key.c revision 1.142 1 /* $NetBSD: key.c,v 1.142 2017/05/26 08:00:15 ozaki-r Exp $ */
2 /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
3 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include <sys/cdefs.h>
35 __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.142 2017/05/26 08:00:15 ozaki-r Exp $");
36
37 /*
38 * This code is referd to RFC 2367
39 */
40
41 #if defined(_KERNEL_OPT)
42 #include "opt_inet.h"
43 #include "opt_ipsec.h"
44 #include "opt_gateway.h"
45 #endif
46
47 #include <sys/types.h>
48 #include <sys/param.h>
49 #include <sys/systm.h>
50 #include <sys/callout.h>
51 #include <sys/kernel.h>
52 #include <sys/mbuf.h>
53 #include <sys/domain.h>
54 #include <sys/protosw.h>
55 #include <sys/socket.h>
56 #include <sys/socketvar.h>
57 #include <sys/sysctl.h>
58 #include <sys/errno.h>
59 #include <sys/proc.h>
60 #include <sys/queue.h>
61 #include <sys/syslog.h>
62 #include <sys/once.h>
63 #include <sys/cprng.h>
64 #include <sys/psref.h>
65 #include <sys/lwp.h>
66 #include <sys/workqueue.h>
67 #include <sys/kmem.h>
68 #include <sys/cpu.h>
69
70 #include <net/if.h>
71 #include <net/route.h>
72 #include <net/raw_cb.h>
73
74 #include <netinet/in.h>
75 #include <netinet/in_systm.h>
76 #include <netinet/ip.h>
77 #include <netinet/in_var.h>
78 #ifdef INET
79 #include <netinet/ip_var.h>
80 #endif
81
82 #ifdef INET6
83 #include <netinet/ip6.h>
84 #include <netinet6/in6_var.h>
85 #include <netinet6/ip6_var.h>
86 #endif /* INET6 */
87
88 #ifdef INET
89 #include <netinet/in_pcb.h>
90 #endif
91 #ifdef INET6
92 #include <netinet6/in6_pcb.h>
93 #endif /* INET6 */
94
95 #include <net/pfkeyv2.h>
96 #include <netipsec/keydb.h>
97 #include <netipsec/key.h>
98 #include <netipsec/keysock.h>
99 #include <netipsec/key_debug.h>
100
101 #include <netipsec/ipsec.h>
102 #ifdef INET6
103 #include <netipsec/ipsec6.h>
104 #endif
105 #include <netipsec/ipsec_private.h>
106
107 #include <netipsec/xform.h>
108 #include <netipsec/ipcomp.h>
109
110
111 #include <net/net_osdep.h>
112
113 #define FULLMASK 0xff
114 #define _BITS(bytes) ((bytes) << 3)
115
116 #define PORT_NONE 0
117 #define PORT_LOOSE 1
118 #define PORT_STRICT 2
119
120 percpu_t *pfkeystat_percpu;
121
122 /*
123 * Note on SA reference counting:
124 * - SAs that are not in DEAD state will have (total external reference + 1)
125 * following value in reference count field. they cannot be freed and are
126 * referenced from SA header.
127 * - SAs that are in DEAD state will have (total external reference)
128 * in reference count field. they are ready to be freed. reference from
129 * SA header will be removed in key_delsav(), when the reference count
130 * field hits 0 (= no external reference other than from SA header.
131 */
132
133 u_int32_t key_debug_level = 0;
134 static u_int key_spi_trycnt = 1000;
135 static u_int32_t key_spi_minval = 0x100;
136 static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */
137 static u_int32_t policy_id = 0;
138 static u_int key_int_random = 60; /*interval to initialize randseed,1(m)*/
139 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
140 static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/
141 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
142 static int key_prefered_oldsa = 0; /* prefered old sa rather than new sa.*/
143
144 static u_int32_t acq_seq = 0;
145
146 static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD */
147 static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */
148 static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
149 /* registed list */
150 #ifndef IPSEC_NONBLOCK_ACQUIRE
151 static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */
152 #endif
153 #ifdef notyet
154 static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */
155 #endif
156
157 /*
158 * Protect regtree, acqtree and items stored in the lists.
159 */
160 static kmutex_t key_mtx __cacheline_aligned;
161
162 /* search order for SAs */
163 /*
164 * This order is important because we must select the oldest SA
165 * for outbound processing. For inbound, This is not important.
166 */
167 static const u_int saorder_state_valid_prefer_old[] = {
168 SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
169 };
170 static const u_int saorder_state_valid_prefer_new[] = {
171 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
172 };
173
174 static const u_int saorder_state_alive[] = {
175 /* except DEAD */
176 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
177 };
178 static const u_int saorder_state_any[] = {
179 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
180 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
181 };
182
183 #define SASTATE_ALIVE_FOREACH(s) \
184 for (int _i = 0; \
185 _i < __arraycount(saorder_state_alive) ? \
186 (s) = saorder_state_alive[_i], true : false; \
187 _i++)
188 #define SASTATE_ANY_FOREACH(s) \
189 for (int _i = 0; \
190 _i < __arraycount(saorder_state_any) ? \
191 (s) = saorder_state_any[_i], true : false; \
192 _i++)
193
194 static const int minsize[] = {
195 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
196 sizeof(struct sadb_sa), /* SADB_EXT_SA */
197 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
198 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
199 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
200 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */
201 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */
202 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */
203 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */
204 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */
205 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */
206 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */
207 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */
208 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */
209 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */
210 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */
211 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
212 0, /* SADB_X_EXT_KMPRIVATE */
213 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */
214 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
215 sizeof(struct sadb_x_nat_t_type), /* SADB_X_EXT_NAT_T_TYPE */
216 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_SPORT */
217 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_DPORT */
218 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */
219 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */
220 sizeof(struct sadb_x_nat_t_frag), /* SADB_X_EXT_NAT_T_FRAG */
221 };
222 static const int maxsize[] = {
223 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
224 sizeof(struct sadb_sa), /* SADB_EXT_SA */
225 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
226 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
227 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
228 0, /* SADB_EXT_ADDRESS_SRC */
229 0, /* SADB_EXT_ADDRESS_DST */
230 0, /* SADB_EXT_ADDRESS_PROXY */
231 0, /* SADB_EXT_KEY_AUTH */
232 0, /* SADB_EXT_KEY_ENCRYPT */
233 0, /* SADB_EXT_IDENTITY_SRC */
234 0, /* SADB_EXT_IDENTITY_DST */
235 0, /* SADB_EXT_SENSITIVITY */
236 0, /* SADB_EXT_PROPOSAL */
237 0, /* SADB_EXT_SUPPORTED_AUTH */
238 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
239 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
240 0, /* SADB_X_EXT_KMPRIVATE */
241 0, /* SADB_X_EXT_POLICY */
242 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
243 sizeof(struct sadb_x_nat_t_type), /* SADB_X_EXT_NAT_T_TYPE */
244 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_SPORT */
245 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_DPORT */
246 0, /* SADB_X_EXT_NAT_T_OAI */
247 0, /* SADB_X_EXT_NAT_T_OAR */
248 sizeof(struct sadb_x_nat_t_frag), /* SADB_X_EXT_NAT_T_FRAG */
249 };
250
251 static int ipsec_esp_keymin = 256;
252 static int ipsec_esp_auth = 0;
253 static int ipsec_ah_keymin = 128;
254
255 #ifdef SYSCTL_DECL
256 SYSCTL_DECL(_net_key);
257 #endif
258
259 #ifdef SYSCTL_INT
260 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \
261 &key_debug_level, 0, "");
262
263 /* max count of trial for the decision of spi value */
264 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \
265 &key_spi_trycnt, 0, "");
266
267 /* minimum spi value to allocate automatically. */
268 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \
269 &key_spi_minval, 0, "");
270
271 /* maximun spi value to allocate automatically. */
272 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \
273 &key_spi_maxval, 0, "");
274
275 /* interval to initialize randseed */
276 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \
277 &key_int_random, 0, "");
278
279 /* lifetime for larval SA */
280 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
281 &key_larval_lifetime, 0, "");
282
283 /* counter for blocking to send SADB_ACQUIRE to IKEd */
284 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \
285 &key_blockacq_count, 0, "");
286
287 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
288 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
289 &key_blockacq_lifetime, 0, "");
290
291 /* ESP auth */
292 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \
293 &ipsec_esp_auth, 0, "");
294
295 /* minimum ESP key length */
296 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \
297 &ipsec_esp_keymin, 0, "");
298
299 /* minimum AH key length */
300 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \
301 &ipsec_ah_keymin, 0, "");
302
303 /* perfered old SA rather than new SA */
304 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW,\
305 &key_prefered_oldsa, 0, "");
306 #endif /* SYSCTL_INT */
307
308 #define __LIST_CHAINED(elm) \
309 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
310 #define LIST_INSERT_TAIL(head, elm, type, field) \
311 do {\
312 struct type *curelm = LIST_FIRST(head); \
313 if (curelm == NULL) {\
314 LIST_INSERT_HEAD(head, elm, field); \
315 } else { \
316 while (LIST_NEXT(curelm, field)) \
317 curelm = LIST_NEXT(curelm, field);\
318 LIST_INSERT_AFTER(curelm, elm, field);\
319 }\
320 } while (0)
321
322 #define KEY_CHKSASTATE(head, sav) \
323 /* do */ { \
324 if ((head) != (sav)) { \
325 IPSECLOG(LOG_DEBUG, \
326 "state mismatched (TREE=%d SA=%d)\n", \
327 (head), (sav)); \
328 continue; \
329 } \
330 } /* while (0) */
331
332 #define KEY_CHKSPDIR(head, sp) \
333 do { \
334 if ((head) != (sp)) { \
335 IPSECLOG(LOG_DEBUG, \
336 "direction mismatched (TREE=%d SP=%d), anyway continue.\n",\
337 (head), (sp)); \
338 } \
339 } while (0)
340
341 /*
342 * set parameters into secpolicyindex buffer.
343 * Must allocate secpolicyindex buffer passed to this function.
344 */
345 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \
346 do { \
347 memset((idx), 0, sizeof(struct secpolicyindex)); \
348 (idx)->dir = (_dir); \
349 (idx)->prefs = (ps); \
350 (idx)->prefd = (pd); \
351 (idx)->ul_proto = (ulp); \
352 memcpy(&(idx)->src, (s), ((const struct sockaddr *)(s))->sa_len); \
353 memcpy(&(idx)->dst, (d), ((const struct sockaddr *)(d))->sa_len); \
354 } while (0)
355
356 /*
357 * set parameters into secasindex buffer.
358 * Must allocate secasindex buffer before calling this function.
359 */
360 static int
361 key_setsecasidx (int, int, int, const struct sadb_address *,
362 const struct sadb_address *, struct secasindex *);
363
364 /* key statistics */
365 struct _keystat {
366 u_long getspi_count; /* the avarage of count to try to get new SPI */
367 } keystat;
368
369 struct sadb_msghdr {
370 struct sadb_msg *msg;
371 struct sadb_ext *ext[SADB_EXT_MAX + 1];
372 int extoff[SADB_EXT_MAX + 1];
373 int extlen[SADB_EXT_MAX + 1];
374 };
375
376 static struct secasvar *key_allocsa_policy (const struct secasindex *);
377 static void key_freesp_so (struct secpolicy **);
378 static struct secasvar *key_do_allocsa_policy (struct secashead *, u_int);
379 static void key_delsp (struct secpolicy *);
380 static struct secpolicy *key_getsp (const struct secpolicyindex *);
381 static struct secpolicy *key_getspbyid (u_int32_t);
382 static u_int16_t key_newreqid (void);
383 static struct mbuf *key_gather_mbuf (struct mbuf *,
384 const struct sadb_msghdr *, int, int, ...);
385 static int key_spdadd (struct socket *, struct mbuf *,
386 const struct sadb_msghdr *);
387 static u_int32_t key_getnewspid (void);
388 static int key_spddelete (struct socket *, struct mbuf *,
389 const struct sadb_msghdr *);
390 static int key_spddelete2 (struct socket *, struct mbuf *,
391 const struct sadb_msghdr *);
392 static int key_spdget (struct socket *, struct mbuf *,
393 const struct sadb_msghdr *);
394 static int key_spdflush (struct socket *, struct mbuf *,
395 const struct sadb_msghdr *);
396 static int key_spddump (struct socket *, struct mbuf *,
397 const struct sadb_msghdr *);
398 static struct mbuf * key_setspddump (int *errorp, pid_t);
399 static struct mbuf * key_setspddump_chain (int *errorp, int *lenp, pid_t pid);
400 static int key_nat_map (struct socket *, struct mbuf *,
401 const struct sadb_msghdr *);
402 static struct mbuf *key_setdumpsp (struct secpolicy *,
403 u_int8_t, u_int32_t, pid_t);
404 static u_int key_getspreqmsglen (const struct secpolicy *);
405 static int key_spdexpire (struct secpolicy *);
406 static struct secashead *key_newsah (const struct secasindex *);
407 static void key_delsah (struct secashead *);
408 static struct secasvar *key_newsav (struct mbuf *,
409 const struct sadb_msghdr *, struct secashead *, int *,
410 const char*, int);
411 #define KEY_NEWSAV(m, sadb, sah, e) \
412 key_newsav(m, sadb, sah, e, __func__, __LINE__)
413 static void key_delsav (struct secasvar *);
414 static struct secashead *key_getsah (const struct secasindex *);
415 static struct secasvar *key_checkspidup (const struct secasindex *, u_int32_t);
416 static struct secasvar *key_getsavbyspi (struct secashead *, u_int32_t);
417 static int key_setsaval (struct secasvar *, struct mbuf *,
418 const struct sadb_msghdr *);
419 static void key_freesaval(struct secasvar *);
420 static int key_mature (struct secasvar *);
421 static struct mbuf *key_setdumpsa (struct secasvar *, u_int8_t,
422 u_int8_t, u_int32_t, u_int32_t);
423 static struct mbuf *key_setsadbxport (u_int16_t, u_int16_t);
424 static struct mbuf *key_setsadbxtype (u_int16_t);
425 static struct mbuf *key_setsadbxfrag (u_int16_t);
426 static void key_porttosaddr (union sockaddr_union *, u_int16_t);
427 static int key_checksalen (const union sockaddr_union *);
428 static struct mbuf *key_setsadbmsg (u_int8_t, u_int16_t, u_int8_t,
429 u_int32_t, pid_t, u_int16_t);
430 static struct mbuf *key_setsadbsa (struct secasvar *);
431 static struct mbuf *key_setsadbaddr (u_int16_t,
432 const struct sockaddr *, u_int8_t, u_int16_t);
433 #if 0
434 static struct mbuf *key_setsadbident (u_int16_t, u_int16_t, void *,
435 int, u_int64_t);
436 #endif
437 static struct mbuf *key_setsadbxsa2 (u_int8_t, u_int32_t, u_int16_t);
438 static struct mbuf *key_setsadbxpolicy (u_int16_t, u_int8_t,
439 u_int32_t);
440 static void *key_newbuf (const void *, u_int);
441 #ifdef INET6
442 static int key_ismyaddr6 (const struct sockaddr_in6 *);
443 #endif
444
445 static void sysctl_net_keyv2_setup(struct sysctllog **);
446 static void sysctl_net_key_compat_setup(struct sysctllog **);
447
448 /* flags for key_cmpsaidx() */
449 #define CMP_HEAD 1 /* protocol, addresses. */
450 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */
451 #define CMP_REQID 3 /* additionally HEAD, reaid. */
452 #define CMP_EXACTLY 4 /* all elements. */
453 static int key_cmpsaidx
454 (const struct secasindex *, const struct secasindex *, int);
455
456 static int key_sockaddrcmp (const struct sockaddr *, const struct sockaddr *, int);
457 static int key_bbcmp (const void *, const void *, u_int);
458 static u_int16_t key_satype2proto (u_int8_t);
459 static u_int8_t key_proto2satype (u_int16_t);
460
461 static int key_getspi (struct socket *, struct mbuf *,
462 const struct sadb_msghdr *);
463 static u_int32_t key_do_getnewspi (const struct sadb_spirange *,
464 const struct secasindex *);
465 static int key_handle_natt_info (struct secasvar *,
466 const struct sadb_msghdr *);
467 static int key_set_natt_ports (union sockaddr_union *,
468 union sockaddr_union *,
469 const struct sadb_msghdr *);
470 static int key_update (struct socket *, struct mbuf *,
471 const struct sadb_msghdr *);
472 #ifdef IPSEC_DOSEQCHECK
473 static struct secasvar *key_getsavbyseq (struct secashead *, u_int32_t);
474 #endif
475 static int key_add (struct socket *, struct mbuf *,
476 const struct sadb_msghdr *);
477 static int key_setident (struct secashead *, struct mbuf *,
478 const struct sadb_msghdr *);
479 static struct mbuf *key_getmsgbuf_x1 (struct mbuf *,
480 const struct sadb_msghdr *);
481 static int key_delete (struct socket *, struct mbuf *,
482 const struct sadb_msghdr *);
483 static int key_get (struct socket *, struct mbuf *,
484 const struct sadb_msghdr *);
485
486 static void key_getcomb_setlifetime (struct sadb_comb *);
487 static struct mbuf *key_getcomb_esp (void);
488 static struct mbuf *key_getcomb_ah (void);
489 static struct mbuf *key_getcomb_ipcomp (void);
490 static struct mbuf *key_getprop (const struct secasindex *);
491
492 static int key_acquire (const struct secasindex *, struct secpolicy *);
493 #ifndef IPSEC_NONBLOCK_ACQUIRE
494 static struct secacq *key_newacq (const struct secasindex *);
495 static struct secacq *key_getacq (const struct secasindex *);
496 static struct secacq *key_getacqbyseq (u_int32_t);
497 #endif
498 #ifdef notyet
499 static struct secspacq *key_newspacq (const struct secpolicyindex *);
500 static struct secspacq *key_getspacq (const struct secpolicyindex *);
501 #endif
502 static int key_acquire2 (struct socket *, struct mbuf *,
503 const struct sadb_msghdr *);
504 static int key_register (struct socket *, struct mbuf *,
505 const struct sadb_msghdr *);
506 static int key_expire (struct secasvar *);
507 static int key_flush (struct socket *, struct mbuf *,
508 const struct sadb_msghdr *);
509 static struct mbuf *key_setdump_chain (u_int8_t req_satype, int *errorp,
510 int *lenp, pid_t pid);
511 static int key_dump (struct socket *, struct mbuf *,
512 const struct sadb_msghdr *);
513 static int key_promisc (struct socket *, struct mbuf *,
514 const struct sadb_msghdr *);
515 static int key_senderror (struct socket *, struct mbuf *, int);
516 static int key_validate_ext (const struct sadb_ext *, int);
517 static int key_align (struct mbuf *, struct sadb_msghdr *);
518 #if 0
519 static const char *key_getfqdn (void);
520 static const char *key_getuserfqdn (void);
521 #endif
522 static void key_sa_chgstate (struct secasvar *, u_int8_t);
523 static inline void key_sp_dead (struct secpolicy *);
524 static void key_sp_unlink (struct secpolicy *sp);
525
526 static struct mbuf *key_alloc_mbuf (int);
527
528 static void key_timehandler(void *);
529 static void key_timehandler_work(struct work *, void *);
530 static struct callout key_timehandler_ch;
531 static struct workqueue *key_timehandler_wq;
532 static struct work key_timehandler_wk;
533
534 #ifdef IPSEC_REF_DEBUG
535 #define REFLOG(label, p, where, tag) \
536 log(LOG_DEBUG, "%s:%d: " label " : refcnt=%d (%p)\n.", \
537 (where), (tag), (p)->refcnt, (p))
538 #else
539 #define REFLOG(label, p, where, tag) do {} while (0)
540 #endif
541
542 #define SA_ADDREF(p) do { \
543 (p)->refcnt++; \
544 REFLOG("SA_ADDREF", (p), __func__, __LINE__); \
545 KASSERTMSG((p)->refcnt != 0, "SA refcnt overflow"); \
546 } while (0)
547 #define SA_ADDREF2(p, where, tag) do { \
548 (p)->refcnt++; \
549 REFLOG("SA_ADDREF", (p), (where), (tag)); \
550 KASSERTMSG((p)->refcnt != 0, "SA refcnt overflow"); \
551 } while (0)
552 #define SA_DELREF(p) do { \
553 KASSERTMSG((p)->refcnt > 0, "SA refcnt underflow"); \
554 (p)->refcnt--; \
555 REFLOG("SA_DELREF", (p), __func__, __LINE__); \
556 } while (0)
557 #define SA_DELREF2(p, where, tag) do { \
558 KASSERTMSG((p)->refcnt > 0, "SA refcnt underflow"); \
559 (p)->refcnt--; \
560 REFLOG("SA_DELREF", (p), (where), (tag)); \
561 } while (0)
562
563 #define SP_ADDREF(p) do { \
564 (p)->refcnt++; \
565 REFLOG("SP_ADDREF", (p), __func__, __LINE__); \
566 KASSERTMSG((p)->refcnt != 0, "SP refcnt overflow"); \
567 } while (0)
568 #define SP_ADDREF2(p, where, tag) do { \
569 (p)->refcnt++; \
570 REFLOG("SP_ADDREF", (p), (where), (tag)); \
571 KASSERTMSG((p)->refcnt != 0, "SP refcnt overflow"); \
572 } while (0)
573 #define SP_DELREF(p) do { \
574 KASSERTMSG((p)->refcnt > 0, "SP refcnt underflow"); \
575 (p)->refcnt--; \
576 REFLOG("SP_DELREF", (p), __func__, __LINE__); \
577 } while (0)
578 #define SP_DELREF2(p, where, tag) do { \
579 KASSERTMSG((p)->refcnt > 0, "SP refcnt underflow"); \
580 (p)->refcnt--; \
581 REFLOG("SP_DELREF", (p), (where), (tag)); \
582 } while (0)
583
584
585 static inline void
586 key_sp_dead(struct secpolicy *sp)
587 {
588
589 /* mark the SP dead */
590 sp->state = IPSEC_SPSTATE_DEAD;
591 }
592
593 static void
594 key_sp_unlink(struct secpolicy *sp)
595 {
596
597 /* remove from SP index */
598 KASSERT(__LIST_CHAINED(sp));
599 LIST_REMOVE(sp, chain);
600 /* Release refcount held just for being on chain */
601 KEY_FREESP(&sp);
602 }
603
604
605 /*
606 * Return 0 when there are known to be no SP's for the specified
607 * direction. Otherwise return 1. This is used by IPsec code
608 * to optimize performance.
609 */
610 int
611 key_havesp(u_int dir)
612 {
613 return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ?
614 !LIST_EMPTY(&sptree[dir]) : 1);
615 }
616
617 /* %%% IPsec policy management */
618 /*
619 * allocating a SP for OUTBOUND or INBOUND packet.
620 * Must call key_freesp() later.
621 * OUT: NULL: not found
622 * others: found and return the pointer.
623 */
624 struct secpolicy *
625 key_allocsp(const struct secpolicyindex *spidx, u_int dir, const char* where, int tag)
626 {
627 struct secpolicy *sp;
628 int s;
629
630 KASSERT(spidx != NULL);
631 KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir);
632
633 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag);
634
635 /* get a SP entry */
636 s = splsoftnet(); /*called from softclock()*/
637 if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
638 printf("*** objects\n");
639 kdebug_secpolicyindex(spidx);
640 }
641
642 LIST_FOREACH(sp, &sptree[dir], chain) {
643 if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
644 printf("*** in SPD\n");
645 kdebug_secpolicyindex(&sp->spidx);
646 }
647
648 if (sp->state == IPSEC_SPSTATE_DEAD)
649 continue;
650 if (key_cmpspidx_withmask(&sp->spidx, spidx))
651 goto found;
652 }
653 sp = NULL;
654 found:
655 if (sp) {
656 /* sanity check */
657 KEY_CHKSPDIR(sp->spidx.dir, dir);
658
659 /* found a SPD entry */
660 sp->lastused = time_uptime;
661 SP_ADDREF2(sp, where, tag);
662 }
663 splx(s);
664
665 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
666 "DP return SP:%p (ID=%u) refcnt %u\n",
667 sp, sp ? sp->id : 0, sp ? sp->refcnt : 0);
668 return sp;
669 }
670
671 /*
672 * allocating a SP for OUTBOUND or INBOUND packet.
673 * Must call key_freesp() later.
674 * OUT: NULL: not found
675 * others: found and return the pointer.
676 */
677 struct secpolicy *
678 key_allocsp2(u_int32_t spi,
679 const union sockaddr_union *dst,
680 u_int8_t proto,
681 u_int dir,
682 const char* where, int tag)
683 {
684 struct secpolicy *sp;
685 int s;
686
687 KASSERT(dst != NULL);
688 KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir);
689
690 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag);
691
692 /* get a SP entry */
693 s = splsoftnet(); /*called from softclock()*/
694 if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
695 printf("*** objects\n");
696 printf("spi %u proto %u dir %u\n", spi, proto, dir);
697 kdebug_sockaddr(&dst->sa);
698 }
699
700 LIST_FOREACH(sp, &sptree[dir], chain) {
701 if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
702 printf("*** in SPD\n");
703 kdebug_secpolicyindex(&sp->spidx);
704 }
705
706 if (sp->state == IPSEC_SPSTATE_DEAD)
707 continue;
708 /* compare simple values, then dst address */
709 if (sp->spidx.ul_proto != proto)
710 continue;
711 /* NB: spi's must exist and match */
712 if (!sp->req || !sp->req->sav || sp->req->sav->spi != spi)
713 continue;
714 if (key_sockaddrcmp(&sp->spidx.dst.sa, &dst->sa, PORT_STRICT) == 0)
715 goto found;
716 }
717 sp = NULL;
718 found:
719 if (sp) {
720 /* sanity check */
721 KEY_CHKSPDIR(sp->spidx.dir, dir);
722
723 /* found a SPD entry */
724 sp->lastused = time_uptime;
725 SP_ADDREF2(sp, where, tag);
726 }
727 splx(s);
728
729 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
730 "DP return SP:%p (ID=%u) refcnt %u\n",
731 sp, sp ? sp->id : 0, sp ? sp->refcnt : 0);
732 return sp;
733 }
734
735 /*
736 * return a policy that matches this particular inbound packet.
737 * XXX slow
738 */
739 struct secpolicy *
740 key_gettunnel(const struct sockaddr *osrc,
741 const struct sockaddr *odst,
742 const struct sockaddr *isrc,
743 const struct sockaddr *idst,
744 const char* where, int tag)
745 {
746 struct secpolicy *sp;
747 const int dir = IPSEC_DIR_INBOUND;
748 int s;
749 struct ipsecrequest *r1, *r2, *p;
750 struct secpolicyindex spidx;
751
752 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag);
753
754 if (isrc->sa_family != idst->sa_family) {
755 IPSECLOG(LOG_ERR, "protocol family mismatched %d != %d\n.",
756 isrc->sa_family, idst->sa_family);
757 sp = NULL;
758 goto done;
759 }
760
761 s = splsoftnet(); /*called from softclock()*/
762 LIST_FOREACH(sp, &sptree[dir], chain) {
763 if (sp->state == IPSEC_SPSTATE_DEAD)
764 continue;
765
766 r1 = r2 = NULL;
767 for (p = sp->req; p; p = p->next) {
768 if (p->saidx.mode != IPSEC_MODE_TUNNEL)
769 continue;
770
771 r1 = r2;
772 r2 = p;
773
774 if (!r1) {
775 /* here we look at address matches only */
776 spidx = sp->spidx;
777 if (isrc->sa_len > sizeof(spidx.src) ||
778 idst->sa_len > sizeof(spidx.dst))
779 continue;
780 memcpy(&spidx.src, isrc, isrc->sa_len);
781 memcpy(&spidx.dst, idst, idst->sa_len);
782 if (!key_cmpspidx_withmask(&sp->spidx, &spidx))
783 continue;
784 } else {
785 if (key_sockaddrcmp(&r1->saidx.src.sa, isrc, PORT_NONE) ||
786 key_sockaddrcmp(&r1->saidx.dst.sa, idst, PORT_NONE))
787 continue;
788 }
789
790 if (key_sockaddrcmp(&r2->saidx.src.sa, osrc, PORT_NONE) ||
791 key_sockaddrcmp(&r2->saidx.dst.sa, odst, PORT_NONE))
792 continue;
793
794 goto found;
795 }
796 }
797 sp = NULL;
798 found:
799 if (sp) {
800 sp->lastused = time_uptime;
801 SP_ADDREF2(sp, where, tag);
802 }
803 splx(s);
804 done:
805 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
806 "DP return SP:%p (ID=%u) refcnt %u\n",
807 sp, sp ? sp->id : 0, sp ? sp->refcnt : 0);
808 return sp;
809 }
810
811 /*
812 * allocating an SA entry for an *OUTBOUND* packet.
813 * checking each request entries in SP, and acquire an SA if need.
814 * OUT: 0: there are valid requests.
815 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
816 */
817 int
818 key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx)
819 {
820 u_int level;
821 int error;
822
823 KASSERT(isr != NULL);
824 KASSERT(saidx != NULL);
825 KASSERTMSG(saidx->mode == IPSEC_MODE_TRANSPORT ||
826 saidx->mode == IPSEC_MODE_TUNNEL,
827 "unexpected policy %u", saidx->mode);
828
829 /* get current level */
830 level = ipsec_get_reqlevel(isr);
831
832 /*
833 * XXX guard against protocol callbacks from the crypto
834 * thread as they reference ipsecrequest.sav which we
835 * temporarily null out below. Need to rethink how we
836 * handle bundled SA's in the callback thread.
837 */
838 IPSEC_SPLASSERT_SOFTNET("key_checkrequest");
839 #if 0
840 /*
841 * We do allocate new SA only if the state of SA in the holder is
842 * SADB_SASTATE_DEAD. The SA for outbound must be the oldest.
843 */
844 if (isr->sav != NULL) {
845 if (isr->sav->sah == NULL)
846 panic("key_checkrequest: sah is null");
847 if (isr->sav == (struct secasvar *)LIST_FIRST(
848 &isr->sav->sah->savtree[SADB_SASTATE_DEAD])) {
849 KEY_FREESAV(&isr->sav);
850 isr->sav = NULL;
851 }
852 }
853 #else
854 /*
855 * we free any SA stashed in the IPsec request because a different
856 * SA may be involved each time this request is checked, either
857 * because new SAs are being configured, or this request is
858 * associated with an unconnected datagram socket, or this request
859 * is associated with a system default policy.
860 *
861 * The operation may have negative impact to performance. We may
862 * want to check cached SA carefully, rather than picking new SA
863 * every time.
864 */
865 if (isr->sav != NULL) {
866 KEY_FREESAV(&isr->sav);
867 isr->sav = NULL;
868 }
869 #endif
870
871 /*
872 * new SA allocation if no SA found.
873 * key_allocsa_policy should allocate the oldest SA available.
874 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
875 */
876 if (isr->sav == NULL)
877 isr->sav = key_allocsa_policy(saidx);
878
879 /* When there is SA. */
880 if (isr->sav != NULL) {
881 if (isr->sav->state != SADB_SASTATE_MATURE &&
882 isr->sav->state != SADB_SASTATE_DYING)
883 return EINVAL;
884 return 0;
885 }
886
887 /* there is no SA */
888 error = key_acquire(saidx, isr->sp);
889 if (error != 0) {
890 /* XXX What should I do ? */
891 IPSECLOG(LOG_DEBUG, "error %d returned from key_acquire.\n",
892 error);
893 return error;
894 }
895
896 if (level != IPSEC_LEVEL_REQUIRE) {
897 /* XXX sigh, the interface to this routine is botched */
898 KASSERTMSG(isr->sav == NULL, "unexpected SA");
899 return 0;
900 } else {
901 return ENOENT;
902 }
903 }
904
905 /*
906 * allocating a SA for policy entry from SAD.
907 * NOTE: searching SAD of aliving state.
908 * OUT: NULL: not found.
909 * others: found and return the pointer.
910 */
911 static struct secasvar *
912 key_allocsa_policy(const struct secasindex *saidx)
913 {
914 struct secashead *sah;
915 struct secasvar *sav;
916 u_int stateidx, state;
917 const u_int *saorder_state_valid;
918 int arraysize;
919
920 LIST_FOREACH(sah, &sahtree, chain) {
921 if (sah->state == SADB_SASTATE_DEAD)
922 continue;
923 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
924 goto found;
925 }
926
927 return NULL;
928
929 found:
930
931 /*
932 * search a valid state list for outbound packet.
933 * This search order is important.
934 */
935 if (key_prefered_oldsa) {
936 saorder_state_valid = saorder_state_valid_prefer_old;
937 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
938 } else {
939 saorder_state_valid = saorder_state_valid_prefer_new;
940 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
941 }
942
943 /* search valid state */
944 for (stateidx = 0;
945 stateidx < arraysize;
946 stateidx++) {
947
948 state = saorder_state_valid[stateidx];
949
950 sav = key_do_allocsa_policy(sah, state);
951 if (sav != NULL)
952 return sav;
953 }
954
955 return NULL;
956 }
957
958 /*
959 * searching SAD with direction, protocol, mode and state.
960 * called by key_allocsa_policy().
