Lines Matching refs:x
36 #define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x)) argument
37 #define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x)) argument
751 static struct sk_buff *__pfkey_xfrm_state2msg(const struct xfrm_state *x, in __pfkey_xfrm_state2msg() argument
772 sockaddr_size = pfkey_sockaddr_size(x->props.family); in __pfkey_xfrm_state2msg()
786 if ((xfrm_ctx = x->security)) { in __pfkey_xfrm_state2msg()
792 if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, x->props.family)) in __pfkey_xfrm_state2msg()
796 if (x->aalg && x->aalg->alg_key_len) { in __pfkey_xfrm_state2msg()
798 PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8); in __pfkey_xfrm_state2msg()
801 if (x->ealg && x->ealg->alg_key_len) { in __pfkey_xfrm_state2msg()
803 PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8); in __pfkey_xfrm_state2msg()
807 if (x->encap) in __pfkey_xfrm_state2msg()
808 natt = x->encap; in __pfkey_xfrm_state2msg()
829 sa->sadb_sa_spi = x->id.spi; in __pfkey_xfrm_state2msg()
830 sa->sadb_sa_replay = x->props.replay_window; in __pfkey_xfrm_state2msg()
831 switch (x->km.state) { in __pfkey_xfrm_state2msg()
833 sa->sadb_sa_state = x->km.dying ? in __pfkey_xfrm_state2msg()
844 if (x->aalg) { in __pfkey_xfrm_state2msg()
845 struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0); in __pfkey_xfrm_state2msg()
850 BUG_ON(x->ealg && x->calg); in __pfkey_xfrm_state2msg()
851 if (x->ealg) { in __pfkey_xfrm_state2msg()
852 struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0); in __pfkey_xfrm_state2msg()
857 if (x->calg) { in __pfkey_xfrm_state2msg()
858 struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0); in __pfkey_xfrm_state2msg()
864 if (x->props.flags & XFRM_STATE_NOECN) in __pfkey_xfrm_state2msg()
866 if (x->props.flags & XFRM_STATE_DECAP_DSCP) in __pfkey_xfrm_state2msg()
868 if (x->props.flags & XFRM_STATE_NOPMTUDISC) in __pfkey_xfrm_state2msg()
878 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.hard_packet_limit); in __pfkey_xfrm_state2msg()
879 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.hard_byte_limit); in __pfkey_xfrm_state2msg()
880 lifetime->sadb_lifetime_addtime = x->lft.hard_add_expires_seconds; in __pfkey_xfrm_state2msg()
881 lifetime->sadb_lifetime_usetime = x->lft.hard_use_expires_seconds; in __pfkey_xfrm_state2msg()
890 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.soft_packet_limit); in __pfkey_xfrm_state2msg()
891 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.soft_byte_limit); in __pfkey_xfrm_state2msg()
892 lifetime->sadb_lifetime_addtime = x->lft.soft_add_expires_seconds; in __pfkey_xfrm_state2msg()
893 lifetime->sadb_lifetime_usetime = x->lft.soft_use_expires_seconds; in __pfkey_xfrm_state2msg()
901 lifetime->sadb_lifetime_allocations = x->curlft.packets; in __pfkey_xfrm_state2msg()
902 lifetime->sadb_lifetime_bytes = x->curlft.bytes; in __pfkey_xfrm_state2msg()
903 lifetime->sadb_lifetime_addtime = x->curlft.add_time; in __pfkey_xfrm_state2msg()
904 lifetime->sadb_lifetime_usetime = x->curlft.use_time; in __pfkey_xfrm_state2msg()
919 pfkey_sockaddr_fill(&x->props.saddr, 0, in __pfkey_xfrm_state2msg()
921 x->props.family); in __pfkey_xfrm_state2msg()
936 pfkey_sockaddr_fill(&x->id.daddr, 0, in __pfkey_xfrm_state2msg()
938 x->props.family); in __pfkey_xfrm_state2msg()
942 if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, in __pfkey_xfrm_state2msg()
943 x->props.family)) { in __pfkey_xfrm_state2msg()
951 pfkey_proto_from_xfrm(x->sel.proto); in __pfkey_xfrm_state2msg()
