Lines Matching +full:- +full:x
1 // SPDX-License-Identifier: GPL-2.0-only
11 * Split up af-specific functions
35 rcu_dereference_protected((table), lockdep_is_held(&(net)->xfrm.xfrm_state_lock))
52 static inline bool xfrm_state_hold_rcu(struct xfrm_state __rcu *x) in xfrm_state_hold_rcu() argument
54 return refcount_inc_not_zero(&x->refcnt); in xfrm_state_hold_rcu()
63 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask); in xfrm_dst_hash()
71 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask); in xfrm_src_hash()
78 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask); in xfrm_spi_hash()
88 struct xfrm_state *x; in xfrm_hash_transfer() local
90 hlist_for_each_entry_safe(x, tmp, list, bydst) { in xfrm_hash_transfer()
93 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr, in xfrm_hash_transfer()
94 x->props.reqid, x->props.family, in xfrm_hash_transfer()
96 hlist_add_head_rcu(&x->bydst, ndsttable + h); in xfrm_hash_transfer()
98 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr, in xfrm_hash_transfer()
99 x->props.family, in xfrm_hash_transfer()
101 hlist_add_head_rcu(&x->bysrc, nsrctable + h); in xfrm_hash_transfer()
103 if (x->id.spi) { in xfrm_hash_transfer()
104 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi, in xfrm_hash_transfer()
105 x->id.proto, x->props.family, in xfrm_hash_transfer()
107 hlist_add_head_rcu(&x->byspi, nspitable + h); in xfrm_hash_transfer()
125 nsize = xfrm_hash_new_size(net->xfrm.state_hmask); in xfrm_hash_resize()
141 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_hash_resize()
142 write_seqcount_begin(&net->xfrm.xfrm_state_hash_generation); in xfrm_hash_resize()
144 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U; in xfrm_hash_resize()
145 odst = xfrm_state_deref_prot(net->xfrm.state_bydst, net); in xfrm_hash_resize()
146 for (i = net->xfrm.state_hmask; i >= 0; i--) in xfrm_hash_resize()
149 osrc = xfrm_state_deref_prot(net->xfrm.state_bysrc, net); in xfrm_hash_resize()
150 ospi = xfrm_state_deref_prot(net->xfrm.state_byspi, net); in xfrm_hash_resize()
151 ohashmask = net->xfrm.state_hmask; in xfrm_hash_resize()
153 rcu_assign_pointer(net->xfrm.state_bydst, ndst); in xfrm_hash_resize()
154 rcu_assign_pointer(net->xfrm.state_bysrc, nsrc); in xfrm_hash_resize()
155 rcu_assign_pointer(net->xfrm.state_byspi, nspi); in xfrm_hash_resize()
156 net->xfrm.state_hmask = nhashmask; in xfrm_hash_resize()
158 write_seqcount_end(&net->xfrm.xfrm_state_hash_generation); in xfrm_hash_resize()
159 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_hash_resize()
175 int __xfrm_state_delete(struct xfrm_state *x);
177 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
179 void km_state_expired(struct xfrm_state *x, int hard, u32 portid);
187 return -EAFNOSUPPORT; in xfrm_register_type()
189 #define X(afi, T, name) do { \ in xfrm_register_type() macro
190 WARN_ON((afi)->type_ ## name); \ in xfrm_register_type()
191 (afi)->type_ ## name = (T); \ in xfrm_register_type()
194 switch (type->proto) { in xfrm_register_type()
196 X(afinfo, type, comp); in xfrm_register_type()
199 X(afinfo, type, ah); in xfrm_register_type()
202 X(afinfo, type, esp); in xfrm_register_type()
205 X(afinfo, type, ipip); in xfrm_register_type()
208 X(afinfo, type, dstopts); in xfrm_register_type()
211 X(afinfo, type, routing); in xfrm_register_type()
214 X(afinfo, type, ipip6); in xfrm_register_type()
218 err = -EPROTONOSUPPORT; in xfrm_register_type()
221 #undef X in xfrm_register_type()
234 #define X(afi, T, name) do { \ in xfrm_unregister_type() macro
235 WARN_ON((afi)->type_ ## name != (T)); \ in xfrm_unregister_type()
236 (afi)->type_ ## name = NULL; \ in xfrm_unregister_type()
239 switch (type->proto) { in xfrm_unregister_type()
241 X(afinfo, type, comp); in xfrm_unregister_type()
244 X(afinfo, type, ah); in xfrm_unregister_type()
247 X(afinfo, type, esp); in xfrm_unregister_type()
250 X(afinfo, type, ipip); in xfrm_unregister_type()
253 X(afinfo, type, dstopts); in xfrm_unregister_type()
256 X(afinfo, type, routing); in xfrm_unregister_type()
259 X(afinfo, type, ipip6); in xfrm_unregister_type()
265 #undef X in xfrm_unregister_type()
283 type = afinfo->type_comp; in xfrm_get_type()
286 type = afinfo->type_ah; in xfrm_get_type()
289 type = afinfo->type_esp; in xfrm_get_type()
292 type = afinfo->type_ipip; in xfrm_get_type()
295 type = afinfo->type_dstopts; in xfrm_get_type()
298 type = afinfo->type_routing; in xfrm_get_type()
301 type = afinfo->type_ipip6; in xfrm_get_type()
307 if (unlikely(type && !try_module_get(type->owner))) in xfrm_get_type()
313 request_module("xfrm-type-%d-%d", family, proto); in xfrm_get_type()
323 module_put(type->owner); in xfrm_put_type()
333 return -EAFNOSUPPORT; in xfrm_register_type_offload()
335 switch (type->proto) { in xfrm_register_type_offload()
337 WARN_ON(afinfo->type_offload_esp); in xfrm_register_type_offload()
338 afinfo->type_offload_esp = type; in xfrm_register_type_offload()
342 err = -EPROTONOSUPPORT; in xfrm_register_type_offload()
359 switch (type->proto) { in xfrm_unregister_type_offload()
361 WARN_ON(afinfo->type_offload_esp != type); in xfrm_unregister_type_offload()
362 afinfo->type_offload_esp = NULL; in xfrm_unregister_type_offload()
385 type = afinfo->type_offload_esp; in xfrm_get_type_offload()
391 if ((type && !try_module_get(type->owner))) in xfrm_get_type_offload()
397 request_module("xfrm-offload-%d-%d", family, proto); in xfrm_get_type_offload()
407 module_put(type->owner); in xfrm_put_type_offload()
458 if (mode->family == family) in xfrm_get_mode()
463 if (mode->family == family) in xfrm_get_mode()
473 void xfrm_state_free(struct xfrm_state *x) in xfrm_state_free() argument
475 kmem_cache_free(xfrm_state_cache, x); in xfrm_state_free()
479 static void ___xfrm_state_destroy(struct xfrm_state *x) in ___xfrm_state_destroy() argument
481 hrtimer_cancel(&x->mtimer); in ___xfrm_state_destroy()
482 del_timer_sync(&x->rtimer); in ___xfrm_state_destroy()
483 kfree(x->aead); in ___xfrm_state_destroy()
484 kfree(x->aalg); in ___xfrm_state_destroy()
485 kfree(x->ealg); in ___xfrm_state_destroy()
486 kfree(x->calg); in ___xfrm_state_destroy()
487 kfree(x->encap); in ___xfrm_state_destroy()
488 kfree(x->coaddr); in ___xfrm_state_destroy()
489 kfree(x->replay_esn); in ___xfrm_state_destroy()
490 kfree(x->preplay_esn); in ___xfrm_state_destroy()
491 if (x->type_offload) in ___xfrm_state_destroy()
492 xfrm_put_type_offload(x->type_offload); in ___xfrm_state_destroy()
493 if (x->type) { in ___xfrm_state_destroy()
494 x->type->destructor(x); in ___xfrm_state_destroy()
495 xfrm_put_type(x->type); in ___xfrm_state_destroy()
497 if (x->xfrag.page) in ___xfrm_state_destroy()
498 put_page(x->xfrag.page); in ___xfrm_state_destroy()
499 xfrm_dev_state_free(x); in ___xfrm_state_destroy()
500 security_xfrm_state_free(x); in ___xfrm_state_destroy()
501 xfrm_state_free(x); in ___xfrm_state_destroy()
506 struct xfrm_state *x; in xfrm_state_gc_task() local
516 hlist_for_each_entry_safe(x, tmp, &gc_list, gclist) in xfrm_state_gc_task()
517 ___xfrm_state_destroy(x); in xfrm_state_gc_task()
522 struct xfrm_state *x = container_of(me, struct xfrm_state, mtimer); in xfrm_timer_handler() local
529 spin_lock(&x->lock); in xfrm_timer_handler()
530 if (x->km.state == XFRM_STATE_DEAD) in xfrm_timer_handler()
532 if (x->km.state == XFRM_STATE_EXPIRED) in xfrm_timer_handler()
534 if (x->lft.hard_add_expires_seconds) { in xfrm_timer_handler()
535 long tmo = x->lft.hard_add_expires_seconds + in xfrm_timer_handler()
536 x->curlft.add_time - now; in xfrm_timer_handler()
