From 9abbffee861c6c56fce27e4eda96a10cf0de0f84 Mon Sep 17 00:00:00 2001 From: Masahide NAKAMURA Date: Fri, 24 Nov 2006 20:34:51 -0800 Subject: [XFRM] STATE: Fix to respond error to get operation if no matching entry exists. When application uses XFRM_MSG_GETSA to get state entry through netlink socket and kernel has no matching one, the application expects reply message with error status by kernel. Kernel doesn't send the message back in the case of Mobile IPv6 route optimization protocols (i.e. routing header or destination options header). This is caused by incorrect return code "0" from net/xfrm/xfrm_user.c(xfrm_user_state_lookup) and it makes kernel skip to acknowledge at net/netlink/af_netlink.c(netlink_rcv_skb). This patch fix to reply ESRCH to application. Signed-off-by: Masahide NAKAMURA Signed-off-by: TAKAMIYA Noriaki Signed-off-by: David S. Miller --- net/xfrm/xfrm_user.c | 1 + 1 file changed, 1 insertion(+) (limited to 'net/xfrm/xfrm_user.c') diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index c4cde57..2ee14f8 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -495,6 +495,7 @@ static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, goto out; } + err = -ESRCH; x = xfrm_state_lookup_byaddr(&p->daddr, saddr, p->proto, p->family); } -- cgit v1.1 From 1459bb36b12ac52bde68d70e2ba7a6f1f2e8be17 Mon Sep 17 00:00:00 2001 From: Jamal Hadi Salim Date: Mon, 20 Nov 2006 16:51:22 -0800 Subject: [XFRM]: Make copy_to_user_policy_type take a type Make copy_to_user_policy_type take a type instead a policy and fix its users to pass the type Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller --- net/xfrm/xfrm_user.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'net/xfrm/xfrm_user.c') diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 2ee14f8..6ddb493 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1083,12 +1083,12 @@ static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *s } #ifdef CONFIG_XFRM_SUB_POLICY -static int copy_to_user_policy_type(struct xfrm_policy *xp, struct sk_buff *skb) +static int copy_to_user_policy_type(__u8 type, struct sk_buff *skb) { struct xfrm_userpolicy_type upt; memset(&upt, 0, sizeof(upt)); - upt.type = xp->type; + upt.type = type; RTA_PUT(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt); @@ -1099,7 +1099,7 @@ rtattr_failure: } #else -static inline int copy_to_user_policy_type(struct xfrm_policy *xp, struct sk_buff *skb) +static inline int copy_to_user_policy_type(__u8 type, struct sk_buff *skb) { return 0; } @@ -1128,7 +1128,7 @@ static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr goto nlmsg_failure; if (copy_to_user_sec_ctx(xp, skb)) goto nlmsg_failure; - if (copy_to_user_policy_type(xp, skb) < 0) + if (copy_to_user_policy_type(xp->type, skb) < 0) goto nlmsg_failure; nlh->nlmsg_len = skb->tail - b; @@ -1908,7 +1908,7 @@ static int build_acquire(struct sk_buff *skb, struct xfrm_state *x, goto nlmsg_failure; if (copy_to_user_state_sec_ctx(x, skb)) goto nlmsg_failure; - if (copy_to_user_policy_type(xp, skb) < 0) + if (copy_to_user_policy_type(xp->type, skb) < 0) goto nlmsg_failure; nlh->nlmsg_len = skb->tail - b; @@ -2018,7 +2018,7 @@ static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, goto nlmsg_failure; if (copy_to_user_sec_ctx(xp, skb)) goto nlmsg_failure; - if (copy_to_user_policy_type(xp, skb) < 0) + if (copy_to_user_policy_type(xp->type, skb) < 0) goto nlmsg_failure; upe->hard = !!hard; @@ -2097,7 +2097,7 @@ static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event * copy_to_user_policy(xp, p, dir); if (copy_to_user_tmpl(xp, skb) < 0) goto nlmsg_failure; - if (copy_to_user_policy_type(xp, skb) < 0) + if (copy_to_user_policy_type(xp->type, skb) < 0) goto nlmsg_failure; nlh->nlmsg_len = skb->tail - b; -- cgit v1.1 From cdbc6dae5cc90d7d9e109e7d0568979d5355b653 Mon Sep 17 00:00:00 2001 From: Arnaldo Carvalho de Melo Date: Tue, 21 Nov 2006 01:22:51 -0200 Subject: [XFRM]: Use kmemdup where appropriate Signed-off-by: Arnaldo Carvalho de Melo --- net/xfrm/xfrm_user.