diff options
Diffstat (limited to 'net/key/af_key.c')
-rw-r--r-- | net/key/af_key.c | 167 |
1 files changed, 84 insertions, 83 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c index b4e444063d1f..1c58204d767e 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
@@ -152,7 +152,7 @@ static int pfkey_create(struct socket *sock, int protocol) | |||
152 | sk = sk_alloc(PF_KEY, GFP_KERNEL, &key_proto, 1); | 152 | sk = sk_alloc(PF_KEY, GFP_KERNEL, &key_proto, 1); |
153 | if (sk == NULL) | 153 | if (sk == NULL) |
154 | goto out; | 154 | goto out; |
155 | 155 | ||
156 | sock->ops = &pfkey_ops; | 156 | sock->ops = &pfkey_ops; |
157 | sock_init_data(sock, sk); | 157 | sock_init_data(sock, sk); |
158 | 158 | ||
@@ -487,7 +487,7 @@ static int parse_exthdrs(struct sk_buff *skb, struct sadb_msg *hdr, void **ext_h | |||
487 | ext_type == SADB_X_EXT_NAT_T_OA) { | 487 | ext_type == SADB_X_EXT_NAT_T_OA) { |
488 | if (verify_address_len(p)) | 488 | if (verify_address_len(p)) |
489 | return -EINVAL; | 489 | return -EINVAL; |
490 | } | 490 | } |
491 | if (ext_type == SADB_X_EXT_SEC_CTX) { | 491 | if (ext_type == SADB_X_EXT_SEC_CTX) { |
492 | if (verify_sec_ctx_len(p)) | 492 | if (verify_sec_ctx_len(p)) |
493 | return -EINVAL; | 493 | return -EINVAL; |
@@ -556,12 +556,12 @@ static int pfkey_sadb_addr2xfrm_addr(struct sadb_address *addr, | |||
556 | { | 556 | { |
557 | switch (((struct sockaddr*)(addr + 1))->sa_family) { | 557 | switch (((struct sockaddr*)(addr + 1))->sa_family) { |
558 | case AF_INET: | 558 | case AF_INET: |
559 | xaddr->a4 = | 559 | xaddr->a4 = |
560 | ((struct sockaddr_in *)(addr + 1))->sin_addr.s_addr; | 560 | ((struct sockaddr_in *)(addr + 1))->sin_addr.s_addr; |
561 | return AF_INET; | 561 | return AF_INET; |
562 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 562 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
563 | case AF_INET6: | 563 | case AF_INET6: |
564 | memcpy(xaddr->a6, | 564 | memcpy(xaddr->a6, |
565 | &((struct sockaddr_in6 *)(addr + 1))->sin6_addr, | 565 | &((struct sockaddr_in6 *)(addr + 1))->sin6_addr, |
566 | sizeof(struct in6_addr)); | 566 | sizeof(struct in6_addr)); |
567 | return AF_INET6; | 567 | return AF_INET6; |
@@ -659,11 +659,11 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys, | |||
659 | 659 | ||
660 | /* base, SA, (lifetime (HSC),) address(SD), (address(P),) | 660 | /* base, SA, (lifetime (HSC),) address(SD), (address(P),) |
661 | key(AE), (identity(SD),) (sensitivity)> */ | 661 | key(AE), (identity(SD),) (sensitivity)> */ |
662 | size = sizeof(struct sadb_msg) +sizeof(struct sadb_sa) + | 662 | size = sizeof(struct sadb_msg) +sizeof(struct sadb_sa) + |
663 | sizeof(struct sadb_lifetime) + | 663 | sizeof(struct sadb_lifetime) + |
664 | ((hsc & 1) ? sizeof(struct sadb_lifetime) : 0) + | 664 | ((hsc & 1) ? sizeof(struct sadb_lifetime) : 0) + |
665 | ((hsc & 2) ? sizeof(struct sadb_lifetime) : 0) + | 665 | ((hsc & 2) ? sizeof(struct sadb_lifetime) : 0) + |
666 | sizeof(struct sadb_address)*2 + | 666 | sizeof(struct sadb_address)*2 + |
667 | sockaddr_size*2 + | 667 | sockaddr_size*2 + |
668 | sizeof(struct sadb_x_sa2); | 668 | sizeof(struct sadb_x_sa2); |
669 | 669 | ||
@@ -685,13 +685,13 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys, | |||
685 | 685 | ||
686 | if (add_keys) { | 686 | if (add_keys) { |
687 | if (x->aalg && x->aalg->alg_key_len) { | 687 | if (x->aalg && x->aalg->alg_key_len) { |
688 | auth_key_size = | 688 | auth_key_size = |
689 | PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8); | 689 | PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8); |
690 | size += sizeof(struct sadb_key) + auth_key_size; | 690 | size += sizeof(struct sadb_key) + auth_key_size; |
691 | } | 691 | } |
692 | if (x->ealg && x->ealg->alg_key_len) { | 692 | if (x->ealg && x->ealg->alg_key_len) { |
693 | encrypt_key_size = | 693 | encrypt_key_size = |
694 | PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8); | 694 | PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8); |
695 | size += sizeof(struct sadb_key) + encrypt_key_size; | 695 | size += sizeof(struct sadb_key) + encrypt_key_size; |
696 | } | 696 | } |
697 | } | 697 | } |
@@ -758,7 +758,7 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys, | |||
758 | 758 | ||
759 | /* hard time */ | 759 | /* hard time */ |
760 | if (hsc & 2) { | 760 | if (hsc & 2) { |
761 | lifetime = (struct sadb_lifetime *) skb_put(skb, | 761 | lifetime = (struct sadb_lifetime *) skb_put(skb, |
762 | sizeof(struct sadb_lifetime)); | 762 | sizeof(struct sadb_lifetime)); |
763 | lifetime->sadb_lifetime_len = | 763 | lifetime->sadb_lifetime_len = |
