diff options
Diffstat (limited to 'net/key/af_key.c')
| -rw-r--r-- | net/key/af_key.c | 243 |
1 files changed, 129 insertions, 114 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c index d87c22df6f1e..7db86ffcf070 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
| @@ -70,7 +70,7 @@ static inline struct pfkey_sock *pfkey_sk(struct sock *sk) | |||
| 70 | return (struct pfkey_sock *)sk; | 70 | return (struct pfkey_sock *)sk; |
| 71 | } | 71 | } |
| 72 | 72 | ||
| 73 | static int pfkey_can_dump(struct sock *sk) | 73 | static int pfkey_can_dump(const struct sock *sk) |
| 74 | { | 74 | { |
| 75 | if (3 * atomic_read(&sk->sk_rmem_alloc) <= 2 * sk->sk_rcvbuf) | 75 | if (3 * atomic_read(&sk->sk_rmem_alloc) <= 2 * sk->sk_rcvbuf) |
| 76 | return 1; | 76 | return 1; |
| @@ -303,12 +303,13 @@ static int pfkey_do_dump(struct pfkey_sock *pfk) | |||
| 303 | return rc; | 303 | return rc; |
| 304 | } | 304 | } |
| 305 | 305 | ||
| 306 | static inline void pfkey_hdr_dup(struct sadb_msg *new, struct sadb_msg *orig) | 306 | static inline void pfkey_hdr_dup(struct sadb_msg *new, |
| 307 | const struct sadb_msg *orig) | ||
| 307 | { | 308 | { |
| 308 | *new = *orig; | 309 | *new = *orig; |
| 309 | } | 310 | } |
| 310 | 311 | ||
| 311 | static int pfkey_error(struct sadb_msg *orig, int err, struct sock *sk) | 312 | static int pfkey_error(const struct sadb_msg *orig, int err, struct sock *sk) |
| 312 | { | 313 | { |
| 313 | struct sk_buff *skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_KERNEL); | 314 | struct sk_buff *skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_KERNEL); |
| 314 | struct sadb_msg *hdr; | 315 | struct sadb_msg *hdr; |
| @@ -369,13 +370,13 @@ static u8 sadb_ext_min_len[] = { | |||
| 369 | }; | 370 | }; |
| 370 | 371 | ||
| 371 | /* Verify sadb_address_{len,prefixlen} against sa_family. */ | 372 | /* Verify sadb_address_{len,prefixlen} against sa_family. */ |
| 372 | static int verify_address_len(void *p) | 373 | static int verify_address_len(const void *p) |
| 373 | { | 374 | { |
| 374 | struct sadb_address *sp = p; | 375 | const struct sadb_address *sp = p; |
| 375 | struct sockaddr *addr = (struct sockaddr *)(sp + 1); | 376 | const struct sockaddr *addr = (const struct sockaddr *)(sp + 1); |
| 376 | struct sockaddr_in *sin; | 377 | const struct sockaddr_in *sin; |
| 377 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 378 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
| 378 | struct sockaddr_in6 *sin6; | 379 | const struct sockaddr_in6 *sin6; |
| 379 | #endif | 380 | #endif |
| 380 | int len; | 381 | int len; |
| 381 | 382 | ||
| @@ -411,16 +412,16 @@ static int verify_address_len(void *p) | |||
| 411 | return 0; | 412 | return 0; |
| 412 | } | 413 | } |
| 413 | 414 | ||
| 414 | static inline int pfkey_sec_ctx_len(struct sadb_x_sec_ctx *sec_ctx) | 415 | static inline int pfkey_sec_ctx_len(const struct sadb_x_sec_ctx *sec_ctx) |
| 415 | { | 416 | { |
| 416 | return DIV_ROUND_UP(sizeof(struct sadb_x_sec_ctx) + | 417 | return DIV_ROUND_UP(sizeof(struct sadb_x_sec_ctx) + |
| 417 | sec_ctx->sadb_x_ctx_len, | 418 | sec_ctx->sadb_x_ctx_len, |
| 418 | sizeof(uint64_t)); | 419 | sizeof(uint64_t)); |
| 419 | } | 420 | } |
| 420 | 421 | ||
| 421 | static inline int verify_sec_ctx_len(void *p) | 422 | static inline int verify_sec_ctx_len(const void *p) |
| 422 | { | 423 | { |
| 423 | struct sadb_x_sec_ctx *sec_ctx = (struct sadb_x_sec_ctx *)p; | 424 | const struct sadb_x_sec_ctx *sec_ctx = p; |
| 424 | int len = sec_ctx->sadb_x_ctx_len; | 425 | int len = sec_ctx->sadb_x_ctx_len; |
| 425 | 426 | ||
| 426 | if (len > PAGE_SIZE) | 427 | if (len > PAGE_SIZE) |
| @@ -434,7 +435,7 @@ static inline int verify_sec_ctx_len(void *p) | |||
| 434 | return 0; | 435 | return 0; |
| 435 | } | 436 | } |
| 436 | 437 | ||
| 437 | static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(struct sadb_x_sec_ctx *sec_ctx) | 438 | static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(const struct sadb_x_sec_ctx *sec_ctx) |
| 438 | { | 439 | { |
| 439 | struct xfrm_user_sec_ctx *uctx = NULL; | 440 | struct xfrm_user_sec_ctx *uctx = NULL; |
| 440 | int ctx_size = sec_ctx->sadb_x_ctx_len; | 441 | int ctx_size = sec_ctx->sadb_x_ctx_len; |
| @@ -455,16 +456,16 @@ static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(struct sadb | |||
| 455 | return uctx; | 456 | return uctx; |
| 456 | } | 457 | } |
| 457 | 458 | ||
| 458 | static int present_and_same_family(struct sadb_address *src, | 459 | static int present_and_same_family(const struct sadb_address *src, |
| 459 | struct sadb_address *dst) | 460 | const struct sadb_address *dst) |
| 460 | { | 461 | { |
| 461 | struct sockaddr *s_addr, *d_addr; | 462 | const struct sockaddr *s_addr, *d_addr; |
| 462 | 463 | ||
| 463 | if (!src || !dst) | 464 | if (!src || !dst) |
| 464 | return 0; | 465 | return 0; |
| 465 | 466 | ||
| 466 | s_addr = (struct sockaddr *)(src + 1); | 467 | s_addr = (const struct sockaddr *)(src + 1); |
| 467 | d_addr = (struct sockaddr *)(dst + 1); | 468 | d_addr = (const struct sockaddr *)(dst + 1); |
| 468 | if (s_addr->sa_family != d_addr->sa_family) | 469 | if (s_addr->sa_family != d_addr->sa_family) |
| 469 | return 0; | 470 | return 0; |
| 470 | if (s_addr->sa_family != AF_INET | 471 | if (s_addr->sa_family != AF_INET |
| @@ -477,15 +478,15 @@ static int present_and_same_family(struct sadb_address *src, | |||
| 477 | return 1; | 478 | return 1; |
| 478 | } | 479 | } |
| 479 | 480 | ||
| 480 | static int parse_exthdrs(struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 481 | static int parse_exthdrs(struct sk_buff *skb, const struct sadb_msg *hdr, void **ext_hdrs) |
| 481 | { | 482 | { |
| 482 | char *p = (char *) hdr; | 483 | const char *p = (char *) hdr; |
| 483 | int len = skb->len; | 484 | int len = skb->len; |
| 484 | 485 | ||
| 485 | len -= sizeof(*hdr); | 486 | len -= sizeof(*hdr); |
| 486 | p += sizeof(*hdr); | 487 | p += sizeof(*hdr); |
| 487 | while (len > 0) { | 488 | while (len > 0) { |
| 488 | struct sadb_ext *ehdr = (struct sadb_ext *) p; | 489 | const struct sadb_ext *ehdr = (const struct sadb_ext *) p; |
