key.c revision 1.163.2.11
1 /* $NetBSD: key.c,v 1.163.2.11 2019/07/22 18:07:07 martin Exp $ */ 2 /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ 3 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 4 5 /* 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include <sys/cdefs.h> 35 __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.163.2.11 2019/07/22 18:07:07 martin Exp $"); 36 37 /* 38 * This code is referred to RFC 2367 39 */ 40 41 #if defined(_KERNEL_OPT) 42 #include "opt_inet.h" 43 #include "opt_ipsec.h" 44 #include "opt_gateway.h" 45 #include "opt_net_mpsafe.h" 46 #endif 47 48 #include <sys/types.h> 49 #include <sys/param.h> 50 #include <sys/systm.h> 51 #include <sys/callout.h> 52 #include <sys/kernel.h> 53 #include <sys/mbuf.h> 54 #include <sys/domain.h> 55 #include <sys/socket.h> 56 #include <sys/socketvar.h> 57 #include <sys/sysctl.h> 58 #include <sys/errno.h> 59 #include <sys/proc.h> 60 #include <sys/queue.h> 61 #include <sys/syslog.h> 62 #include <sys/once.h> 63 #include <sys/cprng.h> 64 #include <sys/psref.h> 65 #include <sys/lwp.h> 66 #include <sys/workqueue.h> 67 #include <sys/kmem.h> 68 #include <sys/cpu.h> 69 #include <sys/atomic.h> 70 #include <sys/pslist.h> 71 #include <sys/mutex.h> 72 #include <sys/condvar.h> 73 #include <sys/localcount.h> 74 #include <sys/pserialize.h> 75 #include <sys/hash.h> 76 77 #include <net/if.h> 78 #include <net/route.h> 79 80 #include <netinet/in.h> 81 #include <netinet/in_systm.h> 82 #include <netinet/ip.h> 83 #include <netinet/in_var.h> 84 #ifdef INET 85 #include <netinet/ip_var.h> 86 #endif 87 88 #ifdef INET6 89 #include <netinet/ip6.h> 90 #include <netinet6/in6_var.h> 91 #include <netinet6/ip6_var.h> 92 #endif /* INET6 */ 93 94 #ifdef INET 95 #include <netinet/in_pcb.h> 96 #endif 97 #ifdef INET6 98 #include <netinet6/in6_pcb.h> 99 #endif /* INET6 */ 100 101 #include <net/pfkeyv2.h> 102 #include <netipsec/keydb.h> 103 #include <netipsec/key.h> 104 #include <netipsec/keysock.h> 105 #include <netipsec/key_debug.h> 106 107 #include <netipsec/ipsec.h> 108 #ifdef INET6 109 #include <netipsec/ipsec6.h> 110 #endif 111 #include <netipsec/ipsec_private.h> 112 113 #include <netipsec/xform.h> 114 #include <netipsec/ipcomp.h> 115 116 117 #include <net/net_osdep.h> 118 119 #define FULLMASK 0xff 120 #define _BITS(bytes) ((bytes) << 3) 121 122 #define PORT_NONE 0 123 #define PORT_LOOSE 1 124 #define PORT_STRICT 2 125 126 #ifndef SAHHASH_NHASH 127 #define SAHHASH_NHASH 128 128 #endif 129 130 #ifndef SAVLUT_NHASH 131 #define SAVLUT_NHASH 128 132 #endif 133 134 percpu_t *pfkeystat_percpu; 135 136 /* 137 * Note on SA reference counting: 138 * - SAs that are not in DEAD state will have (total external reference + 1) 139 * following value in reference count field. they cannot be freed and are 140 * referenced from SA header. 141 * - SAs that are in DEAD state will have (total external reference) 142 * in reference count field. they are ready to be freed. reference from 143 * SA header will be removed in key_delsav(), when the reference count 144 * field hits 0 (= no external reference other than from SA header. 145 */ 146 147 u_int32_t key_debug_level = 0; 148 static u_int key_spi_trycnt = 1000; 149 static u_int32_t key_spi_minval = 0x100; 150 static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */ 151 static u_int32_t policy_id = 0; 152 static u_int key_int_random = 60; /*interval to initialize randseed,1(m)*/ 153 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/ 154 static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/ 155 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/ 156 static int key_prefered_oldsa = 0; /* prefered old sa rather than new sa.*/ 157 158 static u_int32_t acq_seq = 0; 159 160 /* 161 * Locking order: there is no order for now; it means that any locks aren't 162 * overlapped. 163 */ 164 /* 165 * Locking notes on SPD: 166 * - Modifications to the key_spd.splist must be done with holding key_spd.lock 167 * which is a adaptive mutex 168 * - Read accesses to the key_spd.splist must be in pserialize(9) read sections 169 * - SP's lifetime is managed by localcount(9) 170 * - An SP that has been inserted to the key_spd.splist is initially referenced 171 * by none, i.e., a reference from the key_spd.splist isn't counted 172 * - When an SP is being destroyed, we change its state as DEAD, wait for 173 * references to the SP to be released, and then deallocate the SP 174 * (see key_unlink_sp) 175 * - Getting an SP 176 * - Normally we get an SP from the key_spd.splist (see key_lookup_sp_byspidx) 177 * - Must iterate the list and increment the reference count of a found SP 178 * (by key_sp_ref) in a pserialize read section 179 * - We can gain another reference from a held SP only if we check its state 180 * and take its reference in a pserialize read section 181 * (see esp_output for example) 182 * - We may get an SP from an SP cache. See below 183 * - A gotten SP must be released after use by KEY_SP_UNREF (key_sp_unref) 184 * - Updating member variables of an SP 185 * - Most member variables of an SP are immutable 186 * - Only sp->state and sp->lastused can be changed 187 * - sp->state of an SP is updated only when destroying it under key_spd.lock 188 * - SP caches 189 * - SPs can be cached in PCBs 190 * - The lifetime of the caches is controlled by the global generation counter 191 * (ipsec_spdgen) 192 * - The global counter value is stored when an SP is cached 193 * - If the stored value is different from the global counter then the cache 194 * is considered invalidated 195 * - The counter is incremented when an SP is being destroyed 196 * - So checking the generation and taking a reference to an SP should be 197 * in a pserialize read section 198 * - Note that caching doesn't increment the reference counter of an SP 199 * - SPs in sockets 200 * - Userland programs can set a policy to a socket by 201 * setsockopt(IP_IPSEC_POLICY) 202 * - Such policies (SPs) are set to a socket (PCB) and also inserted to 203 * the key_spd.socksplist list (not the key_spd.splist) 204 * - Such a policy is destroyed when a corresponding socket is destroed, 205 * however, a socket can be destroyed in softint so we cannot destroy 206 * it directly instead we just mark it DEAD and delay the destruction 207 * until GC by the timer 208 * - SP origin 209 * - SPs can be created by both userland programs and kernel components. 210 * The SPs created in kernel must not be removed by userland programs, 211 * although the SPs can be read by userland programs. 212 */ 213 /* 214 * Locking notes on SAD: 215 * - Data structures 216 * - SAs are managed by the list called key_sad.sahlists and sav lists of 217 * sah entries 218 * - An sav is supposed to be an SA from a viewpoint of users 219 * - A sah has sav lists for each SA state 220 * - Multiple saves with the same saidx can exist 221 * - Only one entry has MATURE state and others should be DEAD 222 * - DEAD entries are just ignored from searching 223 * - All sav whose state is MATURE or DYING are registered to the lookup 224 * table called key_sad.savlut in addition to the savlists. 225 * - The table is used to search an sav without use of saidx. 226 * - Modifications to the key_sad.sahlists, sah.savlist and key_sad.savlut 227 * must be done with holding key_sad.lock which is a adaptive mutex 228 * - Read accesses to the key_sad.sahlists, sah.savlist and key_sad.savlut 229 * must be in pserialize(9) read sections 230 * - sah's lifetime is managed by localcount(9) 231 * - Getting an sah entry 232 * - We get an sah from the key_sad.sahlists 233 * - Must iterate the list and increment the reference count of a found sah 234 * (by key_sah_ref) in a pserialize read section 235 * - A gotten sah must be released after use by key_sah_unref 236 * - An sah is destroyed when its state become DEAD and no sav is 237 * listed to the sah 238 * - The destruction is done only in the timer (see key_timehandler_sad) 239 * - sav's lifetime is managed by localcount(9) 240 * - Getting an sav entry 241 * - First get an sah by saidx and get an sav from either of sah's savlists 242 * - Must iterate the list and increment the reference count of a found sav 243 * (by key_sa_ref) in a pserialize read section 244 * - We can gain another reference from a held SA only if we check its state 245 * and take its reference in a pserialize read section 246 * (see esp_output for example) 247 * - A gotten sav must be released after use by key_sa_unref 248 * - An sav is destroyed when its state become DEAD 249 */ 250 /* 251 * Locking notes on misc data: 252 * - All lists of key_misc are protected by key_misc.lock 253 * - key_misc.lock must be held even for read accesses 254 */ 255 256 /* SPD */ 257 static struct { 258 kmutex_t lock; 259 kcondvar_t cv_lc; 260 struct pslist_head splist[IPSEC_DIR_MAX]; 261 /* 262 * The list has SPs that are set to a socket via 263 * setsockopt(IP_IPSEC_POLICY) from userland. See ipsec_set_policy. 264 */ 265 struct pslist_head socksplist; 266 267 pserialize_t psz; 268 kcondvar_t cv_psz; 269 bool psz_performing; 270 } key_spd __cacheline_aligned; 271 272 /* SAD */ 273 static struct { 274 kmutex_t lock; 275 kcondvar_t cv_lc; 276 struct pslist_head *sahlists; 277 u_long sahlistmask; 278 struct pslist_head *savlut; 279 u_long savlutmask; 280 281 pserialize_t psz; 282 kcondvar_t cv_psz; 283 bool psz_performing; 284 } key_sad __cacheline_aligned; 285 286 /* Misc data */ 287 static struct { 288 kmutex_t lock; 289 /* registed list */ 290 LIST_HEAD(_reglist, secreg) reglist[SADB_SATYPE_MAX + 1]; 291 #ifndef IPSEC_NONBLOCK_ACQUIRE 292 /* acquiring list */ 293 LIST_HEAD(_acqlist, secacq) acqlist; 294 #endif 295 #ifdef notyet 296 /* SP acquiring list */ 297 LIST_HEAD(_spacqlist, secspacq) spacqlist; 298 #endif 299 } key_misc __cacheline_aligned; 300 301 /* Macros for key_spd.splist */ 302 #define SPLIST_ENTRY_INIT(sp) \ 303 PSLIST_ENTRY_INIT((sp), pslist_entry) 304 #define SPLIST_ENTRY_DESTROY(sp) \ 305 PSLIST_ENTRY_DESTROY((sp), pslist_entry) 306 #define SPLIST_WRITER_REMOVE(sp) \ 307 PSLIST_WRITER_REMOVE((sp), pslist_entry) 308 #define SPLIST_READER_EMPTY(dir) \ 309 (PSLIST_READER_FIRST(&key_spd.splist[(dir)], struct secpolicy, \ 310 pslist_entry) == NULL) 311 #define SPLIST_READER_FOREACH(sp, dir) \ 312 PSLIST_READER_FOREACH((sp), &key_spd.splist[(dir)], \ 313 struct secpolicy, pslist_entry) 314 #define SPLIST_WRITER_FOREACH(sp, dir) \ 315 PSLIST_WRITER_FOREACH((sp), &key_spd.splist[(dir)], \ 316 struct secpolicy, pslist_entry) 317 #define SPLIST_WRITER_INSERT_AFTER(sp, new) \ 318 PSLIST_WRITER_INSERT_AFTER((sp), (new), pslist_entry) 319 #define SPLIST_WRITER_EMPTY(dir) \ 320 (PSLIST_WRITER_FIRST(&key_spd.splist[(dir)], struct secpolicy, \ 321 pslist_entry) == NULL) 322 #define SPLIST_WRITER_INSERT_HEAD(dir, sp) \ 323 PSLIST_WRITER_INSERT_HEAD(&key_spd.splist[(dir)], (sp), \ 324 pslist_entry) 325 #define SPLIST_WRITER_NEXT(sp) \ 326 PSLIST_WRITER_NEXT((sp), struct secpolicy, pslist_entry) 327 #define SPLIST_WRITER_INSERT_TAIL(dir, new) \ 328 do { \ 329 if (SPLIST_WRITER_EMPTY((dir))) { \ 330 SPLIST_WRITER_INSERT_HEAD((dir), (new)); \ 331 } else { \ 332 struct secpolicy *__sp; \ 333 SPLIST_WRITER_FOREACH(__sp, (dir)) { \ 334 if (SPLIST_WRITER_NEXT(__sp) == NULL) { \ 335 SPLIST_WRITER_INSERT_AFTER(__sp,\ 336 (new)); \ 337 break; \ 338 } \ 339 } \ 340 } \ 341 } while (0) 342 343 /* Macros for key_spd.socksplist */ 344 #define SOCKSPLIST_WRITER_FOREACH(sp) \ 345 PSLIST_WRITER_FOREACH((sp), &key_spd.socksplist, \ 346 struct secpolicy, pslist_entry) 347 #define SOCKSPLIST_READER_EMPTY() \ 348 (PSLIST_READER_FIRST(&key_spd.socksplist, struct secpolicy, \ 349 pslist_entry) == NULL) 350 351 /* Macros for key_sad.sahlist */ 352 #define SAHLIST_ENTRY_INIT(sah) \ 353 PSLIST_ENTRY_INIT((sah), pslist_entry) 354 #define SAHLIST_ENTRY_DESTROY(sah) \ 355 PSLIST_ENTRY_DESTROY((sah), pslist_entry) 356 #define SAHLIST_WRITER_REMOVE(sah) \ 357 PSLIST_WRITER_REMOVE((sah), pslist_entry) 358 #define SAHLIST_READER_FOREACH(sah) \ 359 for(int _i_sah = 0; _i_sah <= key_sad.sahlistmask; _i_sah++) \ 360 PSLIST_READER_FOREACH((sah), &key_sad.sahlists[_i_sah], \ 361 struct secashead, pslist_entry) 362 #define SAHLIST_READER_FOREACH_SAIDX(sah, saidx) \ 363 PSLIST_READER_FOREACH((sah), \ 364 &key_sad.sahlists[key_saidxhash((saidx), \ 365 key_sad.sahlistmask)], \ 366 struct secashead, pslist_entry) 367 #define SAHLIST_WRITER_FOREACH(sah) \ 368 for(int _i_sah = 0; _i_sah <= key_sad.sahlistmask; _i_sah++) \ 369 PSLIST_WRITER_FOREACH((sah), &key_sad.sahlists[_i_sah], \ 370 struct secashead, pslist_entry) 371 #define SAHLIST_WRITER_INSERT_HEAD(sah) \ 372 PSLIST_WRITER_INSERT_HEAD( \ 373 &key_sad.sahlists[key_saidxhash(&(sah)->saidx, \ 374 key_sad.sahlistmask)], \ 375 (sah), pslist_entry) 376 377 /* Macros for key_sad.sahlist#savlist */ 378 #define SAVLIST_ENTRY_INIT(sav) \ 379 PSLIST_ENTRY_INIT((sav), pslist_entry) 380 #define SAVLIST_ENTRY_DESTROY(sav) \ 381 PSLIST_ENTRY_DESTROY((sav), pslist_entry) 382 #define SAVLIST_READER_FIRST(sah, state) \ 383 PSLIST_READER_FIRST(&(sah)->savlist[(state)], struct secasvar, \ 384 pslist_entry) 385 #define SAVLIST_WRITER_REMOVE(sav) \ 386 PSLIST_WRITER_REMOVE((sav), pslist_entry) 387 #define SAVLIST_READER_FOREACH(sav, sah, state) \ 388 PSLIST_READER_FOREACH((sav), &(sah)->savlist[(state)], \ 389 struct secasvar, pslist_entry) 390 #define SAVLIST_WRITER_FOREACH(sav, sah, state) \ 391 PSLIST_WRITER_FOREACH((sav), &(sah)->savlist[(state)], \ 392 struct secasvar, pslist_entry) 393 #define SAVLIST_WRITER_INSERT_BEFORE(sav, new) \ 394 PSLIST_WRITER_INSERT_BEFORE((sav), (new), pslist_entry) 395 #define SAVLIST_WRITER_INSERT_AFTER(sav, new) \ 396 PSLIST_WRITER_INSERT_AFTER((sav), (new), pslist_entry) 397 #define SAVLIST_WRITER_EMPTY(sah, state) \ 398 (PSLIST_WRITER_FIRST(&(sah)->savlist[(state)], struct secasvar, \ 399 pslist_entry) == NULL) 400 #define SAVLIST_WRITER_INSERT_HEAD(sah, state, sav) \ 401 PSLIST_WRITER_INSERT_HEAD(&(sah)->savlist[(state)], (sav), \ 402 pslist_entry) 403 #define SAVLIST_WRITER_NEXT(sav) \ 404 PSLIST_WRITER_NEXT((sav), struct secasvar, pslist_entry) 405 #define SAVLIST_WRITER_INSERT_TAIL(sah, state, new) \ 406 do { \ 407 if (SAVLIST_WRITER_EMPTY((sah), (state))) { \ 408 SAVLIST_WRITER_INSERT_HEAD((sah), (state), (new));\ 409 } else { \ 410 struct secasvar *__sav; \ 411 SAVLIST_WRITER_FOREACH(__sav, (sah), (state)) { \ 412 if (SAVLIST_WRITER_NEXT(__sav) == NULL) {\ 413 SAVLIST_WRITER_INSERT_AFTER(__sav,\ 414 (new)); \ 415 break; \ 416 } \ 417 } \ 418 } \ 419 } while (0) 420 #define SAVLIST_READER_NEXT(sav) \ 421 PSLIST_READER_NEXT((sav), struct secasvar, pslist_entry) 422 423 /* Macros for key_sad.savlut */ 424 #define SAVLUT_ENTRY_INIT(sav) \ 425 PSLIST_ENTRY_INIT((sav), pslist_entry_savlut) 426 #define SAVLUT_READER_FOREACH(sav, dst, proto, hash_key) \ 427 PSLIST_READER_FOREACH((sav), \ 428 &key_sad.savlut[key_savluthash(dst, proto, hash_key, \ 429 key_sad.savlutmask)], \ 430 struct secasvar, pslist_entry_savlut) 431 #define SAVLUT_WRITER_INSERT_HEAD(sav) \ 432 key_savlut_writer_insert_head((sav)) 433 #define SAVLUT_WRITER_REMOVE(sav) \ 434 do { \ 435 if (!(sav)->savlut_added) \ 436 break; \ 437 PSLIST_WRITER_REMOVE((sav), pslist_entry_savlut); \ 438 (sav)->savlut_added = false; \ 439 } while(0) 440 441 /* search order for SAs */ 442 /* 443 * This order is important because we must select the oldest SA 444 * for outbound processing. For inbound, This is not important. 445 */ 446 static const u_int saorder_state_valid_prefer_old[] = { 447 SADB_SASTATE_DYING, SADB_SASTATE_MATURE, 448 }; 449 static const u_int saorder_state_valid_prefer_new[] = { 450 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, 451 }; 452 453 static const u_int saorder_state_alive[] = { 454 /* except DEAD */ 455 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL 456 }; 457 static const u_int saorder_state_any[] = { 458 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, 459 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD 460 }; 461 462 #define SASTATE_ALIVE_FOREACH(s) \ 463 for (int _i = 0; \ 464 _i < __arraycount(saorder_state_alive) ? \ 465 (s) = saorder_state_alive[_i], true : false; \ 466 _i++) 467 #define SASTATE_ANY_FOREACH(s) \ 468 for (int _i = 0; \ 469 _i < __arraycount(saorder_state_any) ? \ 470 (s) = saorder_state_any[_i], true : false; \ 471 _i++) 472 #define SASTATE_USABLE_FOREACH(s) \ 473 for (int _i = 0; \ 474 _i < __arraycount(saorder_state_valid_prefer_new) ? \ 475 (s) = saorder_state_valid_prefer_new[_i], \ 476 true : false; \ 477 _i++) 478 479 static const int minsize[] = { 480 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 481 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 482 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 483 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 484 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 485 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */ 486 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */ 487 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */ 488 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */ 489 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */ 490 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */ 491 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */ 492 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */ 493 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */ 494 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */ 495 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */ 496 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 497 0, /* SADB_X_EXT_KMPRIVATE */ 498 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */ 499 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 500 sizeof(struct sadb_x_nat_t_type), /* SADB_X_EXT_NAT_T_TYPE */ 501 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_SPORT */ 502 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_DPORT */ 503 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */ 504 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */ 505 sizeof(struct sadb_x_nat_t_frag), /* SADB_X_EXT_NAT_T_FRAG */ 506 }; 507 static const int maxsize[] = { 508 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 509 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 510 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 511 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 512 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 513 0, /* SADB_EXT_ADDRESS_SRC */ 514 0, /* SADB_EXT_ADDRESS_DST */ 515 0, /* SADB_EXT_ADDRESS_PROXY */ 516 0, /* SADB_EXT_KEY_AUTH */ 517 0, /* SADB_EXT_KEY_ENCRYPT */ 518 0, /* SADB_EXT_IDENTITY_SRC */ 519 0, /* SADB_EXT_IDENTITY_DST */ 520 0, /* SADB_EXT_SENSITIVITY */ 521 0, /* SADB_EXT_PROPOSAL */ 522 0, /* SADB_EXT_SUPPORTED_AUTH */ 523 0, /* SADB_EXT_SUPPORTED_ENCRYPT */ 524 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 525 0, /* SADB_X_EXT_KMPRIVATE */ 526 0, /* SADB_X_EXT_POLICY */ 527 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 528 sizeof(struct sadb_x_nat_t_type), /* SADB_X_EXT_NAT_T_TYPE */ 529 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_SPORT */ 530 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_DPORT */ 531 0, /* SADB_X_EXT_NAT_T_OAI */ 532 0, /* SADB_X_EXT_NAT_T_OAR */ 533 sizeof(struct sadb_x_nat_t_frag), /* SADB_X_EXT_NAT_T_FRAG */ 534 }; 535 536 static int ipsec_esp_keymin = 256; 537 static int ipsec_esp_auth = 0; 538 static int ipsec_ah_keymin = 128; 539 540 #ifdef SYSCTL_DECL 541 SYSCTL_DECL(_net_key); 542 #endif 543 544 #ifdef SYSCTL_INT 545 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \ 546 &key_debug_level, 0, ""); 547 548 /* max count of trial for the decision of spi value */ 549 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \ 550 &key_spi_trycnt, 0, ""); 551 552 /* minimum spi value to allocate automatically. */ 553 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \ 554 &key_spi_minval, 0, ""); 555 556 /* maximun spi value to allocate automatically. */ 557 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \ 558 &key_spi_maxval, 0, ""); 559 560 /* interval to initialize randseed */ 561 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \ 562 &key_int_random, 0, ""); 563 564 /* lifetime for larval SA */ 565 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \ 566 &key_larval_lifetime, 0, ""); 567 568 /* counter for blocking to send SADB_ACQUIRE to IKEd */ 569 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \ 570 &key_blockacq_count, 0, ""); 571 572 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 573 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \ 574 &key_blockacq_lifetime, 0, ""); 575 576 /* ESP auth */ 577 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \ 578 &ipsec_esp_auth, 0, ""); 579 580 /* minimum ESP key length */ 581 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \ 582 &ipsec_esp_keymin, 0, ""); 583 584 /* minimum AH key length */ 585 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \ 586 &ipsec_ah_keymin, 0, ""); 587 588 /* perfered old SA rather than new SA */ 589 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW,\ 590 &key_prefered_oldsa, 0, ""); 591 #endif /* SYSCTL_INT */ 592 593 #define __LIST_CHAINED(elm) \ 594 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 595 #define LIST_INSERT_TAIL(head, elm, type, field) \ 596 do {\ 597 struct type *curelm = LIST_FIRST(head); \ 598 if (curelm == NULL) {\ 599 LIST_INSERT_HEAD(head, elm, field); \ 600 } else { \ 601 while (LIST_NEXT(curelm, field)) \ 602 curelm = LIST_NEXT(curelm, field);\ 603 LIST_INSERT_AFTER(curelm, elm, field);\ 604 }\ 605 } while (0) 606 607 #define KEY_CHKSASTATE(head, sav) \ 608 /* do */ { \ 609 if ((head) != (sav)) { \ 610 IPSECLOG(LOG_DEBUG, \ 611 "state mismatched (TREE=%d SA=%d)\n", \ 612 (head), (sav)); \ 613 continue; \ 614 } \ 615 } /* while (0) */ 616 617 #define KEY_CHKSPDIR(head, sp) \ 618 do { \ 619 if ((head) != (sp)) { \ 620 IPSECLOG(LOG_DEBUG, \ 621 "direction mismatched (TREE=%d SP=%d), anyway continue.\n",\ 622 (head), (sp)); \ 623 } \ 624 } while (0) 625 626 /* 627 * set parameters into secasindex buffer. 628 * Must allocate secasindex buffer before calling this function. 629 */ 630 static int 631 key_setsecasidx(int, int, int, const struct sockaddr *, 632 const struct sockaddr *, struct secasindex *); 633 634 /* key statistics */ 635 struct _keystat { 636 u_long getspi_count; /* the avarage of count to try to get new SPI */ 637 } keystat; 638 639 static void 640 key_init_spidx_bymsghdr(struct secpolicyindex *, const struct sadb_msghdr *); 641 642 static const struct sockaddr * 643 key_msghdr_get_sockaddr(const struct sadb_msghdr *mhp, int idx) 644 { 645 646 return PFKEY_ADDR_SADDR(mhp->ext[idx]); 647 } 648 649 static void 650 key_fill_replymsg(struct mbuf *m, int seq) 651 { 652 struct sadb_msg *msg; 653 654 KASSERT(m->m_len >= sizeof(*msg)); 655 656 msg = mtod(m, struct sadb_msg *); 657 msg->sadb_msg_errno = 0; 658 msg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 659 if (seq != 0) 660 msg->sadb_msg_seq = seq; 661 } 662 663 #if 0 664 static void key_freeso(struct socket *); 665 static void key_freesp_so(struct secpolicy **); 666 #endif 667 static struct secpolicy *key_getsp (const struct secpolicyindex *); 668 static struct secpolicy *key_getspbyid (u_int32_t); 669 static struct secpolicy *key_lookup_and_remove_sp(const struct secpolicyindex *, bool); 670 static struct secpolicy *key_lookupbyid_and_remove_sp(u_int32_t, bool); 671 static void key_destroy_sp(struct secpolicy *); 672 static struct mbuf *key_gather_mbuf (struct mbuf *, 673 const struct sadb_msghdr *, int, int, ...); 674 static int key_api_spdadd(struct socket *, struct mbuf *, 675 const struct sadb_msghdr *); 676 static u_int32_t key_getnewspid (void); 677 static int key_api_spddelete(struct socket *, struct mbuf *, 678 const struct sadb_msghdr *); 679 static int key_api_spddelete2(struct socket *, struct mbuf *, 680 const struct sadb_msghdr *); 681 static int key_api_spdget(struct socket *, struct mbuf *, 682 const struct sadb_msghdr *); 683 static int key_api_spdflush(struct socket *, struct mbuf *, 684 const struct sadb_msghdr *); 685 static int key_api_spddump(struct socket *, struct mbuf *, 686 const struct sadb_msghdr *); 687 static struct mbuf * key_setspddump (int *errorp, pid_t); 688 static struct mbuf * key_setspddump_chain (int *errorp, int *lenp, pid_t pid); 689 static int key_api_nat_map(struct socket *, struct mbuf *, 690 const struct sadb_msghdr *); 691 static struct mbuf *key_setdumpsp (struct secpolicy *, 692 u_int8_t, u_int32_t, pid_t); 693 static u_int key_getspreqmsglen (const struct secpolicy *); 694 static int key_spdexpire (struct secpolicy *); 695 static struct secashead *key_newsah (const struct secasindex *); 696 static void key_unlink_sah(struct secashead *); 697 static void key_destroy_sah(struct secashead *); 698 static bool key_sah_has_sav(struct secashead *); 699 static void key_sah_ref(struct secashead *); 700 static void key_sah_unref(struct secashead *); 701 static void key_init_sav(struct secasvar *); 702 static void key_wait_sav(struct secasvar *); 703 static void key_destroy_sav(struct secasvar *); 704 static struct secasvar *key_newsav(struct mbuf *, 705 const struct sadb_msghdr *, int *, const char*, int); 706 #define KEY_NEWSAV(m, sadb, e) \ 707 key_newsav(m, sadb, e, __func__, __LINE__) 708 static void key_delsav (struct secasvar *); 709 static struct secashead *key_getsah(const struct secasindex *, int); 710 static struct secashead *key_getsah_ref(const struct secasindex *, int); 711 static bool key_checkspidup(const struct secasindex *, u_int32_t); 712 static struct secasvar *key_getsavbyspi (struct secashead *, u_int32_t); 713 static int key_setsaval (struct secasvar *, struct mbuf *, 714 const struct sadb_msghdr *); 715 static void key_freesaval(struct secasvar *); 716 static int key_init_xform(struct secasvar *); 717 static void key_clear_xform(struct secasvar *); 718 static struct mbuf *key_setdumpsa (struct secasvar *, u_int8_t, 719 u_int8_t, u_int32_t, u_int32_t); 720 static struct mbuf *key_setsadbxport (u_int16_t, u_int16_t); 721 static struct mbuf *key_setsadbxtype (u_int16_t); 722 static struct mbuf *key_setsadbxfrag (u_int16_t); 723 static void key_porttosaddr (union sockaddr_union *, u_int16_t); 724 static int key_checksalen (const union sockaddr_union *); 725 static struct mbuf *key_setsadbmsg (u_int8_t, u_int16_t, u_int8_t, 726 u_int32_t, pid_t, u_int16_t, int); 727 static struct mbuf *key_setsadbsa (struct secasvar *); 728 static struct mbuf *key_setsadbaddr(u_int16_t, 729 const struct sockaddr *, u_int8_t, u_int16_t, int); 730 #if 0 731 static struct mbuf *key_setsadbident (u_int16_t, u_int16_t, void *, 732 int, u_int64_t); 733 #endif 734 static struct mbuf *key_setsadbxsa2 (u_int8_t, u_int32_t, u_int16_t); 735 static struct mbuf *key_setsadbxpolicy (u_int16_t, u_int8_t, 736 u_int32_t, int); 737 static void *key_newbuf (const void *, u_int); 738 #ifdef INET6 739 static int key_ismyaddr6 (const struct sockaddr_in6 *); 740 #endif 741 742 static void sysctl_net_keyv2_setup(struct sysctllog **); 743 static void sysctl_net_key_compat_setup(struct sysctllog **); 744 745 /* flags for key_saidx_match() */ 746 #define CMP_HEAD 1 /* protocol, addresses. */ 747 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 748 #define CMP_REQID 3 /* additionally HEAD, reaid. */ 749 #define CMP_EXACTLY 4 /* all elements. */ 750 static int key_saidx_match(const struct secasindex *, 751 const struct secasindex *, int); 752 753 static int key_sockaddr_match(const struct sockaddr *, 754 const struct sockaddr *, int); 755 static int key_bb_match_withmask(const void *, const void *, u_int); 756 static u_int16_t key_satype2proto (u_int8_t); 757 static u_int8_t key_proto2satype (u_int16_t); 758 759 static int key_spidx_match_exactly(const struct secpolicyindex *, 760 const struct secpolicyindex *); 761 static int key_spidx_match_withmask(const struct secpolicyindex *, 762 const struct secpolicyindex *); 763 764 static int key_api_getspi(struct socket *, struct mbuf *, 765 const struct sadb_msghdr *); 766 static u_int32_t key_do_getnewspi (const struct sadb_spirange *, 767 const struct secasindex *); 768 static int key_handle_natt_info (struct secasvar *, 769 const struct sadb_msghdr *); 770 static int key_set_natt_ports (union sockaddr_union *, 771 union sockaddr_union *, 772 const struct sadb_msghdr *); 773 static int key_api_update(struct socket *, struct mbuf *, 774 const struct sadb_msghdr *); 775 #ifdef IPSEC_DOSEQCHECK 776 static struct secasvar *key_getsavbyseq (struct secashead *, u_int32_t); 777 #endif 778 static int key_api_add(struct socket *, struct mbuf *, 779 const struct sadb_msghdr *); 780 static int key_setident (struct secashead *, struct mbuf *, 781 const struct sadb_msghdr *); 782 static struct mbuf *key_getmsgbuf_x1 (struct mbuf *, 783 const struct sadb_msghdr *); 784 static int key_api_delete(struct socket *, struct mbuf *, 785 const struct sadb_msghdr *); 786 static int key_api_get(struct socket *, struct mbuf *, 787 const struct sadb_msghdr *); 788 789 static void key_getcomb_setlifetime (struct sadb_comb *); 790 static struct mbuf *key_getcomb_esp(int); 791 static struct mbuf *key_getcomb_ah(int); 792 static struct mbuf *key_getcomb_ipcomp(int); 793 static struct mbuf *key_getprop(const struct secasindex *, int); 794 795 static int key_acquire(const struct secasindex *, const struct secpolicy *, 796 int); 797 static int key_acquire_sendup_mbuf_later(struct mbuf *); 798 static void key_acquire_sendup_pending_mbuf(void); 799 #ifndef IPSEC_NONBLOCK_ACQUIRE 800 static struct secacq *key_newacq (const struct secasindex *); 801 static struct secacq *key_getacq (const struct secasindex *); 802 static struct secacq *key_getacqbyseq (u_int32_t); 803 #endif 804 #ifdef notyet 805 static struct secspacq *key_newspacq (const struct secpolicyindex *); 806 static struct secspacq *key_getspacq (const struct secpolicyindex *); 807 #endif 808 static int key_api_acquire(struct socket *, struct mbuf *, 809 const struct sadb_msghdr *); 810 static int key_api_register(struct socket *, struct mbuf *, 811 const struct sadb_msghdr *); 812 static int key_expire (struct secasvar *); 813 static int key_api_flush(struct socket *, struct mbuf *, 814 const struct sadb_msghdr *); 815 static struct mbuf *key_setdump_chain (u_int8_t req_satype, int *errorp, 816 int *lenp, pid_t pid); 817 static int key_api_dump(struct socket *, struct mbuf *, 818 const struct sadb_msghdr *); 819 static int key_api_promisc(struct socket *, struct mbuf *, 820 const struct sadb_msghdr *); 821 static int key_senderror (struct socket *, struct mbuf *, int); 822 static int key_validate_ext (const struct sadb_ext *, int); 823 static int key_align (struct mbuf *, struct sadb_msghdr *); 824 #if 0 825 static const char *key_getfqdn (void); 826 static const char *key_getuserfqdn (void); 827 #endif 828 static void key_sa_chgstate (struct secasvar *, u_int8_t); 829 830 static struct mbuf *key_alloc_mbuf(int, int); 831 static struct mbuf *key_alloc_mbuf_simple(int, int); 832 833 static void key_timehandler(void *); 834 static void key_timehandler_work(struct work *, void *); 835 static struct callout key_timehandler_ch; 836 static struct workqueue *key_timehandler_wq; 837 static struct work key_timehandler_wk; 838 839 static inline void 840 key_savlut_writer_insert_head(struct secasvar *sav); 841 static inline uint32_t 842 key_saidxhash(const struct secasindex *, u_long); 843 static inline uint32_t 844 key_savluthash(const struct sockaddr *, 845 uint32_t, uint32_t, u_long); 846 847 /* 848 * Utilities for percpu counters for sadb_lifetime_allocations and 849 * sadb_lifetime_bytes. 850 */ 851 #define LIFETIME_COUNTER_ALLOCATIONS 0 852 #define LIFETIME_COUNTER_BYTES 1 853 #define LIFETIME_COUNTER_SIZE 2 854 855 typedef uint64_t lifetime_counters_t[LIFETIME_COUNTER_SIZE]; 856 857 static void 858 key_sum_lifetime_counters(void *p, void *arg, struct cpu_info *ci __unused) 859 { 860 lifetime_counters_t *one = p; 861 lifetime_counters_t *sum = arg; 862 863 (*sum)[LIFETIME_COUNTER_ALLOCATIONS] += (*one)[LIFETIME_COUNTER_ALLOCATIONS]; 864 (*sum)[LIFETIME_COUNTER_BYTES] += (*one)[LIFETIME_COUNTER_BYTES]; 865 } 866 867 u_int 868 key_sp_refcnt(const struct secpolicy *sp) 869 { 870 871 /* FIXME */ 872 return 0; 873 } 874 875 static void 876 key_spd_pserialize_perform(void) 877 { 878 879 KASSERT(mutex_owned(&key_spd.lock)); 880 881 while (key_spd.psz_performing) 882 cv_wait(&key_spd.cv_psz, &key_spd.lock); 883 key_spd.psz_performing = true; 884 mutex_exit(&key_spd.lock); 885 886 pserialize_perform(key_spd.psz); 887 888 mutex_enter(&key_spd.lock); 889 key_spd.psz_performing = false; 890 cv_broadcast(&key_spd.cv_psz); 891 } 892 893 /* 894 * Remove the sp from the key_spd.splist and wait for references to the sp 895 * to be released. key_spd.lock must be held. 896 */ 897 static void 898 key_unlink_sp(struct secpolicy *sp) 899 { 900 901 KASSERT(mutex_owned(&key_spd.lock)); 902 903 sp->state = IPSEC_SPSTATE_DEAD; 904 SPLIST_WRITER_REMOVE(sp); 905 906 /* Invalidate all cached SPD pointers in the PCBs. */ 907 ipsec_invalpcbcacheall(); 908 909 KDASSERT(mutex_ownable(softnet_lock)); 910 key_spd_pserialize_perform(); 911 912 localcount_drain(&sp->localcount, &key_spd.cv_lc, &key_spd.lock); 913 } 914 915 /* 916 * Return 0 when there are known to be no SP's for the specified 917 * direction. Otherwise return 1. This is used by IPsec code 918 * to optimize performance. 919 */ 920 int 921 key_havesp(u_int dir) 922 { 923 return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? 924 !SPLIST_READER_EMPTY(dir) : 1); 925 } 926 927 /* %%% IPsec policy management */ 928 /* 929 * allocating a SP for OUTBOUND or INBOUND packet. 930 * Must call key_freesp() later. 931 * OUT: NULL: not found 932 * others: found and return the pointer. 933 */ 934 struct secpolicy * 935 key_lookup_sp_byspidx(const struct secpolicyindex *spidx, 936 u_int dir, const char* where, int tag) 937 { 938 struct secpolicy *sp; 939 int s; 940 941 KASSERT(spidx != NULL); 942 KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir); 943 944 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag); 945 946 /* get a SP entry */ 947 if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) { 948 kdebug_secpolicyindex("objects", spidx); 949 } 950 951 s = pserialize_read_enter(); 952 SPLIST_READER_FOREACH(sp, dir) { 953 if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) { 954 kdebug_secpolicyindex("in SPD", &sp->spidx); 955 } 956 957 if (sp->state == IPSEC_SPSTATE_DEAD) 958 continue; 959 if (key_spidx_match_withmask(&sp->spidx, spidx)) 960 goto found; 961 } 962 sp = NULL; 963 found: 964 if (sp) { 965 /* sanity check */ 966 KEY_CHKSPDIR(sp->spidx.dir, dir); 967 968 /* found a SPD entry */ 969 sp->lastused = time_uptime; 970 key_sp_ref(sp, where, tag); 971 } 972 pserialize_read_exit(s); 973 974 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 975 "DP return SP:%p (ID=%u) refcnt %u\n", 976 sp, sp ? sp->id : 0, key_sp_refcnt(sp)); 977 return sp; 978 } 979 980 /* 981 * return a policy that matches this particular inbound packet. 982 * XXX slow 983 */ 984 struct secpolicy * 985 key_gettunnel(const struct sockaddr *osrc, 986 const struct sockaddr *odst, 987 const struct sockaddr *isrc, 988 const struct sockaddr *idst, 989 const char* where, int tag) 990 { 991 struct secpolicy *sp; 992 const int dir = IPSEC_DIR_INBOUND; 993 int s; 994 struct ipsecrequest *r1, *r2, *p; 995 struct secpolicyindex spidx; 996 997 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag); 998 999 if (isrc->sa_family != idst->sa_family) { 1000 IPSECLOG(LOG_ERR, "protocol family mismatched %d != %d\n.", 1001 isrc->sa_family, idst->sa_family); 1002 sp = NULL; 1003 goto done; 1004 } 1005 1006 s = pserialize_read_enter(); 1007 SPLIST_READER_FOREACH(sp, dir) { 1008 if (sp->state == IPSEC_SPSTATE_DEAD) 1009 continue; 1010 1011 r1 = r2 = NULL; 1012 for (p = sp->req; p; p = p->next) { 1013 if (p->saidx.mode != IPSEC_MODE_TUNNEL) 1014 continue; 1015 1016 r1 = r2; 1017 r2 = p; 1018 1019 if (!r1) { 1020 /* here we look at address matches only */ 1021 spidx = sp->spidx; 1022 if (isrc->sa_len > sizeof(spidx.src) || 1023 idst->sa_len > sizeof(spidx.dst)) 1024 continue; 1025 memcpy(&spidx.src, isrc, isrc->sa_len); 1026 memcpy(&spidx.dst, idst, idst->sa_len); 1027 if (!key_spidx_match_withmask(&sp->spidx, &spidx)) 1028 continue; 1029 } else { 1030 if (!key_sockaddr_match(&r1->saidx.src.sa, isrc, PORT_NONE) || 1031 !key_sockaddr_match(&r1->saidx.dst.sa, idst, PORT_NONE)) 1032 continue; 1033 } 1034 1035 if (!key_sockaddr_match(&r2->saidx.src.sa, osrc, PORT_NONE) || 1036 !key_sockaddr_match(&r2->saidx.dst.sa, odst, PORT_NONE)) 1037 continue; 1038 1039 goto found; 1040 } 1041 } 1042 sp = NULL; 1043 found: 1044 if (sp) { 1045 sp->lastused = time_uptime; 1046 key_sp_ref(sp, where, tag); 1047 } 1048 pserialize_read_exit(s); 1049 done: 1050 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1051 "DP return SP:%p (ID=%u) refcnt %u\n", 1052 sp, sp ? sp->id : 0, key_sp_refcnt(sp)); 1053 return sp; 1054 } 1055 1056 /* 1057 * allocating an SA entry for an *OUTBOUND* packet. 1058 * checking each request entries in SP, and acquire an SA if need. 1059 * OUT: 0: there are valid requests. 1060 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring. 1061 */ 1062 int 1063 key_checkrequest(const struct ipsecrequest *isr, const struct secasindex *saidx, 1064 struct secasvar **ret) 1065 { 1066 u_int level; 1067 int error; 1068 struct secasvar *sav; 1069 1070 KASSERT(isr != NULL); 1071 KASSERTMSG(saidx->mode == IPSEC_MODE_TRANSPORT || 1072 saidx->mode == IPSEC_MODE_TUNNEL, 1073 "unexpected policy %u", saidx->mode); 1074 1075 /* get current level */ 1076 level = ipsec_get_reqlevel(isr); 1077 1078 /* 1079 * XXX guard against protocol callbacks from the crypto 1080 * thread as they reference ipsecrequest.sav which we 1081 * temporarily null out below. Need to rethink how we 1082 * handle bundled SA's in the callback thread. 1083 */ 1084 IPSEC_SPLASSERT_SOFTNET("key_checkrequest"); 1085 1086 sav = key_lookup_sa_bysaidx(saidx); 1087 if (sav != NULL) { 1088 *ret = sav; 1089 return 0; 1090 } 1091 1092 /* there is no SA */ 1093 error = key_acquire(saidx, isr->sp, M_NOWAIT); 1094 if (error != 0) { 1095 /* XXX What should I do ? */ 1096 IPSECLOG(LOG_DEBUG, "error %d returned from key_acquire.\n", 1097 error); 1098 return error; 1099 } 1100 1101 if (level != IPSEC_LEVEL_REQUIRE) { 1102 /* XXX sigh, the interface to this routine is botched */ 1103 *ret = NULL; 1104 return 0; 1105 } else { 1106 return ENOENT; 1107 } 1108 } 1109 1110 /* 1111 * looking up a SA for policy entry from SAD. 1112 * NOTE: searching SAD of aliving state. 1113 * OUT: NULL: not found. 1114 * others: found and return the pointer. 1115 */ 1116 struct secasvar * 1117 key_lookup_sa_bysaidx(const struct secasindex *saidx) 1118 { 1119 struct secashead *sah; 1120 struct secasvar *sav = NULL; 1121 u_int stateidx, state; 1122 const u_int *saorder_state_valid; 1123 int arraysize; 1124 int s; 1125 1126 s = pserialize_read_enter(); 1127 sah = key_getsah(saidx, CMP_MODE_REQID); 1128 if (sah == NULL) 1129 goto out; 1130 1131 /* 1132 * search a valid state list for outbound packet. 1133 * This search order is important. 1134 */ 1135 if (key_prefered_oldsa) { 1136 saorder_state_valid = saorder_state_valid_prefer_old; 1137 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old); 1138 } else { 1139 saorder_state_valid = saorder_state_valid_prefer_new; 1140 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new); 1141 } 1142 1143 /* search valid state */ 1144 for (stateidx = 0; 1145 stateidx < arraysize; 1146 stateidx++) { 1147 1148 state = saorder_state_valid[stateidx]; 1149 1150 if (key_prefered_oldsa) 1151 sav = SAVLIST_READER_FIRST(sah, state); 1152 else { 1153 /* XXX need O(1) lookup */ 1154 struct secasvar *last = NULL; 1155 1156 SAVLIST_READER_FOREACH(sav, sah, state) 1157 last = sav; 1158 sav = last; 1159 } 1160 if (sav != NULL) { 1161 KEY_SA_REF(sav); 1162 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1163 "DP cause refcnt++:%d SA:%p\n", 1164 key_sa_refcnt(sav), sav); 1165 break; 1166 } 1167 } 1168 out: 1169 pserialize_read_exit(s); 1170 1171 return sav; 1172 } 1173 1174 #if 0 1175 static void 1176 key_sendup_message_delete(struct secasvar *sav) 1177 { 1178 struct mbuf *m, *result = 0; 1179 uint8_t satype; 1180 1181 satype = key_proto2satype(sav->sah->saidx.proto); 1182 if (satype == 0) 1183 goto msgfail; 1184 1185 m = key_setsadbmsg(SADB_DELETE, 0, satype, 0, 0, key_sa_refcnt(sav) - 1); 1186 if (m == NULL) 1187 goto msgfail; 1188 result = m; 1189 1190 /* set sadb_address for saidx's. */ 1191 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &sav->sah->saidx.src.sa, 1192 sav->sah->saidx.src.sa.sa_len << 3, IPSEC_ULPROTO_ANY); 1193 if (m == NULL) 1194 goto msgfail; 1195 m_cat(result, m); 1196 1197 /* set sadb_address for saidx's. */ 1198 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &sav->sah->saidx.src.sa, 1199 sav->sah->saidx.src.sa.sa_len << 3, IPSEC_ULPROTO_ANY); 1200 if (m == NULL) 1201 goto msgfail; 1202 m_cat(result, m); 1203 1204 /* create SA extension */ 1205 m = key_setsadbsa(sav); 1206 if (m == NULL) 1207 goto msgfail; 1208 m_cat(result, m); 1209 1210 if (result->m_len < sizeof(struct sadb_msg)) { 1211 result = m_pullup(result, sizeof(struct sadb_msg)); 1212 if (result == NULL) 1213 goto msgfail; 1214 } 1215 1216 result->m_pkthdr.len = 0; 1217 for (m = result; m; m = m->m_next) 1218 result->m_pkthdr.len += m->m_len; 1219 mtod(result, struct sadb_msg *)->sadb_msg_len = 1220 PFKEY_UNIT64(result->m_pkthdr.len); 1221 1222 key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 1223 result = NULL; 1224 msgfail: 1225 if (result) 1226 m_freem(result); 1227 } 1228 #endif 1229 1230 /* 1231 * allocating a usable SA entry for a *INBOUND* packet. 1232 * Must call key_freesav() later. 1233 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 1234 * NULL: not found, or error occurred. 1235 * 1236 * In the comparison, no source address is used--for RFC2401 conformance. 1237 * To quote, from section 4.1: 1238 * A security association is uniquely identified by a triple consisting 1239 * of a Security Parameter Index (SPI), an IP Destination Address, and a 1240 * security protocol (AH or ESP) identifier. 1241 * Note that, however, we do need to keep source address in IPsec SA. 1242 * IKE specification and PF_KEY specification do assume that we 1243 * keep source address in IPsec SA. We see a tricky situation here. 1244 * 1245 * sport and dport are used for NAT-T. network order is always used. 1246 */ 1247 struct secasvar * 1248 key_lookup_sa( 1249 const union sockaddr_union *dst, 1250 u_int proto, 1251 u_int32_t spi, 1252 u_int16_t sport, 1253 u_int16_t dport, 1254 const char* where, int tag) 1255 { 1256 struct secasvar *sav; 1257 int chkport; 1258 int s; 1259 1260 int must_check_spi = 1; 1261 int must_check_alg = 0; 1262 u_int16_t cpi = 0; 1263 u_int8_t algo = 0; 1264 uint32_t hash_key = spi; 1265 1266 if ((sport != 0) && (dport != 0)) 1267 chkport = PORT_STRICT; 1268 else 1269 chkport = PORT_NONE; 1270 1271 KASSERT(dst != NULL); 1272 1273 /* 1274 * XXX IPCOMP case 1275 * We use cpi to define spi here. In the case where cpi <= 1276 * IPCOMP_CPI_NEGOTIATE_MIN, cpi just define the algorithm used, not 1277 * the real spi. In this case, don't check the spi but check the 1278 * algorithm 1279 */ 1280 1281 if (proto == IPPROTO_IPCOMP) { 1282 u_int32_t tmp; 1283 tmp = ntohl(spi); 1284 cpi = (u_int16_t) tmp; 1285 if (cpi < IPCOMP_CPI_NEGOTIATE_MIN) { 1286 algo = (u_int8_t) cpi; 1287 hash_key = algo; 1288 must_check_spi = 0; 1289 must_check_alg = 1; 1290 } 1291 } 1292 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1293 "DP from %s:%u check_spi=%d, check_alg=%d\n", 1294 where, tag, must_check_spi, must_check_alg); 1295 1296 1297 /* 1298 * searching SAD. 1299 * XXX: to be checked internal IP header somewhere. Also when 1300 * IPsec tunnel packet is received. But ESP tunnel mode is 1301 * encrypted so we can't check internal IP header. 1302 */ 1303 s = pserialize_read_enter(); 1304 SAVLUT_READER_FOREACH(sav, &dst->sa, proto, hash_key) { 1305 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 1306 "try match spi %#x, %#x\n", 1307 ntohl(spi), ntohl(sav->spi)); 1308 1309 /* do not return entries w/ unusable state */ 1310 if (!SADB_SASTATE_USABLE_P(sav)) { 1311 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 1312 "bad state %d\n", sav->state); 1313 continue; 1314 } 1315 if (proto != sav->sah->saidx.proto) { 1316 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 1317 "proto fail %d != %d\n", 1318 proto, sav->sah->saidx.proto); 1319 continue; 1320 } 1321 if (must_check_spi && spi != sav->spi) { 1322 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 1323 "spi fail %#x != %#x\n", 1324 ntohl(spi), ntohl(sav->spi)); 1325 continue; 1326 } 1327 /* XXX only on the ipcomp case */ 1328 if (must_check_alg && algo != sav->alg_comp) { 1329 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 1330 "algo fail %d != %d\n", 1331 algo, sav->alg_comp); 1332 continue; 1333 } 1334 1335 #if 0 /* don't check src */ 1336 /* Fix port in src->sa */ 1337 1338 /* check src address */ 1339 if (!key_sockaddr_match(&src->sa, &sav->sah->saidx.src.sa, PORT_NONE)) 1340 continue; 1341 #endif 1342 /* fix port of dst address XXX*/ 1343 key_porttosaddr(__UNCONST(dst), dport); 1344 /* check dst address */ 1345 if (!key_sockaddr_match(&dst->sa, &sav->sah->saidx.dst.sa, chkport)) 1346 continue; 1347 key_sa_ref(sav, where, tag); 1348 goto done; 1349 } 1350 sav = NULL; 1351 done: 1352 pserialize_read_exit(s); 1353 1354 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1355 "DP return SA:%p; refcnt %u\n", sav, key_sa_refcnt(sav)); 1356 return sav; 1357 } 1358 1359 static void 1360 key_validate_savlist(const struct secashead *sah, const u_int state) 1361 { 1362 #ifdef DEBUG 1363 struct secasvar *sav, *next; 1364 int s; 1365 1366 /* 1367 * The list should be sorted by lft_c->sadb_lifetime_addtime 1368 * in ascending order. 1369 */ 1370 s = pserialize_read_enter(); 1371 SAVLIST_READER_FOREACH(sav, sah, state) { 1372 next = SAVLIST_READER_NEXT(sav); 1373 if (next != NULL && 1374 sav->lft_c != NULL && next->lft_c != NULL) { 1375 KDASSERTMSG(sav->lft_c->sadb_lifetime_addtime <= 1376 next->lft_c->sadb_lifetime_addtime, 1377 "savlist is not sorted: sah=%p, state=%d, " 1378 "sav=%" PRIu64 ", next=%" PRIu64, sah, state, 1379 sav->lft_c->sadb_lifetime_addtime, 1380 next->lft_c->sadb_lifetime_addtime); 1381 } 1382 } 1383 pserialize_read_exit(s); 1384 #endif 1385 } 1386 1387 void 1388 key_init_sp(struct secpolicy *sp) 1389 { 1390 1391 ASSERT_SLEEPABLE(); 1392 1393 sp->state = IPSEC_SPSTATE_ALIVE; 1394 if (sp->policy == IPSEC_POLICY_IPSEC) 1395 KASSERT(sp->req != NULL); 1396 localcount_init(&sp->localcount); 1397 SPLIST_ENTRY_INIT(sp); 1398 } 1399 1400 /* 1401 * Must be called in a pserialize read section. A held SP 1402 * must be released by key_sp_unref after use. 1403 */ 1404 void 1405 key_sp_ref(struct secpolicy *sp, const char* where, int tag) 1406 { 1407 1408 localcount_acquire(&sp->localcount); 1409 1410 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1411 "DP SP:%p (ID=%u) from %s:%u; refcnt++ now %u\n", 1412 sp, sp->id, where, tag, key_sp_refcnt(sp)); 1413 } 1414 1415 /* 1416 * Must be called without holding key_spd.lock because the lock 1417 * would be held in localcount_release. 1418 */ 1419 void 1420 key_sp_unref(struct secpolicy *sp, const char* where, int tag) 1421 { 1422 1423 KDASSERT(mutex_ownable(&key_spd.lock)); 1424 1425 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1426 "DP SP:%p (ID=%u) from %s:%u; refcnt-- now %u\n", 1427 sp, sp->id, where, tag, key_sp_refcnt(sp)); 1428 1429 localcount_release(&sp->localcount, &key_spd.cv_lc, &key_spd.lock); 1430 } 1431 1432 static void 1433 key_init_sav(struct secasvar *sav) 1434 { 1435 1436 ASSERT_SLEEPABLE(); 1437 1438 localcount_init(&sav->localcount); 1439 SAVLIST_ENTRY_INIT(sav); 1440 SAVLUT_ENTRY_INIT(sav); 1441 } 1442 1443 u_int 1444 key_sa_refcnt(const struct secasvar *sav) 1445 { 1446 1447 /* FIXME */ 1448 return 0; 1449 } 1450 1451 void 1452 key_sa_ref(struct secasvar *sav, const char* where, int tag) 1453 { 1454 1455 localcount_acquire(&sav->localcount); 1456 1457 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1458 "DP cause refcnt++: SA:%p from %s:%u\n", 1459 sav, where, tag); 1460 } 1461 1462 void 1463 key_sa_unref(struct secasvar *sav, const char* where, int tag) 1464 { 1465 1466 KDASSERT(mutex_ownable(&key_sad.lock)); 1467 1468 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1469 "DP cause refcnt--: SA:%p from %s:%u\n", 1470 sav, where, tag); 1471 1472 localcount_release(&sav->localcount, &key_sad.cv_lc, &key_sad.lock); 1473 } 1474 1475 #if 0 1476 /* 1477 * Must be called after calling key_lookup_sp*(). 1478 * For the packet with socket. 1479 */ 1480 static void 1481 key_freeso(struct socket *so) 1482 { 1483 /* sanity check */ 1484 KASSERT(so != NULL); 1485 1486 switch (so->so_proto->pr_domain->dom_family) { 1487 #ifdef INET 1488 case PF_INET: 1489 { 1490 struct inpcb *pcb = sotoinpcb(so); 1491 1492 /* Does it have a PCB ? */ 1493 if (pcb == NULL) 1494 return; 1495 1496 struct inpcbpolicy *sp = pcb->inp_sp; 1497 key_freesp_so(&sp->sp_in); 1498 key_freesp_so(&sp->sp_out); 1499 } 1500 break; 1501 #endif 1502 #ifdef INET6 1503 case PF_INET6: 1504 { 1505 #ifdef HAVE_NRL_INPCB 1506 struct inpcb *pcb = sotoinpcb(so); 1507 struct inpcbpolicy *sp = pcb->inp_sp; 1508 1509 /* Does it have a PCB ? */ 1510 if (pcb == NULL) 1511 return; 1512 key_freesp_so(&sp->sp_in); 1513 key_freesp_so(&sp->sp_out); 1514 #else 1515 struct in6pcb *pcb = sotoin6pcb(so); 1516 1517 /* Does it have a PCB ? */ 1518 if (pcb == NULL) 1519 return; 1520 key_freesp_so(&pcb->in6p_sp->sp_in); 1521 key_freesp_so(&pcb->in6p_sp->sp_out); 1522 #endif 1523 } 1524 break; 1525 #endif /* INET6 */ 1526 default: 1527 IPSECLOG(LOG_DEBUG, "unknown address family=%d.\n", 1528 so->so_proto->pr_domain->dom_family); 1529 return; 1530 } 1531 } 1532 1533 static void 1534 key_freesp_so(struct secpolicy **sp) 1535 { 1536 1537 KASSERT(sp != NULL); 1538 KASSERT(*sp != NULL); 1539 1540 if ((*sp)->policy == IPSEC_POLICY_ENTRUST || 1541 (*sp)->policy == IPSEC_POLICY_BYPASS) 1542 return; 1543 1544 KASSERTMSG((*sp)->policy == IPSEC_POLICY_IPSEC, 1545 "invalid policy %u", (*sp)->policy); 1546 KEY_SP_UNREF(&sp); 1547 } 1548 #endif 1549 1550 static void 1551 key_sad_pserialize_perform(void) 1552 { 1553 1554 KASSERT(mutex_owned(&key_sad.lock)); 1555 1556 while (key_sad.psz_performing) 1557 cv_wait(&key_sad.cv_psz, &key_sad.lock); 1558 key_sad.psz_performing = true; 1559 mutex_exit(&key_sad.lock); 1560 1561 pserialize_perform(key_sad.psz); 1562 1563 mutex_enter(&key_sad.lock); 1564 key_sad.psz_performing = false; 1565 cv_broadcast(&key_sad.cv_psz); 1566 } 1567 1568 /* 1569 * Remove the sav from the savlist of its sah and wait for references to the sav 1570 * to be released. key_sad.lock must be held. 1571 */ 1572 static void 1573 key_unlink_sav(struct secasvar *sav) 1574 { 1575 1576 KASSERT(mutex_owned(&key_sad.lock)); 1577 1578 SAVLIST_WRITER_REMOVE(sav); 1579 SAVLUT_WRITER_REMOVE(sav); 1580 1581 KDASSERT(mutex_ownable(softnet_lock)); 1582 key_sad_pserialize_perform(); 1583 1584 localcount_drain(&sav->localcount, &key_sad.cv_lc, &key_sad.lock); 1585 } 1586 1587 /* 1588 * Destroy an sav where the sav must be unlinked from an sah 1589 * by say key_unlink_sav. 1590 */ 1591 static void 1592 key_destroy_sav(struct secasvar *sav) 1593 { 1594 1595 ASSERT_SLEEPABLE(); 1596 1597 localcount_fini(&sav->localcount); 1598 SAVLIST_ENTRY_DESTROY(sav); 1599 1600 key_delsav(sav); 1601 } 1602 1603 /* 1604 * Wait for references of a passed sav to go away. 1605 */ 1606 static void 1607 key_wait_sav(struct secasvar *sav) 1608 { 1609 1610 ASSERT_SLEEPABLE(); 1611 1612 mutex_enter(&key_sad.lock); 1613 KASSERT(sav->state == SADB_SASTATE_DEAD); 1614 KDASSERT(mutex_ownable(softnet_lock)); 1615 key_sad_pserialize_perform(); 1616 localcount_drain(&sav->localcount, &key_sad.cv_lc, &key_sad.lock); 1617 mutex_exit(&key_sad.lock); 1618 } 1619 1620 /* %%% SPD management */ 1621 /* 1622 * free security policy entry. 1623 */ 1624 static void 1625 key_destroy_sp(struct secpolicy *sp) 1626 { 1627 1628 SPLIST_ENTRY_DESTROY(sp); 1629 localcount_fini(&sp->localcount); 1630 1631 key_free_sp(sp); 1632 1633 key_update_used(); 1634 } 1635 1636 void 1637 key_free_sp(struct secpolicy *sp) 1638 { 1639 struct ipsecrequest *isr = sp->req, *nextisr; 1640 1641 while (isr != NULL) { 1642 nextisr = isr->next; 1643 kmem_free(isr, sizeof(*isr)); 1644 isr = nextisr; 1645 } 1646 1647 kmem_free(sp, sizeof(*sp)); 1648 } 1649 1650 void 1651 key_socksplist_add(struct secpolicy *sp) 1652 { 1653 1654 mutex_enter(&key_spd.lock); 1655 PSLIST_WRITER_INSERT_HEAD(&key_spd.socksplist, sp, pslist_entry); 1656 mutex_exit(&key_spd.lock); 1657 1658 key_update_used(); 1659 } 1660 1661 /* 1662 * search SPD 1663 * OUT: NULL : not found 1664 * others : found, pointer to a SP. 1665 */ 1666 static struct secpolicy * 1667 key_getsp(const struct secpolicyindex *spidx) 1668 { 1669 struct secpolicy *sp; 1670 int s; 1671 1672 KASSERT(spidx != NULL); 1673 1674 s = pserialize_read_enter(); 1675 SPLIST_READER_FOREACH(sp, spidx->dir) { 1676 if (sp->state == IPSEC_SPSTATE_DEAD) 1677 continue; 1678 if (key_spidx_match_exactly(spidx, &sp->spidx)) { 1679 KEY_SP_REF(sp); 1680 pserialize_read_exit(s); 1681 return sp; 1682 } 1683 } 1684 pserialize_read_exit(s); 1685 1686 return NULL; 1687 } 1688 1689 /* 1690 * search SPD and remove found SP 1691 * OUT: NULL : not found 1692 * others : found, pointer to a SP. 1693 */ 1694 static struct secpolicy * 1695 key_lookup_and_remove_sp(const struct secpolicyindex *spidx, bool from_kernel) 1696 { 1697 struct secpolicy *sp = NULL; 1698 1699 mutex_enter(&key_spd.lock); 1700 SPLIST_WRITER_FOREACH(sp, spidx->dir) { 1701 KASSERT(sp->state != IPSEC_SPSTATE_DEAD); 1702 /* 1703 * SPs created in kernel(e.g. ipsec(4) I/F) must not be 1704 * removed by userland programs. 1705 */ 1706 if (!from_kernel && sp->origin == IPSEC_SPORIGIN_KERNEL) 1707 continue; 1708 if (key_spidx_match_exactly(spidx, &sp->spidx)) { 1709 key_unlink_sp(sp); 1710 goto out; 1711 } 1712 } 1713 sp = NULL; 1714 out: 1715 mutex_exit(&key_spd.lock); 1716 1717 return sp; 1718 } 1719 1720 /* 1721 * get SP by index. 1722 * OUT: NULL : not found 1723 * others : found, pointer to a SP. 1724 */ 1725 static struct secpolicy * 1726 key_getspbyid(u_int32_t id) 1727 { 1728 struct secpolicy *sp; 1729 int s; 1730 1731 s = pserialize_read_enter(); 1732 SPLIST_READER_FOREACH(sp, IPSEC_DIR_INBOUND) { 1733 if (sp->state == IPSEC_SPSTATE_DEAD) 1734 continue; 1735 if (sp->id == id) { 1736 KEY_SP_REF(sp); 1737 goto out; 1738 } 1739 } 1740 1741 SPLIST_READER_FOREACH(sp, IPSEC_DIR_OUTBOUND) { 1742 if (sp->state == IPSEC_SPSTATE_DEAD) 1743 continue; 1744 if (sp->id == id) { 1745 KEY_SP_REF(sp); 1746 goto out; 1747 } 1748 } 1749 out: 1750 pserialize_read_exit(s); 1751 return sp; 1752 } 1753 1754 /* 1755 * get SP by index, remove and return it. 1756 * OUT: NULL : not found 1757 * others : found, pointer to a SP. 1758 */ 1759 static struct secpolicy * 1760 key_lookupbyid_and_remove_sp(u_int32_t id, bool from_kernel) 1761 { 1762 struct secpolicy *sp; 1763 1764 mutex_enter(&key_spd.lock); 1765 SPLIST_READER_FOREACH(sp, IPSEC_DIR_INBOUND) { 1766 KASSERT(sp->state != IPSEC_SPSTATE_DEAD); 1767 /* 1768 * SPs created in kernel(e.g. ipsec(4) I/F) must not be 1769 * removed by userland programs. 1770 */ 1771 if (!from_kernel && sp->origin == IPSEC_SPORIGIN_KERNEL) 1772 continue; 1773 if (sp->id == id) 1774 goto out; 1775 } 1776 1777 SPLIST_READER_FOREACH(sp, IPSEC_DIR_OUTBOUND) { 1778 KASSERT(sp->state != IPSEC_SPSTATE_DEAD); 1779 /* 1780 * SPs created in kernel(e.g. ipsec(4) I/F) must not be 1781 * removed by userland programs. 1782 */ 1783 if (!from_kernel && sp->origin == IPSEC_SPORIGIN_KERNEL) 1784 continue; 1785 if (sp->id == id) 1786 goto out; 1787 } 1788 out: 1789 if (sp != NULL) 1790 key_unlink_sp(sp); 1791 mutex_exit(&key_spd.lock); 1792 return sp; 1793 } 1794 1795 struct secpolicy * 1796 key_newsp(const char* where, int tag) 1797 { 1798 struct secpolicy *newsp = NULL; 1799 1800 newsp = kmem_zalloc(sizeof(struct secpolicy), KM_SLEEP); 1801 1802 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1803 "DP from %s:%u return SP:%p\n", where, tag, newsp); 1804 return newsp; 1805 } 1806 1807 /* 1808 * create secpolicy structure from sadb_x_policy structure. 1809 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set, 1810 * so must be set properly later. 1811 */ 1812 static struct secpolicy * 1813 _key_msg2sp(const struct sadb_x_policy *xpl0, size_t len, int *error, 1814 bool from_kernel) 1815 { 1816 struct secpolicy *newsp; 1817 1818 KASSERT(!cpu_softintr_p()); 1819 KASSERT(xpl0 != NULL); 1820 KASSERT(len >= sizeof(*xpl0)); 1821 1822 if (len != PFKEY_EXTLEN(xpl0)) { 1823 IPSECLOG(LOG_DEBUG, "Invalid msg length.\n"); 1824 *error = EINVAL; 1825 return NULL; 1826 } 1827 1828 newsp = KEY_NEWSP(); 1829 if (newsp == NULL) { 1830 *error = ENOBUFS; 1831 return NULL; 1832 } 1833 1834 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1835 newsp->policy = xpl0->sadb_x_policy_type; 1836 1837 /* check policy */ 1838 switch (xpl0->sadb_x_policy_type) { 1839 case IPSEC_POLICY_DISCARD: 1840 case IPSEC_POLICY_NONE: 1841 case IPSEC_POLICY_ENTRUST: 1842 case IPSEC_POLICY_BYPASS: 1843 newsp->req = NULL; 1844 *error = 0; 1845 return newsp; 1846 1847 case IPSEC_POLICY_IPSEC: 1848 /* Continued */ 1849 break; 1850 default: 1851 IPSECLOG(LOG_DEBUG, "invalid policy type.\n"); 1852 key_free_sp(newsp); 1853 *error = EINVAL; 1854 return NULL; 1855 } 1856 1857 /* IPSEC_POLICY_IPSEC */ 1858 { 1859 int tlen; 1860 const struct sadb_x_ipsecrequest *xisr; 1861 uint16_t xisr_reqid; 1862 struct ipsecrequest **p_isr = &newsp->req; 1863 1864 /* validity check */ 1865 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1866 IPSECLOG(LOG_DEBUG, "Invalid msg length.\n"); 1867 *error = EINVAL; 1868 goto free_exit; 1869 } 1870 1871 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1872 xisr = (const struct sadb_x_ipsecrequest *)(xpl0 + 1); 1873 1874 while (tlen > 0) { 1875 /* length check */ 1876 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) { 1877 IPSECLOG(LOG_DEBUG, "invalid ipsecrequest length.\n"); 1878 *error = EINVAL; 1879 goto free_exit; 1880 } 1881 1882 /* allocate request buffer */ 1883 *p_isr = kmem_zalloc(sizeof(**p_isr), KM_SLEEP); 1884 1885 /* set values */ 1886 (*p_isr)->next = NULL; 1887 1888 switch (xisr->sadb_x_ipsecrequest_proto) { 1889 case IPPROTO_ESP: 1890 case IPPROTO_AH: 1891 case IPPROTO_IPCOMP: 1892 break; 1893 default: 1894 IPSECLOG(LOG_DEBUG, "invalid proto type=%u\n", 1895 xisr->sadb_x_ipsecrequest_proto); 1896 *error = EPROTONOSUPPORT; 1897 goto free_exit; 1898 } 1899 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto; 1900 1901 switch (xisr->sadb_x_ipsecrequest_mode) { 1902 case IPSEC_MODE_TRANSPORT: 1903 case IPSEC_MODE_TUNNEL: 1904 break; 1905 case IPSEC_MODE_ANY: 1906 default: 1907 IPSECLOG(LOG_DEBUG, "invalid mode=%u\n", 1908 xisr->sadb_x_ipsecrequest_mode); 1909 *error = EINVAL; 1910 goto free_exit; 1911 } 1912 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1913 1914 switch (xisr->sadb_x_ipsecrequest_level) { 1915 case IPSEC_LEVEL_DEFAULT: 1916 case IPSEC_LEVEL_USE: 1917 case IPSEC_LEVEL_REQUIRE: 1918 break; 1919 case IPSEC_LEVEL_UNIQUE: 1920 xisr_reqid = xisr->sadb_x_ipsecrequest_reqid; 1921 /* validity check */ 1922 /* 1923 * case 1) from_kernel == false 1924 * That means the request comes from userland. 1925 * If range violation of reqid, kernel will 1926 * update it, don't refuse it. 1927 * 1928 * case 2) from_kernel == true 1929 * That means the request comes from kernel 1930 * (e.g. ipsec(4) I/F). 1931 * Use thre requested reqid to avoid inconsistency 1932 * between kernel's reqid and the reqid in pf_key 1933 * message sent to userland. The pf_key message is 1934 * built by diverting request mbuf. 1935 */ 1936 if (!from_kernel && 1937 xisr_reqid > IPSEC_MANUAL_REQID_MAX) { 1938 IPSECLOG(LOG_DEBUG, 1939 "reqid=%d range " 1940 "violation, updated by kernel.\n", 1941 xisr_reqid); 1942 xisr_reqid = 0; 1943 } 1944 1945 /* allocate new reqid id if reqid is zero. */ 1946 if (xisr_reqid == 0) { 1947 u_int16_t reqid = key_newreqid(); 1948 if (reqid == 0) { 1949 *error = ENOBUFS; 1950 goto free_exit; 1951 } 1952 (*p_isr)->saidx.reqid = reqid; 1953 } else { 1954 /* set it for manual keying. */ 1955 (*p_isr)->saidx.reqid = xisr_reqid; 1956 } 1957 break; 1958 1959 default: 1960 IPSECLOG(LOG_DEBUG, "invalid level=%u\n", 1961 xisr->sadb_x_ipsecrequest_level); 1962 *error = EINVAL; 1963 goto free_exit; 1964 } 1965 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level; 1966 1967 /* set IP addresses if there */ 1968 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1969 const struct sockaddr *paddr; 1970 1971 paddr = (const struct sockaddr *)(xisr + 1); 1972 1973 /* validity check */ 1974 if (paddr->sa_len > sizeof((*p_isr)->saidx.src)) { 1975 IPSECLOG(LOG_DEBUG, "invalid request " 1976 "address length.\n"); 1977 *error = EINVAL; 1978 goto free_exit; 1979 } 1980 memcpy(&(*p_isr)->saidx.src, paddr, paddr->sa_len); 1981 1982 paddr = (const struct sockaddr *)((const char *)paddr 1983 + paddr->sa_len); 1984 1985 /* validity check */ 1986 if (paddr->sa_len > sizeof((*p_isr)->saidx.dst)) { 1987 IPSECLOG(LOG_DEBUG, "invalid request " 1988 "address length.\n"); 1989 *error = EINVAL; 1990 goto free_exit; 1991 } 1992 memcpy(&(*p_isr)->saidx.dst, paddr, paddr->sa_len); 1993 } 1994 1995 (*p_isr)->sp = newsp; 1996 1997 /* initialization for the next. */ 1998 p_isr = &(*p_isr)->next; 1999 tlen -= xisr->sadb_x_ipsecrequest_len; 2000 2001 /* validity check */ 2002 if (tlen < 0) { 2003 IPSECLOG(LOG_DEBUG, "becoming tlen < 0.\n"); 2004 *error = EINVAL; 2005 goto free_exit; 2006 } 2007 2008 xisr = (const struct sadb_x_ipsecrequest *)((const char *)xisr + 2009 xisr->sadb_x_ipsecrequest_len); 2010 } 2011 } 2012 2013 *error = 0; 2014 return newsp; 2015 2016 free_exit: 2017 key_free_sp(newsp); 2018 return NULL; 2019 } 2020 2021 struct secpolicy * 2022 key_msg2sp(const struct sadb_x_policy *xpl0, size_t len, int *error) 2023 { 2024 2025 return _key_msg2sp(xpl0, len, error, false); 2026 } 2027 2028 u_int16_t 2029 key_newreqid(void) 2030 { 2031 static u_int16_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 2032 2033 auto_reqid = (auto_reqid == 0xffff ? 2034 IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1); 2035 2036 /* XXX should be unique check */ 2037 2038 return auto_reqid; 2039 } 2040 2041 /* 2042 * copy secpolicy struct to sadb_x_policy structure indicated. 2043 */ 2044 struct mbuf * 2045 key_sp2msg(const struct secpolicy *sp, int mflag) 2046 { 2047 struct sadb_x_policy *xpl; 2048 int tlen; 2049 char *p; 2050 struct mbuf *m; 2051 2052 KASSERT(sp != NULL); 2053 2054 tlen = key_getspreqmsglen(sp); 2055 2056 m = key_alloc_mbuf(tlen, mflag); 2057 if (!m || m->m_next) { /*XXX*/ 2058 if (m) 2059 m_freem(m); 2060 return NULL; 2061 } 2062 2063 m->m_len = tlen; 2064 m->m_next = NULL; 2065 xpl = mtod(m, struct sadb_x_policy *); 2066 memset(xpl, 0, tlen); 2067 2068 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen); 2069 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 2070 xpl->sadb_x_policy_type = sp->policy; 2071 xpl->sadb_x_policy_dir = sp->spidx.dir; 2072 xpl->sadb_x_policy_id = sp->id; 2073 p = (char *)xpl + sizeof(*xpl); 2074 2075 /* if is the policy for ipsec ? */ 2076 if (sp->policy == IPSEC_POLICY_IPSEC) { 2077 struct sadb_x_ipsecrequest *xisr; 2078 struct ipsecrequest *isr; 2079 2080 for (isr = sp->req; isr != NULL; isr = isr->next) { 2081 2082 xisr = (struct sadb_x_ipsecrequest *)p; 2083 2084 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 2085 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 2086 xisr->sadb_x_ipsecrequest_level = isr->level; 2087 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 2088 2089 p += sizeof(*xisr); 2090 memcpy(p, &isr->saidx.src, isr->saidx.src.sa.sa_len); 2091 p += isr->saidx.src.sa.sa_len; 2092 memcpy(p, &isr->saidx.dst, isr->saidx.dst.sa.sa_len); 2093 p += isr->saidx.src.sa.sa_len; 2094 2095 xisr->sadb_x_ipsecrequest_len = 2096 PFKEY_ALIGN8(sizeof(*xisr) 2097 + isr->saidx.src.sa.sa_len 2098 + isr->saidx.dst.sa.sa_len); 2099 } 2100 } 2101 2102 return m; 2103 } 2104 2105 /* 2106 * m will not be freed nor modified. It never return NULL. 2107 * If it returns a mbuf of M_PKTHDR, the mbuf ensures to have 2108 * contiguous length at least sizeof(struct sadb_msg). 2109 */ 2110 static struct mbuf * 2111 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 2112 int ndeep, int nitem, ...) 2113 { 2114 va_list ap; 2115 int idx; 2116 int i; 2117 struct mbuf *result = NULL, *n; 2118 int len; 2119 2120 KASSERT(m != NULL); 2121 KASSERT(mhp != NULL); 2122 KASSERT(!cpu_softintr_p()); 2123 2124 va_start(ap, nitem); 2125 for (i = 0; i < nitem; i++) { 2126 idx = va_arg(ap, int); 2127 KASSERT(idx >= 0); 2128 KASSERT(idx <= SADB_EXT_MAX); 2129 /* don't attempt to pull empty extension */ 2130 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 2131 continue; 2132 if (idx != SADB_EXT_RESERVED && 2133 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 2134 continue; 2135 2136 if (idx == SADB_EXT_RESERVED) { 2137 CTASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) <= MHLEN); 2138 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2139 MGETHDR(n, M_WAITOK, MT_DATA); 2140 n->m_len = len; 2141 n->m_next = NULL; 2142 m_copydata(m, 0, sizeof(struct sadb_msg), 2143 mtod(n, void *)); 2144 } else if (i < ndeep) { 2145 len = mhp->extlen[idx]; 2146 n = key_alloc_mbuf(len, M_WAITOK); 2147 KASSERT(n->m_next == NULL); 2148 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 2149 mtod(n, void *)); 2150 } else { 2151 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 2152 M_WAITOK); 2153 } 2154 KASSERT(n != NULL); 2155 2156 if (result) 2157 m_cat(result, n); 2158 else 2159 result = n; 2160 } 2161 va_end(ap); 2162 2163 KASSERT(result != NULL); 2164 if ((result->m_flags & M_PKTHDR) != 0) { 2165 result->m_pkthdr.len = 0; 2166 for (n = result; n; n = n->m_next) 2167 result->m_pkthdr.len += n->m_len; 2168 KASSERT(result->m_len >= sizeof(struct sadb_msg)); 2169 } 2170 2171 return result; 2172 } 2173 2174 /* 2175 * The argument _sp must not overwrite until SP is created and registered 2176 * successfully. 2177 */ 2178 static int 2179 key_spdadd(struct socket *so, struct mbuf *m, 2180 const struct sadb_msghdr *mhp, struct secpolicy **_sp, 2181 bool from_kernel) 2182 { 2183 const struct sockaddr *src, *dst; 2184 const struct sadb_x_policy *xpl0; 2185 struct sadb_x_policy *xpl; 2186 const struct sadb_lifetime *lft = NULL; 2187 struct secpolicyindex spidx; 2188 struct secpolicy *newsp; 2189 int error; 2190 uint32_t sadb_x_policy_id; 2191 2192 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 2193 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 2194 mhp->ext[SADB_X_EXT_POLICY] == NULL) { 2195 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 2196 return key_senderror(so, m, EINVAL); 2197 } 2198 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 2199 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || 2200 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2201 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 2202 return key_senderror(so, m, EINVAL); 2203 } 2204 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) { 2205 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < 2206 sizeof(struct sadb_lifetime)) { 2207 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 2208 return key_senderror(so, m, EINVAL); 2209 } 2210 lft = mhp->ext[SADB_EXT_LIFETIME_HARD]; 2211 } 2212 2213 xpl0 = mhp->ext[SADB_X_EXT_POLICY]; 2214 2215 /* checking the direciton. */ 2216 switch (xpl0->sadb_x_policy_dir) { 2217 case IPSEC_DIR_INBOUND: 2218 case IPSEC_DIR_OUTBOUND: 2219 break; 2220 default: 2221 IPSECLOG(LOG_DEBUG, "Invalid SP direction.\n"); 2222 return key_senderror(so, m, EINVAL); 2223 } 2224 2225 /* check policy */ 2226 /* key_api_spdadd() accepts DISCARD, NONE and IPSEC. */ 2227 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST || 2228 xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) { 2229 IPSECLOG(LOG_DEBUG, "Invalid policy type.\n"); 2230 return key_senderror(so, m, EINVAL); 2231 } 2232 2233 /* policy requests are mandatory when action is ipsec. */ 2234 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX && 2235 xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 2236 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 2237 IPSECLOG(LOG_DEBUG, "some policy requests part required.\n"); 2238 return key_senderror(so, m, EINVAL); 2239 } 2240 2241 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 2242 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 2243 2244 /* sanity check on addr pair */ 2245 if (src->sa_family != dst->sa_family) 2246 return key_senderror(so, m, EINVAL); 2247 if (src->sa_len != dst->sa_len) 2248 return key_senderror(so, m, EINVAL); 2249 2250 key_init_spidx_bymsghdr(&spidx, mhp); 2251 2252 /* 2253 * checking there is SP already or not. 2254 * SPDUPDATE doesn't depend on whether there is a SP or not. 2255 * If the type is either SPDADD or SPDSETIDX AND a SP is found, 2256 * then error. 2257 */ 2258 { 2259 struct secpolicy *sp; 2260 2261 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 2262 sp = key_lookup_and_remove_sp(&spidx, from_kernel); 2263 if (sp != NULL) 2264 key_destroy_sp(sp); 2265 } else { 2266 sp = key_getsp(&spidx); 2267 if (sp != NULL) { 2268 KEY_SP_UNREF(&sp); 2269 IPSECLOG(LOG_DEBUG, "a SP entry exists already.\n"); 2270 return key_senderror(so, m, EEXIST); 2271 } 2272 } 2273 } 2274 2275 /* allocation new SP entry */ 2276 newsp = _key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error, from_kernel); 2277 if (newsp == NULL) { 2278 return key_senderror(so, m, error); 2279 } 2280 2281 newsp->id = key_getnewspid(); 2282 if (newsp->id == 0) { 2283 kmem_free(newsp, sizeof(*newsp)); 2284 return key_senderror(so, m, ENOBUFS); 2285 } 2286 2287 newsp->spidx = spidx; 2288 newsp->created = time_uptime; 2289 newsp->lastused = newsp->created; 2290 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 2291 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 2292 if (from_kernel) 2293 newsp->origin = IPSEC_SPORIGIN_KERNEL; 2294 else 2295 newsp->origin = IPSEC_SPORIGIN_USER; 2296 2297 key_init_sp(newsp); 2298 if (from_kernel) 2299 KEY_SP_REF(newsp); 2300 2301 sadb_x_policy_id = newsp->id; 2302 2303 if (_sp != NULL) 2304 *_sp = newsp; 2305 2306 mutex_enter(&key_spd.lock); 2307 SPLIST_WRITER_INSERT_TAIL(newsp->spidx.dir, newsp); 2308 mutex_exit(&key_spd.lock); 2309 /* 2310 * We don't have a reference to newsp, so we must not touch newsp from 2311 * now on. If you want to do, you must take a reference beforehand. 2312 */ 2313 newsp = NULL; 2314 2315 #ifdef notyet 2316 /* delete the entry in key_misc.spacqlist */ 2317 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 2318 struct secspacq *spacq = key_getspacq(&spidx); 2319 if (spacq != NULL) { 2320 /* reset counter in order to deletion by timehandler. */ 2321 spacq->created = time_uptime; 2322 spacq->count = 0; 2323 } 2324 } 2325 #endif 2326 2327 /* Invalidate all cached SPD pointers in the PCBs. */ 2328 ipsec_invalpcbcacheall(); 2329 2330 #if defined(GATEWAY) 2331 /* Invalidate the ipflow cache, as well. */ 2332 ipflow_invalidate_all(0); 2333 #ifdef INET6 2334 if (in6_present) 2335 ip6flow_invalidate_all(0); 2336 #endif /* INET6 */ 2337 #endif /* GATEWAY */ 2338 2339 key_update_used(); 2340 2341 { 2342 struct mbuf *n, *mpolicy; 2343 int off; 2344 2345 /* create new sadb_msg to reply. */ 2346 if (lft) { 2347 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 2348 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 2349 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2350 } else { 2351 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 2352 SADB_X_EXT_POLICY, 2353 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2354 } 2355 2356 key_fill_replymsg(n, 0); 2357 off = 0; 2358 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 2359 sizeof(*xpl), &off); 2360 if (mpolicy == NULL) { 2361 /* n is already freed */ 2362 /* 2363 * valid sp has been created, so we does not overwrite _sp 2364 * NULL here. let caller decide to use the sp or not. 2365 */ 2366 return key_senderror(so, m, ENOBUFS); 2367 } 2368 xpl = (struct sadb_x_policy *)(mtod(mpolicy, char *) + off); 2369 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 2370 m_freem(n); 2371 /* ditto */ 2372 return key_senderror(so, m, EINVAL); 2373 } 2374 2375 xpl->sadb_x_policy_id = sadb_x_policy_id; 2376 2377 m_freem(m); 2378 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2379 } 2380 } 2381 2382 /* 2383 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 2384 * add an entry to SP database, when received 2385 * <base, address(SD), (lifetime(H),) policy> 2386 * from the user(?). 2387 * Adding to SP database, 2388 * and send 2389 * <base, address(SD), (lifetime(H),) policy> 2390 * to the socket which was send. 2391 * 2392 * SPDADD set a unique policy entry. 2393 * SPDSETIDX like SPDADD without a part of policy requests. 2394 * SPDUPDATE replace a unique policy entry. 2395 * 2396 * m will always be freed. 2397 */ 2398 static int 2399 key_api_spdadd(struct socket *so, struct mbuf *m, 2400 const struct sadb_msghdr *mhp) 2401 { 2402 2403 return key_spdadd(so, m, mhp, NULL, false); 2404 } 2405 2406 struct secpolicy * 2407 key_kpi_spdadd(struct mbuf *m) 2408 { 2409 struct sadb_msghdr mh; 2410 int error; 2411 struct secpolicy *sp = NULL; 2412 2413 error = key_align(m, &mh); 2414 if (error) 2415 return NULL; 2416 2417 error = key_spdadd(NULL, m, &mh, &sp, true); 2418 if (error) { 2419 /* 2420 * Currently, when key_spdadd() cannot send a PFKEY message 2421 * which means SP has been created, key_spdadd() returns error 2422 * although SP is created successfully. 2423 * Kernel components would not care PFKEY messages, so return 2424 * the "sp" regardless of error code. key_spdadd() overwrites 2425 * the argument only if SP is created successfully. 2426 */ 2427 } 2428 return sp; 2429 } 2430 2431 /* 2432 * get new policy id. 2433 * OUT: 2434 * 0: failure. 2435 * others: success. 2436 */ 2437 static u_int32_t 2438 key_getnewspid(void) 2439 { 2440 u_int32_t newid = 0; 2441 int count = key_spi_trycnt; /* XXX */ 2442 struct secpolicy *sp; 2443 2444 /* when requesting to allocate spi ranged */ 2445 while (count--) { 2446 newid = (policy_id = (policy_id == ~0 ? 1 : policy_id + 1)); 2447 2448 sp = key_getspbyid(newid); 2449 if (sp == NULL) 2450 break; 2451 2452 KEY_SP_UNREF(&sp); 2453 } 2454 2455 if (count == 0 || newid == 0) { 2456 IPSECLOG(LOG_DEBUG, "to allocate policy id is failed.\n"); 2457 return 0; 2458 } 2459 2460 return newid; 2461 } 2462 2463 /* 2464 * SADB_SPDDELETE processing 2465 * receive 2466 * <base, address(SD), policy(*)> 2467 * from the user(?), and set SADB_SASTATE_DEAD, 2468 * and send, 2469 * <base, address(SD), policy(*)> 2470 * to the ikmpd. 2471 * policy(*) including direction of policy. 2472 * 2473 * m will always be freed. 2474 */ 2475 static int 2476 key_api_spddelete(struct socket *so, struct mbuf *m, 2477 const struct sadb_msghdr *mhp) 2478 { 2479 struct sadb_x_policy *xpl0; 2480 struct secpolicyindex spidx; 2481 struct secpolicy *sp; 2482 2483 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 2484 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 2485 mhp->ext[SADB_X_EXT_POLICY] == NULL) { 2486 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 2487 return key_senderror(so, m, EINVAL); 2488 } 2489 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 2490 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || 2491 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2492 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 2493 return key_senderror(so, m, EINVAL); 2494 } 2495 2496 xpl0 = mhp->ext[SADB_X_EXT_POLICY]; 2497 2498 /* checking the directon. */ 2499 switch (xpl0->sadb_x_policy_dir) { 2500 case IPSEC_DIR_INBOUND: 2501 case IPSEC_DIR_OUTBOUND: 2502 break; 2503 default: 2504 IPSECLOG(LOG_DEBUG, "Invalid SP direction.\n"); 2505 return key_senderror(so, m, EINVAL); 2506 } 2507 2508 /* make secindex */ 2509 key_init_spidx_bymsghdr(&spidx, mhp); 2510 2511 /* Is there SP in SPD ? */ 2512 sp = key_lookup_and_remove_sp(&spidx, false); 2513 if (sp == NULL) { 2514 IPSECLOG(LOG_DEBUG, "no SP found.\n"); 2515 return key_senderror(so, m, EINVAL); 2516 } 2517 2518 /* save policy id to buffer to be returned. */ 2519 xpl0->sadb_x_policy_id = sp->id; 2520 2521 key_destroy_sp(sp); 2522 2523 /* We're deleting policy; no need to invalidate the ipflow cache. */ 2524 2525 { 2526 struct mbuf *n; 2527 2528 /* create new sadb_msg to reply. */ 2529 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2530 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2531 key_fill_replymsg(n, 0); 2532 m_freem(m); 2533 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2534 } 2535 } 2536 2537 static struct mbuf * 2538 key_alloc_mbuf_simple(int len, int mflag) 2539 { 2540 struct mbuf *n; 2541 2542 KASSERT(mflag == M_NOWAIT || (mflag == M_WAITOK && !cpu_softintr_p())); 2543 2544 MGETHDR(n, mflag, MT_DATA); 2545 if (n && len > MHLEN) { 2546 MCLGET(n, mflag); 2547 if ((n->m_flags & M_EXT) == 0) { 2548 m_freem(n); 2549 n = NULL; 2550 } 2551 } 2552 return n; 2553 } 2554 2555 /* 2556 * SADB_SPDDELETE2 processing 2557 * receive 2558 * <base, policy(*)> 2559 * from the user(?), and set SADB_SASTATE_DEAD, 2560 * and send, 2561 * <base, policy(*)> 2562 * to the ikmpd. 2563 * policy(*) including direction of policy. 2564 * 2565 * m will always be freed. 2566 */ 2567 static int 2568 key_spddelete2(struct socket *so, struct mbuf *m, 2569 const struct sadb_msghdr *mhp, bool from_kernel) 2570 { 2571 u_int32_t id; 2572 struct secpolicy *sp; 2573 const struct sadb_x_policy *xpl; 2574 2575 if (mhp->ext[SADB_X_EXT_POLICY] == NULL || 2576 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2577 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 2578 return key_senderror(so, m, EINVAL); 2579 } 2580 2581 xpl = mhp->ext[SADB_X_EXT_POLICY]; 2582 id = xpl->sadb_x_policy_id; 2583 2584 /* Is there SP in SPD ? */ 2585 sp = key_lookupbyid_and_remove_sp(id, from_kernel); 2586 if (sp == NULL) { 2587 IPSECLOG(LOG_DEBUG, "no SP found id:%u.\n", id); 2588 return key_senderror(so, m, EINVAL); 2589 } 2590 2591 key_destroy_sp(sp); 2592 2593 /* We're deleting policy; no need to invalidate the ipflow cache. */ 2594 2595 { 2596 struct mbuf *n, *nn; 2597 int off, len; 2598 2599 CTASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) <= MCLBYTES); 2600 2601 /* create new sadb_msg to reply. */ 2602 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2603 2604 n = key_alloc_mbuf_simple(len, M_WAITOK); 2605 n->m_len = len; 2606 n->m_next = NULL; 2607 off = 0; 2608 2609 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off); 2610 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2611 2612 KASSERTMSG(off == len, "length inconsistency"); 2613 2614 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2615 mhp->extlen[SADB_X_EXT_POLICY], M_WAITOK); 2616 2617 n->m_pkthdr.len = 0; 2618 for (nn = n; nn; nn = nn->m_next) 2619 n->m_pkthdr.len += nn->m_len; 2620 2621 key_fill_replymsg(n, 0); 2622 m_freem(m); 2623 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2624 } 2625 } 2626 2627 /* 2628 * SADB_SPDDELETE2 processing 2629 * receive 2630 * <base, policy(*)> 2631 * from the user(?), and set SADB_SASTATE_DEAD, 2632 * and send, 2633 * <base, policy(*)> 2634 * to the ikmpd. 2635 * policy(*) including direction of policy. 2636 * 2637 * m will always be freed. 2638 */ 2639 static int 2640 key_api_spddelete2(struct socket *so, struct mbuf *m, 2641 const struct sadb_msghdr *mhp) 2642 { 2643 2644 return key_spddelete2(so, m, mhp, false); 2645 } 2646 2647 int 2648 key_kpi_spddelete2(struct mbuf *m) 2649 { 2650 struct sadb_msghdr mh; 2651 int error; 2652 2653 error = key_align(m, &mh); 2654 if (error) 2655 return EINVAL; 2656 2657 return key_spddelete2(NULL, m, &mh, true); 2658 } 2659 2660 /* 2661 * SADB_X_GET processing 2662 * receive 2663 * <base, policy(*)> 2664 * from the user(?), 2665 * and send, 2666 * <base, address(SD), policy> 2667 * to the ikmpd. 2668 * policy(*) including direction of policy. 2669 * 2670 * m will always be freed. 2671 */ 2672 static int 2673 key_api_spdget(struct socket *so, struct mbuf *m, 2674 const struct sadb_msghdr *mhp) 2675 { 2676 u_int32_t id; 2677 struct secpolicy *sp; 2678 struct mbuf *n; 2679 const struct sadb_x_policy *xpl; 2680 2681 if (mhp->ext[SADB_X_EXT_POLICY] == NULL || 2682 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2683 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 2684 return key_senderror(so, m, EINVAL); 2685 } 2686 2687 xpl = mhp->ext[SADB_X_EXT_POLICY]; 2688 id = xpl->sadb_x_policy_id; 2689 2690 /* Is there SP in SPD ? */ 2691 sp = key_getspbyid(id); 2692 if (sp == NULL) { 2693 IPSECLOG(LOG_DEBUG, "no SP found id:%u.\n", id); 2694 return key_senderror(so, m, ENOENT); 2695 } 2696 2697 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, 2698 mhp->msg->sadb_msg_pid); 2699 KEY_SP_UNREF(&sp); /* ref gained by key_getspbyid */ 2700 m_freem(m); 2701 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2702 } 2703 2704 #ifdef notyet 2705 /* 2706 * SADB_X_SPDACQUIRE processing. 2707 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2708 * send 2709 * <base, policy(*)> 2710 * to KMD, and expect to receive 2711 * <base> with SADB_X_SPDACQUIRE if error occurred, 2712 * or 2713 * <base, policy> 2714 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2715 * policy(*) is without policy requests. 2716 * 2717 * 0 : succeed 2718 * others: error number 2719 */ 2720 int 2721 key_spdacquire(const struct secpolicy *sp) 2722 { 2723 struct mbuf *result = NULL, *m; 2724 struct secspacq *newspacq; 2725 int error; 2726 2727 KASSERT(sp != NULL); 2728 KASSERTMSG(sp->req == NULL, "called but there is request"); 2729 KASSERTMSG(sp->policy == IPSEC_POLICY_IPSEC, 2730 "policy mismathed. IPsec is expected"); 2731 2732 /* Get an entry to check whether sent message or not. */ 2733 newspacq = key_getspacq(&sp->spidx); 2734 if (newspacq != NULL) { 2735 if (key_blockacq_count < newspacq->count) { 2736 /* reset counter and do send message. */ 2737 newspacq->count = 0; 2738 } else { 2739 /* increment counter and do nothing. */ 2740 newspacq->count++; 2741 return 0; 2742 } 2743 } else { 2744 /* make new entry for blocking to send SADB_ACQUIRE. */ 2745 newspacq = key_newspacq(&sp->spidx); 2746 if (newspacq == NULL) 2747 return ENOBUFS; 2748 2749 /* add to key_misc.acqlist */ 2750 LIST_INSERT_HEAD(&key_misc.spacqlist, newspacq, chain); 2751 } 2752 2753 /* create new sadb_msg to reply. */ 2754 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2755 if (!m) { 2756 error = ENOBUFS; 2757 goto fail; 2758 } 2759 result = m; 2760 2761 result->m_pkthdr.len = 0; 2762 for (m = result; m; m = m->m_next) 2763 result->m_pkthdr.len += m->m_len; 2764 2765 mtod(result, struct sadb_msg *)->sadb_msg_len = 2766 PFKEY_UNIT64(result->m_pkthdr.len); 2767 2768 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 2769 2770 fail: 2771 if (result) 2772 m_freem(result); 2773 return error; 2774 } 2775 #endif /* notyet */ 2776 2777 /* 2778 * SADB_SPDFLUSH processing 2779 * receive 2780 * <base> 2781 * from the user, and free all entries in secpctree. 2782 * and send, 2783 * <base> 2784 * to the user. 2785 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2786 * 2787 * m will always be freed. 2788 */ 2789 static int 2790 key_api_spdflush(struct socket *so, struct mbuf *m, 2791 const struct sadb_msghdr *mhp) 2792 { 2793 struct sadb_msg *newmsg; 2794 struct secpolicy *sp; 2795 u_int dir; 2796 2797 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2798 return key_senderror(so, m, EINVAL); 2799 2800 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2801 retry: 2802 mutex_enter(&key_spd.lock); 2803 SPLIST_WRITER_FOREACH(sp, dir) { 2804 KASSERT(sp->state != IPSEC_SPSTATE_DEAD); 2805 /* 2806 * Userlang programs can remove SPs created by userland 2807 * probrams only, that is, they cannot remove SPs 2808 * created in kernel(e.g. ipsec(4) I/F). 2809 */ 2810 if (sp->origin == IPSEC_SPORIGIN_USER) { 2811 key_unlink_sp(sp); 2812 mutex_exit(&key_spd.lock); 2813 key_destroy_sp(sp); 2814 goto retry; 2815 } 2816 } 2817 mutex_exit(&key_spd.lock); 2818 } 2819 2820 /* We're deleting policy; no need to invalidate the ipflow cache. */ 2821 2822 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2823 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 2824 return key_senderror(so, m, ENOBUFS); 2825 } 2826 2827 if (m->m_next) 2828 m_freem(m->m_next); 2829 m->m_next = NULL; 2830 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2831 newmsg = mtod(m, struct sadb_msg *); 2832 newmsg->sadb_msg_errno = 0; 2833 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2834 2835 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2836 } 2837 2838 static struct sockaddr key_src = { 2839 .sa_len = 2, 2840 .sa_family = PF_KEY, 2841 }; 2842 2843 static struct mbuf * 2844 key_setspddump_chain(int *errorp, int *lenp, pid_t pid) 2845 { 2846 struct secpolicy *sp; 2847 int cnt; 2848 u_int dir; 2849 struct mbuf *m, *n, *prev; 2850 int totlen; 2851 2852 KASSERT(mutex_owned(&key_spd.lock)); 2853 2854 *lenp = 0; 2855 2856 /* search SPD entry and get buffer size. */ 2857 cnt = 0; 2858 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2859 SPLIST_WRITER_FOREACH(sp, dir) { 2860 cnt++; 2861 } 2862 } 2863 2864 if (cnt == 0) { 2865 *errorp = ENOENT; 2866 return (NULL); 2867 } 2868 2869 m = NULL; 2870 prev = m; 2871 totlen = 0; 2872 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2873 SPLIST_WRITER_FOREACH(sp, dir) { 2874 --cnt; 2875 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, pid); 2876 2877 totlen += n->m_pkthdr.len; 2878 if (!m) { 2879 m = n; 2880 } else { 2881 prev->m_nextpkt = n; 2882 } 2883 prev = n; 2884 } 2885 } 2886 2887 *lenp = totlen; 2888 *errorp = 0; 2889 return (m); 2890 } 2891 2892 /* 2893 * SADB_SPDDUMP processing 2894 * receive 2895 * <base> 2896 * from the user, and dump all SP leaves 2897 * and send, 2898 * <base> ..... 2899 * to the ikmpd. 2900 * 2901 * m will always be freed. 2902 */ 2903 static int 2904 key_api_spddump(struct socket *so, struct mbuf *m0, 2905 const struct sadb_msghdr *mhp) 2906 { 2907 struct mbuf *n; 2908 int error, len; 2909 int ok; 2910 pid_t pid; 2911 2912 pid = mhp->msg->sadb_msg_pid; 2913 /* 2914 * If the requestor has insufficient socket-buffer space 2915 * for the entire chain, nobody gets any response to the DUMP. 2916 * XXX For now, only the requestor ever gets anything. 2917 * Moreover, if the requestor has any space at all, they receive 2918 * the entire chain, otherwise the request is refused with ENOBUFS. 2919 */ 2920 if (sbspace(&so->so_rcv) <= 0) { 2921 return key_senderror(so, m0, ENOBUFS); 2922 } 2923 2924 mutex_enter(&key_spd.lock); 2925 n = key_setspddump_chain(&error, &len, pid); 2926 mutex_exit(&key_spd.lock); 2927 2928 if (n == NULL) { 2929 return key_senderror(so, m0, ENOENT); 2930 } 2931 { 2932 uint64_t *ps = PFKEY_STAT_GETREF(); 2933 ps[PFKEY_STAT_IN_TOTAL]++; 2934 ps[PFKEY_STAT_IN_BYTES] += len; 2935 PFKEY_STAT_PUTREF(); 2936 } 2937 2938 /* 2939 * PF_KEY DUMP responses are no longer broadcast to all PF_KEY sockets. 2940 * The requestor receives either the entire chain, or an 2941 * error message with ENOBUFS. 2942 */ 2943 2944 /* 2945 * sbappendchainwith record takes the chain of entries, one 2946 * packet-record per SPD entry, prepends the key_src sockaddr 2947 * to each packet-record, links the sockaddr mbufs into a new 2948 * list of records, then appends the entire resulting 2949 * list to the requesting socket. 2950 */ 2951 ok = sbappendaddrchain(&so->so_rcv, (struct sockaddr *)&key_src, n, 2952 SB_PRIO_ONESHOT_OVERFLOW); 2953 2954 if (!ok) { 2955 PFKEY_STATINC(PFKEY_STAT_IN_NOMEM); 2956 m_freem(n); 2957 return key_senderror(so, m0, ENOBUFS); 2958 } 2959 2960 m_freem(m0); 2961 return error; 2962 } 2963 2964 /* 2965 * SADB_X_NAT_T_NEW_MAPPING. Unused by racoon as of 2005/04/23 2966 */ 2967 static int 2968 key_api_nat_map(struct socket *so, struct mbuf *m, 2969 const struct sadb_msghdr *mhp) 2970 { 2971 struct sadb_x_nat_t_type *type; 2972 struct sadb_x_nat_t_port *sport; 2973 struct sadb_x_nat_t_port *dport; 2974 struct sadb_address *iaddr, *raddr; 2975 struct sadb_x_nat_t_frag *frag; 2976 2977 if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL || 2978 mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL || 2979 mhp->ext[SADB_X_EXT_NAT_T_DPORT] == NULL) { 2980 IPSECLOG(LOG_DEBUG, "invalid message.\n"); 2981 return key_senderror(so, m, EINVAL); 2982 } 2983 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) || 2984 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) || 2985 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) { 2986 IPSECLOG(LOG_DEBUG, "invalid message.\n"); 2987 return key_senderror(so, m, EINVAL); 2988 } 2989 2990 if ((mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) && 2991 (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr))) { 2992 IPSECLOG(LOG_DEBUG, "invalid message\n"); 2993 return key_senderror(so, m, EINVAL); 2994 } 2995 2996 if ((mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) && 2997 (mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr))) { 2998 IPSECLOG(LOG_DEBUG, "invalid message\n"); 2999 return key_senderror(so, m, EINVAL); 3000 } 3001 3002 if ((mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) && 3003 (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag))) { 3004 IPSECLOG(LOG_DEBUG, "invalid message\n"); 3005 return key_senderror(so, m, EINVAL); 3006 } 3007 3008 type = mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 3009 sport = mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 3010 dport = mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 3011 iaddr = mhp->ext[SADB_X_EXT_NAT_T_OAI]; 3012 raddr = mhp->ext[SADB_X_EXT_NAT_T_OAR]; 3013 frag = mhp->ext[SADB_X_EXT_NAT_T_FRAG]; 3014 3015 /* 3016 * XXX handle that, it should also contain a SA, or anything 3017 * that enable to update the SA information. 3018 */ 3019 3020 return 0; 3021 } 3022 3023 /* 3024 * Never return NULL. 3025 */ 3026 static struct mbuf * 3027 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, pid_t pid) 3028 { 3029 struct mbuf *result = NULL, *m; 3030 3031 KASSERT(!cpu_softintr_p()); 3032 3033 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, 3034 key_sp_refcnt(sp), M_WAITOK); 3035 result = m; 3036 3037 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3038 &sp->spidx.src.sa, sp->spidx.prefs, sp->spidx.ul_proto, M_WAITOK); 3039 m_cat(result, m); 3040 3041 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3042 &sp->spidx.dst.sa, sp->spidx.prefd, sp->spidx.ul_proto, M_WAITOK); 3043 m_cat(result, m); 3044 3045 m = key_sp2msg(sp, M_WAITOK); 3046 m_cat(result, m); 3047 3048 KASSERT(result->m_flags & M_PKTHDR); 3049 KASSERT(result->m_len >= sizeof(struct sadb_msg)); 3050 3051 result->m_pkthdr.len = 0; 3052 for (m = result; m; m = m->m_next) 3053 result->m_pkthdr.len += m->m_len; 3054 3055 mtod(result, struct sadb_msg *)->sadb_msg_len = 3056 PFKEY_UNIT64(result->m_pkthdr.len); 3057 3058 return result; 3059 } 3060 3061 /* 3062 * get PFKEY message length for security policy and request. 3063 */ 3064 static u_int 3065 key_getspreqmsglen(const struct secpolicy *sp) 3066 { 3067 u_int tlen; 3068 3069 tlen = sizeof(struct sadb_x_policy); 3070 3071 /* if is the policy for ipsec ? */ 3072 if (sp->policy != IPSEC_POLICY_IPSEC) 3073 return tlen; 3074 3075 /* get length of ipsec requests */ 3076 { 3077 const struct ipsecrequest *isr; 3078 int len; 3079 3080 for (isr = sp->req; isr != NULL; isr = isr->next) { 3081 len = sizeof(struct sadb_x_ipsecrequest) 3082 + isr->saidx.src.sa.sa_len + isr->saidx.dst.sa.sa_len; 3083 3084 tlen += PFKEY_ALIGN8(len); 3085 } 3086 } 3087 3088 return tlen; 3089 } 3090 3091 /* 3092 * SADB_SPDEXPIRE processing 3093 * send 3094 * <base, address(SD), lifetime(CH), policy> 3095 * to KMD by PF_KEY. 3096 * 3097 * OUT: 0 : succeed 3098 * others : error number 3099 */ 3100 static int 3101 key_spdexpire(struct secpolicy *sp) 3102 { 3103 int s; 3104 struct mbuf *result = NULL, *m; 3105 int len; 3106 int error = -1; 3107 struct sadb_lifetime *lt; 3108 3109 /* XXX: Why do we lock ? */ 3110 s = splsoftnet(); /*called from softclock()*/ 3111 3112 KASSERT(sp != NULL); 3113 3114 /* set msg header */ 3115 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0, M_WAITOK); 3116 result = m; 3117 3118 /* create lifetime extension (current and hard) */ 3119 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 3120 m = key_alloc_mbuf(len, M_WAITOK); 3121 KASSERT(m->m_next == NULL); 3122 3123 memset(mtod(m, void *), 0, len); 3124 lt = mtod(m, struct sadb_lifetime *); 3125 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 3126 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 3127 lt->sadb_lifetime_allocations = 0; 3128 lt->sadb_lifetime_bytes = 0; 3129 lt->sadb_lifetime_addtime = time_mono_to_wall(sp->created); 3130 lt->sadb_lifetime_usetime = time_mono_to_wall(sp->lastused); 3131 lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2); 3132 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 3133 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 3134 lt->sadb_lifetime_allocations = 0; 3135 lt->sadb_lifetime_bytes = 0; 3136 lt->sadb_lifetime_addtime = sp->lifetime; 3137 lt->sadb_lifetime_usetime = sp->validtime; 3138 m_cat(result, m); 3139 3140 /* set sadb_address for source */ 3141 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &sp->spidx.src.sa, 3142 sp->spidx.prefs, sp->spidx.ul_proto, M_WAITOK); 3143 m_cat(result, m); 3144 3145 /* set sadb_address for destination */ 3146 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &sp->spidx.dst.sa, 3147 sp->spidx.prefd, sp->spidx.ul_proto, M_WAITOK); 3148 m_cat(result, m); 3149 3150 /* set secpolicy */ 3151 m = key_sp2msg(sp, M_WAITOK); 3152 m_cat(result, m); 3153 3154 KASSERT(result->m_flags & M_PKTHDR); 3155 KASSERT(result->m_len >= sizeof(struct sadb_msg)); 3156 3157 result->m_pkthdr.len = 0; 3158 for (m = result; m; m = m->m_next) 3159 result->m_pkthdr.len += m->m_len; 3160 3161 mtod(result, struct sadb_msg *)->sadb_msg_len = 3162 PFKEY_UNIT64(result->m_pkthdr.len); 3163 3164 error = key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 3165 splx(s); 3166 return error; 3167 } 3168 3169 /* %%% SAD management */ 3170 /* 3171 * allocating a memory for new SA head, and copy from the values of mhp. 3172 * OUT: NULL : failure due to the lack of memory. 3173 * others : pointer to new SA head. 3174 */ 3175 static struct secashead * 3176 key_newsah(const struct secasindex *saidx) 3177 { 3178 struct secashead *newsah; 3179 int i; 3180 3181 KASSERT(saidx != NULL); 3182 3183 newsah = kmem_zalloc(sizeof(struct secashead), KM_SLEEP); 3184 for (i = 0; i < __arraycount(newsah->savlist); i++) 3185 PSLIST_INIT(&newsah->savlist[i]); 3186 newsah->saidx = *saidx; 3187 3188 localcount_init(&newsah->localcount); 3189 /* Take a reference for the caller */ 3190 localcount_acquire(&newsah->localcount); 3191 3192 /* Add to the sah list */ 3193 SAHLIST_ENTRY_INIT(newsah); 3194 newsah->state = SADB_SASTATE_MATURE; 3195 mutex_enter(&key_sad.lock); 3196 SAHLIST_WRITER_INSERT_HEAD(newsah); 3197 mutex_exit(&key_sad.lock); 3198 3199 return newsah; 3200 } 3201 3202 static bool 3203 key_sah_has_sav(struct secashead *sah) 3204 { 3205 u_int state; 3206 3207 KASSERT(mutex_owned(&key_sad.lock)); 3208 3209 SASTATE_ANY_FOREACH(state) { 3210 if (!SAVLIST_WRITER_EMPTY(sah, state)) 3211 return true; 3212 } 3213 3214 return false; 3215 } 3216 3217 static void 3218 key_unlink_sah(struct secashead *sah) 3219 { 3220 3221 KASSERT(!cpu_softintr_p()); 3222 KASSERT(mutex_owned(&key_sad.lock)); 3223 KASSERT(sah->state == SADB_SASTATE_DEAD); 3224 3225 /* Remove from the sah list */ 3226 SAHLIST_WRITER_REMOVE(sah); 3227 3228 KDASSERT(mutex_ownable(softnet_lock)); 3229 key_sad_pserialize_perform(); 3230 3231 localcount_drain(&sah->localcount, &key_sad.cv_lc, &key_sad.lock); 3232 } 3233 3234 static void 3235 key_destroy_sah(struct secashead *sah) 3236 { 3237 3238 rtcache_free(&sah->sa_route); 3239 3240 SAHLIST_ENTRY_DESTROY(sah); 3241 localcount_fini(&sah->localcount); 3242 3243 if (sah->idents != NULL) 3244 kmem_free(sah->idents, sah->idents_len); 3245 if (sah->identd != NULL) 3246 kmem_free(sah->identd, sah->identd_len); 3247 3248 kmem_free(sah, sizeof(*sah)); 3249 } 3250 3251 /* 3252 * allocating a new SA with LARVAL state. 3253 * key_api_add() and key_api_getspi() call, 3254 * and copy the values of mhp into new buffer. 3255 * When SAD message type is GETSPI: 3256 * to set sequence number from acq_seq++, 3257 * to set zero to SPI. 3258 * not to call key_setsava(). 3259 * OUT: NULL : fail 3260 * others : pointer to new secasvar. 3261 * 3262 * does not modify mbuf. does not free mbuf on error. 3263 */ 3264 static struct secasvar * 3265 key_newsav(struct mbuf *m, const struct sadb_msghdr *mhp, 3266 int *errp, const char* where, int tag) 3267 { 3268 struct secasvar *newsav; 3269 const struct sadb_sa *xsa; 3270 3271 KASSERT(!cpu_softintr_p()); 3272 KASSERT(m != NULL); 3273 KASSERT(mhp != NULL); 3274 KASSERT(mhp->msg != NULL); 3275 3276 newsav = kmem_zalloc(sizeof(struct secasvar), KM_SLEEP); 3277 3278 switch (mhp->msg->sadb_msg_type) { 3279 case SADB_GETSPI: 3280 newsav->spi = 0; 3281 3282 #ifdef IPSEC_DOSEQCHECK 3283 /* sync sequence number */ 3284 if (mhp->msg->sadb_msg_seq == 0) 3285 newsav->seq = 3286 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq)); 3287 else 3288 #endif 3289 newsav->seq = mhp->msg->sadb_msg_seq; 3290 break; 3291 3292 case SADB_ADD: 3293 /* sanity check */ 3294 if (mhp->ext[SADB_EXT_SA] == NULL) { 3295 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 3296 *errp = EINVAL; 3297 goto error; 3298 } 3299 xsa = mhp->ext[SADB_EXT_SA]; 3300 newsav->spi = xsa->sadb_sa_spi; 3301 newsav->seq = mhp->msg->sadb_msg_seq; 3302 break; 3303 default: 3304 *errp = EINVAL; 3305 goto error; 3306 } 3307 3308 /* copy sav values */ 3309 if (mhp->msg->sadb_msg_type != SADB_GETSPI) { 3310 *errp = key_setsaval(newsav, m, mhp); 3311 if (*errp) 3312 goto error; 3313 } else { 3314 /* We don't allow lft_c to be NULL */ 3315 newsav->lft_c = kmem_zalloc(sizeof(struct sadb_lifetime), 3316 KM_SLEEP); 3317 newsav->lft_c_counters_percpu = 3318 percpu_alloc(sizeof(lifetime_counters_t)); 3319 } 3320 3321 /* reset created */ 3322 newsav->created = time_uptime; 3323 newsav->pid = mhp->msg->sadb_msg_pid; 3324 3325 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 3326 "DP from %s:%u return SA:%p\n", where, tag, newsav); 3327 return newsav; 3328 3329 error: 3330 KASSERT(*errp != 0); 3331 kmem_free(newsav, sizeof(*newsav)); 3332 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 3333 "DP from %s:%u return SA:NULL\n", where, tag); 3334 return NULL; 3335 } 3336 3337 3338 static void 3339 key_clear_xform(struct secasvar *sav) 3340 { 3341 3342 /* 3343 * Cleanup xform state. Note that zeroize'ing causes the 3344 * keys to be cleared; otherwise we must do it ourself. 3345 */ 3346 if (sav->tdb_xform != NULL) { 3347 sav->tdb_xform->xf_zeroize(sav); 3348 sav->tdb_xform = NULL; 3349 } else { 3350 if (sav->key_auth != NULL) 3351 explicit_memset(_KEYBUF(sav->key_auth), 0, 3352 _KEYLEN(sav->key_auth)); 3353 if (sav->key_enc != NULL) 3354 explicit_memset(_KEYBUF(sav->key_enc), 0, 3355 _KEYLEN(sav->key_enc)); 3356 } 3357 } 3358 3359 /* 3360 * free() SA variable entry. 3361 */ 3362 static void 3363 key_delsav(struct secasvar *sav) 3364 { 3365 3366 key_clear_xform(sav); 3367 key_freesaval(sav); 3368 kmem_free(sav, sizeof(*sav)); 3369 } 3370 3371 /* 3372 * Must be called in a pserialize read section. A held sah 3373 * must be released by key_sah_unref after use. 3374 */ 3375 static void 3376 key_sah_ref(struct secashead *sah) 3377 { 3378 3379 localcount_acquire(&sah->localcount); 3380 } 3381 3382 /* 3383 * Must be called without holding key_sad.lock because the lock 3384 * would be held in localcount_release. 3385 */ 3386 static void 3387 key_sah_unref(struct secashead *sah) 3388 { 3389 3390 KDASSERT(mutex_ownable(&key_sad.lock)); 3391 3392 localcount_release(&sah->localcount, &key_sad.cv_lc, &key_sad.lock); 3393 } 3394 3395 /* 3396 * Search SAD and return sah. Must be called in a pserialize 3397 * read section. 3398 * OUT: 3399 * NULL : not found 3400 * others : found, pointer to a SA. 3401 */ 3402 static struct secashead * 3403 key_getsah(const struct secasindex *saidx, int flag) 3404 { 3405 struct secashead *sah; 3406 3407 SAHLIST_READER_FOREACH_SAIDX(sah, saidx) { 3408 if (sah->state == SADB_SASTATE_DEAD) 3409 continue; 3410 if (key_saidx_match(&sah->saidx, saidx, flag)) 3411 return sah; 3412 } 3413 3414 return NULL; 3415 } 3416 3417 /* 3418 * Search SAD and return sah. If sah is returned, the caller must call 3419 * key_sah_unref to releaset a reference. 3420 * OUT: 3421 * NULL : not found 3422 * others : found, pointer to a SA. 3423 */ 3424 static struct secashead * 3425 key_getsah_ref(const struct secasindex *saidx, int flag) 3426 { 3427 struct secashead *sah; 3428 int s; 3429 3430 s = pserialize_read_enter(); 3431 sah = key_getsah(saidx, flag); 3432 if (sah != NULL) 3433 key_sah_ref(sah); 3434 pserialize_read_exit(s); 3435 3436 return sah; 3437 } 3438 3439 /* 3440 * check not to be duplicated SPI. 3441 * NOTE: this function is too slow due to searching all SAD. 3442 * OUT: 3443 * NULL : not found 3444 * others : found, pointer to a SA. 3445 */ 3446 static bool 3447 key_checkspidup(const struct secasindex *saidx, u_int32_t spi) 3448 { 3449 struct secashead *sah; 3450 struct secasvar *sav; 3451 3452 /* check address family */ 3453 if (saidx->src.sa.sa_family != saidx->dst.sa.sa_family) { 3454 IPSECLOG(LOG_DEBUG, "address family mismatched.\n"); 3455 return false; 3456 } 3457 3458 /* check all SAD */ 3459 /* key_ismyaddr may sleep, so use mutex, not pserialize, here. */ 3460 mutex_enter(&key_sad.lock); 3461 SAHLIST_WRITER_FOREACH(sah) { 3462 if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst)) 3463 continue; 3464 sav = key_getsavbyspi(sah, spi); 3465 if (sav != NULL) { 3466 KEY_SA_UNREF(&sav); 3467 mutex_exit(&key_sad.lock); 3468 return true; 3469 } 3470 } 3471 mutex_exit(&key_sad.lock); 3472 3473 return false; 3474 } 3475 3476 /* 3477 * search SAD litmited alive SA, protocol, SPI. 3478 * OUT: 3479 * NULL : not found 3480 * others : found, pointer to a SA. 3481 */ 3482 static struct secasvar * 3483 key_getsavbyspi(struct secashead *sah, u_int32_t spi) 3484 { 3485 struct secasvar *sav = NULL; 3486 u_int state; 3487 int s; 3488 3489 /* search all status */ 3490 s = pserialize_read_enter(); 3491 SASTATE_ALIVE_FOREACH(state) { 3492 SAVLIST_READER_FOREACH(sav, sah, state) { 3493 /* sanity check */ 3494 if (sav->state != state) { 3495 IPSECLOG(LOG_DEBUG, 3496 "invalid sav->state (queue: %d SA: %d)\n", 3497 state, sav->state); 3498 continue; 3499 } 3500 3501 if (sav->spi == spi) { 3502 KEY_SA_REF(sav); 3503 goto out; 3504 } 3505 } 3506 } 3507 out: 3508 pserialize_read_exit(s); 3509 3510 return sav; 3511 } 3512 3513 /* 3514 * Search SAD litmited alive SA by an SPI and remove it from a list. 3515 * OUT: 3516 * NULL : not found 3517 * others : found, pointer to a SA. 3518 */ 3519 static struct secasvar * 3520 key_lookup_and_remove_sav(struct secashead *sah, u_int32_t spi) 3521 { 3522 struct secasvar *sav = NULL; 3523 u_int state; 3524 3525 /* search all status */ 3526 mutex_enter(&key_sad.lock); 3527 SASTATE_ALIVE_FOREACH(state) { 3528 SAVLIST_WRITER_FOREACH(sav, sah, state) { 3529 KASSERT(sav->state == state); 3530 3531 if (sav->spi == spi) { 3532 sav->state = SADB_SASTATE_DEAD; 3533 SAVLIST_WRITER_REMOVE(sav); 3534 SAVLUT_WRITER_REMOVE(sav); 3535 goto out; 3536 } 3537 } 3538 } 3539 out: 3540 mutex_exit(&key_sad.lock); 3541 3542 return sav; 3543 } 3544 3545 /* 3546 * Free allocated data to member variables of sav: 3547 * sav->replay, sav->key_* and sav->lft_*. 3548 */ 3549 static void 3550 key_freesaval(struct secasvar *sav) 3551 { 3552 3553 KASSERT(key_sa_refcnt(sav) == 0); 3554 3555 if (sav->replay != NULL) 3556 kmem_intr_free(sav->replay, sav->replay_len); 3557 if (sav->key_auth != NULL) 3558 kmem_intr_free(sav->key_auth, sav->key_auth_len); 3559 if (sav->key_enc != NULL) 3560 kmem_intr_free(sav->key_enc, sav->key_enc_len); 3561 if (sav->lft_c_counters_percpu != NULL) { 3562 percpu_free(sav->lft_c_counters_percpu, 3563 sizeof(lifetime_counters_t)); 3564 } 3565 if (sav->lft_c != NULL) 3566 kmem_intr_free(sav->lft_c, sizeof(*(sav->lft_c))); 3567 if (sav->lft_h != NULL) 3568 kmem_intr_free(sav->lft_h, sizeof(*(sav->lft_h))); 3569 if (sav->lft_s != NULL) 3570 kmem_intr_free(sav->lft_s, sizeof(*(sav->lft_s))); 3571 } 3572 3573 /* 3574 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*. 3575 * You must update these if need. 3576 * OUT: 0: success. 3577 * !0: failure. 3578 * 3579 * does not modify mbuf. does not free mbuf on error. 3580 */ 3581 static int 3582 key_setsaval(struct secasvar *sav, struct mbuf *m, 3583 const struct sadb_msghdr *mhp) 3584 { 3585 int error = 0; 3586 3587 KASSERT(!cpu_softintr_p()); 3588 KASSERT(m != NULL); 3589 KASSERT(mhp != NULL); 3590 KASSERT(mhp->msg != NULL); 3591 3592 /* We shouldn't initialize sav variables while someone uses it. */ 3593 KASSERT(key_sa_refcnt(sav) == 0); 3594 3595 /* SA */ 3596 if (mhp->ext[SADB_EXT_SA] != NULL) { 3597 const struct sadb_sa *sa0; 3598 3599 sa0 = mhp->ext[SADB_EXT_SA]; 3600 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) { 3601 error = EINVAL; 3602 goto fail; 3603 } 3604 3605 sav->alg_auth = sa0->sadb_sa_auth; 3606 sav->alg_enc = sa0->sadb_sa_encrypt; 3607 sav->flags = sa0->sadb_sa_flags; 3608 3609 /* replay window */ 3610 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) { 3611 size_t len = sizeof(struct secreplay) + 3612 sa0->sadb_sa_replay; 3613 sav->replay = kmem_zalloc(len, KM_SLEEP); 3614 sav->replay_len = len; 3615 if (sa0->sadb_sa_replay != 0) 3616 sav->replay->bitmap = (char*)(sav->replay+1); 3617 sav->replay->wsize = sa0->sadb_sa_replay; 3618 } 3619 } 3620 3621 /* Authentication keys */ 3622 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) { 3623 const struct sadb_key *key0; 3624 int len; 3625 3626 key0 = mhp->ext[SADB_EXT_KEY_AUTH]; 3627 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3628 3629 error = 0; 3630 if (len < sizeof(*key0)) { 3631 error = EINVAL; 3632 goto fail; 3633 } 3634 switch (mhp->msg->sadb_msg_satype) { 3635 case SADB_SATYPE_AH: 3636 case SADB_SATYPE_ESP: 3637 case SADB_X_SATYPE_TCPSIGNATURE: 3638 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3639 sav->alg_auth != SADB_X_AALG_NULL) 3640 error = EINVAL; 3641 break; 3642 case SADB_X_SATYPE_IPCOMP: 3643 default: 3644 error = EINVAL; 3645 break; 3646 } 3647 if (error) { 3648 IPSECLOG(LOG_DEBUG, "invalid key_auth values.\n"); 3649 goto fail; 3650 } 3651 3652 sav->key_auth = key_newbuf(key0, len); 3653 sav->key_auth_len = len; 3654 } 3655 3656 /* Encryption key */ 3657 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) { 3658 const struct sadb_key *key0; 3659 int len; 3660 3661 key0 = mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3662 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3663 3664 error = 0; 3665 if (len < sizeof(*key0)) { 3666 error = EINVAL; 3667 goto fail; 3668 } 3669 switch (mhp->msg->sadb_msg_satype) { 3670 case SADB_SATYPE_ESP: 3671 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3672 sav->alg_enc != SADB_EALG_NULL) { 3673 error = EINVAL; 3674 break; 3675 } 3676 sav->key_enc = key_newbuf(key0, len); 3677 sav->key_enc_len = len; 3678 break; 3679 case SADB_X_SATYPE_IPCOMP: 3680 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3681 error = EINVAL; 3682 sav->key_enc = NULL; /*just in case*/ 3683 break; 3684 case SADB_SATYPE_AH: 3685 case SADB_X_SATYPE_TCPSIGNATURE: 3686 default: 3687 error = EINVAL; 3688 break; 3689 } 3690 if (error) { 3691 IPSECLOG(LOG_DEBUG, "invalid key_enc value.\n"); 3692 goto fail; 3693 } 3694 } 3695 3696 /* set iv */ 3697 sav->ivlen = 0; 3698 3699 switch (mhp->msg->sadb_msg_satype) { 3700 case SADB_SATYPE_AH: 3701 error = xform_init(sav, XF_AH); 3702 break; 3703 case SADB_SATYPE_ESP: 3704 error = xform_init(sav, XF_ESP); 3705 break; 3706 case SADB_X_SATYPE_IPCOMP: 3707 error = xform_init(sav, XF_IPCOMP); 3708 break; 3709 case SADB_X_SATYPE_TCPSIGNATURE: 3710 error = xform_init(sav, XF_TCPSIGNATURE); 3711 break; 3712 } 3713 if (error) { 3714 IPSECLOG(LOG_DEBUG, "unable to initialize SA type %u.\n", 3715 mhp->msg->sadb_msg_satype); 3716 goto fail; 3717 } 3718 3719 /* reset created */ 3720 sav->created = time_uptime; 3721 3722 /* make lifetime for CURRENT */ 3723 sav->lft_c = kmem_alloc(sizeof(struct sadb_lifetime), KM_SLEEP); 3724 3725 sav->lft_c->sadb_lifetime_len = 3726 PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 3727 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 3728 sav->lft_c->sadb_lifetime_allocations = 0; 3729 sav->lft_c->sadb_lifetime_bytes = 0; 3730 sav->lft_c->sadb_lifetime_addtime = time_uptime; 3731 sav->lft_c->sadb_lifetime_usetime = 0; 3732 3733 sav->lft_c_counters_percpu = percpu_alloc(sizeof(lifetime_counters_t)); 3734 3735 /* lifetimes for HARD and SOFT */ 3736 { 3737 const struct sadb_lifetime *lft0; 3738 3739 lft0 = mhp->ext[SADB_EXT_LIFETIME_HARD]; 3740 if (lft0 != NULL) { 3741 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) { 3742 error = EINVAL; 3743 goto fail; 3744 } 3745 sav->lft_h = key_newbuf(lft0, sizeof(*lft0)); 3746 } 3747 3748 lft0 = mhp->ext[SADB_EXT_LIFETIME_SOFT]; 3749 if (lft0 != NULL) { 3750 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) { 3751 error = EINVAL; 3752 goto fail; 3753 } 3754 sav->lft_s = key_newbuf(lft0, sizeof(*lft0)); 3755 /* to be initialize ? */ 3756 } 3757 } 3758 3759 return 0; 3760 3761 fail: 3762 key_clear_xform(sav); 3763 key_freesaval(sav); 3764 3765 return error; 3766 } 3767 3768 /* 3769 * validation with a secasvar entry, and set SADB_SATYPE_MATURE. 3770 * OUT: 0: valid 3771 * other: errno 3772 */ 3773 static int 3774 key_init_xform(struct secasvar *sav) 3775 { 3776 int error; 3777 3778 /* We shouldn't initialize sav variables while someone uses it. */ 3779 KASSERT(key_sa_refcnt(sav) == 0); 3780 3781 /* check SPI value */ 3782 switch (sav->sah->saidx.proto) { 3783 case IPPROTO_ESP: 3784 case IPPROTO_AH: 3785 if (ntohl(sav->spi) <= 255) { 3786 IPSECLOG(LOG_DEBUG, "illegal range of SPI %u.\n", 3787 (u_int32_t)ntohl(sav->spi)); 3788 return EINVAL; 3789 } 3790 break; 3791 } 3792 3793 /* check satype */ 3794 switch (sav->sah->saidx.proto) { 3795 case IPPROTO_ESP: 3796 /* check flags */ 3797 if ((sav->flags & (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) == 3798 (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) { 3799 IPSECLOG(LOG_DEBUG, 3800 "invalid flag (derived) given to old-esp.\n"); 3801 return EINVAL; 3802 } 3803 error = xform_init(sav, XF_ESP); 3804 break; 3805 case IPPROTO_AH: 3806 /* check flags */ 3807 if (sav->flags & SADB_X_EXT_DERIV) { 3808 IPSECLOG(LOG_DEBUG, 3809 "invalid flag (derived) given to AH SA.\n"); 3810 return EINVAL; 3811 } 3812 if (sav->alg_enc != SADB_EALG_NONE) { 3813 IPSECLOG(LOG_DEBUG, 3814 "protocol and algorithm mismated.\n"); 3815 return(EINVAL); 3816 } 3817 error = xform_init(sav, XF_AH); 3818 break; 3819 case IPPROTO_IPCOMP: 3820 if (sav->alg_auth != SADB_AALG_NONE) { 3821 IPSECLOG(LOG_DEBUG, 3822 "protocol and algorithm mismated.\n"); 3823 return(EINVAL); 3824 } 3825 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 3826 && ntohl(sav->spi) >= 0x10000) { 3827 IPSECLOG(LOG_DEBUG, "invalid cpi for IPComp.\n"); 3828 return(EINVAL); 3829 } 3830 error = xform_init(sav, XF_IPCOMP); 3831 break; 3832 case IPPROTO_TCP: 3833 if (sav->alg_enc != SADB_EALG_NONE) { 3834 IPSECLOG(LOG_DEBUG, 3835 "protocol and algorithm mismated.\n"); 3836 return(EINVAL); 3837 } 3838 error = xform_init(sav, XF_TCPSIGNATURE); 3839 break; 3840 default: 3841 IPSECLOG(LOG_DEBUG, "Invalid satype.\n"); 3842 error = EPROTONOSUPPORT; 3843 break; 3844 } 3845 3846 return error; 3847 } 3848 3849 /* 3850 * subroutine for SADB_GET and SADB_DUMP. It never return NULL. 3851 */ 3852 static struct mbuf * 3853 key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype, 3854 u_int32_t seq, u_int32_t pid) 3855 { 3856 struct mbuf *result = NULL, *tres = NULL, *m; 3857 int l = 0; 3858 int i; 3859 void *p; 3860 struct sadb_lifetime lt; 3861 int dumporder[] = { 3862 SADB_EXT_SA, SADB_X_EXT_SA2, 3863 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3864 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3865 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH, 3866 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC, 3867 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY, 3868 SADB_X_EXT_NAT_T_TYPE, 3869 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, 3870 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, 3871 SADB_X_EXT_NAT_T_FRAG, 3872 3873 }; 3874 3875 m = key_setsadbmsg(type, 0, satype, seq, pid, key_sa_refcnt(sav), M_WAITOK); 3876 result = m; 3877 3878 for (i = __arraycount(dumporder) - 1; i >= 0; i--) { 3879 m = NULL; 3880 p = NULL; 3881 switch (dumporder[i]) { 3882 case SADB_EXT_SA: 3883 m = key_setsadbsa(sav); 3884 break; 3885 3886 case SADB_X_EXT_SA2: 3887 m = key_setsadbxsa2(sav->sah->saidx.mode, 3888 sav->replay ? sav->replay->count : 0, 3889 sav->sah->saidx.reqid); 3890 break; 3891 3892 case SADB_EXT_ADDRESS_SRC: 3893 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3894 &sav->sah->saidx.src.sa, 3895 FULLMASK, IPSEC_ULPROTO_ANY, M_WAITOK); 3896 break; 3897 3898 case SADB_EXT_ADDRESS_DST: 3899 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3900 &sav->sah->saidx.dst.sa, 3901 FULLMASK, IPSEC_ULPROTO_ANY, M_WAITOK); 3902 break; 3903 3904 case SADB_EXT_KEY_AUTH: 3905 if (!sav->key_auth) 3906 continue; 3907 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len); 3908 p = sav->key_auth; 3909 break; 3910 3911 case SADB_EXT_KEY_ENCRYPT: 3912 if (!sav->key_enc) 3913 continue; 3914 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len); 3915 p = sav->key_enc; 3916 break; 3917 3918 case SADB_EXT_LIFETIME_CURRENT: { 3919 lifetime_counters_t sum = {0}; 3920 3921 KASSERT(sav->lft_c != NULL); 3922 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len); 3923 memcpy(<, sav->lft_c, sizeof(struct sadb_lifetime)); 3924 lt.sadb_lifetime_addtime = 3925 time_mono_to_wall(lt.sadb_lifetime_addtime); 3926 lt.sadb_lifetime_usetime = 3927 time_mono_to_wall(lt.sadb_lifetime_usetime); 3928 percpu_foreach(sav->lft_c_counters_percpu, 3929 key_sum_lifetime_counters, sum); 3930 lt.sadb_lifetime_allocations = 3931 sum[LIFETIME_COUNTER_ALLOCATIONS]; 3932 lt.sadb_lifetime_bytes = 3933 sum[LIFETIME_COUNTER_BYTES]; 3934 p = < 3935 break; 3936 } 3937 3938 case SADB_EXT_LIFETIME_HARD: 3939 if (!sav->lft_h) 3940 continue; 3941 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len); 3942 p = sav->lft_h; 3943 break; 3944 3945 case SADB_EXT_LIFETIME_SOFT: 3946 if (!sav->lft_s) 3947 continue; 3948 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len); 3949 p = sav->lft_s; 3950 break; 3951 3952 case SADB_X_EXT_NAT_T_TYPE: 3953 m = key_setsadbxtype(sav->natt_type); 3954 break; 3955 3956 case SADB_X_EXT_NAT_T_DPORT: 3957 if (sav->natt_type == 0) 3958 continue; 3959 m = key_setsadbxport( 3960 key_portfromsaddr(&sav->sah->saidx.dst), 3961 SADB_X_EXT_NAT_T_DPORT); 3962 break; 3963 3964 case SADB_X_EXT_NAT_T_SPORT: 3965 if (sav->natt_type == 0) 3966 continue; 3967 m = key_setsadbxport( 3968 key_portfromsaddr(&sav->sah->saidx.src), 3969 SADB_X_EXT_NAT_T_SPORT); 3970 break; 3971 3972 case SADB_X_EXT_NAT_T_FRAG: 3973 /* don't send frag info if not set */ 3974 if (sav->natt_type == 0 || sav->esp_frag == IP_MAXPACKET) 3975 continue; 3976 m = key_setsadbxfrag(sav->esp_frag); 3977 break; 3978 3979 case SADB_X_EXT_NAT_T_OAI: 3980 case SADB_X_EXT_NAT_T_OAR: 3981 continue; 3982 3983 case SADB_EXT_ADDRESS_PROXY: 3984 case SADB_EXT_IDENTITY_SRC: 3985 case SADB_EXT_IDENTITY_DST: 3986 /* XXX: should we brought from SPD ? */ 3987 case SADB_EXT_SENSITIVITY: 3988 default: 3989 continue; 3990 } 3991 3992 KASSERT(!(m && p)); 3993 KASSERT(m != NULL || p != NULL); 3994 if (p && tres) { 3995 M_PREPEND(tres, l, M_WAITOK); 3996 memcpy(mtod(tres, void *), p, l); 3997 continue; 3998 } 3999 if (p) { 4000 m = key_alloc_mbuf(l, M_WAITOK); 4001 m_copyback(m, 0, l, p); 4002 } 4003 4004 if (tres) 4005 m_cat(m, tres); 4006 tres = m; 4007 } 4008 4009 m_cat(result, tres); 4010 tres = NULL; /* avoid free on error below */ 4011 4012 KASSERT(result->m_len >= sizeof(struct sadb_msg)); 4013 4014 result->m_pkthdr.len = 0; 4015 for (m = result; m; m = m->m_next) 4016 result->m_pkthdr.len += m->m_len; 4017 4018 mtod(result, struct sadb_msg *)->sadb_msg_len = 4019 PFKEY_UNIT64(result->m_pkthdr.len); 4020 4021 return result; 4022 } 4023 4024 4025 /* 4026 * set a type in sadb_x_nat_t_type 4027 */ 4028 static struct mbuf * 4029 key_setsadbxtype(u_int16_t type) 4030 { 4031 struct mbuf *m; 4032 size_t len; 4033 struct sadb_x_nat_t_type *p; 4034 4035 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); 4036 4037 m = key_alloc_mbuf(len, M_WAITOK); 4038 KASSERT(m->m_next == NULL); 4039 4040 p = mtod(m, struct sadb_x_nat_t_type *); 4041 4042 memset(p, 0, len); 4043 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); 4044 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 4045 p->sadb_x_nat_t_type_type = type; 4046 4047 return m; 4048 } 4049 /* 4050 * set a port in sadb_x_nat_t_port. port is in network order 4051 */ 4052 static struct mbuf * 4053 key_setsadbxport(u_int16_t port, u_int16_t type) 4054 { 4055 struct mbuf *m; 4056 size_t len; 4057 struct sadb_x_nat_t_port *p; 4058 4059 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); 4060 4061 m = key_alloc_mbuf(len, M_WAITOK); 4062 KASSERT(m->m_next == NULL); 4063 4064 p = mtod(m, struct sadb_x_nat_t_port *); 4065 4066 memset(p, 0, len); 4067 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); 4068 p->sadb_x_nat_t_port_exttype = type; 4069 p->sadb_x_nat_t_port_port = port; 4070 4071 return m; 4072 } 4073 4074 /* 4075 * set fragmentation info in sadb_x_nat_t_frag 4076 */ 4077 static struct mbuf * 4078 key_setsadbxfrag(u_int16_t flen) 4079 { 4080 struct mbuf *m; 4081 size_t len; 4082 struct sadb_x_nat_t_frag *p; 4083 4084 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_frag)); 4085 4086 m = key_alloc_mbuf(len, M_WAITOK); 4087 KASSERT(m->m_next == NULL); 4088 4089 p = mtod(m, struct sadb_x_nat_t_frag *); 4090 4091 memset(p, 0, len); 4092 p->sadb_x_nat_t_frag_len = PFKEY_UNIT64(len); 4093 p->sadb_x_nat_t_frag_exttype = SADB_X_EXT_NAT_T_FRAG; 4094 p->sadb_x_nat_t_frag_fraglen = flen; 4095 4096 return m; 4097 } 4098 4099 /* 4100 * Get port from sockaddr, port is in network order 4101 */ 4102 u_int16_t 4103 key_portfromsaddr(const union sockaddr_union *saddr) 4104 { 4105 u_int16_t port; 4106 4107 switch (saddr->sa.sa_family) { 4108 case AF_INET: { 4109 port = saddr->sin.sin_port; 4110 break; 4111 } 4112 #ifdef INET6 4113 case AF_INET6: { 4114 port = saddr->sin6.sin6_port; 4115 break; 4116 } 4117 #endif 4118 default: 4119 printf("%s: unexpected address family\n", __func__); 4120 port = 0; 4121 break; 4122 } 4123 4124 return port; 4125 } 4126 4127 4128 /* 4129 * Set port is struct sockaddr. port is in network order 4130 */ 4131 static void 4132 key_porttosaddr(union sockaddr_union *saddr, u_int16_t port) 4133 { 4134 switch (saddr->sa.sa_family) { 4135 case AF_INET: { 4136 saddr->sin.sin_port = port; 4137 break; 4138 } 4139 #ifdef INET6 4140 case AF_INET6: { 4141 saddr->sin6.sin6_port = port; 4142 break; 4143 } 4144 #endif 4145 default: 4146 printf("%s: unexpected address family %d\n", __func__, 4147 saddr->sa.sa_family); 4148 break; 4149 } 4150 4151 return; 4152 } 4153 4154 /* 4155 * Safety check sa_len 4156 */ 4157 static int 4158 key_checksalen(const union sockaddr_union *saddr) 4159 { 4160 switch (saddr->sa.sa_family) { 4161 case AF_INET: 4162 if (saddr->sa.sa_len != sizeof(struct sockaddr_in)) 4163 return -1; 4164 break; 4165 #ifdef INET6 4166 case AF_INET6: 4167 if (saddr->sa.sa_len != sizeof(struct sockaddr_in6)) 4168 return -1; 4169 break; 4170 #endif 4171 default: 4172 printf("%s: unexpected sa_family %d\n", __func__, 4173 saddr->sa.sa_family); 4174 return -1; 4175 break; 4176 } 4177 return 0; 4178 } 4179 4180 4181 /* 4182 * set data into sadb_msg. 4183 */ 4184 static struct mbuf * 4185 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, 4186 u_int32_t seq, pid_t pid, u_int16_t reserved, int mflag) 4187 { 4188 struct mbuf *m; 4189 struct sadb_msg *p; 4190 int len; 4191 4192 CTASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) <= MCLBYTES); 4193 4194 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 4195 4196 m = key_alloc_mbuf_simple(len, mflag); 4197 if (!m) 4198 return NULL; 4199 m->m_pkthdr.len = m->m_len = len; 4200 m->m_next = NULL; 4201 4202 p = mtod(m, struct sadb_msg *); 4203 4204 memset(p, 0, len); 4205 p->sadb_msg_version = PF_KEY_V2; 4206 p->sadb_msg_type = type; 4207 p->sadb_msg_errno = 0; 4208 p->sadb_msg_satype = satype; 4209 p->sadb_msg_len = PFKEY_UNIT64(tlen); 4210 p->sadb_msg_reserved = reserved; 4211 p->sadb_msg_seq = seq; 4212 p->sadb_msg_pid = (u_int32_t)pid; 4213 4214 return m; 4215 } 4216 4217 /* 4218 * copy secasvar data into sadb_address. 4219 */ 4220 static struct mbuf * 4221 key_setsadbsa(struct secasvar *sav) 4222 { 4223 struct mbuf *m; 4224 struct sadb_sa *p; 4225 int len; 4226 4227 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4228 m = key_alloc_mbuf(len, M_WAITOK); 4229 KASSERT(m->m_next == NULL); 4230 4231 p = mtod(m, struct sadb_sa *); 4232 4233 memset(p, 0, len); 4234 p->sadb_sa_len = PFKEY_UNIT64(len); 4235 p->sadb_sa_exttype = SADB_EXT_SA; 4236 p->sadb_sa_spi = sav->spi; 4237 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0); 4238 p->sadb_sa_state = sav->state; 4239 p->sadb_sa_auth = sav->alg_auth; 4240 p->sadb_sa_encrypt = sav->alg_enc; 4241 p->sadb_sa_flags = sav->flags; 4242 4243 return m; 4244 } 4245 4246 /* 4247 * set data into sadb_address. 4248 */ 4249 static struct mbuf * 4250 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, 4251 u_int8_t prefixlen, u_int16_t ul_proto, int mflag) 4252 { 4253 struct mbuf *m; 4254 struct sadb_address *p; 4255 size_t len; 4256 4257 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 4258 PFKEY_ALIGN8(saddr->sa_len); 4259 m = key_alloc_mbuf(len, mflag); 4260 if (!m || m->m_next) { /*XXX*/ 4261 if (m) 4262 m_freem(m); 4263 return NULL; 4264 } 4265 4266 p = mtod(m, struct sadb_address *); 4267 4268 memset(p, 0, len); 4269 p->sadb_address_len = PFKEY_UNIT64(len); 4270 p->sadb_address_exttype = exttype; 4271 p->sadb_address_proto = ul_proto; 4272 if (prefixlen == FULLMASK) { 4273 switch (saddr->sa_family) { 4274 case AF_INET: 4275 prefixlen = sizeof(struct in_addr) << 3; 4276 break; 4277 case AF_INET6: 4278 prefixlen = sizeof(struct in6_addr) << 3; 4279 break; 4280 default: 4281 ; /*XXX*/ 4282 } 4283 } 4284 p->sadb_address_prefixlen = prefixlen; 4285 p->sadb_address_reserved = 0; 4286 4287 memcpy(mtod(m, char *) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 4288 saddr, saddr->sa_len); 4289 4290 return m; 4291 } 4292 4293 #if 0 4294 /* 4295 * set data into sadb_ident. 4296 */ 4297 static struct mbuf * 4298 key_setsadbident(u_int16_t exttype, u_int16_t idtype, 4299 void *string, int stringlen, u_int64_t id) 4300 { 4301 struct mbuf *m; 4302 struct sadb_ident *p; 4303 size_t len; 4304 4305 len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen); 4306 m = key_alloc_mbuf(len); 4307 if (!m || m->m_next) { /*XXX*/ 4308 if (m) 4309 m_freem(m); 4310 return NULL; 4311 } 4312 4313 p = mtod(m, struct sadb_ident *); 4314 4315 memset(p, 0, len); 4316 p->sadb_ident_len = PFKEY_UNIT64(len); 4317 p->sadb_ident_exttype = exttype; 4318 p->sadb_ident_type = idtype; 4319 p->sadb_ident_reserved = 0; 4320 p->sadb_ident_id = id; 4321 4322 memcpy(mtod(m, void *) + PFKEY_ALIGN8(sizeof(struct sadb_ident)), 4323 string, stringlen); 4324 4325 return m; 4326 } 4327 #endif 4328 4329 /* 4330 * set data into sadb_x_sa2. 4331 */ 4332 static struct mbuf * 4333 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int16_t reqid) 4334 { 4335 struct mbuf *m; 4336 struct sadb_x_sa2 *p; 4337 size_t len; 4338 4339 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 4340 m = key_alloc_mbuf(len, M_WAITOK); 4341 KASSERT(m->m_next == NULL); 4342 4343 p = mtod(m, struct sadb_x_sa2 *); 4344 4345 memset(p, 0, len); 4346 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 4347 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 4348 p->sadb_x_sa2_mode = mode; 4349 p->sadb_x_sa2_reserved1 = 0; 4350 p->sadb_x_sa2_reserved2 = 0; 4351 p->sadb_x_sa2_sequence = seq; 4352 p->sadb_x_sa2_reqid = reqid; 4353 4354 return m; 4355 } 4356 4357 /* 4358 * set data into sadb_x_policy 4359 */ 4360 static struct mbuf * 4361 key_setsadbxpolicy(const u_int16_t type, const u_int8_t dir, const u_int32_t id, 4362 int mflag) 4363 { 4364 struct mbuf *m; 4365 struct sadb_x_policy *p; 4366 size_t len; 4367 4368 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 4369 m = key_alloc_mbuf(len, mflag); 4370 if (!m || m->m_next) { /*XXX*/ 4371 if (m) 4372 m_freem(m); 4373 return NULL; 4374 } 4375 4376 p = mtod(m, struct sadb_x_policy *); 4377 4378 memset(p, 0, len); 4379 p->sadb_x_policy_len = PFKEY_UNIT64(len); 4380 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 4381 p->sadb_x_policy_type = type; 4382 p->sadb_x_policy_dir = dir; 4383 p->sadb_x_policy_id = id; 4384 4385 return m; 4386 } 4387 4388 /* %%% utilities */ 4389 /* 4390 * copy a buffer into the new buffer allocated. 4391 */ 4392 static void * 4393 key_newbuf(const void *src, u_int len) 4394 { 4395 void *new; 4396 4397 new = kmem_alloc(len, KM_SLEEP); 4398 memcpy(new, src, len); 4399 4400 return new; 4401 } 4402 4403 /* compare my own address 4404 * OUT: 1: true, i.e. my address. 4405 * 0: false 4406 */ 4407 int 4408 key_ismyaddr(const struct sockaddr *sa) 4409 { 4410 #ifdef INET 4411 const struct sockaddr_in *sin; 4412 const struct in_ifaddr *ia; 4413 int s; 4414 #endif 4415 4416 KASSERT(sa != NULL); 4417 4418 switch (sa->sa_family) { 4419 #ifdef INET 4420 case AF_INET: 4421 sin = (const struct sockaddr_in *)sa; 4422 s = pserialize_read_enter(); 4423 IN_ADDRLIST_READER_FOREACH(ia) { 4424 if (sin->sin_family == ia->ia_addr.sin_family && 4425 sin->sin_len == ia->ia_addr.sin_len && 4426 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr) 4427 { 4428 pserialize_read_exit(s); 4429 return 1; 4430 } 4431 } 4432 pserialize_read_exit(s); 4433 break; 4434 #endif 4435 #ifdef INET6 4436 case AF_INET6: 4437 return key_ismyaddr6((const struct sockaddr_in6 *)sa); 4438 #endif 4439 } 4440 4441 return 0; 4442 } 4443 4444 #ifdef INET6 4445 /* 4446 * compare my own address for IPv6. 4447 * 1: ours 4448 * 0: other 4449 * NOTE: derived ip6_input() in KAME. This is necessary to modify more. 4450 */ 4451 #include <netinet6/in6_var.h> 4452 4453 static int 4454 key_ismyaddr6(const struct sockaddr_in6 *sin6) 4455 { 4456 struct in6_ifaddr *ia; 4457 int s; 4458 struct psref psref; 4459 int bound; 4460 int ours = 1; 4461 4462 bound = curlwp_bind(); 4463 s = pserialize_read_enter(); 4464 IN6_ADDRLIST_READER_FOREACH(ia) { 4465 bool ingroup; 4466 4467 if (key_sockaddr_match((const struct sockaddr *)&sin6, 4468 (const struct sockaddr *)&ia->ia_addr, 0)) { 4469 pserialize_read_exit(s); 4470 goto ours; 4471 } 4472 ia6_acquire(ia, &psref); 4473 pserialize_read_exit(s); 4474 4475 /* 4476 * XXX Multicast 4477 * XXX why do we care about multlicast here while we don't care 4478 * about IPv4 multicast?? 4479 * XXX scope 4480 */ 4481 ingroup = in6_multi_group(&sin6->sin6_addr, ia->ia_ifp); 4482 if (ingroup) { 4483 ia6_release(ia, &psref); 4484 goto ours; 4485 } 4486 4487 s = pserialize_read_enter(); 4488 ia6_release(ia, &psref); 4489 } 4490 pserialize_read_exit(s); 4491 4492 /* loopback, just for safety */ 4493 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr)) 4494 goto ours; 4495 4496 ours = 0; 4497 ours: 4498 curlwp_bindx(bound); 4499 4500 return ours; 4501 } 4502 #endif /*INET6*/ 4503 4504 /* 4505 * compare two secasindex structure. 4506 * flag can specify to compare 2 saidxes. 4507 * compare two secasindex structure without both mode and reqid. 4508 * don't compare port. 4509 * IN: 4510 * saidx0: source, it can be in SAD. 4511 * saidx1: object. 4512 * OUT: 4513 * 1 : equal 4514 * 0 : not equal 4515 */ 4516 static int 4517 key_saidx_match( 4518 const struct secasindex *saidx0, 4519 const struct secasindex *saidx1, 4520 int flag) 4521 { 4522 int chkport; 4523 const struct sockaddr *sa0src, *sa0dst, *sa1src, *sa1dst; 4524 4525 KASSERT(saidx0 != NULL); 4526 KASSERT(saidx1 != NULL); 4527 4528 /* sanity */ 4529 if (saidx0->proto != saidx1->proto) 4530 return 0; 4531 4532 if (flag == CMP_EXACTLY) { 4533 if (saidx0->mode != saidx1->mode) 4534 return 0; 4535 if (saidx0->reqid != saidx1->reqid) 4536 return 0; 4537 if (memcmp(&saidx0->src, &saidx1->src, saidx0->src.sa.sa_len) != 0 || 4538 memcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.sa.sa_len) != 0) 4539 return 0; 4540 } else { 4541 4542 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 4543 if (flag == CMP_MODE_REQID ||flag == CMP_REQID) { 4544 /* 4545 * If reqid of SPD is non-zero, unique SA is required. 4546 * The result must be of same reqid in this case. 4547 */ 4548 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid) 4549 return 0; 4550 } 4551 4552 if (flag == CMP_MODE_REQID) { 4553 if (saidx0->mode != IPSEC_MODE_ANY && 4554 saidx0->mode != saidx1->mode) 4555 return 0; 4556 } 4557 4558 4559 sa0src = &saidx0->src.sa; 4560 sa0dst = &saidx0->dst.sa; 4561 sa1src = &saidx1->src.sa; 4562 sa1dst = &saidx1->dst.sa; 4563 /* 4564 * If NAT-T is enabled, check ports for tunnel mode. 4565 * Don't do it for transport mode, as there is no 4566 * port information available in the SP. 4567 * Also don't check ports if they are set to zero 4568 * in the SPD: This means we have a non-generated 4569 * SPD which can't know UDP ports. 4570 */ 4571 if (saidx1->mode == IPSEC_MODE_TUNNEL) 4572 chkport = PORT_LOOSE; 4573 else 4574 chkport = PORT_NONE; 4575 4576 if (!key_sockaddr_match(sa0src, sa1src, chkport)) { 4577 return 0; 4578 } 4579 if (!key_sockaddr_match(sa0dst, sa1dst, chkport)) { 4580 return 0; 4581 } 4582 } 4583 4584 return 1; 4585 } 4586 4587 /* 4588 * compare two secindex structure exactly. 4589 * IN: 4590 * spidx0: source, it is often in SPD. 4591 * spidx1: object, it is often from PFKEY message. 4592 * OUT: 4593 * 1 : equal 4594 * 0 : not equal 4595 */ 4596 static int 4597 key_spidx_match_exactly( 4598 const struct secpolicyindex *spidx0, 4599 const struct secpolicyindex *spidx1) 4600 { 4601 4602 KASSERT(spidx0 != NULL); 4603 KASSERT(spidx1 != NULL); 4604 4605 /* sanity */ 4606 if (spidx0->prefs != spidx1->prefs || 4607 spidx0->prefd != spidx1->prefd || 4608 spidx0->ul_proto != spidx1->ul_proto) 4609 return 0; 4610 4611 return key_sockaddr_match(&spidx0->src.sa, &spidx1->src.sa, PORT_STRICT) && 4612 key_sockaddr_match(&spidx0->dst.sa, &spidx1->dst.sa, PORT_STRICT); 4613 } 4614 4615 /* 4616 * compare two secindex structure with mask. 4617 * IN: 4618 * spidx0: source, it is often in SPD. 4619 * spidx1: object, it is often from IP header. 4620 * OUT: 4621 * 1 : equal 4622 * 0 : not equal 4623 */ 4624 static int 4625 key_spidx_match_withmask( 4626 const struct secpolicyindex *spidx0, 4627 const struct secpolicyindex *spidx1) 4628 { 4629 4630 KASSERT(spidx0 != NULL); 4631 KASSERT(spidx1 != NULL); 4632 4633 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 4634 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 4635 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 4636 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 4637 return 0; 4638 4639 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 4640 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY && 4641 spidx0->ul_proto != spidx1->ul_proto) 4642 return 0; 4643 4644 switch (spidx0->src.sa.sa_family) { 4645 case AF_INET: 4646 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY && 4647 spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 4648 return 0; 4649 if (!key_bb_match_withmask(&spidx0->src.sin.sin_addr, 4650 &spidx1->src.sin.sin_addr, spidx0->prefs)) 4651 return 0; 4652 break; 4653 case AF_INET6: 4654 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY && 4655 spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 4656 return 0; 4657 /* 4658 * scope_id check. if sin6_scope_id is 0, we regard it 4659 * as a wildcard scope, which matches any scope zone ID. 4660 */ 4661 if (spidx0->src.sin6.sin6_scope_id && 4662 spidx1->src.sin6.sin6_scope_id && 4663 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 4664 return 0; 4665 if (!key_bb_match_withmask(&spidx0->src.sin6.sin6_addr, 4666 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 4667 return 0; 4668 break; 4669 default: 4670 /* XXX */ 4671 if (memcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 4672 return 0; 4673 break; 4674 } 4675 4676 switch (spidx0->dst.sa.sa_family) { 4677 case AF_INET: 4678 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY && 4679 spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 4680 return 0; 4681 if (!key_bb_match_withmask(&spidx0->dst.sin.sin_addr, 4682 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 4683 return 0; 4684 break; 4685 case AF_INET6: 4686 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY && 4687 spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 4688 return 0; 4689 /* 4690 * scope_id check. if sin6_scope_id is 0, we regard it 4691 * as a wildcard scope, which matches any scope zone ID. 4692 */ 4693 if (spidx0->src.sin6.sin6_scope_id && 4694 spidx1->src.sin6.sin6_scope_id && 4695 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 4696 return 0; 4697 if (!key_bb_match_withmask(&spidx0->dst.sin6.sin6_addr, 4698 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 4699 return 0; 4700 break; 4701 default: 4702 /* XXX */ 4703 if (memcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 4704 return 0; 4705 break; 4706 } 4707 4708 /* XXX Do we check other field ? e.g. flowinfo */ 4709 4710 return 1; 4711 } 4712 4713 /* returns 0 on match */ 4714 static int 4715 key_portcomp(in_port_t port1, in_port_t port2, int howport) 4716 { 4717 switch (howport) { 4718 case PORT_NONE: 4719 return 0; 4720 case PORT_LOOSE: 4721 if (port1 == 0 || port2 == 0) 4722 return 0; 4723 /*FALLTHROUGH*/ 4724 case PORT_STRICT: 4725 if (port1 != port2) { 4726 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 4727 "port fail %d != %d\n", port1, port2); 4728 return 1; 4729 } 4730 return 0; 4731 default: 4732 KASSERT(0); 4733 return 1; 4734 } 4735 } 4736 4737 /* returns 1 on match */ 4738 static int 4739 key_sockaddr_match( 4740 const struct sockaddr *sa1, 4741 const struct sockaddr *sa2, 4742 int howport) 4743 { 4744 const struct sockaddr_in *sin1, *sin2; 4745 const struct sockaddr_in6 *sin61, *sin62; 4746 char s1[IPSEC_ADDRSTRLEN], s2[IPSEC_ADDRSTRLEN]; 4747 4748 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) { 4749 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 4750 "fam/len fail %d != %d || %d != %d\n", 4751 sa1->sa_family, sa2->sa_family, sa1->sa_len, 4752 sa2->sa_len); 4753 return 0; 4754 } 4755 4756 switch (sa1->sa_family) { 4757 case AF_INET: 4758 if (sa1->sa_len != sizeof(struct sockaddr_in)) { 4759 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 4760 "len fail %d != %zu\n", 4761 sa1->sa_len, sizeof(struct sockaddr_in)); 4762 return 0; 4763 } 4764 sin1 = (const struct sockaddr_in *)sa1; 4765 sin2 = (const struct sockaddr_in *)sa2; 4766 if (sin1->sin_addr.s_addr != sin2->sin_addr.s_addr) { 4767 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 4768 "addr fail %s != %s\n", 4769 (in_print(s1, sizeof(s1), &sin1->sin_addr), s1), 4770 (in_print(s2, sizeof(s2), &sin2->sin_addr), s2)); 4771 return 0; 4772 } 4773 if (key_portcomp(sin1->sin_port, sin2->sin_port, howport)) { 4774 return 0; 4775 } 4776 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 4777 "addr success %s[%d] == %s[%d]\n", 4778 (in_print(s1, sizeof(s1), &sin1->sin_addr), s1), 4779 sin1->sin_port, 4780 (in_print(s2, sizeof(s2), &sin2->sin_addr), s2), 4781 sin2->sin_port); 4782 break; 4783 case AF_INET6: 4784 sin61 = (const struct sockaddr_in6 *)sa1; 4785 sin62 = (const struct sockaddr_in6 *)sa2; 4786 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 4787 return 0; /*EINVAL*/ 4788 4789 if (sin61->sin6_scope_id != sin62->sin6_scope_id) { 4790 return 0; 4791 } 4792 if (!IN6_ARE_ADDR_EQUAL(&sin61->sin6_addr, &sin62->sin6_addr)) { 4793 return 0; 4794 } 4795 if (key_portcomp(sin61->sin6_port, sin62->sin6_port, howport)) { 4796 return 0; 4797 } 4798 break; 4799 default: 4800 if (memcmp(sa1, sa2, sa1->sa_len) != 0) 4801 return 0; 4802 break; 4803 } 4804 4805 return 1; 4806 } 4807 4808 /* 4809 * compare two buffers with mask. 4810 * IN: 4811 * addr1: source 4812 * addr2: object 4813 * bits: Number of bits to compare 4814 * OUT: 4815 * 1 : equal 4816 * 0 : not equal 4817 */ 4818 static int 4819 key_bb_match_withmask(const void *a1, const void *a2, u_int bits) 4820 { 4821 const unsigned char *p1 = a1; 4822 const unsigned char *p2 = a2; 4823 4824 /* XXX: This could be considerably faster if we compare a word 4825 * at a time, but it is complicated on LSB Endian machines */ 4826 4827 /* Handle null pointers */ 4828 if (p1 == NULL || p2 == NULL) 4829 return (p1 == p2); 4830 4831 while (bits >= 8) { 4832 if (*p1++ != *p2++) 4833 return 0; 4834 bits -= 8; 4835 } 4836 4837 if (bits > 0) { 4838 u_int8_t mask = ~((1<<(8-bits))-1); 4839 if ((*p1 & mask) != (*p2 & mask)) 4840 return 0; 4841 } 4842 return 1; /* Match! */ 4843 } 4844 4845 static void 4846 key_timehandler_spd(time_t now) 4847 { 4848 u_int dir; 4849 struct secpolicy *sp; 4850 4851 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4852 retry: 4853 mutex_enter(&key_spd.lock); 4854 SPLIST_WRITER_FOREACH(sp, dir) { 4855 KASSERT(sp->state != IPSEC_SPSTATE_DEAD); 4856 4857 if (sp->lifetime == 0 && sp->validtime == 0) 4858 continue; 4859 4860 if ((sp->lifetime && now - sp->created > sp->lifetime) || 4861 (sp->validtime && now - sp->lastused > sp->validtime)) { 4862 key_unlink_sp(sp); 4863 mutex_exit(&key_spd.lock); 4864 key_spdexpire(sp); 4865 key_destroy_sp(sp); 4866 goto retry; 4867 } 4868 } 4869 mutex_exit(&key_spd.lock); 4870 } 4871 4872 retry_socksplist: 4873 mutex_enter(&key_spd.lock); 4874 SOCKSPLIST_WRITER_FOREACH(sp) { 4875 if (sp->state != IPSEC_SPSTATE_DEAD) 4876 continue; 4877 4878 key_unlink_sp(sp); 4879 mutex_exit(&key_spd.lock); 4880 key_destroy_sp(sp); 4881 goto retry_socksplist; 4882 } 4883 mutex_exit(&key_spd.lock); 4884 } 4885 4886 static void 4887 key_timehandler_sad(time_t now) 4888 { 4889 struct secashead *sah; 4890 int s; 4891 4892 restart: 4893 mutex_enter(&key_sad.lock); 4894 SAHLIST_WRITER_FOREACH(sah) { 4895 /* If sah has been dead and has no sav, then delete it */ 4896 if (sah->state == SADB_SASTATE_DEAD && 4897 !key_sah_has_sav(sah)) { 4898 key_unlink_sah(sah); 4899 mutex_exit(&key_sad.lock); 4900 key_destroy_sah(sah); 4901 goto restart; 4902 } 4903 } 4904 mutex_exit(&key_sad.lock); 4905 4906 s = pserialize_read_enter(); 4907 SAHLIST_READER_FOREACH(sah) { 4908 struct secasvar *sav; 4909 4910 key_sah_ref(sah); 4911 pserialize_read_exit(s); 4912 4913 /* if LARVAL entry doesn't become MATURE, delete it. */ 4914 mutex_enter(&key_sad.lock); 4915 restart_sav_LARVAL: 4916 SAVLIST_WRITER_FOREACH(sav, sah, SADB_SASTATE_LARVAL) { 4917 if (now - sav->created > key_larval_lifetime) { 4918 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 4919 goto restart_sav_LARVAL; 4920 } 4921 } 4922 mutex_exit(&key_sad.lock); 4923 4924 /* 4925 * check MATURE entry to start to send expire message 4926 * whether or not. 4927 */ 4928 restart_sav_MATURE: 4929 mutex_enter(&key_sad.lock); 4930 SAVLIST_WRITER_FOREACH(sav, sah, SADB_SASTATE_MATURE) { 4931 /* we don't need to check. */ 4932 if (sav->lft_s == NULL) 4933 continue; 4934 4935 /* sanity check */ 4936 KASSERT(sav->lft_c != NULL); 4937 4938 /* check SOFT lifetime */ 4939 if (sav->lft_s->sadb_lifetime_addtime != 0 && 4940 now - sav->created > sav->lft_s->sadb_lifetime_addtime) { 4941 /* 4942 * check SA to be used whether or not. 4943 * when SA hasn't been used, delete it. 4944 */ 4945 if (sav->lft_c->sadb_lifetime_usetime == 0) { 4946 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 4947 mutex_exit(&key_sad.lock); 4948 } else { 4949 key_sa_chgstate(sav, SADB_SASTATE_DYING); 4950 mutex_exit(&key_sad.lock); 4951 /* 4952 * XXX If we keep to send expire 4953 * message in the status of 4954 * DYING. Do remove below code. 4955 */ 4956 key_expire(sav); 4957 } 4958 goto restart_sav_MATURE; 4959 } 4960 /* check SOFT lifetime by bytes */ 4961 /* 4962 * XXX I don't know the way to delete this SA 4963 * when new SA is installed. Caution when it's 4964 * installed too big lifetime by time. 4965 */ 4966 else { 4967 uint64_t lft_c_bytes = 0; 4968 lifetime_counters_t sum = {0}; 4969 4970 percpu_foreach(sav->lft_c_counters_percpu, 4971 key_sum_lifetime_counters, sum); 4972 lft_c_bytes = sum[LIFETIME_COUNTER_BYTES]; 4973 4974 if (sav->lft_s->sadb_lifetime_bytes == 0 || 4975 sav->lft_s->sadb_lifetime_bytes >= lft_c_bytes) 4976 continue; 4977 4978 key_sa_chgstate(sav, SADB_SASTATE_DYING); 4979 mutex_exit(&key_sad.lock); 4980 /* 4981 * XXX If we keep to send expire 4982 * message in the status of 4983 * DYING. Do remove below code. 4984 */ 4985 key_expire(sav); 4986 goto restart_sav_MATURE; 4987 } 4988 } 4989 mutex_exit(&key_sad.lock); 4990 4991 /* check DYING entry to change status to DEAD. */ 4992 mutex_enter(&key_sad.lock); 4993 restart_sav_DYING: 4994 SAVLIST_WRITER_FOREACH(sav, sah, SADB_SASTATE_DYING) { 4995 /* we don't need to check. */ 4996 if (sav->lft_h == NULL) 4997 continue; 4998 4999 /* sanity check */ 5000 KASSERT(sav->lft_c != NULL); 5001 5002 if (sav->lft_h->sadb_lifetime_addtime != 0 && 5003 now - sav->created > sav->lft_h->sadb_lifetime_addtime) { 5004 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 5005 goto restart_sav_DYING; 5006 } 5007 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */ 5008 else if (sav->lft_s != NULL 5009 && sav->lft_s->sadb_lifetime_addtime != 0 5010 && now - sav->created > sav->lft_s->sadb_lifetime_addtime) { 5011 /* 5012 * XXX: should be checked to be 5013 * installed the valid SA. 5014 */ 5015 5016 /* 5017 * If there is no SA then sending 5018 * expire message. 5019 */ 5020 key_expire(sav); 5021 } 5022 #endif 5023 /* check HARD lifetime by bytes */ 5024 else { 5025 uint64_t lft_c_bytes = 0; 5026 lifetime_counters_t sum = {0}; 5027 5028 percpu_foreach(sav->lft_c_counters_percpu, 5029 key_sum_lifetime_counters, sum); 5030 lft_c_bytes = sum[LIFETIME_COUNTER_BYTES]; 5031 5032 if (sav->lft_h->sadb_lifetime_bytes == 0 || 5033 sav->lft_h->sadb_lifetime_bytes >= lft_c_bytes) 5034 continue; 5035 5036 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 5037 goto restart_sav_DYING; 5038 } 5039 } 5040 mutex_exit(&key_sad.lock); 5041 5042 /* delete entry in DEAD */ 5043 restart_sav_DEAD: 5044 mutex_enter(&key_sad.lock); 5045 SAVLIST_WRITER_FOREACH(sav, sah, SADB_SASTATE_DEAD) { 5046 key_unlink_sav(sav); 5047 mutex_exit(&key_sad.lock); 5048 key_destroy_sav(sav); 5049 goto restart_sav_DEAD; 5050 } 5051 mutex_exit(&key_sad.lock); 5052 5053 s = pserialize_read_enter(); 5054 key_sah_unref(sah); 5055 } 5056 pserialize_read_exit(s); 5057 } 5058 5059 static void 5060 key_timehandler_acq(time_t now) 5061 { 5062 #ifndef IPSEC_NONBLOCK_ACQUIRE 5063 struct secacq *acq, *nextacq; 5064 5065 restart: 5066 mutex_enter(&key_misc.lock); 5067 LIST_FOREACH_SAFE(acq, &key_misc.acqlist, chain, nextacq) { 5068 if (now - acq->created > key_blockacq_lifetime) { 5069 LIST_REMOVE(acq, chain); 5070 mutex_exit(&key_misc.lock); 5071 kmem_free(acq, sizeof(*acq)); 5072 goto restart; 5073 } 5074 } 5075 mutex_exit(&key_misc.lock); 5076 #endif 5077 } 5078 5079 static void 5080 key_timehandler_spacq(time_t now) 5081 { 5082 #ifdef notyet 5083 struct secspacq *acq, *nextacq; 5084 5085 LIST_FOREACH_SAFE(acq, &key_misc.spacqlist, chain, nextacq) { 5086 if (now - acq->created > key_blockacq_lifetime) { 5087 KASSERT(__LIST_CHAINED(acq)); 5088 LIST_REMOVE(acq, chain); 5089 kmem_free(acq, sizeof(*acq)); 5090 } 5091 } 5092 #endif 5093 } 5094 5095 static unsigned int key_timehandler_work_enqueued = 0; 5096 5097 /* 5098 * time handler. 5099 * scanning SPD and SAD to check status for each entries, 5100 * and do to remove or to expire. 5101 */ 5102 static void 5103 key_timehandler_work(struct work *wk, void *arg) 5104 { 5105 time_t now = time_uptime; 5106 5107 /* We can allow enqueuing another work at this point */ 5108 atomic_swap_uint(&key_timehandler_work_enqueued, 0); 5109 5110 key_timehandler_spd(now); 5111 key_timehandler_sad(now); 5112 key_timehandler_acq(now); 5113 key_timehandler_spacq(now); 5114 5115 key_acquire_sendup_pending_mbuf(); 5116 5117 /* do exchange to tick time !! */ 5118 callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL); 5119 5120 return; 5121 } 5122 5123 static void 5124 key_timehandler(void *arg) 5125 { 5126 5127 /* Avoid enqueuing another work when one is already enqueued */ 5128 if (atomic_swap_uint(&key_timehandler_work_enqueued, 1) == 1) 5129 return; 5130 5131 workqueue_enqueue(key_timehandler_wq, &key_timehandler_wk, NULL); 5132 } 5133 5134 u_long 5135 key_random(void) 5136 { 5137 u_long value; 5138 5139 key_randomfill(&value, sizeof(value)); 5140 return value; 5141 } 5142 5143 void 5144 key_randomfill(void *p, size_t l) 5145 { 5146 5147 cprng_fast(p, l); 5148 } 5149 5150 /* 5151 * map SADB_SATYPE_* to IPPROTO_*. 5152 * if satype == SADB_SATYPE then satype is mapped to ~0. 5153 * OUT: 5154 * 0: invalid satype. 5155 */ 5156 static u_int16_t 5157 key_satype2proto(u_int8_t satype) 5158 { 5159 switch (satype) { 5160 case SADB_SATYPE_UNSPEC: 5161 return IPSEC_PROTO_ANY; 5162 case SADB_SATYPE_AH: 5163 return IPPROTO_AH; 5164 case SADB_SATYPE_ESP: 5165 return IPPROTO_ESP; 5166 case SADB_X_SATYPE_IPCOMP: 5167 return IPPROTO_IPCOMP; 5168 case SADB_X_SATYPE_TCPSIGNATURE: 5169 return IPPROTO_TCP; 5170 default: 5171 return 0; 5172 } 5173 /* NOTREACHED */ 5174 } 5175 5176 /* 5177 * map IPPROTO_* to SADB_SATYPE_* 5178 * OUT: 5179 * 0: invalid protocol type. 5180 */ 5181 static u_int8_t 5182 key_proto2satype(u_int16_t proto) 5183 { 5184 switch (proto) { 5185 case IPPROTO_AH: 5186 return SADB_SATYPE_AH; 5187 case IPPROTO_ESP: 5188 return SADB_SATYPE_ESP; 5189 case IPPROTO_IPCOMP: 5190 return SADB_X_SATYPE_IPCOMP; 5191 case IPPROTO_TCP: 5192 return SADB_X_SATYPE_TCPSIGNATURE; 5193 default: 5194 return 0; 5195 } 5196 /* NOTREACHED */ 5197 } 5198 5199 static int 5200 key_setsecasidx(int proto, int mode, int reqid, 5201 const struct sockaddr *src, const struct sockaddr *dst, 5202 struct secasindex * saidx) 5203 { 5204 const union sockaddr_union *src_u = (const union sockaddr_union *)src; 5205 const union sockaddr_union *dst_u = (const union sockaddr_union *)dst; 5206 5207 /* sa len safety check */ 5208 if (key_checksalen(src_u) != 0) 5209 return -1; 5210 if (key_checksalen(dst_u) != 0) 5211 return -1; 5212 5213 memset(saidx, 0, sizeof(*saidx)); 5214 saidx->proto = proto; 5215 saidx->mode = mode; 5216 saidx->reqid = reqid; 5217 memcpy(&saidx->src, src_u, src_u->sa.sa_len); 5218 memcpy(&saidx->dst, dst_u, dst_u->sa.sa_len); 5219 5220 key_porttosaddr(&((saidx)->src), 0); 5221 key_porttosaddr(&((saidx)->dst), 0); 5222 return 0; 5223 } 5224 5225 static void 5226 key_init_spidx_bymsghdr(struct secpolicyindex *spidx, 5227 const struct sadb_msghdr *mhp) 5228 { 5229 const struct sadb_address *src0, *dst0; 5230 const struct sockaddr *src, *dst; 5231 const struct sadb_x_policy *xpl0; 5232 5233 src0 = mhp->ext[SADB_EXT_ADDRESS_SRC]; 5234 dst0 = mhp->ext[SADB_EXT_ADDRESS_DST]; 5235 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 5236 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 5237 xpl0 = mhp->ext[SADB_X_EXT_POLICY]; 5238 5239 memset(spidx, 0, sizeof(*spidx)); 5240 spidx->dir = xpl0->sadb_x_policy_dir; 5241 spidx->prefs = src0->sadb_address_prefixlen; 5242 spidx->prefd = dst0->sadb_address_prefixlen; 5243 spidx->ul_proto = src0->sadb_address_proto; 5244 /* XXX boundary check against sa_len */ 5245 memcpy(&spidx->src, src, src->sa_len); 5246 memcpy(&spidx->dst, dst, dst->sa_len); 5247 } 5248 5249 /* %%% PF_KEY */ 5250 /* 5251 * SADB_GETSPI processing is to receive 5252 * <base, (SA2), src address, dst address, (SPI range)> 5253 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 5254 * tree with the status of LARVAL, and send 5255 * <base, SA(*), address(SD)> 5256 * to the IKMPd. 5257 * 5258 * IN: mhp: pointer to the pointer to each header. 5259 * OUT: NULL if fail. 5260 * other if success, return pointer to the message to send. 5261 */ 5262 static int 5263 key_api_getspi(struct socket *so, struct mbuf *m, 5264 const struct sadb_msghdr *mhp) 5265 { 5266 const struct sockaddr *src, *dst; 5267 struct secasindex saidx; 5268 struct secashead *sah; 5269 struct secasvar *newsav; 5270 u_int8_t proto; 5271 u_int32_t spi; 5272 u_int8_t mode; 5273 u_int16_t reqid; 5274 int error; 5275 5276 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5277 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 5278 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 5279 return key_senderror(so, m, EINVAL); 5280 } 5281 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5282 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5283 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 5284 return key_senderror(so, m, EINVAL); 5285 } 5286 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 5287 const struct sadb_x_sa2 *sa2 = mhp->ext[SADB_X_EXT_SA2]; 5288 mode = sa2->sadb_x_sa2_mode; 5289 reqid = sa2->sadb_x_sa2_reqid; 5290 } else { 5291 mode = IPSEC_MODE_ANY; 5292 reqid = 0; 5293 } 5294 5295 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 5296 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 5297 5298 /* map satype to proto */ 5299 proto = key_satype2proto(mhp->msg->sadb_msg_satype); 5300 if (proto == 0) { 5301 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n"); 5302 return key_senderror(so, m, EINVAL); 5303 } 5304 5305 5306 error = key_setsecasidx(proto, mode, reqid, src, dst, &saidx); 5307 if (error != 0) 5308 return key_senderror(so, m, EINVAL); 5309 5310 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp); 5311 if (error != 0) 5312 return key_senderror(so, m, EINVAL); 5313 5314 /* SPI allocation */ 5315 spi = key_do_getnewspi(mhp->ext[SADB_EXT_SPIRANGE], &saidx); 5316 if (spi == 0) 5317 return key_senderror(so, m, EINVAL); 5318 5319 /* get a SA index */ 5320 sah = key_getsah_ref(&saidx, CMP_REQID); 5321 if (sah == NULL) { 5322 /* create a new SA index */ 5323 sah = key_newsah(&saidx); 5324 if (sah == NULL) { 5325 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 5326 return key_senderror(so, m, ENOBUFS); 5327 } 5328 } 5329 5330 /* get a new SA */ 5331 /* XXX rewrite */ 5332 newsav = KEY_NEWSAV(m, mhp, &error); 5333 if (newsav == NULL) { 5334 key_sah_unref(sah); 5335 /* XXX don't free new SA index allocated in above. */ 5336 return key_senderror(so, m, error); 5337 } 5338 5339 /* set spi */ 5340 newsav->spi = htonl(spi); 5341 5342 /* Add to sah#savlist */ 5343 key_init_sav(newsav); 5344 newsav->sah = sah; 5345 newsav->state = SADB_SASTATE_LARVAL; 5346 mutex_enter(&key_sad.lock); 5347 SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_LARVAL, newsav); 5348 mutex_exit(&key_sad.lock); 5349 key_validate_savlist(sah, SADB_SASTATE_LARVAL); 5350 5351 key_sah_unref(sah); 5352 5353 #ifndef IPSEC_NONBLOCK_ACQUIRE 5354 /* delete the entry in key_misc.acqlist */ 5355 if (mhp->msg->sadb_msg_seq != 0) { 5356 struct secacq *acq; 5357 mutex_enter(&key_misc.lock); 5358 acq = key_getacqbyseq(mhp->msg->sadb_msg_seq); 5359 if (acq != NULL) { 5360 /* reset counter in order to deletion by timehandler. */ 5361 acq->created = time_uptime; 5362 acq->count = 0; 5363 } 5364 mutex_exit(&key_misc.lock); 5365 } 5366 #endif 5367 5368 { 5369 struct mbuf *n, *nn; 5370 struct sadb_sa *m_sa; 5371 int off, len; 5372 5373 CTASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 5374 PFKEY_ALIGN8(sizeof(struct sadb_sa)) <= MCLBYTES); 5375 5376 /* create new sadb_msg to reply. */ 5377 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 5378 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 5379 5380 n = key_alloc_mbuf_simple(len, M_WAITOK); 5381 n->m_len = len; 5382 n->m_next = NULL; 5383 off = 0; 5384 5385 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off); 5386 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 5387 5388 m_sa = (struct sadb_sa *)(mtod(n, char *) + off); 5389 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 5390 m_sa->sadb_sa_exttype = SADB_EXT_SA; 5391 m_sa->sadb_sa_spi = htonl(spi); 5392 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 5393 5394 KASSERTMSG(off == len, "length inconsistency"); 5395 5396 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 5397 SADB_EXT_ADDRESS_DST); 5398 5399 KASSERT(n->m_len >= sizeof(struct sadb_msg)); 5400 5401 n->m_pkthdr.len = 0; 5402 for (nn = n; nn; nn = nn->m_next) 5403 n->m_pkthdr.len += nn->m_len; 5404 5405 key_fill_replymsg(n, newsav->seq); 5406 m_freem(m); 5407 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 5408 } 5409 } 5410 5411 /* 5412 * allocating new SPI 5413 * called by key_api_getspi(). 5414 * OUT: 5415 * 0: failure. 5416 * others: success. 5417 */ 5418 static u_int32_t 5419 key_do_getnewspi(const struct sadb_spirange *spirange, 5420 const struct secasindex *saidx) 5421 { 5422 u_int32_t newspi; 5423 u_int32_t spmin, spmax; 5424 int count = key_spi_trycnt; 5425 5426 /* set spi range to allocate */ 5427 if (spirange != NULL) { 5428 spmin = spirange->sadb_spirange_min; 5429 spmax = spirange->sadb_spirange_max; 5430 } else { 5431 spmin = key_spi_minval; 5432 spmax = key_spi_maxval; 5433 } 5434 /* IPCOMP needs 2-byte SPI */ 5435 if (saidx->proto == IPPROTO_IPCOMP) { 5436 u_int32_t t; 5437 if (spmin >= 0x10000) 5438 spmin = 0xffff; 5439 if (spmax >= 0x10000) 5440 spmax = 0xffff; 5441 if (spmin > spmax) { 5442 t = spmin; spmin = spmax; spmax = t; 5443 } 5444 } 5445 5446 if (spmin == spmax) { 5447 if (key_checkspidup(saidx, htonl(spmin))) { 5448 IPSECLOG(LOG_DEBUG, "SPI %u exists already.\n", spmin); 5449 return 0; 5450 } 5451 5452 count--; /* taking one cost. */ 5453 newspi = spmin; 5454 5455 } else { 5456 5457 /* init SPI */ 5458 newspi = 0; 5459 5460 /* when requesting to allocate spi ranged */ 5461 while (count--) { 5462 /* generate pseudo-random SPI value ranged. */ 5463 newspi = spmin + (key_random() % (spmax - spmin + 1)); 5464 5465 if (!key_checkspidup(saidx, htonl(newspi))) 5466 break; 5467 } 5468 5469 if (count == 0 || newspi == 0) { 5470 IPSECLOG(LOG_DEBUG, "to allocate spi is failed.\n"); 5471 return 0; 5472 } 5473 } 5474 5475 /* statistics */ 5476 keystat.getspi_count = 5477 (keystat.getspi_count + key_spi_trycnt - count) / 2; 5478 5479 return newspi; 5480 } 5481 5482 static int 5483 key_handle_natt_info(struct secasvar *sav, 5484 const struct sadb_msghdr *mhp) 5485 { 5486 const char *msg = "?" ; 5487 struct sadb_x_nat_t_type *type; 5488 struct sadb_x_nat_t_port *sport, *dport; 5489 struct sadb_address *iaddr, *raddr; 5490 struct sadb_x_nat_t_frag *frag; 5491 5492 if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL || 5493 mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL || 5494 mhp->ext[SADB_X_EXT_NAT_T_DPORT] == NULL) 5495 return 0; 5496 5497 if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) { 5498 msg = "TYPE"; 5499 goto bad; 5500 } 5501 5502 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) { 5503 msg = "SPORT"; 5504 goto bad; 5505 } 5506 5507 if (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) { 5508 msg = "DPORT"; 5509 goto bad; 5510 } 5511 5512 if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) { 5513 IPSECLOG(LOG_DEBUG, "NAT-T OAi present\n"); 5514 if (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr)) { 5515 msg = "OAI"; 5516 goto bad; 5517 } 5518 } 5519 5520 if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) { 5521 IPSECLOG(LOG_DEBUG, "NAT-T OAr present\n"); 5522 if (mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr)) { 5523 msg = "OAR"; 5524 goto bad; 5525 } 5526 } 5527 5528 if (mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) { 5529 if (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag)) { 5530 msg = "FRAG"; 5531 goto bad; 5532 } 5533 } 5534 5535 type = mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5536 sport = mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5537 dport = mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5538 iaddr = mhp->ext[SADB_X_EXT_NAT_T_OAI]; 5539 raddr = mhp->ext[SADB_X_EXT_NAT_T_OAR]; 5540 frag = mhp->ext[SADB_X_EXT_NAT_T_FRAG]; 5541 5542 IPSECLOG(LOG_DEBUG, "type %d, sport = %d, dport = %d\n", 5543 type->sadb_x_nat_t_type_type, 5544 ntohs(sport->sadb_x_nat_t_port_port), 5545 ntohs(dport->sadb_x_nat_t_port_port)); 5546 5547 sav->natt_type = type->sadb_x_nat_t_type_type; 5548 key_porttosaddr(&sav->sah->saidx.src, sport->sadb_x_nat_t_port_port); 5549 key_porttosaddr(&sav->sah->saidx.dst, dport->sadb_x_nat_t_port_port); 5550 if (frag) 5551 sav->esp_frag = frag->sadb_x_nat_t_frag_fraglen; 5552 else 5553 sav->esp_frag = IP_MAXPACKET; 5554 5555 return 0; 5556 bad: 5557 IPSECLOG(LOG_DEBUG, "invalid message %s\n", msg); 5558 __USE(msg); 5559 return -1; 5560 } 5561 5562 /* Just update the IPSEC_NAT_T ports if present */ 5563 static int 5564 key_set_natt_ports(union sockaddr_union *src, union sockaddr_union *dst, 5565 const struct sadb_msghdr *mhp) 5566 { 5567 if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) 5568 IPSECLOG(LOG_DEBUG, "NAT-T OAi present\n"); 5569 if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) 5570 IPSECLOG(LOG_DEBUG, "NAT-T OAr present\n"); 5571 5572 if ((mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL) && 5573 (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL) && 5574 (mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL)) { 5575 struct sadb_x_nat_t_type *type; 5576 struct sadb_x_nat_t_port *sport; 5577 struct sadb_x_nat_t_port *dport; 5578 5579 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) || 5580 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) || 5581 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) { 5582 IPSECLOG(LOG_DEBUG, "invalid message\n"); 5583 return -1; 5584 } 5585 5586 type = mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5587 sport = mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5588 dport = mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5589 5590 key_porttosaddr(src, sport->sadb_x_nat_t_port_port); 5591 key_porttosaddr(dst, dport->sadb_x_nat_t_port_port); 5592 5593 IPSECLOG(LOG_DEBUG, "type %d, sport = %d, dport = %d\n", 5594 type->sadb_x_nat_t_type_type, 5595 ntohs(sport->sadb_x_nat_t_port_port), 5596 ntohs(dport->sadb_x_nat_t_port_port)); 5597 } 5598 5599 return 0; 5600 } 5601 5602 5603 /* 5604 * SADB_UPDATE processing 5605 * receive 5606 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5607 * key(AE), (identity(SD),) (sensitivity)> 5608 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 5609 * and send 5610 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5611 * (identity(SD),) (sensitivity)> 5612 * to the ikmpd. 5613 * 5614 * m will always be freed. 5615 */ 5616 static int 5617 key_api_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5618 { 5619 struct sadb_sa *sa0; 5620 const struct sockaddr *src, *dst; 5621 struct secasindex saidx; 5622 struct secashead *sah; 5623 struct secasvar *sav, *newsav, *oldsav; 5624 u_int16_t proto; 5625 u_int8_t mode; 5626 u_int16_t reqid; 5627 int error; 5628 5629 /* map satype to proto */ 5630 proto = key_satype2proto(mhp->msg->sadb_msg_satype); 5631 if (proto == 0) { 5632 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n"); 5633 return key_senderror(so, m, EINVAL); 5634 } 5635 5636 if (mhp->ext[SADB_EXT_SA] == NULL || 5637 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5638 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 5639 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5640 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) || 5641 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5642 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) || 5643 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL && 5644 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) || 5645 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL && 5646 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) { 5647 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 5648 return key_senderror(so, m, EINVAL); 5649 } 5650 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 5651 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5652 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5653 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 5654 return key_senderror(so, m, EINVAL); 5655 } 5656 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 5657 const struct sadb_x_sa2 *sa2 = mhp->ext[SADB_X_EXT_SA2]; 5658 mode = sa2->sadb_x_sa2_mode; 5659 reqid = sa2->sadb_x_sa2_reqid; 5660 } else { 5661 mode = IPSEC_MODE_ANY; 5662 reqid = 0; 5663 } 5664 /* XXX boundary checking for other extensions */ 5665 5666 sa0 = mhp->ext[SADB_EXT_SA]; 5667 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 5668 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 5669 5670 error = key_setsecasidx(proto, mode, reqid, src, dst, &saidx); 5671 if (error != 0) 5672 return key_senderror(so, m, EINVAL); 5673 5674 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp); 5675 if (error != 0) 5676 return key_senderror(so, m, EINVAL); 5677 5678 /* get a SA header */ 5679 sah = key_getsah_ref(&saidx, CMP_REQID); 5680 if (sah == NULL) { 5681 IPSECLOG(LOG_DEBUG, "no SA index found.\n"); 5682 return key_senderror(so, m, ENOENT); 5683 } 5684 5685 /* set spidx if there */ 5686 /* XXX rewrite */ 5687 error = key_setident(sah, m, mhp); 5688 if (error) 5689 goto error_sah; 5690 5691 /* find a SA with sequence number. */ 5692 #ifdef IPSEC_DOSEQCHECK 5693 if (mhp->msg->sadb_msg_seq != 0) { 5694 sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq); 5695 if (sav == NULL) { 5696 IPSECLOG(LOG_DEBUG, 5697 "no larval SA with sequence %u exists.\n", 5698 mhp->msg->sadb_msg_seq); 5699 error = ENOENT; 5700 goto error_sah; 5701 } 5702 } 5703 #else 5704 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 5705 if (sav == NULL) { 5706 IPSECLOG(LOG_DEBUG, "no such a SA found (spi:%u)\n", 5707 (u_int32_t)ntohl(sa0->sadb_sa_spi)); 5708 error = EINVAL; 5709 goto error_sah; 5710 } 5711 #endif 5712 5713 /* validity check */ 5714 if (sav->sah->saidx.proto != proto) { 5715 IPSECLOG(LOG_DEBUG, "protocol mismatched (DB=%u param=%u)\n", 5716 sav->sah->saidx.proto, proto); 5717 error = EINVAL; 5718 goto error; 5719 } 5720 #ifdef IPSEC_DOSEQCHECK 5721 if (sav->spi != sa0->sadb_sa_spi) { 5722 IPSECLOG(LOG_DEBUG, "SPI mismatched (DB:%u param:%u)\n", 5723 (u_int32_t)ntohl(sav->spi), 5724 (u_int32_t)ntohl(sa0->sadb_sa_spi)); 5725 error = EINVAL; 5726 goto error; 5727 } 5728 #endif 5729 if (sav->pid != mhp->msg->sadb_msg_pid) { 5730 IPSECLOG(LOG_DEBUG, "pid mismatched (DB:%u param:%u)\n", 5731 sav->pid, mhp->msg->sadb_msg_pid); 5732 error = EINVAL; 5733 goto error; 5734 } 5735 5736 /* 5737 * Allocate a new SA instead of modifying the existing SA directly 5738 * to avoid race conditions. 5739 */ 5740 newsav = kmem_zalloc(sizeof(struct secasvar), KM_SLEEP); 5741 5742 /* copy sav values */ 5743 newsav->spi = sav->spi; 5744 newsav->seq = sav->seq; 5745 newsav->created = sav->created; 5746 newsav->pid = sav->pid; 5747 newsav->sah = sav->sah; 5748 5749 error = key_setsaval(newsav, m, mhp); 5750 if (error) { 5751 key_delsav(newsav); 5752 goto error; 5753 } 5754 5755 error = key_handle_natt_info(newsav, mhp); 5756 if (error != 0) { 5757 key_delsav(newsav); 5758 goto error; 5759 } 5760 5761 error = key_init_xform(newsav); 5762 if (error != 0) { 5763 key_delsav(newsav); 5764 goto error; 5765 } 5766 5767 /* Add to sah#savlist */ 5768 key_init_sav(newsav); 5769 newsav->state = SADB_SASTATE_MATURE; 5770 mutex_enter(&key_sad.lock); 5771 SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_MATURE, newsav); 5772 SAVLUT_WRITER_INSERT_HEAD(newsav); 5773 mutex_exit(&key_sad.lock); 5774 key_validate_savlist(sah, SADB_SASTATE_MATURE); 5775 5776 /* 5777 * We need to lookup and remove the sav atomically, so get it again 5778 * here by a special API while we have a reference to it. 5779 */ 5780 oldsav = key_lookup_and_remove_sav(sah, sa0->sadb_sa_spi); 5781 /* We can release the reference because of oldsav */ 5782 KEY_SA_UNREF(&sav); 5783 if (oldsav == NULL) { 5784 /* Someone has already removed the sav. Nothing to do. */ 5785 } else { 5786 key_wait_sav(oldsav); 5787 key_destroy_sav(oldsav); 5788 oldsav = NULL; 5789 } 5790 sav = NULL; 5791 5792 key_sah_unref(sah); 5793 sah = NULL; 5794 5795 { 5796 struct mbuf *n; 5797 5798 /* set msg buf from mhp */ 5799 n = key_getmsgbuf_x1(m, mhp); 5800 if (n == NULL) { 5801 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 5802 return key_senderror(so, m, ENOBUFS); 5803 } 5804 5805 m_freem(m); 5806 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5807 } 5808 error: 5809 KEY_SA_UNREF(&sav); 5810 error_sah: 5811 key_sah_unref(sah); 5812 return key_senderror(so, m, error); 5813 } 5814 5815 /* 5816 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL. 5817 * only called by key_api_update(). 5818 * OUT: 5819 * NULL : not found 5820 * others : found, pointer to a SA. 5821 */ 5822 #ifdef IPSEC_DOSEQCHECK 5823 static struct secasvar * 5824 key_getsavbyseq(struct secashead *sah, u_int32_t seq) 5825 { 5826 struct secasvar *sav; 5827 u_int state; 5828 int s; 5829 5830 state = SADB_SASTATE_LARVAL; 5831 5832 /* search SAD with sequence number ? */ 5833 s = pserialize_read_enter(); 5834 SAVLIST_READER_FOREACH(sav, sah, state) { 5835 KEY_CHKSASTATE(state, sav->state); 5836 5837 if (sav->seq == seq) { 5838 SA_ADDREF(sav); 5839 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 5840 "DP cause refcnt++:%d SA:%p\n", 5841 key_sa_refcnt(sav), sav); 5842 break; 5843 } 5844 } 5845 pserialize_read_exit(s); 5846 5847 return sav; 5848 } 5849 #endif 5850 5851 /* 5852 * SADB_ADD processing 5853 * add an entry to SA database, when received 5854 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5855 * key(AE), (identity(SD),) (sensitivity)> 5856 * from the ikmpd, 5857 * and send 5858 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5859 * (identity(SD),) (sensitivity)> 5860 * to the ikmpd. 5861 * 5862 * IGNORE identity and sensitivity messages. 5863 * 5864 * m will always be freed. 5865 */ 5866 static int 5867 key_api_add(struct socket *so, struct mbuf *m, 5868 const struct sadb_msghdr *mhp) 5869 { 5870 struct sadb_sa *sa0; 5871 const struct sockaddr *src, *dst; 5872 struct secasindex saidx; 5873 struct secashead *sah; 5874 struct secasvar *newsav; 5875 u_int16_t proto; 5876 u_int8_t mode; 5877 u_int16_t reqid; 5878 int error; 5879 5880 /* map satype to proto */ 5881 proto = key_satype2proto(mhp->msg->sadb_msg_satype); 5882 if (proto == 0) { 5883 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n"); 5884 return key_senderror(so, m, EINVAL); 5885 } 5886 5887 if (mhp->ext[SADB_EXT_SA] == NULL || 5888 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5889 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 5890 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5891 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) || 5892 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5893 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) || 5894 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL && 5895 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) || 5896 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL && 5897 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) { 5898 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 5899 return key_senderror(so, m, EINVAL); 5900 } 5901 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 5902 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5903 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5904 /* XXX need more */ 5905 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 5906 return key_senderror(so, m, EINVAL); 5907 } 5908 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 5909 const struct sadb_x_sa2 *sa2 = mhp->ext[SADB_X_EXT_SA2]; 5910 mode = sa2->sadb_x_sa2_mode; 5911 reqid = sa2->sadb_x_sa2_reqid; 5912 } else { 5913 mode = IPSEC_MODE_ANY; 5914 reqid = 0; 5915 } 5916 5917 sa0 = mhp->ext[SADB_EXT_SA]; 5918 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 5919 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 5920 5921 error = key_setsecasidx(proto, mode, reqid, src, dst, &saidx); 5922 if (error != 0) 5923 return key_senderror(so, m, EINVAL); 5924 5925 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp); 5926 if (error != 0) 5927 return key_senderror(so, m, EINVAL); 5928 5929 /* get a SA header */ 5930 sah = key_getsah_ref(&saidx, CMP_REQID); 5931 if (sah == NULL) { 5932 /* create a new SA header */ 5933 sah = key_newsah(&saidx); 5934 if (sah == NULL) { 5935 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 5936 return key_senderror(so, m, ENOBUFS); 5937 } 5938 } 5939 5940 /* set spidx if there */ 5941 /* XXX rewrite */ 5942 error = key_setident(sah, m, mhp); 5943 if (error) 5944 goto error; 5945 5946 { 5947 struct secasvar *sav; 5948 5949 /* We can create new SA only if SPI is differenct. */ 5950 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 5951 if (sav != NULL) { 5952 KEY_SA_UNREF(&sav); 5953 IPSECLOG(LOG_DEBUG, "SA already exists.\n"); 5954 error = EEXIST; 5955 goto error; 5956 } 5957 } 5958 5959 /* create new SA entry. */ 5960 newsav = KEY_NEWSAV(m, mhp, &error); 5961 if (newsav == NULL) 5962 goto error; 5963 newsav->sah = sah; 5964 5965 error = key_handle_natt_info(newsav, mhp); 5966 if (error != 0) { 5967 key_delsav(newsav); 5968 error = EINVAL; 5969 goto error; 5970 } 5971 5972 error = key_init_xform(newsav); 5973 if (error != 0) { 5974 key_delsav(newsav); 5975 goto error; 5976 } 5977 5978 /* Add to sah#savlist */ 5979 key_init_sav(newsav); 5980 newsav->state = SADB_SASTATE_MATURE; 5981 mutex_enter(&key_sad.lock); 5982 SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_MATURE, newsav); 5983 SAVLUT_WRITER_INSERT_HEAD(newsav); 5984 mutex_exit(&key_sad.lock); 5985 key_validate_savlist(sah, SADB_SASTATE_MATURE); 5986 5987 key_sah_unref(sah); 5988 sah = NULL; 5989 5990 /* 5991 * don't call key_freesav() here, as we would like to keep the SA 5992 * in the database on success. 5993 */ 5994 5995 { 5996 struct mbuf *n; 5997 5998 /* set msg buf from mhp */ 5999 n = key_getmsgbuf_x1(m, mhp); 6000 if (n == NULL) { 6001 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 6002 return key_senderror(so, m, ENOBUFS); 6003 } 6004 6005 m_freem(m); 6006 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6007 } 6008 error: 6009 key_sah_unref(sah); 6010 return key_senderror(so, m, error); 6011 } 6012 6013 /* m is retained */ 6014 static int 6015 key_setident(struct secashead *sah, struct mbuf *m, 6016 const struct sadb_msghdr *mhp) 6017 { 6018 const struct sadb_ident *idsrc, *iddst; 6019 int idsrclen, iddstlen; 6020 6021 KASSERT(!cpu_softintr_p()); 6022 KASSERT(sah != NULL); 6023 KASSERT(m != NULL); 6024 KASSERT(mhp != NULL); 6025 KASSERT(mhp->msg != NULL); 6026 6027 /* 6028 * Can be called with an existing sah from key_api_update(). 6029 */ 6030 if (sah->idents != NULL) { 6031 kmem_free(sah->idents, sah->idents_len); 6032 sah->idents = NULL; 6033 sah->idents_len = 0; 6034 } 6035 if (sah->identd != NULL) { 6036 kmem_free(sah->identd, sah->identd_len); 6037 sah->identd = NULL; 6038 sah->identd_len = 0; 6039 } 6040 6041 /* don't make buffer if not there */ 6042 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL && 6043 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { 6044 sah->idents = NULL; 6045 sah->identd = NULL; 6046 return 0; 6047 } 6048 6049 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL || 6050 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { 6051 IPSECLOG(LOG_DEBUG, "invalid identity.\n"); 6052 return EINVAL; 6053 } 6054 6055 idsrc = mhp->ext[SADB_EXT_IDENTITY_SRC]; 6056 iddst = mhp->ext[SADB_EXT_IDENTITY_DST]; 6057 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC]; 6058 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST]; 6059 6060 /* validity check */ 6061 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 6062 IPSECLOG(LOG_DEBUG, "ident type mismatch.\n"); 6063 return EINVAL; 6064 } 6065 6066 switch (idsrc->sadb_ident_type) { 6067 case SADB_IDENTTYPE_PREFIX: 6068 case SADB_IDENTTYPE_FQDN: 6069 case SADB_IDENTTYPE_USERFQDN: 6070 default: 6071 /* XXX do nothing */ 6072 sah->idents = NULL; 6073 sah->identd = NULL; 6074 return 0; 6075 } 6076 6077 /* make structure */ 6078 sah->idents = kmem_alloc(idsrclen, KM_SLEEP); 6079 sah->idents_len = idsrclen; 6080 sah->identd = kmem_alloc(iddstlen, KM_SLEEP); 6081 sah->identd_len = iddstlen; 6082 memcpy(sah->idents, idsrc, idsrclen); 6083 memcpy(sah->identd, iddst, iddstlen); 6084 6085 return 0; 6086 } 6087 6088 /* 6089 * m will not be freed on return. It never return NULL. 6090 * it is caller's responsibility to free the result. 6091 */ 6092 static struct mbuf * 6093 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp) 6094 { 6095 struct mbuf *n; 6096 6097 KASSERT(m != NULL); 6098 KASSERT(mhp != NULL); 6099 KASSERT(mhp->msg != NULL); 6100 6101 /* create new sadb_msg to reply. */ 6102 n = key_gather_mbuf(m, mhp, 1, 15, SADB_EXT_RESERVED, 6103 SADB_EXT_SA, SADB_X_EXT_SA2, 6104 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 6105 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 6106 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 6107 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, 6108 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, 6109 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NAT_T_FRAG); 6110 6111 KASSERT(n->m_len >= sizeof(struct sadb_msg)); 6112 6113 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 6114 mtod(n, struct sadb_msg *)->sadb_msg_len = 6115 PFKEY_UNIT64(n->m_pkthdr.len); 6116 6117 return n; 6118 } 6119 6120 static int key_delete_all (struct socket *, struct mbuf *, 6121 const struct sadb_msghdr *, u_int16_t); 6122 6123 /* 6124 * SADB_DELETE processing 6125 * receive 6126 * <base, SA(*), address(SD)> 6127 * from the ikmpd, and set SADB_SASTATE_DEAD, 6128 * and send, 6129 * <base, SA(*), address(SD)> 6130 * to the ikmpd. 6131 * 6132 * m will always be freed. 6133 */ 6134 static int 6135 key_api_delete(struct socket *so, struct mbuf *m, 6136 const struct sadb_msghdr *mhp) 6137 { 6138 struct sadb_sa *sa0; 6139 const struct sockaddr *src, *dst; 6140 struct secasindex saidx; 6141 struct secashead *sah; 6142 struct secasvar *sav = NULL; 6143 u_int16_t proto; 6144 int error; 6145 6146 /* map satype to proto */ 6147 proto = key_satype2proto(mhp->msg->sadb_msg_satype); 6148 if (proto == 0) { 6149 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n"); 6150 return key_senderror(so, m, EINVAL); 6151 } 6152 6153 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 6154 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 6155 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 6156 return key_senderror(so, m, EINVAL); 6157 } 6158 6159 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 6160 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 6161 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 6162 return key_senderror(so, m, EINVAL); 6163 } 6164 6165 if (mhp->ext[SADB_EXT_SA] == NULL) { 6166 /* 6167 * Caller wants us to delete all non-LARVAL SAs 6168 * that match the src/dst. This is used during 6169 * IKE INITIAL-CONTACT. 6170 */ 6171 IPSECLOG(LOG_DEBUG, "doing delete all.\n"); 6172 return key_delete_all(so, m, mhp, proto); 6173 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) { 6174 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 6175 return key_senderror(so, m, EINVAL); 6176 } 6177 6178 sa0 = mhp->ext[SADB_EXT_SA]; 6179 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 6180 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 6181 6182 error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src, dst, &saidx); 6183 if (error != 0) 6184 return key_senderror(so, m, EINVAL); 6185 6186 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp); 6187 if (error != 0) 6188 return key_senderror(so, m, EINVAL); 6189 6190 /* get a SA header */ 6191 sah = key_getsah_ref(&saidx, CMP_HEAD); 6192 if (sah != NULL) { 6193 /* get a SA with SPI. */ 6194 sav = key_lookup_and_remove_sav(sah, sa0->sadb_sa_spi); 6195 key_sah_unref(sah); 6196 } 6197 6198 if (sav == NULL) { 6199 IPSECLOG(LOG_DEBUG, "no SA found.\n"); 6200 return key_senderror(so, m, ENOENT); 6201 } 6202 6203 key_wait_sav(sav); 6204 key_destroy_sav(sav); 6205 sav = NULL; 6206 6207 { 6208 struct mbuf *n; 6209 6210 /* create new sadb_msg to reply. */ 6211 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 6212 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6213 6214 key_fill_replymsg(n, 0); 6215 m_freem(m); 6216 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6217 } 6218 } 6219 6220 /* 6221 * delete all SAs for src/dst. Called from key_api_delete(). 6222 */ 6223 static int 6224 key_delete_all(struct socket *so, struct mbuf *m, 6225 const struct sadb_msghdr *mhp, u_int16_t proto) 6226 { 6227 const struct sockaddr *src, *dst; 6228 struct secasindex saidx; 6229 struct secashead *sah; 6230 struct secasvar *sav; 6231 u_int state; 6232 int error; 6233 6234 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 6235 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 6236 6237 error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src, dst, &saidx); 6238 if (error != 0) 6239 return key_senderror(so, m, EINVAL); 6240 6241 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp); 6242 if (error != 0) 6243 return key_senderror(so, m, EINVAL); 6244 6245 sah = key_getsah_ref(&saidx, CMP_HEAD); 6246 if (sah != NULL) { 6247 /* Delete all non-LARVAL SAs. */ 6248 SASTATE_ALIVE_FOREACH(state) { 6249 if (state == SADB_SASTATE_LARVAL) 6250 continue; 6251 restart: 6252 mutex_enter(&key_sad.lock); 6253 SAVLIST_WRITER_FOREACH(sav, sah, state) { 6254 sav->state = SADB_SASTATE_DEAD; 6255 key_unlink_sav(sav); 6256 mutex_exit(&key_sad.lock); 6257 key_destroy_sav(sav); 6258 goto restart; 6259 } 6260 mutex_exit(&key_sad.lock); 6261 } 6262 key_sah_unref(sah); 6263 } 6264 { 6265 struct mbuf *n; 6266 6267 /* create new sadb_msg to reply. */ 6268 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 6269 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6270 6271 key_fill_replymsg(n, 0); 6272 m_freem(m); 6273 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6274 } 6275 } 6276 6277 /* 6278 * SADB_GET processing 6279 * receive 6280 * <base, SA(*), address(SD)> 6281 * from the ikmpd, and get a SP and a SA to respond, 6282 * and send, 6283 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 6284 * (identity(SD),) (sensitivity)> 6285 * to the ikmpd. 6286 * 6287 * m will always be freed. 6288 */ 6289 static int 6290 key_api_get(struct socket *so, struct mbuf *m, 6291 const struct sadb_msghdr *mhp) 6292 { 6293 struct sadb_sa *sa0; 6294 const struct sockaddr *src, *dst; 6295 struct secasindex saidx; 6296 struct secasvar *sav = NULL; 6297 u_int16_t proto; 6298 int error; 6299 6300 /* map satype to proto */ 6301 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6302 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n"); 6303 return key_senderror(so, m, EINVAL); 6304 } 6305 6306 if (mhp->ext[SADB_EXT_SA] == NULL || 6307 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 6308 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 6309 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 6310 return key_senderror(so, m, EINVAL); 6311 } 6312 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 6313 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 6314 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 6315 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 6316 return key_senderror(so, m, EINVAL); 6317 } 6318 6319 sa0 = mhp->ext[SADB_EXT_SA]; 6320 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 6321 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 6322 6323 error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src, dst, &saidx); 6324 if (error != 0) 6325 return key_senderror(so, m, EINVAL); 6326 6327 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp); 6328 if (error != 0) 6329 return key_senderror(so, m, EINVAL); 6330 6331 /* get a SA header */ 6332 { 6333 struct secashead *sah; 6334 int s = pserialize_read_enter(); 6335 6336 sah = key_getsah(&saidx, CMP_HEAD); 6337 if (sah != NULL) { 6338 /* get a SA with SPI. */ 6339 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 6340 } 6341 pserialize_read_exit(s); 6342 } 6343 if (sav == NULL) { 6344 IPSECLOG(LOG_DEBUG, "no SA found.\n"); 6345 return key_senderror(so, m, ENOENT); 6346 } 6347 6348 { 6349 struct mbuf *n; 6350 u_int8_t satype; 6351 6352 /* map proto to satype */ 6353 satype = key_proto2satype(sav->sah->saidx.proto); 6354 if (satype == 0) { 6355 KEY_SA_UNREF(&sav); 6356 IPSECLOG(LOG_DEBUG, "there was invalid proto in SAD.\n"); 6357 return key_senderror(so, m, EINVAL); 6358 } 6359 6360 /* create new sadb_msg to reply. */ 6361 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 6362 mhp->msg->sadb_msg_pid); 6363 KEY_SA_UNREF(&sav); 6364 m_freem(m); 6365 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 6366 } 6367 } 6368 6369 /* XXX make it sysctl-configurable? */ 6370 static void 6371 key_getcomb_setlifetime(struct sadb_comb *comb) 6372 { 6373 6374 comb->sadb_comb_soft_allocations = 1; 6375 comb->sadb_comb_hard_allocations = 1; 6376 comb->sadb_comb_soft_bytes = 0; 6377 comb->sadb_comb_hard_bytes = 0; 6378 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 6379 comb->sadb_comb_soft_addtime = comb->sadb_comb_hard_addtime * 80 / 100; 6380 comb->sadb_comb_hard_usetime = 28800; /* 8 hours */ 6381 comb->sadb_comb_soft_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 6382 } 6383 6384 /* 6385 * XXX reorder combinations by preference 6386 * XXX no idea if the user wants ESP authentication or not 6387 */ 6388 static struct mbuf * 6389 key_getcomb_esp(int mflag) 6390 { 6391 struct sadb_comb *comb; 6392 const struct enc_xform *algo; 6393 struct mbuf *result = NULL, *m, *n; 6394 int encmin; 6395 int i, off, o; 6396 int totlen; 6397 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6398 6399 m = NULL; 6400 for (i = 1; i <= SADB_EALG_MAX; i++) { 6401 algo = esp_algorithm_lookup(i); 6402 if (algo == NULL) 6403 continue; 6404 6405 /* discard algorithms with key size smaller than system min */ 6406 if (_BITS(algo->maxkey) < ipsec_esp_keymin) 6407 continue; 6408 if (_BITS(algo->minkey) < ipsec_esp_keymin) 6409 encmin = ipsec_esp_keymin; 6410 else 6411 encmin = _BITS(algo->minkey); 6412 6413 if (ipsec_esp_auth) 6414 m = key_getcomb_ah(mflag); 6415 else { 6416 KASSERTMSG(l <= MLEN, 6417 "l=%u > MLEN=%lu", l, (u_long) MLEN); 6418 MGET(m, mflag, MT_DATA); 6419 if (m) { 6420 M_ALIGN(m, l); 6421 m->m_len = l; 6422 m->m_next = NULL; 6423 memset(mtod(m, void *), 0, m->m_len); 6424 } 6425 } 6426 if (!m) 6427 goto fail; 6428 6429 totlen = 0; 6430 for (n = m; n; n = n->m_next) 6431 totlen += n->m_len; 6432 KASSERTMSG((totlen % l) == 0, "totlen=%u, l=%u", totlen, l); 6433 6434 for (off = 0; off < totlen; off += l) { 6435 n = m_pulldown(m, off, l, &o); 6436 if (!n) { 6437 /* m is already freed */ 6438 goto fail; 6439 } 6440 comb = (struct sadb_comb *)(mtod(n, char *) + o); 6441 memset(comb, 0, sizeof(*comb)); 6442 key_getcomb_setlifetime(comb); 6443 comb->sadb_comb_encrypt = i; 6444 comb->sadb_comb_encrypt_minbits = encmin; 6445 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 6446 } 6447 6448 if (!result) 6449 result = m; 6450 else 6451 m_cat(result, m); 6452 } 6453 6454 return result; 6455 6456 fail: 6457 if (result) 6458 m_freem(result); 6459 return NULL; 6460 } 6461 6462 static void 6463 key_getsizes_ah(const struct auth_hash *ah, int alg, 6464 u_int16_t* ksmin, u_int16_t* ksmax) 6465 { 6466 *ksmin = *ksmax = ah->keysize; 6467 if (ah->keysize == 0) { 6468 /* 6469 * Transform takes arbitrary key size but algorithm 6470 * key size is restricted. Enforce this here. 6471 */ 6472 switch (alg) { 6473 case SADB_X_AALG_MD5: *ksmin = *ksmax = 16; break; 6474 case SADB_X_AALG_SHA: *ksmin = *ksmax = 20; break; 6475 case SADB_X_AALG_NULL: *ksmin = 0; *ksmax = 256; break; 6476 default: 6477 IPSECLOG(LOG_DEBUG, "unknown AH algorithm %u\n", alg); 6478 break; 6479 } 6480 } 6481 } 6482 6483 /* 6484 * XXX reorder combinations by preference 6485 */ 6486 static struct mbuf * 6487 key_getcomb_ah(int mflag) 6488 { 6489 struct sadb_comb *comb; 6490 const struct auth_hash *algo; 6491 struct mbuf *m; 6492 u_int16_t minkeysize, maxkeysize; 6493 int i; 6494 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6495 6496 m = NULL; 6497 for (i = 1; i <= SADB_AALG_MAX; i++) { 6498 #if 1 6499 /* we prefer HMAC algorithms, not old algorithms */ 6500 if (i != SADB_AALG_SHA1HMAC && 6501 i != SADB_AALG_MD5HMAC && 6502 i != SADB_X_AALG_SHA2_256 && 6503 i != SADB_X_AALG_SHA2_384 && 6504 i != SADB_X_AALG_SHA2_512) 6505 continue; 6506 #endif 6507 algo = ah_algorithm_lookup(i); 6508 if (!algo) 6509 continue; 6510 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); 6511 /* discard algorithms with key size smaller than system min */ 6512 if (_BITS(minkeysize) < ipsec_ah_keymin) 6513 continue; 6514 6515 if (!m) { 6516 KASSERTMSG(l <= MLEN, 6517 "l=%u > MLEN=%lu", l, (u_long) MLEN); 6518 MGET(m, mflag, MT_DATA); 6519 if (m) { 6520 M_ALIGN(m, l); 6521 m->m_len = l; 6522 m->m_next = NULL; 6523 } 6524 } else 6525 M_PREPEND(m, l, mflag); 6526 if (!m) 6527 return NULL; 6528 6529 if (m->m_len < sizeof(struct sadb_comb)) { 6530 m = m_pullup(m, sizeof(struct sadb_comb)); 6531 if (m == NULL) 6532 return NULL; 6533 } 6534 6535 comb = mtod(m, struct sadb_comb *); 6536 memset(comb, 0, sizeof(*comb)); 6537 key_getcomb_setlifetime(comb); 6538 comb->sadb_comb_auth = i; 6539 comb->sadb_comb_auth_minbits = _BITS(minkeysize); 6540 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); 6541 } 6542 6543 return m; 6544 } 6545 6546 /* 6547 * not really an official behavior. discussed in pf_key (at) inner.net in Sep2000. 6548 * XXX reorder combinations by preference 6549 */ 6550 static struct mbuf * 6551 key_getcomb_ipcomp(int mflag) 6552 { 6553 struct sadb_comb *comb; 6554 const struct comp_algo *algo; 6555 struct mbuf *m; 6556 int i; 6557 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6558 6559 m = NULL; 6560 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 6561 algo = ipcomp_algorithm_lookup(i); 6562 if (!algo) 6563 continue; 6564 6565 if (!m) { 6566 KASSERTMSG(l <= MLEN, 6567 "l=%u > MLEN=%lu", l, (u_long) MLEN); 6568 MGET(m, mflag, MT_DATA); 6569 if (m) { 6570 M_ALIGN(m, l); 6571 m->m_len = l; 6572 m->m_next = NULL; 6573 } 6574 } else 6575 M_PREPEND(m, l, mflag); 6576 if (!m) 6577 return NULL; 6578 6579 if (m->m_len < sizeof(struct sadb_comb)) { 6580 m = m_pullup(m, sizeof(struct sadb_comb)); 6581 if (m == NULL) 6582 return NULL; 6583 } 6584 6585 comb = mtod(m, struct sadb_comb *); 6586 memset(comb, 0, sizeof(*comb)); 6587 key_getcomb_setlifetime(comb); 6588 comb->sadb_comb_encrypt = i; 6589 /* what should we set into sadb_comb_*_{min,max}bits? */ 6590 } 6591 6592 return m; 6593 } 6594 6595 /* 6596 * XXX no way to pass mode (transport/tunnel) to userland 6597 * XXX replay checking? 6598 * XXX sysctl interface to ipsec_{ah,esp}_keymin 6599 */ 6600 static struct mbuf * 6601 key_getprop(const struct secasindex *saidx, int mflag) 6602 { 6603 struct sadb_prop *prop; 6604 struct mbuf *m, *n; 6605 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 6606 int totlen; 6607 6608 switch (saidx->proto) { 6609 case IPPROTO_ESP: 6610 m = key_getcomb_esp(mflag); 6611 break; 6612 case IPPROTO_AH: 6613 m = key_getcomb_ah(mflag); 6614 break; 6615 case IPPROTO_IPCOMP: 6616 m = key_getcomb_ipcomp(mflag); 6617 break; 6618 default: 6619 return NULL; 6620 } 6621 6622 if (!m) 6623 return NULL; 6624 M_PREPEND(m, l, mflag); 6625 if (!m) 6626 return NULL; 6627 6628 totlen = 0; 6629 for (n = m; n; n = n->m_next) 6630 totlen += n->m_len; 6631 6632 prop = mtod(m, struct sadb_prop *); 6633 memset(prop, 0, sizeof(*prop)); 6634 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 6635 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 6636 prop->sadb_prop_replay = 32; /* XXX */ 6637 6638 return m; 6639 } 6640 6641 /* 6642 * SADB_ACQUIRE processing called by key_checkrequest() and key_api_acquire(). 