Lines Matching refs:pol
169 static void __xfrm_policy_link(struct xfrm_policy *pol, int dir);
170 static struct xfrm_policy *__xfrm_policy_unlink(struct xfrm_policy *pol,
527 struct xfrm_policy *pol;
533 hlist_for_each_entry_safe(pol, tmp, list, bydst) {
536 __get_hash_thresh(net, pol->family, dir, &dbits, &sbits);
537 h = __addr_hash(&pol->selector.daddr, &pol->selector.saddr,
538 pol->family, nhashmask, dbits, sbits);
539 if (!entry0 || pol->xdo.type == XFRM_DEV_OFFLOAD_PACKET) {
540 hlist_del_rcu(&pol->bydst);
541 hlist_add_head_rcu(&pol->bydst, ndsttable + h);
546 hlist_del_rcu(&pol->bydst);
547 hlist_add_behind_rcu(&pol->bydst, entry0);
549 entry0 = &pol->bydst;
562 struct xfrm_policy *pol;
564 hlist_for_each_entry_safe(pol, tmp, list, byidx) {
567 h = __idx_hash(pol->index, nhashmask);
568 hlist_add_head(&pol->byidx, nidxtable+h);
692 /* Make sure *pol can be inserted into fastbin.
697 xfrm_policy_inexact_alloc_bin(const struct xfrm_policy *pol, u8 dir)
701 .family = pol->family,
702 .type = pol->type,
704 .if_id = pol->if_id,
706 struct net *net = xp_net(pol);
1227 struct xfrm_policy *pol;
1348 hlist_for_each_entry(pol, chain, bydst) {
1349 if (policy->priority >= pol->priority)
1350 newpos = &pol->bydst;
1450 struct xfrm_policy *pol)
1452 return mark->v == pol->mark.v && mark->m == pol->mark.m;
1507 struct xfrm_policy *pol, *delpol = NULL;
1511 hlist_for_each_entry(pol, chain, bydst_inexact_list) {
1512 if (pol->type == policy->type &&
1513 pol->if_id == policy->if_id &&
1514 !selector_cmp(&pol->selector, &policy->selector) &&
1515 xfrm_policy_mark_match(&policy->mark, pol) &&
1516 xfrm_sec_ctx_match(pol->security, policy->security) &&
1518 delpol = pol;
1519 if (policy->priority > pol->priority)
1521 } else if (policy->priority >= pol->priority) {
1522 newpos = &pol->bydst_inexact_list;
1534 hlist_for_each_entry(pol, chain, bydst_inexact_list) {
1535 pol->pos = i;
1544 struct xfrm_policy *pol, *newpos = NULL, *delpol = NULL;
1546 hlist_for_each_entry(pol, chain, bydst) {
1547 if (pol->type == policy->type &&
1548 pol->if_id == policy->if_id &&
1549 !selector_cmp(&pol->selector, &policy->selector) &&
1550 xfrm_policy_mark_match(&policy->mark, pol) &&
1551 xfrm_sec_ctx_match(pol->security, policy->security) &&
1555 delpol = pol;
1556 if (policy->priority > pol->priority)
1558 } else if (policy->priority >= pol->priority) {
1559 newpos = pol;
1629 struct xfrm_policy *pol;
1634 hlist_for_each_entry(pol, chain, bydst) {
1635 if (pol->type == type &&
1636 pol->if_id == if_id &&
1637 xfrm_policy_mark_match(mark, pol) &&
1638 !selector_cmp(sel, &pol->selector) &&
1639 xfrm_sec_ctx_match(ctx, pol->security))
1640 return pol;
1652 struct xfrm_policy *pol, *ret = NULL;
1676 pol = NULL;
1686 if (!pol || tmp->pos < pol->pos)
1687 pol = tmp;
1690 pol = __xfrm_policy_bysel_ctx(chain, mark, if_id, type, dir,
1694 if (pol) {
1695 xfrm_pol_hold(pol);
1697 *err = security_xfrm_policy_delete(pol->security);
1700 return pol;
1702 __xfrm_policy_unlink(pol, dir);
1704 ret = pol;
1720 struct xfrm_policy *pol, *ret;
1731 hlist_for_each_entry(pol, chain, byidx) {
1732 if (pol->type == type && pol->index == id &&
1733 pol->if_id == if_id && xfrm_policy_mark_match(mark, pol)) {
1734 xfrm_pol_hold(pol);
1737 pol->security);
1740 return pol;
1742 __xfrm_policy_unlink(pol, dir);