| 489 | uint16_t ext_type; | 490 | uint16_t ext_type; |
| 490 | int ext_len; | 491 | int ext_len; |
| 491 | 492 | ||
| @@ -514,7 +515,7 @@ static int parse_exthdrs(struct sk_buff *skb, struct sadb_msg *hdr, void **ext_h | |||
| 514 | if (verify_sec_ctx_len(p)) | 515 | if (verify_sec_ctx_len(p)) |
| 515 | return -EINVAL; | 516 | return -EINVAL; |
| 516 | } | 517 | } |
| 517 | ext_hdrs[ext_type-1] = p; | 518 | ext_hdrs[ext_type-1] = (void *) p; |
| 518 | } | 519 | } |
| 519 | p += ext_len; | 520 | p += ext_len; |
| 520 | len -= ext_len; | 521 | len -= ext_len; |
| @@ -606,21 +607,21 @@ int pfkey_sockaddr_extract(const struct sockaddr *sa, xfrm_address_t *xaddr) | |||
| 606 | } | 607 | } |
| 607 | 608 | ||
| 608 | static | 609 | static |
| 609 | int pfkey_sadb_addr2xfrm_addr(struct sadb_address *addr, xfrm_address_t *xaddr) | 610 | int pfkey_sadb_addr2xfrm_addr(const struct sadb_address *addr, xfrm_address_t *xaddr) |
| 610 | { | 611 | { |
| 611 | return pfkey_sockaddr_extract((struct sockaddr *)(addr + 1), | 612 | return pfkey_sockaddr_extract((struct sockaddr *)(addr + 1), |
| 612 | xaddr); | 613 | xaddr); |
| 613 | } | 614 | } |
| 614 | 615 | ||
| 615 | static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, struct sadb_msg *hdr, void **ext_hdrs) | 616 | static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 616 | { | 617 | { |
| 617 | struct sadb_sa *sa; | 618 | const struct sadb_sa *sa; |
| 618 | struct sadb_address *addr; | 619 | const struct sadb_address *addr; |
| 619 | uint16_t proto; | 620 | uint16_t proto; |
| 620 | unsigned short family; | 621 | unsigned short family; |
| 621 | xfrm_address_t *xaddr; | 622 | xfrm_address_t *xaddr; |
| 622 | 623 | ||
| 623 | sa = (struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1]; | 624 | sa = (const struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1]; |
| 624 | if (sa == NULL) | 625 | if (sa == NULL) |
| 625 | return NULL; | 626 | return NULL; |
| 626 | 627 | ||
| @@ -629,18 +630,18 @@ static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, struct sadb_ | |||
| 629 | return NULL; | 630 | return NULL; |
| 630 | 631 | ||
| 631 | /* sadb_address_len should be checked by caller */ | 632 | /* sadb_address_len should be checked by caller */ |
| 632 | addr = (struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1]; | 633 | addr = (const struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1]; |
| 633 | if (addr == NULL) | 634 | if (addr == NULL) |
| 634 | return NULL; | 635 | return NULL; |
| 635 | 636 | ||
| 636 | family = ((struct sockaddr *)(addr + 1))->sa_family; | 637 | family = ((const struct sockaddr *)(addr + 1))->sa_family; |
| 637 | switch (family) { | 638 | switch (family) { |
| 638 | case AF_INET: | 639 | case AF_INET: |
| 639 | xaddr = (xfrm_address_t *)&((struct sockaddr_in *)(addr + 1))->sin_addr; | 640 | xaddr = (xfrm_address_t *)&((const struct sockaddr_in *)(addr + 1))->sin_addr; |
| 640 | break; | 641 | break; |
| 641 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 642 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
| 642 | case AF_INET6: | 643 | case AF_INET6: |
| 643 | xaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(addr + 1))->sin6_addr; | 644 | xaddr = (xfrm_address_t *)&((const struct sockaddr_in6 *)(addr + 1))->sin6_addr; |
| 644 | break; | 645 | break; |
| 645 | #endif | 646 | #endif |
| 646 | default: | 647 | default: |
| @@ -690,9 +691,9 @@ static inline int pfkey_mode_to_xfrm(int mode) | |||
| 690 | } | 691 | } |
| 691 | } | 692 | } |
| 692 | 693 | ||
| 693 | static unsigned int pfkey_sockaddr_fill(xfrm_address_t *xaddr, __be16 port, | 694 | static unsigned int pfkey_sockaddr_fill(const xfrm_address_t *xaddr, __be16 port, |
| 694 | struct sockaddr *sa, | 695 | struct sockaddr *sa, |
| 695 | unsigned short family) | 696 | unsigned short family) |
| 696 | { | 697 | { |
| 697 | switch (family) { | 698 | switch (family) { |
| 698 | case AF_INET: | 699 | case AF_INET: |
| @@ -720,7 +721,7 @@ static unsigned int pfkey_sockaddr_fill(xfrm_address_t *xaddr, __be16 port, | |||
| 720 | return 0; | 721 | return 0; |
| 721 | } | 722 | } |
| 722 | 723 | ||
| 723 | static struct sk_buff *__pfkey_xfrm_state2msg(struct xfrm_state *x, | 724 | static struct sk_buff *__pfkey_xfrm_state2msg(const struct xfrm_state *x, |
| 724 | int add_keys, int hsc) | 725 | int add_keys, int hsc) |
| 725 | { | 726 | { |
| 726 | struct sk_buff *skb; | 727 | struct sk_buff *skb; |
| @@ -1010,7 +1011,7 @@ static struct sk_buff *__pfkey_xfrm_state2msg(struct xfrm_state *x, | |||
| 1010 | } | 1011 | } |
| 1011 | 1012 | ||
| 1012 | 1013 | ||
| 1013 | static inline struct sk_buff *pfkey_xfrm_state2msg(struct xfrm_state *x) | 1014 | static inline struct sk_buff *pfkey_xfrm_state2msg(const struct xfrm_state *x) |
| 1014 | { | 1015 | { |
| 1015 | struct sk_buff *skb; | 1016 | struct sk_buff *skb; |
| 1016 | 1017 | ||
| @@ -1019,26 +1020,26 @@ static inline struct sk_buff *pfkey_xfrm_state2msg(struct xfrm_state *x) | |||
| 1019 | return skb; | 1020 | return skb; |
| 1020 | } | 1021 | } |
| 1021 | 1022 | ||
| 1022 | static inline struct sk_buff *pfkey_xfrm_state2msg_expire(struct xfrm_state *x, | 1023 | static inline struct sk_buff *pfkey_xfrm_state2msg_expire(const struct xfrm_state *x, |
| 1023 | int hsc) | 1024 | int hsc) |
| 1024 | { | 1025 | { |
| 1025 | return __pfkey_xfrm_state2msg(x, 0, hsc); | 1026 | return __pfkey_xfrm_state2msg(x, 0, hsc); |
| 1026 | } | 1027 | } |
| 1027 | 1028 | ||
| 1028 | static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, | 1029 | static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, |
| 1029 | struct sadb_msg *hdr, | 1030 | const struct sadb_msg *hdr, |
| 1030 | void **ext_hdrs) | 1031 | void * const *ext_hdrs) |
| 1031 | { | 1032 | { |
| 1032 | struct xfrm_state *x; | 1033 | struct xfrm_state *x; |
| 1033 | struct sadb_lifetime *lifetime; | 1034 | const struct sadb_lifetime *lifetime; |
| 1034 | struct sadb_sa *sa; | 1035 | const struct sadb_sa *sa; |
| 1035 | struct sadb_key *key; | 1036 | const struct sadb_key *key; |