961 * OUT:
962 * NULL : not found
963 * others : found, pointer to a SA.
964 */
965 static struct secasvar *
966 key_do_allocsa_policy(struct secashead *sah, u_int state)
967 {
968 struct secasvar *sav, *candidate, *d;
969
970 /* initilize */
971 candidate = NULL;
972
973 LIST_FOREACH(sav, &sah->savtree[state], chain) {
974 /* sanity check */
975 KEY_CHKSASTATE(sav->state, state);
976
977 /* initialize */
978 if (candidate == NULL) {
979 candidate = sav;
980 continue;
981 }
982
983 /* Which SA is the better ? */
984
985 /* sanity check 2 */
986 KASSERT(candidate->lft_c != NULL);
987 KASSERT(sav->lft_c != NULL);
988
989 /* What the best method is to compare ? */
990 if (key_prefered_oldsa) {
991 if (candidate->lft_c->sadb_lifetime_addtime >
992 sav->lft_c->sadb_lifetime_addtime) {
993 candidate = sav;
994 }
995 continue;
996 /*NOTREACHED*/
997 }
998
999 /* prefered new sa rather than old sa */
1000 if (candidate->lft_c->sadb_lifetime_addtime <
1001 sav->lft_c->sadb_lifetime_addtime) {
1002 d = candidate;
1003 candidate = sav;
1004 } else
1005 d = sav;
1006
1007 /*
1008 * prepared to delete the SA when there is more
1009 * suitable candidate and the lifetime of the SA is not
1010 * permanent.
1011 */
1012 if (d->lft_c->sadb_lifetime_addtime != 0) {
1013 struct mbuf *m, *result = 0;
1014 uint8_t satype;
1015
1016 key_sa_chgstate(d, SADB_SASTATE_DEAD);
1017
1018 KASSERT(d->refcnt > 0);
1019
1020 satype = key_proto2satype(d->sah->saidx.proto);
1021 if (satype == 0)
1022 goto msgfail;
1023
1024 m = key_setsadbmsg(SADB_DELETE, 0,
1025 satype, 0, 0, d->refcnt - 1);
1026 if (!m)
1027 goto msgfail;
1028 result = m;
1029
1030 /* set sadb_address for saidx's. */
1031 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
1032 &d->sah->saidx.src.sa,
1033 d->sah->saidx.src.sa.sa_len << 3,
1034 IPSEC_ULPROTO_ANY);
1035 if (!m)
1036 goto msgfail;
1037 m_cat(result, m);
1038
1039 /* set sadb_address for saidx's. */
1040 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
1041 &d->sah->saidx.src.sa,
1042 d->sah->saidx.src.sa.sa_len << 3,
1043 IPSEC_ULPROTO_ANY);
1044 if (!m)
1045 goto msgfail;
1046 m_cat(result, m);
1047
1048 /* create SA extension */
1049 m = key_setsadbsa(d);
1050 if (!m)
1051 goto msgfail;
1052 m_cat(result, m);
1053
1054 if (result->m_len < sizeof(struct sadb_msg)) {
1055 result = m_pullup(result,
1056 sizeof(struct sadb_msg));
1057 if (result == NULL)
1058 goto msgfail;
1059 }
1060
1061 result->m_pkthdr.len = 0;
1062 for (m = result; m; m = m->m_next)
1063 result->m_pkthdr.len += m->m_len;
1064 mtod(result, struct sadb_msg *)->sadb_msg_len =
1065 PFKEY_UNIT64(result->m_pkthdr.len);
1066
1067 key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
1068 result = 0;
1069 msgfail:
1070 if (result)
1071 m_freem(result);
1072 KEY_FREESAV(&d);
1073 }
1074 }
1075
1076 if (candidate) {
1077 SA_ADDREF(candidate);
1078 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1079 "DP cause refcnt++:%d SA:%p\n",
1080 candidate->refcnt, candidate);
1081 }
1082 return candidate;
1083 }
1084
1085 /*
1086 * allocating a usable SA entry for a *INBOUND* packet.
1087 * Must call key_freesav() later.
1088 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state).
1089 * NULL: not found, or error occurred.
1090 *
1091 * In the comparison, no source address is used--for RFC2401 conformance.
1092 * To quote, from section 4.1:
1093 * A security association is uniquely identified by a triple consisting
1094 * of a Security Parameter Index (SPI), an IP Destination Address, and a
1095 * security protocol (AH or ESP) identifier.
1096 * Note that, however, we do need to keep source address in IPsec SA.
1097 * IKE specification and PF_KEY specification do assume that we
1098 * keep source address in IPsec SA. We see a tricky situation here.
1099 *
1100 * sport and dport are used for NAT-T. network order is always used.
1101 */
1102 struct secasvar *
1103 key_allocsa(
1104 const union sockaddr_union *dst,
1105 u_int proto,
1106 u_int32_t spi,
1107 u_int16_t sport,
1108 u_int16_t dport,
1109 const char* where, int tag)
1110 {
1111 struct secashead *sah;
1112 struct secasvar *sav;
1113 u_int stateidx, state;
1114 const u_int *saorder_state_valid;
1115 int arraysize, chkport;
1116 int s;
1117
1118 int must_check_spi = 1;
1119 int must_check_alg = 0;
1120 u_int16_t cpi = 0;
1121 u_int8_t algo = 0;
1122
1123 if ((sport != 0) && (dport != 0))
1124 chkport = PORT_STRICT;
1125 else
1126 chkport = PORT_NONE;
1127
1128 KASSERT(dst != NULL);
1129
1130 /*
1131 * XXX IPCOMP case
1132 * We use cpi to define spi here. In the case where cpi <=
1133 * IPCOMP_CPI_NEGOTIATE_MIN, cpi just define the algorithm used, not
1134 * the real spi. In this case, don't check the spi but check the
1135 * algorithm
1136 */
1137
1138 if (proto == IPPROTO_IPCOMP) {
1139 u_int32_t tmp;
1140 tmp = ntohl(spi);
1141 cpi = (u_int16_t) tmp;
1142 if (cpi < IPCOMP_CPI_NEGOTIATE_MIN) {
1143 algo = (u_int8_t) cpi;
1144 must_check_spi = 0;
1145 must_check_alg = 1;
1146 }
1147 }
1148 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1149 "DP from %s:%u check_spi=%d, check_alg=%d\n",
1150 where, tag, must_check_spi, must_check_alg);
1151
1152
1153 /*
1154 * searching SAD.
1155 * XXX: to be checked internal IP header somewhere. Also when
1156 * IPsec tunnel packet is received. But ESP tunnel mode is
1157 * encrypted so we can't check internal IP header.
1158 */
1159 s = splsoftnet(); /*called from softclock()*/
1160 if (key_prefered_oldsa) {
1161 saorder_state_valid = saorder_state_valid_prefer_old;
1162 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
1163 } else {
1164 saorder_state_valid = saorder_state_valid_prefer_new;
1165 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
1166 }
1167 LIST_FOREACH(sah, &sahtree, chain) {
1168 /* search valid state */
1169 for (stateidx = 0; stateidx < arraysize; stateidx++) {
1170 state = saorder_state_valid[stateidx];
1171 LIST_FOREACH(sav, &sah->savtree[state], chain) {
1172 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
1173 "try match spi %#x, %#x\n",
1174 ntohl(spi), ntohl(sav->spi));
1175 /* sanity check */
1176 KEY_CHKSASTATE(sav->state, state);
1177 /* do not return entries w/ unusable state */
1178 if (sav->state != SADB_SASTATE_MATURE &&
1179 sav->state != SADB_SASTATE_DYING) {
1180 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
1181 "bad state %d\n", sav->state);
1182 continue;
1183 }
1184 if (proto != sav->sah->saidx.proto) {
1185 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
1186 "proto fail %d != %d\n",
1187 proto, sav->sah->saidx.proto);
1188 continue;
1189 }
1190 if (must_check_spi && spi != sav->spi) {
1191 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
1192 "spi fail %#x != %#x\n",
1193 ntohl(spi), ntohl(sav->spi));
1194 continue;
1195 }
1196 /* XXX only on the ipcomp case */
1197 if (must_check_alg && algo != sav->alg_comp) {
1198 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
1199 "algo fail %d != %d\n",
1200 algo, sav->alg_comp);
1201 continue;
1202 }
1203
1204 #if 0 /* don't check src */
1205 /* Fix port in src->sa */
1206
1207 /* check src address */
1208 if (key_sockaddrcmp(&src->sa, &sav->sah->saidx.src.sa, PORT_NONE) != 0)
1209 continue;
1210 #endif
1211 /* fix port of dst address XXX*/
1212 key_porttosaddr(__UNCONST(dst), dport);
1213 /* check dst address */
1214 if (key_sockaddrcmp(&dst->sa, &sav->sah->saidx.dst.sa, chkport) != 0)
1215 continue;
1216 SA_ADDREF2(sav, where, tag);
1217 goto done;
1218 }
1219 }
1220 }
1221 sav = NULL;
1222 done:
1223 splx(s);
1224
1225 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1226 "DP return SA:%p; refcnt %u\n", sav, sav ? sav->refcnt : 0);
1227 return sav;
1228 }
1229
1230 /*
1231 * Must be called after calling key_allocsp().
1232 * For both the packet without socket and key_freeso().
1233 */
1234 void
1235 _key_freesp(struct secpolicy **spp, const char* where, int tag)
1236 {
1237 struct secpolicy *sp = *spp;
1238
1239 KASSERT(sp != NULL);
1240
1241 SP_DELREF2(sp, where, tag);
1242
1243 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1244 "DP SP:%p (ID=%u) from %s:%u; refcnt now %u\n",
1245 sp, sp->id, where, tag, sp->refcnt);
1246
1247 if (sp->refcnt == 0) {
1248 *spp = NULL;
1249 key_delsp(sp);
1250 }
1251 }
1252
1253 /*
1254 * Must be called after calling key_allocsp().
1255 * For the packet with socket.
1256 */
1257 void
1258 key_freeso(struct socket *so)
1259 {
1260 /* sanity check */
1261 KASSERT(so != NULL);
1262
1263 switch (so->so_proto->pr_domain->dom_family) {
1264 #ifdef INET
1265 case PF_INET:
1266 {
1267 struct inpcb *pcb = sotoinpcb(so);
1268
1269 /* Does it have a PCB ? */
1270 if (pcb == NULL)
1271 return;
1272
1273 struct inpcbpolicy *sp = pcb->inp_sp;
1274 key_freesp_so(&sp->sp_in);
1275 key_freesp_so(&sp->sp_out);
1276 }
1277 break;
1278 #endif
1279 #ifdef INET6
1280 case PF_INET6:
1281 {
1282 #ifdef HAVE_NRL_INPCB
1283 struct inpcb *pcb = sotoinpcb(so);
1284 struct inpcbpolicy *sp = pcb->inp_sp;
1285
1286 /* Does it have a PCB ? */
1287 if (pcb == NULL)
1288 return;
1289 key_freesp_so(&sp->sp_in);
1290 key_freesp_so(&sp->sp_out);
1291 #else
1292 struct in6pcb *pcb = sotoin6pcb(so);
1293
1294 /* Does it have a PCB ? */
1295 if (pcb == NULL)
1296 return;
1297 key_freesp_so(&pcb->in6p_sp->sp_in);
1298 key_freesp_so(&pcb->in6p_sp->sp_out);
1299 #endif
1300 }
1301 break;
1302 #endif /* INET6 */
1303 default:
1304 IPSECLOG(LOG_DEBUG, "unknown address family=%d.\n",
1305 so->so_proto->pr_domain->dom_family);
1306 return;
1307 }
1308 }
1309
1310 static void
1311 key_freesp_so(struct secpolicy **sp)
1312 {
1313
1314 KASSERT(sp != NULL);
1315 KASSERT(*sp != NULL);
1316
1317 if ((*sp)->policy == IPSEC_POLICY_ENTRUST ||
1318 (*sp)->policy == IPSEC_POLICY_BYPASS)
1319 return;
1320
1321 KASSERTMSG((*sp)->policy == IPSEC_POLICY_IPSEC,
1322 "invalid policy %u", (*sp)->policy);
1323 KEY_FREESP(sp);
1324 }
1325
1326 /*
1327 * Must be called after calling key_allocsa().
1328 * This function is called by key_freesp() to free some SA allocated
1329 * for a policy.
1330 */
1331 void
1332 key_freesav(struct secasvar **psav, const char* where, int tag)
1333 {
1334 struct secasvar *sav = *psav;
1335
1336 KASSERT(sav != NULL);
1337
1338 SA_DELREF2(sav, where, tag);
1339
1340 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1341 "DP SA:%p (SPI %lu) from %s:%u; refcnt now %u\n",
1342 sav, (u_long)ntohl(sav->spi), where, tag, sav->refcnt);
1343
1344 if (sav->refcnt == 0) {
1345 *psav = NULL;
1346 key_delsav(sav);
1347 }
1348 }
1349
1350 /* %%% SPD management */
1351 /*
1352 * free security policy entry.
1353 */
1354 static void
1355 key_delsp(struct secpolicy *sp)
1356 {
1357 int s;
1358
1359 KASSERT(sp != NULL);
1360
1361 key_sp_dead(sp);
1362
1363 KASSERTMSG(sp->refcnt == 0,
1364 "SP with references deleted (refcnt %u)", sp->refcnt);
1365
1366 s = splsoftnet(); /*called from softclock()*/
1367
1368 {
1369 struct ipsecrequest *isr = sp->req, *nextisr;
1370
1371 while (isr != NULL) {
1372 if (isr->sav != NULL) {
1373 KEY_FREESAV(&isr->sav);
1374 isr->sav = NULL;
1375 }
1376
1377 nextisr = isr->next;
1378 kmem_intr_free(isr, sizeof(*isr));
1379 isr = nextisr;
1380 }
1381 }
1382
1383 kmem_intr_free(sp, sizeof(*sp));
1384
1385 splx(s);
1386 }
1387
1388 /*
1389 * search SPD
1390 * OUT: NULL : not found
1391 * others : found, pointer to a SP.
1392 */
1393 static struct secpolicy *
1394 key_getsp(const struct secpolicyindex *spidx)
1395 {
1396 struct secpolicy *sp;
1397
1398 KASSERT(spidx != NULL);
1399
1400 LIST_FOREACH(sp, &sptree[spidx->dir], chain) {
1401 if (sp->state == IPSEC_SPSTATE_DEAD)
1402 continue;
1403 if (key_cmpspidx_exactly(spidx, &sp->spidx)) {
1404 SP_ADDREF(sp);
1405 return sp;
1406 }
1407 }
1408
1409 return NULL;
1410 }
1411
1412 /*
1413 * get SP by index.
1414 * OUT: NULL : not found
1415 * others : found, pointer to a SP.
1416 */
1417 static struct secpolicy *
1418 key_getspbyid(u_int32_t id)
1419 {
1420 struct secpolicy *sp;
1421
1422 LIST_FOREACH(sp, &sptree[IPSEC_DIR_INBOUND], chain) {
1423 if (sp->state == IPSEC_SPSTATE_DEAD)
1424 continue;
1425 if (sp->id == id) {
1426 SP_ADDREF(sp);
1427 return sp;
1428 }
1429 }
1430
1431 LIST_FOREACH(sp, &sptree[IPSEC_DIR_OUTBOUND], chain) {
1432 if (sp->state == IPSEC_SPSTATE_DEAD)
1433 continue;
1434 if (sp->id == id) {
1435 SP_ADDREF(sp);
1436 return sp;
1437 }
1438 }
1439
1440 return NULL;
1441 }
1442
1443 struct secpolicy *
1444 key_newsp(const char* where, int tag)
1445 {
1446 struct secpolicy *newsp = NULL;
1447
1448 newsp = kmem_intr_zalloc(sizeof(struct secpolicy), KM_NOSLEEP);
1449 if (newsp != NULL)
1450 newsp->refcnt = 1;
1451
1452 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1453 "DP from %s:%u return SP:%p\n", where, tag, newsp);
1454 return newsp;
1455 }
1456
1457 /*
1458 * create secpolicy structure from sadb_x_policy structure.
1459 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1460 * so must be set properly later.
1461 */
1462 struct secpolicy *
1463 key_msg2sp(const struct sadb_x_policy *xpl0, size_t len, int *error)
1464 {
1465 struct secpolicy *newsp;
1466
1467 KASSERT(!cpu_softintr_p());
1468 KASSERT(xpl0 != NULL);
1469 KASSERT(len >= sizeof(*xpl0));
1470
1471 if (len != PFKEY_EXTLEN(xpl0)) {
1472 IPSECLOG(LOG_DEBUG, "Invalid msg length.\n");
1473 *error = EINVAL;
1474 return NULL;
1475 }
1476
1477 newsp = KEY_NEWSP();
1478 if (newsp == NULL) {
1479 *error = ENOBUFS;
1480 return NULL;
1481 }
1482
1483 newsp->spidx.dir = xpl0->sadb_x_policy_dir;
1484 newsp->policy = xpl0->sadb_x_policy_type;
1485
1486 /* check policy */
1487 switch (xpl0->sadb_x_policy_type) {
1488 case IPSEC_POLICY_DISCARD:
1489 case IPSEC_POLICY_NONE:
1490 case IPSEC_POLICY_ENTRUST:
1491 case IPSEC_POLICY_BYPASS:
1492 newsp->req = NULL;
1493 *error = 0;
1494 return newsp;
1495
1496 case IPSEC_POLICY_IPSEC:
1497 /* Continued */
1498 break;
1499 default:
1500 IPSECLOG(LOG_DEBUG, "invalid policy type.\n");
1501 KEY_FREESP(&newsp);
1502 *error = EINVAL;
1503 return NULL;
1504 }
1505
1506 /* IPSEC_POLICY_IPSEC */
1507 {
1508 int tlen;
1509 const struct sadb_x_ipsecrequest *xisr;
1510 uint16_t xisr_reqid;
1511 struct ipsecrequest **p_isr = &newsp->req;
1512
1513 /* validity check */
1514 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
1515 IPSECLOG(LOG_DEBUG, "Invalid msg length.\n");
1516 *error = EINVAL;
1517 goto free_exit;
1518 }
1519
1520 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
1521 xisr = (const struct sadb_x_ipsecrequest *)(xpl0 + 1);
1522
1523 while (tlen > 0) {
1524 /* length check */
1525 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
1526 IPSECLOG(LOG_DEBUG, "invalid ipsecrequest length.\n");
1527 *error = EINVAL;
1528 goto free_exit;
1529 }
1530
1531 /* allocate request buffer */
1532 *p_isr = kmem_zalloc(sizeof(**p_isr), KM_SLEEP);
1533
1534 /* set values */
1535 (*p_isr)->next = NULL;
1536
1537 switch (xisr->sadb_x_ipsecrequest_proto) {
1538 case IPPROTO_ESP:
1539 case IPPROTO_AH:
1540 case IPPROTO_IPCOMP:
1541 break;
1542 default:
1543 IPSECLOG(LOG_DEBUG, "invalid proto type=%u\n",
1544 xisr->sadb_x_ipsecrequest_proto);
1545 *error = EPROTONOSUPPORT;
1546 goto free_exit;
1547 }
1548 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
1549
1550 switch (xisr->sadb_x_ipsecrequest_mode) {
1551 case IPSEC_MODE_TRANSPORT:
1552 case IPSEC_MODE_TUNNEL:
1553 break;
1554 case IPSEC_MODE_ANY:
1555 default:
1556 IPSECLOG(LOG_DEBUG, "invalid mode=%u\n",
1557 xisr->sadb_x_ipsecrequest_mode);
1558 *error = EINVAL;
1559 goto free_exit;
1560 }
1561 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
1562
1563 switch (xisr->sadb_x_ipsecrequest_level) {
1564 case IPSEC_LEVEL_DEFAULT:
1565 case IPSEC_LEVEL_USE:
1566 case IPSEC_LEVEL_REQUIRE:
1567 break;
1568 case IPSEC_LEVEL_UNIQUE:
1569 xisr_reqid = xisr->sadb_x_ipsecrequest_reqid;
1570 /* validity check */
1571 /*
1572 * If range violation of reqid, kernel will
1573 * update it, don't refuse it.
1574 */
1575 if (xisr_reqid > IPSEC_MANUAL_REQID_MAX) {
1576 IPSECLOG(LOG_DEBUG,
1577 "reqid=%d range "
1578 "violation, updated by kernel.\n",
1579 xisr_reqid);
1580 xisr_reqid = 0;
1581 }
1582
1583 /* allocate new reqid id if reqid is zero. */
1584 if (xisr_reqid == 0) {
1585 u_int16_t reqid = key_newreqid();
1586 if (reqid == 0) {
1587 *error = ENOBUFS;
1588 goto free_exit;
1589 }
1590 (*p_isr)->saidx.reqid = reqid;
1591 } else {
1592 /* set it for manual keying. */
1593 (*p_isr)->saidx.reqid = xisr_reqid;
1594 }
1595 break;
1596
1597 default:
1598 IPSECLOG(LOG_DEBUG, "invalid level=%u\n",
1599 xisr->sadb_x_ipsecrequest_level);
1600 *error = EINVAL;
1601 goto free_exit;
1602 }
1603 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
1604
1605 /* set IP addresses if there */
1606 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
1607 const struct sockaddr *paddr;
1608
1609 paddr = (const struct sockaddr *)(xisr + 1);
1610
1611 /* validity check */
1612 if (paddr->sa_len > sizeof((*p_isr)->saidx.src)) {
1613 IPSECLOG(LOG_DEBUG, "invalid request "
1614 "address length.\n");
1615 *error = EINVAL;
1616 goto free_exit;
1617 }
1618 memcpy(&(*p_isr)->saidx.src, paddr, paddr->sa_len);
1619
1620 paddr = (const struct sockaddr *)((const char *)paddr
1621 + paddr->sa_len);
1622
1623 /* validity check */
1624 if (paddr->sa_len > sizeof((*p_isr)->saidx.dst)) {
1625 IPSECLOG(LOG_DEBUG, "invalid request "
1626 "address length.\n");
1627 *error = EINVAL;
1628 goto free_exit;
1629 }
1630 memcpy(&(*p_isr)->saidx.dst, paddr, paddr->sa_len);
1631 }
1632
1633 (*p_isr)->sav = NULL;
1634 (*p_isr)->sp = newsp;
1635
1636 /* initialization for the next. */
1637 p_isr = &(*p_isr)->next;
1638 tlen -= xisr->sadb_x_ipsecrequest_len;
1639
1640 /* validity check */
1641 if (tlen < 0) {
1642 IPSECLOG(LOG_DEBUG, "becoming tlen < 0.\n");
1643 *error = EINVAL;
1644 goto free_exit;
1645 }
1646
1647 xisr = (const struct sadb_x_ipsecrequest *)((const char *)xisr +
1648 xisr->sadb_x_ipsecrequest_len);
1649 }
1650 }
1651
1652 *error = 0;
1653 return newsp;
1654
1655 free_exit:
1656 KEY_FREESP(&newsp);
1657 return NULL;
1658 }
1659
1660 static u_int16_t
1661 key_newreqid(void)
1662 {
1663 static u_int16_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
1664
1665 auto_reqid = (auto_reqid == 0xffff ?
1666 IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
1667
1668 /* XXX should be unique check */
1669
1670 return auto_reqid;
1671 }
1672
1673 /*
1674 * copy secpolicy struct to sadb_x_policy structure indicated.
1675 */
1676 struct mbuf *
1677 key_sp2msg(const struct secpolicy *sp)
1678 {
1679 struct sadb_x_policy *xpl;
1680 int tlen;
1681 char *p;
1682 struct mbuf *m;
1683
1684 KASSERT(sp != NULL);
1685
1686 tlen = key_getspreqmsglen(sp);
1687
1688 m = key_alloc_mbuf(tlen);
1689 if (!m || m->m_next) { /*XXX*/
1690 if (m)
1691 m_freem(m);
1692 return NULL;
1693 }
1694
1695 m->m_len = tlen;
1696 m->m_next = NULL;
1697 xpl = mtod(m, struct sadb_x_policy *);
1698 memset(xpl, 0, tlen);
1699
1700 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
1701 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
1702 xpl->sadb_x_policy_type = sp->policy;
1703 xpl->sadb_x_policy_dir = sp->spidx.dir;
1704 xpl->sadb_x_policy_id = sp->id;
1705 p = (char *)xpl + sizeof(*xpl);
1706
1707 /* if is the policy for ipsec ? */
1708 if (sp->policy == IPSEC_POLICY_IPSEC) {
1709 struct sadb_x_ipsecrequest *xisr;
1710 struct ipsecrequest *isr;
1711
1712 for (isr = sp->req; isr != NULL; isr = isr->next) {
1713
1714 xisr = (struct sadb_x_ipsecrequest *)p;
1715
1716 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
1717 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
1718 xisr->sadb_x_ipsecrequest_level = isr->level;
1719 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
1720
1721 p += sizeof(*xisr);
1722 memcpy(p, &isr->saidx.src, isr->saidx.src.sa.sa_len);
1723 p += isr->saidx.src.sa.sa_len;
1724 memcpy(p, &isr->saidx.dst, isr->saidx.dst.sa.sa_len);
1725 p += isr->saidx.src.sa.sa_len;
1726
1727 xisr->sadb_x_ipsecrequest_len =
1728 PFKEY_ALIGN8(sizeof(*xisr)
1729 + isr->saidx.src.sa.sa_len
1730 + isr->saidx.dst.sa.sa_len);
1731 }
1732 }
1733
1734 return m;
1735 }
1736
1737 /* m will not be freed nor modified */
1738 static struct mbuf *
1739 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
1740 int ndeep, int nitem, ...)
1741 {
1742 va_list ap;
1743 int idx;
1744 int i;
1745 struct mbuf *result = NULL, *n;
1746 int len;
1747
1748 KASSERT(m != NULL);
1749 KASSERT(mhp != NULL);
1750
1751 va_start(ap, nitem);
1752 for (i = 0; i < nitem; i++) {
1753 idx = va_arg(ap, int);
1754 if (idx < 0 || idx > SADB_EXT_MAX)
1755 goto fail;
1756 /* don't attempt to pull empty extension */
1757 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
1758 continue;
1759 if (idx != SADB_EXT_RESERVED &&
1760 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
1761 continue;
1762
1763 if (idx == SADB_EXT_RESERVED) {
1764 CTASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) <= MHLEN);
1765 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
1766 MGETHDR(n, M_DONTWAIT, MT_DATA);
1767 if (!n)
1768 goto fail;
1769 n->m_len = len;
1770 n->m_next = NULL;
1771 m_copydata(m, 0, sizeof(struct sadb_msg),
1772 mtod(n, void *));
1773 } else if (i < ndeep) {
1774 len = mhp->extlen[idx];
1775 n = key_alloc_mbuf(len);
1776 if (!n || n->m_next) { /*XXX*/
1777 if (n)
1778 m_freem(n);
1779 goto fail;
1780 }
1781 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
1782 mtod(n, void *));
1783 } else {
1784 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
1785 M_DONTWAIT);
1786 }
1787 if (n == NULL)
1788 goto fail;
1789
1790 if (result)
1791 m_cat(result, n);
1792 else
1793 result = n;
1794 }
1795 va_end(ap);
1796
1797 if (result && (result->m_flags & M_PKTHDR) != 0) {
1798 result->m_pkthdr.len = 0;
1799 for (n = result; n; n = n->m_next)
1800 result->m_pkthdr.len += n->m_len;
1801 }
1802
1803 return result;
1804
1805 fail:
1806 va_end(ap);
1807 m_freem(result);
1808 return NULL;
1809 }
1810
1811 /*
1812 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
1813 * add an entry to SP database, when received
1814 * <base, address(SD), (lifetime(H),) policy>
1815 * from the user(?).
1816 * Adding to SP database,
1817 * and send
1818 * <base, address(SD), (lifetime(H),) policy>
1819 * to the socket which was send.
1820 *
1821 * SPDADD set a unique policy entry.
1822 * SPDSETIDX like SPDADD without a part of policy requests.
1823 * SPDUPDATE replace a unique policy entry.
1824 *
1825 * m will always be freed.
1826 */
1827 static int
1828 key_spdadd(struct socket *so, struct mbuf *m,
1829 const struct sadb_msghdr *mhp)
1830 {
1831 const struct sadb_address *src0, *dst0;
1832 const struct sadb_x_policy *xpl0;
1833 struct sadb_x_policy *xpl;
1834 const struct sadb_lifetime *lft = NULL;
1835 struct secpolicyindex spidx;
1836 struct secpolicy *newsp;
1837 int error;
1838
1839 KASSERT(!cpu_softintr_p());
1840 KASSERT(so != NULL);
1841 KASSERT(m != NULL);
1842 KASSERT(mhp != NULL);
1843 KASSERT(mhp->msg != NULL);
1844
1845 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
1846 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
1847 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
1848 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
1849 return key_senderror(so, m, EINVAL);
1850 }
1851 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
1852 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
1853 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
1854 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
1855 return key_senderror(so, m, EINVAL);
1856 }
1857 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
1858 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] <
1859 sizeof(struct sadb_lifetime)) {
1860 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
1861 return key_senderror(so, m, EINVAL);
1862 }
1863 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
1864 }
1865
1866 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
1867 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
1868 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
1869
1870 /* make secindex */
1871 /* XXX boundary check against sa_len */
1872 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
1873 src0 + 1,
1874 dst0 + 1,
1875 src0->sadb_address_prefixlen,
1876 dst0->sadb_address_prefixlen,
1877 src0->sadb_address_proto,
1878 &spidx);
1879
1880 /* checking the direciton. */
1881 switch (xpl0->sadb_x_policy_dir) {
1882 case IPSEC_DIR_INBOUND:
1883 case IPSEC_DIR_OUTBOUND:
1884 break;
1885 default:
1886 IPSECLOG(LOG_DEBUG, "Invalid SP direction.\n");
1887 mhp->msg->sadb_msg_errno = EINVAL;
1888 return 0;
1889 }
1890
1891 /* check policy */
1892 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
1893 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST ||
1894 xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
1895 IPSECLOG(LOG_DEBUG, "Invalid policy type.\n");
1896 return key_senderror(so, m, EINVAL);
1897 }
1898
1899 /* policy requests are mandatory when action is ipsec. */
1900 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX &&
1901 xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
1902 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
1903 IPSECLOG(LOG_DEBUG, "some policy requests part required.\n");
1904 return key_senderror(so, m, EINVAL);
1905 }
1906
1907 /*
1908 * checking there is SP already or not.
1909 * SPDUPDATE doesn't depend on whether there is a SP or not.
1910 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
1911 * then error.
1912 */
1913 newsp = key_getsp(&spidx);
1914 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
1915 if (newsp) {
1916 key_sp_dead(newsp);
1917 key_sp_unlink(newsp); /* XXX jrs ordering */
1918 KEY_FREESP(&newsp);
1919 newsp = NULL;
1920 }
1921 } else {
1922 if (newsp != NULL) {
1923 KEY_FREESP(&newsp);
1924 IPSECLOG(LOG_DEBUG, "a SP entry exists already.\n");
1925 return key_senderror(so, m, EEXIST);
1926 }
1927 }
1928
1929 /* allocation new SP entry */
1930 newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error);
1931 if (newsp == NULL) {
1932 return key_senderror(so, m, error);
1933 }
1934
1935 newsp->id = key_getnewspid();
1936 if (newsp->id == 0) {
1937 kmem_free(newsp, sizeof(*newsp));
1938 return key_senderror(so, m, ENOBUFS);
1939 }
1940
1941 /* XXX boundary check against sa_len */
1942 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
1943 src0 + 1,
1944 dst0 + 1,
1945 src0->sadb_address_prefixlen,
1946 dst0->sadb_address_prefixlen,
1947 src0->sadb_address_proto,
1948 &newsp->spidx);
1949
1950 /* sanity check on addr pair */
1951 if (((const struct sockaddr *)(src0 + 1))->sa_family !=
1952 ((const struct sockaddr *)(dst0+ 1))->sa_family) {
1953 kmem_free(newsp, sizeof(*newsp));
1954 return key_senderror(so, m, EINVAL);
1955 }
1956 if (((const struct sockaddr *)(src0 + 1))->sa_len !=
1957 ((const struct sockaddr *)(dst0+ 1))->sa_len) {
1958 kmem_free(newsp, sizeof(*newsp));
1959 return key_senderror(so, m, EINVAL);
1960 }
1961
1962 newsp->created = time_uptime;
1963 newsp->lastused = newsp->created;
1964 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
1965 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
1966
1967 newsp->refcnt = 1; /* do not reclaim until I say I do */
1968 newsp->state = IPSEC_SPSTATE_ALIVE;
1969 if (newsp->policy == IPSEC_POLICY_IPSEC)
1970 KASSERT(newsp->req != NULL);
1971 LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain);
1972
1973 #ifdef notyet
1974 /* delete the entry in spacqtree */
1975 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
1976 struct secspacq *spacq = key_getspacq(&spidx);
1977 if (spacq != NULL) {
1978 /* reset counter in order to deletion by timehandler. */
1979 spacq->created = time_uptime;
1980 spacq->count = 0;
1981 }
1982 }
1983 #endif
1984
1985 /* Invalidate all cached SPD pointers in the PCBs. */
1986 ipsec_invalpcbcacheall();
1987
1988 #if defined(GATEWAY)
1989 /* Invalidate the ipflow cache, as well. */
1990 ipflow_invalidate_all(0);
1991 #ifdef INET6
1992 if (in6_present)
1993 ip6flow_invalidate_all(0);
1994 #endif /* INET6 */
1995 #endif /* GATEWAY */
1996
1997 {
1998 struct mbuf *n, *mpolicy;
1999 struct sadb_msg *newmsg;
2000 int off;
2001
2002 /* create new sadb_msg to reply. */
2003 if (lft) {
2004 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED,
2005 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
2006 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2007 } else {
2008 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED,
2009 SADB_X_EXT_POLICY,
2010 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2011 }
2012 if (!n)
2013 return key_senderror(so, m, ENOBUFS);
2014
2015 if (n->m_len < sizeof(*newmsg)) {
2016 n = m_pullup(n, sizeof(*newmsg));
2017 if (!n)
2018 return key_senderror(so, m, ENOBUFS);
2019 }
2020 newmsg = mtod(n, struct sadb_msg *);
2021 newmsg->sadb_msg_errno = 0;
2022 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2023
2024 off = 0;
2025 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
2026 sizeof(*xpl), &off);
2027 if (mpolicy == NULL) {
2028 /* n is already freed */
2029 return key_senderror(so, m, ENOBUFS);
2030 }
2031 xpl = (struct sadb_x_policy *)(mtod(mpolicy, char *) + off);
2032 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
2033 m_freem(n);
2034 return key_senderror(so, m, EINVAL);
2035 }
2036 xpl->sadb_x_policy_id = newsp->id;
2037
2038 m_freem(m);
2039 key_update_used();
2040 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2041 }
2042 }
2043
2044 /*
2045 * get new policy id.
