_addtime = 20*60*60;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3017) c->sadb_comb_hard_usetime = 8*60*60;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3018) c->sadb_comb_soft_usetime = 7*60*60;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3019) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3020) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3021) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3022)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3023) static int key_notify_policy_expire(struct xfrm_policy *xp, const struct km_event *c)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3024) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3025) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3026) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3027)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3028) static int key_notify_sa_expire(struct xfrm_state *x, const struct km_event *c)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3029) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3030) struct sk_buff *out_skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3031) struct sadb_msg *out_hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3032) int hard;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3033) int hsc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3034)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3035) hard = c->data.hard;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3036) if (hard)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3037) hsc = 2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3038) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3039) hsc = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3040)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3041) out_skb = pfkey_xfrm_state2msg_expire(x, hsc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3042) if (IS_ERR(out_skb))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3043) return PTR_ERR(out_skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3044)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3045) out_hdr = (struct sadb_msg *) out_skb->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3046) out_hdr->sadb_msg_version = PF_KEY_V2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3047) out_hdr->sadb_msg_type = SADB_EXPIRE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3048) out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3049) out_hdr->sadb_msg_errno = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3050) out_hdr->sadb_msg_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3051) out_hdr->sadb_msg_seq = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3052) out_hdr->sadb_msg_pid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3053)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3054) pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3055) xs_net(x));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3056) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3057) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3058)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3059) static int pfkey_send_notify(struct xfrm_state *x, const struct km_event *c)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3060) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3061) struct net *net = x ? xs_net(x) : c->net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3062) struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3063)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3064) if (atomic_read(&net_pfkey->socks_nr) == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3065) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3066)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3067) switch (c->event) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3068) case XFRM_MSG_EXPIRE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3069) return key_notify_sa_expire(x, c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3070) case XFRM_MSG_DELSA:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3071) case XFRM_MSG_NEWSA:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3072) case XFRM_MSG_UPDSA:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3073) return key_notify_sa(x, c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3074) case XFRM_MSG_FLUSHSA:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3075) return key_notify_sa_flush(c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3076) case XFRM_MSG_NEWAE: /* not yet supported */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3077) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3078) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3079) pr_err("pfkey: Unknown SA event %d\n", c->event);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3080) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3081) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3082)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3083) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3084) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3085)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3086) static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3087) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3088) if (xp && xp->type != XFRM_POLICY_TYPE_MAIN)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3089) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3090)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3091) switch (c->event) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3092) case XFRM_MSG_POLEXPIRE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3093) return key_notify_policy_expire(xp, c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3094) case XFRM_MSG_DELPOLICY:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3095) case XFRM_MSG_NEWPOLICY:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3096) case XFRM_MSG_UPDPOLICY:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3097) return key_notify_policy(xp, dir, c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3098) case XFRM_MSG_FLUSHPOLICY:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3099) if (c->data.type != XFRM_POLICY_TYPE_MAIN)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3100) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3101) return key_notify_policy_flush(c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3102) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3103) pr_err("pfkey: Unknown policy event %d\n", c->event);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3104) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3105) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3106)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3107) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3108) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3109)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3110) static u32 get_acqseq(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3111) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3112) u32 res;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3113) static atomic_t acqseq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3115) do {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3116) res = atomic_inc_return(&acqseq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3117) } while (!res);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3118) return res;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3119) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3120)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3121) static bool pfkey_is_alive(const struct km_event *c)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3122) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3123) struct netns_pfkey *net_pfkey = net_generic(c->net, pfkey_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3124) struct sock *sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3125) bool is_alive = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3126)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3127) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3128) sk_for_each_rcu(sk, &net_pfkey->table) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3129) if (pfkey_sk(sk)->registered) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3130) is_alive = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3131) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3132) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3133) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3134) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3135)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3136) return is_alive;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3137) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3138)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3139) static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3140) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3141) struct sk_buff *skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3142) struct sadb_msg *hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3143) struct sadb_address *addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3144) struct sadb_x_policy *pol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3145) int sockaddr_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3146) int size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3147) struct sadb_x_sec_ctx *sec_ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3148) struct xfrm_sec_ctx *xfrm_ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3149) int ctx_size = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3150)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3151) sockaddr_size = pfkey_sockaddr_size(x->props.family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3152) if (!sockaddr_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3153) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3154)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3155) size = sizeof(struct sadb_msg) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3156) (sizeof(struct sadb_address) * 2) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3157) (sockaddr_size * 2) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3158) sizeof(struct sadb_x_policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3159)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3160) if (x->id.proto == IPPROTO_AH)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3161) size += count_ah_combs(t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3162) else if (x->id.proto == IPPROTO_ESP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3163) size += count_esp_combs(t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3164)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3165) if ((xfrm_ctx = x->security)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3166) ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3167) size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3168) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3169)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3170) skb = alloc_skb(size + 16, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3171) if (skb == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3172) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3173)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3174) hdr = skb_put(skb, sizeof(struct sadb_msg));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3175) hdr->sadb_msg_version = PF_KEY_V2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3176) hdr->sadb_msg_type = SADB_ACQUIRE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3177) hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3178) hdr->sadb_msg_len = size / sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3179) hdr->sadb_msg_errno = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3180) hdr->sadb_msg_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3181) hdr->sadb_msg_seq = x->km.seq = get_acqseq();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3182) hdr->sadb_msg_pid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3183)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3184) /* src address */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3185) addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3186) addr->sadb_address_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3187) (sizeof(struct sadb_address)+sockaddr_size)/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3188) sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3189) addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3190) addr->sadb_address_proto = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3191) addr->sadb_address_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3192) addr->sadb_address_prefixlen =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3193) pfkey_sockaddr_fill(&x->props.saddr, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3194) (struct sockaddr *) (addr + 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3195) x->props.family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3196) if (!addr->sadb_address_prefixlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3197) BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3198)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3199) /* dst address */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3200) addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3201) addr->sadb_address_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3202) (sizeof(struct sadb_address)+sockaddr_size)/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3203) sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3204) addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3205) addr->sadb_address_proto = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3206) addr->sadb_address_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3207) addr->sadb_address_prefixlen =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3208) pfkey_sockaddr_fill(&x->id.daddr, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3209) (struct sockaddr *) (addr + 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3210) x->props.family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3211) if (!addr->sadb_address_prefixlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3212) BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3213)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3214) pol = skb_put(skb, sizeof(struct sadb_x_policy));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3215) pol->sadb_x_policy_len = sizeof(struct sadb_x_policy)/sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3216) pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3217) pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3218) pol->sadb_x_policy_dir = XFRM_POLICY_OUT + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3219) pol->sadb_x_policy_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3220) pol->sadb_x_policy_id = xp->index;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3221) pol->sadb_x_policy_priority = xp->priority;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3222)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3223) /* Set sadb_comb's. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3224) if (x->id.proto == IPPROTO_AH)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3225) dump_ah_combs(skb, t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3226) else if (x->id.proto == IPPROTO_ESP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3227) dump_esp_combs(skb, t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3228)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3229) /* security context */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3230) if (xfrm_ctx) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3231) sec_ctx = skb_put(skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3232) sizeof(struct sadb_x_sec_ctx) + ctx_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3233) sec_ctx->sadb_x_sec_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3234) (sizeof(struct sadb_x_sec_ctx) + ctx_size) / sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3235) sec_ctx->sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3236) sec_ctx->sadb_x_ctx_doi = xfrm_ctx->ctx_doi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3237) sec_ctx->sadb_x_ctx_alg = xfrm_ctx->ctx_alg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3238) sec_ctx->sadb_x_ctx_len = xfrm_ctx->ctx_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3239) memcpy(sec_ctx + 1, xfrm_ctx->ctx_str,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3240) xfrm_ctx->ctx_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3241) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3242)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3243) return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3244) xs_net(x));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3245) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3246)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3247) static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3248) u8 *data, int len, int *dir)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3249) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3250) struct net *net = sock_net(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3251) struct xfrm_policy *xp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3252) struct sadb_x_policy *pol = (struct sadb_x_policy*)data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3253) struct sadb_x_sec_ctx *sec_ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3254)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3255) switch (sk->sk_family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3256) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3257) if (opt != IP_IPSEC_POLICY) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3258) *dir = -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3259) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3260) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3261) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3262) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3263) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3264) if (opt != IPV6_IPSEC_POLICY) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3265) *dir = -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3266) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3267) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3268) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3269) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3270) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3271) *dir = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3272) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3273) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3274)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3275) *dir = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3276)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3277) if (len < sizeof(struct sadb_x_policy) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3278) pol->sadb_x_policy_len*8 > len ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3279) pol->sadb_x_policy_type > IPSEC_POLICY_BYPASS ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3280) (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir > IPSEC_DIR_OUTBOUND))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3281) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3282)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3283) xp = xfrm_policy_alloc(net, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3284) if (xp == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3285) *dir = -ENOBUFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3286) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3287) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3288)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3289) xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3290) XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3291)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3292) xp->lft.soft_byte_limit = XFRM_INF;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3293) xp->lft.hard_byte_limit = XFRM_INF;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3294) xp->lft.soft_packet_limit = XFRM_INF;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3295) xp->lft.hard_packet_limit = XFRM_INF;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3296) xp->family = sk->sk_family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3297)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3298) xp->xfrm_nr = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3299) if (pol->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3300) (*dir = parse_ipsecrequests(xp, pol)) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3301) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3302)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3303) /* security context too */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3304) if (len >= (pol->sadb_x_policy_len*8 +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3305) sizeof(struct sadb_x_sec_ctx))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3306) char *p = (char *)pol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3307) struct xfrm_user_sec_ctx *uctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3308)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3309) p += pol->sadb_x_policy_len*8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3310) sec_ctx = (struct sadb_x_sec_ctx *)p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3311) if (len < pol->sadb_x_policy_len*8 +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3312) sec_ctx->sadb_x_sec_len*8) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3313) *dir = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3314) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3315) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3316) if ((*dir = verify_sec_ctx_len(p)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3317) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3318) uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3319) *dir = security_xfrm_policy_alloc(&xp->security, uctx, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3320) kfree(uctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3321)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3322) if (*dir)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3323) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3324) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3325)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3326) *dir = pol->sadb_x_policy_dir-1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3327) return xp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3328)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3329) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3330) xp->walk.dead = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3331) xfrm_policy_destroy(xp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3332) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3333) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3334)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3335) static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3336) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3337) struct sk_buff *skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3338) struct sadb_msg *hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3339) struct sadb_sa *sa;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3340) struct sadb_address *addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3341) struct sadb_x_nat_t_port *n_port;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3342) int sockaddr_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3343) int size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3344) __u8 satype = (x->id.proto == IPPROTO_ESP ? SADB_SATYPE_ESP : 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3345) struct xfrm_encap_tmpl *natt = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3346)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3347) sockaddr_size = pfkey_sockaddr_size(x->props.family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3348) if (!sockaddr_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3349) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3350)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3351) if (!satype)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3352) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3353)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3354) if (!x->encap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3355) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3356)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3357) natt = x->encap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3358)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3359) /* Build an SADB_X_NAT_T_NEW_MAPPING message:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3360) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3361) * HDR | SA | ADDRESS_SRC (old addr) | NAT_T_SPORT (old port) |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3362) * ADDRESS_DST (new addr) | NAT_T_DPORT (new port)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3363) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3364)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3365) size = sizeof(struct sadb_msg) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3366) sizeof(struct sadb_sa) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3367) (sizeof(struct sadb_address) * 2) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3368) (sockaddr_size * 2) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3369) (sizeof(struct sadb_x_nat_t_port) * 2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3370)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3371) skb = alloc_skb(size + 16, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3372) if (skb == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3373) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3374)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3375) hdr = skb_put(skb, sizeof(struct sadb_msg));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3376) hdr->sadb_msg_version = PF_KEY_V2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3377) hdr->sadb_msg_type = SADB_X_NAT_T_NEW_MAPPING;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3378) hdr->sadb_msg_satype = satype;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3379) hdr->sadb_msg_len = size / sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3380) hdr->sadb_msg_errno = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3381) hdr->sadb_msg_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3382) hdr->sadb_msg_seq = x->km.seq = get_acqseq();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3383) hdr->sadb_msg_pid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3384)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3385) /* SA */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3386) sa = skb_put(skb, sizeof(struct sadb_sa));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3387) sa->sadb_sa_len = sizeof(struct sadb_sa)/sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3388) sa->sadb_sa_exttype = SADB_EXT_SA;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3389) sa->sadb_sa_spi = x->id.spi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3390) sa->sadb_sa_replay = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3391) sa->sadb_sa_state = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3392) sa->sadb_sa_auth = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3393) sa->sadb_sa_encrypt = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3394) sa->sadb_sa_flags = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3395)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3396) /* ADDRESS_SRC (old addr) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3397) addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3398) addr->sadb_address_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3399) (sizeof(struct sadb_address)+sockaddr_size)/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3400) sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3401) addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3402) addr->sadb_address_proto = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3403) addr->sadb_address_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3404) addr->sadb_address_prefixlen =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3405) pfkey_sockaddr_fill(&x->props.saddr, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3406) (struct