| 1036 | struct sadb_x_sec_ctx *sec_ctx; | 1037 | const struct sadb_x_sec_ctx *sec_ctx; |
| 1037 | uint16_t proto; | 1038 | uint16_t proto; |
| 1038 | int err; | 1039 | int err; |
| 1039 | 1040 | ||
| 1040 | 1041 | ||
| 1041 | sa = (struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1]; | 1042 | sa = (const struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1]; |
| 1042 | if (!sa || | 1043 | if (!sa || |
| 1043 | !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], | 1044 | !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], |
| 1044 | ext_hdrs[SADB_EXT_ADDRESS_DST-1])) | 1045 | ext_hdrs[SADB_EXT_ADDRESS_DST-1])) |
| @@ -1077,7 +1078,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, | |||
| 1077 | sa->sadb_sa_encrypt > SADB_X_CALG_MAX) || | 1078 | sa->sadb_sa_encrypt > SADB_X_CALG_MAX) || |
| 1078 | sa->sadb_sa_encrypt > SADB_EALG_MAX) | 1079 | sa->sadb_sa_encrypt > SADB_EALG_MAX) |
| 1079 | return ERR_PTR(-EINVAL); | 1080 | return ERR_PTR(-EINVAL); |
| 1080 | key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1]; | 1081 | key = (const struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1]; |
| 1081 | if (key != NULL && | 1082 | if (key != NULL && |
| 1082 | sa->sadb_sa_auth != SADB_X_AALG_NULL && | 1083 | sa->sadb_sa_auth != SADB_X_AALG_NULL && |
| 1083 | ((key->sadb_key_bits+7) / 8 == 0 || | 1084 | ((key->sadb_key_bits+7) / 8 == 0 || |
| @@ -1104,14 +1105,14 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, | |||
| 1104 | if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC) | 1105 | if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC) |
| 1105 | x->props.flags |= XFRM_STATE_NOPMTUDISC; | 1106 | x->props.flags |= XFRM_STATE_NOPMTUDISC; |
| 1106 | 1107 | ||
| 1107 | lifetime = (struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_HARD-1]; | 1108 | lifetime = (const struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_HARD-1]; |
| 1108 | if (lifetime != NULL) { | 1109 | if (lifetime != NULL) { |
| 1109 | x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); | 1110 | x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); |
| 1110 | x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); | 1111 | x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); |
| 1111 | x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime; | 1112 | x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime; |
| 1112 | x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime; | 1113 | x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime; |
| 1113 | } | 1114 | } |
| 1114 | lifetime = (struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]; | 1115 | lifetime = (const struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]; |
| 1115 | if (lifetime != NULL) { | 1116 | if (lifetime != NULL) { |
| 1116 | x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); | 1117 | x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); |
| 1117 | x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); | 1118 | x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); |
| @@ -1119,7 +1120,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, | |||
| 1119 | x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime; | 1120 | x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime; |
| 1120 | } | 1121 | } |
| 1121 | 1122 | ||
| 1122 | sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1]; | 1123 | sec_ctx = (const struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1]; |
| 1123 | if (sec_ctx != NULL) { | 1124 | if (sec_ctx != NULL) { |
| 1124 | struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx); | 1125 | struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx); |
| 1125 | 1126 | ||
| @@ -1133,7 +1134,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, | |||
| 1133 | goto out; | 1134 | goto out; |
| 1134 | } | 1135 | } |
| 1135 | 1136 | ||
| 1136 | key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1]; | 1137 | key = (const struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1]; |
| 1137 | if (sa->sadb_sa_auth) { | 1138 | if (sa->sadb_sa_auth) { |
| 1138 | int keysize = 0; | 1139 | int keysize = 0; |
| 1139 | struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth); | 1140 | struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth); |
| @@ -1202,7 +1203,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, | |||
| 1202 | &x->id.daddr); | 1203 | &x->id.daddr); |
| 1203 | 1204 | ||
| 1204 | if (ext_hdrs[SADB_X_EXT_SA2-1]) { | 1205 | if (ext_hdrs[SADB_X_EXT_SA2-1]) { |
| 1205 | struct sadb_x_sa2 *sa2 = (void*)ext_hdrs[SADB_X_EXT_SA2-1]; | 1206 | const struct sadb_x_sa2 *sa2 = ext_hdrs[SADB_X_EXT_SA2-1]; |
| 1206 | int mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode); | 1207 | int mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode); |
| 1207 | if (mode < 0) { | 1208 | if (mode < 0) { |
| 1208 | err = -EINVAL; | 1209 | err = -EINVAL; |
| @@ -1213,7 +1214,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, | |||
| 1213 | } | 1214 | } |
| 1214 | 1215 | ||
| 1215 | if (ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]) { | 1216 | if (ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]) { |
| 1216 | struct sadb_address *addr = ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]; | 1217 | const struct sadb_address *addr = ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]; |
| 1217 | 1218 | ||
| 1218 | /* Nobody uses this, but we try. */ | 1219 | /* Nobody uses this, but we try. */ |
| 1219 | x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr); | 1220 | x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr); |
| @@ -1224,7 +1225,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, | |||
| 1224 | x->sel.family = x->props.family; | 1225 | x->sel.family = x->props.family; |
| 1225 | 1226 | ||
| 1226 | if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) { | 1227 | if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) { |
| 1227 | struct sadb_x_nat_t_type* n_type; | 1228 | const struct sadb_x_nat_t_type* n_type; |
| 1228 | struct xfrm_encap_tmpl *natt; | 1229 | struct xfrm_encap_tmpl *natt; |
| 1229 | 1230 | ||
| 1230 | x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL); | 1231 | x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL); |
| @@ -1236,12 +1237,12 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, | |||
| 1236 | natt->encap_type = n_type->sadb_x_nat_t_type_type; | 1237 | natt->encap_type = n_type->sadb_x_nat_t_type_type; |
| 1237 | 1238 | ||
| 1238 | if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) { | 1239 | if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) { |
| 1239 | struct sadb_x_nat_t_port* n_port = | 1240 | const struct sadb_x_nat_t_port *n_port = |
| 1240 | ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]; | 1241 | ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]; |
| 1241 | natt->encap_sport = n_port->sadb_x_nat_t_port_port; | 1242 | natt->encap_sport = n_port->sadb_x_nat_t_port_port; |
| 1242 | } | 1243 | } |
| 1243 | if (ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]) { | 1244 | if (ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]) { |
| 1244 | struct sadb_x_nat_t_port* n_port = | 1245 | const struct sadb_x_nat_t_port *n_port = |
| 1245 | ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]; | 1246 | ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]; |
| 1246 | natt->encap_dport = n_port->sadb_x_nat_t_port_port; | 1247 | natt->encap_dport = n_port->sadb_x_nat_t_port_port; |
| 1247 | } | 1248 | } |
| @@ -1261,12 +1262,12 @@ out: | |||
| 1261 | return ERR_PTR(err); | 1262 | return ERR_PTR(err); |
| 1262 | } | 1263 | } |
| 1263 | 1264 | ||
| 1264 | static int pfkey_reserved(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 1265 | static int pfkey_reserved(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 1265 | { | 1266 | { |
| 1266 | return -EOPNOTSUPP; | 1267 | return -EOPNOTSUPP; |
| 1267 | } | 1268 | } |
| 1268 | 1269 | ||
| 1269 | static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 1270 | static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 1270 | { | 1271 | { |
| 1271 | struct net *net = sock_net(sk); | 1272 | struct net *net = sock_net(sk); |
| 1272 | struct sk_buff *resp_skb; | 1273 | struct sk_buff *resp_skb; |
| @@ -1365,7 +1366,7 @@ static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h | |||
| 1365 | return 0; | 1366 | return 0; |
| 1366 | } | 1367 | } |
| 1367 | 1368 | ||
| 1368 | static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 1369 | static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 1369 | { | 1370 | { |
| 1370 | struct net *net = sock_net(sk); | 1371 | struct net *net = sock_net(sk); |
| 1371 | struct xfrm_state *x; | 1372 | struct xfrm_state *x; |
| @@ -1429,7 +1430,7 @@ static inline int event2keytype(int event) | |||
| 1429 | } | 1430 | } |
| 1430 | 1431 | ||
| 1431 | /* ADD/UPD/DEL */ | 1432 | /* ADD/UPD/DEL */ |
| 1432 | static int key_notify_sa(struct xfrm_state *x, struct km_event *c) | 1433 | static int key_notify_sa(struct xfrm_state *x, const struct km_event *c) |
| 1433 | { | 1434 | { |
| 1434 | struct sk_buff *skb; | 1435 | struct sk_buff *skb; |
| 1435 | struct sadb_msg *hdr; | 1436 | struct sadb_msg *hdr; |
| @@ -1453,7 +1454,7 @@ static int key_notify_sa(struct xfrm_state *x, struct km_event *c) | |||
| 1453 | return 0; | 1454 | return 0; |
| 1454 | } | 1455 | } |
| 1455 | 1456 | ||
| 1456 | static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 1457 | static int pfkey_add(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 1457 | { | 1458 | { |
| 1458 | struct net *net = sock_net(sk); | 1459 | struct net *net = sock_net(sk); |
| 1459 | struct xfrm_state *x; | 1460 | struct xfrm_state *x; |
| @@ -1492,7 +1493,7 @@ out: | |||
| 1492 | return err; | 1493 | return err; |
| 1493 | } | 1494 | } |
| 1494 | 1495 | ||
| 1495 | static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 1496 | static int pfkey_delete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 1496 | { | 1497 | { |
| 1497 | struct net *net = sock_net(sk); | 1498 | struct net *net = sock_net(sk); |
| 1498 | struct xfrm_state *x; | 1499 | struct xfrm_state *x; |
| @@ -1534,7 +1535,7 @@ out: | |||
| 1534 | return err; | 1535 | return err; |
| 1535 | } | 1536 | } |
| 1536 | 1537 | ||
| 1537 | static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 1538 | static int pfkey_get(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 1538 | { | 1539 | { |
| 1539 | struct net *net = sock_net(sk); | 1540 | struct net *net = sock_net(sk); |
| 1540 | __u8 proto; | 1541 | __u8 proto; |
| @@ -1570,7 +1571,7 @@ static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, | |||
| 1570 | return 0; | 1571 | return 0; |
| 1571 | } | 1572 | } |
| 1572 | 1573 | ||
| 1573 | static struct sk_buff *compose_sadb_supported(struct sadb_msg *orig, | 1574 | static struct sk_buff *compose_sadb_supported(const struct sadb_msg *orig, |
| 1574 | gfp_t allocation) | 1575 | gfp_t allocation) |
| 1575 | { | 1576 | { |
| 1576 | struct sk_buff *skb; | 1577 | struct sk_buff *skb; |
| @@ -1642,7 +1643,7 @@ out_put_algs: | |||
| 1642 | return skb; | 1643 | return skb; |
| 1643 | } | 1644 | } |
| 1644 | 1645 | ||
| 1645 | static int pfkey_register(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 1646 | static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 1646 | { | 1647 | { |
| 1647 | struct pfkey_sock *pfk = pfkey_sk(sk); | 1648 | struct pfkey_sock *pfk = pfkey_sk(sk); |
| 1648 | struct sk_buff *supp_skb; | 1649 | struct sk_buff *supp_skb; |
| @@ -1671,7 +1672,7 @@ static int pfkey_register(struct sock *sk, struct sk_buff *skb, struct sadb_msg | |||
| 1671 | return 0; | 1672 | return 0; |
| 1672 | } | 1673 | } |
| 1673 | 1674 | ||
| 1674 | static int unicast_flush_resp(struct sock *sk, struct sadb_msg *ihdr) | 1675 | static int unicast_flush_resp(struct sock *sk, const struct sadb_msg *ihdr) |
| 1675 | { | 1676 | { |
| 1676 | struct sk_buff *skb; | 1677 | struct sk_buff *skb; |
| 1677 | struct sadb_msg *hdr; | 1678 | struct sadb_msg *hdr; |
| @@ -1688,7 +1689,7 @@ static int unicast_flush_resp(struct sock *sk, struct sadb_msg *ihdr) | |||
| 1688 | return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk)); | 1689 | return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk)); |
| 1689 | } | 1690 | } |
| 1690 | 1691 | ||
| 1691 | static int key_notify_sa_flush(struct km_event *c) | 1692 | static int key_notify_sa_flush(const struct km_event *c) |
| 1692 | { | 1693 | { |
| 1693 | struct sk_buff *skb; | 1694 | struct sk_buff *skb; |
| 1694 | struct sadb_msg *hdr; | 1695 | struct sadb_msg *hdr; |
| @@ -1710,7 +1711,7 @@ static int key_notify_sa_flush(struct km_event *c) | |||
| 1710 | return 0; | 1711 | return 0; |
| 1711 | } | 1712 | } |
| 1712 | 1713 | ||
| 1713 | static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 1714 | static int pfkey_flush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 1714 | { | 1715 | { |
| 1715 | struct net *net = sock_net(sk); | 1716 | struct net *net = sock_net(sk); |
| 1716 | unsigned proto; | 1717 | unsigned proto; |
| @@ -1784,7 +1785,7 @@ static void pfkey_dump_sa_done(struct pfkey_sock *pfk) | |||
| 1784 | xfrm_state_walk_done(&pfk->dump.u.state); | 1785 | xfrm_state_walk_done(&pfk->dump.u.state); |
| 1785 | } | 1786 | } |
| 1786 | 1787 | ||
| 1787 | static int pfkey_dump(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 1788 | static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 1788 | { | 1789 | { |
| 1789 | u8 proto; | 1790 | u8 proto; |
| 1790 | struct pfkey_sock *pfk = pfkey_sk(sk); | 1791 | struct pfkey_sock *pfk = pfkey_sk(sk); |
| @@ -1805,19 +1806,29 @@ static int pfkey_dump(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr | |||
| 1805 | return pfkey_do_dump(pfk); | 1806 | return pfkey_do_dump(pfk); |
| 1806 | } | 1807 | } |
| 1807 | 1808 | ||
| 1808 | static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 1809 | static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 1809 | { | 1810 | { |
| 1810 | struct pfkey_sock *pfk = pfkey_sk(sk); | 1811 | struct pfkey_sock *pfk = pfkey_sk(sk); |
| 1811 | int satype = hdr->sadb_msg_satype; | 1812 | int satype = hdr->sadb_msg_satype; |
| 1813 | bool reset_errno = false; | ||
| 1812 | 1814 | ||
| 1813 | if (hdr->sadb_msg_len == (sizeof(*hdr) / sizeof(uint64_t))) { | 1815 | if (hdr->sadb_msg_len == (sizeof(*hdr) / sizeof(uint64_t))) { |
| 1814 | /* XXX we mangle packet... */ | 1816 | reset_errno = true; |
| 1815 | hdr->sadb_msg_errno = 0; | ||
| 1816 | if (satype != 0 && satype != 1) | 1817 | if (satype != 0 && satype != 1) |
| 1817 | return -EINVAL; | 1818 | return -EINVAL; |
| 1818 | pfk->promisc = satype; | 1819 | pfk->promisc = satype; |
| 1819 | } | 1820 | } |
| 1820 | pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL, BROADCAST_ALL, NULL, sock_net(sk)); | 1821 | if (reset_errno && skb_cloned(skb)) |
| 1822 | skb = skb_copy(skb, GFP_KERNEL); | ||
| 1823 | else | ||
| 1824 | skb = skb_clone(skb, GFP_KERNEL); | ||
| 1825 | |||
| 1826 | if (reset_errno && skb) { | ||
| 1827 | struct sadb_msg *new_hdr = (struct sadb_msg *) skb->data; | ||
| 1828 | new_hdr->sadb_msg_errno = 0; | ||
| 1829 | } | ||
| 1830 | |||
| 1831 | pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ALL, NULL, sock_net(sk)); | ||
| 1821 | return 0; | 1832 | return 0; |
| 1822 | } | 1833 | } |
| 1823 | 1834 | ||
| @@ -1921,7 +1932,7 @@ parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol) | |||
| 1921 | return 0; | 1932 | return 0; |
| 1922 | } | 1933 | } |
| 1923 | 1934 | ||
| 1924 | static inline int pfkey_xfrm_policy2sec_ctx_size(struct xfrm_policy *xp) | 1935 | static inline int pfkey_xfrm_policy2sec_ctx_size(const struct xfrm_policy *xp) |
| 1925 | { | 1936 | { |
| 1926 | struct xfrm_sec_ctx *xfrm_ctx = xp->security; | 1937 | struct xfrm_sec_ctx *xfrm_ctx = xp->security; |
| 1927 | 1938 | ||
| @@ -1933,9 +1944,9 @@ static inline int pfkey_xfrm_policy2sec_ctx_size(struct xfrm_policy *xp) | |||
| 1933 | return 0; | 1944 | return 0; |
| 1934 | } | 1945 | } |
| 1935 | 1946 | ||
| 1936 | static int pfkey_xfrm_policy2msg_size(struct xfrm_policy *xp) | 1947 | static int pfkey_xfrm_policy2msg_size(const struct xfrm_policy *xp) |
| 1937 | { | 1948 | { |
| 1938 | struct xfrm_tmpl *t; | 1949 | const struct xfrm_tmpl *t; |
| 1939 | int sockaddr_size = pfkey_sockaddr_size(xp->family); | 1950 | int sockaddr_size = pfkey_sockaddr_size(xp->family); |
| 1940 | int socklen = 0; | 1951 | int socklen = 0; |
| 1941 | int i; | 1952 | int i; |
| @@ -1955,7 +1966,7 @@ static int pfkey_xfrm_policy2msg_size(struct xfrm_policy *xp) | |||
| 1955 | pfkey_xfrm_policy2sec_ctx_size(xp); | 1966 | pfkey_xfrm_policy2sec_ctx_size(xp); |
| 1956 | } | 1967 | } |
| 1957 | 1968 | ||
| 1958 | static struct sk_buff * pfkey_xfrm_policy2msg_prep(struct xfrm_policy *xp) | 1969 | static struct sk_buff * pfkey_xfrm_policy2msg_prep(const struct xfrm_policy *xp) |
| 1959 | { | 1970 | { |
| 1960 | struct sk_buff *skb; | 1971 | struct sk_buff *skb; |
| 1961 | int size; | 1972 | int size; |
| @@ -1969,7 +1980,7 @@ static struct sk_buff * pfkey_xfrm_policy2msg_prep(struct xfrm_policy *xp) | |||
| 1969 | return skb; | 1980 | return skb; |
| 1970 | } | 1981 | } |
| 1971 | 1982 | ||
| 1972 | static int pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, int dir) | 1983 | static int pfkey_xfrm_policy2msg(struct sk_buff *skb, const struct xfrm_policy *xp, int dir) |
| 1973 | { | 1984 | { |
| 1974 | struct sadb_msg *hdr; | 1985 | struct sadb_msg *hdr; |
| 1975 | struct sadb_address *addr; | 1986 | struct sadb_address *addr; |
| @@ -2065,8 +2076,8 @@ static int pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, in | |||
| 2065 | pol->sadb_x_policy_priority = xp->priority; | 2076 | pol->sadb_x_policy_priority = xp->priority; |
| 2066 | 2077 | ||
| 2067 | for (i=0; i<xp->xfrm_nr; i++) { | 2078 | for (i=0; i<xp->xfrm_nr; i++) { |
| 2079 | const struct xfrm_tmpl *t = xp->xfrm_vec + i; | ||
| 2068 | struct sadb_x_ipsecrequest *rq; | 2080 | struct sadb_x_ipsecrequest *rq; |
| 2069 | struct xfrm_tmpl *t = xp->xfrm_vec + i; | ||
| 2070 | int req_size; | 2081 | int req_size; |
| 2071 | int mode; | 2082 | int mode; |