952 addr->sadb_address_prefixlen = x->sel.prefixlen_s; in __pfkey_xfrm_state2msg()
955 pfkey_sockaddr_fill(&x->sel.saddr, x->sel.sport, in __pfkey_xfrm_state2msg()
957 x->props.family); in __pfkey_xfrm_state2msg()
967 key->sadb_key_bits = x->aalg->alg_key_len; in __pfkey_xfrm_state2msg()
969 memcpy(key + 1, x->aalg->alg_key, (x->aalg->alg_key_len+7)/8); in __pfkey_xfrm_state2msg()
978 key->sadb_key_bits = x->ealg->alg_key_len; in __pfkey_xfrm_state2msg()
980 memcpy(key + 1, x->ealg->alg_key, in __pfkey_xfrm_state2msg()
981 (x->ealg->alg_key_len+7)/8); in __pfkey_xfrm_state2msg()
988 if ((mode = pfkey_mode_from_xfrm(x->props.mode)) < 0) { in __pfkey_xfrm_state2msg()
996 sa2->sadb_x_sa2_reqid = x->props.reqid; in __pfkey_xfrm_state2msg()
1044 static inline struct sk_buff *pfkey_xfrm_state2msg(const struct xfrm_state *x) in pfkey_xfrm_state2msg() argument
1048 skb = __pfkey_xfrm_state2msg(x, 1, 3); in pfkey_xfrm_state2msg()
1053 static inline struct sk_buff *pfkey_xfrm_state2msg_expire(const struct xfrm_state *x, in pfkey_xfrm_state2msg_expire() argument
1056 return __pfkey_xfrm_state2msg(x, 0, hsc); in pfkey_xfrm_state2msg_expire()
1063 struct xfrm_state *x; in pfkey_msg2xfrm_state() local
1124 x = xfrm_state_alloc(net); in pfkey_msg2xfrm_state()
1125 if (x == NULL) in pfkey_msg2xfrm_state()
1128 x->id.proto = proto; in pfkey_msg2xfrm_state()
1129 x->id.spi = sa->sadb_sa_spi; in pfkey_msg2xfrm_state()
1130 x->props.replay_window = min_t(unsigned int, sa->sadb_sa_replay, in pfkey_msg2xfrm_state()
1131 (sizeof(x->replay.bitmap) * 8)); in pfkey_msg2xfrm_state()
1133 x->props.flags |= XFRM_STATE_NOECN; in pfkey_msg2xfrm_state()
1135 x->props.flags |= XFRM_STATE_DECAP_DSCP; in pfkey_msg2xfrm_state()
1137 x->props.flags |= XFRM_STATE_NOPMTUDISC; in pfkey_msg2xfrm_state()
1141 x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); in pfkey_msg2xfrm_state()
1142 x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); in pfkey_msg2xfrm_state()
1143 x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime; in pfkey_msg2xfrm_state()
1144 x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime; in pfkey_msg2xfrm_state()
1148 x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); in pfkey_msg2xfrm_state()
1149 x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); in pfkey_msg2xfrm_state()
1150 x->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime; in pfkey_msg2xfrm_state()
1151 x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime; in pfkey_msg2xfrm_state()
1161 err = security_xfrm_state_alloc(x, uctx); in pfkey_msg2xfrm_state()
1179 x->aalg = kmalloc(sizeof(*x->aalg) + keysize, GFP_KERNEL); in pfkey_msg2xfrm_state()
1180 if (!x->aalg) { in pfkey_msg2xfrm_state()
1184 strcpy(x->aalg->alg_name, a->name); in pfkey_msg2xfrm_state()
1185 x->aalg->alg_key_len = 0; in pfkey_msg2xfrm_state()
1187 x->aalg->alg_key_len = key->sadb_key_bits; in pfkey_msg2xfrm_state()
1188 memcpy(x->aalg->alg_key, key+1, keysize); in pfkey_msg2xfrm_state()
1190 x->aalg->alg_trunc_len = a->uinfo.auth.icv_truncbits; in pfkey_msg2xfrm_state()
1191 x->props.aalgo = sa->sadb_sa_auth; in pfkey_msg2xfrm_state()
1201 x->calg = kmalloc(sizeof(*x->calg), GFP_KERNEL); in pfkey_msg2xfrm_state()
1202 if (!x->calg) { in pfkey_msg2xfrm_state()
1206 strcpy(x->calg->alg_name, a->name); in pfkey_msg2xfrm_state()
1207 x->props.calgo = sa->sadb_sa_encrypt; in pfkey_msg2xfrm_state()
1218 x->ealg = kmalloc(sizeof(*x->ealg) + keysize, GFP_KERNEL); in pfkey_msg2xfrm_state()