sockaddr *) (addr + 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3407) x->props.family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3408) if (!addr->sadb_address_prefixlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3409) BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3410)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3411) /* NAT_T_SPORT (old port) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3412) n_port = skb_put(skb, sizeof(*n_port));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3413) n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3414) n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3415) n_port->sadb_x_nat_t_port_port = natt->encap_sport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3416) n_port->sadb_x_nat_t_port_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3417)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3418) /* ADDRESS_DST (new addr) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3419) addr = skb_put(skb, sizeof(struct sadb_address) + sockaddr_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3420) addr->sadb_address_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3421) (sizeof(struct sadb_address)+sockaddr_size)/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3422) sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3423) addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3424) addr->sadb_address_proto = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3425) addr->sadb_address_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3426) addr->sadb_address_prefixlen =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3427) pfkey_sockaddr_fill(ipaddr, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3428) (struct sockaddr *) (addr + 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3429) x->props.family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3430) if (!addr->sadb_address_prefixlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3431) BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3432)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3433) /* NAT_T_DPORT (new port) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3434) n_port = skb_put(skb, sizeof(*n_port));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3435) n_port->sadb_x_nat_t_port_len = sizeof(*n_port)/sizeof(uint64_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3436) n_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3437) n_port->sadb_x_nat_t_port_port = sport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3438) n_port->sadb_x_nat_t_port_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3439)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3440) return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3441) xs_net(x));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3442) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3443)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3444) #ifdef CONFIG_NET_KEY_MIGRATE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3445) static int set_sadb_address(struct sk_buff *skb, int sasize, int type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3446) const struct xfrm_selector *sel)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3447) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3448) struct sadb_address *addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3449) addr = skb_put(skb, sizeof(struct sadb_address) + sasize);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3450) addr->sadb_address_len = (sizeof(struct sadb_address) + sasize)/8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3451) addr->sadb_address_exttype = type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3452) addr->sadb_address_proto = sel->proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3453) addr->sadb_address_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3454)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3455) switch (type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3456) case SADB_EXT_ADDRESS_SRC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3457) addr->sadb_address_prefixlen = sel->prefixlen_s;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3458) pfkey_sockaddr_fill(&sel->saddr, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3459) (struct sockaddr *)(addr + 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3460) sel->family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3461) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3462) case SADB_EXT_ADDRESS_DST:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3463) addr->sadb_address_prefixlen = sel->prefixlen_d;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3464) pfkey_sockaddr_fill(&sel->daddr, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3465) (struct sockaddr *)(addr + 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3466) sel->family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3467) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3468) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3469) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3470) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3471)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3472) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3473) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3474)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3475)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3476) static int set_sadb_kmaddress(struct sk_buff *skb, const struct xfrm_kmaddress *k)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3477) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3478) struct sadb_x_kmaddress *kma;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3479) u8 *sa;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3480) int family = k->family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3481) int socklen = pfkey_sockaddr_len(family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3482) int size_req;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3483)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3484) size_req = (sizeof(struct sadb_x_kmaddress) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3485) pfkey_sockaddr_pair_size(family));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3486)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3487) kma = skb_put_zero(skb, size_req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3488) kma->sadb_x_kmaddress_len = size_req / 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3489) kma->sadb_x_kmaddress_exttype = SADB_X_EXT_KMADDRESS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3490) kma->sadb_x_kmaddress_reserved = k->reserved;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3491)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3492) sa = (u8 *)(kma + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3493) if (!pfkey_sockaddr_fill(&k->local, 0, (struct sockaddr *)sa, family) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3494) !pfkey_sockaddr_fill(&k->remote, 0, (struct sockaddr *)(sa+socklen), family))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3495) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3496)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3497) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3498) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3499)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3500) static int set_ipsecrequest(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3501) uint8_t proto, uint8_t mode, int level,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3502) uint32_t reqid, uint8_t family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3503) const xfrm_address_t *src, const xfrm_address_t *dst)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3504) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3505) struct sadb_x_ipsecrequest *rq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3506) u8 *sa;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3507) int socklen = pfkey_sockaddr_len(family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3508) int size_req;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3509)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3510) size_req = sizeof(struct sadb_x_ipsecrequest) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3511) pfkey_sockaddr_pair_size(family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3512)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3513) rq = skb_put_zero(skb, size_req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3514) rq->sadb_x_ipsecrequest_len = size_req;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3515) rq->sadb_x_ipsecrequest_proto = proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3516) rq->sadb_x_ipsecrequest_mode = mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3517) rq->sadb_x_ipsecrequest_level = level;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3518) rq->sadb_x_ipsecrequest_reqid = reqid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3519)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3520) sa = (u8 *) (rq + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3521) if (!pfkey_sockaddr_fill(src, 0, (struct sockaddr *)sa, family) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3522) !pfkey_sockaddr_fill(dst, 0, (struct sockaddr *)(sa + socklen), family))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3523) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3524)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3525) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3526) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3527) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3528)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3529) #ifdef