538 if (x->xflags & XFRM_SOFT_EXPIRE) { in xfrm_timer_handler()
541 * workaround: fix x->curflt.add_time by below: in xfrm_timer_handler()
543 x->curlft.add_time = now - x->saved_tmo - 1; in xfrm_timer_handler()
544 tmo = x->lft.hard_add_expires_seconds - x->saved_tmo; in xfrm_timer_handler()
551 if (x->lft.hard_use_expires_seconds) { in xfrm_timer_handler()
552 long tmo = x->lft.hard_use_expires_seconds + in xfrm_timer_handler()
553 (x->curlft.use_time ? : now) - now; in xfrm_timer_handler()
559 if (x->km.dying) in xfrm_timer_handler()
561 if (x->lft.soft_add_expires_seconds) { in xfrm_timer_handler()
562 long tmo = x->lft.soft_add_expires_seconds + in xfrm_timer_handler()
563 x->curlft.add_time - now; in xfrm_timer_handler()
566 x->xflags &= ~XFRM_SOFT_EXPIRE; in xfrm_timer_handler()
569 x->xflags |= XFRM_SOFT_EXPIRE; in xfrm_timer_handler()
570 x->saved_tmo = tmo; in xfrm_timer_handler()
573 if (x->lft.soft_use_expires_seconds) { in xfrm_timer_handler()
574 long tmo = x->lft.soft_use_expires_seconds + in xfrm_timer_handler()
575 (x->curlft.use_time ? : now) - now; in xfrm_timer_handler()
582 x->km.dying = warn; in xfrm_timer_handler()
584 km_state_expired(x, 0, 0); in xfrm_timer_handler()
587 hrtimer_forward_now(&x->mtimer, ktime_set(next, 0)); in xfrm_timer_handler()
594 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) in xfrm_timer_handler()
595 x->km.state = XFRM_STATE_EXPIRED; in xfrm_timer_handler()
597 err = __xfrm_state_delete(x); in xfrm_timer_handler()
599 km_state_expired(x, 1, 0); in xfrm_timer_handler()
601 xfrm_audit_state_delete(x, err ? 0 : 1, true); in xfrm_timer_handler()
604 spin_unlock(&x->lock); in xfrm_timer_handler()
612 struct xfrm_state *x; in xfrm_state_alloc() local
614 x = kmem_cache_zalloc(xfrm_state_cache, GFP_ATOMIC); in xfrm_state_alloc()
616 if (x) { in xfrm_state_alloc()
617 write_pnet(&x->xs_net, net); in xfrm_state_alloc()
618 refcount_set(&x->refcnt, 1); in xfrm_state_alloc()
619 atomic_set(&x->tunnel_users, 0); in xfrm_state_alloc()
620 INIT_LIST_HEAD(&x->km.all); in xfrm_state_alloc()
621 INIT_HLIST_NODE(&x->bydst); in xfrm_state_alloc()
622 INIT_HLIST_NODE(&x->bysrc); in xfrm_state_alloc()
623 INIT_HLIST_NODE(&x->byspi); in xfrm_state_alloc()
624 hrtimer_init(&x->mtimer, CLOCK_BOOTTIME, HRTIMER_MODE_ABS_SOFT); in xfrm_state_alloc()
625 x->mtimer.function = xfrm_timer_handler; in xfrm_state_alloc()
626 timer_setup(&x->rtimer, xfrm_replay_timer_handler, 0); in xfrm_state_alloc()
627 x->curlft.add_time = ktime_get_real_seconds(); in xfrm_state_alloc()
628 x->lft.soft_byte_limit = XFRM_INF; in xfrm_state_alloc()
629 x->lft.soft_packet_limit = XFRM_INF; in xfrm_state_alloc()
630 x->lft.hard_byte_limit = XFRM_INF; in xfrm_state_alloc()
631 x->lft.hard_packet_limit = XFRM_INF; in xfrm_state_alloc()
632 x->replay_maxage = 0; in xfrm_state_alloc()
633 x->replay_maxdiff = 0; in xfrm_state_alloc()
634 spin_lock_init(&x->lock); in xfrm_state_alloc()
636 return x; in xfrm_state_alloc()
640 void __xfrm_state_destroy(struct xfrm_state *x, bool sync) in __xfrm_state_destroy() argument
642 WARN_ON(x->km.state != XFRM_STATE_DEAD); in __xfrm_state_destroy()
646 ___xfrm_state_destroy(x); in __xfrm_state_destroy()
649 hlist_add_head(&x->gclist, &xfrm_state_gc_list); in __xfrm_state_destroy()
656 int __xfrm_state_delete(struct xfrm_state *x) in __xfrm_state_delete() argument
658 struct net *net = xs_net(x); in __xfrm_state_delete()
659 int err = -ESRCH; in __xfrm_state_delete()
661 if (x->km.state != XFRM_STATE_DEAD) { in __xfrm_state_delete()
662 x->km.state = XFRM_STATE_DEAD; in __xfrm_state_delete()
663 spin_lock(&net->xfrm.xfrm_state_lock); in __xfrm_state_delete()
664 list_del(&x->km.all); in __xfrm_state_delete()
665 hlist_del_rcu(&x->bydst); in __xfrm_state_delete()
666 hlist_del_rcu(&x->bysrc); in __xfrm_state_delete()
667 if (x->id.spi) in __xfrm_state_delete()
668 hlist_del_rcu(&x->byspi); in __xfrm_state_delete()
669 net->xfrm.state_num--; in __xfrm_state_delete()
670 spin_unlock(&net->xfrm.xfrm_state_lock); in __xfrm_state_delete()
672 if (x->encap_sk) in __xfrm_state_delete()
673 sock_put(rcu_dereference_raw(x->encap_sk)); in __xfrm_state_delete()
675 xfrm_dev_state_delete(x); in __xfrm_state_delete()
681 xfrm_state_put(x); in __xfrm_state_delete()
689 int xfrm_state_delete(struct xfrm_state *x) in xfrm_state_delete() argument
693 spin_lock_bh(&x->lock); in xfrm_state_delete()
694 err = __xfrm_state_delete(x); in xfrm_state_delete()
695 spin_unlock_bh(&x->lock); in xfrm_state_delete()
707 for (i = 0; i <= net->xfrm.state_hmask; i++) { in xfrm_state_flush_secctx_check()
708 struct xfrm_state *x; in xfrm_state_flush_secctx_check() local
710 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) { in xfrm_state_flush_secctx_check()
711 if (xfrm_id_proto_match(x->id.proto, proto) && in xfrm_state_flush_secctx_check()
712 (err = security_xfrm_state_delete(x)) != 0) { in xfrm_state_flush_secctx_check()
713 xfrm_audit_state_delete(x, 0, task_valid); in xfrm_state_flush_secctx_check()
727 for (i = 0; i <= net->xfrm.state_hmask; i++) { in xfrm_dev_state_flush_secctx_check()
728 struct xfrm_state *x; in xfrm_dev_state_flush_secctx_check() local
731 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) { in xfrm_dev_state_flush_secctx_check()
732 xso = &x->xso; in xfrm_dev_state_flush_secctx_check()
734 if (xso->dev == dev && in xfrm_dev_state_flush_secctx_check()
735 (err = security_xfrm_state_delete(x)) != 0) { in xfrm_dev_state_flush_secctx_check()
736 xfrm_audit_state_delete(x, 0, task_valid); in xfrm_dev_state_flush_secctx_check()
762 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_flush()
767 err = -ESRCH; in xfrm_state_flush()
768 for (i = 0; i <= net->xfrm.state_hmask; i++) { in xfrm_state_flush()
769 struct xfrm_state *x; in xfrm_state_flush() local
771 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) { in xfrm_state_flush()
772 if (!xfrm_state_kern(x) && in xfrm_state_flush()
773 xfrm_id_proto_match(x->id.proto, proto)) { in xfrm_state_flush()
774 xfrm_state_hold(x); in xfrm_state_flush()
775 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_flush()
777 err = xfrm_state_delete(x); in xfrm_state_flush()
778 xfrm_audit_state_delete(x, err ? 0 : 1, in xfrm_state_flush()
781 xfrm_state_put_sync(x); in xfrm_state_flush()
783 xfrm_state_put(x); in xfrm_state_flush()
787 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_flush()
793 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_flush()
805 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_dev_state_flush()
810 err = -ESRCH; in xfrm_dev_state_flush()
811 for (i = 0; i <= net->xfrm.state_hmask; i++) { in xfrm_dev_state_flush()
812 struct xfrm_state *x; in xfrm_dev_state_flush() local
815 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) { in xfrm_dev_state_flush()
816 xso = &x->xso; in xfrm_dev_state_flush()
818 if (!xfrm_state_kern(x) && xso->dev == dev) { in xfrm_dev_state_flush()
819 xfrm_state_hold(x); in xfrm_dev_state_flush()
820 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_dev_state_flush()
822 err = xfrm_state_delete(x); in xfrm_dev_state_flush()
823 xfrm_audit_state_delete(x, err ? 0 : 1, in xfrm_dev_state_flush()
825 xfrm_state_put(x); in xfrm_dev_state_flush()
829 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_dev_state_flush()
838 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_dev_state_flush()
845 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_sad_getinfo()
846 si->sadcnt = net->xfrm.state_num; in xfrm_sad_getinfo()
