~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/ipv6/esp6.c

Version: ~ [ linux-5.5-rc7 ] ~ [ linux-5.4.13 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.97 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.166 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.210 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.210 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.81 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * Copyright (C)2002 USAGI/WIDE Project
  3  *
  4  * This program is free software; you can redistribute it and/or modify
  5  * it under the terms of the GNU General Public License as published by
  6  * the Free Software Foundation; either version 2 of the License, or
  7  * (at your option) any later version.
  8  *
  9  * This program is distributed in the hope that it will be useful,
 10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 12  * GNU General Public License for more details.
 13  *
 14  * You should have received a copy of the GNU General Public License
 15  * along with this program; if not, write to the Free Software
 16  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 17  *
 18  * Authors
 19  *
 20  *      Mitsuru KANDA @USAGI       : IPv6 Support
 21  *      Kazunori MIYAZAWA @USAGI   :
 22  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
 23  *
 24  *      This file is derived from net/ipv4/esp.c
 25  */
 26 
 27 #define pr_fmt(fmt) "IPv6: " fmt
 28 
 29 #include <crypto/aead.h>
 30 #include <crypto/authenc.h>
 31 #include <linux/err.h>
 32 #include <linux/module.h>
 33 #include <net/ip.h>
 34 #include <net/xfrm.h>
 35 #include <net/esp.h>
 36 #include <linux/scatterlist.h>
 37 #include <linux/kernel.h>
 38 #include <linux/pfkeyv2.h>
 39 #include <linux/random.h>
 40 #include <linux/slab.h>
 41 #include <linux/spinlock.h>
 42 #include <net/ip6_route.h>
 43 #include <net/icmp.h>
 44 #include <net/ipv6.h>
 45 #include <net/protocol.h>
 46 #include <linux/icmpv6.h>
 47 
 48 struct esp_skb_cb {
 49         struct xfrm_skb_cb xfrm;
 50         void *tmp;
 51 };
 52 
 53 #define ESP_SKB_CB(__skb) ((struct esp_skb_cb *)&((__skb)->cb[0]))
 54 
 55 static u32 esp6_get_mtu(struct xfrm_state *x, int mtu);
 56 
 57 /*
 58  * Allocate an AEAD request structure with extra space for SG and IV.
 59  *
 60  * For alignment considerations the upper 32 bits of the sequence number are
 61  * placed at the front, if present. Followed by the IV, the request and finally
 62  * the SG list.
 63  *
 64  * TODO: Use spare space in skb for this where possible.
 65  */
 66 static void *esp_alloc_tmp(struct crypto_aead *aead, int nfrags, int seqihlen)
 67 {
 68         unsigned int len;
 69 
 70         len = seqihlen;
 71 
 72         len += crypto_aead_ivsize(aead);
 73 
 74         if (len) {
 75                 len += crypto_aead_alignmask(aead) &
 76                        ~(crypto_tfm_ctx_alignment() - 1);
 77                 len = ALIGN(len, crypto_tfm_ctx_alignment());
 78         }
 79 
 80         len += sizeof(struct aead_givcrypt_request) + crypto_aead_reqsize(aead);
 81         len = ALIGN(len, __alignof__(struct scatterlist));
 82 
 83         len += sizeof(struct scatterlist) * nfrags;
 84 
 85         return kmalloc(len, GFP_ATOMIC);
 86 }
 87 
 88 static inline __be32 *esp_tmp_seqhi(void *tmp)
 89 {
 90         return PTR_ALIGN((__be32 *)tmp, __alignof__(__be32));
 91 }
 92 
 93 static inline u8 *esp_tmp_iv(struct crypto_aead *aead, void *tmp, int seqhilen)
 94 {
 95         return crypto_aead_ivsize(aead) ?