2046 * OUT:
2047 * 0: failure.
2048 * others: success.
2049 */
2050 static u_int32_t
2051 key_getnewspid(void)
2052 {
2053 u_int32_t newid = 0;
2054 int count = key_spi_trycnt; /* XXX */
2055 struct secpolicy *sp;
2056
2057 /* when requesting to allocate spi ranged */
2058 while (count--) {
2059 newid = (policy_id = (policy_id == ~0 ? 1 : policy_id + 1));
2060
2061 sp = key_getspbyid(newid);
2062 if (sp == NULL)
2063 break;
2064
2065 KEY_FREESP(&sp);
2066 }
2067
2068 if (count == 0 || newid == 0) {
2069 IPSECLOG(LOG_DEBUG, "to allocate policy id is failed.\n");
2070 return 0;
2071 }
2072
2073 return newid;
2074 }
2075
2076 /*
2077 * SADB_SPDDELETE processing
2078 * receive
2079 * <base, address(SD), policy(*)>
2080 * from the user(?), and set SADB_SASTATE_DEAD,
2081 * and send,
2082 * <base, address(SD), policy(*)>
2083 * to the ikmpd.
2084 * policy(*) including direction of policy.
2085 *
2086 * m will always be freed.
2087 */
2088 static int
2089 key_spddelete(struct socket *so, struct mbuf *m,
2090 const struct sadb_msghdr *mhp)
2091 {
2092 struct sadb_address *src0, *dst0;
2093 struct sadb_x_policy *xpl0;
2094 struct secpolicyindex spidx;
2095 struct secpolicy *sp;
2096
2097 KASSERT(so != NULL);
2098 KASSERT(m != NULL);
2099 KASSERT(mhp != NULL);
2100 KASSERT(mhp->msg != NULL);
2101
2102 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
2103 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
2104 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
2105 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
2106 return key_senderror(so, m, EINVAL);
2107 }
2108 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
2109 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
2110 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2111 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
2112 return key_senderror(so, m, EINVAL);
2113 }
2114
2115 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2116 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2117 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
2118
2119 /* make secindex */
2120 /* XXX boundary check against sa_len */
2121 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2122 src0 + 1,
2123 dst0 + 1,
2124 src0->sadb_address_prefixlen,
2125 dst0->sadb_address_prefixlen,
2126 src0->sadb_address_proto,
2127 &spidx);
2128
2129 /* checking the direciton. */
2130 switch (xpl0->sadb_x_policy_dir) {
2131 case IPSEC_DIR_INBOUND:
2132 case IPSEC_DIR_OUTBOUND:
2133 break;
2134 default:
2135 IPSECLOG(LOG_DEBUG, "Invalid SP direction.\n");
2136 return key_senderror(so, m, EINVAL);
2137 }
2138
2139 /* Is there SP in SPD ? */
2140 sp = key_getsp(&spidx);
2141 if (sp == NULL) {
2142 IPSECLOG(LOG_DEBUG, "no SP found.\n");
2143 return key_senderror(so, m, EINVAL);
2144 }
2145
2146 /* save policy id to buffer to be returned. */
2147 xpl0->sadb_x_policy_id = sp->id;
2148
2149 key_sp_dead(sp);
2150 key_sp_unlink(sp); /* XXX jrs ordering */
2151 KEY_FREESP(&sp); /* ref gained by key_getspbyid */
2152
2153 /* Invalidate all cached SPD pointers in the PCBs. */
2154 ipsec_invalpcbcacheall();
2155
2156 /* We're deleting policy; no need to invalidate the ipflow cache. */
2157
2158 {
2159 struct mbuf *n;
2160 struct sadb_msg *newmsg;
2161
2162 /* create new sadb_msg to reply. */
2163 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
2164 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2165 if (!n)
2166 return key_senderror(so, m, ENOBUFS);
2167
2168 newmsg = mtod(n, struct sadb_msg *);
2169 newmsg->sadb_msg_errno = 0;
2170 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2171
2172 m_freem(m);
2173 key_update_used();
2174 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2175 }
2176 }
2177
2178 /*
2179 * SADB_SPDDELETE2 processing
2180 * receive
2181 * <base, policy(*)>
2182 * from the user(?), and set SADB_SASTATE_DEAD,
2183 * and send,
2184 * <base, policy(*)>
2185 * to the ikmpd.
2186 * policy(*) including direction of policy.
2187 *
2188 * m will always be freed.
2189 */
2190 static int
2191 key_spddelete2(struct socket *so, struct mbuf *m,
2192 const struct sadb_msghdr *mhp)
2193 {
2194 u_int32_t id;
2195 struct secpolicy *sp;
2196
2197 KASSERT(so != NULL);
2198 KASSERT(m != NULL);
2199 KASSERT(mhp != NULL);
2200 KASSERT(mhp->msg != NULL);
2201
2202 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2203 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2204 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
2205 key_senderror(so, m, EINVAL);
2206 return 0;
2207 }
2208
2209 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2210
2211 /* Is there SP in SPD ? */
2212 sp = key_getspbyid(id);
2213 if (sp == NULL) {
2214 IPSECLOG(LOG_DEBUG, "no SP found id:%u.\n", id);
2215 return key_senderror(so, m, EINVAL);
2216 }
2217
2218 key_sp_dead(sp);
2219 key_sp_unlink(sp); /* XXX jrs ordering */
2220 KEY_FREESP(&sp); /* ref gained by key_getsp */
2221 sp = NULL;
2222
2223 /* Invalidate all cached SPD pointers in the PCBs. */
2224 ipsec_invalpcbcacheall();
2225
2226 /* We're deleting policy; no need to invalidate the ipflow cache. */
2227
2228 {
2229 struct mbuf *n, *nn;
2230 struct sadb_msg *newmsg;
2231 int off, len;
2232
2233 /* create new sadb_msg to reply. */
2234 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2235
2236 if (len > MCLBYTES)
2237 return key_senderror(so, m, ENOBUFS);
2238 MGETHDR(n, M_DONTWAIT, MT_DATA);
2239 if (n && len > MHLEN) {
2240 MCLGET(n, M_DONTWAIT);
2241 if ((n->m_flags & M_EXT) == 0) {
2242 m_freem(n);
2243 n = NULL;
2244 }
2245 }
2246 if (!n)
2247 return key_senderror(so, m, ENOBUFS);
2248
2249 n->m_len = len;
2250 n->m_next = NULL;
2251 off = 0;
2252
2253 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off);
2254 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
2255
2256 KASSERTMSG(off == len, "length inconsistency");
2257
2258 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
2259 mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT);
2260 if (!n->m_next) {
2261 m_freem(n);
2262 return key_senderror(so, m, ENOBUFS);
2263 }
2264
2265 n->m_pkthdr.len = 0;
2266 for (nn = n; nn; nn = nn->m_next)
2267 n->m_pkthdr.len += nn->m_len;
2268
2269 newmsg = mtod(n, struct sadb_msg *);
2270 newmsg->sadb_msg_errno = 0;
2271 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2272
2273 m_freem(m);
2274 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2275 }
2276 }
2277
2278 /*
2279 * SADB_X_GET processing
2280 * receive
2281 * <base, policy(*)>
2282 * from the user(?),
2283 * and send,
2284 * <base, address(SD), policy>
2285 * to the ikmpd.
2286 * policy(*) including direction of policy.
2287 *
2288 * m will always be freed.
2289 */
2290 static int
2291 key_spdget(struct socket *so, struct mbuf *m,
2292 const struct sadb_msghdr *mhp)
2293 {
2294 u_int32_t id;
2295 struct secpolicy *sp;
2296 struct mbuf *n;
2297
2298 KASSERT(so != NULL);
2299 KASSERT(m != NULL);
2300 KASSERT(mhp != NULL);
2301 KASSERT(mhp->msg != NULL);
2302
2303 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2304 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2305 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
2306 return key_senderror(so, m, EINVAL);
2307 }
2308
2309 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2310
2311 /* Is there SP in SPD ? */
2312 sp = key_getspbyid(id);
2313 if (sp == NULL) {
2314 IPSECLOG(LOG_DEBUG, "no SP found id:%u.\n", id);
2315 return key_senderror(so, m, ENOENT);
2316 }
2317
2318 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq,
2319 mhp->msg->sadb_msg_pid);
2320 KEY_FREESP(&sp); /* ref gained by key_getspbyid */
2321 if (n != NULL) {
2322 m_freem(m);
2323 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2324 } else
2325 return key_senderror(so, m, ENOBUFS);
2326 }
2327
2328 #ifdef notyet
2329 /*
2330 * SADB_X_SPDACQUIRE processing.
2331 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2332 * send
2333 * <base, policy(*)>
2334 * to KMD, and expect to receive
2335 * <base> with SADB_X_SPDACQUIRE if error occurred,
2336 * or
2337 * <base, policy>
2338 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2339 * policy(*) is without policy requests.
2340 *
2341 * 0 : succeed
2342 * others: error number
2343 */
2344 int
2345 key_spdacquire(const struct secpolicy *sp)
2346 {
2347 struct mbuf *result = NULL, *m;
2348 struct secspacq *newspacq;
2349 int error;
2350
2351 KASSERT(sp != NULL);
2352 KASSERTMSG(sp->req == NULL, "called but there is request");
2353 KASSERTMSG(sp->policy == IPSEC_POLICY_IPSEC,
2354 "policy mismathed. IPsec is expected");
2355
2356 /* Get an entry to check whether sent message or not. */
2357 newspacq = key_getspacq(&sp->spidx);
2358 if (newspacq != NULL) {
2359 if (key_blockacq_count < newspacq->count) {
2360 /* reset counter and do send message. */
2361 newspacq->count = 0;
2362 } else {
2363 /* increment counter and do nothing. */
2364 newspacq->count++;
2365 return 0;
2366 }
2367 } else {
2368 /* make new entry for blocking to send SADB_ACQUIRE. */
2369 newspacq = key_newspacq(&sp->spidx);
2370 if (newspacq == NULL)
2371 return ENOBUFS;
2372
2373 /* add to acqtree */
2374 LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
2375 }
2376
2377 /* create new sadb_msg to reply. */
2378 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
2379 if (!m) {
2380 error = ENOBUFS;
2381 goto fail;
2382 }
2383 result = m;
2384
2385 result->m_pkthdr.len = 0;
2386 for (m = result; m; m = m->m_next)
2387 result->m_pkthdr.len += m->m_len;
2388
2389 mtod(result, struct sadb_msg *)->sadb_msg_len =
2390 PFKEY_UNIT64(result->m_pkthdr.len);
2391
2392 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED);
2393
2394 fail:
2395 if (result)
2396 m_freem(result);
2397 return error;
2398 }
2399 #endif /* notyet */
2400
2401 /*
2402 * SADB_SPDFLUSH processing
2403 * receive
2404 * <base>
2405 * from the user, and free all entries in secpctree.
2406 * and send,
2407 * <base>
2408 * to the user.
2409 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
2410 *
2411 * m will always be freed.
2412 */
2413 static int
2414 key_spdflush(struct socket *so, struct mbuf *m,
2415 const struct sadb_msghdr *mhp)
2416 {
2417 struct sadb_msg *newmsg;
2418 struct secpolicy *sp;
2419 u_int dir;
2420
2421 KASSERT(so != NULL);
2422 KASSERT(m != NULL);
2423 KASSERT(mhp != NULL);
2424 KASSERT(mhp->msg != NULL);
2425
2426 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
2427 return key_senderror(so, m, EINVAL);
2428
2429 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2430 struct secpolicy * nextsp;
2431 LIST_FOREACH_SAFE(sp, &sptree[dir], chain, nextsp) {
2432 if (sp->state == IPSEC_SPSTATE_DEAD)
2433 continue;
2434 key_sp_dead(sp);
2435 key_sp_unlink(sp);
2436 /* 'sp' dead; continue transfers to 'sp = nextsp' */
2437 continue;
2438 }
2439 }
2440
2441 /* Invalidate all cached SPD pointers in the PCBs. */
2442 ipsec_invalpcbcacheall();
2443
2444 /* We're deleting policy; no need to invalidate the ipflow cache. */
2445
2446 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
2447 IPSECLOG(LOG_DEBUG, "No more memory.\n");
2448 return key_senderror(so, m, ENOBUFS);
2449 }
2450
2451 if (m->m_next)
2452 m_freem(m->m_next);
2453 m->m_next = NULL;
2454 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2455 newmsg = mtod(m, struct sadb_msg *);
2456 newmsg->sadb_msg_errno = 0;
2457 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
2458
2459 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
2460 }
2461
2462 static struct sockaddr key_src = {
2463 .sa_len = 2,
2464 .sa_family = PF_KEY,
2465 };
2466
2467 static struct mbuf *
2468 key_setspddump_chain(int *errorp, int *lenp, pid_t pid)
2469 {
2470 struct secpolicy *sp;
2471 int cnt;
2472 u_int dir;
2473 struct mbuf *m, *n, *prev;
2474 int totlen;
2475
2476 *lenp = 0;
2477
2478 /* search SPD entry and get buffer size. */
2479 cnt = 0;
2480 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2481 LIST_FOREACH(sp, &sptree[dir], chain) {
2482 cnt++;
2483 }
2484 }
2485
2486 if (cnt == 0) {
2487 *errorp = ENOENT;
2488 return (NULL);
2489 }
2490
2491 m = NULL;
2492 prev = m;
2493 totlen = 0;
2494 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2495 LIST_FOREACH(sp, &sptree[dir], chain) {
2496 --cnt;
2497 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, pid);
2498
2499 if (!n) {
2500 *errorp = ENOBUFS;
2501 if (m)
2502 m_freem(m);
2503 return (NULL);
2504 }
2505
2506 totlen += n->m_pkthdr.len;
2507 if (!m) {
2508 m = n;
2509 } else {
2510 prev->m_nextpkt = n;
2511 }
2512 prev = n;
2513 }
2514 }
2515
2516 *lenp = totlen;
2517 *errorp = 0;
2518 return (m);
2519 }
2520
2521 /*
2522 * SADB_SPDDUMP processing
2523 * receive
2524 * <base>
2525 * from the user, and dump all SP leaves
2526 * and send,
2527 * <base> .....
2528 * to the ikmpd.
2529 *
2530 * m will always be freed.
2531 */
2532 static int
2533 key_spddump(struct socket *so, struct mbuf *m0,
2534 const struct sadb_msghdr *mhp)
2535 {
2536 struct mbuf *n;
2537 int error, len;
2538 int ok, s;
2539 pid_t pid;
2540
2541 KASSERT(so != NULL);
2542 KASSERT(m0 != NULL);
2543 KASSERT(mhp != NULL);
2544 KASSERT(mhp->msg != NULL);
2545
2546 pid = mhp->msg->sadb_msg_pid;
2547 /*
2548 * If the requestor has insufficient socket-buffer space
2549 * for the entire chain, nobody gets any response to the DUMP.
2550 * XXX For now, only the requestor ever gets anything.
2551 * Moreover, if the requestor has any space at all, they receive
2552 * the entire chain, otherwise the request is refused with ENOBUFS.
2553 */
2554 if (sbspace(&so->so_rcv) <= 0) {
2555 return key_senderror(so, m0, ENOBUFS);
2556 }
2557
2558 s = splsoftnet();
2559 n = key_setspddump_chain(&error, &len, pid);
2560 splx(s);
2561
2562 if (n == NULL) {
2563 return key_senderror(so, m0, ENOENT);
2564 }
2565 {
2566 uint64_t *ps = PFKEY_STAT_GETREF();
2567 ps[PFKEY_STAT_IN_TOTAL]++;
2568 ps[PFKEY_STAT_IN_BYTES] += len;
2569 PFKEY_STAT_PUTREF();
2570 }
2571
2572 /*
2573 * PF_KEY DUMP responses are no longer broadcast to all PF_KEY sockets.
2574 * The requestor receives either the entire chain, or an
2575 * error message with ENOBUFS.
2576 */
2577
2578 /*
2579 * sbappendchainwith record takes the chain of entries, one
2580 * packet-record per SPD entry, prepends the key_src sockaddr
2581 * to each packet-record, links the sockaddr mbufs into a new
2582 * list of records, then appends the entire resulting
2583 * list to the requesting socket.
2584 */
2585 ok = sbappendaddrchain(&so->so_rcv, (struct sockaddr *)&key_src, n,
2586 SB_PRIO_ONESHOT_OVERFLOW);
2587
2588 if (!ok) {
2589 PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
2590 m_freem(n);
2591 return key_senderror(so, m0, ENOBUFS);
2592 }
2593
2594 m_freem(m0);
2595 return error;
2596 }
2597
2598 /*
2599 * SADB_X_NAT_T_NEW_MAPPING. Unused by racoon as of 2005/04/23
2600 */
2601 static int
2602 key_nat_map(struct socket *so, struct mbuf *m,
2603 const struct sadb_msghdr *mhp)
2604 {
2605 struct sadb_x_nat_t_type *type;
2606 struct sadb_x_nat_t_port *sport;
2607 struct sadb_x_nat_t_port *dport;
2608 struct sadb_address *iaddr, *raddr;
2609 struct sadb_x_nat_t_frag *frag;
2610
2611 KASSERT(so != NULL);
2612 KASSERT(m != NULL);
2613 KASSERT(mhp != NULL);
2614 KASSERT(mhp->msg != NULL);
2615
2616 if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL ||
2617 mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL ||
2618 mhp->ext[SADB_X_EXT_NAT_T_DPORT] == NULL) {
2619 IPSECLOG(LOG_DEBUG, "invalid message.\n");
2620 return key_senderror(so, m, EINVAL);
2621 }
2622 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) ||
2623 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) ||
2624 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) {
2625 IPSECLOG(LOG_DEBUG, "invalid message.\n");
2626 return key_senderror(so, m, EINVAL);
2627 }
2628
2629 if ((mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) &&
2630 (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr))) {
2631 IPSECLOG(LOG_DEBUG, "invalid message\n");
2632 return key_senderror(so, m, EINVAL);
2633 }
2634
2635 if ((mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) &&
2636 (mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr))) {
2637 IPSECLOG(LOG_DEBUG, "invalid message\n");
2638 return key_senderror(so, m, EINVAL);
2639 }
2640
2641 if ((mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) &&
2642 (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag))) {
2643 IPSECLOG(LOG_DEBUG, "invalid message\n");
2644 return key_senderror(so, m, EINVAL);
2645 }
2646
2647 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE];
2648 sport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT];
2649 dport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT];
2650 iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI];
2651 raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR];
2652 frag = (struct sadb_x_nat_t_frag *) mhp->ext[SADB_X_EXT_NAT_T_FRAG];
2653
2654 /*
2655 * XXX handle that, it should also contain a SA, or anything
2656 * that enable to update the SA information.
2657 */
2658
2659 return 0;
2660 }
2661
2662 static struct mbuf *
2663 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, pid_t pid)
2664 {
2665 struct mbuf *result = NULL, *m;
2666
2667 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
2668 if (!m)
2669 goto fail;
2670 result = m;
2671
2672 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2673 &sp->spidx.src.sa, sp->spidx.prefs, sp->spidx.ul_proto);
2674 if (!m)
2675 goto fail;
2676 m_cat(result, m);
2677
2678 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2679 &sp->spidx.dst.sa, sp->spidx.prefd, sp->spidx.ul_proto);
2680 if (!m)
2681 goto fail;
2682 m_cat(result, m);
2683
2684 m = key_sp2msg(sp);
2685 if (!m)
2686 goto fail;
2687 m_cat(result, m);
2688
2689 if ((result->m_flags & M_PKTHDR) == 0)
2690 goto fail;
2691
2692 if (result->m_len < sizeof(struct sadb_msg)) {
2693 result = m_pullup(result, sizeof(struct sadb_msg));
2694 if (result == NULL)
2695 goto fail;
2696 }
2697
2698 result->m_pkthdr.len = 0;
2699 for (m = result; m; m = m->m_next)
2700 result->m_pkthdr.len += m->m_len;
2701
2702 mtod(result, struct sadb_msg *)->sadb_msg_len =
2703 PFKEY_UNIT64(result->m_pkthdr.len);
2704
2705 return result;
2706
2707 fail:
2708 m_freem(result);
2709 return NULL;
2710 }
2711
2712 /*
2713 * get PFKEY message length for security policy and request.
2714 */
2715 static u_int
2716 key_getspreqmsglen(const struct secpolicy *sp)
2717 {
2718 u_int tlen;
2719
2720 tlen = sizeof(struct sadb_x_policy);
2721
2722 /* if is the policy for ipsec ? */
2723 if (sp->policy != IPSEC_POLICY_IPSEC)
2724 return tlen;
2725
2726 /* get length of ipsec requests */
2727 {
2728 const struct ipsecrequest *isr;
2729 int len;
2730
2731 for (isr = sp->req; isr != NULL; isr = isr->next) {
2732 len = sizeof(struct sadb_x_ipsecrequest)
2733 + isr->saidx.src.sa.sa_len + isr->saidx.dst.sa.sa_len;
2734
2735 tlen += PFKEY_ALIGN8(len);
2736 }
2737 }
2738
2739 return tlen;
2740 }
2741
2742 /*
2743 * SADB_SPDEXPIRE processing
2744 * send
2745 * <base, address(SD), lifetime(CH), policy>
2746 * to KMD by PF_KEY.
2747 *
2748 * OUT: 0 : succeed
2749 * others : error number
2750 */
2751 static int
2752 key_spdexpire(struct secpolicy *sp)
2753 {
2754 int s;
2755 struct mbuf *result = NULL, *m;
2756 int len;
2757 int error = -1;
2758 struct sadb_lifetime *lt;
2759
2760 /* XXX: Why do we lock ? */
2761 s = splsoftnet(); /*called from softclock()*/
2762
2763 KASSERT(sp != NULL);
2764
2765 /* set msg header */
2766 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
2767 if (!m) {
2768 error = ENOBUFS;
2769 goto fail;
2770 }
2771 result = m;
2772
2773 /* create lifetime extension (current and hard) */
2774 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
2775 m = key_alloc_mbuf(len);
2776 if (!m || m->m_next) { /*XXX*/
2777 if (m)
2778 m_freem(m);
2779 error = ENOBUFS;
2780 goto fail;
2781 }
2782 memset(mtod(m, void *), 0, len);
2783 lt = mtod(m, struct sadb_lifetime *);
2784 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2785 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2786 lt->sadb_lifetime_allocations = 0;
2787 lt->sadb_lifetime_bytes = 0;
2788 lt->sadb_lifetime_addtime = sp->created + time_second - time_uptime;
2789 lt->sadb_lifetime_usetime = sp->lastused + time_second - time_uptime;
2790 lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2);
2791 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2792 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2793 lt->sadb_lifetime_allocations = 0;
2794 lt->sadb_lifetime_bytes = 0;
2795 lt->sadb_lifetime_addtime = sp->lifetime;
2796 lt->sadb_lifetime_usetime = sp->validtime;
2797 m_cat(result, m);
2798
2799 /* set sadb_address for source */
2800 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &sp->spidx.src.sa,
2801 sp->spidx.prefs, sp->spidx.ul_proto);
2802 if (!m) {
2803 error = ENOBUFS;
2804 goto fail;
2805 }
2806 m_cat(result, m);
2807
2808 /* set sadb_address for destination */
2809 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &sp->spidx.dst.sa,
2810 sp->spidx.prefd, sp->spidx.ul_proto);
2811 if (!m) {
2812 error = ENOBUFS;
2813 goto fail;
2814 }
2815 m_cat(result, m);
2816
2817 /* set secpolicy */
2818 m = key_sp2msg(sp);
2819 if (!m) {
2820 error = ENOBUFS;
2821 goto fail;
2822 }
2823 m_cat(result, m);
2824
2825 if ((result->m_flags & M_PKTHDR) == 0) {
2826 error = EINVAL;
2827 goto fail;
2828 }
2829
2830 if (result->m_len < sizeof(struct sadb_msg)) {
2831 result = m_pullup(result, sizeof(struct sadb_msg));
2832 if (result == NULL) {
2833 error = ENOBUFS;
2834 goto fail;
2835 }
2836 }
2837
2838 result->m_pkthdr.len = 0;
2839 for (m = result; m; m = m->m_next)
2840 result->m_pkthdr.len += m->m_len;
2841
2842 mtod(result, struct sadb_msg *)->sadb_msg_len =
2843 PFKEY_UNIT64(result->m_pkthdr.len);
2844
2845 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2846
2847 fail:
2848 if (result)
2849 m_freem(result);
2850 splx(s);
2851 return error;
2852 }
2853
2854 /* %%% SAD management */
2855 /*
2856 * allocating a memory for new SA head, and copy from the values of mhp.
2857 * OUT: NULL : failure due to the lack of memory.
2858 * others : pointer to new SA head.
2859 */
2860 static struct secashead *
2861 key_newsah(const struct secasindex *saidx)
2862 {
2863 struct secashead *newsah;
2864 int i;
2865
2866 KASSERT(saidx != NULL);
2867
2868 newsah = kmem_zalloc(sizeof(struct secashead), KM_SLEEP);
2869 for (i = 0; i < __arraycount(newsah->savtree); i++)
2870 LIST_INIT(&newsah->savtree[i]);
2871 newsah->saidx = *saidx;
2872
2873 /* add to saidxtree */
2874 newsah->state = SADB_SASTATE_MATURE;
2875 LIST_INSERT_HEAD(&sahtree, newsah, chain);
2876
2877 return newsah;
2878 }
2879
2880 /*
2881 * delete SA index and all SA registerd.
2882 */
2883 static void
2884 key_delsah(struct secashead *sah)
2885 {
2886 struct secasvar *sav, *nextsav;
2887 u_int state;
2888 int s;
2889 int zombie = 0;
2890
2891 KASSERT(!cpu_softintr_p());
2892 KASSERT(sah != NULL);
2893
2894 s = splsoftnet();
2895
2896 /* searching all SA registerd in the secindex. */
2897 SASTATE_ANY_FOREACH(state) {
2898 LIST_FOREACH_SAFE(sav, &sah->savtree[state], chain, nextsav) {
2899 if (sav->refcnt == 0) {
2900 /* sanity check */
2901 KEY_CHKSASTATE(state, sav->state);
2902 KEY_FREESAV(&sav);
2903 } else {
2904 /* give up to delete this sa */
2905 zombie++;
2906 }
2907 }
2908 }
2909
2910 /* don't delete sah only if there are savs. */
2911 if (zombie) {
2912 splx(s);
2913 return;
2914 }
2915
2916 rtcache_free(&sah->sa_route);
2917
2918 /* remove from tree of SA index */
2919 KASSERT(__LIST_CHAINED(sah));
2920 LIST_REMOVE(sah, chain);
2921
2922 if (sah->idents != NULL)
2923 kmem_free(sah->idents, sah->idents_len);
2924 if (sah->identd != NULL)
2925 kmem_free(sah->identd, sah->identd_len);
2926
2927 kmem_free(sah, sizeof(*sah));
2928
2929 splx(s);
2930 return;
2931 }
2932
2933 /*
2934 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
2935 * and copy the values of mhp into new buffer.
2936 * When SAD message type is GETSPI:
2937 * to set sequence number from acq_seq++,
2938 * to set zero to SPI.
2939 * not to call key_setsava().
2940 * OUT: NULL : fail
2941 * others : pointer to new secasvar.
2942 *
2943 * does not modify mbuf. does not free mbuf on error.
2944 */
2945 static struct secasvar *
2946 key_newsav(struct mbuf *m, const struct sadb_msghdr *mhp,
2947 struct secashead *sah, int *errp,
2948 const char* where, int tag)
2949 {
2950 struct secasvar *newsav;
2951 const struct sadb_sa *xsa;
2952
2953 KASSERT(!cpu_softintr_p());
2954 KASSERT(m != NULL);
2955 KASSERT(mhp != NULL);
2956 KASSERT(mhp->msg != NULL);
2957 KASSERT(sah != NULL);
2958
2959 newsav = kmem_zalloc(sizeof(struct secasvar), KM_SLEEP);
2960
2961 switch (mhp->msg->sadb_msg_type) {
2962 case SADB_GETSPI:
2963 newsav->spi = 0;
2964
2965 #ifdef IPSEC_DOSEQCHECK
2966 /* sync sequence number */
2967 if (mhp->msg->sadb_msg_seq == 0)
2968 newsav->seq =
2969 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
2970 else
2971 #endif
2972 newsav->seq = mhp->msg->sadb_msg_seq;
2973 break;
2974
2975 case SADB_ADD:
2976 /* sanity check */
2977 if (mhp->ext[SADB_EXT_SA] == NULL) {
2978 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
2979 *errp = EINVAL;
2980 goto error;
2981 }
2982 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
2983 newsav->spi = xsa->sadb_sa_spi;
2984 newsav->seq = mhp->msg->sadb_msg_seq;
2985 break;
2986 default:
2987 *errp = EINVAL;
2988 goto error;
2989 }
2990
2991 /* copy sav values */
2992 if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
2993 *errp = key_setsaval(newsav, m, mhp);
2994 if (*errp)
2995 goto error;
2996 }
2997
2998 /* reset created */
2999 newsav->created = time_uptime;
3000 newsav->pid = mhp->msg->sadb_msg_pid;
3001
3002 /* add to satree */
3003 newsav->sah = sah;
3004 newsav->refcnt = 1;
3005 newsav->state = SADB_SASTATE_LARVAL;
3006 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
3007 secasvar, chain);
3008 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
3009 "DP from %s:%u return SA:%p\n", where, tag, newsav);
3010 return newsav;
3011
3012 error:
3013 KASSERT(*errp != 0);
3014 kmem_free(newsav, sizeof(*newsav));
3015 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
3016 "DP from %s:%u return SA:NULL\n", where, tag);
3017 return NULL;
3018 }
3019
3020 /*
3021 * free() SA variable entry.
3022 */
3023 static void
3024 key_delsav(struct secasvar *sav)
3025 {
3026
3027 KASSERT(sav != NULL);
3028 KASSERTMSG(sav->refcnt == 0, "reference count %u > 0", sav->refcnt);
3029
3030 /* remove from SA header */
3031 KASSERT(__LIST_CHAINED(sav));
3032 LIST_REMOVE(sav, chain);
3033
3034 /*
3035 * Cleanup xform state. Note that zeroize'ing causes the
3036 * keys to be cleared; otherwise we must do it ourself.
3037 */
3038 if (sav->tdb_xform != NULL) {
3039 sav->tdb_xform->xf_zeroize(sav);
3040 sav->tdb_xform = NULL;
3041 } else {
3042 if (sav->key_auth != NULL)
3043 explicit_memset(_KEYBUF(sav->key_auth), 0,
3044 _KEYLEN(sav->key_auth));
3045 if (sav->key_enc != NULL)
3046 explicit_memset(_KEYBUF(sav->key_enc), 0,
3047 _KEYLEN(sav->key_enc));
3048 }
3049
3050 key_freesaval(sav);
3051 kmem_intr_free(sav, sizeof(*sav));
3052
3053 return;
3054 }
3055
3056 /*
3057 * search SAD.
3058 * OUT:
3059 * NULL : not found
3060 * others : found, pointer to a SA.
3061 */
3062 static struct secashead *
3063 key_getsah(const struct secasindex *saidx)
3064 {
3065 struct secashead *sah;
3066
3067 LIST_FOREACH(sah, &sahtree, chain) {
3068 if (sah->state == SADB_SASTATE_DEAD)
3069 continue;
3070 if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID))
3071 return sah;
3072 }
3073
3074 return NULL;
3075 }
3076
3077 /*
3078 * check not to be duplicated SPI.
3079 * NOTE: this function is too slow due to searching all SAD.
3080 * OUT:
3081 * NULL : not found
3082 * others : found, pointer to a SA.
