1 files changed, 122 insertions, 33 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index d628df97e02e..e55e0441e4d9 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -58,6 +58,7 @@ struct pfkey_sock {
                        struct xfrm_policy_walk policy;
                        struct xfrm_state_walk  state;
                } u;
+                struct sk_buff  *skb;
        } dump;
 };
@@ -73,22 +74,22 @@ static int pfkey_can_dump(struct sock *sk)
        return 0;
 }
-static int pfkey_do_dump(struct pfkey_sock *pfk)
+static void pfkey_terminate_dump(struct pfkey_sock *pfk)
 {
-        int rc;
+        if (pfk->dump.dump) {
+                if (pfk->dump.skb) {
-        rc = pfk->dump.dump(pfk);
+                        kfree_skb(pfk->dump.skb);
-        if (rc == -ENOBUFS)
+                        pfk->dump.skb = NULL;
-                return 0;
+                }
+                pfk->dump.done(pfk);
-        pfk->dump.done(pfk);
+                pfk->dump.dump = NULL;
-        pfk->dump.dump = NULL;
+                pfk->dump.done = NULL;
-        pfk->dump.done = NULL;
+        }
-        return rc;
 }
 static void pfkey_sock_destruct(struct sock *sk)
 {
+        pfkey_terminate_dump(pfkey_sk(sk));
        skb_queue_purge(&sk->sk_receive_queue);
        if (!sock_flag(sk, SOCK_DEAD)) {
@@ -310,6 +311,31 @@ static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
        return err;
 }
+static int pfkey_do_dump(struct pfkey_sock *pfk)
+{
+        struct sadb_msg *hdr;
+        int rc;
+        rc = pfk->dump.dump(pfk);
+        if (rc == -ENOBUFS)
+                return 0;
+        if (pfk->dump.skb) {
+                if (!pfkey_can_dump(&pfk->sk))
+                        return 0;
+                hdr = (struct sadb_msg *) pfk->dump.skb->data;
+                hdr->sadb_msg_seq = 0;
+                hdr->sadb_msg_errno = rc;
+                pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
+                                &pfk->sk);
+                pfk->dump.skb = NULL;
+        }
+        pfkey_terminate_dump(pfk);
+        return rc;
+}
 static inline void pfkey_hdr_dup(struct sadb_msg *new, struct sadb_msg *orig)
 {
        *new = *orig;
@@ -372,6 +398,7 @@ static u8 sadb_ext_min_len[] = {
        [SADB_X_EXT_NAT_T_DPORT]        = (u8) sizeof(struct sadb_x_nat_t_port),
        [SADB_X_EXT_NAT_T_OA]           = (u8) sizeof(struct sadb_address),
        [SADB_X_EXT_SEC_CTX]            = (u8) sizeof(struct sadb_x_sec_ctx),
+        [SADB_X_EXT_KMADDRESS]          = (u8) sizeof(struct sadb_x_kmaddress),
 };
 /* Verify sadb_address_{len,prefixlen} against sa_family.  */
@@ -1736,9 +1763,14 @@ static int dump_sa(struct xfrm_state *x, int count, void *ptr)
        out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
        out_hdr->sadb_msg_errno = 0;
        out_hdr->sadb_msg_reserved = 0;
-        out_hdr->sadb_msg_seq = count;
+        out_hdr->sadb_msg_seq = count + 1;
        out_hdr->sadb_msg_pid = pfk->dump.msg_pid;
-        pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, &pfk->sk);
+        if (pfk->dump.skb)
+                pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
+                                &pfk->sk);
+        pfk->dump.skb = out_skb;
        return 0;
 }
@@ -2237,7 +2269,7 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
        return 0;
 out:
-        xp->dead = 1;
+        xp->walk.dead = 1;
        xfrm_policy_destroy(xp);
        return err;
 }
@@ -2309,6 +2341,7 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