764 | sizeof(struct sadb_lifetime)/sizeof(uint64_t); | 764 | sizeof(struct sadb_lifetime)/sizeof(uint64_t); |
@@ -770,7 +770,7 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys, | |||
770 | } | 770 | } |
771 | /* soft time */ | 771 | /* soft time */ |
772 | if (hsc & 1) { | 772 | if (hsc & 1) { |
773 | lifetime = (struct sadb_lifetime *) skb_put(skb, | 773 | lifetime = (struct sadb_lifetime *) skb_put(skb, |
774 | sizeof(struct sadb_lifetime)); | 774 | sizeof(struct sadb_lifetime)); |
775 | lifetime->sadb_lifetime_len = | 775 | lifetime->sadb_lifetime_len = |
776 | sizeof(struct sadb_lifetime)/sizeof(uint64_t); | 776 | sizeof(struct sadb_lifetime)/sizeof(uint64_t); |
@@ -791,16 +791,16 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys, | |||
791 | lifetime->sadb_lifetime_addtime = x->curlft.add_time; | 791 | lifetime->sadb_lifetime_addtime = x->curlft.add_time; |
792 | lifetime->sadb_lifetime_usetime = x->curlft.use_time; | 792 | lifetime->sadb_lifetime_usetime = x->curlft.use_time; |
793 | /* src address */ | 793 | /* src address */ |
794 | addr = (struct sadb_address*) skb_put(skb, | 794 | addr = (struct sadb_address*) skb_put(skb, |
795 | sizeof(struct sadb_address)+sockaddr_size); | 795 | sizeof(struct sadb_address)+sockaddr_size); |
796 | addr->sadb_address_len = | 796 | addr->sadb_address_len = |
797 | (sizeof(struct sadb_address)+sockaddr_size)/ | 797 | (sizeof(struct sadb_address)+sockaddr_size)/ |
798 | sizeof(uint64_t); | 798 | sizeof(uint64_t); |
799 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; | 799 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; |
800 | /* "if the ports are non-zero, then the sadb_address_proto field, | 800 | /* "if the ports are non-zero, then the sadb_address_proto field, |
801 | normally zero, MUST be filled in with the transport | 801 | normally zero, MUST be filled in with the transport |
802 | protocol's number." - RFC2367 */ | 802 | protocol's number." - RFC2367 */ |
803 | addr->sadb_address_proto = 0; | 803 | addr->sadb_address_proto = 0; |
804 | addr->sadb_address_reserved = 0; | 804 | addr->sadb_address_reserved = 0; |
805 | if (x->props.family == AF_INET) { | 805 | if (x->props.family == AF_INET) { |
806 | addr->sadb_address_prefixlen = 32; | 806 | addr->sadb_address_prefixlen = 32; |
@@ -813,29 +813,29 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys, | |||
813 | } | 813 | } |
814 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 814 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
815 | else if (x->props.family == AF_INET6) { | 815 | else if (x->props.family == AF_INET6) { |
816 | addr->sadb_address_prefixlen = 128; | 816 | addr->sadb_address_prefixlen = 128; |
817 | 817 | ||
818 | sin6 = (struct sockaddr_in6 *) (addr + 1); | 818 | sin6 = (struct sockaddr_in6 *) (addr + 1); |
819 | sin6->sin6_family = AF_INET6; | 819 | sin6->sin6_family = AF_INET6; |
820 | sin6->sin6_port = 0; | 820 | sin6->sin6_port = 0; |
821 | sin6->sin6_flowinfo = 0; | 821 | sin6->sin6_flowinfo = 0; |
822 | memcpy(&sin6->sin6_addr, x->props.saddr.a6, | 822 | memcpy(&sin6->sin6_addr, x->props.saddr.a6, |
823 | sizeof(struct in6_addr)); | 823 | sizeof(struct in6_addr)); |
824 | sin6->sin6_scope_id = 0; | 824 | sin6->sin6_scope_id = 0; |
825 | } | 825 | } |
826 | #endif | 826 | #endif |
827 | else | 827 | else |
828 | BUG(); | 828 | BUG(); |
829 | 829 | ||
830 | /* dst address */ | 830 | /* dst address */ |
831 | addr = (struct sadb_address*) skb_put(skb, | 831 | addr = (struct sadb_address*) skb_put(skb, |
832 | sizeof(struct sadb_address)+sockaddr_size); | 832 | sizeof(struct sadb_address)+sockaddr_size); |
833 | addr->sadb_address_len = | 833 | addr->sadb_address_len = |
834 | (sizeof(struct sadb_address)+sockaddr_size)/ | 834 | (sizeof(struct sadb_address)+sockaddr_size)/ |
835 | sizeof(uint64_t); | 835 | sizeof(uint64_t); |
836 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; | 836 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; |
837 | addr->sadb_address_proto = 0; | 837 | addr->sadb_address_proto = 0; |
838 | addr->sadb_address_prefixlen = 32; /* XXX */ | 838 | addr->sadb_address_prefixlen = 32; /* XXX */ |
839 | addr->sadb_address_reserved = 0; | 839 | addr->sadb_address_reserved = 0; |
840 | if (x->props.family == AF_INET) { | 840 | if (x->props.family == AF_INET) { |
841 | sin = (struct sockaddr_in *) (addr + 1); | 841 | sin = (struct sockaddr_in *) (addr + 1); |
@@ -845,9 +845,9 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys, | |||
845 | memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); | 845 | memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); |