CONFIG_NET_KEY_MIGRATE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3530) static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3531) const struct xfrm_migrate *m, int num_bundles,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3532) const struct xfrm_kmaddress *k,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3533) const struct xfrm_encap_tmpl *encap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3534) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3535) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3536) int sasize_sel;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3537) int size = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3538) int size_pol = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3539) struct sk_buff *skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3540) struct sadb_msg *hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3541) struct sadb_x_policy *pol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3542) const struct xfrm_migrate *mp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3543)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3544) if (type != XFRM_POLICY_TYPE_MAIN)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3545) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3546)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3547) if (num_bundles <= 0 || num_bundles > XFRM_MAX_DEPTH)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3548) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3549)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3550) if (k != NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3551) /* addresses for KM */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3552) size += PFKEY_ALIGN8(sizeof(struct sadb_x_kmaddress) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3553) pfkey_sockaddr_pair_size(k->family));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3554) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3555)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3556) /* selector */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3557) sasize_sel = pfkey_sockaddr_size(sel->family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3558) if (!sasize_sel)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3559) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3560) size += (sizeof(struct sadb_address) + sasize_sel) * 2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3561)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3562) /* policy info */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3563) size_pol += sizeof(struct sadb_x_policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3564)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3565) /* ipsecrequests */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3566) for (i = 0, mp = m; i < num_bundles; i++, mp++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3567) /* old locator pair */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3568) size_pol += sizeof(struct sadb_x_ipsecrequest) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3569) pfkey_sockaddr_pair_size(mp->old_family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3570) /* new locator pair */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3571) size_pol += sizeof(struct sadb_x_ipsecrequest) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3572) pfkey_sockaddr_pair_size(mp->new_family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3573) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3574)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3575) size += sizeof(struct sadb_msg) + size_pol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3576)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3577) /* alloc buffer */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3578) skb = alloc_skb(size, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3579) if (skb == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3580) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3581)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3582) hdr = skb_put(skb, sizeof(struct sadb_msg));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3583) hdr->sadb_msg_version = PF_KEY_V2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3584) hdr->sadb_msg_type = SADB_X_MIGRATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3585) hdr->sadb_msg_satype = pfkey_proto2satype(m->proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3586) hdr->sadb_msg_len = size / 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3587) hdr->sadb_msg_errno = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3588) hdr->sadb_msg_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3589) hdr->sadb_msg_seq = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3590) hdr->sadb_msg_pid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3591)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3592) /* Addresses to be used by KM for negotiation, if ext is available */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3593) if (k != NULL && (set_sadb_kmaddress(skb, k) < 0))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3594) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3595)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3596) /* selector src */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3597) set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_SRC, sel);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3598)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3599) /* selector dst */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3600) set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_DST, sel);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3601)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3602) /* policy information */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3603) pol = skb_put(skb, sizeof(struct sadb_x_policy));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3604) pol->sadb_x_policy_len = size_pol / 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3605) pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3606) pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3607) pol->sadb_x_policy_dir = dir + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3608) pol->sadb_x_policy_reserved = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3609) pol->sadb_x_policy_id = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3610) pol->sadb_x_policy_priority = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3611)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3612) for (i = 0, mp = m; i < num_bundles; i++, mp++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3613) /* old ipsecrequest */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3614) int mode = pfkey_mode_from_xfrm(mp->mode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3615) if (mode < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3616) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3617) if (set_ipsecrequest(skb, mp->proto, mode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3618) (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3619) mp->reqid, mp->old_family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3620) &mp->old_saddr, &mp->old_daddr) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3621) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3622)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3623) /* new ipsecrequest */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3624) if (set_ipsecrequest(skb, mp->proto, mode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3625) (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3626) mp->reqid, mp->new_family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3627) &mp->new_saddr, &mp->new_daddr) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3628) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3629) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3630)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3631) /* broadcast migrate message to sockets */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3632) pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, &init_net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3633)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3634) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3635)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3636) err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3637) kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3638) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3639) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3640) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3641) static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3642) const struct xfrm_migrate *m, int num_bundles,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3643) const struct xfrm_kmaddress *k,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3644) const struct xfrm_encap_tmpl *encap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3645) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3646) return -ENOPROTOOPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3647) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3648) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3649)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3650) static int pfkey_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3651) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3652) struct