Lines Matching refs:x
32 #define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x)) argument
33 #define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x)) argument
764 static struct sk_buff *__pfkey_xfrm_state2msg(const struct xfrm_state *x, in __pfkey_xfrm_state2msg() argument
785 sockaddr_size = pfkey_sockaddr_size(x->props.family); in __pfkey_xfrm_state2msg()
799 if ((xfrm_ctx = x->security)) { in __pfkey_xfrm_state2msg()
805 if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, x->props.family)) in __pfkey_xfrm_state2msg()
809 if (x->aalg && x->aalg->alg_key_len) { in __pfkey_xfrm_state2msg()
811 PFKEY_ALIGN8((x->aalg->alg_key_len + 7) / 8); in __pfkey_xfrm_state2msg()
814 if (x->ealg && x->ealg->alg_key_len) { in __pfkey_xfrm_state2msg()
816 PFKEY_ALIGN8((x->ealg->alg_key_len+7) / 8); in __pfkey_xfrm_state2msg()
820 if (x->encap) in __pfkey_xfrm_state2msg()
821 natt = x->encap; in __pfkey_xfrm_state2msg()
842 sa->sadb_sa_spi = x->id.spi; in __pfkey_xfrm_state2msg()
843 sa->sadb_sa_replay = x->props.replay_window; in __pfkey_xfrm_state2msg()
844 switch (x->km.state) { in __pfkey_xfrm_state2msg()
846 sa->sadb_sa_state = x->km.dying ? in __pfkey_xfrm_state2msg()
857 if (x->aalg) { in __pfkey_xfrm_state2msg()
858 struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0); in __pfkey_xfrm_state2msg()
863 BUG_ON(x->ealg && x->calg); in __pfkey_xfrm_state2msg()
864 if (x->ealg) { in __pfkey_xfrm_state2msg()
865 struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0); in __pfkey_xfrm_state2msg()
870 if (x->calg) { in __pfkey_xfrm_state2msg()
871 struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0); in __pfkey_xfrm_state2msg()
877 if (x->props.flags & XFRM_STATE_NOECN) in __pfkey_xfrm_state2msg()
879 if (x->props.flags & XFRM_STATE_DECAP_DSCP) in __pfkey_xfrm_state2msg()
881 if (x->props.flags & XFRM_STATE_NOPMTUDISC) in __pfkey_xfrm_state2msg()
890 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.hard_packet_limit); in __pfkey_xfrm_state2msg()
891 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.hard_byte_limit); in __pfkey_xfrm_state2msg()
892 lifetime->sadb_lifetime_addtime = x->lft.hard_add_expires_seconds; in __pfkey_xfrm_state2msg()
893 lifetime->sadb_lifetime_usetime = x->lft.hard_use_expires_seconds; in __pfkey_xfrm_state2msg()
901 lifetime->sadb_lifetime_allocations = _X2KEY(x->lft.soft_packet_limit); in __pfkey_xfrm_state2msg()
902 lifetime->sadb_lifetime_bytes = _X2KEY(x->lft.soft_byte_limit); in __pfkey_xfrm_state2msg()
903 lifetime->sadb_lifetime_addtime = x->lft.soft_add_expires_seconds; in __pfkey_xfrm_state2msg()
904 lifetime->sadb_lifetime_usetime = x->lft.soft_use_expires_seconds; in __pfkey_xfrm_state2msg()
911 lifetime->sadb_lifetime_allocations = x->curlft.packets; in __pfkey_xfrm_state2msg()
912 lifetime->sadb_lifetime_bytes = x->curlft.bytes; in __pfkey_xfrm_state2msg()
913 lifetime->sadb_lifetime_addtime = x->curlft.add_time; in __pfkey_xfrm_state2msg()
914 lifetime->sadb_lifetime_usetime = x->curlft.use_time; in __pfkey_xfrm_state2msg()
928 pfkey_sockaddr_fill(&x->props.saddr, 0, in __pfkey_xfrm_state2msg()
930 x->props.family); in __pfkey_xfrm_state2msg()
943 pfkey_sockaddr_fill(&x->id.daddr, 0, in __pfkey_xfrm_state2msg()
945 x->props.family); in __pfkey_xfrm_state2msg()
948 if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, in __pfkey_xfrm_state2msg()
949 x->props.family)) { in __pfkey_xfrm_state2msg()
957 pfkey_proto_from_xfrm(x->sel.proto); in __pfkey_xfrm_state2msg()