6643 * send 6644 * <base, SA, address(SD), (address(P)), x_policy, 6645 * (identity(SD),) (sensitivity,) proposal> 6646 * to KMD, and expect to receive 6647 * <base> with SADB_ACQUIRE if error occurred, 6648 * or 6649 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 6650 * from KMD by PF_KEY. 6651 * 6652 * XXX x_policy is outside of RFC2367 (KAME extension). 6653 * XXX sensitivity is not supported. 6654 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 6655 * see comment for key_getcomb_ipcomp(). 6656 * 6657 * OUT: 6658 * 0 : succeed 6659 * others: error number 6660 */ 6661 static int 6662 key_acquire(const struct secasindex *saidx, const struct secpolicy *sp, int mflag) 6663 { 6664 struct mbuf *result = NULL, *m; 6665 #ifndef IPSEC_NONBLOCK_ACQUIRE 6666 struct secacq *newacq; 6667 #endif 6668 u_int8_t satype; 6669 int error = -1; 6670 u_int32_t seq; 6671 6672 /* sanity check */ 6673 KASSERT(saidx != NULL); 6674 satype = key_proto2satype(saidx->proto); 6675 KASSERTMSG(satype != 0, "null satype, protocol %u", saidx->proto); 6676 6677 #ifndef IPSEC_NONBLOCK_ACQUIRE 6678 /* 6679 * We never do anything about acquirng SA. There is anather 6680 * solution that kernel blocks to send SADB_ACQUIRE message until 6681 * getting something message from IKEd. In later case, to be 6682 * managed with ACQUIRING list. 6683 */ 6684 /* Get an entry to check whether sending message or not. */ 6685 mutex_enter(&key_misc.lock); 6686 newacq = key_getacq(saidx); 6687 if (newacq != NULL) { 6688 if (key_blockacq_count < newacq->count) { 6689 /* reset counter and do send message. */ 6690 newacq->count = 0; 6691 } else { 6692 /* increment counter and do nothing. */ 6693 newacq->count++; 6694 mutex_exit(&key_misc.lock); 6695 return 0; 6696 } 6697 } else { 6698 /* make new entry for blocking to send SADB_ACQUIRE. */ 6699 newacq = key_newacq(saidx); 6700 if (newacq == NULL) { 6701 mutex_exit(&key_misc.lock); 6702 return ENOBUFS; 6703 } 6704 6705 /* add to key_misc.acqlist */ 6706 LIST_INSERT_HEAD(&key_misc.acqlist, newacq, chain); 6707 } 6708 6709 seq = newacq->seq; 6710 mutex_exit(&key_misc.lock); 6711 #else 6712 seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq)); 6713 #endif 6714 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0, mflag); 6715 if (!m) { 6716 error = ENOBUFS; 6717 goto fail; 6718 } 6719 result = m; 6720 6721 /* set sadb_address for saidx's. */ 6722 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &saidx->src.sa, FULLMASK, 6723 IPSEC_ULPROTO_ANY, mflag); 6724 if (!m) { 6725 error = ENOBUFS; 6726 goto fail; 6727 } 6728 m_cat(result, m); 6729 6730 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &saidx->dst.sa, FULLMASK, 6731 IPSEC_ULPROTO_ANY, mflag); 6732 if (!m) { 6733 error = ENOBUFS; 6734 goto fail; 6735 } 6736 m_cat(result, m); 6737 6738 /* XXX proxy address (optional) */ 6739 6740 /* set sadb_x_policy */ 6741 if (sp) { 6742 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, 6743 mflag); 6744 if (!m) { 6745 error = ENOBUFS; 6746 goto fail; 6747 } 6748 m_cat(result, m); 6749 } 6750 6751 /* XXX identity (optional) */ 6752 #if 0 6753 if (idexttype && fqdn) { 6754 /* create identity extension (FQDN) */ 6755 struct sadb_ident *id; 6756 int fqdnlen; 6757 6758 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 6759 id = (struct sadb_ident *)p; 6760 memset(id, 0, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6761 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6762 id->sadb_ident_exttype = idexttype; 6763 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 6764 memcpy(id + 1, fqdn, fqdnlen); 6765 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 6766 } 6767 6768 if (idexttype) { 6769 /* create identity extension (USERFQDN) */ 6770 struct sadb_ident *id; 6771 int userfqdnlen; 6772 6773 if (userfqdn) { 6774 /* +1 for terminating-NUL */ 6775 userfqdnlen = strlen(userfqdn) + 1; 6776 } else 6777 userfqdnlen = 0; 6778 id = (struct sadb_ident *)p; 6779 memset(id, 0, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6780 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6781 id->sadb_ident_exttype = idexttype; 6782 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 6783 /* XXX is it correct? */ 6784 if (curlwp) 6785 id->sadb_ident_id = kauth_cred_getuid(curlwp->l_cred); 6786 if (userfqdn && userfqdnlen) 6787 memcpy(id + 1, userfqdn, userfqdnlen); 6788 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 6789 } 6790 #endif 6791 6792 /* XXX sensitivity (optional) */ 6793 6794 /* create proposal/combination extension */ 6795 m = key_getprop(saidx, mflag); 6796 #if 0 6797 /* 6798 * spec conformant: always attach proposal/combination extension, 6799 * the problem is that we have no way to attach it for ipcomp, 6800 * due to the way sadb_comb is declared in RFC2367. 6801 */ 6802 if (!m) { 6803 error = ENOBUFS; 6804 goto fail; 6805 } 6806 m_cat(result, m); 6807 #else 6808 /* 6809 * outside of spec; make proposal/combination extension optional. 6810 */ 6811 if (m) 6812 m_cat(result, m); 6813 #endif 6814 6815 KASSERT(result->m_flags & M_PKTHDR); 6816 KASSERT(result->m_len >= sizeof(struct sadb_msg)); 6817 6818 result->m_pkthdr.len = 0; 6819 for (m = result; m; m = m->m_next) 6820 result->m_pkthdr.len += m->m_len; 6821 6822 mtod(result, struct sadb_msg *)->sadb_msg_len = 6823 PFKEY_UNIT64(result->m_pkthdr.len); 6824 6825 /* 6826 * Called from key_api_acquire that must come from userland, so 6827 * we can call key_sendup_mbuf immediately. 6828 */ 6829 if (mflag == M_WAITOK) 6830 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 6831 /* 6832 * XXX we cannot call key_sendup_mbuf directly here because 6833 * it can cause a deadlock: 6834 * - We have a reference to an SP (and an SA) here 6835 * - key_sendup_mbuf will try to take key_so_mtx 6836 * - Some other thread may try to localcount_drain to the SP with 6837 * holding key_so_mtx in say key_api_spdflush 6838 * - In this case localcount_drain never return because key_sendup_mbuf 6839 * that has stuck on key_so_mtx never release a reference to the SP 6840 * 6841 * So defer key_sendup_mbuf to the timer. 6842 */ 6843 return key_acquire_sendup_mbuf_later(result); 6844 6845 fail: 6846 if (result) 6847 m_freem(result); 6848 return error; 6849 } 6850 6851 static struct mbuf *key_acquire_mbuf_head = NULL; 6852 static unsigned key_acquire_mbuf_count = 0; 6853 #define KEY_ACQUIRE_MBUF_MAX 10 6854 6855 static void 6856 key_acquire_sendup_pending_mbuf(void) 6857 { 6858 struct mbuf *m, *prev; 6859 int error; 6860 6861 again: 6862 prev = NULL; 6863 mutex_enter(&key_misc.lock); 6864 m = key_acquire_mbuf_head; 6865 /* Get an earliest mbuf (one at the tail of the list) */ 6866 while (m != NULL) { 6867 if (m->m_nextpkt == NULL) { 6868 if (prev != NULL) 6869 prev->m_nextpkt = NULL; 6870 if (m == key_acquire_mbuf_head) 6871 key_acquire_mbuf_head = NULL; 6872 key_acquire_mbuf_count--; 6873 break; 6874 } 6875 prev = m; 6876 m = m->m_nextpkt; 6877 } 6878 mutex_exit(&key_misc.lock); 6879 6880 if (m == NULL) 6881 return; 6882 6883 m->m_nextpkt = NULL; 6884 error = key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 6885 if (error != 0) 6886 IPSECLOG(LOG_WARNING, "key_sendup_mbuf failed (error=%d)\n", 6887 error); 6888 6889 if (prev != NULL) 6890 goto again; 6891 } 6892 6893 static int 6894 key_acquire_sendup_mbuf_later(struct mbuf *m) 6895 { 6896 6897 mutex_enter(&key_misc.lock); 6898 /* Avoid queuing too much mbufs */ 6899 if (key_acquire_mbuf_count >= KEY_ACQUIRE_MBUF_MAX) { 6900 mutex_exit(&key_misc.lock); 6901 m_freem(m); 6902 return ENOBUFS; /* XXX */ 6903 } 6904 /* Enqueue mbuf at the head of the list */ 6905 m->m_nextpkt = key_acquire_mbuf_head; 6906 key_acquire_mbuf_head = m; 6907 key_acquire_mbuf_count++; 6908 mutex_exit(&key_misc.lock); 6909 6910 /* Kick the timer */ 6911 key_timehandler(NULL); 6912 6913 return 0; 6914 } 6915 6916 #ifndef IPSEC_NONBLOCK_ACQUIRE 6917 static struct secacq * 6918 key_newacq(const struct secasindex *saidx) 6919 { 6920 struct secacq *newacq; 6921 6922 /* get new entry */ 6923 newacq = kmem_intr_zalloc(sizeof(struct secacq), KM_NOSLEEP); 6924 if (newacq == NULL) { 6925 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 6926 return NULL; 6927 } 6928 6929 /* copy secindex */ 6930 memcpy(&newacq->saidx, saidx, sizeof(newacq->saidx)); 6931 newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq); 6932 newacq->created = time_uptime; 6933 newacq->count = 0; 6934 6935 return newacq; 6936 } 6937 6938 static struct secacq * 6939 key_getacq(const struct secasindex *saidx) 6940 { 6941 struct secacq *acq; 6942 6943 KASSERT(mutex_owned(&key_misc.lock)); 6944 6945 LIST_FOREACH(acq, &key_misc.acqlist, chain) { 6946 if (key_saidx_match(saidx, &acq->saidx, CMP_EXACTLY)) 6947 return acq; 6948 } 6949 6950 return NULL; 6951 } 6952 6953 static struct secacq * 6954 key_getacqbyseq(u_int32_t seq) 6955 { 6956 struct secacq *acq; 6957 6958 KASSERT(mutex_owned(&key_misc.lock)); 6959 6960 LIST_FOREACH(acq, &key_misc.acqlist, chain) { 6961 if (acq->seq == seq) 6962 return acq; 6963 } 6964 6965 return NULL; 6966 } 6967 #endif 6968 6969 #ifdef notyet 6970 static struct secspacq * 6971 key_newspacq(const struct secpolicyindex *spidx) 6972 { 6973 struct secspacq *acq; 6974 6975 /* get new entry */ 6976 acq = kmem_intr_zalloc(sizeof(struct secspacq), KM_NOSLEEP); 6977 if (acq == NULL) { 6978 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 6979 return NULL; 6980 } 6981 6982 /* copy secindex */ 6983 memcpy(&acq->spidx, spidx, sizeof(acq->spidx)); 6984 acq->created = time_uptime; 6985 acq->count = 0; 6986 6987 return acq; 6988 } 6989 6990 static struct secspacq * 6991 key_getspacq(const struct secpolicyindex *spidx) 6992 { 6993 struct secspacq *acq; 6994 6995 LIST_FOREACH(acq, &key_misc.spacqlist, chain) { 6996 if (key_spidx_match_exactly(spidx, &acq->spidx)) 6997 return acq; 6998 } 6999 7000 return NULL; 7001 } 7002 #endif /* notyet */ 7003 7004 /* 7005 * SADB_ACQUIRE processing, 7006 * in first situation, is receiving 7007 * <base> 7008 * from the ikmpd, and clear sequence of its secasvar entry. 7009 * 7010 * In second situation, is receiving 7011 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 7012 * from a user land process, and return 7013 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 7014 * to the socket. 7015 * 7016 * m will always be freed. 7017 */ 7018 static int 7019 key_api_acquire(struct socket *so, struct mbuf *m, 7020 const struct sadb_msghdr *mhp) 7021 { 7022 const struct sockaddr *src, *dst; 7023 struct secasindex saidx; 7024 u_int16_t proto; 7025 int error; 7026 7027 /* 7028 * Error message from KMd. 7029 * We assume that if error was occurred in IKEd, the length of PFKEY 7030 * message is equal to the size of sadb_msg structure. 7031 * We do not raise error even if error occurred in this function. 7032 */ 7033 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 7034 #ifndef IPSEC_NONBLOCK_ACQUIRE 7035 struct secacq *acq; 7036 7037 /* check sequence number */ 7038 if (mhp->msg->sadb_msg_seq == 0) { 7039 IPSECLOG(LOG_DEBUG, "must specify sequence number.\n"); 7040 m_freem(m); 7041 return 0; 7042 } 7043 7044 mutex_enter(&key_misc.lock); 7045 acq = key_getacqbyseq(mhp->msg->sadb_msg_seq); 7046 if (acq == NULL) { 7047 mutex_exit(&key_misc.lock); 7048 /* 7049 * the specified larval SA is already gone, or we got 7050 * a bogus sequence number. we can silently ignore it. 7051 */ 7052 m_freem(m); 7053 return 0; 7054 } 7055 7056 /* reset acq counter in order to deletion by timehander. */ 7057 acq->created = time_uptime; 7058 acq->count = 0; 7059 mutex_exit(&key_misc.lock); 7060 #endif 7061 m_freem(m); 7062 return 0; 7063 } 7064 7065 /* 7066 * This message is from user land. 7067 */ 7068 7069 /* map satype to proto */ 7070 proto = key_satype2proto(mhp->msg->sadb_msg_satype); 7071 if (proto == 0) { 7072 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n"); 7073 return key_senderror(so, m, EINVAL); 7074 } 7075 7076 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 7077 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 7078 mhp->ext[SADB_EXT_PROPOSAL] == NULL) { 7079 /* error */ 7080 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 7081 return key_senderror(so, m, EINVAL); 7082 } 7083 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 7084 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || 7085 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) { 7086 /* error */ 7087 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 7088 return key_senderror(so, m, EINVAL); 7089 } 7090 7091 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 7092 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 7093 7094 error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src, dst, &saidx); 7095 if (error != 0) 7096 return key_senderror(so, m, EINVAL); 7097 7098 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp); 7099 if (error != 0) 7100 return key_senderror(so, m, EINVAL); 7101 7102 /* get a SA index */ 7103 { 7104 struct secashead *sah; 7105 int s = pserialize_read_enter(); 7106 7107 sah = key_getsah(&saidx, CMP_MODE_REQID); 7108 if (sah != NULL) { 7109 pserialize_read_exit(s); 7110 IPSECLOG(LOG_DEBUG, "a SA exists already.\n"); 7111 return key_senderror(so, m, EEXIST); 7112 } 7113 pserialize_read_exit(s); 7114 } 7115 7116 error = key_acquire(&saidx, NULL, M_WAITOK); 7117 if (error != 0) { 7118 IPSECLOG(LOG_DEBUG, "error %d returned from key_acquire.\n", 7119 error); 7120 return key_senderror(so, m, error); 7121 } 7122 7123 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED); 7124 } 7125 7126 /* 7127 * SADB_REGISTER processing. 7128 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 7129 * receive 7130 * <base> 7131 * from the ikmpd, and register a socket to send PF_KEY messages, 7132 * and send 7133 * <base, supported> 7134 * to KMD by PF_KEY. 7135 * If socket is detached, must free from regnode. 7136 * 7137 * m will always be freed. 7138 */ 7139 static int 7140 key_api_register(struct socket *so, struct mbuf *m, 7141 const struct sadb_msghdr *mhp) 7142 { 7143 struct secreg *reg, *newreg = 0; 7144 7145 /* check for invalid register message */ 7146 if (mhp->msg->sadb_msg_satype >= __arraycount(key_misc.reglist)) 7147 return key_senderror(so, m, EINVAL); 7148 7149 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 7150 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 7151 goto setmsg; 7152 7153 /* Allocate regnode in advance, out of mutex */ 7154 newreg = kmem_zalloc(sizeof(*newreg), KM_SLEEP); 7155 7156 /* check whether existing or not */ 7157 mutex_enter(&key_misc.lock); 7158 LIST_FOREACH(reg, &key_misc.reglist[mhp->msg->sadb_msg_satype], chain) { 7159 if (reg->so == so) { 7160 IPSECLOG(LOG_DEBUG, "socket exists already.\n"); 7161 mutex_exit(&key_misc.lock); 7162 kmem_free(newreg, sizeof(*newreg)); 7163 return key_senderror(so, m, EEXIST); 7164 } 7165 } 7166 7167 newreg->so = so; 7168 ((struct keycb *)sotorawcb(so))->kp_registered++; 7169 7170 /* add regnode to key_misc.reglist. */ 7171 LIST_INSERT_HEAD(&key_misc.reglist[mhp->msg->sadb_msg_satype], newreg, chain); 7172 mutex_exit(&key_misc.lock); 7173 7174 setmsg: 7175 { 7176 struct mbuf *n; 7177 struct sadb_supported *sup; 7178 u_int len, alen, elen; 7179 int off; 7180 int i; 7181 struct sadb_alg *alg; 7182 7183 /* create new sadb_msg to reply. */ 7184 alen = 0; 7185 for (i = 1; i <= SADB_AALG_MAX; i++) { 7186 if (ah_algorithm_lookup(i)) 7187 alen += sizeof(struct sadb_alg); 7188 } 7189 if (alen) 7190 alen += sizeof(struct sadb_supported); 7191 elen = 0; 7192 for (i = 1; i <= SADB_EALG_MAX; i++) { 7193 if (esp_algorithm_lookup(i)) 7194 elen += sizeof(struct sadb_alg); 7195 } 7196 if (elen) 7197 elen += sizeof(struct sadb_supported); 7198 7199 len = sizeof(struct sadb_msg) + alen + elen; 7200 7201 if (len > MCLBYTES) 7202 return key_senderror(so, m, ENOBUFS); 7203 7204 n = key_alloc_mbuf_simple(len, M_WAITOK); 7205 n->m_pkthdr.len = n->m_len = len; 7206 n->m_next = NULL; 7207 off = 0; 7208 7209 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off); 7210 key_fill_replymsg(n, 0); 7211 7212 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 7213 7214 /* for authentication algorithm */ 7215 if (alen) { 7216 sup = (struct sadb_supported *)(mtod(n, char *) + off); 7217 sup->sadb_supported_len = PFKEY_UNIT64(alen); 7218 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 7219 off += PFKEY_ALIGN8(sizeof(*sup)); 7220 7221 for (i = 1; i <= SADB_AALG_MAX; i++) { 7222 const struct auth_hash *aalgo; 7223 u_int16_t minkeysize, maxkeysize; 7224 7225 aalgo = ah_algorithm_lookup(i); 7226 if (!aalgo) 7227 continue; 7228 alg = (struct sadb_alg *)(mtod(n, char *) + off); 7229 alg->sadb_alg_id = i; 7230 alg->sadb_alg_ivlen = 0; 7231 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); 7232 alg->sadb_alg_minbits = _BITS(minkeysize); 7233 alg->sadb_alg_maxbits = _BITS(maxkeysize); 7234 off += PFKEY_ALIGN8(sizeof(*alg)); 7235 } 7236 } 7237 7238 /* for encryption algorithm */ 7239 if (elen) { 7240 sup = (struct sadb_supported *)(mtod(n, char *) + off); 7241 sup->sadb_supported_len = PFKEY_UNIT64(elen); 7242 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 7243 off += PFKEY_ALIGN8(sizeof(*sup)); 7244 7245 for (i = 1; i <= SADB_EALG_MAX; i++) { 7246 const struct enc_xform *ealgo; 7247 7248 ealgo = esp_algorithm_lookup(i); 7249 if (!ealgo) 7250 continue; 7251 alg = (struct sadb_alg *)(mtod(n, char *) + off); 7252 alg->sadb_alg_id = i; 7253 alg->sadb_alg_ivlen = ealgo->blocksize; 7254 alg->sadb_alg_minbits = _BITS(ealgo->minkey); 7255 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); 7256 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 7257 } 7258 } 7259 7260 KASSERTMSG(off == len, "length inconsistency"); 7261 7262 m_freem(m); 7263 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 7264 } 7265 } 7266 7267 /* 7268 * free secreg entry registered. 7269 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 7270 */ 7271 void 7272 key_freereg(struct socket *so) 7273 { 7274 struct secreg *reg; 7275 int i; 7276 7277 KASSERT(!cpu_softintr_p()); 7278 KASSERT(so != NULL); 7279 7280 /* 7281 * check whether existing or not. 7282 * check all type of SA, because there is a potential that 7283 * one socket is registered to multiple type of SA. 7284 */ 7285 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 7286 mutex_enter(&key_misc.lock); 7287 LIST_FOREACH(reg, &key_misc.reglist[i], chain) { 7288 if (reg->so == so) { 7289 LIST_REMOVE(reg, chain); 7290 break; 7291 } 7292 } 7293 mutex_exit(&key_misc.lock); 7294 if (reg != NULL) 7295 kmem_free(reg, sizeof(*reg)); 7296 } 7297 7298 return; 7299 } 7300 7301 /* 7302 * SADB_EXPIRE processing 7303 * send 7304 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 7305 * to KMD by PF_KEY. 7306 * NOTE: We send only soft lifetime extension. 7307 * 7308 * OUT: 0 : succeed 7309 * others : error number 7310 */ 7311 static int 7312 key_expire(struct secasvar *sav) 7313 { 7314 int s; 7315 int satype; 7316 struct mbuf *result = NULL, *m; 7317 int len; 7318 int error = -1; 7319 struct sadb_lifetime *lt; 7320 lifetime_counters_t sum = {0}; 7321 7322 /* XXX: Why do we lock ? */ 7323 s = splsoftnet(); /*called from softclock()*/ 7324 7325 KASSERT(sav != NULL); 7326 7327 satype = key_proto2satype(sav->sah->saidx.proto); 7328 KASSERTMSG(satype != 0, "invalid proto is passed"); 7329 7330 /* set msg header */ 7331 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, key_sa_refcnt(sav), 7332 M_WAITOK); 7333 result = m; 7334 7335 /* create SA extension */ 7336 m = key_setsadbsa(sav); 7337 m_cat(result, m); 7338 7339 /* create SA extension */ 7340 m = key_setsadbxsa2(sav->sah->saidx.mode, 7341 sav->replay ? sav->replay->count : 0, sav->sah->saidx.reqid); 7342 m_cat(result, m); 7343 7344 /* create lifetime extension (current and soft) */ 7345 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 7346 m = key_alloc_mbuf(len, M_WAITOK); 7347 KASSERT(m->m_next == NULL); 7348 7349 memset(mtod(m, void *), 0, len); 7350 lt = mtod(m, struct sadb_lifetime *); 7351 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7352 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 7353 percpu_foreach(sav->lft_c_counters_percpu, 7354 key_sum_lifetime_counters, sum); 7355 lt->sadb_lifetime_allocations = sum[LIFETIME_COUNTER_ALLOCATIONS]; 7356 lt->sadb_lifetime_bytes = sum[LIFETIME_COUNTER_BYTES]; 7357 lt->sadb_lifetime_addtime = 7358 time_mono_to_wall(sav->lft_c->sadb_lifetime_addtime); 7359 lt->sadb_lifetime_usetime = 7360 time_mono_to_wall(sav->lft_c->sadb_lifetime_usetime); 7361 lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2); 7362 memcpy(lt, sav->lft_s, sizeof(*lt)); 7363 m_cat(result, m); 7364 7365 /* set sadb_address for source */ 7366 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &sav->sah->saidx.src.sa, 7367 FULLMASK, IPSEC_ULPROTO_ANY, M_WAITOK); 7368 m_cat(result, m); 7369 7370 /* set sadb_address for destination */ 7371 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &sav->sah->saidx.dst.sa, 7372 FULLMASK, IPSEC_ULPROTO_ANY, M_WAITOK); 7373 m_cat(result, m); 7374 7375 if ((result->m_flags & M_PKTHDR) == 0) { 7376 error = EINVAL; 7377 goto fail; 7378 } 7379 7380 if (result->m_len < sizeof(struct sadb_msg)) { 7381 result = m_pullup(result, sizeof(struct sadb_msg)); 7382 if (result == NULL) { 7383 error = ENOBUFS; 7384 goto fail; 7385 } 7386 } 7387 7388 result->m_pkthdr.len = 0; 7389 for (m = result; m; m = m->m_next) 7390 result->m_pkthdr.len += m->m_len; 7391 7392 mtod(result, struct sadb_msg *)->sadb_msg_len = 7393 PFKEY_UNIT64(result->m_pkthdr.len); 7394 7395 splx(s); 7396 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7397 7398 fail: 7399 if (result) 7400 m_freem(result); 7401 splx(s); 7402 return error; 7403 } 7404 7405 /* 7406 * SADB_FLUSH processing 7407 * receive 7408 * <base> 7409 * from the ikmpd, and free all entries in secastree. 7410 * and send, 7411 * <base> 7412 * to the ikmpd. 7413 * NOTE: to do is only marking SADB_SASTATE_DEAD. 7414 * 7415 * m will always be freed. 7416 */ 7417 static int 7418 key_api_flush(struct socket *so, struct mbuf *m, 7419 const struct sadb_msghdr *mhp) 7420 { 7421 struct sadb_msg *newmsg; 7422 struct secashead *sah; 7423 struct secasvar *sav; 7424 u_int16_t proto; 7425 u_int8_t state; 7426 int s; 7427 7428 /* map satype to proto */ 7429 proto = key_satype2proto(mhp->msg->sadb_msg_satype); 7430 if (proto == 0) { 7431 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n"); 7432 return key_senderror(so, m, EINVAL); 7433 } 7434 7435 /* no SATYPE specified, i.e. flushing all SA. */ 7436 s = pserialize_read_enter(); 7437 SAHLIST_READER_FOREACH(sah) { 7438 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7439 proto != sah->saidx.proto) 7440 continue; 7441 7442 key_sah_ref(sah); 7443 pserialize_read_exit(s); 7444 7445 SASTATE_ALIVE_FOREACH(state) { 7446 restart: 7447 mutex_enter(&key_sad.lock); 7448 SAVLIST_WRITER_FOREACH(sav, sah, state) { 7449 sav->state = SADB_SASTATE_DEAD; 7450 key_unlink_sav(sav); 7451 mutex_exit(&key_sad.lock); 7452 key_destroy_sav(sav); 7453 goto restart; 7454 } 7455 mutex_exit(&key_sad.lock); 7456 } 7457 7458 s = pserialize_read_enter(); 7459 sah->state = SADB_SASTATE_DEAD; 7460 key_sah_unref(sah); 7461 } 7462 pserialize_read_exit(s); 7463 7464 if (m->m_len < sizeof(struct sadb_msg) || 7465 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 7466 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 7467 return key_senderror(so, m, ENOBUFS); 7468 } 7469 7470 if (m->m_next) 7471 m_freem(m->m_next); 7472 m->m_next = NULL; 7473 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 7474 newmsg = mtod(m, struct sadb_msg *); 7475 newmsg->sadb_msg_errno = 0; 7476 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 7477 7478 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7479 } 7480 7481 7482 static struct mbuf * 7483 key_setdump_chain(u_int8_t req_satype, int *errorp, int *lenp, pid_t pid) 7484 { 7485 struct secashead *sah; 7486 struct secasvar *sav; 7487 u_int16_t proto; 7488 u_int8_t satype; 7489 u_int8_t state; 7490 int cnt; 7491 struct mbuf *m, *n, *prev; 7492 7493 KASSERT(mutex_owned(&key_sad.lock)); 7494 7495 *lenp = 0; 7496 7497 /* map satype to proto */ 7498 proto = key_satype2proto(req_satype); 7499 if (proto == 0) { 7500 *errorp = EINVAL; 7501 return (NULL); 7502 } 7503 7504 /* count sav entries to be sent to userland. */ 7505 cnt = 0; 7506 SAHLIST_WRITER_FOREACH(sah) { 7507 if (req_satype != SADB_SATYPE_UNSPEC && 7508 proto != sah->saidx.proto) 7509 continue; 7510 7511 SASTATE_ANY_FOREACH(state) { 7512 SAVLIST_WRITER_FOREACH(sav, sah, state) { 7513 cnt++; 7514 } 7515 } 7516 } 7517 7518 if (cnt == 0) { 7519 *errorp = ENOENT; 7520 return (NULL); 7521 } 7522 7523 /* send this to the userland, one at a time. */ 7524 m = NULL; 7525 prev = m; 7526 SAHLIST_WRITER_FOREACH(sah) { 7527 if (req_satype != SADB_SATYPE_UNSPEC && 7528 proto != sah->saidx.proto) 7529 continue; 7530 7531 /* map proto to satype */ 7532 satype = key_proto2satype(sah->saidx.proto); 7533 if (satype == 0) { 7534 m_freem(m); 7535 *errorp = EINVAL; 7536 return (NULL); 7537 } 7538 7539 SASTATE_ANY_FOREACH(state) { 7540 SAVLIST_WRITER_FOREACH(sav, sah, state) { 7541 n = key_setdumpsa(sav, SADB_DUMP, satype, 7542 --cnt, pid); 7543 if (!m) 7544 m = n; 7545 else 7546 prev->m_nextpkt = n; 7547 prev = n; 7548 } 7549 } 7550 } 7551 7552 if (!m) { 7553 *errorp = EINVAL; 7554 return (NULL); 7555 } 7556 7557 if ((m->m_flags & M_PKTHDR) != 0) { 7558 m->m_pkthdr.len = 0; 7559 for (n = m; n; n = n->m_next) 7560 m->m_pkthdr.len += n->m_len; 7561 } 7562 7563 *errorp = 0; 7564 return (m); 7565 } 7566 7567 /* 7568 * SADB_DUMP processing 7569 * dump all entries including status of DEAD in SAD. 7570 * receive 7571 * <base> 7572 * from the ikmpd, and dump all secasvar leaves 7573 * and send, 7574 * <base> ..... 7575 * to the ikmpd. 7576 * 7577 * m will always be freed. 7578 */ 7579 static int 7580 key_api_dump(struct socket *so, struct mbuf *m0, 7581 const struct sadb_msghdr *mhp) 7582 { 7583 u_int16_t proto; 7584 u_int8_t satype; 7585 struct mbuf *n; 7586 int error, len, ok; 7587 7588 /* map satype to proto */ 7589 satype = mhp->msg->sadb_msg_satype; 7590 proto = key_satype2proto(satype); 7591 if (proto == 0) { 7592 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n"); 7593 return key_senderror(so, m0, EINVAL); 7594 } 7595 7596 /* 7597 * If the requestor has insufficient socket-buffer space 7598 * for the entire chain, nobody gets any response to the DUMP. 7599 * XXX For now, only the requestor ever gets anything. 7600 * Moreover, if the requestor has any space at all, they receive 7601 * the entire chain, otherwise the request is refused with ENOBUFS. 7602 */ 7603 if (sbspace(&so->so_rcv) <= 0) { 7604 return key_senderror(so, m0, ENOBUFS); 7605 } 7606 7607 mutex_enter(&key_sad.lock); 7608 n = key_setdump_chain(satype, &error, &len, mhp->msg->sadb_msg_pid); 7609 mutex_exit(&key_sad.lock); 7610 7611 if (n == NULL) { 7612 return key_senderror(so, m0, ENOENT); 7613 } 7614 { 7615 uint64_t *ps = PFKEY_STAT_GETREF(); 7616 ps[PFKEY_STAT_IN_TOTAL]++; 7617 ps[PFKEY_STAT_IN_BYTES] += len; 7618 PFKEY_STAT_PUTREF(); 7619 } 7620 7621 /* 7622 * PF_KEY DUMP responses are no longer broadcast to all PF_KEY sockets. 7623 * The requestor receives either the entire chain, or an 7624 * error message with ENOBUFS. 7625 * 7626 * sbappendaddrchain() takes the chain of entries, one 7627 * packet-record per SPD entry, prepends the key_src sockaddr 7628 * to each packet-record, links the sockaddr mbufs into a new 7629 * list of records, then appends the entire resulting 7630 * list to the requesting socket. 7631 */ 7632 ok = sbappendaddrchain(&so->so_rcv, (struct sockaddr *)&key_src, n, 7633 SB_PRIO_ONESHOT_OVERFLOW); 7634 7635 if (!ok) { 7636 PFKEY_STATINC(PFKEY_STAT_IN_NOMEM); 7637 m_freem(n); 7638 return key_senderror(so, m0, ENOBUFS); 7639 } 7640 7641 m_freem(m0); 7642 return 0; 7643 } 7644 7645 /* 7646 * SADB_X_PROMISC processing 7647 * 7648 * m will always be freed. 7649 */ 7650 static int 7651 key_api_promisc(struct socket *so, struct mbuf *m, 7652 const struct sadb_msghdr *mhp) 7653 { 7654 int olen; 7655 7656 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7657 7658 if (olen < sizeof(struct sadb_msg)) { 7659 #if 1 7660 return key_senderror(so, m, EINVAL); 7661 #else 7662 m_freem(m); 7663 return 0; 7664 #endif 7665 } else if (olen == sizeof(struct sadb_msg)) { 7666 /* enable/disable promisc mode */ 7667 struct keycb *kp = (struct keycb *)sotorawcb(so); 7668 if (kp == NULL) 7669 return key_senderror(so, m, EINVAL); 7670 mhp->msg->sadb_msg_errno = 0; 7671 switch (mhp->msg->sadb_msg_satype) { 7672 case 0: 7673 case 1: 7674 kp->kp_promisc = mhp->msg->sadb_msg_satype; 7675 break; 7676 default: 7677 return key_senderror(so, m, EINVAL); 7678 } 7679 7680 /* send the original message back to everyone */ 7681 mhp->msg->sadb_msg_errno = 0; 7682 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7683 } else { 7684 /* send packet as is */ 7685 7686 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 7687 7688 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 7689 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7690 } 7691 } 7692 7693 static int (*key_api_typesw[]) (struct socket *, struct mbuf *, 7694 const struct sadb_msghdr *) = { 7695 NULL, /* SADB_RESERVED */ 7696 key_api_getspi, /* SADB_GETSPI */ 7697 key_api_update, /* SADB_UPDATE */ 7698 key_api_add, /* SADB_ADD */ 7699 key_api_delete, /* SADB_DELETE */ 7700 key_api_get, /* SADB_GET */ 7701 key_api_acquire, /* SADB_ACQUIRE */ 7702 key_api_register, /* SADB_REGISTER */ 7703 NULL, /* SADB_EXPIRE */ 7704 key_api_flush, /* SADB_FLUSH */ 7705 key_api_dump, /* SADB_DUMP */ 7706 key_api_promisc, /* SADB_X_PROMISC */ 7707 NULL, /* SADB_X_PCHANGE */ 7708 key_api_spdadd, /* SADB_X_SPDUPDATE */ 7709 key_api_spdadd, /* SADB_X_SPDADD */ 7710 key_api_spddelete, /* SADB_X_SPDDELETE */ 7711 key_api_spdget, /* SADB_X_SPDGET */ 7712 NULL, /* SADB_X_SPDACQUIRE */ 7713 key_api_spddump, /* SADB_X_SPDDUMP */ 7714 key_api_spdflush, /* SADB_X_SPDFLUSH */ 7715 key_api_spdadd, /* SADB_X_SPDSETIDX */ 7716 NULL, /* SADB_X_SPDEXPIRE */ 7717 key_api_spddelete2, /* SADB_X_SPDDELETE2 */ 7718 key_api_nat_map, /* SADB_X_NAT_T_NEW_MAPPING */ 7719 }; 7720 7721 /* 7722 * parse sadb_msg buffer to process PFKEYv2, 7723 * and create a data to response if needed. 7724 * I think to be dealed with mbuf directly. 7725 * IN: 7726 * msgp : pointer to pointer to a received buffer pulluped. 7727 * This is rewrited to response. 7728 * so : pointer to socket. 7729 * OUT: 7730 * length for buffer to send to user process. 7731 */ 7732 int 7733 key_parse(struct mbuf *m, struct socket *so) 7734 { 7735 struct sadb_msg *msg; 7736 struct sadb_msghdr mh; 7737 u_int orglen; 7738 int error; 7739 7740 KASSERT(m != NULL); 7741 KASSERT(so != NULL); 7742 7743 #if 0 /*kdebug_sadb assumes msg in linear buffer*/ 7744 if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP)) { 7745 kdebug_sadb("passed sadb_msg", msg); 7746 } 7747 #endif 7748 7749 if (m->m_len < sizeof(struct sadb_msg)) { 7750 m = m_pullup(m, sizeof(struct sadb_msg)); 7751 if (!m) 7752 return ENOBUFS; 7753 } 7754 msg = mtod(m, struct sadb_msg *); 7755 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 7756 7757 if ((m->m_flags & M_PKTHDR) == 0 || 7758 m->m_pkthdr.len != orglen) { 7759 IPSECLOG(LOG_DEBUG, "invalid message length.\n"); 7760 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN); 7761 error = EINVAL; 7762 goto senderror; 7763 } 7764 7765 if (msg->sadb_msg_version != PF_KEY_V2) { 7766 IPSECLOG(LOG_DEBUG, "PF_KEY version %u is mismatched.\n", 7767 msg->sadb_msg_version); 7768 PFKEY_STATINC(PFKEY_STAT_OUT_INVVER); 7769 error = EINVAL; 7770 goto senderror; 7771 } 7772 7773 if (msg->sadb_msg_type > SADB_MAX) { 7774 IPSECLOG(LOG_DEBUG, "invalid type %u is passed.\n", 7775 msg->sadb_msg_type); 7776 PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE); 7777 error = EINVAL; 7778 goto senderror; 7779 } 7780 7781 /* for old-fashioned code - should be nuked */ 7782 if (m->m_pkthdr.len > MCLBYTES) { 7783 m_freem(m); 7784 return ENOBUFS; 7785 } 7786 if (m->m_next) { 7787 struct mbuf *n; 7788 7789 n = key_alloc_mbuf_simple(m->m_pkthdr.len, M_WAITOK); 7790 7791 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, void *)); 7792 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 7793 n->m_next = NULL; 7794 m_freem(m); 7795 m = n; 7796 } 7797 7798 /* align the mbuf chain so that extensions are in contiguous region. */ 7799 error = key_align(m, &mh); 7800 if (error) 7801 return error; 7802 7803 if (m->m_next) { /*XXX*/ 7804 m_freem(m); 7805 return ENOBUFS; 7806 } 7807 7808 msg = mh.msg; 7809 7810 /* check SA type */ 7811 switch (msg->sadb_msg_satype) { 7812 case SADB_SATYPE_UNSPEC: 7813 switch (msg->sadb_msg_type) { 7814 case SADB_GETSPI: 7815 case SADB_UPDATE: 7816 case SADB_ADD: 7817 case SADB_DELETE: 7818 case SADB_GET: 7819 case SADB_ACQUIRE: 7820 case SADB_EXPIRE: 7821 IPSECLOG(LOG_DEBUG, 7822 "must specify satype when msg type=%u.\n", 7823 msg->sadb_msg_type); 7824 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE); 7825 error = EINVAL; 7826 goto senderror; 7827 } 7828 break; 7829 case SADB_SATYPE_AH: 7830 case SADB_SATYPE_ESP: 7831 case SADB_X_SATYPE_IPCOMP: 7832 case SADB_X_SATYPE_TCPSIGNATURE: 7833 switch (msg->sadb_msg_type) { 7834 case SADB_X_SPDADD: 7835 case SADB_X_SPDDELETE: 7836 case SADB_X_SPDGET: 7837 case SADB_X_SPDDUMP: 7838 case SADB_X_SPDFLUSH: 7839 case SADB_X_SPDSETIDX: 7840 case SADB_X_SPDUPDATE: 7841 case SADB_X_SPDDELETE2: 7842 IPSECLOG(LOG_DEBUG, "illegal satype=%u\n", 7843 msg->sadb_msg_type); 7844 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE); 7845 error = EINVAL; 7846 goto senderror; 7847 } 7848 break; 7849 case SADB_SATYPE_RSVP: 7850 case SADB_SATYPE_OSPFV2: 7851 case SADB_SATYPE_RIPV2: 7852 case SADB_SATYPE_MIP: 7853 IPSECLOG(LOG_DEBUG, "type %u isn't supported.\n", 7854 msg->sadb_msg_satype); 7855 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE); 7856 error = EOPNOTSUPP; 7857 goto senderror; 7858 case 1: /* XXX: What does it do? */ 7859 if (msg->sadb_msg_type == SADB_X_PROMISC) 7860 break; 7861 /*FALLTHROUGH*/ 7862 default: 7863 IPSECLOG(LOG_DEBUG, "invalid type %u is passed.\n", 7864 msg->sadb_msg_satype); 7865 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE); 7866 error = EINVAL; 7867 goto senderror; 7868 } 7869 7870 /* check field of upper layer protocol and address family */ 7871 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL && 7872 mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 7873 const struct sadb_address *src0, *dst0; 7874 const struct sockaddr *sa0, *da0; 7875 u_int plen; 7876 7877 src0 = mh.ext[SADB_EXT_ADDRESS_SRC]; 7878 dst0 = mh.ext[SADB_EXT_ADDRESS_DST]; 7879 sa0 = key_msghdr_get_sockaddr(&mh, SADB_EXT_ADDRESS_SRC); 7880 da0 = key_msghdr_get_sockaddr(&mh, SADB_EXT_ADDRESS_DST); 7881 7882 /* check upper layer protocol */ 7883 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 7884 IPSECLOG(LOG_DEBUG, 7885 "upper layer protocol mismatched.\n"); 7886 goto invaddr; 7887 } 7888 7889 /* check family */ 7890 if (sa0->sa_family != da0->sa_family) { 7891 IPSECLOG(LOG_DEBUG, "address family mismatched.\n"); 7892 goto invaddr; 7893 } 7894 if (sa0->sa_len != da0->sa_len) { 7895 IPSECLOG(LOG_DEBUG, 7896 "address struct size mismatched.\n"); 7897 goto invaddr; 7898 } 7899 7900 switch (sa0->sa_family) { 7901 case AF_INET: 7902 if (sa0->sa_len != sizeof(struct sockaddr_in)) 7903 goto invaddr; 7904 break; 7905 case AF_INET6: 7906 if (sa0->sa_len != sizeof(struct sockaddr_in6)) 7907 goto invaddr; 7908 break; 7909 default: 7910 IPSECLOG(LOG_DEBUG, "unsupported address family.\n"); 7911 error = EAFNOSUPPORT; 7912 goto senderror; 7913 } 7914 7915 switch (sa0->sa_family) { 7916 case AF_INET: 7917 plen = sizeof(struct in_addr) << 3; 7918 break; 7919 case AF_INET6: 7920 plen = sizeof(struct in6_addr) << 3; 7921 break; 7922 default: 7923 plen = 0; /*fool gcc*/ 7924 break; 7925 } 7926 7927 /* check max prefix length */ 7928 if (src0->sadb_address_prefixlen > plen || 7929 dst0->sadb_address_prefixlen > plen) { 7930 IPSECLOG(LOG_DEBUG, "illegal prefixlen.\n"); 7931 goto invaddr; 7932 } 7933 7934 /* 7935 * prefixlen == 0 is valid because there can be a case when 7936 * all addresses are matched. 7937 */ 7938 } 7939 7940 if (msg->sadb_msg_type >= __arraycount(key_api_typesw) || 7941 key_api_typesw[msg->sadb_msg_type] == NULL) { 7942 PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE); 7943 error = EINVAL; 7944 goto senderror; 7945 } 7946 7947 return (*key_api_typesw[msg->sadb_msg_type])(so, m, &mh); 7948 7949 invaddr: 7950 error = EINVAL; 7951 senderror: 7952 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR); 7953 return key_senderror(so, m, error); 7954 } 7955 7956 static int 7957 key_senderror(struct socket *so, struct mbuf *m, int code) 7958 { 7959 struct sadb_msg *msg; 7960 7961 KASSERT(m->m_len >= sizeof(struct sadb_msg)); 7962 7963 if (so == NULL) { 7964 /* 7965 * This means the request comes from kernel. 7966 * As the request comes from kernel, it is unnecessary to 7967 * send message to userland. Just return errcode directly. 7968 */ 7969 m_freem(m); 7970 return code; 7971 } 7972 7973 msg = mtod(m, struct sadb_msg *); 7974 msg->sadb_msg_errno = code; 7975 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 7976 } 7977 7978 /* 7979 * set the pointer to each header into message buffer. 7980 * m will be freed on error. 7981 * XXX larger-than-MCLBYTES extension? 7982 */ 7983 static int 7984 key_align(struct mbuf *m, struct sadb_msghdr *mhp) 7985 { 7986 struct mbuf *n; 7987 struct sadb_ext *ext; 7988 size_t off, end; 7989 int extlen; 7990 int toff; 7991 7992 KASSERT(m != NULL); 7993 KASSERT(mhp != NULL); 7994 KASSERT(m->m_len >= sizeof(struct sadb_msg)); 7995 7996 /* initialize */ 7997 memset(mhp, 0, sizeof(*mhp)); 7998 7999 mhp->msg = mtod(m, struct sadb_msg *); 8000 mhp->ext[0] = mhp->msg; /*XXX backward compat */ 8001 8002 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 8003 extlen = end; /*just in case extlen is not updated*/ 8004 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 8005 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 8006 if (!n) { 8007 /* m is already freed */ 8008 return ENOBUFS; 8009 } 8010 ext = (struct sadb_ext *)(mtod(n, char *) + toff); 8011 8012 /* set pointer */ 8013 switch (ext->sadb_ext_type) { 8014 case SADB_EXT_SA: 8015 case SADB_EXT_ADDRESS_SRC: 8016 case SADB_EXT_ADDRESS_DST: 8017 case SADB_EXT_ADDRESS_PROXY: 8018 case SADB_EXT_LIFETIME_CURRENT: 8019 case SADB_EXT_LIFETIME_HARD: 8020 case SADB_EXT_LIFETIME_SOFT: 8021 case SADB_EXT_KEY_AUTH: 8022 case SADB_EXT_KEY_ENCRYPT: 8023 case SADB_EXT_IDENTITY_SRC: 8024 case SADB_EXT_IDENTITY_DST: 8025 case SADB_EXT_SENSITIVITY: 8026 case SADB_EXT_PROPOSAL: 8027 case SADB_EXT_SUPPORTED_AUTH: 8028 case SADB_EXT_SUPPORTED_ENCRYPT: 8029 case SADB_EXT_SPIRANGE: 8030 case SADB_X_EXT_POLICY: 8031 case SADB_X_EXT_SA2: 8032 case SADB_X_EXT_NAT_T_TYPE: 8033 case SADB_X_EXT_NAT_T_SPORT: 8034 case SADB_X_EXT_NAT_T_DPORT: 8035 case SADB_X_EXT_NAT_T_OAI: 8036 case SADB_X_EXT_NAT_T_OAR: 8037 case SADB_X_EXT_NAT_T_FRAG: 8038 /* duplicate check */ 8039 /* 8040 * XXX Are there duplication payloads of either 8041 * KEY_AUTH or KEY_ENCRYPT ? 8042 */ 8043 if (mhp->ext[ext->sadb_ext_type] != NULL) { 8044 IPSECLOG(LOG_DEBUG, 8045 "duplicate ext_type %u is passed.\n", 8046 ext->sadb_ext_type); 8047 m_freem(m); 8048 PFKEY_STATINC(PFKEY_STAT_OUT_DUPEXT); 8049 return EINVAL; 8050 } 8051 break; 8052 default: 8053 IPSECLOG(LOG_DEBUG, "invalid ext_type %u is passed.\n", 8054 ext->sadb_ext_type); 8055 m_freem(m); 8056 PFKEY_STATINC(PFKEY_STAT_OUT_INVEXTTYPE); 8057 return EINVAL; 8058 } 8059 8060 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 8061 8062 if (key_validate_ext(ext, extlen)) { 8063 m_freem(m); 8064 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN); 8065 return EINVAL; 8066 } 8067 8068 n = m_pulldown(m, off, extlen, &toff); 8069 if (!n) { 8070 /* m is already freed */ 8071 return ENOBUFS; 8072 } 8073 ext = (struct sadb_ext *)(mtod(n, char *) + toff); 8074 8075 mhp->ext[ext->sadb_ext_type] = ext; 8076 mhp->extoff[ext->sadb_ext_type] = off; 8077 mhp->extlen[ext->sadb_ext_type] = extlen; 8078 } 8079 8080 if (off != end) { 8081 m_freem(m); 8082 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN); 8083 return EINVAL; 8084 } 8085 8086 return 0; 8087 } 8088 8089 static int 8090 key_validate_ext(const struct sadb_ext *ext, int len) 8091 { 8092 const struct sockaddr *sa; 8093 enum { NONE, ADDR } checktype = NONE; 8094 int baselen = 0; 8095 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 8096 8097 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 8098 return EINVAL; 8099 8100 /* if it does not match minimum/maximum length, bail */ 8101 if (ext->sadb_ext_type >= __arraycount(minsize) || 8102 ext->sadb_ext_type >= __arraycount(maxsize)) 8103 return EINVAL; 8104 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 8105 return EINVAL; 8106 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 8107 return EINVAL; 8108 8109 /* more checks based on sadb_ext_type XXX need more */ 8110 switch (ext->sadb_ext_type) { 8111 case SADB_EXT_ADDRESS_SRC: 8112 case SADB_EXT_ADDRESS_DST: 8113 case SADB_EXT_ADDRESS_PROXY: 8114 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 8115 checktype = ADDR; 8116 break; 8117 case SADB_EXT_IDENTITY_SRC: 8118 case SADB_EXT_IDENTITY_DST: 8119 if (((const struct sadb_ident *)ext)->sadb_ident_type == 8120 SADB_X_IDENTTYPE_ADDR) { 8121 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 8122 checktype = ADDR; 8123 } else 8124 checktype = NONE; 8125 break; 8126 default: 8127 checktype = NONE; 8128 break; 8129 } 8130 8131 switch (checktype) { 8132 case NONE: 8133 break; 8134 case ADDR: 8135 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); 8136 if (len < baselen + sal) 8137 return EINVAL; 8138 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 8139 return EINVAL; 8140 break; 8141 } 8142 8143 return 0; 8144 } 8145 8146 static int 8147 key_do_init(void) 8148 { 8149 int i, error; 8150 8151 mutex_init(&key_misc.lock, MUTEX_DEFAULT, IPL_NONE); 8152 8153 mutex_init(&key_spd.lock, MUTEX_DEFAULT, IPL_NONE); 8154 cv_init(&key_spd.cv_lc, "key_sp_lc"); 8155 key_spd.psz = pserialize_create(); 8156 cv_init(&key_spd.cv_psz, "key_sp_psz"); 8157 key_spd.psz_performing = false; 8158 8159 mutex_init(&key_sad.lock, MUTEX_DEFAULT, IPL_NONE); 8160 cv_init(&key_sad.cv_lc, "key_sa_lc"); 8161 key_sad.psz = pserialize_create(); 8162 cv_init(&key_sad.cv_psz, "key_sa_psz"); 8163 key_sad.psz_performing = false; 8164 8165 pfkeystat_percpu = percpu_alloc(sizeof(uint64_t) * PFKEY_NSTATS); 8166 8167 callout_init(&key_timehandler_ch, CALLOUT_MPSAFE); 8168 error = workqueue_create(&key_timehandler_wq, "key_timehandler", 8169 key_timehandler_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); 8170 if (error != 0) 8171 panic("%s: workqueue_create failed (%d)\n", __func__, error); 8172 8173 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8174 PSLIST_INIT(&key_spd.splist[i]); 8175 } 8176 8177 PSLIST_INIT(&key_spd.socksplist); 8178 8179 key_sad.sahlists = hashinit(SAHHASH_NHASH, HASH_PSLIST, true, 8180 &key_sad.sahlistmask); 8181 key_sad.savlut = hashinit(SAVLUT_NHASH, HASH_PSLIST, true, 8182 &key_sad.savlutmask); 8183 8184 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 8185 LIST_INIT(&key_misc.reglist[i]); 8186 } 8187 8188 #ifndef IPSEC_NONBLOCK_ACQUIRE 8189 LIST_INIT(&key_misc.acqlist); 8190 #endif 8191 #ifdef notyet 8192 LIST_INIT(&key_misc.spacqlist); 8193 #endif 8194 8195 /* system default */ 8196 ip4_def_policy.policy = IPSEC_POLICY_NONE; 8197 ip4_def_policy.state = IPSEC_SPSTATE_ALIVE; 8198 localcount_init(&ip4_def_policy.localcount); 8199 8200 #ifdef INET6 8201 ip6_def_policy.policy = IPSEC_POLICY_NONE; 8202 ip6_def_policy.state = IPSEC_SPSTATE_ALIVE; 8203 localcount_init(&ip6_def_policy.localcount); 8204 #endif 8205 8206 callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL); 8207 8208 /* initialize key statistics */ 8209 keystat.getspi_count = 1; 8210 8211 aprint_verbose("IPsec: Initialized Security Association Processing.\n"); 8212 8213 return (0); 8214 } 8215 8216 void 8217 key_init(void) 8218 { 8219 static ONCE_DECL(key_init_once); 8220 8221 sysctl_net_keyv2_setup(NULL); 8222 sysctl_net_key_compat_setup(NULL); 8223 8224 RUN_ONCE(&key_init_once, key_do_init); 8225 8226 key_init_so(); 8227 } 8228 8229 /* 8230 * XXX: maybe This function is called after INBOUND IPsec processing. 8231 * 8232 * Special check for tunnel-mode packets. 8233 * We must make some checks for consistency between inner and outer IP header. 8234 * 8235 * xxx more checks to be provided 8236 */ 8237 int 8238 key_checktunnelsanity( 8239 struct secasvar *sav, 8240 u_int family, 8241 void *src, 8242 void *dst 8243 ) 8244 { 8245 8246 /* XXX: check inner IP header */ 8247 8248 return 1; 8249 } 8250 8251 #if 0 8252 #define hostnamelen strlen(hostname) 8253 8254 /* 8255 * Get FQDN for the host. 8256 * If the administrator configured hostname (by hostname(1)) without 8257 * domain name, returns nothing. 8258 */ 8259 static const char * 8260 key_getfqdn(void) 8261 { 8262 int i; 8263 int hasdot; 8264 static char fqdn[MAXHOSTNAMELEN + 1]; 8265 8266 if (!hostnamelen) 8267 return NULL; 8268 8269 /* check if it comes with domain name. */ 8270 hasdot = 0; 8271 for (i = 0; i < hostnamelen; i++) { 8272 if (hostname[i] == '.') 8273 hasdot++; 8274 } 8275 if (!hasdot) 8276 return NULL; 8277 8278 /* NOTE: hostname may not be NUL-terminated. */ 8279 memset(fqdn, 0, sizeof(fqdn)); 8280 memcpy(fqdn, hostname, hostnamelen); 8281 fqdn[hostnamelen] = '\0'; 8282 return fqdn; 8283 } 8284 8285 /* 8286 * get username@FQDN for the host/user. 8287 */ 8288 static const char * 8289 key_getuserfqdn(void) 8290 { 8291 const char *host; 8292 static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2]; 8293 struct proc *p = curproc; 8294 char *q; 8295 8296 if (!p || !p->p_pgrp || !p->p_pgrp->pg_session) 8297 return NULL; 8298 if (!(host = key_getfqdn())) 8299 return NULL; 8300 8301 /* NOTE: s_login may not be-NUL terminated. */ 8302 memset(userfqdn, 0, sizeof(userfqdn)); 8303 memcpy(userfqdn, Mp->p_pgrp->pg_session->s_login, AXLOGNAME); 8304 userfqdn[MAXLOGNAME] = '\0'; /* safeguard */ 8305 q = userfqdn + strlen(userfqdn); 8306 *q++ = '@'; 8307 memcpy(q, host, strlen(host)); 8308 q += strlen(host); 8309 *q++ = '\0'; 8310 8311 return userfqdn; 8312 } 8313 #endif 8314 8315 /* record data transfer on SA, and update timestamps */ 8316 void 8317 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) 8318 { 8319 lifetime_counters_t *counters; 8320 8321 KASSERT(sav != NULL); 8322 KASSERT(sav->lft_c != NULL); 8323 KASSERT(m != NULL); 8324 8325 counters = percpu_getref(sav->lft_c_counters_percpu); 8326 8327 /* 8328 * XXX Currently, there is a difference of bytes size 8329 * between inbound and outbound processing. 8330 */ 8331 (*counters)[LIFETIME_COUNTER_BYTES] += m->m_pkthdr.len; 8332 /* to check bytes lifetime is done in key_timehandler(). */ 8333 8334 /* 8335 * We use the number of packets as the unit of 8336 * sadb_lifetime_allocations. We increment the variable 8337 * whenever {esp,ah}_{in,out}put is called. 8338 */ 8339 (*counters)[LIFETIME_COUNTER_ALLOCATIONS]++; 8340 /* XXX check for expires? */ 8341 8342 percpu_putref(sav->lft_c_counters_percpu); 8343 8344 /* 8345 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock, 8346 * in seconds. HARD and SOFT lifetime are measured by the time 8347 * difference (again in seconds) from sadb_lifetime_usetime. 8348 * 8349 * usetime 8350 * v expire expire 8351 * -----+-----+--------+---> t 8352 * <--------------> HARD 8353 * <-----> SOFT 8354 */ 8355 sav->lft_c->sadb_lifetime_usetime = time_uptime; 8356 /* XXX check for expires? */ 8357 8358 return; 8359 } 8360 8361 /* dumb version */ 8362 void 8363 key_sa_routechange(struct sockaddr *dst) 8364 { 8365 struct secashead *sah; 8366 int s; 8367 8368 s = pserialize_read_enter(); 8369 SAHLIST_READER_FOREACH(sah) { 8370 struct route *ro; 8371 const struct sockaddr *sa; 8372 8373 key_sah_ref(sah); 8374 pserialize_read_exit(s); 8375 8376 ro = &sah->sa_route; 8377 sa = rtcache_getdst(ro); 8378 if (sa != NULL && dst->sa_len == sa->sa_len && 8379 memcmp(dst, sa, dst->sa_len) == 0) 8380 rtcache_free(ro); 8381 8382 s = pserialize_read_enter(); 8383 key_sah_unref(sah); 8384 } 8385 pserialize_read_exit(s); 8386 8387 return; 8388 } 8389 8390 static void 8391 key_sa_chgstate(struct secasvar *sav, u_int8_t state) 8392 { 8393 struct secasvar *_sav; 8394 8395 ASSERT_SLEEPABLE(); 8396 KASSERT(mutex_owned(&key_sad.lock)); 8397 8398 if (sav->state == state) 8399 return; 8400 8401 key_unlink_sav(sav); 8402 localcount_fini(&sav->localcount); 8403 SAVLIST_ENTRY_DESTROY(sav); 8404 key_init_sav(sav); 8405 8406 sav->state = state; 8407 if (!SADB_SASTATE_USABLE_P(sav)) { 8408 /* We don't need to care about the order */ 8409 SAVLIST_WRITER_INSERT_HEAD(sav->sah, state, sav); 8410 return; 8411 } 8412 /* 8413 * Sort the list by lft_c->sadb_lifetime_addtime 8414 * in ascending order. 8415 */ 8416 SAVLIST_WRITER_FOREACH(_sav, sav->sah, state) { 8417 if (_sav->lft_c->sadb_lifetime_addtime > 8418 sav->lft_c->sadb_lifetime_addtime) { 8419 SAVLIST_WRITER_INSERT_BEFORE(_sav, sav); 8420 break; 8421 } 8422 } 8423 if (_sav == NULL) { 8424 SAVLIST_WRITER_INSERT_TAIL(sav->sah, state, sav); 8425 } 8426 8427 SAVLUT_WRITER_INSERT_HEAD(sav); 8428 8429 key_validate_savlist(sav->sah, state); 8430 } 8431 8432 /* XXX too much? */ 8433 static struct mbuf * 8434 key_alloc_mbuf(int l, int mflag) 8435 { 8436 struct mbuf *m = NULL, *n; 8437 int len, t; 8438 8439 KASSERT(mflag == M_NOWAIT || (mflag == M_WAITOK && !cpu_softintr_p())); 8440 8441 len = l; 8442 while (len > 0) { 8443 MGET(n, mflag, MT_DATA); 8444 if (n && len > MLEN) { 8445 MCLGET(n, mflag); 8446 if ((n->m_flags & M_EXT) == 0) { 8447 m_freem(n); 8448 n = NULL; 8449 } 8450 } 8451 if (!n) { 8452 m_freem(m); 8453 return NULL; 8454 } 8455 8456 n->m_next = NULL; 8457 n->m_len = 0; 8458 n->m_len = M_TRAILINGSPACE(n); 8459 /* use the bottom of mbuf, hoping we can prepend afterwards */ 8460 if (n->m_len > len) { 8461 t = (n->m_len - len) & ~(sizeof(long) - 1); 8462 n->m_data += t; 8463 n->m_len = len; 8464 } 8465 8466 len -= n->m_len; 8467 8468 if (m) 8469 m_cat(m, n); 8470 else 8471 m = n; 8472 } 8473 8474 return m; 8475 } 8476 8477 static struct mbuf * 8478 key_setdump(u_int8_t req_satype, int *errorp, uint32_t pid) 8479 { 8480 struct secashead *sah; 8481 struct secasvar *sav; 8482 u_int16_t proto; 8483 u_int8_t satype; 8484 u_int8_t state; 8485 int cnt; 8486 struct mbuf *m, *n; 8487 8488 KASSERT(mutex_owned(&key_sad.lock)); 8489 8490 /* map satype to proto */ 8491 proto = key_satype2proto(req_satype); 8492 if (proto == 0) { 8493 *errorp = EINVAL; 8494 return (NULL); 8495 } 8496 8497 /* count sav entries to be sent to the userland. */ 8498 cnt = 0; 8499 SAHLIST_WRITER_FOREACH(sah) { 8500 if (req_satype != SADB_SATYPE_UNSPEC && 8501 proto != sah->saidx.proto) 8502 continue; 8503 8504 SASTATE_ANY_FOREACH(state) { 8505 SAVLIST_WRITER_FOREACH(sav, sah, state) { 8506 cnt++; 8507 } 8508 } 8509 } 8510 8511 if (cnt == 0) { 8512 *errorp = ENOENT; 8513 return (NULL); 8514 } 8515 8516 /* send this to the userland, one at a time. */ 8517 m = NULL; 8518 SAHLIST_WRITER_FOREACH(sah) { 8519 if (req_satype != SADB_SATYPE_UNSPEC && 8520 proto != sah->saidx.proto) 8521 continue; 8522 8523 /* map proto to satype */ 8524 satype = key_proto2satype(sah->saidx.proto); 8525 if (satype == 0) { 8526 m_freem(m); 8527 *errorp = EINVAL; 8528 return (NULL); 8529 } 8530 8531 SASTATE_ANY_FOREACH(state) { 8532 SAVLIST_WRITER_FOREACH(sav, sah, state) { 8533 n = key_setdumpsa(sav, SADB_DUMP, satype, 8534 --cnt, pid); 8535 if (!m) 8536 m = n; 8537 else 8538 m_cat(m, n); 8539 } 8540 } 8541 } 8542 8543 if (!m) { 8544 *errorp = EINVAL; 8545 return (NULL); 8546 } 8547 8548 if ((m->m_flags & M_PKTHDR) != 0) { 8549 m->m_pkthdr.len = 0; 8550 for (n = m; n; n = n->m_next) 8551 m->m_pkthdr.len += n->m_len; 8552 } 8553 8554 *errorp = 0; 8555 return (m); 8556 } 8557 8558 static struct mbuf * 8559 key_setspddump(int *errorp, pid_t pid) 8560 { 8561 struct secpolicy *sp; 8562 int cnt; 8563 u_int dir; 8564 struct mbuf *m, *n; 8565 8566 KASSERT(mutex_owned(&key_spd.lock)); 8567 8568 /* search SPD entry and get buffer size. */ 8569 cnt = 0; 8570 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 8571 SPLIST_WRITER_FOREACH(sp, dir) { 8572 cnt++; 8573 } 8574 } 8575 8576 if (cnt == 0) { 8577 *errorp = ENOENT; 8578 return (NULL); 8579 } 8580 8581 m = NULL; 8582 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 8583 SPLIST_WRITER_FOREACH(sp, dir) { 8584 --cnt; 8585 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, pid); 8586 8587 if (!m) 8588 m = n; 8589 else { 8590 m->m_pkthdr.len += n->m_pkthdr.len; 8591 m_cat(m, n); 8592 } 8593 } 8594 } 8595 8596 *errorp = 0; 8597 return (m); 8598 } 8599 8600 int 8601 key_get_used(void) { 8602 return !SPLIST_READER_EMPTY(IPSEC_DIR_INBOUND) || 8603 !SPLIST_READER_EMPTY(IPSEC_DIR_OUTBOUND) || 8604 !SOCKSPLIST_READER_EMPTY(); 8605 } 8606 8607 void 8608 key_update_used(void) 8609 { 8610 switch (ipsec_enabled) { 8611 default: 8612 case 0: 8613 #ifdef notyet 8614 /* XXX: racy */ 8615 ipsec_used = 0; 8616 #endif 8617 break; 8618 case 1: 8619 #ifndef notyet 8620 /* XXX: racy */ 8621 if (!ipsec_used) 8622 #endif 8623 ipsec_used = key_get_used(); 8624 break; 8625 case 2: 8626 ipsec_used = 1; 8627 break; 8628 } 8629 } 8630 8631 static inline void 8632 key_savlut_writer_insert_head(struct secasvar *sav) 8633 { 8634 uint32_t hash_key; 8635 uint32_t hash; 8636 8637 KASSERT(mutex_owned(&key_sad.lock)); 8638 KASSERT(!sav->savlut_added); 8639 8640 if (sav->sah->saidx.proto == IPPROTO_IPCOMP) 8641 hash_key = sav->alg_comp; 8642 else 8643 hash_key = sav->spi; 8644 8645 hash = key_savluthash(&sav->sah->saidx.dst.sa, 8646 sav->sah->saidx.proto, hash_key, key_sad.savlutmask); 8647 8648 PSLIST_WRITER_INSERT_HEAD(&key_sad.savlut[hash], sav, 8649 pslist_entry_savlut); 8650 sav->savlut_added = true; 8651 } 8652 8653 /* 8654 * Calculate hash using protocol, source address, 8655 * and destination address included in saidx. 8656 */ 8657 static inline uint32_t 8658 key_saidxhash(const struct secasindex *saidx, u_long mask) 8659 { 8660 uint32_t hash32; 8661 const struct sockaddr_in *sin; 8662 const struct sockaddr_in6 *sin6; 8663 8664 hash32 = saidx->proto; 8665 8666 switch (saidx->src.sa.sa_family) { 8667 case AF_INET: 8668 sin = &saidx->src.sin; 8669 hash32 = hash32_buf(&sin->sin_addr, 8670 sizeof(sin->sin_addr), hash32); 8671 sin = &saidx->dst.sin; 8672 hash32 = hash32_buf(&sin->sin_addr, 8673 sizeof(sin->sin_addr), hash32 << 1); 8674 break; 8675 case AF_INET6: 8676 sin6 = &saidx->src.sin6; 8677 hash32 = hash32_buf(&sin6->sin6_addr, 8678 sizeof(sin6->sin6_addr), hash32); 8679 sin6 = &saidx->dst.sin6; 8680 hash32 = hash32_buf(&sin6->sin6_addr, 8681 sizeof(sin6->sin6_addr), hash32 << 1); 8682 break; 8683 default: 8684 hash32 = 0; 8685 break; 8686 } 8687 8688 return hash32 & mask; 8689 } 8690 8691 /* 8692 * Calculate hash using destination address, protocol, 8693 * and spi. Those parameter depend on the search of 8694 * key_lookup_sa(). 8695 */ 8696 static uint32_t 8697 key_savluthash(const struct sockaddr *dst, uint32_t proto, 8698 uint32_t spi, u_long mask) 8699 { 8700 uint32_t hash32; 8701 const struct sockaddr_in *sin; 8702 const struct sockaddr_in6 *sin6; 8703 8704 hash32 = hash32_buf(&proto, sizeof(proto), spi); 8705 8706 switch(dst->sa_family) { 8707 case AF_INET: 8708 sin = satocsin(dst); 8709 hash32 = hash32_buf(&sin->sin_addr, 8710 sizeof(sin->sin_addr), hash32); 8711 break; 8712 case AF_INET6: 8713 sin6 = satocsin6(dst); 8714 hash32 = hash32_buf(&sin6->sin6_addr, 8715 sizeof(sin6->sin6_addr), hash32); 8716 break; 8717 default: 8718 hash32 = 0; 8719 } 8720 8721 return hash32 & mask; 8722 } 8723 8724 static int 8725 sysctl_net_key_dumpsa(SYSCTLFN_ARGS) 8726 { 8727 struct mbuf *m, *n; 8728 int err2 = 0; 8729 char *p, *ep; 8730 size_t len; 8731 int error; 8732 8733 if (newp) 8734 return (EPERM); 8735 if (namelen != 1) 8736 return (EINVAL); 8737 8738 mutex_enter(&key_sad.lock); 8739 m = key_setdump(name[0], &error, l->l_proc->p_pid); 8740 mutex_exit(&key_sad.lock); 8741 if (!m) 8742 return (error); 8743 if (!oldp) 8744 *oldlenp = m->m_pkthdr.len; 8745 else { 8746 p = oldp; 8747 if (*oldlenp < m->m_pkthdr.len) { 8748 err2 = ENOMEM; 8749 ep = p + *oldlenp; 8750 } else { 8751 *oldlenp = m->m_pkthdr.len; 8752 ep = p + m->m_pkthdr.len; 8753 } 8754 for (n = m; n; n = n->m_next) { 8755 len = (ep - p < n->m_len) ? 8756 ep - p : n->m_len; 8757 error = copyout(mtod(n, const void *), p, len); 8758 p += len; 8759 if (error) 8760 break; 8761 } 8762 if (error == 0) 8763 error = err2; 8764 } 8765 m_freem(m); 8766 8767 return (error); 8768 } 8769 8770 static int 8771 sysctl_net_key_dumpsp(SYSCTLFN_ARGS) 8772 { 8773 struct mbuf *m, *n; 8774 int err2 = 0; 8775 char *p, *ep; 8776 size_t len; 8777 int error; 8778 8779 if (newp) 8780 return (EPERM); 8781 if (namelen != 0) 8782 return (EINVAL); 8783 8784 mutex_enter(&key_spd.lock); 8785 m = key_setspddump(&error, l->l_proc->p_pid); 8786 mutex_exit(&key_spd.lock); 8787 if (!m) 8788 return (error); 8789 if (!oldp) 8790 *oldlenp = m->m_pkthdr.len; 8791 else { 8792 p = oldp; 8793 if (*oldlenp < m->m_pkthdr.len) { 8794 err2 = ENOMEM; 8795 ep = p + *oldlenp; 8796 } else { 8797 *oldlenp = m->m_pkthdr.len; 8798 ep = p + m->m_pkthdr.len; 8799 } 8800 for (n = m; n; n = n->m_next) { 8801 len = (ep - p < n->m_len) ? ep - p : n->m_len; 8802 error = copyout(mtod(n, const void *), p, len); 8803 p += len; 8804 if (error) 8805 break; 8806 } 8807 if (error == 0) 8808 error = err2; 8809 } 8810 m_freem(m); 8811 8812 return (error); 8813 } 8814 8815 /* 8816 * Create sysctl tree for native IPSEC key knobs, originally 8817 * under name "net.keyv2" * with MIB number { CTL_NET, PF_KEY_V2. }. 8818 * However, sysctl(8) never checked for nodes under { CTL_NET, PF_KEY_V2 }; 8819 * and in any case the part of our sysctl namespace used for dumping the 8820 * SPD and SA database *HAS* to be compatible with the KAME sysctl 8821 * namespace, for API reasons. 8822 * 8823 * Pending a consensus on the right way to fix this, add a level of 8824 * indirection in how we number the `native' IPSEC key nodes; 8825 * and (as requested by Andrew Brown) move registration of the 8826 * KAME-compatible names to a separate function. 8827 */ 8828 #if 0 8829 # define IPSEC_PFKEY PF_KEY_V2 8830 # define IPSEC_PFKEY_NAME "keyv2" 8831 #else 8832 # define IPSEC_PFKEY PF_KEY 8833 # define IPSEC_PFKEY_NAME "key" 8834 #endif 8835 8836 static int 8837 sysctl_net_key_stats(SYSCTLFN_ARGS) 8838 { 8839 8840 return (NETSTAT_SYSCTL(pfkeystat_percpu, PFKEY_NSTATS)); 8841 } 8842 8843 static void 8844 sysctl_net_keyv2_setup(struct sysctllog **clog) 8845 { 8846 8847 sysctl_createv(clog, 0, NULL, NULL, 8848 CTLFLAG_PERMANENT, 8849 CTLTYPE_NODE, IPSEC_PFKEY_NAME, NULL, 8850 NULL, 0, NULL, 0, 8851 CTL_NET, IPSEC_PFKEY, CTL_EOL); 8852 8853 sysctl_createv(clog, 0, NULL, NULL, 8854 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8855 CTLTYPE_INT, "debug", NULL, 8856 NULL, 0, &key_debug_level, 0, 8857 CTL_NET, IPSEC_PFKEY, KEYCTL_DEBUG_LEVEL, CTL_EOL); 8858 sysctl_createv(clog, 0, NULL, NULL, 8859 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8860 CTLTYPE_INT, "spi_try", NULL, 8861 NULL, 0, &key_spi_trycnt, 0, 8862 CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_TRY, CTL_EOL); 8863 sysctl_createv(clog, 0, NULL, NULL, 8864 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8865 CTLTYPE_INT, "spi_min_value", NULL, 8866 NULL, 0, &key_spi_minval, 0, 8867 CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_MIN_VALUE, CTL_EOL); 8868 sysctl_createv(clog, 0, NULL, NULL, 8869 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8870 CTLTYPE_INT, "spi_max_value", NULL, 8871 NULL, 0, &key_spi_maxval, 0, 8872 CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_MAX_VALUE, CTL_EOL); 8873 sysctl_createv(clog, 0, NULL, NULL, 8874 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8875 CTLTYPE_INT, "random_int", NULL, 8876 NULL, 0, &key_int_random, 0, 8877 CTL_NET, IPSEC_PFKEY, KEYCTL_RANDOM_INT, CTL_EOL); 8878 sysctl_createv(clog, 0, NULL, NULL, 8879 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8880 CTLTYPE_INT, "larval_lifetime", NULL, 8881 NULL, 0, &key_larval_lifetime, 0, 8882 CTL_NET, IPSEC_PFKEY, KEYCTL_LARVAL_LIFETIME, CTL_EOL); 8883 sysctl_createv(clog, 0, NULL, NULL, 8884 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8885 CTLTYPE_INT, "blockacq_count", NULL, 8886 NULL, 0, &key_blockacq_count, 0, 8887 CTL_NET, IPSEC_PFKEY, KEYCTL_BLOCKACQ_COUNT, CTL_EOL); 8888 sysctl_createv(clog, 0, NULL, NULL, 8889 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8890 CTLTYPE_INT, "blockacq_lifetime", NULL, 8891 NULL, 0, &key_blockacq_lifetime, 0, 8892 CTL_NET, IPSEC_PFKEY, KEYCTL_BLOCKACQ_LIFETIME, CTL_EOL); 8893 sysctl_createv(clog, 0, NULL, NULL, 8894 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8895 CTLTYPE_INT, "esp_keymin", NULL, 8896 NULL, 0, &ipsec_esp_keymin, 0, 8897 CTL_NET, IPSEC_PFKEY, KEYCTL_ESP_KEYMIN, CTL_EOL); 8898 sysctl_createv(clog, 0, NULL, NULL, 8899 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8900 CTLTYPE_INT, "prefered_oldsa", NULL, 8901 NULL, 0, &key_prefered_oldsa, 0, 8902 CTL_NET, PF_KEY, KEYCTL_PREFERED_OLDSA, CTL_EOL); 8903 sysctl_createv(clog, 0, NULL, NULL, 8904 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8905 CTLTYPE_INT, "esp_auth", NULL, 8906 NULL, 0, &ipsec_esp_auth, 0, 8907 CTL_NET, IPSEC_PFKEY, KEYCTL_ESP_AUTH, CTL_EOL); 8908 sysctl_createv(clog, 0, NULL, NULL, 8909 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8910 CTLTYPE_INT, "ah_keymin", NULL, 8911 NULL, 0, &ipsec_ah_keymin, 0, 8912 CTL_NET, IPSEC_PFKEY, KEYCTL_AH_KEYMIN, CTL_EOL); 8913 sysctl_createv(clog, 0, NULL, NULL, 8914 CTLFLAG_PERMANENT, 8915 CTLTYPE_STRUCT, "stats", 8916 SYSCTL_DESCR("PF_KEY statistics"), 8917 sysctl_net_key_stats, 0, NULL, 0, 8918 CTL_NET, IPSEC_PFKEY, CTL_CREATE, CTL_EOL); 8919 } 8920 8921 /* 8922 * Register sysctl names used by setkey(8). For historical reasons, 8923 * and to share a single API, these names appear under { CTL_NET, PF_KEY } 8924 * for both IPSEC and KAME IPSEC. 8925 */ 8926 static void 8927 sysctl_net_key_compat_setup(struct sysctllog **clog) 8928 { 8929 8930 sysctl_createv(clog, 0, NULL, NULL, 8931 CTLFLAG_PERMANENT, 8932 CTLTYPE_NODE, "key", NULL, 8933 NULL, 0, NULL, 0, 8934 CTL_NET, PF_KEY, CTL_EOL); 8935 8936 /* Register the net.key.dump{sa,sp} nodes used by setkey(8). */ 8937 sysctl_createv(clog, 0, NULL, NULL, 8938 CTLFLAG_PERMANENT, 8939 CTLTYPE_STRUCT, "dumpsa", NULL, 8940 sysctl_net_key_dumpsa, 0, NULL, 0, 8941 CTL_NET, PF_KEY, KEYCTL_DUMPSA, CTL_EOL); 8942 sysctl_createv(clog, 0, NULL, NULL, 8943 CTLFLAG_PERMANENT, 8944 CTLTYPE_STRUCT, "dumpsp", NULL, 8945 sysctl_net_key_dumpsp, 0, NULL, 0, 8946 CTL_NET, PF_KEY, KEYCTL_DUMPSP, CTL_EOL); 8947 } 8948
Indexes created Thu Oct 30 03:10:01 GMT 2025