 96                PTR_ALIGN((u8 *)tmp + seqhilen,
 97                          crypto_aead_alignmask(aead) + 1) : tmp + seqhilen;
 98 }
 99 
100 static inline struct aead_givcrypt_request *esp_tmp_givreq(
101         struct crypto_aead *aead, u8 *iv)
102 {
103         struct aead_givcrypt_request *req;
104 
105         req = (void *)PTR_ALIGN(iv + crypto_aead_ivsize(aead),
106                                 crypto_tfm_ctx_alignment());
107         aead_givcrypt_set_tfm(req, aead);
108         return req;
109 }
110 
111 static inline struct aead_request *esp_tmp_req(struct crypto_aead *aead, u8 *iv)
112 {
113         struct aead_request *req;
114 
115         req = (void *)PTR_ALIGN(iv + crypto_aead_ivsize(aead),
116                                 crypto_tfm_ctx_alignment());
117         aead_request_set_tfm(req, aead);
118         return req;
119 }
120 
121 static inline struct scatterlist *esp_req_sg(struct crypto_aead *aead,
122                                              struct aead_request *req)
123 {
124         return (void *)ALIGN((unsigned long)(req + 1) +
125                              crypto_aead_reqsize(aead),
126                              __alignof__(struct scatterlist));
127 }
128 
129 static inline struct scatterlist *esp_givreq_sg(
130         struct crypto_aead *aead, struct aead_givcrypt_request *req)
131 {
132         return (void *)ALIGN((unsigned long)(req + 1) +
133                              crypto_aead_reqsize(aead),
134                              __alignof__(struct scatterlist));
135 }
136 
137 static void esp_output_done(struct crypto_async_request *base, int err)
138 {
139         struct sk_buff *skb = base->data;
140 
141         kfree(ESP_SKB_CB(skb)->tmp);
142         xfrm_output_resume(skb, err);
143 }
144 
145 static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
146 {
147         int err;
148         struct ip_esp_hdr *esph;
149         struct crypto_aead *aead;
150         struct aead_givcrypt_request *req;
151         struct scatterlist *sg;
152         struct scatterlist *asg;
153         struct sk_buff *trailer;
154         void *tmp;
155         int blksize;
156         int clen;
157         int alen;
158         int plen;
159         int tfclen;
160         int nfrags;
161         int assoclen;
162         int sglists;
163         int seqhilen;
164         u8 *iv;
165         u8 *tail;
166         __be32 *seqhi;
167         struct esp_data *esp = x->data;
168 
169         /* skb is pure payload to encrypt */
170         aead = esp->aead;
171         alen = crypto_aead_authsize(aead);
172 
173         tfclen = 0;
174         if (x->tfcpad) {
175                 struct xfrm_dst *dst = (struct xfrm_dst *)skb_dst(skb);
176                 u32 padto;
177 
178                 padto = min(x->tfcpad, esp6_get_mtu(x, dst->child_mtu_cached));
179                 if (skb->len < padto)
180                         tfclen = padto - skb->len;
181         }
182         blksize = ALIGN(crypto_aead_blocksize(aead), 4);
183         clen = ALIGN(skb->len + 2 + tfclen, blksize);
184         if (esp->padlen)
185                 clen = ALIGN(clen, esp->padlen);
186         plen = clen - skb->len - tfclen;
187 
188         err = skb_cow_data(skb, tfclen + plen + alen, &trailer);
189         if (err < 0)
190                 goto error;
191         nfrags = err;
192 
193         assoclen = sizeof(*esph);
194         sglists = 1;
195         seqhilen = 0;
196 
197         if (x->props.flags & XFRM_STATE_ESN) {
198                 sglists += 2;
199                 seqhilen += sizeof(__be32);
200                 assoclen += seqhilen;
201         }
202 
203         tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen);
204         if (!tmp) {
205                 err = -ENOMEM;
206                 goto error;
207         }
208 
209         seqhi = esp_tmp_seqhi(tmp);
210         iv = esp_tmp_iv(aead, tmp, seqhilen);
211         req = esp_tmp_givreq(aead, iv);
212         asg = esp_givreq_sg(aead, req);