958 addr->sadb_address_prefixlen = x->sel.prefixlen_s; in __pfkey_xfrm_state2msg()
961 pfkey_sockaddr_fill(&x->sel.saddr, x->sel.sport, in __pfkey_xfrm_state2msg()
963 x->props.family); in __pfkey_xfrm_state2msg()
972 key->sadb_key_bits = x->aalg->alg_key_len; in __pfkey_xfrm_state2msg()
974 memcpy(key + 1, x->aalg->alg_key, (x->aalg->alg_key_len+7)/8); in __pfkey_xfrm_state2msg()
982 key->sadb_key_bits = x->ealg->alg_key_len; in __pfkey_xfrm_state2msg()
984 memcpy(key + 1, x->ealg->alg_key, in __pfkey_xfrm_state2msg()
985 (x->ealg->alg_key_len+7)/8); in __pfkey_xfrm_state2msg()
992 if ((mode = pfkey_mode_from_xfrm(x->props.mode)) < 0) { in __pfkey_xfrm_state2msg()
1000 sa2->sadb_x_sa2_reqid = x->props.reqid; in __pfkey_xfrm_state2msg()
1048 static inline struct sk_buff *pfkey_xfrm_state2msg(const struct xfrm_state *x) in pfkey_xfrm_state2msg() argument
1052 skb = __pfkey_xfrm_state2msg(x, 1, 3); in pfkey_xfrm_state2msg()
1057 static inline struct sk_buff *pfkey_xfrm_state2msg_expire(const struct xfrm_state *x, in pfkey_xfrm_state2msg_expire() argument
1060 return __pfkey_xfrm_state2msg(x, 0, hsc); in pfkey_xfrm_state2msg_expire()
1067 struct xfrm_state *x; in pfkey_msg2xfrm_state() local
1126 x = xfrm_state_alloc(net); in pfkey_msg2xfrm_state()
1127 if (x == NULL) in pfkey_msg2xfrm_state()
1130 x->id.proto = proto; in pfkey_msg2xfrm_state()
1131 x->id.spi = sa->sadb_sa_spi; in pfkey_msg2xfrm_state()
1132 x->props.replay_window = min_t(unsigned int, sa->sadb_sa_replay, in pfkey_msg2xfrm_state()
1133 (sizeof(x->replay.bitmap) * 8)); in pfkey_msg2xfrm_state()
1135 x->props.flags |= XFRM_STATE_NOECN; in pfkey_msg2xfrm_state()
1137 x->props.flags |= XFRM_STATE_DECAP_DSCP; in pfkey_msg2xfrm_state()
1139 x->props.flags |= XFRM_STATE_NOPMTUDISC; in pfkey_msg2xfrm_state()
1143 x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); in pfkey_msg2xfrm_state()
1144 x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); in pfkey_msg2xfrm_state()
1145 x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime; in pfkey_msg2xfrm_state()
1146 x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime; in pfkey_msg2xfrm_state()
1150 x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); in pfkey_msg2xfrm_state()
1151 x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); in pfkey_msg2xfrm_state()
1152 x->lft.soft_add_expires_seconds = lifetime->sadb_lifetime_addtime; in pfkey_msg2xfrm_state()
1153 x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime; in pfkey_msg2xfrm_state()
1163 err = security_xfrm_state_alloc(x, uctx); in pfkey_msg2xfrm_state()
1181 x->aalg = kmalloc(sizeof(*x->aalg) + keysize, GFP_KERNEL); in pfkey_msg2xfrm_state()
1182 if (!x->aalg) { in pfkey_msg2xfrm_state()
1186 strcpy(x->aalg->alg_name, a->name); in pfkey_msg2xfrm_state()
1187 x->aalg->alg_key_len = 0; in pfkey_msg2xfrm_state()
1189 x->aalg->alg_key_len = key->sadb_key_bits; in pfkey_msg2xfrm_state()
1190 memcpy(x->aalg->alg_key, key+1, keysize); in pfkey_msg2xfrm_state()
1192 x->aalg->alg_trunc_len = a->uinfo.auth.icv_truncbits; in pfkey_msg2xfrm_state()
1193 x->props.aalgo = sa->sadb_sa_auth; in pfkey_msg2xfrm_state()
1203 x->calg = kmalloc(sizeof(*x->calg), GFP_KERNEL); in pfkey_msg2xfrm_state()
1204 if (!x->calg) { in pfkey_msg2xfrm_state()
1208 strcpy(x->calg->alg_name, a->name); in pfkey_msg2xfrm_state()
1209 x->props.calgo = sa->sadb_sa_encrypt; in pfkey_msg2xfrm_state()
1220 x->ealg = kmalloc(sizeof(*x->ealg) + keysize, GFP_KERNEL); in pfkey_msg2xfrm_state()
