/*
The ipsec_sa table better *NOT* be locked before it is handed in, or SMP locks will happen
*/
int
ipsec_sa_add(struct ipsec_sa *ips)
{
int error = 0;
unsigned int hashval;
ips = ipsec_sa_get(ips);
if(ips == NULL) {
KLIPS_PRINT(debug_xform,
"klips_error:ipsec_sa_add: "
"null pointer passed in!\n");
return -ENODATA;
}
hashval = IPS_HASH(&ips->ips_said);
spin_lock_bh(&tdb_lock);
ips->ips_hnext = ipsec_sadb_hash[hashval];
ipsec_sadb_hash[hashval] = ips;
spin_unlock_bh(&tdb_lock);
return error;
}
/*
* remove it from the hash chain, decrementing hash count
*/
void ipsec_sa_rm(struct ipsec_sa *ips)
{
unsigned int hashval;
char sa[SATOT_BUF];
size_t sa_len;
if(ips == NULL) {
return;
}
hashval = IPS_HASH(&ips->ips_said);
sa_len = KLIPS_SATOT(debug_xform, &ips->ips_said, 0, sa, sizeof(sa));
KLIPS_PRINT(debug_xform,
"klips_debug:ipsec_sa_del: "
"unhashing SA:%s (ref=%u), hashval=%d.\n",
sa_len ? sa : " (error)",
ips->ips_ref,
hashval);
if(ipsec_sadb_hash[hashval] == NULL) {
return;
}
if (ips == ipsec_sadb_hash[hashval]) {
ipsec_sadb_hash[hashval] = ipsec_sadb_hash[hashval]->ips_hnext;
ips->ips_hnext = NULL;
ipsec_sa_put(ips);
KLIPS_PRINT(debug_xform,
"klips_debug:ipsec_sa_del: "
"successfully unhashed first ipsec_sa in chain.\n");
return;
} else {
struct ipsec_sa *ipstp;
for (ipstp = ipsec_sadb_hash[hashval];
ipstp;
ipstp = ipstp->ips_hnext) {
if (ipstp->ips_hnext == ips) {
ipstp->ips_hnext = ips->ips_hnext;
ips->ips_hnext = NULL;
ipsec_sa_put(ips);
KLIPS_PRINT(debug_xform,
"klips_debug:ipsec_sa_del: "
"successfully unhashed link in ipsec_sa chain.\n");
return;
}
}
}
}
struct ipsec_sa *
ipsec_sa_getbyid(ip_said *said, int type)
{
int hashval;
struct ipsec_sa *ips;
char sa[SATOT_BUF];
size_t sa_len;
if(said == NULL) {
KLIPS_PRINT(debug_xform,
"ipsec_sa_getbyid: "
"null pointer passed in!\n");
return NULL;
}
hashval = IPS_HASH(said);
sa_len = KLIPS_SATOT(debug_xform, said, 0, sa, sizeof(sa));
KLIPS_PRINT(debug_xform,
"ipsec_sa_getbyid: "
"linked entry in ipsec_sa table for hash=%d of SA:%s requested.\n",
hashval,
sa_len ? sa : " (error)");
if((ips = ipsec_sadb_hash[hashval]) == NULL) {
KLIPS_PRINT(debug_xform,
"ipsec_sa_getbyid: "
"no entries in ipsec_sa table for hash=%d of SA:%s.\n",
hashval,
sa_len ? sa : " (error)");
return NULL;
}
for (; ips; ips = ips->ips_hnext) {
if ((ips->ips_said.spi == said->spi) &&
(ip_address_cmp(&ips->ips_said.dst, &said->dst) == 0) &&
(ips->ips_said.proto == said->proto)) {
ipsec_sa_get(ips, type);
return ips;
}
}
KLIPS_PRINT(debug_xform,
"ipsec_sa_getbyid: "
"no entry in linked list for hash=%d of SA:%s.\n",
hashval,
sa_len ? sa : " (error)");
return NULL;
}
int ipsec_sa_wipe(struct ipsec_sa *ips)
{
int hashval;
struct ipsec_sa **tpp;
if (ips == NULL)
return -ENODATA;
#if IPSEC_SA_REF_CODE
/* remove me from the SArefTable */
if (debug_xform) {
char sa[SATOT_BUF];
size_t sa_len;
struct IPsecSArefSubTable *subtable = NULL;
if (IPsecSAref2table(IPsecSA2SAref(ips)) <
IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES &&
ipsec_sadb.refTable != NULL)
subtable = ipsec_sadb.refTable[
IPsecSAref2table(IPsecSA2SAref(ips))];
sa_len = KLIPS_SATOT(debug_xform, &ips->ips_said, 0, sa,
sizeof(sa));
KLIPS_PRINT(debug_xform,
"klips_debug:ipsec_sa_wipe: "
"removing SA=%s(0p%p), SAref=%d, table=%d(0p%p), entry=%d from the refTable.\n",
sa_len ? sa : " (error)",
ips,
ips->ips_ref,
IPsecSAref2table(IPsecSA2SAref(ips)),
subtable,
subtable ? IPsecSAref2entry(IPsecSA2SAref(ips)) : 0);
}
if (ips->ips_ref != IPSEC_SAREF_NULL) {
struct IPsecSArefSubTable *subtable = NULL;
int ref_table = IPsecSAref2table(IPsecSA2SAref(ips));
int ref_entry = IPsecSAref2entry(IPsecSA2SAref(ips));
if (ref_table < IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES) {
subtable = ipsec_sadb.refTable[ref_table];
if (subtable != NULL && subtable->entry[ref_entry] ==
ips) {
subtable->entry[ref_entry] = NULL;
}
}
ips->ips_ref = IPSEC_SAREF_NULL;
}
#endif /* IPSEC_SA_REF_CODE */
/* paranoid clean up */
if (ips->ips_addr_s != NULL) {
memset((caddr_t)(ips->ips_addr_s), 0, ips->ips_addr_s_size);
kfree(ips->ips_addr_s);
}
ips->ips_addr_s = NULL;
if (ips->ips_addr_d != NULL) {
memset((caddr_t)(ips->ips_addr_d), 0, ips->ips_addr_d_size);
kfree(ips->ips_addr_d);
}
ips->ips_addr_d = NULL;
if (ips->ips_addr_p != NULL) {
memset((caddr_t)(ips->ips_addr_p), 0, ips->ips_addr_p_size);
kfree(ips->ips_addr_p);
}
ips->ips_addr_p = NULL;
if (ips->ips_natt_oa) {
memset((caddr_t)(ips->ips_natt_oa), 0, ips->ips_natt_oa_size);
kfree(ips->ips_natt_oa);
}
ips->ips_natt_oa = NULL;
if (ips->ips_key_a != NULL) {
#ifdef CONFIG_KLIPS_ALG
if (ips->ips_alg_auth &&
ips->ips_alg_auth->ixt_a_destroy_key)
{
ips->ips_alg_auth->ixt_a_destroy_key(ips->ips_alg_auth,
ips->ips_key_a);
} else
#endif
{
memset((caddr_t)(ips->ips_key_a), 0, ips->ips_key_a_size);
kfree(ips->ips_key_a);
}
}
ips->ips_key_a = NULL;
if (ips->ips_key_e != NULL) {
#ifdef CONFIG_KLIPS_ALG
if (ips->ips_alg_enc &&
ips->ips_alg_enc->ixt_e_destroy_key) {
ips->ips_alg_enc->ixt_e_destroy_key(ips->ips_alg_enc,
ips->ips_key_e);
} else
#endif
{
memset((caddr_t)(ips->ips_key_e), 0,
ips->ips_key_e_size);
kfree(ips->ips_key_e);
}
}
ips->ips_key_e = NULL;
if (ips->ips_iv != NULL) {
memset((caddr_t)(ips->ips_iv), 0, ips->ips_iv_size);
kfree(ips->ips_iv);
}
ips->ips_iv = NULL;
#ifdef CONFIG_KLIPS_OCF
if (ips->ocf_in_use)
ipsec_ocf_sa_free(ips);
#endif
if (ips->ips_ident_s.data != NULL) {
memset((caddr_t)(ips->ips_ident_s.data),
0,
ips->ips_ident_s.len * IPSEC_PFKEYv2_ALIGN -
sizeof(struct sadb_ident));
kfree(ips->ips_ident_s.data);
}
ips->ips_ident_s.data = NULL;
if (ips->ips_ident_d.data != NULL) {
memset((caddr_t)(ips->ips_ident_d.data),
0,
ips->ips_ident_d.len * IPSEC_PFKEYv2_ALIGN -
sizeof(struct sadb_ident));
kfree(ips->ips_ident_d.data);
}
ips->ips_ident_d.data = NULL;
#ifdef CONFIG_KLIPS_ALG
