// SPDX-License-Identifier: GPL-2.0-only /* xfrm_user.c: User interface to configure xfrm engine. * * Copyright (C) 2002 David S. Miller ([email protected]) * * Changes: * Mitsuru KANDA @USAGI * Kazunori MIYAZAWA @USAGI * Kunihiro Ishiguro <[email protected]> * IPv6 support * */ #include <linux/compat.h> #include <linux/crypto.h> #include <linux/module.h> #include <linux/kernel.h> #include <linux/types.h> #include <linux/slab.h> #include <linux/socket.h> #include <linux/string.h> #include <linux/net.h> #include <linux/skbuff.h> #include <linux/pfkeyv2.h> #include <linux/ipsec.h> #include <linux/init.h> #include <linux/security.h> #include <net/sock.h> #include <net/xfrm.h> #include <net/netlink.h> #include <net/ah.h> #include <linux/uaccess.h> #if IS_ENABLED(CONFIG_IPV6) #include <linux/in6.h> #endif #include <asm/unaligned.h> static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type, struct netlink_ext_ack *extack) { … } static int verify_auth_trunc(struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static int verify_aead(struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static void verify_one_addr(struct nlattr **attrs, enum xfrm_attr_type_t type, xfrm_address_t **addrp) { … } static inline int verify_sec_ctx_len(struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static inline int verify_replay(struct xfrm_usersa_info *p, struct nlattr **attrs, u8 sa_dir, struct netlink_ext_ack *extack) { … } static int verify_newsa_info(struct xfrm_usersa_info *p, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, struct xfrm_algo_desc *(*get_byname)(const char *, int), struct nlattr *rta, struct netlink_ext_ack *extack) { … } static int attach_crypt(struct xfrm_state *x, struct nlattr *rta, struct netlink_ext_ack *extack) { … } static int attach_auth(struct xfrm_algo_auth **algpp, u8 *props, struct nlattr *rta, struct netlink_ext_ack *extack) { … } static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props, struct nlattr *rta, struct netlink_ext_ack *extack) { … } static int attach_aead(struct xfrm_state *x, struct nlattr *rta, struct netlink_ext_ack *extack) { … } static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_esn, struct nlattr *rp, struct netlink_ext_ack *extack) { … } static int xfrm_alloc_replay_state_esn(struct xfrm_replay_state_esn **replay_esn, struct xfrm_replay_state_esn **preplay_esn, struct nlattr *rta) { … } static inline unsigned int xfrm_user_sec_ctx_size(struct xfrm_sec_ctx *xfrm_ctx) { … } static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) { … } /* * someday when pfkey also has support, we could have the code * somehow made shareable and move it to xfrm_state.c - JHS * */ static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs, int update_esn) { … } static void xfrm_smark_init(struct nlattr **attrs, struct xfrm_mark *m) { … } static struct xfrm_state *xfrm_state_construct(struct net *net, struct xfrm_usersa_info *p, struct nlattr **attrs, int *errp, struct netlink_ext_ack *extack) { … } static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static struct xfrm_state *xfrm_user_state_lookup(struct net *net, struct xfrm_usersa_id *p, struct nlattr **attrs, int *errp) { … } static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) { … } struct xfrm_dump_info { … }; static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb) { … } static int copy_user_offload(struct xfrm_dev_offload *xso, struct sk_buff *skb) { … } static bool xfrm_redact(void) { … } static int copy_to_user_auth(struct xfrm_algo_auth *auth, struct sk_buff *skb) { … } static int copy_to_user_aead(struct xfrm_algo_aead *aead, struct sk_buff *skb) { … } static int copy_to_user_ealg(struct xfrm_algo *ealg, struct sk_buff *skb) { … } static int copy_to_user_calg(struct xfrm_algo *calg, struct sk_buff *skb) { … } static int copy_to_user_encap(struct xfrm_encap_tmpl *ep, struct sk_buff *skb) { … } static int xfrm_smark_put(struct sk_buff *skb, struct xfrm_mark *m) { … } /* Don't change this without updating xfrm_sa_len! */ static int copy_to_user_state_extra(struct xfrm_state *x, struct xfrm_usersa_info *p, struct sk_buff *skb) { … } static int dump_one_state(struct xfrm_state *x, int count, void *ptr) { … } static int xfrm_dump_sa_done(struct netlink_callback *cb) { … } static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) { … } static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, struct xfrm_state *x, u32 seq) { … } /* A wrapper for nlmsg_multicast() checking that nlsk is still available. * Must be called with RCU read lock. */ static inline int xfrm_nlmsg_multicast(struct net *net, struct sk_buff *skb, u32 pid, unsigned int group) { … } static inline unsigned int xfrm_spdinfo_msgsize(void) { … } static int build_spdinfo(struct sk_buff *skb, struct net *net, u32 portid, u32 seq, u32 flags) { … } static int xfrm_set_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static int xfrm_get_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static inline unsigned int xfrm_sadinfo_msgsize(void) { … } static int build_sadinfo(struct sk_buff *skb, struct net *net, u32 portid, u32 seq, u32 flags) { … } static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static int verify_policy_dir(u8 dir, struct netlink_ext_ack *extack) { … } static int verify_policy_type(u8 type, struct netlink_ext_ack *extack) { … } static int verify_newpolicy_info(struct xfrm_userpolicy_info *p, struct netlink_ext_ack *extack) { … } static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct nlattr **attrs) { … } static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, int nr) { … } static int validate_tmpl(int nr, struct xfrm_user_tmpl *ut, u16 family, int dir, struct netlink_ext_ack *extack) { … } static int copy_from_user_tmpl(struct xfrm_policy *pol, struct nlattr **attrs, int dir, struct netlink_ext_ack *extack) { … } static int copy_from_user_policy_type(u8 *tp, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p) { … } static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) { … } static struct xfrm_policy *xfrm_policy_construct(struct net *net, struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp, struct netlink_ext_ack *extack) { … } static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) { … } static inline int copy_to_user_state_sec_ctx(struct xfrm_state *x, struct sk_buff *skb) { … } static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *skb) { … } static inline unsigned int userpolicy_type_attrsize(void) { … } #ifdef CONFIG_XFRM_SUB_POLICY static int copy_to_user_policy_type(u8 type, struct sk_buff *skb) { … } #else static inline int copy_to_user_policy_type(u8 type, struct sk_buff *skb) { return 0; } #endif static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr) { … } static int xfrm_dump_policy_done(struct netlink_callback *cb) { … } static int xfrm_dump_policy_start(struct netlink_callback *cb) { … } static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) { … } static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, struct xfrm_policy *xp, int dir, u32 seq) { … } static int xfrm_notify_userpolicy(struct net *net) { … } static bool xfrm_userpolicy_is_valid(__u8 policy) { … } static int xfrm_set_default(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static int xfrm_get_default(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static inline unsigned int xfrm_aevent_msgsize(struct xfrm_state *x) { … } static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, const struct km_event *c) { … } static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } #ifdef CONFIG_XFRM_MIGRATE static int copy_from_user_migrate(struct xfrm_migrate *ma, struct xfrm_kmaddress *k, struct nlattr **attrs, int *num, struct netlink_ext_ack *extack) { … } static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } #else static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { return -ENOPROTOOPT; } #endif #ifdef CONFIG_XFRM_MIGRATE static int copy_to_user_migrate(const struct xfrm_migrate *m, struct sk_buff *skb) { … } static int copy_to_user_kmaddress(const struct xfrm_kmaddress *k, struct sk_buff *skb) { … } static inline unsigned int xfrm_migrate_msgsize(int num_migrate, int with_kma, int with_encp) { … } static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m, int num_migrate, const struct xfrm_kmaddress *k, const struct xfrm_selector *sel, const struct xfrm_encap_tmpl *encap, u8 dir, u8 type) { … } static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, const struct xfrm_migrate *m, int num_migrate, const struct xfrm_kmaddress *k, const struct xfrm_encap_tmpl *encap) { … } #else static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, const struct xfrm_migrate *m, int num_migrate, const struct xfrm_kmaddress *k, const struct xfrm_encap_tmpl *encap) { return -ENOPROTOOPT; } #endif #define XMSGSIZE … const int xfrm_msg_min[XFRM_NR_MSGTYPES] = …; EXPORT_SYMBOL_GPL(…); #undef XMSGSIZE const struct nla_policy xfrma_policy[XFRMA_MAX+1] = …; EXPORT_SYMBOL_GPL(…); static const struct nla_policy xfrma_spd_policy[XFRMA_SPD_MAX+1] = …; static const struct xfrm_link { … } xfrm_dispatch[XFRM_NR_MSGTYPES] = …; static int xfrm_reject_unused_attr(int type, struct nlattr **attrs, struct netlink_ext_ack *extack) { … } static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, struct netlink_ext_ack *extack) { … } static void xfrm_netlink_rcv(struct sk_buff *skb) { … } static inline unsigned int xfrm_expire_msgsize(void) { … } static int build_expire(struct sk_buff *skb, struct xfrm_state *x, const struct km_event *c) { … } static int xfrm_exp_state_notify(struct xfrm_state *x, const struct km_event *c) { … } static int xfrm_aevent_state_notify(struct xfrm_state *x, const struct km_event *c) { … } static int xfrm_notify_sa_flush(const struct km_event *c) { … } static inline unsigned int xfrm_sa_len(struct xfrm_state *x) { … } static int xfrm_notify_sa(struct xfrm_state *x, const struct km_event *c) { … } static int xfrm_send_state_notify(struct xfrm_state *x, const struct km_event *c) { … } static inline unsigned int xfrm_acquire_msgsize(struct xfrm_state *x, struct xfrm_policy *xp) { … } static int build_acquire(struct sk_buff *skb, struct xfrm_state *x, struct xfrm_tmpl *xt, struct xfrm_policy *xp) { … } static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, struct xfrm_policy *xp) { … } /* User gives us xfrm_user_policy_info followed by an array of 0 * or more templates. */ static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, u8 *data, int len, int *dir) { … } static inline unsigned int xfrm_polexpire_msgsize(struct xfrm_policy *xp) { … } static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, int dir, const struct km_event *c) { … } static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c) { … } static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, const struct km_event *c) { … } static int xfrm_notify_policy_flush(const struct km_event *c) { … } static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c) { … } static inline unsigned int xfrm_report_msgsize(void) { … } static int build_report(struct sk_buff *skb, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr) { … } static int xfrm_send_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr) { … } static inline unsigned int xfrm_mapping_msgsize(void) { … } static int build_mapping(struct sk_buff *skb, struct xfrm_state *x, xfrm_address_t *new_saddr, __be16 new_sport) { … } static int xfrm_send_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport) { … } static bool xfrm_is_alive(const struct km_event *c) { … } static struct xfrm_mgr netlink_mgr = …; static int __net_init xfrm_user_net_init(struct net *net) { … } static void __net_exit xfrm_user_net_pre_exit(struct net *net) { … } static void __net_exit xfrm_user_net_exit(struct list_head *net_exit_list) { … } static struct pernet_operations xfrm_user_net_ops = …; static int __init xfrm_user_init(void) { … } static void __exit xfrm_user_exit(void) { … } module_init(…) …; module_exit(xfrm_user_exit); MODULE_DESCRIPTION(…) …; MODULE_LICENSE(…) …; MODULE_ALIAS_NET_PF_PROTO(…);
Codebase Browser
linux