aboutsummaryrefslogtreecommitdiffstats
path: root/net/key/af_key.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/key/af_key.c')
-rw-r--r--net/key/af_key.c167
1 files changed, 84 insertions, 83 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index b4e444063d1f..1c58204d767e 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -152,7 +152,7 @@ static int pfkey_create(struct socket *sock, int protocol)
152 sk = sk_alloc(PF_KEY, GFP_KERNEL, &key_proto, 1); 152 sk = sk_alloc(PF_KEY, GFP_KERNEL, &key_proto, 1);
153 if (sk == NULL) 153 if (sk == NULL)
154 goto out; 154 goto out;
155 155
156 sock->ops = &pfkey_ops; 156 sock->ops = &pfkey_ops;
157 sock_init_data(sock, sk); 157 sock_init_data(sock, sk);
158 158
@@ -487,7 +487,7 @@ static int parse_exthdrs(struct sk_buff *skb, struct sadb_msg *hdr, void **ext_h
487 ext_type == SADB_X_EXT_NAT_T_OA) { 487 ext_type == SADB_X_EXT_NAT_T_OA) {
488 if (verify_address_len(p)) 488 if (verify_address_len(p))
489 return -EINVAL; 489 return -EINVAL;
490 } 490 }
491 if (ext_type == SADB_X_EXT_SEC_CTX) { 491 if (ext_type == SADB_X_EXT_SEC_CTX) {
492 if (verify_sec_ctx_len(p)) 492 if (verify_sec_ctx_len(p))
493 return -EINVAL; 493 return -EINVAL;
@@ -556,12 +556,12 @@ static int pfkey_sadb_addr2xfrm_addr(struct sadb_address *addr,
556{ 556{
557 switch (((struct sockaddr*)(addr + 1))->sa_family) { 557 switch (((struct sockaddr*)(addr + 1))->sa_family) {
558 case AF_INET: 558 case AF_INET:
559 xaddr->a4 = 559 xaddr->a4 =
560 ((struct sockaddr_in *)(addr + 1))->sin_addr.s_addr; 560 ((struct sockaddr_in *)(addr + 1))->sin_addr.s_addr;
561 return AF_INET; 561 return AF_INET;
562#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 562#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
563 case AF_INET6: 563 case AF_INET6:
564 memcpy(xaddr->a6, 564 memcpy(xaddr->a6,
565 &((struct sockaddr_in6 *)(addr + 1))->sin6_addr, 565 &((struct sockaddr_in6 *)(addr + 1))->sin6_addr,
566 sizeof(struct in6_addr)); 566 sizeof(struct in6_addr));
567 return AF_INET6; 567 return AF_INET6;
@@ -659,11 +659,11 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
659 659
660 /* base, SA, (lifetime (HSC),) address(SD), (address(P),) 660 /* base, SA, (lifetime (HSC),) address(SD), (address(P),)
661 key(AE), (identity(SD),) (sensitivity)> */ 661 key(AE), (identity(SD),) (sensitivity)> */
662 size = sizeof(struct sadb_msg) +sizeof(struct sadb_sa) + 662 size = sizeof(struct sadb_msg) +sizeof(struct sadb_sa) +
663 sizeof(struct sadb_lifetime) + 663 sizeof(struct sadb_lifetime) +
664 ((hsc & 1) ? sizeof(struct sadb_lifetime) : 0) + 664 ((hsc & 1) ? sizeof(struct sadb_lifetime) : 0) +
665 ((hsc & 2) ? sizeof(struct sadb_lifetime) : 0) + 665 ((hsc & 2) ? sizeof(struct sadb_lifetime) : 0) +
666 sizeof(struct sadb_address)*2 + 666 sizeof(struct sadb_address)*2 +
667 sockaddr_size*2 + 667 sockaddr_size*2 +
668 sizeof(struct sadb_x_sa2); 668 sizeof(struct sadb_x_sa2);
669 669
@@ -685,13 +685,13 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
685 685
686 if (add_keys) { 686 if (add_keys) {
687 if (x->aalg && x->aalg->alg_key_len) { 687 if (x->aalg && x->aalg->alg_key_len) {
688 auth_key_size = 688 auth_key_size =
689 PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8); 689 PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8);
690 size += sizeof(struct sadb_key) + auth_key_size; 690 size += sizeof(struct sadb_key) + auth_key_size;
691 } 691 }
692 if (x->ealg && x->ealg->alg_key_len) { 692 if (x->ealg && x->ealg->alg_key_len) {
693 encrypt_key_size = 693 encrypt_key_size =
694 PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8); 694 PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8);
695 size += sizeof(struct sadb_key) + encrypt_key_size; 695 size += sizeof(struct sadb_key) + encrypt_key_size;
696 } 696 }
697 } 697 }
@@ -758,7 +758,7 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
758 758
759 /* hard time */ 759 /* hard time */
760 if (hsc & 2) { 760 if (hsc & 2) {
761 lifetime = (struct sadb_lifetime *) skb_put(skb, 761 lifetime = (struct sadb_lifetime *) skb_put(skb,
762 sizeof(struct sadb_lifetime)); 762 sizeof(struct sadb_lifetime));