if (ips->ips_alg_enc || ips->ips_alg_auth)
ipsec_alg_sa_wipe(ips);
ips->ips_alg_enc = NULL;
ips->ips_alg_auth = NULL;
#endif
if (ips->ips_prev)
ips->ips_prev->ips_next = ips->ips_next;
if (ips->ips_next) {
ips->ips_next->ips_prev = ips->ips_prev;
ipsec_sa_put(ips->ips_next, IPSEC_REFALLOC);
}
ips->ips_next = NULL;
ips->ips_prev = NULL;
hashval = IPS_HASH(&ips->ips_said);
tpp = &ipsec_sadb_hash[hashval];
while (*tpp) {
if (*tpp == ips)
*tpp = ips->ips_hnext;
else
tpp = &((*tpp)->ips_hnext);
}
if (ips->ips_hnext)
ipsec_sa_put(ips->ips_hnext, IPSEC_REFALLOC);
ips->ips_hnext = NULL;
BUG_ON(atomic_read(&ips->ips_refcount) != 0);
#ifdef IPSEC_SA_RECOUNT_DEBUG
if (ips == ipsec_sa_raw) {
ipsec_sa_raw = ips->ips_raw;
} else {
struct ipsec_sa *raw = ipsec_sa_raw;
while (raw) {
if (raw->ips_raw == ips) {
raw->ips_raw = ips->ips_raw;
break;
}
raw = raw->ips_raw;
}
}
#endif
if (ips->ips_out != NULL) {
ipsec_dev_put(ips->ips_out);
ips->ips_out = NULL;
}
memset((caddr_t)ips, 0, sizeof(*ips));
kfree(ips);
ips = NULL;
return 0;
}
/*
* The ipsec_sa table better be locked before it is handed in,
* or races might happen.
*
* this routine assumes the SA has a refcount==0, and we free it.
* we also assume that the pointers are already cleaned up.
*/
static int ipsec_sa_del(struct ipsec_sa *ips)
{
unsigned int hashval;
struct ipsec_sa *ipstp;
char sa[SATOT_BUF];
size_t sa_len;
if (ips == NULL) {
KLIPS_ERROR(debug_xform,
"klips_error:ipsec_sa_del: "
"null pointer passed in!\n");
return -ENODATA;
}
if (ips->ips_next) {
struct ipsec_sa *in = ips->ips_next;
ips->ips_next = NULL;
ipsec_sa_put(in);
}
sa_len = KLIPS_SATOT(debug_xform, &ips->ips_said, 0, sa, sizeof(sa));
hashval = IPS_HASH(&ips->ips_said);
KLIPS_PRINT(debug_xform,
"klips_debug:ipsec_sa_del: "
"deleting SA:%s (ref=%u), hashval=%d.\n",
sa_len ? sa : " (error)",
ips->ips_ref,
hashval);
if (ipsec_sadb_hash[hashval] == NULL) {
/* if this is NULL, then we can be sure that the SA was never
* added to the SADB, so we just free it.
*/
KLIPS_PRINT(debug_xform,
"klips_debug:ipsec_sa_del: "
"no entries in ipsec_sa table for hash=%d (ref=%u) of SA:%s.\n",
hashval,
ips->ips_ref,
sa_len ? sa : " (error)");
return -ENOENT;
}
if (ips == ipsec_sadb_hash[hashval]) {
ipsec_sadb_hash[hashval] = ipsec_sadb_hash[hashval]->ips_hnext;
ips->ips_hnext = NULL;
ipsec_sa_put(ips);
KLIPS_PRINT(debug_xform,
"klips_debug:ipsec_sa_del: "
"successfully deleted first ipsec_sa in chain.\n");
return 0;
} else {
for (ipstp = ipsec_sadb_hash[hashval];
ipstp;
ipstp = ipstp->ips_hnext) {
if (ipstp->ips_hnext == ips) {
ipstp->ips_hnext = ips->ips_hnext;
ips->ips_hnext = NULL;
ipsec_sa_put(ips);
KLIPS_PRINT(debug_xform,
"klips_debug:ipsec_sa_del: "
"successfully deleted link in ipsec_sa chain.\n");
return 0;
}
}
}
KLIPS_PRINT(debug_xform,
"klips_debug:ipsec_sa_del: "
"no entries in linked list for hash=%d of SA:%s.\n",
hashval,
sa_len ? sa : " (error)");
return -ENOENT;
}