846 | 846 | ||
847 | if (x->sel.saddr.a4 != x->props.saddr.a4) { | 847 | if (x->sel.saddr.a4 != x->props.saddr.a4) { |
848 | addr = (struct sadb_address*) skb_put(skb, | 848 | addr = (struct sadb_address*) skb_put(skb, |
849 | sizeof(struct sadb_address)+sockaddr_size); | 849 | sizeof(struct sadb_address)+sockaddr_size); |
850 | addr->sadb_address_len = | 850 | addr->sadb_address_len = |
851 | (sizeof(struct sadb_address)+sockaddr_size)/ | 851 | (sizeof(struct sadb_address)+sockaddr_size)/ |
852 | sizeof(uint64_t); | 852 | sizeof(uint64_t); |
853 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY; | 853 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY; |
@@ -876,9 +876,9 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys, | |||
876 | 876 | ||
877 | if (memcmp (x->sel.saddr.a6, x->props.saddr.a6, | 877 | if (memcmp (x->sel.saddr.a6, x->props.saddr.a6, |
878 | sizeof(struct in6_addr))) { | 878 | sizeof(struct in6_addr))) { |
879 | addr = (struct sadb_address *) skb_put(skb, | 879 | addr = (struct sadb_address *) skb_put(skb, |
880 | sizeof(struct sadb_address)+sockaddr_size); | 880 | sizeof(struct sadb_address)+sockaddr_size); |
881 | addr->sadb_address_len = | 881 | addr->sadb_address_len = |
882 | (sizeof(struct sadb_address)+sockaddr_size)/ | 882 | (sizeof(struct sadb_address)+sockaddr_size)/ |
883 | sizeof(uint64_t); | 883 | sizeof(uint64_t); |
884 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY; | 884 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY; |
@@ -902,7 +902,7 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys, | |||
902 | 902 | ||
903 | /* auth key */ | 903 | /* auth key */ |
904 | if (add_keys && auth_key_size) { | 904 | if (add_keys && auth_key_size) { |
905 | key = (struct sadb_key *) skb_put(skb, | 905 | key = (struct sadb_key *) skb_put(skb, |
906 | sizeof(struct sadb_key)+auth_key_size); | 906 | sizeof(struct sadb_key)+auth_key_size); |
907 | key->sadb_key_len = (sizeof(struct sadb_key) + auth_key_size) / | 907 | key->sadb_key_len = (sizeof(struct sadb_key) + auth_key_size) / |
908 | sizeof(uint64_t); | 908 | sizeof(uint64_t); |
@@ -913,14 +913,14 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys, | |||
913 | } | 913 | } |
914 | /* encrypt key */ | 914 | /* encrypt key */ |
915 | if (add_keys && encrypt_key_size) { | 915 | if (add_keys && encrypt_key_size) { |
916 | key = (struct sadb_key *) skb_put(skb, | 916 | key = (struct sadb_key *) skb_put(skb, |
917 | sizeof(struct sadb_key)+encrypt_key_size); | 917 | sizeof(struct sadb_key)+encrypt_key_size); |
918 | key->sadb_key_len = (sizeof(struct sadb_key) + | 918 | key->sadb_key_len = (sizeof(struct sadb_key) + |
919 | encrypt_key_size) / sizeof(uint64_t); | 919 | encrypt_key_size) / sizeof(uint64_t); |
920 | key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT; | 920 | key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT; |
921 | key->sadb_key_bits = x->ealg->alg_key_len; | 921 | key->sadb_key_bits = x->ealg->alg_key_len; |
922 | key->sadb_key_reserved = 0; | 922 | key->sadb_key_reserved = 0; |
923 | memcpy(key + 1, x->ealg->alg_key, | 923 | memcpy(key + 1, x->ealg->alg_key, |
924 | (x->ealg->alg_key_len+7)/8); | 924 | (x->ealg->alg_key_len+7)/8); |
925 | } | 925 | } |
926 | 926 | ||
@@ -979,17 +979,17 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys, | |||
979 | return skb; | 979 | return skb; |
980 | } | 980 | } |
981 | 981 | ||
982 | static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr, | 982 | static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr, |
983 | void **ext_hdrs) | 983 | void **ext_hdrs) |
984 | { | 984 | { |
985 | struct xfrm_state *x; | 985 | struct xfrm_state *x; |
986 | struct sadb_lifetime *lifetime; | 986 | struct sadb_lifetime *lifetime; |
987 | struct sadb_sa *sa; | 987 | struct sadb_sa *sa; |
988 | struct sadb_key *key; | 988 | struct sadb_key *key; |
989 | struct sadb_x_sec_ctx *sec_ctx; | 989 | struct sadb_x_sec_ctx *sec_ctx; |
990 | uint16_t proto; | 990 | uint16_t proto; |
991 | int err; | 991 | int err; |
992 | 992 | ||
993 | 993 | ||
994 | sa = (struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1]; | 994 | sa = (struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1]; |
995 | if (!sa || | 995 | if (!sa || |
@@ -1022,7 +1022,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr, | |||
1022 | SADB_SASTATE_MATURE and the kernel MUST return an error if this is | 1022 | SADB_SASTATE_MATURE and the kernel MUST return an error if this is |
1023 | not true. | 1023 | not true. |
1024 | 1024 | ||