1744 ret = pol;
1760 struct xfrm_policy *pol;
1763 list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1764 if (pol->walk.dead ||
1765 xfrm_policy_id2dir(pol->index) >= XFRM_POLICY_MAX ||
1766 pol->type != type)
1769 err = security_xfrm_policy_delete(pol->security);
1771 xfrm_audit_policy_delete(pol, 0, task_valid);
1782 struct xfrm_policy *pol;
1785 list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1786 if (pol->walk.dead ||
1787 xfrm_policy_id2dir(pol->index) >= XFRM_POLICY_MAX ||
1788 pol->xdo.dev != dev)
1791 err = security_xfrm_policy_delete(pol->security);
1793 xfrm_audit_policy_delete(pol, 0, task_valid);
1817 struct xfrm_policy *pol;
1826 list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1827 if (pol->walk.dead)
1830 dir = xfrm_policy_id2dir(pol->index);
1832 pol->type != type)
1835 __xfrm_policy_unlink(pol, dir);
1837 xfrm_dev_policy_delete(pol);
1839 xfrm_audit_policy_delete(pol, 1, task_valid);
1840 xfrm_policy_kill(pol);
1858 struct xfrm_policy *pol;
1867 list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1868 if (pol->walk.dead)
1871 dir = xfrm_policy_id2dir(pol->index);
1873 pol->xdo.dev != dev)
1876 __xfrm_policy_unlink(pol, dir);
1878 xfrm_dev_policy_delete(pol);
1880 xfrm_audit_policy_delete(pol, 1, task_valid);
1881 xfrm_policy_kill(pol);
1899 struct xfrm_policy *pol;
1920 pol = container_of(x, struct xfrm_policy, walk);
1922 walk->type != pol->type)
1924 error = func(pol, xfrm_policy_id2dir(pol->index),
1968 static int xfrm_policy_match(const struct xfrm_policy *pol,
1972 const struct xfrm_selector *sel = &pol->selector;
1976 if (pol->family != family ||
1977 pol->if_id != if_id ||
1978 (fl->flowi_mark & pol->mark.m) != pol->mark.v ||
1979 pol->type != type)
1984 ret = security_xfrm_policy_lookup(pol->security, fl->flowi_secid);
2098 struct xfrm_policy *pol;
2103 hlist_for_each_entry_rcu(pol, chain, bydst) {
2106 if (pol->priority > priority)
2109 err = xfrm_policy_match(pol, fl, type, family, if_id);
2119 if (pol->priority == priority &&
2120 prefer->pos < pol->pos)
2124 return pol;
2162 struct xfrm_policy *pol, *ret;
2180 hlist_for_each_entry_rcu(pol, chain, bydst) {
2181 err = xfrm_policy_match(pol, fl, type, family, if_id);
2190 ret = pol;
2202 pol = xfrm_policy_eval_candidates(&cand, ret, fl, type,
2204 if (pol) {
2205 ret = pol;
2206 if (IS_ERR(pol))
2227 struct xfrm_policy *pol;
2229 pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_SUB, fl, family,
2231 if (pol != NULL)
2232 return pol;
2242 struct xfrm_policy *pol;
2246 pol = rcu_dereference(sk->sk_policy[dir]);
2247 if (pol != NULL) {
2251 if (pol->family != family) {
2252 pol = NULL;
2256 match = xfrm_selector_match(&pol->selector, fl, family);
2258 if ((READ_ONCE(sk->sk_mark) & pol->mark.m) != pol->mark.v ||
2259 pol->if_id != if_id) {
2260 pol = NULL;
2263 err = security_xfrm_policy_lookup(pol->security,
2266 if (!xfrm_pol_hold_rcu(pol))
2269 pol = NULL;
2271 pol = ERR_PTR(err);
2274 pol = NULL;
2278 return pol;
2281 static void __xfrm_policy_link(struct xfrm_policy *pol, int dir)
2283 struct net *net = xp_net(pol);
2285 list_add(&pol->walk.all, &net->xfrm.policy_all);
2287 xfrm_pol_hold(pol);
2290 static struct xfrm_policy *__xfrm_policy_unlink(struct xfrm_policy *pol,
2293 struct net *net = xp_net(pol);
2295 if (list_empty(&pol->walk.all))