213         sg = asg + sglists;
214 
215         /* Fill padding... */
216         tail = skb_tail_pointer(trailer);
217         if (tfclen) {
218                 memset(tail, 0, tfclen);
219                 tail += tfclen;
220         }
221         do {
222                 int i;
223                 for (i = 0; i < plen - 2; i++)
224                         tail[i] = i + 1;
225         } while (0);
226         tail[plen - 2] = plen - 2;
227         tail[plen - 1] = *skb_mac_header(skb);
228         pskb_put(skb, trailer, clen - skb->len + alen);
229 
230         skb_push(skb, -skb_network_offset(skb));
231         esph = ip_esp_hdr(skb);
232         *skb_mac_header(skb) = IPPROTO_ESP;
233 
234         esph->spi = x->id.spi;
235         esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low);
236 
237         sg_init_table(sg, nfrags);
238         skb_to_sgvec(skb, sg,
239                      esph->enc_data + crypto_aead_ivsize(aead) - skb->data,
240                      clen + alen);
241 
242         if ((x->props.flags & XFRM_STATE_ESN)) {
243                 sg_init_table(asg, 3);
244                 sg_set_buf(asg, &esph->spi, sizeof(__be32));
245                 *seqhi = htonl(XFRM_SKB_CB(skb)->seq.output.hi);
246                 sg_set_buf(asg + 1, seqhi, seqhilen);
247                 sg_set_buf(asg + 2, &esph->seq_no, sizeof(__be32));
248         } else
249                 sg_init_one(asg, esph, sizeof(*esph));
250 
251         aead_givcrypt_set_callback(req, 0, esp_output_done, skb);
252         aead_givcrypt_set_crypt(req, sg, sg, clen, iv);
253         aead_givcrypt_set_assoc(req, asg, assoclen);
254         aead_givcrypt_set_giv(req, esph->enc_data,
255                               XFRM_SKB_CB(skb)->seq.output.low);
256 
257         ESP_SKB_CB(skb)->tmp = tmp;
258         err = crypto_aead_givencrypt(req);
259         if (err == -EINPROGRESS)
260                 goto error;
261 
262         if (err == -EBUSY)
263                 err = NET_XMIT_DROP;
264 
265         kfree(tmp);
266 
267 error:
268         return err;
269 }
270 
271 static int esp_input_done2(struct sk_buff *skb, int err)
272 {
273         struct xfrm_state *x = xfrm_input_state(skb);
274         struct esp_data *esp = x->data;
275         struct crypto_aead *aead = esp->aead;
276         int alen = crypto_aead_authsize(aead);
277         int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
278         int elen = skb->len - hlen;
279         int hdr_len = skb_network_header_len(skb);
280         int padlen;
281         u8 nexthdr[2];
282 
283         kfree(ESP_SKB_CB(skb)->tmp);
284 
285         if (unlikely(err))
286                 goto out;
287 
288         if (skb_copy_bits(skb, skb->len - alen - 2, nexthdr, 2))
289                 BUG();
290 
291         err = -EINVAL;
292         padlen = nexthdr[0];
293         if (padlen + 2 + alen >= elen) {
294                 LIMIT_NETDEBUG(KERN_WARNING "ipsec esp packet is garbage "
295                                "padlen=%d, elen=%d\n", padlen + 2, elen - alen);
296                 goto out;
297         }
298 
299         /* ... check padding bits here. Silly. :-) */
300 
301         pskb_trim(skb, skb->len - alen - padlen - 2);
302         __skb_pull(skb, hlen);
303         if (x->props.mode == XFRM_MODE_TUNNEL)
304                 skb_reset_transport_header(skb);
305         else
306                 skb_set_transport_header(skb, -hdr_len);
307 
308         err = nexthdr[1];
309 
310         /* RFC4303: Drop dummy packets without any error */
311         if (err == IPPROTO_NONE)
312                 err = -EINVAL;
313 
314 out:
315         return err;
316 }
317 
318 static void esp_input_done(struct crypto_async_request *base, int err)
319 {
320         struct sk_buff *skb = base->data;
321 
322         xfrm_input_resume(skb, esp_input_done2(skb, err));
323 }
324 
325 static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
326 {
327         struct ip_esp_hdr *esph;
328         struct esp_data *esp = x->data;