1025 | However, KAME setkey always uses SADB_SASTATE_LARVAL. | 1025 | However, KAME setkey always uses SADB_SASTATE_LARVAL. |
1026 | Hence, we have to _ignore_ sadb_sa_state, which is also reasonable. | 1026 | Hence, we have to _ignore_ sadb_sa_state, which is also reasonable. |
1027 | */ | 1027 | */ |
1028 | if (sa->sadb_sa_auth > SADB_AALG_MAX || | 1028 | if (sa->sadb_sa_auth > SADB_AALG_MAX || |
@@ -1144,13 +1144,13 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr, | |||
1144 | } | 1144 | } |
1145 | /* x->algo.flags = sa->sadb_sa_flags; */ | 1145 | /* x->algo.flags = sa->sadb_sa_flags; */ |
1146 | 1146 | ||
1147 | x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1], | 1147 | x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1], |
1148 | &x->props.saddr); | 1148 | &x->props.saddr); |
1149 | if (!x->props.family) { | 1149 | if (!x->props.family) { |
1150 | err = -EAFNOSUPPORT; | 1150 | err = -EAFNOSUPPORT; |
1151 | goto out; | 1151 | goto out; |
1152 | } | 1152 | } |
1153 | pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1], | 1153 | pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1], |
1154 | &x->id.daddr); | 1154 | &x->id.daddr); |
1155 | 1155 | ||
1156 | if (ext_hdrs[SADB_X_EXT_SA2-1]) { | 1156 | if (ext_hdrs[SADB_X_EXT_SA2-1]) { |
@@ -1410,7 +1410,7 @@ static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, | |||
1410 | struct km_event c; | 1410 | struct km_event c; |
1411 | 1411 | ||
1412 | xfrm_probe_algs(); | 1412 | xfrm_probe_algs(); |
1413 | 1413 | ||
1414 | x = pfkey_msg2xfrm_state(hdr, ext_hdrs); | 1414 | x = pfkey_msg2xfrm_state(hdr, ext_hdrs); |
1415 | if (IS_ERR(x)) | 1415 | if (IS_ERR(x)) |
1416 | return PTR_ERR(x); | 1416 | return PTR_ERR(x); |
@@ -1530,13 +1530,13 @@ static struct sk_buff *compose_sadb_supported(struct sadb_msg *orig, | |||
1530 | auth_len *= sizeof(struct sadb_alg); | 1530 | auth_len *= sizeof(struct sadb_alg); |
1531 | auth_len += sizeof(struct sadb_supported); | 1531 | auth_len += sizeof(struct sadb_supported); |
1532 | } | 1532 | } |
1533 | 1533 | ||
1534 | enc_len = xfrm_count_enc_supported(); | 1534 | enc_len = xfrm_count_enc_supported(); |
1535 | if (enc_len) { | 1535 | if (enc_len) { |
1536 | enc_len *= sizeof(struct sadb_alg); | 1536 | enc_len *= sizeof(struct sadb_alg); |
1537 | enc_len += sizeof(struct sadb_supported); | 1537 | enc_len += sizeof(struct sadb_supported); |
1538 | } | 1538 | } |
1539 | 1539 | ||
1540 | len = enc_len + auth_len + sizeof(struct sadb_msg); | 1540 | len = enc_len + auth_len + sizeof(struct sadb_msg); |
1541 | 1541 | ||
1542 | skb = alloc_skb(len + 16, allocation); | 1542 | skb = alloc_skb(len + 16, allocation); |
@@ -1605,7 +1605,7 @@ static int pfkey_register(struct sock *sk, struct sk_buff *skb, struct sadb_msg | |||
1605 | } | 1605 | } |
1606 | 1606 | ||
1607 | xfrm_probe_algs(); | 1607 | xfrm_probe_algs(); |
1608 | 1608 | ||
1609 | supp_skb = compose_sadb_supported(hdr, GFP_KERNEL); | 1609 | supp_skb = compose_sadb_supported(hdr, GFP_KERNEL); |
1610 | if (!supp_skb) { | 1610 | if (!supp_skb) { |
1611 | if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) | 1611 | if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) |
@@ -1856,7 +1856,7 @@ static int pfkey_xfrm_policy2msg_size(struct xfrm_policy *xp) | |||
1856 | 1856 | ||
1857 | return sizeof(struct sadb_msg) + | 1857 | return sizeof(struct sadb_msg) + |
1858 | (sizeof(struct sadb_lifetime) * 3) + | 1858 | (sizeof(struct sadb_lifetime) * 3) + |
1859 | (sizeof(struct sadb_address) * 2) + | 1859 | (sizeof(struct sadb_address) * 2) + |
1860 | (sockaddr_size * 2) + | 1860 | (sockaddr_size * 2) + |
1861 | sizeof(struct sadb_x_policy) + | 1861 | sizeof(struct sadb_x_policy) + |
1862 | (xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) + | 1862 | (xp->xfrm_nr * sizeof(struct sadb_x_ipsecrequest)) + |
@@ -1904,9 +1904,9 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i | |||
1904 | memset(hdr, 0, size); /* XXX do we need this ? */ | 1904 | memset(hdr, 0, size); /* XXX do we need this ? */ |
1905 | 1905 | ||
1906 | /* src address */ | 1906 | /* src address */ |
1907 | addr = (struct sadb_address*) skb_put(skb, | 1907 | addr = (struct sadb_address*) skb_put(skb, |
1908 | sizeof(struct sadb_address)+sockaddr_size); | 1908 | sizeof(struct sadb_address)+sockaddr_size); |
1909 | addr->sadb_address_len = | 1909 | addr->sadb_address_len = |
1910 | (sizeof(struct sadb_address)+sockaddr_size)/ | 1910 | (sizeof(struct sadb_address)+sockaddr_size)/ |
1911 | sizeof(uint64_t); | 1911 | sizeof(uint64_t); |
1912 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; | 1912 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; |