1219 if (!x->ealg) { in pfkey_msg2xfrm_state()
1223 strcpy(x->ealg->alg_name, a->name); in pfkey_msg2xfrm_state()
1224 x->ealg->alg_key_len = 0; in pfkey_msg2xfrm_state()
1226 x->ealg->alg_key_len = key->sadb_key_bits; in pfkey_msg2xfrm_state()
1227 memcpy(x->ealg->alg_key, key+1, keysize); in pfkey_msg2xfrm_state()
1229 x->props.ealgo = sa->sadb_sa_encrypt; in pfkey_msg2xfrm_state()
1234 …x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-… in pfkey_msg2xfrm_state()
1235 &x->props.saddr); in pfkey_msg2xfrm_state()
1237 &x->id.daddr); in pfkey_msg2xfrm_state()
1246 x->props.mode = mode; in pfkey_msg2xfrm_state()
1247 x->props.reqid = sa2->sadb_x_sa2_reqid; in pfkey_msg2xfrm_state()
1254 x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr); in pfkey_msg2xfrm_state()
1255 x->sel.prefixlen_s = addr->sadb_address_prefixlen; in pfkey_msg2xfrm_state()
1258 if (!x->sel.family) in pfkey_msg2xfrm_state()
1259 x->sel.family = x->props.family; in pfkey_msg2xfrm_state()
1265 x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL); in pfkey_msg2xfrm_state()
1266 if (!x->encap) { in pfkey_msg2xfrm_state()
1271 natt = x->encap; in pfkey_msg2xfrm_state()
1288 err = xfrm_init_state(x); in pfkey_msg2xfrm_state()
1292 x->km.seq = hdr->sadb_msg_seq; in pfkey_msg2xfrm_state()
1293 return x; in pfkey_msg2xfrm_state()
1296 x->km.state = XFRM_STATE_DEAD; in pfkey_msg2xfrm_state()
1297 xfrm_state_put(x); in pfkey_msg2xfrm_state()
1314 struct xfrm_state *x = NULL; in pfkey_getspi() local
1359 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq); in pfkey_getspi()
1360 if (x && !xfrm_addr_equal(&x->id.daddr, xdaddr, family)) { in pfkey_getspi()
1361 xfrm_state_put(x); in pfkey_getspi()
1362 x = NULL; in pfkey_getspi()
1366 if (!x) in pfkey_getspi()
1367 x = xfrm_find_acq(net, &dummy_mark, mode, reqid, proto, xdaddr, xsaddr, 1, family); in pfkey_getspi()
1369 if (x == NULL) in pfkey_getspi()
1381 err = verify_spi_info(x->id.proto, min_spi, max_spi); in pfkey_getspi()
1383 xfrm_state_put(x); in pfkey_getspi()
1387 err = xfrm_alloc_spi(x, min_spi, max_spi); in pfkey_getspi()
1388 resp_skb = err ? ERR_PTR(err) : pfkey_xfrm_state2msg(x); in pfkey_getspi()
1391 xfrm_state_put(x); in pfkey_getspi()
1404 xfrm_state_put(x); in pfkey_getspi()
1414 struct xfrm_state *x; in pfkey_acquire() local
1422 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq); in pfkey_acquire()
1423 if (x == NULL) in pfkey_acquire()
1426 spin_lock_bh(&x->lock); in pfkey_acquire()
1427 if (x->km.state == XFRM_STATE_ACQ) in pfkey_acquire()
1428 x->km.state = XFRM_STATE_ERROR; in pfkey_acquire()
1430 spin_unlock_bh(&x->lock); in pfkey_acquire()
1431 xfrm_state_put(x); in pfkey_acquire()
1474 static int key_notify_sa(struct xfrm_state *x, const struct km_event *c) in key_notify_sa() argument
1479 skb = pfkey_xfrm_state2msg(x); in key_notify_sa()
1487 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); in key_notify_sa()
1493 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xs_net(x)); in key_notify_sa()
1501 struct xfrm_state *x; in pfkey_add() local
1505 x = pfkey_msg2xfrm_state(net, hdr, ext_hdrs); in pfkey_add()
1506 if (IS_ERR(x)) in pfkey_add()
1507 return PTR_ERR(x); in pfkey_add()
1509 xfrm_state_hold(x); in pfkey_add()
1511 err = xfrm_state_add(x); in pfkey_add()
1513 err = xfrm_state_update(x); in pfkey_add()
1515 xfrm_audit_state_add(x, err ? 0 : 1, true); in pfkey_add()
1518 x->km.state = XFRM_STATE_DEAD; in pfkey_add()
1519 __xfrm_state_put(x); in pfkey_add()
1529 km_state_notify(x, &c); in pfkey_add()
