xfrm: MIGRATE enhancements (draft-ebalard-mext-pfkey-enhanced-migrate)

} __attribute__((packed));

/* sizeof(struct sadb_sec_ctx) = 8 */

/* Used by MIGRATE to pass addresses IKE will use to perform

 * negotiation with the peer */

struct sadb_x_kmaddress {

	uint16_t	sadb_x_kmaddress_len;

	uint16_t	sadb_x_kmaddress_exttype;

	uint32_t	sadb_x_kmaddress_reserved;

} __attribute__((packed));

/* sizeof(struct sadb_x_kmaddress) == 8 */

/* Message types */

#define SADB_RESERVED		0

#define SADB_GETSPI		1

#define SADB_X_EXT_NAT_T_DPORT		22

#define SADB_X_EXT_NAT_T_OA		23

#define SADB_X_EXT_SEC_CTX		24

#define SADB_EXT_MAX			24

/* Used with MIGRATE to pass @ to IKE for negotiation */

#define SADB_X_EXT_KMADDRESS		25

#define SADB_EXT_MAX			25

/* Identity Extension values */

#define SADB_IDENTTYPE_RESERVED	0

	XFRMA_POLICY_TYPE,	/* struct xfrm_userpolicy_type */

	XFRMA_MIGRATE,

	XFRMA_ALG_AEAD,		/* struct xfrm_algo_aead */

	XFRMA_KMADDRESS,        /* struct xfrm_user_kmaddress */

	__XFRMA_MAX

#define XFRMA_MAX (__XFRMA_MAX - 1)

	struct xfrm_selector		sel;

};

/* Used by MIGRATE to pass addresses IKE should use to perform

 * SA negotiation with the peer */

struct xfrm_user_kmaddress {

	xfrm_address_t                  local;

	xfrm_address_t                  remote;

	__u32				reserved;

	__u16				family;

};

struct xfrm_user_migrate {

	xfrm_address_t			old_daddr;

	xfrm_address_t			old_saddr;

	struct xfrm_tmpl       	xfrm_vec[XFRM_MAX_DEPTH];

};

struct xfrm_kmaddress {

	xfrm_address_t          local;

	xfrm_address_t          remote;

	u32			reserved;

	u16			family;

};

struct xfrm_migrate {

	xfrm_address_t		old_daddr;

	xfrm_address_t		old_saddr;

	int			(*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);

	int			(*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c);

	int			(*report)(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);

	int			(*migrate)(struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles);

	int			(*migrate)(struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles, struct xfrm_kmaddress *k);

};

extern int xfrm_register_km(struct xfrm_mgr *km);

#ifdef CONFIG_XFRM_MIGRATE

extern int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,

		      struct xfrm_migrate *m, int num_bundles);

		      struct xfrm_migrate *m, int num_bundles,

		      struct xfrm_kmaddress *k);

extern struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m);

extern struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,

					      struct xfrm_migrate *m);

extern int xfrm_migrate(struct xfrm_selector *sel, u8 dir, u8 type,

			struct xfrm_migrate *m, int num_bundles);

			struct xfrm_migrate *m, int num_bundles,

			struct xfrm_kmaddress *k);

#endif

extern wait_queue_head_t km_waitq;

	[SADB_X_EXT_NAT_T_DPORT]	= (u8) sizeof(struct sadb_x_nat_t_port),

	[SADB_X_EXT_NAT_T_OA]		= (u8) sizeof(struct sadb_address),

	[SADB_X_EXT_SEC_CTX]		= (u8) sizeof(struct sadb_x_sec_ctx),

	[SADB_X_EXT_KMADDRESS]		= (u8) sizeof(struct sadb_x_kmaddress),

};

/* Verify sadb_address_{len,prefixlen} against sa_family.  */

	return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2);

}

static int parse_sockaddr_pair(struct sadb_x_ipsecrequest *rq,

static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,

			       xfrm_address_t *saddr, xfrm_address_t *daddr,

			       u16 *family)

{

	u8 *sa = (u8 *) (rq + 1);

	int af, socklen;

	if (rq->sadb_x_ipsecrequest_len <

	    pfkey_sockaddr_pair_size(((struct sockaddr *)sa)->sa_family))

	if (ext_len < pfkey_sockaddr_pair_size(sa->sa_family))

		return -EINVAL;

	af = pfkey_sockaddr_extract((struct sockaddr *) sa,

				    saddr);

	af = pfkey_sockaddr_extract(sa, saddr);

	if (!af)

		return -EINVAL;

	socklen = pfkey_sockaddr_len(af);

	if (pfkey_sockaddr_extract((struct sockaddr *) (sa + socklen),

	if (pfkey_sockaddr_extract((struct sockaddr *) (((u8 *)sa) + socklen),

				   daddr) != af)

		return -EINVAL;

		return -EINVAL;

	/* old endoints */

	err = parse_sockaddr_pair(rq1, &m->old_saddr, &m->old_daddr,

	err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1),

				  rq1->sadb_x_ipsecrequest_len,

				  &m->old_saddr, &m->old_daddr,

				  &m->old_family);

	if (err)

		return err;

		return -EINVAL;

	/* new endpoints */

	err = parse_sockaddr_pair(rq2, &m->new_saddr, &m->new_daddr,

	err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1),

				  rq2->sadb_x_ipsecrequest_len,

				  &m->new_saddr, &m->new_daddr,

				  &m->new_family);

	if (err)

		return err;

	int i, len, ret, err = -EINVAL;

	u8 dir;

	struct sadb_address *sa;

	struct sadb_x_kmaddress *kma;

	struct sadb_x_policy *pol;

	struct sadb_x_ipsecrequest *rq;

	struct xfrm_selector sel;

	struct xfrm_migrate m[XFRM_MAX_DEPTH];

	struct xfrm_kmaddress k;

	if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1],

				     ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) ||

		goto out;

	}

	kma = ext_hdrs[SADB_X_EXT_KMADDRESS - 1];

	pol = ext_hdrs[SADB_X_EXT_POLICY - 1];

	if (!pol) {

	if (pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) {

		err = -EINVAL;

		goto out;

	}

	if (pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) {

		err = -EINVAL;

	if (kma) {

		/* convert sadb_x_kmaddress to xfrm_kmaddress */

		k.reserved = kma->sadb_x_kmaddress_reserved;

		ret = parse_sockaddr_pair((struct sockaddr *)(kma + 1),

					  8*(kma->sadb_x_kmaddress_len) - sizeof(*kma),

					  &k.local, &k.remote, &k.family);

		if (ret < 0) {

			err = ret;

			goto out;

		}

	}

	dir = pol->sadb_x_policy_dir - 1;

	memset(&sel, 0, sizeof(sel));

		goto out;

	}

	return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i);

	return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,

			    kma ? &k : NULL);

 out:

	return err;

	return 0;

}

static int set_sadb_kmaddress(struct sk_buff *skb, struct xfrm_kmaddress *k)

{

	struct sadb_x_kmaddress *kma;

	u8 *sa;

	int family = k->family;

	int socklen = pfkey_sockaddr_len(family);

	int size_req;

	size_req = (sizeof(struct sadb_x_kmaddress) +

		    pfkey_sockaddr_pair_size(family));

	kma = (struct sadb_x_kmaddress *)skb_put(skb, size_req);

	memset(kma, 0, size_req);

	kma->sadb_x_kmaddress_len = size_req / 8;

	kma->sadb_x_kmaddress_exttype = SADB_X_EXT_KMADDRESS;

	kma->sadb_x_kmaddress_reserved = k->reserved;

	sa = (u8 *)(kma + 1);

	if (!pfkey_sockaddr_fill(&k->local, 0, (struct sockaddr *)sa, family) ||

	    !pfkey_sockaddr_fill(&k->remote, 0, (struct sockaddr *)(sa+socklen), family))

		return -EINVAL;

	return 0;

}

static int set_ipsecrequest(struct sk_buff *skb,

			    uint8_t proto, uint8_t mode, int level,

			    uint32_t reqid, uint8_t family,

#ifdef CONFIG_NET_KEY_MIGRATE

static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type,

			      struct xfrm_migrate *m, int num_bundles)

			      struct xfrm_migrate *m, int num_bundles,

			      struct xfrm_kmaddress *k)

{

	int i;

	int sasize_sel;

	if (num_bundles <= 0 || num_bundles > XFRM_MAX_DEPTH)

		return -EINVAL;

	if (k != NULL) {

		/* addresses for KM */

		size += PFKEY_ALIGN8(sizeof(struct sadb_x_kmaddress) +

				     pfkey_sockaddr_pair_size(k->family));

	}

	/* selector */

	sasize_sel = pfkey_sockaddr_size(sel->family);

	if (!sasize_sel)

	hdr->sadb_msg_seq = 0;

	hdr->sadb_msg_pid = 0;

	/* Addresses to be used by KM for negotiation, if ext is available */

	if (k != NULL && (set_sadb_kmaddress(skb, k) < 0))

		return -EINVAL;

	/* selector src */

	set_sadb_address(skb, sasize_sel, SADB_EXT_ADDRESS_SRC, sel);

}

#else

static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type,

			      struct xfrm_migrate *m, int num_bundles)

			      struct xfrm_migrate *m, int num_bundles,

			      struct xfrm_kmaddress *k)

{

	return -ENOPROTOOPT;

}

}

int xfrm_migrate(struct xfrm_selector *sel, u8 dir, u8 type,

		 struct xfrm_migrate *m, int num_migrate)

		 struct xfrm_migrate *m, int num_migrate,

		 struct xfrm_kmaddress *k)

{

	int i, err, nx_cur = 0, nx_new = 0;

	struct xfrm_policy *pol = NULL;

	}

	/* Stage 5 - announce */

	km_migrate(sel, dir, type, m, num_migrate);

	km_migrate(sel, dir, type, m, num_migrate, k);

	xfrm_pol_put(pol);