329         struct crypto_aead *aead = esp->aead;
330         struct aead_request *req;
331         struct sk_buff *trailer;
332         int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead);
333         int nfrags;
334         int assoclen;
335         int sglists;
336         int seqhilen;
337         int ret = 0;
338         void *tmp;
339         __be32 *seqhi;
340         u8 *iv;
341         struct scatterlist *sg;
342         struct scatterlist *asg;
343 
344         if (!pskb_may_pull(skb, sizeof(*esph) + crypto_aead_ivsize(aead))) {
345                 ret = -EINVAL;
346                 goto out;
347         }
348 
349         if (elen <= 0) {
350                 ret = -EINVAL;
351                 goto out;
352         }
353 
354         if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0) {
355                 ret = -EINVAL;
356                 goto out;
357         }
358 
359         ret = -ENOMEM;
360 
361         assoclen = sizeof(*esph);
362         sglists = 1;
363         seqhilen = 0;
364 
365         if (x->props.flags & XFRM_STATE_ESN) {
366                 sglists += 2;
367                 seqhilen += sizeof(__be32);
368                 assoclen += seqhilen;
369         }
370 
371         tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen);
372         if (!tmp)
373                 goto out;
374 
375         ESP_SKB_CB(skb)->tmp = tmp;
376         seqhi = esp_tmp_seqhi(tmp);
377         iv = esp_tmp_iv(aead, tmp, seqhilen);
378         req = esp_tmp_req(aead, iv);
379         asg = esp_req_sg(aead, req);
380         sg = asg + sglists;
381 
382         skb->ip_summed = CHECKSUM_NONE;
383 
384         esph = (struct ip_esp_hdr *)skb->data;
385 
386         /* Get ivec. This can be wrong, check against another impls. */
387         iv = esph->enc_data;
388 
389         sg_init_table(sg, nfrags);
390         skb_to_sgvec(skb, sg, sizeof(*esph) + crypto_aead_ivsize(aead), elen);
391 
392         if ((x->props.flags & XFRM_STATE_ESN)) {
393                 sg_init_table(asg, 3);
394                 sg_set_buf(asg, &esph->spi, sizeof(__be32));
395                 *seqhi = XFRM_SKB_CB(skb)->seq.input.hi;
396                 sg_set_buf(asg + 1, seqhi, seqhilen);
397                 sg_set_buf(asg + 2, &esph->seq_no, sizeof(__be32));
398         } else
399                 sg_init_one(asg, esph, sizeof(*esph));
400 
401         aead_request_set_callback(req, 0, esp_input_done, skb);
402         aead_request_set_crypt(req, sg, sg, elen, iv);
403         aead_request_set_assoc(req, asg, assoclen);
404 
405         ret = crypto_aead_decrypt(req);
406         if (ret == -EINPROGRESS)
407                 goto out;
408 
409         ret = esp_input_done2(skb, ret);
410 
411 out:
412         return ret;
413 }
414 
415 static u32 esp6_get_mtu(struct xfrm_state *x, int mtu)
416 {
417         struct esp_data *esp = x->data;
418         u32 blksize = ALIGN(crypto_aead_blocksize(esp->aead), 4);
419         u32 align = max_t(u32, blksize, esp->padlen);
420         unsigned int net_adj;
421 
422         if (x->props.mode != XFRM_MODE_TUNNEL)
423                 net_adj = sizeof(struct ipv6hdr);
424         else
425                 net_adj = 0;
426 
427         return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) -
428                  net_adj) & ~(align - 1)) + (net_adj - 2);
429 }
430 
431 static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
432                      u8 type, u8 code, int offset, __be32 info)
433 {
434         struct net *net = dev_net(skb->dev);
435         const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data;
436         struct ip_esp_hdr *esph = (struct ip_esp_hdr *)(skb->data + offset);
437         struct xfrm_state *x;
438 
439         if (type != ICMPV6_DEST_UNREACH &&
440             type != ICMPV6_PKT_TOOBIG &&
441             type != NDISC_REDIRECT)
442                 return;
443 
444         x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
445                               esph->spi, IPPROTO_ESP, AF_INET6);