        c.seq = hdr->sadb_msg_seq;
        c.pid = hdr->sadb_msg_pid;
+        c.data.byid = 0;
        c.event = XFRM_MSG_DELPOLICY;
        km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
@@ -2353,24 +2386,21 @@ static int pfkey_sockaddr_pair_size(sa_family_t family)
        return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2);
 }
-static int parse_sockaddr_pair(struct sadb_x_ipsecrequest *rq,
+static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
                               xfrm_address_t *saddr, xfrm_address_t *daddr,
                               u16 *family)
 {
-        u8 *sa = (u8 *) (rq + 1);
        int af, socklen;
-        if (rq->sadb_x_ipsecrequest_len <
+        if (ext_len < pfkey_sockaddr_pair_size(sa->sa_family))
-            pfkey_sockaddr_pair_size(((struct sockaddr *)sa)->sa_family))
                return -EINVAL;
-        af = pfkey_sockaddr_extract((struct sockaddr *) sa,
+        af = pfkey_sockaddr_extract(sa, saddr);
-                                    saddr);
        if (!af)
                return -EINVAL;
        socklen = pfkey_sockaddr_len(af);
-        if (pfkey_sockaddr_extract((struct sockaddr *) (sa + socklen),
+        if (pfkey_sockaddr_extract((struct sockaddr *) (((u8 *)sa) + socklen),
                                   daddr) != af)
                return -EINVAL;
@@ -2390,7 +2420,9 @@ static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
                return -EINVAL;
        /* old endoints */
-        err = parse_sockaddr_pair(rq1, &m->old_saddr, &m->old_daddr,
+        err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1),
+                                  rq1->sadb_x_ipsecrequest_len,
+                                  &m->old_saddr, &m->old_daddr,
                                  &m->old_family);
        if (err)
                return err;
@@ -2403,7 +2435,9 @@ static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
                return -EINVAL;
        /* new endpoints */
-        err = parse_sockaddr_pair(rq2, &m->new_saddr, &m->new_daddr,
+        err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1),
+                                  rq2->sadb_x_ipsecrequest_len,
+                                  &m->new_saddr, &m->new_daddr,
                                  &m->new_family);
        if (err)
                return err;
@@ -2429,29 +2463,40 @@ static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
        int i, len, ret, err = -EINVAL;
        u8 dir;
        struct sadb_address *sa;
+        struct sadb_x_kmaddress *kma;
        struct sadb_x_policy *pol;
        struct sadb_x_ipsecrequest *rq;
        struct xfrm_selector sel;
        struct xfrm_migrate m[XFRM_MAX_DEPTH];
+        struct xfrm_kmaddress k;
        if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1],
-            ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) ||
+                                     ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) ||
            !ext_hdrs[SADB_X_EXT_POLICY - 1]) {
                err = -EINVAL;
                goto out;
        }
+        kma = ext_hdrs[SADB_X_EXT_KMADDRESS - 1];
        pol = ext_hdrs[SADB_X_EXT_POLICY - 1];
-        if (!pol) {
-                err = -EINVAL;
-                goto out;
-        }
        if (pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) {
                err = -EINVAL;
                goto out;
        }
+        if (kma) {
+                /* convert sadb_x_kmaddress to xfrm_kmaddress */