sock *sk = sock->sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3653) struct sk_buff *skb = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3654) struct sadb_msg *hdr = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3655) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3656) struct net *net = sock_net(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3657)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3658) err = -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3659) if (msg->msg_flags & MSG_OOB)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3660) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3661)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3662) err = -EMSGSIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3663) if ((unsigned int)len > sk->sk_sndbuf - 32)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3664) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3665)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3666) err = -ENOBUFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3667) skb = alloc_skb(len, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3668) if (skb == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3669) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3670)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3671) err = -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3672) if (memcpy_from_msg(skb_put(skb,len), msg, len))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3673) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3674)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3675) hdr = pfkey_get_base_msg(skb, &err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3676) if (!hdr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3677) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3678)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3679) mutex_lock(&net->xfrm.xfrm_cfg_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3680) err = pfkey_process(sk, skb, hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3681) mutex_unlock(&net->xfrm.xfrm_cfg_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3682)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3683) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3684) if (err && hdr && pfkey_error(hdr, err, sk) == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3685) err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3686) kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3687)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3688) return err ? : len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3689) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3690)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3691) static int pfkey_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3692) int flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3693) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3694) struct sock *sk = sock->sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3695) struct pfkey_sock *pfk = pfkey_sk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3696) struct sk_buff *skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3697) int copied, err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3698)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3699) err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3700) if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3701) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3702)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3703) skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3704) if (skb == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3705) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3706)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3707) copied = skb->len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3708) if (copied > len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3709) msg->msg_flags |= MSG_TRUNC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3710) copied = len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3711) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3712)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3713) skb_reset_transport_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3714) err = skb_copy_datagram_msg(skb, 0, msg, copied);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3715) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3716) goto out_free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3717)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3718) sock_recv_ts_and_drops(msg, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3719)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3720) err = (flags & MSG_TRUNC) ? skb->len : copied;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3721)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3722) if (pfk->dump.dump != NULL &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3723) 3 * atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3724) pfkey_do_dump(pfk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3725)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3726) out_free:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3727) skb_free_datagram(sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3728) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3729) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3730) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3731)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3732) static const struct proto_ops pfkey_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3733) .family = PF_KEY,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3734) .owner = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3735) /* Operations that make no sense on pfkey sockets. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3736) .bind = sock_no_bind,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3737) .connect = sock_no_connect,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3738) .socketpair = sock_no_socketpair,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3739) .accept = sock_no_accept,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3740) .getname = sock_no_getname,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3741) .ioctl = sock_no_ioctl,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3742) .listen = sock_no_listen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3743) .shutdown = sock_no_shutdown,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3744) .mmap = sock_no_mmap,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3745) .sendpage = sock_no_sendpage,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3746)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3747) /* Now the operations that really occur. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3748) .release = pfkey_release,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3749) .poll = datagram_poll,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3750) .sendmsg = pfkey_sendmsg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3751) .recvmsg = pfkey_recvmsg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3752) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3753)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3754) static const struct net_proto_family pfkey_family_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3755) .family = PF_KEY,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3756) .create = pfkey_create,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3757) .owner = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3758) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3759)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3760) #ifdef CONFIG_PROC_FS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3761) static int pfkey_seq_show(struct seq_file *f, void *v)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3762) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3763) struct sock *s = sk_entry(v);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3764)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3765) if (v == SEQ_START_TOKEN)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3766) seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3767) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3768) seq_printf(f, "%pK %-6d %-6u %-6u %-6u %-6lu\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3769) s,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3770) refcount_read(&s->sk_refcnt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3771) sk_rmem_alloc_get(s),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3772) sk_wmem_alloc_get(s),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3773) from_kuid_munged(seq_user_ns(f), sock_i_uid(s)),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3774) sock_i_ino(s)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3775) );