| 2072 | 2083 | ||
| @@ -2123,7 +2134,7 @@ static int pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, in | |||
| 2123 | return 0; | 2134 | return 0; |
| 2124 | } | 2135 | } |
| 2125 | 2136 | ||
| 2126 | static int key_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) | 2137 | static int key_notify_policy(struct xfrm_policy *xp, int dir, const struct km_event *c) |
| 2127 | { | 2138 | { |
| 2128 | struct sk_buff *out_skb; | 2139 | struct sk_buff *out_skb; |
| 2129 | struct sadb_msg *out_hdr; | 2140 | struct sadb_msg *out_hdr; |
| @@ -2152,7 +2163,7 @@ static int key_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c | |||
| 2152 | 2163 | ||
| 2153 | } | 2164 | } |
| 2154 | 2165 | ||
| 2155 | static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 2166 | static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 2156 | { | 2167 | { |
| 2157 | struct net *net = sock_net(sk); | 2168 | struct net *net = sock_net(sk); |
| 2158 | int err = 0; | 2169 | int err = 0; |
| @@ -2273,7 +2284,7 @@ out: | |||
| 2273 | return err; | 2284 | return err; |
| 2274 | } | 2285 | } |
| 2275 | 2286 | ||
| 2276 | static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 2287 | static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 2277 | { | 2288 | { |
| 2278 | struct net *net = sock_net(sk); | 2289 | struct net *net = sock_net(sk); |
| 2279 | int err; | 2290 | int err; |
| @@ -2350,7 +2361,7 @@ out: | |||
| 2350 | return err; | 2361 | return err; |
| 2351 | } | 2362 | } |
| 2352 | 2363 | ||
| 2353 | static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, struct sadb_msg *hdr, int dir) | 2364 | static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, const struct sadb_msg *hdr, int dir) |
| 2354 | { | 2365 | { |
| 2355 | int err; | 2366 | int err; |
| 2356 | struct sk_buff *out_skb; | 2367 | struct sk_buff *out_skb; |
| @@ -2458,7 +2469,7 @@ static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len, | |||
| 2458 | } | 2469 | } |
| 2459 | 2470 | ||
| 2460 | static int pfkey_migrate(struct sock *sk, struct sk_buff *skb, | 2471 | static int pfkey_migrate(struct sock *sk, struct sk_buff *skb, |
| 2461 | struct sadb_msg *hdr, void **ext_hdrs) | 2472 | const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 2462 | { | 2473 | { |
| 2463 | int i, len, ret, err = -EINVAL; | 2474 | int i, len, ret, err = -EINVAL; |
| 2464 | u8 dir; | 2475 | u8 dir; |
| @@ -2549,14 +2560,14 @@ static int pfkey_migrate(struct sock *sk, struct sk_buff *skb, | |||
| 2549 | } | 2560 | } |
| 2550 | #else | 2561 | #else |
| 2551 | static int pfkey_migrate(struct sock *sk, struct sk_buff *skb, | 2562 | static int pfkey_migrate(struct sock *sk, struct sk_buff *skb, |
| 2552 | struct sadb_msg *hdr, void **ext_hdrs) | 2563 | const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 2553 | { | 2564 | { |
| 2554 | return -ENOPROTOOPT; | 2565 | return -ENOPROTOOPT; |
| 2555 | } | 2566 | } |
| 2556 | #endif | 2567 | #endif |
| 2557 | 2568 | ||
| 2558 | 2569 | ||
| 2559 | static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 2570 | static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 2560 | { | 2571 | { |
| 2561 | struct net *net = sock_net(sk); | 2572 | struct net *net = sock_net(sk); |
| 2562 | unsigned int dir; | 2573 | unsigned int dir; |
| @@ -2644,7 +2655,7 @@ static void pfkey_dump_sp_done(struct pfkey_sock *pfk) | |||
| 2644 | xfrm_policy_walk_done(&pfk->dump.u.policy); | 2655 | xfrm_policy_walk_done(&pfk->dump.u.policy); |
| 2645 | } | 2656 | } |
| 2646 | 2657 | ||
| 2647 | static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 2658 | static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 2648 | { | 2659 | { |
| 2649 | struct pfkey_sock *pfk = pfkey_sk(sk); | 2660 | struct pfkey_sock *pfk = pfkey_sk(sk); |
| 2650 | 2661 | ||
| @@ -2660,7 +2671,7 @@ static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, struct sadb_msg * | |||
| 2660 | return pfkey_do_dump(pfk); | 2671 | return pfkey_do_dump(pfk); |
| 2661 | } | 2672 | } |
| 2662 | 2673 | ||
| 2663 | static int key_notify_policy_flush(struct km_event *c) | 2674 | static int key_notify_policy_flush(const struct km_event *c) |
| 2664 | { | 2675 | { |
| 2665 | struct sk_buff *skb_out; | 2676 | struct sk_buff *skb_out; |
| 2666 | struct sadb_msg *hdr; | 2677 | struct sadb_msg *hdr; |
| @@ -2680,7 +2691,7 @@ static int key_notify_policy_flush(struct km_event *c) | |||
| 2680 | 2691 | ||
| 2681 | } | 2692 | } |
| 2682 | 2693 | ||
| 2683 | static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 2694 | static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) |
| 2684 | { | 2695 | { |
| 2685 | struct net *net = sock_net(sk); | 2696 | struct net *net = sock_net(sk); |
| 2686 | struct km_event c; | 2697 | struct km_event c; |
| @@ -2709,7 +2720,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg | |||
| 2709 | } | 2720 | } |
| 2710 | 2721 | ||
| 2711 | typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb, | 2722 | typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb, |
| 2712 | struct sadb_msg *hdr, void **ext_hdrs); | 2723 | const struct sadb_msg *hdr, void * const *ext_hdrs); |
| 2713 | static pfkey_handler pfkey_funcs[SADB_MAX + 1] = { | 2724 | static pfkey_handler pfkey_funcs[SADB_MAX + 1] = { |
| 2714 | [SADB_RESERVED] = pfkey_reserved, | 2725 | [SADB_RESERVED] = pfkey_reserved, |
| 2715 | [SADB_GETSPI] = pfkey_getspi, | 2726 | [SADB_GETSPI] = pfkey_getspi, |
| @@ -2736,7 +2747,7 @@ static pfkey_handler pfkey_funcs[SADB_MAX + 1] = { | |||
| 2736 | [SADB_X_MIGRATE] = pfkey_migrate, | 2747 | [SADB_X_MIGRATE] = pfkey_migrate, |
| 2737 | }; | 2748 | }; |
| 2738 | 2749 | ||
| 2739 | static int pfkey_process(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr) | 2750 | static int pfkey_process(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr) |
| 2740 | { | 2751 | { |
| 2741 | void *ext_hdrs[SADB_EXT_MAX]; | 2752 | void *ext_hdrs[SADB_EXT_MAX]; |
| 2742 | int err; | 2753 | int err; |
| @@ -2781,7 +2792,8 @@ static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp) | |||
| 2781 | return hdr; | 2792 | return hdr; |
| 2782 | } | 2793 | } |
| 2783 | 2794 | ||
| 2784 | static inline int aalg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d) | 2795 | static inline int aalg_tmpl_set(const struct xfrm_tmpl *t, |
| 2796 | const struct xfrm_algo_desc *d) | ||
| 2785 | { | 2797 | { |
| 2786 | unsigned int id = d->desc.sadb_alg_id; | 2798 | unsigned int id = d->desc.sadb_alg_id; |
| 2787 | 2799 | ||
| @@ -2791,7 +2803,8 @@ static inline int aalg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d) | |||
| 2791 | return (t->aalgos >> id) & 1; | 2803 | return (t->aalgos >> id) & 1; |
| 2792 | } | 2804 | } |
| 2793 | 2805 | ||
| 2794 | static inline int ealg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d) | 2806 | static inline int ealg_tmpl_set(const struct xfrm_tmpl *t, |
| 2807 | const struct xfrm_algo_desc *d) | ||
| 2795 | { | 2808 | { |
| 2796 | unsigned int id = d->desc.sadb_alg_id; | 2809 | unsigned int id = d->desc.sadb_alg_id; |
| 2797 | 2810 | ||
| @@ -2801,12 +2814,12 @@ static inline int ealg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d) | |||
| 2801 | return (t->ealgos >> id) & 1; | 2814 | return (t->ealgos >> id) & 1; |
| 2802 | } | 2815 | } |
| 2803 | 2816 | ||
| 2804 | static int count_ah_combs(struct xfrm_tmpl *t) | 2817 | static int count_ah_combs(const struct xfrm_tmpl *t) |
| 2805 | { | 2818 | { |
| 2806 | int i, sz = 0; | 2819 | int i, sz = 0; |
| 2807 | 2820 | ||
| 2808 | for (i = 0; ; i++) { | 2821 | for (i = 0; ; i++) { |
| 2809 | struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); | 2822 | const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); |
| 2810 | if (!aalg) | 2823 | if (!aalg) |
| 2811 | break; | 2824 | break; |
| 2812 | if (aalg_tmpl_set(t, aalg) && aalg->available) | 2825 | if (aalg_tmpl_set(t, aalg) && aalg->available) |
| @@ -2815,12 +2828,12 @@ static int count_ah_combs(struct xfrm_tmpl *t) | |||
| 2815 | return sz + sizeof(struct sadb_prop); | 2828 | return sz + sizeof(struct sadb_prop); |
| 2816 | } | 2829 | } |
| 2817 | 2830 | ||
| 2818 | static int count_esp_combs(struct xfrm_tmpl *t) | 2831 | static int count_esp_combs(const struct xfrm_tmpl *t) |
| 2819 | { | 2832 | { |
| 2820 | int i, k, sz = 0; | 2833 | int i, k, sz = 0; |
| 2821 | 2834 | ||
| 2822 | for (i = 0; ; i++) { | 2835 | for (i = 0; ; i++) { |
| 2823 | struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); | 2836 | const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); |
| 2824 | if (!ealg) | 2837 | if (!ealg) |
| 2825 | break; | 2838 | break; |
| 2826 | 2839 | ||
| @@ -2828,7 +2841,7 @@ static int count_esp_combs(struct xfrm_tmpl *t) | |||
| 2828 | continue; | 2841 | continue; |
| 2829 | 2842 | ||
| 2830 | for (k = 1; ; k++) { | 2843 | for (k = 1; ; k++) { |
| 2831 | struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); | 2844 | const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); |
| 2832 | if (!aalg) | 2845 | if (!aalg) |
| 2833 | break; | 2846 | break; |
| 2834 | 2847 | ||
| @@ -2839,7 +2852,7 @@ static int count_esp_combs(struct xfrm_tmpl *t) | |||
| 2839 | return sz + sizeof(struct sadb_prop); | 2852 | return sz + sizeof(struct sadb_prop); |
| 2840 | } | 2853 | } |
| 2841 | 2854 | ||
| 2842 | static void dump_ah_combs(struct sk_buff *skb, struct xfrm_tmpl *t) | 2855 | static void dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t) |
| 2843 | { | 2856 | { |
| 2844 | struct sadb_prop *p; | 2857 | struct sadb_prop *p; |
| 2845 | int i; | 2858 | int i; |
| @@ -2851,7 +2864,7 @@ static void dump_ah_combs(struct sk_buff *skb, struct xfrm_tmpl *t) | |||
| 2851 | memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved)); | 2864 | memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved)); |
| 2852 | 2865 | ||
| 2853 | for (i = 0; ; i++) { | 2866 | for (i = 0; ; i++) { |
| 2854 | struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); | 2867 | const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); |
| 2855 | if (!aalg) | 2868 | if (!aalg) |
| 2856 | break; | 2869 | break; |
| 2857 | 2870 | ||
| @@ -2871,7 +2884,7 @@ static void dump_ah_combs(struct sk_buff *skb, struct xfrm_tmpl *t) | |||
| 2871 | } | 2884 | } |
| 2872 | } | 2885 | } |
| 2873 | 2886 | ||
| 2874 | static void dump_esp_combs(struct sk_buff *skb, struct xfrm_tmpl *t) | 2887 | static void dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t) |
| 2875 | { | 2888 | { |
| 2876 | struct sadb_prop *p; | 2889 | struct sadb_prop *p; |
| 2877 | int i, k; | 2890 | int i, k; |
| @@ -2883,7 +2896,7 @@ static void dump_esp_combs(struct sk_buff *skb, struct xfrm_tmpl *t) | |||
| 2883 | memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved)); | 2896 | memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved)); |
| 2884 | 2897 | ||
| 2885 | for (i=0; ; i++) { | 2898 | for (i=0; ; i++) { |
| 2886 | struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); | 2899 | const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); |
| 2887 | if (!ealg) | 2900 | if (!ealg) |
| 2888 | break; | 2901 | break; |
| 2889 | 2902 | ||
| @@ -2892,7 +2905,7 @@ static void dump_esp_combs(struct sk_buff *skb, struct xfrm_tmpl *t) | |||
| 2892 | 2905 | ||
| 2893 | for (k = 1; ; k++) { | 2906 | for (k = 1; ; k++) { |
| 2894 | struct sadb_comb *c; | 2907 | struct sadb_comb *c; |
| 2895 | struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); | 2908 | const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); |
| 2896 | if (!aalg) | 2909 | if (!aalg) |
| 2897 | break; | 2910 | break; |
| 2898 | if (!(aalg_tmpl_set(t, aalg) && aalg->available)) | 2911 | if (!(aalg_tmpl_set(t, aalg) && aalg->available)) |
| @@ -2914,12 +2927,12 @@ static void dump_esp_combs(struct sk_buff *skb, struct xfrm_tmpl *t) | |||
| 2914 | } | 2927 | } |
| 2915 | } | 2928 | } |
| 2916 | 2929 | ||
| 2917 | static int key_notify_policy_expire(struct xfrm_policy *xp, struct km_event *c) | 2930 | static int key_notify_policy_expire(struct xfrm_policy *xp, const struct km_event *c) |
| 2918 | { | 2931 | { |
| 2919 | return 0; | 2932 | return 0; |
| 2920 | } | 2933 | } |
| 2921 | 2934 | ||
| 2922 | static int key_notify_sa_expire(struct xfrm_state *x, struct km_event *c) | 2935 | static int key_notify_sa_expire(struct xfrm_state *x, const struct km_event *c) |
| 2923 | { | 2936 | { |
| 2924 | struct sk_buff *out_skb; | 2937 | struct sk_buff *out_skb; |
| 2925 | struct sadb_msg *out_hdr; | 2938 | struct sadb_msg *out_hdr; |
| @@ -2949,7 +2962,7 @@ static int key_notify_sa_expire(struct xfrm_state *x, struct km_event *c) | |||
| 2949 | return 0; | 2962 | return 0; |
| 2950 | } | 2963 | } |
| 2951 | 2964 | ||
| 2952 | static int pfkey_send_notify(struct xfrm_state *x, struct km_event *c) | 2965 | static int pfkey_send_notify(struct xfrm_state *x, const struct km_event *c) |
| 2953 | { | 2966 | { |
| 2954 | struct net *net = x ? xs_net(x) : c->net; | 2967 | struct net *net = x ? xs_net(x) : c->net; |
| 2955 | struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); | 2968 | struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); |
| @@ -2976,7 +2989,7 @@ static int pfkey_send_notify(struct xfrm_state *x, struct km_event *c) | |||
| 2976 | return 0; | 2989 | return 0; |
| 2977 | } | 2990 | } |
| 2978 | 2991 | ||
| 2979 | static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) | 2992 | static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c) |
| 2980 | { | 2993 | { |
| 2981 | if (xp && xp->type != XFRM_POLICY_TYPE_MAIN) | 2994 | if (xp && xp->type != XFRM_POLICY_TYPE_MAIN) |
| 2982 | return 0; | 2995 | return 0; |
| @@ -3318,7 +3331,7 @@ static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, | |||
| 3318 | 3331 | ||
| 3319 | #ifdef CONFIG_NET_KEY_MIGRATE | 3332 | #ifdef CONFIG_NET_KEY_MIGRATE |
| 3320 | static int set_sadb_address(struct sk_buff *skb, int sasize, int type, | 3333 | static int set_sadb_address(struct sk_buff *skb, int sasize, int type, |
| 3321 | struct xfrm_selector *sel) | 3334 | const struct xfrm_selector *sel) |
| 3322 | { | 3335 | { |
| 3323 | struct sadb_address *addr; | 3336 | struct sadb_address *addr; |
| 3324 | addr = (struct sadb_address *)skb_put(skb, sizeof(struct sadb_address) + sasize); | 3337 | addr = (struct sadb_address *)skb_put(skb, sizeof(struct sadb_address) + sasize); |
| @@ -3348,7 +3361,7 @@ static int set_sadb_address(struct sk_buff *skb, int sasize, int type, | |||
| 3348 | } | 3361 | } |
| 3349 | 3362 | ||
| 3350 | 3363 | ||
| 3351 | static int set_sadb_kmaddress(struct sk_buff *skb, struct xfrm_kmaddress *k) | 3364 | static int set_sadb_kmaddress(struct sk_buff *skb, const struct xfrm_kmaddress *k) |
| 3352 | { | 3365 | { |
| 3353 | struct sadb_x_kmaddress *kma; | 3366 | struct sadb_x_kmaddress *kma; |
| 3354 | u8 *sa; | 3367 | u8 *sa; |
| @@ -3376,7 +3389,7 @@ static int set_sadb_kmaddress(struct sk_buff *skb, struct xfrm_kmaddress *k) | |||
| 3376 | static int set_ipsecrequest(struct sk_buff *skb, | 3389 | static int set_ipsecrequest(struct sk_buff *skb, |
| 3377 | uint8_t proto, uint8_t mode, int level, | 3390 | uint8_t proto, uint8_t mode, int level, |
| 3378 | uint32_t reqid, uint8_t family, | 3391 | uint32_t reqid, uint8_t family, |
| 3379 | xfrm_address_t *src, xfrm_address_t *dst) | 3392 | const xfrm_address_t *src, const xfrm_address_t *dst) |
| 3380 | { | 3393 | { |
| 3381 | struct sadb_x_ipsecrequest *rq; | 3394 | struct sadb_x_ipsecrequest *rq; |
| 3382 | u8 *sa; | 3395 | u8 *sa; |
| @@ -3404,9 +3417,9 @@ static int set_ipsecrequest(struct sk_buff *skb, | |||
| 3404 | #endif | 3417 | #endif |
| 3405 | 3418 | ||
| 3406 | #ifdef CONFIG_NET_KEY_MIGRATE | 3419 | #ifdef CONFIG_NET_KEY_MIGRATE |
| 3407 | static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, | 3420 | static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, |
| 3408 | struct xfrm_migrate *m, int num_bundles, | 3421 | const struct xfrm_migrate *m, int num_bundles, |
| 3409 | struct xfrm_kmaddress *k) | 3422 | const struct xfrm_kmaddress *k) |
| 3410 | { | 3423 | { |
| 3411 | int i; | 3424 | int i; |
| 3412 | int sasize_sel; | 3425 | int sasize_sel; |
| @@ -3415,7 +3428,7 @@ static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, | |||
| 3415 | struct sk_buff *skb; | 3428 | struct sk_buff *skb; |
| 3416 | struct sadb_msg *hdr; | 3429 | struct sadb_msg *hdr; |
| 3417 | struct sadb_x_policy *pol; | 3430 | struct sadb_x_policy *pol; |
| 3418 | struct xfrm_migrate *mp; | 3431 | const struct xfrm_migrate *mp; |
| 3419 | 3432 | ||
| 3420 | if (type != XFRM_POLICY_TYPE_MAIN) | 3433 | if (type != XFRM_POLICY_TYPE_MAIN) |
| 3421 | return 0; | 3434 | return 0; |
| @@ -3513,9 +3526,9 @@ err: | |||
| 3513 | return -EINVAL; | 3526 | return -EINVAL; |
| 3514 | } | 3527 | } |
| 3515 | #else | 3528 | #else |
| 3516 | static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, | 3529 | static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, |
| 3517 | struct xfrm_migrate *m, int num_bundles, | 3530 | const struct xfrm_migrate *m, int num_bundles, |
| 3518 | struct xfrm_kmaddress *k) | 3531 | const struct xfrm_kmaddress *k) |
| 3519 | { | 3532 | { |
| 3520 | return -ENOPROTOOPT; | 3533 | return -ENOPROTOOPT; |
| 3521 | } | 3534 | } |
| @@ -3655,6 +3668,7 @@ static int pfkey_seq_show(struct seq_file *f, void *v) | |||
| 3655 | } | 3668 | } |
| 3656 | 3669 | ||
| 3657 | static void *pfkey_seq_start(struct seq_file *f, loff_t *ppos) | 3670 | static void *pfkey_seq_start(struct seq_file *f, loff_t *ppos) |
| 3671 | __acquires(rcu) | ||
| 3658 | { | 3672 | { |
| 3659 | struct net *net = seq_file_net(f); | 3673 | struct net *net = seq_file_net(f); |
| 3660 | struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); | 3674 | struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); |
| @@ -3672,6 +3686,7 @@ static void *pfkey_seq_next(struct seq_file *f, void *v, loff_t *ppos) | |||
| 3672 | } | 3686 | } |
| 3673 | 3687 | ||
| 3674 | static void pfkey_seq_stop(struct seq_file *f, void *v) | 3688 | static void pfkey_seq_stop(struct seq_file *f, void *v) |
| 3689 | __releases(rcu) | ||
| 3675 | { | 3690 | { |
| 3676 | rcu_read_unlock(); | 3691 | rcu_read_unlock(); |
| 3677 | } | 3692 | } |