847 si->sadhcnt = net->xfrm.state_hmask + 1; in xfrm_sad_getinfo()
848 si->sadhmcnt = xfrm_state_hashmax; in xfrm_sad_getinfo()
849 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_sad_getinfo()
856 const struct flowi4 *fl4 = &fl->u.ip4; in __xfrm4_init_tempsel()
858 sel->daddr.a4 = fl4->daddr; in __xfrm4_init_tempsel()
859 sel->saddr.a4 = fl4->saddr; in __xfrm4_init_tempsel()
860 sel->dport = xfrm_flowi_dport(fl, &fl4->uli); in __xfrm4_init_tempsel()
861 sel->dport_mask = htons(0xffff); in __xfrm4_init_tempsel()
862 sel->sport = xfrm_flowi_sport(fl, &fl4->uli); in __xfrm4_init_tempsel()
863 sel->sport_mask = htons(0xffff); in __xfrm4_init_tempsel()
864 sel->family = AF_INET; in __xfrm4_init_tempsel()
865 sel->prefixlen_d = 32; in __xfrm4_init_tempsel()
866 sel->prefixlen_s = 32; in __xfrm4_init_tempsel()
867 sel->proto = fl4->flowi4_proto; in __xfrm4_init_tempsel()
868 sel->ifindex = fl4->flowi4_oif; in __xfrm4_init_tempsel()
874 const struct flowi6 *fl6 = &fl->u.ip6; in __xfrm6_init_tempsel()
877 *(struct in6_addr *)&sel->daddr = fl6->daddr; in __xfrm6_init_tempsel()
878 *(struct in6_addr *)&sel->saddr = fl6->saddr; in __xfrm6_init_tempsel()
879 sel->dport = xfrm_flowi_dport(fl, &fl6->uli); in __xfrm6_init_tempsel()
880 sel->dport_mask = htons(0xffff); in __xfrm6_init_tempsel()
881 sel->sport = xfrm_flowi_sport(fl, &fl6->uli); in __xfrm6_init_tempsel()
882 sel->sport_mask = htons(0xffff); in __xfrm6_init_tempsel()
883 sel->family = AF_INET6; in __xfrm6_init_tempsel()
884 sel->prefixlen_d = 128; in __xfrm6_init_tempsel()
885 sel->prefixlen_s = 128; in __xfrm6_init_tempsel()
886 sel->proto = fl6->flowi6_proto; in __xfrm6_init_tempsel()
887 sel->ifindex = fl6->flowi6_oif; in __xfrm6_init_tempsel()
891 xfrm_init_tempstate(struct xfrm_state *x, const struct flowi *fl, in xfrm_init_tempstate() argument
898 __xfrm4_init_tempsel(&x->sel, fl); in xfrm_init_tempstate()
901 __xfrm6_init_tempsel(&x->sel, fl); in xfrm_init_tempstate()
905 x->id = tmpl->id; in xfrm_init_tempstate()
907 switch (tmpl->encap_family) { in xfrm_init_tempstate()
909 if (x->id.daddr.a4 == 0) in xfrm_init_tempstate()
910 x->id.daddr.a4 = daddr->a4; in xfrm_init_tempstate()
911 x->props.saddr = tmpl->saddr; in xfrm_init_tempstate()
912 if (x->props.saddr.a4 == 0) in xfrm_init_tempstate()
913 x->props.saddr.a4 = saddr->a4; in xfrm_init_tempstate()
916 if (ipv6_addr_any((struct in6_addr *)&x->id.daddr)) in xfrm_init_tempstate()
917 memcpy(&x->id.daddr, daddr, sizeof(x->sel.daddr)); in xfrm_init_tempstate()
918 memcpy(&x->props.saddr, &tmpl->saddr, sizeof(x->props.saddr)); in xfrm_init_tempstate()
919 if (ipv6_addr_any((struct in6_addr *)&x->props.saddr)) in xfrm_init_tempstate()
920 memcpy(&x->props.saddr, saddr, sizeof(x->props.saddr)); in xfrm_init_tempstate()
924 x->props.mode = tmpl->mode; in xfrm_init_tempstate()
925 x->props.reqid = tmpl->reqid; in xfrm_init_tempstate()
926 x->props.family = tmpl->encap_family; in xfrm_init_tempstate()
935 struct xfrm_state *x; in __xfrm_state_lookup() local
937 hlist_for_each_entry_rcu(x, net->xfrm.state_byspi + h, byspi) { in __xfrm_state_lookup()
938 if (x->props.family != family || in __xfrm_state_lookup()
939 x->id.spi != spi || in __xfrm_state_lookup()
940 x->id.proto != proto || in __xfrm_state_lookup()
941 !xfrm_addr_equal(&x->id.daddr, daddr, family)) in __xfrm_state_lookup()
944 if ((mark & x->mark.m) != x->mark.v) in __xfrm_state_lookup()
946 if (!xfrm_state_hold_rcu(x)) in __xfrm_state_lookup()
948 return x; in __xfrm_state_lookup()
960 struct xfrm_state *x; in __xfrm_state_lookup_byaddr() local
962 hlist_for_each_entry_rcu(x, net->xfrm.state_bysrc + h, bysrc) { in __xfrm_state_lookup_byaddr()
963 if (x->props.family != family || in __xfrm_state_lookup_byaddr()
964 x->id.proto != proto || in __xfrm_state_lookup_byaddr()
965 !xfrm_addr_equal(&x->id.daddr, daddr, family) || in __xfrm_state_lookup_byaddr()
966 !xfrm_addr_equal(&x->props.saddr, saddr, family)) in __xfrm_state_lookup_byaddr()
969 if ((mark & x->mark.m) != x->mark.v) in __xfrm_state_lookup_byaddr()
971 if (!xfrm_state_hold_rcu(x)) in __xfrm_state_lookup_byaddr()
973 return x; in __xfrm_state_lookup_byaddr()
980 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family) in __xfrm_state_locate() argument
982 struct net *net = xs_net(x); in __xfrm_state_locate()
983 u32 mark = x->mark.v & x->mark.m; in __xfrm_state_locate()
986 return __xfrm_state_lookup(net, mark, &x->id.daddr, in __xfrm_state_locate()
987 x->id.spi, x->id.proto, family); in __xfrm_state_locate()
990 &x->id.daddr, in __xfrm_state_locate()
991 &x->props.saddr, in __xfrm_state_locate()
992 x->id.proto, family); in __xfrm_state_locate()
998 (net->xfrm.state_hmask + 1) < xfrm_state_hashmax && in xfrm_hash_grow_check()
999 net->xfrm.state_num > net->xfrm.state_hmask) in xfrm_hash_grow_check()
1000 schedule_work(&net->xfrm.state_hash_work); in xfrm_hash_grow_check()
1003 static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x, in xfrm_state_look_at() argument
1019 if (x->km.state == XFRM_STATE_VALID) { in xfrm_state_look_at()
1020 if ((x->sel.family && in xfrm_state_look_at()
1021 (x->sel.family != family || in xfrm_state_look_at()
1022 !xfrm_selector_match(&x->sel, fl, family))) || in xfrm_state_look_at()
1023 !security_xfrm_state_pol_flow_match(x, pol, in xfrm_state_look_at()
1024 &fl->u.__fl_common)) in xfrm_state_look_at()
1028 (*best)->km.dying > x->km.dying || in xfrm_state_look_at()
1029 ((*best)->km.dying == x->km.dying && in xfrm_state_look_at()
1030 (*best)->curlft.add_time < x->curlft.add_time)) in xfrm_state_look_at()
1031 *best = x; in xfrm_state_look_at()
1032 } else if (x->km.state == XFRM_STATE_ACQ) { in xfrm_state_look_at()
1034 } else if (x->km.state == XFRM_STATE_ERROR || in xfrm_state_look_at()
1035 x->km.state == XFRM_STATE_EXPIRED) { in xfrm_state_look_at()
1036 if ((!x->sel.family || in xfrm_state_look_at()
1037 (x->sel.family == family && in xfrm_state_look_at()
1038 xfrm_selector_match(&x->sel, fl, family))) && in xfrm_state_look_at()
1039 security_xfrm_state_pol_flow_match(x, pol, in xfrm_state_look_at()
1040 &fl->u.__fl_common)) in xfrm_state_look_at()
1041 *error = -ESRCH; in xfrm_state_look_at()
1054 struct xfrm_state *x, *x0, *to_put; in xfrm_state_find() local
1058 u32 mark = pol->mark.v & pol->mark.m; in xfrm_state_find()
1059 unsigned short encap_family = tmpl->encap_family; in xfrm_state_find()
1065 sequence = read_seqcount_begin(&net->xfrm.xfrm_state_hash_generation); in xfrm_state_find()
1068 h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, encap_family); in xfrm_state_find()
1069 hlist_for_each_entry_rcu(x, net->xfrm.state_bydst + h, bydst) { in xfrm_state_find()
1070 if (x->props.family == encap_family && in xfrm_state_find()
1071 x->props.reqid == tmpl->reqid && in xfrm_state_find()
1072 (mark & x->mark.m) == x->mark.v && in xfrm_state_find()
1073 x->if_id == if_id && in xfrm_state_find()
1074 !(x->props.flags & XFRM_STATE_WILDRECV) && in xfrm_state_find()
1075 xfrm_state_addr_check(x, daddr, saddr, encap_family) && in xfrm_state_find()
1076 tmpl->mode == x->props.mode && in xfrm_state_find()
1077 tmpl->id.proto == x->id.proto && in xfrm_state_find()
1078 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) in xfrm_state_find()
1079 xfrm_state_look_at(pol, x, fl, family, in xfrm_state_find()
1085 h_wildcard = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, encap_family); in xfrm_state_find()
1086 hlist_for_each_entry_rcu(x, net->xfrm.state_bydst + h_wildcard, bydst) { in xfrm_state_find()
1087 if (x->props.family == encap_family && in xfrm_state_find()