+                k.reserved = kma->sadb_x_kmaddress_reserved;
+                ret = parse_sockaddr_pair((struct sockaddr *)(kma + 1),
+                                          8*(kma->sadb_x_kmaddress_len) - sizeof(*kma),
+                                          &k.local, &k.remote, &k.family);
+                if (ret < 0) {
+                        err = ret;
+                        goto out;
+                }
+        }
        dir = pol->sadb_x_policy_dir - 1;
        memset(&sel, 0, sizeof(sel));
@@ -2496,7 +2541,8 @@ static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
                goto out;
        }
-        return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i);
+        return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,
+                            kma ? &k : NULL);
 out:
        return err;
@@ -2575,9 +2621,14 @@ static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr)
        out_hdr->sadb_msg_type = SADB_X_SPDDUMP;
        out_hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
        out_hdr->sadb_msg_errno = 0;
-        out_hdr->sadb_msg_seq = count;
+        out_hdr->sadb_msg_seq = count + 1;
        out_hdr->sadb_msg_pid = pfk->dump.msg_pid;
-        pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, &pfk->sk);
+        if (pfk->dump.skb)
+                pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
+                                &pfk->sk);
+        pfk->dump.skb = out_skb;
        return 0;
 }
@@ -3283,6 +3334,32 @@ static int set_sadb_address(struct sk_buff *skb, int sasize, int type,
        return 0;
 }
+static int set_sadb_kmaddress(struct sk_buff *skb, struct xfrm_kmaddress *k)
+{
+        struct sadb_x_kmaddress *kma;
+        u8 *sa;
+        int family = k->family;
+        int socklen = pfkey_sockaddr_len(family);
+        int size_req;
+        size_req = (sizeof(struct sadb_x_kmaddress) +
+                    pfkey_sockaddr_pair_size(family));
+        kma = (struct sadb_x_kmaddress *)skb_put(skb, size_req);
+        memset(kma, 0, size_req);
+        kma->sadb_x_kmaddress_len = size_req / 8;
+        kma->sadb_x_kmaddress_exttype = SADB_X_EXT_KMADDRESS;
+        kma->sadb_x_kmaddress_reserved = k->reserved;
+        sa = (u8 *)(kma + 1);
+        if (!pfkey_sockaddr_fill(&k->local, 0, (struct sockaddr *)sa, family) ||
+            !pfkey_sockaddr_fill(&k->remote, 0, (struct sockaddr *)(sa+socklen), family))
+                return -EINVAL;
+        return 0;
+}
 static int set_ipsecrequest(struct sk_buff *skb,
                            uint8_t proto, uint8_t mode, int level,
                            uint32_t reqid, uint8_t family,
@@ -3315,7 +3392,8 @@ static int set_ipsecrequest(struct sk_buff *skb,
 #ifdef CONFIG_NET_KEY_MIGRATE
 static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
-                              struct xfrm_migrate *m, int num_bundles)
+                              struct xfrm_migrate *m, int num_bundles,
+                              struct xfrm_kmaddress *k)
 {
        int i;
        int sasize_sel;
@@ -3332,6 +3410,12 @@ static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
        if (num_bundles <= 0 || num_bundles > XFRM_MAX_DEPTH)
                return -EINVAL;
+        if (k != NULL) {
+                /* addresses for KM */
+                size += PFKEY_ALIGN8(sizeof(struct sadb_x_kmaddress) +
+                                     pfkey_sockaddr_pair_size(k->family));
+        }
        /* selector */
        sasize_sel = pfkey_sockaddr_size(sel->family);