763 lifetime->sadb_lifetime_len = 763 lifetime->sadb_lifetime_len =
764 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 764 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
@@ -770,7 +770,7 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
770 } 770 }
771 /* soft time */ 771 /* soft time */
772 if (hsc & 1) { 772 if (hsc & 1) {
773 lifetime = (struct sadb_lifetime *) skb_put(skb, 773 lifetime = (struct sadb_lifetime *) skb_put(skb,
774 sizeof(struct sadb_lifetime)); 774 sizeof(struct sadb_lifetime));
775 lifetime->sadb_lifetime_len = 775 lifetime->sadb_lifetime_len =
776 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 776 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
@@ -791,16 +791,16 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
791 lifetime->sadb_lifetime_addtime = x->curlft.add_time; 791 lifetime->sadb_lifetime_addtime = x->curlft.add_time;
792 lifetime->sadb_lifetime_usetime = x->curlft.use_time; 792 lifetime->sadb_lifetime_usetime = x->curlft.use_time;
793 /* src address */ 793 /* src address */
794 addr = (struct sadb_address*) skb_put(skb, 794 addr = (struct sadb_address*) skb_put(skb,
795 sizeof(struct sadb_address)+sockaddr_size); 795 sizeof(struct sadb_address)+sockaddr_size);
796 addr->sadb_address_len = 796 addr->sadb_address_len =
797 (sizeof(struct sadb_address)+sockaddr_size)/ 797 (sizeof(struct sadb_address)+sockaddr_size)/
798 sizeof(uint64_t); 798 sizeof(uint64_t);
799 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 799 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
800 /* "if the ports are non-zero, then the sadb_address_proto field, 800 /* "if the ports are non-zero, then the sadb_address_proto field,
801 normally zero, MUST be filled in with the transport 801 normally zero, MUST be filled in with the transport
802 protocol's number." - RFC2367 */ 802 protocol's number." - RFC2367 */
803 addr->sadb_address_proto = 0; 803 addr->sadb_address_proto = 0;
804 addr->sadb_address_reserved = 0; 804 addr->sadb_address_reserved = 0;
805 if (x->props.family == AF_INET) { 805 if (x->props.family == AF_INET) {
806 addr->sadb_address_prefixlen = 32; 806 addr->sadb_address_prefixlen = 32;
@@ -813,29 +813,29 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
813 } 813 }
814#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 814#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
815 else if (x->props.family == AF_INET6) { 815 else if (x->props.family == AF_INET6) {
816 addr->sadb_address_prefixlen = 128; 816 addr->sadb_address_prefixlen = 128;
817 817
818 sin6 = (struct sockaddr_in6 *) (addr + 1); 818 sin6 = (struct sockaddr_in6 *) (addr + 1);
819 sin6->sin6_family = AF_INET6; 819 sin6->sin6_family = AF_INET6;
820 sin6->sin6_port = 0; 820 sin6->sin6_port = 0;
821 sin6->sin6_flowinfo = 0; 821 sin6->sin6_flowinfo = 0;
822 memcpy(&sin6->sin6_addr, x->props.saddr.a6, 822 memcpy(&sin6->sin6_addr, x->props.saddr.a6,
823 sizeof(struct in6_addr)); 823 sizeof(struct in6_addr));
824 sin6->sin6_scope_id = 0; 824 sin6->sin6_scope_id = 0;
825 } 825 }
826#endif 826#endif
827 else 827 else
828 BUG(); 828 BUG();
829 829
830 /* dst address */ 830 /* dst address */
831 addr = (struct sadb_address*) skb_put(skb, 831 addr = (struct sadb_address*) skb_put(skb,
832 sizeof(struct sadb_address)+sockaddr_size); 832 sizeof(struct sadb_address)+sockaddr_size);
833 addr->sadb_address_len = 833 addr->sadb_address_len =
834 (sizeof(struct sadb_address)+sockaddr_size)/ 834 (sizeof(struct sadb_address)+sockaddr_size)/
835 sizeof(uint64_t); 835 sizeof(uint64_t);
836 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 836 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
837 addr->sadb_address_proto = 0; 837 addr->sadb_address_proto = 0;
838 addr->sadb_address_prefixlen = 32; /* XXX */ 838 addr->sadb_address_prefixlen = 32; /* XXX */
839 addr->sadb_address_reserved = 0; 839 addr->sadb_address_reserved = 0;
840 if (x->props.family == AF_INET) { 840 if (x->props.family == AF_INET) {
841 sin = (struct sockaddr_in *) (addr + 1); 841 sin = (struct sockaddr_in *) (addr + 1);
@@ -845,9 +845,9 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
845 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 845 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
846 846
847 if (x->sel.saddr.a4 != x->props.saddr.a4) { 847 if (x->sel.saddr.a4 != x->props.saddr.a4) {
848 addr = (struct sadb_address*) skb_put(skb, 848 addr = (struct sadb_address*) skb_put(skb,
849 sizeof(struct sadb_address)+sockaddr_size); 849 sizeof(struct sadb_address)+sockaddr_size);
850 addr->sadb_address_len = 850 addr->sadb_address_len =
851 (sizeof(struct sadb_address)+sockaddr_size)/ 851 (sizeof(struct sadb_address)+sockaddr_size)/
852 sizeof(uint64_t); 852 sizeof(uint64_t);
853 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY; 853 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;
@@ -876,9 +876,9 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
876 876
877 if (memcmp (x->sel.saddr.a6, x->props.saddr.a6, 877 if (memcmp (x->sel.saddr.a6, x->props.saddr.a6,
878 sizeof(struct in6_addr))) { 878 sizeof(struct in6_addr))) {
879 addr = (struct sadb_address *) skb_put(skb, 879 addr = (struct sadb_address *) skb_put(skb,
880 sizeof(struct sadb_address)+sockaddr_size); 880 sizeof(struct sadb_address)+sockaddr_size);
881 addr->sadb_address_len = 881 addr->sadb_address_len =
882 (sizeof(struct sadb_address)+sockaddr_size)/ 882 (sizeof(struct sadb_address)+sockaddr_size)/
883 sizeof(uint64_t); 883 sizeof(uint64_t);
884 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY; 884 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;
@@ -902,7 +902,7 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
902 902
903 /* auth key */ 903 /* auth key */
904 if (add_keys && auth_key_size) { 904 if (add_keys && auth_key_size) {
905 key = (struct sadb_key *) skb_put(skb, 905 key = (struct sadb_key *) skb_put(skb,
906 sizeof(struct sadb_key)+auth_key_size); 906 sizeof(struct sadb_key)+auth_key_size);
907 key->sadb_key_len = (sizeof(struct sadb_key) + auth_key_size) / 907 key->sadb_key_len = (sizeof(struct sadb_key) + auth_key_size) /
908 sizeof(uint64_t); 908 sizeof(uint64_t);
@@ -913,14 +913,14 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
913 } 913 }
914 /* encrypt key */ 914 /* encrypt key */
915 if (add_keys && encrypt_key_size) { 915 if (add_keys && encrypt_key_size) {
916 key = (struct sadb_key *) skb_put(skb, 916 key = (struct sadb_key *) skb_put(skb,
917 sizeof(struct sadb_key)+encrypt_key_size); 917 sizeof(struct sadb_key)+encrypt_key_size);
918 key->sadb_key_len = (sizeof(struct sadb_key) + 918 key->sadb_key_len = (sizeof(struct sadb_key) +
919 encrypt_key_size) / sizeof(uint64_t); 919 encrypt_key_size) / sizeof(uint64_t);
920 key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT; 920 key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
921 key->sadb_key_bits = x->ealg->alg_key_len; 921 key->sadb_key_bits = x->ealg->alg_key_len;
922 key->sadb_key_reserved = 0; 922 key->sadb_key_reserved = 0;
923 memcpy(key + 1, x->ealg->alg_key, 923 memcpy(key + 1, x->ealg->alg_key,
924 (x->ealg->alg_key_len+7)/8); 924 (x->ealg->alg_key_len+7)/8);
925 } 925 }
926 926
@@ -979,17 +979,17 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
979 return skb; 979 return skb;
980} 980}
981 981
982static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr, 982static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr,
983 void **ext_hdrs) 983 void **ext_hdrs)
984{ 984{
985 struct xfrm_state *x; 985 struct xfrm_state *x;
986 struct sadb_lifetime *lifetime; 986 struct sadb_lifetime *lifetime;
987 struct sadb_sa *sa; 987 struct sadb_sa *sa;
988 struct sadb_key *key; 988 struct sadb_key *key;
989 struct sadb_x_sec_ctx *sec_ctx; 989 struct sadb_x_sec_ctx *sec_ctx;
990 uint16_t proto; 990 uint16_t proto;
991 int err; 991 int err;
992 992
993 993
994 sa = (struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1]; 994 sa = (struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1];
995 if (!sa || 995 if (!sa ||
@@ -1022,7 +1022,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr,
1022 SADB_SASTATE_MATURE and the kernel MUST return an error if this is 1022 SADB_SASTATE_MATURE and the kernel MUST return an error if this is
1023 not true. 1023 not true.
1024 1024
1025 However, KAME setkey always uses SADB_SASTATE_LARVAL. 1025 However, KAME setkey always uses SADB_SASTATE_LARVAL.
1026 Hence, we have to _ignore_ sadb_sa_state, which is also reasonable. 1026 Hence, we have to _ignore_ sadb_sa_state, which is also reasonable.
1027 */ 1027 */
1028 if (sa->sadb_sa_auth > SADB_AALG_MAX || 1028 if (sa->sadb_sa_auth > SADB_AALG_MAX ||
@@ -1144,13 +1144,13 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr,
1144 } 1144 }
1145 /* x->algo.flags = sa->sadb_sa_flags; */ 1145 /* x->algo.flags = sa->sadb_sa_flags; */
1146 1146
1147 x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1147 x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1148 &x->props.saddr); 1148 &x->props.saddr);
1149 if (!x->props.family) { 1149 if (!x->props.family) {
1150 err = -EAFNOSUPPORT; 1150 err = -EAFNOSUPPORT;
1151 goto out; 1151 goto out;
1152 } 1152 }
1153 pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1], 1153 pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1],
1154 &x->id.daddr); 1154 &x->id.daddr);
1155 1155
1156 if (ext_hdrs[SADB_X_EXT_SA2-1]) { 1156 if (ext_hdrs[SADB_X_EXT_SA2-1]) {
@@ -1410,7 +1410,7 @@ static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr,
1410 struct km_event c; 1410 struct km_event c;
1411 1411
1412 xfrm_probe_algs(); 1412 xfrm_probe_algs();
1413 1413
1414 x = pfkey_msg2xfrm_state(hdr, ext_hdrs); 1414 x = pfkey_msg2xfrm_state(hdr, ext_hdrs);
1415 if (IS_ERR(x)) 1415 if (IS_ERR(x))
1416 return PTR_ERR(x); 1416 return PTR_ERR(x);
@@ -1530,13 +1530,13 @@ static struct sk_buff *compose_sadb_supported(struct sadb_msg *orig,
1530 auth_len *= sizeof(struct sadb_alg); 1530 auth_len *= sizeof(struct sadb_alg);
1531 auth_len += sizeof(struct sadb_supported); 1531 auth_len += sizeof(struct sadb_supported);
1532 } 1532 }
1533 1533
1534 enc_len = xfrm_count_enc_supported(); 1534 enc_len = xfrm_count_enc_supported();
1535 if (enc_len) { 1535 if (enc_len) {
1536 enc_len *= sizeof(struct sadb_alg); 1536 enc_len *= sizeof(struct sadb_alg);
1537 enc_len += sizeof(struct sadb_supported); 1537 enc_len += sizeof(struct sadb_supported);
1538 } 1538 }
1539 1539
1540 len = enc_len + auth_len + sizeof(struct sadb_msg); 1540 len = enc_len + auth_len + sizeof(struct sadb_msg);
1541 1541
1542 skb = alloc_skb(len + 16, allocation); 1542 skb = alloc_skb(len + 16, allocation);
@@ -1605,7 +1605,7 @@ static int pfkey_register(struct sock *sk, struct sk_buff *skb, struct sadb_msg
1605 } 1605 }
1606 1606
1607 xfrm_probe_algs(); 1607 xfrm_probe_algs();
1608 1608
1609 supp_skb = compose_sadb_supported(hdr, GFP_KERNEL); 1609 supp_skb = compose_sadb_supported(hdr, GFP_KERNEL);
1610 if (!supp_skb) { 1610 if (!supp_skb) {
1611 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) 1611 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
@@ -1856,7 +1856,7 @@ static int pfkey_xfrm_policy2msg_size(struct xfrm_policy *xp)
1856 1856
1857 return sizeof(struct sadb_msg) + 1857 return sizeof(struct sadb_msg) +
1858 (sizeof(struct sadb_lifetime) * 3) + 1858 (sizeof(struct sadb_lifetime) * 3) +
1859 (sizeof(struct sadb_address) * 2) + 1859 (sizeof(struct sadb_address) * 2) +
1860 (sockaddr_size * 2) + 1860 (sockaddr_size * 2) +
1861 sizeof(struct sadb_x_policy) + 1861 sizeof(struct sadb_x_policy) +
1862 (xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) + 1862 (xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) +
@@ -1904,9 +1904,9 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i
1904 memset(hdr, 0, size); /* XXX do we need this ? */ 1904 memset(hdr, 0, size); /* XXX do we need this ? */
1905 1905
1906 /* src address */ 1906 /* src address */
1907 addr = (struct sadb_address*) skb_put(skb, 1907 addr = (struct sadb_address*) skb_put(skb,
1908 sizeof(struct sadb_address)+sockaddr_size); 1908 sizeof(struct sadb_address)+sockaddr_size);
1909 addr->sadb_address_len = 1909 addr->sadb_address_len =
1910 (sizeof(struct sadb_address)+sockaddr_size)/ 1910 (sizeof(struct sadb_address)+sockaddr_size)/
1911 sizeof(uint64_t); 1911 sizeof(uint64_t);
1912 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 1912 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
@@ -1936,14 +1936,14 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i
1936 BUG(); 1936 BUG();
1937 1937
1938 /* dst address */ 1938 /* dst address */
1939 addr = (struct sadb_address*) skb_put(skb, 1939 addr = (struct sadb_address*) skb_put(skb,
1940 sizeof(struct sadb_address)+sockaddr_size); 1940 sizeof(struct sadb_address)+sockaddr_size);
1941 addr->sadb_address_len = 1941 addr->sadb_address_len =
1942 (sizeof(struct sadb_address)+sockaddr_size)/ 1942 (sizeof(struct sadb_address)+sockaddr_size)/
1943 sizeof(uint64_t); 1943 sizeof(uint64_t);
1944 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 1944 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
1945 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto); 1945 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
1946 addr->sadb_address_prefixlen = xp->selector.prefixlen_d; 1946 addr->sadb_address_prefixlen = xp->selector.prefixlen_d;
1947 addr->sadb_address_reserved = 0; 1947 addr->sadb_address_reserved = 0;
1948 if (xp->family == AF_INET) { 1948 if (xp->family == AF_INET) {
1949 sin = (struct sockaddr_in *) (addr + 1); 1949 sin = (struct sockaddr_in *) (addr + 1);
@@ -1967,7 +1967,7 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i
1967 BUG(); 1967 BUG();
1968 1968
1969 /* hard time */ 1969 /* hard time */
1970 lifetime = (struct sadb_lifetime *) skb_put(skb, 1970 lifetime = (struct sadb_lifetime *) skb_put(skb,
1971 sizeof(struct sadb_lifetime)); 1971 sizeof(struct sadb_lifetime));
1972 lifetime->sadb_lifetime_len = 1972 lifetime->sadb_lifetime_len =
1973 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 1973 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
@@ -1977,7 +1977,7 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i
1977 lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds; 1977 lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds;
1978 lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds; 1978 lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds;
1979 /* soft time */ 1979 /* soft time */
1980 lifetime = (struct sadb_lifetime *) skb_put(skb, 1980 lifetime = (struct sadb_lifetime *) skb_put(skb,
1981 sizeof(struct sadb_lifetime)); 1981 sizeof(struct sadb_lifetime));
1982 lifetime->sadb_lifetime_len = 1982 lifetime->sadb_lifetime_len =
1983 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 1983 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
@@ -1987,7 +1987,7 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i
1987 lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds; 1987 lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds;
1988 lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds; 1988 lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds;
1989 /* current time */ 1989 /* current time */
1990 lifetime = (struct sadb_lifetime *) skb_put(skb, 1990 lifetime = (struct sadb_lifetime *) skb_put(skb,
1991 sizeof(struct sadb_lifetime)); 1991 sizeof(struct sadb_lifetime));
1992 lifetime->sadb_lifetime_len = 1992 lifetime->sadb_lifetime_len =
1993 sizeof(struct sadb_lifetime)/sizeof(uint64_t); 1993 sizeof(struct sadb_lifetime)/sizeof(uint64_t);
@@ -2019,8 +2019,8 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i
2019 req_size = sizeof(struct sadb_x_ipsecrequest); 2019 req_size = sizeof(struct sadb_x_ipsecrequest);
2020 if (t->mode == XFRM_MODE_TUNNEL) 2020 if (t->mode == XFRM_MODE_TUNNEL)
2021 req_size += ((t->encap_family == AF_INET ? 2021 req_size += ((t->encap_family == AF_INET ?
2022 sizeof(struct sockaddr_in) : 2022 sizeof(struct sockaddr_in) :
2023 sizeof(struct sockaddr_in6)) * 2); 2023 sizeof(struct sockaddr_in6)) * 2);
2024 else 2024 else
2025 size -= 2*socklen; 2025 size -= 2*socklen;
2026 rq = (void*)skb_put(skb, req_size); 2026 rq = (void*)skb_put(skb, req_size);
@@ -2150,7 +2150,7 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2150 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW); 2150 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
2151 xp->priority = pol->sadb_x_policy_priority; 2151 xp->priority = pol->sadb_x_policy_priority;
2152 2152
2153 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 2153 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2154 xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr); 2154 xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
2155 if (!xp->family) { 2155 if (!xp->family) {
2156 err = -EINVAL; 2156 err = -EINVAL;
@@ -2163,7 +2163,7 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2163 if (xp->selector.sport) 2163 if (xp->selector.sport)
2164 xp->selector.sport_mask = htons(0xffff); 2164 xp->selector.sport_mask = htons(0xffff);
2165 2165
2166 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1], 2166 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1],
2167 pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr); 2167 pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr);
2168 xp->selector.prefixlen_d = sa->sadb_address_prefixlen; 2168 xp->selector.prefixlen_d = sa->sadb_address_prefixlen;
2169 2169
@@ -2224,7 +2224,7 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2224 2224
2225 if (hdr->sadb_msg_type == SADB_X_SPDUPDATE) 2225 if (hdr->sadb_msg_type == SADB_X_SPDUPDATE)
2226 c.event = XFRM_MSG_UPDPOLICY; 2226 c.event = XFRM_MSG_UPDPOLICY;
2227 else 2227 else
2228 c.event = XFRM_MSG_NEWPOLICY; 2228 c.event = XFRM_MSG_NEWPOLICY;
2229 2229
2230 c.seq = hdr->sadb_msg_seq; 2230 c.seq = hdr->sadb_msg_seq;
@@ -2261,7 +2261,7 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2261 2261
2262 memset(&sel, 0, sizeof(sel)); 2262 memset(&sel, 0, sizeof(sel));
2263 2263
2264 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 2264 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2265 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr); 2265 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2266 sel.prefixlen_s = sa->sadb_address_prefixlen; 2266 sel.prefixlen_s = sa->sadb_address_prefixlen;
2267 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2267 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
@@ -2269,7 +2269,7 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2269 if (sel.sport) 2269 if (sel.sport)
2270 sel.sport_mask = htons(0xffff); 2270 sel.sport_mask = htons(0xffff);
2271 2271
2272 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1], 2272 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1],
2273 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr); 2273 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2274 sel.prefixlen_d = sa->sadb_address_prefixlen; 2274 sel.prefixlen_d = sa->sadb_address_prefixlen;
2275 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2275 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
@@ -2297,16 +2297,17 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2297 &sel, tmp.security, 1); 2297 &sel, tmp.security, 1);
2298 security_xfrm_policy_free(&tmp); 2298 security_xfrm_policy_free(&tmp);
2299 2299
2300 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
2301 AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL);
2302
2303 if (xp == NULL) 2300 if (xp == NULL)
2304 return -ENOENT; 2301 return -ENOENT;
2305 2302
2306 err = 0; 2303 err = security_xfrm_policy_delete(xp);
2307 2304
2308 if ((err = security_xfrm_policy_delete(xp))) 2305 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
2306 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
2307
2308 if (err)
2309 goto out; 2309 goto out;
2310
2310 c.seq = hdr->sadb_msg_seq; 2311 c.seq = hdr->sadb_msg_seq;
2311 c.pid = hdr->sadb_msg_pid; 2312 c.pid = hdr->sadb_msg_pid;
2312 c.event = XFRM_MSG_DELPOLICY; 2313 c.event = XFRM_MSG_DELPOLICY;
@@ -2743,15 +2744,15 @@ static int count_esp_combs(struct xfrm_tmpl *t)