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3776) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3777) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3778)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3779) static void *pfkey_seq_start(struct seq_file *f, loff_t *ppos)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3780) __acquires(rcu)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3781) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3782) struct net *net = seq_file_net(f);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3783) struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3784)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3785) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3786) return seq_hlist_start_head_rcu(&net_pfkey->table, *ppos);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3787) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3788)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3789) static void *pfkey_seq_next(struct seq_file *f, void *v, loff_t *ppos)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3790) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3791) struct net *net = seq_file_net(f);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3792) struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3793)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3794) return seq_hlist_next_rcu(v, &net_pfkey->table, ppos);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3795) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3796)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3797) static void pfkey_seq_stop(struct seq_file *f, void *v)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3798) __releases(rcu)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3799) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3800) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3801) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3802)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3803) static const struct seq_operations pfkey_seq_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3804) .start = pfkey_seq_start,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3805) .next = pfkey_seq_next,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3806) .stop = pfkey_seq_stop,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3807) .show = pfkey_seq_show,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3808) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3809)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3810) static int __net_init pfkey_init_proc(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3811) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3812) struct proc_dir_entry *e;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3813)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3814) e = proc_create_net("pfkey", 0, net->proc_net, &pfkey_seq_ops,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3815) sizeof(struct seq_net_private));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3816) if (e == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3817) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3818)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3819) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3820) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3821)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3822) static void __net_exit pfkey_exit_proc(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3823) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3824) remove_proc_entry("pfkey", net->proc_net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3825) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3826) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3827) static inline int pfkey_init_proc(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3828) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3829) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3830) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3831)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3832) static inline void pfkey_exit_proc(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3833) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3834) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3835) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3836)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3837) static struct xfrm_mgr pfkeyv2_mgr =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3838) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3839) .notify = pfkey_send_notify,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3840) .acquire = pfkey_send_acquire,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3841) .compile_policy = pfkey_compile_policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3842) .new_mapping = pfkey_send_new_mapping,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3843) .notify_policy = pfkey_send_policy_notify,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3844) .migrate = pfkey_send_migrate,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3845) .is_alive = pfkey_is_alive,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3846) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3847)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3848) static int __net_init pfkey_net_init(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3849) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3850) struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3851) int rv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3852)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3853) INIT_HLIST_HEAD(&net_pfkey->table);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3854) atomic_set(&net_pfkey->socks_nr, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3855)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3856) rv = pfkey_init_proc(net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3857)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3858) return rv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3859) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3860)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3861) static void __net_exit pfkey_net_exit(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3862) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3863) struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3864)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3865) pfkey_exit_proc(net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3866) WARN_ON(!hlist_empty(&net_pfkey->table));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3867) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3868)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3869) static struct pernet_operations pfkey_net_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3870) .init = pfkey_net_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3871) .exit = pfkey_net_exit,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3872) .id = &pfkey_net_id,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3873) .size = sizeof(struct netns_pfkey),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3874) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3875)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3876) static void __exit ipsec_pfkey_exit(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3877) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3878) xfrm_unregister_km(&pfkeyv2_mgr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3879) sock_unregister(PF_KEY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3880) unregister_pernet_subsys(&pfkey_net_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3881) proto_unregister(&key_proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3882) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3883)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3884) static int __init ipsec_pfkey_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3885) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3886) int err = proto_register(&key_proto, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3887)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3888) if (err != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3889) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3890)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3891) err = register_pernet_subsys(&pfkey_net_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3892) if (err != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3893) goto out_unregister_key_proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3894) err = sock_register(&pfkey_family_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3895) if (err != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3896) goto out_unregister_pernet;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3897) err = xfrm_register_km(&pfkeyv2_mgr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3898) if (err != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3899) goto out_sock_unregister;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3900) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3901) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3902)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3903) out_sock_unregister:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3904) sock_unregister(PF_KEY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3905) out_unregister_pernet:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3906) unregister_pernet_subsys(&pfkey_net_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3907) out_unregister_key_proto:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3908) proto_unregister(&key_proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3909) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3910) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3911)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3912) module_init(ipsec_pfkey_init);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3913) module_exit(ipsec_pfkey_exit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3914) MODULE_LICENSE("GPL");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3915) MODULE_ALIAS_NETPROTO(PF_KEY);
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags