key.c revision 1.269
1 /* $NetBSD: key.c,v 1.269 2019/11/14 03:17:08 knakahara Exp $ */ 2 /* $FreeBSD: key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ 3 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 4 5 /* 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include <sys/cdefs.h> 35 __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.269 2019/11/14 03:17:08 knakahara Exp $"); 36 37 /* 38 * This code is referred to RFC 2367 39 */ 40 41 #if defined(_KERNEL_OPT) 42 #include "opt_inet.h" 43 #include "opt_ipsec.h" 44 #include "opt_gateway.h" 45 #include "opt_net_mpsafe.h" 46 #endif 47 48 #include <sys/types.h> 49 #include <sys/param.h> 50 #include <sys/systm.h> 51 #include <sys/callout.h> 52 #include <sys/kernel.h> 53 #include <sys/mbuf.h> 54 #include <sys/domain.h> 55 #include <sys/socket.h> 56 #include <sys/socketvar.h> 57 #include <sys/sysctl.h> 58 #include <sys/errno.h> 59 #include <sys/proc.h> 60 #include <sys/queue.h> 61 #include <sys/syslog.h> 62 #include <sys/once.h> 63 #include <sys/cprng.h> 64 #include <sys/psref.h> 65 #include <sys/lwp.h> 66 #include <sys/workqueue.h> 67 #include <sys/kmem.h> 68 #include <sys/cpu.h> 69 #include <sys/atomic.h> 70 #include <sys/pslist.h> 71 #include <sys/mutex.h> 72 #include <sys/condvar.h> 73 #include <sys/localcount.h> 74 #include <sys/pserialize.h> 75 #include <sys/hash.h> 76 77 #include <net/if.h> 78 #include <net/route.h> 79 80 #include <netinet/in.h> 81 #include <netinet/in_systm.h> 82 #include <netinet/ip.h> 83 #include <netinet/in_var.h> 84 #ifdef INET 85 #include <netinet/ip_var.h> 86 #endif 87 88 #ifdef INET6 89 #include <netinet/ip6.h> 90 #include <netinet6/in6_var.h> 91 #include <netinet6/ip6_var.h> 92 #endif /* INET6 */ 93 94 #ifdef INET 95 #include <netinet/in_pcb.h> 96 #endif 97 #ifdef INET6 98 #include <netinet6/in6_pcb.h> 99 #endif /* INET6 */ 100 101 #include <net/pfkeyv2.h> 102 #include <netipsec/keydb.h> 103 #include <netipsec/key.h> 104 #include <netipsec/keysock.h> 105 #include <netipsec/key_debug.h> 106 107 #include <netipsec/ipsec.h> 108 #ifdef INET6 109 #include <netipsec/ipsec6.h> 110 #endif 111 #include <netipsec/ipsec_private.h> 112 113 #include <netipsec/xform.h> 114 #include <netipsec/ipcomp.h> 115 116 #define FULLMASK 0xffu 117 #define _BITS(bytes) ((bytes) << 3) 118 119 #define PORT_NONE 0 120 #define PORT_LOOSE 1 121 #define PORT_STRICT 2 122 123 #ifndef SAHHASH_NHASH 124 #define SAHHASH_NHASH 128 125 #endif 126 127 #ifndef SAVLUT_NHASH 128 #define SAVLUT_NHASH 128 129 #endif 130 131 percpu_t *pfkeystat_percpu; 132 133 /* 134 * Note on SA reference counting: 135 * - SAs that are not in DEAD state will have (total external reference + 1) 136 * following value in reference count field. they cannot be freed and are 137 * referenced from SA header. 138 * - SAs that are in DEAD state will have (total external reference) 139 * in reference count field. they are ready to be freed. reference from 140 * SA header will be removed in key_delsav(), when the reference count 141 * field hits 0 (= no external reference other than from SA header. 142 */ 143 144 u_int32_t key_debug_level = 0; 145 static u_int key_spi_trycnt = 1000; 146 static u_int32_t key_spi_minval = 0x100; 147 static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */ 148 static u_int32_t policy_id = 0; 149 static u_int key_int_random = 60; /*interval to initialize randseed,1(m)*/ 150 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/ 151 static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/ 152 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/ 153 static int key_prefered_oldsa = 0; /* prefered old sa rather than new sa.*/ 154 155 static u_int32_t acq_seq = 0; 156 157 /* 158 * Locking order: there is no order for now; it means that any locks aren't 159 * overlapped. 160 */ 161 /* 162 * Locking notes on SPD: 163 * - Modifications to the key_spd.splist must be done with holding key_spd.lock 164 * which is a adaptive mutex 165 * - Read accesses to the key_spd.splist must be in pserialize(9) read sections 166 * - SP's lifetime is managed by localcount(9) 167 * - An SP that has been inserted to the key_spd.splist is initially referenced 168 * by none, i.e., a reference from the key_spd.splist isn't counted 169 * - When an SP is being destroyed, we change its state as DEAD, wait for 170 * references to the SP to be released, and then deallocate the SP 171 * (see key_unlink_sp) 172 * - Getting an SP 173 * - Normally we get an SP from the key_spd.splist (see key_lookup_sp_byspidx) 174 * - Must iterate the list and increment the reference count of a found SP 175 * (by key_sp_ref) in a pserialize read section 176 * - We can gain another reference from a held SP only if we check its state 177 * and take its reference in a pserialize read section 178 * (see esp_output for example) 179 * - We may get an SP from an SP cache. See below 180 * - A gotten SP must be released after use by KEY_SP_UNREF (key_sp_unref) 181 * - Updating member variables of an SP 182 * - Most member variables of an SP are immutable 183 * - Only sp->state and sp->lastused can be changed 184 * - sp->state of an SP is updated only when destroying it under key_spd.lock 185 * - SP caches 186 * - SPs can be cached in PCBs 187 * - The lifetime of the caches is controlled by the global generation counter 188 * (ipsec_spdgen) 189 * - The global counter value is stored when an SP is cached 190 * - If the stored value is different from the global counter then the cache 191 * is considered invalidated 192 * - The counter is incremented when an SP is being destroyed 193 * - So checking the generation and taking a reference to an SP should be 194 * in a pserialize read section 195 * - Note that caching doesn't increment the reference counter of an SP 196 * - SPs in sockets 197 * - Userland programs can set a policy to a socket by 198 * setsockopt(IP_IPSEC_POLICY) 199 * - Such policies (SPs) are set to a socket (PCB) and also inserted to 200 * the key_spd.socksplist list (not the key_spd.splist) 201 * - Such a policy is destroyed when a corresponding socket is destroed, 202 * however, a socket can be destroyed in softint so we cannot destroy 203 * it directly instead we just mark it DEAD and delay the destruction 204 * until GC by the timer 205 * - SP origin 206 * - SPs can be created by both userland programs and kernel components. 207 * The SPs created in kernel must not be removed by userland programs, 208 * although the SPs can be read by userland programs. 209 */ 210 /* 211 * Locking notes on SAD: 212 * - Data structures 213 * - SAs are managed by the list called key_sad.sahlists and sav lists of 214 * sah entries 215 * - An sav is supposed to be an SA from a viewpoint of users 216 * - A sah has sav lists for each SA state 217 * - Multiple saves with the same saidx can exist 218 * - Only one entry has MATURE state and others should be DEAD 219 * - DEAD entries are just ignored from searching 220 * - All sav whose state is MATURE or DYING are registered to the lookup 221 * table called key_sad.savlut in addition to the savlists. 222 * - The table is used to search an sav without use of saidx. 223 * - Modifications to the key_sad.sahlists, sah.savlist and key_sad.savlut 224 * must be done with holding key_sad.lock which is a adaptive mutex 225 * - Read accesses to the key_sad.sahlists, sah.savlist and key_sad.savlut 226 * must be in pserialize(9) read sections 227 * - sah's lifetime is managed by localcount(9) 228 * - Getting an sah entry 229 * - We get an sah from the key_sad.sahlists 230 * - Must iterate the list and increment the reference count of a found sah 231 * (by key_sah_ref) in a pserialize read section 232 * - A gotten sah must be released after use by key_sah_unref 233 * - An sah is destroyed when its state become DEAD and no sav is 234 * listed to the sah 235 * - The destruction is done only in the timer (see key_timehandler_sad) 236 * - sav's lifetime is managed by localcount(9) 237 * - Getting an sav entry 238 * - First get an sah by saidx and get an sav from either of sah's savlists 239 * - Must iterate the list and increment the reference count of a found sav 240 * (by key_sa_ref) in a pserialize read section 241 * - We can gain another reference from a held SA only if we check its state 242 * and take its reference in a pserialize read section 243 * (see esp_output for example) 244 * - A gotten sav must be released after use by key_sa_unref 245 * - An sav is destroyed when its state become DEAD 246 */ 247 /* 248 * Locking notes on misc data: 249 * - All lists of key_misc are protected by key_misc.lock 250 * - key_misc.lock must be held even for read accesses 251 */ 252 253 /* SPD */ 254 static struct { 255 kmutex_t lock; 256 kcondvar_t cv_lc; 257 struct pslist_head splist[IPSEC_DIR_MAX]; 258 /* 259 * The list has SPs that are set to a socket via 260 * setsockopt(IP_IPSEC_POLICY) from userland. See ipsec_set_policy. 261 */ 262 struct pslist_head socksplist; 263 264 pserialize_t psz; 265 kcondvar_t cv_psz; 266 bool psz_performing; 267 } key_spd __cacheline_aligned; 268 269 /* SAD */ 270 static struct { 271 kmutex_t lock; 272 kcondvar_t cv_lc; 273 struct pslist_head *sahlists; 274 u_long sahlistmask; 275 struct pslist_head *savlut; 276 u_long savlutmask; 277 278 pserialize_t psz; 279 kcondvar_t cv_psz; 280 bool psz_performing; 281 } key_sad __cacheline_aligned; 282 283 /* Misc data */ 284 static struct { 285 kmutex_t lock; 286 /* registed list */ 287 LIST_HEAD(_reglist, secreg) reglist[SADB_SATYPE_MAX + 1]; 288 #ifndef IPSEC_NONBLOCK_ACQUIRE 289 /* acquiring list */ 290 LIST_HEAD(_acqlist, secacq) acqlist; 291 #endif 292 #ifdef notyet 293 /* SP acquiring list */ 294 LIST_HEAD(_spacqlist, secspacq) spacqlist; 295 #endif 296 } key_misc __cacheline_aligned; 297 298 /* Macros for key_spd.splist */ 299 #define SPLIST_ENTRY_INIT(sp) \ 300 PSLIST_ENTRY_INIT((sp), pslist_entry) 301 #define SPLIST_ENTRY_DESTROY(sp) \ 302 PSLIST_ENTRY_DESTROY((sp), pslist_entry) 303 #define SPLIST_WRITER_REMOVE(sp) \ 304 PSLIST_WRITER_REMOVE((sp), pslist_entry) 305 #define SPLIST_READER_EMPTY(dir) \ 306 (PSLIST_READER_FIRST(&key_spd.splist[(dir)], struct secpolicy, \ 307 pslist_entry) == NULL) 308 #define SPLIST_READER_FOREACH(sp, dir) \ 309 PSLIST_READER_FOREACH((sp), &key_spd.splist[(dir)], \ 310 struct secpolicy, pslist_entry) 311 #define SPLIST_WRITER_FOREACH(sp, dir) \ 312 PSLIST_WRITER_FOREACH((sp), &key_spd.splist[(dir)], \ 313 struct secpolicy, pslist_entry) 314 #define SPLIST_WRITER_INSERT_AFTER(sp, new) \ 315 PSLIST_WRITER_INSERT_AFTER((sp), (new), pslist_entry) 316 #define SPLIST_WRITER_EMPTY(dir) \ 317 (PSLIST_WRITER_FIRST(&key_spd.splist[(dir)], struct secpolicy, \ 318 pslist_entry) == NULL) 319 #define SPLIST_WRITER_INSERT_HEAD(dir, sp) \ 320 PSLIST_WRITER_INSERT_HEAD(&key_spd.splist[(dir)], (sp), \ 321 pslist_entry) 322 #define SPLIST_WRITER_NEXT(sp) \ 323 PSLIST_WRITER_NEXT((sp), struct secpolicy, pslist_entry) 324 #define SPLIST_WRITER_INSERT_TAIL(dir, new) \ 325 do { \ 326 if (SPLIST_WRITER_EMPTY((dir))) { \ 327 SPLIST_WRITER_INSERT_HEAD((dir), (new)); \ 328 } else { \ 329 struct secpolicy *__sp; \ 330 SPLIST_WRITER_FOREACH(__sp, (dir)) { \ 331 if (SPLIST_WRITER_NEXT(__sp) == NULL) { \ 332 SPLIST_WRITER_INSERT_AFTER(__sp,\ 333 (new)); \ 334 break; \ 335 } \ 336 } \ 337 } \ 338 } while (0) 339 340 /* Macros for key_spd.socksplist */ 341 #define SOCKSPLIST_WRITER_FOREACH(sp) \ 342 PSLIST_WRITER_FOREACH((sp), &key_spd.socksplist, \ 343 struct secpolicy, pslist_entry) 344 #define SOCKSPLIST_READER_EMPTY() \ 345 (PSLIST_READER_FIRST(&key_spd.socksplist, struct secpolicy, \ 346 pslist_entry) == NULL) 347 348 /* Macros for key_sad.sahlist */ 349 #define SAHLIST_ENTRY_INIT(sah) \ 350 PSLIST_ENTRY_INIT((sah), pslist_entry) 351 #define SAHLIST_ENTRY_DESTROY(sah) \ 352 PSLIST_ENTRY_DESTROY((sah), pslist_entry) 353 #define SAHLIST_WRITER_REMOVE(sah) \ 354 PSLIST_WRITER_REMOVE((sah), pslist_entry) 355 #define SAHLIST_READER_FOREACH(sah) \ 356 for(int _i_sah = 0; _i_sah <= key_sad.sahlistmask; _i_sah++) \ 357 PSLIST_READER_FOREACH((sah), &key_sad.sahlists[_i_sah], \ 358 struct secashead, pslist_entry) 359 #define SAHLIST_READER_FOREACH_SAIDX(sah, saidx) \ 360 PSLIST_READER_FOREACH((sah), \ 361 &key_sad.sahlists[key_saidxhash((saidx), \ 362 key_sad.sahlistmask)], \ 363 struct secashead, pslist_entry) 364 #define SAHLIST_WRITER_FOREACH(sah) \ 365 for(int _i_sah = 0; _i_sah <= key_sad.sahlistmask; _i_sah++) \ 366 PSLIST_WRITER_FOREACH((sah), &key_sad.sahlists[_i_sah], \ 367 struct secashead, pslist_entry) 368 #define SAHLIST_WRITER_INSERT_HEAD(sah) \ 369 PSLIST_WRITER_INSERT_HEAD( \ 370 &key_sad.sahlists[key_saidxhash(&(sah)->saidx, \ 371 key_sad.sahlistmask)], \ 372 (sah), pslist_entry) 373 374 /* Macros for key_sad.sahlist#savlist */ 375 #define SAVLIST_ENTRY_INIT(sav) \ 376 PSLIST_ENTRY_INIT((sav), pslist_entry) 377 #define SAVLIST_ENTRY_DESTROY(sav) \ 378 PSLIST_ENTRY_DESTROY((sav), pslist_entry) 379 #define SAVLIST_READER_FIRST(sah, state) \ 380 PSLIST_READER_FIRST(&(sah)->savlist[(state)], struct secasvar, \ 381 pslist_entry) 382 #define SAVLIST_WRITER_REMOVE(sav) \ 383 PSLIST_WRITER_REMOVE((sav), pslist_entry) 384 #define SAVLIST_READER_FOREACH(sav, sah, state) \ 385 PSLIST_READER_FOREACH((sav), &(sah)->savlist[(state)], \ 386 struct secasvar, pslist_entry) 387 #define SAVLIST_WRITER_FOREACH(sav, sah, state) \ 388 PSLIST_WRITER_FOREACH((sav), &(sah)->savlist[(state)], \ 389 struct secasvar, pslist_entry) 390 #define SAVLIST_WRITER_INSERT_BEFORE(sav, new) \ 391 PSLIST_WRITER_INSERT_BEFORE((sav), (new), pslist_entry) 392 #define SAVLIST_WRITER_INSERT_AFTER(sav, new) \ 393 PSLIST_WRITER_INSERT_AFTER((sav), (new), pslist_entry) 394 #define SAVLIST_WRITER_EMPTY(sah, state) \ 395 (PSLIST_WRITER_FIRST(&(sah)->savlist[(state)], struct secasvar, \ 396 pslist_entry) == NULL) 397 #define SAVLIST_WRITER_INSERT_HEAD(sah, state, sav) \ 398 PSLIST_WRITER_INSERT_HEAD(&(sah)->savlist[(state)], (sav), \ 399 pslist_entry) 400 #define SAVLIST_WRITER_NEXT(sav) \ 401 PSLIST_WRITER_NEXT((sav), struct secasvar, pslist_entry) 402 #define SAVLIST_WRITER_INSERT_TAIL(sah, state, new) \ 403 do { \ 404 if (SAVLIST_WRITER_EMPTY((sah), (state))) { \ 405 SAVLIST_WRITER_INSERT_HEAD((sah), (state), (new));\ 406 } else { \ 407 struct secasvar *__sav; \ 408 SAVLIST_WRITER_FOREACH(__sav, (sah), (state)) { \ 409 if (SAVLIST_WRITER_NEXT(__sav) == NULL) {\ 410 SAVLIST_WRITER_INSERT_AFTER(__sav,\ 411 (new)); \ 412 break; \ 413 } \ 414 } \ 415 } \ 416 } while (0) 417 #define SAVLIST_READER_NEXT(sav) \ 418 PSLIST_READER_NEXT((sav), struct secasvar, pslist_entry) 419 420 /* Macros for key_sad.savlut */ 421 #define SAVLUT_ENTRY_INIT(sav) \ 422 PSLIST_ENTRY_INIT((sav), pslist_entry_savlut) 423 #define SAVLUT_READER_FOREACH(sav, dst, proto, hash_key) \ 424 PSLIST_READER_FOREACH((sav), \ 425 &key_sad.savlut[key_savluthash(dst, proto, hash_key, \ 426 key_sad.savlutmask)], \ 427 struct secasvar, pslist_entry_savlut) 428 #define SAVLUT_WRITER_INSERT_HEAD(sav) \ 429 key_savlut_writer_insert_head((sav)) 430 #define SAVLUT_WRITER_REMOVE(sav) \ 431 do { \ 432 if (!(sav)->savlut_added) \ 433 break; \ 434 PSLIST_WRITER_REMOVE((sav), pslist_entry_savlut); \ 435 (sav)->savlut_added = false; \ 436 } while(0) 437 438 /* search order for SAs */ 439 /* 440 * This order is important because we must select the oldest SA 441 * for outbound processing. For inbound, This is not important. 442 */ 443 static const u_int saorder_state_valid_prefer_old[] = { 444 SADB_SASTATE_DYING, SADB_SASTATE_MATURE, 445 }; 446 static const u_int saorder_state_valid_prefer_new[] = { 447 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, 448 }; 449 450 static const u_int saorder_state_alive[] = { 451 /* except DEAD */ 452 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL 453 }; 454 static const u_int saorder_state_any[] = { 455 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, 456 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD 457 }; 458 459 #define SASTATE_ALIVE_FOREACH(s) \ 460 for (int _i = 0; \ 461 _i < __arraycount(saorder_state_alive) ? \ 462 (s) = saorder_state_alive[_i], true : false; \ 463 _i++) 464 #define SASTATE_ANY_FOREACH(s) \ 465 for (int _i = 0; \ 466 _i < __arraycount(saorder_state_any) ? \ 467 (s) = saorder_state_any[_i], true : false; \ 468 _i++) 469 #define SASTATE_USABLE_FOREACH(s) \ 470 for (int _i = 0; \ 471 _i < __arraycount(saorder_state_valid_prefer_new) ? \ 472 (s) = saorder_state_valid_prefer_new[_i], \ 473 true : false; \ 474 _i++) 475 476 static const int minsize[] = { 477 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 478 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 479 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 480 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 481 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 482 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */ 483 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */ 484 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */ 485 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */ 486 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */ 487 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */ 488 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */ 489 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */ 490 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */ 491 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */ 492 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */ 493 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 494 0, /* SADB_X_EXT_KMPRIVATE */ 495 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */ 496 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 497 sizeof(struct sadb_x_nat_t_type), /* SADB_X_EXT_NAT_T_TYPE */ 498 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_SPORT */ 499 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_DPORT */ 500 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */ 501 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */ 502 sizeof(struct sadb_x_nat_t_frag), /* SADB_X_EXT_NAT_T_FRAG */ 503 }; 504 static const int maxsize[] = { 505 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 506 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 507 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 508 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 509 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 510 0, /* SADB_EXT_ADDRESS_SRC */ 511 0, /* SADB_EXT_ADDRESS_DST */ 512 0, /* SADB_EXT_ADDRESS_PROXY */ 513 0, /* SADB_EXT_KEY_AUTH */ 514 0, /* SADB_EXT_KEY_ENCRYPT */ 515 0, /* SADB_EXT_IDENTITY_SRC */ 516 0, /* SADB_EXT_IDENTITY_DST */ 517 0, /* SADB_EXT_SENSITIVITY */ 518 0, /* SADB_EXT_PROPOSAL */ 519 0, /* SADB_EXT_SUPPORTED_AUTH */ 520 0, /* SADB_EXT_SUPPORTED_ENCRYPT */ 521 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 522 0, /* SADB_X_EXT_KMPRIVATE */ 523 0, /* SADB_X_EXT_POLICY */ 524 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 525 sizeof(struct sadb_x_nat_t_type), /* SADB_X_EXT_NAT_T_TYPE */ 526 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_SPORT */ 527 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_DPORT */ 528 0, /* SADB_X_EXT_NAT_T_OAI */ 529 0, /* SADB_X_EXT_NAT_T_OAR */ 530 sizeof(struct sadb_x_nat_t_frag), /* SADB_X_EXT_NAT_T_FRAG */ 531 }; 532 533 static int ipsec_esp_keymin = 256; 534 static int ipsec_esp_auth = 0; 535 static int ipsec_ah_keymin = 128; 536 537 #ifdef SYSCTL_DECL 538 SYSCTL_DECL(_net_key); 539 #endif 540 541 #ifdef SYSCTL_INT 542 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \ 543 &key_debug_level, 0, ""); 544 545 /* max count of trial for the decision of spi value */ 546 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \ 547 &key_spi_trycnt, 0, ""); 548 549 /* minimum spi value to allocate automatically. */ 550 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \ 551 &key_spi_minval, 0, ""); 552 553 /* maximun spi value to allocate automatically. */ 554 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \ 555 &key_spi_maxval, 0, ""); 556 557 /* interval to initialize randseed */ 558 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \ 559 &key_int_random, 0, ""); 560 561 /* lifetime for larval SA */ 562 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \ 563 &key_larval_lifetime, 0, ""); 564 565 /* counter for blocking to send SADB_ACQUIRE to IKEd */ 566 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \ 567 &key_blockacq_count, 0, ""); 568 569 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 570 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \ 571 &key_blockacq_lifetime, 0, ""); 572 573 /* ESP auth */ 574 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \ 575 &ipsec_esp_auth, 0, ""); 576 577 /* minimum ESP key length */ 578 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \ 579 &ipsec_esp_keymin, 0, ""); 580 581 /* minimum AH key length */ 582 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \ 583 &ipsec_ah_keymin, 0, ""); 584 585 /* perfered old SA rather than new SA */ 586 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW,\ 587 &key_prefered_oldsa, 0, ""); 588 #endif /* SYSCTL_INT */ 589 590 #define __LIST_CHAINED(elm) \ 591 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 592 #define LIST_INSERT_TAIL(head, elm, type, field) \ 593 do {\ 594 struct type *curelm = LIST_FIRST(head); \ 595 if (curelm == NULL) {\ 596 LIST_INSERT_HEAD(head, elm, field); \ 597 } else { \ 598 while (LIST_NEXT(curelm, field)) \ 599 curelm = LIST_NEXT(curelm, field);\ 600 LIST_INSERT_AFTER(curelm, elm, field);\ 601 }\ 602 } while (0) 603 604 #define KEY_CHKSASTATE(head, sav) \ 605 /* do */ { \ 606 if ((head) != (sav)) { \ 607 IPSECLOG(LOG_DEBUG, \ 608 "state mismatched (TREE=%d SA=%d)\n", \ 609 (head), (sav)); \ 610 continue; \ 611 } \ 612 } /* while (0) */ 613 614 #define KEY_CHKSPDIR(head, sp) \ 615 do { \ 616 if ((head) != (sp)) { \ 617 IPSECLOG(LOG_DEBUG, \ 618 "direction mismatched (TREE=%d SP=%d), anyway continue.\n",\ 619 (head), (sp)); \ 620 } \ 621 } while (0) 622 623 /* 624 * set parameters into secasindex buffer. 625 * Must allocate secasindex buffer before calling this function. 626 */ 627 static int 628 key_setsecasidx(int, int, int, const struct sockaddr *, 629 const struct sockaddr *, struct secasindex *); 630 631 /* key statistics */ 632 struct _keystat { 633 u_long getspi_count; /* the avarage of count to try to get new SPI */ 634 } keystat; 635 636 static void 637 key_init_spidx_bymsghdr(struct secpolicyindex *, const struct sadb_msghdr *); 638 639 static const struct sockaddr * 640 key_msghdr_get_sockaddr(const struct sadb_msghdr *mhp, int idx) 641 { 642 643 return PFKEY_ADDR_SADDR(mhp->ext[idx]); 644 } 645 646 static void 647 key_fill_replymsg(struct mbuf *m, int seq) 648 { 649 struct sadb_msg *msg; 650 651 KASSERT(m->m_len >= sizeof(*msg)); 652 653 msg = mtod(m, struct sadb_msg *); 654 msg->sadb_msg_errno = 0; 655 msg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 656 if (seq != 0) 657 msg->sadb_msg_seq = seq; 658 } 659 660 #if 0 661 static void key_freeso(struct socket *); 662 static void key_freesp_so(struct secpolicy **); 663 #endif 664 static struct secpolicy *key_getsp (const struct secpolicyindex *); 665 static struct secpolicy *key_getspbyid (u_int32_t); 666 static struct secpolicy *key_lookup_and_remove_sp(const struct secpolicyindex *, bool); 667 static struct secpolicy *key_lookupbyid_and_remove_sp(u_int32_t, bool); 668 static void key_destroy_sp(struct secpolicy *); 669 static struct mbuf *key_gather_mbuf (struct mbuf *, 670 const struct sadb_msghdr *, int, int, ...); 671 static int key_api_spdadd(struct socket *, struct mbuf *, 672 const struct sadb_msghdr *); 673 static u_int32_t key_getnewspid (void); 674 static int key_api_spddelete(struct socket *, struct mbuf *, 675 const struct sadb_msghdr *); 676 static int key_api_spddelete2(struct socket *, struct mbuf *, 677 const struct sadb_msghdr *); 678 static int key_api_spdget(struct socket *, struct mbuf *, 679 const struct sadb_msghdr *); 680 static int key_api_spdflush(struct socket *, struct mbuf *, 681 const struct sadb_msghdr *); 682 static int key_api_spddump(struct socket *, struct mbuf *, 683 const struct sadb_msghdr *); 684 static struct mbuf * key_setspddump (int *errorp, pid_t); 685 static struct mbuf * key_setspddump_chain (int *errorp, int *lenp, pid_t pid); 686 static int key_api_nat_map(struct socket *, struct mbuf *, 687 const struct sadb_msghdr *); 688 static struct mbuf *key_setdumpsp (struct secpolicy *, 689 u_int8_t, u_int32_t, pid_t); 690 static u_int key_getspreqmsglen (const struct secpolicy *); 691 static int key_spdexpire (struct secpolicy *); 692 static struct secashead *key_newsah (const struct secasindex *); 693 static void key_unlink_sah(struct secashead *); 694 static void key_destroy_sah(struct secashead *); 695 static bool key_sah_has_sav(struct secashead *); 696 static void key_sah_ref(struct secashead *); 697 static void key_sah_unref(struct secashead *); 698 static void key_init_sav(struct secasvar *); 699 static void key_wait_sav(struct secasvar *); 700 static void key_destroy_sav(struct secasvar *); 701 static struct secasvar *key_newsav(struct mbuf *, 702 const struct sadb_msghdr *, int *, const char*, int); 703 #define KEY_NEWSAV(m, sadb, e) \ 704 key_newsav(m, sadb, e, __func__, __LINE__) 705 static void key_delsav (struct secasvar *); 706 static struct secashead *key_getsah(const struct secasindex *, int); 707 static struct secashead *key_getsah_ref(const struct secasindex *, int); 708 static bool key_checkspidup(const struct secasindex *, u_int32_t); 709 static struct secasvar *key_getsavbyspi (struct secashead *, u_int32_t); 710 static int key_setsaval (struct secasvar *, struct mbuf *, 711 const struct sadb_msghdr *); 712 static void key_freesaval(struct secasvar *); 713 static int key_init_xform(struct secasvar *); 714 static void key_clear_xform(struct secasvar *); 715 static struct mbuf *key_setdumpsa (struct secasvar *, u_int8_t, 716 u_int8_t, u_int32_t, u_int32_t); 717 static struct mbuf *key_setsadbxport (u_int16_t, u_int16_t); 718 static struct mbuf *key_setsadbxtype (u_int16_t); 719 static struct mbuf *key_setsadbxfrag (u_int16_t); 720 static void key_porttosaddr (union sockaddr_union *, u_int16_t); 721 static int key_checksalen (const union sockaddr_union *); 722 static struct mbuf *key_setsadbmsg (u_int8_t, u_int16_t, u_int8_t, 723 u_int32_t, pid_t, u_int16_t, int); 724 static struct mbuf *key_setsadbsa (struct secasvar *); 725 static struct mbuf *key_setsadbaddr(u_int16_t, 726 const struct sockaddr *, u_int8_t, u_int16_t, int); 727 #if 0 728 static struct mbuf *key_setsadbident (u_int16_t, u_int16_t, void *, 729 int, u_int64_t); 730 #endif 731 static struct mbuf *key_setsadbxsa2 (u_int8_t, u_int32_t, u_int16_t); 732 static struct mbuf *key_setsadbxpolicy (u_int16_t, u_int8_t, 733 u_int32_t, int); 734 static void *key_newbuf (const void *, u_int); 735 #ifdef INET6 736 static int key_ismyaddr6 (const struct sockaddr_in6 *); 737 #endif 738 739 static void sysctl_net_keyv2_setup(struct sysctllog **); 740 static void sysctl_net_key_compat_setup(struct sysctllog **); 741 742 /* flags for key_saidx_match() */ 743 #define CMP_HEAD 1 /* protocol, addresses. */ 744 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 745 #define CMP_REQID 3 /* additionally HEAD, reaid. */ 746 #define CMP_EXACTLY 4 /* all elements. */ 747 static int key_saidx_match(const struct secasindex *, 748 const struct secasindex *, int); 749 750 static int key_sockaddr_match(const struct sockaddr *, 751 const struct sockaddr *, int); 752 static int key_bb_match_withmask(const void *, const void *, u_int); 753 static u_int16_t key_satype2proto (u_int8_t); 754 static u_int8_t key_proto2satype (u_int16_t); 755 756 static int key_spidx_match_exactly(const struct secpolicyindex *, 757 const struct secpolicyindex *); 758 static int key_spidx_match_withmask(const struct secpolicyindex *, 759 const struct secpolicyindex *); 760 761 static int key_api_getspi(struct socket *, struct mbuf *, 762 const struct sadb_msghdr *); 763 static u_int32_t key_do_getnewspi (const struct sadb_spirange *, 764 const struct secasindex *); 765 static int key_handle_natt_info (struct secasvar *, 766 const struct sadb_msghdr *); 767 static int key_set_natt_ports (union sockaddr_union *, 768 union sockaddr_union *, 769 const struct sadb_msghdr *); 770 static int key_api_update(struct socket *, struct mbuf *, 771 const struct sadb_msghdr *); 772 #ifdef IPSEC_DOSEQCHECK 773 static struct secasvar *key_getsavbyseq (struct secashead *, u_int32_t); 774 #endif 775 static int key_api_add(struct socket *, struct mbuf *, 776 const struct sadb_msghdr *); 777 static int key_setident (struct secashead *, struct mbuf *, 778 const struct sadb_msghdr *); 779 static struct mbuf *key_getmsgbuf_x1 (struct mbuf *, 780 const struct sadb_msghdr *); 781 static int key_api_delete(struct socket *, struct mbuf *, 782 const struct sadb_msghdr *); 783 static int key_api_get(struct socket *, struct mbuf *, 784 const struct sadb_msghdr *); 785 786 static void key_getcomb_setlifetime (struct sadb_comb *); 787 static struct mbuf *key_getcomb_esp(int); 788 static struct mbuf *key_getcomb_ah(int); 789 static struct mbuf *key_getcomb_ipcomp(int); 790 static struct mbuf *key_getprop(const struct secasindex *, int); 791 792 static int key_acquire(const struct secasindex *, const struct secpolicy *, 793 int); 794 static int key_acquire_sendup_mbuf_later(struct mbuf *); 795 static void key_acquire_sendup_pending_mbuf(void); 796 #ifndef IPSEC_NONBLOCK_ACQUIRE 797 static struct secacq *key_newacq (const struct secasindex *); 798 static struct secacq *key_getacq (const struct secasindex *); 799 static struct secacq *key_getacqbyseq (u_int32_t); 800 #endif 801 #ifdef notyet 802 static struct secspacq *key_newspacq (const struct secpolicyindex *); 803 static struct secspacq *key_getspacq (const struct secpolicyindex *); 804 #endif 805 static int key_api_acquire(struct socket *, struct mbuf *, 806 const struct sadb_msghdr *); 807 static int key_api_register(struct socket *, struct mbuf *, 808 const struct sadb_msghdr *); 809 static int key_expire (struct secasvar *); 810 static int key_api_flush(struct socket *, struct mbuf *, 811 const struct sadb_msghdr *); 812 static struct mbuf *key_setdump_chain (u_int8_t req_satype, int *errorp, 813 int *lenp, pid_t pid); 814 static int key_api_dump(struct socket *, struct mbuf *, 815 const struct sadb_msghdr *); 816 static int key_api_promisc(struct socket *, struct mbuf *, 817 const struct sadb_msghdr *); 818 static int key_senderror (struct socket *, struct mbuf *, int); 819 static int key_validate_ext (const struct sadb_ext *, int); 820 static int key_align (struct mbuf *, struct sadb_msghdr *); 821 #if 0 822 static const char *key_getfqdn (void); 823 static const char *key_getuserfqdn (void); 824 #endif 825 static void key_sa_chgstate (struct secasvar *, u_int8_t); 826 827 static struct mbuf *key_alloc_mbuf(int, int); 828 static struct mbuf *key_alloc_mbuf_simple(int, int); 829 830 static void key_timehandler(void *); 831 static void key_timehandler_work(struct work *, void *); 832 static struct callout key_timehandler_ch; 833 static struct workqueue *key_timehandler_wq; 834 static struct work key_timehandler_wk; 835 836 static inline void 837 key_savlut_writer_insert_head(struct secasvar *sav); 838 static inline uint32_t 839 key_saidxhash(const struct secasindex *, u_long); 840 static inline uint32_t 841 key_savluthash(const struct sockaddr *, 842 uint32_t, uint32_t, u_long); 843 844 /* 845 * Utilities for percpu counters for sadb_lifetime_allocations and 846 * sadb_lifetime_bytes. 847 */ 848 #define LIFETIME_COUNTER_ALLOCATIONS 0 849 #define LIFETIME_COUNTER_BYTES 1 850 #define LIFETIME_COUNTER_SIZE 2 851 852 typedef uint64_t lifetime_counters_t[LIFETIME_COUNTER_SIZE]; 853 854 static void 855 key_sum_lifetime_counters(void *p, void *arg, struct cpu_info *ci __unused) 856 { 857 lifetime_counters_t *one = p; 858 lifetime_counters_t *sum = arg; 859 860 (*sum)[LIFETIME_COUNTER_ALLOCATIONS] += (*one)[LIFETIME_COUNTER_ALLOCATIONS]; 861 (*sum)[LIFETIME_COUNTER_BYTES] += (*one)[LIFETIME_COUNTER_BYTES]; 862 } 863 864 u_int 865 key_sp_refcnt(const struct secpolicy *sp) 866 { 867 868 /* FIXME */ 869 return 0; 870 } 871 872 static void 873 key_spd_pserialize_perform(void) 874 { 875 876 KASSERT(mutex_owned(&key_spd.lock)); 877 878 while (key_spd.psz_performing) 879 cv_wait(&key_spd.cv_psz, &key_spd.lock); 880 key_spd.psz_performing = true; 881 mutex_exit(&key_spd.lock); 882 883 pserialize_perform(key_spd.psz); 884 885 mutex_enter(&key_spd.lock); 886 key_spd.psz_performing = false; 887 cv_broadcast(&key_spd.cv_psz); 888 } 889 890 /* 891 * Remove the sp from the key_spd.splist and wait for references to the sp 892 * to be released. key_spd.lock must be held. 893 */ 894 static void 895 key_unlink_sp(struct secpolicy *sp) 896 { 897 898 KASSERT(mutex_owned(&key_spd.lock)); 899 900 sp->state = IPSEC_SPSTATE_DEAD; 901 SPLIST_WRITER_REMOVE(sp); 902 903 /* Invalidate all cached SPD pointers in the PCBs. */ 904 ipsec_invalpcbcacheall(); 905 906 KDASSERT(mutex_ownable(softnet_lock)); 907 key_spd_pserialize_perform(); 908 909 localcount_drain(&sp->localcount, &key_spd.cv_lc, &key_spd.lock); 910 } 911 912 /* 913 * Return 0 when there are known to be no SP's for the specified 914 * direction. Otherwise return 1. This is used by IPsec code 915 * to optimize performance. 916 */ 917 int 918 key_havesp(u_int dir) 919 { 920 return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? 921 !SPLIST_READER_EMPTY(dir) : 1); 922 } 923 924 /* %%% IPsec policy management */ 925 /* 926 * allocating a SP for OUTBOUND or INBOUND packet. 927 * Must call key_freesp() later. 928 * OUT: NULL: not found 929 * others: found and return the pointer. 930 */ 931 struct secpolicy * 932 key_lookup_sp_byspidx(const struct secpolicyindex *spidx, 933 u_int dir, const char* where, int tag) 934 { 935 struct secpolicy *sp; 936 int s; 937 938 KASSERT(spidx != NULL); 939 KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir); 940 941 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag); 942 943 /* get a SP entry */ 944 if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) { 945 kdebug_secpolicyindex("objects", spidx); 946 } 947 948 s = pserialize_read_enter(); 949 SPLIST_READER_FOREACH(sp, dir) { 950 if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) { 951 kdebug_secpolicyindex("in SPD", &sp->spidx); 952 } 953 954 if (sp->state == IPSEC_SPSTATE_DEAD) 955 continue; 956 if (key_spidx_match_withmask(&sp->spidx, spidx)) 957 goto found; 958 } 959 sp = NULL; 960 found: 961 if (sp) { 962 /* sanity check */ 963 KEY_CHKSPDIR(sp->spidx.dir, dir); 964 965 /* found a SPD entry */ 966 sp->lastused = time_uptime; 967 key_sp_ref(sp, where, tag); 968 } 969 pserialize_read_exit(s); 970 971 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 972 "DP return SP:%p (ID=%u) refcnt %u\n", 973 sp, sp ? sp->id : 0, key_sp_refcnt(sp)); 974 return sp; 975 } 976 977 /* 978 * return a policy that matches this particular inbound packet. 979 * XXX slow 980 */ 981 struct secpolicy * 982 key_gettunnel(const struct sockaddr *osrc, 983 const struct sockaddr *odst, 984 const struct sockaddr *isrc, 985 const struct sockaddr *idst, 986 const char* where, int tag) 987 { 988 struct secpolicy *sp; 989 const int dir = IPSEC_DIR_INBOUND; 990 int s; 991 struct ipsecrequest *r1, *r2, *p; 992 struct secpolicyindex spidx; 993 994 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag); 995 996 if (isrc->sa_family != idst->sa_family) { 997 IPSECLOG(LOG_ERR, 998 "address family mismatched src %u, dst %u.\n", 999 isrc->sa_family, idst->sa_family); 1000 sp = NULL; 1001 goto done; 1002 } 1003 1004 s = pserialize_read_enter(); 1005 SPLIST_READER_FOREACH(sp, dir) { 1006 if (sp->state == IPSEC_SPSTATE_DEAD) 1007 continue; 1008 1009 r1 = r2 = NULL; 1010 for (p = sp->req; p; p = p->next) { 1011 if (p->saidx.mode != IPSEC_MODE_TUNNEL) 1012 continue; 1013 1014 r1 = r2; 1015 r2 = p; 1016 1017 if (!r1) { 1018 /* here we look at address matches only */ 1019 spidx = sp->spidx; 1020 if (isrc->sa_len > sizeof(spidx.src) || 1021 idst->sa_len > sizeof(spidx.dst)) 1022 continue; 1023 memcpy(&spidx.src, isrc, isrc->sa_len); 1024 memcpy(&spidx.dst, idst, idst->sa_len); 1025 if (!key_spidx_match_withmask(&sp->spidx, &spidx)) 1026 continue; 1027 } else { 1028 if (!key_sockaddr_match(&r1->saidx.src.sa, isrc, PORT_NONE) || 1029 !key_sockaddr_match(&r1->saidx.dst.sa, idst, PORT_NONE)) 1030 continue; 1031 } 1032 1033 if (!key_sockaddr_match(&r2->saidx.src.sa, osrc, PORT_NONE) || 1034 !key_sockaddr_match(&r2->saidx.dst.sa, odst, PORT_NONE)) 1035 continue; 1036 1037 goto found; 1038 } 1039 } 1040 sp = NULL; 1041 found: 1042 if (sp) { 1043 sp->lastused = time_uptime; 1044 key_sp_ref(sp, where, tag); 1045 } 1046 pserialize_read_exit(s); 1047 done: 1048 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1049 "DP return SP:%p (ID=%u) refcnt %u\n", 1050 sp, sp ? sp->id : 0, key_sp_refcnt(sp)); 1051 return sp; 1052 } 1053 1054 /* 1055 * allocating an SA entry for an *OUTBOUND* packet. 1056 * checking each request entries in SP, and acquire an SA if need. 1057 * OUT: 0: there are valid requests. 1058 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring. 1059 */ 1060 int 1061 key_checkrequest(const struct ipsecrequest *isr, const struct secasindex *saidx, 1062 struct secasvar **ret) 1063 { 1064 u_int level; 1065 int error; 1066 struct secasvar *sav; 1067 1068 KASSERT(isr != NULL); 1069 KASSERTMSG(saidx->mode == IPSEC_MODE_TRANSPORT || 1070 saidx->mode == IPSEC_MODE_TUNNEL, 1071 "unexpected policy %u", saidx->mode); 1072 1073 /* get current level */ 1074 level = ipsec_get_reqlevel(isr); 1075 1076 /* 1077 * XXX guard against protocol callbacks from the crypto 1078 * thread as they reference ipsecrequest.sav which we 1079 * temporarily null out below. Need to rethink how we 1080 * handle bundled SA's in the callback thread. 1081 */ 1082 1083 sav = key_lookup_sa_bysaidx(saidx); 1084 if (sav != NULL) { 1085 *ret = sav; 1086 return 0; 1087 } 1088 1089 /* there is no SA */ 1090 error = key_acquire(saidx, isr->sp, M_NOWAIT); 1091 if (error != 0) { 1092 /* XXX What should I do ? */ 1093 IPSECLOG(LOG_DEBUG, "error %d returned from key_acquire.\n", 1094 error); 1095 return error; 1096 } 1097 1098 if (level != IPSEC_LEVEL_REQUIRE) { 1099 /* XXX sigh, the interface to this routine is botched */ 1100 *ret = NULL; 1101 return 0; 1102 } else { 1103 return ENOENT; 1104 } 1105 } 1106 1107 /* 1108 * looking up a SA for policy entry from SAD. 1109 * NOTE: searching SAD of aliving state. 1110 * OUT: NULL: not found. 1111 * others: found and return the pointer. 1112 */ 1113 struct secasvar * 1114 key_lookup_sa_bysaidx(const struct secasindex *saidx) 1115 { 1116 struct secashead *sah; 1117 struct secasvar *sav = NULL; 1118 u_int stateidx, state; 1119 const u_int *saorder_state_valid; 1120 int arraysize; 1121 int s; 1122 1123 s = pserialize_read_enter(); 1124 sah = key_getsah(saidx, CMP_MODE_REQID); 1125 if (sah == NULL) 1126 goto out; 1127 1128 /* 1129 * search a valid state list for outbound packet. 1130 * This search order is important. 1131 */ 1132 if (key_prefered_oldsa) { 1133 saorder_state_valid = saorder_state_valid_prefer_old; 1134 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old); 1135 } else { 1136 saorder_state_valid = saorder_state_valid_prefer_new; 1137 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new); 1138 } 1139 1140 /* search valid state */ 1141 for (stateidx = 0; 1142 stateidx < arraysize; 1143 stateidx++) { 1144 1145 state = saorder_state_valid[stateidx]; 1146 1147 if (key_prefered_oldsa) 1148 sav = SAVLIST_READER_FIRST(sah, state); 1149 else { 1150 /* XXX need O(1) lookup */ 1151 struct secasvar *last = NULL; 1152 1153 SAVLIST_READER_FOREACH(sav, sah, state) 1154 last = sav; 1155 sav = last; 1156 } 1157 if (sav != NULL) { 1158 KEY_SA_REF(sav); 1159 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1160 "DP cause refcnt++:%d SA:%p\n", 1161 key_sa_refcnt(sav), sav); 1162 break; 1163 } 1164 } 1165 out: 1166 pserialize_read_exit(s); 1167 1168 return sav; 1169 } 1170 1171 #if 0 1172 static void 1173 key_sendup_message_delete(struct secasvar *sav) 1174 { 1175 struct mbuf *m, *result = 0; 1176 uint8_t satype; 1177 1178 satype = key_proto2satype(sav->sah->saidx.proto); 1179 if (satype == 0) 1180 goto msgfail; 1181 1182 m = key_setsadbmsg(SADB_DELETE, 0, satype, 0, 0, key_sa_refcnt(sav) - 1); 1183 if (m == NULL) 1184 goto msgfail; 1185 result = m; 1186 1187 /* set sadb_address for saidx's. */ 1188 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &sav->sah->saidx.src.sa, 1189 _BITS(sav->sah->saidx.src.sa.sa_len), IPSEC_ULPROTO_ANY); 1190 if (m == NULL) 1191 goto msgfail; 1192 m_cat(result, m); 1193 1194 /* set sadb_address for saidx's. */ 1195 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &sav->sah->saidx.src.sa, 1196 _BITS(sav->sah->saidx.src.sa.sa_len), IPSEC_ULPROTO_ANY); 1197 if (m == NULL) 1198 goto msgfail; 1199 m_cat(result, m); 1200 1201 /* create SA extension */ 1202 m = key_setsadbsa(sav); 1203 if (m == NULL) 1204 goto msgfail; 1205 m_cat(result, m); 1206 1207 if (result->m_len < sizeof(struct sadb_msg)) { 1208 result = m_pullup(result, sizeof(struct sadb_msg)); 1209 if (result == NULL) 1210 goto msgfail; 1211 } 1212 1213 result->m_pkthdr.len = 0; 1214 for (m = result; m; m = m->m_next) 1215 result->m_pkthdr.len += m->m_len; 1216 mtod(result, struct sadb_msg *)->sadb_msg_len = 1217 PFKEY_UNIT64(result->m_pkthdr.len); 1218 1219 key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 1220 result = NULL; 1221 msgfail: 1222 if (result) 1223 m_freem(result); 1224 } 1225 #endif 1226 1227 /* 1228 * allocating a usable SA entry for a *INBOUND* packet. 1229 * Must call key_freesav() later. 1230 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 1231 * NULL: not found, or error occurred. 1232 * 1233 * In the comparison, no source address is used--for RFC2401 conformance. 1234 * To quote, from section 4.1: 1235 * A security association is uniquely identified by a triple consisting 1236 * of a Security Parameter Index (SPI), an IP Destination Address, and a 1237 * security protocol (AH or ESP) identifier. 1238 * Note that, however, we do need to keep source address in IPsec SA. 1239 * IKE specification and PF_KEY specification do assume that we 1240 * keep source address in IPsec SA. We see a tricky situation here. 1241 * 1242 * sport and dport are used for NAT-T. network order is always used. 1243 */ 1244 struct secasvar * 1245 key_lookup_sa( 1246 const union sockaddr_union *dst, 1247 u_int proto, 1248 u_int32_t spi, 1249 u_int16_t sport, 1250 u_int16_t dport, 1251 const char* where, int tag) 1252 { 1253 struct secasvar *sav; 1254 int chkport; 1255 int s; 1256 1257 int must_check_spi = 1; 1258 int must_check_alg = 0; 1259 u_int16_t cpi = 0; 1260 u_int8_t algo = 0; 1261 uint32_t hash_key = spi; 1262 1263 if ((sport != 0) && (dport != 0)) 1264 chkport = PORT_STRICT; 1265 else 1266 chkport = PORT_NONE; 1267 1268 KASSERT(dst != NULL); 1269 1270 /* 1271 * XXX IPCOMP case 1272 * We use cpi to define spi here. In the case where cpi <= 1273 * IPCOMP_CPI_NEGOTIATE_MIN, cpi just define the algorithm used, not 1274 * the real spi. In this case, don't check the spi but check the 1275 * algorithm 1276 */ 1277 1278 if (proto == IPPROTO_IPCOMP) { 1279 u_int32_t tmp; 1280 tmp = ntohl(spi); 1281 cpi = (u_int16_t) tmp; 1282 if (cpi < IPCOMP_CPI_NEGOTIATE_MIN) { 1283 algo = (u_int8_t) cpi; 1284 hash_key = algo; 1285 must_check_spi = 0; 1286 must_check_alg = 1; 1287 } 1288 } 1289 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1290 "DP from %s:%u check_spi=%d, check_alg=%d\n", 1291 where, tag, must_check_spi, must_check_alg); 1292 1293 1294 /* 1295 * searching SAD. 1296 * XXX: to be checked internal IP header somewhere. Also when 1297 * IPsec tunnel packet is received. But ESP tunnel mode is 1298 * encrypted so we can't check internal IP header. 1299 */ 1300 s = pserialize_read_enter(); 1301 SAVLUT_READER_FOREACH(sav, &dst->sa, proto, hash_key) { 1302 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 1303 "try match spi %#x, %#x\n", 1304 ntohl(spi), ntohl(sav->spi)); 1305 1306 /* do not return entries w/ unusable state */ 1307 if (!SADB_SASTATE_USABLE_P(sav)) { 1308 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 1309 "bad state %d\n", sav->state); 1310 continue; 1311 } 1312 if (proto != sav->sah->saidx.proto) { 1313 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 1314 "proto fail %d != %d\n", 1315 proto, sav->sah->saidx.proto); 1316 continue; 1317 } 1318 if (must_check_spi && spi != sav->spi) { 1319 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 1320 "spi fail %#x != %#x\n", 1321 ntohl(spi), ntohl(sav->spi)); 1322 continue; 1323 } 1324 /* XXX only on the ipcomp case */ 1325 if (must_check_alg && algo != sav->alg_comp) { 1326 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 1327 "algo fail %d != %d\n", 1328 algo, sav->alg_comp); 1329 continue; 1330 } 1331 1332 #if 0 /* don't check src */ 1333 /* Fix port in src->sa */ 1334 1335 /* check src address */ 1336 if (!key_sockaddr_match(&src->sa, &sav->sah->saidx.src.sa, PORT_NONE)) 1337 continue; 1338 #endif 1339 /* fix port of dst address XXX*/ 1340 key_porttosaddr(__UNCONST(dst), dport); 1341 /* check dst address */ 1342 if (!key_sockaddr_match(&dst->sa, &sav->sah->saidx.dst.sa, chkport)) 1343 continue; 1344 key_sa_ref(sav, where, tag); 1345 goto done; 1346 } 1347 sav = NULL; 1348 done: 1349 pserialize_read_exit(s); 1350 1351 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1352 "DP return SA:%p; refcnt %u\n", sav, key_sa_refcnt(sav)); 1353 return sav; 1354 } 1355 1356 static void 1357 key_validate_savlist(const struct secashead *sah, const u_int state) 1358 { 1359 #ifdef DEBUG 1360 struct secasvar *sav, *next; 1361 int s; 1362 1363 /* 1364 * The list should be sorted by lft_c->sadb_lifetime_addtime 1365 * in ascending order. 1366 */ 1367 s = pserialize_read_enter(); 1368 SAVLIST_READER_FOREACH(sav, sah, state) { 1369 next = SAVLIST_READER_NEXT(sav); 1370 if (next != NULL && 1371 sav->lft_c != NULL && next->lft_c != NULL) { 1372 KDASSERTMSG(sav->lft_c->sadb_lifetime_addtime <= 1373 next->lft_c->sadb_lifetime_addtime, 1374 "savlist is not sorted: sah=%p, state=%d, " 1375 "sav=%" PRIu64 ", next=%" PRIu64, sah, state, 1376 sav->lft_c->sadb_lifetime_addtime, 1377 next->lft_c->sadb_lifetime_addtime); 1378 } 1379 } 1380 pserialize_read_exit(s); 1381 #endif 1382 } 1383 1384 void 1385 key_init_sp(struct secpolicy *sp) 1386 { 1387 1388 ASSERT_SLEEPABLE(); 1389 1390 sp->state = IPSEC_SPSTATE_ALIVE; 1391 if (sp->policy == IPSEC_POLICY_IPSEC) 1392 KASSERT(sp->req != NULL); 1393 localcount_init(&sp->localcount); 1394 SPLIST_ENTRY_INIT(sp); 1395 } 1396 1397 /* 1398 * Must be called in a pserialize read section. A held SP 1399 * must be released by key_sp_unref after use. 1400 */ 1401 void 1402 key_sp_ref(struct secpolicy *sp, const char* where, int tag) 1403 { 1404 1405 localcount_acquire(&sp->localcount); 1406 1407 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1408 "DP SP:%p (ID=%u) from %s:%u; refcnt++ now %u\n", 1409 sp, sp->id, where, tag, key_sp_refcnt(sp)); 1410 } 1411 1412 /* 1413 * Must be called without holding key_spd.lock because the lock 1414 * would be held in localcount_release. 1415 */ 1416 void 1417 key_sp_unref(struct secpolicy *sp, const char* where, int tag) 1418 { 1419 1420 KDASSERT(mutex_ownable(&key_spd.lock)); 1421 1422 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1423 "DP SP:%p (ID=%u) from %s:%u; refcnt-- now %u\n", 1424 sp, sp->id, where, tag, key_sp_refcnt(sp)); 1425 1426 localcount_release(&sp->localcount, &key_spd.cv_lc, &key_spd.lock); 1427 } 1428 1429 static void 1430 key_init_sav(struct secasvar *sav) 1431 { 1432 1433 ASSERT_SLEEPABLE(); 1434 1435 localcount_init(&sav->localcount); 1436 SAVLIST_ENTRY_INIT(sav); 1437 SAVLUT_ENTRY_INIT(sav); 1438 } 1439 1440 u_int 1441 key_sa_refcnt(const struct secasvar *sav) 1442 { 1443 1444 /* FIXME */ 1445 return 0; 1446 } 1447 1448 void 1449 key_sa_ref(struct secasvar *sav, const char* where, int tag) 1450 { 1451 1452 localcount_acquire(&sav->localcount); 1453 1454 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1455 "DP cause refcnt++: SA:%p from %s:%u\n", 1456 sav, where, tag); 1457 } 1458 1459 void 1460 key_sa_unref(struct secasvar *sav, const char* where, int tag) 1461 { 1462 1463 KDASSERT(mutex_ownable(&key_sad.lock)); 1464 1465 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1466 "DP cause refcnt--: SA:%p from %s:%u\n", 1467 sav, where, tag); 1468 1469 localcount_release(&sav->localcount, &key_sad.cv_lc, &key_sad.lock); 1470 } 1471 1472 #if 0 1473 /* 1474 * Must be called after calling key_lookup_sp*(). 1475 * For the packet with socket. 1476 */ 1477 static void 1478 key_freeso(struct socket *so) 1479 { 1480 /* sanity check */ 1481 KASSERT(so != NULL); 1482 1483 switch (so->so_proto->pr_domain->dom_family) { 1484 #ifdef INET 1485 case PF_INET: 1486 { 1487 struct inpcb *pcb = sotoinpcb(so); 1488 1489 /* Does it have a PCB ? */ 1490 if (pcb == NULL) 1491 return; 1492 1493 struct inpcbpolicy *sp = pcb->inp_sp; 1494 key_freesp_so(&sp->sp_in); 1495 key_freesp_so(&sp->sp_out); 1496 } 1497 break; 1498 #endif 1499 #ifdef INET6 1500 case PF_INET6: 1501 { 1502 #ifdef HAVE_NRL_INPCB 1503 struct inpcb *pcb = sotoinpcb(so); 1504 struct inpcbpolicy *sp = pcb->inp_sp; 1505 1506 /* Does it have a PCB ? */ 1507 if (pcb == NULL) 1508 return; 1509 key_freesp_so(&sp->sp_in); 1510 key_freesp_so(&sp->sp_out); 1511 #else 1512 struct in6pcb *pcb = sotoin6pcb(so); 1513 1514 /* Does it have a PCB ? */ 1515 if (pcb == NULL) 1516 return; 1517 key_freesp_so(&pcb->in6p_sp->sp_in); 1518 key_freesp_so(&pcb->in6p_sp->sp_out); 1519 #endif 1520 } 1521 break; 1522 #endif /* INET6 */ 1523 default: 1524 IPSECLOG(LOG_DEBUG, "unknown address family=%d.\n", 1525 so->so_proto->pr_domain->dom_family); 1526 return; 1527 } 1528 } 1529 1530 static void 1531 key_freesp_so(struct secpolicy **sp) 1532 { 1533 1534 KASSERT(sp != NULL); 1535 KASSERT(*sp != NULL); 1536 1537 if ((*sp)->policy == IPSEC_POLICY_ENTRUST || 1538 (*sp)->policy == IPSEC_POLICY_BYPASS) 1539 return; 1540 1541 KASSERTMSG((*sp)->policy == IPSEC_POLICY_IPSEC, 1542 "invalid policy %u", (*sp)->policy); 1543 KEY_SP_UNREF(&sp); 1544 } 1545 #endif 1546 1547 static void 1548 key_sad_pserialize_perform(void) 1549 { 1550 1551 KASSERT(mutex_owned(&key_sad.lock)); 1552 1553 while (key_sad.psz_performing) 1554 cv_wait(&key_sad.cv_psz, &key_sad.lock); 1555 key_sad.psz_performing = true; 1556 mutex_exit(&key_sad.lock); 1557 1558 pserialize_perform(key_sad.psz); 1559 1560 mutex_enter(&key_sad.lock); 1561 key_sad.psz_performing = false; 1562 cv_broadcast(&key_sad.cv_psz); 1563 } 1564 1565 /* 1566 * Remove the sav from the savlist of its sah and wait for references to the sav 1567 * to be released. key_sad.lock must be held. 1568 */ 1569 static void 1570 key_unlink_sav(struct secasvar *sav) 1571 { 1572 1573 KASSERT(mutex_owned(&key_sad.lock)); 1574 1575 SAVLIST_WRITER_REMOVE(sav); 1576 SAVLUT_WRITER_REMOVE(sav); 1577 1578 KDASSERT(mutex_ownable(softnet_lock)); 1579 key_sad_pserialize_perform(); 1580 1581 localcount_drain(&sav->localcount, &key_sad.cv_lc, &key_sad.lock); 1582 } 1583 1584 /* 1585 * Destroy an sav where the sav must be unlinked from an sah 1586 * by say key_unlink_sav. 1587 */ 1588 static void 1589 key_destroy_sav(struct secasvar *sav) 1590 { 1591 1592 ASSERT_SLEEPABLE(); 1593 1594 localcount_fini(&sav->localcount); 1595 SAVLIST_ENTRY_DESTROY(sav); 1596 1597 key_delsav(sav); 1598 } 1599 1600 /* 1601 * Wait for references of a passed sav to go away. 1602 */ 1603 static void 1604 key_wait_sav(struct secasvar *sav) 1605 { 1606 1607 ASSERT_SLEEPABLE(); 1608 1609 mutex_enter(&key_sad.lock); 1610 KASSERT(sav->state == SADB_SASTATE_DEAD); 1611 KDASSERT(mutex_ownable(softnet_lock)); 1612 key_sad_pserialize_perform(); 1613 localcount_drain(&sav->localcount, &key_sad.cv_lc, &key_sad.lock); 1614 mutex_exit(&key_sad.lock); 1615 } 1616 1617 /* %%% SPD management */ 1618 /* 1619 * free security policy entry. 1620 */ 1621 static void 1622 key_destroy_sp(struct secpolicy *sp) 1623 { 1624 1625 SPLIST_ENTRY_DESTROY(sp); 1626 localcount_fini(&sp->localcount); 1627 1628 key_free_sp(sp); 1629 1630 key_update_used(); 1631 } 1632 1633 void 1634 key_free_sp(struct secpolicy *sp) 1635 { 1636 struct ipsecrequest *isr = sp->req, *nextisr; 1637 1638 while (isr != NULL) { 1639 nextisr = isr->next; 1640 kmem_free(isr, sizeof(*isr)); 1641 isr = nextisr; 1642 } 1643 1644 kmem_free(sp, sizeof(*sp)); 1645 } 1646 1647 void 1648 key_socksplist_add(struct secpolicy *sp) 1649 { 1650 1651 mutex_enter(&key_spd.lock); 1652 PSLIST_WRITER_INSERT_HEAD(&key_spd.socksplist, sp, pslist_entry); 1653 mutex_exit(&key_spd.lock); 1654 1655 key_update_used(); 1656 } 1657 1658 /* 1659 * search SPD 1660 * OUT: NULL : not found 1661 * others : found, pointer to a SP. 1662 */ 1663 static struct secpolicy * 1664 key_getsp(const struct secpolicyindex *spidx) 1665 { 1666 struct secpolicy *sp; 1667 int s; 1668 1669 KASSERT(spidx != NULL); 1670 1671 s = pserialize_read_enter(); 1672 SPLIST_READER_FOREACH(sp, spidx->dir) { 1673 if (sp->state == IPSEC_SPSTATE_DEAD) 1674 continue; 1675 if (key_spidx_match_exactly(spidx, &sp->spidx)) { 1676 KEY_SP_REF(sp); 1677 pserialize_read_exit(s); 1678 return sp; 1679 } 1680 } 1681 pserialize_read_exit(s); 1682 1683 return NULL; 1684 } 1685 1686 /* 1687 * search SPD and remove found SP 1688 * OUT: NULL : not found 1689 * others : found, pointer to a SP. 1690 */ 1691 static struct secpolicy * 1692 key_lookup_and_remove_sp(const struct secpolicyindex *spidx, bool from_kernel) 1693 { 1694 struct secpolicy *sp = NULL; 1695 1696 mutex_enter(&key_spd.lock); 1697 SPLIST_WRITER_FOREACH(sp, spidx->dir) { 1698 KASSERTMSG(sp->state != IPSEC_SPSTATE_DEAD, "sp->state=%u", 1699 sp->state); 1700 /* 1701 * SPs created in kernel(e.g. ipsec(4) I/F) must not be 1702 * removed by userland programs. 1703 */ 1704 if (!from_kernel && sp->origin == IPSEC_SPORIGIN_KERNEL) 1705 continue; 1706 if (key_spidx_match_exactly(spidx, &sp->spidx)) { 1707 key_unlink_sp(sp); 1708 goto out; 1709 } 1710 } 1711 sp = NULL; 1712 out: 1713 mutex_exit(&key_spd.lock); 1714 1715 return sp; 1716 } 1717 1718 /* 1719 * get SP by index. 1720 * OUT: NULL : not found 1721 * others : found, pointer to a SP. 1722 */ 1723 static struct secpolicy * 1724 key_getspbyid(u_int32_t id) 1725 { 1726 struct secpolicy *sp; 1727 int s; 1728 1729 s = pserialize_read_enter(); 1730 SPLIST_READER_FOREACH(sp, IPSEC_DIR_INBOUND) { 1731 if (sp->state == IPSEC_SPSTATE_DEAD) 1732 continue; 1733 if (sp->id == id) { 1734 KEY_SP_REF(sp); 1735 goto out; 1736 } 1737 } 1738 1739 SPLIST_READER_FOREACH(sp, IPSEC_DIR_OUTBOUND) { 1740 if (sp->state == IPSEC_SPSTATE_DEAD) 1741 continue; 1742 if (sp->id == id) { 1743 KEY_SP_REF(sp); 1744 goto out; 1745 } 1746 } 1747 out: 1748 pserialize_read_exit(s); 1749 return sp; 1750 } 1751 1752 /* 1753 * get SP by index, remove and return it. 1754 * OUT: NULL : not found 1755 * others : found, pointer to a SP. 1756 */ 1757 static struct secpolicy * 1758 key_lookupbyid_and_remove_sp(u_int32_t id, bool from_kernel) 1759 { 1760 struct secpolicy *sp; 1761 1762 mutex_enter(&key_spd.lock); 1763 SPLIST_READER_FOREACH(sp, IPSEC_DIR_INBOUND) { 1764 KASSERTMSG(sp->state != IPSEC_SPSTATE_DEAD, "sp->state=%u", 1765 sp->state); 1766 /* 1767 * SPs created in kernel(e.g. ipsec(4) I/F) must not be 1768 * removed by userland programs. 1769 */ 1770 if (!from_kernel && sp->origin == IPSEC_SPORIGIN_KERNEL) 1771 continue; 1772 if (sp->id == id) 1773 goto out; 1774 } 1775 1776 SPLIST_READER_FOREACH(sp, IPSEC_DIR_OUTBOUND) { 1777 KASSERTMSG(sp->state != IPSEC_SPSTATE_DEAD, "sp->state=%u", 1778 sp->state); 1779 /* 1780 * SPs created in kernel(e.g. ipsec(4) I/F) must not be 1781 * removed by userland programs. 1782 */ 1783 if (!from_kernel && sp->origin == IPSEC_SPORIGIN_KERNEL) 1784 continue; 1785 if (sp->id == id) 1786 goto out; 1787 } 1788 out: 1789 if (sp != NULL) 1790 key_unlink_sp(sp); 1791 mutex_exit(&key_spd.lock); 1792 return sp; 1793 } 1794 1795 struct secpolicy * 1796 key_newsp(const char* where, int tag) 1797 { 1798 struct secpolicy *newsp = NULL; 1799 1800 newsp = kmem_zalloc(sizeof(struct secpolicy), KM_SLEEP); 1801 1802 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1803 "DP from %s:%u return SP:%p\n", where, tag, newsp); 1804 return newsp; 1805 } 1806 1807 /* 1808 * create secpolicy structure from sadb_x_policy structure. 1809 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set, 1810 * so must be set properly later. 1811 */ 1812 static struct secpolicy * 1813 _key_msg2sp(const struct sadb_x_policy *xpl0, size_t len, int *error, 1814 bool from_kernel) 1815 { 1816 struct secpolicy *newsp; 1817 1818 KASSERT(!cpu_softintr_p()); 1819 KASSERT(xpl0 != NULL); 1820 KASSERT(len >= sizeof(*xpl0)); 1821 1822 if (len != PFKEY_EXTLEN(xpl0)) { 1823 IPSECLOG(LOG_DEBUG, "Invalid msg length.\n"); 1824 *error = EINVAL; 1825 return NULL; 1826 } 1827 1828 newsp = KEY_NEWSP(); 1829 if (newsp == NULL) { 1830 *error = ENOBUFS; 1831 return NULL; 1832 } 1833 1834 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1835 newsp->policy = xpl0->sadb_x_policy_type; 1836 1837 /* check policy */ 1838 switch (xpl0->sadb_x_policy_type) { 1839 case IPSEC_POLICY_DISCARD: 1840 case IPSEC_POLICY_NONE: 1841 case IPSEC_POLICY_ENTRUST: 1842 case IPSEC_POLICY_BYPASS: 1843 newsp->req = NULL; 1844 *error = 0; 1845 return newsp; 1846 1847 case IPSEC_POLICY_IPSEC: 1848 /* Continued */ 1849 break; 1850 default: 1851 IPSECLOG(LOG_DEBUG, "invalid policy type.\n"); 1852 key_free_sp(newsp); 1853 *error = EINVAL; 1854 return NULL; 1855 } 1856 1857 /* IPSEC_POLICY_IPSEC */ 1858 { 1859 int tlen; 1860 const struct sadb_x_ipsecrequest *xisr; 1861 uint16_t xisr_reqid; 1862 struct ipsecrequest **p_isr = &newsp->req; 1863 1864 /* validity check */ 1865 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1866 IPSECLOG(LOG_DEBUG, "Invalid msg length.\n"); 1867 *error = EINVAL; 1868 goto free_exit; 1869 } 1870 1871 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1872 xisr = (const struct sadb_x_ipsecrequest *)(xpl0 + 1); 1873 1874 while (tlen > 0) { 1875 /* length check */ 1876 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) { 1877 IPSECLOG(LOG_DEBUG, "invalid ipsecrequest length.\n"); 1878 *error = EINVAL; 1879 goto free_exit; 1880 } 1881 1882 /* allocate request buffer */ 1883 *p_isr = kmem_zalloc(sizeof(**p_isr), KM_SLEEP); 1884 1885 /* set values */ 1886 (*p_isr)->next = NULL; 1887 1888 switch (xisr->sadb_x_ipsecrequest_proto) { 1889 case IPPROTO_ESP: 1890 case IPPROTO_AH: 1891 case IPPROTO_IPCOMP: 1892 break; 1893 default: 1894 IPSECLOG(LOG_DEBUG, "invalid proto type=%u\n", 1895 xisr->sadb_x_ipsecrequest_proto); 1896 *error = EPROTONOSUPPORT; 1897 goto free_exit; 1898 } 1899 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto; 1900 1901 switch (xisr->sadb_x_ipsecrequest_mode) { 1902 case IPSEC_MODE_TRANSPORT: 1903 case IPSEC_MODE_TUNNEL: 1904 break; 1905 case IPSEC_MODE_ANY: 1906 default: 1907 IPSECLOG(LOG_DEBUG, "invalid mode=%u\n", 1908 xisr->sadb_x_ipsecrequest_mode); 1909 *error = EINVAL; 1910 goto free_exit; 1911 } 1912 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1913 1914 switch (xisr->sadb_x_ipsecrequest_level) { 1915 case IPSEC_LEVEL_DEFAULT: 1916 case IPSEC_LEVEL_USE: 1917 case IPSEC_LEVEL_REQUIRE: 1918 break; 1919 case IPSEC_LEVEL_UNIQUE: 1920 xisr_reqid = xisr->sadb_x_ipsecrequest_reqid; 1921 /* validity check */ 1922 /* 1923 * case 1) from_kernel == false 1924 * That means the request comes from userland. 1925 * If range violation of reqid, kernel will 1926 * update it, don't refuse it. 1927 * 1928 * case 2) from_kernel == true 1929 * That means the request comes from kernel 1930 * (e.g. ipsec(4) I/F). 1931 * Use thre requested reqid to avoid inconsistency 1932 * between kernel's reqid and the reqid in pf_key 1933 * message sent to userland. The pf_key message is 1934 * built by diverting request mbuf. 1935 */ 1936 if (!from_kernel && 1937 xisr_reqid > IPSEC_MANUAL_REQID_MAX) { 1938 IPSECLOG(LOG_DEBUG, 1939 "reqid=%d range " 1940 "violation, updated by kernel.\n", 1941 xisr_reqid); 1942 xisr_reqid = 0; 1943 } 1944 1945 /* allocate new reqid id if reqid is zero. */ 1946 if (xisr_reqid == 0) { 1947 u_int16_t reqid = key_newreqid(); 1948 if (reqid == 0) { 1949 *error = ENOBUFS; 1950 goto free_exit; 1951 } 1952 (*p_isr)->saidx.reqid = reqid; 1953 } else { 1954 /* set it for manual keying. */ 1955 (*p_isr)->saidx.reqid = xisr_reqid; 1956 } 1957 break; 1958 1959 default: 1960 IPSECLOG(LOG_DEBUG, "invalid level=%u\n", 1961 xisr->sadb_x_ipsecrequest_level); 1962 *error = EINVAL; 1963 goto free_exit; 1964 } 1965 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level; 1966 1967 /* set IP addresses if there */ 1968 /* 1969 * NOTE: 1970 * MOBIKE Extensions for PF_KEY draft says: 1971 * If tunnel mode is specified, the sadb_x_ipsecrequest 1972 * structure is followed by two sockaddr structures that 1973 * define the tunnel endpoint addresses. In the case that 1974 * transport mode is used, no additional addresses are 1975 * specified. 1976 * see: https://tools.ietf.org/html/draft-schilcher-mobike-pfkey-extension-01 1977 * 1978 * And then, the IP addresses will be set by 1979 * ipsec_fill_saidx_bymbuf() from packet in transport mode. 1980 * This behavior is used by NAT-T enabled ipsecif(4). 1981 */ 1982 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1983 const struct sockaddr *paddr; 1984 1985 paddr = (const struct sockaddr *)(xisr + 1); 1986 1987 /* validity check */ 1988 if (paddr->sa_len > sizeof((*p_isr)->saidx.src)) { 1989 IPSECLOG(LOG_DEBUG, "invalid request " 1990 "address length.\n"); 1991 *error = EINVAL; 1992 goto free_exit; 1993 } 1994 memcpy(&(*p_isr)->saidx.src, paddr, paddr->sa_len); 1995 1996 paddr = (const struct sockaddr *)((const char *)paddr 1997 + paddr->sa_len); 1998 1999 /* validity check */ 2000 if (paddr->sa_len > sizeof((*p_isr)->saidx.dst)) { 2001 IPSECLOG(LOG_DEBUG, "invalid request " 2002 "address length.\n"); 2003 *error = EINVAL; 2004 goto free_exit; 2005 } 2006 memcpy(&(*p_isr)->saidx.dst, paddr, paddr->sa_len); 2007 } 2008 2009 (*p_isr)->sp = newsp; 2010 2011 /* initialization for the next. */ 2012 p_isr = &(*p_isr)->next; 2013 tlen -= xisr->sadb_x_ipsecrequest_len; 2014 2015 /* validity check */ 2016 if (tlen < 0) { 2017 IPSECLOG(LOG_DEBUG, "becoming tlen < 0.\n"); 2018 *error = EINVAL; 2019 goto free_exit; 2020 } 2021 2022 xisr = (const struct sadb_x_ipsecrequest *)((const char *)xisr + 2023 xisr->sadb_x_ipsecrequest_len); 2024 } 2025 } 2026 2027 *error = 0; 2028 return newsp; 2029 2030 free_exit: 2031 key_free_sp(newsp); 2032 return NULL; 2033 } 2034 2035 struct secpolicy * 2036 key_msg2sp(const struct sadb_x_policy *xpl0, size_t len, int *error) 2037 { 2038 2039 return _key_msg2sp(xpl0, len, error, false); 2040 } 2041 2042 u_int16_t 2043 key_newreqid(void) 2044 { 2045 static u_int16_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 2046 2047 auto_reqid = (auto_reqid == 0xffff ? 2048 IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1); 2049 2050 /* XXX should be unique check */ 2051 2052 return auto_reqid; 2053 } 2054 2055 /* 2056 * copy secpolicy struct to sadb_x_policy structure indicated. 2057 */ 2058 struct mbuf * 2059 key_sp2msg(const struct secpolicy *sp, int mflag) 2060 { 2061 struct sadb_x_policy *xpl; 2062 int tlen; 2063 char *p; 2064 struct mbuf *m; 2065 2066 KASSERT(sp != NULL); 2067 2068 tlen = key_getspreqmsglen(sp); 2069 2070 m = key_alloc_mbuf(tlen, mflag); 2071 if (!m || m->m_next) { /*XXX*/ 2072 if (m) 2073 m_freem(m); 2074 return NULL; 2075 } 2076 2077 m->m_len = tlen; 2078 m->m_next = NULL; 2079 xpl = mtod(m, struct sadb_x_policy *); 2080 memset(xpl, 0, tlen); 2081 2082 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen); 2083 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 2084 xpl->sadb_x_policy_type = sp->policy; 2085 xpl->sadb_x_policy_dir = sp->spidx.dir; 2086 xpl->sadb_x_policy_id = sp->id; 2087 p = (char *)xpl + sizeof(*xpl); 2088 2089 /* if is the policy for ipsec ? */ 2090 if (sp->policy == IPSEC_POLICY_IPSEC) { 2091 struct sadb_x_ipsecrequest *xisr; 2092 struct ipsecrequest *isr; 2093 2094 for (isr = sp->req; isr != NULL; isr = isr->next) { 2095 2096 xisr = (struct sadb_x_ipsecrequest *)p; 2097 2098 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 2099 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 2100 xisr->sadb_x_ipsecrequest_level = isr->level; 2101 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 2102 2103 p += sizeof(*xisr); 2104 memcpy(p, &isr->saidx.src, isr->saidx.src.sa.sa_len); 2105 p += isr->saidx.src.sa.sa_len; 2106 memcpy(p, &isr->saidx.dst, isr->saidx.dst.sa.sa_len); 2107 p += isr->saidx.src.sa.sa_len; 2108 2109 xisr->sadb_x_ipsecrequest_len = 2110 PFKEY_ALIGN8(sizeof(*xisr) 2111 + isr->saidx.src.sa.sa_len 2112 + isr->saidx.dst.sa.sa_len); 2113 } 2114 } 2115 2116 return m; 2117 } 2118 2119 /* 2120 * m will not be freed nor modified. It never return NULL. 2121 * If it returns a mbuf of M_PKTHDR, the mbuf ensures to have 2122 * contiguous length at least sizeof(struct sadb_msg). 2123 */ 2124 static struct mbuf * 2125 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 2126 int ndeep, int nitem, ...) 2127 { 2128 va_list ap; 2129 int idx; 2130 int i; 2131 struct mbuf *result = NULL, *n; 2132 int len; 2133 2134 KASSERT(m != NULL); 2135 KASSERT(mhp != NULL); 2136 KASSERT(!cpu_softintr_p()); 2137 2138 va_start(ap, nitem); 2139 for (i = 0; i < nitem; i++) { 2140 idx = va_arg(ap, int); 2141 KASSERT(idx >= 0); 2142 KASSERT(idx <= SADB_EXT_MAX); 2143 /* don't attempt to pull empty extension */ 2144 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 2145 continue; 2146 if (idx != SADB_EXT_RESERVED && 2147 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 2148 continue; 2149 2150 if (idx == SADB_EXT_RESERVED) { 2151 CTASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) <= MHLEN); 2152 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2153 MGETHDR(n, M_WAITOK, MT_DATA); 2154 n->m_len = len; 2155 n->m_next = NULL; 2156 m_copydata(m, 0, sizeof(struct sadb_msg), 2157 mtod(n, void *)); 2158 } else if (i < ndeep) { 2159 len = mhp->extlen[idx]; 2160 n = key_alloc_mbuf(len, M_WAITOK); 2161 KASSERT(n->m_next == NULL); 2162 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 2163 mtod(n, void *)); 2164 } else { 2165 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 2166 M_WAITOK); 2167 } 2168 KASSERT(n != NULL); 2169 2170 if (result) 2171 m_cat(result, n); 2172 else 2173 result = n; 2174 } 2175 va_end(ap); 2176 2177 KASSERT(result != NULL); 2178 if ((result->m_flags & M_PKTHDR) != 0) { 2179 result->m_pkthdr.len = 0; 2180 for (n = result; n; n = n->m_next) 2181 result->m_pkthdr.len += n->m_len; 2182 KASSERT(result->m_len >= sizeof(struct sadb_msg)); 2183 } 2184 2185 return result; 2186 } 2187 2188 /* 2189 * The argument _sp must not overwrite until SP is created and registered 2190 * successfully. 2191 */ 2192 static int 2193 key_spdadd(struct socket *so, struct mbuf *m, 2194 const struct sadb_msghdr *mhp, struct secpolicy **_sp, 2195 bool from_kernel) 2196 { 2197 const struct sockaddr *src, *dst; 2198 const struct sadb_x_policy *xpl0; 2199 struct sadb_x_policy *xpl; 2200 const struct sadb_lifetime *lft = NULL; 2201 struct secpolicyindex spidx; 2202 struct secpolicy *newsp; 2203 int error; 2204 uint32_t sadb_x_policy_id; 2205 2206 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 2207 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 2208 mhp->ext[SADB_X_EXT_POLICY] == NULL) { 2209 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 2210 return key_senderror(so, m, EINVAL); 2211 } 2212 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 2213 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || 2214 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2215 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 2216 return key_senderror(so, m, EINVAL); 2217 } 2218 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) { 2219 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < 2220 sizeof(struct sadb_lifetime)) { 2221 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 2222 return key_senderror(so, m, EINVAL); 2223 } 2224 lft = mhp->ext[SADB_EXT_LIFETIME_HARD]; 2225 } 2226 2227 xpl0 = mhp->ext[SADB_X_EXT_POLICY]; 2228 2229 /* checking the direciton. */ 2230 switch (xpl0->sadb_x_policy_dir) { 2231 case IPSEC_DIR_INBOUND: 2232 case IPSEC_DIR_OUTBOUND: 2233 break; 2234 default: 2235 IPSECLOG(LOG_DEBUG, "Invalid SP direction.\n"); 2236 return key_senderror(so, m, EINVAL); 2237 } 2238 2239 /* check policy */ 2240 /* key_api_spdadd() accepts DISCARD, NONE and IPSEC. */ 2241 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST || 2242 xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) { 2243 IPSECLOG(LOG_DEBUG, "Invalid policy type.\n"); 2244 return key_senderror(so, m, EINVAL); 2245 } 2246 2247 /* policy requests are mandatory when action is ipsec. */ 2248 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX && 2249 xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 2250 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 2251 IPSECLOG(LOG_DEBUG, "some policy requests part required.\n"); 2252 return key_senderror(so, m, EINVAL); 2253 } 2254 2255 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 2256 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 2257 2258 /* sanity check on addr pair */ 2259 if (src->sa_family != dst->sa_family) 2260 return key_senderror(so, m, EINVAL); 2261 if (src->sa_len != dst->sa_len) 2262 return key_senderror(so, m, EINVAL); 2263 2264 key_init_spidx_bymsghdr(&spidx, mhp); 2265 2266 /* 2267 * checking there is SP already or not. 2268 * SPDUPDATE doesn't depend on whether there is a SP or not. 2269 * If the type is either SPDADD or SPDSETIDX AND a SP is found, 2270 * then error. 2271 */ 2272 { 2273 struct secpolicy *sp; 2274 2275 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 2276 sp = key_lookup_and_remove_sp(&spidx, from_kernel); 2277 if (sp != NULL) 2278 key_destroy_sp(sp); 2279 } else { 2280 sp = key_getsp(&spidx); 2281 if (sp != NULL) { 2282 KEY_SP_UNREF(&sp); 2283 IPSECLOG(LOG_DEBUG, "a SP entry exists already.\n"); 2284 return key_senderror(so, m, EEXIST); 2285 } 2286 } 2287 } 2288 2289 /* allocation new SP entry */ 2290 newsp = _key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error, from_kernel); 2291 if (newsp == NULL) { 2292 return key_senderror(so, m, error); 2293 } 2294 2295 newsp->id = key_getnewspid(); 2296 if (newsp->id == 0) { 2297 kmem_free(newsp, sizeof(*newsp)); 2298 return key_senderror(so, m, ENOBUFS); 2299 } 2300 2301 newsp->spidx = spidx; 2302 newsp->created = time_uptime; 2303 newsp->lastused = newsp->created; 2304 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 2305 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 2306 if (from_kernel) 2307 newsp->origin = IPSEC_SPORIGIN_KERNEL; 2308 else 2309 newsp->origin = IPSEC_SPORIGIN_USER; 2310 2311 key_init_sp(newsp); 2312 if (from_kernel) 2313 KEY_SP_REF(newsp); 2314 2315 sadb_x_policy_id = newsp->id; 2316 2317 if (_sp != NULL) 2318 *_sp = newsp; 2319 2320 mutex_enter(&key_spd.lock); 2321 SPLIST_WRITER_INSERT_TAIL(newsp->spidx.dir, newsp); 2322 mutex_exit(&key_spd.lock); 2323 /* 2324 * We don't have a reference to newsp, so we must not touch newsp from 2325 * now on. If you want to do, you must take a reference beforehand. 2326 */ 2327 newsp = NULL; 2328 2329 #ifdef notyet 2330 /* delete the entry in key_misc.spacqlist */ 2331 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 2332 struct secspacq *spacq = key_getspacq(&spidx); 2333 if (spacq != NULL) { 2334 /* reset counter in order to deletion by timehandler. */ 2335 spacq->created = time_uptime; 2336 spacq->count = 0; 2337 } 2338 } 2339 #endif 2340 2341 /* Invalidate all cached SPD pointers in the PCBs. */ 2342 ipsec_invalpcbcacheall(); 2343 2344 #if defined(GATEWAY) 2345 /* Invalidate the ipflow cache, as well. */ 2346 ipflow_invalidate_all(0); 2347 #ifdef INET6 2348 if (in6_present) 2349 ip6flow_invalidate_all(0); 2350 #endif /* INET6 */ 2351 #endif /* GATEWAY */ 2352 2353 key_update_used(); 2354 2355 { 2356 struct mbuf *n, *mpolicy; 2357 int off; 2358 2359 /* create new sadb_msg to reply. */ 2360 if (lft) { 2361 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 2362 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 2363 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2364 } else { 2365 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 2366 SADB_X_EXT_POLICY, 2367 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2368 } 2369 2370 key_fill_replymsg(n, 0); 2371 off = 0; 2372 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 2373 sizeof(*xpl), &off); 2374 if (mpolicy == NULL) { 2375 /* n is already freed */ 2376 /* 2377 * valid sp has been created, so we does not overwrite _sp 2378 * NULL here. let caller decide to use the sp or not. 2379 */ 2380 return key_senderror(so, m, ENOBUFS); 2381 } 2382 xpl = (struct sadb_x_policy *)(mtod(mpolicy, char *) + off); 2383 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 2384 m_freem(n); 2385 /* ditto */ 2386 return key_senderror(so, m, EINVAL); 2387 } 2388 2389 xpl->sadb_x_policy_id = sadb_x_policy_id; 2390 2391 m_freem(m); 2392 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2393 } 2394 } 2395 2396 /* 2397 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 2398 * add an entry to SP database, when received 2399 * <base, address(SD), (lifetime(H),) policy> 2400 * from the user(?). 2401 * Adding to SP database, 2402 * and send 2403 * <base, address(SD), (lifetime(H),) policy> 2404 * to the socket which was send. 2405 * 2406 * SPDADD set a unique policy entry. 2407 * SPDSETIDX like SPDADD without a part of policy requests. 2408 * SPDUPDATE replace a unique policy entry. 2409 * 2410 * m will always be freed. 2411 */ 2412 static int 2413 key_api_spdadd(struct socket *so, struct mbuf *m, 2414 const struct sadb_msghdr *mhp) 2415 { 2416 2417 return key_spdadd(so, m, mhp, NULL, false); 2418 } 2419 2420 struct secpolicy * 2421 key_kpi_spdadd(struct mbuf *m) 2422 { 2423 struct sadb_msghdr mh; 2424 int error; 2425 struct secpolicy *sp = NULL; 2426 2427 error = key_align(m, &mh); 2428 if (error) 2429 return NULL; 2430 2431 error = key_spdadd(NULL, m, &mh, &sp, true); 2432 if (error) { 2433 /* 2434 * Currently, when key_spdadd() cannot send a PFKEY message 2435 * which means SP has been created, key_spdadd() returns error 2436 * although SP is created successfully. 2437 * Kernel components would not care PFKEY messages, so return 2438 * the "sp" regardless of error code. key_spdadd() overwrites 2439 * the argument only if SP is created successfully. 2440 */ 2441 } 2442 return sp; 2443 } 2444 2445 /* 2446 * get new policy id. 2447 * OUT: 2448 * 0: failure. 2449 * others: success. 2450 */ 2451 static u_int32_t 2452 key_getnewspid(void) 2453 { 2454 u_int32_t newid = 0; 2455 int count = key_spi_trycnt; /* XXX */ 2456 struct secpolicy *sp; 2457 2458 /* when requesting to allocate spi ranged */ 2459 while (count--) { 2460 newid = (policy_id = (policy_id == ~0 ? 1 : policy_id + 1)); 2461 2462 sp = key_getspbyid(newid); 2463 if (sp == NULL) 2464 break; 2465 2466 KEY_SP_UNREF(&sp); 2467 } 2468 2469 if (count == 0 || newid == 0) { 2470 IPSECLOG(LOG_DEBUG, "to allocate policy id is failed.\n"); 2471 return 0; 2472 } 2473 2474 return newid; 2475 } 2476 2477 /* 2478 * SADB_SPDDELETE processing 2479 * receive 2480 * <base, address(SD), policy(*)> 2481 * from the user(?), and set SADB_SASTATE_DEAD, 2482 * and send, 2483 * <base, address(SD), policy(*)> 2484 * to the ikmpd. 2485 * policy(*) including direction of policy. 2486 * 2487 * m will always be freed. 2488 */ 2489 static int 2490 key_api_spddelete(struct socket *so, struct mbuf *m, 2491 const struct sadb_msghdr *mhp) 2492 { 2493 struct sadb_x_policy *xpl0; 2494 struct secpolicyindex spidx; 2495 struct secpolicy *sp; 2496 2497 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 2498 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 2499 mhp->ext[SADB_X_EXT_POLICY] == NULL) { 2500 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 2501 return key_senderror(so, m, EINVAL); 2502 } 2503 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 2504 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || 2505 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2506 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 2507 return key_senderror(so, m, EINVAL); 2508 } 2509 2510 xpl0 = mhp->ext[SADB_X_EXT_POLICY]; 2511 2512 /* checking the directon. */ 2513 switch (xpl0->sadb_x_policy_dir) { 2514 case IPSEC_DIR_INBOUND: 2515 case IPSEC_DIR_OUTBOUND: 2516 break; 2517 default: 2518 IPSECLOG(LOG_DEBUG, "Invalid SP direction.\n"); 2519 return key_senderror(so, m, EINVAL); 2520 } 2521 2522 /* make secindex */ 2523 key_init_spidx_bymsghdr(&spidx, mhp); 2524 2525 /* Is there SP in SPD ? */ 2526 sp = key_lookup_and_remove_sp(&spidx, false); 2527 if (sp == NULL) { 2528 IPSECLOG(LOG_DEBUG, "no SP found.\n"); 2529 return key_senderror(so, m, EINVAL); 2530 } 2531 2532 /* save policy id to buffer to be returned. */ 2533 xpl0->sadb_x_policy_id = sp->id; 2534 2535 key_destroy_sp(sp); 2536 2537 /* We're deleting policy; no need to invalidate the ipflow cache. */ 2538 2539 { 2540 struct mbuf *n; 2541 2542 /* create new sadb_msg to reply. */ 2543 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2544 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2545 key_fill_replymsg(n, 0); 2546 m_freem(m); 2547 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2548 } 2549 } 2550 2551 static struct mbuf * 2552 key_alloc_mbuf_simple(int len, int mflag) 2553 { 2554 struct mbuf *n; 2555 2556 KASSERT(mflag == M_NOWAIT || (mflag == M_WAITOK && !cpu_softintr_p())); 2557 2558 MGETHDR(n, mflag, MT_DATA); 2559 if (n && len > MHLEN) { 2560 MCLGET(n, mflag); 2561 if ((n->m_flags & M_EXT) == 0) { 2562 m_freem(n); 2563 n = NULL; 2564 } 2565 } 2566 return n; 2567 } 2568 2569 /* 2570 * SADB_SPDDELETE2 processing 2571 * receive 2572 * <base, policy(*)> 2573 * from the user(?), and set SADB_SASTATE_DEAD, 2574 * and send, 2575 * <base, policy(*)> 2576 * to the ikmpd. 2577 * policy(*) including direction of policy. 2578 * 2579 * m will always be freed. 2580 */ 2581 static int 2582 key_spddelete2(struct socket *so, struct mbuf *m, 2583 const struct sadb_msghdr *mhp, bool from_kernel) 2584 { 2585 u_int32_t id; 2586 struct secpolicy *sp; 2587 const struct sadb_x_policy *xpl; 2588 2589 if (mhp->ext[SADB_X_EXT_POLICY] == NULL || 2590 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2591 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 2592 return key_senderror(so, m, EINVAL); 2593 } 2594 2595 xpl = mhp->ext[SADB_X_EXT_POLICY]; 2596 id = xpl->sadb_x_policy_id; 2597 2598 /* Is there SP in SPD ? */ 2599 sp = key_lookupbyid_and_remove_sp(id, from_kernel); 2600 if (sp == NULL) { 2601 IPSECLOG(LOG_DEBUG, "no SP found id:%u.\n", id); 2602 return key_senderror(so, m, EINVAL); 2603 } 2604 2605 key_destroy_sp(sp); 2606 2607 /* We're deleting policy; no need to invalidate the ipflow cache. */ 2608 2609 { 2610 struct mbuf *n, *nn; 2611 int off, len; 2612 2613 CTASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) <= MCLBYTES); 2614 2615 /* create new sadb_msg to reply. */ 2616 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2617 2618 n = key_alloc_mbuf_simple(len, M_WAITOK); 2619 n->m_len = len; 2620 n->m_next = NULL; 2621 off = 0; 2622 2623 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off); 2624 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2625 2626 KASSERTMSG(off == len, "length inconsistency"); 2627 2628 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2629 mhp->extlen[SADB_X_EXT_POLICY], M_WAITOK); 2630 2631 n->m_pkthdr.len = 0; 2632 for (nn = n; nn; nn = nn->m_next) 2633 n->m_pkthdr.len += nn->m_len; 2634 2635 key_fill_replymsg(n, 0); 2636 m_freem(m); 2637 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2638 } 2639 } 2640 2641 /* 2642 * SADB_SPDDELETE2 processing 2643 * receive 2644 * <base, policy(*)> 2645 * from the user(?), and set SADB_SASTATE_DEAD, 2646 * and send, 2647 * <base, policy(*)> 2648 * to the ikmpd. 2649 * policy(*) including direction of policy. 2650 * 2651 * m will always be freed. 2652 */ 2653 static int 2654 key_api_spddelete2(struct socket *so, struct mbuf *m, 2655 const struct sadb_msghdr *mhp) 2656 { 2657 2658 return key_spddelete2(so, m, mhp, false); 2659 } 2660 2661 int 2662 key_kpi_spddelete2(struct mbuf *m) 2663 { 2664 struct sadb_msghdr mh; 2665 int error; 2666 2667 error = key_align(m, &mh); 2668 if (error) 2669 return EINVAL; 2670 2671 return key_spddelete2(NULL, m, &mh, true); 2672 } 2673 2674 /* 2675 * SADB_X_GET processing 2676 * receive 2677 * <base, policy(*)> 2678 * from the user(?), 2679 * and send, 2680 * <base, address(SD), policy> 2681 * to the ikmpd. 2682 * policy(*) including direction of policy. 2683 * 2684 * m will always be freed. 2685 */ 2686 static int 2687 key_api_spdget(struct socket *so, struct mbuf *m, 2688 const struct sadb_msghdr *mhp) 2689 { 2690 u_int32_t id; 2691 struct secpolicy *sp; 2692 struct mbuf *n; 2693 const struct sadb_x_policy *xpl; 2694 2695 if (mhp->ext[SADB_X_EXT_POLICY] == NULL || 2696 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2697 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 2698 return key_senderror(so, m, EINVAL); 2699 } 2700 2701 xpl = mhp->ext[SADB_X_EXT_POLICY]; 2702 id = xpl->sadb_x_policy_id; 2703 2704 /* Is there SP in SPD ? */ 2705 sp = key_getspbyid(id); 2706 if (sp == NULL) { 2707 IPSECLOG(LOG_DEBUG, "no SP found id:%u.\n", id); 2708 return key_senderror(so, m, ENOENT); 2709 } 2710 2711 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, 2712 mhp->msg->sadb_msg_pid); 2713 KEY_SP_UNREF(&sp); /* ref gained by key_getspbyid */ 2714 m_freem(m); 2715 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2716 } 2717 2718 #ifdef notyet 2719 /* 2720 * SADB_X_SPDACQUIRE processing. 2721 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2722 * send 2723 * <base, policy(*)> 2724 * to KMD, and expect to receive 2725 * <base> with SADB_X_SPDACQUIRE if error occurred, 2726 * or 2727 * <base, policy> 2728 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2729 * policy(*) is without policy requests. 2730 * 2731 * 0 : succeed 2732 * others: error number 2733 */ 2734 int 2735 key_spdacquire(const struct secpolicy *sp) 2736 { 2737 struct mbuf *result = NULL, *m; 2738 struct secspacq *newspacq; 2739 int error; 2740 2741 KASSERT(sp != NULL); 2742 KASSERTMSG(sp->req == NULL, "called but there is request"); 2743 KASSERTMSG(sp->policy == IPSEC_POLICY_IPSEC, 2744 "policy mismathed. IPsec is expected"); 2745 2746 /* Get an entry to check whether sent message or not. */ 2747 newspacq = key_getspacq(&sp->spidx); 2748 if (newspacq != NULL) { 2749 if (key_blockacq_count < newspacq->count) { 2750 /* reset counter and do send message. */ 2751 newspacq->count = 0; 2752 } else { 2753 /* increment counter and do nothing. */ 2754 newspacq->count++; 2755 return 0; 2756 } 2757 } else { 2758 /* make new entry for blocking to send SADB_ACQUIRE. */ 2759 newspacq = key_newspacq(&sp->spidx); 2760 if (newspacq == NULL) 2761 return ENOBUFS; 2762 2763 /* add to key_misc.acqlist */ 2764 LIST_INSERT_HEAD(&key_misc.spacqlist, newspacq, chain); 2765 } 2766 2767 /* create new sadb_msg to reply. */ 2768 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2769 if (!m) { 2770 error = ENOBUFS; 2771 goto fail; 2772 } 2773 result = m; 2774 2775 result->m_pkthdr.len = 0; 2776 for (m = result; m; m = m->m_next) 2777 result->m_pkthdr.len += m->m_len; 2778 2779 mtod(result, struct sadb_msg *)->sadb_msg_len = 2780 PFKEY_UNIT64(result->m_pkthdr.len); 2781 2782 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 2783 2784 fail: 2785 if (result) 2786 m_freem(result); 2787 return error; 2788 } 2789 #endif /* notyet */ 2790 2791 /* 2792 * SADB_SPDFLUSH processing 2793 * receive 2794 * <base> 2795 * from the user, and free all entries in secpctree. 2796 * and send, 2797 * <base> 2798 * to the user. 2799 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2800 * 2801 * m will always be freed. 2802 */ 2803 static int 2804 key_api_spdflush(struct socket *so, struct mbuf *m, 2805 const struct sadb_msghdr *mhp) 2806 { 2807 struct sadb_msg *newmsg; 2808 struct secpolicy *sp; 2809 u_int dir; 2810 2811 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2812 return key_senderror(so, m, EINVAL); 2813 2814 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2815 retry: 2816 mutex_enter(&key_spd.lock); 2817 SPLIST_WRITER_FOREACH(sp, dir) { 2818 KASSERTMSG(sp->state != IPSEC_SPSTATE_DEAD, 2819 "sp->state=%u", sp->state); 2820 /* 2821 * Userlang programs can remove SPs created by userland 2822 * probrams only, that is, they cannot remove SPs 2823 * created in kernel(e.g. ipsec(4) I/F). 2824 */ 2825 if (sp->origin == IPSEC_SPORIGIN_USER) { 2826 key_unlink_sp(sp); 2827 mutex_exit(&key_spd.lock); 2828 key_destroy_sp(sp); 2829 goto retry; 2830 } 2831 } 2832 mutex_exit(&key_spd.lock); 2833 } 2834 2835 /* We're deleting policy; no need to invalidate the ipflow cache. */ 2836 2837 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2838 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 2839 return key_senderror(so, m, ENOBUFS); 2840 } 2841 2842 if (m->m_next) 2843 m_freem(m->m_next); 2844 m->m_next = NULL; 2845 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2846 newmsg = mtod(m, struct sadb_msg *); 2847 newmsg->sadb_msg_errno = 0; 2848 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2849 2850 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2851 } 2852 2853 static struct sockaddr key_src = { 2854 .sa_len = 2, 2855 .sa_family = PF_KEY, 2856 }; 2857 2858 static struct mbuf * 2859 key_setspddump_chain(int *errorp, int *lenp, pid_t pid) 2860 { 2861 struct secpolicy *sp; 2862 int cnt; 2863 u_int dir; 2864 struct mbuf *m, *n, *prev; 2865 int totlen; 2866 2867 KASSERT(mutex_owned(&key_spd.lock)); 2868 2869 *lenp = 0; 2870 2871 /* search SPD entry and get buffer size. */ 2872 cnt = 0; 2873 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2874 SPLIST_WRITER_FOREACH(sp, dir) { 2875 cnt++; 2876 } 2877 } 2878 2879 if (cnt == 0) { 2880 *errorp = ENOENT; 2881 return (NULL); 2882 } 2883 2884 m = NULL; 2885 prev = m; 2886 totlen = 0; 2887 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2888 SPLIST_WRITER_FOREACH(sp, dir) { 2889 --cnt; 2890 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, pid); 2891 2892 totlen += n->m_pkthdr.len; 2893 if (!m) { 2894 m = n; 2895 } else { 2896 prev->m_nextpkt = n; 2897 } 2898 prev = n; 2899 } 2900 } 2901 2902 *lenp = totlen; 2903 *errorp = 0; 2904 return (m); 2905 } 2906 2907 /* 2908 * SADB_SPDDUMP processing 2909 * receive 2910 * <base> 2911 * from the user, and dump all SP leaves 2912 * and send, 2913 * <base> ..... 2914 * to the ikmpd. 2915 * 2916 * m will always be freed. 2917 */ 2918 static int 2919 key_api_spddump(struct socket *so, struct mbuf *m0, 2920 const struct sadb_msghdr *mhp) 2921 { 2922 struct mbuf *n; 2923 int error, len; 2924 int ok; 2925 pid_t pid; 2926 2927 pid = mhp->msg->sadb_msg_pid; 2928 /* 2929 * If the requestor has insufficient socket-buffer space 2930 * for the entire chain, nobody gets any response to the DUMP. 2931 * XXX For now, only the requestor ever gets anything. 2932 * Moreover, if the requestor has any space at all, they receive 2933 * the entire chain, otherwise the request is refused with ENOBUFS. 2934 */ 2935 if (sbspace(&so->so_rcv) <= 0) { 2936 return key_senderror(so, m0, ENOBUFS); 2937 } 2938 2939 mutex_enter(&key_spd.lock); 2940 n = key_setspddump_chain(&error, &len, pid); 2941 mutex_exit(&key_spd.lock); 2942 2943 if (n == NULL) { 2944 return key_senderror(so, m0, ENOENT); 2945 } 2946 { 2947 uint64_t *ps = PFKEY_STAT_GETREF(); 2948 ps[PFKEY_STAT_IN_TOTAL]++; 2949 ps[PFKEY_STAT_IN_BYTES] += len; 2950 PFKEY_STAT_PUTREF(); 2951 } 2952 2953 /* 2954 * PF_KEY DUMP responses are no longer broadcast to all PF_KEY sockets. 2955 * The requestor receives either the entire chain, or an 2956 * error message with ENOBUFS. 2957 */ 2958 2959 /* 2960 * sbappendchainwith record takes the chain of entries, one 2961 * packet-record per SPD entry, prepends the key_src sockaddr 2962 * to each packet-record, links the sockaddr mbufs into a new 2963 * list of records, then appends the entire resulting 2964 * list to the requesting socket. 2965 */ 2966 ok = sbappendaddrchain(&so->so_rcv, (struct sockaddr *)&key_src, n, 2967 SB_PRIO_ONESHOT_OVERFLOW); 2968 2969 if (!ok) { 2970 PFKEY_STATINC(PFKEY_STAT_IN_NOMEM); 2971 m_freem(n); 2972 return key_senderror(so, m0, ENOBUFS); 2973 } 2974 2975 m_freem(m0); 2976 return error; 2977 } 2978 2979 /* 2980 * SADB_X_NAT_T_NEW_MAPPING. Unused by racoon as of 2005/04/23 2981 */ 2982 static int 2983 key_api_nat_map(struct socket *so, struct mbuf *m, 2984 const struct sadb_msghdr *mhp) 2985 { 2986 struct sadb_x_nat_t_type *type; 2987 struct sadb_x_nat_t_port *sport; 2988 struct sadb_x_nat_t_port *dport; 2989 struct sadb_address *iaddr, *raddr; 2990 struct sadb_x_nat_t_frag *frag; 2991 2992 if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL || 2993 mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL || 2994 mhp->ext[SADB_X_EXT_NAT_T_DPORT] == NULL) { 2995 IPSECLOG(LOG_DEBUG, "invalid message.\n"); 2996 return key_senderror(so, m, EINVAL); 2997 } 2998 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) || 2999 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) || 3000 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) { 3001 IPSECLOG(LOG_DEBUG, "invalid message.\n"); 3002 return key_senderror(so, m, EINVAL); 3003 } 3004 3005 if ((mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) && 3006 (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr))) { 3007 IPSECLOG(LOG_DEBUG, "invalid message\n"); 3008 return key_senderror(so, m, EINVAL); 3009 } 3010 3011 if ((mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) && 3012 (mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr))) { 3013 IPSECLOG(LOG_DEBUG, "invalid message\n"); 3014 return key_senderror(so, m, EINVAL); 3015 } 3016 3017 if ((mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) && 3018 (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag))) { 3019 IPSECLOG(LOG_DEBUG, "invalid message\n"); 3020 return key_senderror(so, m, EINVAL); 3021 } 3022 3023 type = mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 3024 sport = mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 3025 dport = mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 3026 iaddr = mhp->ext[SADB_X_EXT_NAT_T_OAI]; 3027 raddr = mhp->ext[SADB_X_EXT_NAT_T_OAR]; 3028 frag = mhp->ext[SADB_X_EXT_NAT_T_FRAG]; 3029 3030 /* 3031 * XXX handle that, it should also contain a SA, or anything 3032 * that enable to update the SA information. 3033 */ 3034 3035 return 0; 3036 } 3037 3038 /* 3039 * Never return NULL. 3040 */ 3041 static struct mbuf * 3042 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, pid_t pid) 3043 { 3044 struct mbuf *result = NULL, *m; 3045 3046 KASSERT(!cpu_softintr_p()); 3047 3048 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, 3049 key_sp_refcnt(sp), M_WAITOK); 3050 result = m; 3051 3052 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3053 &sp->spidx.src.sa, sp->spidx.prefs, sp->spidx.ul_proto, M_WAITOK); 3054 m_cat(result, m); 3055 3056 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3057 &sp->spidx.dst.sa, sp->spidx.prefd, sp->spidx.ul_proto, M_WAITOK); 3058 m_cat(result, m); 3059 3060 m = key_sp2msg(sp, M_WAITOK); 3061 m_cat(result, m); 3062 3063 KASSERT(result->m_flags & M_PKTHDR); 3064 KASSERT(result->m_len >= sizeof(struct sadb_msg)); 3065 3066 result->m_pkthdr.len = 0; 3067 for (m = result; m; m = m->m_next) 3068 result->m_pkthdr.len += m->m_len; 3069 3070 mtod(result, struct sadb_msg *)->sadb_msg_len = 3071 PFKEY_UNIT64(result->m_pkthdr.len); 3072 3073 return result; 3074 } 3075 3076 /* 3077 * get PFKEY message length for security policy and request. 3078 */ 3079 static u_int 3080 key_getspreqmsglen(const struct secpolicy *sp) 3081 { 3082 u_int tlen; 3083 3084 tlen = sizeof(struct sadb_x_policy); 3085 3086 /* if is the policy for ipsec ? */ 3087 if (sp->policy != IPSEC_POLICY_IPSEC) 3088 return tlen; 3089 3090 /* get length of ipsec requests */ 3091 { 3092 const struct ipsecrequest *isr; 3093 int len; 3094 3095 for (isr = sp->req; isr != NULL; isr = isr->next) { 3096 len = sizeof(struct sadb_x_ipsecrequest) 3097 + isr->saidx.src.sa.sa_len + isr->saidx.dst.sa.sa_len; 3098 3099 tlen += PFKEY_ALIGN8(len); 3100 } 3101 } 3102 3103 return tlen; 3104 } 3105 3106 /* 3107 * SADB_SPDEXPIRE processing 3108 * send 3109 * <base, address(SD), lifetime(CH), policy> 3110 * to KMD by PF_KEY. 3111 * 3112 * OUT: 0 : succeed 3113 * others : error number 3114 */ 3115 static int 3116 key_spdexpire(struct secpolicy *sp) 3117 { 3118 int s; 3119 struct mbuf *result = NULL, *m; 3120 int len; 3121 int error = -1; 3122 struct sadb_lifetime *lt; 3123 3124 /* XXX: Why do we lock ? */ 3125 s = splsoftnet(); /*called from softclock()*/ 3126 3127 KASSERT(sp != NULL); 3128 3129 /* set msg header */ 3130 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0, M_WAITOK); 3131 result = m; 3132 3133 /* create lifetime extension (current and hard) */ 3134 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 3135 m = key_alloc_mbuf(len, M_WAITOK); 3136 KASSERT(m->m_next == NULL); 3137 3138 memset(mtod(m, void *), 0, len); 3139 lt = mtod(m, struct sadb_lifetime *); 3140 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 3141 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 3142 lt->sadb_lifetime_allocations = 0; 3143 lt->sadb_lifetime_bytes = 0; 3144 lt->sadb_lifetime_addtime = time_mono_to_wall(sp->created); 3145 lt->sadb_lifetime_usetime = time_mono_to_wall(sp->lastused); 3146 lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2); 3147 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 3148 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 3149 lt->sadb_lifetime_allocations = 0; 3150 lt->sadb_lifetime_bytes = 0; 3151 lt->sadb_lifetime_addtime = sp->lifetime; 3152 lt->sadb_lifetime_usetime = sp->validtime; 3153 m_cat(result, m); 3154 3155 /* set sadb_address for source */ 3156 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &sp->spidx.src.sa, 3157 sp->spidx.prefs, sp->spidx.ul_proto, M_WAITOK); 3158 m_cat(result, m); 3159 3160 /* set sadb_address for destination */ 3161 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &sp->spidx.dst.sa, 3162 sp->spidx.prefd, sp->spidx.ul_proto, M_WAITOK); 3163 m_cat(result, m); 3164 3165 /* set secpolicy */ 3166 m = key_sp2msg(sp, M_WAITOK); 3167 m_cat(result, m); 3168 3169 KASSERT(result->m_flags & M_PKTHDR); 3170 KASSERT(result->m_len >= sizeof(struct sadb_msg)); 3171 3172 result->m_pkthdr.len = 0; 3173 for (m = result; m; m = m->m_next) 3174 result->m_pkthdr.len += m->m_len; 3175 3176 mtod(result, struct sadb_msg *)->sadb_msg_len = 3177 PFKEY_UNIT64(result->m_pkthdr.len); 3178 3179 error = key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 3180 splx(s); 3181 return error; 3182 } 3183 3184 /* %%% SAD management */ 3185 /* 3186 * allocating a memory for new SA head, and copy from the values of mhp. 3187 * OUT: NULL : failure due to the lack of memory. 3188 * others : pointer to new SA head. 3189 */ 3190 static struct secashead * 3191 key_newsah(const struct secasindex *saidx) 3192 { 3193 struct secashead *newsah; 3194 int i; 3195 3196 KASSERT(saidx != NULL); 3197 3198 newsah = kmem_zalloc(sizeof(struct secashead), KM_SLEEP); 3199 for (i = 0; i < __arraycount(newsah->savlist); i++) 3200 PSLIST_INIT(&newsah->savlist[i]); 3201 newsah->saidx = *saidx; 3202 3203 localcount_init(&newsah->localcount); 3204 /* Take a reference for the caller */ 3205 localcount_acquire(&newsah->localcount); 3206 3207 /* Add to the sah list */ 3208 SAHLIST_ENTRY_INIT(newsah); 3209 newsah->state = SADB_SASTATE_MATURE; 3210 mutex_enter(&key_sad.lock); 3211 SAHLIST_WRITER_INSERT_HEAD(newsah); 3212 mutex_exit(&key_sad.lock); 3213 3214 return newsah; 3215 } 3216 3217 static bool 3218 key_sah_has_sav(struct secashead *sah) 3219 { 3220 u_int state; 3221 3222 KASSERT(mutex_owned(&key_sad.lock)); 3223 3224 SASTATE_ANY_FOREACH(state) { 3225 if (!SAVLIST_WRITER_EMPTY(sah, state)) 3226 return true; 3227 } 3228 3229 return false; 3230 } 3231 3232 static void 3233 key_unlink_sah(struct secashead *sah) 3234 { 3235 3236 KASSERT(!cpu_softintr_p()); 3237 KASSERT(mutex_owned(&key_sad.lock)); 3238 KASSERTMSG(sah->state == SADB_SASTATE_DEAD, "sah->state=%u", sah->state); 3239 3240 /* Remove from the sah list */ 3241 SAHLIST_WRITER_REMOVE(sah); 3242 3243 KDASSERT(mutex_ownable(softnet_lock)); 3244 key_sad_pserialize_perform(); 3245 3246 localcount_drain(&sah->localcount, &key_sad.cv_lc, &key_sad.lock); 3247 } 3248 3249 static void 3250 key_destroy_sah(struct secashead *sah) 3251 { 3252 3253 rtcache_free(&sah->sa_route); 3254 3255 SAHLIST_ENTRY_DESTROY(sah); 3256 localcount_fini(&sah->localcount); 3257 3258 if (sah->idents != NULL) 3259 kmem_free(sah->idents, sah->idents_len); 3260 if (sah->identd != NULL) 3261 kmem_free(sah->identd, sah->identd_len); 3262 3263 kmem_free(sah, sizeof(*sah)); 3264 } 3265 3266 /* 3267 * allocating a new SA with LARVAL state. 3268 * key_api_add() and key_api_getspi() call, 3269 * and copy the values of mhp into new buffer. 3270 * When SAD message type is GETSPI: 3271 * to set sequence number from acq_seq++, 3272 * to set zero to SPI. 3273 * not to call key_setsaval(). 3274 * OUT: NULL : fail 3275 * others : pointer to new secasvar. 3276 * 3277 * does not modify mbuf. does not free mbuf on error. 3278 */ 3279 static struct secasvar * 3280 key_newsav(struct mbuf *m, const struct sadb_msghdr *mhp, 3281 int *errp, const char* where, int tag) 3282 { 3283 struct secasvar *newsav; 3284 const struct sadb_sa *xsa; 3285 3286 KASSERT(!cpu_softintr_p()); 3287 KASSERT(m != NULL); 3288 KASSERT(mhp != NULL); 3289 KASSERT(mhp->msg != NULL); 3290 3291 newsav = kmem_zalloc(sizeof(struct secasvar), KM_SLEEP); 3292 3293 switch (mhp->msg->sadb_msg_type) { 3294 case SADB_GETSPI: 3295 newsav->spi = 0; 3296 3297 #ifdef IPSEC_DOSEQCHECK 3298 /* sync sequence number */ 3299 if (mhp->msg->sadb_msg_seq == 0) 3300 newsav->seq = 3301 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq)); 3302 else 3303 #endif 3304 newsav->seq = mhp->msg->sadb_msg_seq; 3305 break; 3306 3307 case SADB_ADD: 3308 /* sanity check */ 3309 if (mhp->ext[SADB_EXT_SA] == NULL) { 3310 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 3311 *errp = EINVAL; 3312 goto error; 3313 } 3314 xsa = mhp->ext[SADB_EXT_SA]; 3315 newsav->spi = xsa->sadb_sa_spi; 3316 newsav->seq = mhp->msg->sadb_msg_seq; 3317 break; 3318 default: 3319 *errp = EINVAL; 3320 goto error; 3321 } 3322 3323 /* copy sav values */ 3324 if (mhp->msg->sadb_msg_type != SADB_GETSPI) { 3325 *errp = key_setsaval(newsav, m, mhp); 3326 if (*errp) 3327 goto error; 3328 } else { 3329 /* We don't allow lft_c to be NULL */ 3330 newsav->lft_c = kmem_zalloc(sizeof(struct sadb_lifetime), 3331 KM_SLEEP); 3332 newsav->lft_c_counters_percpu = 3333 percpu_alloc(sizeof(lifetime_counters_t)); 3334 } 3335 3336 /* reset created */ 3337 newsav->created = time_uptime; 3338 newsav->pid = mhp->msg->sadb_msg_pid; 3339 3340 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 3341 "DP from %s:%u return SA:%p\n", where, tag, newsav); 3342 return newsav; 3343 3344 error: 3345 KASSERT(*errp != 0); 3346 kmem_free(newsav, sizeof(*newsav)); 3347 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 3348 "DP from %s:%u return SA:NULL\n", where, tag); 3349 return NULL; 3350 } 3351 3352 3353 static void 3354 key_clear_xform(struct secasvar *sav) 3355 { 3356 3357 /* 3358 * Cleanup xform state. Note that zeroize'ing causes the 3359 * keys to be cleared; otherwise we must do it ourself. 3360 */ 3361 if (sav->tdb_xform != NULL) { 3362 sav->tdb_xform->xf_zeroize(sav); 3363 sav->tdb_xform = NULL; 3364 } else { 3365 if (sav->key_auth != NULL) 3366 explicit_memset(_KEYBUF(sav->key_auth), 0, 3367 _KEYLEN(sav->key_auth)); 3368 if (sav->key_enc != NULL) 3369 explicit_memset(_KEYBUF(sav->key_enc), 0, 3370 _KEYLEN(sav->key_enc)); 3371 } 3372 } 3373 3374 /* 3375 * free() SA variable entry. 3376 */ 3377 static void 3378 key_delsav(struct secasvar *sav) 3379 { 3380 3381 key_clear_xform(sav); 3382 key_freesaval(sav); 3383 kmem_free(sav, sizeof(*sav)); 3384 } 3385 3386 /* 3387 * Must be called in a pserialize read section. A held sah 3388 * must be released by key_sah_unref after use. 3389 */ 3390 static void 3391 key_sah_ref(struct secashead *sah) 3392 { 3393 3394 localcount_acquire(&sah->localcount); 3395 } 3396 3397 /* 3398 * Must be called without holding key_sad.lock because the lock 3399 * would be held in localcount_release. 3400 */ 3401 static void 3402 key_sah_unref(struct secashead *sah) 3403 { 3404 3405 KDASSERT(mutex_ownable(&key_sad.lock)); 3406 3407 localcount_release(&sah->localcount, &key_sad.cv_lc, &key_sad.lock); 3408 } 3409 3410 /* 3411 * Search SAD and return sah. Must be called in a pserialize 3412 * read section. 3413 * OUT: 3414 * NULL : not found 3415 * others : found, pointer to a SA. 3416 */ 3417 static struct secashead * 3418 key_getsah(const struct secasindex *saidx, int flag) 3419 { 3420 struct secashead *sah; 3421 3422 SAHLIST_READER_FOREACH_SAIDX(sah, saidx) { 3423 if (sah->state == SADB_SASTATE_DEAD) 3424 continue; 3425 if (key_saidx_match(&sah->saidx, saidx, flag)) 3426 return sah; 3427 } 3428 3429 return NULL; 3430 } 3431 3432 /* 3433 * Search SAD and return sah. If sah is returned, the caller must call 3434 * key_sah_unref to releaset a reference. 3435 * OUT: 3436 * NULL : not found 3437 * others : found, pointer to a SA. 3438 */ 3439 static struct secashead * 3440 key_getsah_ref(const struct secasindex *saidx, int flag) 3441 { 3442 struct secashead *sah; 3443 int s; 3444 3445 s = pserialize_read_enter(); 3446 sah = key_getsah(saidx, flag); 3447 if (sah != NULL) 3448 key_sah_ref(sah); 3449 pserialize_read_exit(s); 3450 3451 return sah; 3452 } 3453 3454 /* 3455 * check not to be duplicated SPI. 3456 * NOTE: this function is too slow due to searching all SAD. 3457 * OUT: 3458 * NULL : not found 3459 * others : found, pointer to a SA. 3460 */ 3461 static bool 3462 key_checkspidup(const struct secasindex *saidx, u_int32_t spi) 3463 { 3464 struct secashead *sah; 3465 struct secasvar *sav; 3466 3467 /* check address family */ 3468 if (saidx->src.sa.sa_family != saidx->dst.sa.sa_family) { 3469 IPSECLOG(LOG_DEBUG, 3470 "address family mismatched src %u, dst %u.\n", 3471 saidx->src.sa.sa_family, saidx->dst.sa.sa_family); 3472 return false; 3473 } 3474 3475 /* check all SAD */ 3476 /* key_ismyaddr may sleep, so use mutex, not pserialize, here. */ 3477 mutex_enter(&key_sad.lock); 3478 SAHLIST_WRITER_FOREACH(sah) { 3479 if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst)) 3480 continue; 3481 sav = key_getsavbyspi(sah, spi); 3482 if (sav != NULL) { 3483 KEY_SA_UNREF(&sav); 3484 mutex_exit(&key_sad.lock); 3485 return true; 3486 } 3487 } 3488 mutex_exit(&key_sad.lock); 3489 3490 return false; 3491 } 3492 3493 /* 3494 * search SAD litmited alive SA, protocol, SPI. 3495 * OUT: 3496 * NULL : not found 3497 * others : found, pointer to a SA. 3498 */ 3499 static struct secasvar * 3500 key_getsavbyspi(struct secashead *sah, u_int32_t spi) 3501 { 3502 struct secasvar *sav = NULL; 3503 u_int state; 3504 int s; 3505 3506 /* search all status */ 3507 s = pserialize_read_enter(); 3508 SASTATE_ALIVE_FOREACH(state) { 3509 SAVLIST_READER_FOREACH(sav, sah, state) { 3510 /* sanity check */ 3511 if (sav->state != state) { 3512 IPSECLOG(LOG_DEBUG, 3513 "invalid sav->state (queue: %d SA: %d)\n", 3514 state, sav->state); 3515 continue; 3516 } 3517 3518 if (sav->spi == spi) { 3519 KEY_SA_REF(sav); 3520 goto out; 3521 } 3522 } 3523 } 3524 out: 3525 pserialize_read_exit(s); 3526 3527 return sav; 3528 } 3529 3530 /* 3531 * Search SAD litmited alive SA by an SPI and remove it from a list. 3532 * OUT: 3533 * NULL : not found 3534 * others : found, pointer to a SA. 3535 */ 3536 static struct secasvar * 3537 key_lookup_and_remove_sav(struct secashead *sah, u_int32_t spi, 3538 const struct secasvar *hint) 3539 { 3540 struct secasvar *sav = NULL; 3541 u_int state; 3542 3543 /* search all status */ 3544 mutex_enter(&key_sad.lock); 3545 SASTATE_ALIVE_FOREACH(state) { 3546 SAVLIST_WRITER_FOREACH(sav, sah, state) { 3547 KASSERT(sav->state == state); 3548 3549 if (sav->spi == spi) { 3550 if (hint != NULL && hint != sav) 3551 continue; 3552 sav->state = SADB_SASTATE_DEAD; 3553 SAVLIST_WRITER_REMOVE(sav); 3554 SAVLUT_WRITER_REMOVE(sav); 3555 goto out; 3556 } 3557 } 3558 } 3559 out: 3560 mutex_exit(&key_sad.lock); 3561 3562 return sav; 3563 } 3564 3565 /* 3566 * Free allocated data to member variables of sav: 3567 * sav->replay, sav->key_* and sav->lft_*. 3568 */ 3569 static void 3570 key_freesaval(struct secasvar *sav) 3571 { 3572 3573 KASSERTMSG(key_sa_refcnt(sav) == 0, "key_sa_refcnt(sav)=%u", 3574 key_sa_refcnt(sav)); 3575 3576 if (sav->replay != NULL) 3577 kmem_intr_free(sav->replay, sav->replay_len); 3578 if (sav->key_auth != NULL) 3579 kmem_intr_free(sav->key_auth, sav->key_auth_len); 3580 if (sav->key_enc != NULL) 3581 kmem_intr_free(sav->key_enc, sav->key_enc_len); 3582 if (sav->lft_c_counters_percpu != NULL) { 3583 percpu_free(sav->lft_c_counters_percpu, 3584 sizeof(lifetime_counters_t)); 3585 } 3586 if (sav->lft_c != NULL) 3587 kmem_intr_free(sav->lft_c, sizeof(*(sav->lft_c))); 3588 if (sav->lft_h != NULL) 3589 kmem_intr_free(sav->lft_h, sizeof(*(sav->lft_h))); 3590 if (sav->lft_s != NULL) 3591 kmem_intr_free(sav->lft_s, sizeof(*(sav->lft_s))); 3592 } 3593 3594 /* 3595 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*. 3596 * You must update these if need. 3597 * OUT: 0: success. 3598 * !0: failure. 3599 * 3600 * does not modify mbuf. does not free mbuf on error. 3601 */ 3602 static int 3603 key_setsaval(struct secasvar *sav, struct mbuf *m, 3604 const struct sadb_msghdr *mhp) 3605 { 3606 int error = 0; 3607 3608 KASSERT(!cpu_softintr_p()); 3609 KASSERT(m != NULL); 3610 KASSERT(mhp != NULL); 3611 KASSERT(mhp->msg != NULL); 3612 3613 /* We shouldn't initialize sav variables while someone uses it. */ 3614 KASSERTMSG(key_sa_refcnt(sav) == 0, "key_sa_refcnt(sav)=%u", 3615 key_sa_refcnt(sav)); 3616 3617 /* SA */ 3618 if (mhp->ext[SADB_EXT_SA] != NULL) { 3619 const struct sadb_sa *sa0; 3620 3621 sa0 = mhp->ext[SADB_EXT_SA]; 3622 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) { 3623 error = EINVAL; 3624 goto fail; 3625 } 3626 3627 sav->alg_auth = sa0->sadb_sa_auth; 3628 sav->alg_enc = sa0->sadb_sa_encrypt; 3629 sav->flags = sa0->sadb_sa_flags; 3630 3631 /* replay window */ 3632 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) { 3633 size_t len = sizeof(struct secreplay) + 3634 sa0->sadb_sa_replay; 3635 sav->replay = kmem_zalloc(len, KM_SLEEP); 3636 sav->replay_len = len; 3637 if (sa0->sadb_sa_replay != 0) 3638 sav->replay->bitmap = (char*)(sav->replay+1); 3639 sav->replay->wsize = sa0->sadb_sa_replay; 3640 } 3641 } 3642 3643 /* Authentication keys */ 3644 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) { 3645 const struct sadb_key *key0; 3646 int len; 3647 3648 key0 = mhp->ext[SADB_EXT_KEY_AUTH]; 3649 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3650 3651 error = 0; 3652 if (len < sizeof(*key0)) { 3653 error = EINVAL; 3654 goto fail; 3655 } 3656 switch (mhp->msg->sadb_msg_satype) { 3657 case SADB_SATYPE_AH: 3658 case SADB_SATYPE_ESP: 3659 case SADB_X_SATYPE_TCPSIGNATURE: 3660 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3661 sav->alg_auth != SADB_X_AALG_NULL) 3662 error = EINVAL; 3663 break; 3664 case SADB_X_SATYPE_IPCOMP: 3665 default: 3666 error = EINVAL; 3667 break; 3668 } 3669 if (error) { 3670 IPSECLOG(LOG_DEBUG, "invalid key_auth values.\n"); 3671 goto fail; 3672 } 3673 3674 sav->key_auth = key_newbuf(key0, len); 3675 sav->key_auth_len = len; 3676 } 3677 3678 /* Encryption key */ 3679 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) { 3680 const struct sadb_key *key0; 3681 int len; 3682 3683 key0 = mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3684 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3685 3686 error = 0; 3687 if (len < sizeof(*key0)) { 3688 error = EINVAL; 3689 goto fail; 3690 } 3691 switch (mhp->msg->sadb_msg_satype) { 3692 case SADB_SATYPE_ESP: 3693 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3694 sav->alg_enc != SADB_EALG_NULL) { 3695 error = EINVAL; 3696 break; 3697 } 3698 sav->key_enc = key_newbuf(key0, len); 3699 sav->key_enc_len = len; 3700 break; 3701 case SADB_X_SATYPE_IPCOMP: 3702 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3703 error = EINVAL; 3704 sav->key_enc = NULL; /*just in case*/ 3705 break; 3706 case SADB_SATYPE_AH: 3707 case SADB_X_SATYPE_TCPSIGNATURE: 3708 default: 3709 error = EINVAL; 3710 break; 3711 } 3712 if (error) { 3713 IPSECLOG(LOG_DEBUG, "invalid key_enc value.\n"); 3714 goto fail; 3715 } 3716 } 3717 3718 /* set iv */ 3719 sav->ivlen = 0; 3720 3721 switch (mhp->msg->sadb_msg_satype) { 3722 case SADB_SATYPE_AH: 3723 error = xform_init(sav, XF_AH); 3724 break; 3725 case SADB_SATYPE_ESP: 3726 error = xform_init(sav, XF_ESP); 3727 break; 3728 case SADB_X_SATYPE_IPCOMP: 3729 error = xform_init(sav, XF_IPCOMP); 3730 break; 3731 case SADB_X_SATYPE_TCPSIGNATURE: 3732 error = xform_init(sav, XF_TCPSIGNATURE); 3733 break; 3734 default: 3735 error = EOPNOTSUPP; 3736 break; 3737 } 3738 if (error) { 3739 IPSECLOG(LOG_DEBUG, "unable to initialize SA type %u (%d)\n", 3740 mhp->msg->sadb_msg_satype, error); 3741 goto fail; 3742 } 3743 3744 /* reset created */ 3745 sav->created = time_uptime; 3746 3747 /* make lifetime for CURRENT */ 3748 sav->lft_c = kmem_alloc(sizeof(struct sadb_lifetime), KM_SLEEP); 3749 3750 sav->lft_c->sadb_lifetime_len = 3751 PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 3752 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 3753 sav->lft_c->sadb_lifetime_allocations = 0; 3754 sav->lft_c->sadb_lifetime_bytes = 0; 3755 sav->lft_c->sadb_lifetime_addtime = time_uptime; 3756 sav->lft_c->sadb_lifetime_usetime = 0; 3757 3758 sav->lft_c_counters_percpu = percpu_alloc(sizeof(lifetime_counters_t)); 3759 3760 /* lifetimes for HARD and SOFT */ 3761 { 3762 const struct sadb_lifetime *lft0; 3763 3764 lft0 = mhp->ext[SADB_EXT_LIFETIME_HARD]; 3765 if (lft0 != NULL) { 3766 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) { 3767 error = EINVAL; 3768 goto fail; 3769 } 3770 sav->lft_h = key_newbuf(lft0, sizeof(*lft0)); 3771 } 3772 3773 lft0 = mhp->ext[SADB_EXT_LIFETIME_SOFT]; 3774 if (lft0 != NULL) { 3775 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) { 3776 error = EINVAL; 3777 goto fail; 3778 } 3779 sav->lft_s = key_newbuf(lft0, sizeof(*lft0)); 3780 /* to be initialize ? */ 3781 } 3782 } 3783 3784 return 0; 3785 3786 fail: 3787 key_clear_xform(sav); 3788 key_freesaval(sav); 3789 3790 return error; 3791 } 3792 3793 /* 3794 * validation with a secasvar entry, and set SADB_SATYPE_MATURE. 3795 * OUT: 0: valid 3796 * other: errno 3797 */ 3798 static int 3799 key_init_xform(struct secasvar *sav) 3800 { 3801 int error; 3802 3803 /* We shouldn't initialize sav variables while someone uses it. */ 3804 KASSERTMSG(key_sa_refcnt(sav) == 0, "key_sa_refcnt(sav)=%u", 3805 key_sa_refcnt(sav)); 3806 3807 /* check SPI value */ 3808 switch (sav->sah->saidx.proto) { 3809 case IPPROTO_ESP: 3810 case IPPROTO_AH: 3811 if (ntohl(sav->spi) <= 255) { 3812 IPSECLOG(LOG_DEBUG, "illegal range of SPI %u.\n", 3813 (u_int32_t)ntohl(sav->spi)); 3814 return EINVAL; 3815 } 3816 break; 3817 } 3818 3819 /* check algo */ 3820 switch (sav->sah->saidx.proto) { 3821 case IPPROTO_AH: 3822 case IPPROTO_TCP: 3823 if (sav->alg_enc != SADB_EALG_NONE) { 3824 IPSECLOG(LOG_DEBUG, 3825 "protocol %u and algorithm mismatched %u != %u.\n", 3826 sav->sah->saidx.proto, 3827 sav->alg_enc, SADB_EALG_NONE); 3828 return EINVAL; 3829 } 3830 break; 3831 case IPPROTO_IPCOMP: 3832 if (sav->alg_auth != SADB_AALG_NONE) { 3833 IPSECLOG(LOG_DEBUG, 3834 "protocol %u and algorithm mismatched %d != %d.\n", 3835 sav->sah->saidx.proto, 3836 sav->alg_auth, SADB_AALG_NONE); 3837 return(EINVAL); 3838 } 3839 break; 3840 default: 3841 break; 3842 } 3843 3844 /* check satype */ 3845 switch (sav->sah->saidx.proto) { 3846 case IPPROTO_ESP: 3847 /* check flags */ 3848 if ((sav->flags & (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) == 3849 (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) { 3850 IPSECLOG(LOG_DEBUG, 3851 "invalid flag (derived) given to old-esp.\n"); 3852 return EINVAL; 3853 } 3854 error = xform_init(sav, XF_ESP); 3855 break; 3856 case IPPROTO_AH: 3857 /* check flags */ 3858 if (sav->flags & SADB_X_EXT_DERIV) { 3859 IPSECLOG(LOG_DEBUG, 3860 "invalid flag (derived) given to AH SA.\n"); 3861 return EINVAL; 3862 } 3863 error = xform_init(sav, XF_AH); 3864 break; 3865 case IPPROTO_IPCOMP: 3866 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 3867 && ntohl(sav->spi) >= 0x10000) { 3868 IPSECLOG(LOG_DEBUG, "invalid cpi for IPComp.\n"); 3869 return(EINVAL); 3870 } 3871 error = xform_init(sav, XF_IPCOMP); 3872 break; 3873 case IPPROTO_TCP: 3874 error = xform_init(sav, XF_TCPSIGNATURE); 3875 break; 3876 default: 3877 IPSECLOG(LOG_DEBUG, "Invalid satype.\n"); 3878 error = EPROTONOSUPPORT; 3879 break; 3880 } 3881 3882 return error; 3883 } 3884 3885 /* 3886 * subroutine for SADB_GET and SADB_DUMP. It never return NULL. 3887 */ 3888 static struct mbuf * 3889 key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype, 3890 u_int32_t seq, u_int32_t pid) 3891 { 3892 struct mbuf *result = NULL, *tres = NULL, *m; 3893 int l = 0; 3894 int i; 3895 void *p; 3896 struct sadb_lifetime lt; 3897 int dumporder[] = { 3898 SADB_EXT_SA, SADB_X_EXT_SA2, 3899 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3900 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3901 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH, 3902 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC, 3903 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY, 3904 SADB_X_EXT_NAT_T_TYPE, 3905 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, 3906 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, 3907 SADB_X_EXT_NAT_T_FRAG, 3908 3909 }; 3910 3911 m = key_setsadbmsg(type, 0, satype, seq, pid, key_sa_refcnt(sav), M_WAITOK); 3912 result = m; 3913 3914 for (i = __arraycount(dumporder) - 1; i >= 0; i--) { 3915 m = NULL; 3916 p = NULL; 3917 switch (dumporder[i]) { 3918 case SADB_EXT_SA: 3919 m = key_setsadbsa(sav); 3920 break; 3921 3922 case SADB_X_EXT_SA2: 3923 m = key_setsadbxsa2(sav->sah->saidx.mode, 3924 sav->replay ? sav->replay->count : 0, 3925 sav->sah->saidx.reqid); 3926 break; 3927 3928 case SADB_EXT_ADDRESS_SRC: 3929 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3930 &sav->sah->saidx.src.sa, 3931 FULLMASK, IPSEC_ULPROTO_ANY, M_WAITOK); 3932 break; 3933 3934 case SADB_EXT_ADDRESS_DST: 3935 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3936 &sav->sah->saidx.dst.sa, 3937 FULLMASK, IPSEC_ULPROTO_ANY, M_WAITOK); 3938 break; 3939 3940 case SADB_EXT_KEY_AUTH: 3941 if (!sav->key_auth) 3942 continue; 3943 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len); 3944 p = sav->key_auth; 3945 break; 3946 3947 case SADB_EXT_KEY_ENCRYPT: 3948 if (!sav->key_enc) 3949 continue; 3950 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len); 3951 p = sav->key_enc; 3952 break; 3953 3954 case SADB_EXT_LIFETIME_CURRENT: { 3955 lifetime_counters_t sum = {0}; 3956 3957 KASSERT(sav->lft_c != NULL); 3958 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len); 3959 memcpy(<, sav->lft_c, sizeof(struct sadb_lifetime)); 3960 lt.sadb_lifetime_addtime = 3961 time_mono_to_wall(lt.sadb_lifetime_addtime); 3962 lt.sadb_lifetime_usetime = 3963 time_mono_to_wall(lt.sadb_lifetime_usetime); 3964 percpu_foreach(sav->lft_c_counters_percpu, 3965 key_sum_lifetime_counters, sum); 3966 lt.sadb_lifetime_allocations = 3967 sum[LIFETIME_COUNTER_ALLOCATIONS]; 3968 lt.sadb_lifetime_bytes = 3969 sum[LIFETIME_COUNTER_BYTES]; 3970 p = < 3971 break; 3972 } 3973 3974 case SADB_EXT_LIFETIME_HARD: 3975 if (!sav->lft_h) 3976 continue; 3977 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len); 3978 p = sav->lft_h; 3979 break; 3980 3981 case SADB_EXT_LIFETIME_SOFT: 3982 if (!sav->lft_s) 3983 continue; 3984 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len); 3985 p = sav->lft_s; 3986 break; 3987 3988 case SADB_X_EXT_NAT_T_TYPE: 3989 m = key_setsadbxtype(sav->natt_type); 3990 break; 3991 3992 case SADB_X_EXT_NAT_T_DPORT: 3993 if (sav->natt_type == 0) 3994 continue; 3995 m = key_setsadbxport( 3996 key_portfromsaddr(&sav->sah->saidx.dst), 3997 SADB_X_EXT_NAT_T_DPORT); 3998 break; 3999 4000 case SADB_X_EXT_NAT_T_SPORT: 4001 if (sav->natt_type == 0) 4002 continue; 4003 m = key_setsadbxport( 4004 key_portfromsaddr(&sav->sah->saidx.src), 4005 SADB_X_EXT_NAT_T_SPORT); 4006 break; 4007 4008 case SADB_X_EXT_NAT_T_FRAG: 4009 /* don't send frag info if not set */ 4010 if (sav->natt_type == 0 || sav->esp_frag == IP_MAXPACKET) 4011 continue; 4012 m = key_setsadbxfrag(sav->esp_frag); 4013 break; 4014 4015 case SADB_X_EXT_NAT_T_OAI: 4016 case SADB_X_EXT_NAT_T_OAR: 4017 continue; 4018 4019 case SADB_EXT_ADDRESS_PROXY: 4020 case SADB_EXT_IDENTITY_SRC: 4021 case SADB_EXT_IDENTITY_DST: 4022 /* XXX: should we brought from SPD ? */ 4023 case SADB_EXT_SENSITIVITY: 4024 default: 4025 continue; 4026 } 4027 4028 KASSERT(!(m && p)); 4029 KASSERT(m != NULL || p != NULL); 4030 if (p && tres) { 4031 M_PREPEND(tres, l, M_WAITOK); 4032 memcpy(mtod(tres, void *), p, l); 4033 continue; 4034 } 4035 if (p) { 4036 m = key_alloc_mbuf(l, M_WAITOK); 4037 m_copyback(m, 0, l, p); 4038 } 4039 4040 if (tres) 4041 m_cat(m, tres); 4042 tres = m; 4043 } 4044 4045 m_cat(result, tres); 4046 tres = NULL; /* avoid free on error below */ 4047 4048 KASSERT(result->m_len >= sizeof(struct sadb_msg)); 4049 4050 result->m_pkthdr.len = 0; 4051 for (m = result; m; m = m->m_next) 4052 result->m_pkthdr.len += m->m_len; 4053 4054 mtod(result, struct sadb_msg *)->sadb_msg_len = 4055 PFKEY_UNIT64(result->m_pkthdr.len); 4056 4057 return result; 4058 } 4059 4060 4061 /* 4062 * set a type in sadb_x_nat_t_type 4063 */ 4064 static struct mbuf * 4065 key_setsadbxtype(u_int16_t type) 4066 { 4067 struct mbuf *m; 4068 size_t len; 4069 struct sadb_x_nat_t_type *p; 4070 4071 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); 4072 4073 m = key_alloc_mbuf(len, M_WAITOK); 4074 KASSERT(m->m_next == NULL); 4075 4076 p = mtod(m, struct sadb_x_nat_t_type *); 4077 4078 memset(p, 0, len); 4079 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); 4080 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 4081 p->sadb_x_nat_t_type_type = type; 4082 4083 return m; 4084 } 4085 /* 4086 * set a port in sadb_x_nat_t_port. port is in network order 4087 */ 4088 static struct mbuf * 4089 key_setsadbxport(u_int16_t port, u_int16_t type) 4090 { 4091 struct mbuf *m; 4092 size_t len; 4093 struct sadb_x_nat_t_port *p; 4094 4095 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); 4096 4097 m = key_alloc_mbuf(len, M_WAITOK); 4098 KASSERT(m->m_next == NULL); 4099 4100 p = mtod(m, struct sadb_x_nat_t_port *); 4101 4102 memset(p, 0, len); 4103 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); 4104 p->sadb_x_nat_t_port_exttype = type; 4105 p->sadb_x_nat_t_port_port = port; 4106 4107 return m; 4108 } 4109 4110 /* 4111 * set fragmentation info in sadb_x_nat_t_frag 4112 */ 4113 static struct mbuf * 4114 key_setsadbxfrag(u_int16_t flen) 4115 { 4116 struct mbuf *m; 4117 size_t len; 4118 struct sadb_x_nat_t_frag *p; 4119 4120 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_frag)); 4121 4122 m = key_alloc_mbuf(len, M_WAITOK); 4123 KASSERT(m->m_next == NULL); 4124 4125 p = mtod(m, struct sadb_x_nat_t_frag *); 4126 4127 memset(p, 0, len); 4128 p->sadb_x_nat_t_frag_len = PFKEY_UNIT64(len); 4129 p->sadb_x_nat_t_frag_exttype = SADB_X_EXT_NAT_T_FRAG; 4130 p->sadb_x_nat_t_frag_fraglen = flen; 4131 4132 return m; 4133 } 4134 4135 /* 4136 * Get port from sockaddr, port is in network order 4137 */ 4138 u_int16_t 4139 key_portfromsaddr(const union sockaddr_union *saddr) 4140 { 4141 u_int16_t port; 4142 4143 switch (saddr->sa.sa_family) { 4144 case AF_INET: { 4145 port = saddr->sin.sin_port; 4146 break; 4147 } 4148 #ifdef INET6 4149 case AF_INET6: { 4150 port = saddr->sin6.sin6_port; 4151 break; 4152 } 4153 #endif 4154 default: 4155 printf("%s: unexpected address family\n", __func__); 4156 port = 0; 4157 break; 4158 } 4159 4160 return port; 4161 } 4162 4163 4164 /* 4165 * Set port is struct sockaddr. port is in network order 4166 */ 4167 static void 4168 key_porttosaddr(union sockaddr_union *saddr, u_int16_t port) 4169 { 4170 switch (saddr->sa.sa_family) { 4171 case AF_INET: { 4172 saddr->sin.sin_port = port; 4173 break; 4174 } 4175 #ifdef INET6 4176 case AF_INET6: { 4177 saddr->sin6.sin6_port = port; 4178 break; 4179 } 4180 #endif 4181 default: 4182 printf("%s: unexpected address family %d\n", __func__, 4183 saddr->sa.sa_family); 4184 break; 4185 } 4186 4187 return; 4188 } 4189 4190 /* 4191 * Safety check sa_len 4192 */ 4193 static int 4194 key_checksalen(const union sockaddr_union *saddr) 4195 { 4196 switch (saddr->sa.sa_family) { 4197 case AF_INET: 4198 if (saddr->sa.sa_len != sizeof(struct sockaddr_in)) 4199 return -1; 4200 break; 4201 #ifdef INET6 4202 case AF_INET6: 4203 if (saddr->sa.sa_len != sizeof(struct sockaddr_in6)) 4204 return -1; 4205 break; 4206 #endif 4207 default: 4208 printf("%s: unexpected sa_family %d\n", __func__, 4209 saddr->sa.sa_family); 4210 return -1; 4211 break; 4212 } 4213 return 0; 4214 } 4215 4216 4217 /* 4218 * set data into sadb_msg. 4219 */ 4220 static struct mbuf * 4221 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, 4222 u_int32_t seq, pid_t pid, u_int16_t reserved, int mflag) 4223 { 4224 struct mbuf *m; 4225 struct sadb_msg *p; 4226 int len; 4227 4228 CTASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) <= MCLBYTES); 4229 4230 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 4231 4232 m = key_alloc_mbuf_simple(len, mflag); 4233 if (!m) 4234 return NULL; 4235 m->m_pkthdr.len = m->m_len = len; 4236 m->m_next = NULL; 4237 4238 p = mtod(m, struct sadb_msg *); 4239 4240 memset(p, 0, len); 4241 p->sadb_msg_version = PF_KEY_V2; 4242 p->sadb_msg_type = type; 4243 p->sadb_msg_errno = 0; 4244 p->sadb_msg_satype = satype; 4245 p->sadb_msg_len = PFKEY_UNIT64(tlen); 4246 p->sadb_msg_reserved = reserved; 4247 p->sadb_msg_seq = seq; 4248 p->sadb_msg_pid = (u_int32_t)pid; 4249 4250 return m; 4251 } 4252 4253 /* 4254 * copy secasvar data into sadb_address. 4255 */ 4256 static struct mbuf * 4257 key_setsadbsa(struct secasvar *sav) 4258 { 4259 struct mbuf *m; 4260 struct sadb_sa *p; 4261 int len; 4262 4263 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4264 m = key_alloc_mbuf(len, M_WAITOK); 4265 KASSERT(m->m_next == NULL); 4266 4267 p = mtod(m, struct sadb_sa *); 4268 4269 memset(p, 0, len); 4270 p->sadb_sa_len = PFKEY_UNIT64(len); 4271 p->sadb_sa_exttype = SADB_EXT_SA; 4272 p->sadb_sa_spi = sav->spi; 4273 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0); 4274 p->sadb_sa_state = sav->state; 4275 p->sadb_sa_auth = sav->alg_auth; 4276 p->sadb_sa_encrypt = sav->alg_enc; 4277 p->sadb_sa_flags = sav->flags; 4278 4279 return m; 4280 } 4281 4282 static uint8_t 4283 key_sabits(const struct sockaddr *saddr) 4284 { 4285 switch (saddr->sa_family) { 4286 case AF_INET: 4287 return _BITS(sizeof(struct in_addr)); 4288 case AF_INET6: 4289 return _BITS(sizeof(struct in6_addr)); 4290 default: 4291 return FULLMASK; 4292 } 4293 } 4294 4295 /* 4296 * set data into sadb_address. 4297 */ 4298 static struct mbuf * 4299 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, 4300 u_int8_t prefixlen, u_int16_t ul_proto, int mflag) 4301 { 4302 struct mbuf *m; 4303 struct sadb_address *p; 4304 size_t len; 4305 4306 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 4307 PFKEY_ALIGN8(saddr->sa_len); 4308 m = key_alloc_mbuf(len, mflag); 4309 if (!m || m->m_next) { /*XXX*/ 4310 if (m) 4311 m_freem(m); 4312 return NULL; 4313 } 4314 4315 p = mtod(m, struct sadb_address *); 4316 4317 memset(p, 0, len); 4318 p->sadb_address_len = PFKEY_UNIT64(len); 4319 p->sadb_address_exttype = exttype; 4320 p->sadb_address_proto = ul_proto; 4321 if (prefixlen == FULLMASK) { 4322 prefixlen = key_sabits(saddr); 4323 } 4324 p->sadb_address_prefixlen = prefixlen; 4325 p->sadb_address_reserved = 0; 4326 4327 memcpy(mtod(m, char *) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 4328 saddr, saddr->sa_len); 4329 4330 return m; 4331 } 4332 4333 #if 0 4334 /* 4335 * set data into sadb_ident. 4336 */ 4337 static struct mbuf * 4338 key_setsadbident(u_int16_t exttype, u_int16_t idtype, 4339 void *string, int stringlen, u_int64_t id) 4340 { 4341 struct mbuf *m; 4342 struct sadb_ident *p; 4343 size_t len; 4344 4345 len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen); 4346 m = key_alloc_mbuf(len); 4347 if (!m || m->m_next) { /*XXX*/ 4348 if (m) 4349 m_freem(m); 4350 return NULL; 4351 } 4352 4353 p = mtod(m, struct sadb_ident *); 4354 4355 memset(p, 0, len); 4356 p->sadb_ident_len = PFKEY_UNIT64(len); 4357 p->sadb_ident_exttype = exttype; 4358 p->sadb_ident_type = idtype; 4359 p->sadb_ident_reserved = 0; 4360 p->sadb_ident_id = id; 4361 4362 memcpy(mtod(m, void *) + PFKEY_ALIGN8(sizeof(struct sadb_ident)), 4363 string, stringlen); 4364 4365 return m; 4366 } 4367 #endif 4368 4369 /* 4370 * set data into sadb_x_sa2. 4371 */ 4372 static struct mbuf * 4373 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int16_t reqid) 4374 { 4375 struct mbuf *m; 4376 struct sadb_x_sa2 *p; 4377 size_t len; 4378 4379 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 4380 m = key_alloc_mbuf(len, M_WAITOK); 4381 KASSERT(m->m_next == NULL); 4382 4383 p = mtod(m, struct sadb_x_sa2 *); 4384 4385 memset(p, 0, len); 4386 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 4387 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 4388 p->sadb_x_sa2_mode = mode; 4389 p->sadb_x_sa2_reserved1 = 0; 4390 p->sadb_x_sa2_reserved2 = 0; 4391 p->sadb_x_sa2_sequence = seq; 4392 p->sadb_x_sa2_reqid = reqid; 4393 4394 return m; 4395 } 4396 4397 /* 4398 * set data into sadb_x_policy 4399 */ 4400 static struct mbuf * 4401 key_setsadbxpolicy(const u_int16_t type, const u_int8_t dir, const u_int32_t id, 4402 int mflag) 4403 { 4404 struct mbuf *m; 4405 struct sadb_x_policy *p; 4406 size_t len; 4407 4408 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 4409 m = key_alloc_mbuf(len, mflag); 4410 if (!m || m->m_next) { /*XXX*/ 4411 if (m) 4412 m_freem(m); 4413 return NULL; 4414 } 4415 4416 p = mtod(m, struct sadb_x_policy *); 4417 4418 memset(p, 0, len); 4419 p->sadb_x_policy_len = PFKEY_UNIT64(len); 4420 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 4421 p->sadb_x_policy_type = type; 4422 p->sadb_x_policy_dir = dir; 4423 p->sadb_x_policy_id = id; 4424 4425 return m; 4426 } 4427 4428 /* %%% utilities */ 4429 /* 4430 * copy a buffer into the new buffer allocated. 4431 */ 4432 static void * 4433 key_newbuf(const void *src, u_int len) 4434 { 4435 void *new; 4436 4437 new = kmem_alloc(len, KM_SLEEP); 4438 memcpy(new, src, len); 4439 4440 return new; 4441 } 4442 4443 /* compare my own address 4444 * OUT: 1: true, i.e. my address. 4445 * 0: false 4446 */ 4447 int 4448 key_ismyaddr(const struct sockaddr *sa) 4449 { 4450 #ifdef INET 4451 const struct sockaddr_in *sin; 4452 const struct in_ifaddr *ia; 4453 int s; 4454 #endif 4455 4456 KASSERT(sa != NULL); 4457 4458 switch (sa->sa_family) { 4459 #ifdef INET 4460 case AF_INET: 4461 sin = (const struct sockaddr_in *)sa; 4462 s = pserialize_read_enter(); 4463 IN_ADDRLIST_READER_FOREACH(ia) { 4464 if (sin->sin_family == ia->ia_addr.sin_family && 4465 sin->sin_len == ia->ia_addr.sin_len && 4466 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr) 4467 { 4468 pserialize_read_exit(s); 4469 return 1; 4470 } 4471 } 4472 pserialize_read_exit(s); 4473 break; 4474 #endif 4475 #ifdef INET6 4476 case AF_INET6: 4477 return key_ismyaddr6((const struct sockaddr_in6 *)sa); 4478 #endif 4479 } 4480 4481 return 0; 4482 } 4483 4484 #ifdef INET6 4485 /* 4486 * compare my own address for IPv6. 4487 * 1: ours 4488 * 0: other 4489 * NOTE: derived ip6_input() in KAME. This is necessary to modify more. 4490 */ 4491 #include <netinet6/in6_var.h> 4492 4493 static int 4494 key_ismyaddr6(const struct sockaddr_in6 *sin6) 4495 { 4496 struct in6_ifaddr *ia; 4497 int s; 4498 struct psref psref; 4499 int bound; 4500 int ours = 1; 4501 4502 bound = curlwp_bind(); 4503 s = pserialize_read_enter(); 4504 IN6_ADDRLIST_READER_FOREACH(ia) { 4505 if (key_sockaddr_match((const struct sockaddr *)&sin6, 4506 (const struct sockaddr *)&ia->ia_addr, 0)) { 4507 pserialize_read_exit(s); 4508 goto ours; 4509 } 4510 4511 if (IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { 4512 bool ingroup; 4513 4514 ia6_acquire(ia, &psref); 4515 pserialize_read_exit(s); 4516 4517 /* 4518 * XXX Multicast 4519 * XXX why do we care about multlicast here while we don't care 4520 * about IPv4 multicast?? 4521 * XXX scope 4522 */ 4523 ingroup = in6_multi_group(&sin6->sin6_addr, ia->ia_ifp); 4524 if (ingroup) { 4525 ia6_release(ia, &psref); 4526 goto ours; 4527 } 4528 4529 s = pserialize_read_enter(); 4530 ia6_release(ia, &psref); 4531 } 4532 4533 } 4534 pserialize_read_exit(s); 4535 4536 /* loopback, just for safety */ 4537 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr)) 4538 goto ours; 4539 4540 ours = 0; 4541 ours: 4542 curlwp_bindx(bound); 4543 4544 return ours; 4545 } 4546 #endif /*INET6*/ 4547 4548 /* 4549 * compare two secasindex structure. 4550 * flag can specify to compare 2 saidxes. 4551 * compare two secasindex structure without both mode and reqid. 4552 * don't compare port. 4553 * IN: 4554 * saidx0: source, it can be in SAD. 4555 * saidx1: object. 4556 * OUT: 4557 * 1 : equal 4558 * 0 : not equal 4559 */ 4560 static int 4561 key_saidx_match( 4562 const struct secasindex *saidx0, 4563 const struct secasindex *saidx1, 4564 int flag) 4565 { 4566 int chkport; 4567 const struct sockaddr *sa0src, *sa0dst, *sa1src, *sa1dst; 4568 4569 KASSERT(saidx0 != NULL); 4570 KASSERT(saidx1 != NULL); 4571 4572 /* sanity */ 4573 if (saidx0->proto != saidx1->proto) 4574 return 0; 4575 4576 if (flag == CMP_EXACTLY) { 4577 if (saidx0->mode != saidx1->mode) 4578 return 0; 4579 if (saidx0->reqid != saidx1->reqid) 4580 return 0; 4581 if (memcmp(&saidx0->src, &saidx1->src, saidx0->src.sa.sa_len) != 0 || 4582 memcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.sa.sa_len) != 0) 4583 return 0; 4584 } else { 4585 4586 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 4587 if (flag == CMP_MODE_REQID ||flag == CMP_REQID) { 4588 /* 4589 * If reqid of SPD is non-zero, unique SA is required. 4590 * The result must be of same reqid in this case. 4591 */ 4592 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid) 4593 return 0; 4594 } 4595 4596 if (flag == CMP_MODE_REQID) { 4597 if (saidx0->mode != IPSEC_MODE_ANY && 4598 saidx0->mode != saidx1->mode) 4599 return 0; 4600 } 4601 4602 4603 sa0src = &saidx0->src.sa; 4604 sa0dst = &saidx0->dst.sa; 4605 sa1src = &saidx1->src.sa; 4606 sa1dst = &saidx1->dst.sa; 4607 /* 4608 * If NAT-T is enabled, check ports for tunnel mode. 4609 * For ipsecif(4), check ports for transport mode, too. 4610 * Don't check ports if they are set to zero 4611 * in the SPD: This means we have a non-generated 4612 * SPD which can't know UDP ports. 4613 */ 4614 if (saidx1->mode == IPSEC_MODE_TUNNEL || 4615 saidx1->mode == IPSEC_MODE_TRANSPORT) 4616 chkport = PORT_LOOSE; 4617 else 4618 chkport = PORT_NONE; 4619 4620 if (!key_sockaddr_match(sa0src, sa1src, chkport)) { 4621 return 0; 4622 } 4623 if (!key_sockaddr_match(sa0dst, sa1dst, chkport)) { 4624 return 0; 4625 } 4626 } 4627 4628 return 1; 4629 } 4630 4631 /* 4632 * compare two secindex structure exactly. 4633 * IN: 4634 * spidx0: source, it is often in SPD. 4635 * spidx1: object, it is often from PFKEY message. 4636 * OUT: 4637 * 1 : equal 4638 * 0 : not equal 4639 */ 4640 static int 4641 key_spidx_match_exactly( 4642 const struct secpolicyindex *spidx0, 4643 const struct secpolicyindex *spidx1) 4644 { 4645 4646 KASSERT(spidx0 != NULL); 4647 KASSERT(spidx1 != NULL); 4648 4649 /* sanity */ 4650 if (spidx0->prefs != spidx1->prefs || 4651 spidx0->prefd != spidx1->prefd || 4652 spidx0->ul_proto != spidx1->ul_proto) 4653 return 0; 4654 4655 return key_sockaddr_match(&spidx0->src.sa, &spidx1->src.sa, PORT_STRICT) && 4656 key_sockaddr_match(&spidx0->dst.sa, &spidx1->dst.sa, PORT_STRICT); 4657 } 4658 4659 /* 4660 * compare two secindex structure with mask. 4661 * IN: 4662 * spidx0: source, it is often in SPD. 4663 * spidx1: object, it is often from IP header. 4664 * OUT: 4665 * 1 : equal 4666 * 0 : not equal 4667 */ 4668 static int 4669 key_spidx_match_withmask( 4670 const struct secpolicyindex *spidx0, 4671 const struct secpolicyindex *spidx1) 4672 { 4673 4674 KASSERT(spidx0 != NULL); 4675 KASSERT(spidx1 != NULL); 4676 4677 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 4678 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 4679 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 4680 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 4681 return 0; 4682 4683 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 4684 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY && 4685 spidx0->ul_proto != spidx1->ul_proto) 4686 return 0; 4687 4688 switch (spidx0->src.sa.sa_family) { 4689 case AF_INET: 4690 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY && 4691 spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 4692 return 0; 4693 if (!key_bb_match_withmask(&spidx0->src.sin.sin_addr, 4694 &spidx1->src.sin.sin_addr, spidx0->prefs)) 4695 return 0; 4696 break; 4697 case AF_INET6: 4698 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY && 4699 spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 4700 return 0; 4701 /* 4702 * scope_id check. if sin6_scope_id is 0, we regard it 4703 * as a wildcard scope, which matches any scope zone ID. 4704 */ 4705 if (spidx0->src.sin6.sin6_scope_id && 4706 spidx1->src.sin6.sin6_scope_id && 4707 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 4708 return 0; 4709 if (!key_bb_match_withmask(&spidx0->src.sin6.sin6_addr, 4710 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 4711 return 0; 4712 break; 4713 default: 4714 /* XXX */ 4715 if (memcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 4716 return 0; 4717 break; 4718 } 4719 4720 switch (spidx0->dst.sa.sa_family) { 4721 case AF_INET: 4722 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY && 4723 spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 4724 return 0; 4725 if (!key_bb_match_withmask(&spidx0->dst.sin.sin_addr, 4726 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 4727 return 0; 4728 break; 4729 case AF_INET6: 4730 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY && 4731 spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 4732 return 0; 4733 /* 4734 * scope_id check. if sin6_scope_id is 0, we regard it 4735 * as a wildcard scope, which matches any scope zone ID. 4736 */ 4737 if (spidx0->src.sin6.sin6_scope_id && 4738 spidx1->src.sin6.sin6_scope_id && 4739 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 4740 return 0; 4741 if (!key_bb_match_withmask(&spidx0->dst.sin6.sin6_addr, 4742 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 4743 return 0; 4744 break; 4745 default: 4746 /* XXX */ 4747 if (memcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 4748 return 0; 4749 break; 4750 } 4751 4752 /* XXX Do we check other field ? e.g. flowinfo */ 4753 4754 return 1; 4755 } 4756 4757 /* returns 0 on match */ 4758 static int 4759 key_portcomp(in_port_t port1, in_port_t port2, int howport) 4760 { 4761 switch (howport) { 4762 case PORT_NONE: 4763 return 0; 4764 case PORT_LOOSE: 4765 if (port1 == 0 || port2 == 0) 4766 return 0; 4767 /*FALLTHROUGH*/ 4768 case PORT_STRICT: 4769 if (port1 != port2) { 4770 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 4771 "port fail %d != %d\n", port1, port2); 4772 return 1; 4773 } 4774 return 0; 4775 default: 4776 KASSERT(0); 4777 return 1; 4778 } 4779 } 4780 4781 /* returns 1 on match */ 4782 static int 4783 key_sockaddr_match( 4784 const struct sockaddr *sa1, 4785 const struct sockaddr *sa2, 4786 int howport) 4787 { 4788 const struct sockaddr_in *sin1, *sin2; 4789 const struct sockaddr_in6 *sin61, *sin62; 4790 char s1[IPSEC_ADDRSTRLEN], s2[IPSEC_ADDRSTRLEN]; 4791 4792 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) { 4793 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 4794 "fam/len fail %d != %d || %d != %d\n", 4795 sa1->sa_family, sa2->sa_family, sa1->sa_len, 4796 sa2->sa_len); 4797 return 0; 4798 } 4799 4800 switch (sa1->sa_family) { 4801 case AF_INET: 4802 if (sa1->sa_len != sizeof(struct sockaddr_in)) { 4803 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 4804 "len fail %d != %zu\n", 4805 sa1->sa_len, sizeof(struct sockaddr_in)); 4806 return 0; 4807 } 4808 sin1 = (const struct sockaddr_in *)sa1; 4809 sin2 = (const struct sockaddr_in *)sa2; 4810 if (sin1->sin_addr.s_addr != sin2->sin_addr.s_addr) { 4811 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 4812 "addr fail %s != %s\n", 4813 (in_print(s1, sizeof(s1), &sin1->sin_addr), s1), 4814 (in_print(s2, sizeof(s2), &sin2->sin_addr), s2)); 4815 return 0; 4816 } 4817 if (key_portcomp(sin1->sin_port, sin2->sin_port, howport)) { 4818 return 0; 4819 } 4820 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, 4821 "addr success %s[%d] == %s[%d]\n", 4822 (in_print(s1, sizeof(s1), &sin1->sin_addr), s1), 4823 sin1->sin_port, 4824 (in_print(s2, sizeof(s2), &sin2->sin_addr), s2), 4825 sin2->sin_port); 4826 break; 4827 case AF_INET6: 4828 sin61 = (const struct sockaddr_in6 *)sa1; 4829 sin62 = (const struct sockaddr_in6 *)sa2; 4830 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 4831 return 0; /*EINVAL*/ 4832 4833 if (sin61->sin6_scope_id != sin62->sin6_scope_id) { 4834 return 0; 4835 } 4836 if (!IN6_ARE_ADDR_EQUAL(&sin61->sin6_addr, &sin62->sin6_addr)) { 4837 return 0; 4838 } 4839 if (key_portcomp(sin61->sin6_port, sin62->sin6_port, howport)) { 4840 return 0; 4841 } 4842 break; 4843 default: 4844 if (memcmp(sa1, sa2, sa1->sa_len) != 0) 4845 return 0; 4846 break; 4847 } 4848 4849 return 1; 4850 } 4851 4852 /* 4853 * compare two buffers with mask. 4854 * IN: 4855 * addr1: source 4856 * addr2: object 4857 * bits: Number of bits to compare 4858 * OUT: 4859 * 1 : equal 4860 * 0 : not equal 4861 */ 4862 static int 4863 key_bb_match_withmask(const void *a1, const void *a2, u_int bits) 4864 { 4865 const unsigned char *p1 = a1; 4866 const unsigned char *p2 = a2; 4867 4868 /* XXX: This could be considerably faster if we compare a word 4869 * at a time, but it is complicated on LSB Endian machines */ 4870 4871 /* Handle null pointers */ 4872 if (p1 == NULL || p2 == NULL) 4873 return (p1 == p2); 4874 4875 while (bits >= 8) { 4876 if (*p1++ != *p2++) 4877 return 0; 4878 bits -= 8; 4879 } 4880 4881 if (bits > 0) { 4882 u_int8_t mask = ~((1<<(8-bits))-1); 4883 if ((*p1 & mask) != (*p2 & mask)) 4884 return 0; 4885 } 4886 return 1; /* Match! */ 4887 } 4888 4889 static void 4890 key_timehandler_spd(void) 4891 { 4892 u_int dir; 4893 struct secpolicy *sp; 4894 volatile time_t now; 4895 4896 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4897 retry: 4898 mutex_enter(&key_spd.lock); 4899 /* 4900 * To avoid for sp->created to overtake "now" because of 4901 * wating mutex, set time_uptime here. 4902 */ 4903 now = time_uptime; 4904 SPLIST_WRITER_FOREACH(sp, dir) { 4905 KASSERTMSG(sp->state != IPSEC_SPSTATE_DEAD, 4906 "sp->state=%u", sp->state); 4907 4908 if (sp->lifetime == 0 && sp->validtime == 0) 4909 continue; 4910 4911 if ((sp->lifetime && now - sp->created > sp->lifetime) || 4912 (sp->validtime && now - sp->lastused > sp->validtime)) { 4913 key_unlink_sp(sp); 4914 mutex_exit(&key_spd.lock); 4915 key_spdexpire(sp); 4916 key_destroy_sp(sp); 4917 goto retry; 4918 } 4919 } 4920 mutex_exit(&key_spd.lock); 4921 } 4922 4923 retry_socksplist: 4924 mutex_enter(&key_spd.lock); 4925 SOCKSPLIST_WRITER_FOREACH(sp) { 4926 if (sp->state != IPSEC_SPSTATE_DEAD) 4927 continue; 4928 4929 key_unlink_sp(sp); 4930 mutex_exit(&key_spd.lock); 4931 key_destroy_sp(sp); 4932 goto retry_socksplist; 4933 } 4934 mutex_exit(&key_spd.lock); 4935 } 4936 4937 static void 4938 key_timehandler_sad(void) 4939 { 4940 struct secashead *sah; 4941 int s; 4942 volatile time_t now; 4943 4944 restart: 4945 mutex_enter(&key_sad.lock); 4946 SAHLIST_WRITER_FOREACH(sah) { 4947 /* If sah has been dead and has no sav, then delete it */ 4948 if (sah->state == SADB_SASTATE_DEAD && 4949 !key_sah_has_sav(sah)) { 4950 key_unlink_sah(sah); 4951 mutex_exit(&key_sad.lock); 4952 key_destroy_sah(sah); 4953 goto restart; 4954 } 4955 } 4956 mutex_exit(&key_sad.lock); 4957 4958 s = pserialize_read_enter(); 4959 SAHLIST_READER_FOREACH(sah) { 4960 struct secasvar *sav; 4961 4962 key_sah_ref(sah); 4963 pserialize_read_exit(s); 4964 4965 /* if LARVAL entry doesn't become MATURE, delete it. */ 4966 mutex_enter(&key_sad.lock); 4967 restart_sav_LARVAL: 4968 /* 4969 * Same as key_timehandler_spd(), set time_uptime here. 4970 */ 4971 now = time_uptime; 4972 SAVLIST_WRITER_FOREACH(sav, sah, SADB_SASTATE_LARVAL) { 4973 if (now - sav->created > key_larval_lifetime) { 4974 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 4975 goto restart_sav_LARVAL; 4976 } 4977 } 4978 mutex_exit(&key_sad.lock); 4979 4980 /* 4981 * check MATURE entry to start to send expire message 4982 * whether or not. 4983 */ 4984 restart_sav_MATURE: 4985 mutex_enter(&key_sad.lock); 4986 /* 4987 * ditto 4988 */ 4989 now = time_uptime; 4990 SAVLIST_WRITER_FOREACH(sav, sah, SADB_SASTATE_MATURE) { 4991 /* we don't need to check. */ 4992 if (sav->lft_s == NULL) 4993 continue; 4994 4995 /* sanity check */ 4996 KASSERT(sav->lft_c != NULL); 4997 4998 /* check SOFT lifetime */ 4999 if (sav->lft_s->sadb_lifetime_addtime != 0 && 5000 now - sav->created > sav->lft_s->sadb_lifetime_addtime) { 5001 /* 5002 * check SA to be used whether or not. 5003 * when SA hasn't been used, delete it. 5004 */ 5005 if (sav->lft_c->sadb_lifetime_usetime == 0) { 5006 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 5007 mutex_exit(&key_sad.lock); 5008 } else { 5009 key_sa_chgstate(sav, SADB_SASTATE_DYING); 5010 mutex_exit(&key_sad.lock); 5011 /* 5012 * XXX If we keep to send expire 5013 * message in the status of 5014 * DYING. Do remove below code. 5015 */ 5016 key_expire(sav); 5017 } 5018 goto restart_sav_MATURE; 5019 } 5020 /* check SOFT lifetime by bytes */ 5021 /* 5022 * XXX I don't know the way to delete this SA 5023 * when new SA is installed. Caution when it's 5024 * installed too big lifetime by time. 5025 */ 5026 else { 5027 uint64_t lft_c_bytes = 0; 5028 lifetime_counters_t sum = {0}; 5029 5030 percpu_foreach(sav->lft_c_counters_percpu, 5031 key_sum_lifetime_counters, sum); 5032 lft_c_bytes = sum[LIFETIME_COUNTER_BYTES]; 5033 5034 if (sav->lft_s->sadb_lifetime_bytes == 0 || 5035 sav->lft_s->sadb_lifetime_bytes >= lft_c_bytes) 5036 continue; 5037 5038 key_sa_chgstate(sav, SADB_SASTATE_DYING); 5039 mutex_exit(&key_sad.lock); 5040 /* 5041 * XXX If we keep to send expire 5042 * message in the status of 5043 * DYING. Do remove below code. 5044 */ 5045 key_expire(sav); 5046 goto restart_sav_MATURE; 5047 } 5048 } 5049 mutex_exit(&key_sad.lock); 5050 5051 /* check DYING entry to change status to DEAD. */ 5052 mutex_enter(&key_sad.lock); 5053 restart_sav_DYING: 5054 /* 5055 * ditto 5056 */ 5057 now = time_uptime; 5058 SAVLIST_WRITER_FOREACH(sav, sah, SADB_SASTATE_DYING) { 5059 /* we don't need to check. */ 5060 if (sav->lft_h == NULL) 5061 continue; 5062 5063 /* sanity check */ 5064 KASSERT(sav->lft_c != NULL); 5065 5066 if (sav->lft_h->sadb_lifetime_addtime != 0 && 5067 now - sav->created > sav->lft_h->sadb_lifetime_addtime) { 5068 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 5069 goto restart_sav_DYING; 5070 } 5071 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */ 5072 else if (sav->lft_s != NULL 5073 && sav->lft_s->sadb_lifetime_addtime != 0 5074 && now - sav->created > sav->lft_s->sadb_lifetime_addtime) { 5075 /* 5076 * XXX: should be checked to be 5077 * installed the valid SA. 5078 */ 5079 5080 /* 5081 * If there is no SA then sending 5082 * expire message. 5083 */ 5084 key_expire(sav); 5085 } 5086 #endif 5087 /* check HARD lifetime by bytes */ 5088 else { 5089 uint64_t lft_c_bytes = 0; 5090 lifetime_counters_t sum = {0}; 5091 5092 percpu_foreach(sav->lft_c_counters_percpu, 5093 key_sum_lifetime_counters, sum); 5094 lft_c_bytes = sum[LIFETIME_COUNTER_BYTES]; 5095 5096 if (sav->lft_h->sadb_lifetime_bytes == 0 || 5097 sav->lft_h->sadb_lifetime_bytes >= lft_c_bytes) 5098 continue; 5099 5100 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 5101 goto restart_sav_DYING; 5102 } 5103 } 5104 mutex_exit(&key_sad.lock); 5105 5106 /* delete entry in DEAD */ 5107 restart_sav_DEAD: 5108 mutex_enter(&key_sad.lock); 5109 SAVLIST_WRITER_FOREACH(sav, sah, SADB_SASTATE_DEAD) { 5110 key_unlink_sav(sav); 5111 mutex_exit(&key_sad.lock); 5112 key_destroy_sav(sav); 5113 goto restart_sav_DEAD; 5114 } 5115 mutex_exit(&key_sad.lock); 5116 5117 s = pserialize_read_enter(); 5118 key_sah_unref(sah); 5119 } 5120 pserialize_read_exit(s); 5121 } 5122 5123 static void 5124 key_timehandler_acq(void) 5125 { 5126 #ifndef IPSEC_NONBLOCK_ACQUIRE 5127 struct secacq *acq, *nextacq; 5128 volatile time_t now; 5129 5130 restart: 5131 mutex_enter(&key_misc.lock); 5132 /* 5133 * Same as key_timehandler_spd(), set time_uptime here. 5134 */ 5135 now = time_uptime; 5136 LIST_FOREACH_SAFE(acq, &key_misc.acqlist, chain, nextacq) { 5137 if (now - acq->created > key_blockacq_lifetime) { 5138 LIST_REMOVE(acq, chain); 5139 mutex_exit(&key_misc.lock); 5140 kmem_free(acq, sizeof(*acq)); 5141 goto restart; 5142 } 5143 } 5144 mutex_exit(&key_misc.lock); 5145 #endif 5146 } 5147 5148 static void 5149 key_timehandler_spacq(void) 5150 { 5151 #ifdef notyet 5152 struct secspacq *acq, *nextacq; 5153 time_t now = time_uptime; 5154 5155 LIST_FOREACH_SAFE(acq, &key_misc.spacqlist, chain, nextacq) { 5156 if (now - acq->created > key_blockacq_lifetime) { 5157 KASSERT(__LIST_CHAINED(acq)); 5158 LIST_REMOVE(acq, chain); 5159 kmem_free(acq, sizeof(*acq)); 5160 } 5161 } 5162 #endif 5163 } 5164 5165 static unsigned int key_timehandler_work_enqueued = 0; 5166 5167 /* 5168 * time handler. 5169 * scanning SPD and SAD to check status for each entries, 5170 * and do to remove or to expire. 5171 */ 5172 static void 5173 key_timehandler_work(struct work *wk, void *arg) 5174 { 5175 5176 /* We can allow enqueuing another work at this point */ 5177 atomic_swap_uint(&key_timehandler_work_enqueued, 0); 5178 5179 key_timehandler_spd(); 5180 key_timehandler_sad(); 5181 key_timehandler_acq(); 5182 key_timehandler_spacq(); 5183 5184 key_acquire_sendup_pending_mbuf(); 5185 5186 /* do exchange to tick time !! */ 5187 callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL); 5188 5189 return; 5190 } 5191 5192 static void 5193 key_timehandler(void *arg) 5194 { 5195 5196 /* Avoid enqueuing another work when one is already enqueued */ 5197 if (atomic_swap_uint(&key_timehandler_work_enqueued, 1) == 1) 5198 return; 5199 5200 workqueue_enqueue(key_timehandler_wq, &key_timehandler_wk, NULL); 5201 } 5202 5203 u_long 5204 key_random(void) 5205 { 5206 u_long value; 5207 5208 key_randomfill(&value, sizeof(value)); 5209 return value; 5210 } 5211 5212 void 5213 key_randomfill(void *p, size_t l) 5214 { 5215 5216 cprng_fast(p, l); 5217 } 5218 5219 /* 5220 * map SADB_SATYPE_* to IPPROTO_*. 5221 * if satype == SADB_SATYPE then satype is mapped to ~0. 5222 * OUT: 5223 * 0: invalid satype. 5224 */ 5225 static u_int16_t 5226 key_satype2proto(u_int8_t satype) 5227 { 5228 switch (satype) { 5229 case SADB_SATYPE_UNSPEC: 5230 return IPSEC_PROTO_ANY; 5231 case SADB_SATYPE_AH: 5232 return IPPROTO_AH; 5233 case SADB_SATYPE_ESP: 5234 return IPPROTO_ESP; 5235 case SADB_X_SATYPE_IPCOMP: 5236 return IPPROTO_IPCOMP; 5237 case SADB_X_SATYPE_TCPSIGNATURE: 5238 return IPPROTO_TCP; 5239 default: 5240 return 0; 5241 } 5242 /* NOTREACHED */ 5243 } 5244 5245 /* 5246 * map IPPROTO_* to SADB_SATYPE_* 5247 * OUT: 5248 * 0: invalid protocol type. 5249 */ 5250 static u_int8_t 5251 key_proto2satype(u_int16_t proto) 5252 { 5253 switch (proto) { 5254 case IPPROTO_AH: 5255 return SADB_SATYPE_AH; 5256 case IPPROTO_ESP: 5257 return SADB_SATYPE_ESP; 5258 case IPPROTO_IPCOMP: 5259 return SADB_X_SATYPE_IPCOMP; 5260 case IPPROTO_TCP: 5261 return SADB_X_SATYPE_TCPSIGNATURE; 5262 default: 5263 return 0; 5264 } 5265 /* NOTREACHED */ 5266 } 5267 5268 static int 5269 key_setsecasidx(int proto, int mode, int reqid, 5270 const struct sockaddr *src, const struct sockaddr *dst, 5271 struct secasindex * saidx) 5272 { 5273 const union sockaddr_union *src_u = (const union sockaddr_union *)src; 5274 const union sockaddr_union *dst_u = (const union sockaddr_union *)dst; 5275 5276 /* sa len safety check */ 5277 if (key_checksalen(src_u) != 0) 5278 return -1; 5279 if (key_checksalen(dst_u) != 0) 5280 return -1; 5281 5282 memset(saidx, 0, sizeof(*saidx)); 5283 saidx->proto = proto; 5284 saidx->mode = mode; 5285 saidx->reqid = reqid; 5286 memcpy(&saidx->src, src_u, src_u->sa.sa_len); 5287 memcpy(&saidx->dst, dst_u, dst_u->sa.sa_len); 5288 5289 key_porttosaddr(&((saidx)->src), 0); 5290 key_porttosaddr(&((saidx)->dst), 0); 5291 return 0; 5292 } 5293 5294 static void 5295 key_init_spidx_bymsghdr(struct secpolicyindex *spidx, 5296 const struct sadb_msghdr *mhp) 5297 { 5298 const struct sadb_address *src0, *dst0; 5299 const struct sockaddr *src, *dst; 5300 const struct sadb_x_policy *xpl0; 5301 5302 src0 = mhp->ext[SADB_EXT_ADDRESS_SRC]; 5303 dst0 = mhp->ext[SADB_EXT_ADDRESS_DST]; 5304 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 5305 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 5306 xpl0 = mhp->ext[SADB_X_EXT_POLICY]; 5307 5308 memset(spidx, 0, sizeof(*spidx)); 5309 spidx->dir = xpl0->sadb_x_policy_dir; 5310 spidx->prefs = src0->sadb_address_prefixlen; 5311 spidx->prefd = dst0->sadb_address_prefixlen; 5312 spidx->ul_proto = src0->sadb_address_proto; 5313 /* XXX boundary check against sa_len */ 5314 memcpy(&spidx->src, src, src->sa_len); 5315 memcpy(&spidx->dst, dst, dst->sa_len); 5316 } 5317 5318 /* %%% PF_KEY */ 5319 /* 5320 * SADB_GETSPI processing is to receive 5321 * <base, (SA2), src address, dst address, (SPI range)> 5322 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 5323 * tree with the status of LARVAL, and send 5324 * <base, SA(*), address(SD)> 5325 * to the IKMPd. 5326 * 5327 * IN: mhp: pointer to the pointer to each header. 5328 * OUT: NULL if fail. 5329 * other if success, return pointer to the message to send. 5330 */ 5331 static int 5332 key_api_getspi(struct socket *so, struct mbuf *m, 5333 const struct sadb_msghdr *mhp) 5334 { 5335 const struct sockaddr *src, *dst; 5336 struct secasindex saidx; 5337 struct secashead *sah; 5338 struct secasvar *newsav; 5339 u_int8_t proto; 5340 u_int32_t spi; 5341 u_int8_t mode; 5342 u_int16_t reqid; 5343 int error; 5344 5345 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5346 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 5347 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 5348 return key_senderror(so, m, EINVAL); 5349 } 5350 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5351 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5352 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 5353 return key_senderror(so, m, EINVAL); 5354 } 5355 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 5356 const struct sadb_x_sa2 *sa2 = mhp->ext[SADB_X_EXT_SA2]; 5357 mode = sa2->sadb_x_sa2_mode; 5358 reqid = sa2->sadb_x_sa2_reqid; 5359 } else { 5360 mode = IPSEC_MODE_ANY; 5361 reqid = 0; 5362 } 5363 5364 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 5365 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 5366 5367 /* map satype to proto */ 5368 proto = key_satype2proto(mhp->msg->sadb_msg_satype); 5369 if (proto == 0) { 5370 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n"); 5371 return key_senderror(so, m, EINVAL); 5372 } 5373 5374 5375 error = key_setsecasidx(proto, mode, reqid, src, dst, &saidx); 5376 if (error != 0) 5377 return key_senderror(so, m, EINVAL); 5378 5379 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp); 5380 if (error != 0) 5381 return key_senderror(so, m, EINVAL); 5382 5383 /* SPI allocation */ 5384 spi = key_do_getnewspi(mhp->ext[SADB_EXT_SPIRANGE], &saidx); 5385 if (spi == 0) 5386 return key_senderror(so, m, EINVAL); 5387 5388 /* get a SA index */ 5389 sah = key_getsah_ref(&saidx, CMP_REQID); 5390 if (sah == NULL) { 5391 /* create a new SA index */ 5392 sah = key_newsah(&saidx); 5393 if (sah == NULL) { 5394 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 5395 return key_senderror(so, m, ENOBUFS); 5396 } 5397 } 5398 5399 /* get a new SA */ 5400 /* XXX rewrite */ 5401 newsav = KEY_NEWSAV(m, mhp, &error); 5402 if (newsav == NULL) { 5403 key_sah_unref(sah); 5404 /* XXX don't free new SA index allocated in above. */ 5405 return key_senderror(so, m, error); 5406 } 5407 5408 /* set spi */ 5409 newsav->spi = htonl(spi); 5410 5411 /* Add to sah#savlist */ 5412 key_init_sav(newsav); 5413 newsav->sah = sah; 5414 newsav->state = SADB_SASTATE_LARVAL; 5415 mutex_enter(&key_sad.lock); 5416 SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_LARVAL, newsav); 5417 mutex_exit(&key_sad.lock); 5418 key_validate_savlist(sah, SADB_SASTATE_LARVAL); 5419 5420 key_sah_unref(sah); 5421 5422 #ifndef IPSEC_NONBLOCK_ACQUIRE 5423 /* delete the entry in key_misc.acqlist */ 5424 if (mhp->msg->sadb_msg_seq != 0) { 5425 struct secacq *acq; 5426 mutex_enter(&key_misc.lock); 5427 acq = key_getacqbyseq(mhp->msg->sadb_msg_seq); 5428 if (acq != NULL) { 5429 /* reset counter in order to deletion by timehandler. */ 5430 acq->created = time_uptime; 5431 acq->count = 0; 5432 } 5433 mutex_exit(&key_misc.lock); 5434 } 5435 #endif 5436 5437 { 5438 struct mbuf *n, *nn; 5439 struct sadb_sa *m_sa; 5440 int off, len; 5441 5442 CTASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 5443 PFKEY_ALIGN8(sizeof(struct sadb_sa)) <= MCLBYTES); 5444 5445 /* create new sadb_msg to reply. */ 5446 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 5447 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 5448 5449 n = key_alloc_mbuf_simple(len, M_WAITOK); 5450 n->m_len = len; 5451 n->m_next = NULL; 5452 off = 0; 5453 5454 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off); 5455 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 5456 5457 m_sa = (struct sadb_sa *)(mtod(n, char *) + off); 5458 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 5459 m_sa->sadb_sa_exttype = SADB_EXT_SA; 5460 m_sa->sadb_sa_spi = htonl(spi); 5461 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 5462 5463 KASSERTMSG(off == len, "length inconsistency"); 5464 5465 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 5466 SADB_EXT_ADDRESS_DST); 5467 5468 KASSERT(n->m_len >= sizeof(struct sadb_msg)); 5469 5470 n->m_pkthdr.len = 0; 5471 for (nn = n; nn; nn = nn->m_next) 5472 n->m_pkthdr.len += nn->m_len; 5473 5474 key_fill_replymsg(n, newsav->seq); 5475 m_freem(m); 5476 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 5477 } 5478 } 5479 5480 /* 5481 * allocating new SPI 5482 * called by key_api_getspi(). 5483 * OUT: 5484 * 0: failure. 5485 * others: success. 5486 */ 5487 static u_int32_t 5488 key_do_getnewspi(const struct sadb_spirange *spirange, 5489 const struct secasindex *saidx) 5490 { 5491 u_int32_t newspi; 5492 u_int32_t spmin, spmax; 5493 int count = key_spi_trycnt; 5494 5495 /* set spi range to allocate */ 5496 if (spirange != NULL) { 5497 spmin = spirange->sadb_spirange_min; 5498 spmax = spirange->sadb_spirange_max; 5499 } else { 5500 spmin = key_spi_minval; 5501 spmax = key_spi_maxval; 5502 } 5503 /* IPCOMP needs 2-byte SPI */ 5504 if (saidx->proto == IPPROTO_IPCOMP) { 5505 u_int32_t t; 5506 if (spmin >= 0x10000) 5507 spmin = 0xffff; 5508 if (spmax >= 0x10000) 5509 spmax = 0xffff; 5510 if (spmin > spmax) { 5511 t = spmin; spmin = spmax; spmax = t; 5512 } 5513 } 5514 5515 if (spmin == spmax) { 5516 if (key_checkspidup(saidx, htonl(spmin))) { 5517 IPSECLOG(LOG_DEBUG, "SPI %u exists already.\n", spmin); 5518 return 0; 5519 } 5520 5521 count--; /* taking one cost. */ 5522 newspi = spmin; 5523 5524 } else { 5525 5526 /* init SPI */ 5527 newspi = 0; 5528 5529 /* when requesting to allocate spi ranged */ 5530 while (count--) { 5531 /* generate pseudo-random SPI value ranged. */ 5532 newspi = spmin + (key_random() % (spmax - spmin + 1)); 5533 5534 if (!key_checkspidup(saidx, htonl(newspi))) 5535 break; 5536 } 5537 5538 if (count == 0 || newspi == 0) { 5539 IPSECLOG(LOG_DEBUG, "to allocate spi is failed.\n"); 5540 return 0; 5541 } 5542 } 5543 5544 /* statistics */ 5545 keystat.getspi_count = 5546 (keystat.getspi_count + key_spi_trycnt - count) / 2; 5547 5548 return newspi; 5549 } 5550 5551 static int 5552 key_handle_natt_info(struct secasvar *sav, 5553 const struct sadb_msghdr *mhp) 5554 { 5555 const char *msg = "?" ; 5556 struct sadb_x_nat_t_type *type; 5557 struct sadb_x_nat_t_port *sport, *dport; 5558 struct sadb_address *iaddr, *raddr; 5559 struct sadb_x_nat_t_frag *frag; 5560 5561 if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL || 5562 mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL || 5563 mhp->ext[SADB_X_EXT_NAT_T_DPORT] == NULL) 5564 return 0; 5565 5566 if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) { 5567 msg = "TYPE"; 5568 goto bad; 5569 } 5570 5571 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) { 5572 msg = "SPORT"; 5573 goto bad; 5574 } 5575 5576 if (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) { 5577 msg = "DPORT"; 5578 goto bad; 5579 } 5580 5581 if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) { 5582 IPSECLOG(LOG_DEBUG, "NAT-T OAi present\n"); 5583 if (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr)) { 5584 msg = "OAI"; 5585 goto bad; 5586 } 5587 } 5588 5589 if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) { 5590 IPSECLOG(LOG_DEBUG, "NAT-T OAr present\n"); 5591 if (mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr)) { 5592 msg = "OAR"; 5593 goto bad; 5594 } 5595 } 5596 5597 if (mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) { 5598 if (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag)) { 5599 msg = "FRAG"; 5600 goto bad; 5601 } 5602 } 5603 5604 type = mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5605 sport = mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5606 dport = mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5607 iaddr = mhp->ext[SADB_X_EXT_NAT_T_OAI]; 5608 raddr = mhp->ext[SADB_X_EXT_NAT_T_OAR]; 5609 frag = mhp->ext[SADB_X_EXT_NAT_T_FRAG]; 5610 5611 IPSECLOG(LOG_DEBUG, "type %d, sport = %d, dport = %d\n", 5612 type->sadb_x_nat_t_type_type, 5613 ntohs(sport->sadb_x_nat_t_port_port), 5614 ntohs(dport->sadb_x_nat_t_port_port)); 5615 5616 sav->natt_type = type->sadb_x_nat_t_type_type; 5617 key_porttosaddr(&sav->sah->saidx.src, sport->sadb_x_nat_t_port_port); 5618 key_porttosaddr(&sav->sah->saidx.dst, dport->sadb_x_nat_t_port_port); 5619 if (frag) 5620 sav->esp_frag = frag->sadb_x_nat_t_frag_fraglen; 5621 else 5622 sav->esp_frag = IP_MAXPACKET; 5623 5624 return 0; 5625 bad: 5626 IPSECLOG(LOG_DEBUG, "invalid message %s\n", msg); 5627 __USE(msg); 5628 return -1; 5629 } 5630 5631 /* Just update the IPSEC_NAT_T ports if present */ 5632 static int 5633 key_set_natt_ports(union sockaddr_union *src, union sockaddr_union *dst, 5634 const struct sadb_msghdr *mhp) 5635 { 5636 if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) 5637 IPSECLOG(LOG_DEBUG, "NAT-T OAi present\n"); 5638 if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) 5639 IPSECLOG(LOG_DEBUG, "NAT-T OAr present\n"); 5640 5641 if ((mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL) && 5642 (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL) && 5643 (mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL)) { 5644 struct sadb_x_nat_t_type *type; 5645 struct sadb_x_nat_t_port *sport; 5646 struct sadb_x_nat_t_port *dport; 5647 5648 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) || 5649 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) || 5650 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) { 5651 IPSECLOG(LOG_DEBUG, "invalid message\n"); 5652 return -1; 5653 } 5654 5655 type = mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5656 sport = mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5657 dport = mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5658 5659 key_porttosaddr(src, sport->sadb_x_nat_t_port_port); 5660 key_porttosaddr(dst, dport->sadb_x_nat_t_port_port); 5661 5662 IPSECLOG(LOG_DEBUG, "type %d, sport = %d, dport = %d\n", 5663 type->sadb_x_nat_t_type_type, 5664 ntohs(sport->sadb_x_nat_t_port_port), 5665 ntohs(dport->sadb_x_nat_t_port_port)); 5666 } 5667 5668 return 0; 5669 } 5670 5671 5672 /* 5673 * SADB_UPDATE processing 5674 * receive 5675 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5676 * key(AE), (identity(SD),) (sensitivity)> 5677 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 5678 * and send 5679 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5680 * (identity(SD),) (sensitivity)> 5681 * to the ikmpd. 5682 * 5683 * m will always be freed. 5684 */ 5685 static int 5686 key_api_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5687 { 5688 struct sadb_sa *sa0; 5689 const struct sockaddr *src, *dst; 5690 struct secasindex saidx; 5691 struct secashead *sah; 5692 struct secasvar *sav, *newsav, *oldsav; 5693 u_int16_t proto; 5694 u_int8_t mode; 5695 u_int16_t reqid; 5696 int error; 5697 5698 /* map satype to proto */ 5699 proto = key_satype2proto(mhp->msg->sadb_msg_satype); 5700 if (proto == 0) { 5701 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n"); 5702 return key_senderror(so, m, EINVAL); 5703 } 5704 5705 if (mhp->ext[SADB_EXT_SA] == NULL || 5706 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5707 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 5708 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5709 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) || 5710 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5711 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) || 5712 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL && 5713 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) || 5714 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL && 5715 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) { 5716 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 5717 return key_senderror(so, m, EINVAL); 5718 } 5719 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 5720 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5721 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5722 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 5723 return key_senderror(so, m, EINVAL); 5724 } 5725 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 5726 const struct sadb_x_sa2 *sa2 = mhp->ext[SADB_X_EXT_SA2]; 5727 mode = sa2->sadb_x_sa2_mode; 5728 reqid = sa2->sadb_x_sa2_reqid; 5729 } else { 5730 mode = IPSEC_MODE_ANY; 5731 reqid = 0; 5732 } 5733 /* XXX boundary checking for other extensions */ 5734 5735 sa0 = mhp->ext[SADB_EXT_SA]; 5736 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 5737 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 5738 5739 error = key_setsecasidx(proto, mode, reqid, src, dst, &saidx); 5740 if (error != 0) 5741 return key_senderror(so, m, EINVAL); 5742 5743 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp); 5744 if (error != 0) 5745 return key_senderror(so, m, EINVAL); 5746 5747 /* get a SA header */ 5748 sah = key_getsah_ref(&saidx, CMP_REQID); 5749 if (sah == NULL) { 5750 IPSECLOG(LOG_DEBUG, "no SA index found.\n"); 5751 return key_senderror(so, m, ENOENT); 5752 } 5753 5754 /* set spidx if there */ 5755 /* XXX rewrite */ 5756 error = key_setident(sah, m, mhp); 5757 if (error) 5758 goto error_sah; 5759 5760 /* find a SA with sequence number. */ 5761 #ifdef IPSEC_DOSEQCHECK 5762 if (mhp->msg->sadb_msg_seq != 0) { 5763 sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq); 5764 if (sav == NULL) { 5765 IPSECLOG(LOG_DEBUG, 5766 "no larval SA with sequence %u exists.\n", 5767 mhp->msg->sadb_msg_seq); 5768 error = ENOENT; 5769 goto error_sah; 5770 } 5771 } 5772 #else 5773 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 5774 if (sav == NULL) { 5775 IPSECLOG(LOG_DEBUG, "no such a SA found (spi:%u)\n", 5776 (u_int32_t)ntohl(sa0->sadb_sa_spi)); 5777 error = EINVAL; 5778 goto error_sah; 5779 } 5780 #endif 5781 5782 /* validity check */ 5783 if (sav->sah->saidx.proto != proto) { 5784 IPSECLOG(LOG_DEBUG, "protocol mismatched (DB=%u param=%u)\n", 5785 sav->sah->saidx.proto, proto); 5786 error = EINVAL; 5787 goto error; 5788 } 5789 #ifdef IPSEC_DOSEQCHECK 5790 if (sav->spi != sa0->sadb_sa_spi) { 5791 IPSECLOG(LOG_DEBUG, "SPI mismatched (DB:%u param:%u)\n", 5792 (u_int32_t)ntohl(sav->spi), 5793 (u_int32_t)ntohl(sa0->sadb_sa_spi)); 5794 error = EINVAL; 5795 goto error; 5796 } 5797 #endif 5798 if (sav->pid != mhp->msg->sadb_msg_pid) { 5799 IPSECLOG(LOG_DEBUG, "pid mismatched (DB:%u param:%u)\n", 5800 sav->pid, mhp->msg->sadb_msg_pid); 5801 error = EINVAL; 5802 goto error; 5803 } 5804 5805 /* 5806 * Allocate a new SA instead of modifying the existing SA directly 5807 * to avoid race conditions. 5808 */ 5809 newsav = kmem_zalloc(sizeof(struct secasvar), KM_SLEEP); 5810 5811 /* copy sav values */ 5812 newsav->spi = sav->spi; 5813 newsav->seq = sav->seq; 5814 newsav->created = sav->created; 5815 newsav->pid = sav->pid; 5816 newsav->sah = sav->sah; 5817 5818 error = key_setsaval(newsav, m, mhp); 5819 if (error) { 5820 kmem_free(newsav, sizeof(*newsav)); 5821 goto error; 5822 } 5823 5824 error = key_handle_natt_info(newsav, mhp); 5825 if (error != 0) { 5826 key_delsav(newsav); 5827 goto error; 5828 } 5829 5830 error = key_init_xform(newsav); 5831 if (error != 0) { 5832 key_delsav(newsav); 5833 goto error; 5834 } 5835 5836 /* Add to sah#savlist */ 5837 key_init_sav(newsav); 5838 newsav->state = SADB_SASTATE_MATURE; 5839 mutex_enter(&key_sad.lock); 5840 SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_MATURE, newsav); 5841 SAVLUT_WRITER_INSERT_HEAD(newsav); 5842 mutex_exit(&key_sad.lock); 5843 key_validate_savlist(sah, SADB_SASTATE_MATURE); 5844 5845 /* 5846 * We need to lookup and remove the sav atomically, so get it again 5847 * here by a special API while we have a reference to it. 5848 */ 5849 oldsav = key_lookup_and_remove_sav(sah, sa0->sadb_sa_spi, sav); 5850 KASSERT(oldsav == NULL || oldsav == sav); 5851 /* We can release the reference because of oldsav */ 5852 KEY_SA_UNREF(&sav); 5853 if (oldsav == NULL) { 5854 /* Someone has already removed the sav. Nothing to do. */ 5855 } else { 5856 key_wait_sav(oldsav); 5857 key_destroy_sav(oldsav); 5858 oldsav = NULL; 5859 } 5860 sav = NULL; 5861 5862 key_sah_unref(sah); 5863 sah = NULL; 5864 5865 { 5866 struct mbuf *n; 5867 5868 /* set msg buf from mhp */ 5869 n = key_getmsgbuf_x1(m, mhp); 5870 if (n == NULL) { 5871 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 5872 return key_senderror(so, m, ENOBUFS); 5873 } 5874 5875 m_freem(m); 5876 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5877 } 5878 error: 5879 KEY_SA_UNREF(&sav); 5880 error_sah: 5881 key_sah_unref(sah); 5882 return key_senderror(so, m, error); 5883 } 5884 5885 /* 5886 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL. 5887 * only called by key_api_update(). 5888 * OUT: 5889 * NULL : not found 5890 * others : found, pointer to a SA. 5891 */ 5892 #ifdef IPSEC_DOSEQCHECK 5893 static struct secasvar * 5894 key_getsavbyseq(struct secashead *sah, u_int32_t seq) 5895 { 5896 struct secasvar *sav; 5897 u_int state; 5898 int s; 5899 5900 state = SADB_SASTATE_LARVAL; 5901 5902 /* search SAD with sequence number ? */ 5903 s = pserialize_read_enter(); 5904 SAVLIST_READER_FOREACH(sav, sah, state) { 5905 KEY_CHKSASTATE(state, sav->state); 5906 5907 if (sav->seq == seq) { 5908 SA_ADDREF(sav); 5909 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 5910 "DP cause refcnt++:%d SA:%p\n", 5911 key_sa_refcnt(sav), sav); 5912 break; 5913 } 5914 } 5915 pserialize_read_exit(s); 5916 5917 return sav; 5918 } 5919 #endif 5920 5921 /* 5922 * SADB_ADD processing 5923 * add an entry to SA database, when received 5924 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5925 * key(AE), (identity(SD),) (sensitivity)> 5926 * from the ikmpd, 5927 * and send 5928 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5929 * (identity(SD),) (sensitivity)> 5930 * to the ikmpd. 5931 * 5932 * IGNORE identity and sensitivity messages. 5933 * 5934 * m will always be freed. 5935 */ 5936 static int 5937 key_api_add(struct socket *so, struct mbuf *m, 5938 const struct sadb_msghdr *mhp) 5939 { 5940 struct sadb_sa *sa0; 5941 const struct sockaddr *src, *dst; 5942 struct secasindex saidx; 5943 struct secashead *sah; 5944 struct secasvar *newsav; 5945 u_int16_t proto; 5946 u_int8_t mode; 5947 u_int16_t reqid; 5948 int error; 5949 5950 /* map satype to proto */ 5951 proto = key_satype2proto(mhp->msg->sadb_msg_satype); 5952 if (proto == 0) { 5953 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n"); 5954 return key_senderror(so, m, EINVAL); 5955 } 5956 5957 if (mhp->ext[SADB_EXT_SA] == NULL || 5958 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5959 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 5960 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5961 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) || 5962 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5963 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) || 5964 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL && 5965 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) || 5966 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL && 5967 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) { 5968 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 5969 return key_senderror(so, m, EINVAL); 5970 } 5971 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 5972 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5973 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5974 /* XXX need more */ 5975 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 5976 return key_senderror(so, m, EINVAL); 5977 } 5978 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 5979 const struct sadb_x_sa2 *sa2 = mhp->ext[SADB_X_EXT_SA2]; 5980 mode = sa2->sadb_x_sa2_mode; 5981 reqid = sa2->sadb_x_sa2_reqid; 5982 } else { 5983 mode = IPSEC_MODE_ANY; 5984 reqid = 0; 5985 } 5986 5987 sa0 = mhp->ext[SADB_EXT_SA]; 5988 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 5989 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 5990 5991 error = key_setsecasidx(proto, mode, reqid, src, dst, &saidx); 5992 if (error != 0) 5993 return key_senderror(so, m, EINVAL); 5994 5995 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp); 5996 if (error != 0) 5997 return key_senderror(so, m, EINVAL); 5998 5999 /* get a SA header */ 6000 sah = key_getsah_ref(&saidx, CMP_REQID); 6001 if (sah == NULL) { 6002 /* create a new SA header */ 6003 sah = key_newsah(&saidx); 6004 if (sah == NULL) { 6005 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 6006 return key_senderror(so, m, ENOBUFS); 6007 } 6008 } 6009 6010 /* set spidx if there */ 6011 /* XXX rewrite */ 6012 error = key_setident(sah, m, mhp); 6013 if (error) 6014 goto error; 6015 6016 { 6017 struct secasvar *sav; 6018 6019 /* We can create new SA only if SPI is differenct. */ 6020 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 6021 if (sav != NULL) { 6022 KEY_SA_UNREF(&sav); 6023 IPSECLOG(LOG_DEBUG, "SA already exists.\n"); 6024 error = EEXIST; 6025 goto error; 6026 } 6027 } 6028 6029 /* create new SA entry. */ 6030 newsav = KEY_NEWSAV(m, mhp, &error); 6031 if (newsav == NULL) 6032 goto error; 6033 newsav->sah = sah; 6034 6035 error = key_handle_natt_info(newsav, mhp); 6036 if (error != 0) { 6037 key_delsav(newsav); 6038 error = EINVAL; 6039 goto error; 6040 } 6041 6042 error = key_init_xform(newsav); 6043 if (error != 0) { 6044 key_delsav(newsav); 6045 goto error; 6046 } 6047 6048 /* Add to sah#savlist */ 6049 key_init_sav(newsav); 6050 newsav->state = SADB_SASTATE_MATURE; 6051 mutex_enter(&key_sad.lock); 6052 SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_MATURE, newsav); 6053 SAVLUT_WRITER_INSERT_HEAD(newsav); 6054 mutex_exit(&key_sad.lock); 6055 key_validate_savlist(sah, SADB_SASTATE_MATURE); 6056 6057 key_sah_unref(sah); 6058 sah = NULL; 6059 6060 /* 6061 * don't call key_freesav() here, as we would like to keep the SA 6062 * in the database on success. 6063 */ 6064 6065 { 6066 struct mbuf *n; 6067 6068 /* set msg buf from mhp */ 6069 n = key_getmsgbuf_x1(m, mhp); 6070 if (n == NULL) { 6071 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 6072 return key_senderror(so, m, ENOBUFS); 6073 } 6074 6075 m_freem(m); 6076 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6077 } 6078 error: 6079 key_sah_unref(sah); 6080 return key_senderror(so, m, error); 6081 } 6082 6083 /* m is retained */ 6084 static int 6085 key_setident(struct secashead *sah, struct mbuf *m, 6086 const struct sadb_msghdr *mhp) 6087 { 6088 const struct sadb_ident *idsrc, *iddst; 6089 int idsrclen, iddstlen; 6090 6091 KASSERT(!cpu_softintr_p()); 6092 KASSERT(sah != NULL); 6093 KASSERT(m != NULL); 6094 KASSERT(mhp != NULL); 6095 KASSERT(mhp->msg != NULL); 6096 6097 /* 6098 * Can be called with an existing sah from key_api_update(). 6099 */ 6100 if (sah->idents != NULL) { 6101 kmem_free(sah->idents, sah->idents_len); 6102 sah->idents = NULL; 6103 sah->idents_len = 0; 6104 } 6105 if (sah->identd != NULL) { 6106 kmem_free(sah->identd, sah->identd_len); 6107 sah->identd = NULL; 6108 sah->identd_len = 0; 6109 } 6110 6111 /* don't make buffer if not there */ 6112 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL && 6113 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { 6114 sah->idents = NULL; 6115 sah->identd = NULL; 6116 return 0; 6117 } 6118 6119 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL || 6120 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { 6121 IPSECLOG(LOG_DEBUG, "invalid identity.\n"); 6122 return EINVAL; 6123 } 6124 6125 idsrc = mhp->ext[SADB_EXT_IDENTITY_SRC]; 6126 iddst = mhp->ext[SADB_EXT_IDENTITY_DST]; 6127 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC]; 6128 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST]; 6129 6130 /* validity check */ 6131 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 6132 IPSECLOG(LOG_DEBUG, "ident type mismatched src %u, dst %u.\n", 6133 idsrc->sadb_ident_type, iddst->sadb_ident_type); 6134 return EINVAL; 6135 } 6136 6137 switch (idsrc->sadb_ident_type) { 6138 case SADB_IDENTTYPE_PREFIX: 6139 case SADB_IDENTTYPE_FQDN: 6140 case SADB_IDENTTYPE_USERFQDN: 6141 default: 6142 /* XXX do nothing */ 6143 sah->idents = NULL; 6144 sah->identd = NULL; 6145 return 0; 6146 } 6147 6148 /* make structure */ 6149 sah->idents = kmem_alloc(idsrclen, KM_SLEEP); 6150 sah->idents_len = idsrclen; 6151 sah->identd = kmem_alloc(iddstlen, KM_SLEEP); 6152 sah->identd_len = iddstlen; 6153 memcpy(sah->idents, idsrc, idsrclen); 6154 memcpy(sah->identd, iddst, iddstlen); 6155 6156 return 0; 6157 } 6158 6159 /* 6160 * m will not be freed on return. It never return NULL. 6161 * it is caller's responsibility to free the result. 6162 */ 6163 static struct mbuf * 6164 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp) 6165 { 6166 struct mbuf *n; 6167 6168 KASSERT(m != NULL); 6169 KASSERT(mhp != NULL); 6170 KASSERT(mhp->msg != NULL); 6171 6172 /* create new sadb_msg to reply. */ 6173 n = key_gather_mbuf(m, mhp, 1, 15, SADB_EXT_RESERVED, 6174 SADB_EXT_SA, SADB_X_EXT_SA2, 6175 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 6176 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 6177 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 6178 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, 6179 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, 6180 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NAT_T_FRAG); 6181 6182 KASSERT(n->m_len >= sizeof(struct sadb_msg)); 6183 6184 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 6185 mtod(n, struct sadb_msg *)->sadb_msg_len = 6186 PFKEY_UNIT64(n->m_pkthdr.len); 6187 6188 return n; 6189 } 6190 6191 static int key_delete_all (struct socket *, struct mbuf *, 6192 const struct sadb_msghdr *, u_int16_t); 6193 6194 /* 6195 * SADB_DELETE processing 6196 * receive 6197 * <base, SA(*), address(SD)> 6198 * from the ikmpd, and set SADB_SASTATE_DEAD, 6199 * and send, 6200 * <base, SA(*), address(SD)> 6201 * to the ikmpd. 6202 * 6203 * m will always be freed. 6204 */ 6205 static int 6206 key_api_delete(struct socket *so, struct mbuf *m, 6207 const struct sadb_msghdr *mhp) 6208 { 6209 struct sadb_sa *sa0; 6210 const struct sockaddr *src, *dst; 6211 struct secasindex saidx; 6212 struct secashead *sah; 6213 struct secasvar *sav = NULL; 6214 u_int16_t proto; 6215 int error; 6216 6217 /* map satype to proto */ 6218 proto = key_satype2proto(mhp->msg->sadb_msg_satype); 6219 if (proto == 0) { 6220 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n"); 6221 return key_senderror(so, m, EINVAL); 6222 } 6223 6224 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 6225 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 6226 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 6227 return key_senderror(so, m, EINVAL); 6228 } 6229 6230 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 6231 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 6232 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 6233 return key_senderror(so, m, EINVAL); 6234 } 6235 6236 if (mhp->ext[SADB_EXT_SA] == NULL) { 6237 /* 6238 * Caller wants us to delete all non-LARVAL SAs 6239 * that match the src/dst. This is used during 6240 * IKE INITIAL-CONTACT. 6241 */ 6242 IPSECLOG(LOG_DEBUG, "doing delete all.\n"); 6243 return key_delete_all(so, m, mhp, proto); 6244 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) { 6245 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 6246 return key_senderror(so, m, EINVAL); 6247 } 6248 6249 sa0 = mhp->ext[SADB_EXT_SA]; 6250 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 6251 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 6252 6253 error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src, dst, &saidx); 6254 if (error != 0) 6255 return key_senderror(so, m, EINVAL); 6256 6257 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp); 6258 if (error != 0) 6259 return key_senderror(so, m, EINVAL); 6260 6261 /* get a SA header */ 6262 sah = key_getsah_ref(&saidx, CMP_HEAD); 6263 if (sah != NULL) { 6264 /* get a SA with SPI. */ 6265 sav = key_lookup_and_remove_sav(sah, sa0->sadb_sa_spi, NULL); 6266 key_sah_unref(sah); 6267 } 6268 6269 if (sav == NULL) { 6270 IPSECLOG(LOG_DEBUG, "no SA found.\n"); 6271 return key_senderror(so, m, ENOENT); 6272 } 6273 6274 key_wait_sav(sav); 6275 key_destroy_sav(sav); 6276 sav = NULL; 6277 6278 { 6279 struct mbuf *n; 6280 6281 /* create new sadb_msg to reply. */ 6282 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 6283 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6284 6285 key_fill_replymsg(n, 0); 6286 m_freem(m); 6287 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6288 } 6289 } 6290 6291 /* 6292 * delete all SAs for src/dst. Called from key_api_delete(). 6293 */ 6294 static int 6295 key_delete_all(struct socket *so, struct mbuf *m, 6296 const struct sadb_msghdr *mhp, u_int16_t proto) 6297 { 6298 const struct sockaddr *src, *dst; 6299 struct secasindex saidx; 6300 struct secashead *sah; 6301 struct secasvar *sav; 6302 u_int state; 6303 int error; 6304 6305 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 6306 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 6307 6308 error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src, dst, &saidx); 6309 if (error != 0) 6310 return key_senderror(so, m, EINVAL); 6311 6312 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp); 6313 if (error != 0) 6314 return key_senderror(so, m, EINVAL); 6315 6316 sah = key_getsah_ref(&saidx, CMP_HEAD); 6317 if (sah != NULL) { 6318 /* Delete all non-LARVAL SAs. */ 6319 SASTATE_ALIVE_FOREACH(state) { 6320 if (state == SADB_SASTATE_LARVAL) 6321 continue; 6322 restart: 6323 mutex_enter(&key_sad.lock); 6324 SAVLIST_WRITER_FOREACH(sav, sah, state) { 6325 sav->state = SADB_SASTATE_DEAD; 6326 key_unlink_sav(sav); 6327 mutex_exit(&key_sad.lock); 6328 key_destroy_sav(sav); 6329 goto restart; 6330 } 6331 mutex_exit(&key_sad.lock); 6332 } 6333 key_sah_unref(sah); 6334 } 6335 { 6336 struct mbuf *n; 6337 6338 /* create new sadb_msg to reply. */ 6339 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 6340 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6341 6342 key_fill_replymsg(n, 0); 6343 m_freem(m); 6344 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6345 } 6346 } 6347 6348 /* 6349 * SADB_GET processing 6350 * receive 6351 * <base, SA(*), address(SD)> 6352 * from the ikmpd, and get a SP and a SA to respond, 6353 * and send, 6354 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 6355 * (identity(SD),) (sensitivity)> 6356 * to the ikmpd. 6357 * 6358 * m will always be freed. 6359 */ 6360 static int 6361 key_api_get(struct socket *so, struct mbuf *m, 6362 const struct sadb_msghdr *mhp) 6363 { 6364 struct sadb_sa *sa0; 6365 const struct sockaddr *src, *dst; 6366 struct secasindex saidx; 6367 struct secasvar *sav = NULL; 6368 u_int16_t proto; 6369 int error; 6370 6371 /* map satype to proto */ 6372 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6373 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n"); 6374 return key_senderror(so, m, EINVAL); 6375 } 6376 6377 if (mhp->ext[SADB_EXT_SA] == NULL || 6378 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 6379 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 6380 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 6381 return key_senderror(so, m, EINVAL); 6382 } 6383 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 6384 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 6385 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 6386 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 6387 return key_senderror(so, m, EINVAL); 6388 } 6389 6390 sa0 = mhp->ext[SADB_EXT_SA]; 6391 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 6392 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 6393 6394 error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src, dst, &saidx); 6395 if (error != 0) 6396 return key_senderror(so, m, EINVAL); 6397 6398 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp); 6399 if (error != 0) 6400 return key_senderror(so, m, EINVAL); 6401 6402 /* get a SA header */ 6403 { 6404 struct secashead *sah; 6405 int s = pserialize_read_enter(); 6406 6407 sah = key_getsah(&saidx, CMP_HEAD); 6408 if (sah != NULL) { 6409 /* get a SA with SPI. */ 6410 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 6411 } 6412 pserialize_read_exit(s); 6413 } 6414 if (sav == NULL) { 6415 IPSECLOG(LOG_DEBUG, "no SA found.\n"); 6416 return key_senderror(so, m, ENOENT); 6417 } 6418 6419 { 6420 struct mbuf *n; 6421 u_int8_t satype; 6422 6423 /* map proto to satype */ 6424 satype = key_proto2satype(sav->sah->saidx.proto); 6425 if (satype == 0) { 6426 KEY_SA_UNREF(&sav); 6427 IPSECLOG(LOG_DEBUG, "there was invalid proto in SAD.\n"); 6428 return key_senderror(so, m, EINVAL); 6429 } 6430 6431 /* create new sadb_msg to reply. */ 6432 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 6433 mhp->msg->sadb_msg_pid); 6434 KEY_SA_UNREF(&sav); 6435 m_freem(m); 6436 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 6437 } 6438 } 6439 6440 /* XXX make it sysctl-configurable? */ 6441 static void 6442 key_getcomb_setlifetime(struct sadb_comb *comb) 6443 { 6444 6445 comb->sadb_comb_soft_allocations = 1; 6446 comb->sadb_comb_hard_allocations = 1; 6447 comb->sadb_comb_soft_bytes = 0; 6448 comb->sadb_comb_hard_bytes = 0; 6449 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 6450 comb->sadb_comb_soft_addtime = comb->sadb_comb_hard_addtime * 80 / 100; 6451 comb->sadb_comb_hard_usetime = 28800; /* 8 hours */ 6452 comb->sadb_comb_soft_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 6453 } 6454 6455 /* 6456 * XXX reorder combinations by preference 6457 * XXX no idea if the user wants ESP authentication or not 6458 */ 6459 static struct mbuf * 6460 key_getcomb_esp(int mflag) 6461 { 6462 struct sadb_comb *comb; 6463 const struct enc_xform *algo; 6464 struct mbuf *result = NULL, *m, *n; 6465 int encmin; 6466 int i, off, o; 6467 int totlen; 6468 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6469 6470 m = NULL; 6471 for (i = 1; i <= SADB_EALG_MAX; i++) { 6472 algo = esp_algorithm_lookup(i); 6473 if (algo == NULL) 6474 continue; 6475 6476 /* discard algorithms with key size smaller than system min */ 6477 if (_BITS(algo->maxkey) < ipsec_esp_keymin) 6478 continue; 6479 if (_BITS(algo->minkey) < ipsec_esp_keymin) 6480 encmin = ipsec_esp_keymin; 6481 else 6482 encmin = _BITS(algo->minkey); 6483 6484 if (ipsec_esp_auth) 6485 m = key_getcomb_ah(mflag); 6486 else { 6487 KASSERTMSG(l <= MLEN, 6488 "l=%u > MLEN=%lu", l, (u_long) MLEN); 6489 MGET(m, mflag, MT_DATA); 6490 if (m) { 6491 m_align(m, l); 6492 m->m_len = l; 6493 m->m_next = NULL; 6494 memset(mtod(m, void *), 0, m->m_len); 6495 } 6496 } 6497 if (!m) 6498 goto fail; 6499 6500 totlen = 0; 6501 for (n = m; n; n = n->m_next) 6502 totlen += n->m_len; 6503 KASSERTMSG((totlen % l) == 0, "totlen=%u, l=%u", totlen, l); 6504 6505 for (off = 0; off < totlen; off += l) { 6506 n = m_pulldown(m, off, l, &o); 6507 if (!n) { 6508 /* m is already freed */ 6509 goto fail; 6510 } 6511 comb = (struct sadb_comb *)(mtod(n, char *) + o); 6512 memset(comb, 0, sizeof(*comb)); 6513 key_getcomb_setlifetime(comb); 6514 comb->sadb_comb_encrypt = i; 6515 comb->sadb_comb_encrypt_minbits = encmin; 6516 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 6517 } 6518 6519 if (!result) 6520 result = m; 6521 else 6522 m_cat(result, m); 6523 } 6524 6525 return result; 6526 6527 fail: 6528 if (result) 6529 m_freem(result); 6530 return NULL; 6531 } 6532 6533 static void 6534 key_getsizes_ah(const struct auth_hash *ah, int alg, 6535 u_int16_t* ksmin, u_int16_t* ksmax) 6536 { 6537 *ksmin = *ksmax = ah->keysize; 6538 if (ah->keysize == 0) { 6539 /* 6540 * Transform takes arbitrary key size but algorithm 6541 * key size is restricted. Enforce this here. 6542 */ 6543 switch (alg) { 6544 case SADB_X_AALG_MD5: *ksmin = *ksmax = 16; break; 6545 case SADB_X_AALG_SHA: *ksmin = *ksmax = 20; break; 6546 case SADB_X_AALG_NULL: *ksmin = 0; *ksmax = 256; break; 6547 default: 6548 IPSECLOG(LOG_DEBUG, "unknown AH algorithm %u\n", alg); 6549 break; 6550 } 6551 } 6552 } 6553 6554 /* 6555 * XXX reorder combinations by preference 6556 */ 6557 static struct mbuf * 6558 key_getcomb_ah(int mflag) 6559 { 6560 struct sadb_comb *comb; 6561 const struct auth_hash *algo; 6562 struct mbuf *m; 6563 u_int16_t minkeysize, maxkeysize; 6564 int i; 6565 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6566 6567 m = NULL; 6568 for (i = 1; i <= SADB_AALG_MAX; i++) { 6569 #if 1 6570 /* we prefer HMAC algorithms, not old algorithms */ 6571 if (i != SADB_AALG_SHA1HMAC && 6572 i != SADB_AALG_MD5HMAC && 6573 i != SADB_X_AALG_SHA2_256 && 6574 i != SADB_X_AALG_SHA2_384 && 6575 i != SADB_X_AALG_SHA2_512) 6576 continue; 6577 #endif 6578 algo = ah_algorithm_lookup(i); 6579 if (!algo) 6580 continue; 6581 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); 6582 /* discard algorithms with key size smaller than system min */ 6583 if (_BITS(minkeysize) < ipsec_ah_keymin) 6584 continue; 6585 6586 if (!m) { 6587 KASSERTMSG(l <= MLEN, 6588 "l=%u > MLEN=%lu", l, (u_long) MLEN); 6589 MGET(m, mflag, MT_DATA); 6590 if (m) { 6591 m_align(m, l); 6592 m->m_len = l; 6593 m->m_next = NULL; 6594 } 6595 } else 6596 M_PREPEND(m, l, mflag); 6597 if (!m) 6598 return NULL; 6599 6600 if (m->m_len < sizeof(struct sadb_comb)) { 6601 m = m_pullup(m, sizeof(struct sadb_comb)); 6602 if (m == NULL) 6603 return NULL; 6604 } 6605 6606 comb = mtod(m, struct sadb_comb *); 6607 memset(comb, 0, sizeof(*comb)); 6608 key_getcomb_setlifetime(comb); 6609 comb->sadb_comb_auth = i; 6610 comb->sadb_comb_auth_minbits = _BITS(minkeysize); 6611 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); 6612 } 6613 6614 return m; 6615 } 6616 6617 /* 6618 * not really an official behavior. discussed in pf_key (at) inner.net in Sep2000. 6619 * XXX reorder combinations by preference 6620 */ 6621 static struct mbuf * 6622 key_getcomb_ipcomp(int mflag) 6623 { 6624 struct sadb_comb *comb; 6625 const struct comp_algo *algo; 6626 struct mbuf *m; 6627 int i; 6628 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6629 6630 m = NULL; 6631 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 6632 algo = ipcomp_algorithm_lookup(i); 6633 if (!algo) 6634 continue; 6635 6636 if (!m) { 6637 KASSERTMSG(l <= MLEN, 6638 "l=%u > MLEN=%lu", l, (u_long) MLEN); 6639 MGET(m, mflag, MT_DATA); 6640 if (m) { 6641 m_align(m, l); 6642 m->m_len = l; 6643 m->m_next = NULL; 6644 } 6645 } else 6646 M_PREPEND(m, l, mflag); 6647 if (!m) 6648 return NULL; 6649 6650 if (m->m_len < sizeof(struct sadb_comb)) { 6651 m = m_pullup(m, sizeof(struct sadb_comb)); 6652 if (m == NULL) 6653 return NULL; 6654 } 6655 6656 comb = mtod(m, struct sadb_comb *); 6657 memset(comb, 0, sizeof(*comb)); 6658 key_getcomb_setlifetime(comb); 6659 comb->sadb_comb_encrypt = i; 6660 /* what should we set into sadb_comb_*_{min,max}bits? */ 6661 } 6662 6663 return m; 6664 } 6665 6666 /* 6667 * XXX no way to pass mode (transport/tunnel) to userland 6668 * XXX replay checking? 6669 * XXX sysctl interface to ipsec_{ah,esp}_keymin 6670 */ 6671 static struct mbuf * 6672 key_getprop(const struct secasindex *saidx, int mflag) 6673 { 6674 struct sadb_prop *prop; 6675 struct mbuf *m, *n; 6676 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 6677 int totlen; 6678 6679 switch (saidx->proto) { 6680 case IPPROTO_ESP: 6681 m = key_getcomb_esp(mflag); 6682 break; 6683 case IPPROTO_AH: 6684 m = key_getcomb_ah(mflag); 6685 break; 6686 case IPPROTO_IPCOMP: 6687 m = key_getcomb_ipcomp(mflag); 6688 break; 6689 default: 6690 return NULL; 6691 } 6692 6693 if (!m) 6694 return NULL; 6695 M_PREPEND(m, l, mflag); 6696 if (!m) 6697 return NULL; 6698 6699 totlen = 0; 6700 for (n = m; n; n = n->m_next) 6701 totlen += n->m_len; 6702 6703 prop = mtod(m, struct sadb_prop *); 6704 memset(prop, 0, sizeof(*prop)); 6705 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 6706 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 6707 prop->sadb_prop_replay = 32; /* XXX */ 6708 6709 return m; 6710 } 6711 6712 /* 6713 * SADB_ACQUIRE processing called by key_checkrequest() and key_api_acquire(). 6714 * send 6715 * <base, SA, address(SD), (address(P)), x_policy, 6716 * (identity(SD),) (sensitivity,) proposal> 6717 * to KMD, and expect to receive 6718 * <base> with SADB_ACQUIRE if error occurred, 6719 * or 6720 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 6721 * from KMD by PF_KEY. 6722 * 6723 * XXX x_policy is outside of RFC2367 (KAME extension). 6724 * XXX sensitivity is not supported. 6725 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 6726 * see comment for key_getcomb_ipcomp(). 6727 * 6728 * OUT: 6729 * 0 : succeed 6730 * others: error number 6731 */ 6732 static int 6733 key_acquire(const struct secasindex *saidx, const struct secpolicy *sp, int mflag) 6734 { 6735 struct mbuf *result = NULL, *m; 6736 #ifndef IPSEC_NONBLOCK_ACQUIRE 6737 struct secacq *newacq; 6738 #endif 6739 u_int8_t satype; 6740 int error = -1; 6741 u_int32_t seq; 6742 6743 /* sanity check */ 6744 KASSERT(saidx != NULL); 6745 satype = key_proto2satype(saidx->proto); 6746 KASSERTMSG(satype != 0, "null satype, protocol %u", saidx->proto); 6747 6748 #ifndef IPSEC_NONBLOCK_ACQUIRE 6749 /* 6750 * We never do anything about acquirng SA. There is anather 6751 * solution that kernel blocks to send SADB_ACQUIRE message until 6752 * getting something message from IKEd. In later case, to be 6753 * managed with ACQUIRING list. 6754 */ 6755 /* Get an entry to check whether sending message or not. */ 6756 mutex_enter(&key_misc.lock); 6757 newacq = key_getacq(saidx); 6758 if (newacq != NULL) { 6759 if (key_blockacq_count < newacq->count) { 6760 /* reset counter and do send message. */ 6761 newacq->count = 0; 6762 } else { 6763 /* increment counter and do nothing. */ 6764 newacq->count++; 6765 mutex_exit(&key_misc.lock); 6766 return 0; 6767 } 6768 } else { 6769 /* make new entry for blocking to send SADB_ACQUIRE. */ 6770 newacq = key_newacq(saidx); 6771 if (newacq == NULL) { 6772 mutex_exit(&key_misc.lock); 6773 return ENOBUFS; 6774 } 6775 6776 /* add to key_misc.acqlist */ 6777 LIST_INSERT_HEAD(&key_misc.acqlist, newacq, chain); 6778 } 6779 6780 seq = newacq->seq; 6781 mutex_exit(&key_misc.lock); 6782 #else 6783 seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq)); 6784 #endif 6785 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0, mflag); 6786 if (!m) { 6787 error = ENOBUFS; 6788 goto fail; 6789 } 6790 result = m; 6791 6792 /* set sadb_address for saidx's. */ 6793 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &saidx->src.sa, FULLMASK, 6794 IPSEC_ULPROTO_ANY, mflag); 6795 if (!m) { 6796 error = ENOBUFS; 6797 goto fail; 6798 } 6799 m_cat(result, m); 6800 6801 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &saidx->dst.sa, FULLMASK, 6802 IPSEC_ULPROTO_ANY, mflag); 6803 if (!m) { 6804 error = ENOBUFS; 6805 goto fail; 6806 } 6807 m_cat(result, m); 6808 6809 /* XXX proxy address (optional) */ 6810 6811 /* set sadb_x_policy */ 6812 if (sp) { 6813 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, 6814 mflag); 6815 if (!m) { 6816 error = ENOBUFS; 6817 goto fail; 6818 } 6819 m_cat(result, m); 6820 } 6821 6822 /* XXX identity (optional) */ 6823 #if 0 6824 if (idexttype && fqdn) { 6825 /* create identity extension (FQDN) */ 6826 struct sadb_ident *id; 6827 int fqdnlen; 6828 6829 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 6830 id = (struct sadb_ident *)p; 6831 memset(id, 0, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6832 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6833 id->sadb_ident_exttype = idexttype; 6834 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 6835 memcpy(id + 1, fqdn, fqdnlen); 6836 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 6837 } 6838 6839 if (idexttype) { 6840 /* create identity extension (USERFQDN) */ 6841 struct sadb_ident *id; 6842 int userfqdnlen; 6843 6844 if (userfqdn) { 6845 /* +1 for terminating-NUL */ 6846 userfqdnlen = strlen(userfqdn) + 1; 6847 } else 6848 userfqdnlen = 0; 6849 id = (struct sadb_ident *)p; 6850 memset(id, 0, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6851 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6852 id->sadb_ident_exttype = idexttype; 6853 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 6854 /* XXX is it correct? */ 6855 if (curlwp) 6856 id->sadb_ident_id = kauth_cred_getuid(curlwp->l_cred); 6857 if (userfqdn && userfqdnlen) 6858 memcpy(id + 1, userfqdn, userfqdnlen); 6859 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 6860 } 6861 #endif 6862 6863 /* XXX sensitivity (optional) */ 6864 6865 /* create proposal/combination extension */ 6866 m = key_getprop(saidx, mflag); 6867 #if 0 6868 /* 6869 * spec conformant: always attach proposal/combination extension, 6870 * the problem is that we have no way to attach it for ipcomp, 6871 * due to the way sadb_comb is declared in RFC2367. 6872 */ 6873 if (!m) { 6874 error = ENOBUFS; 6875 goto fail; 6876 } 6877 m_cat(result, m); 6878 #else 6879 /* 6880 * outside of spec; make proposal/combination extension optional. 6881 */ 6882 if (m) 6883 m_cat(result, m); 6884 #endif 6885 6886 KASSERT(result->m_flags & M_PKTHDR); 6887 KASSERT(result->m_len >= sizeof(struct sadb_msg)); 6888 6889 result->m_pkthdr.len = 0; 6890 for (m = result; m; m = m->m_next) 6891 result->m_pkthdr.len += m->m_len; 6892 6893 mtod(result, struct sadb_msg *)->sadb_msg_len = 6894 PFKEY_UNIT64(result->m_pkthdr.len); 6895 6896 /* 6897 * Called from key_api_acquire that must come from userland, so 6898 * we can call key_sendup_mbuf immediately. 6899 */ 6900 if (mflag == M_WAITOK) 6901 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 6902 /* 6903 * XXX we cannot call key_sendup_mbuf directly here because 6904 * it can cause a deadlock: 6905 * - We have a reference to an SP (and an SA) here 6906 * - key_sendup_mbuf will try to take key_so_mtx 6907 * - Some other thread may try to localcount_drain to the SP with 6908 * holding key_so_mtx in say key_api_spdflush 6909 * - In this case localcount_drain never return because key_sendup_mbuf 6910 * that has stuck on key_so_mtx never release a reference to the SP 6911 * 6912 * So defer key_sendup_mbuf to the timer. 6913 */ 6914 return key_acquire_sendup_mbuf_later(result); 6915 6916 fail: 6917 if (result) 6918 m_freem(result); 6919 return error; 6920 } 6921 6922 static struct mbuf *key_acquire_mbuf_head = NULL; 6923 static unsigned key_acquire_mbuf_count = 0; 6924 #define KEY_ACQUIRE_MBUF_MAX 10 6925 6926 static void 6927 key_acquire_sendup_pending_mbuf(void) 6928 { 6929 struct mbuf *m, *prev; 6930 int error; 6931 6932 again: 6933 prev = NULL; 6934 mutex_enter(&key_misc.lock); 6935 m = key_acquire_mbuf_head; 6936 /* Get an earliest mbuf (one at the tail of the list) */ 6937 while (m != NULL) { 6938 if (m->m_nextpkt == NULL) { 6939 if (prev != NULL) 6940 prev->m_nextpkt = NULL; 6941 if (m == key_acquire_mbuf_head) 6942 key_acquire_mbuf_head = NULL; 6943 key_acquire_mbuf_count--; 6944 break; 6945 } 6946 prev = m; 6947 m = m->m_nextpkt; 6948 } 6949 mutex_exit(&key_misc.lock); 6950 6951 if (m == NULL) 6952 return; 6953 6954 m->m_nextpkt = NULL; 6955 error = key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 6956 if (error != 0) 6957 IPSECLOG(LOG_WARNING, "key_sendup_mbuf failed (error=%d)\n", 6958 error); 6959 6960 if (prev != NULL) 6961 goto again; 6962 } 6963 6964 static int 6965 key_acquire_sendup_mbuf_later(struct mbuf *m) 6966 { 6967 6968 mutex_enter(&key_misc.lock); 6969 /* Avoid queuing too much mbufs */ 6970 if (key_acquire_mbuf_count >= KEY_ACQUIRE_MBUF_MAX) { 6971 mutex_exit(&key_misc.lock); 6972 m_freem(m); 6973 return ENOBUFS; /* XXX */ 6974 } 6975 /* Enqueue mbuf at the head of the list */ 6976 m->m_nextpkt = key_acquire_mbuf_head; 6977 key_acquire_mbuf_head = m; 6978 key_acquire_mbuf_count++; 6979 mutex_exit(&key_misc.lock); 6980 6981 /* Kick the timer */ 6982 key_timehandler(NULL); 6983 6984 return 0; 6985 } 6986 6987 #ifndef IPSEC_NONBLOCK_ACQUIRE 6988 static struct secacq * 6989 key_newacq(const struct secasindex *saidx) 6990 { 6991 struct secacq *newacq; 6992 6993 /* get new entry */ 6994 newacq = kmem_intr_zalloc(sizeof(struct secacq), KM_NOSLEEP); 6995 if (newacq == NULL) { 6996 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 6997 return NULL; 6998 } 6999 7000 /* copy secindex */ 7001 memcpy(&newacq->saidx, saidx, sizeof(newacq->saidx)); 7002 newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq); 7003 newacq->created = time_uptime; 7004 newacq->count = 0; 7005 7006 return newacq; 7007 } 7008 7009 static struct secacq * 7010 key_getacq(const struct secasindex *saidx) 7011 { 7012 struct secacq *acq; 7013 7014 KASSERT(mutex_owned(&key_misc.lock)); 7015 7016 LIST_FOREACH(acq, &key_misc.acqlist, chain) { 7017 if (key_saidx_match(saidx, &acq->saidx, CMP_EXACTLY)) 7018 return acq; 7019 } 7020 7021 return NULL; 7022 } 7023 7024 static struct secacq * 7025 key_getacqbyseq(u_int32_t seq) 7026 { 7027 struct secacq *acq; 7028 7029 KASSERT(mutex_owned(&key_misc.lock)); 7030 7031 LIST_FOREACH(acq, &key_misc.acqlist, chain) { 7032 if (acq->seq == seq) 7033 return acq; 7034 } 7035 7036 return NULL; 7037 } 7038 #endif 7039 7040 #ifdef notyet 7041 static struct secspacq * 7042 key_newspacq(const struct secpolicyindex *spidx) 7043 { 7044 struct secspacq *acq; 7045 7046 /* get new entry */ 7047 acq = kmem_intr_zalloc(sizeof(struct secspacq), KM_NOSLEEP); 7048 if (acq == NULL) { 7049 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 7050 return NULL; 7051 } 7052 7053 /* copy secindex */ 7054 memcpy(&acq->spidx, spidx, sizeof(acq->spidx)); 7055 acq->created = time_uptime; 7056 acq->count = 0; 7057 7058 return acq; 7059 } 7060 7061 static struct secspacq * 7062 key_getspacq(const struct secpolicyindex *spidx) 7063 { 7064 struct secspacq *acq; 7065 7066 LIST_FOREACH(acq, &key_misc.spacqlist, chain) { 7067 if (key_spidx_match_exactly(spidx, &acq->spidx)) 7068 return acq; 7069 } 7070 7071 return NULL; 7072 } 7073 #endif /* notyet */ 7074 7075 /* 7076 * SADB_ACQUIRE processing, 7077 * in first situation, is receiving 7078 * <base> 7079 * from the ikmpd, and clear sequence of its secasvar entry. 7080 * 7081 * In second situation, is receiving 7082 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 7083 * from a user land process, and return 7084 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 7085 * to the socket. 7086 * 7087 * m will always be freed. 7088 */ 7089 static int 7090 key_api_acquire(struct socket *so, struct mbuf *m, 7091 const struct sadb_msghdr *mhp) 7092 { 7093 const struct sockaddr *src, *dst; 7094 struct secasindex saidx; 7095 u_int16_t proto; 7096 int error; 7097 7098 /* 7099 * Error message from KMd. 7100 * We assume that if error was occurred in IKEd, the length of PFKEY 7101 * message is equal to the size of sadb_msg structure. 7102 * We do not raise error even if error occurred in this function. 7103 */ 7104 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 7105 #ifndef IPSEC_NONBLOCK_ACQUIRE 7106 struct secacq *acq; 7107 7108 /* check sequence number */ 7109 if (mhp->msg->sadb_msg_seq == 0) { 7110 IPSECLOG(LOG_DEBUG, "must specify sequence number.\n"); 7111 m_freem(m); 7112 return 0; 7113 } 7114 7115 mutex_enter(&key_misc.lock); 7116 acq = key_getacqbyseq(mhp->msg->sadb_msg_seq); 7117 if (acq == NULL) { 7118 mutex_exit(&key_misc.lock); 7119 /* 7120 * the specified larval SA is already gone, or we got 7121 * a bogus sequence number. we can silently ignore it. 7122 */ 7123 m_freem(m); 7124 return 0; 7125 } 7126 7127 /* reset acq counter in order to deletion by timehander. */ 7128 acq->created = time_uptime; 7129 acq->count = 0; 7130 mutex_exit(&key_misc.lock); 7131 #endif 7132 m_freem(m); 7133 return 0; 7134 } 7135 7136 /* 7137 * This message is from user land. 7138 */ 7139 7140 /* map satype to proto */ 7141 proto = key_satype2proto(mhp->msg->sadb_msg_satype); 7142 if (proto == 0) { 7143 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n"); 7144 return key_senderror(so, m, EINVAL); 7145 } 7146 7147 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 7148 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 7149 mhp->ext[SADB_EXT_PROPOSAL] == NULL) { 7150 /* error */ 7151 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 7152 return key_senderror(so, m, EINVAL); 7153 } 7154 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 7155 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || 7156 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) { 7157 /* error */ 7158 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); 7159 return key_senderror(so, m, EINVAL); 7160 } 7161 7162 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC); 7163 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST); 7164 7165 error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src, dst, &saidx); 7166 if (error != 0) 7167 return key_senderror(so, m, EINVAL); 7168 7169 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp); 7170 if (error != 0) 7171 return key_senderror(so, m, EINVAL); 7172 7173 /* get a SA index */ 7174 { 7175 struct secashead *sah; 7176 int s = pserialize_read_enter(); 7177 7178 sah = key_getsah(&saidx, CMP_MODE_REQID); 7179 if (sah != NULL) { 7180 pserialize_read_exit(s); 7181 IPSECLOG(LOG_DEBUG, "a SA exists already.\n"); 7182 return key_senderror(so, m, EEXIST); 7183 } 7184 pserialize_read_exit(s); 7185 } 7186 7187 error = key_acquire(&saidx, NULL, M_WAITOK); 7188 if (error != 0) { 7189 IPSECLOG(LOG_DEBUG, "error %d returned from key_acquire.\n", 7190 error); 7191 return key_senderror(so, m, error); 7192 } 7193 7194 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED); 7195 } 7196 7197 /* 7198 * SADB_REGISTER processing. 7199 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 7200 * receive 7201 * <base> 7202 * from the ikmpd, and register a socket to send PF_KEY messages, 7203 * and send 7204 * <base, supported> 7205 * to KMD by PF_KEY. 7206 * If socket is detached, must free from regnode. 7207 * 7208 * m will always be freed. 7209 */ 7210 static int 7211 key_api_register(struct socket *so, struct mbuf *m, 7212 const struct sadb_msghdr *mhp) 7213 { 7214 struct secreg *reg, *newreg = 0; 7215 7216 /* check for invalid register message */ 7217 if (mhp->msg->sadb_msg_satype >= __arraycount(key_misc.reglist)) 7218 return key_senderror(so, m, EINVAL); 7219 7220 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 7221 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 7222 goto setmsg; 7223 7224 /* Allocate regnode in advance, out of mutex */ 7225 newreg = kmem_zalloc(sizeof(*newreg), KM_SLEEP); 7226 7227 /* check whether existing or not */ 7228 mutex_enter(&key_misc.lock); 7229 LIST_FOREACH(reg, &key_misc.reglist[mhp->msg->sadb_msg_satype], chain) { 7230 if (reg->so == so) { 7231 IPSECLOG(LOG_DEBUG, "socket exists already.\n"); 7232 mutex_exit(&key_misc.lock); 7233 kmem_free(newreg, sizeof(*newreg)); 7234 return key_senderror(so, m, EEXIST); 7235 } 7236 } 7237 7238 newreg->so = so; 7239 ((struct keycb *)sotorawcb(so))->kp_registered++; 7240 7241 /* add regnode to key_misc.reglist. */ 7242 LIST_INSERT_HEAD(&key_misc.reglist[mhp->msg->sadb_msg_satype], newreg, chain); 7243 mutex_exit(&key_misc.lock); 7244 7245 setmsg: 7246 { 7247 struct mbuf *n; 7248 struct sadb_supported *sup; 7249 u_int len, alen, elen; 7250 int off; 7251 int i; 7252 struct sadb_alg *alg; 7253 7254 /* create new sadb_msg to reply. */ 7255 alen = 0; 7256 for (i = 1; i <= SADB_AALG_MAX; i++) { 7257 if (ah_algorithm_lookup(i)) 7258 alen += sizeof(struct sadb_alg); 7259 } 7260 if (alen) 7261 alen += sizeof(struct sadb_supported); 7262 elen = 0; 7263 for (i = 1; i <= SADB_EALG_MAX; i++) { 7264 if (esp_algorithm_lookup(i)) 7265 elen += sizeof(struct sadb_alg); 7266 } 7267 if (elen) 7268 elen += sizeof(struct sadb_supported); 7269 7270 len = sizeof(struct sadb_msg) + alen + elen; 7271 7272 if (len > MCLBYTES) 7273 return key_senderror(so, m, ENOBUFS); 7274 7275 n = key_alloc_mbuf_simple(len, M_WAITOK); 7276 n->m_pkthdr.len = n->m_len = len; 7277 n->m_next = NULL; 7278 off = 0; 7279 7280 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off); 7281 key_fill_replymsg(n, 0); 7282 7283 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 7284 7285 /* for authentication algorithm */ 7286 if (alen) { 7287 sup = (struct sadb_supported *)(mtod(n, char *) + off); 7288 sup->sadb_supported_len = PFKEY_UNIT64(alen); 7289 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 7290 sup->sadb_supported_reserved = 0; 7291 off += PFKEY_ALIGN8(sizeof(*sup)); 7292 7293 for (i = 1; i <= SADB_AALG_MAX; i++) { 7294 const struct auth_hash *aalgo; 7295 u_int16_t minkeysize, maxkeysize; 7296 7297 aalgo = ah_algorithm_lookup(i); 7298 if (!aalgo) 7299 continue; 7300 alg = (struct sadb_alg *)(mtod(n, char *) + off); 7301 alg->sadb_alg_id = i; 7302 alg->sadb_alg_ivlen = 0; 7303 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); 7304 alg->sadb_alg_minbits = _BITS(minkeysize); 7305 alg->sadb_alg_maxbits = _BITS(maxkeysize); 7306 alg->sadb_alg_reserved = 0; 7307 off += PFKEY_ALIGN8(sizeof(*alg)); 7308 } 7309 } 7310 7311 /* for encryption algorithm */ 7312 if (elen) { 7313 sup = (struct sadb_supported *)(mtod(n, char *) + off); 7314 sup->sadb_supported_len = PFKEY_UNIT64(elen); 7315 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 7316 sup->sadb_supported_reserved = 0; 7317 off += PFKEY_ALIGN8(sizeof(*sup)); 7318 7319 for (i = 1; i <= SADB_EALG_MAX; i++) { 7320 const struct enc_xform *ealgo; 7321 7322 ealgo = esp_algorithm_lookup(i); 7323 if (!ealgo) 7324 continue; 7325 alg = (struct sadb_alg *)(mtod(n, char *) + off); 7326 alg->sadb_alg_id = i; 7327 alg->sadb_alg_ivlen = ealgo->blocksize; 7328 alg->sadb_alg_minbits = _BITS(ealgo->minkey); 7329 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); 7330 alg->sadb_alg_reserved = 0; 7331 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 7332 } 7333 } 7334 7335 KASSERTMSG(off == len, "length inconsistency"); 7336 7337 m_freem(m); 7338 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 7339 } 7340 } 7341 7342 /* 7343 * free secreg entry registered. 7344 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 7345 */ 7346 void 7347 key_freereg(struct socket *so) 7348 { 7349 struct secreg *reg; 7350 int i; 7351 7352 KASSERT(!cpu_softintr_p()); 7353 KASSERT(so != NULL); 7354 7355 /* 7356 * check whether existing or not. 7357 * check all type of SA, because there is a potential that 7358 * one socket is registered to multiple type of SA. 7359 */ 7360 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 7361 mutex_enter(&key_misc.lock); 7362 LIST_FOREACH(reg, &key_misc.reglist[i], chain) { 7363 if (reg->so == so) { 7364 LIST_REMOVE(reg, chain); 7365 break; 7366 } 7367 } 7368 mutex_exit(&key_misc.lock); 7369 if (reg != NULL) 7370 kmem_free(reg, sizeof(*reg)); 7371 } 7372 7373 return; 7374 } 7375 7376 /* 7377 * SADB_EXPIRE processing 7378 * send 7379 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 7380 * to KMD by PF_KEY. 7381 * NOTE: We send only soft lifetime extension. 7382 * 7383 * OUT: 0 : succeed 7384 * others : error number 7385 */ 7386 static int 7387 key_expire(struct secasvar *sav) 7388 { 7389 int s; 7390 int satype; 7391 struct mbuf *result = NULL, *m; 7392 int len; 7393 int error = -1; 7394 struct sadb_lifetime *lt; 7395 lifetime_counters_t sum = {0}; 7396 7397 /* XXX: Why do we lock ? */ 7398 s = splsoftnet(); /*called from softclock()*/ 7399 7400 KASSERT(sav != NULL); 7401 7402 satype = key_proto2satype(sav->sah->saidx.proto); 7403 KASSERTMSG(satype != 0, "invalid proto is passed"); 7404 7405 /* set msg header */ 7406 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, key_sa_refcnt(sav), 7407 M_WAITOK); 7408 result = m; 7409 7410 /* create SA extension */ 7411 m = key_setsadbsa(sav); 7412 m_cat(result, m); 7413 7414 /* create SA extension */ 7415 m = key_setsadbxsa2(sav->sah->saidx.mode, 7416 sav->replay ? sav->replay->count : 0, sav->sah->saidx.reqid); 7417 m_cat(result, m); 7418 7419 /* create lifetime extension (current and soft) */ 7420 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 7421 m = key_alloc_mbuf(len, M_WAITOK); 7422 KASSERT(m->m_next == NULL); 7423 7424 memset(mtod(m, void *), 0, len); 7425 lt = mtod(m, struct sadb_lifetime *); 7426 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7427 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 7428 percpu_foreach(sav->lft_c_counters_percpu, 7429 key_sum_lifetime_counters, sum); 7430 lt->sadb_lifetime_allocations = sum[LIFETIME_COUNTER_ALLOCATIONS]; 7431 lt->sadb_lifetime_bytes = sum[LIFETIME_COUNTER_BYTES]; 7432 lt->sadb_lifetime_addtime = 7433 time_mono_to_wall(sav->lft_c->sadb_lifetime_addtime); 7434 lt->sadb_lifetime_usetime = 7435 time_mono_to_wall(sav->lft_c->sadb_lifetime_usetime); 7436 lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2); 7437 memcpy(lt, sav->lft_s, sizeof(*lt)); 7438 m_cat(result, m); 7439 7440 /* set sadb_address for source */ 7441 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &sav->sah->saidx.src.sa, 7442 FULLMASK, IPSEC_ULPROTO_ANY, M_WAITOK); 7443 m_cat(result, m); 7444 7445 /* set sadb_address for destination */ 7446 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &sav->sah->saidx.dst.sa, 7447 FULLMASK, IPSEC_ULPROTO_ANY, M_WAITOK); 7448 m_cat(result, m); 7449 7450 if ((result->m_flags & M_PKTHDR) == 0) { 7451 error = EINVAL; 7452 goto fail; 7453 } 7454 7455 if (result->m_len < sizeof(struct sadb_msg)) { 7456 result = m_pullup(result, sizeof(struct sadb_msg)); 7457 if (result == NULL) { 7458 error = ENOBUFS; 7459 goto fail; 7460 } 7461 } 7462 7463 result->m_pkthdr.len = 0; 7464 for (m = result; m; m = m->m_next) 7465 result->m_pkthdr.len += m->m_len; 7466 7467 mtod(result, struct sadb_msg *)->sadb_msg_len = 7468 PFKEY_UNIT64(result->m_pkthdr.len); 7469 7470 splx(s); 7471 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7472 7473 fail: 7474 if (result) 7475 m_freem(result); 7476 splx(s); 7477 return error; 7478 } 7479 7480 /* 7481 * SADB_FLUSH processing 7482 * receive 7483 * <base> 7484 * from the ikmpd, and free all entries in secastree. 7485 * and send, 7486 * <base> 7487 * to the ikmpd. 7488 * NOTE: to do is only marking SADB_SASTATE_DEAD. 7489 * 7490 * m will always be freed. 7491 */ 7492 static int 7493 key_api_flush(struct socket *so, struct mbuf *m, 7494 const struct sadb_msghdr *mhp) 7495 { 7496 struct sadb_msg *newmsg; 7497 struct secashead *sah; 7498 struct secasvar *sav; 7499 u_int16_t proto; 7500 u_int8_t state; 7501 int s; 7502 7503 /* map satype to proto */ 7504 proto = key_satype2proto(mhp->msg->sadb_msg_satype); 7505 if (proto == 0) { 7506 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n"); 7507 return key_senderror(so, m, EINVAL); 7508 } 7509 7510 /* no SATYPE specified, i.e. flushing all SA. */ 7511 s = pserialize_read_enter(); 7512 SAHLIST_READER_FOREACH(sah) { 7513 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7514 proto != sah->saidx.proto) 7515 continue; 7516 7517 key_sah_ref(sah); 7518 pserialize_read_exit(s); 7519 7520 SASTATE_ALIVE_FOREACH(state) { 7521 restart: 7522 mutex_enter(&key_sad.lock); 7523 SAVLIST_WRITER_FOREACH(sav, sah, state) { 7524 sav->state = SADB_SASTATE_DEAD; 7525 key_unlink_sav(sav); 7526 mutex_exit(&key_sad.lock); 7527 key_destroy_sav(sav); 7528 goto restart; 7529 } 7530 mutex_exit(&key_sad.lock); 7531 } 7532 7533 s = pserialize_read_enter(); 7534 sah->state = SADB_SASTATE_DEAD; 7535 key_sah_unref(sah); 7536 } 7537 pserialize_read_exit(s); 7538 7539 if (m->m_len < sizeof(struct sadb_msg) || 7540 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 7541 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 7542 return key_senderror(so, m, ENOBUFS); 7543 } 7544 7545 if (m->m_next) 7546 m_freem(m->m_next); 7547 m->m_next = NULL; 7548 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 7549 newmsg = mtod(m, struct sadb_msg *); 7550 newmsg->sadb_msg_errno = 0; 7551 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 7552 7553 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7554 } 7555 7556 7557 static struct mbuf * 7558 key_setdump_chain(u_int8_t req_satype, int *errorp, int *lenp, pid_t pid) 7559 { 7560 struct secashead *sah; 7561 struct secasvar *sav; 7562 u_int16_t proto; 7563 u_int8_t satype; 7564 u_int8_t state; 7565 int cnt; 7566 struct mbuf *m, *n, *prev; 7567 7568 KASSERT(mutex_owned(&key_sad.lock)); 7569 7570 *lenp = 0; 7571 7572 /* map satype to proto */ 7573 proto = key_satype2proto(req_satype); 7574 if (proto == 0) { 7575 *errorp = EINVAL; 7576 return (NULL); 7577 } 7578 7579 /* count sav entries to be sent to userland. */ 7580 cnt = 0; 7581 SAHLIST_WRITER_FOREACH(sah) { 7582 if (req_satype != SADB_SATYPE_UNSPEC && 7583 proto != sah->saidx.proto) 7584 continue; 7585 7586 SASTATE_ANY_FOREACH(state) { 7587 SAVLIST_WRITER_FOREACH(sav, sah, state) { 7588 cnt++; 7589 } 7590 } 7591 } 7592 7593 if (cnt == 0) { 7594 *errorp = ENOENT; 7595 return (NULL); 7596 } 7597 7598 /* send this to the userland, one at a time. */ 7599 m = NULL; 7600 prev = m; 7601 SAHLIST_WRITER_FOREACH(sah) { 7602 if (req_satype != SADB_SATYPE_UNSPEC && 7603 proto != sah->saidx.proto) 7604 continue; 7605 7606 /* map proto to satype */ 7607 satype = key_proto2satype(sah->saidx.proto); 7608 if (satype == 0) { 7609 m_freem(m); 7610 *errorp = EINVAL; 7611 return (NULL); 7612 } 7613 7614 SASTATE_ANY_FOREACH(state) { 7615 SAVLIST_WRITER_FOREACH(sav, sah, state) { 7616 n = key_setdumpsa(sav, SADB_DUMP, satype, 7617 --cnt, pid); 7618 if (!m) 7619 m = n; 7620 else 7621 prev->m_nextpkt = n; 7622 prev = n; 7623 } 7624 } 7625 } 7626 7627 if (!m) { 7628 *errorp = EINVAL; 7629 return (NULL); 7630 } 7631 7632 if ((m->m_flags & M_PKTHDR) != 0) { 7633 m->m_pkthdr.len = 0; 7634 for (n = m; n; n = n->m_next) 7635 m->m_pkthdr.len += n->m_len; 7636 } 7637 7638 *errorp = 0; 7639 return (m); 7640 } 7641 7642 /* 7643 * SADB_DUMP processing 7644 * dump all entries including status of DEAD in SAD. 7645 * receive 7646 * <base> 7647 * from the ikmpd, and dump all secasvar leaves 7648 * and send, 7649 * <base> ..... 7650 * to the ikmpd. 7651 * 7652 * m will always be freed. 7653 */ 7654 static int 7655 key_api_dump(struct socket *so, struct mbuf *m0, 7656 const struct sadb_msghdr *mhp) 7657 { 7658 u_int16_t proto; 7659 u_int8_t satype; 7660 struct mbuf *n; 7661 int error, len, ok; 7662 7663 /* map satype to proto */ 7664 satype = mhp->msg->sadb_msg_satype; 7665 proto = key_satype2proto(satype); 7666 if (proto == 0) { 7667 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n"); 7668 return key_senderror(so, m0, EINVAL); 7669 } 7670 7671 /* 7672 * If the requestor has insufficient socket-buffer space 7673 * for the entire chain, nobody gets any response to the DUMP. 7674 * XXX For now, only the requestor ever gets anything. 7675 * Moreover, if the requestor has any space at all, they receive 7676 * the entire chain, otherwise the request is refused with ENOBUFS. 7677 */ 7678 if (sbspace(&so->so_rcv) <= 0) { 7679 return key_senderror(so, m0, ENOBUFS); 7680 } 7681 7682 mutex_enter(&key_sad.lock); 7683 n = key_setdump_chain(satype, &error, &len, mhp->msg->sadb_msg_pid); 7684 mutex_exit(&key_sad.lock); 7685 7686 if (n == NULL) { 7687 return key_senderror(so, m0, ENOENT); 7688 } 7689 { 7690 uint64_t *ps = PFKEY_STAT_GETREF(); 7691 ps[PFKEY_STAT_IN_TOTAL]++; 7692 ps[PFKEY_STAT_IN_BYTES] += len; 7693 PFKEY_STAT_PUTREF(); 7694 } 7695 7696 /* 7697 * PF_KEY DUMP responses are no longer broadcast to all PF_KEY sockets. 7698 * The requestor receives either the entire chain, or an 7699 * error message with ENOBUFS. 7700 * 7701 * sbappendaddrchain() takes the chain of entries, one 7702 * packet-record per SPD entry, prepends the key_src sockaddr 7703 * to each packet-record, links the sockaddr mbufs into a new 7704 * list of records, then appends the entire resulting 7705 * list to the requesting socket. 7706 */ 7707 ok = sbappendaddrchain(&so->so_rcv, (struct sockaddr *)&key_src, n, 7708 SB_PRIO_ONESHOT_OVERFLOW); 7709 7710 if (!ok) { 7711 PFKEY_STATINC(PFKEY_STAT_IN_NOMEM); 7712 m_freem(n); 7713 return key_senderror(so, m0, ENOBUFS); 7714 } 7715 7716 m_freem(m0); 7717 return 0; 7718 } 7719 7720 /* 7721 * SADB_X_PROMISC processing 7722 * 7723 * m will always be freed. 7724 */ 7725 static int 7726 key_api_promisc(struct socket *so, struct mbuf *m, 7727 const struct sadb_msghdr *mhp) 7728 { 7729 int olen; 7730 7731 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7732 7733 if (olen < sizeof(struct sadb_msg)) { 7734 #if 1 7735 return key_senderror(so, m, EINVAL); 7736 #else 7737 m_freem(m); 7738 return 0; 7739 #endif 7740 } else if (olen == sizeof(struct sadb_msg)) { 7741 /* enable/disable promisc mode */ 7742 struct keycb *kp = (struct keycb *)sotorawcb(so); 7743 if (kp == NULL) 7744 return key_senderror(so, m, EINVAL); 7745 mhp->msg->sadb_msg_errno = 0; 7746 switch (mhp->msg->sadb_msg_satype) { 7747 case 0: 7748 case 1: 7749 kp->kp_promisc = mhp->msg->sadb_msg_satype; 7750 break; 7751 default: 7752 return key_senderror(so, m, EINVAL); 7753 } 7754 7755 /* send the original message back to everyone */ 7756 mhp->msg->sadb_msg_errno = 0; 7757 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7758 } else { 7759 /* send packet as is */ 7760 7761 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 7762 7763 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 7764 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7765 } 7766 } 7767 7768 static int (*key_api_typesw[]) (struct socket *, struct mbuf *, 7769 const struct sadb_msghdr *) = { 7770 NULL, /* SADB_RESERVED */ 7771 key_api_getspi, /* SADB_GETSPI */ 7772 key_api_update, /* SADB_UPDATE */ 7773 key_api_add, /* SADB_ADD */ 7774 key_api_delete, /* SADB_DELETE */ 7775 key_api_get, /* SADB_GET */ 7776 key_api_acquire, /* SADB_ACQUIRE */ 7777 key_api_register, /* SADB_REGISTER */ 7778 NULL, /* SADB_EXPIRE */ 7779 key_api_flush, /* SADB_FLUSH */ 7780 key_api_dump, /* SADB_DUMP */ 7781 key_api_promisc, /* SADB_X_PROMISC */ 7782 NULL, /* SADB_X_PCHANGE */ 7783 key_api_spdadd, /* SADB_X_SPDUPDATE */ 7784 key_api_spdadd, /* SADB_X_SPDADD */ 7785 key_api_spddelete, /* SADB_X_SPDDELETE */ 7786 key_api_spdget, /* SADB_X_SPDGET */ 7787 NULL, /* SADB_X_SPDACQUIRE */ 7788 key_api_spddump, /* SADB_X_SPDDUMP */ 7789 key_api_spdflush, /* SADB_X_SPDFLUSH */ 7790 key_api_spdadd, /* SADB_X_SPDSETIDX */ 7791 NULL, /* SADB_X_SPDEXPIRE */ 7792 key_api_spddelete2, /* SADB_X_SPDDELETE2 */ 7793 key_api_nat_map, /* SADB_X_NAT_T_NEW_MAPPING */ 7794 }; 7795 7796 /* 7797 * parse sadb_msg buffer to process PFKEYv2, 7798 * and create a data to response if needed. 7799 * I think to be dealed with mbuf directly. 7800 * IN: 7801 * msgp : pointer to pointer to a received buffer pulluped. 7802 * This is rewrited to response. 7803 * so : pointer to socket. 7804 * OUT: 7805 * length for buffer to send to user process. 7806 */ 7807 int 7808 key_parse(struct mbuf *m, struct socket *so) 7809 { 7810 struct sadb_msg *msg; 7811 struct sadb_msghdr mh; 7812 u_int orglen; 7813 int error; 7814 7815 KASSERT(m != NULL); 7816 KASSERT(so != NULL); 7817 7818 #if 0 /*kdebug_sadb assumes msg in linear buffer*/ 7819 if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP)) { 7820 kdebug_sadb("passed sadb_msg", msg); 7821 } 7822 #endif 7823 7824 if (m->m_len < sizeof(struct sadb_msg)) { 7825 m = m_pullup(m, sizeof(struct sadb_msg)); 7826 if (!m) 7827 return ENOBUFS; 7828 } 7829 msg = mtod(m, struct sadb_msg *); 7830 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 7831 7832 if ((m->m_flags & M_PKTHDR) == 0 || 7833 m->m_pkthdr.len != orglen) { 7834 IPSECLOG(LOG_DEBUG, "invalid message length.\n"); 7835 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN); 7836 error = EINVAL; 7837 goto senderror; 7838 } 7839 7840 if (msg->sadb_msg_version != PF_KEY_V2) { 7841 IPSECLOG(LOG_DEBUG, "PF_KEY version %u is mismatched.\n", 7842 msg->sadb_msg_version); 7843 PFKEY_STATINC(PFKEY_STAT_OUT_INVVER); 7844 error = EINVAL; 7845 goto senderror; 7846 } 7847 7848 if (msg->sadb_msg_type > SADB_MAX) { 7849 IPSECLOG(LOG_DEBUG, "invalid type %u is passed.\n", 7850 msg->sadb_msg_type); 7851 PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE); 7852 error = EINVAL; 7853 goto senderror; 7854 } 7855 7856 /* for old-fashioned code - should be nuked */ 7857 if (m->m_pkthdr.len > MCLBYTES) { 7858 m_freem(m); 7859 return ENOBUFS; 7860 } 7861 if (m->m_next) { 7862 struct mbuf *n; 7863 7864 n = key_alloc_mbuf_simple(m->m_pkthdr.len, M_WAITOK); 7865 7866 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, void *)); 7867 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 7868 n->m_next = NULL; 7869 m_freem(m); 7870 m = n; 7871 } 7872 7873 /* align the mbuf chain so that extensions are in contiguous region. */ 7874 error = key_align(m, &mh); 7875 if (error) 7876 return error; 7877 7878 if (m->m_next) { /*XXX*/ 7879 m_freem(m); 7880 return ENOBUFS; 7881 } 7882 7883 msg = mh.msg; 7884 7885 /* check SA type */ 7886 switch (msg->sadb_msg_satype) { 7887 case SADB_SATYPE_UNSPEC: 7888 switch (msg->sadb_msg_type) { 7889 case SADB_GETSPI: 7890 case SADB_UPDATE: 7891 case SADB_ADD: 7892 case SADB_DELETE: 7893 case SADB_GET: 7894 case SADB_ACQUIRE: 7895 case SADB_EXPIRE: 7896 IPSECLOG(LOG_DEBUG, 7897 "must specify satype when msg type=%u.\n", 7898 msg->sadb_msg_type); 7899 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE); 7900 error = EINVAL; 7901 goto senderror; 7902 } 7903 break; 7904 case SADB_SATYPE_AH: 7905 case SADB_SATYPE_ESP: 7906 case SADB_X_SATYPE_IPCOMP: 7907 case SADB_X_SATYPE_TCPSIGNATURE: 7908 switch (msg->sadb_msg_type) { 7909 case SADB_X_SPDADD: 7910 case SADB_X_SPDDELETE: 7911 case SADB_X_SPDGET: 7912 case SADB_X_SPDDUMP: 7913 case SADB_X_SPDFLUSH: 7914 case SADB_X_SPDSETIDX: 7915 case SADB_X_SPDUPDATE: 7916 case SADB_X_SPDDELETE2: 7917 IPSECLOG(LOG_DEBUG, "illegal satype=%u\n", 7918 msg->sadb_msg_type); 7919 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE); 7920 error = EINVAL; 7921 goto senderror; 7922 } 7923 break; 7924 case SADB_SATYPE_RSVP: 7925 case SADB_SATYPE_OSPFV2: 7926 case SADB_SATYPE_RIPV2: 7927 case SADB_SATYPE_MIP: 7928 IPSECLOG(LOG_DEBUG, "type %u isn't supported.\n", 7929 msg->sadb_msg_satype); 7930 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE); 7931 error = EOPNOTSUPP; 7932 goto senderror; 7933 case 1: /* XXX: What does it do? */ 7934 if (msg->sadb_msg_type == SADB_X_PROMISC) 7935 break; 7936 /*FALLTHROUGH*/ 7937 default: 7938 IPSECLOG(LOG_DEBUG, "invalid type %u is passed.\n", 7939 msg->sadb_msg_satype); 7940 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE); 7941 error = EINVAL; 7942 goto senderror; 7943 } 7944 7945 /* check field of upper layer protocol and address family */ 7946 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL && 7947 mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 7948 const struct sadb_address *src0, *dst0; 7949 const struct sockaddr *sa0, *da0; 7950 u_int plen; 7951 7952 src0 = mh.ext[SADB_EXT_ADDRESS_SRC]; 7953 dst0 = mh.ext[SADB_EXT_ADDRESS_DST]; 7954 sa0 = key_msghdr_get_sockaddr(&mh, SADB_EXT_ADDRESS_SRC); 7955 da0 = key_msghdr_get_sockaddr(&mh, SADB_EXT_ADDRESS_DST); 7956 7957 /* check upper layer protocol */ 7958 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 7959 IPSECLOG(LOG_DEBUG, 7960 "upper layer protocol mismatched src %u, dst %u.\n", 7961 src0->sadb_address_proto, dst0->sadb_address_proto); 7962 7963 goto invaddr; 7964 } 7965 7966 /* check family */ 7967 if (sa0->sa_family != da0->sa_family) { 7968 IPSECLOG(LOG_DEBUG, 7969 "address family mismatched src %u, dst %u.\n", 7970 sa0->sa_family, da0->sa_family); 7971 goto invaddr; 7972 } 7973 if (sa0->sa_len != da0->sa_len) { 7974 IPSECLOG(LOG_DEBUG, 7975 "address size mismatched src %u, dst %u.\n", 7976 sa0->sa_len, da0->sa_len); 7977 goto invaddr; 7978 } 7979 7980 switch (sa0->sa_family) { 7981 case AF_INET: 7982 if (sa0->sa_len != sizeof(struct sockaddr_in)) { 7983 IPSECLOG(LOG_DEBUG, 7984 "address size mismatched %u != %zu.\n", 7985 sa0->sa_len, sizeof(struct sockaddr_in)); 7986 goto invaddr; 7987 } 7988 break; 7989 case AF_INET6: 7990 if (sa0->sa_len != sizeof(struct sockaddr_in6)) { 7991 IPSECLOG(LOG_DEBUG, 7992 "address size mismatched %u != %zu.\n", 7993 sa0->sa_len, sizeof(struct sockaddr_in6)); 7994 goto invaddr; 7995 } 7996 break; 7997 default: 7998 IPSECLOG(LOG_DEBUG, "unsupported address family %u.\n", 7999 sa0->sa_family); 8000 error = EAFNOSUPPORT; 8001 goto senderror; 8002 } 8003 plen = key_sabits(sa0); 8004 8005 /* check max prefix length */ 8006 if (src0->sadb_address_prefixlen > plen || 8007 dst0->sadb_address_prefixlen > plen) { 8008 IPSECLOG(LOG_DEBUG, "illegal prefixlen.\n"); 8009 goto invaddr; 8010 } 8011 8012 /* 8013 * prefixlen == 0 is valid because there can be a case when 8014 * all addresses are matched. 8015 */ 8016 } 8017 8018 if (msg->sadb_msg_type >= __arraycount(key_api_typesw) || 8019 key_api_typesw[msg->sadb_msg_type] == NULL) { 8020 PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE); 8021 error = EINVAL; 8022 goto senderror; 8023 } 8024 8025 return (*key_api_typesw[msg->sadb_msg_type])(so, m, &mh); 8026 8027 invaddr: 8028 error = EINVAL; 8029 senderror: 8030 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR); 8031 return key_senderror(so, m, error); 8032 } 8033 8034 static int 8035 key_senderror(struct socket *so, struct mbuf *m, int code) 8036 { 8037 struct sadb_msg *msg; 8038 8039 KASSERT(m->m_len >= sizeof(struct sadb_msg)); 8040 8041 if (so == NULL) { 8042 /* 8043 * This means the request comes from kernel. 8044 * As the request comes from kernel, it is unnecessary to 8045 * send message to userland. Just return errcode directly. 8046 */ 8047 m_freem(m); 8048 return code; 8049 } 8050 8051 msg = mtod(m, struct sadb_msg *); 8052 msg->sadb_msg_errno = code; 8053 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 8054 } 8055 8056 /* 8057 * set the pointer to each header into message buffer. 8058 * m will be freed on error. 8059 * XXX larger-than-MCLBYTES extension? 8060 */ 8061 static int 8062 key_align(struct mbuf *m, struct sadb_msghdr *mhp) 8063 { 8064 struct mbuf *n; 8065 struct sadb_ext *ext; 8066 size_t off, end; 8067 int extlen; 8068 int toff; 8069 8070 KASSERT(m != NULL); 8071 KASSERT(mhp != NULL); 8072 KASSERT(m->m_len >= sizeof(struct sadb_msg)); 8073 8074 /* initialize */ 8075 memset(mhp, 0, sizeof(*mhp)); 8076 8077 mhp->msg = mtod(m, struct sadb_msg *); 8078 mhp->ext[0] = mhp->msg; /*XXX backward compat */ 8079 8080 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 8081 extlen = end; /*just in case extlen is not updated*/ 8082 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 8083 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 8084 if (!n) { 8085 /* m is already freed */ 8086 return ENOBUFS; 8087 } 8088 ext = (struct sadb_ext *)(mtod(n, char *) + toff); 8089 8090 /* set pointer */ 8091 switch (ext->sadb_ext_type) { 8092 case SADB_EXT_SA: 8093 case SADB_EXT_ADDRESS_SRC: 8094 case SADB_EXT_ADDRESS_DST: 8095 case SADB_EXT_ADDRESS_PROXY: 8096 case SADB_EXT_LIFETIME_CURRENT: 8097 case SADB_EXT_LIFETIME_HARD: 8098 case SADB_EXT_LIFETIME_SOFT: 8099 case SADB_EXT_KEY_AUTH: 8100 case SADB_EXT_KEY_ENCRYPT: 8101 case SADB_EXT_IDENTITY_SRC: 8102 case SADB_EXT_IDENTITY_DST: 8103 case SADB_EXT_SENSITIVITY: 8104 case SADB_EXT_PROPOSAL: 8105 case SADB_EXT_SUPPORTED_AUTH: 8106 case SADB_EXT_SUPPORTED_ENCRYPT: 8107 case SADB_EXT_SPIRANGE: 8108 case SADB_X_EXT_POLICY: 8109 case SADB_X_EXT_SA2: 8110 case SADB_X_EXT_NAT_T_TYPE: 8111 case SADB_X_EXT_NAT_T_SPORT: 8112 case SADB_X_EXT_NAT_T_DPORT: 8113 case SADB_X_EXT_NAT_T_OAI: 8114 case SADB_X_EXT_NAT_T_OAR: 8115 case SADB_X_EXT_NAT_T_FRAG: 8116 /* duplicate check */ 8117 /* 8118 * XXX Are there duplication payloads of either 8119 * KEY_AUTH or KEY_ENCRYPT ? 8120 */ 8121 if (mhp->ext[ext->sadb_ext_type] != NULL) { 8122 IPSECLOG(LOG_DEBUG, 8123 "duplicate ext_type %u is passed.\n", 8124 ext->sadb_ext_type); 8125 m_freem(m); 8126 PFKEY_STATINC(PFKEY_STAT_OUT_DUPEXT); 8127 return EINVAL; 8128 } 8129 break; 8130 default: 8131 IPSECLOG(LOG_DEBUG, "invalid ext_type %u is passed.\n", 8132 ext->sadb_ext_type); 8133 m_freem(m); 8134 PFKEY_STATINC(PFKEY_STAT_OUT_INVEXTTYPE); 8135 return EINVAL; 8136 } 8137 8138 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 8139 8140 if (key_validate_ext(ext, extlen)) { 8141 m_freem(m); 8142 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN); 8143 return EINVAL; 8144 } 8145 8146 n = m_pulldown(m, off, extlen, &toff); 8147 if (!n) { 8148 /* m is already freed */ 8149 return ENOBUFS; 8150 } 8151 ext = (struct sadb_ext *)(mtod(n, char *) + toff); 8152 8153 mhp->ext[ext->sadb_ext_type] = ext; 8154 mhp->extoff[ext->sadb_ext_type] = off; 8155 mhp->extlen[ext->sadb_ext_type] = extlen; 8156 } 8157 8158 if (off != end) { 8159 m_freem(m); 8160 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN); 8161 return EINVAL; 8162 } 8163 8164 return 0; 8165 } 8166 8167 static int 8168 key_validate_ext(const struct sadb_ext *ext, int len) 8169 { 8170 const struct sockaddr *sa; 8171 enum { NONE, ADDR } checktype = NONE; 8172 int baselen = 0; 8173 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 8174 8175 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 8176 return EINVAL; 8177 8178 /* if it does not match minimum/maximum length, bail */ 8179 if (ext->sadb_ext_type >= __arraycount(minsize) || 8180 ext->sadb_ext_type >= __arraycount(maxsize)) 8181 return EINVAL; 8182 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 8183 return EINVAL; 8184 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 8185 return EINVAL; 8186 8187 /* more checks based on sadb_ext_type XXX need more */ 8188 switch (ext->sadb_ext_type) { 8189 case SADB_EXT_ADDRESS_SRC: 8190 case SADB_EXT_ADDRESS_DST: 8191 case SADB_EXT_ADDRESS_PROXY: 8192 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 8193 checktype = ADDR; 8194 break; 8195 case SADB_EXT_IDENTITY_SRC: 8196 case SADB_EXT_IDENTITY_DST: 8197 if (((const struct sadb_ident *)ext)->sadb_ident_type == 8198 SADB_X_IDENTTYPE_ADDR) { 8199 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 8200 checktype = ADDR; 8201 } else 8202 checktype = NONE; 8203 break; 8204 default: 8205 checktype = NONE; 8206 break; 8207 } 8208 8209 switch (checktype) { 8210 case NONE: 8211 break; 8212 case ADDR: 8213 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); 8214 if (len < baselen + sal) 8215 return EINVAL; 8216 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 8217 return EINVAL; 8218 break; 8219 } 8220 8221 return 0; 8222 } 8223 8224 static int 8225 key_do_init(void) 8226 { 8227 int i, error; 8228 8229 mutex_init(&key_misc.lock, MUTEX_DEFAULT, IPL_NONE); 8230 8231 mutex_init(&key_spd.lock, MUTEX_DEFAULT, IPL_NONE); 8232 cv_init(&key_spd.cv_lc, "key_sp_lc"); 8233 key_spd.psz = pserialize_create(); 8234 cv_init(&key_spd.cv_psz, "key_sp_psz"); 8235 key_spd.psz_performing = false; 8236 8237 mutex_init(&key_sad.lock, MUTEX_DEFAULT, IPL_NONE); 8238 cv_init(&key_sad.cv_lc, "key_sa_lc"); 8239 key_sad.psz = pserialize_create(); 8240 cv_init(&key_sad.cv_psz, "key_sa_psz"); 8241 key_sad.psz_performing = false; 8242 8243 pfkeystat_percpu = percpu_alloc(sizeof(uint64_t) * PFKEY_NSTATS); 8244 8245 callout_init(&key_timehandler_ch, CALLOUT_MPSAFE); 8246 error = workqueue_create(&key_timehandler_wq, "key_timehandler", 8247 key_timehandler_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); 8248 if (error != 0) 8249 panic("%s: workqueue_create failed (%d)\n", __func__, error); 8250 8251 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8252 PSLIST_INIT(&key_spd.splist[i]); 8253 } 8254 8255 PSLIST_INIT(&key_spd.socksplist); 8256 8257 key_sad.sahlists = hashinit(SAHHASH_NHASH, HASH_PSLIST, true, 8258 &key_sad.sahlistmask); 8259 key_sad.savlut = hashinit(SAVLUT_NHASH, HASH_PSLIST, true, 8260 &key_sad.savlutmask); 8261 8262 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 8263 LIST_INIT(&key_misc.reglist[i]); 8264 } 8265 8266 #ifndef IPSEC_NONBLOCK_ACQUIRE 8267 LIST_INIT(&key_misc.acqlist); 8268 #endif 8269 #ifdef notyet 8270 LIST_INIT(&key_misc.spacqlist); 8271 #endif 8272 8273 /* system default */ 8274 ip4_def_policy.policy = IPSEC_POLICY_NONE; 8275 ip4_def_policy.state = IPSEC_SPSTATE_ALIVE; 8276 localcount_init(&ip4_def_policy.localcount); 8277 8278 #ifdef INET6 8279 ip6_def_policy.policy = IPSEC_POLICY_NONE; 8280 ip6_def_policy.state = IPSEC_SPSTATE_ALIVE; 8281 localcount_init(&ip6_def_policy.localcount); 8282 #endif 8283 8284 callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL); 8285 8286 /* initialize key statistics */ 8287 keystat.getspi_count = 1; 8288 8289 aprint_verbose("IPsec: Initialized Security Association Processing.\n"); 8290 8291 return (0); 8292 } 8293 8294 void 8295 key_init(void) 8296 { 8297 static ONCE_DECL(key_init_once); 8298 8299 sysctl_net_keyv2_setup(NULL); 8300 sysctl_net_key_compat_setup(NULL); 8301 8302 RUN_ONCE(&key_init_once, key_do_init); 8303 8304 key_init_so(); 8305 } 8306 8307 /* 8308 * XXX: maybe This function is called after INBOUND IPsec processing. 8309 * 8310 * Special check for tunnel-mode packets. 8311 * We must make some checks for consistency between inner and outer IP header. 8312 * 8313 * xxx more checks to be provided 8314 */ 8315 int 8316 key_checktunnelsanity( 8317 struct secasvar *sav, 8318 u_int family, 8319 void *src, 8320 void *dst 8321 ) 8322 { 8323 8324 /* XXX: check inner IP header */ 8325 8326 return 1; 8327 } 8328 8329 #if 0 8330 #define hostnamelen strlen(hostname) 8331 8332 /* 8333 * Get FQDN for the host. 8334 * If the administrator configured hostname (by hostname(1)) without 8335 * domain name, returns nothing. 8336 */ 8337 static const char * 8338 key_getfqdn(void) 8339 { 8340 int i; 8341 int hasdot; 8342 static char fqdn[MAXHOSTNAMELEN + 1]; 8343 8344 if (!hostnamelen) 8345 return NULL; 8346 8347 /* check if it comes with domain name. */ 8348 hasdot = 0; 8349 for (i = 0; i < hostnamelen; i++) { 8350 if (hostname[i] == '.') 8351 hasdot++; 8352 } 8353 if (!hasdot) 8354 return NULL; 8355 8356 /* NOTE: hostname may not be NUL-terminated. */ 8357 memset(fqdn, 0, sizeof(fqdn)); 8358 memcpy(fqdn, hostname, hostnamelen); 8359 fqdn[hostnamelen] = '\0'; 8360 return fqdn; 8361 } 8362 8363 /* 8364 * get username@FQDN for the host/user. 8365 */ 8366 static const char * 8367 key_getuserfqdn(void) 8368 { 8369 const char *host; 8370 static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2]; 8371 struct proc *p = curproc; 8372 char *q; 8373 8374 if (!p || !p->p_pgrp || !p->p_pgrp->pg_session) 8375 return NULL; 8376 if (!(host = key_getfqdn())) 8377 return NULL; 8378 8379 /* NOTE: s_login may not be-NUL terminated. */ 8380 memset(userfqdn, 0, sizeof(userfqdn)); 8381 memcpy(userfqdn, Mp->p_pgrp->pg_session->s_login, AXLOGNAME); 8382 userfqdn[MAXLOGNAME] = '\0'; /* safeguard */ 8383 q = userfqdn + strlen(userfqdn); 8384 *q++ = '@'; 8385 memcpy(q, host, strlen(host)); 8386 q += strlen(host); 8387 *q++ = '\0'; 8388 8389 return userfqdn; 8390 } 8391 #endif 8392 8393 /* record data transfer on SA, and update timestamps */ 8394 void 8395 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) 8396 { 8397 lifetime_counters_t *counters; 8398 8399 KASSERT(sav != NULL); 8400 KASSERT(sav->lft_c != NULL); 8401 KASSERT(m != NULL); 8402 8403 counters = percpu_getref(sav->lft_c_counters_percpu); 8404 8405 /* 8406 * XXX Currently, there is a difference of bytes size 8407 * between inbound and outbound processing. 8408 */ 8409 (*counters)[LIFETIME_COUNTER_BYTES] += m->m_pkthdr.len; 8410 /* to check bytes lifetime is done in key_timehandler(). */ 8411 8412 /* 8413 * We use the number of packets as the unit of 8414 * sadb_lifetime_allocations. We increment the variable 8415 * whenever {esp,ah}_{in,out}put is called. 8416 */ 8417 (*counters)[LIFETIME_COUNTER_ALLOCATIONS]++; 8418 /* XXX check for expires? */ 8419 8420 percpu_putref(sav->lft_c_counters_percpu); 8421 8422 /* 8423 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock, 8424 * in seconds. HARD and SOFT lifetime are measured by the time 8425 * difference (again in seconds) from sadb_lifetime_usetime. 8426 * 8427 * usetime 8428 * v expire expire 8429 * -----+-----+--------+---> t 8430 * <--------------> HARD 8431 * <-----> SOFT 8432 */ 8433 sav->lft_c->sadb_lifetime_usetime = time_uptime; 8434 /* XXX check for expires? */ 8435 8436 return; 8437 } 8438 8439 /* dumb version */ 8440 void 8441 key_sa_routechange(struct sockaddr *dst) 8442 { 8443 struct secashead *sah; 8444 int s; 8445 8446 s = pserialize_read_enter(); 8447 SAHLIST_READER_FOREACH(sah) { 8448 struct route *ro; 8449 const struct sockaddr *sa; 8450 8451 key_sah_ref(sah); 8452 pserialize_read_exit(s); 8453 8454 ro = &sah->sa_route; 8455 sa = rtcache_getdst(ro); 8456 if (sa != NULL && dst->sa_len == sa->sa_len && 8457 memcmp(dst, sa, dst->sa_len) == 0) 8458 rtcache_free(ro); 8459 8460 s = pserialize_read_enter(); 8461 key_sah_unref(sah); 8462 } 8463 pserialize_read_exit(s); 8464 8465 return; 8466 } 8467 8468 static void 8469 key_sa_chgstate(struct secasvar *sav, u_int8_t state) 8470 { 8471 struct secasvar *_sav; 8472 8473 ASSERT_SLEEPABLE(); 8474 KASSERT(mutex_owned(&key_sad.lock)); 8475 8476 if (sav->state == state) 8477 return; 8478 8479 key_unlink_sav(sav); 8480 localcount_fini(&sav->localcount); 8481 SAVLIST_ENTRY_DESTROY(sav); 8482 key_init_sav(sav); 8483 8484 sav->state = state; 8485 if (!SADB_SASTATE_USABLE_P(sav)) { 8486 /* We don't need to care about the order */ 8487 SAVLIST_WRITER_INSERT_HEAD(sav->sah, state, sav); 8488 return; 8489 } 8490 /* 8491 * Sort the list by lft_c->sadb_lifetime_addtime 8492 * in ascending order. 8493 */ 8494 SAVLIST_WRITER_FOREACH(_sav, sav->sah, state) { 8495 if (_sav->lft_c->sadb_lifetime_addtime > 8496 sav->lft_c->sadb_lifetime_addtime) { 8497 SAVLIST_WRITER_INSERT_BEFORE(_sav, sav); 8498 break; 8499 } 8500 } 8501 if (_sav == NULL) { 8502 SAVLIST_WRITER_INSERT_TAIL(sav->sah, state, sav); 8503 } 8504 8505 SAVLUT_WRITER_INSERT_HEAD(sav); 8506 8507 key_validate_savlist(sav->sah, state); 8508 } 8509 8510 /* XXX too much? */ 8511 static struct mbuf * 8512 key_alloc_mbuf(int l, int mflag) 8513 { 8514 struct mbuf *m = NULL, *n; 8515 int len, t; 8516 8517 KASSERT(mflag == M_NOWAIT || (mflag == M_WAITOK && !cpu_softintr_p())); 8518 8519 len = l; 8520 while (len > 0) { 8521 MGET(n, mflag, MT_DATA); 8522 if (n && len > MLEN) { 8523 MCLGET(n, mflag); 8524 if ((n->m_flags & M_EXT) == 0) { 8525 m_freem(n); 8526 n = NULL; 8527 } 8528 } 8529 if (!n) { 8530 m_freem(m); 8531 return NULL; 8532 } 8533 8534 n->m_next = NULL; 8535 n->m_len = 0; 8536 n->m_len = M_TRAILINGSPACE(n); 8537 /* use the bottom of mbuf, hoping we can prepend afterwards */ 8538 if (n->m_len > len) { 8539 t = (n->m_len - len) & ~(sizeof(long) - 1); 8540 n->m_data += t; 8541 n->m_len = len; 8542 } 8543 8544 len -= n->m_len; 8545 8546 if (m) 8547 m_cat(m, n); 8548 else 8549 m = n; 8550 } 8551 8552 return m; 8553 } 8554 8555 static struct mbuf * 8556 key_setdump(u_int8_t req_satype, int *errorp, uint32_t pid) 8557 { 8558 struct secashead *sah; 8559 struct secasvar *sav; 8560 u_int16_t proto; 8561 u_int8_t satype; 8562 u_int8_t state; 8563 int cnt; 8564 struct mbuf *m, *n; 8565 8566 KASSERT(mutex_owned(&key_sad.lock)); 8567 8568 /* map satype to proto */ 8569 proto = key_satype2proto(req_satype); 8570 if (proto == 0) { 8571 *errorp = EINVAL; 8572 return (NULL); 8573 } 8574 8575 /* count sav entries to be sent to the userland. */ 8576 cnt = 0; 8577 SAHLIST_WRITER_FOREACH(sah) { 8578 if (req_satype != SADB_SATYPE_UNSPEC && 8579 proto != sah->saidx.proto) 8580 continue; 8581 8582 SASTATE_ANY_FOREACH(state) { 8583 SAVLIST_WRITER_FOREACH(sav, sah, state) { 8584 cnt++; 8585 } 8586 } 8587 } 8588 8589 if (cnt == 0) { 8590 *errorp = ENOENT; 8591 return (NULL); 8592 } 8593 8594 /* send this to the userland, one at a time. */ 8595 m = NULL; 8596 SAHLIST_WRITER_FOREACH(sah) { 8597 if (req_satype != SADB_SATYPE_UNSPEC && 8598 proto != sah->saidx.proto) 8599 continue; 8600 8601 /* map proto to satype */ 8602 satype = key_proto2satype(sah->saidx.proto); 8603 if (satype == 0) { 8604 m_freem(m); 8605 *errorp = EINVAL; 8606 return (NULL); 8607 } 8608 8609 SASTATE_ANY_FOREACH(state) { 8610 SAVLIST_WRITER_FOREACH(sav, sah, state) { 8611 n = key_setdumpsa(sav, SADB_DUMP, satype, 8612 --cnt, pid); 8613 if (!m) 8614 m = n; 8615 else 8616 m_cat(m, n); 8617 } 8618 } 8619 } 8620 8621 if (!m) { 8622 *errorp = EINVAL; 8623 return (NULL); 8624 } 8625 8626 if ((m->m_flags & M_PKTHDR) != 0) { 8627 m->m_pkthdr.len = 0; 8628 for (n = m; n; n = n->m_next) 8629 m->m_pkthdr.len += n->m_len; 8630 } 8631 8632 *errorp = 0; 8633 return (m); 8634 } 8635 8636 static struct mbuf * 8637 key_setspddump(int *errorp, pid_t pid) 8638 { 8639 struct secpolicy *sp; 8640 int cnt; 8641 u_int dir; 8642 struct mbuf *m, *n; 8643 8644 KASSERT(mutex_owned(&key_spd.lock)); 8645 8646 /* search SPD entry and get buffer size. */ 8647 cnt = 0; 8648 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 8649 SPLIST_WRITER_FOREACH(sp, dir) { 8650 cnt++; 8651 } 8652 } 8653 8654 if (cnt == 0) { 8655 *errorp = ENOENT; 8656 return (NULL); 8657 } 8658 8659 m = NULL; 8660 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 8661 SPLIST_WRITER_FOREACH(sp, dir) { 8662 --cnt; 8663 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, pid); 8664 8665 if (!m) 8666 m = n; 8667 else { 8668 m->m_pkthdr.len += n->m_pkthdr.len; 8669 m_cat(m, n); 8670 } 8671 } 8672 } 8673 8674 *errorp = 0; 8675 return (m); 8676 } 8677 8678 int 8679 key_get_used(void) { 8680 return !SPLIST_READER_EMPTY(IPSEC_DIR_INBOUND) || 8681 !SPLIST_READER_EMPTY(IPSEC_DIR_OUTBOUND) || 8682 !SOCKSPLIST_READER_EMPTY(); 8683 } 8684 8685 void 8686 key_update_used(void) 8687 { 8688 switch (ipsec_enabled) { 8689 default: 8690 case 0: 8691 #ifdef notyet 8692 /* XXX: racy */ 8693 ipsec_used = 0; 8694 #endif 8695 break; 8696 case 1: 8697 #ifndef notyet 8698 /* XXX: racy */ 8699 if (!ipsec_used) 8700 #endif 8701 ipsec_used = key_get_used(); 8702 break; 8703 case 2: 8704 ipsec_used = 1; 8705 break; 8706 } 8707 } 8708 8709 static inline void 8710 key_savlut_writer_insert_head(struct secasvar *sav) 8711 { 8712 uint32_t hash_key; 8713 uint32_t hash; 8714 8715 KASSERT(mutex_owned(&key_sad.lock)); 8716 KASSERT(!sav->savlut_added); 8717 8718 if (sav->sah->saidx.proto == IPPROTO_IPCOMP) 8719 hash_key = sav->alg_comp; 8720 else 8721 hash_key = sav->spi; 8722 8723 hash = key_savluthash(&sav->sah->saidx.dst.sa, 8724 sav->sah->saidx.proto, hash_key, key_sad.savlutmask); 8725 8726 PSLIST_WRITER_INSERT_HEAD(&key_sad.savlut[hash], sav, 8727 pslist_entry_savlut); 8728 sav->savlut_added = true; 8729 } 8730 8731 /* 8732 * Calculate hash using protocol, source address, 8733 * and destination address included in saidx. 8734 */ 8735 static inline uint32_t 8736 key_saidxhash(const struct secasindex *saidx, u_long mask) 8737 { 8738 uint32_t hash32; 8739 const struct sockaddr_in *sin; 8740 const struct sockaddr_in6 *sin6; 8741 8742 hash32 = saidx->proto; 8743 8744 switch (saidx->src.sa.sa_family) { 8745 case AF_INET: 8746 sin = &saidx->src.sin; 8747 hash32 = hash32_buf(&sin->sin_addr, 8748 sizeof(sin->sin_addr), hash32); 8749 sin = &saidx->dst.sin; 8750 hash32 = hash32_buf(&sin->sin_addr, 8751 sizeof(sin->sin_addr), hash32 << 1); 8752 break; 8753 case AF_INET6: 8754 sin6 = &saidx->src.sin6; 8755 hash32 = hash32_buf(&sin6->sin6_addr, 8756 sizeof(sin6->sin6_addr), hash32); 8757 sin6 = &saidx->dst.sin6; 8758 hash32 = hash32_buf(&sin6->sin6_addr, 8759 sizeof(sin6->sin6_addr), hash32 << 1); 8760 break; 8761 default: 8762 hash32 = 0; 8763 break; 8764 } 8765 8766 return hash32 & mask; 8767 } 8768 8769 /* 8770 * Calculate hash using destination address, protocol, 8771 * and spi. Those parameter depend on the search of 8772 * key_lookup_sa(). 8773 */ 8774 static uint32_t 8775 key_savluthash(const struct sockaddr *dst, uint32_t proto, 8776 uint32_t spi, u_long mask) 8777 { 8778 uint32_t hash32; 8779 const struct sockaddr_in *sin; 8780 const struct sockaddr_in6 *sin6; 8781 8782 hash32 = hash32_buf(&proto, sizeof(proto), spi); 8783 8784 switch(dst->sa_family) { 8785 case AF_INET: 8786 sin = satocsin(dst); 8787 hash32 = hash32_buf(&sin->sin_addr, 8788 sizeof(sin->sin_addr), hash32); 8789 break; 8790 case AF_INET6: 8791 sin6 = satocsin6(dst); 8792 hash32 = hash32_buf(&sin6->sin6_addr, 8793 sizeof(sin6->sin6_addr), hash32); 8794 break; 8795 default: 8796 hash32 = 0; 8797 } 8798 8799 return hash32 & mask; 8800 } 8801 8802 static int 8803 sysctl_net_key_dumpsa(SYSCTLFN_ARGS) 8804 { 8805 struct mbuf *m, *n; 8806 int err2 = 0; 8807 char *p, *ep; 8808 size_t len; 8809 int error; 8810 8811 if (newp) 8812 return (EPERM); 8813 if (namelen != 1) 8814 return (EINVAL); 8815 8816 mutex_enter(&key_sad.lock); 8817 m = key_setdump(name[0], &error, l->l_proc->p_pid); 8818 mutex_exit(&key_sad.lock); 8819 if (!m) 8820 return (error); 8821 if (!oldp) 8822 *oldlenp = m->m_pkthdr.len; 8823 else { 8824 p = oldp; 8825 if (*oldlenp < m->m_pkthdr.len) { 8826 err2 = ENOMEM; 8827 ep = p + *oldlenp; 8828 } else { 8829 *oldlenp = m->m_pkthdr.len; 8830 ep = p + m->m_pkthdr.len; 8831 } 8832 for (n = m; n; n = n->m_next) { 8833 len = (ep - p < n->m_len) ? 8834 ep - p : n->m_len; 8835 error = copyout(mtod(n, const void *), p, len); 8836 p += len; 8837 if (error) 8838 break; 8839 } 8840 if (error == 0) 8841 error = err2; 8842 } 8843 m_freem(m); 8844 8845 return (error); 8846 } 8847 8848 static int 8849 sysctl_net_key_dumpsp(SYSCTLFN_ARGS) 8850 { 8851 struct mbuf *m, *n; 8852 int err2 = 0; 8853 char *p, *ep; 8854 size_t len; 8855 int error; 8856 8857 if (newp) 8858 return (EPERM); 8859 if (namelen != 0) 8860 return (EINVAL); 8861 8862 mutex_enter(&key_spd.lock); 8863 m = key_setspddump(&error, l->l_proc->p_pid); 8864 mutex_exit(&key_spd.lock); 8865 if (!m) 8866 return (error); 8867 if (!oldp) 8868 *oldlenp = m->m_pkthdr.len; 8869 else { 8870 p = oldp; 8871 if (*oldlenp < m->m_pkthdr.len) { 8872 err2 = ENOMEM; 8873 ep = p + *oldlenp; 8874 } else { 8875 *oldlenp = m->m_pkthdr.len; 8876 ep = p + m->m_pkthdr.len; 8877 } 8878 for (n = m; n; n = n->m_next) { 8879 len = (ep - p < n->m_len) ? ep - p : n->m_len; 8880 error = copyout(mtod(n, const void *), p, len); 8881 p += len; 8882 if (error) 8883 break; 8884 } 8885 if (error == 0) 8886 error = err2; 8887 } 8888 m_freem(m); 8889 8890 return (error); 8891 } 8892 8893 /* 8894 * Create sysctl tree for native IPSEC key knobs, originally 8895 * under name "net.keyv2" * with MIB number { CTL_NET, PF_KEY_V2. }. 8896 * However, sysctl(8) never checked for nodes under { CTL_NET, PF_KEY_V2 }; 8897 * and in any case the part of our sysctl namespace used for dumping the 8898 * SPD and SA database *HAS* to be compatible with the KAME sysctl 8899 * namespace, for API reasons. 8900 * 8901 * Pending a consensus on the right way to fix this, add a level of 8902 * indirection in how we number the `native' IPSEC key nodes; 8903 * and (as requested by Andrew Brown) move registration of the 8904 * KAME-compatible names to a separate function. 8905 */ 8906 #if 0 8907 # define IPSEC_PFKEY PF_KEY_V2 8908 # define IPSEC_PFKEY_NAME "keyv2" 8909 #else 8910 # define IPSEC_PFKEY PF_KEY 8911 # define IPSEC_PFKEY_NAME "key" 8912 #endif 8913 8914 static int 8915 sysctl_net_key_stats(SYSCTLFN_ARGS) 8916 { 8917 8918 return (NETSTAT_SYSCTL(pfkeystat_percpu, PFKEY_NSTATS)); 8919 } 8920 8921 static void 8922 sysctl_net_keyv2_setup(struct sysctllog **clog) 8923 { 8924 8925 sysctl_createv(clog, 0, NULL, NULL, 8926 CTLFLAG_PERMANENT, 8927 CTLTYPE_NODE, IPSEC_PFKEY_NAME, NULL, 8928 NULL, 0, NULL, 0, 8929 CTL_NET, IPSEC_PFKEY, CTL_EOL); 8930 8931 sysctl_createv(clog, 0, NULL, NULL, 8932 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8933 CTLTYPE_INT, "debug", NULL, 8934 NULL, 0, &key_debug_level, 0, 8935 CTL_NET, IPSEC_PFKEY, KEYCTL_DEBUG_LEVEL, CTL_EOL); 8936 sysctl_createv(clog, 0, NULL, NULL, 8937 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8938 CTLTYPE_INT, "spi_try", NULL, 8939 NULL, 0, &key_spi_trycnt, 0, 8940 CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_TRY, CTL_EOL); 8941 sysctl_createv(clog, 0, NULL, NULL, 8942 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8943 CTLTYPE_INT, "spi_min_value", NULL, 8944 NULL, 0, &key_spi_minval, 0, 8945 CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_MIN_VALUE, CTL_EOL); 8946 sysctl_createv(clog, 0, NULL, NULL, 8947 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8948 CTLTYPE_INT, "spi_max_value", NULL, 8949 NULL, 0, &key_spi_maxval, 0, 8950 CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_MAX_VALUE, CTL_EOL); 8951 sysctl_createv(clog, 0, NULL, NULL, 8952 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8953 CTLTYPE_INT, "random_int", NULL, 8954 NULL, 0, &key_int_random, 0, 8955 CTL_NET, IPSEC_PFKEY, KEYCTL_RANDOM_INT, CTL_EOL); 8956 sysctl_createv(clog, 0, NULL, NULL, 8957 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8958 CTLTYPE_INT, "larval_lifetime", NULL, 8959 NULL, 0, &key_larval_lifetime, 0, 8960 CTL_NET, IPSEC_PFKEY, KEYCTL_LARVAL_LIFETIME, CTL_EOL); 8961 sysctl_createv(clog, 0, NULL, NULL, 8962 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8963 CTLTYPE_INT, "blockacq_count", NULL, 8964 NULL, 0, &key_blockacq_count, 0, 8965 CTL_NET, IPSEC_PFKEY, KEYCTL_BLOCKACQ_COUNT, CTL_EOL); 8966 sysctl_createv(clog, 0, NULL, NULL, 8967 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8968 CTLTYPE_INT, "blockacq_lifetime", NULL, 8969 NULL, 0, &key_blockacq_lifetime, 0, 8970 CTL_NET, IPSEC_PFKEY, KEYCTL_BLOCKACQ_LIFETIME, CTL_EOL); 8971 sysctl_createv(clog, 0, NULL, NULL, 8972 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8973 CTLTYPE_INT, "esp_keymin", NULL, 8974 NULL, 0, &ipsec_esp_keymin, 0, 8975 CTL_NET, IPSEC_PFKEY, KEYCTL_ESP_KEYMIN, CTL_EOL); 8976 sysctl_createv(clog, 0, NULL, NULL, 8977 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8978 CTLTYPE_INT, "prefered_oldsa", NULL, 8979 NULL, 0, &key_prefered_oldsa, 0, 8980 CTL_NET, PF_KEY, KEYCTL_PREFERED_OLDSA, CTL_EOL); 8981 sysctl_createv(clog, 0, NULL, NULL, 8982 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8983 CTLTYPE_INT, "esp_auth", NULL, 8984 NULL, 0, &ipsec_esp_auth, 0, 8985 CTL_NET, IPSEC_PFKEY, KEYCTL_ESP_AUTH, CTL_EOL); 8986 sysctl_createv(clog, 0, NULL, NULL, 8987 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8988 CTLTYPE_INT, "ah_keymin", NULL, 8989 NULL, 0, &ipsec_ah_keymin, 0, 8990 CTL_NET, IPSEC_PFKEY, KEYCTL_AH_KEYMIN, CTL_EOL); 8991 sysctl_createv(clog, 0, NULL, NULL, 8992 CTLFLAG_PERMANENT, 8993 CTLTYPE_STRUCT, "stats", 8994 SYSCTL_DESCR("PF_KEY statistics"), 8995 sysctl_net_key_stats, 0, NULL, 0, 8996 CTL_NET, IPSEC_PFKEY, CTL_CREATE, CTL_EOL); 8997 } 8998 8999 /* 9000 * Register sysctl names used by setkey(8). For historical reasons, 9001 * and to share a single API, these names appear under { CTL_NET, PF_KEY } 9002 * for both IPSEC and KAME IPSEC. 9003 */ 9004 static void 9005 sysctl_net_key_compat_setup(struct sysctllog **clog) 9006 { 9007 9008 sysctl_createv(clog, 0, NULL, NULL, 9009 CTLFLAG_PERMANENT, 9010 CTLTYPE_NODE, "key", NULL, 9011 NULL, 0, NULL, 0, 9012 CTL_NET, PF_KEY, CTL_EOL); 9013 9014 /* Register the net.key.dump{sa,sp} nodes used by setkey(8). */ 9015 sysctl_createv(clog, 0, NULL, NULL, 9016 CTLFLAG_PERMANENT, 9017 CTLTYPE_STRUCT, "dumpsa", NULL, 9018 sysctl_net_key_dumpsa, 0, NULL, 0, 9019 CTL_NET, PF_KEY, KEYCTL_DUMPSA, CTL_EOL); 9020 sysctl_createv(clog, 0, NULL, NULL, 9021 CTLFLAG_PERMANENT, 9022 CTLTYPE_STRUCT, "dumpsp", NULL, 9023 sysctl_net_key_dumpsp, 0, NULL, 0, 9024 CTL_NET, PF_KEY, KEYCTL_DUMPSP, CTL_EOL); 9025 } 9026
Indexes created Tue Sep 23 02:09:52 GMT 2025