2299 if (!hlist_unhashed(&pol->bydst)) {
2300 hlist_del_rcu(&pol->bydst);
2301 hlist_del_init(&pol->bydst_inexact_list);
2302 hlist_del(&pol->byidx);
2305 list_del_init(&pol->walk.all);
2308 return pol;
2311 static void xfrm_sk_policy_link(struct xfrm_policy *pol, int dir)
2313 __xfrm_policy_link(pol, XFRM_POLICY_MAX + dir);
2316 static void xfrm_sk_policy_unlink(struct xfrm_policy *pol, int dir)
2318 __xfrm_policy_unlink(pol, XFRM_POLICY_MAX + dir);
2321 int xfrm_policy_delete(struct xfrm_policy *pol, int dir)
2323 struct net *net = xp_net(pol);
2326 pol = __xfrm_policy_unlink(pol, dir);
2328 if (pol) {
2329 xfrm_dev_policy_delete(pol);
2330 xfrm_policy_kill(pol);
2337 int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol)
2343 if (pol && pol->type != XFRM_POLICY_TYPE_MAIN)
2350 if (pol) {
2351 pol->curlft.add_time = ktime_get_real_seconds();
2352 pol->index = xfrm_gen_index(net, XFRM_POLICY_MAX+dir, 0);
2353 xfrm_sk_policy_link(pol, dir);
2355 rcu_assign_pointer(sk->sk_policy[dir], pol);
2357 if (pol)
2358 xfrm_policy_requeue(old_pol, pol);
2844 struct xfrm_policy *pol = from_timer(pol, t, polq.hold_timer);
2845 struct net *net = xp_net(pol);
2846 struct xfrm_policy_queue *pq = &pol->polq;
2862 skb->mark = pol->mark.v;
2880 xfrm_pol_hold(pol);
2898 skb->mark = pol->mark.v;
2917 xfrm_pol_put(pol);
2923 xfrm_pol_put(pol);
2931 struct xfrm_policy *pol = xdst->pols[0];
2932 struct xfrm_policy_queue *pq = &pol->polq;
2956 xfrm_pol_put(pol);
2961 xfrm_pol_hold(pol);
3600 struct xfrm_policy *pol;
3649 pol = NULL;
3652 pol = xfrm_sk_policy_lookup(sk, dir, &fl, family, if_id);
3653 if (IS_ERR(pol)) {
3659 if (!pol)
3660 pol = xfrm_policy_lookup(net, &fl, family, dir, if_id);
3662 if (IS_ERR(pol)) {
3667 if (!pol) {
3682 WRITE_ONCE(pol->curlft.use_time, ktime_get_real_seconds());
3684 pols[0] = pol;
3705 if (pol->action == XFRM_POLICY_ALLOW) {
3718 if (pols[pi] != pol &&
4364 struct xfrm_policy *pol, *ret = NULL;
4370 hlist_for_each_entry(pol, chain, bydst) {
4371 if ((if_id == 0 || pol->if_id == if_id) &&
4372 xfrm_migrate_selector_match(sel, &pol->selector) &&
4373 pol->type == type) {
4374 ret = pol;
4380 hlist_for_each_entry(pol, chain, bydst_inexact_list) {
4381 if ((pol->priority >= priority) && ret)
4384 if ((if_id == 0 || pol->if_id == if_id) &&
4385 xfrm_migrate_selector_match(sel, &pol->selector) &&
4386 pol->type == type) {
4387 ret = pol;
4429 static int xfrm_policy_migrate(struct xfrm_policy *pol,
4436 write_lock_bh(&pol->lock);
4437 if (unlikely(pol->walk.dead)) {
4440 write_unlock_bh(&pol->lock);
4444 for (i = 0; i < pol->xfrm_nr; i++) {
4446 if (!migrate_tmpl_match(mp, &pol->xfrm_vec[i]))
4449 if (pol->xfrm_vec[i].mode != XFRM_MODE_TUNNEL &&
4450 pol->xfrm_vec[i].mode != XFRM_MODE_BEET)
4453 memcpy(&pol->xfrm_vec[i].id.daddr, &mp->new_daddr,
4454 sizeof(pol->xfrm_vec[i].id.daddr));
4455 memcpy(&pol->xfrm_vec[i].saddr, &mp->new_saddr,
4456 sizeof(pol->xfrm_vec[i].saddr));
4457 pol->xfrm_vec[i].encap_family = mp->new_family;
4459 atomic_inc(&pol->genid);
4463 write_unlock_bh(&pol->lock);
4514 struct xfrm_policy *pol = NULL;
4532 pol = xfrm_migrate_policy_find(sel, dir, type, net, if_id);
4533 if (!pol) {
4556 err = xfrm_policy_migrate(pol, m, num_migrate, extack);
4569 xfrm_pol_put(pol);
4576 if (pol)
4577 xfrm_pol_put(pol);