1221 if (!x->ealg) { in pfkey_msg2xfrm_state()
1225 strcpy(x->ealg->alg_name, a->name); in pfkey_msg2xfrm_state()
1226 x->ealg->alg_key_len = 0; in pfkey_msg2xfrm_state()
1228 x->ealg->alg_key_len = key->sadb_key_bits; in pfkey_msg2xfrm_state()
1229 memcpy(x->ealg->alg_key, key+1, keysize); in pfkey_msg2xfrm_state()
1231 x->props.ealgo = sa->sadb_sa_encrypt; in pfkey_msg2xfrm_state()
1232 x->geniv = a->uinfo.encr.geniv; in pfkey_msg2xfrm_state()
1237 …x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-… in pfkey_msg2xfrm_state()
1238 &x->props.saddr); in pfkey_msg2xfrm_state()
1240 &x->id.daddr); in pfkey_msg2xfrm_state()
1249 x->props.mode = mode; in pfkey_msg2xfrm_state()
1250 x->props.reqid = sa2->sadb_x_sa2_reqid; in pfkey_msg2xfrm_state()
1257 x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr); in pfkey_msg2xfrm_state()
1258 x->sel.prefixlen_s = addr->sadb_address_prefixlen; in pfkey_msg2xfrm_state()
1261 if (!x->sel.family) in pfkey_msg2xfrm_state()
1262 x->sel.family = x->props.family; in pfkey_msg2xfrm_state()
1268 x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL); in pfkey_msg2xfrm_state()
1269 if (!x->encap) { in pfkey_msg2xfrm_state()
1274 natt = x->encap; in pfkey_msg2xfrm_state()
1291 err = xfrm_init_state(x); in pfkey_msg2xfrm_state()
1295 x->km.seq = hdr->sadb_msg_seq; in pfkey_msg2xfrm_state()
1296 return x; in pfkey_msg2xfrm_state()
1299 x->km.state = XFRM_STATE_DEAD; in pfkey_msg2xfrm_state()
1300 xfrm_state_put(x); in pfkey_msg2xfrm_state()
1317 struct xfrm_state *x = NULL; in pfkey_getspi() local
1362 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq); in pfkey_getspi()
1363 if (x && !xfrm_addr_equal(&x->id.daddr, xdaddr, family)) { in pfkey_getspi()
1364 xfrm_state_put(x); in pfkey_getspi()
1365 x = NULL; in pfkey_getspi()
1369 if (!x) in pfkey_getspi()
1370 x = xfrm_find_acq(net, &dummy_mark, mode, reqid, 0, proto, xdaddr, xsaddr, 1, family); in pfkey_getspi()
1372 if (x == NULL) in pfkey_getspi()
1384 err = verify_spi_info(x->id.proto, min_spi, max_spi); in pfkey_getspi()
1386 xfrm_state_put(x); in pfkey_getspi()
1390 err = xfrm_alloc_spi(x, min_spi, max_spi); in pfkey_getspi()
1391 resp_skb = err ? ERR_PTR(err) : pfkey_xfrm_state2msg(x); in pfkey_getspi()
1394 xfrm_state_put(x); in pfkey_getspi()
1407 xfrm_state_put(x); in pfkey_getspi()
1417 struct xfrm_state *x; in pfkey_acquire() local
1425 x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq); in pfkey_acquire()
1426 if (x == NULL) in pfkey_acquire()
1429 spin_lock_bh(&x->lock); in pfkey_acquire()
1430 if (x->km.state == XFRM_STATE_ACQ) in pfkey_acquire()
1431 x->km.state = XFRM_STATE_ERROR; in pfkey_acquire()
1433 spin_unlock_bh(&x->lock); in pfkey_acquire()
1434 xfrm_state_put(x); in pfkey_acquire()
1477 static int key_notify_sa(struct xfrm_state *x, const struct km_event *c) in key_notify_sa() argument
1482 skb = pfkey_xfrm_state2msg(x); in key_notify_sa()
1490 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); in key_notify_sa()
1496 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xs_net(x)); in key_notify_sa()
1504 struct xfrm_state *x; in pfkey_add() local
1508 x = pfkey_msg2xfrm_state(net, hdr, ext_hdrs); in pfkey_add()
1509 if (IS_ERR(x)) in pfkey_add()
1510 return PTR_ERR(x); in pfkey_add()
1512 xfrm_state_hold(x); in pfkey_add()
1514 err = xfrm_state_add(x); in pfkey_add()
1516 err = xfrm_state_update(x); in pfkey_add()
1518 xfrm_audit_state_add(x, err ? 0 : 1, true); in pfkey_add()