1088 x->props.reqid == tmpl->reqid && in xfrm_state_find()
1089 (mark & x->mark.m) == x->mark.v && in xfrm_state_find()
1090 x->if_id == if_id && in xfrm_state_find()
1091 !(x->props.flags & XFRM_STATE_WILDRECV) && in xfrm_state_find()
1092 xfrm_addr_equal(&x->id.daddr, daddr, encap_family) && in xfrm_state_find()
1093 tmpl->mode == x->props.mode && in xfrm_state_find()
1094 tmpl->id.proto == x->id.proto && in xfrm_state_find()
1095 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) in xfrm_state_find()
1096 xfrm_state_look_at(pol, x, fl, family, in xfrm_state_find()
1101 x = best; in xfrm_state_find()
1102 if (!x && !error && !acquire_in_progress) { in xfrm_state_find()
1103 if (tmpl->id.spi && in xfrm_state_find()
1104 (x0 = __xfrm_state_lookup(net, mark, daddr, tmpl->id.spi, in xfrm_state_find()
1105 tmpl->id.proto, encap_family)) != NULL) { in xfrm_state_find()
1107 error = -EEXIST; in xfrm_state_find()
1113 * for each and every packet - garbage collection might not in xfrm_state_find()
1117 error = -ESRCH; in xfrm_state_find()
1121 x = xfrm_state_alloc(net); in xfrm_state_find()
1122 if (x == NULL) { in xfrm_state_find()
1123 error = -ENOMEM; in xfrm_state_find()
1128 xfrm_init_tempstate(x, fl, tmpl, daddr, saddr, family); in xfrm_state_find()
1129 memcpy(&x->mark, &pol->mark, sizeof(x->mark)); in xfrm_state_find()
1130 x->if_id = if_id; in xfrm_state_find()
1132 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->flowi_secid); in xfrm_state_find()
1134 x->km.state = XFRM_STATE_DEAD; in xfrm_state_find()
1135 to_put = x; in xfrm_state_find()
1136 x = NULL; in xfrm_state_find()
1140 if (km_query(x, tmpl, pol) == 0) { in xfrm_state_find()
1141 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_find()
1142 x->km.state = XFRM_STATE_ACQ; in xfrm_state_find()
1143 list_add(&x->km.all, &net->xfrm.state_all); in xfrm_state_find()
1144 hlist_add_head_rcu(&x->bydst, net->xfrm.state_bydst + h); in xfrm_state_find()
1146 hlist_add_head_rcu(&x->bysrc, net->xfrm.state_bysrc + h); in xfrm_state_find()
1147 if (x->id.spi) { in xfrm_state_find()
1148 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, encap_family); in xfrm_state_find()
1149 hlist_add_head_rcu(&x->byspi, net->xfrm.state_byspi + h); in xfrm_state_find()
1151 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires; in xfrm_state_find()
1152 hrtimer_start(&x->mtimer, in xfrm_state_find()
1153 ktime_set(net->xfrm.sysctl_acq_expires, 0), in xfrm_state_find()
1155 net->xfrm.state_num++; in xfrm_state_find()
1156 xfrm_hash_grow_check(net, x->bydst.next != NULL); in xfrm_state_find()
1157 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_find()
1159 x->km.state = XFRM_STATE_DEAD; in xfrm_state_find()
1160 to_put = x; in xfrm_state_find()
1161 x = NULL; in xfrm_state_find()
1162 error = -ESRCH; in xfrm_state_find()
1166 if (x) { in xfrm_state_find()
1167 if (!xfrm_state_hold_rcu(x)) { in xfrm_state_find()
1168 *err = -EAGAIN; in xfrm_state_find()
1169 x = NULL; in xfrm_state_find()
1172 *err = acquire_in_progress ? -EAGAIN : error; in xfrm_state_find()
1178 if (read_seqcount_retry(&net->xfrm.xfrm_state_hash_generation, sequence)) { in xfrm_state_find()
1179 *err = -EAGAIN; in xfrm_state_find()
1180 if (x) { in xfrm_state_find()
1181 xfrm_state_put(x); in xfrm_state_find()
1182 x = NULL; in xfrm_state_find()
1186 return x; in xfrm_state_find()
1195 struct xfrm_state *rx = NULL, *x = NULL; in xfrm_stateonly_find() local
1197 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_stateonly_find()
1199 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) { in xfrm_stateonly_find()
1200 if (x->props.family == family && in xfrm_stateonly_find()
1201 x->props.reqid == reqid && in xfrm_stateonly_find()
1202 (mark & x->mark.m) == x->mark.v && in xfrm_stateonly_find()
1203 x->if_id == if_id && in xfrm_stateonly_find()
1204 !(x->props.flags & XFRM_STATE_WILDRECV) && in xfrm_stateonly_find()
1205 xfrm_state_addr_check(x, daddr, saddr, family) && in xfrm_stateonly_find()
1206 mode == x->props.mode && in xfrm_stateonly_find()
1207 proto == x->id.proto && in xfrm_stateonly_find()
1208 x->km.state == XFRM_STATE_VALID) { in xfrm_stateonly_find()
1209 rx = x; in xfrm_stateonly_find()
1216 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_stateonly_find()
1226 struct xfrm_state *x; in xfrm_state_lookup_byspi() local
1229 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_lookup_byspi()
1230 list_for_each_entry(w, &net->xfrm.state_all, all) { in xfrm_state_lookup_byspi()
1231 x = container_of(w, struct xfrm_state, km); in xfrm_state_lookup_byspi()
1232 if (x->props.family != family || in xfrm_state_lookup_byspi()
1233 x->id.spi != spi) in xfrm_state_lookup_byspi()
1236 xfrm_state_hold(x); in xfrm_state_lookup_byspi()
1237 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_lookup_byspi()
1238 return x; in xfrm_state_lookup_byspi()
1240 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_lookup_byspi()
1245 static void __xfrm_state_insert(struct xfrm_state *x) in __xfrm_state_insert() argument
1247 struct net *net = xs_net(x); in __xfrm_state_insert()
1250 list_add(&x->km.all, &net->xfrm.state_all); in __xfrm_state_insert()
1252 h = xfrm_dst_hash(net, &x->id.daddr, &x->props.saddr, in __xfrm_state_insert()
1253 x->props.reqid, x->props.family); in __xfrm_state_insert()
1254 hlist_add_head_rcu(&x->bydst, net->xfrm.state_bydst + h); in __xfrm_state_insert()
1256 h = xfrm_src_hash(net, &x->id.daddr, &x->props.saddr, x->props.family); in __xfrm_state_insert()
1257 hlist_add_head_rcu(&x->bysrc, net->xfrm.state_bysrc + h); in __xfrm_state_insert()
1259 if (x->id.spi) { in __xfrm_state_insert()
1260 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, in __xfrm_state_insert()
1261 x->props.family); in __xfrm_state_insert()
1263 hlist_add_head_rcu(&x->byspi, net->xfrm.state_byspi + h); in __xfrm_state_insert()
1266 hrtimer_start(&x->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL_SOFT); in __xfrm_state_insert()
1267 if (x->replay_maxage) in __xfrm_state_insert()
1268 mod_timer(&x->rtimer, jiffies + x->replay_maxage); in __xfrm_state_insert()
1270 net->xfrm.state_num++; in __xfrm_state_insert()
1272 xfrm_hash_grow_check(net, x->bydst.next != NULL); in __xfrm_state_insert()
1275 /* net->xfrm.xfrm_state_lock is held */
1279 unsigned short family = xnew->props.family; in __xfrm_state_bump_genids()
1280 u32 reqid = xnew->props.reqid; in __xfrm_state_bump_genids()
1281 struct xfrm_state *x; in __xfrm_state_bump_genids() local
1283 u32 mark = xnew->mark.v & xnew->mark.m; in __xfrm_state_bump_genids()
1284 u32 if_id = xnew->if_id; in __xfrm_state_bump_genids()
1286 h = xfrm_dst_hash(net, &xnew->id.daddr, &xnew->props.saddr, reqid, family); in __xfrm_state_bump_genids()
1287 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) { in __xfrm_state_bump_genids()
1288 if (x->props.family == family && in __xfrm_state_bump_genids()
1289 x->props.reqid == reqid && in __xfrm_state_bump_genids()
1290 x->if_id == if_id && in __xfrm_state_bump_genids()
1291 (mark & x->mark.m) == x->mark.v && in __xfrm_state_bump_genids()
1292 xfrm_addr_equal(&x->id.daddr, &xnew->id.daddr, family) && in __xfrm_state_bump_genids()
1293 xfrm_addr_equal(&x->props.saddr, &xnew->props.saddr, family)) in __xfrm_state_bump_genids()
1294 x->genid++; in __xfrm_state_bump_genids()
1298 void xfrm_state_insert(struct xfrm_state *x) in xfrm_state_insert() argument
1300 struct net *net = xs_net(x); in xfrm_state_insert()
1302 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_insert()