        if (!sasize_sel)
@@ -3368,6 +3452,10 @@ static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
        hdr->sadb_msg_seq = 0;
        hdr->sadb_msg_pid = 0;
+        /* Addresses to be used by KM for negotiation, if ext is available */
+        if (k != NULL && (set_sadb_kmaddress(skb, k) < 0))
+                return -EINVAL;
        /* selector src */
        set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_SRC, sel);
@@ -3413,7 +3501,8 @@ err:
 }
 #else
 static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
-                              struct xfrm_migrate *m, int num_bundles)
+                              struct xfrm_migrate *m, int num_bundles,
+                              struct xfrm_kmaddress *k)
 {
        return -ENOPROTOOPT;
 }

diff --git a/net/key/af_key.c b/net/key/af_key.c index d628df97e02e..e55e0441e4d9 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c
@@ -58,6 +58,7 @@ struct pfkey_sock {
58	struct xfrm_policy_walk policy;	58	struct xfrm_policy_walk policy;
59	struct xfrm_state_walk state;	59	struct xfrm_state_walk state;
60	} u;	60	} u;
		61	struct sk_buff *skb;
61	} dump;	62	} dump;
62	};	63	};
63		64
@@ -73,22 +74,22 @@ static int pfkey_can_dump(struct sock *sk)
73	return 0;	74	return 0;
74	}	75	}
75		76
76	static int pfkey_do_dump(struct pfkey_sock *pfk)	77	static void pfkey_terminate_dump(struct pfkey_sock *pfk)
77	{	78	{
78	int rc;	79	if (pfk->dump.dump) {
79		80	if (pfk->dump.skb) {
80	rc = pfk->dump.dump(pfk);	81	kfree_skb(pfk->dump.skb);
81	if (rc == -ENOBUFS)	82	pfk->dump.skb = NULL;
82	return 0;	83	}
83		84	pfk->dump.done(pfk);
84	pfk->dump.done(pfk);	85	pfk->dump.dump = NULL;
85	pfk->dump.dump = NULL;	86	pfk->dump.done = NULL;
86	pfk->dump.done = NULL;	87	}
87	return rc;
88	}	88	}
89		89
90	static void pfkey_sock_destruct(struct sock *sk)	90	static void pfkey_sock_destruct(struct sock *sk)
91	{	91	{
		92	pfkey_terminate_dump(pfkey_sk(sk));
92	skb_queue_purge(&sk->sk_receive_queue);	93	skb_queue_purge(&sk->sk_receive_queue);
93		94
94	if (!sock_flag(sk, SOCK_DEAD)) {	95	if (!sock_flag(sk, SOCK_DEAD)) {
@@ -310,6 +311,31 @@ static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
310	return err;	311	return err;
311	}	312	}
312		313
		314	static int pfkey_do_dump(struct pfkey_sock *pfk)
		315	{
		316	struct sadb_msg *hdr;
		317	int rc;
		318
		319	rc = pfk->dump.dump(pfk);
		320	if (rc == -ENOBUFS)
		321	return 0;
		322
		323	if (pfk->dump.skb) {
		324	if (!pfkey_can_dump(&pfk->sk))
		325	return 0;
		326
		327	hdr = (struct sadb_msg *) pfk->dump.skb->data;
		328	hdr->sadb_msg_seq = 0;
		329	hdr->sadb_msg_errno = rc;
		330	pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
		331	&pfk->sk);
		332	pfk->dump.skb = NULL;
		333	}
		334
		335	pfkey_terminate_dump(pfk);
		336	return rc;
		337	}
		338
313	static inline void pfkey_hdr_dup(struct sadb_msg new, struct sadb_msg orig)	339	static inline void pfkey_hdr_dup(struct sadb_msg new, struct sadb_msg orig)
314	{	340	{
315	new = orig;	341	new = orig;
@@ -372,6 +398,7 @@ static u8 sadb_ext_min_len[] = {
372	[SADB_X_EXT_NAT_T_DPORT] = (u8) sizeof(struct sadb_x_nat_t_port),	398	[SADB_X_EXT_NAT_T_DPORT] = (u8) sizeof(struct sadb_x_nat_t_port),
373	[SADB_X_EXT_NAT_T_OA] = (u8) sizeof(struct sadb_address),	399	[SADB_X_EXT_NAT_T_OA] = (u8) sizeof(struct sadb_address),
374	[SADB_X_EXT_SEC_CTX] = (u8) sizeof(struct sadb_x_sec_ctx),	400	[SADB_X_EXT_SEC_CTX] = (u8) sizeof(struct sadb_x_sec_ctx),
		401	[SADB_X_EXT_KMADDRESS] = (u8) sizeof(struct sadb_x_kmaddress),
375	};	402	};