3083 */
3084 static struct secasvar *
3085 key_checkspidup(const struct secasindex *saidx, u_int32_t spi)
3086 {
3087 struct secashead *sah;
3088 struct secasvar *sav;
3089
3090 /* check address family */
3091 if (saidx->src.sa.sa_family != saidx->dst.sa.sa_family) {
3092 IPSECLOG(LOG_DEBUG, "address family mismatched.\n");
3093 return NULL;
3094 }
3095
3096 /* check all SAD */
3097 LIST_FOREACH(sah, &sahtree, chain) {
3098 if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst))
3099 continue;
3100 sav = key_getsavbyspi(sah, spi);
3101 if (sav != NULL)
3102 return sav;
3103 }
3104
3105 return NULL;
3106 }
3107
3108 /*
3109 * search SAD litmited alive SA, protocol, SPI.
3110 * OUT:
3111 * NULL : not found
3112 * others : found, pointer to a SA.
3113 */
3114 static struct secasvar *
3115 key_getsavbyspi(struct secashead *sah, u_int32_t spi)
3116 {
3117 struct secasvar *sav;
3118 u_int state;
3119
3120 /* search all status */
3121 SASTATE_ALIVE_FOREACH(state) {
3122 LIST_FOREACH(sav, &sah->savtree[state], chain) {
3123
3124 /* sanity check */
3125 if (sav->state != state) {
3126 IPSECLOG(LOG_DEBUG,
3127 "invalid sav->state (queue: %d SA: %d)\n",
3128 state, sav->state);
3129 continue;
3130 }
3131
3132 if (sav->spi == spi)
3133 return sav;
3134 }
3135 }
3136
3137 return NULL;
3138 }
3139
3140 /*
3141 * Free allocated data to member variables of sav:
3142 * sav->replay, sav->key_* and sav->lft_*.
3143 */
3144 static void
3145 key_freesaval(struct secasvar *sav)
3146 {
3147
3148 if (sav->replay != NULL) {
3149 kmem_intr_free(sav->replay, sav->replay_len);
3150 sav->replay = NULL;
3151 sav->replay_len = 0;
3152 }
3153 if (sav->key_auth != NULL) {
3154 kmem_intr_free(sav->key_auth, sav->key_auth_len);
3155 sav->key_auth = NULL;
3156 sav->key_auth_len = 0;
3157 }
3158 if (sav->key_enc != NULL) {
3159 kmem_intr_free(sav->key_enc, sav->key_enc_len);
3160 sav->key_enc = NULL;
3161 sav->key_enc_len = 0;
3162 }
3163 if (sav->lft_c != NULL) {
3164 kmem_intr_free(sav->lft_c, sizeof(*(sav->lft_c)));
3165 sav->lft_c = NULL;
3166 }
3167 if (sav->lft_h != NULL) {
3168 kmem_intr_free(sav->lft_h, sizeof(*(sav->lft_h)));
3169 sav->lft_h = NULL;
3170 }
3171 if (sav->lft_s != NULL) {
3172 kmem_intr_free(sav->lft_s, sizeof(*(sav->lft_s)));
3173 sav->lft_s = NULL;
3174 }
3175 }
3176
3177 /*
3178 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
3179 * You must update these if need.
3180 * OUT: 0: success.
3181 * !0: failure.
3182 *
3183 * does not modify mbuf. does not free mbuf on error.
3184 */
3185 static int
3186 key_setsaval(struct secasvar *sav, struct mbuf *m,
3187 const struct sadb_msghdr *mhp)
3188 {
3189 int error = 0;
3190
3191 KASSERT(!cpu_softintr_p());
3192 KASSERT(m != NULL);
3193 KASSERT(mhp != NULL);
3194 KASSERT(mhp->msg != NULL);
3195
3196 /* initialization */
3197 key_freesaval(sav);
3198 sav->tdb_xform = NULL; /* transform */
3199 sav->tdb_encalgxform = NULL; /* encoding algorithm */
3200 sav->tdb_authalgxform = NULL; /* authentication algorithm */
3201 sav->tdb_compalgxform = NULL; /* compression algorithm */
3202 sav->natt_type = 0;
3203 sav->esp_frag = 0;
3204
3205 /* SA */
3206 if (mhp->ext[SADB_EXT_SA] != NULL) {
3207 const struct sadb_sa *sa0;
3208
3209 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
3210 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
3211 error = EINVAL;
3212 goto fail;
3213 }
3214
3215 sav->alg_auth = sa0->sadb_sa_auth;
3216 sav->alg_enc = sa0->sadb_sa_encrypt;
3217 sav->flags = sa0->sadb_sa_flags;
3218
3219 /* replay window */
3220 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
3221 size_t len = sizeof(struct secreplay) +
3222 sa0->sadb_sa_replay;
3223 sav->replay = kmem_zalloc(len, KM_SLEEP);
3224 sav->replay_len = len;
3225 if (sa0->sadb_sa_replay != 0)
3226 sav->replay->bitmap = (char*)(sav->replay+1);
3227 sav->replay->wsize = sa0->sadb_sa_replay;
3228 }
3229 }
3230
3231 /* Authentication keys */
3232 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
3233 const struct sadb_key *key0;
3234 int len;
3235
3236 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
3237 len = mhp->extlen[SADB_EXT_KEY_AUTH];
3238
3239 error = 0;
3240 if (len < sizeof(*key0)) {
3241 error = EINVAL;
3242 goto fail;
3243 }
3244 switch (mhp->msg->sadb_msg_satype) {
3245 case SADB_SATYPE_AH:
3246 case SADB_SATYPE_ESP:
3247 case SADB_X_SATYPE_TCPSIGNATURE:
3248 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3249 sav->alg_auth != SADB_X_AALG_NULL)
3250 error = EINVAL;
3251 break;
3252 case SADB_X_SATYPE_IPCOMP:
3253 default:
3254 error = EINVAL;
3255 break;
3256 }
3257 if (error) {
3258 IPSECLOG(LOG_DEBUG, "invalid key_auth values.\n");
3259 goto fail;
3260 }
3261
3262 sav->key_auth = key_newbuf(key0, len);
3263 sav->key_auth_len = len;
3264 }
3265
3266 /* Encryption key */
3267 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
3268 const struct sadb_key *key0;
3269 int len;
3270
3271 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
3272 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
3273
3274 error = 0;
3275 if (len < sizeof(*key0)) {
3276 error = EINVAL;
3277 goto fail;
3278 }
3279 switch (mhp->msg->sadb_msg_satype) {
3280 case SADB_SATYPE_ESP:
3281 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3282 sav->alg_enc != SADB_EALG_NULL) {
3283 error = EINVAL;
3284 break;
3285 }
3286 sav->key_enc = key_newbuf(key0, len);
3287 sav->key_enc_len = len;
3288 break;
3289 case SADB_X_SATYPE_IPCOMP:
3290 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
3291 error = EINVAL;
3292 sav->key_enc = NULL; /*just in case*/
3293 break;
3294 case SADB_SATYPE_AH:
3295 case SADB_X_SATYPE_TCPSIGNATURE:
3296 default:
3297 error = EINVAL;
3298 break;
3299 }
3300 if (error) {
3301 IPSECLOG(LOG_DEBUG, "invalid key_enc value.\n");
3302 goto fail;
3303 }
3304 }
3305
3306 /* set iv */
3307 sav->ivlen = 0;
3308
3309 switch (mhp->msg->sadb_msg_satype) {
3310 case SADB_SATYPE_AH:
3311 error = xform_init(sav, XF_AH);
3312 break;
3313 case SADB_SATYPE_ESP:
3314 error = xform_init(sav, XF_ESP);
3315 break;
3316 case SADB_X_SATYPE_IPCOMP:
3317 error = xform_init(sav, XF_IPCOMP);
3318 break;
3319 case SADB_X_SATYPE_TCPSIGNATURE:
3320 error = xform_init(sav, XF_TCPSIGNATURE);
3321 break;
3322 }
3323 if (error) {
3324 IPSECLOG(LOG_DEBUG, "unable to initialize SA type %u.\n",
3325 mhp->msg->sadb_msg_satype);
3326 goto fail;
3327 }
3328
3329 /* reset created */
3330 sav->created = time_uptime;
3331
3332 /* make lifetime for CURRENT */
3333 sav->lft_c = kmem_alloc(sizeof(struct sadb_lifetime), KM_SLEEP);
3334
3335 sav->lft_c->sadb_lifetime_len =
3336 PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3337 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3338 sav->lft_c->sadb_lifetime_allocations = 0;
3339 sav->lft_c->sadb_lifetime_bytes = 0;
3340 sav->lft_c->sadb_lifetime_addtime = time_uptime;
3341 sav->lft_c->sadb_lifetime_usetime = 0;
3342
3343 /* lifetimes for HARD and SOFT */
3344 {
3345 const struct sadb_lifetime *lft0;
3346
3347 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
3348 if (lft0 != NULL) {
3349 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
3350 error = EINVAL;
3351 goto fail;
3352 }
3353 sav->lft_h = key_newbuf(lft0, sizeof(*lft0));
3354 }
3355
3356 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
3357 if (lft0 != NULL) {
3358 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
3359 error = EINVAL;
3360 goto fail;
3361 }
3362 sav->lft_s = key_newbuf(lft0, sizeof(*lft0));
3363 /* to be initialize ? */
3364 }
3365 }
3366
3367 return 0;
3368
3369 fail:
3370 /* initialization */
3371 key_freesaval(sav);
3372
3373 return error;
3374 }
3375
3376 /*
3377 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
3378 * OUT: 0: valid
3379 * other: errno
3380 */
3381 static int
3382 key_mature(struct secasvar *sav)
3383 {
3384 int error;
3385
3386 /* check SPI value */
3387 switch (sav->sah->saidx.proto) {
3388 case IPPROTO_ESP:
3389 case IPPROTO_AH:
3390 if (ntohl(sav->spi) <= 255) {
3391 IPSECLOG(LOG_DEBUG, "illegal range of SPI %u.\n",
3392 (u_int32_t)ntohl(sav->spi));
3393 return EINVAL;
3394 }
3395 break;
3396 }
3397
3398 /* check satype */
3399 switch (sav->sah->saidx.proto) {
3400 case IPPROTO_ESP:
3401 /* check flags */
3402 if ((sav->flags & (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) ==
3403 (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) {
3404 IPSECLOG(LOG_DEBUG,
3405 "invalid flag (derived) given to old-esp.\n");
3406 return EINVAL;
3407 }
3408 error = xform_init(sav, XF_ESP);
3409 break;
3410 case IPPROTO_AH:
3411 /* check flags */
3412 if (sav->flags & SADB_X_EXT_DERIV) {
3413 IPSECLOG(LOG_DEBUG,
3414 "invalid flag (derived) given to AH SA.\n");
3415 return EINVAL;
3416 }
3417 if (sav->alg_enc != SADB_EALG_NONE) {
3418 IPSECLOG(LOG_DEBUG,
3419 "protocol and algorithm mismated.\n");
3420 return(EINVAL);
3421 }
3422 error = xform_init(sav, XF_AH);
3423 break;
3424 case IPPROTO_IPCOMP:
3425 if (sav->alg_auth != SADB_AALG_NONE) {
3426 IPSECLOG(LOG_DEBUG,
3427 "protocol and algorithm mismated.\n");
3428 return(EINVAL);
3429 }
3430 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0
3431 && ntohl(sav->spi) >= 0x10000) {
3432 IPSECLOG(LOG_DEBUG, "invalid cpi for IPComp.\n");
3433 return(EINVAL);
3434 }
3435 error = xform_init(sav, XF_IPCOMP);
3436 break;
3437 case IPPROTO_TCP:
3438 if (sav->alg_enc != SADB_EALG_NONE) {
3439 IPSECLOG(LOG_DEBUG,
3440 "protocol and algorithm mismated.\n");
3441 return(EINVAL);
3442 }
3443 error = xform_init(sav, XF_TCPSIGNATURE);
3444 break;
3445 default:
3446 IPSECLOG(LOG_DEBUG, "Invalid satype.\n");
3447 error = EPROTONOSUPPORT;
3448 break;
3449 }
3450 if (error == 0)
3451 key_sa_chgstate(sav, SADB_SASTATE_MATURE);
3452 return (error);
3453 }
3454
3455 /*
3456 * subroutine for SADB_GET and SADB_DUMP.
3457 */
3458 static struct mbuf *
3459 key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype,
3460 u_int32_t seq, u_int32_t pid)
3461 {
3462 struct mbuf *result = NULL, *tres = NULL, *m;
3463 int l = 0;
3464 int i;
3465 void *p;
3466 struct sadb_lifetime lt;
3467 int dumporder[] = {
3468 SADB_EXT_SA, SADB_X_EXT_SA2,
3469 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
3470 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
3471 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
3472 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
3473 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
3474 SADB_X_EXT_NAT_T_TYPE,
3475 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT,
3476 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR,
3477 SADB_X_EXT_NAT_T_FRAG,
3478
3479 };
3480
3481 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
3482 if (m == NULL)
3483 goto fail;
3484 result = m;
3485
3486 for (i = __arraycount(dumporder) - 1; i >= 0; i--) {
3487 m = NULL;
3488 p = NULL;
3489 switch (dumporder[i]) {
3490 case SADB_EXT_SA:
3491 m = key_setsadbsa(sav);
3492 break;
3493
3494 case SADB_X_EXT_SA2:
3495 m = key_setsadbxsa2(sav->sah->saidx.mode,
3496 sav->replay ? sav->replay->count : 0,
3497 sav->sah->saidx.reqid);
3498 break;
3499
3500 case SADB_EXT_ADDRESS_SRC:
3501 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3502 &sav->sah->saidx.src.sa,
3503 FULLMASK, IPSEC_ULPROTO_ANY);
3504 break;
3505
3506 case SADB_EXT_ADDRESS_DST:
3507 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3508 &sav->sah->saidx.dst.sa,
3509 FULLMASK, IPSEC_ULPROTO_ANY);
3510 break;
3511
3512 case SADB_EXT_KEY_AUTH:
3513 if (!sav->key_auth)
3514 continue;
3515 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len);
3516 p = sav->key_auth;
3517 break;
3518
3519 case SADB_EXT_KEY_ENCRYPT:
3520 if (!sav->key_enc)
3521 continue;
3522 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len);
3523 p = sav->key_enc;
3524 break;
3525
3526 case SADB_EXT_LIFETIME_CURRENT:
3527 if (!sav->lft_c)
3528 continue;
3529 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
3530 memcpy(<, sav->lft_c, sizeof(struct sadb_lifetime));
3531 lt.sadb_lifetime_addtime += time_second - time_uptime;
3532 lt.sadb_lifetime_usetime += time_second - time_uptime;
3533 p = <
3534 break;
3535
3536 case SADB_EXT_LIFETIME_HARD:
3537 if (!sav->lft_h)
3538 continue;
3539 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len);
3540 p = sav->lft_h;
3541 break;
3542
3543 case SADB_EXT_LIFETIME_SOFT:
3544 if (!sav->lft_s)
3545 continue;
3546 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len);
3547 p = sav->lft_s;
3548 break;
3549
3550 case SADB_X_EXT_NAT_T_TYPE:
3551 m = key_setsadbxtype(sav->natt_type);
3552 break;
3553
3554 case SADB_X_EXT_NAT_T_DPORT:
3555 if (sav->natt_type == 0)
3556 continue;
3557 m = key_setsadbxport(
3558 key_portfromsaddr(&sav->sah->saidx.dst),
3559 SADB_X_EXT_NAT_T_DPORT);
3560 break;
3561
3562 case SADB_X_EXT_NAT_T_SPORT:
3563 if (sav->natt_type == 0)
3564 continue;
3565 m = key_setsadbxport(
3566 key_portfromsaddr(&sav->sah->saidx.src),
3567 SADB_X_EXT_NAT_T_SPORT);
3568 break;
3569
3570 case SADB_X_EXT_NAT_T_FRAG:
3571 /* don't send frag info if not set */
3572 if (sav->natt_type == 0 || sav->esp_frag == IP_MAXPACKET)
3573 continue;
3574 m = key_setsadbxfrag(sav->esp_frag);
3575 break;
3576
3577 case SADB_X_EXT_NAT_T_OAI:
3578 case SADB_X_EXT_NAT_T_OAR:
3579 continue;
3580
3581 case SADB_EXT_ADDRESS_PROXY:
3582 case SADB_EXT_IDENTITY_SRC:
3583 case SADB_EXT_IDENTITY_DST:
3584 /* XXX: should we brought from SPD ? */
3585 case SADB_EXT_SENSITIVITY:
3586 default:
3587 continue;
3588 }
3589
3590 KASSERT(!(m && p));
3591 if (!m && !p)
3592 goto fail;
3593 if (p && tres) {
3594 M_PREPEND(tres, l, M_DONTWAIT);
3595 if (!tres)
3596 goto fail;
3597 memcpy(mtod(tres, void *), p, l);
3598 continue;
3599 }
3600 if (p) {
3601 m = key_alloc_mbuf(l);
3602 if (!m)
3603 goto fail;
3604 m_copyback(m, 0, l, p);
3605 }
3606
3607 if (tres)
3608 m_cat(m, tres);
3609 tres = m;
3610 }
3611
3612 m_cat(result, tres);
3613 tres = NULL; /* avoid free on error below */
3614
3615 if (result->m_len < sizeof(struct sadb_msg)) {
3616 result = m_pullup(result, sizeof(struct sadb_msg));
3617 if (result == NULL)
3618 goto fail;
3619 }
3620
3621 result->m_pkthdr.len = 0;
3622 for (m = result; m; m = m->m_next)
3623 result->m_pkthdr.len += m->m_len;
3624
3625 mtod(result, struct sadb_msg *)->sadb_msg_len =
3626 PFKEY_UNIT64(result->m_pkthdr.len);
3627
3628 return result;
3629
3630 fail:
3631 m_freem(result);
3632 m_freem(tres);
3633 return NULL;
3634 }
3635
3636
3637 /*
3638 * set a type in sadb_x_nat_t_type
3639 */
3640 static struct mbuf *
3641 key_setsadbxtype(u_int16_t type)
3642 {
3643 struct mbuf *m;
3644 size_t len;
3645 struct sadb_x_nat_t_type *p;
3646
3647 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type));
3648
3649 m = key_alloc_mbuf(len);
3650 if (!m || m->m_next) { /*XXX*/
3651 if (m)
3652 m_freem(m);
3653 return NULL;
3654 }
3655
3656 p = mtod(m, struct sadb_x_nat_t_type *);
3657
3658 memset(p, 0, len);
3659 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len);
3660 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
3661 p->sadb_x_nat_t_type_type = type;
3662
3663 return m;
3664 }
3665 /*
3666 * set a port in sadb_x_nat_t_port. port is in network order
3667 */
3668 static struct mbuf *
3669 key_setsadbxport(u_int16_t port, u_int16_t type)
3670 {
3671 struct mbuf *m;
3672 size_t len;
3673 struct sadb_x_nat_t_port *p;
3674
3675 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port));
3676
3677 m = key_alloc_mbuf(len);
3678 if (!m || m->m_next) { /*XXX*/
3679 if (m)
3680 m_freem(m);
3681 return NULL;
3682 }
3683
3684 p = mtod(m, struct sadb_x_nat_t_port *);
3685
3686 memset(p, 0, len);
3687 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len);
3688 p->sadb_x_nat_t_port_exttype = type;
3689 p->sadb_x_nat_t_port_port = port;
3690
3691 return m;
3692 }
3693
3694 /*
3695 * set fragmentation info in sadb_x_nat_t_frag
3696 */
3697 static struct mbuf *
3698 key_setsadbxfrag(u_int16_t flen)
3699 {
3700 struct mbuf *m;
3701 size_t len;
3702 struct sadb_x_nat_t_frag *p;
3703
3704 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_frag));
3705
3706 m = key_alloc_mbuf(len);
3707 if (!m || m->m_next) { /*XXX*/
3708 if (m)
3709 m_freem(m);
3710 return NULL;
3711 }
3712
3713 p = mtod(m, struct sadb_x_nat_t_frag *);
3714
3715 memset(p, 0, len);
3716 p->sadb_x_nat_t_frag_len = PFKEY_UNIT64(len);
3717 p->sadb_x_nat_t_frag_exttype = SADB_X_EXT_NAT_T_FRAG;
3718 p->sadb_x_nat_t_frag_fraglen = flen;
3719
3720 return m;
3721 }
3722
3723 /*
3724 * Get port from sockaddr, port is in network order
3725 */
3726 u_int16_t
3727 key_portfromsaddr(const union sockaddr_union *saddr)
3728 {
3729 u_int16_t port;
3730
3731 switch (saddr->sa.sa_family) {
3732 case AF_INET: {
3733 port = saddr->sin.sin_port;
3734 break;
3735 }
3736 #ifdef INET6
3737 case AF_INET6: {
3738 port = saddr->sin6.sin6_port;
3739 break;
3740 }
3741 #endif
3742 default:
3743 printf("%s: unexpected address family\n", __func__);
3744 port = 0;
3745 break;
3746 }
3747
3748 return port;
3749 }
3750
3751
3752 /*
3753 * Set port is struct sockaddr. port is in network order
3754 */
3755 static void
3756 key_porttosaddr(union sockaddr_union *saddr, u_int16_t port)
3757 {
3758 switch (saddr->sa.sa_family) {
3759 case AF_INET: {
3760 saddr->sin.sin_port = port;
3761 break;
3762 }
3763 #ifdef INET6
3764 case AF_INET6: {
3765 saddr->sin6.sin6_port = port;
3766 break;
3767 }
3768 #endif
3769 default:
3770 printf("%s: unexpected address family %d\n", __func__,
3771 saddr->sa.sa_family);
3772 break;
3773 }
3774
3775 return;
3776 }
3777
3778 /*
3779 * Safety check sa_len
3780 */
3781 static int
3782 key_checksalen(const union sockaddr_union *saddr)
3783 {
3784 switch (saddr->sa.sa_family) {
3785 case AF_INET:
3786 if (saddr->sa.sa_len != sizeof(struct sockaddr_in))
3787 return -1;
3788 break;
3789 #ifdef INET6
3790 case AF_INET6:
3791 if (saddr->sa.sa_len != sizeof(struct sockaddr_in6))
3792 return -1;
3793 break;
3794 #endif
3795 default:
3796 printf("%s: unexpected sa_family %d\n", __func__,
3797 saddr->sa.sa_family);
3798 return -1;
3799 break;
3800 }
3801 return 0;
3802 }
3803
3804
3805 /*
3806 * set data into sadb_msg.
3807 */
3808 static struct mbuf *
3809 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype,
3810 u_int32_t seq, pid_t pid, u_int16_t reserved)
3811 {
3812 struct mbuf *m;
3813 struct sadb_msg *p;
3814 int len;
3815
3816 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
3817 if (len > MCLBYTES)
3818 return NULL;
3819 MGETHDR(m, M_DONTWAIT, MT_DATA);
3820 if (m && len > MHLEN) {
3821 MCLGET(m, M_DONTWAIT);
3822 if ((m->m_flags & M_EXT) == 0) {
3823 m_freem(m);
3824 m = NULL;
3825 }
3826 }
3827 if (!m)
3828 return NULL;
3829 m->m_pkthdr.len = m->m_len = len;
3830 m->m_next = NULL;
3831
3832 p = mtod(m, struct sadb_msg *);
3833
3834 memset(p, 0, len);
3835 p->sadb_msg_version = PF_KEY_V2;
3836 p->sadb_msg_type = type;
3837 p->sadb_msg_errno = 0;
3838 p->sadb_msg_satype = satype;
3839 p->sadb_msg_len = PFKEY_UNIT64(tlen);
3840 p->sadb_msg_reserved = reserved;
3841 p->sadb_msg_seq = seq;
3842 p->sadb_msg_pid = (u_int32_t)pid;
3843
3844 return m;
3845 }
3846
3847 /*
3848 * copy secasvar data into sadb_address.
3849 */
3850 static struct mbuf *
3851 key_setsadbsa(struct secasvar *sav)
3852 {
3853 struct mbuf *m;
3854 struct sadb_sa *p;
3855 int len;
3856
3857 len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
3858 m = key_alloc_mbuf(len);
3859 if (!m || m->m_next) { /*XXX*/
3860 if (m)
3861 m_freem(m);
3862 return NULL;
3863 }
3864
3865 p = mtod(m, struct sadb_sa *);
3866
3867 memset(p, 0, len);
3868 p->sadb_sa_len = PFKEY_UNIT64(len);
3869 p->sadb_sa_exttype = SADB_EXT_SA;
3870 p->sadb_sa_spi = sav->spi;
3871 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
3872 p->sadb_sa_state = sav->state;
3873 p->sadb_sa_auth = sav->alg_auth;
3874 p->sadb_sa_encrypt = sav->alg_enc;
3875 p->sadb_sa_flags = sav->flags;
3876
3877 return m;
3878 }
3879
3880 /*
3881 * set data into sadb_address.
3882 */
3883 static struct mbuf *
3884 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr,
3885 u_int8_t prefixlen, u_int16_t ul_proto)
3886 {
3887 struct mbuf *m;
3888 struct sadb_address *p;
3889 size_t len;
3890
3891 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
3892 PFKEY_ALIGN8(saddr->sa_len);
3893 m = key_alloc_mbuf(len);
3894 if (!m || m->m_next) { /*XXX*/
3895 if (m)
3896 m_freem(m);
3897 return NULL;
3898 }
3899
3900 p = mtod(m, struct sadb_address *);
3901
3902 memset(p, 0, len);
3903 p->sadb_address_len = PFKEY_UNIT64(len);
3904 p->sadb_address_exttype = exttype;
3905 p->sadb_address_proto = ul_proto;
3906 if (prefixlen == FULLMASK) {
3907 switch (saddr->sa_family) {
3908 case AF_INET:
3909 prefixlen = sizeof(struct in_addr) << 3;
3910 break;
3911 case AF_INET6:
3912 prefixlen = sizeof(struct in6_addr) << 3;
3913 break;
3914 default:
3915 ; /*XXX*/
3916 }
3917 }
3918 p->sadb_address_prefixlen = prefixlen;
3919 p->sadb_address_reserved = 0;
3920
3921 memcpy(mtod(m, char *) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
3922 saddr, saddr->sa_len);
3923
3924 return m;
3925 }
3926
3927 #if 0
3928 /*
3929 * set data into sadb_ident.
3930 */
3931 static struct mbuf *
3932 key_setsadbident(u_int16_t exttype, u_int16_t idtype,
3933 void *string, int stringlen, u_int64_t id)
3934 {
3935 struct mbuf *m;
3936 struct sadb_ident *p;
3937 size_t len;
3938
3939 len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen);
3940 m = key_alloc_mbuf(len);
3941 if (!m || m->m_next) { /*XXX*/
3942 if (m)
3943 m_freem(m);
3944 return NULL;
3945 }
3946
3947 p = mtod(m, struct sadb_ident *);
3948
3949 memset(p, 0, len);
3950 p->sadb_ident_len = PFKEY_UNIT64(len);
3951 p->sadb_ident_exttype = exttype;
3952 p->sadb_ident_type = idtype;
3953 p->sadb_ident_reserved = 0;
3954 p->sadb_ident_id = id;
3955
3956 memcpy(mtod(m, void *) + PFKEY_ALIGN8(sizeof(struct sadb_ident)),
3957 string, stringlen);
3958
3959 return m;
3960 }
3961 #endif
3962
3963 /*
3964 * set data into sadb_x_sa2.
3965 */
3966 static struct mbuf *
3967 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int16_t reqid)
3968 {
3969 struct mbuf *m;
3970 struct sadb_x_sa2 *p;
3971 size_t len;
3972
3973 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
3974 m = key_alloc_mbuf(len);
3975 if (!m || m->m_next) { /*XXX*/
3976 if (m)
3977 m_freem(m);
3978 return NULL;
3979 }
3980
3981 p = mtod(m, struct sadb_x_sa2 *);
3982
3983 memset(p, 0, len);
3984 p->sadb_x_sa2_len = PFKEY_UNIT64(len);
3985 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
3986 p->sadb_x_sa2_mode = mode;
3987 p->sadb_x_sa2_reserved1 = 0;
3988 p->sadb_x_sa2_reserved2 = 0;
3989 p->sadb_x_sa2_sequence = seq;
3990 p->sadb_x_sa2_reqid = reqid;
3991
3992 return m;
3993 }
3994
3995 /*
3996 * set data into sadb_x_policy
3997 */
3998 static struct mbuf *
3999 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id)
4000 {
4001 struct mbuf *m;
4002 struct sadb_x_policy *p;
4003 size_t len;
4004
4005 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
4006 m = key_alloc_mbuf(len);
4007 if (!m || m->m_next) { /*XXX*/
4008 if (m)
4009 m_freem(m);
4010 return NULL;
4011 }
4012
4013 p = mtod(m, struct sadb_x_policy *);
4014
4015 memset(p, 0, len);
4016 p->sadb_x_policy_len = PFKEY_UNIT64(len);
4017 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
4018 p->sadb_x_policy_type = type;
4019 p->sadb_x_policy_dir = dir;
4020 p->sadb_x_policy_id = id;
4021
4022 return m;
4023 }
4024
4025 /* %%% utilities */
4026 /*
4027 * copy a buffer into the new buffer allocated.
4028 */
4029 static void *
4030 key_newbuf(const void *src, u_int len)
4031 {
4032 void *new;
4033
4034 new = kmem_alloc(len, KM_SLEEP);
4035 memcpy(new, src, len);
4036
4037 return new;
4038 }
4039
4040 /* compare my own address
4041 * OUT: 1: true, i.e. my address.
4042 * 0: false
4043 */
4044 int
4045 key_ismyaddr(const struct sockaddr *sa)
4046 {
4047 #ifdef INET
4048 const struct sockaddr_in *sin;
4049 const struct in_ifaddr *ia;
4050 int s;
4051 #endif
4052
4053 KASSERT(sa != NULL);
4054
4055 switch (sa->sa_family) {
4056 #ifdef INET
4057 case AF_INET:
4058 sin = (const struct sockaddr_in *)sa;
4059 s = pserialize_read_enter();
4060 IN_ADDRLIST_READER_FOREACH(ia) {
4061 if (sin->sin_family == ia->ia_addr.sin_family &&
4062 sin->sin_len == ia->ia_addr.sin_len &&
4063 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
4064 {
4065 pserialize_read_exit(s);
4066 return 1;
4067 }
4068 }
4069 pserialize_read_exit(s);
4070 break;
4071 #endif
4072 #ifdef INET6
4073 case AF_INET6:
4074 return key_ismyaddr6((const struct sockaddr_in6 *)sa);
4075 #endif
4076 }
4077
4078 return 0;
4079 }
4080
4081 #ifdef INET6
4082 /*
4083 * compare my own address for IPv6.
4084 * 1: ours
4085 * 0: other
4086 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
4087 */
4088 #include <netinet6/in6_var.h>
4089
4090 static int
4091 key_ismyaddr6(const struct sockaddr_in6 *sin6)
4092 {
4093 struct in6_ifaddr *ia;
4094 int s;
4095 struct psref psref;
4096 int bound;
4097 int ours = 1;
4098
4099 bound = curlwp_bind();
4100 s = pserialize_read_enter();
4101 IN6_ADDRLIST_READER_FOREACH(ia) {
4102 bool ingroup;
4103
4104 if (key_sockaddrcmp((const struct sockaddr *)&sin6,
4105 (const struct sockaddr *)&ia->ia_addr, 0) == 0) {
4106 pserialize_read_exit(s);
4107 goto ours;
4108 }
4109 ia6_acquire(ia, &psref);
4110 pserialize_read_exit(s);
4111
4112 /*
4113 * XXX Multicast
4114 * XXX why do we care about multlicast here while we don't care
4115 * about IPv4 multicast??
4116 * XXX scope
4117 */
4118 ingroup = in6_multi_group(&sin6->sin6_addr, ia->ia_ifp);
4119 if (ingroup) {
4120 ia6_release(ia, &psref);
4121 goto ours;
4122 }
4123
4124 s = pserialize_read_enter();
4125 ia6_release(ia, &psref);
4126 }
4127 pserialize_read_exit(s);
4128
4129 /* loopback, just for safety */
4130 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
4131 goto ours;
4132
4133 ours = 0;
4134 ours:
4135 curlwp_bindx(bound);
4136
4137 return ours;
4138 }
4139 #endif /*INET6*/
4140
4141 /*
4142 * compare two secasindex structure.
4143 * flag can specify to compare 2 saidxes.
4144 * compare two secasindex structure without both mode and reqid.
4145 * don't compare port.
4146 * IN:
4147 * saidx0: source, it can be in SAD.
4148 * saidx1: object.