2743 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); 2744 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2744 if (!ealg) 2745 if (!ealg)
2745 break; 2746 break;
2746 2747
2747 if (!(ealg_tmpl_set(t, ealg) && ealg->available)) 2748 if (!(ealg_tmpl_set(t, ealg) && ealg->available))
2748 continue; 2749 continue;
2749 2750
2750 for (k = 1; ; k++) { 2751 for (k = 1; ; k++) {
2751 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); 2752 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
2752 if (!aalg) 2753 if (!aalg)
2753 break; 2754 break;
2754 2755
2755 if (aalg_tmpl_set(t, aalg) && aalg->available) 2756 if (aalg_tmpl_set(t, aalg) && aalg->available)
2756 sz += sizeof(struct sadb_comb); 2757 sz += sizeof(struct sadb_comb);
2757 } 2758 }
@@ -2806,10 +2807,10 @@ static void dump_esp_combs(struct sk_buff *skb, struct xfrm_tmpl *t)
2806 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); 2807 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2807 if (!ealg) 2808 if (!ealg)
2808 break; 2809 break;
2809 2810
2810 if (!(ealg_tmpl_set(t, ealg) && ealg->available)) 2811 if (!(ealg_tmpl_set(t, ealg) && ealg->available))
2811 continue; 2812 continue;
2812 2813
2813 for (k = 1; ; k++) { 2814 for (k = 1; ; k++) {
2814 struct sadb_comb *c; 2815 struct sadb_comb *c;
2815 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); 2816 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
@@ -2941,7 +2942,7 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
2941 struct sadb_x_sec_ctx *sec_ctx; 2942 struct sadb_x_sec_ctx *sec_ctx;
2942 struct xfrm_sec_ctx *xfrm_ctx; 2943 struct xfrm_sec_ctx *xfrm_ctx;
2943 int ctx_size = 0; 2944 int ctx_size = 0;
2944 2945
2945 sockaddr_size = pfkey_sockaddr_size(x->props.family); 2946 sockaddr_size = pfkey_sockaddr_size(x->props.family);
2946 if (!sockaddr_size) 2947 if (!sockaddr_size)
2947 return -EINVAL; 2948 return -EINVAL;
@@ -2950,7 +2951,7 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
2950 (sizeof(struct sadb_address) * 2) + 2951 (sizeof(struct sadb_address) * 2) +
2951 (sockaddr_size * 2) + 2952 (sockaddr_size * 2) +
2952 sizeof(struct sadb_x_policy); 2953 sizeof(struct sadb_x_policy);
2953 2954
2954 if (x->id.proto == IPPROTO_AH) 2955 if (x->id.proto == IPPROTO_AH)
2955 size += count_ah_combs(t); 2956 size += count_ah_combs(t);
2956 else if (x->id.proto == IPPROTO_ESP) 2957 else if (x->id.proto == IPPROTO_ESP)
@@ -2964,7 +2965,7 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
2964 skb = alloc_skb(size + 16, GFP_ATOMIC); 2965 skb = alloc_skb(size + 16, GFP_ATOMIC);
2965 if (skb == NULL) 2966 if (skb == NULL)
2966 return -ENOMEM; 2967 return -ENOMEM;
2967 2968
2968 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); 2969 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
2969 hdr->sadb_msg_version = PF_KEY_V2; 2970 hdr->sadb_msg_version = PF_KEY_V2;
2970 hdr->sadb_msg_type = SADB_ACQUIRE; 2971 hdr->sadb_msg_type = SADB_ACQUIRE;
@@ -2976,9 +2977,9 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
2976 hdr->sadb_msg_pid = 0; 2977 hdr->sadb_msg_pid = 0;
2977 2978
2978 /* src address */ 2979 /* src address */
2979 addr = (struct sadb_address*) skb_put(skb, 2980 addr = (struct sadb_address*) skb_put(skb,
2980 sizeof(struct sadb_address)+sockaddr_size); 2981 sizeof(struct sadb_address)+sockaddr_size);
2981 addr->sadb_address_len = 2982 addr->sadb_address_len =
2982 (sizeof(struct sadb_address)+sockaddr_size)/ 2983 (sizeof(struct sadb_address)+sockaddr_size)/
2983 sizeof(uint64_t); 2984 sizeof(uint64_t);
2984 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 2985 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
@@ -3008,9 +3009,9 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
3008#endif 3009#endif
3009 else 3010 else
3010 BUG(); 3011 BUG();
3011 3012
3012 /* dst address */ 3013 /* dst address */
3013 addr = (struct sadb_address*) skb_put(skb, 3014 addr = (struct sadb_address*) skb_put(skb,
3014 sizeof(struct sadb_address)+sockaddr_size); 3015 sizeof(struct sadb_address)+sockaddr_size);
3015 addr->sadb_address_len = 3016 addr->sadb_address_len =
3016 (sizeof(struct sadb_address)+sockaddr_size)/ 3017 (sizeof(struct sadb_address)+sockaddr_size)/
@@ -3019,7 +3020,7 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
3019 addr->sadb_address_proto = 0; 3020 addr->sadb_address_proto = 0;
3020 addr->sadb_address_reserved = 0; 3021 addr->sadb_address_reserved = 0;
3021 if (x->props.family == AF_INET) { 3022 if (x->props.family == AF_INET) {
3022 addr->sadb_address_prefixlen = 32; 3023 addr->sadb_address_prefixlen = 32;
3023 3024
3024 sin = (struct sockaddr_in *) (addr + 1); 3025 sin = (struct sockaddr_in *) (addr + 1);
3025 sin->sin_family = AF_INET; 3026 sin->sin_family = AF_INET;
@@ -3029,7 +3030,7 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
3029 } 3030 }
3030#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3031#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3031 else if (x->props.family == AF_INET6) { 3032 else if (x->props.family == AF_INET6) {
3032 addr->sadb_address_prefixlen = 128; 3033 addr->sadb_address_prefixlen = 128;
3033 3034
3034 sin6 = (struct sockaddr_in6 *) (addr + 1); 3035 sin6 = (struct sockaddr_in6 *) (addr + 1);
3035 sin6->sin6_family = AF_INET6; 3036 sin6->sin6_family = AF_INET6;
@@ -3074,7 +3075,7 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
3074} 3075}
3075 3076
3076static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt, 3077static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
3077 u8 *data, int len, int *dir) 3078 u8 *data, int len, int *dir)
3078{ 3079{
3079 struct xfrm_policy *xp; 3080 struct xfrm_policy *xp;
3080 struct sadb_x_policy *pol = (struct sadb_x_policy*)data; 3081 struct sadb_x_policy *pol = (struct sadb_x_policy*)data;
@@ -3193,17 +3194,17 @@ static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr,
3193 * HDR | SA | ADDRESS_SRC (old addr) | NAT_T_SPORT (old port) | 3194 * HDR | SA | ADDRESS_SRC (old addr) | NAT_T_SPORT (old port) |
3194 * ADDRESS_DST (new addr) | NAT_T_DPORT (new port) 3195 * ADDRESS_DST (new addr) | NAT_T_DPORT (new port)
3195 */ 3196 */
3196 3197
3197 size = sizeof(struct sadb_msg) + 3198 size = sizeof(struct sadb_msg) +
3198 sizeof(struct sadb_sa) + 3199 sizeof(struct sadb_sa) +
3199 (sizeof(struct sadb_address) * 2) + 3200 (sizeof(struct sadb_address) * 2) +
3200 (sockaddr_size * 2) + 3201 (sockaddr_size * 2) +
3201 (sizeof(struct sadb_x_nat_t_port) * 2); 3202 (sizeof(struct sadb_x_nat_t_port) * 2);
3202 3203
3203 skb = alloc_skb(size + 16, GFP_ATOMIC); 3204 skb = alloc_skb(size + 16, GFP_ATOMIC);
3204 if (skb == NULL) 3205 if (skb == NULL)
3205 return -ENOMEM; 3206 return -ENOMEM;
3206 3207
3207 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); 3208 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
3208 hdr->sadb_msg_version = PF_KEY_V2; 3209 hdr->sadb_msg_version = PF_KEY_V2;
3209 hdr->sadb_msg_type = SADB_X_NAT_T_NEW_MAPPING; 3210 hdr->sadb_msg_type = SADB_X_NAT_T_NEW_MAPPING;
@@ -3228,7 +3229,7 @@ static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr,
3228 /* ADDRESS_SRC (old addr) */ 3229 /* ADDRESS_SRC (old addr) */
3229 addr = (struct sadb_address*) 3230 addr = (struct sadb_address*)
3230 skb_put(skb, sizeof(struct sadb_address)+sockaddr_size); 3231 skb_put(skb, sizeof(struct sadb_address)+sockaddr_size);
3231 addr->sadb_address_len = 3232 addr->sadb_address_len =
3232 (sizeof(struct sadb_address)+sockaddr_size)/ 3233 (sizeof(struct sadb_address)+sockaddr_size)/
3233 sizeof(uint64_t); 3234 sizeof(uint64_t);
3234 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 3235 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
@@ -3269,7 +3270,7 @@ static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr,
3269 /* ADDRESS_DST (new addr) */ 3270 /* ADDRESS_DST (new addr) */
3270 addr = (struct sadb_address*) 3271 addr = (struct sadb_address*)
3271 skb_put(skb, sizeof(struct sadb_address)+sockaddr_size); 3272 skb_put(skb, sizeof(struct sadb_address)+sockaddr_size);
3272 addr->sadb_address_len = 3273 addr->sadb_address_len =
3273 (sizeof(struct sadb_address)+sockaddr_size)/ 3274 (sizeof(struct sadb_address)+sockaddr_size)/
3274 sizeof(uint64_t); 3275 sizeof(uint64_t);
3275 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 3276 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
@@ -3674,7 +3675,7 @@ static int pfkey_read_proc(char *buffer, char **start, off_t offset,
3674 ); 3675 );
3675 3676
3676 buffer[len++] = '\n'; 3677 buffer[len++] = '\n';
3677 3678
3678 pos = begin + len; 3679 pos = begin + len;
3679 if (pos < offset) { 3680 if (pos < offset) {
3680 len = 0; 3681 len = 0;