@@ -1936,14 +1936,14 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i | |||
1936 | BUG(); | 1936 | BUG(); |
1937 | 1937 | ||
1938 | /* dst address */ | 1938 | /* dst address */ |
1939 | addr = (struct sadb_address*) skb_put(skb, | 1939 | addr = (struct sadb_address*) skb_put(skb, |
1940 | sizeof(struct sadb_address)+sockaddr_size); | 1940 | sizeof(struct sadb_address)+sockaddr_size); |
1941 | addr->sadb_address_len = | 1941 | addr->sadb_address_len = |
1942 | (sizeof(struct sadb_address)+sockaddr_size)/ | 1942 | (sizeof(struct sadb_address)+sockaddr_size)/ |
1943 | sizeof(uint64_t); | 1943 | sizeof(uint64_t); |
1944 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; | 1944 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; |
1945 | addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto); | 1945 | addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto); |
1946 | addr->sadb_address_prefixlen = xp->selector.prefixlen_d; | 1946 | addr->sadb_address_prefixlen = xp->selector.prefixlen_d; |
1947 | addr->sadb_address_reserved = 0; | 1947 | addr->sadb_address_reserved = 0; |
1948 | if (xp->family == AF_INET) { | 1948 | if (xp->family == AF_INET) { |
1949 | sin = (struct sockaddr_in *) (addr + 1); | 1949 | sin = (struct sockaddr_in *) (addr + 1); |
@@ -1967,7 +1967,7 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i | |||
1967 | BUG(); | 1967 | BUG(); |
1968 | 1968 | ||
1969 | /* hard time */ | 1969 | /* hard time */ |
1970 | lifetime = (struct sadb_lifetime *) skb_put(skb, | 1970 | lifetime = (struct sadb_lifetime *) skb_put(skb, |
1971 | sizeof(struct sadb_lifetime)); | 1971 | sizeof(struct sadb_lifetime)); |
1972 | lifetime->sadb_lifetime_len = | 1972 | lifetime->sadb_lifetime_len = |
1973 | sizeof(struct sadb_lifetime)/sizeof(uint64_t); | 1973 | sizeof(struct sadb_lifetime)/sizeof(uint64_t); |
@@ -1977,7 +1977,7 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i | |||
1977 | lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds; | 1977 | lifetime->sadb_lifetime_addtime = xp->lft.hard_add_expires_seconds; |
1978 | lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds; | 1978 | lifetime->sadb_lifetime_usetime = xp->lft.hard_use_expires_seconds; |
1979 | /* soft time */ | 1979 | /* soft time */ |
1980 | lifetime = (struct sadb_lifetime *) skb_put(skb, | 1980 | lifetime = (struct sadb_lifetime *) skb_put(skb, |
1981 | sizeof(struct sadb_lifetime)); | 1981 | sizeof(struct sadb_lifetime)); |
1982 | lifetime->sadb_lifetime_len = | 1982 | lifetime->sadb_lifetime_len = |
1983 | sizeof(struct sadb_lifetime)/sizeof(uint64_t); | 1983 | sizeof(struct sadb_lifetime)/sizeof(uint64_t); |
@@ -1987,7 +1987,7 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i | |||
1987 | lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds; | 1987 | lifetime->sadb_lifetime_addtime = xp->lft.soft_add_expires_seconds; |
1988 | lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds; | 1988 | lifetime->sadb_lifetime_usetime = xp->lft.soft_use_expires_seconds; |
1989 | /* current time */ | 1989 | /* current time */ |
1990 | lifetime = (struct sadb_lifetime *) skb_put(skb, | 1990 | lifetime = (struct sadb_lifetime *) skb_put(skb, |
1991 | sizeof(struct sadb_lifetime)); | 1991 | sizeof(struct sadb_lifetime)); |
1992 | lifetime->sadb_lifetime_len = | 1992 | lifetime->sadb_lifetime_len = |
1993 | sizeof(struct sadb_lifetime)/sizeof(uint64_t); | 1993 | sizeof(struct sadb_lifetime)/sizeof(uint64_t); |
@@ -2019,8 +2019,8 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i | |||
2019 | req_size = sizeof(struct sadb_x_ipsecrequest); | 2019 | req_size = sizeof(struct sadb_x_ipsecrequest); |
2020 | if (t->mode == XFRM_MODE_TUNNEL) | 2020 | if (t->mode == XFRM_MODE_TUNNEL) |
2021 | req_size += ((t->encap_family == AF_INET ? | 2021 | req_size += ((t->encap_family == AF_INET ? |
2022 | sizeof(struct sockaddr_in) : | 2022 | sizeof(struct sockaddr_in) : |
2023 | sizeof(struct sockaddr_in6)) * 2); | 2023 | sizeof(struct sockaddr_in6)) * 2); |
2024 | else | 2024 | else |
2025 | size -= 2*socklen; | 2025 | size -= 2*socklen; |
2026 | rq = (void*)skb_put(skb, req_size); | 2026 | rq = (void*)skb_put(skb, req_size); |
@@ -2150,7 +2150,7 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h | |||
2150 | XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW); | 2150 | XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW); |
2151 | xp->priority = pol->sadb_x_policy_priority; | 2151 | xp->priority = pol->sadb_x_policy_priority; |
2152 | 2152 | ||