4149 * OUT:
4150 * 1 : equal
4151 * 0 : not equal
4152 */
4153 static int
4154 key_cmpsaidx(
4155 const struct secasindex *saidx0,
4156 const struct secasindex *saidx1,
4157 int flag)
4158 {
4159 int chkport;
4160 const struct sockaddr *sa0src, *sa0dst, *sa1src, *sa1dst;
4161
4162 /* sanity */
4163 if (saidx0 == NULL && saidx1 == NULL)
4164 return 1;
4165
4166 if (saidx0 == NULL || saidx1 == NULL)
4167 return 0;
4168
4169 if (saidx0->proto != saidx1->proto)
4170 return 0;
4171
4172 if (flag == CMP_EXACTLY) {
4173 if (saidx0->mode != saidx1->mode)
4174 return 0;
4175 if (saidx0->reqid != saidx1->reqid)
4176 return 0;
4177 if (memcmp(&saidx0->src, &saidx1->src, saidx0->src.sa.sa_len) != 0 ||
4178 memcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.sa.sa_len) != 0)
4179 return 0;
4180 } else {
4181
4182 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
4183 if (flag == CMP_MODE_REQID ||flag == CMP_REQID) {
4184 /*
4185 * If reqid of SPD is non-zero, unique SA is required.
4186 * The result must be of same reqid in this case.
4187 */
4188 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
4189 return 0;
4190 }
4191
4192 if (flag == CMP_MODE_REQID) {
4193 if (saidx0->mode != IPSEC_MODE_ANY &&
4194 saidx0->mode != saidx1->mode)
4195 return 0;
4196 }
4197
4198
4199 sa0src = &saidx0->src.sa;
4200 sa0dst = &saidx0->dst.sa;
4201 sa1src = &saidx1->src.sa;
4202 sa1dst = &saidx1->dst.sa;
4203 /*
4204 * If NAT-T is enabled, check ports for tunnel mode.
4205 * Don't do it for transport mode, as there is no
4206 * port information available in the SP.
4207 * Also don't check ports if they are set to zero
4208 * in the SPD: This means we have a non-generated
4209 * SPD which can't know UDP ports.
4210 */
4211 if (saidx1->mode == IPSEC_MODE_TUNNEL)
4212 chkport = PORT_LOOSE;
4213 else
4214 chkport = PORT_NONE;
4215
4216 if (key_sockaddrcmp(sa0src, sa1src, chkport) != 0) {
4217 return 0;
4218 }
4219 if (key_sockaddrcmp(sa0dst, sa1dst, chkport) != 0) {
4220 return 0;
4221 }
4222 }
4223
4224 return 1;
4225 }
4226
4227 /*
4228 * compare two secindex structure exactly.
4229 * IN:
4230 * spidx0: source, it is often in SPD.
4231 * spidx1: object, it is often from PFKEY message.
4232 * OUT:
4233 * 1 : equal
4234 * 0 : not equal
4235 */
4236 int
4237 key_cmpspidx_exactly(
4238 const struct secpolicyindex *spidx0,
4239 const struct secpolicyindex *spidx1)
4240 {
4241 /* sanity */
4242 if (spidx0 == NULL && spidx1 == NULL)
4243 return 1;
4244
4245 if (spidx0 == NULL || spidx1 == NULL)
4246 return 0;
4247
4248 if (spidx0->prefs != spidx1->prefs ||
4249 spidx0->prefd != spidx1->prefd ||
4250 spidx0->ul_proto != spidx1->ul_proto)
4251 return 0;
4252
4253 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, PORT_STRICT) == 0 &&
4254 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, PORT_STRICT) == 0;
4255 }
4256
4257 /*
4258 * compare two secindex structure with mask.
4259 * IN:
4260 * spidx0: source, it is often in SPD.
4261 * spidx1: object, it is often from IP header.
4262 * OUT:
4263 * 1 : equal
4264 * 0 : not equal
4265 */
4266 int
4267 key_cmpspidx_withmask(
4268 const struct secpolicyindex *spidx0,
4269 const struct secpolicyindex *spidx1)
4270 {
4271
4272 KASSERT(spidx0 != NULL);
4273 KASSERT(spidx1 != NULL);
4274
4275 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family ||
4276 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family ||
4277 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len ||
4278 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len)
4279 return 0;
4280
4281 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
4282 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY &&
4283 spidx0->ul_proto != spidx1->ul_proto)
4284 return 0;
4285
4286 switch (spidx0->src.sa.sa_family) {
4287 case AF_INET:
4288 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY &&
4289 spidx0->src.sin.sin_port != spidx1->src.sin.sin_port)
4290 return 0;
4291 if (!key_bbcmp(&spidx0->src.sin.sin_addr,
4292 &spidx1->src.sin.sin_addr, spidx0->prefs))
4293 return 0;
4294 break;
4295 case AF_INET6:
4296 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY &&
4297 spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port)
4298 return 0;
4299 /*
4300 * scope_id check. if sin6_scope_id is 0, we regard it
4301 * as a wildcard scope, which matches any scope zone ID.
4302 */
4303 if (spidx0->src.sin6.sin6_scope_id &&
4304 spidx1->src.sin6.sin6_scope_id &&
4305 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id)
4306 return 0;
4307 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr,
4308 &spidx1->src.sin6.sin6_addr, spidx0->prefs))
4309 return 0;
4310 break;
4311 default:
4312 /* XXX */
4313 if (memcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0)
4314 return 0;
4315 break;
4316 }
4317
4318 switch (spidx0->dst.sa.sa_family) {
4319 case AF_INET:
4320 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY &&
4321 spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port)
4322 return 0;
4323 if (!key_bbcmp(&spidx0->dst.sin.sin_addr,
4324 &spidx1->dst.sin.sin_addr, spidx0->prefd))
4325 return 0;
4326 break;
4327 case AF_INET6:
4328 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY &&
4329 spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port)
4330 return 0;
4331 /*
4332 * scope_id check. if sin6_scope_id is 0, we regard it
4333 * as a wildcard scope, which matches any scope zone ID.
4334 */
4335 if (spidx0->src.sin6.sin6_scope_id &&
4336 spidx1->src.sin6.sin6_scope_id &&
4337 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id)
4338 return 0;
4339 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr,
4340 &spidx1->dst.sin6.sin6_addr, spidx0->prefd))
4341 return 0;
4342 break;
4343 default:
4344 /* XXX */
4345 if (memcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0)
4346 return 0;
4347 break;
4348 }
4349
4350 /* XXX Do we check other field ? e.g. flowinfo */
4351
4352 return 1;
4353 }
4354
4355 /* returns 0 on match */
4356 static int
4357 key_portcomp(in_port_t port1, in_port_t port2, int howport)
4358 {
4359 switch (howport) {
4360 case PORT_NONE:
4361 return 0;
4362 case PORT_LOOSE:
4363 if (port1 == 0 || port2 == 0)
4364 return 0;
4365 /*FALLTHROUGH*/
4366 case PORT_STRICT:
4367 if (port1 != port2) {
4368 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
4369 "port fail %d != %d\n", port1, port2);
4370 return 1;
4371 }
4372 return 0;
4373 default:
4374 KASSERT(0);
4375 return 1;
4376 }
4377 }
4378
4379 /* returns 0 on match */
4380 static int
4381 key_sockaddrcmp(
4382 const struct sockaddr *sa1,
4383 const struct sockaddr *sa2,
4384 int howport)
4385 {
4386 const struct sockaddr_in *sin1, *sin2;
4387 const struct sockaddr_in6 *sin61, *sin62;
4388
4389 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) {
4390 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
4391 "fam/len fail %d != %d || %d != %d\n",
4392 sa1->sa_family, sa2->sa_family, sa1->sa_len,
4393 sa2->sa_len);
4394 return 1;
4395 }
4396
4397 switch (sa1->sa_family) {
4398 case AF_INET:
4399 if (sa1->sa_len != sizeof(struct sockaddr_in)) {
4400 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
4401 "len fail %d != %zu\n",
4402 sa1->sa_len, sizeof(struct sockaddr_in));
4403 return 1;
4404 }
4405 sin1 = (const struct sockaddr_in *)sa1;
4406 sin2 = (const struct sockaddr_in *)sa2;
4407 if (sin1->sin_addr.s_addr != sin2->sin_addr.s_addr) {
4408 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
4409 "addr fail %#x != %#x\n",
4410 sin1->sin_addr.s_addr, sin2->sin_addr.s_addr);
4411 return 1;
4412 }
4413 if (key_portcomp(sin1->sin_port, sin2->sin_port, howport)) {
4414 return 1;
4415 }
4416 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
4417 "addr success %#x[%d] == %#x[%d]\n",
4418 sin1->sin_addr.s_addr, sin1->sin_port,
4419 sin2->sin_addr.s_addr, sin2->sin_port);
4420 break;
4421 case AF_INET6:
4422 sin61 = (const struct sockaddr_in6 *)sa1;
4423 sin62 = (const struct sockaddr_in6 *)sa2;
4424 if (sa1->sa_len != sizeof(struct sockaddr_in6))
4425 return 1; /*EINVAL*/
4426
4427 if (sin61->sin6_scope_id != sin62->sin6_scope_id) {
4428 return 1;
4429 }
4430 if (!IN6_ARE_ADDR_EQUAL(&sin61->sin6_addr, &sin62->sin6_addr)) {
4431 return 1;
4432 }
4433 if (key_portcomp(sin61->sin6_port, sin62->sin6_port, howport)) {
4434 return 1;
4435 }
4436 break;
4437 default:
4438 if (memcmp(sa1, sa2, sa1->sa_len) != 0)
4439 return 1;
4440 break;
4441 }
4442
4443 return 0;
4444 }
4445
4446 /*
4447 * compare two buffers with mask.
4448 * IN:
4449 * addr1: source
4450 * addr2: object
4451 * bits: Number of bits to compare
4452 * OUT:
4453 * 1 : equal
4454 * 0 : not equal
4455 */
4456 static int
4457 key_bbcmp(const void *a1, const void *a2, u_int bits)
4458 {
4459 const unsigned char *p1 = a1;
4460 const unsigned char *p2 = a2;
4461
4462 /* XXX: This could be considerably faster if we compare a word
4463 * at a time, but it is complicated on LSB Endian machines */
4464
4465 /* Handle null pointers */
4466 if (p1 == NULL || p2 == NULL)
4467 return (p1 == p2);
4468
4469 while (bits >= 8) {
4470 if (*p1++ != *p2++)
4471 return 0;
4472 bits -= 8;
4473 }
4474
4475 if (bits > 0) {
4476 u_int8_t mask = ~((1<<(8-bits))-1);
4477 if ((*p1 & mask) != (*p2 & mask))
4478 return 0;
4479 }
4480 return 1; /* Match! */
4481 }
4482
4483 /*
4484 * time handler.
4485 * scanning SPD and SAD to check status for each entries,
4486 * and do to remove or to expire.
4487 */
4488 static void
4489 key_timehandler_work(struct work *wk, void *arg)
4490 {
4491 u_int dir;
4492 int s;
4493 time_t now = time_uptime;
4494
4495 s = splsoftnet();
4496 mutex_enter(softnet_lock);
4497
4498 /* SPD */
4499 {
4500 struct secpolicy *sp, *nextsp;
4501
4502 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
4503 LIST_FOREACH_SAFE(sp, &sptree[dir], chain, nextsp) {
4504 if (sp->state == IPSEC_SPSTATE_DEAD) {
4505 key_sp_unlink(sp); /*XXX*/
4506
4507 /* 'sp' dead; continue transfers to
4508 * 'sp = nextsp'
4509 */
4510 continue;
4511 }
4512
4513 if (sp->lifetime == 0 && sp->validtime == 0)
4514 continue;
4515
4516 /* the deletion will occur next time */
4517 if ((sp->lifetime && now - sp->created > sp->lifetime) ||
4518 (sp->validtime && now - sp->lastused > sp->validtime)) {
4519 key_sp_dead(sp);
4520 key_spdexpire(sp);
4521 continue;
4522 }
4523 }
4524 }
4525 }
4526
4527 /* SAD */
4528 {
4529 struct secashead *sah, *nextsah;
4530 struct secasvar *sav, *nextsav;
4531
4532 LIST_FOREACH_SAFE(sah, &sahtree, chain, nextsah) {
4533 /* if sah has been dead, then delete it and process next sah. */
4534 if (sah->state == SADB_SASTATE_DEAD) {
4535 key_delsah(sah);
4536 continue;
4537 }
4538
4539 /* if LARVAL entry doesn't become MATURE, delete it. */
4540 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_LARVAL],
4541 chain, nextsav) {
4542 if (now - sav->created > key_larval_lifetime) {
4543 KEY_FREESAV(&sav);
4544 }
4545 }
4546
4547 /*
4548 * check MATURE entry to start to send expire message
4549 * whether or not.
4550 */
4551 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_MATURE],
4552 chain, nextsav) {
4553 /* we don't need to check. */
4554 if (sav->lft_s == NULL)
4555 continue;
4556
4557 /* sanity check */
4558 if (sav->lft_c == NULL) {
4559 IPSECLOG(LOG_DEBUG,
4560 "There is no CURRENT time, why?\n");
4561 continue;
4562 }
4563
4564 /* check SOFT lifetime */
4565 if (sav->lft_s->sadb_lifetime_addtime != 0 &&
4566 now - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4567 /*
4568 * check SA to be used whether or not.
4569 * when SA hasn't been used, delete it.
4570 */
4571 if (sav->lft_c->sadb_lifetime_usetime == 0) {
4572 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4573 KEY_FREESAV(&sav);
4574 } else {
4575 key_sa_chgstate(sav, SADB_SASTATE_DYING);
4576 /*
4577 * XXX If we keep to send expire
4578 * message in the status of
4579 * DYING. Do remove below code.
4580 */
4581 key_expire(sav);
4582 }
4583 }
4584 /* check SOFT lifetime by bytes */
4585 /*
4586 * XXX I don't know the way to delete this SA
4587 * when new SA is installed. Caution when it's
4588 * installed too big lifetime by time.
4589 */
4590 else if (sav->lft_s->sadb_lifetime_bytes != 0 &&
4591 sav->lft_s->sadb_lifetime_bytes <
4592 sav->lft_c->sadb_lifetime_bytes) {
4593
4594 key_sa_chgstate(sav, SADB_SASTATE_DYING);
4595 /*
4596 * XXX If we keep to send expire
4597 * message in the status of
4598 * DYING. Do remove below code.
4599 */
4600 key_expire(sav);
4601 }
4602 }
4603
4604 /* check DYING entry to change status to DEAD. */
4605 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_DYING],
4606 chain, nextsav) {
4607 /* we don't need to check. */
4608 if (sav->lft_h == NULL)
4609 continue;
4610
4611 /* sanity check */
4612 if (sav->lft_c == NULL) {
4613 IPSECLOG(LOG_DEBUG,
4614 "There is no CURRENT time, why?\n");
4615 continue;
4616 }
4617
4618 if (sav->lft_h->sadb_lifetime_addtime != 0 &&
4619 now - sav->created > sav->lft_h->sadb_lifetime_addtime) {
4620 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4621 KEY_FREESAV(&sav);
4622 }
4623 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
4624 else if (sav->lft_s != NULL
4625 && sav->lft_s->sadb_lifetime_addtime != 0
4626 && now - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4627 /*
4628 * XXX: should be checked to be
4629 * installed the valid SA.
4630 */
4631
4632 /*
4633 * If there is no SA then sending
4634 * expire message.
4635 */
4636 key_expire(sav);
4637 }
4638 #endif
4639 /* check HARD lifetime by bytes */
4640 else if (sav->lft_h->sadb_lifetime_bytes != 0 &&
4641 sav->lft_h->sadb_lifetime_bytes <
4642 sav->lft_c->sadb_lifetime_bytes) {
4643 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4644 KEY_FREESAV(&sav);
4645 }
4646 }
4647
4648 /* delete entry in DEAD */
4649 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_DEAD],
4650 chain, nextsav) {
4651 /* sanity check */
4652 if (sav->state != SADB_SASTATE_DEAD) {
4653 IPSECLOG(LOG_DEBUG,
4654 "invalid sav->state (queue: %d SA: %d): "
4655 "kill it anyway\n",
4656 SADB_SASTATE_DEAD, sav->state);
4657 }
4658
4659 /*
4660 * do not call key_freesav() here.
4661 * sav should already be freed, and sav->refcnt
4662 * shows other references to sav
4663 * (such as from SPD).
4664 */
4665 }
4666 }
4667 }
4668
4669 #ifndef IPSEC_NONBLOCK_ACQUIRE
4670 /* ACQ tree */
4671 {
4672 struct secacq *acq, *nextacq;
4673
4674 restart:
4675 mutex_enter(&key_mtx);
4676 LIST_FOREACH_SAFE(acq, &acqtree, chain, nextacq) {
4677 if (now - acq->created > key_blockacq_lifetime) {
4678 LIST_REMOVE(acq, chain);
4679 mutex_exit(&key_mtx);
4680 kmem_free(acq, sizeof(*acq));
4681 goto restart;
4682 }
4683 }
4684 mutex_exit(&key_mtx);
4685 }
4686 #endif
4687
4688 #ifdef notyet
4689 /* SP ACQ tree */
4690 {
4691 struct secspacq *acq, *nextacq;
4692
4693 LIST_FOREACH_SAFE(acq, &spacqtree, chain, nextacq) {
4694 if (now - acq->created > key_blockacq_lifetime) {
4695 KASSERT(__LIST_CHAINED(acq));
4696 LIST_REMOVE(acq, chain);
4697 kmem_free(acq, sizeof(*acq));
4698 }
4699 }
4700 }
4701 #endif
4702
4703 /* do exchange to tick time !! */
4704 callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL);
4705
4706 mutex_exit(softnet_lock);
4707 splx(s);
4708 return;
4709 }
4710
4711 static void
4712 key_timehandler(void *arg)
4713 {
4714
4715 workqueue_enqueue(key_timehandler_wq, &key_timehandler_wk, NULL);
4716 }
4717
4718 u_long
4719 key_random(void)
4720 {
4721 u_long value;
4722
4723 key_randomfill(&value, sizeof(value));
4724 return value;
4725 }
4726
4727 void
4728 key_randomfill(void *p, size_t l)
4729 {
4730
4731 cprng_fast(p, l);
4732 }
4733
4734 /*
4735 * map SADB_SATYPE_* to IPPROTO_*.
4736 * if satype == SADB_SATYPE then satype is mapped to ~0.
4737 * OUT:
4738 * 0: invalid satype.
4739 */
4740 static u_int16_t
4741 key_satype2proto(u_int8_t satype)
4742 {
4743 switch (satype) {
4744 case SADB_SATYPE_UNSPEC:
4745 return IPSEC_PROTO_ANY;
4746 case SADB_SATYPE_AH:
4747 return IPPROTO_AH;
4748 case SADB_SATYPE_ESP:
4749 return IPPROTO_ESP;
4750 case SADB_X_SATYPE_IPCOMP:
4751 return IPPROTO_IPCOMP;
4752 case SADB_X_SATYPE_TCPSIGNATURE:
4753 return IPPROTO_TCP;
4754 default:
4755 return 0;
4756 }
4757 /* NOTREACHED */
4758 }
4759
4760 /*
4761 * map IPPROTO_* to SADB_SATYPE_*
4762 * OUT:
4763 * 0: invalid protocol type.
4764 */
4765 static u_int8_t
4766 key_proto2satype(u_int16_t proto)
4767 {
4768 switch (proto) {
4769 case IPPROTO_AH:
4770 return SADB_SATYPE_AH;
4771 case IPPROTO_ESP:
4772 return SADB_SATYPE_ESP;
4773 case IPPROTO_IPCOMP:
4774 return SADB_X_SATYPE_IPCOMP;
4775 case IPPROTO_TCP:
4776 return SADB_X_SATYPE_TCPSIGNATURE;
4777 default:
4778 return 0;
4779 }
4780 /* NOTREACHED */
4781 }
4782
4783 static int
4784 key_setsecasidx(int proto, int mode, int reqid,
4785 const struct sadb_address * src,
4786 const struct sadb_address * dst,
4787 struct secasindex * saidx)
4788 {
4789 const union sockaddr_union *src_u = (const union sockaddr_union *)src;
4790 const union sockaddr_union *dst_u = (const union sockaddr_union *)dst;
4791
4792 /* sa len safety check */
4793 if (key_checksalen(src_u) != 0)
4794 return -1;
4795 if (key_checksalen(dst_u) != 0)
4796 return -1;
4797
4798 memset(saidx, 0, sizeof(*saidx));
4799 saidx->proto = proto;
4800 saidx->mode = mode;
4801 saidx->reqid = reqid;
4802 memcpy(&saidx->src, src_u, src_u->sa.sa_len);
4803 memcpy(&saidx->dst, dst_u, dst_u->sa.sa_len);
4804
4805 key_porttosaddr(&((saidx)->src), 0);
4806 key_porttosaddr(&((saidx)->dst), 0);
4807 return 0;
4808 }
4809
4810 /* %%% PF_KEY */
4811 /*
4812 * SADB_GETSPI processing is to receive
4813 * <base, (SA2), src address, dst address, (SPI range)>
4814 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
4815 * tree with the status of LARVAL, and send
4816 * <base, SA(*), address(SD)>
4817 * to the IKMPd.
4818 *
4819 * IN: mhp: pointer to the pointer to each header.
4820 * OUT: NULL if fail.
4821 * other if success, return pointer to the message to send.
4822 */
4823 static int
4824 key_getspi(struct socket *so, struct mbuf *m,
4825 const struct sadb_msghdr *mhp)
4826 {
4827 struct sadb_address *src0, *dst0;
4828 struct secasindex saidx;
4829 struct secashead *newsah;
4830 struct secasvar *newsav;
4831 u_int8_t proto;
4832 u_int32_t spi;
4833 u_int8_t mode;
4834 u_int16_t reqid;
4835 int error;
4836
4837 KASSERT(!cpu_softintr_p());
4838 KASSERT(so != NULL);
4839 KASSERT(m != NULL);
4840 KASSERT(mhp != NULL);
4841 KASSERT(mhp->msg != NULL);
4842
4843 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
4844 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
4845 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
4846 return key_senderror(so, m, EINVAL);
4847 }
4848 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
4849 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
4850 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
4851 return key_senderror(so, m, EINVAL);
4852 }
4853 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
4854 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
4855 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
4856 } else {
4857 mode = IPSEC_MODE_ANY;
4858 reqid = 0;
4859 }
4860
4861 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
4862 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
4863
4864 /* map satype to proto */
4865 proto = key_satype2proto(mhp->msg->sadb_msg_satype);
4866 if (proto == 0) {
4867 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n");
4868 return key_senderror(so, m, EINVAL);
4869 }
4870
4871
4872 error = key_setsecasidx(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
4873 if (error != 0)
4874 return key_senderror(so, m, EINVAL);
4875
4876 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp);
4877 if (error != 0)
4878 return key_senderror(so, m, EINVAL);
4879
4880 /* SPI allocation */
4881 spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
4882 &saidx);
4883 if (spi == 0)
4884 return key_senderror(so, m, EINVAL);
4885
4886 /* get a SA index */
4887 newsah = key_getsah(&saidx);
4888 if (newsah == NULL) {
4889 /* create a new SA index */
4890 newsah = key_newsah(&saidx);
4891 if (newsah == NULL) {
4892 IPSECLOG(LOG_DEBUG, "No more memory.\n");
4893 return key_senderror(so, m, ENOBUFS);
4894 }
4895 }
4896
4897 /* get a new SA */
4898 /* XXX rewrite */
4899 newsav = KEY_NEWSAV(m, mhp, newsah, &error);
4900 if (newsav == NULL) {
4901 /* XXX don't free new SA index allocated in above. */
4902 return key_senderror(so, m, error);
4903 }
4904
4905 /* set spi */
4906 newsav->spi = htonl(spi);
4907
4908 #ifndef IPSEC_NONBLOCK_ACQUIRE
4909 /* delete the entry in acqtree */
4910 if (mhp->msg->sadb_msg_seq != 0) {
4911 struct secacq *acq;
4912 mutex_enter(&key_mtx);
4913 acq = key_getacqbyseq(mhp->msg->sadb_msg_seq);
4914 if (acq != NULL) {
4915 /* reset counter in order to deletion by timehandler. */
4916 acq->created = time_uptime;
4917 acq->count = 0;
4918 }
4919 mutex_exit(&key_mtx);
4920 }
4921 #endif
4922
4923 {
4924 struct mbuf *n, *nn;
4925 struct sadb_sa *m_sa;
4926 struct sadb_msg *newmsg;
4927 int off, len;
4928
4929 /* create new sadb_msg to reply. */
4930 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
4931 PFKEY_ALIGN8(sizeof(struct sadb_sa));
4932 if (len > MCLBYTES)
4933 return key_senderror(so, m, ENOBUFS);
4934
4935 MGETHDR(n, M_DONTWAIT, MT_DATA);
4936 if (len > MHLEN) {
4937 MCLGET(n, M_DONTWAIT);
4938 if ((n->m_flags & M_EXT) == 0) {
4939 m_freem(n);
4940 n = NULL;
4941 }
4942 }
4943 if (!n)
4944 return key_senderror(so, m, ENOBUFS);
4945
4946 n->m_len = len;
4947 n->m_next = NULL;
4948 off = 0;
4949
4950 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off);
4951 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
4952
4953 m_sa = (struct sadb_sa *)(mtod(n, char *) + off);
4954 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
4955 m_sa->sadb_sa_exttype = SADB_EXT_SA;
4956 m_sa->sadb_sa_spi = htonl(spi);
4957 off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
4958
4959 KASSERTMSG(off == len, "length inconsistency");
4960
4961 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC,
4962 SADB_EXT_ADDRESS_DST);
4963 if (!n->m_next) {
4964 m_freem(n);
4965 return key_senderror(so, m, ENOBUFS);
4966 }
4967
4968 if (n->m_len < sizeof(struct sadb_msg)) {
4969 n = m_pullup(n, sizeof(struct sadb_msg));
4970 if (n == NULL)
4971 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
4972 }
4973
4974 n->m_pkthdr.len = 0;
4975 for (nn = n; nn; nn = nn->m_next)
4976 n->m_pkthdr.len += nn->m_len;
4977
4978 newmsg = mtod(n, struct sadb_msg *);
4979 newmsg->sadb_msg_seq = newsav->seq;
4980 newmsg->sadb_msg_errno = 0;
4981 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
4982
4983 m_freem(m);
4984 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
4985 }
4986 }
4987
4988 /*
4989 * allocating new SPI
4990 * called by key_getspi().
4991 * OUT:
4992 * 0: failure.
4993 * others: success.
4994 */
4995 static u_int32_t
4996 key_do_getnewspi(const struct sadb_spirange *spirange,
4997 const struct secasindex *saidx)
4998 {
4999 u_int32_t newspi;
5000 u_int32_t spmin, spmax;
5001 int count = key_spi_trycnt;
5002
5003 /* set spi range to allocate */
5004 if (spirange != NULL) {
5005 spmin = spirange->sadb_spirange_min;
5006 spmax = spirange->sadb_spirange_max;
5007 } else {
5008 spmin = key_spi_minval;
5009 spmax = key_spi_maxval;
5010 }
5011 /* IPCOMP needs 2-byte SPI */
5012 if (saidx->proto == IPPROTO_IPCOMP) {
5013 u_int32_t t;
5014 if (spmin >= 0x10000)
5015 spmin = 0xffff;
5016 if (spmax >= 0x10000)
5017 spmax = 0xffff;
5018 if (spmin > spmax) {
5019 t = spmin; spmin = spmax; spmax = t;
5020 }
5021 }
5022
5023 if (spmin == spmax) {
5024 if (key_checkspidup(saidx, htonl(spmin)) != NULL) {
5025 IPSECLOG(LOG_DEBUG, "SPI %u exists already.\n", spmin);
5026 return 0;
5027 }
5028
5029 count--; /* taking one cost. */
5030 newspi = spmin;
5031
5032 } else {
5033
5034 /* init SPI */
5035 newspi = 0;
5036
5037 /* when requesting to allocate spi ranged */
5038 while (count--) {
5039 /* generate pseudo-random SPI value ranged. */
5040 newspi = spmin + (key_random() % (spmax - spmin + 1));
5041
5042 if (key_checkspidup(saidx, htonl(newspi)) == NULL)
5043 break;
5044 }
5045
5046 if (count == 0 || newspi == 0) {
5047 IPSECLOG(LOG_DEBUG, "to allocate spi is failed.\n");
5048 return 0;
5049 }
5050 }
5051
5052 /* statistics */
5053 keystat.getspi_count =
5054 (keystat.getspi_count + key_spi_trycnt - count) / 2;
5055
5056 return newspi;
5057 }
5058
5059 static int
5060 key_handle_natt_info(struct secasvar *sav,
5061 const struct sadb_msghdr *mhp)
5062 {
5063 const char *msg = "?" ;
5064 struct sadb_x_nat_t_type *type;
5065 struct sadb_x_nat_t_port *sport, *dport;
5066 struct sadb_address *iaddr, *raddr;
5067 struct sadb_x_nat_t_frag *frag;
5068
5069 if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL ||
5070 mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL ||
5071 mhp->ext[SADB_X_EXT_NAT_T_DPORT] == NULL)
5072 return 0;
5073
5074 if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) {
5075 msg = "TYPE";
5076 goto bad;
5077 }
5078
5079 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) {
5080 msg = "SPORT";
5081 goto bad;
5082 }
5083
5084 if (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
5085 msg = "DPORT";
5086 goto bad;
5087 }
5088
5089 if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) {
5090 IPSECLOG(LOG_DEBUG, "NAT-T OAi present\n");
5091 if (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr)) {
5092 msg = "OAI";
5093 goto bad;
5094 }
5095 }
5096
5097 if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) {
5098 IPSECLOG(LOG_DEBUG, "NAT-T OAr present\n");
5099 if (mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr)) {
5100 msg = "OAR";
5101 goto bad;
5102 }
5103 }
5104
5105 if (mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) {
5106 if (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag)) {
5107 msg = "FRAG";
5108 goto bad;
5109 }
5110 }
5111
5112 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE];
5113 sport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT];
5114 dport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT];
5115 iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI];
5116 raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR];
5117 frag = (struct sadb_x_nat_t_frag *)mhp->ext[SADB_X_EXT_NAT_T_FRAG];
5118
5119 IPSECLOG(LOG_DEBUG, "type %d, sport = %d, dport = %d\n",
5120 type->sadb_x_nat_t_type_type,
5121 ntohs(sport->sadb_x_nat_t_port_port),
5122 ntohs(dport->sadb_x_nat_t_port_port));
5123
5124 sav->natt_type = type->sadb_x_nat_t_type_type;
5125 key_porttosaddr(&sav->sah->saidx.src, sport->sadb_x_nat_t_port_port);
5126 key_porttosaddr(&sav->sah->saidx.dst, dport->sadb_x_nat_t_port_port);
5127 if (frag)
5128 sav->esp_frag = frag->sadb_x_nat_t_frag_fraglen;
5129 else
5130 sav->esp_frag = IP_MAXPACKET;
5131
5132 return 0;
5133 bad:
5134 IPSECLOG(LOG_DEBUG, "invalid message %s\n", msg);
5135 __USE(msg);
5136 return -1;
5137 }
5138
5139 /* Just update the IPSEC_NAT_T ports if present */
5140 static int
5141 key_set_natt_ports(union sockaddr_union *src, union sockaddr_union *dst,
5142 const struct sadb_msghdr *mhp)
5143 {
5144 if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL)
5145 IPSECLOG(LOG_DEBUG, "NAT-T OAi present\n");
5146 if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL)
5147 IPSECLOG(LOG_DEBUG, "NAT-T OAr present\n");
5148
5149 if ((mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL) &&
5150 (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL) &&
5151 (mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL)) {
5152 struct sadb_x_nat_t_type *type;
5153 struct sadb_x_nat_t_port *sport;
5154 struct sadb_x_nat_t_port *dport;
5155
5156 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) ||
5157 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) ||
5158 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) {
5159 IPSECLOG(LOG_DEBUG, "invalid message\n");
5160 return -1;
5161 }
5162
5163 type = (struct sadb_x_nat_t_type *)
5164 mhp->ext[SADB_X_EXT_NAT_T_TYPE];
5165 sport = (struct sadb_x_nat_t_port *)
5166 mhp->ext[SADB_X_EXT_NAT_T_SPORT];
5167 dport = (struct sadb_x_nat_t_port *)
5168 mhp->ext[SADB_X_EXT_NAT_T_DPORT];
5169
5170 key_porttosaddr(src, sport->sadb_x_nat_t_port_port);
5171 key_porttosaddr(dst, dport->sadb_x_nat_t_port_port);
5172
5173 IPSECLOG(LOG_DEBUG, "type %d, sport = %d, dport = %d\n",
5174 type->sadb_x_nat_t_type_type,
5175 ntohs(sport->sadb_x_nat_t_port_port),
5176 ntohs(dport->sadb_x_nat_t_port_port));
5177 }
5178
5179 return 0;
5180 }
5181
5182
5183 /*
5184 * SADB_UPDATE processing
5185 * receive
5186 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5187 * key(AE), (identity(SD),) (sensitivity)>
5188 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
5189 * and send
5190 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5191 * (identity(SD),) (sensitivity)>
5192 * to the ikmpd.
5193 *
5194 * m will always be freed.
5195 */
5196 static int
5197 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
5198 {
5199 struct sadb_sa *sa0;
5200 struct sadb_address *src0, *dst0;
5201 struct secasindex saidx;
5202 struct secashead *sah;
5203 struct secasvar *sav;
5204 u_int16_t proto;
5205 u_int8_t mode;
5206 u_int16_t reqid;
5207 int error;
5208
5209 KASSERT(!cpu_softintr_p());
5210 KASSERT(so != NULL);
5211 KASSERT(m != NULL);
5212 KASSERT(mhp != NULL);
5213 KASSERT(mhp->msg != NULL);
5214
5215 /* map satype to proto */
5216 proto = key_satype2proto(mhp->msg->sadb_msg_satype);
5217 if (proto == 0) {
5218 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n");
5219 return key_senderror(so, m, EINVAL);
5220 }
5221
5222 if (mhp->ext[SADB_EXT_SA] == NULL ||
5223 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5224 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
5225 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
5226 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
5227 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
5228 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
5229 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
5230 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
5231 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
5232 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
5233 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
5234 return key_senderror(so, m, EINVAL);
5235 }
5236 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5237 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5238 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5239 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
5240 return key_senderror(so, m, EINVAL);
5241 }
5242 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5243 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5244 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5245 } else {
5246 mode = IPSEC_MODE_ANY;
5247 reqid = 0;
5248 }
5249 /* XXX boundary checking for other extensions */
5250
5251 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5252 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5253 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5254
5255 error = key_setsecasidx(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5256 if (error != 0)
5257 return key_senderror(so, m, EINVAL);
5258
5259 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp);
5260 if (error != 0)
5261 return key_senderror(so, m, EINVAL);
5262
5263 /* get a SA header */
5264 sah = key_getsah(&saidx);
5265 if (sah == NULL) {
5266 IPSECLOG(LOG_DEBUG, "no SA index found.\n");
5267 return key_senderror(so, m, ENOENT);
5268 }
5269
5270 /* set spidx if there */
5271 /* XXX rewrite */
5272 error = key_setident(sah, m, mhp);
5273 if (error)
5274 return key_senderror(so, m, error);
5275
5276 /* find a SA with sequence number. */
5277 #ifdef IPSEC_DOSEQCHECK
5278 if (mhp->msg->sadb_msg_seq != 0) {
5279 sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq);
5280 if (sav == NULL) {
5281 IPSECLOG(LOG_DEBUG,
5282 "no larval SA with sequence %u exists.\n",
5283 mhp->msg->sadb_msg_seq);
5284 return key_senderror(so, m, ENOENT);
5285 }
5286 }
5287 #else
5288 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5289 if (sav == NULL) {
5290 IPSECLOG(LOG_DEBUG, "no such a SA found (spi:%u)\n",
5291 (u_int32_t)ntohl(sa0->sadb_sa_spi));
5292 return key_senderror(so, m, EINVAL);
5293 }
5294 #endif
5295
5296 /* validity check */
5297 if (sav->sah->saidx.proto != proto) {
5298 IPSECLOG(LOG_DEBUG, "protocol mismatched (DB=%u param=%u)\n",
5299 sav->sah->saidx.proto, proto);
5300 return key_senderror(so, m, EINVAL);
5301 }
5302 #ifdef IPSEC_DOSEQCHECK
5303 if (sav->spi != sa0->sadb_sa_spi) {
5304 IPSECLOG(LOG_DEBUG, "SPI mismatched (DB:%u param:%u)\n",
5305 (u_int32_t)ntohl(sav->spi),
5306 (u_int32_t)ntohl(sa0->sadb_sa_spi));
5307 return key_senderror(so, m, EINVAL);
5308 }
5309 #endif
5310 if (sav->pid != mhp->msg->sadb_msg_pid) {
5311 IPSECLOG(LOG_DEBUG, "pid mismatched (DB:%u param:%u)\n",
5312 sav->pid, mhp->msg->sadb_msg_pid);
5313 return key_senderror(so, m, EINVAL);
5314 }
5315
5316 /* copy sav values */
5317 error = key_setsaval(sav, m, mhp);
5318 if (error) {
5319 KEY_FREESAV(&sav);
5320 return key_senderror(so, m, error);
5321 }
5322
5323 error = key_handle_natt_info(sav,mhp);
5324 if (error != 0)
5325 return key_senderror(so, m, EINVAL);
5326
5327 /* check SA values to be mature. */
5328 mhp->msg->sadb_msg_errno = key_mature(sav);
5329 if (mhp->msg->sadb_msg_errno != 0) {
5330 KEY_FREESAV(&sav);
5331 return key_senderror(so, m, 0);
5332 }
5333
5334 {
5335 struct mbuf *n;
5336
5337 /* set msg buf from mhp */
5338 n = key_getmsgbuf_x1(m, mhp);
5339 if (n == NULL) {
5340 IPSECLOG(LOG_DEBUG, "No more memory.\n");
5341 return key_senderror(so, m, ENOBUFS);
5342 }
5343
5344 m_freem(m);
5345 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5346 }
5347 }
5348
5349 /*
5350 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
5351 * only called by key_update().
5352 * OUT:
5353 * NULL : not found
5354 * others : found, pointer to a SA.
5355 */
5356 #ifdef IPSEC_DOSEQCHECK
5357 static struct secasvar *
5358 key_getsavbyseq(struct secashead *sah, u_int32_t seq)
5359 {
5360 struct secasvar *sav;
5361 u_int state;
5362
5363 state = SADB_SASTATE_LARVAL;
5364
5365 /* search SAD with sequence number ? */
5366 LIST_FOREACH(sav, &sah->savtree[state], chain) {
5367
5368 KEY_CHKSASTATE(state, sav->state);
5369
5370 if (sav->seq == seq) {
5371 SA_ADDREF(sav);
5372 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
5373 "DP cause refcnt++:%d SA:%p\n",
5374 sav->refcnt, sav);
5375 return sav;
5376 }
5377 }
5378
5379 return NULL;
5380 }
5381 #endif
5382
5383 /*
5384 * SADB_ADD processing
5385 * add an entry to SA database, when received
5386 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5387 * key(AE), (identity(SD),) (sensitivity)>
5388 * from the ikmpd,
5389 * and send
5390 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5391 * (identity(SD),) (sensitivity)>
5392 * to the ikmpd.
5393 *
5394 * IGNORE identity and sensitivity messages.
5395 *
5396 * m will always be freed.
5397 */
5398 static int
5399 key_add(struct socket *so, struct mbuf *m,
5400 const struct sadb_msghdr *mhp)
5401 {
5402 struct sadb_sa *sa0;
5403 struct sadb_address *src0, *dst0;
5404 struct secasindex saidx;
5405 struct secashead *newsah;
5406 struct secasvar *newsav;
5407 u_int16_t proto;
5408 u_int8_t mode;
5409 u_int16_t reqid;
5410 int error;
5411
5412 KASSERT(so != NULL);
5413 KASSERT(m != NULL);
5414 KASSERT(mhp != NULL);
5415 KASSERT(mhp->msg != NULL);
5416
5417 /* map satype to proto */
5418 proto = key_satype2proto(mhp->msg->sadb_msg_satype);
5419 if (proto == 0) {
5420 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n");
5421 return key_senderror(so, m, EINVAL);
5422 }
5423
5424 if (mhp->ext[SADB_EXT_SA] == NULL ||
5425 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5426 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
5427 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
5428 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
5429 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
5430 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
5431 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
5432 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
5433 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
5434 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
5435 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
5436 return key_senderror(so, m, EINVAL);
5437 }
5438 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5439 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5440 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5441 /* XXX need more */
5442 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
5443 return key_senderror(so, m, EINVAL);
5444 }
5445 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5446 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5447 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5448 } else {
5449 mode = IPSEC_MODE_ANY;
5450 reqid = 0;
5451 }
5452
5453 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5454 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5455 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5456
5457 error = key_setsecasidx(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5458 if (error != 0)
5459 return key_senderror(so, m, EINVAL);
5460
5461 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp);
5462 if (error != 0)
5463 return key_senderror(so, m, EINVAL);
5464
5465 /* get a SA header */
5466 newsah = key_getsah(&saidx);
5467 if (newsah == NULL) {
5468 /* create a new SA header */
5469 newsah = key_newsah(&saidx);
5470 if (newsah == NULL) {
5471 IPSECLOG(LOG_DEBUG, "No more memory.\n");
5472 return key_senderror(so, m, ENOBUFS);
5473 }
5474 }
5475
5476 /* set spidx if there */
5477 /* XXX rewrite */
5478 error = key_setident(newsah, m, mhp);
5479 if (error) {
5480 return key_senderror(so, m, error);
5481 }
5482
5483 /* create new SA entry. */
5484 /* We can create new SA only if SPI is differenct. */
5485 if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
5486 IPSECLOG(LOG_DEBUG, "SA already exists.\n");
5487 return key_senderror(so, m, EEXIST);
5488 }
5489 newsav = KEY_NEWSAV(m, mhp, newsah, &error);
5490 if (newsav == NULL) {
5491 return key_senderror(so, m, error);
5492 }
5493
5494 error = key_handle_natt_info(newsav, mhp);
5495 if (error != 0)
5496 return key_senderror(so, m, EINVAL);
5497
5498 /* check SA values to be mature. */
5499 error = key_mature(newsav);
5500 if (error != 0) {
5501 KEY_FREESAV(&newsav);
5502 return key_senderror(so, m, error);
5503 }
5504
5505 /*
5506 * don't call key_freesav() here, as we would like to keep the SA
5507 * in the database on success.
5508 */
5509
5510 {
5511 struct mbuf *n;
5512
5513 /* set msg buf from mhp */
5514 n = key_getmsgbuf_x1(m, mhp);
5515 if (n == NULL) {
5516 IPSECLOG(LOG_DEBUG, "No more memory.\n");
5517 return key_senderror(so, m, ENOBUFS);
5518 }
5519
5520 m_freem(m);
5521 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5522 }
5523 }
5524
5525 /* m is retained */
5526 static int
5527 key_setident(struct secashead *sah, struct mbuf *m,
5528 const struct sadb_msghdr *mhp)
5529 {
5530 const struct sadb_ident *idsrc, *iddst;
5531 int idsrclen, iddstlen;
5532
5533 KASSERT(!cpu_softintr_p());
5534 KASSERT(sah != NULL);
5535 KASSERT(m != NULL);
5536 KASSERT(mhp != NULL);
5537 KASSERT(mhp->msg != NULL);
5538
5539 /*
5540 * Can be called with an existing sah from key_update().
5541 */
5542 if (sah->idents != NULL) {
5543 kmem_free(sah->idents, sah->idents_len);
5544 sah->idents = NULL;
5545 sah->idents_len = 0;
5546 }
5547 if (sah->identd != NULL) {
5548 kmem_free(sah->identd, sah->identd_len);
5549 sah->identd = NULL;
5550 sah->identd_len = 0;
5551 }
5552
5553 /* don't make buffer if not there */
5554 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
5555 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5556 sah->idents = NULL;
5557 sah->identd = NULL;
5558 return 0;
5559 }
5560
5561 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
5562 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5563 IPSECLOG(LOG_DEBUG, "invalid identity.\n");
5564 return EINVAL;
5565 }
5566
5567 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
5568 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
5569 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
5570 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
5571
5572 /* validity check */
5573 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
5574 IPSECLOG(LOG_DEBUG, "ident type mismatch.\n");
5575 return EINVAL;
5576 }
5577
5578 switch (idsrc->sadb_ident_type) {
5579 case SADB_IDENTTYPE_PREFIX:
5580 case SADB_IDENTTYPE_FQDN:
5581 case SADB_IDENTTYPE_USERFQDN:
5582 default:
5583 /* XXX do nothing */
5584 sah->idents = NULL;
5585 sah->identd = NULL;
5586 return 0;
5587 }
5588
5589 /* make structure */
5590 sah->idents = kmem_alloc(idsrclen, KM_SLEEP);
5591 sah->idents_len = idsrclen;
5592 sah->identd = kmem_alloc(iddstlen, KM_SLEEP);
5593 sah->identd_len = iddstlen;
5594 memcpy(sah->idents, idsrc, idsrclen);
5595 memcpy(sah->identd, iddst, iddstlen);
5596
5597 return 0;
5598 }
5599
5600 /*
5601 * m will not be freed on return.
5602 * it is caller's responsibility to free the result.
5603 */
5604 static struct mbuf *
5605 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp)
5606 {
5607 struct mbuf *n;
5608
5609 KASSERT(m != NULL);
5610 KASSERT(mhp != NULL);
5611 KASSERT(mhp->msg != NULL);
5612
5613 /* create new sadb_msg to reply. */
5614 n = key_gather_mbuf(m, mhp, 1, 15, SADB_EXT_RESERVED,
5615 SADB_EXT_SA, SADB_X_EXT_SA2,
5616 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
5617 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
5618 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST,
5619 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT,
5620 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI,
5621 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NAT_T_FRAG);
5622 if (!n)
5623 return NULL;
5624
5625 if (n->m_len < sizeof(struct sadb_msg)) {
5626 n = m_pullup(n, sizeof(struct sadb_msg));
5627 if (n == NULL)
5628 return NULL;
5629 }
5630 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
5631 mtod(n, struct sadb_msg *)->sadb_msg_len =
5632 PFKEY_UNIT64(n->m_pkthdr.len);
5633
5634 return n;
5635 }
5636
5637 static int key_delete_all (struct socket *, struct mbuf *,
5638 const struct sadb_msghdr *, u_int16_t);
5639
5640 /*
5641 * SADB_DELETE processing
5642 * receive
5643 * <base, SA(*), address(SD)>
5644 * from the ikmpd, and set SADB_SASTATE_DEAD,
5645 * and send,
5646 * <base, SA(*), address(SD)>
5647 * to the ikmpd.
5648 *
5649 * m will always be freed.
5650 */
5651 static int
5652 key_delete(struct socket *so, struct mbuf *m,
5653 const struct sadb_msghdr *mhp)
5654 {
5655 struct sadb_sa *sa0;
5656 struct sadb_address *src0, *dst0;
5657 struct secasindex saidx;
5658 struct secashead *sah;
5659 struct secasvar *sav = NULL;
5660 u_int16_t proto;
5661 int error;
5662
5663 KASSERT(so != NULL);
5664 KASSERT(m != NULL);
5665 KASSERT(mhp != NULL);
5666 KASSERT(mhp->msg != NULL);
5667
5668 /* map satype to proto */
5669 proto = key_satype2proto(mhp->msg->sadb_msg_satype);
5670 if (proto == 0) {
5671 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n");
5672 return key_senderror(so, m, EINVAL);
5673 }
5674
5675 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5676 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5677 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
5678 return key_senderror(so, m, EINVAL);
5679 }
5680
5681 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5682 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5683 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
5684 return key_senderror(so, m, EINVAL);
5685 }
5686
5687 if (mhp->ext[SADB_EXT_SA] == NULL) {
5688 /*
5689 * Caller wants us to delete all non-LARVAL SAs
5690 * that match the src/dst. This is used during
5691 * IKE INITIAL-CONTACT.
5692 */
5693 IPSECLOG(LOG_DEBUG, "doing delete all.\n");
5694 return key_delete_all(so, m, mhp, proto);
5695 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
5696 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
5697 return key_senderror(so, m, EINVAL);
5698 }
5699
5700 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5701 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5702 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5703
5704 error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1,
5705 &saidx);
5706 if (error != 0)
5707 return key_senderror(so, m, EINVAL);
5708
5709 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp);
5710 if (error != 0)
5711 return key_senderror(so, m, EINVAL);
5712
5713 /* get a SA header */
5714 LIST_FOREACH(sah, &sahtree, chain) {
5715 if (sah->state == SADB_SASTATE_DEAD)
5716 continue;
5717 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
5718 continue;
5719
5720 /* get a SA with SPI. */
5721 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5722 if (sav)
5723 break;
5724 }
5725 if (sah == NULL) {
5726 IPSECLOG(LOG_DEBUG, "no SA found.\n");
5727 return key_senderror(so, m, ENOENT);
5728 }
5729
5730 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5731 KEY_FREESAV(&sav);
5732
5733 {
5734 struct mbuf *n;
5735 struct sadb_msg *newmsg;
5736
5737 /* create new sadb_msg to reply. */
5738 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
5739 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
5740 if (!n)
5741 return key_senderror(so, m, ENOBUFS);
5742
5743 if (n->m_len < sizeof(struct sadb_msg)) {
5744 n = m_pullup(n, sizeof(struct sadb_msg));
5745 if (n == NULL)
5746 return key_senderror(so, m, ENOBUFS);
5747 }
5748 newmsg = mtod(n, struct sadb_msg *);
5749 newmsg->sadb_msg_errno = 0;
5750 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5751
5752 m_freem(m);
5753 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5754 }
5755 }
5756
5757 /*
5758 * delete all SAs for src/dst. Called from key_delete().
5759 */
5760 static int
5761 key_delete_all(struct socket *so, struct mbuf *m,
5762 const struct sadb_msghdr *mhp, u_int16_t proto)
5763 {
5764 struct sadb_address *src0, *dst0;
5765 struct secasindex saidx;
5766 struct secashead *sah;
5767 struct secasvar *sav, *nextsav;
5768 u_int state;
5769 int error;
5770
5771 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5772 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5773
5774 error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1,
5775 &saidx);
5776 if (error != 0)
5777 return key_senderror(so, m, EINVAL);
5778
5779 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp);
5780 if (error != 0)
5781 return key_senderror(so, m, EINVAL);
5782
5783 LIST_FOREACH(sah, &sahtree, chain) {
5784 if (sah->state == SADB_SASTATE_DEAD)
5785 continue;
5786 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
5787 continue;
5788
5789 /* Delete all non-LARVAL SAs. */
5790 SASTATE_ALIVE_FOREACH(state) {
5791 if (state == SADB_SASTATE_LARVAL)
5792 continue;
5793 LIST_FOREACH_SAFE(sav, &sah->savtree[state], chain,
5794 nextsav) {
5795 /* sanity check */
5796 if (sav->state != state) {
5797 IPSECLOG(LOG_DEBUG,
5798 "invalid sav->state "
5799 "(queue: %d SA: %d)\n",
5800 state, sav->state);
5801 continue;
5802 }
5803
5804 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5805 KEY_FREESAV(&sav);
5806 }
5807 }
5808 }
5809 {
5810 struct mbuf *n;
5811 struct sadb_msg *newmsg;
5812
5813 /* create new sadb_msg to reply. */
5814 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED,
5815 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
5816 if (!n)
5817 return key_senderror(so, m, ENOBUFS);
5818
5819 if (n->m_len < sizeof(struct sadb_msg)) {
5820 n = m_pullup(n, sizeof(struct sadb_msg));
5821 if (n == NULL)
5822 return key_senderror(so, m, ENOBUFS);
5823 }
5824 newmsg = mtod(n, struct sadb_msg *);
5825 newmsg->sadb_msg_errno = 0;
5826 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5827
5828 m_freem(m);
5829 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5830 }
5831 }
5832
5833 /*
5834 * SADB_GET processing
5835 * receive
5836 * <base, SA(*), address(SD)>
5837 * from the ikmpd, and get a SP and a SA to respond,
5838 * and send,
5839 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
5840 * (identity(SD),) (sensitivity)>
5841 * to the ikmpd.
5842 *
5843 * m will always be freed.
5844 */
5845 static int
5846 key_get(struct socket *so, struct mbuf *m,
5847 const struct sadb_msghdr *mhp)
5848 {
5849 struct sadb_sa *sa0;
5850 struct sadb_address *src0, *dst0;
5851 struct secasindex saidx;
5852 struct secashead *sah;
5853 struct secasvar *sav = NULL;
5854 u_int16_t proto;
5855 int error;
5856
5857 KASSERT(so != NULL);
5858 KASSERT(m != NULL);
5859 KASSERT(mhp != NULL);
5860 KASSERT(mhp->msg != NULL);
5861
5862 /* map satype to proto */
5863 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5864 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n");
5865 return key_senderror(so, m, EINVAL);
5866 }
5867
5868 if (mhp->ext[SADB_EXT_SA] == NULL ||
5869 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5870 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5871 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
5872 return key_senderror(so, m, EINVAL);
5873 }
5874 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5875 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5876 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5877 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
5878 return key_senderror(so, m, EINVAL);
5879 }
5880
5881 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5882 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5883 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5884
5885 error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1,
5886 &saidx);
5887 if (error != 0)
5888 return key_senderror(so, m, EINVAL);
5889
5890 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp);
5891 if (error != 0)
5892 return key_senderror(so, m, EINVAL);
5893
5894 /* get a SA header */
5895 LIST_FOREACH(sah, &sahtree, chain) {
5896 if (sah->state == SADB_SASTATE_DEAD)
5897 continue;
5898 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
5899 continue;
5900
5901 /* get a SA with SPI. */
5902 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5903 if (sav)
5904 break;
5905 }
5906 if (sah == NULL) {
5907 IPSECLOG(LOG_DEBUG, "no SA found.\n");
5908 return key_senderror(so, m, ENOENT);
5909 }
5910
5911 {
5912 struct mbuf *n;
5913 u_int8_t satype;
5914
5915 /* map proto to satype */
5916 satype = key_proto2satype(sah->saidx.proto);
5917 if (satype == 0) {
5918 IPSECLOG(LOG_DEBUG, "there was invalid proto in SAD.\n");
5919 return key_senderror(so, m, EINVAL);
5920 }
5921
5922 /* create new sadb_msg to reply. */
5923 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
5924 mhp->msg->sadb_msg_pid);
5925 if (!n)
5926 return key_senderror(so, m, ENOBUFS);
5927
5928 m_freem(m);
5929 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
5930 }
5931 }
5932
5933 /* XXX make it sysctl-configurable? */
5934 static void
5935 key_getcomb_setlifetime(struct sadb_comb *comb)
5936 {
5937
5938 comb->sadb_comb_soft_allocations = 1;
5939 comb->sadb_comb_hard_allocations = 1;
5940 comb->sadb_comb_soft_bytes = 0;
5941 comb->sadb_comb_hard_bytes = 0;
5942 comb->sadb_comb_hard_addtime = 86400; /* 1 day */
5943 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100;
5944 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */
5945 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
5946 }
5947
5948 /*
5949 * XXX reorder combinations by preference
5950 * XXX no idea if the user wants ESP authentication or not
5951 */
5952 static struct mbuf *
5953 key_getcomb_esp(void)
5954 {
5955 struct sadb_comb *comb;
5956 const struct enc_xform *algo;
5957 struct mbuf *result = NULL, *m, *n;
5958 int encmin;
5959 int i, off, o;
5960 int totlen;
5961 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
5962
5963 m = NULL;
5964 for (i = 1; i <= SADB_EALG_MAX; i++) {
5965 algo = esp_algorithm_lookup(i);
5966 if (algo == NULL)
5967 continue;
5968
5969 /* discard algorithms with key size smaller than system min */
5970 if (_BITS(algo->maxkey) < ipsec_esp_keymin)
5971 continue;
5972 if (_BITS(algo->minkey) < ipsec_esp_keymin)
5973 encmin = ipsec_esp_keymin;
5974 else
5975 encmin = _BITS(algo->minkey);
5976
5977 if (ipsec_esp_auth)
5978 m = key_getcomb_ah();
5979 else {
5980 KASSERTMSG(l <= MLEN,
5981 "l=%u > MLEN=%lu", l, (u_long) MLEN);
5982 MGET(m, M_DONTWAIT, MT_DATA);
5983 if (m) {
5984 M_ALIGN(m, l);
5985 m->m_len = l;
5986 m->m_next = NULL;
5987 memset(mtod(m, void *), 0, m->m_len);
5988 }
5989 }
5990 if (!m)
5991 goto fail;
5992
5993 totlen = 0;
5994 for (n = m; n; n = n->m_next)
5995 totlen += n->m_len;
5996 KASSERTMSG((totlen % l) == 0, "totlen=%u, l=%u", totlen, l);
5997
5998 for (off = 0; off < totlen; off += l) {
5999 n = m_pulldown(m, off, l, &o);
6000 if (!n) {
6001 /* m is already freed */
6002 goto fail;
6003 }
6004 comb = (struct sadb_comb *)(mtod(n, char *) + o);
6005 memset(comb, 0, sizeof(*comb));
6006 key_getcomb_setlifetime(comb);
6007 comb->sadb_comb_encrypt = i;
6008 comb->sadb_comb_encrypt_minbits = encmin;
6009 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey);
6010 }
6011
6012 if (!result)
6013 result = m;
6014 else
6015 m_cat(result, m);
6016 }
6017
6018 return result;
6019
6020 fail:
6021 if (result)
6022 m_freem(result);
6023 return NULL;
6024 }
6025
6026 static void
6027 key_getsizes_ah(const struct auth_hash *ah, int alg,
6028 u_int16_t* ksmin, u_int16_t* ksmax)
6029 {
6030 *ksmin = *ksmax = ah->keysize;
6031 if (ah->keysize == 0) {
6032 /*
6033 * Transform takes arbitrary key size but algorithm
6034 * key size is restricted. Enforce this here.
6035 */
6036 switch (alg) {
6037 case SADB_X_AALG_MD5: *ksmin = *ksmax = 16; break;
6038 case SADB_X_AALG_SHA: *ksmin = *ksmax = 20; break;
6039 case SADB_X_AALG_NULL: *ksmin = 0; *ksmax = 256; break;
6040 default:
6041 IPSECLOG(LOG_DEBUG, "unknown AH algorithm %u\n", alg);
6042 break;
6043 }
6044 }
6045 }
6046
6047 /*
6048 * XXX reorder combinations by preference
6049 */
6050 static struct mbuf *
6051 key_getcomb_ah(void)
6052 {
6053 struct sadb_comb *comb;
6054 const struct auth_hash *algo;
6055 struct mbuf *m;
6056 u_int16_t minkeysize, maxkeysize;
6057 int i;
6058 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6059
6060 m = NULL;
6061 for (i = 1; i <= SADB_AALG_MAX; i++) {
6062 #if 1
6063 /* we prefer HMAC algorithms, not old algorithms */
6064 if (i != SADB_AALG_SHA1HMAC &&
6065 i != SADB_AALG_MD5HMAC &&
6066 i != SADB_X_AALG_SHA2_256 &&
6067 i != SADB_X_AALG_SHA2_384 &&
6068 i != SADB_X_AALG_SHA2_512)
6069 continue;
6070 #endif
6071 algo = ah_algorithm_lookup(i);
6072 if (!algo)
6073 continue;
6074 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize);
6075 /* discard algorithms with key size smaller than system min */
6076 if (_BITS(minkeysize) < ipsec_ah_keymin)
6077 continue;
6078
6079 if (!m) {
6080 KASSERTMSG(l <= MLEN,
6081 "l=%u > MLEN=%lu", l, (u_long) MLEN);
6082 MGET(m, M_DONTWAIT, MT_DATA);
6083 if (m) {
6084 M_ALIGN(m, l);
6085 m->m_len = l;
6086 m->m_next = NULL;
6087 }
6088 } else
6089 M_PREPEND(m, l, M_DONTWAIT);
6090 if (!m)
6091 return NULL;
6092
6093 comb = mtod(m, struct sadb_comb *);
6094 memset(comb, 0, sizeof(*comb));
6095 key_getcomb_setlifetime(comb);
6096 comb->sadb_comb_auth = i;
6097 comb->sadb_comb_auth_minbits = _BITS(minkeysize);
6098 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize);
6099 }
6100
6101 return m;
6102 }
6103
6104 /*
6105 * not really an official behavior. discussed in pf_key (at) inner.net in Sep2000.
6106 * XXX reorder combinations by preference
6107 */
6108 static struct mbuf *
6109 key_getcomb_ipcomp(void)
6110 {
6111 struct sadb_comb *comb;
6112 const struct comp_algo *algo;
6113 struct mbuf *m;
6114 int i;
6115 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6116
6117 m = NULL;
6118 for (i = 1; i <= SADB_X_CALG_MAX; i++) {
6119 algo = ipcomp_algorithm_lookup(i);
6120 if (!algo)
6121 continue;
6122
6123 if (!m) {
6124 KASSERTMSG(l <= MLEN,
6125 "l=%u > MLEN=%lu", l, (u_long) MLEN);
6126 MGET(m, M_DONTWAIT, MT_DATA);
6127 if (m) {
6128 M_ALIGN(m, l);
6129 m->m_len = l;
6130 m->m_next = NULL;
6131 }
6132 } else
6133 M_PREPEND(m, l, M_DONTWAIT);
6134 if (!m)
6135 return NULL;
6136
6137 comb = mtod(m, struct sadb_comb *);
6138 memset(comb, 0, sizeof(*comb));
6139 key_getcomb_setlifetime(comb);
6140 comb->sadb_comb_encrypt = i;
6141 /* what should we set into sadb_comb_*_{min,max}bits? */
6142 }
6143
6144 return m;
6145 }
6146
6147 /*
6148 * XXX no way to pass mode (transport/tunnel) to userland
6149 * XXX replay checking?
6150 * XXX sysctl interface to ipsec_{ah,esp}_keymin
6151 */
6152 static struct mbuf *
6153 key_getprop(const struct secasindex *saidx)
6154 {
6155 struct sadb_prop *prop;
6156 struct mbuf *m, *n;
6157 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
6158 int totlen;
6159
6160 switch (saidx->proto) {
6161 case IPPROTO_ESP:
6162 m = key_getcomb_esp();
6163 break;
6164 case IPPROTO_AH:
6165 m = key_getcomb_ah();
6166 break;
6167 case IPPROTO_IPCOMP:
6168 m = key_getcomb_ipcomp();
6169 break;
6170 default:
6171 return NULL;
6172 }
6173
6174 if (!m)
6175 return NULL;
6176 M_PREPEND(m, l, M_DONTWAIT);
6177 if (!m)
6178 return NULL;
6179
6180 totlen = 0;
6181 for (n = m; n; n = n->m_next)
6182 totlen += n->m_len;
6183
6184 prop = mtod(m, struct sadb_prop *);
6185 memset(prop, 0, sizeof(*prop));
6186 prop->sadb_prop_len = PFKEY_UNIT64(totlen);
6187 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
6188 prop->sadb_prop_replay = 32; /* XXX */
6189
6190 return m;
6191 }
6192
6193 /*
6194 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
6195 * send
6196 * <base, SA, address(SD), (address(P)), x_policy,
6197 * (identity(SD),) (sensitivity,) proposal>
6198 * to KMD, and expect to receive
6199 * <base> with SADB_ACQUIRE if error occurred,
6200 * or
6201 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
6202 * from KMD by PF_KEY.
6203 *
6204 * XXX x_policy is outside of RFC2367 (KAME extension).
6205 * XXX sensitivity is not supported.
6206 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
6207 * see comment for key_getcomb_ipcomp().
6208 *
6209 * OUT:
6210 * 0 : succeed
6211 * others: error number
6212 */
6213 static int
6214 key_acquire(const struct secasindex *saidx, struct secpolicy *sp)
6215 {
6216 struct mbuf *result = NULL, *m;
6217 #ifndef IPSEC_NONBLOCK_ACQUIRE
6218 struct secacq *newacq;
6219 #endif
6220 u_int8_t satype;
6221 int error = -1;
6222 u_int32_t seq;
6223
6224 /* sanity check */
6225 KASSERT(saidx != NULL);
6226 satype = key_proto2satype(saidx->proto);
6227 KASSERTMSG(satype != 0, "null satype, protocol %u", saidx->proto);
6228
6229 #ifndef IPSEC_NONBLOCK_ACQUIRE
6230 /*
6231 * We never do anything about acquirng SA. There is anather
6232 * solution that kernel blocks to send SADB_ACQUIRE message until
6233 * getting something message from IKEd. In later case, to be
6234 * managed with ACQUIRING list.
6235 */
6236 /* Get an entry to check whether sending message or not. */
6237 mutex_enter(&key_mtx);
6238 newacq = key_getacq(saidx);
6239 if (newacq != NULL) {
6240 if (key_blockacq_count < newacq->count) {
6241 /* reset counter and do send message. */
6242 newacq->count = 0;
6243 } else {
6244 /* increment counter and do nothing. */
6245 newacq->count++;
6246 return 0;
6247 }
6248 } else {
6249 /* make new entry for blocking to send SADB_ACQUIRE. */
6250 newacq = key_newacq(saidx);
6251 if (newacq == NULL)
6252 return ENOBUFS;
6253
6254 /* add to acqtree */
6255 LIST_INSERT_HEAD(&acqtree, newacq, chain);
6256 }
6257
6258 seq = newacq->seq;
6259 mutex_exit(&key_mtx);
6260 #else
6261 seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
6262 #endif
6263 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
6264 if (!m) {
6265 error = ENOBUFS;
6266 goto fail;
6267 }
6268 result = m;
6269
6270 /* set sadb_address for saidx's. */
6271 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &saidx->src.sa, FULLMASK,
6272 IPSEC_ULPROTO_ANY);
6273 if (!m) {
6274 error = ENOBUFS;
6275 goto fail;
6276 }
6277 m_cat(result, m);
6278
6279 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &saidx->dst.sa, FULLMASK,
6280 IPSEC_ULPROTO_ANY);
6281 if (!m) {
6282 error = ENOBUFS;
6283 goto fail;
6284 }
6285 m_cat(result, m);
6286
6287 /* XXX proxy address (optional) */
6288
6289 /* set sadb_x_policy */
6290 if (sp) {
6291 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id);
6292 if (!m) {
6293 error = ENOBUFS;
6294 goto fail;
6295 }
6296 m_cat(result, m);
6297 }
6298
6299 /* XXX identity (optional) */
6300 #if 0
6301 if (idexttype && fqdn) {
6302 /* create identity extension (FQDN) */
6303 struct sadb_ident *id;
6304 int fqdnlen;
6305
6306 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */
6307 id = (struct sadb_ident *)p;
6308 memset(id, 0, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
6309 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
6310 id->sadb_ident_exttype = idexttype;
6311 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
6312 memcpy(id + 1, fqdn, fqdnlen);
6313 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
6314 }
6315
6316 if (idexttype) {
6317 /* create identity extension (USERFQDN) */
6318 struct sadb_ident *id;
6319 int userfqdnlen;
6320
6321 if (userfqdn) {
6322 /* +1 for terminating-NUL */
6323 userfqdnlen = strlen(userfqdn) + 1;
6324 } else
6325 userfqdnlen = 0;
6326 id = (struct sadb_ident *)p;
6327 memset(id, 0, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6328 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6329 id->sadb_ident_exttype = idexttype;
6330 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
6331 /* XXX is it correct? */
6332 if (curlwp)
6333 id->sadb_ident_id = kauth_cred_getuid(curlwp->l_cred);
6334 if (userfqdn && userfqdnlen)
6335 memcpy(id + 1, userfqdn, userfqdnlen);
6336 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
6337 }
6338 #endif
6339
6340 /* XXX sensitivity (optional) */
6341
6342 /* create proposal/combination extension */
6343 m = key_getprop(saidx);
6344 #if 0
6345 /*
6346 * spec conformant: always attach proposal/combination extension,
6347 * the problem is that we have no way to attach it for ipcomp,
6348 * due to the way sadb_comb is declared in RFC2367.