1303 __xfrm_state_bump_genids(x); in xfrm_state_insert()
1304 __xfrm_state_insert(x); in xfrm_state_insert()
1305 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_insert()
1309 /* net->xfrm.xfrm_state_lock is held */
1319 struct xfrm_state *x; in __find_acq_core() local
1320 u32 mark = m->v & m->m; in __find_acq_core()
1322 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) { in __find_acq_core()
1323 if (x->props.reqid != reqid || in __find_acq_core()
1324 x->props.mode != mode || in __find_acq_core()
1325 x->props.family != family || in __find_acq_core()
1326 x->km.state != XFRM_STATE_ACQ || in __find_acq_core()
1327 x->id.spi != 0 || in __find_acq_core()
1328 x->id.proto != proto || in __find_acq_core()
1329 (mark & x->mark.m) != x->mark.v || in __find_acq_core()
1330 !xfrm_addr_equal(&x->id.daddr, daddr, family) || in __find_acq_core()
1331 !xfrm_addr_equal(&x->props.saddr, saddr, family)) in __find_acq_core()
1334 xfrm_state_hold(x); in __find_acq_core()
1335 return x; in __find_acq_core()
1341 x = xfrm_state_alloc(net); in __find_acq_core()
1342 if (likely(x)) { in __find_acq_core()
1345 x->sel.daddr.a4 = daddr->a4; in __find_acq_core()
1346 x->sel.saddr.a4 = saddr->a4; in __find_acq_core()
1347 x->sel.prefixlen_d = 32; in __find_acq_core()
1348 x->sel.prefixlen_s = 32; in __find_acq_core()
1349 x->props.saddr.a4 = saddr->a4; in __find_acq_core()
1350 x->id.daddr.a4 = daddr->a4; in __find_acq_core()
1354 x->sel.daddr.in6 = daddr->in6; in __find_acq_core()
1355 x->sel.saddr.in6 = saddr->in6; in __find_acq_core()
1356 x->sel.prefixlen_d = 128; in __find_acq_core()
1357 x->sel.prefixlen_s = 128; in __find_acq_core()
1358 x->props.saddr.in6 = saddr->in6; in __find_acq_core()
1359 x->id.daddr.in6 = daddr->in6; in __find_acq_core()
1363 x->km.state = XFRM_STATE_ACQ; in __find_acq_core()
1364 x->id.proto = proto; in __find_acq_core()
1365 x->props.family = family; in __find_acq_core()
1366 x->props.mode = mode; in __find_acq_core()
1367 x->props.reqid = reqid; in __find_acq_core()
1368 x->if_id = if_id; in __find_acq_core()
1369 x->mark.v = m->v; in __find_acq_core()
1370 x->mark.m = m->m; in __find_acq_core()
1371 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires; in __find_acq_core()
1372 xfrm_state_hold(x); in __find_acq_core()
1373 hrtimer_start(&x->mtimer, in __find_acq_core()
1374 ktime_set(net->xfrm.sysctl_acq_expires, 0), in __find_acq_core()
1376 list_add(&x->km.all, &net->xfrm.state_all); in __find_acq_core()
1377 hlist_add_head_rcu(&x->bydst, net->xfrm.state_bydst + h); in __find_acq_core()
1379 hlist_add_head_rcu(&x->bysrc, net->xfrm.state_bysrc + h); in __find_acq_core()
1381 net->xfrm.state_num++; in __find_acq_core()
1383 xfrm_hash_grow_check(net, x->bydst.next != NULL); in __find_acq_core()
1386 return x; in __find_acq_core()
1391 int xfrm_state_add(struct xfrm_state *x) in xfrm_state_add() argument
1393 struct net *net = xs_net(x); in xfrm_state_add()
1397 u32 mark = x->mark.v & x->mark.m; in xfrm_state_add()
1398 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY); in xfrm_state_add()
1400 family = x->props.family; in xfrm_state_add()
1404 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_add()
1406 x1 = __xfrm_state_locate(x, use_spi, family); in xfrm_state_add()
1410 err = -EEXIST; in xfrm_state_add()
1414 if (use_spi && x->km.seq) { in xfrm_state_add()
1415 x1 = __xfrm_find_acq_byseq(net, mark, x->km.seq); in xfrm_state_add()
1416 if (x1 && ((x1->id.proto != x->id.proto) || in xfrm_state_add()
1417 !xfrm_addr_equal(&x1->id.daddr, &x->id.daddr, family))) { in xfrm_state_add()
1424 x1 = __find_acq_core(net, &x->mark, family, x->props.mode, in xfrm_state_add()
1425 x->props.reqid, x->if_id, x->id.proto, in xfrm_state_add()
1426 &x->id.daddr, &x->props.saddr, 0); in xfrm_state_add()
1428 __xfrm_state_bump_genids(x); in xfrm_state_add()
1429 __xfrm_state_insert(x); in xfrm_state_add()
1433 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_add()
1448 static inline int clone_security(struct xfrm_state *x, struct xfrm_sec_ctx *security) in clone_security() argument
1451 int size = sizeof(*uctx) + security->ctx_len; in clone_security()
1456 return -ENOMEM; in clone_security()
1458 uctx->exttype = XFRMA_SEC_CTX; in clone_security()
1459 uctx->len = size; in clone_security()
1460 uctx->ctx_doi = security->ctx_doi; in clone_security()
1461 uctx->ctx_alg = security->ctx_alg; in clone_security()
1462 uctx->ctx_len = security->ctx_len; in clone_security()
1463 memcpy(uctx + 1, security->ctx_str, security->ctx_len); in clone_security()
1464 err = security_xfrm_state_alloc(x, uctx); in clone_security()
1476 struct xfrm_state *x = xfrm_state_alloc(net); in xfrm_state_clone() local
1477 if (!x) in xfrm_state_clone()
1480 memcpy(&x->id, &orig->id, sizeof(x->id)); in xfrm_state_clone()
1481 memcpy(&x->sel, &orig->sel, sizeof(x->sel)); in xfrm_state_clone()
1482 memcpy(&x->lft, &orig->lft, sizeof(x->lft)); in xfrm_state_clone()
1483 x->props.mode = orig->props.mode; in xfrm_state_clone()
1484 x->props.replay_window = orig->props.replay_window; in xfrm_state_clone()
1485 x->props.reqid = orig->props.reqid; in xfrm_state_clone()
1486 x->props.family = orig->props.family; in xfrm_state_clone()
1487 x->props.saddr = orig->props.saddr; in xfrm_state_clone()
1489 if (orig->aalg) { in xfrm_state_clone()
1490 x->aalg = xfrm_algo_auth_clone(orig->aalg); in xfrm_state_clone()
1491 if (!x->aalg) in xfrm_state_clone()
1494 x->props.aalgo = orig->props.aalgo; in xfrm_state_clone()
1496 if (orig->aead) { in xfrm_state_clone()
1497 x->aead = xfrm_algo_aead_clone(orig->aead); in xfrm_state_clone()
1498 x->geniv = orig->geniv; in xfrm_state_clone()
1499 if (!x->aead) in xfrm_state_clone()
1502 if (orig->ealg) { in xfrm_state_clone()
1503 x->ealg = xfrm_algo_clone(orig->ealg); in xfrm_state_clone()
1504 if (!x->ealg) in xfrm_state_clone()
1507 x->props.ealgo = orig->props.ealgo; in xfrm_state_clone()
1509 if (orig->calg) { in xfrm_state_clone()
1510 x->calg = xfrm_algo_clone(orig->calg); in xfrm_state_clone()
1511 if (!x->calg) in xfrm_state_clone()
1514 x->props.calgo = orig->props.calgo; in xfrm_state_clone()
1516 if (encap || orig->encap) { in xfrm_state_clone()
1518 x->encap = kmemdup(encap, sizeof(*x->encap), in xfrm_state_clone()
1521 x->encap = kmemdup(orig->encap, sizeof(*x->encap), in xfrm_state_clone()
1524 if (!x->encap) in xfrm_state_clone()
1528 if (orig->security) in xfrm_state_clone()
1529 if (clone_security(x, orig->security)) in xfrm_state_clone()
1532 if (orig->coaddr) { in xfrm_state_clone()
1533 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr), in xfrm_state_clone()
1535 if (!x->coaddr) in xfrm_state_clone()
1539 if (orig->replay_esn) { in xfrm_state_clone()
1540 if (xfrm_replay_clone(x, orig)) in xfrm_state_clone()
1544 memcpy(&x->mark, &orig->mark, sizeof(x->mark)); in xfrm_state_clone()
1545 memcpy(&x->props.smark, &orig->props.smark, sizeof(x->props.smark)); in xfrm_state_clone()
1547 x->props.flags = orig->props.flags; in xfrm_state_clone()
1548 x->props.extra_flags = orig->props.extra_flags; in xfrm_state_clone()
1550 x->if_id = orig->if_id; in xfrm_state_clone()
1551 x->tfcpad = orig->tfcpad; in xfrm_state_clone()
1552 x->replay_maxdiff = orig->replay_maxdiff; in xfrm_state_clone()
1553 x->replay_maxage = orig->replay_maxage; in xfrm_state_clone()
1554 memcpy(&x->curlft, &orig->curlft, sizeof(x->curlft)); in xfrm_state_clone()
1555 x->km.state = orig->km.state; in xfrm_state_clone()
1556 x->km.seq = orig->km.seq; in xfrm_state_clone()