2153 | sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1], | 2153 | sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1], |
2154 | xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr); | 2154 | xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr); |
2155 | if (!xp->family) { | 2155 | if (!xp->family) { |
2156 | err = -EINVAL; | 2156 | err = -EINVAL; |
@@ -2163,7 +2163,7 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h | |||
2163 | if (xp->selector.sport) | 2163 | if (xp->selector.sport) |
2164 | xp->selector.sport_mask = htons(0xffff); | 2164 | xp->selector.sport_mask = htons(0xffff); |
2165 | 2165 | ||
2166 | sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1], | 2166 | sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1], |
2167 | pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr); | 2167 | pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr); |
2168 | xp->selector.prefixlen_d = sa->sadb_address_prefixlen; | 2168 | xp->selector.prefixlen_d = sa->sadb_address_prefixlen; |
2169 | 2169 | ||
@@ -2224,7 +2224,7 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h | |||
2224 | 2224 | ||
2225 | if (hdr->sadb_msg_type == SADB_X_SPDUPDATE) | 2225 | if (hdr->sadb_msg_type == SADB_X_SPDUPDATE) |
2226 | c.event = XFRM_MSG_UPDPOLICY; | 2226 | c.event = XFRM_MSG_UPDPOLICY; |
2227 | else | 2227 | else |
2228 | c.event = XFRM_MSG_NEWPOLICY; | 2228 | c.event = XFRM_MSG_NEWPOLICY; |
2229 | 2229 | ||
2230 | c.seq = hdr->sadb_msg_seq; | 2230 | c.seq = hdr->sadb_msg_seq; |
@@ -2261,7 +2261,7 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg | |||
2261 | 2261 | ||
2262 | memset(&sel, 0, sizeof(sel)); | 2262 | memset(&sel, 0, sizeof(sel)); |
2263 | 2263 | ||
2264 | sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1], | 2264 | sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1], |
2265 | sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr); | 2265 | sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr); |
2266 | sel.prefixlen_s = sa->sadb_address_prefixlen; | 2266 | sel.prefixlen_s = sa->sadb_address_prefixlen; |
2267 | sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); | 2267 | sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); |
@@ -2269,7 +2269,7 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg | |||
2269 | if (sel.sport) | 2269 | if (sel.sport) |
2270 | sel.sport_mask = htons(0xffff); | 2270 | sel.sport_mask = htons(0xffff); |
2271 | 2271 | ||
2272 | sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1], | 2272 | sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1], |
2273 | pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr); | 2273 | pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr); |
2274 | sel.prefixlen_d = sa->sadb_address_prefixlen; | 2274 | sel.prefixlen_d = sa->sadb_address_prefixlen; |
2275 | sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); | 2275 | sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); |
@@ -2297,16 +2297,17 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg | |||
2297 | &sel, tmp.security, 1); | 2297 | &sel, tmp.security, 1); |
2298 | security_xfrm_policy_free(&tmp); | 2298 | security_xfrm_policy_free(&tmp); |
2299 | 2299 | ||
2300 | xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, | ||
2301 | AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL); | ||
2302 | |||
2303 | if (xp == NULL) | 2300 | if (xp == NULL) |
2304 | return -ENOENT; | 2301 | return -ENOENT; |
2305 | 2302 | ||
2306 | err = 0; | 2303 | err = security_xfrm_policy_delete(xp); |
2307 | 2304 | ||
2308 | if ((err = security_xfrm_policy_delete(xp))) | 2305 | xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, |
2306 | AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); | ||
2307 | |||
2308 | if (err) | ||
2309 | goto out; | 2309 | goto out; |
2310 | |||
2310 | c.seq = hdr->sadb_msg_seq; | 2311 | c.seq = hdr->sadb_msg_seq; |
2311 | c.pid = hdr->sadb_msg_pid; | 2312 | c.pid = hdr->sadb_msg_pid; |
2312 | c.event = XFRM_MSG_DELPOLICY; | 2313 | c.event = XFRM_MSG_DELPOLICY; |
@@ -2743,15 +2744,15 @@ static int count_esp_combs(struct xfrm_tmpl *t) | |||
2743 | struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); | 2744 | struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); |
2744 | if (!ealg) | 2745 | if (!ealg) |
2745 | break; | 2746 | break; |
2746 | 2747 | ||
2747 | if (!(ealg_tmpl_set(t, ealg) && ealg->available)) | 2748 | if (!(ealg_tmpl_set(t, ealg) && ealg->available)) |
2748 | continue; | 2749 | continue; |
2749 | 2750 | ||
2750 | for (k = 1; ; k++) { | 2751 | for (k = 1; ; k++) { |
2751 | struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); | 2752 | struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); |
2752 | if (!aalg) | 2753 | if (!aalg) |
2753 | break; | 2754 | break; |
2754 | 2755 | ||
2755 | if (aalg_tmpl_set(t, aalg) && aalg->available) | 2756 | if (aalg_tmpl_set(t, aalg) && aalg->available) |
2756 | sz += sizeof(struct sadb_comb); | 2757 | sz += sizeof(struct sadb_comb); |
2757 | } | 2758 | } |
@@ -2806,10 +2807,10 @@ static void dump_esp_combs(struct sk_buff *skb, struct xfrm_tmpl *t) | |||
2806 | struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); | 2807 | struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); |
2807 | if (!ealg) | 2808 | if (!ealg) |
2808 | break; | 2809 | break; |
2809 | 2810 | ||
2810 | if (!(ealg_tmpl_set(t, ealg) && ealg->available)) | 2811 | if (!(ealg_tmpl_set(t, ealg) && ealg->available)) |
2811 | continue; | 2812 | continue; |
2812 | 2813 | ||
2813 | for (k = 1; ; k++) { | 2814 | for (k = 1; ; k++) { |
2814 | struct sadb_comb *c; | 2815 | struct sadb_comb *c; |
2815 | struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); | 2816 | struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); |
@@ -2941,7 +2942,7 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct | |||
2941 | struct sadb_x_sec_ctx *sec_ctx; | 2942 | struct sadb_x_sec_ctx *sec_ctx; |
2942 | struct xfrm_sec_ctx *xfrm_ctx; | 2943 | struct xfrm_sec_ctx *xfrm_ctx; |
2943 | int ctx_size = 0; | 2944 | int ctx_size = 0; |
2944 | 2945 | ||
2945 | sockaddr_size = pfkey_sockaddr_size(x->props.family); | 2946 | sockaddr_size = pfkey_sockaddr_size(x->props.family); |
2946 | if (!sockaddr_size) | 2947 | if (!sockaddr_size) |
2947 | return -EINVAL; | 2948 | return -EINVAL; |
@@ -2950,7 +2951,7 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct | |||
2950 | (sizeof(struct sadb_address) * 2) + | 2951 | (sizeof(struct sadb_address) * 2) + |
2951 | (sockaddr_size * 2) + | 2952 | (sockaddr_size * 2) + |
2952 | sizeof(struct sadb_x_policy); | 2953 | sizeof(struct sadb_x_policy); |
2953 | 2954 | ||
2954 | if (x->id.proto == IPPROTO_AH) | 2955 | if (x->id.proto == IPPROTO_AH) |
2955 | size += count_ah_combs(t); | 2956 | size += count_ah_combs(t); |
2956 | else if (x->id.proto == IPPROTO_ESP) | 2957 | else if (x->id.proto == IPPROTO_ESP) |
@@ -2964,7 +2965,7 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct | |||
2964 | skb = alloc_skb(size + 16, GFP_ATOMIC); | 2965 | skb = alloc_skb(size + 16, GFP_ATOMIC); |
2965 | if (skb == NULL) | 2966 | if (skb == NULL) |
2966 | return -ENOMEM; | 2967 | return -ENOMEM; |
2967 | 2968 | ||
2968 | hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); | 2969 | hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); |
2969 | hdr->sadb_msg_version = PF_KEY_V2; | 2970 | hdr->sadb_msg_version = PF_KEY_V2; |
2970 | hdr->sadb_msg_type = SADB_ACQUIRE; | 2971 | hdr->sadb_msg_type = SADB_ACQUIRE; |
@@ -2976,9 +2977,9 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct | |||
2976 | hdr->sadb_msg_pid = 0; | 2977 | hdr->sadb_msg_pid = 0; |
2977 | 2978 | ||
2978 | /* src address */ | 2979 | /* src address */ |
2979 | addr = (struct sadb_address*) skb_put(skb, | 2980 | addr = (struct sadb_address*) skb_put(skb, |
2980 | sizeof(struct sadb_address)+sockaddr_size); | 2981 | sizeof(struct sadb_address)+sockaddr_size); |
2981 | addr->sadb_address_len = | 2982 | addr->sadb_address_len = |
2982 | (sizeof(struct sadb_address)+sockaddr_size)/ | 2983 | (sizeof(struct sadb_address)+sockaddr_size)/ |
2983 | sizeof(uint64_t); | 2984 | sizeof(uint64_t); |
2984 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; | 2985 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; |
@@ -3008,9 +3009,9 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct | |||
3008 | #endif | 3009 | #endif |
3009 | else | 3010 | else |
3010 | BUG(); | 3011 | BUG(); |
3011 | 3012 | ||
3012 | /* dst address */ | 3013 | /* dst address */ |
3013 | addr = (struct sadb_address*) skb_put(skb, | 3014 | addr = (struct sadb_address*) skb_put(skb, |
3014 | sizeof(struct sadb_address)+sockaddr_size); | 3015 | sizeof(struct sadb_address)+sockaddr_size); |
3015 | addr->sadb_address_len = | 3016 | addr->sadb_address_len = |
3016 | (sizeof(struct sadb_address)+sockaddr_size)/ | 3017 | (sizeof(struct sadb_address)+sockaddr_size)/ |
@@ -3019,7 +3020,7 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct | |||
3019 | addr->sadb_address_proto = 0; | 3020 | addr->sadb_address_proto = 0; |
3020 | addr->sadb_address_reserved = 0; | 3021 | addr->sadb_address_reserved = 0; |
3021 | if (x->props.family == AF_INET) { | 3022 | if (x->props.family == AF_INET) { |
3022 | addr->sadb_address_prefixlen = 32; | 3023 | addr->sadb_address_prefixlen = 32; |
3023 | 3024 | ||
3024 | sin = (struct sockaddr_in *) (addr + 1); | 3025 | sin = (struct sockaddr_in *) (addr + 1); |
3025 | sin->sin_family = AF_INET; | 3026 | sin->sin_family = AF_INET; |
@@ -3029,7 +3030,7 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct | |||
3029 | } | 3030 | } |
3030 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 3031 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
3031 | else if (x->props.family == AF_INET6) { | 3032 | else if (x->props.family == AF_INET6) { |
3032 | addr->sadb_address_prefixlen = 128; | 3033 | addr->sadb_address_prefixlen = 128; |
3033 | 3034 | ||
3034 | sin6 = (struct sockaddr_in6 *) (addr + 1); | 3035 | sin6 = (struct sockaddr_in6 *) (addr + 1); |
3035 | sin6->sin6_family = AF_INET6; | 3036 | sin6->sin6_family = AF_INET6; |
@@ -3074,7 +3075,7 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct | |||
3074 | } | 3075 | } |
3075 | 3076 | ||
3076 | static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt, | 3077 | static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt, |
3077 | u8 *data, int len, int *dir) | 3078 | u8 *data, int len, int *dir) |
3078 | { | 3079 | { |
3079 | struct xfrm_policy *xp; | 3080 | struct xfrm_policy *xp; |
3080 | struct sadb_x_policy *pol = (struct sadb_x_policy*)data; | 3081 | struct sadb_x_policy *pol = (struct sadb_x_policy*)data; |
@@ -3193,17 +3194,17 @@ static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, | |||
3193 | * HDR | SA | ADDRESS_SRC (old addr) | NAT_T_SPORT (old port) | | 3194 | * HDR | SA | ADDRESS_SRC (old addr) | NAT_T_SPORT (old port) | |
3194 | * ADDRESS_DST (new addr) | NAT_T_DPORT (new port) | 3195 | * ADDRESS_DST (new addr) | NAT_T_DPORT (new port) |
3195 | */ | 3196 | */ |
3196 | 3197 | ||
3197 | size = sizeof(struct sadb_msg) + | 3198 | size = sizeof(struct sadb_msg) + |
3198 | sizeof(struct sadb_sa) + | 3199 | sizeof(struct sadb_sa) + |
3199 | (sizeof(struct sadb_address) * 2) + | 3200 | (sizeof(struct sadb_address) * 2) + |
3200 | (sockaddr_size * 2) + | 3201 | (sockaddr_size * 2) + |
3201 | (sizeof(struct sadb_x_nat_t_port) * 2); | 3202 | (sizeof(struct sadb_x_nat_t_port) * 2); |
3202 | 3203 | ||
3203 | skb = alloc_skb(size + 16, GFP_ATOMIC); | 3204 | skb = alloc_skb(size + 16, GFP_ATOMIC); |
3204 | if (skb == NULL) | 3205 | if (skb == NULL) |
3205 | return -ENOMEM; | 3206 | return -ENOMEM; |
3206 | 3207 | ||
3207 | hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); | 3208 | hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); |
3208 | hdr->sadb_msg_version = PF_KEY_V2; | 3209 | hdr->sadb_msg_version = PF_KEY_V2; |
3209 | hdr->sadb_msg_type = SADB_X_NAT_T_NEW_MAPPING; | 3210 | hdr->sadb_msg_type = SADB_X_NAT_T_NEW_MAPPING; |
@@ -3228,7 +3229,7 @@ static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, | |||
3228 | /* ADDRESS_SRC (old addr) */ | 3229 | /* ADDRESS_SRC (old addr) */ |
3229 | addr = (struct sadb_address*) | 3230 | addr = (struct sadb_address*) |
3230 | skb_put(skb, sizeof(struct sadb_address)+sockaddr_size); | 3231 | skb_put(skb, sizeof(struct sadb_address)+sockaddr_size); |
3231 | addr->sadb_address_len = | 3232 | addr->sadb_address_len = |
3232 | (sizeof(struct sadb_address)+sockaddr_size)/ | 3233 | (sizeof(struct sadb_address)+sockaddr_size)/ |
3233 | sizeof(uint64_t); | 3234 | sizeof(uint64_t); |
3234 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; | 3235 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; |
@@ -3269,7 +3270,7 @@ static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, | |||
3269 | /* ADDRESS_DST (new addr) */ | 3270 | /* ADDRESS_DST (new addr) */ |
3270 | addr = (struct sadb_address*) | 3271 | addr = (struct sadb_address*) |
3271 | skb_put(skb, sizeof(struct sadb_address)+sockaddr_size); | 3272 | skb_put(skb, sizeof(struct sadb_address)+sockaddr_size); |
3272 | addr->sadb_address_len = | 3273 | addr->sadb_address_len = |
3273 | (sizeof(struct sadb_address)+sockaddr_size)/ | 3274 | (sizeof(struct sadb_address)+sockaddr_size)/ |
3274 | sizeof(uint64_t); | 3275 | sizeof(uint64_t); |
3275 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; | 3276 | addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; |
@@ -3674,7 +3675,7 @@ static int pfkey_read_proc(char *buffer, char **start, off_t offset, | |||
3674 | ); | 3675 | ); |
3675 | 3676 | ||
3676 | buffer[len++] = '\n'; | 3677 | buffer[len++] = '\n'; |
3677 | 3678 | ||
3678 | pos = begin + len; | 3679 | pos = begin + len; |
3679 | if (pos < offset) { | 3680 | if (pos < offset) { |
3680 | len = 0; | 3681 | len = 0; |