6349 */
6350 if (!m) {
6351 error = ENOBUFS;
6352 goto fail;
6353 }
6354 m_cat(result, m);
6355 #else
6356 /*
6357 * outside of spec; make proposal/combination extension optional.
6358 */
6359 if (m)
6360 m_cat(result, m);
6361 #endif
6362
6363 if ((result->m_flags & M_PKTHDR) == 0) {
6364 error = EINVAL;
6365 goto fail;
6366 }
6367
6368 if (result->m_len < sizeof(struct sadb_msg)) {
6369 result = m_pullup(result, sizeof(struct sadb_msg));
6370 if (result == NULL) {
6371 error = ENOBUFS;
6372 goto fail;
6373 }
6374 }
6375
6376 result->m_pkthdr.len = 0;
6377 for (m = result; m; m = m->m_next)
6378 result->m_pkthdr.len += m->m_len;
6379
6380 mtod(result, struct sadb_msg *)->sadb_msg_len =
6381 PFKEY_UNIT64(result->m_pkthdr.len);
6382
6383 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
6384
6385 fail:
6386 if (result)
6387 m_freem(result);
6388 return error;
6389 }
6390
6391 #ifndef IPSEC_NONBLOCK_ACQUIRE
6392 static struct secacq *
6393 key_newacq(const struct secasindex *saidx)
6394 {
6395 struct secacq *newacq;
6396
6397 /* get new entry */
6398 newacq = kmem_intr_zalloc(sizeof(struct secacq), KM_NOSLEEP);
6399 if (newacq == NULL) {
6400 IPSECLOG(LOG_DEBUG, "No more memory.\n");
6401 return NULL;
6402 }
6403
6404 /* copy secindex */
6405 memcpy(&newacq->saidx, saidx, sizeof(newacq->saidx));
6406 newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
6407 newacq->created = time_uptime;
6408 newacq->count = 0;
6409
6410 return newacq;
6411 }
6412
6413 static struct secacq *
6414 key_getacq(const struct secasindex *saidx)
6415 {
6416 struct secacq *acq;
6417
6418 KASSERT(mutex_owned(&key_mtx));
6419
6420 LIST_FOREACH(acq, &acqtree, chain) {
6421 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
6422 return acq;
6423 }
6424
6425 return NULL;
6426 }
6427
6428 static struct secacq *
6429 key_getacqbyseq(u_int32_t seq)
6430 {
6431 struct secacq *acq;
6432
6433 KASSERT(mutex_owned(&key_mtx));
6434
6435 LIST_FOREACH(acq, &acqtree, chain) {
6436 if (acq->seq == seq)
6437 return acq;
6438 }
6439
6440 return NULL;
6441 }
6442 #endif
6443
6444 #ifdef notyet
6445 static struct secspacq *
6446 key_newspacq(const struct secpolicyindex *spidx)
6447 {
6448 struct secspacq *acq;
6449
6450 /* get new entry */
6451 acq = kmem_intr_zalloc(sizeof(struct secspacq), KM_NOSLEEP);
6452 if (acq == NULL) {
6453 IPSECLOG(LOG_DEBUG, "No more memory.\n");
6454 return NULL;
6455 }
6456
6457 /* copy secindex */
6458 memcpy(&acq->spidx, spidx, sizeof(acq->spidx));
6459 acq->created = time_uptime;
6460 acq->count = 0;
6461
6462 return acq;
6463 }
6464
6465 static struct secspacq *
6466 key_getspacq(const struct secpolicyindex *spidx)
6467 {
6468 struct secspacq *acq;
6469
6470 LIST_FOREACH(acq, &spacqtree, chain) {
6471 if (key_cmpspidx_exactly(spidx, &acq->spidx))
6472 return acq;
6473 }
6474
6475 return NULL;
6476 }
6477 #endif /* notyet */
6478
6479 /*
6480 * SADB_ACQUIRE processing,
6481 * in first situation, is receiving
6482 * <base>
6483 * from the ikmpd, and clear sequence of its secasvar entry.
6484 *
6485 * In second situation, is receiving
6486 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6487 * from a user land process, and return
6488 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6489 * to the socket.
6490 *
6491 * m will always be freed.
6492 */
6493 static int
6494 key_acquire2(struct socket *so, struct mbuf *m,
6495 const struct sadb_msghdr *mhp)
6496 {
6497 const struct sadb_address *src0, *dst0;
6498 struct secasindex saidx;
6499 struct secashead *sah;
6500 u_int16_t proto;
6501 int error;
6502
6503 KASSERT(so != NULL);
6504 KASSERT(m != NULL);
6505 KASSERT(mhp != NULL);
6506 KASSERT(mhp->msg != NULL);
6507
6508 /*
6509 * Error message from KMd.
6510 * We assume that if error was occurred in IKEd, the length of PFKEY
6511 * message is equal to the size of sadb_msg structure.
6512 * We do not raise error even if error occurred in this function.
6513 */
6514 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
6515 #ifndef IPSEC_NONBLOCK_ACQUIRE
6516 struct secacq *acq;
6517
6518 /* check sequence number */
6519 if (mhp->msg->sadb_msg_seq == 0) {
6520 IPSECLOG(LOG_DEBUG, "must specify sequence number.\n");
6521 m_freem(m);
6522 return 0;
6523 }
6524
6525 mutex_enter(&key_mtx);
6526 acq = key_getacqbyseq(mhp->msg->sadb_msg_seq);
6527 if (acq == NULL) {
6528 mutex_exit(&key_mtx);
6529 /*
6530 * the specified larval SA is already gone, or we got
6531 * a bogus sequence number. we can silently ignore it.
6532 */
6533 m_freem(m);
6534 return 0;
6535 }
6536
6537 /* reset acq counter in order to deletion by timehander. */
6538 acq->created = time_uptime;
6539 acq->count = 0;
6540 mutex_exit(&key_mtx);
6541 #endif
6542 m_freem(m);
6543 return 0;
6544 }
6545
6546 /*
6547 * This message is from user land.
6548 */
6549
6550 /* map satype to proto */
6551 proto = key_satype2proto(mhp->msg->sadb_msg_satype);
6552 if (proto == 0) {
6553 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n");
6554 return key_senderror(so, m, EINVAL);
6555 }
6556
6557 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6558 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
6559 mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
6560 /* error */
6561 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
6562 return key_senderror(so, m, EINVAL);
6563 }
6564 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6565 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
6566 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
6567 /* error */
6568 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
6569 return key_senderror(so, m, EINVAL);
6570 }
6571
6572 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
6573 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
6574
6575 error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1,
6576 &saidx);
6577 if (error != 0)
6578 return key_senderror(so, m, EINVAL);
6579
6580 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp);
6581 if (error != 0)
6582 return key_senderror(so, m, EINVAL);
6583
6584 /* get a SA index */
6585 LIST_FOREACH(sah, &sahtree, chain) {
6586 if (sah->state == SADB_SASTATE_DEAD)
6587 continue;
6588 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
6589 break;
6590 }
6591 if (sah != NULL) {
6592 IPSECLOG(LOG_DEBUG, "a SA exists already.\n");
6593 return key_senderror(so, m, EEXIST);
6594 }
6595
6596 error = key_acquire(&saidx, NULL);
6597 if (error != 0) {
6598 IPSECLOG(LOG_DEBUG, "error %d returned from key_acquire.\n",
6599 mhp->msg->sadb_msg_errno);
6600 return key_senderror(so, m, error);
6601 }
6602
6603 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
6604 }
6605
6606 /*
6607 * SADB_REGISTER processing.
6608 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
6609 * receive
6610 * <base>
6611 * from the ikmpd, and register a socket to send PF_KEY messages,
6612 * and send
6613 * <base, supported>
6614 * to KMD by PF_KEY.
6615 * If socket is detached, must free from regnode.
6616 *
6617 * m will always be freed.
6618 */
6619 static int
6620 key_register(struct socket *so, struct mbuf *m,
6621 const struct sadb_msghdr *mhp)
6622 {
6623 struct secreg *reg, *newreg = 0;
6624
6625 KASSERT(!cpu_softintr_p());
6626 KASSERT(so != NULL);
6627 KASSERT(m != NULL);
6628 KASSERT(mhp != NULL);
6629 KASSERT(mhp->msg != NULL);
6630
6631 /* check for invalid register message */
6632 if (mhp->msg->sadb_msg_satype >= __arraycount(regtree))
6633 return key_senderror(so, m, EINVAL);
6634
6635 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
6636 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
6637 goto setmsg;
6638
6639 /* Allocate regnode in advance, out of mutex */
6640 newreg = kmem_zalloc(sizeof(*newreg), KM_SLEEP);
6641
6642 /* check whether existing or not */
6643 mutex_enter(&key_mtx);
6644 LIST_FOREACH(reg, ®tree[mhp->msg->sadb_msg_satype], chain) {
6645 if (reg->so == so) {
6646 IPSECLOG(LOG_DEBUG, "socket exists already.\n");
6647 mutex_exit(&key_mtx);
6648 kmem_free(newreg, sizeof(*newreg));
6649 return key_senderror(so, m, EEXIST);
6650 }
6651 }
6652
6653 newreg->so = so;
6654 ((struct keycb *)sotorawcb(so))->kp_registered++;
6655
6656 /* add regnode to regtree. */
6657 LIST_INSERT_HEAD(®tree[mhp->msg->sadb_msg_satype], newreg, chain);
6658 mutex_exit(&key_mtx);
6659
6660 setmsg:
6661 {
6662 struct mbuf *n;
6663 struct sadb_msg *newmsg;
6664 struct sadb_supported *sup;
6665 u_int len, alen, elen;
6666 int off;
6667 int i;
6668 struct sadb_alg *alg;
6669
6670 /* create new sadb_msg to reply. */
6671 alen = 0;
6672 for (i = 1; i <= SADB_AALG_MAX; i++) {
6673 if (ah_algorithm_lookup(i))
6674 alen += sizeof(struct sadb_alg);
6675 }
6676 if (alen)
6677 alen += sizeof(struct sadb_supported);
6678 elen = 0;
6679 for (i = 1; i <= SADB_EALG_MAX; i++) {
6680 if (esp_algorithm_lookup(i))
6681 elen += sizeof(struct sadb_alg);
6682 }
6683 if (elen)
6684 elen += sizeof(struct sadb_supported);
6685
6686 len = sizeof(struct sadb_msg) + alen + elen;
6687
6688 if (len > MCLBYTES)
6689 return key_senderror(so, m, ENOBUFS);
6690
6691 MGETHDR(n, M_DONTWAIT, MT_DATA);
6692 if (len > MHLEN) {
6693 MCLGET(n, M_DONTWAIT);
6694 if ((n->m_flags & M_EXT) == 0) {
6695 m_freem(n);
6696 n = NULL;
6697 }
6698 }
6699 if (!n)
6700 return key_senderror(so, m, ENOBUFS);
6701
6702 n->m_pkthdr.len = n->m_len = len;
6703 n->m_next = NULL;
6704 off = 0;
6705
6706 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off);
6707 newmsg = mtod(n, struct sadb_msg *);
6708 newmsg->sadb_msg_errno = 0;
6709 newmsg->sadb_msg_len = PFKEY_UNIT64(len);
6710 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
6711
6712 /* for authentication algorithm */
6713 if (alen) {
6714 sup = (struct sadb_supported *)(mtod(n, char *) + off);
6715 sup->sadb_supported_len = PFKEY_UNIT64(alen);
6716 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
6717 off += PFKEY_ALIGN8(sizeof(*sup));
6718
6719 for (i = 1; i <= SADB_AALG_MAX; i++) {
6720 const struct auth_hash *aalgo;
6721 u_int16_t minkeysize, maxkeysize;
6722
6723 aalgo = ah_algorithm_lookup(i);
6724 if (!aalgo)
6725 continue;
6726 alg = (struct sadb_alg *)(mtod(n, char *) + off);
6727 alg->sadb_alg_id = i;
6728 alg->sadb_alg_ivlen = 0;
6729 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize);
6730 alg->sadb_alg_minbits = _BITS(minkeysize);
6731 alg->sadb_alg_maxbits = _BITS(maxkeysize);
6732 off += PFKEY_ALIGN8(sizeof(*alg));
6733 }
6734 }
6735
6736 /* for encryption algorithm */
6737 if (elen) {
6738 sup = (struct sadb_supported *)(mtod(n, char *) + off);
6739 sup->sadb_supported_len = PFKEY_UNIT64(elen);
6740 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
6741 off += PFKEY_ALIGN8(sizeof(*sup));
6742
6743 for (i = 1; i <= SADB_EALG_MAX; i++) {
6744 const struct enc_xform *ealgo;
6745
6746 ealgo = esp_algorithm_lookup(i);
6747 if (!ealgo)
6748 continue;
6749 alg = (struct sadb_alg *)(mtod(n, char *) + off);
6750 alg->sadb_alg_id = i;
6751 alg->sadb_alg_ivlen = ealgo->blocksize;
6752 alg->sadb_alg_minbits = _BITS(ealgo->minkey);
6753 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey);
6754 off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
6755 }
6756 }
6757
6758 KASSERTMSG(off == len, "length inconsistency");
6759
6760 m_freem(m);
6761 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
6762 }
6763 }
6764
6765 /*
6766 * free secreg entry registered.
6767 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
6768 */
6769 void
6770 key_freereg(struct socket *so)
6771 {
6772 struct secreg *reg;
6773 int i;
6774
6775 KASSERT(!cpu_softintr_p());
6776 KASSERT(so != NULL);
6777
6778 /*
6779 * check whether existing or not.
6780 * check all type of SA, because there is a potential that
6781 * one socket is registered to multiple type of SA.
6782 */
6783 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
6784 mutex_enter(&key_mtx);
6785 LIST_FOREACH(reg, ®tree[i], chain) {
6786 if (reg->so == so) {
6787 LIST_REMOVE(reg, chain);
6788 break;
6789 }
6790 }
6791 mutex_exit(&key_mtx);
6792 if (reg != NULL)
6793 kmem_free(reg, sizeof(*reg));
6794 }
6795
6796 return;
6797 }
6798
6799 /*
6800 * SADB_EXPIRE processing
6801 * send
6802 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
6803 * to KMD by PF_KEY.
6804 * NOTE: We send only soft lifetime extension.
6805 *
6806 * OUT: 0 : succeed
6807 * others : error number
6808 */
6809 static int
6810 key_expire(struct secasvar *sav)
6811 {
6812 int s;
6813 int satype;
6814 struct mbuf *result = NULL, *m;
6815 int len;
6816 int error = -1;
6817 struct sadb_lifetime *lt;
6818
6819 /* XXX: Why do we lock ? */
6820 s = splsoftnet(); /*called from softclock()*/
6821
6822 KASSERT(sav != NULL);
6823 KASSERT(sav->sah != NULL);
6824
6825 satype = key_proto2satype(sav->sah->saidx.proto);
6826 KASSERTMSG(satype != 0, "invalid proto is passed");
6827
6828 /* set msg header */
6829 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
6830 if (!m) {
6831 error = ENOBUFS;
6832 goto fail;
6833 }
6834 result = m;
6835
6836 /* create SA extension */
6837 m = key_setsadbsa(sav);
6838 if (!m) {
6839 error = ENOBUFS;
6840 goto fail;
6841 }
6842 m_cat(result, m);
6843
6844 /* create SA extension */
6845 m = key_setsadbxsa2(sav->sah->saidx.mode,
6846 sav->replay ? sav->replay->count : 0, sav->sah->saidx.reqid);
6847 if (!m) {
6848 error = ENOBUFS;
6849 goto fail;
6850 }
6851 m_cat(result, m);
6852
6853 /* create lifetime extension (current and soft) */
6854 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
6855 m = key_alloc_mbuf(len);
6856 if (!m || m->m_next) { /*XXX*/
6857 if (m)
6858 m_freem(m);
6859 error = ENOBUFS;
6860 goto fail;
6861 }
6862 memset(mtod(m, void *), 0, len);
6863 lt = mtod(m, struct sadb_lifetime *);
6864 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
6865 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
6866 lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations;
6867 lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
6868 lt->sadb_lifetime_addtime =
6869 time_mono_to_wall(sav->lft_c->sadb_lifetime_addtime);
6870 lt->sadb_lifetime_usetime =
6871 time_mono_to_wall(sav->lft_c->sadb_lifetime_usetime);
6872 lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2);
6873 memcpy(lt, sav->lft_s, sizeof(*lt));
6874 m_cat(result, m);
6875
6876 /* set sadb_address for source */
6877 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &sav->sah->saidx.src.sa,
6878 FULLMASK, IPSEC_ULPROTO_ANY);
6879 if (!m) {
6880 error = ENOBUFS;
6881 goto fail;
6882 }
6883 m_cat(result, m);
6884
6885 /* set sadb_address for destination */
6886 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &sav->sah->saidx.dst.sa,
6887 FULLMASK, IPSEC_ULPROTO_ANY);
6888 if (!m) {
6889 error = ENOBUFS;
6890 goto fail;
6891 }
6892 m_cat(result, m);
6893
6894 if ((result->m_flags & M_PKTHDR) == 0) {
6895 error = EINVAL;
6896 goto fail;
6897 }
6898
6899 if (result->m_len < sizeof(struct sadb_msg)) {
6900 result = m_pullup(result, sizeof(struct sadb_msg));
6901 if (result == NULL) {
6902 error = ENOBUFS;
6903 goto fail;
6904 }
6905 }
6906
6907 result->m_pkthdr.len = 0;
6908 for (m = result; m; m = m->m_next)
6909 result->m_pkthdr.len += m->m_len;
6910
6911 mtod(result, struct sadb_msg *)->sadb_msg_len =
6912 PFKEY_UNIT64(result->m_pkthdr.len);
6913
6914 splx(s);
6915 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
6916
6917 fail:
6918 if (result)
6919 m_freem(result);
6920 splx(s);
6921 return error;
6922 }
6923
6924 /*
6925 * SADB_FLUSH processing
6926 * receive
6927 * <base>
6928 * from the ikmpd, and free all entries in secastree.
6929 * and send,
6930 * <base>
6931 * to the ikmpd.
6932 * NOTE: to do is only marking SADB_SASTATE_DEAD.
6933 *
6934 * m will always be freed.
6935 */
6936 static int
6937 key_flush(struct socket *so, struct mbuf *m,
6938 const struct sadb_msghdr *mhp)
6939 {
6940 struct sadb_msg *newmsg;
6941 struct secashead *sah;
6942 struct secasvar *sav, *nextsav;
6943 u_int16_t proto;
6944 u_int8_t state;
6945
6946 KASSERT(so != NULL);
6947 KASSERT(mhp != NULL);
6948 KASSERT(mhp->msg != NULL);
6949
6950 /* map satype to proto */
6951 proto = key_satype2proto(mhp->msg->sadb_msg_satype);
6952 if (proto == 0) {
6953 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n");
6954 return key_senderror(so, m, EINVAL);
6955 }
6956
6957 /* no SATYPE specified, i.e. flushing all SA. */
6958 LIST_FOREACH(sah, &sahtree, chain) {
6959 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
6960 proto != sah->saidx.proto)
6961 continue;
6962
6963 SASTATE_ALIVE_FOREACH(state) {
6964 LIST_FOREACH_SAFE(sav, &sah->savtree[state], chain,
6965 nextsav) {
6966 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6967 KEY_FREESAV(&sav);
6968 }
6969 }
6970
6971 sah->state = SADB_SASTATE_DEAD;
6972 }
6973
6974 if (m->m_len < sizeof(struct sadb_msg) ||
6975 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
6976 IPSECLOG(LOG_DEBUG, "No more memory.\n");
6977 return key_senderror(so, m, ENOBUFS);
6978 }
6979
6980 if (m->m_next)
6981 m_freem(m->m_next);
6982 m->m_next = NULL;
6983 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
6984 newmsg = mtod(m, struct sadb_msg *);
6985 newmsg->sadb_msg_errno = 0;
6986 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
6987
6988 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
6989 }
6990
6991
6992 static struct mbuf *
6993 key_setdump_chain(u_int8_t req_satype, int *errorp, int *lenp, pid_t pid)
6994 {
6995 struct secashead *sah;
6996 struct secasvar *sav;
6997 u_int16_t proto;
6998 u_int8_t satype;
6999 u_int8_t state;
7000 int cnt;
7001 struct mbuf *m, *n, *prev;
7002
7003 *lenp = 0;
7004
7005 /* map satype to proto */
7006 proto = key_satype2proto(req_satype);
7007 if (proto == 0) {
7008 *errorp = EINVAL;
7009 return (NULL);
7010 }
7011
7012 /* count sav entries to be sent to userland. */
7013 cnt = 0;
7014 LIST_FOREACH(sah, &sahtree, chain) {
7015 if (req_satype != SADB_SATYPE_UNSPEC &&
7016 proto != sah->saidx.proto)
7017 continue;
7018
7019 SASTATE_ANY_FOREACH(state) {
7020 LIST_FOREACH(sav, &sah->savtree[state], chain) {
7021 cnt++;
7022 }
7023 }
7024 }
7025
7026 if (cnt == 0) {
7027 *errorp = ENOENT;
7028 return (NULL);
7029 }
7030
7031 /* send this to the userland, one at a time. */
7032 m = NULL;
7033 prev = m;
7034 LIST_FOREACH(sah, &sahtree, chain) {
7035 if (req_satype != SADB_SATYPE_UNSPEC &&
7036 proto != sah->saidx.proto)
7037 continue;
7038
7039 /* map proto to satype */
7040 satype = key_proto2satype(sah->saidx.proto);
7041 if (satype == 0) {
7042 m_freem(m);
7043 *errorp = EINVAL;
7044 return (NULL);
7045 }
7046
7047 SASTATE_ANY_FOREACH(state) {
7048 LIST_FOREACH(sav, &sah->savtree[state], chain) {
7049 n = key_setdumpsa(sav, SADB_DUMP, satype,
7050 --cnt, pid);
7051 if (!n) {
7052 m_freem(m);
7053 *errorp = ENOBUFS;
7054 return (NULL);
7055 }
7056
7057 if (!m)
7058 m = n;
7059 else
7060 prev->m_nextpkt = n;
7061 prev = n;
7062 }
7063 }
7064 }
7065
7066 if (!m) {
7067 *errorp = EINVAL;
7068 return (NULL);
7069 }
7070
7071 if ((m->m_flags & M_PKTHDR) != 0) {
7072 m->m_pkthdr.len = 0;
7073 for (n = m; n; n = n->m_next)
7074 m->m_pkthdr.len += n->m_len;
7075 }
7076
7077 *errorp = 0;
7078 return (m);
7079 }
7080
7081 /*
7082 * SADB_DUMP processing
7083 * dump all entries including status of DEAD in SAD.
7084 * receive
7085 * <base>
7086 * from the ikmpd, and dump all secasvar leaves
7087 * and send,
7088 * <base> .....
7089 * to the ikmpd.
7090 *
7091 * m will always be freed.
7092 */
7093 static int
7094 key_dump(struct socket *so, struct mbuf *m0,
7095 const struct sadb_msghdr *mhp)
7096 {
7097 u_int16_t proto;
7098 u_int8_t satype;
7099 struct mbuf *n;
7100 int s;
7101 int error, len, ok;
7102
7103 KASSERT(so != NULL);
7104 KASSERT(m0 != NULL);
7105 KASSERT(mhp != NULL);
7106 KASSERT(mhp->msg != NULL);
7107
7108 /* map satype to proto */
7109 satype = mhp->msg->sadb_msg_satype;
7110 proto = key_satype2proto(satype);
7111 if (proto == 0) {
7112 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n");
7113 return key_senderror(so, m0, EINVAL);
7114 }
7115
7116 /*
7117 * If the requestor has insufficient socket-buffer space
7118 * for the entire chain, nobody gets any response to the DUMP.
7119 * XXX For now, only the requestor ever gets anything.
7120 * Moreover, if the requestor has any space at all, they receive
7121 * the entire chain, otherwise the request is refused with ENOBUFS.
7122 */
7123 if (sbspace(&so->so_rcv) <= 0) {
7124 return key_senderror(so, m0, ENOBUFS);
7125 }
7126
7127 s = splsoftnet();
7128 n = key_setdump_chain(satype, &error, &len, mhp->msg->sadb_msg_pid);
7129 splx(s);
7130
7131 if (n == NULL) {
7132 return key_senderror(so, m0, ENOENT);
7133 }
7134 {
7135 uint64_t *ps = PFKEY_STAT_GETREF();
7136 ps[PFKEY_STAT_IN_TOTAL]++;
7137 ps[PFKEY_STAT_IN_BYTES] += len;
7138 PFKEY_STAT_PUTREF();
7139 }
7140
7141 /*
7142 * PF_KEY DUMP responses are no longer broadcast to all PF_KEY sockets.
7143 * The requestor receives either the entire chain, or an
7144 * error message with ENOBUFS.
7145 *
7146 * sbappendaddrchain() takes the chain of entries, one
7147 * packet-record per SPD entry, prepends the key_src sockaddr
7148 * to each packet-record, links the sockaddr mbufs into a new
7149 * list of records, then appends the entire resulting
7150 * list to the requesting socket.
7151 */
7152 ok = sbappendaddrchain(&so->so_rcv, (struct sockaddr *)&key_src, n,
7153 SB_PRIO_ONESHOT_OVERFLOW);
7154
7155 if (!ok) {
7156 PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
7157 m_freem(n);
7158 return key_senderror(so, m0, ENOBUFS);
7159 }
7160
7161 m_freem(m0);
7162 return 0;
7163 }
7164
7165 /*
7166 * SADB_X_PROMISC processing
7167 *
7168 * m will always be freed.
7169 */
7170 static int
7171 key_promisc(struct socket *so, struct mbuf *m,
7172 const struct sadb_msghdr *mhp)
7173 {
7174 int olen;
7175
7176 KASSERT(so != NULL);
7177 KASSERT(m != NULL);
7178 KASSERT(mhp != NULL);
7179 KASSERT(mhp->msg != NULL);
7180
7181 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
7182
7183 if (olen < sizeof(struct sadb_msg)) {
7184 #if 1
7185 return key_senderror(so, m, EINVAL);
7186 #else
7187 m_freem(m);
7188 return 0;
7189 #endif
7190 } else if (olen == sizeof(struct sadb_msg)) {
7191 /* enable/disable promisc mode */
7192 struct keycb *kp = (struct keycb *)sotorawcb(so);
7193 if (kp == NULL)
7194 return key_senderror(so, m, EINVAL);
7195 mhp->msg->sadb_msg_errno = 0;
7196 switch (mhp->msg->sadb_msg_satype) {
7197 case 0:
7198 case 1:
7199 kp->kp_promisc = mhp->msg->sadb_msg_satype;
7200 break;
7201 default:
7202 return key_senderror(so, m, EINVAL);
7203 }
7204
7205 /* send the original message back to everyone */
7206 mhp->msg->sadb_msg_errno = 0;
7207 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7208 } else {
7209 /* send packet as is */
7210
7211 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
7212
7213 /* TODO: if sadb_msg_seq is specified, send to specific pid */
7214 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7215 }
7216 }
7217
7218 static int (*key_typesw[]) (struct socket *, struct mbuf *,
7219 const struct sadb_msghdr *) = {
7220 NULL, /* SADB_RESERVED */
7221 key_getspi, /* SADB_GETSPI */
7222 key_update, /* SADB_UPDATE */
7223 key_add, /* SADB_ADD */
7224 key_delete, /* SADB_DELETE */
7225 key_get, /* SADB_GET */
7226 key_acquire2, /* SADB_ACQUIRE */
7227 key_register, /* SADB_REGISTER */
7228 NULL, /* SADB_EXPIRE */
7229 key_flush, /* SADB_FLUSH */
7230 key_dump, /* SADB_DUMP */
7231 key_promisc, /* SADB_X_PROMISC */
7232 NULL, /* SADB_X_PCHANGE */
7233 key_spdadd, /* SADB_X_SPDUPDATE */
7234 key_spdadd, /* SADB_X_SPDADD */
7235 key_spddelete, /* SADB_X_SPDDELETE */
7236 key_spdget, /* SADB_X_SPDGET */
7237 NULL, /* SADB_X_SPDACQUIRE */
7238 key_spddump, /* SADB_X_SPDDUMP */
7239 key_spdflush, /* SADB_X_SPDFLUSH */
7240 key_spdadd, /* SADB_X_SPDSETIDX */
7241 NULL, /* SADB_X_SPDEXPIRE */
7242 key_spddelete2, /* SADB_X_SPDDELETE2 */
7243 key_nat_map, /* SADB_X_NAT_T_NEW_MAPPING */
7244 };
7245
7246 /*
7247 * parse sadb_msg buffer to process PFKEYv2,
7248 * and create a data to response if needed.
7249 * I think to be dealed with mbuf directly.
7250 * IN:
7251 * msgp : pointer to pointer to a received buffer pulluped.
7252 * This is rewrited to response.
7253 * so : pointer to socket.
7254 * OUT:
7255 * length for buffer to send to user process.