1557 x->replay = orig->replay; in xfrm_state_clone()
1558 x->preplay = orig->preplay; in xfrm_state_clone()
1559 x->lastused = orig->lastused; in xfrm_state_clone()
1561 return x; in xfrm_state_clone()
1564 xfrm_state_put(x); in xfrm_state_clone()
1573 struct xfrm_state *x = NULL; in xfrm_migrate_state_find() local
1575 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_migrate_state_find()
1577 if (m->reqid) { in xfrm_migrate_state_find()
1578 h = xfrm_dst_hash(net, &m->old_daddr, &m->old_saddr, in xfrm_migrate_state_find()
1579 m->reqid, m->old_family); in xfrm_migrate_state_find()
1580 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) { in xfrm_migrate_state_find()
1581 if (x->props.mode != m->mode || in xfrm_migrate_state_find()
1582 x->id.proto != m->proto) in xfrm_migrate_state_find()
1584 if (m->reqid && x->props.reqid != m->reqid) in xfrm_migrate_state_find()
1586 if (if_id != 0 && x->if_id != if_id) in xfrm_migrate_state_find()
1588 if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr, in xfrm_migrate_state_find()
1589 m->old_family) || in xfrm_migrate_state_find()
1590 !xfrm_addr_equal(&x->props.saddr, &m->old_saddr, in xfrm_migrate_state_find()
1591 m->old_family)) in xfrm_migrate_state_find()
1593 xfrm_state_hold(x); in xfrm_migrate_state_find()
1597 h = xfrm_src_hash(net, &m->old_daddr, &m->old_saddr, in xfrm_migrate_state_find()
1598 m->old_family); in xfrm_migrate_state_find()
1599 hlist_for_each_entry(x, net->xfrm.state_bysrc+h, bysrc) { in xfrm_migrate_state_find()
1600 if (x->props.mode != m->mode || in xfrm_migrate_state_find()
1601 x->id.proto != m->proto) in xfrm_migrate_state_find()
1603 if (if_id != 0 && x->if_id != if_id) in xfrm_migrate_state_find()
1605 if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr, in xfrm_migrate_state_find()
1606 m->old_family) || in xfrm_migrate_state_find()
1607 !xfrm_addr_equal(&x->props.saddr, &m->old_saddr, in xfrm_migrate_state_find()
1608 m->old_family)) in xfrm_migrate_state_find()
1610 xfrm_state_hold(x); in xfrm_migrate_state_find()
1615 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_migrate_state_find()
1617 return x; in xfrm_migrate_state_find()
1621 struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, in xfrm_state_migrate() argument
1627 xc = xfrm_state_clone(x, encap); in xfrm_state_migrate()
1631 xc->props.family = m->new_family; in xfrm_state_migrate()
1636 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr)); in xfrm_state_migrate()
1637 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr)); in xfrm_state_migrate()
1640 if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) { in xfrm_state_migrate()
1657 int xfrm_state_update(struct xfrm_state *x) in xfrm_state_update() argument
1661 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY); in xfrm_state_update()
1662 struct net *net = xs_net(x); in xfrm_state_update()
1666 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_update()
1667 x1 = __xfrm_state_locate(x, use_spi, x->props.family); in xfrm_state_update()
1669 err = -ESRCH; in xfrm_state_update()
1675 err = -EEXIST; in xfrm_state_update()
1679 if (x1->km.state == XFRM_STATE_ACQ) { in xfrm_state_update()
1680 __xfrm_state_insert(x); in xfrm_state_update()
1681 x = NULL; in xfrm_state_update()
1686 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_update()
1694 if (!x) { in xfrm_state_update()
1700 err = -EINVAL; in xfrm_state_update()
1701 spin_lock_bh(&x1->lock); in xfrm_state_update()
1702 if (likely(x1->km.state == XFRM_STATE_VALID)) { in xfrm_state_update()
1703 if (x->encap && x1->encap && in xfrm_state_update()
1704 x->encap->encap_type == x1->encap->encap_type) in xfrm_state_update()
1705 memcpy(x1->encap, x->encap, sizeof(*x1->encap)); in xfrm_state_update()
1706 else if (x->encap || x1->encap) in xfrm_state_update()
1709 if (x->coaddr && x1->coaddr) { in xfrm_state_update()
1710 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr)); in xfrm_state_update()
1712 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel))) in xfrm_state_update()
1713 memcpy(&x1->sel, &x->sel, sizeof(x1->sel)); in xfrm_state_update()
1714 memcpy(&x1->lft, &x->lft, sizeof(x1->lft)); in xfrm_state_update()
1715 x1->km.dying = 0; in xfrm_state_update()
1717 hrtimer_start(&x1->mtimer, ktime_set(1, 0), in xfrm_state_update()
1719 if (x1->curlft.use_time) in xfrm_state_update()
1722 if (x->props.smark.m || x->props.smark.v || x->if_id) { in xfrm_state_update()
1723 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_update()
1725 if (x->props.smark.m || x->props.smark.v) in xfrm_state_update()
1726 x1->props.smark = x->props.smark; in xfrm_state_update()
1728 if (x->if_id) in xfrm_state_update()
1729 x1->if_id = x->if_id; in xfrm_state_update()
1732 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_update()
1736 x->km.state = XFRM_STATE_DEAD; in xfrm_state_update()
1737 __xfrm_state_put(x); in xfrm_state_update()
1741 spin_unlock_bh(&x1->lock); in xfrm_state_update()
1749 int xfrm_state_check_expire(struct xfrm_state *x) in xfrm_state_check_expire() argument
1751 if (!x->curlft.use_time) in xfrm_state_check_expire()
1752 x->curlft.use_time = ktime_get_real_seconds(); in xfrm_state_check_expire()
1754 if (x->curlft.bytes >= x->lft.hard_byte_limit || in xfrm_state_check_expire()
1755 x->curlft.packets >= x->lft.hard_packet_limit) { in xfrm_state_check_expire()
1756 x->km.state = XFRM_STATE_EXPIRED; in xfrm_state_check_expire()
1757 hrtimer_start(&x->mtimer, 0, HRTIMER_MODE_REL_SOFT); in xfrm_state_check_expire()
1758 return -EINVAL; in xfrm_state_check_expire()
1761 if (!x->km.dying && in xfrm_state_check_expire()
1762 (x->curlft.bytes >= x->lft.soft_byte_limit || in xfrm_state_check_expire()
1763 x->curlft.packets >= x->lft.soft_packet_limit)) { in xfrm_state_check_expire()
1764 x->km.dying = 1; in xfrm_state_check_expire()
1765 km_state_expired(x, 0, 0); in xfrm_state_check_expire()
1775 struct xfrm_state *x; in xfrm_state_lookup() local
1778 x = __xfrm_state_lookup(net, mark, daddr, spi, proto, family); in xfrm_state_lookup()
1780 return x; in xfrm_state_lookup()
1789 struct xfrm_state *x; in xfrm_state_lookup_byaddr() local
1791 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_lookup_byaddr()
1792 x = __xfrm_state_lookup_byaddr(net, mark, daddr, saddr, proto, family); in xfrm_state_lookup_byaddr()
1793 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_lookup_byaddr()
1794 return x; in xfrm_state_lookup_byaddr()
1803 struct xfrm_state *x; in xfrm_find_acq() local
1805 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_find_acq()
1806 x = __find_acq_core(net, mark, family, mode, reqid, if_id, proto, daddr, saddr, create); in xfrm_find_acq()
1807 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_find_acq()
1809 return x; in xfrm_find_acq()
1832 count[i] += count[i - 1]; in __xfrm6_sort()
1835 dst[count[class[i] - 1]++] = src[i]; in __xfrm6_sort()
1852 switch (v->props.mode) { in __xfrm6_state_sort_cmp()
1854 if (v->id.proto != IPPROTO_AH) in __xfrm6_state_sort_cmp()
1881 switch (v->mode) { in __xfrm6_tmpl_sort_cmp()
1945 for (i = 0; i <= net->xfrm.state_hmask; i++) { in __xfrm_find_acq_byseq()
1946 struct xfrm_state *x; in __xfrm_find_acq_byseq() local
1948 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) { in __xfrm_find_acq_byseq()
1949 if (x->km.seq == seq && in __xfrm_find_acq_byseq()
1950 (mark & x->mark.m) == x->mark.v && in __xfrm_find_acq_byseq()
1951 x->km.state == XFRM_STATE_ACQ) { in __xfrm_find_acq_byseq()
1952 xfrm_state_hold(x); in __xfrm_find_acq_byseq()
1953 return x; in __xfrm_find_acq_byseq()