446         if (!x)
447                 return;
448 
449         if (type == NDISC_REDIRECT)
450                 ip6_redirect(skb, net, 0, 0);
451         else
452                 ip6_update_pmtu(skb, net, info, 0, 0);
453         xfrm_state_put(x);
454 }
455 
456 static void esp6_destroy(struct xfrm_state *x)
457 {
458         struct esp_data *esp = x->data;
459 
460         if (!esp)
461                 return;
462 
463         crypto_free_aead(esp->aead);
464         kfree(esp);
465 }
466 
467 static int esp_init_aead(struct xfrm_state *x)
468 {
469         struct esp_data *esp = x->data;
470         struct crypto_aead *aead;
471         int err;
472 
473         aead = crypto_alloc_aead(x->aead->alg_name, 0, 0);
474         err = PTR_ERR(aead);
475         if (IS_ERR(aead))
476                 goto error;
477 
478         esp->aead = aead;
479 
480         err = crypto_aead_setkey(aead, x->aead->alg_key,
481                                  (x->aead->alg_key_len + 7) / 8);
482         if (err)
483                 goto error;
484 
485         err = crypto_aead_setauthsize(aead, x->aead->alg_icv_len / 8);
486         if (err)
487                 goto error;
488 
489 error:
490         return err;
491 }
492 
493 static int esp_init_authenc(struct xfrm_state *x)
494 {
495         struct esp_data *esp = x->data;
496         struct crypto_aead *aead;
497         struct crypto_authenc_key_param *param;
498         struct rtattr *rta;
499         char *key;
500         char *p;
501         char authenc_name[CRYPTO_MAX_ALG_NAME];
502         unsigned int keylen;
503         int err;
504 
505         err = -EINVAL;
506         if (x->ealg == NULL)
507                 goto error;
508 
509         err = -ENAMETOOLONG;
510 
511         if ((x->props.flags & XFRM_STATE_ESN)) {
512                 if (snprintf(authenc_name, CRYPTO_MAX_ALG_NAME,
513                              "authencesn(%s,%s)",
514                              x->aalg ? x->aalg->alg_name : "digest_null",
515                              x->ealg->alg_name) >= CRYPTO_MAX_ALG_NAME)
516                         goto error;
517         } else {
518                 if (snprintf(authenc_name, CRYPTO_MAX_ALG_NAME,
519                              "authenc(%s,%s)",
520                              x->aalg ? x->aalg->alg_name : "digest_null",
521                              x->ealg->alg_name) >= CRYPTO_MAX_ALG_NAME)
522                         goto error;
523         }
524 
525         aead = crypto_alloc_aead(authenc_name, 0, 0);
526         err = PTR_ERR(aead);
527         if (IS_ERR(aead))
528                 goto error;
529 
530         esp->aead = aead;
531 
532         keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) +
533                  (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param));
534         err = -ENOMEM;
535         key = kmalloc(keylen, GFP_KERNEL);
536         if (!key)
537                 goto error;
538 
539         p = key;
540         rta = (void *)p;
541         rta->rta_type = CRYPTO_AUTHENC_KEYA_PARAM;
542         rta->rta_len = RTA_LENGTH(sizeof(*param));
543         param = RTA_DATA(rta);
544         p += RTA_SPACE(sizeof(*param));
545 
546         if (x->aalg) {
547                 struct xfrm_algo_desc *aalg_desc;
548 
549                 memcpy(p, x->aalg->alg_key, (x->aalg->alg_key_len + 7) / 8);
550                 p += (x->aalg->alg_key_len + 7) / 8;
551 
552                 aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
553                 BUG_ON(!aalg_desc);
554 
555                 err = -EINVAL;
556                 if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
557                     crypto_aead_authsize(aead)) {
558                         NETDEBUG(KERN_INFO "ESP: %s digestsize %u != %hu\n",
559                                  x->aalg->alg_name,
560                                  crypto_aead_authsize(aead),
561                                  aalg_desc->uinfo.auth.icv_fullbits/8);