376		403
377	/* Verify sadb_address_{len,prefixlen} against sa_family. */	404	/* Verify sadb_address_{len,prefixlen} against sa_family. */
@@ -1736,9 +1763,14 @@ static int dump_sa(struct xfrm_state x, int count, void ptr)
1736	out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);	1763	out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto);
1737	out_hdr->sadb_msg_errno = 0;	1764	out_hdr->sadb_msg_errno = 0;
1738	out_hdr->sadb_msg_reserved = 0;	1765	out_hdr->sadb_msg_reserved = 0;
1739	out_hdr->sadb_msg_seq = count;	1766	out_hdr->sadb_msg_seq = count + 1;
1740	out_hdr->sadb_msg_pid = pfk->dump.msg_pid;	1767	out_hdr->sadb_msg_pid = pfk->dump.msg_pid;
1741	pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, &pfk->sk);	1768
		1769	if (pfk->dump.skb)
		1770	pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
		1771	&pfk->sk);
		1772	pfk->dump.skb = out_skb;
		1773
1742	return 0;	1774	return 0;
1743	}	1775	}
1744		1776
@@ -2237,7 +2269,7 @@ static int pfkey_spdadd(struct sock sk, struct sk_buff skb, struct sadb_msg *h
2237	return 0;	2269	return 0;
2238		2270
2239	out:	2271	out:
2240	xp->dead = 1;	2272	xp->walk.dead = 1;
2241	xfrm_policy_destroy(xp);	2273	xfrm_policy_destroy(xp);
2242	return err;	2274	return err;
2243	}	2275	}
@@ -2309,6 +2341,7 @@ static int pfkey_spddelete(struct sock sk, struct sk_buff skb, struct sadb_msg
2309		2341
2310	c.seq = hdr->sadb_msg_seq;	2342	c.seq = hdr->sadb_msg_seq;
2311	c.pid = hdr->sadb_msg_pid;	2343	c.pid = hdr->sadb_msg_pid;
		2344	c.data.byid = 0;
2312	c.event = XFRM_MSG_DELPOLICY;	2345	c.event = XFRM_MSG_DELPOLICY;
2313	km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);	2346	km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
2314		2347
@@ -2353,24 +2386,21 @@ static int pfkey_sockaddr_pair_size(sa_family_t family)
2353	return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2);	2386	return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2);
2354	}	2387	}
2355		2388
2356	static int parse_sockaddr_pair(struct sadb_x_ipsecrequest *rq,	2389	static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
2357	xfrm_address_t saddr, xfrm_address_t daddr,	2390	xfrm_address_t saddr, xfrm_address_t daddr,
2358	u16 *family)	2391	u16 *family)
2359	{	2392	{
2360	u8 sa = (u8 ) (rq + 1);
2361	int af, socklen;	2393	int af, socklen;
2362		2394
2363	if (rq->sadb_x_ipsecrequest_len <	2395	if (ext_len < pfkey_sockaddr_pair_size(sa->sa_family))
2364	pfkey_sockaddr_pair_size(((struct sockaddr *)sa)->sa_family))
2365	return -EINVAL;	2396	return -EINVAL;
2366		2397
2367	af = pfkey_sockaddr_extract((struct sockaddr *) sa,	2398	af = pfkey_sockaddr_extract(sa, saddr);
2368	saddr);
2369	if (!af)	2399	if (!af)
2370	return -EINVAL;	2400	return -EINVAL;
2371		2401
2372	socklen = pfkey_sockaddr_len(af);	2402	socklen = pfkey_sockaddr_len(af);
2373	if (pfkey_sockaddr_extract((struct sockaddr *) (sa + socklen),	2403	if (pfkey_sockaddr_extract((struct sockaddr ) (((u8 )sa) + socklen),
2374	daddr) != af)	2404	daddr) != af)
2375	return -EINVAL;	2405	return -EINVAL;
2376		2406
@@ -2390,7 +2420,9 @@ static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
2390	return -EINVAL;	2420	return -EINVAL;
2391		2421
2392	/* old endoints */	2422	/* old endoints */
2393	err = parse_sockaddr_pair(rq1, &m->old_saddr, &m->old_daddr,	2423	err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1),
		2424	rq1->sadb_x_ipsecrequest_len,
		2425	&m->old_saddr, &m->old_daddr,
2394	&m->old_family);	2426	&m->old_family);
2395	if (err)	2427	if (err)
2396	return err;	2428	return err;