7256 */
7257 int
7258 key_parse(struct mbuf *m, struct socket *so)
7259 {
7260 struct sadb_msg *msg;
7261 struct sadb_msghdr mh;
7262 u_int orglen;
7263 int error;
7264 int target;
7265
7266 KASSERT(m != NULL);
7267 KASSERT(so != NULL);
7268
7269 #if 0 /*kdebug_sadb assumes msg in linear buffer*/
7270 if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP)) {
7271 IPSECLOG(LOG_DEBUG, "passed sadb_msg\n");
7272 kdebug_sadb(msg);
7273 }
7274 #endif
7275
7276 if (m->m_len < sizeof(struct sadb_msg)) {
7277 m = m_pullup(m, sizeof(struct sadb_msg));
7278 if (!m)
7279 return ENOBUFS;
7280 }
7281 msg = mtod(m, struct sadb_msg *);
7282 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
7283 target = KEY_SENDUP_ONE;
7284
7285 if ((m->m_flags & M_PKTHDR) == 0 ||
7286 m->m_pkthdr.len != orglen) {
7287 IPSECLOG(LOG_DEBUG, "invalid message length.\n");
7288 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
7289 error = EINVAL;
7290 goto senderror;
7291 }
7292
7293 if (msg->sadb_msg_version != PF_KEY_V2) {
7294 IPSECLOG(LOG_DEBUG, "PF_KEY version %u is mismatched.\n",
7295 msg->sadb_msg_version);
7296 PFKEY_STATINC(PFKEY_STAT_OUT_INVVER);
7297 error = EINVAL;
7298 goto senderror;
7299 }
7300
7301 if (msg->sadb_msg_type > SADB_MAX) {
7302 IPSECLOG(LOG_DEBUG, "invalid type %u is passed.\n",
7303 msg->sadb_msg_type);
7304 PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE);
7305 error = EINVAL;
7306 goto senderror;
7307 }
7308
7309 /* for old-fashioned code - should be nuked */
7310 if (m->m_pkthdr.len > MCLBYTES) {
7311 m_freem(m);
7312 return ENOBUFS;
7313 }
7314 if (m->m_next) {
7315 struct mbuf *n;
7316
7317 MGETHDR(n, M_DONTWAIT, MT_DATA);
7318 if (n && m->m_pkthdr.len > MHLEN) {
7319 MCLGET(n, M_DONTWAIT);
7320 if ((n->m_flags & M_EXT) == 0) {
7321 m_free(n);
7322 n = NULL;
7323 }
7324 }
7325 if (!n) {
7326 m_freem(m);
7327 return ENOBUFS;
7328 }
7329 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, void *));
7330 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
7331 n->m_next = NULL;
7332 m_freem(m);
7333 m = n;
7334 }
7335
7336 /* align the mbuf chain so that extensions are in contiguous region. */
7337 error = key_align(m, &mh);
7338 if (error)
7339 return error;
7340
7341 if (m->m_next) { /*XXX*/
7342 m_freem(m);
7343 return ENOBUFS;
7344 }
7345
7346 msg = mh.msg;
7347
7348 /* check SA type */
7349 switch (msg->sadb_msg_satype) {
7350 case SADB_SATYPE_UNSPEC:
7351 switch (msg->sadb_msg_type) {
7352 case SADB_GETSPI:
7353 case SADB_UPDATE:
7354 case SADB_ADD:
7355 case SADB_DELETE:
7356 case SADB_GET:
7357 case SADB_ACQUIRE:
7358 case SADB_EXPIRE:
7359 IPSECLOG(LOG_DEBUG,
7360 "must specify satype when msg type=%u.\n",
7361 msg->sadb_msg_type);
7362 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7363 error = EINVAL;
7364 goto senderror;
7365 }
7366 break;
7367 case SADB_SATYPE_AH:
7368 case SADB_SATYPE_ESP:
7369 case SADB_X_SATYPE_IPCOMP:
7370 case SADB_X_SATYPE_TCPSIGNATURE:
7371 switch (msg->sadb_msg_type) {
7372 case SADB_X_SPDADD:
7373 case SADB_X_SPDDELETE:
7374 case SADB_X_SPDGET:
7375 case SADB_X_SPDDUMP:
7376 case SADB_X_SPDFLUSH:
7377 case SADB_X_SPDSETIDX:
7378 case SADB_X_SPDUPDATE:
7379 case SADB_X_SPDDELETE2:
7380 IPSECLOG(LOG_DEBUG, "illegal satype=%u\n",
7381 msg->sadb_msg_type);
7382 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7383 error = EINVAL;
7384 goto senderror;
7385 }
7386 break;
7387 case SADB_SATYPE_RSVP:
7388 case SADB_SATYPE_OSPFV2:
7389 case SADB_SATYPE_RIPV2:
7390 case SADB_SATYPE_MIP:
7391 IPSECLOG(LOG_DEBUG, "type %u isn't supported.\n",
7392 msg->sadb_msg_satype);
7393 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7394 error = EOPNOTSUPP;
7395 goto senderror;
7396 case 1: /* XXX: What does it do? */
7397 if (msg->sadb_msg_type == SADB_X_PROMISC)
7398 break;
7399 /*FALLTHROUGH*/
7400 default:
7401 IPSECLOG(LOG_DEBUG, "invalid type %u is passed.\n",
7402 msg->sadb_msg_satype);
7403 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7404 error = EINVAL;
7405 goto senderror;
7406 }
7407
7408 /* check field of upper layer protocol and address family */
7409 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL &&
7410 mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
7411 struct sadb_address *src0, *dst0;
7412 u_int plen;
7413
7414 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
7415 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
7416
7417 /* check upper layer protocol */
7418 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
7419 IPSECLOG(LOG_DEBUG, "upper layer protocol mismatched.\n");
7420 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7421 error = EINVAL;
7422 goto senderror;
7423 }
7424
7425 /* check family */
7426 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
7427 PFKEY_ADDR_SADDR(dst0)->sa_family) {
7428 IPSECLOG(LOG_DEBUG, "address family mismatched.\n");
7429 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7430 error = EINVAL;
7431 goto senderror;
7432 }
7433 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7434 PFKEY_ADDR_SADDR(dst0)->sa_len) {
7435 IPSECLOG(LOG_DEBUG,
7436 "address struct size mismatched.\n");
7437 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7438 error = EINVAL;
7439 goto senderror;
7440 }
7441
7442 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
7443 case AF_INET:
7444 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7445 sizeof(struct sockaddr_in)) {
7446 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7447 error = EINVAL;
7448 goto senderror;
7449 }
7450 break;
7451 case AF_INET6:
7452 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7453 sizeof(struct sockaddr_in6)) {
7454 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7455 error = EINVAL;
7456 goto senderror;
7457 }
7458 break;
7459 default:
7460 IPSECLOG(LOG_DEBUG, "unsupported address family.\n");
7461 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7462 error = EAFNOSUPPORT;
7463 goto senderror;
7464 }
7465
7466 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
7467 case AF_INET:
7468 plen = sizeof(struct in_addr) << 3;
7469 break;
7470 case AF_INET6:
7471 plen = sizeof(struct in6_addr) << 3;
7472 break;
7473 default:
7474 plen = 0; /*fool gcc*/
7475 break;
7476 }
7477
7478 /* check max prefix length */
7479 if (src0->sadb_address_prefixlen > plen ||
7480 dst0->sadb_address_prefixlen > plen) {
7481 IPSECLOG(LOG_DEBUG, "illegal prefixlen.\n");
7482 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7483 error = EINVAL;
7484 goto senderror;
7485 }
7486
7487 /*
7488 * prefixlen == 0 is valid because there can be a case when
7489 * all addresses are matched.
7490 */
7491 }
7492
7493 if (msg->sadb_msg_type >= __arraycount(key_typesw) ||
7494 key_typesw[msg->sadb_msg_type] == NULL) {
7495 PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE);
7496 error = EINVAL;
7497 goto senderror;
7498 }
7499
7500 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
7501
7502 senderror:
7503 msg->sadb_msg_errno = error;
7504 return key_sendup_mbuf(so, m, target);
7505 }
7506
7507 static int
7508 key_senderror(struct socket *so, struct mbuf *m, int code)
7509 {
7510 struct sadb_msg *msg;
7511
7512 KASSERT(m->m_len >= sizeof(struct sadb_msg));
7513
7514 msg = mtod(m, struct sadb_msg *);
7515 msg->sadb_msg_errno = code;
7516 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
7517 }
7518
7519 /*
7520 * set the pointer to each header into message buffer.
7521 * m will be freed on error.
7522 * XXX larger-than-MCLBYTES extension?
7523 */
7524 static int
7525 key_align(struct mbuf *m, struct sadb_msghdr *mhp)
7526 {
7527 struct mbuf *n;
7528 struct sadb_ext *ext;
7529 size_t off, end;
7530 int extlen;
7531 int toff;
7532
7533 KASSERT(m != NULL);
7534 KASSERT(mhp != NULL);
7535 KASSERT(m->m_len >= sizeof(struct sadb_msg));
7536
7537 /* initialize */
7538 memset(mhp, 0, sizeof(*mhp));
7539
7540 mhp->msg = mtod(m, struct sadb_msg *);
7541 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */
7542
7543 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
7544 extlen = end; /*just in case extlen is not updated*/
7545 for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
7546 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
7547 if (!n) {
7548 /* m is already freed */
7549 return ENOBUFS;
7550 }
7551 ext = (struct sadb_ext *)(mtod(n, char *) + toff);
7552
7553 /* set pointer */
7554 switch (ext->sadb_ext_type) {
7555 case SADB_EXT_SA:
7556 case SADB_EXT_ADDRESS_SRC:
7557 case SADB_EXT_ADDRESS_DST:
7558 case SADB_EXT_ADDRESS_PROXY:
7559 case SADB_EXT_LIFETIME_CURRENT:
7560 case SADB_EXT_LIFETIME_HARD:
7561 case SADB_EXT_LIFETIME_SOFT:
7562 case SADB_EXT_KEY_AUTH:
7563 case SADB_EXT_KEY_ENCRYPT:
7564 case SADB_EXT_IDENTITY_SRC:
7565 case SADB_EXT_IDENTITY_DST:
7566 case SADB_EXT_SENSITIVITY:
7567 case SADB_EXT_PROPOSAL:
7568 case SADB_EXT_SUPPORTED_AUTH:
7569 case SADB_EXT_SUPPORTED_ENCRYPT:
7570 case SADB_EXT_SPIRANGE:
7571 case SADB_X_EXT_POLICY:
7572 case SADB_X_EXT_SA2:
7573 case SADB_X_EXT_NAT_T_TYPE:
7574 case SADB_X_EXT_NAT_T_SPORT:
7575 case SADB_X_EXT_NAT_T_DPORT:
7576 case SADB_X_EXT_NAT_T_OAI:
7577 case SADB_X_EXT_NAT_T_OAR:
7578 case SADB_X_EXT_NAT_T_FRAG:
7579 /* duplicate check */
7580 /*
7581 * XXX Are there duplication payloads of either
7582 * KEY_AUTH or KEY_ENCRYPT ?
7583 */
7584 if (mhp->ext[ext->sadb_ext_type] != NULL) {
7585 IPSECLOG(LOG_DEBUG,
7586 "duplicate ext_type %u is passed.\n",
7587 ext->sadb_ext_type);
7588 m_freem(m);
7589 PFKEY_STATINC(PFKEY_STAT_OUT_DUPEXT);
7590 return EINVAL;
7591 }
7592 break;
7593 default:
7594 IPSECLOG(LOG_DEBUG, "invalid ext_type %u is passed.\n",
7595 ext->sadb_ext_type);
7596 m_freem(m);
7597 PFKEY_STATINC(PFKEY_STAT_OUT_INVEXTTYPE);
7598 return EINVAL;
7599 }
7600
7601 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
7602
7603 if (key_validate_ext(ext, extlen)) {
7604 m_freem(m);
7605 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
7606 return EINVAL;
7607 }
7608
7609 n = m_pulldown(m, off, extlen, &toff);
7610 if (!n) {
7611 /* m is already freed */
7612 return ENOBUFS;
7613 }
7614 ext = (struct sadb_ext *)(mtod(n, char *) + toff);
7615
7616 mhp->ext[ext->sadb_ext_type] = ext;
7617 mhp->extoff[ext->sadb_ext_type] = off;
7618 mhp->extlen[ext->sadb_ext_type] = extlen;
7619 }
7620
7621 if (off != end) {
7622 m_freem(m);
7623 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
7624 return EINVAL;
7625 }
7626
7627 return 0;
7628 }
7629
7630 static int
7631 key_validate_ext(const struct sadb_ext *ext, int len)
7632 {
7633 const struct sockaddr *sa;
7634 enum { NONE, ADDR } checktype = NONE;
7635 int baselen = 0;
7636 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
7637
7638 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
7639 return EINVAL;
7640
7641 /* if it does not match minimum/maximum length, bail */
7642 if (ext->sadb_ext_type >= __arraycount(minsize) ||
7643 ext->sadb_ext_type >= __arraycount(maxsize))
7644 return EINVAL;
7645 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
7646 return EINVAL;
7647 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
7648 return EINVAL;
7649
7650 /* more checks based on sadb_ext_type XXX need more */
7651 switch (ext->sadb_ext_type) {
7652 case SADB_EXT_ADDRESS_SRC:
7653 case SADB_EXT_ADDRESS_DST:
7654 case SADB_EXT_ADDRESS_PROXY:
7655 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
7656 checktype = ADDR;
7657 break;
7658 case SADB_EXT_IDENTITY_SRC:
7659 case SADB_EXT_IDENTITY_DST:
7660 if (((const struct sadb_ident *)ext)->sadb_ident_type ==
7661 SADB_X_IDENTTYPE_ADDR) {
7662 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
7663 checktype = ADDR;
7664 } else
7665 checktype = NONE;
7666 break;
7667 default:
7668 checktype = NONE;
7669 break;
7670 }
7671
7672 switch (checktype) {
7673 case NONE:
7674 break;
7675 case ADDR:
7676 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen);
7677 if (len < baselen + sal)
7678 return EINVAL;
7679 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
7680 return EINVAL;
7681 break;
7682 }
7683
7684 return 0;
7685 }
7686
7687 static int
7688 key_do_init(void)
7689 {
7690 int i, error;
7691
7692 mutex_init(&key_mtx, MUTEX_DEFAULT, IPL_NONE);
7693
7694 pfkeystat_percpu = percpu_alloc(sizeof(uint64_t) * PFKEY_NSTATS);
7695
7696 callout_init(&key_timehandler_ch, 0);
7697 error = workqueue_create(&key_timehandler_wq, "key_timehandler",
7698 key_timehandler_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE);
7699 if (error != 0)
7700 panic("%s: workqueue_create failed (%d)\n", __func__, error);
7701
7702 for (i = 0; i < IPSEC_DIR_MAX; i++) {
7703 LIST_INIT(&sptree[i]);
7704 }
7705
7706 LIST_INIT(&sahtree);
7707
7708 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
7709 LIST_INIT(®tree[i]);
7710 }
7711
7712 #ifndef IPSEC_NONBLOCK_ACQUIRE
7713 LIST_INIT(&acqtree);
7714 #endif
7715 #ifdef notyet
7716 LIST_INIT(&spacqtree);
7717 #endif
7718
7719 /* system default */
7720 ip4_def_policy.policy = IPSEC_POLICY_NONE;
7721 ip4_def_policy.refcnt++; /*never reclaim this*/
7722
7723 #ifdef INET6
7724 ip6_def_policy.policy = IPSEC_POLICY_NONE;
7725 ip6_def_policy.refcnt++; /*never reclaim this*/
7726 #endif
7727
7728 callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL);
7729
7730 /* initialize key statistics */
7731 keystat.getspi_count = 1;
7732
7733 aprint_verbose("IPsec: Initialized Security Association Processing.\n");
7734
7735 return (0);
7736 }
7737
7738 void
7739 key_init(void)
7740 {
7741 static ONCE_DECL(key_init_once);
7742
7743 sysctl_net_keyv2_setup(NULL);
7744 sysctl_net_key_compat_setup(NULL);
7745
7746 RUN_ONCE(&key_init_once, key_do_init);
7747 }
7748
7749 /*
7750 * XXX: maybe This function is called after INBOUND IPsec processing.
7751 *
7752 * Special check for tunnel-mode packets.
7753 * We must make some checks for consistency between inner and outer IP header.
7754 *
7755 * xxx more checks to be provided
7756 */
7757 int
7758 key_checktunnelsanity(
7759 struct secasvar *sav,
7760 u_int family,
7761 void *src,
7762 void *dst
7763 )
7764 {
7765
7766 KASSERT(sav->sah != NULL);
7767
7768 /* XXX: check inner IP header */
7769
7770 return 1;
7771 }
7772
7773 #if 0
7774 #define hostnamelen strlen(hostname)
7775
7776 /*
7777 * Get FQDN for the host.
7778 * If the administrator configured hostname (by hostname(1)) without
7779 * domain name, returns nothing.
7780 */
7781 static const char *
7782 key_getfqdn(void)
7783 {
7784 int i;
7785 int hasdot;
7786 static char fqdn[MAXHOSTNAMELEN + 1];
7787
7788 if (!hostnamelen)
7789 return NULL;
7790
7791 /* check if it comes with domain name. */
7792 hasdot = 0;
7793 for (i = 0; i < hostnamelen; i++) {
7794 if (hostname[i] == '.')
7795 hasdot++;
7796 }
7797 if (!hasdot)
7798 return NULL;
7799
7800 /* NOTE: hostname may not be NUL-terminated. */
7801 memset(fqdn, 0, sizeof(fqdn));
7802 memcpy(fqdn, hostname, hostnamelen);
7803 fqdn[hostnamelen] = '\0';
7804 return fqdn;
7805 }
7806
7807 /*
7808 * get username@FQDN for the host/user.
7809 */
7810 static const char *
7811 key_getuserfqdn(void)
7812 {
7813 const char *host;
7814 static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2];
7815 struct proc *p = curproc;
7816 char *q;
7817
7818 if (!p || !p->p_pgrp || !p->p_pgrp->pg_session)
7819 return NULL;
7820 if (!(host = key_getfqdn()))
7821 return NULL;
7822
7823 /* NOTE: s_login may not be-NUL terminated. */
7824 memset(userfqdn, 0, sizeof(userfqdn));
7825 memcpy(userfqdn, Mp->p_pgrp->pg_session->s_login, AXLOGNAME);
7826 userfqdn[MAXLOGNAME] = '\0'; /* safeguard */
7827 q = userfqdn + strlen(userfqdn);
7828 *q++ = '@';
7829 memcpy(q, host, strlen(host));
7830 q += strlen(host);
7831 *q++ = '\0';
7832
7833 return userfqdn;
7834 }
7835 #endif
7836
7837 /* record data transfer on SA, and update timestamps */
7838 void
7839 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m)
7840 {
7841
7842 KASSERT(sav != NULL);
7843 KASSERT(m != NULL);
7844 if (!sav->lft_c)
7845 return;
7846
7847 /*
7848 * XXX Currently, there is a difference of bytes size
7849 * between inbound and outbound processing.
7850 */
7851 sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len;
7852 /* to check bytes lifetime is done in key_timehandler(). */
7853
7854 /*
7855 * We use the number of packets as the unit of
7856 * sadb_lifetime_allocations. We increment the variable
7857 * whenever {esp,ah}_{in,out}put is called.
7858 */
7859 sav->lft_c->sadb_lifetime_allocations++;
7860 /* XXX check for expires? */
7861
7862 /*
7863 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
7864 * in seconds. HARD and SOFT lifetime are measured by the time
7865 * difference (again in seconds) from sadb_lifetime_usetime.
7866 *
7867 * usetime
7868 * v expire expire
7869 * -----+-----+--------+---> t
7870 * <--------------> HARD
7871 * <-----> SOFT
7872 */
7873 sav->lft_c->sadb_lifetime_usetime = time_uptime;
7874 /* XXX check for expires? */
7875
7876 return;
7877 }
7878
7879 /* dumb version */
7880 void
7881 key_sa_routechange(struct sockaddr *dst)
7882 {
7883 struct secashead *sah;
7884 struct route *ro;
7885 const struct sockaddr *sa;
7886
7887 LIST_FOREACH(sah, &sahtree, chain) {
7888 ro = &sah->sa_route;
7889 sa = rtcache_getdst(ro);
7890 if (sa != NULL && dst->sa_len == sa->sa_len &&
7891 memcmp(dst, sa, dst->sa_len) == 0)
7892 rtcache_free(ro);
7893 }
7894
7895 return;
7896 }
7897
7898 static void
7899 key_sa_chgstate(struct secasvar *sav, u_int8_t state)
7900 {
7901
7902 KASSERT(sav != NULL);
7903
7904 if (sav->state == state)
7905 return;
7906
7907 KASSERT(__LIST_CHAINED(sav));
7908 LIST_REMOVE(sav, chain);
7909
7910 sav->state = state;
7911 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
7912 }
7913
7914 /* XXX too much? */
7915 static struct mbuf *
7916 key_alloc_mbuf(int l)
7917 {
7918 struct mbuf *m = NULL, *n;
7919 int len, t;
7920
7921 len = l;
7922 while (len > 0) {
7923 MGET(n, M_DONTWAIT, MT_DATA);
7924 if (n && len > MLEN)
7925 MCLGET(n, M_DONTWAIT);
7926 if (!n) {
7927 m_freem(m);
7928 return NULL;
7929 }
7930
7931 n->m_next = NULL;
7932 n->m_len = 0;
7933 n->m_len = M_TRAILINGSPACE(n);
7934 /* use the bottom of mbuf, hoping we can prepend afterwards */
7935 if (n->m_len > len) {
7936 t = (n->m_len - len) & ~(sizeof(long) - 1);
7937 n->m_data += t;
7938 n->m_len = len;
7939 }
7940
7941 len -= n->m_len;
7942
7943 if (m)
7944 m_cat(m, n);
7945 else
7946 m = n;
7947 }
7948
7949 return m;
7950 }
7951
7952 static struct mbuf *
7953 key_setdump(u_int8_t req_satype, int *errorp, uint32_t pid)
7954 {
7955 struct secashead *sah;
7956 struct secasvar *sav;
7957 u_int16_t proto;
7958 u_int8_t satype;
7959 u_int8_t state;
7960 int cnt;
7961 struct mbuf *m, *n;
7962
7963 /* map satype to proto */
7964 proto = key_satype2proto(req_satype);
7965 if (proto == 0) {
7966 *errorp = EINVAL;
7967 return (NULL);
7968 }
7969
7970 /* count sav entries to be sent to the userland. */
7971 cnt = 0;
7972 LIST_FOREACH(sah, &sahtree, chain) {
7973 if (req_satype != SADB_SATYPE_UNSPEC &&
7974 proto != sah->saidx.proto)
7975 continue;
7976
7977 SASTATE_ANY_FOREACH(state) {
7978 LIST_FOREACH(sav, &sah->savtree[state], chain) {
7979 cnt++;
7980 }
7981 }
7982 }
7983
7984 if (cnt == 0) {
7985 *errorp = ENOENT;
7986 return (NULL);
7987 }
7988
7989 /* send this to the userland, one at a time. */
7990 m = NULL;
7991 LIST_FOREACH(sah, &sahtree, chain) {
7992 if (req_satype != SADB_SATYPE_UNSPEC &&
7993 proto != sah->saidx.proto)
7994 continue;
7995
7996 /* map proto to satype */
7997 satype = key_proto2satype(sah->saidx.proto);
7998 if (satype == 0) {
7999 m_freem(m);
8000 *errorp = EINVAL;
8001 return (NULL);
8002 }
8003
8004 SASTATE_ANY_FOREACH(state) {
8005 LIST_FOREACH(sav, &sah->savtree[state], chain) {
8006 n = key_setdumpsa(sav, SADB_DUMP, satype,
8007 --cnt, pid);
8008 if (!n) {
8009 m_freem(m);
8010 *errorp = ENOBUFS;
8011 return (NULL);
8012 }
8013
8014 if (!m)
8015 m = n;
8016 else
8017 m_cat(m, n);
8018 }
8019 }
8020 }
8021
8022 if (!m) {
8023 *errorp = EINVAL;
8024 return (NULL);
8025 }
8026
8027 if ((m->m_flags & M_PKTHDR) != 0) {
8028 m->m_pkthdr.len = 0;
8029 for (n = m; n; n = n->m_next)
8030 m->m_pkthdr.len += n->m_len;
8031 }
8032
8033 *errorp = 0;
8034 return (m);
8035 }
8036
8037 static struct mbuf *
8038 key_setspddump(int *errorp, pid_t pid)
8039 {
8040 struct secpolicy *sp;
8041 int cnt;
8042 u_int dir;
8043 struct mbuf *m, *n;
8044
8045 /* search SPD entry and get buffer size. */
8046 cnt = 0;
8047 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
8048 LIST_FOREACH(sp, &sptree[dir], chain) {
8049 cnt++;
8050 }
8051 }
8052
8053 if (cnt == 0) {
8054 *errorp = ENOENT;
8055 return (NULL);
8056 }
8057
8058 m = NULL;
8059 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
8060 LIST_FOREACH(sp, &sptree[dir], chain) {
8061 --cnt;
8062 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, pid);
8063
8064 if (!n) {
8065 *errorp = ENOBUFS;
8066 m_freem(m);
8067 return (NULL);
8068 }
8069 if (!m)
8070 m = n;
8071 else {
8072 m->m_pkthdr.len += n->m_pkthdr.len;
8073 m_cat(m, n);
8074 }
8075 }
8076 }
8077
8078 *errorp = 0;
8079 return (m);
8080 }
8081
8082 int
8083 key_get_used(void) {
8084 return !LIST_EMPTY(&sptree[IPSEC_DIR_INBOUND]) ||
8085 !LIST_EMPTY(&sptree[IPSEC_DIR_OUTBOUND]);
8086 }
8087
8088 void
8089 key_update_used(void)
8090 {
8091 switch (ipsec_enabled) {
8092 default:
8093 case 0:
8094 #ifdef notyet
8095 /* XXX: racy */
8096 ipsec_used = 0;
8097 #endif
8098 break;
8099 case 1:
8100 #ifndef notyet
8101 /* XXX: racy */
8102 if (!ipsec_used)
8103 #endif
8104 ipsec_used = key_get_used();
8105 break;
8106 case 2:
8107 ipsec_used = 1;
8108 break;
8109 }
8110 }
8111
8112 static int
8113 sysctl_net_key_dumpsa(SYSCTLFN_ARGS)
8114 {
8115 struct mbuf *m, *n;
8116 int err2 = 0;
8117 char *p, *ep;
8118 size_t len;
8119 int s, error;
8120
8121 if (newp)
8122 return (EPERM);
8123 if (namelen != 1)
8124 return (EINVAL);
8125
8126 s = splsoftnet();
8127 m = key_setdump(name[0], &error, l->l_proc->p_pid);
8128 splx(s);
8129 if (!m)
8130 return (error);
8131 if (!oldp)
8132 *oldlenp = m->m_pkthdr.len;
8133 else {
8134 p = oldp;
8135 if (*oldlenp < m->m_pkthdr.len) {
8136 err2 = ENOMEM;
8137 ep = p + *oldlenp;
8138 } else {
8139 *oldlenp = m->m_pkthdr.len;
8140 ep = p + m->m_pkthdr.len;
8141 }
8142 for (n = m; n; n = n->m_next) {
8143 len = (ep - p < n->m_len) ?
8144 ep - p : n->m_len;
8145 error = copyout(mtod(n, const void *), p, len);
8146 p += len;
8147 if (error)
8148 break;
8149 }
8150 if (error == 0)
8151 error = err2;
8152 }
8153 m_freem(m);
8154
8155 return (error);
8156 }
8157
8158 static int
8159 sysctl_net_key_dumpsp(SYSCTLFN_ARGS)
8160 {
8161 struct mbuf *m, *n;
8162 int err2 = 0;
8163 char *p, *ep;
8164 size_t len;
8165 int s, error;
8166
8167 if (newp)
8168 return (EPERM);
8169 if (namelen != 0)
8170 return (EINVAL);
8171
8172 s = splsoftnet();
8173 m = key_setspddump(&error, l->l_proc->p_pid);
8174 splx(s);
8175 if (!m)
8176 return (error);
8177 if (!oldp)
8178 *oldlenp = m->m_pkthdr.len;
8179 else {
8180 p = oldp;
8181 if (*oldlenp < m->m_pkthdr.len) {
8182 err2 = ENOMEM;
8183 ep = p + *oldlenp;
8184 } else {
8185 *oldlenp = m->m_pkthdr.len;
8186 ep = p + m->m_pkthdr.len;
8187 }
8188 for (n = m; n; n = n->m_next) {
8189 len = (ep - p < n->m_len) ? ep - p : n->m_len;
8190 error = copyout(mtod(n, const void *), p, len);
8191 p += len;
8192 if (error)
8193 break;
8194 }
8195 if (error == 0)
8196 error = err2;
8197 }
8198 m_freem(m);
8199
8200 return (error);
8201 }
8202
8203 /*
8204 * Create sysctl tree for native IPSEC key knobs, originally
8205 * under name "net.keyv2" * with MIB number { CTL_NET, PF_KEY_V2. }.
8206 * However, sysctl(8) never checked for nodes under { CTL_NET, PF_KEY_V2 };
8207 * and in any case the part of our sysctl namespace used for dumping the
8208 * SPD and SA database *HAS* to be compatible with the KAME sysctl
8209 * namespace, for API reasons.
8210 *
8211 * Pending a consensus on the right way to fix this, add a level of
8212 * indirection in how we number the `native' IPSEC key nodes;
8213 * and (as requested by Andrew Brown) move registration of the
8214 * KAME-compatible names to a separate function.
8215 */
8216 #if 0
8217 # define IPSEC_PFKEY PF_KEY_V2
8218 # define IPSEC_PFKEY_NAME "keyv2"
8219 #else
8220 # define IPSEC_PFKEY PF_KEY
8221 # define IPSEC_PFKEY_NAME "key"
8222 #endif
8223
8224 static int
8225 sysctl_net_key_stats(SYSCTLFN_ARGS)
8226 {
8227
8228 return (NETSTAT_SYSCTL(pfkeystat_percpu, PFKEY_NSTATS));
8229 }
8230
8231 static void
8232 sysctl_net_keyv2_setup(struct sysctllog **clog)
8233 {
8234
8235 sysctl_createv(clog, 0, NULL, NULL,
8236 CTLFLAG_PERMANENT,
8237 CTLTYPE_NODE, IPSEC_PFKEY_NAME, NULL,
8238 NULL, 0, NULL, 0,
8239 CTL_NET, IPSEC_PFKEY, CTL_EOL);
8240
8241 sysctl_createv(clog, 0, NULL, NULL,
8242 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8243 CTLTYPE_INT, "debug", NULL,
8244 NULL, 0, &key_debug_level, 0,
8245 CTL_NET, IPSEC_PFKEY, KEYCTL_DEBUG_LEVEL, CTL_EOL);
8246 sysctl_createv(clog, 0, NULL, NULL,
8247 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8248 CTLTYPE_INT, "spi_try", NULL,
8249 NULL, 0, &key_spi_trycnt, 0,
8250 CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_TRY, CTL_EOL);
8251 sysctl_createv(clog, 0, NULL, NULL,
8252 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8253 CTLTYPE_INT, "spi_min_value", NULL,
8254 NULL, 0, &key_spi_minval, 0,
8255 CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_MIN_VALUE, CTL_EOL);
8256 sysctl_createv(clog, 0, NULL, NULL,
8257 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8258 CTLTYPE_INT, "spi_max_value", NULL,
8259 NULL, 0, &key_spi_maxval, 0,
8260 CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_MAX_VALUE, CTL_EOL);
8261 sysctl_createv(clog, 0, NULL, NULL,
8262 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8263 CTLTYPE_INT, "random_int", NULL,
8264 NULL, 0, &key_int_random, 0,
8265 CTL_NET, IPSEC_PFKEY, KEYCTL_RANDOM_INT, CTL_EOL);
8266 sysctl_createv(clog, 0, NULL, NULL,
8267 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8268 CTLTYPE_INT, "larval_lifetime", NULL,
8269 NULL, 0, &key_larval_lifetime, 0,
8270 CTL_NET, IPSEC_PFKEY, KEYCTL_LARVAL_LIFETIME, CTL_EOL);
8271 sysctl_createv(clog, 0, NULL, NULL,
8272 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8273 CTLTYPE_INT, "blockacq_count", NULL,
8274 NULL, 0, &key_blockacq_count, 0,
8275 CTL_NET, IPSEC_PFKEY, KEYCTL_BLOCKACQ_COUNT, CTL_EOL);
8276 sysctl_createv(clog, 0, NULL, NULL,
8277 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8278 CTLTYPE_INT, "blockacq_lifetime", NULL,
8279 NULL, 0, &key_blockacq_lifetime, 0,
8280 CTL_NET, IPSEC_PFKEY, KEYCTL_BLOCKACQ_LIFETIME, CTL_EOL);
8281 sysctl_createv(clog, 0, NULL, NULL,
8282 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8283 CTLTYPE_INT, "esp_keymin", NULL,
8284 NULL, 0, &ipsec_esp_keymin, 0,
8285 CTL_NET, IPSEC_PFKEY, KEYCTL_ESP_KEYMIN, CTL_EOL);
8286 sysctl_createv(clog, 0, NULL, NULL,
8287 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8288 CTLTYPE_INT, "prefered_oldsa", NULL,
8289 NULL, 0, &key_prefered_oldsa, 0,
8290 CTL_NET, PF_KEY, KEYCTL_PREFERED_OLDSA, CTL_EOL);
8291 sysctl_createv(clog, 0, NULL, NULL,
8292 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8293 CTLTYPE_INT, "esp_auth", NULL,
8294 NULL, 0, &ipsec_esp_auth, 0,
8295 CTL_NET, IPSEC_PFKEY, KEYCTL_ESP_AUTH, CTL_EOL);
8296 sysctl_createv(clog, 0, NULL, NULL,
8297 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8298 CTLTYPE_INT, "ah_keymin", NULL,
8299 NULL, 0, &ipsec_ah_keymin, 0,
8300 CTL_NET, IPSEC_PFKEY, KEYCTL_AH_KEYMIN, CTL_EOL);
8301 sysctl_createv(clog, 0, NULL, NULL,
8302 CTLFLAG_PERMANENT,
8303 CTLTYPE_STRUCT, "stats",
8304 SYSCTL_DESCR("PF_KEY statistics"),
8305 sysctl_net_key_stats, 0, NULL, 0,
8306 CTL_NET, IPSEC_PFKEY, CTL_CREATE, CTL_EOL);
8307 }
8308
8309 /*
8310 * Register sysctl names used by setkey(8). For historical reasons,
8311 * and to share a single API, these names appear under { CTL_NET, PF_KEY }
8312 * for both IPSEC and KAME IPSEC.
8313 */
8314 static void
8315 sysctl_net_key_compat_setup(struct sysctllog **clog)
8316 {
8317
8318 sysctl_createv(clog, 0, NULL, NULL,
8319 CTLFLAG_PERMANENT,
8320 CTLTYPE_NODE, "key", NULL,
8321 NULL, 0, NULL, 0,
8322 CTL_NET, PF_KEY, CTL_EOL);
8323
8324 /* Register the net.key.dump{sa,sp} nodes used by setkey(8). */
8325 sysctl_createv(clog, 0, NULL, NULL,
8326 CTLFLAG_PERMANENT,
8327 CTLTYPE_STRUCT, "dumpsa", NULL,
8328 sysctl_net_key_dumpsa, 0, NULL, 0,
8329 CTL_NET, PF_KEY, KEYCTL_DUMPSA, CTL_EOL);
8330 sysctl_createv(clog, 0, NULL, NULL,
8331 CTLFLAG_PERMANENT,
8332 CTLTYPE_STRUCT, "dumpsp", NULL,
8333 sysctl_net_key_dumpsp, 0, NULL, 0,
8334 CTL_NET, PF_KEY, KEYCTL_DUMPSP, CTL_EOL);
8335 }
8336