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'net/xfrm/xfrm_user.c') diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 6ddb493..6c4d2f4 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -244,11 +244,10 @@ static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, *props = algo->desc.sadb_alg_id; len = sizeof(*ualg) + (ualg->alg_key_len + 7U) / 8; - p = kmalloc(len, GFP_KERNEL); + p = kmemdup(ualg, len, GFP_KERNEL); if (!p) return -ENOMEM; - memcpy(p, ualg, len); strcpy(p->alg_name, algo->name); *algpp = p; return 0; @@ -263,11 +262,10 @@ static int attach_encap_tmpl(struct xfrm_encap_tmpl **encapp, struct rtattr *u_a return 0; uencap = RTA_DATA(rta); - p = kmalloc(sizeof(*p), GFP_KERNEL); + p = kmemdup(uencap, sizeof(*p), GFP_KERNEL); if (!p) return -ENOMEM; - memcpy(p, uencap, sizeof(*p)); *encapp = p; return 0; } @@ -305,11 +303,10 @@ static int attach_one_addr(xfrm_address_t **addrpp, struct rtattr *u_arg) return 0; uaddrp = RTA_DATA(rta); - p = kmalloc(sizeof(*p), GFP_KERNEL); + p = kmemdup(uaddrp, sizeof(*p), GFP_KERNEL); if (!p) return -ENOMEM; - memcpy(p, uaddrp, sizeof(*p)); *addrpp = p; return 0; } -- cgit v1.1 From 4e9b82693542003b028c8494e9e3c49615b91ce7 Mon Sep 17 00:00:00 2001 From: Thomas Graf Date: Mon, 27 Nov 2006 09:25:58 -0800 Subject: [NETLINK]: Remove unused dst_pid field in netlink_skb_parms The destination PID is passed directly to netlink_unicast() respectively netlink_multicast(). Signed-off-by: Thomas Graf Signed-off-by: David S. Miller --- net/xfrm/xfrm_user.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'net/xfrm/xfrm_user.c') diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 6c4d2f4..8dbb38b 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -650,7 +650,6 @@ static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, if (!skb) return ERR_PTR(-ENOMEM); - NETLINK_CB(skb).dst_pid = NETLINK_CB(in_skb).pid; info.in_skb = in_skb; info.out_skb = skb; info.nlmsg_seq = seq; @@ -1168,7 +1167,6 @@ static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, if (!skb) return ERR_PTR(-ENOMEM); - NETLINK_CB(skb).dst_pid = NETLINK_CB(in_skb).pid; info.in_skb = in_skb; info.out_skb = skb; info.nlmsg_seq = seq; -- cgit v1.1 From 0c51f53c57c5584508dfae7110db5caccfd499c6 Mon Sep 17 00:00:00 2001 From: Jamal Hadi Salim Date: Mon, 27 Nov 2006 12:58:20 -0800 Subject: [XFRM]: Make flush notifier prettier when subpolicy used Might as well make flush notifier prettier when subpolicy used Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller --- net/xfrm/xfrm_user.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'net/xfrm/xfrm_user.c') diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 8dbb38b..006c88c 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -2113,7 +2113,6 @@ static int xfrm_notify_policy_flush(struct km_event *c) unsigned char *b; int len = 0; #ifdef CONFIG_XFRM_SUB_POLICY - struct xfrm_userpolicy_type upt; len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); #endif len += NLMSG_LENGTH(0); @@ -2126,12 +2125,8 @@ static int xfrm_notify_policy_flush(struct km_event *c) nlh = NLMSG_PUT(skb, c->pid, c->seq, XFRM_MSG_FLUSHPOLICY, 0); nlh->nlmsg_flags = 0; - -#ifdef CONFIG_XFRM_SUB_POLICY - memset(&upt, 0, sizeof(upt)); - upt.type = c->data.type; - RTA_PUT(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt); -#endif + if (copy_to_user_policy_type(c->data.type, skb) < 0) + goto nlmsg_failure; nlh->nlmsg_len = skb->tail - b; @@ -2139,9 +2134,6 @@ static int xfrm_notify_policy_flush(struct km_event *c) return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); nlmsg_failure: -#ifdef CONFIG_XFRM_SUB_POLICY -rtattr_failure: -#endif kfree_skb(skb); return -1; } -- cgit v1.1 From b798a9ede2b2434b9cbf0f3aee3e8598586fa89c Mon Sep 17 00:00:00 2001 From: Jamal Hadi Salim Date: Mon, 27 Nov 2006 12:59:30 -0800 Subject: [XFRM]: Convert a few __u8 to proper u8 Caught by the EyeBalls(tm) of Thomas Graf Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller --- net/xfrm/xfrm_user.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'net/xfrm/xfrm_user.c') diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 006c88c..6b461da 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -769,7 +769,7 @@ out_noput: return err; } -static int verify_policy_dir(__u8 dir) +static int verify_policy_dir(u8 dir) { switch (dir) { case XFRM_POLICY_IN: @@ -784,7 +784,7 @@ static int verify_policy_dir(__u8 dir) return 0; } -static int verify_policy_type(__u8 type) +static int verify_policy_type(u8 type) { switch (type) { case XFRM_POLICY_TYPE_MAIN: @@ -897,7 +897,7 @@ static int copy_from_user_policy_type(u8 *tp, struct rtattr **xfrma) { struct rtattr *rt = xfrma[XFRMA_POLICY_TYPE-1]; struct xfrm_userpolicy_type *upt; - __u8 type = XFRM_POLICY_TYPE_MAIN; + u8 type = XFRM_POLICY_TYPE_MAIN; int err; if (rt) { @@ -1079,7 +1079,7 @@ static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *s } #ifdef CONFIG_XFRM_SUB_POLICY -static int copy_to_user_policy_type(__u8 type, struct sk_buff *skb) +static int copy_to_user_policy_type(u8 type, struct sk_buff *skb) { struct xfrm_userpolicy_type upt; @@ -1095,7 +1095,7 @@ rtattr_failure: } #else -static inline int copy_to_user_policy_type(__u8 type, struct sk_buff *skb) +static inline int copy_to_user_policy_type(u8 type, struct sk_buff *skb) { return 0; } @@ -1185,7 +1185,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr { struct xfrm_policy *xp; struct xfrm_userpolicy_id *p; - __u8 type = XFRM_POLICY_TYPE_MAIN; + u8 type = XFRM_POLICY_TYPE_MAIN; int err; struct km_event c; int delete; @@ -1403,7 +1403,7 @@ out: static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) { struct km_event c; - __u8 type = XFRM_POLICY_TYPE_MAIN; + u8 type = XFRM_POLICY_TYPE_MAIN; int err; err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma); @@ -1424,7 +1424,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void * struct xfrm_policy *xp; struct xfrm_user_polexpire *up = NLMSG_DATA(nlh); struct xfrm_userpolicy_info *p = &up->pol; - __u8 type = XFRM_POLICY_TYPE_MAIN; + u8 type = XFRM_POLICY_TYPE_MAIN; int err = -ENOENT; err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma); -- cgit v1.1 From 8511d01d7c70200ffd42debba9d7ac5c4f7f1031 Mon Sep 17 00:00:00 2001 From: Miika Komu Date: Thu, 30 Nov 2006 16:40:51 -0800 Subject: [IPSEC]: Add netlink interface for the encapsulation family. Signed-off-by: Miika Komu Signed-off-by: Diego Beltrami Signed-off-by: Kazunori Miyazawa Signed-off-by: David S. Miller --- net/xfrm/xfrm_user.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'net/xfrm/xfrm_user.c') diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 6b461da..055b72f 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -858,6 +858,7 @@ static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, int i; xp->xfrm_nr = nr; + xp->family = ut->family; for (i = 0; i < nr; i++, ut++) { struct xfrm_tmpl *t = &xp->xfrm_vec[i]; @@ -871,6 +872,7 @@ static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, t->aalgos = ut->aalgos; t->ealgos = ut->ealgos; t->calgos = ut->calgos; + t->encap_family = ut->family; } } @@ -1024,7 +1026,7 @@ static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; memcpy(&up->id, &kp->id, sizeof(up->id)); - up->family = xp->family; + up->family = kp->encap_family; memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); up->reqid = kp->reqid; up->mode = kp->mode; -- cgit v1.1 From 2b5f6dcce5bf94b9b119e9ed8d537098ec61c3d2 Mon Sep 17 00:00:00 2001 From: Jamal Hadi Salim Date: Sat, 2 Dec 2006 22:22:25 -0800 Subject: [XFRM]: Fix aevent structuring to be more complete. aevents can not uniquely identify an SA. We break the ABI with this patch, but consensus is that since it is not yet utilized by any (known) application then it is fine (better do it now than later). Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller --- net/xfrm/xfrm_user.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'net/xfrm/xfrm_user.c') diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 055b72f..6f97665 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1281,10 +1281,12 @@ static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, struct km_eve id = NLMSG_DATA(nlh); nlh->nlmsg_flags = 0; - id->sa_id.daddr = x->id.daddr; + memcpy(&id->sa_id.daddr, &x->id.daddr,sizeof(x->id.daddr)); id->sa_id.spi = x->id.spi; id->sa_id.family = x->props.family; id->sa_id.proto = x->id.proto; + memcpy(&id->saddr, &x->props.saddr,sizeof(x->props.saddr)); + id->reqid = x->props.reqid; id->flags = c->data.aevent; RTA_PUT(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), &x->replay); -- cgit v1.1