@@ -2403,7 +2435,9 @@ static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
2403	return -EINVAL;	2435	return -EINVAL;
2404		2436
2405	/* new endpoints */	2437	/* new endpoints */
2406	err = parse_sockaddr_pair(rq2, &m->new_saddr, &m->new_daddr,	2438	err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1),
		2439	rq2->sadb_x_ipsecrequest_len,
		2440	&m->new_saddr, &m->new_daddr,
2407	&m->new_family);	2441	&m->new_family);
2408	if (err)	2442	if (err)
2409	return err;	2443	return err;
@@ -2429,29 +2463,40 @@ static int pfkey_migrate(struct sock sk, struct sk_buff skb,
2429	int i, len, ret, err = -EINVAL;	2463	int i, len, ret, err = -EINVAL;
2430	u8 dir;	2464	u8 dir;
2431	struct sadb_address *sa;	2465	struct sadb_address *sa;
		2466	struct sadb_x_kmaddress *kma;
2432	struct sadb_x_policy *pol;	2467	struct sadb_x_policy *pol;
2433	struct sadb_x_ipsecrequest *rq;	2468	struct sadb_x_ipsecrequest *rq;
2434	struct xfrm_selector sel;	2469	struct xfrm_selector sel;
2435	struct xfrm_migrate m[XFRM_MAX_DEPTH];	2470	struct xfrm_migrate m[XFRM_MAX_DEPTH];
		2471	struct xfrm_kmaddress k;
2436		2472
2437	if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1],	2473	if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1],
2438	ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) \|\|	2474	ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) \|\|
2439	!ext_hdrs[SADB_X_EXT_POLICY - 1]) {	2475	!ext_hdrs[SADB_X_EXT_POLICY - 1]) {
2440	err = -EINVAL;	2476	err = -EINVAL;
2441	goto out;	2477	goto out;
2442	}	2478	}
2443		2479
		2480	kma = ext_hdrs[SADB_X_EXT_KMADDRESS - 1];
2444	pol = ext_hdrs[SADB_X_EXT_POLICY - 1];	2481	pol = ext_hdrs[SADB_X_EXT_POLICY - 1];
2445	if (!pol) {
2446	err = -EINVAL;
2447	goto out;
2448	}
2449		2482
2450	if (pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) {	2483	if (pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) {
2451	err = -EINVAL;	2484	err = -EINVAL;
2452	goto out;	2485	goto out;
2453	}	2486	}
2454		2487
		2488	if (kma) {
		2489	/* convert sadb_x_kmaddress to xfrm_kmaddress */
		2490	k.reserved = kma->sadb_x_kmaddress_reserved;
		2491	ret = parse_sockaddr_pair((struct sockaddr *)(kma + 1),
		2492	8(kma->sadb_x_kmaddress_len) - sizeof(kma),
		2493	&k.local, &k.remote, &k.family);
		2494	if (ret < 0) {
		2495	err = ret;
		2496	goto out;
		2497	}
		2498	}
		2499
2455	dir = pol->sadb_x_policy_dir - 1;	2500	dir = pol->sadb_x_policy_dir - 1;
2456	memset(&sel, 0, sizeof(sel));	2501	memset(&sel, 0, sizeof(sel));
2457		2502
@@ -2496,7 +2541,8 @@ static int pfkey_migrate(struct sock sk, struct sk_buff skb,
2496	goto out;	2541	goto out;
2497	}	2542	}
2498		2543
2499	return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i);	2544	return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,
		2545	kma ? &k : NULL);
2500		2546
2501	out:	2547	out:
2502	return err;	2548	return err;
@@ -2575,9 +2621,14 @@ static int dump_sp(struct xfrm_policy xp, int dir, int count, void ptr)
2575	out_hdr->sadb_msg_type = SADB_X_SPDDUMP;	2621	out_hdr->sadb_msg_type = SADB_X_SPDDUMP;
2576	out_hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;	2622	out_hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
2577	out_hdr->sadb_msg_errno = 0;	2623	out_hdr->sadb_msg_errno = 0;
2578	out_hdr->sadb_msg_seq = count;	2624	out_hdr->sadb_msg_seq = count + 1;
2579	out_hdr->sadb_msg_pid = pfk->dump.msg_pid;	2625	out_hdr->sadb_msg_pid = pfk->dump.msg_pid;
2580	pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, &pfk->sk);	2626
		2627	if (pfk->dump.skb)