1962 struct xfrm_state *x; in xfrm_find_acq_byseq() local
1964 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_find_acq_byseq()
1965 x = __xfrm_find_acq_byseq(net, mark, seq); in xfrm_find_acq_byseq()
1966 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_find_acq_byseq()
1967 return x; in xfrm_find_acq_byseq()
1992 /* IPCOMP spi is 16-bits. */ in verify_spi_info()
1994 return -EINVAL; in verify_spi_info()
1998 return -EINVAL; in verify_spi_info()
2002 return -EINVAL; in verify_spi_info()
2008 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high) in xfrm_alloc_spi() argument
2010 struct net *net = xs_net(x); in xfrm_alloc_spi()
2013 int err = -ENOENT; in xfrm_alloc_spi()
2017 u32 mark = x->mark.v & x->mark.m; in xfrm_alloc_spi()
2019 spin_lock_bh(&x->lock); in xfrm_alloc_spi()
2020 if (x->km.state == XFRM_STATE_DEAD) in xfrm_alloc_spi()
2024 if (x->id.spi) in xfrm_alloc_spi()
2027 err = -ENOENT; in xfrm_alloc_spi()
2030 x0 = xfrm_state_lookup(net, mark, &x->id.daddr, minspi, x->id.proto, x->props.family); in xfrm_alloc_spi()
2038 for (h = 0; h < high-low+1; h++) { in xfrm_alloc_spi()
2039 spi = low + prandom_u32()%(high-low+1); in xfrm_alloc_spi()
2040 x0 = xfrm_state_lookup(net, mark, &x->id.daddr, htonl(spi), x->id.proto, x->props.family); in xfrm_alloc_spi()
2049 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_alloc_spi()
2050 x->id.spi = newspi; in xfrm_alloc_spi()
2051 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family); in xfrm_alloc_spi()
2052 hlist_add_head_rcu(&x->byspi, net->xfrm.state_byspi + h); in xfrm_alloc_spi()
2053 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_alloc_spi()
2059 spin_unlock_bh(&x->lock); in xfrm_alloc_spi()
2065 static bool __xfrm_state_filter_match(struct xfrm_state *x, in __xfrm_state_filter_match() argument
2069 if ((filter->family == AF_INET || in __xfrm_state_filter_match()
2070 filter->family == AF_INET6) && in __xfrm_state_filter_match()
2071 x->props.family != filter->family) in __xfrm_state_filter_match()
2074 return addr_match(&x->props.saddr, &filter->saddr, in __xfrm_state_filter_match()
2075 filter->splen) && in __xfrm_state_filter_match()
2076 addr_match(&x->id.daddr, &filter->daddr, in __xfrm_state_filter_match()
2077 filter->dplen); in __xfrm_state_filter_match()
2087 struct xfrm_state_walk *x; in xfrm_state_walk() local
2090 if (walk->seq != 0 && list_empty(&walk->all)) in xfrm_state_walk()
2093 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_walk()
2094 if (list_empty(&walk->all)) in xfrm_state_walk()
2095 x = list_first_entry(&net->xfrm.state_all, struct xfrm_state_walk, all); in xfrm_state_walk()
2097 x = list_first_entry(&walk->all, struct xfrm_state_walk, all); in xfrm_state_walk()
2098 list_for_each_entry_from(x, &net->xfrm.state_all, all) { in xfrm_state_walk()
2099 if (x->state == XFRM_STATE_DEAD) in xfrm_state_walk()
2101 state = container_of(x, struct xfrm_state, km); in xfrm_state_walk()
2102 if (!xfrm_id_proto_match(state->id.proto, walk->proto)) in xfrm_state_walk()
2104 if (!__xfrm_state_filter_match(state, walk->filter)) in xfrm_state_walk()
2106 err = func(state, walk->seq, data); in xfrm_state_walk()
2108 list_move_tail(&walk->all, &x->all); in xfrm_state_walk()
2111 walk->seq++; in xfrm_state_walk()
2113 if (walk->seq == 0) { in xfrm_state_walk()
2114 err = -ENOENT; in xfrm_state_walk()
2117 list_del_init(&walk->all); in xfrm_state_walk()
2119 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_walk()
2127 INIT_LIST_HEAD(&walk->all); in xfrm_state_walk_init()
2128 walk->proto = proto; in xfrm_state_walk_init()
2129 walk->state = XFRM_STATE_DEAD; in xfrm_state_walk_init()
2130 walk->seq = 0; in xfrm_state_walk_init()
2131 walk->filter = filter; in xfrm_state_walk_init()
2137 kfree(walk->filter); in xfrm_state_walk_done()
2139 if (list_empty(&walk->all)) in xfrm_state_walk_done()
2142 spin_lock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_walk_done()
2143 list_del(&walk->all); in xfrm_state_walk_done()
2144 spin_unlock_bh(&net->xfrm.xfrm_state_lock); in xfrm_state_walk_done()
2150 struct xfrm_state *x = from_timer(x, t, rtimer); in xfrm_replay_timer_handler() local
2152 spin_lock(&x->lock); in xfrm_replay_timer_handler()
2154 if (x->km.state == XFRM_STATE_VALID) { in xfrm_replay_timer_handler()
2155 if (xfrm_aevent_is_on(xs_net(x))) in xfrm_replay_timer_handler()
2156 x->repl->notify(x, XFRM_REPLAY_TIMEOUT); in xfrm_replay_timer_handler()
2158 x->xflags |= XFRM_TIME_DEFER; in xfrm_replay_timer_handler()
2161 spin_unlock(&x->lock); in xfrm_replay_timer_handler()
2172 if (km->notify_policy) in km_policy_notify()
2173 km->notify_policy(xp, dir, c); in km_policy_notify()
2177 void km_state_notify(struct xfrm_state *x, const struct km_event *c) in km_state_notify() argument
2182 if (km->notify) in km_state_notify()
2183 km->notify(x, c); in km_state_notify()
2190 void km_state_expired(struct xfrm_state *x, int hard, u32 portid) in km_state_expired() argument
2197 km_state_notify(x, &c); in km_state_expired()
2205 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol) in km_query() argument
2207 int err = -EINVAL, acqret; in km_query()
2212 acqret = km->acquire(x, t, pol); in km_query()
2221 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport) in km_new_mapping() argument
2223 int err = -EINVAL; in km_new_mapping()
2228 if (km->new_mapping) in km_new_mapping()
2229 err = km->new_mapping(x, ipaddr, sport); in km_new_mapping()
2255 int err = -EINVAL; in km_migrate()
2261 if (km->migrate) { in km_migrate()
2262 ret = km->migrate(sel, dir, type, m, num_migrate, k, in km_migrate()
2276 int err = -EINVAL; in km_report()
2282 if (km->report) { in km_report()
2283 ret = km->report(net, proto, sel, addr); in km_report()
2300 if (km->is_alive && km->is_alive(c)) { in km_is_alive()
2322 if (!try_module_get(xtr->owner)) in xfrm_get_translator()
2332 module_put(xtr->owner); in xfrm_put_translator()
2342 err = -EEXIST; in xfrm_register_translator()
2358 err = -EINVAL; in xfrm_unregister_translator()
2385 return -EMSGSIZE; in xfrm_user_policy()
2391 /* Use the 64-bit / untranslated format on Android, even for compat */ in xfrm_user_policy()
2398 return -EOPNOTSUPP; in xfrm_user_policy()
2401 err = xtr->xlate_user_policy_sockptr(&data, optlen); in xfrm_user_policy()
2410 err = -EINVAL; in xfrm_user_policy()
2413 pol = km->compile_policy(sk, optname, data, in xfrm_user_policy()
2437 list_add_tail_rcu(&km->list, &xfrm_km_list); in xfrm_register_km()
2446 list_del_rcu(&km->list); in xfrm_unregister_km()
2457 if (WARN_ON(afinfo->family >= NPROTO)) in xfrm_state_register_afinfo()
2458 return -EAFNOSUPPORT; in xfrm_state_register_afinfo()
2461 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL)) in xfrm_state_register_afinfo()
2462 err = -EEXIST; in xfrm_state_register_afinfo()
2464 rcu_assign_pointer(xfrm_state_afinfo[afinfo->family], afinfo); in xfrm_state_register_afinfo()
2472 int err = 0, family = afinfo->family; in xfrm_state_unregister_afinfo()
2475 return -EAFNOSUPPORT; in xfrm_state_unregister_afinfo()
2478 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) { in xfrm_state_unregister_afinfo()
2480 err = -EINVAL; in xfrm_state_unregister_afinfo()
2482 RCU_INIT_POINTER(xfrm_state_afinfo[afinfo->family], NULL); in xfrm_state_unregister_afinfo()
2518 void xfrm_state_delete_tunnel(struct xfrm_state *x) in xfrm_state_delete_tunnel() argument
2520 if (x->tunnel) { in xfrm_state_delete_tunnel()
2521 struct xfrm_state *t = x->tunnel; in xfrm_state_delete_tunnel()
2523 if (atomic_read(&t->tunnel_users) == 2) in xfrm_state_delete_tunnel()
2525 atomic_dec(&t->tunnel_users); in xfrm_state_delete_tunnel()
2527 x->tunnel = NULL; in xfrm_state_delete_tunnel()
2532 u32 xfrm_state_mtu(struct xfrm_state *x, int mtu) in xfrm_state_mtu() argument
2534 const struct xfrm_type *type = READ_ONCE(x->type); in xfrm_state_mtu()
2538 if (x->km.state != XFRM_STATE_VALID || in xfrm_state_mtu()
2539 !type || type->proto != IPPROTO_ESP) in xfrm_state_mtu()
2540 return mtu - x->props.header_len; in xfrm_state_mtu()
2542 aead = x->data; in xfrm_state_mtu()
2545 switch (x->props.mode) { in xfrm_state_mtu()
2548 if (x->props.family == AF_INET) in xfrm_state_mtu()
2550 else if (x->props.family == AF_INET6) in xfrm_state_mtu()
2560 return ((mtu - x->props.header_len - crypto_aead_authsize(aead) - in xfrm_state_mtu()
2561 net_adj) & ~(blksize - 1)) + net_adj - 2; in xfrm_state_mtu()
2565 int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload) in __xfrm_init_state() argument
2569 int family = x->props.family; in __xfrm_init_state()
2573 READ_ONCE(xs_net(x)->ipv4.sysctl_ip_no_pmtu_disc)) in __xfrm_init_state()
2574 x->props.flags |= XFRM_STATE_NOPMTUDISC; in __xfrm_init_state()
2576 err = -EPROTONOSUPPORT; in __xfrm_init_state()
2578 if (x->sel.family != AF_UNSPEC) { in __xfrm_init_state()
2579 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family); in __xfrm_init_state()
2583 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) && in __xfrm_init_state()
2584 family != x->sel.family) in __xfrm_init_state()
2587 x->inner_mode = *inner_mode; in __xfrm_init_state()
2592 inner_mode = xfrm_get_mode(x->props.mode, x->props.family); in __xfrm_init_state()
2596 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) in __xfrm_init_state()
2599 x->inner_mode = *inner_mode; in __xfrm_init_state()
2601 if (x->props.family == AF_INET) in __xfrm_init_state()
2604 inner_mode_iaf = xfrm_get_mode(x->props.mode, iafamily); in __xfrm_init_state()
2606 if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL) in __xfrm_init_state()
2607 x->inner_mode_iaf = *inner_mode_iaf; in __xfrm_init_state()
2611 x->type = xfrm_get_type(x->id.proto, family); in __xfrm_init_state()
2612 if (x->type == NULL) in __xfrm_init_state()
2615 x->type_offload = xfrm_get_type_offload(x->id.proto, family, offload); in __xfrm_init_state()
2617 err = x->type->init_state(x); in __xfrm_init_state()
2621 outer_mode = xfrm_get_mode(x->props.mode, family); in __xfrm_init_state()
2623 err = -EPROTONOSUPPORT; in __xfrm_init_state()
2627 x->outer_mode = *outer_mode; in __xfrm_init_state()
2629 err = xfrm_init_replay(x); in __xfrm_init_state()
2640 int xfrm_init_state(struct xfrm_state *x) in xfrm_init_state() argument
2644 err = __xfrm_init_state(x, true, false); in xfrm_init_state()
2646 x->km.state = XFRM_STATE_VALID; in xfrm_init_state()
2661 INIT_LIST_HEAD(&net->xfrm.state_all); in xfrm_state_init()
2665 net->xfrm.state_bydst = xfrm_hash_alloc(sz); in xfrm_state_init()
2666 if (!net->xfrm.state_bydst) in xfrm_state_init()
2668 net->xfrm.state_bysrc = xfrm_hash_alloc(sz); in xfrm_state_init()
2669 if (!net->xfrm.state_bysrc) in xfrm_state_init()
2671 net->xfrm.state_byspi = xfrm_hash_alloc(sz); in xfrm_state_init()
2672 if (!net->xfrm.state_byspi) in xfrm_state_init()
2674 net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1); in xfrm_state_init()
2676 net->xfrm.state_num = 0; in xfrm_state_init()
2677 INIT_WORK(&net->xfrm.state_hash_work, xfrm_hash_resize); in xfrm_state_init()
2678 spin_lock_init(&net->xfrm.xfrm_state_lock); in xfrm_state_init()
2679 seqcount_init(&net->xfrm.xfrm_state_hash_generation); in xfrm_state_init()
2683 xfrm_hash_free(net->xfrm.state_bysrc, sz); in xfrm_state_init()
2685 xfrm_hash_free(net->xfrm.state_bydst, sz); in xfrm_state_init()
2687 return -ENOMEM; in xfrm_state_init()
2694 flush_work(&net->xfrm.state_hash_work); in xfrm_state_fini()
2698 WARN_ON(!list_empty(&net->xfrm.state_all)); in xfrm_state_fini()
2700 sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head); in xfrm_state_fini()
2701 WARN_ON(!hlist_empty(net->xfrm.state_byspi)); in xfrm_state_fini()
2702 xfrm_hash_free(net->xfrm.state_byspi, sz); in xfrm_state_fini()
2703 WARN_ON(!hlist_empty(net->xfrm.state_bysrc)); in xfrm_state_fini()
2704 xfrm_hash_free(net->xfrm.state_bysrc, sz); in xfrm_state_fini()
2705 WARN_ON(!hlist_empty(net->xfrm.state_bydst)); in xfrm_state_fini()
2706 xfrm_hash_free(net->xfrm.state_bydst, sz); in xfrm_state_fini()
2710 static void xfrm_audit_helper_sainfo(struct xfrm_state *x, in xfrm_audit_helper_sainfo() argument
2713 struct xfrm_sec_ctx *ctx = x->security; in xfrm_audit_helper_sainfo()
2714 u32 spi = ntohl(x->id.spi); in xfrm_audit_helper_sainfo()
2718 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str); in xfrm_audit_helper_sainfo()
2720 switch (x->props.family) { in xfrm_audit_helper_sainfo()
2723 &x->props.saddr.a4, &x->id.daddr.a4); in xfrm_audit_helper_sainfo()
2727 x->props.saddr.a6, x->id.daddr.a6); in xfrm_audit_helper_sainfo()
2731 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi); in xfrm_audit_helper_sainfo()
2744 &iph4->saddr, &iph4->daddr); in xfrm_audit_helper_pktinfo()
2749 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x", in xfrm_audit_helper_pktinfo()
2750 &iph6->saddr, &iph6->daddr, in xfrm_audit_helper_pktinfo()
2751 iph6->flow_lbl[0] & 0x0f, in xfrm_audit_helper_pktinfo()
2752 iph6->flow_lbl[1], in xfrm_audit_helper_pktinfo()
2753 iph6->flow_lbl[2]); in xfrm_audit_helper_pktinfo()
2758 void xfrm_audit_state_add(struct xfrm_state *x, int result, bool task_valid) in xfrm_audit_state_add() argument
2762 audit_buf = xfrm_audit_start("SAD-add"); in xfrm_audit_state_add()
2766 xfrm_audit_helper_sainfo(x, audit_buf); in xfrm_audit_state_add()
2772 void xfrm_audit_state_delete(struct xfrm_state *x, int result, bool task_valid) in xfrm_audit_state_delete() argument
2776 audit_buf = xfrm_audit_start("SAD-delete"); in xfrm_audit_state_delete()
2780 xfrm_audit_helper_sainfo(x, audit_buf); in xfrm_audit_state_delete()
2786 void xfrm_audit_state_replay_overflow(struct xfrm_state *x, in xfrm_audit_state_replay_overflow() argument
2792 audit_buf = xfrm_audit_start("SA-replay-overflow"); in xfrm_audit_state_replay_overflow()
2795 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf); in xfrm_audit_state_replay_overflow()
2798 spi = ntohl(x->id.spi); in xfrm_audit_state_replay_overflow()
2799 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi); in xfrm_audit_state_replay_overflow()
2804 void xfrm_audit_state_replay(struct xfrm_state *x, in xfrm_audit_state_replay() argument
2810 audit_buf = xfrm_audit_start("SA-replayed-pkt"); in xfrm_audit_state_replay()
2813 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf); in xfrm_audit_state_replay()
2814 spi = ntohl(x->id.spi); in xfrm_audit_state_replay()
2815 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u", in xfrm_audit_state_replay()
2825 audit_buf = xfrm_audit_start("SA-notfound"); in xfrm_audit_state_notfound_simple()
2839 audit_buf = xfrm_audit_start("SA-notfound"); in xfrm_audit_state_notfound()
2844 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u", in xfrm_audit_state_notfound()
2850 void xfrm_audit_state_icvfail(struct xfrm_state *x, in xfrm_audit_state_icvfail() argument
2857 audit_buf = xfrm_audit_start("SA-icv-failure"); in xfrm_audit_state_icvfail()
2860 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf); in xfrm_audit_state_icvfail()
2863 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u", in xfrm_audit_state_icvfail()