1521 x->km.state = XFRM_STATE_DEAD; in pfkey_add()
1522 __xfrm_state_put(x); in pfkey_add()
1532 km_state_notify(x, &c); in pfkey_add()
1534 xfrm_state_put(x); in pfkey_add()
1541 struct xfrm_state *x; in pfkey_delete() local
1550 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs); in pfkey_delete()
1551 if (x == NULL) in pfkey_delete()
1554 if ((err = security_xfrm_state_delete(x))) in pfkey_delete()
1557 if (xfrm_state_kern(x)) { in pfkey_delete()
1562 err = xfrm_state_delete(x); in pfkey_delete()
1570 km_state_notify(x, &c); in pfkey_delete()
1572 xfrm_audit_state_delete(x, err ? 0 : 1, true); in pfkey_delete()
1573 xfrm_state_put(x); in pfkey_delete()
1584 struct xfrm_state *x; in pfkey_get() local
1591 x = pfkey_xfrm_state_lookup(net, hdr, ext_hdrs); in pfkey_get()
1592 if (x == NULL) in pfkey_get()
1595 out_skb = pfkey_xfrm_state2msg(x); in pfkey_get()
1596 proto = x->id.proto; in pfkey_get()
1597 xfrm_state_put(x); in pfkey_get()
1788 static int dump_sa(struct xfrm_state *x, int count, void *ptr) in dump_sa() argument
1797 out_skb = pfkey_xfrm_state2msg(x); in dump_sa()
1804 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); in dump_sa()
3021 static int key_notify_sa_expire(struct xfrm_state *x, const struct km_event *c) in key_notify_sa_expire() argument
3034 out_skb = pfkey_xfrm_state2msg_expire(x, hsc); in key_notify_sa_expire()
3041 out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); in key_notify_sa_expire()
3048 xs_net(x)); in key_notify_sa_expire()
3052 static int pfkey_send_notify(struct xfrm_state *x, const struct km_event *c) in pfkey_send_notify() argument
3054 struct net *net = x ? xs_net(x) : c->net; in pfkey_send_notify()
3062 return key_notify_sa_expire(x, c); in pfkey_send_notify()
3066 return key_notify_sa(x, c); in pfkey_send_notify()
3132 static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp) in pfkey_send_acquire() argument
3144 sockaddr_size = pfkey_sockaddr_size(x->props.family); in pfkey_send_acquire()
3153 if (x->id.proto == IPPROTO_AH) in pfkey_send_acquire()
3155 else if (x->id.proto == IPPROTO_ESP) in pfkey_send_acquire()
3158 if ((xfrm_ctx = x->security)) { in pfkey_send_acquire()
3170 hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); in pfkey_send_acquire()
3174 hdr->sadb_msg_seq = x->km.seq = get_acqseq(); in pfkey_send_acquire()
3186 pfkey_sockaddr_fill(&x->props.saddr, 0, in pfkey_send_acquire()
3188 x->props.family); in pfkey_send_acquire()
3201 pfkey_sockaddr_fill(&x->id.daddr, 0, in pfkey_send_acquire()
3203 x->props.family); in pfkey_send_acquire()
3217 if (x->id.proto == IPPROTO_AH) in pfkey_send_acquire()
3219 else if (x->id.proto == IPPROTO_ESP) in pfkey_send_acquire()
3237 xs_net(x)); in pfkey_send_acquire()
3328 static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport) in pfkey_send_new_mapping() argument
3337 __u8 satype = (x->id.proto == IPPROTO_ESP ? SADB_SATYPE_ESP : 0); in pfkey_send_new_mapping()
3340 sockaddr_size = pfkey_sockaddr_size(x->props.family); in pfkey_send_new_mapping()
3347 if (!x->encap) in pfkey_send_new_mapping()
3350 natt = x->encap; in pfkey_send_new_mapping()
3375 hdr->sadb_msg_seq = x->km.seq = get_acqseq(); in pfkey_send_new_mapping()
3382 sa->sadb_sa_spi = x->id.spi; in pfkey_send_new_mapping()
3398 pfkey_sockaddr_fill(&x->props.saddr, 0, in pfkey_send_new_mapping()
3400 x->props.family); in pfkey_send_new_mapping()
3422 x->props.family); in pfkey_send_new_mapping()
3434 xs_net(x)); in pfkey_send_new_mapping()