		2628	pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
		2629	&pfk->sk);
		2630	pfk->dump.skb = out_skb;
		2631
2581	return 0;	2632	return 0;
2582	}	2633	}
2583		2634
@@ -3283,6 +3334,32 @@ static int set_sadb_address(struct sk_buff *skb, int sasize, int type,
3283	return 0;	3334	return 0;
3284	}	3335	}
3285		3336
		3337
		3338	static int set_sadb_kmaddress(struct sk_buff skb, struct xfrm_kmaddress k)
		3339	{
		3340	struct sadb_x_kmaddress *kma;
		3341	u8 *sa;
		3342	int family = k->family;
		3343	int socklen = pfkey_sockaddr_len(family);
		3344	int size_req;
		3345
		3346	size_req = (sizeof(struct sadb_x_kmaddress) +
		3347	pfkey_sockaddr_pair_size(family));
		3348
		3349	kma = (struct sadb_x_kmaddress *)skb_put(skb, size_req);
		3350	memset(kma, 0, size_req);
		3351	kma->sadb_x_kmaddress_len = size_req / 8;
		3352	kma->sadb_x_kmaddress_exttype = SADB_X_EXT_KMADDRESS;
		3353	kma->sadb_x_kmaddress_reserved = k->reserved;
		3354
		3355	sa = (u8 *)(kma + 1);
		3356	if (!pfkey_sockaddr_fill(&k->local, 0, (struct sockaddr *)sa, family) \|\|
		3357	!pfkey_sockaddr_fill(&k->remote, 0, (struct sockaddr *)(sa+socklen), family))
		3358	return -EINVAL;
		3359
		3360	return 0;
		3361	}
		3362
3286	static int set_ipsecrequest(struct sk_buff *skb,	3363	static int set_ipsecrequest(struct sk_buff *skb,
3287	uint8_t proto, uint8_t mode, int level,	3364	uint8_t proto, uint8_t mode, int level,
3288	uint32_t reqid, uint8_t family,	3365	uint32_t reqid, uint8_t family,
@@ -3315,7 +3392,8 @@ static int set_ipsecrequest(struct sk_buff *skb,
3315		3392
3316	#ifdef CONFIG_NET_KEY_MIGRATE	3393	#ifdef CONFIG_NET_KEY_MIGRATE
3317	static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type,	3394	static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
3318	struct xfrm_migrate *m, int num_bundles)	3395	struct xfrm_migrate *m, int num_bundles,
		3396	struct xfrm_kmaddress *k)
3319	{	3397	{
3320	int i;	3398	int i;
3321	int sasize_sel;	3399	int sasize_sel;
@@ -3332,6 +3410,12 @@ static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
3332	if (num_bundles <= 0 \|\| num_bundles > XFRM_MAX_DEPTH)	3410	if (num_bundles <= 0 \|\| num_bundles > XFRM_MAX_DEPTH)
3333	return -EINVAL;	3411	return -EINVAL;
3334		3412
		3413	if (k != NULL) {
		3414	/* addresses for KM */
		3415	size += PFKEY_ALIGN8(sizeof(struct sadb_x_kmaddress) +
		3416	pfkey_sockaddr_pair_size(k->family));
		3417	}
		3418
3335	/* selector */	3419	/* selector */
3336	sasize_sel = pfkey_sockaddr_size(sel->family);	3420	sasize_sel = pfkey_sockaddr_size(sel->family);
3337	if (!sasize_sel)	3421	if (!sasize_sel)
@@ -3368,6 +3452,10 @@ static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
3368	hdr->sadb_msg_seq = 0;	3452	hdr->sadb_msg_seq = 0;
3369	hdr->sadb_msg_pid = 0;	3453	hdr->sadb_msg_pid = 0;
3370		3454
		3455	/* Addresses to be used by KM for negotiation, if ext is available */
		3456	if (k != NULL && (set_sadb_kmaddress(skb, k) < 0))
		3457	return -EINVAL;
		3458
3371	/* selector src */	3459	/* selector src */
3372	set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_SRC, sel);	3460	set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_SRC, sel);
3373		3461
@@ -3413,7 +3501,8 @@ err:
3413	}	3501	}
3414	#else	3502	#else
3415	static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type,	3503	static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
3416	struct xfrm_migrate *m, int num_bundles)	3504	struct xfrm_migrate *m, int num_bundles,
		3505	struct xfrm_kmaddress *k)
3417	{	3506	{
3418	return -ENOPROTOOPT;	3507	return -ENOPROTOOPT;
3419	}	3508	}