1531 xfrm_state_put(x); in pfkey_add()
1538 struct xfrm_state *x; in pfkey_delete() local
1547 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs); in pfkey_delete()
1548 if (x == NULL) in pfkey_delete()
1551 if ((err = security_xfrm_state_delete(x))) in pfkey_delete()
1554 if (xfrm_state_kern(x)) { in pfkey_delete()
1559 err = xfrm_state_delete(x); in pfkey_delete()
1567 km_state_notify(x, &c); in pfkey_delete()
1569 xfrm_audit_state_delete(x, err ? 0 : 1, true); in pfkey_delete()
1570 xfrm_state_put(x); in pfkey_delete()
1581 struct xfrm_state *x; in pfkey_get() local
1588 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs); in pfkey_get()
1589 if (x == NULL) in pfkey_get()
1592 out_skb = pfkey_xfrm_state2msg(x); in pfkey_get()
1593 proto = x->id.proto; in pfkey_get()
1594 xfrm_state_put(x); in pfkey_get()
1785 static int dump_sa(struct xfrm_state *x, int count, void *ptr) in dump_sa() argument
1794 out_skb = pfkey_xfrm_state2msg(x); in dump_sa()
1801 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); in dump_sa()
3020 static int key_notify_sa_expire(struct xfrm_state *x, const struct km_event *c) in key_notify_sa_expire() argument
3033 out_skb = pfkey_xfrm_state2msg_expire(x, hsc); in key_notify_sa_expire()
3040 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); in key_notify_sa_expire()
3046 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL, xs_net(x)); in key_notify_sa_expire()
3050 static int pfkey_send_notify(struct xfrm_state *x, const struct km_event *c) in pfkey_send_notify() argument
3052 struct net *net = x ? xs_net(x) : c->net; in pfkey_send_notify()
3060 return key_notify_sa_expire(x, c); in pfkey_send_notify()
3064 return key_notify_sa(x, c); in pfkey_send_notify()
3130 static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp) in pfkey_send_acquire() argument
3142 sockaddr_size = pfkey_sockaddr_size(x->props.family); in pfkey_send_acquire()
3151 if (x->id.proto == IPPROTO_AH) in pfkey_send_acquire()
3153 else if (x->id.proto == IPPROTO_ESP) in pfkey_send_acquire()
3156 if ((xfrm_ctx = x->security)) { in pfkey_send_acquire()
3168 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); in pfkey_send_acquire()
3172 hdr->sadb_msg_seq = x->km.seq = get_acqseq(); in pfkey_send_acquire()
3185 pfkey_sockaddr_fill(&x->props.saddr, 0, in pfkey_send_acquire()
3187 x->props.family); in pfkey_send_acquire()
3201 pfkey_sockaddr_fill(&x->id.daddr, 0, in pfkey_send_acquire()
3203 x->props.family); in pfkey_send_acquire()
3217 if (x->id.proto == IPPROTO_AH) in pfkey_send_acquire()
3219 else if (x->id.proto == IPPROTO_ESP) in pfkey_send_acquire()
3236 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL, xs_net(x)); in pfkey_send_acquire()
3327 static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport) in pfkey_send_new_mapping() argument
3336 __u8 satype = (x->id.proto == IPPROTO_ESP ? SADB_SATYPE_ESP : 0); in pfkey_send_new_mapping()
3339 sockaddr_size = pfkey_sockaddr_size(x->props.family); in pfkey_send_new_mapping()
3346 if (!x->encap) in pfkey_send_new_mapping()
3349 natt = x->encap; in pfkey_send_new_mapping()
3374 hdr->sadb_msg_seq = x->km.seq = get_acqseq(); in pfkey_send_new_mapping()
3381 sa->sadb_sa_spi = x->id.spi; in pfkey_send_new_mapping()
3398 pfkey_sockaddr_fill(&x->props.saddr, 0, in pfkey_send_new_mapping()
3400 x->props.family); in pfkey_send_new_mapping()
3423 x->props.family); in pfkey_send_new_mapping()
3434 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL, xs_net(x)); in pfkey_send_new_mapping()