562                         goto free_key;
563                 }
564 
565                 err = crypto_aead_setauthsize(
566                         aead, x->aalg->alg_trunc_len / 8);
567                 if (err)
568                         goto free_key;
569         }
570 
571         param->enckeylen = cpu_to_be32((x->ealg->alg_key_len + 7) / 8);
572         memcpy(p, x->ealg->alg_key, (x->ealg->alg_key_len + 7) / 8);
573 
574         err = crypto_aead_setkey(aead, key, keylen);
575 
576 free_key:
577         kfree(key);
578 
579 error:
580         return err;
581 }
582 
583 static int esp6_init_state(struct xfrm_state *x)
584 {
585         struct esp_data *esp;
586         struct crypto_aead *aead;
587         u32 align;
588         int err;
589 
590         if (x->encap)
591                 return -EINVAL;
592 
593         esp = kzalloc(sizeof(*esp), GFP_KERNEL);
594         if (esp == NULL)
595                 return -ENOMEM;
596 
597         x->data = esp;
598 
599         if (x->aead)
600                 err = esp_init_aead(x);
601         else
602                 err = esp_init_authenc(x);
603 
604         if (err)
605                 goto error;
606 
607         aead = esp->aead;
608 
609         esp->padlen = 0;
610 
611         x->props.header_len = sizeof(struct ip_esp_hdr) +
612                               crypto_aead_ivsize(aead);
613         switch (x->props.mode) {
614         case XFRM_MODE_BEET:
615                 if (x->sel.family != AF_INET6)
616                         x->props.header_len += IPV4_BEET_PHMAXLEN +
617                                                (sizeof(struct ipv6hdr) - sizeof(struct iphdr));
618                 break;
619         case XFRM_MODE_TRANSPORT:
620                 break;
621         case XFRM_MODE_TUNNEL:
622                 x->props.header_len += sizeof(struct ipv6hdr);
623                 break;
624         default:
625                 goto error;
626         }
627 
628         align = ALIGN(crypto_aead_blocksize(aead), 4);
629         if (esp->padlen)
630                 align = max_t(u32, align, esp->padlen);
631         x->props.trailer_len = align + 1 + crypto_aead_authsize(esp->aead);
632 
633 error:
634         return err;
635 }
636 
637 static const struct xfrm_type esp6_type =
638 {
639         .description    = "ESP6",
640         .owner          = THIS_MODULE,
641         .proto          = IPPROTO_ESP,
642         .flags          = XFRM_TYPE_REPLAY_PROT,
643         .init_state     = esp6_init_state,
644         .destructor     = esp6_destroy,
645         .get_mtu        = esp6_get_mtu,
646         .input          = esp6_input,
647         .output         = esp6_output,
648         .hdr_offset     = xfrm6_find_1stfragopt,
649 };
650 
651 static const struct inet6_protocol esp6_protocol = {
652         .handler        =       xfrm6_rcv,
653         .err_handler    =       esp6_err,
654         .flags          =       INET6_PROTO_NOPOLICY,
655 };
656 
657 static int __init esp6_init(void)
658 {
659         if (xfrm_register_type(&esp6_type, AF_INET6) < 0) {
660                 pr_info("%s: can't add xfrm type\n", __func__);
661                 return -EAGAIN;
662         }
663         if (inet6_add_protocol(&esp6_protocol, IPPROTO_ESP) < 0) {
664                 pr_info("%s: can't add protocol\n", __func__);
665                 xfrm_unregister_type(&esp6_type, AF_INET6);
666                 return -EAGAIN;
667         }
668 
669         return 0;
670 }
671 
672 static void __exit esp6_fini(void)
673 {
674         if (inet6_del_protocol(&esp6_protocol, IPPROTO_ESP) < 0)
675                 pr_info("%s: can't remove protocol\n", __func__);
676         if (xfrm_unregister_type(&esp6_type, AF_INET6) < 0)
677                 pr_info("%s: can't remove xfrm type\n", __func__);
678 }
679 
680 module_init(esp6_init);
681 module_exit(esp6_fini);
682 
683 MODULE_LICENSE("GPL");
684 MODULE_ALIAS_XFRM_TYPE(AF_INET6, XFRM_PROTO_ESP);
685 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp