[XFRM] STATE: Search by address using source address list.

This is a support to search transformation states by its addresses by using source address list for Mobile IPv6 usage. To use it from user-space, it is also added a message type for source address as a xfrm state option. Based on MIPL2 kernel patch. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Masahide NAKAMURA <nakam@linux-ipv6.org> 2006-08-23 20:56:04 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-09-22 18:06:35 -0400
commit: eb2971b68a7d17a7d0fa2c7fc6fbc4bfe41cd694 (patch)
tree: 5f6e98ac376d0d2faa69e8a6644706a7312a1ff1 /net/xfrm/xfrm_user.c
parent: 6c44e6b7ab500d7e3e3f406c83325671be51a752 (diff)
1 files changed, 53 insertions, 6 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 41f3d51ffc33..b5f8ab71aa54 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -87,6 +87,22 @@ static int verify_encap_tmpl(struct rtattr **xfrma)
        return 0;
 }
+static int verify_one_addr(struct rtattr **xfrma, enum xfrm_attr_type_t type,
+                           xfrm_address_t **addrp)
+{
+        struct rtattr *rt = xfrma[type - 1];
+        if (!rt)
+                return 0;
+        if ((rt->rta_len - sizeof(*rt)) < sizeof(**addrp))
+                return -EINVAL;
+        if (addrp)
+                *addrp = RTA_DATA(rt);
+        return 0;
+}
 static inline int verify_sec_ctx_len(struct rtattr **xfrma)
 {
@@ -418,16 +434,48 @@ out:
        return err;
 }
+static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p,
+                                                 struct rtattr **xfrma,
+                                                 int *errp)
+{
+        struct xfrm_state *x = NULL;
+        int err;
+        if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) {
+                err = -ESRCH;
+                x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family);
+        } else {
+                xfrm_address_t *saddr = NULL;
+                err = verify_one_addr(xfrma, XFRMA_SRCADDR, &saddr);
+                if (err)
+                        goto out;
+                if (!saddr) {
+                        err = -EINVAL;
+                        goto out;
+                }
+                x = xfrm_state_lookup_byaddr(&p->daddr, saddr, p->proto,
+                                             p->family);
+        }
+ out:
+        if (!x && errp)
+                *errp = err;
+        return x;
+}
 static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
 {
        struct xfrm_state *x;
-        int err;
+        int err = -ESRCH;
        struct km_event c;
        struct xfrm_usersa_id *p = NLMSG_DATA(nlh);
-        x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family);
+        x = xfrm_user_state_lookup(p, (struct rtattr **)xfrma, &err);
        if (x == NULL)
-                return -ESRCH;
+                return err;
        if ((err = security_xfrm_state_delete(x)) != 0)
                goto out;
@@ -578,10 +626,9 @@ static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
        struct xfrm_usersa_id *p = NLMSG_DATA(nlh);
        struct xfrm_state *x;
        struct sk_buff *resp_skb;
-        int err;
+        int err = -ESRCH;
-        x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family);
+        x = xfrm_user_state_lookup(p, (struct rtattr **)xfrma, &err);
-        err = -ESRCH;
        if (x == NULL)
                goto out_noput;
author	Masahide NAKAMURA <nakam@linux-ipv6.org>	2006-08-23 20:56:04 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-09-22 18:06:35 -0400
commit	eb2971b68a7d17a7d0fa2c7fc6fbc4bfe41cd694 (patch)
tree	5f6e98ac376d0d2faa69e8a6644706a7312a1ff1 /net/xfrm/xfrm_user.c
parent	6c44e6b7ab500d7e3e3f406c83325671be51a752 (diff)

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 41f3d51ffc33..b5f8ab71aa54 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c
@@ -87,6 +87,22 @@ static int verify_encap_tmpl(struct rtattr **xfrma)
87	return 0;	87	return 0;
88	}	88	}
89		89
		90	static int verify_one_addr(struct rtattr **xfrma, enum xfrm_attr_type_t type,
		91	xfrm_address_t **addrp)
		92	{
		93	struct rtattr *rt = xfrma[type - 1];
		94
		95	if (!rt)
		96	return 0;
		97
		98	if ((rt->rta_len - sizeof(rt)) < sizeof(*addrp))
		99	return -EINVAL;
		100
		101	if (addrp)
		102	*addrp = RTA_DATA(rt);
		103
		104	return 0;
		105	}
90		106
91	static inline int verify_sec_ctx_len(struct rtattr **xfrma)	107	static inline int verify_sec_ctx_len(struct rtattr **xfrma)
92	{	108	{
@@ -418,16 +434,48 @@ out:
418	return err;	434	return err;
419	}	435	}
420		436
		437	static struct xfrm_state xfrm_user_state_lookup(struct xfrm_usersa_id p,
		438	struct rtattr **xfrma,
		439	int *errp)
		440	{
		441	struct xfrm_state *x = NULL;
		442	int err;
		443
		444	if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) {
		445	err = -ESRCH;
		446	x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family);
		447	} else {
		448	xfrm_address_t *saddr = NULL;
		449
		450	err = verify_one_addr(xfrma, XFRMA_SRCADDR, &saddr);
		451	if (err)
		452	goto out;
		453
		454	if (!saddr) {
		455	err = -EINVAL;
		456	goto out;
		457	}
		458
		459	x = xfrm_state_lookup_byaddr(&p->daddr, saddr, p->proto,
		460	p->family);
		461	}
		462
		463	out:
		464	if (!x && errp)
		465	*errp = err;
		466	return x;
		467	}
		468
421	static int xfrm_del_sa(struct sk_buff skb, struct nlmsghdr nlh, void **xfrma)	469	static int xfrm_del_sa(struct sk_buff skb, struct nlmsghdr nlh, void **xfrma)
422	{	470	{
423	struct xfrm_state *x;	471	struct xfrm_state *x;
424	int err;	472	int err = -ESRCH;
425	struct km_event c;	473	struct km_event c;
426	struct xfrm_usersa_id *p = NLMSG_DATA(nlh);	474	struct xfrm_usersa_id *p = NLMSG_DATA(nlh);
427		475
428	x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family);	476	x = xfrm_user_state_lookup(p, (struct rtattr **)xfrma, &err);
429	if (x == NULL)	477	if (x == NULL)
430	return -ESRCH;	478	return err;
431		479
432	if ((err = security_xfrm_state_delete(x)) != 0)	480	if ((err = security_xfrm_state_delete(x)) != 0)
433	goto out;	481	goto out;
@@ -578,10 +626,9 @@ static int xfrm_get_sa(struct sk_buff skb, struct nlmsghdr nlh, void **xfrma)
578	struct xfrm_usersa_id *p = NLMSG_DATA(nlh);	626	struct xfrm_usersa_id *p = NLMSG_DATA(nlh);
579	struct xfrm_state *x;	627	struct xfrm_state *x;
580	struct sk_buff *resp_skb;	628	struct sk_buff *resp_skb;
581	int err;	629	int err = -ESRCH;
582		630
583	x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family);	631	x = xfrm_user_state_lookup(p, (struct rtattr **)xfrma, &err);
584	err = -ESRCH;
585	if (x == NULL)	632	if (x == NULL)
586	goto out_noput;	633	goto out_noput;
587		634